diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 36f50265a7..e1699c1c54 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -1,7 +1,16 @@ name: Async Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: make_check: diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 69840eb61d..a89ef94d5f 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -1,7 +1,16 @@ name: curl Test +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -17,11 +26,14 @@ jobs: configure: --enable-curl install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-curl - path: build-dir + path: build-dir.tgz retention-days: 5 test_curl: @@ -45,7 +57,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-curl - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Build curl uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml new file mode 100644 index 0000000000..9f2aab72c2 --- /dev/null +++ b/.github/workflows/cyrus-sasl.yml @@ -0,0 +1,103 @@ +name: cyrus-sasl Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + # Don't run tests as this config is tested in many other places + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-sasl + path: build-dir.tgz + retention-days: 5 + + sasl_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 2.1.28 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \ + libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-sasl + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout sasl + uses: actions/checkout@v4 + with: + repository: cyrusimap/cyrus-sasl + ref: cyrus-sasl-${{ matrix.ref }} + path: sasl + + - name: Build cyrus-sasl + working-directory: sasl + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch + autoreconf -ivf + ./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared + # Need to run 'make' twice with '--disable-shared' for some reason + make -j || make -j + + - name: Run testsuite + working-directory: sasl + run: | + make -j -C utils testsuite saslpasswd2 + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done diff --git a/.github/workflows/haproxy.yml b/.github/workflows/disabled/haproxy.yml similarity index 85% rename from .github/workflows/haproxy.yml rename to .github/workflows/disabled/haproxy.yml index 9c7047bc24..43e197fd59 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/disabled/haproxy.yml @@ -1,7 +1,16 @@ name: HaProxy Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: haproxy_check: diff --git a/.github/workflows/hostap.yml b/.github/workflows/disabled/hostap.yml similarity index 96% rename from .github/workflows/hostap.yml rename to .github/workflows/disabled/hostap.yml index 187c735b69..aad37cad30 100644 --- a/.github/workflows/hostap.yml +++ b/.github/workflows/disabled/hostap.yml @@ -1,7 +1,16 @@ name: hostap and wpa-supplicant Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -62,7 +71,7 @@ jobs: config: [ { hostap_ref: hostap_2_10, - hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a, + hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680, remove_teap: true, # TLS 1.3 does not work for this version build_id: hostap-build1, @@ -70,7 +79,7 @@ jobs: # Test the dpp patch { hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, - hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a, + hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680, osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, build_id: hostap-build2 }, diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml index 4990e92850..c2b6ff0ba9 100644 --- a/.github/workflows/docker-Espressif.yml +++ b/.github/workflows/docker-Espressif.yml @@ -1,6 +1,15 @@ name: Espressif examples tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: espressif_latest: diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index 3c348b6278..283e3b92e2 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -2,8 +2,17 @@ # there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md name: OpenWrt test +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_library: @@ -19,11 +28,15 @@ jobs: - uses: actions/checkout@v4 - name: Compile libwolfssl.so run: ./autogen.sh && ./configure --enable-all && make + # 2024-08-05 - Something broke in the actions. They are no longer following links. + - name: tar libwolfssl.so + working-directory: src/.libs + run: tar -zcf libwolfssl.tgz libwolfssl.so* - name: Upload libwolfssl.so uses: actions/upload-artifact@v4 with: name: openwrt-libwolfssl.so - path: src/.libs/libwolfssl.so + path: src/.libs/libwolfssl.tgz retention-days: 5 compile_container: name: Compile container @@ -41,7 +54,9 @@ jobs: - uses: actions/download-artifact@v4 with: name: openwrt-libwolfssl.so - path: Docker/OpenWrt/. + path: . + - name: untar libwolfssl.so + run: tar -xf libwolfssl.tgz -C Docker/OpenWrt - name: Build but dont push uses: docker/build-push-action@v5 with: diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml new file mode 100644 index 0000000000..4e145cc6c8 --- /dev/null +++ b/.github/workflows/grpc.yml @@ -0,0 +1,106 @@ +name: grpc Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS' + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-grpc + path: build-dir.tgz + retention-days: 5 + + grpc_check: + strategy: + fail-fast: false + matrix: + include: + - ref: v1.60.0 + tests: >- + bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test + crl_ssl_transport_security_test server_ssl_test + ssl_transport_security_test ssl_transport_security_utils_test + test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test + h2_ssl_cert_test h2_ssl_session_reuse_test + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 30 + needs: build_wolfssl + steps: + - name: Confirm IPv4 and IPv6 support + run: | + ip addr list lo | grep 'inet ' + ip addr list lo | grep 'inet6 ' + + - name: Install prereqs + run: + sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-grpc + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout grpc + uses: actions/checkout@v4 + with: + repository: grpc/grpc + path: grpc + ref: ${{ matrix.ref }} + + - name: Build grpc + working-directory: ./grpc + run: | + patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch + git submodule update --init + mkdir cmake/build + cd cmake/build + cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \ + -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../.. + make -j $(nproc) ${{ matrix.tests }} + + - name: Run grpc tests + working-directory: ./grpc + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + ./tools/run_tests/start_port_server.py + for t in ${{ matrix.tests }} ; do + ./cmake/build/$t + done diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index 13b933fd75..c11accd58d 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -1,7 +1,16 @@ name: hitch Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -18,11 +27,14 @@ jobs: configure: --enable-hitch install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-hitch - path: build-dir + path: build-dir.tgz retention-days: 5 hitch_check: @@ -44,7 +56,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-hitch - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config new file mode 100644 index 0000000000..b76663c8b3 --- /dev/null +++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config @@ -0,0 +1,122 @@ +#CC=ccache gcc + +CONFIG_DRIVER_NONE=y +CONFIG_DRIVER_NL80211=y +CONFIG_RSN_PREAUTH=y + +#CONFIG_TLS=internal +#CONFIG_INTERNAL_LIBTOMMATH=y +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y +#CONFIG_TLS=openssl +CONFIG_TLS=wolfssl + +CONFIG_EAP=y +CONFIG_ERP=y +CONFIG_EAP_MD5=y +CONFIG_EAP_TLS=y +CONFIG_EAP_MSCHAPV2=y +CONFIG_EAP_PEAP=y +CONFIG_EAP_GTC=y +CONFIG_EAP_TTLS=y +CONFIG_EAP_SIM=y +CONFIG_EAP_AKA=y +CONFIG_EAP_AKA_PRIME=y +CONFIG_EAP_GPSK=y +CONFIG_EAP_GPSK_SHA256=y +CONFIG_EAP_SAKE=y +CONFIG_EAP_PAX=y +CONFIG_EAP_PSK=y +CONFIG_EAP_VENDOR_TEST=y +CONFIG_EAP_FAST=y +CONFIG_EAP_TEAP=y +CONFIG_EAP_IKEV2=y +CONFIG_EAP_TNC=y +CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\" +LIBS += -rdynamic +CONFIG_EAP_UNAUTH_TLS=y +ifeq ($(CONFIG_TLS), openssl) +CONFIG_EAP_PWD=y +endif +ifeq ($(CONFIG_TLS), wolfssl) +CONFIG_EAP_PWD=y +endif +CONFIG_EAP_EKE=y +CONFIG_PKCS12=y +CONFIG_RADIUS_SERVER=y +CONFIG_IPV6=y +CONFIG_TLSV11=y +CONFIG_TLSV12=y + +CONFIG_FULL_DYNAMIC_VLAN=y +CONFIG_VLAN_NETLINK=y +CONFIG_LIBNL32=y +CONFIG_LIBNL3_ROUTE=y +CONFIG_IEEE80211R=y +CONFIG_IEEE80211AC=y +CONFIG_IEEE80211AX=y + +CONFIG_OCV=y + +CONFIG_WPS=y +CONFIG_WPS_UPNP=y +CONFIG_WPS_NFC=y +#CONFIG_WPS_STRICT=y +CONFIG_WPA_TRACE=y +CONFIG_WPA_TRACE_BFD=y + +CONFIG_P2P_MANAGER=y +CONFIG_DEBUG_FILE=y +CONFIG_DEBUG_LINUX_TRACING=y +CONFIG_WPA_CLI_EDIT=y +CONFIG_ACS=y +CONFIG_NO_RANDOM_POOL=y +CONFIG_WNM=y +CONFIG_INTERWORKING=y +CONFIG_HS20=y +CONFIG_SQLITE=y +CONFIG_SAE=y +CONFIG_SAE_PK=y +CFLAGS += -DALL_DH_GROUPS + +CONFIG_FST=y +CONFIG_FST_TEST=y + +CONFIG_TESTING_OPTIONS=y +CFLAGS += -DCONFIG_RADIUS_TEST +CONFIG_MODULE_TESTS=y + +CONFIG_SUITEB=y +CONFIG_SUITEB192=y + +# AddressSanitizer (ASan) can be enabled by uncommenting the following lines. +# This can be used as a more efficient memory error detector than valgrind +# (though, with still some CPU and memory cost, so VM cases will need more +# memory allocated for the guest). +#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g +#LIBS += -fsanitize=address -fno-omit-frame-pointer -g +#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g +#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g +#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g + +# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the +# following lines. +#CFLAGS += -Wno-format-nonliteral +#CFLAGS += -fsanitize=undefined +##CFLAGS += -fno-sanitize-recover +#LIBS += -fsanitize=undefined +##LIBS += -fno-sanitize-recover +#LIBS_h += -fsanitize=undefined +#LIBS_n += -fsanitize=undefined +#LIBS_c += -fsanitize=undefined +CONFIG_MBO=y + +CONFIG_TAXONOMY=y +CONFIG_FILS=y +CONFIG_FILS_SK_PFS=y +CONFIG_OWE=y +CONFIG_DPP=y +CONFIG_DPP2=y +CONFIG_WEP=y +CONFIG_PASN=y +CONFIG_AIRTIME_POLICY=y +CONFIG_IEEE80211BE=y diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests new file mode 100644 index 0000000000..5ebaee3ba5 --- /dev/null +++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests @@ -0,0 +1,1677 @@ +ap_cipher_bip +ap_cipher_bip_cmac_256 +ap_cipher_bip_cmac_256_req +ap_cipher_bip_gmac_128 +ap_cipher_bip_gmac_128_req +ap_cipher_bip_gmac_256 +ap_cipher_bip_gmac_256_req +ap_cipher_bip_req +ap_cipher_bip_req_mismatch +ap_cipher_gcmp +ap_cipher_gcmp_256_group_ccmp +ap_cipher_gcmp_256_group_ccmp_256 +ap_cipher_gcmp_256_group_gcmp_256 +ap_cipher_gcmp_ccmp +ap_cipher_mixed_wpa_wpa2 +ap_cipher_replay_protection_ap_ccmp +ap_cipher_replay_protection_ap_gcmp +ap_cipher_replay_protection_ap_tkip +ap_cipher_replay_protection_sta_bigtk +ap_cipher_replay_protection_sta_ccmp +ap_cipher_replay_protection_sta_gtk_ccmp +ap_cipher_replay_protection_sta_gtk_gcmp +ap_cipher_replay_protection_sta_gtk_tkip +ap_cipher_replay_protection_sta_tkip +ap_cipher_tkip +ap_cipher_tkip_countermeasures_ap +ap_cipher_tkip_countermeasures_ap_mixed_mode +ap_cipher_tkip_countermeasures_sta +ap_cipher_wpa_sae +ap_ft_eap +ap_ft_eap_ap_config_change +ap_ft_eap_cui +ap_ft_eap_dis +ap_ft_eap_dynamic_rxkhs +ap_ft_eap_over_ds +ap_ft_eap_ptk_rekey_ap +ap_ft_eap_sha384 +ap_ft_eap_sha384_over_ds +ap_ft_eap_sha384_reassoc +ap_ft_eap_vlan_multi +ap_ft_extra_ie +ap_ft_gcmp_256 +ap_ft_gtk_rekey +ap_ft_internal_rrb_check +ap_ft_invalid_resp +ap_ft_local_key_gen +ap_ft_many +ap_ft_many_vlan +ap_ft_mismatching_r0kh_id_pull +ap_ft_mismatching_r0kh_id_pull_eap +ap_ft_mismatching_rrb_key_pull +ap_ft_mismatching_rrb_key_pull_eap +ap_ft_mismatching_rrb_key_push +ap_ft_mismatching_rrb_r0kh_pull_eap +ap_ft_mismatching_rrb_r0kh_push_eap +ap_ft_mixed +ap_ft_no_full_ap_client_state +ap_ft_ocv +ap_ft_ocv_change +ap_ft_old_key +ap_ft_oom +ap_ft_oom2 +ap_ft_oom3 +ap_ft_oom4 +ap_ft_over_ds +ap_ft_over_ds_disabled +ap_ft_over_ds_many +ap_ft_over_ds_ocv +ap_ft_over_ds_proto +ap_ft_over_ds_proto_ap +ap_ft_over_ds_pull_old_key +ap_ft_over_ds_separate_hostapd +ap_ft_over_ds_unexpected +ap_ft_over_ds_unknown_target +ap_ft_pmf +ap_ft_pmf_bip_cmac_128 +ap_ft_pmf_bip_cmac_128_over_ds +ap_ft_pmf_bip_cmac_256 +ap_ft_pmf_bip_cmac_256_over_ds +ap_ft_pmf_bip_gmac_128_over_ds +ap_ft_pmf_bip_gmac_256 +ap_ft_pmf_bip_gmac_256_over_ds +ap_ft_pmf_bip_over_ds +ap_ft_pmf_required +ap_ft_pmf_required_mismatch +ap_ft_pmf_required_mismatch_over_ds +ap_ft_pmf_required_over_ds +ap_ft_pmksa_caching +ap_ft_pmksa_caching_sha384 +ap_ft_psk_file +ap_ft_ptk_rekey2 +ap_ft_ptk_rekey_ap +ap_ft_ptk_rekey_ap2 +ap_ft_r0_key_expiration +ap_ft_reassoc_local_fail +ap_ft_reassoc_proto +ap_ft_sae +ap_ft_sae_ext_key_19 +ap_ft_sae_ext_key_19_over_ds +ap_ft_sae_ext_key_20_over_ds +ap_ft_sae_ext_key_21 +ap_ft_sae_ext_key_21_over_ds +ap_ft_sae_h2e +ap_ft_sae_h2e_and_loop +ap_ft_sae_h2e_rsne_mismatch +ap_ft_sae_h2e_rsne_mismatch_pmkr1name +ap_ft_sae_h2e_rsne_override +ap_ft_sae_h2e_rsnxe_mismatch +ap_ft_sae_over_ds +ap_ft_sae_over_ds_ptk_rekey1 +ap_ft_sae_pmksa_caching +ap_ft_sae_pmksa_caching_h2e_prepend_pmkid +ap_ft_sae_pmksa_caching_pwe +ap_ft_sae_ptk_rekey_ap_ext_key_id +ap_ft_sae_rsnxe_used_mismatch +ap_ft_sae_rsnxe_used_mismatch2 +ap_ft_sae_skip_prune_assoc +ap_ft_sae_transition +ap_missing_psk +ap_mixed_security +ap_no_auth_ack +ap_no_probe_resp +ap_roam_wpa2_psk_pmf_mismatch +ap_roam_wpa2_psk_race +ap_sae_tdls +ap_vlan_file_open2 +ap_vlan_file_parsing +ap_vlan_iface_cleanup_multibss_per_sta_vif +ap_vlan_open +ap_vlan_sae +ap_vlan_tagged +ap_vlan_tagged_wpa2_radius_id_change +ap_vlan_wpa2_psk_radius_required +ap_vlan_wpa2_radius +ap_vlan_wpa2_radius_id_change +ap_vlan_wpa2_radius_mixed +ap_vlan_wpa2_radius_required +ap_wpa2_delayed_group_m1_retransmission +ap_wpa2_disable_eapol_retry +ap_wpa2_disable_eapol_retry_group +ap_wpa2_eap_aka_config +ap_wpa2_eap_aka_ext +ap_wpa2_eap_aka_ext_auth_fail +ap_wpa2_eap_aka_id_0 +ap_wpa2_eap_aka_id_1 +ap_wpa2_eap_aka_id_2 +ap_wpa2_eap_aka_id_3 +ap_wpa2_eap_aka_id_4 +ap_wpa2_eap_aka_id_5 +ap_wpa2_eap_aka_id_6 +ap_wpa2_eap_aka_id_7 +ap_wpa2_eap_aka_imsi_identity +ap_wpa2_eap_aka_imsi_identity_fallback +ap_wpa2_eap_aka_imsi_privacy_attr +ap_wpa2_eap_aka_imsi_privacy_key +ap_wpa2_eap_aka_imsi_privacy_key_expired +ap_wpa2_eap_aka_prime +ap_wpa2_eap_aka_prime_ext +ap_wpa2_eap_aka_prime_ext_auth_fail +ap_wpa2_eap_aka_prime_imsi_identity +ap_wpa2_eap_aka_prime_imsi_privacy_key +ap_wpa2_eap_aka_prime_sql +ap_wpa2_eap_aka_sql +ap_wpa2_eap_aka_sql_fallback_to_pseudonym +ap_wpa2_eap_aka_sql_fallback_to_pseudonym_id +ap_wpa2_eap_assoc_rsn +ap_wpa2_eap_eke +ap_wpa2_eap_eke_serverid_nai +ap_wpa2_eap_eke_server_oom +ap_wpa2_eap_expanded_nak +ap_wpa2_eap_fast_binary_pac +ap_wpa2_eap_fast_binary_pac_errors +ap_wpa2_eap_fast_cipher_suites +ap_wpa2_eap_fast_eap_aka +ap_wpa2_eap_fast_eap_sim +ap_wpa2_eap_fast_gtc_auth_prov +ap_wpa2_eap_fast_missing_pac_config +ap_wpa2_eap_fast_mschapv2_unauth_prov +ap_wpa2_eap_fast_pac_file +ap_wpa2_eap_fast_pac_lifetime +ap_wpa2_eap_fast_pac_refresh +ap_wpa2_eap_fast_pac_truncate +ap_wpa2_eap_fast_prf_oom +ap_wpa2_eap_fast_prov +ap_wpa2_eap_fast_text_pac_errors +ap_wpa2_eap_gpsk +ap_wpa2_eap_gpsk_ptk_rekey_ap +ap_wpa2_eap_ikev2 +ap_wpa2_eap_ikev2_as_frag +ap_wpa2_eap_ikev2_oom +ap_wpa2_eap_non_ascii_identity +ap_wpa2_eap_non_ascii_identity2 +ap_wpa2_eapol_retry_limit +ap_wpa2_eap_pax +ap_wpa2_eap_peap_eap_mschapv2_incorrect_password +ap_wpa2_eap_psk +ap_wpa2_eap_psk_mac_addr_change +ap_wpa2_eap_psk_oom +ap_wpa2_eap_pwd +ap_wpa2_eap_pwd_as_frag +ap_wpa2_eap_pwd_disabled_group +ap_wpa2_eap_pwd_groups +ap_wpa2_eap_pwd_invalid_group +ap_wpa2_eap_pwd_nthash +ap_wpa2_eap_pwd_salt_sha1 +ap_wpa2_eap_pwd_salt_sha256 +ap_wpa2_eap_pwd_salt_sha512 +ap_wpa2_eap_reauth +ap_wpa2_eap_reauth_ptk_rekey_blocked_ap +ap_wpa2_eap_reauth_ptk_rekey_blocked_sta +ap_wpa2_eap_request_identity_message +ap_wpa2_eap_sake +ap_wpa2_eap_sake_no_control_port +ap_wpa2_eap_sha384_psk +ap_wpa2_eap_sim +ap_wpa2_eap_sim_aka_result_ind +ap_wpa2_eap_sim_change_bssid +ap_wpa2_eap_sim_config +ap_wpa2_eap_sim_db +ap_wpa2_eap_sim_db_sqlite +ap_wpa2_eap_sim_ext +ap_wpa2_eap_sim_ext_anonymous +ap_wpa2_eap_sim_ext_anonymous_no_pseudonym +ap_wpa2_eap_sim_ext_auth_fail +ap_wpa2_eap_sim_ext_replace_sim +ap_wpa2_eap_sim_ext_replace_sim2 +ap_wpa2_eap_sim_ext_replace_sim3 +ap_wpa2_eap_sim_id_0 +ap_wpa2_eap_sim_id_1 +ap_wpa2_eap_sim_id_2 +ap_wpa2_eap_sim_id_3 +ap_wpa2_eap_sim_id_4 +ap_wpa2_eap_sim_id_5 +ap_wpa2_eap_sim_id_6 +ap_wpa2_eap_sim_id_7 +ap_wpa2_eap_sim_imsi_identity +ap_wpa2_eap_sim_imsi_privacy_attr +ap_wpa2_eap_sim_imsi_privacy_key +ap_wpa2_eap_sim_no_change_set +ap_wpa2_eap_sim_oom +ap_wpa2_eap_sim_sql +ap_wpa2_eap_sim_sql_fallback_to_pseudonym +ap_wpa2_eap_sim_zero_db_timeout +ap_wpa2_eap_tls_13_ec +ap_wpa2_eap_tls_13_missing_prot_success +ap_wpa2_eap_tls_blob_missing +ap_wpa2_eap_tls_check_cert_subject_neg +ap_wpa2_eap_tls_diff_ca_trust2 +ap_wpa2_eap_tls_domain_mismatch_cn +ap_wpa2_eap_tls_domain_suffix_mismatch_cn +ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp +ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1 +ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1 +ap_wpa2_eap_tls_neg_incorrect_trust_root +ap_wpa2_eap_tls_ocsp_multi +ap_wpa2_eap_tls_ocsp_multi_revoked +ap_wpa2_eap_tls_oom +ap_wpa2_eap_tls_versions +ap_wpa2_eap_tls_versions_server +ap_wpa2_eap_too_many_roundtrips_server +ap_wpa2_eap_too_many_roundtrips_server2 +ap_wpa2_eap_ttls_chap_incorrect_password +ap_wpa2_eap_ttls_dh_params_invalid +ap_wpa2_eap_ttls_dh_params_not_found +ap_wpa2_eap_ttls_eap_gtc_incorrect_password +ap_wpa2_eap_ttls_eap_gtc_no_password +ap_wpa2_eap_ttls_eap_md5_incorrect_password +ap_wpa2_eap_ttls_eap_md5_no_password +ap_wpa2_eap_ttls_eap_mschapv2_no_password +ap_wpa2_eap_ttls_expired_cert +ap_wpa2_eap_ttls_ignore_expired_cert +ap_wpa2_eap_ttls_invalid_phase2 +ap_wpa2_eap_ttls_long_duration +ap_wpa2_eap_ttls_mschap_incorrect_password +ap_wpa2_eap_ttls_mschapv2_incorrect_password +ap_wpa2_eap_ttls_ocsp_revoked +ap_wpa2_eap_ttls_ocsp_unknown +ap_wpa2_eap_ttls_pap_check_cert_subject_neg +ap_wpa2_eap_ttls_pap_incorrect_password +ap_wpa2_eap_ttls_server_cert_eku_client +ap_wpa2_eap_ttls_server_cert_hash +ap_wpa2_eap_ttls_server_cert_hash_invalid +ap_wpa2_eap_vendor_test +ap_wpa2_eap_vendor_test_oom +ap_wpa2_eap_wildcard_ssid +ap_wpa2_ext_add_to_bridge +ap_wpa2_gmk_rekey +ap_wpa2_gtk_initial_rsc_ccmp_256 +ap_wpa2_gtk_initial_rsc_tkip +ap_wpa2_gtk_rekey +ap_wpa2_gtk_rekey_fail_1_sta +ap_wpa2_gtk_rekey_failure +ap_wpa2_gtk_rekey_request +ap_wpa2_igtk_initial_rsc_aes_128_cmac +ap_wpa2_igtk_initial_rsc_bip_cmac_256 +ap_wpa2_igtk_initial_rsc_bip_gmac_128 +ap_wpa2_igtk_initial_rsc_bip_gmac_256 +ap_wpa2_plaintext_group_m1 +ap_wpa2_plaintext_group_m1_pmf +ap_wpa2_plaintext_m1_m3 +ap_wpa2_plaintext_m1_m3_pmf +ap_wpa2_plaintext_m3 +ap_wpa2_psk +ap_wpa2_psk_4addr +ap_wpa2_psk_ap_control_port +ap_wpa2_psk_assoc_rsn +ap_wpa2_psk_assoc_rsn_pmkid +ap_wpa2_psk_disable_enable +ap_wpa2_psk_drop_first_msg_4 +ap_wpa2_psk_ext +ap_wpa2_psk_ext_delayed_ptk_rekey +ap_wpa2_psk_ext_eapol +ap_wpa2_psk_ext_eapol_key_info +ap_wpa2_psk_ext_eapol_retry1 +ap_wpa2_psk_ext_eapol_retry1b +ap_wpa2_psk_ext_eapol_retry1c +ap_wpa2_psk_ext_eapol_retry1d +ap_wpa2_psk_ext_eapol_type_diff +ap_wpa2_psk_ext_key_id_ptk_rekey_ap0 +ap_wpa2_psk_ext_key_id_ptk_rekey_ap1 +ap_wpa2_psk_ext_key_id_ptk_rekey_ap2 +ap_wpa2_psk_ext_key_id_ptk_rekey_sta0 +ap_wpa2_psk_ext_key_id_ptk_rekey_sta1 +ap_wpa2_psk_ext_key_id_ptk_rekey_sta2 +ap_wpa2_psk_ext_retry_msg_3 +ap_wpa2_psk_ext_retry_msg_3b +ap_wpa2_psk_ext_retry_msg_3c +ap_wpa2_psk_ext_retry_msg_3d +ap_wpa2_psk_ext_retry_msg_3e +ap_wpa2_psk_file +ap_wpa2_psk_file_errors +ap_wpa2_psk_file_keyid +ap_wpa2_psk_ft_workaround +ap_wpa2_psk_incorrect_passphrase +ap_wpa2_psk_local_error +ap_wpa2_psk_mem +ap_wpa2_psk_mic_0 +ap_wpa2_psk_no_random +ap_wpa2_psk_rsne_mismatch_ap +ap_wpa2_psk_rsne_mismatch_ap2 +ap_wpa2_psk_rsne_mismatch_ap3 +ap_wpa2_psk_rsnxe_mismatch_ap +ap_wpa2_psk_supp_proto +ap_wpa2_psk_supp_proto_anonce_change +ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3 +ap_wpa2_psk_supp_proto_gtk_not_encrypted +ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround +ap_wpa2_psk_supp_proto_ie_mismatch +ap_wpa2_psk_supp_proto_msg_1_invalid_kde +ap_wpa2_psk_supp_proto_no_gtk +ap_wpa2_psk_supp_proto_no_gtk_in_group_msg +ap_wpa2_psk_supp_proto_no_ie +ap_wpa2_psk_supp_proto_ok +ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg +ap_wpa2_psk_supp_proto_too_long_gtk_kde +ap_wpa2_psk_supp_proto_unexpected_group_msg +ap_wpa2_psk_supp_proto_wrong_group_key_len +ap_wpa2_psk_supp_proto_wrong_pairwise_key_len +ap_wpa2_psk_unexpected +ap_wpa2_psk_wep +ap_wpa2_psk_wildcard_ssid +ap_wpa2_ptk_rekey +ap_wpa2_ptk_rekey_anonce +ap_wpa2_ptk_rekey_ap +ap_wpa2_ptk_rekey_blocked_ap +ap_wpa2_ptk_rekey_blocked_sta +ap_wpa2_sha256_ptk_rekey +ap_wpa2_sha256_ptk_rekey_ap +ap_wpa2_strict_rekey +ap_wpa2_tdls +ap_wpa2_tdls_bssid_mismatch +ap_wpa2_tdls_concurrent_init +ap_wpa2_tdls_concurrent_init2 +ap_wpa2_tdls_decline_resp +ap_wpa2_tdls_diff_rsnie +ap_wpa2_tdls_double_tpk_m2 +ap_wpa2_tdls_long_frame +ap_wpa2_tdls_long_lifetime +ap_wpa2_tdls_reneg +ap_wpa2_tdls_responder_teardown +ap_wpa2_tdls_wrong_lifetime_resp +ap_wpa2_tdls_wrong_tpk_m2_mic +ap_wpa2_tdls_wrong_tpk_m3_mic +ap_wpa2_test_command_failures +ap_wpa3_eap_transition_disable +ap_wpa_gtk_rekey +ap_wpa_ie_parsing +ap_wpa_mixed_tdls +ap_wpa_psk_ext_eapol +ap_wpa_psk_rsn_pairwise +ap_wpa_ptk_rekey +ap_wpa_ptk_rekey_ap +ap_wpa_tdls +ap_wps_adv_oom +ap_wps_and_bss_limit +ap_wps_and_non_wps +ap_wps_and_sae +ap_wps_ap_pin_failure +ap_wps_appl_ext +ap_wps_ap_scan_2 +ap_wps_assoc_req_ie_oom +ap_wps_assoc_resp_ie_oom +ap_wps_authenticator_mismatch_m2 +ap_wps_authenticator_mismatch_m3 +ap_wps_authenticator_mismatch_m4 +ap_wps_authenticator_mismatch_m5 +ap_wps_authenticator_mismatch_m6 +ap_wps_authenticator_mismatch_m7 +ap_wps_authenticator_mismatch_m8 +ap_wps_authenticator_missing_m2 +ap_wps_check_pin +ap_wps_conf_and_sae +ap_wps_conf_and_sae_h2e +ap_wps_config_methods +ap_wps_config_without_wps +ap_wps_conf_pin +ap_wps_conf_pin_2sta +ap_wps_conf_pin_ccmp_256 +ap_wps_conf_pin_gcmp_128 +ap_wps_conf_pin_gcmp_256 +ap_wps_conf_pin_mixed_mode +ap_wps_conf_pin_timeout +ap_wps_conf_pin_v1 +ap_wps_conf_stub_cred +ap_wps_disabled +ap_wps_disable_enable +ap_wps_eapol_workaround +ap_wps_eap_wsc +ap_wps_eap_wsc_errors +ap_wps_e_hash_no_random_sta +ap_wps_encr_no_random_ap +ap_wps_encr_oom_ap +ap_wps_er_add_enrollee_uuid +ap_wps_er_cache_ap_settings +ap_wps_er_cache_ap_settings_oom +ap_wps_er_cache_ap_settings_oom2 +ap_wps_er_config_ap +ap_wps_er_enrollee_to_conf_ap +ap_wps_er_enrollee_to_conf_ap2 +ap_wps_er_http_client +ap_wps_er_http_client_timeout +ap_wps_er_http_proto +ap_wps_er_http_proto_control_url_dns +ap_wps_er_http_proto_event_sub_url_dns +ap_wps_er_http_proto_invalid_sid_no_uuid +ap_wps_er_http_proto_invalid_sid_uuid +ap_wps_er_http_proto_no_control_url +ap_wps_er_http_proto_no_event_sub_url +ap_wps_er_http_proto_no_sid +ap_wps_er_http_proto_subscribe_failing +ap_wps_er_http_proto_subscribe_invalid_response +ap_wps_er_http_proto_subscribe_oom +ap_wps_er_http_proto_upnp_info_invalid_udn_uuid +ap_wps_er_http_proto_upnp_info_no_device +ap_wps_er_http_proto_upnp_info_no_device_type +ap_wps_er_init_fail +ap_wps_er_init_oom +ap_wps_er_learn_oom +ap_wps_er_link_update +ap_wps_er_multi_add_enrollee +ap_wps_er_oom +ap_wps_er_pbc_overlap +ap_wps_er_set_sel_reg_oom +ap_wps_er_ssdp_proto +ap_wps_er_subscribe_oom +ap_wps_er_unsubscribe_errors +ap_wps_er_url_parse +ap_wps_er_v10_add_enrollee_pin +ap_wps_frag_ack_oom +ap_wps_fragmentation +ap_wps_from_event +ap_wps_ie_fragmentation +ap_wps_ie_invalid +ap_wps_ignore_broadcast_ssid +ap_wps_incorrect_pin +ap_wps_init +ap_wps_init_2ap_pbc +ap_wps_init_2ap_pin +ap_wps_init_oom +ap_wps_init_through_wps_config +ap_wps_init_through_wps_config_2 +ap_wps_invalid_assoc_req_elem +ap_wps_invalid_wps_config_passphrase +ap_wps_m1_no_random +ap_wps_m1_oom +ap_wps_m2_dev_passwd_id_change_pbc_to_pin +ap_wps_m2_dev_passwd_id_change_pin_to_pbc +ap_wps_m2_dev_passwd_id_p2p +ap_wps_m2_invalid +ap_wps_m2_missing_dev_passwd_id +ap_wps_m2_missing_enrollee_nonce +ap_wps_m2_missing_msg_type +ap_wps_m2_missing_registrar_nonce +ap_wps_m2_missing_uuid_r +ap_wps_m2_msg_type_m4 +ap_wps_m2_msg_type_m6 +ap_wps_m2_msg_type_m8 +ap_wps_m2_unknown_msg_type +ap_wps_m2_unknown_opcode +ap_wps_m2_unknown_opcode2 +ap_wps_m2_unknown_opcode3 +ap_wps_m3_oom +ap_wps_m4_msg_type_m2 +ap_wps_m4_msg_type_m2d +ap_wps_m5_no_random +ap_wps_m5_oom +ap_wps_m7_no_random +ap_wps_m7_oom +ap_wps_mixed_cred +ap_wps_new_version_ap +ap_wps_new_version_sta +ap_wps_passive_scan +ap_wps_pbc_2ap +ap_wps_pbc_in_m1 +ap_wps_pbc_mac_addr_change +ap_wps_pbc_overlap_2ap +ap_wps_pbc_overlap_2ap_specific_bssid +ap_wps_pbc_overlap_2sta +ap_wps_pbc_pin_mismatch +ap_wps_pbc_session_workaround +ap_wps_per_station_psk +ap_wps_per_station_psk_failure +ap_wps_per_station_psk_preset +ap_wps_pin_get_failure +ap_wps_pin_request_file +ap_wps_pin_start_failure +ap_wps_pk_oom +ap_wps_pk_oom_ap +ap_wps_priority +ap_wps_probe_req_ie_oom +ap_wps_random_ap_pin +ap_wps_random_psk_fail +ap_wps_random_uuid +ap_wps_reg_config +ap_wps_reg_config_and_sae +ap_wps_reg_config_ext_processing +ap_wps_reg_config_tkip +ap_wps_reg_connect +ap_wps_reg_connect_mixed_mode +ap_wps_reg_connect_zero_len_ap_pin +ap_wps_registrar_init_errors +ap_wps_reg_override_ap_settings +ap_wps_rf_bands +ap_wps_scan_prio_order +ap_wps_set_selected_registrar_proto +ap_wps_setup_locked +ap_wps_setup_locked_2 +ap_wps_ssdp_burst +ap_wps_ssdp_invalid_msearch +ap_wps_ssdp_msearch +ap_wps_tkip +ap_wps_twice +ap_wps_upnp +ap_wps_upnp_http_proto +ap_wps_upnp_http_proto_chunked +ap_wps_upnp_subscribe +ap_wps_upnp_subscribe_events +ap_wps_upnp_web_oom +ap_wps_wep +ap_wps_wep_config +ap_wps_wep_enroll +ap_wps_while_connected +ap_wps_while_connected_no_autoconnect +ap_wps_wpa_cli_action +ap_wps_wsc_done_oom +cert_check_basic +cert_check_dnsname +cert_check_dnsname_alt +cert_check_dnsname_cn +cert_check_dnsname_wildcard +cert_check_v3 +dpp_akm_sha256 +dpp_akm_sha384 +dpp_akm_sha512 +dpp_and_sae_akm +dpp_ap_config +dpp_ap_config_bp256_bp256 +dpp_ap_config_bp256_p256 +dpp_ap_config_bp384_bp384 +dpp_ap_config_bp512_bp512 +dpp_ap_config_bp512_p521 +dpp_ap_config_p256_bp256 +dpp_ap_config_p256_p256 +dpp_ap_config_p256_p384 +dpp_ap_config_p256_p521 +dpp_ap_config_p384_p256 +dpp_ap_config_p384_p384 +dpp_ap_config_p384_p521 +dpp_ap_config_p521_bp512 +dpp_ap_config_p521_p256 +dpp_ap_config_p521_p384 +dpp_ap_config_p521_p521 +dpp_ap_config_reconfig_configurator +dpp_ap_config_sae +dpp_auth_req_retries +dpp_auth_req_retries_multi_chan +dpp_auth_req_stop_after_ack +dpp_auth_resp_aes_siv_issue +dpp_auth_resp_retries +dpp_auth_resp_status_failure +dpp_auto_connect_2_connect_cmd +dpp_auto_connect_legacy +dpp_auto_connect_legacy_pmf_required +dpp_auto_connect_legacy_psk_sae_1 +dpp_auto_connect_legacy_psk_sae_2 +dpp_auto_connect_legacy_psk_sae_3 +dpp_auto_connect_legacy_sae_1 +dpp_auto_connect_legacy_sae_2 +dpp_auto_connect_legacy_ssid_charset +dpp_bootstrap_gen_failures +dpp_bootstrap_key_autogen_issues +dpp_chirp_ap +dpp_chirp_ap_as_configurator +dpp_chirp_ap_errors +dpp_chirp_configurator +dpp_chirp_configurator_inits +dpp_conf_file_update +dpp_config_connector_error_empty_groups +dpp_config_connector_error_expired_1 +dpp_config_connector_error_expired_2 +dpp_config_connector_error_expired_3 +dpp_config_connector_error_expired_4 +dpp_config_connector_error_expired_5 +dpp_config_connector_error_expired_6 +dpp_config_connector_error_ext_sign +dpp_config_connector_error_invalid_timestamp +dpp_config_connector_error_invalid_timestamp_date +dpp_config_connector_error_invalid_time_zone +dpp_config_connector_error_invalid_time_zone_2 +dpp_config_connector_error_missing_group_id +dpp_config_connector_error_missing_net_access_key +dpp_config_connector_error_missing_net_role +dpp_config_connector_error_net_access_key_mismatch +dpp_config_connector_error_no_groups +dpp_config_connector_error_too_short_timestamp +dpp_config_dpp_gen_3rd_party +dpp_config_dpp_gen_expired_key +dpp_config_dpp_gen_expiry +dpp_config_dpp_gen_prime256v1 +dpp_config_dpp_gen_prime256v1_prime256v1 +dpp_config_dpp_gen_prime256v1_secp384r1 +dpp_config_dpp_gen_prime256v1_secp384r1_secp384r1 +dpp_config_dpp_gen_prime256v1_secp521r1 +dpp_config_dpp_gen_secp384r1 +dpp_config_dpp_gen_secp384r1_prime256v1 +dpp_config_dpp_gen_secp384r1_secp384r1 +dpp_config_dpp_gen_secp384r1_secp521r1 +dpp_config_dpp_gen_secp521r1 +dpp_config_dpp_gen_secp521r1_prime256v1 +dpp_config_dpp_gen_secp521r1_secp384r1 +dpp_config_dpp_gen_secp521r1_secp521r1 +dpp_config_dpp_override_prime256v1 +dpp_config_dpp_override_secp384r1 +dpp_config_dpp_override_secp521r1 +dpp_config_error_legacy_invalid_psk +dpp_config_error_legacy_no_pass +dpp_config_error_legacy_no_pass_for_sae +dpp_config_error_legacy_psk_with_sae +dpp_config_error_legacy_too_long_pass +dpp_config_error_legacy_too_short_pass +dpp_config_error_legacy_too_short_psk +dpp_config_fragmentation +dpp_config_jwk_error_invalid_x +dpp_config_jwk_error_invalid_xy +dpp_config_jwk_error_invalid_y +dpp_config_jwk_error_no_crv +dpp_config_jwk_error_no_kid +dpp_config_jwk_error_no_kty +dpp_config_jwk_error_no_x +dpp_config_jwk_error_no_y +dpp_config_jwk_error_unexpected_kty +dpp_config_jwk_error_unsupported_crv +dpp_config_jws_error_prot_hdr_no_alg +dpp_config_jws_error_prot_hdr_no_kid +dpp_config_jws_error_prot_hdr_not_an_object +dpp_config_jws_error_prot_hdr_no_typ +dpp_config_jws_error_prot_hdr_unexpected_alg +dpp_config_jws_error_prot_hdr_unexpected_kid +dpp_config_jws_error_prot_hdr_unsupported_typ +dpp_config_legacy +dpp_config_legacy_gen +dpp_config_legacy_gen_psk +dpp_config_legacy_gen_sta_ap_conf +dpp_config_legacy_gen_two_conf +dpp_config_legacy_gen_two_conf_psk +dpp_config_legacy_psk_hex +dpp_config_no_cred +dpp_config_no_cred_akm +dpp_config_no_csign +dpp_config_no_discovery +dpp_config_no_discovery_ssid +dpp_config_no_signed_connector +dpp_config_no_wi_fi_tech +dpp_config_override_objects +dpp_config_root_not_an_object +dpp_config_save +dpp_config_save2 +dpp_config_save3 +dpp_config_signed_connector_error_invalid_signature_der +dpp_config_signed_connector_error_no_dot_1 +dpp_config_signed_connector_error_no_dot_2 +dpp_config_signed_connector_error_unexpected_signature_len +dpp_config_too_long_discovery_ssid +dpp_config_unexpected_signed_connector_char +dpp_config_unsupported_cred_akm +dpp_config_unsupported_wi_fi_tech +dpp_configurator_enroll_conf +dpp_configurator_enrollee +dpp_configurator_enrollee_brainpoolP256r1 +dpp_configurator_enrollee_brainpoolP384r1 +dpp_configurator_enrollee_brainpoolP512r1 +dpp_configurator_enrollee_prime256v1 +dpp_configurator_enrollee_secp384r1 +dpp_configurator_enrollee_secp521r1 +dpp_configurator_id_unknown +dpp_conn_status_assoc_reject +dpp_conn_status_connector_mismatch +dpp_conn_status_no_ap +dpp_conn_status_success +dpp_conn_status_wrong_passphrase +dpp_controller_init_through_relay +dpp_controller_init_through_relay_add +dpp_controller_init_through_relay_dynamic +dpp_controller_relay +dpp_controller_relay_chirp +dpp_controller_relay_chirp_duplicate +dpp_controller_relay_discover +dpp_controller_relay_pkex +dpp_controller_rx_errors +dpp_controller_rx_failure +dpp_discard_public_action +dpp_duplicated_auth_conf +dpp_duplicated_auth_resp +dpp_enrollee_ap_reject_config +dpp_enrollee_reject_config +dpp_enterprise +dpp_enterprise_reject +dpp_enterprise_tcp +dpp_enterprise_tcp2 +dpp_gas +dpp_gas_comeback_after_failure +dpp_gas_timeout +dpp_gas_timeout_handling +dpp_hostapd_auth_conf_timeout +dpp_hostapd_auth_resp_retries +dpp_hostapd_configurator +dpp_hostapd_configurator_enrollee_v1 +dpp_hostapd_configurator_fragmentation +dpp_hostapd_configurator_override_objects +dpp_hostapd_configurator_responder +dpp_hostapd_enrollee_fragmentation +dpp_hostapd_enrollee_gas_errors +dpp_hostapd_enrollee_gas_proto +dpp_hostapd_enrollee_gas_timeout +dpp_hostapd_enrollee_gas_timeout_comeback +dpp_hostapd_enrollee_gas_tx_status_errors +dpp_intro_mismatch +dpp_invalid_configurator_key +dpp_invalid_legacy_params +dpp_invalid_legacy_params2 +dpp_keygen_configurator_error +dpp_nfc_negotiated_handover_diff_curve +dpp_nfc_negotiated_handover_hostapd_req +dpp_nfc_negotiated_handover_hostapd_sel +dpp_own_config +dpp_own_config_ap +dpp_own_config_ap_group_id +dpp_own_config_ap_reconf +dpp_own_config_curve_mismatch +dpp_own_config_group_id +dpp_own_config_sign_fail +dpp_peer_intro_failures +dpp_peer_intro_local_failures +dpp_pfs_ap_0 +dpp_pfs_ap_0_sta_ver1 +dpp_pfs_ap_2 +dpp_pfs_connect_cmd_ap_2 +dpp_pfs_connect_cmd_ap_2_sae +dpp_pkex +dpp_pkex_after_retry +dpp_pkex_alloc_fail +dpp_pkex_bp256 +dpp_pkex_bp384 +dpp_pkex_bp512 +dpp_pkex_code_mismatch +dpp_pkex_code_mismatch_limit +dpp_pkex_commit_reveal_req_processing_failure +dpp_pkex_config +dpp_pkex_config2 +dpp_pkex_curve_mismatch +dpp_pkex_curve_mismatch_failure +dpp_pkex_curve_mismatch_failure2 +dpp_pkex_exchange_resp_processing_failure +dpp_pkex_hostapd_errors +dpp_pkex_identifier_mismatch +dpp_pkex_identifier_mismatch2 +dpp_pkex_identifier_mismatch3 +dpp_pkex_nak_curve_change +dpp_pkex_nak_curve_change2 +dpp_pkex_no_identifier +dpp_pkex_no_responder +dpp_pkex_p256 +dpp_pkex_p384 +dpp_pkex_p521 +dpp_pkex_test_fail +dpp_pkex_test_vector +dpp_pkex_v2 +dpp_pkex_v2_hostapd_initiator +dpp_pkex_v2_hostapd_responder +dpp_proto_after_wrapped_data_auth_conf +dpp_proto_after_wrapped_data_auth_req +dpp_proto_after_wrapped_data_auth_resp +dpp_proto_after_wrapped_data_conf_req +dpp_proto_after_wrapped_data_conf_resp +dpp_proto_after_wrapped_data_pkex_cr_req +dpp_proto_after_wrapped_data_pkex_cr_resp +dpp_proto_auth_conf_i_auth_mismatch +dpp_proto_auth_conf_invalid_i_bootstrap_key +dpp_proto_auth_conf_invalid_r_bootstrap_key +dpp_proto_auth_conf_invalid_status +dpp_proto_auth_conf_no_i_auth +dpp_proto_auth_conf_no_i_bootstrap_key +dpp_proto_auth_conf_no_r_bootstrap_key +dpp_proto_auth_conf_no_status +dpp_proto_auth_conf_no_wrapped_data +dpp_proto_auth_conf_replaced_by_resp +dpp_proto_auth_req_invalid_i_bootstrap_key +dpp_proto_auth_req_invalid_i_nonce +dpp_proto_auth_req_invalid_i_proto_key +dpp_proto_auth_req_invalid_r_bootstrap_key +dpp_proto_auth_req_no_i_bootstrap_key +dpp_proto_auth_req_no_i_capab +dpp_proto_auth_req_no_i_nonce +dpp_proto_auth_req_no_i_proto_key +dpp_proto_auth_req_no_r_bootstrap_key +dpp_proto_auth_req_no_wrapped_data +dpp_proto_auth_resp_incompatible_r_capab +dpp_proto_auth_resp_i_nonce_mismatch +dpp_proto_auth_resp_invalid_i_bootstrap_key +dpp_proto_auth_resp_invalid_r_bootstrap_key +dpp_proto_auth_resp_invalid_r_proto_key +dpp_proto_auth_resp_invalid_status +dpp_proto_auth_resp_no_i_bootstrap_key +dpp_proto_auth_resp_no_i_nonce +dpp_proto_auth_resp_no_r_auth +dpp_proto_auth_resp_no_r_bootstrap_key +dpp_proto_auth_resp_no_r_capab +dpp_proto_auth_resp_no_r_nonce +dpp_proto_auth_resp_no_r_proto_key +dpp_proto_auth_resp_no_status +dpp_proto_auth_resp_no_wrapped_data +dpp_proto_auth_resp_r_auth_mismatch +dpp_proto_auth_resp_r_auth_mismatch_failure +dpp_proto_auth_resp_r_auth_mismatch_failure2 +dpp_proto_auth_resp_status_invalid_i_bootstrap_key +dpp_proto_auth_resp_status_invalid_r_bootstrap_key +dpp_proto_auth_resp_status_no_i_bootstrap_key +dpp_proto_auth_resp_status_no_i_nonce +dpp_proto_auth_resp_status_no_r_bootstrap_key +dpp_proto_auth_resp_status_no_status +dpp_proto_conf_req_invalid_config_attr_obj +dpp_proto_conf_req_invalid_e_nonce +dpp_proto_conf_req_no_config_attr_obj +dpp_proto_conf_req_no_e_nonce +dpp_proto_conf_req_no_wrapped_data +dpp_proto_conf_resp_e_nonce_mismatch +dpp_proto_conf_resp_invalid_status +dpp_proto_conf_resp_no_config_obj +dpp_proto_conf_resp_no_e_nonce +dpp_proto_conf_resp_no_status +dpp_proto_conf_resp_no_wrapped_data +dpp_proto_network_introduction +dpp_proto_pkex_cr_req_i_auth_tag_mismatch +dpp_proto_pkex_cr_req_invalid_bootstrap_key +dpp_proto_pkex_cr_req_no_bootstrap_key +dpp_proto_pkex_cr_req_no_i_auth_tag +dpp_proto_pkex_cr_req_no_wrapped_data +dpp_proto_pkex_cr_resp_invalid_bootstrap_key +dpp_proto_pkex_cr_resp_no_bootstrap_key +dpp_proto_pkex_cr_resp_no_r_auth_tag +dpp_proto_pkex_cr_resp_no_wrapped_data +dpp_proto_pkex_cr_resp_r_auth_tag_mismatch +dpp_proto_pkex_exchange_req_invalid_encrypted_key +dpp_proto_pkex_exchange_req_no_encrypted_key +dpp_proto_pkex_exchange_req_no_finite_cyclic_group +dpp_proto_pkex_exchange_resp_invalid_encrypted_key +dpp_proto_pkex_exchange_resp_invalid_status +dpp_proto_pkex_exchange_resp_no_encrypted_key +dpp_proto_pkex_exchange_resp_no_status +dpp_proto_stop_at_auth_conf +dpp_proto_stop_at_auth_conf_tx +dpp_proto_stop_at_auth_conf_tx2 +dpp_proto_stop_at_auth_req +dpp_proto_stop_at_auth_resp +dpp_proto_stop_at_conf_req +dpp_proto_stop_at_pkex_cr_req +dpp_proto_stop_at_pkex_cr_resp +dpp_proto_stop_at_pkex_exchange_resp +dpp_proto_zero_i_capab +dpp_proto_zero_r_capab +dpp_qr_code_auth_broadcast +dpp_qr_code_auth_enrollee_init_netrole +dpp_qr_code_auth_hostapd_mutual2 +dpp_qr_code_auth_incompatible_roles +dpp_qr_code_auth_incompatible_roles2 +dpp_qr_code_auth_incompatible_roles_failure +dpp_qr_code_auth_incompatible_roles_failure2 +dpp_qr_code_auth_incompatible_roles_failure3 +dpp_qr_code_auth_initiator_either_1 +dpp_qr_code_auth_initiator_either_2 +dpp_qr_code_auth_initiator_either_3 +dpp_qr_code_auth_initiator_enrollee +dpp_qr_code_auth_mutual +dpp_qr_code_auth_mutual2 +dpp_qr_code_auth_mutual_bp_256 +dpp_qr_code_auth_mutual_bp_384 +dpp_qr_code_auth_mutual_bp_512 +dpp_qr_code_auth_mutual_curve_mismatch +dpp_qr_code_auth_mutual_not_used +dpp_qr_code_auth_mutual_p_256 +dpp_qr_code_auth_mutual_p_384 +dpp_qr_code_auth_mutual_p_521 +dpp_qr_code_auth_neg_chan +dpp_qr_code_auth_rand_mac_addr +dpp_qr_code_auth_responder_configurator +dpp_qr_code_auth_responder_configurator_group_id +dpp_qr_code_auth_unicast +dpp_qr_code_auth_unicast_ap_enrollee +dpp_qr_code_chan_list_no_match +dpp_qr_code_chan_list_no_peer_unicast +dpp_qr_code_chan_list_unicast +dpp_qr_code_chan_list_unicast2 +dpp_qr_code_config_event_initiator_both +dpp_qr_code_config_event_initiator_failure +dpp_qr_code_config_event_initiator_no_response +dpp_qr_code_config_event_initiator_slow +dpp_qr_code_curve_brainpoolP256r1 +dpp_qr_code_curve_brainpoolP384r1 +dpp_qr_code_curve_brainpoolP512r1 +dpp_qr_code_curve_prime256v1 +dpp_qr_code_curves +dpp_qr_code_curves_brainpool +dpp_qr_code_curve_secp384r1 +dpp_qr_code_curve_secp521r1 +dpp_qr_code_curve_select +dpp_qr_code_hostapd_ignore_mismatch +dpp_qr_code_hostapd_init +dpp_qr_code_hostapd_init_offchannel +dpp_qr_code_hostapd_init_offchannel_configurator +dpp_qr_code_hostapd_init_offchannel_neg_freq +dpp_qr_code_keygen_fail +dpp_qr_code_listen_continue +dpp_qr_code_no_chan_list_broadcast +dpp_qr_code_no_chan_list_unicast +dpp_qr_code_parsing +dpp_qr_code_parsing_fail +dpp_qr_code_set_key +dpp_qr_code_unsupported_curve +dpp_reconfig_connector +dpp_reconfig_connector_different_groups +dpp_reconfig_hostapd_configurator +dpp_relay_incomplete_connections +dpp_tcp +dpp_tcp_conf_init +dpp_tcp_conf_init_hostapd_enrollee +dpp_tcp_controller_management_hostapd +dpp_tcp_controller_management_hostapd2 +dpp_tcp_controller_start_failure +dpp_tcp_init_failure +dpp_tcp_mutual +dpp_tcp_mutual_hostapd_conf +dpp_tcp_pkex +dpp_tcp_pkex_auto_connect_2 +dpp_tcp_pkex_auto_connect_2_status +dpp_tcp_pkex_auto_connect_2_status_fail +dpp_tcp_pkex_while_associated +dpp_tcp_pkex_while_associated_conn_status +dpp_tcp_port +dpp_tcp_qr_code_config_event_initiator +dpp_test_vector_p_256 +dpp_test_vector_p_256_b +dpp_test_vector_p_521 +dpp_truncated_attr +dpp_two_initiators +dpp_uri_host +dpp_uri_supported_curves +dpp_uri_version +dpp_with_p2p_device +eap_canned_failure_before_method +eap_canned_success_after_identity +eap_canned_success_before_method +eap_fast_proto +eap_fast_proto_phase2 +eap_fast_tlv_nak_oom +eap_gpsk_errors +eap_mschapv2_errors +eap_nak_expanded +eap_nak_oom +eap_proto +eap_proto_aka +eap_proto_aka_errors +eap_proto_aka_prime +eap_proto_aka_prime_errors +eap_proto_eke +eap_proto_eke_errors +eap_proto_erp +eap_proto_expanded +eap_proto_fast_errors +eap_proto_gpsk +eap_proto_gpsk_errors_server +eap_proto_gpsk_server +eap_proto_ikev2 +eap_proto_ikev2_errors +eap_proto_ikev2_errors_server +eap_proto_ikev2_server +eap_proto_leap +eap_proto_leap_errors +eap_proto_md5 +eap_proto_md5_errors +eap_proto_md5_errors_server +eap_proto_md5_server +eap_proto_mschapv2 +eap_proto_mschapv2_errors +eap_proto_notification_errors +eap_proto_otp +eap_proto_otp_errors +eap_proto_pax +eap_proto_pax_errors +eap_proto_pax_errors_server +eap_proto_pax_server +eap_proto_psk +eap_proto_psk_errors +eap_proto_psk_errors_server +eap_proto_psk_server +eap_proto_pwd +eap_proto_pwd_errors +eap_proto_pwd_errors_server +eap_proto_pwd_invalid_element +eap_proto_pwd_invalid_element_peer +eap_proto_pwd_invalid_scalar +eap_proto_pwd_invalid_scalar_peer +eap_proto_pwd_reflection_attack +eap_proto_pwd_server +eap_proto_pwd_unexpected_fragment +eap_proto_sake +eap_proto_sake_errors +eap_proto_sake_errors2 +eap_proto_sake_errors_server +eap_proto_sake_server +eap_proto_sim +eap_proto_sim_errors +eap_proto_tls +eap_proto_tnc +eap_proto_wsc +eap_teap_basic_password_auth_failure +eap_teap_basic_password_auth_id2 +eap_teap_basic_password_auth_no_password +eap_teap_basic_password_auth_user_and_machine_fail_machine +eap_teap_basic_password_auth_user_and_machine_fail_user +eap_teap_basic_password_auth_user_and_machine_no_machine +eap_teap_eap_eke_unauth_server_prov +eap_teap_eap_mschapv2_id2 +eap_teap_eap_mschapv2_pac_no_ca_cert +eap_teap_eap_mschapv2_user_and_machine_fail_machine +eap_teap_eap_mschapv2_user_and_machine_fail_user +eap_teap_eap_mschapv2_user_and_machine_no_machine +eap_teap_tls_cs_sha1 +eap_teap_tls_cs_sha256 +eap_teap_tls_cs_sha384 +eap_tls_sha384 +eap_tls_sha512 +ext_password_file_psk +ext_password_interworking +ext_password_psk +ext_password_psk_not_found +ext_password_sae +ext_radio_work +ext_radio_work_disconnect_connect +fils_sk_pfs_25 +gas_anqp_address3_ap_non_compliant +gas_anqp_capab_list +gas_anqp_extra_elements +gas_anqp_get +gas_anqp_get_no_scan +gas_anqp_get_oom +gas_anqp_hs20_proto +gas_anqp_icon_binary_proto +gas_anqp_oom_hapd +gas_anqp_oom_wpas +gas_anqp_overrides +gas_anqp_venue_url +gas_anqp_venue_url2 +gas_anqp_venue_url_pmf +gas_comeback_delay +gas_comeback_delay_long +gas_comeback_delay_long2 +gas_comeback_resp_additional_delay +gas_concurrent_scan +gas_delete_at_deinit +gas_failures +gas_failure_status_code +gas_fragment +gas_fragment_mcc +gas_fragment_with_comeback_delay +gas_fragment_with_comeback_delay_mcc +gas_generic +gas_invalid_response_type +gas_malformed +gas_malformed_comeback_resp +gas_max_pending +gas_missing_payload +gas_no_dialog_token_match +gas_no_pending +gas_query_deinit +gas_rand_ta +gas_request_oom +gas_server_oom +hostapd_oom_open +hostapd_oom_wpa2_eap_radius +hostapd_oom_wpa2_psk +ieee8021x_auth_awhile +ieee8021x_eapol_key +ieee8021x_eapol_start +ieee8021x_force_unauth +ieee8021x_held +ieee8021x_open +ieee8021x_open_leap +ieee8021x_proto +ieee8021x_reauth +ieee8021x_set_conf +ieee8021x_wep104 +ieee8021x_wep_index_workaround +macsec_gcm_aes_256 +macsec_hostapd_eap +macsec_hostapd_eap_psk +macsec_hostapd_psk +macsec_psk +macsec_psk_256 +macsec_psk_br2 +macsec_psk_br2_same_prio +macsec_psk_br3 +macsec_psk_br3_same_prio +macsec_psk_cak_mismatch +macsec_psk_ckn_mismatch +macsec_psk_different_ports +macsec_psk_fail_cp +macsec_psk_fail_cp2 +macsec_psk_integ_only +macsec_psk_mka_life_time +macsec_psk_ns +macsec_psk_port +macsec_psk_shorter_ckn +macsec_psk_shorter_ckn2 +module_hostapd +module_wpa_supplicant +monitor_iface_wpa2_psk +multi_ap_backhaul_shared_bss +multi_ap_disabled_on_ap +multi_ap_fronthaul_on_ap +multi_ap_wps_fail_non_multi_ap +multi_ap_wps_shared_psk +multi_ap_wps_split_psk +nfc_p2p_both_go +nfc_p2p_go_neg_reverse +nfc_p2p_static_handover_invalid +nfc_p2p_tag_enable_disable +nfc_wps_handover_errors +nfc_wps_handover_failure +nfc_wps_handover_pk_hash_mismatch_ap +nfc_wps_handover_pk_hash_mismatch_sta +openssl_ecdh_curves +owe_assoc_reject +owe_double_assoc +owe_group_negotiation +owe_group_negotiation_connect_cmd +owe_invalid_assoc_resp +owe_local_errors +owe_only_sta +owe_only_sta_tm_ap +owe_ptk_hash +owe_ptk_workaround_ap +owe_sa_query +owe_transition_mode_disable +owe_transition_mode_ifname +owe_transition_mode_ifname_acs +owe_transition_mode_ifname_acs2 +owe_transition_mode_multi_assoc +owe_transition_mode_open_multiple_scans +owe_transition_mode_rsne_mismatch +owe_unsupported_group +owe_unsupported_group_connect_cmd +pasn_ap_mic_error +pasn_ccmp +pasn_ccmp_256 +pasn_channel_mismatch +pasn_comeback +pasn_comeback_after_0 +pasn_comeback_after_0_sae +pasn_comeback_multi +pasn_fils_sha256 +pasn_fils_sha384 +pasn_ft_psk +pasn_gcmp +pasn_gcmp_256 +pasn_group_mismatch +pasn_kdk_derivation +pasn_noauth_0 +pasn_owe_kdk_secure_ltf +pasn_owe_tm_kdk_secure_ltf +pasn_sae +pasn_sae_driver +pasn_sae_kdk +pasn_sae_kdk_ft +pasn_sae_kdk_secure_ltf +pasn_sae_while_connected_diff_channel +pasn_sae_while_connected_same_channel +pasn_sta_mic_error +pasn_while_connected_diff_channel +pasn_while_connected_same_ap +pasn_while_connected_same_channel +radius_acct +radius_acct_failure +radius_acct_failure_oom +radius_acct_failure_oom_rsn +radius_acct_failure_sta_data +radius_acct_ft_psk +radius_acct_ieee8021x +radius_acct_interim +radius_acct_interim_unreachable +radius_acct_interim_unreachable2 +radius_acct_ipaddr +radius_acct_non_ascii_ssid +radius_acct_pmksa_caching +radius_acct_psk +radius_acct_psk_sha256 +radius_acct_unreachable +radius_acct_unreachable2 +radius_acct_unreachable3 +radius_acct_unreachable4 +radius_auth_force_client_addr +radius_auth_force_client_dev +radius_auth_force_invalid_client_addr +radius_auth_unreachable +radius_auth_unreachable2 +radius_auth_unreachable3 +radius_das_coa +radius_das_disconnect +radius_das_disconnect_time_window +radius_ipv6 +radius_macacl +radius_macacl_acct +radius_macacl_oom +radius_macacl_unreachable +radius_protocol +radius_psk +radius_psk_default +radius_psk_during_4way_hs +radius_psk_hex_psk +radius_psk_invalid +radius_psk_invalid2 +radius_psk_oom +radius_psk_reject +radius_psk_reject_during_4way_hs +radius_psk_unknown_code +radius_req_attr +radius_sae_password +radius_server_failures +radius_tls_freeradius +sae +sae_akms +sae_and_psk +sae_and_psk2 +sae_and_psk_multiple_passwords +sae_and_psk_transition_disable +sae_auth_restart +sae_bignum_failure +sae_bignum_failure_unsafe_group +sae_commit_invalid_element_ap +sae_commit_invalid_element_sta +sae_commit_invalid_scalar_element_ap +sae_commit_invalid_scalar_element_sta +sae_commit_override +sae_commit_override2 +sae_confirm_immediate +sae_confirm_immediate2 +sae_connect_cmd +sae_ext_key_19 +sae_ext_key_19_gcmp256 +sae_ext_key_20 +sae_ext_key_20_gcmp256 +sae_ext_key_21 +sae_ext_key_21_gcmp256 +sae_ext_key_21_gcmp256_gcmp256 +sae_ext_key_h2e_rejected_group +sae_ext_key_h2e_rejected_group2 +sae_forced_anti_clogging +sae_forced_anti_clogging_h2e +sae_forced_anti_clogging_h2e_loop +sae_forced_anti_clogging_pw_id +sae_group_nego +sae_group_nego_no_match +sae_groups +sae_h2e_password_id +sae_h2e_rejected_groups +sae_h2e_rejected_groups_unexpected +sae_h2e_rsnxe_mismatch +sae_h2e_rsnxe_mismatch_ap +sae_h2e_rsnxe_mismatch_ap2 +sae_h2e_rsnxe_mismatch_ap3 +sae_h2e_rsnxe_mismatch_assoc +sae_h2e_rsnxe_mismatch_retries +sae_invalid_anti_clogging_token_req +sae_key_lifetime_in_memory +sae_mfp +sae_missing_password +sae_mixed +sae_mixed_check_mfp +sae_mixed_mfp +sae_no_ffc_by_default +sae_no_random +sae_ocv_pmk +sae_ocv_pmk_failure +sae_okc +sae_okc_pmk_lifetime +sae_okc_sta_only +sae_oom_wpas +sae_password +sae_password_ecc +sae_password_ffc +sae_password_file +sae_password_id +sae_password_id_ecc +sae_password_id_ffc +sae_password_id_only +sae_password_id_pwe_check_ap +sae_password_id_pwe_check_sta +sae_password_id_pwe_looping +sae_password_long +sae_password_short +sae_pk +sae_pk_and_psk +sae_pk_and_psk_invalid_password +sae_pk_confirm_immediate +sae_pk_group_19_sae_group_20 +sae_pk_group_20 +sae_pk_group_20_sae_group_19 +sae_pk_group_20_sae_group_21 +sae_pk_group_21 +sae_pk_group_negotiation +sae_pk_invalid_fingerprint +sae_pk_invalid_pw +sae_pk_invalid_signature +sae_pk_missing_ie +sae_pk_mixed +sae_pk_mixed_immediate_confirm +sae_pk_modes +sae_pk_not_on_ap +sae_pk_only +sae_pk_password_without_pk +sae_pk_sec_3 +sae_pk_sec_5 +sae_pk_transition_disable +sae_pk_unexpected_status +sae_pmf_roam +sae_pmk_lifetime +sae_pmksa_caching +sae_pmksa_caching_disabled +sae_pmksa_caching_pmkid +sae_pref_ap_wrong_password +sae_pref_ap_wrong_password2 +sae_proto_commit_delayed +sae_proto_commit_replay +sae_proto_confirm_replay +sae_proto_ecc +sae_proto_ffc +sae_proto_hostapd +sae_proto_hostapd_ecc +sae_proto_hostapd_ffc +sae_proto_hostapd_status_126 +sae_proto_hostapd_status_127 +sae_pwe_failure +sae_pwe_group_1 +sae_pwe_group_14 +sae_pwe_group_15 +sae_pwe_group_16 +sae_pwe_group_19 +sae_pwe_group_2 +sae_pwe_group_20 +sae_pwe_group_21 +sae_pwe_group_22 +sae_pwe_group_23 +sae_pwe_group_24 +sae_pwe_group_25 +sae_pwe_group_28 +sae_pwe_group_29 +sae_pwe_group_30 +sae_pwe_group_5 +sae_pwe_h2e_only_ap +sae_pwe_h2e_only_ap_sta_forcing_loop +sae_pwe_in_psk_ap +sae_pwe_loop_only_ap +sae_reauth +sae_reflection_attack_ecc +sae_reflection_attack_ecc_internal +sae_reflection_attack_ffc +sae_reflection_attack_ffc_internal +sae_reject +sae_rsne_mismatch +sae_sync +sae_wpa3_roam +sigma_dut_ap_beacon_prot +sigma_dut_ap_cipher_ccmp_128 +sigma_dut_ap_cipher_ccmp_256 +sigma_dut_ap_cipher_ccmp_gcmp_1 +sigma_dut_ap_cipher_ccmp_gcmp_2 +sigma_dut_ap_cipher_gcmp_128 +sigma_dut_ap_cipher_gcmp_256 +sigma_dut_ap_cipher_gcmp_256_group_ccmp +sigma_dut_ap_dpp_init_mud_url +sigma_dut_ap_dpp_offchannel +sigma_dut_ap_dpp_pkex_responder +sigma_dut_ap_dpp_pkex_responder_tcp +sigma_dut_ap_dpp_pkex_v1_responder +sigma_dut_ap_dpp_qr +sigma_dut_ap_dpp_qr_dpp_sae +sigma_dut_ap_dpp_qr_dpp_sae2 +sigma_dut_ap_dpp_qr_enrollee_chirp +sigma_dut_ap_dpp_qr_legacy +sigma_dut_ap_dpp_qr_legacy_psk +sigma_dut_ap_dpp_qr_mud_url +sigma_dut_ap_dpp_qr_sae +sigma_dut_ap_dpp_relay +sigma_dut_ap_dpp_self_config +sigma_dut_ap_dpp_self_config_connector_privacy +sigma_dut_ap_dpp_tcp_enrollee_init +sigma_dut_ap_eap +sigma_dut_ap_eap_sha256 +sigma_dut_ap_ent_ft_eap +sigma_dut_ap_ft_eap +sigma_dut_ap_ft_over_ds_psk +sigma_dut_ap_ft_psk +sigma_dut_ap_ft_rsnxe_used_mismatch +sigma_dut_ap_gtk_rekey +sigma_dut_ap_hs20 +sigma_dut_ap_ht40minus +sigma_dut_ap_ht40plus +sigma_dut_ap_ocv +sigma_dut_ap_override_rsne +sigma_dut_ap_owe +sigma_dut_ap_owe_ecgroupid +sigma_dut_ap_owe_ptk_workaround +sigma_dut_ap_owe_transition_mode +sigma_dut_ap_owe_transition_mode_2 +sigma_dut_ap_psk +sigma_dut_ap_psk_deauth +sigma_dut_ap_pskhex +sigma_dut_ap_psk_sae +sigma_dut_ap_psk_sae_ft +sigma_dut_ap_psk_sha256 +sigma_dut_ap_sae +sigma_dut_ap_sae_confirm_immediate +sigma_dut_ap_sae_group +sigma_dut_ap_sae_h2e +sigma_dut_ap_sae_h2e_anti_clogging +sigma_dut_ap_sae_h2e_group_rejection +sigma_dut_ap_sae_h2e_only +sigma_dut_ap_sae_h2e_rsnxe_mismatch +sigma_dut_ap_sae_loop_only +sigma_dut_ap_sae_password +sigma_dut_ap_sae_pk +sigma_dut_ap_sae_pk_misbehavior +sigma_dut_ap_sae_pk_mixed +sigma_dut_ap_sae_pw_id +sigma_dut_ap_sae_pw_id_ft +sigma_dut_ap_sae_pw_id_pwe_loop +sigma_dut_ap_suite_b +sigma_dut_ap_transition_disable +sigma_dut_ap_transition_disable_change +sigma_dut_ap_vht40 +sigma_dut_ap_vht80 +sigma_dut_basic +sigma_dut_beacon_prot +sigma_dut_dpp_curves_list +sigma_dut_dpp_enrollee_does_not_support_nak_curve +sigma_dut_dpp_enrollee_does_not_support_signing_curve +sigma_dut_dpp_incompatible_roles_init +sigma_dut_dpp_incompatible_roles_resp +sigma_dut_dpp_nfc_handover_requestor_enrollee +sigma_dut_dpp_nfc_handover_selector_enrollee +sigma_dut_dpp_nfc_static_read_enrollee +sigma_dut_dpp_nfc_static_write_enrollee +sigma_dut_dpp_pb_ap +sigma_dut_dpp_pb_ap2 +sigma_dut_dpp_pb_ap_misbehavior +sigma_dut_dpp_pb_configurator +sigma_dut_dpp_pb_configurator_session_overlap +sigma_dut_dpp_pb_sta +sigma_dut_dpp_pb_sta_first +sigma_dut_dpp_pb_sta_misbehavior +sigma_dut_dpp_pb_sta_session_overlap +sigma_dut_dpp_pkex_init_configurator +sigma_dut_dpp_pkex_init_configurator_tcp +sigma_dut_dpp_pkex_init_configurator_tcp_and_wifi +sigma_dut_dpp_pkex_init_configurator_tcp_through_relay +sigma_dut_dpp_pkex_responder_proto +sigma_dut_dpp_pkex_v1_only +sigma_dut_dpp_pkexv2_init_fallback_to_v1 +sigma_dut_dpp_proto_initiator +sigma_dut_dpp_proto_initiator_pkex +sigma_dut_dpp_proto_peer_disc_req +sigma_dut_dpp_proto_peer_disc_req2 +sigma_dut_dpp_proto_peer_disc_req3 +sigma_dut_dpp_proto_responder +sigma_dut_dpp_proto_responder_pkex +sigma_dut_dpp_proto_stop_at_initiator +sigma_dut_dpp_proto_stop_at_initiator_enrollee +sigma_dut_dpp_proto_stop_at_responder +sigma_dut_dpp_qr_configurator_chirp +sigma_dut_dpp_qr_enrollee_chirp +sigma_dut_dpp_qr_enrollee_chirp_3rd_party_info +sigma_dut_dpp_qr_init_configurator_1 +sigma_dut_dpp_qr_init_configurator_2 +sigma_dut_dpp_qr_init_configurator_3 +sigma_dut_dpp_qr_init_configurator_3rd_party +sigma_dut_dpp_qr_init_configurator_3rd_party_psk +sigma_dut_dpp_qr_init_configurator_4 +sigma_dut_dpp_qr_init_configurator_5 +sigma_dut_dpp_qr_init_configurator_6 +sigma_dut_dpp_qr_init_configurator_7 +sigma_dut_dpp_qr_init_configurator_both +sigma_dut_dpp_qr_init_configurator_mud_url +sigma_dut_dpp_qr_init_configurator_mud_url_nak_change +sigma_dut_dpp_qr_init_configurator_nak_from_uri +sigma_dut_dpp_qr_init_configurator_neg_freq +sigma_dut_dpp_qr_init_configurator_sign_curve_from_uri +sigma_dut_dpp_qr_init_enrollee +sigma_dut_dpp_qr_init_enrollee_configurator +sigma_dut_dpp_qr_init_enrollee_psk +sigma_dut_dpp_qr_init_enrollee_sae +sigma_dut_dpp_qr_mutual_init_enrollee +sigma_dut_dpp_qr_mutual_init_enrollee_check +sigma_dut_dpp_qr_mutual_init_enrollee_mud_url +sigma_dut_dpp_qr_mutual_init_enrollee_pending +sigma_dut_dpp_qr_mutual_resp_configurator +sigma_dut_dpp_qr_mutual_resp_enrollee +sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy +sigma_dut_dpp_qr_mutual_resp_enrollee_pending +sigma_dut_dpp_qr_resp_1 +sigma_dut_dpp_qr_resp_10 +sigma_dut_dpp_qr_resp_11 +sigma_dut_dpp_qr_resp_2 +sigma_dut_dpp_qr_resp_3 +sigma_dut_dpp_qr_resp_4 +sigma_dut_dpp_qr_resp_5 +sigma_dut_dpp_qr_resp_6 +sigma_dut_dpp_qr_resp_7 +sigma_dut_dpp_qr_resp_8 +sigma_dut_dpp_qr_resp_9 +sigma_dut_dpp_qr_resp_chan_list +sigma_dut_dpp_qr_resp_configurator +sigma_dut_dpp_qr_resp_curve_change +sigma_dut_dpp_qr_resp_status_query +sigma_dut_dpp_reconfig_configurator +sigma_dut_dpp_reconfig_enrollee +sigma_dut_dpp_reconfig_enrollee_sae +sigma_dut_dpp_reconfig_invalid_proto_ver +sigma_dut_dpp_reconfig_no_proto_ver +sigma_dut_dpp_self_config +sigma_dut_dpp_tcp_configurator_init_from_uri +sigma_dut_dpp_tcp_configurator_init_mutual +sigma_dut_dpp_tcp_configurator_init_mutual_unsupported_curve +sigma_dut_dpp_tcp_conf_resp +sigma_dut_dpp_tcp_enrollee_init +sigma_dut_dpp_tcp_enrollee_init_mutual +sigma_dut_dpp_tcp_enrollee_resp +sigma_dut_eap_aka +sigma_dut_eap_ttls +sigma_dut_eap_ttls_uosc +sigma_dut_eap_ttls_uosc_ca_mistrust +sigma_dut_eap_ttls_uosc_initial_tod_strict +sigma_dut_eap_ttls_uosc_initial_tod_tofu +sigma_dut_eap_ttls_uosc_tod +sigma_dut_eap_ttls_uosc_tod_tofu +sigma_dut_ft_rsnxe_used_mismatch +sigma_dut_gtk_rekey +sigma_dut_ocv +sigma_dut_open +sigma_dut_owe +sigma_dut_owe_ptk_workaround +sigma_dut_preconfigured_profile +sigma_dut_psk_pmf +sigma_dut_psk_pmf_bip_cmac_128 +sigma_dut_psk_pmf_bip_cmac_256 +sigma_dut_psk_pmf_bip_gmac_128 +sigma_dut_psk_pmf_bip_gmac_256 +sigma_dut_psk_pmf_bip_gmac_256_mismatch +sigma_dut_sae +sigma_dut_sae_groups +sigma_dut_sae_h2e +sigma_dut_sae_h2e_ap_h2e +sigma_dut_sae_h2e_ap_loop +sigma_dut_sae_h2e_enabled_group_rejected +sigma_dut_sae_h2e_loop_forcing +sigma_dut_sae_h2e_rsnxe_mismatch +sigma_dut_sae_password +sigma_dut_sae_pk +sigma_dut_sae_pmkid_include +sigma_dut_sae_pw_id +sigma_dut_sae_pw_id_ft +sigma_dut_sae_pw_id_ft_over_ds +sigma_dut_sae_pw_id_pwe_loop +sigma_dut_sta_override_rsne +sigma_dut_sta_scan_bss +sigma_dut_sta_scan_short_ssid +sigma_dut_sta_scan_ssid_bssid +sigma_dut_sta_scan_wait_completion +sigma_dut_suite_b +sigma_dut_venue_url +sigma_dut_wpa3_inject_frame +sigma_dut_wps_pbc +suite_b +suite_b_192 +suite_b_192_mic_failure +suite_b_192_okc +suite_b_192_pmkid_failure +suite_b_192_pmksa_caching_roam +suite_b_192_radius +suite_b_192_rsa +suite_b_192_rsa_dhe +suite_b_192_rsa_dhe_radius_rsa2048_client +suite_b_192_rsa_ecdhe +suite_b_192_rsa_ecdhe_radius_rsa2048_client +suite_b_192_rsa_insufficient_dh +suite_b_192_rsa_insufficient_key +suite_b_192_rsa_no_cs_match +suite_b_192_rsa_radius +suite_b_192_rsa_tls_13 +suite_b_mic_failure +suite_b_pmkid_failure +suite_b_radius +wep_shared_key_auth_not_allowed +wext_wep_open_auth +wext_wep_shared_key_auth +wext_wpa2_psk +wext_wpa_psk +wpa2_psk_key_lifetime_in_memory +wpas_add_set_remove_support +wpas_ap_acs +wpas_ap_and_assoc_req_p2p_ie +wpas_ap_default_frequency +wpas_ap_disable +wpas_ap_failures +wpas_ap_global_sta +wpas_ap_invalid_frequency +wpas_ap_lifetime_in_memory +wpas_ap_lifetime_in_memory2 +wpas_ap_no_ht +wpas_ap_no_ssid +wpas_ap_params +wpas_ap_sae +wpas_ap_sae_and_psk_transition_disable +wpas_ap_sae_password +wpas_ap_sae_pmf1 +wpas_ap_sae_pmf2 +wpas_ap_sae_pwe_1 +wpas_ap_scan +wpas_ap_vendor_elems +wpas_ap_wps_disabled +wpas_ap_wps_frag +wpas_ap_wps_pbc_overlap +wpas_mesh_secure +wpas_mesh_secure_dropped_frame +wpas_mesh_secure_no_auto +wpas_mesh_secure_sae_group_mismatch +wpas_mesh_secure_sae_group_negotiation +wpas_mesh_secure_sae_missing_password +wpas_mesh_secure_sae_password diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config new file mode 100644 index 0000000000..104807315a --- /dev/null +++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config @@ -0,0 +1,164 @@ +#CC=ccache gcc + +#CONFIG_TLS=openssl +CONFIG_TLS=wolfssl +#CONFIG_TLS=internal +#CONFIG_INTERNAL_LIBTOMMATH=y +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +CONFIG_IEEE8021X_EAPOL=y + +CONFIG_ERP=y +CONFIG_EAP_MD5=y +CONFIG_MSCHAPV2=y +CONFIG_EAP_TLS=y +CONFIG_EAP_PEAP=y +CONFIG_EAP_TTLS=y +CONFIG_EAP_GTC=y +CONFIG_EAP_OTP=y +CONFIG_EAP_PSK=y +CONFIG_EAP_PAX=y +CONFIG_EAP_LEAP=y +CONFIG_EAP_SIM=y +CONFIG_EAP_AKA=y +CONFIG_EAP_AKA_PRIME=y +CONFIG_EAP_VENDOR_TEST=y +CONFIG_EAP_TLV=y +CONFIG_EAP_SAKE=y +CONFIG_EAP_GPSK=y +CONFIG_EAP_GPSK_SHA256=y +CONFIG_EAP_EKE=y +CONFIG_EAP_TNC=y +CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\" +LIBS += -rdynamic +CONFIG_EAP_FAST=y +CONFIG_EAP_TEAP=y +CONFIG_EAP_IKEV2=y + +ifeq ($(CONFIG_TLS), openssl) +CONFIG_EAP_PWD=y +endif +ifeq ($(CONFIG_TLS), wolfssl) +CONFIG_EAP_PWD=y +endif + +CONFIG_USIM_SIMULATOR=y +CONFIG_SIM_SIMULATOR=y + +#CONFIG_PCSC=y +CONFIG_IPV6=y +CONFIG_DRIVER_NONE=y +CONFIG_PKCS12=y +CONFIG_CTRL_IFACE=unix + +CONFIG_WPA_CLI_EDIT=y + +CONFIG_OCSP=y + +#CONFIG_ELOOP_POLL=y + +CONFIG_CTRL_IFACE_DBUS_NEW=y +CONFIG_CTRL_IFACE_DBUS_INTRO=y + +CONFIG_IEEE80211R=y +CONFIG_IEEE80211AC=y +CONFIG_IEEE80211AX=y + +CONFIG_OCV=y + +CONFIG_DEBUG_FILE=y + +CONFIG_WPS=y +#CONFIG_WPS_STRICT=y +CONFIG_WPS_UPNP=y +CONFIG_WPS_NFC=y +CONFIG_WPS_ER=y +#CONFIG_WPS_REG_DISABLE_OPEN=y + +CONFIG_DRIVER_WEXT=y + +CONFIG_DRIVER_NL80211=y +CFLAGS += -I/usr/include/libnl3 +CONFIG_LIBNL32=y + +CONFIG_IBSS_RSN=y + +CONFIG_AP=y +CONFIG_MESH=y +CONFIG_P2P=y +CONFIG_WIFI_DISPLAY=y + +CONFIG_ACS=y + +CONFIG_BGSCAN_SIMPLE=y +CONFIG_BGSCAN_LEARN=y + +CONFIG_WPA_TRACE=y +CONFIG_WPA_TRACE_BFD=y + +CONFIG_TDLS=y +CONFIG_TDLS_TESTING=y +CONFIG_NO_RANDOM_POOL=y + +CONFIG_TLSV11=y +CONFIG_TLSV12=y + +CONFIG_HT_OVERRIDES=y +CONFIG_VHT_OVERRIDES=y +CONFIG_HE_OVERRIDES=y + +CONFIG_DEBUG_LINUX_TRACING=y + +CONFIG_INTERWORKING=y +CONFIG_HS20=y + +CONFIG_AUTOSCAN_EXPONENTIAL=y +CONFIG_AUTOSCAN_PERIODIC=y + +CONFIG_EXT_PASSWORD_TEST=y +CONFIG_EXT_PASSWORD_FILE=y + +CONFIG_EAP_UNAUTH_TLS=y + +CONFIG_SAE=y +CONFIG_SAE_PK=y +CFLAGS += -DALL_DH_GROUPS + +CONFIG_WNM=y + +CONFIG_FST=y +CONFIG_FST_TEST=y + +CONFIG_TESTING_OPTIONS=y +CONFIG_MODULE_TESTS=y + +CONFIG_SUITEB=y +CONFIG_SUITEB192=y + +# AddressSanitizer (ASan) can be enabled by uncommenting the following lines. +# This can be used as a more efficient memory error detector than valgrind +# (though, with still some CPU and memory cost, so VM cases will need more +# memory allocated for the guest). +#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g +#LIBS += -fsanitize=address -fno-omit-frame-pointer -g +#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g +#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g + +# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the +# following lines. +#CFLAGS += -Wno-format-nonliteral +#CFLAGS += -fsanitize=undefined +##CFLAGS += -fno-sanitize-recover +#LIBS += -fsanitize=undefined +##LIBS += -fno-sanitize-recover +#LIBS_c += -fsanitize=undefined +#LIBS_p += -fsanitize=undefined +CONFIG_MBO=y +CONFIG_FILS=y +CONFIG_FILS_SK_PFS=y +CONFIG_PMKSA_CACHE_EXTERNAL=y +CONFIG_OWE=y +CONFIG_DPP=y +CONFIG_DPP2=y +CONFIG_WEP=y +CONFIG_PASN=y diff --git a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests index 87fc3320fc..ff99618815 100644 --- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests +++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests @@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg ap_wpa2_psk_supp_proto_too_long_gtk_kde ap_wpa2_psk_supp_proto_gtk_not_encrypted -ap_wpa2_psk_supp_proto_no_igtk -ap_wpa2_psk_supp_proto_igtk_ok -ap_wpa2_psk_supp_proto_igtk_keyid_swap -ap_wpa2_psk_supp_proto_igtk_keyid_too_large -ap_wpa2_psk_supp_proto_igtk_keyid_unexpected ap_wpa2_psk_wep -ap_wpa2_psk_ifdown ap_wpa2_psk_drop_first_msg_4 ap_wpa2_psk_disable_enable ap_wpa2_psk_incorrect_passphrase @@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry ap_wpa2_disable_eapol_retry_group ap_wpa2_psk_mic_0 ap_wpa2_psk_local_error -ap_wpa2_psk_inject_assoc -ap_wpa2_psk_no_control_port ap_wpa2_psk_ap_control_port -ap_wpa2_psk_ap_control_port_disabled ap_wpa2_psk_rsne_mismatch_ap ap_wpa2_psk_rsne_mismatch_ap2 ap_wpa2_psk_rsne_mismatch_ap3 @@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql ap_wpa2_eap_aka_config ap_wpa2_eap_aka_ext ap_wpa2_eap_aka_ext_auth_fail -ap_wpa2_eap_aka_prime ap_wpa2_eap_aka_prime_imsi_identity ap_wpa2_eap_aka_prime_imsi_privacy_key -ap_wpa2_eap_aka_prime_sql ap_wpa2_eap_aka_prime_ext_auth_fail ap_wpa2_eap_aka_prime_ext ap_wpa2_eap_ttls_pap @@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id ap_wpa2_eap_tls_tod ap_wpa2_eap_tls_tod_tofu ap_wpa2_eap_sake_no_control_port -ap_wpa2_tdls -ap_wpa2_tdls_concurrent_init -ap_wpa2_tdls_concurrent_init2 -ap_wpa2_tdls_decline_resp -ap_wpa2_tdls_long_lifetime -ap_wpa2_tdls_long_frame -ap_wpa2_tdls_reneg -ap_wpa2_tdls_wrong_lifetime_resp -ap_wpa2_tdls_diff_rsnie -ap_wpa2_tdls_wrong_tpk_m2_mic -ap_wpa2_tdls_wrong_tpk_m3_mic -ap_wpa2_tdls_double_tpk_m2 -ap_wpa2_tdls_responder_teardown dpp_network_intro_version dpp_network_intro_version_change dpp_network_intro_version_missing_req @@ -459,12 +435,9 @@ dpp_qr_code_curves dpp_qr_code_curves_brainpool dpp_qr_code_unsupported_curve dpp_qr_code_keygen_fail -dpp_qr_code_curve_select dpp_qr_code_auth_broadcast -dpp_configurator_enrollee dpp_configurator_enrollee_prime256v1 dpp_configurator_enrollee_secp384r1 -dpp_configurator_enrollee_secp521r1 dpp_configurator_enrollee_brainpoolP256r1 dpp_configurator_enrollee_brainpoolP384r1 dpp_configurator_enrollee_brainpoolP512r1 @@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1 dpp_qr_code_curve_brainpoolP512r1 dpp_qr_code_set_key dpp_qr_code_auth_mutual -dpp_qr_code_auth_mutual2 dpp_qr_code_auth_mutual_p_256 dpp_qr_code_auth_mutual_p_384 dpp_qr_code_auth_mutual_p_521 @@ -514,13 +486,11 @@ dpp_config_no_signed_connector dpp_config_unexpected_signed_connector_char dpp_config_root_not_an_object dpp_config_no_wi_fi_tech -dpp_config_unsupported_wi_fi_tech dpp_config_no_discovery dpp_config_no_discovery_ssid dpp_config_too_long_discovery_ssid dpp_config_no_cred dpp_config_no_cred_akm -dpp_config_unsupported_cred_akm dpp_config_error_legacy_no_pass dpp_config_error_legacy_too_long_pass dpp_config_error_legacy_psk_with_sae @@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign dpp_config_connector_error_too_short_timestamp dpp_config_connector_error_invalid_timestamp dpp_config_connector_error_invalid_timestamp_date -dpp_config_connector_error_invalid_time_zone -dpp_config_connector_error_invalid_time_zone_2 dpp_config_connector_error_expired_1 dpp_config_connector_error_expired_2 dpp_config_connector_error_expired_3 dpp_config_connector_error_expired_4 -dpp_config_connector_error_expired_5 dpp_config_connector_error_expired_6 dpp_config_connector_error_no_groups dpp_config_connector_error_empty_groups @@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256 dpp_ap_config_bp256_p256 dpp_ap_config_p521_bp512 dpp_ap_config_reconfig_configurator -dpp_auto_connect_1 -dpp_auto_connect_2 -dpp_auto_connect_2_connect_cmd -dpp_auto_connect_2_sta_ver1 -dpp_auto_connect_2_ap_ver1 -dpp_auto_connect_2_ver1 -dpp_auto_connect_2_conf_ver1 dpp_auto_connect_legacy dpp_auto_connect_legacy_ssid_charset dpp_auto_connect_legacy_sae_1 @@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1 dpp_auto_connect_legacy_psk_sae_2 dpp_auto_connect_legacy_psk_sae_3 dpp_auto_connect_legacy_pmf_required -dpp_qr_code_auth_responder_configurator -dpp_qr_code_auth_responder_configurator_group_id -dpp_qr_code_auth_enrollee_init_netrole -dpp_qr_code_hostapd_init -dpp_qr_code_hostapd_init_offchannel -dpp_qr_code_hostapd_init_offchannel_neg_freq -dpp_qr_code_hostapd_ignore_mismatch dpp_test_vector_p_256 dpp_test_vector_p_256_b dpp_test_vector_p_521 @@ -603,7 +556,6 @@ dpp_pkex_no_identifier dpp_pkex_identifier_mismatch dpp_pkex_identifier_mismatch2 dpp_pkex_identifier_mismatch3 -dpp_pkex_5ghz dpp_pkex_test_vector dpp_pkex_code_mismatch dpp_pkex_code_mismatch_limit @@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors dpp_pkex_nak_curve_change dpp_pkex_nak_curve_change2 dpp_hostapd_configurator -dpp_hostapd_configurator_enrollee_v1 dpp_hostapd_configurator_responder dpp_hostapd_configurator_fragmentation dpp_hostapd_enrollee_fragmentation @@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req dpp_proto_stop_at_pkex_cr_resp dpp_proto_network_introduction dpp_hostapd_auth_conf_timeout -dpp_hostapd_auth_resp_retries dpp_tcp dpp_tcp_port dpp_tcp_mutual @@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure dpp_qr_code_config_event_initiator_no_response dpp_qr_code_config_event_initiator_both dpp_tcp_qr_code_config_event_initiator -dpp_qr_code_config_event_responder dpp_discard_public_action diff --git a/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch new file mode 100644 index 0000000000..80ae312f03 --- /dev/null +++ b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch @@ -0,0 +1,47 @@ +From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001 +From: Juliusz Sosinowicz +Date: Fri, 19 Apr 2024 16:41:38 +0200 +Subject: [PATCH] Fixes for running tests under UML + +- Apply commit ID fix from more recent commit +- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out. +--- + src/crypto/crypto_wolfssl.c | 2 +- + tests/hwsim/run-all.sh | 8 +++++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c +index 00ecf61352..a57fa50697 100644 +--- a/src/crypto/crypto_wolfssl.c ++++ b/src/crypto/crypto_wolfssl.c +@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, + int ret = -1; + WC_RNG rng; + DhKey *dh = NULL; +- word32 priv_sz, pub_sz; ++ word32 priv_sz = prime_len, pub_sz = prime_len; + + if (TEST_FAIL()) + return -1; +diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh +index ee48cd0581..75c3a58b52 100755 +--- a/tests/hwsim/run-all.sh ++++ b/tests/hwsim/run-all.sh +@@ -15,7 +15,13 @@ export LOGDIR + if [ -z "$DBFILE" ]; then + DB="" + else +- DB="-S $DBFILE --commit $(git rev-parse HEAD)" ++ DB="-S $DBFILE" ++ if [ -z "$COMMITID" ]; then ++ COMMITID="$(git rev-parse HEAD)" ++ fi ++ if [ -n "$COMMITID" ]; then ++ DB="$DB --commit $COMMITID" ++ fi + if [ -n "$BUILD" ]; then + DB="$DB -b $BUILD" + fi +-- +2.34.1 + diff --git a/.github/workflows/hostap-files/configs/hostap_2_10/tests b/.github/workflows/hostap-files/configs/hostap_2_10/tests index 732a054414..5679cbda93 100644 --- a/.github/workflows/hostap-files/configs/hostap_2_10/tests +++ b/.github/workflows/hostap-files/configs/hostap_2_10/tests @@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group ap_wpa2_psk_mic_0 ap_wpa2_psk_local_error ap_wpa2_psk_inject_assoc -ap_wpa2_psk_no_control_port ap_wpa2_psk_ap_control_port ap_wpa2_psk_ap_control_port_disabled ap_wpa2_psk_rsne_mismatch_ap @@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change ap_wpa2_eap_server_get_id ap_wpa2_radius_server_get_id ap_wpa2_eap_sake_no_control_port -ap_wpa2_tdls -ap_wpa2_tdls_concurrent_init -ap_wpa2_tdls_concurrent_init2 -ap_wpa2_tdls_decline_resp -ap_wpa2_tdls_long_lifetime -ap_wpa2_tdls_long_frame -ap_wpa2_tdls_reneg -ap_wpa2_tdls_wrong_lifetime_resp -ap_wpa2_tdls_diff_rsnie -ap_wpa2_tdls_wrong_tpk_m2_mic -ap_wpa2_tdls_wrong_tpk_m3_mic -ap_wpa2_tdls_double_tpk_m2 -ap_wpa2_tdls_responder_teardown diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml new file mode 100644 index 0000000000..b24680dfe1 --- /dev/null +++ b/.github/workflows/hostap-vm.yml @@ -0,0 +1,318 @@ +name: hostap and wpa-supplicant Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +env: + LINUX_REF: v6.6 + +jobs: + build_wolfssl: + strategy: + matrix: + include: + - build_id: hostap-vm-build1 + wolf_extra_config: --disable-tls13 + - build_id: hostap-vm-build2 + wolf_extra_config: >- + --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 + --enable-tlsv10 --enable-oldtls + name: Build wolfSSL + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + # No way to view the full strategy in the browser (really weird) + - name: Print strategy + run: | + cat <> $GITHUB_ENV + + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: >- + --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA + ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }} + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.build_id }} + path: build-dir.tgz + retention-days: 5 + + build_uml_linux: + name: Build UML (UserMode Linux) + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Checking if we have kernel in cache + uses: actions/cache@v4 + id: cache + with: + path: linux/linux + key: ${{ env.LINUX_REF }} + lookup-only: true + + - name: Checkout hostap + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + repository: julek-wolfssl/hostap-mirror + path: hostap + + - name: Checkout linux + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + repository: torvalds/linux + path: linux + + - name: Compile linux + if: steps.cache.outputs.cache-hit != 'true' + run: | + cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config + cd linux + yes "" | ARCH=um make -j $(nproc) + + hostap_test: + strategy: + fail-fast: false + matrix: + # should hostapd be compiled with wolfssl + hostapd: [true, false] + # should wpa_supplicant be compiled with wolfssl + wpa_supplicant: [true, false] + # Fix the versions of hostap and osp to not break testing when a new + # patch is added in to osp. Tests are read from the corresponding + # configs/hostap_ref/tests file. + config: [ + { + hostap_ref: hostap_2_10, + remove_teap: true, + # TLS 1.3 does not work for this version + build_id: hostap-vm-build1, + }, + # Test the dpp patch + { + hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, + osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, + build_id: hostap-vm-build2 + }, + { + hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74, + osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528, + build_id: hostap-vm-build2 + }, + ] + exclude: + # don't test openssl on both sides + - hostapd: false + wpa_supplicant: false + # no hostapd support for dpp yet + - hostapd: true + config: { + hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, + osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, + build_id: hostap-vm-build2 + } + name: hwsim test + # For openssl 1.1 + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 45 + needs: [build_wolfssl, build_uml_linux] + steps: + - name: Checking if we have kernel in cache + uses: actions/cache/restore@v4 + id: cache + with: + path: linux/linux + key: ${{ env.LINUX_REF }} + fail-on-cache-miss: true + + - name: show file structure + run: tree + + # No way to view the full strategy in the browser (really weird) + - name: Print strategy + run: | + cat <> $GITHUB_ENV + echo Our job run ID is $SHA_SUM + + - name: Checkout wolfSSL + uses: actions/checkout@v4 + with: + path: wolfssl + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.config.build_id }} + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + # hostap dependencies + sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ + libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \ + libnl-route-3-dev libdbus-1-dev bridge-utils tshark + sudo pip3 install pycryptodome + + - name: Checkout hostap + uses: actions/checkout@v4 + with: + repository: julek-wolfssl/hostap-mirror + path: hostap + ref: ${{ matrix.config.hostap_ref }} + + - name: Update certs + working-directory: hostap/tests/hwsim/auth_serv + run: ./update.sh + + - if: ${{ matrix.config.osp_ref }} + name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + ref: ${{ matrix.config.osp_ref }} + + - if: ${{ matrix.config.osp_ref }} + name: Apply patch files + working-directory: hostap + run: | + for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/* + do + patch -p1 < $f + done + + - name: Apply extra patches + working-directory: hostap + run: | + FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch + if [ -f "$FILE" ]; then + patch -p1 < $FILE + fi + + - if: ${{ matrix.hostapd }} + name: Setup hostapd config file + run: | + cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \ + hostap/hostapd/.config + cat <> hostap/hostapd/.config + CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib + LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib + EOF + + - if: ${{ matrix.wpa_supplicant }} + name: Setup wpa_supplicant config file + run: | + cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \ + hostap/wpa_supplicant/.config + cat <> hostap/wpa_supplicant/.config + CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib + LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib + EOF + + - name: Build hostap and wpa_supplicant + working-directory: hostap/tests/hwsim/ + run: ./build.sh + + - if: ${{ matrix.hostapd }} + name: Confirm hostapd linking with wolfSSL + run: ldd hostap/hostapd/hostapd | grep wolfssl + + - if: ${{ matrix.wpa_supplicant }} + name: Confirm wpa_supplicant linking with wolfSSL + run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl + + - if: ${{ matrix.config.remove_teap }} + name: Remove EAP-TEAP from test configuration + working-directory: hostap/tests/hwsim/auth_serv + run: | + sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf + sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf + sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf + sed -e 's/TEAP,//' -i eap_user.conf + + - if: ${{ runner.debug }} + name: Enable hostap debug logging + run: | + echo "hostap_debug_flags=--debug" >> $GITHUB_ENV + + - name: Run tests + id: testing + working-directory: hostap/tests/hwsim/ + run: | + cat <> vm/vm-config + KERNELDIR=$GITHUB_WORKSPACE/linux + KVMARGS="-cpu host" + EOF + # Run tests in increments of 200 to not stall out the parallel-vm script + while mapfile -t -n 200 ary && ((${#ary[@]})); do + TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ') + HWSIM_RES=0 # Not set when command succeeds + ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$? + if [ "$HWSIM_RES" -ne "0" ]; then + # Let's re-run the failing tests. We gather the failed tests from the log file. + FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ') + printf 'failed tests: %s\n' "$FAILED_TESTS" + ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS + fi + rm -r /tmp/hwsim-test-logs + done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests + + # The logs are quite big. It hasn't been useful so far so let's not waste + # precious gh space. + #- name: zip logs + # if: ${{ failure() && steps.testing.outcome == 'failure' }} + # working-directory: hostap/tests/hwsim/ + # run: | + # rm /tmp/hwsim-test-logs/latest + # zip -9 -r logs.zip /tmp/hwsim-test-logs + # + #- name: Upload failure logs + # if: ${{ failure() && steps.testing.outcome == 'failure' }} + # uses: actions/upload-artifact@v4 + # with: + # name: hostap-logs-${{ env.our_job_run_id }} + # path: hostap/tests/hwsim/logs.zip + # retention-days: 5 diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml new file mode 100644 index 0000000000..ef7d072e7b --- /dev/null +++ b/.github/workflows/ipmitool.yml @@ -0,0 +1,82 @@ +name: ipmitool Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + # Don't run tests as this config is tested in many other places + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-ipmitool + path: build-dir.tgz + retention-days: 5 + + build_ipmitool: + strategy: + fail-fast: false + matrix: + git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] + name: ${{ matrix.git_ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-ipmitool + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Build ipmitool + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: ipmitool/ipmitool + ref: ${{ matrix.git_ref }} + path: ipmitool + patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch + configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir + # No checks included and not running since it depends on hardware + check: false + + - name: Confirm built with wolfSSL + working-directory: ipmitool + run: | + ldd src/ipmitool | grep wolfssl + ldd src/ipmievd | grep wolfssl + \ No newline at end of file diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml new file mode 100644 index 0000000000..13569574fa --- /dev/null +++ b/.github/workflows/jwt-cpp.yml @@ -0,0 +1,90 @@ +name: jwt-cpp Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + # Don't run tests as this config is tested in many other places + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-jwt-cpp + path: build-dir.tgz + retention-days: 5 + + build_pam-ipmi: + strategy: + fail-fast: false + matrix: + ref: [ 0.6.0 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install libgtest-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-jwt-cpp + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout jwt-cpp + uses: actions/checkout@v4 + with: + repository: Thalhammer/jwt-cpp + path: jwt-cpp + ref: v${{ matrix.ref }} + + - name: Build pam-ipmi + working-directory: jwt-cpp + run: | + patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch + PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ + cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON . + make -j -C build + ldd ./build/tests/jwt-cpp-test | grep wolfssl + + - name: Run jwt-cpp tests + working-directory: jwt-cpp + run: ./build/tests/jwt-cpp-test diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index 0022d64dde..ce96479ce0 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -1,7 +1,16 @@ name: Kerberos 5 Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -22,11 +31,14 @@ jobs: configure: --enable-krb CC='gcc -fsanitize=address' install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-krb5 - path: build-dir + path: build-dir.tgz retention-days: 5 krb5_check: @@ -45,7 +57,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-krb5 - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index dd9d50e63f..0f5f241008 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -1,7 +1,16 @@ name: libssh2 Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -19,11 +28,14 @@ jobs: check: false # config is already tested in many other PRB's install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-libssh2 - path: build-dir + path: build-dir.tgz retention-days: 5 libssh2_check: @@ -42,7 +54,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-libssh2 - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Build and test libssh2 uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml new file mode 100644 index 0000000000..cdef79dde5 --- /dev/null +++ b/.github/workflows/libvncserver.yml @@ -0,0 +1,84 @@ +name: libvncserver Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + # Don't run tests as this config is tested in many other places + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-libvncserver + path: build-dir.tgz + retention-days: 5 + + build_libvncserver: + strategy: + fail-fast: false + matrix: + ref: [ 0.9.13 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-libvncserver + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout libvncserver + uses: actions/checkout@v4 + with: + repository: LibVNC/libvncserver + path: libvncserver + ref: LibVNCServer-${{ matrix.ref }} + + - name: Build libvncserver + working-directory: libvncserver + run: | + patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch + PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ + cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON . + make -j -C build VERBOSE=1 + ldd build/libvncclient.so | grep wolfssl + ldd build/libvncserver.so | grep wolfssl + + - name: Run libvncserver tests + working-directory: libvncserver + run: make -C build test diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 8edb7a7f38..0000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: CI -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -jobs: - espressif: - uses: ./.github/workflows/docker-Espressif.yml - multi-compiler: - uses: ./.github/workflows/multi-compiler.yml - multi-arch: - uses: ./.github/workflows/multi-arch.yml - openwrt: - uses: ./.github/workflows/docker-OpenWrt.yml - os-check: - uses: ./.github/workflows/os-check.yml - async: - uses: ./.github/workflows/async.yml - stunnel: - uses: ./.github/workflows/stunnel.yml - openvpn: - uses: ./.github/workflows/openvpn.yml - hostap: - uses: ./.github/workflows/hostap.yml - nginx: - uses: ./.github/workflows/nginx.yml - zephyr: - uses: ./.github/workflows/zephyr.yml - hitch: - uses: ./.github/workflows/hitch.yml - curl: - uses: ./.github/workflows/curl.yml - krb5: - uses: ./.github/workflows/krb5.yml - packaging: - uses: ./.github/workflows/packaging.yml - memcached: - uses: ./.github/workflows/memcached.yml - libssh2: - uses: ./.github/workflows/libssh2.yml - openssh: - uses: ./.github/workflows/openssh.yml -# TODO: Currently this test fails. Enable it once it becomes passing. -# haproxy: -# uses: ./.github/workflows/haproxy.yml - ocsp: - uses: ./.github/workflows/ocsp.yml - no-malloc: - uses: ./.github/workflows/no-malloc.yml diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index fde37018d3..e1cbb37847 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -1,7 +1,16 @@ name: memcached Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -19,11 +28,14 @@ jobs: - name: Bundle Docker entry point run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-memcached - path: build-dir + path: build-dir.tgz retention-days: 5 memcached_check: @@ -41,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-memcached - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml new file mode 100644 index 0000000000..aa96938589 --- /dev/null +++ b/.github/workflows/mosquitto.yml @@ -0,0 +1,98 @@ +name: mosquitto Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN" + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-mosquitto + path: build-dir.tgz + retention-days: 5 + + mosquitto_check: + strategy: + fail-fast: false + matrix: + ref: [ 2.0.18 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-mosquitto + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Install dependencies + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make + sudo pip install --upgrade psutil + + - name: Checkout mosquitto + uses: actions/checkout@v4 + with: + repository: eclipse/mosquitto + ref: v${{ matrix.ref }} + path: mosquitto + + - name: Configure and build mosquitto + run: | + cd $GITHUB_WORKSPACE/mosquitto/ + patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch + make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir + + - name: Run mosquitto tests + working-directory: ./mosquitto + run: | + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done + if [ "$TEST_RES" -ne "0" ]; then + exit $TEST_RES + fi diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml index 031ca802e8..f296464f9f 100644 --- a/.github/workflows/multi-arch.yml +++ b/.github/workflows/multi-arch.yml @@ -1,7 +1,16 @@ name: Multiple architectures +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: my_matrix: diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index b63fd0f2f3..08e1e4e0db 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -1,7 +1,16 @@ name: Multiple compilers and versions +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: my_matrix: diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml new file mode 100644 index 0000000000..e175f487b0 --- /dev/null +++ b/.github/workflows/net-snmp.yml @@ -0,0 +1,82 @@ +name: net-snmp Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-net-snmp + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-net-snmp + path: build-dir.tgz + retention-days: 5 + + net-snmp_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + include: + - ref: 5.9.3 + test_opts: -e 'agentxperl' + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-net-snmp + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Build net-snmp + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: net-snmp/net-snmp + ref: v${{ matrix.ref }} + path: net-snmp + patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch + configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir + check: false + + - name: Run net-snmp tests + working-directory: net-snmp + run: | + autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version + make -j test TESTOPTS="${{ matrix.test_opts }}" diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 9f9f81ec8d..6622e0d2a8 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -1,7 +1,16 @@ name: nginx Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -24,11 +33,14 @@ jobs: configure: --enable-nginx ${{ env.wolf_debug_flags }} install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-nginx - path: build-dir + path: build-dir.tgz retention-days: 5 nginx_check: @@ -102,7 +114,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-nginx - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Install dependencies run: | diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml index 70360fee69..88e5eedd70 100644 --- a/.github/workflows/no-malloc.yml +++ b/.github/workflows/no-malloc.yml @@ -1,7 +1,16 @@ name: No Malloc Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: make_check: diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml new file mode 100644 index 0000000000..f4f06bef17 --- /dev/null +++ b/.github/workflows/ntp.yml @@ -0,0 +1,92 @@ +name: ntp Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-ntp + path: build-dir.tgz + retention-days: 5 + + ntp_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 4.2.8p15 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-ntp + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + # Avoid DoS'ing ntp site so cache the tar.gz + - name: Check if we have ntp + uses: actions/cache@v4 + id: cache + with: + path: ntp-${{ matrix.ref }}.tar.gz + key: ntp-${{ matrix.ref }}.tar.gz + + - name: Download ntp + if: steps.cache.outputs.cache-hit != 'true' + run: | + wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz + + - name: Extract ntp + run: | + tar -xf ntp-${{ matrix.ref }}.tar.gz + + - name: Build and test ntp + working-directory: ntp-${{ matrix.ref }} + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch + ./bootstrap + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir + make -j + make -j check + \ No newline at end of file diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml index edfd2b6f89..3937b2e7f1 100644 --- a/.github/workflows/ocsp.yml +++ b/.github/workflows/ocsp.yml @@ -1,7 +1,16 @@ name: OCSP Test +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: ocsp_stapling: diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 0283877388..456ca842cd 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -1,7 +1,16 @@ name: openssh Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -20,11 +29,14 @@ jobs: --enable-intelasm --enable-sp-asm install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-openssh - path: build-dir + path: build-dir.tgz retention-days: 5 openssh_check: @@ -42,7 +54,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-openssh - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index bf05107b2f..a547e8d8f4 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -1,7 +1,16 @@ name: OpenVPN Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -18,11 +27,14 @@ jobs: configure: --enable-openvpn install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-openvpn - path: build-dir + path: build-dir.tgz retention-days: 5 openvpn_check: @@ -41,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-openvpn - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Install dependencies run: | diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 9846efaa19..68557a31ab 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -1,7 +1,16 @@ name: Ubuntu-Macos-Windows Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: make_check: @@ -67,6 +76,7 @@ jobs: 'examples/configs/user_settings_min_ecc.h', 'examples/configs/user_settings_wolfboot_keytools.h', 'examples/configs/user_settings_wolftpm.h', + 'examples/configs/user_settings_wolfssh.h', 'examples/configs/user_settings_tls12.h', ] name: make user_setting.h (testwolfcrypt only) diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index 50f2a0863b..b4657110c5 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -1,7 +1,16 @@ name: Packaging Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml new file mode 100644 index 0000000000..dda3200644 --- /dev/null +++ b/.github/workflows/pam-ipmi.yml @@ -0,0 +1,91 @@ +name: pam-ipmi Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + # Don't run tests as this config is tested in many other places + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-pam-ipmi + path: build-dir.tgz + retention-days: 5 + + build_pam-ipmi: + strategy: + fail-fast: false + matrix: + git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] + name: ${{ matrix.git_ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install libpam-dev ninja-build + sudo pip3 install meson + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-pam-ipmi + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout pam-ipmi + uses: actions/checkout@v4 + with: + repository: openbmc/pam-ipmi + path: pam-ipmi + ref: ${{ matrix.git_ref }} + + - name: Build pam-ipmi + working-directory: pam-ipmi + run: | + patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch + PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build + ninja -C build + + - name: Confirm built with wolfSSL + working-directory: pam-ipmi + run: | + ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml new file mode 100644 index 0000000000..47b7827e27 --- /dev/null +++ b/.github/workflows/rng-tools.yml @@ -0,0 +1,114 @@ +name: rng-tools Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-rng-tools + path: build-dir.tgz + retention-days: 5 + + rng-tools_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 6.16 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-rng-tools + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout jitterentropy-library + uses: actions/checkout@v4 + with: + repository: smuellerDD/jitterentropy-library + path: jitterentropy-library + ref: v3.5.0 + + - name: Build jitterentropy-library + working-directory: jitterentropy-library + run: make -j + + - name: Build rng-tools + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: nhorman/rng-tools + ref: v${{ matrix.ref }} + path: rng-tools + patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch + configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir + check: false + + - name: Testing rng-tools + id: testing + working-directory: rng-tools + run: | + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done + if [ "$TEST_RES" -ne "0" ]; then + exit $TEST_RES + fi + + - name: Print logs + if: ${{ failure() && steps.testing.outcome == 'failure' }} + working-directory: rng-tools/tests + run: cat test-suite.log diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml new file mode 100644 index 0000000000..fe2c8252ac --- /dev/null +++ b/.github/workflows/socat.yml @@ -0,0 +1,81 @@ +name: socat Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + runs-on: ubuntu-latest + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS' + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-socat + path: build-dir.tgz + retention-days: 5 + + + socat_check: + strategy: + fail-fast: false + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 30 + needs: build_wolfssl + steps: + - name: Install prereqs + run: + sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-socat + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Download socat + run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Build socat + working-directory: ./socat-1.8.0.0 + run: | + patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch + autoreconf -vfi + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir + make + + - name: Run socat tests + working-directory: ./socat-1.8.0.0 + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + export SHELL=/bin/bash + SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530 diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index a93a047744..7b7b094526 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -1,7 +1,16 @@ name: stunnel Tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: build_wolfssl: @@ -18,11 +27,14 @@ jobs: configure: --enable-stunnel install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-stunnel - path: build-dir + path: build-dir.tgz retention-days: 5 stunnel_check: @@ -41,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-stunnel - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index c7f1bc8ee3..2bb059c297 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -1,7 +1,16 @@ name: Zephyr tests +# START OF COMMON SECTION on: - workflow_call: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION jobs: run_test: @@ -14,9 +23,11 @@ jobs: zephyr-sdk: 0.16.1 - zephyr-ref: v3.5.0 zephyr-sdk: 0.16.3 + - zephyr-ref: v2.7.4 + zephyr-sdk: 0.16.3 runs-on: ubuntu-latest # This should be a safe limit for the tests to run. - timeout-minutes: 15 + timeout-minutes: 25 steps: - name: Install dependencies run: | @@ -69,25 +80,38 @@ jobs: cd zephyr-sdk-${{ matrix.config.zephyr-sdk }} ./setup.sh -h -c -t x86_64-zephyr-elf + - name: Fix options for 2.7.4 + if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }} + working-directory: zephyr/modules/crypto/wolfssl + run: | + sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf) + - name: Run wolfssl test id: wolfssl-test working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv + rm -rf zephyr/twister-out + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv rm -rf zephyr/twister-out - name: Run wolfssl TLS sock test + # Results in a page fault that I can't trace + if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }} id: wolfssl-tls-sock working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv + rm -rf zephyr/twister-out + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv rm -rf zephyr/twister-out - name: Run wolfssl TLS thread test + if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }} id: wolfssl-tls-thread working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv rm -rf zephyr/twister-out - name: Zip failure logs diff --git a/.gitignore b/.gitignore index d25a5bca12..c542ec121b 100644 --- a/.gitignore +++ b/.gitignore @@ -413,6 +413,14 @@ user_settings_asm.h /IDE/Espressif/**/sdkconfig /IDE/Espressif/**/sdkconfig.old +# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude: +/IDE/Espressif/**/sdkconfig.debug +/IDE/Espressif/**/sdkconfig.release + +# Always include Espressif makefiles (typically only used for ESP8266) +!/IDE/Espressif/**/Makefile +!/IDE/Espressif/**/component.mk + # MPLAB /IDE/MPLABX16/wolfssl.X/dist/default/ /IDE/MPLABX16/wolfssl.X/.generated_files @@ -439,3 +447,11 @@ wrapper/Ada/alire/ wrapper/Ada/config/ wrapper/Ada/lib/ wrapper/Ada/obj/ + +# PlatformIO +/**/.pio +/**/.vscode/.browse.c_cpp.db* +/**/.vscode/c_cpp_properties.json +/**/.vscode/launch.json +/**/.vscode/ipch +/**/sdkconfig.esp32dev diff --git a/CMakeLists.txt b/CMakeLists.txt index 9aee6af3fc..315943d42f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,6 @@ -# CMakeList.txt +# CMakeLists.txt # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # @@ -21,6 +21,12 @@ cmake_minimum_required(VERSION 3.16) +if(${CMAKE_VERSION} VERSION_LESS "3.22") + message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.") +else() + cmake_policy(SET CMP0128 NEW) +endif() + if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") message(FATAL_ERROR "In-source builds are not allowed.\ Run cmake from a separate directory from where CMakeLists.txt lives.\ @@ -28,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.7.0 LANGUAGES C ASM) +project(wolfssl VERSION 5.7.2 LANGUAGES C ASM) # Set WOLFSSL_ROOT if not already defined if ("${WOLFSSL_ROOT}" STREQUAL "") @@ -47,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42) # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -set(WOLFSSL_LIBRARY_VERSION_SECOND 1) +set(WOLFSSL_LIBRARY_VERSION_SECOND 2) # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or @@ -278,6 +284,8 @@ if(NOT WOLFSSL_SINGLE_THREADED) "-DHAVE_PTHREAD" "-D_POSIX_THREADS") endif() +else() + list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED") endif() # DTLS-SRTP @@ -431,7 +439,7 @@ add_option(WOLFSSL_ALPN "no" "yes;no") if(WOLFSSL_ALPN) - list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS") + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS") endif() # altcertchains @@ -530,6 +538,15 @@ if (WOLFSSL_OPENSSLALL) "-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL") endif() +add_option(WOLFSSL_NO_STUB + "Removes OpenSSL compatibility stub functions (default: disabled)" + "no" "yes;no") + +if (WOLFSSL_NO_STUB) + list(APPEND WOLFSSL_DEFINITIONS + "-DNO_WOLFSSL_STUB") +endif() + # TODO: - IPv6 test apps set(WOLFSSL_SLOW_MATH "yes") @@ -539,16 +556,89 @@ add_option(WOLFSSL_OQS "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)" "no" "yes;no") -if (WOLFSSL_OQS) - find_package(OQS) +# Kyber +add_option(WOLFSSL_KYBER + "Enable the wolfSSL PQ Kyber library (default: disabled)" + "no" "yes;no") - if (OQS_FOUND) - list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY}) - list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR}) - set(HAVE_LIBOQS 1) - list(APPEND WOLFSSL_DEFINITIONS - "-DHAVE_TLS_EXTENSIONS" - "-DHAVE_LIBOQS") +# Experimental features +add_option(WOLFSSL_EXPERIMENTAL + "Enable experimental features (default: disabled)" + "no" "yes;no") + +message(STATUS "Looking for WOLFSSL_EXPERIMENTAL") +if (WOLFSSL_EXPERIMENTAL) + message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found") + + # We've enabled the experimental environment, but let's + # check if any experimental features are also enabled: + set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0) + + set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT) + + # Checking for experimental feature: OQS + message(STATUS "Looking for WOLFSSL_OQS") + if (WOLFSSL_OQS) + set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) + message(STATUS "Looking for WOLFSSL_OQS - found") + + message(STATUS "Checking OQS") + find_package(OQS) + if (OQS_FOUND) + message(STATUS "Checking OQS - found") + list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY}) + list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR}) + + set_wolfssl_definitions("HAVE_LIBOQS" RESUlT) + set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESUlT) + set_wolfssl_definitions("OPENSSL_EXTRA" RESUlT) + + else() + message(STATUS "Checking OQS - not found") + message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ") + endif() + else() + message(STATUS "Looking for WOLFSSL_OQS - not found") + endif() + + # Checking for experimental feature: Kyber + message(STATUS "Looking for WOLFSSL_KYBER") + if (WOLFSSL_KYBER) + set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) + + message(STATUS "Automatically set related requirements for Kyber:") + set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT) + set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT) + set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT) + set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT) + message(STATUS "Looking for WOLFSSL_KYBER - found") + else() + message(STATUS "Looking for WOLFSSL_KYBER - not found") + endif() + + # Other experimental feature detection can be added here... + + # Were any experimental features found? Display a message. + if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE) + message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.") + else() + message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.") + endif() + + # Sanity checks + if(WOLFSSL_OQS AND WOLFSSL_KYBER) + message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.") + endif() + +else() + # Experimental mode not enabled, but were any experimental features enabled? Error out if so: + message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found") + if (WOLFSSL_OQS) + message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.") + endif() + if(WOLFSSL_KYBER) + message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.") endif() endif() @@ -565,6 +655,9 @@ endif() # - Atomic user record layer # - Public key callbacks # - Microchip/Atmel CryptoAuthLib +# - XMSS +# - LMS +# - dual-certs # AES-CBC add_option("WOLFSSL_AESCBC" @@ -1451,6 +1544,15 @@ add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no") set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)") add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no") +add_option(WOLFSSL_EX_DATA + "Enable app data (default: disabled)" + "no" "yes;no") + +if (WOLFSSL_EX_DATA) + list(APPEND WOLFSSL_DEFINITIONS + "-DHAVE_EX_DATA") +endif() + # Supported elliptic curves extensions add_option("WOLFSSL_SUPPORTED_CURVES" "Enable Supported Elliptic Curves (default: enabled)" @@ -2114,33 +2216,45 @@ else() endif() set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h") -file(REMOVE ${OPTION_FILE}) +# sccache +add_option("ENABLE_SCCACHE" + "Enable sccache (default: disabled)" + "no" "yes;no") + +if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG)) + find_program(SCCACHE sccache REQUIRED) + if(SCCACHE) + message(STATUS "Enable sccache") + + if(CMAKE_C_COMPILER_LAUNCHER) + set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}") + else() + set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}") + endif() + if(CMAKE_CXX_COMPILER_LAUNCHER) + set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}") + else() + set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}") + endif() + + if (MSVC) + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}") + string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}") + elseif(CMAKE_BUILD_TYPE STREQUAL "Release") + string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}") + string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") + elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo") + string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}") + string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}") + endif() + endif() + set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON) + endif() +endif() -file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n") -file(APPEND ${OPTION_FILE} " * generated from configure options\n") -file(APPEND ${OPTION_FILE} " *\n") -file(APPEND ${OPTION_FILE} " * Copyright (C) 2006-2023 wolfSSL Inc.\n") -file(APPEND ${OPTION_FILE} " *\n") -file(APPEND ${OPTION_FILE} " * This file is part of wolfSSL. (formerly known as CyaSSL)\n") -file(APPEND ${OPTION_FILE} " *\n") -file(APPEND ${OPTION_FILE} " */\n\n") -file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_H\n") -file(APPEND ${OPTION_FILE} "#define WOLFSSL_OPTIONS_H\n\n\n") -file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n") -file(APPEND ${OPTION_FILE} "extern \"C\" {\n") -file(APPEND ${OPTION_FILE} "#endif\n\n") - -add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}") -# CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C -# compiler. We need to replace those spaces with semicolons in order to treat it -# as a CMake list. -string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}") -add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}") - -file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n") -file(APPEND ${OPTION_FILE} "}\n") -file(APPEND ${OPTION_FILE} "#endif\n\n\n") -file(APPEND ${OPTION_FILE} "#endif /* WOLFSSL_OPTIONS_H */\n\n") + +file(REMOVE ${OPTION_FILE}) #################################################### # Library Target @@ -2219,6 +2333,20 @@ if(WOLFSSL_ARIA) message(STATUS "ARIA Check: WOLFSSL_LINK_LIBS = ${WOLFSSL_LINK_LIBS}") endif() +foreach(DEF IN LISTS WOLFSSL_DEFINITIONS) + string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF}) + if (NOT "${CMAKE_MATCH_4}" STREQUAL "") + set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4}) + # message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})") + else() + set(${CMAKE_MATCH_2} 1) + # message("set(${CMAKE_MATCH_2} 1)") + endif() +endforeach() + +# If new build options are added please update the cmake/options.h.in +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/options.h.in ${OPTION_FILE}) + set_target_properties(wolfssl PROPERTIES SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST} @@ -2317,7 +2445,7 @@ if(WOLFSSL_EXAMPLES) PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/examples/echoserver) - if(NOT WIN32) + if(NOT WIN32 AND NOT WOLFSSL_SINGLE_THREADED) # Build TLS benchmark example add_executable(tls_bench ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c) diff --git a/ChangeLog.md b/ChangeLog.md index c3b24757ad..0939a65940 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,111 @@ +# wolfSSL Release 5.7.2 (July 08, 2024) + +Release 5.7.2 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 + +## Vulnerabilities +* [Medium] CVE-2024-1544 +Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. +Fixed https://github.com/wolfSSL/wolfssl/pull/7020 + + +* [Medium] CVE-2024-5288 +A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 + + +* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 + +* [Low] CVE-2024-5991 +In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 + +* [Medium] CVE-2024-5814 +A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 + +* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 + +* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 + + +## New Feature Additions +* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) +* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) +* Added CUDA support for AES encryption (PR 7436) +* Added support for gRPC (PR 7445) +* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) +* Added crypto callback for SHA-3 (PR 7670) +* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) +* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) +* C# wrapper SNI support added (PR 7610) +* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) +* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) +* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) +* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) + + +## Enhancements and Optimizations +* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) +* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) +* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) +* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) +* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) +* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) +* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) +* Improvements for Renesas RZ support (PR 7474) +* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) +* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) +* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) +* Changed subject name comparison to match different upper and lower cases (PR 7420) +* Support for DTLS 1.3 downgrade when using PSK (PR 7367) +* Update to static memory build for more generic memory pools used (PR 7418) +* Improved performance of Kyber C implementation (PR 7654) +* Support for ECC_CACHE_CURVE with no malloc (PR 7490) +* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) +* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) +* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) +* Cortex-M inline assembly labels with unique number appended (PR 7649) +* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) +* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) +* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) +* Added stubs required for latest nginx (1.25.5) (PR 7449) +* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) +* Added PQ files for Windows (PR 7419) +* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) +* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) +* Exposed DTLS in Ada wrapper and updated examples (PR 7397) +* Added additional minimum TLS extension size sanity checks (PR 7602) +* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) +* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) +* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) +* XCODE support for v5.2.3 of the FIPS module (PR 7140) +* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) + +## Fixes +* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report +* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) +* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) +* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) +* Fixed OCSP response message build for DTLS (PR 7671) +* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) +* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) +* Added sanity check on record header with QUIC use (PR 7638) +* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) +* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) +* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) +* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) +* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) +* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) +* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) + + # wolfSSL Release 5.7.0 (Mar 20, 2024) Release 5.7.0 has been developed according to wolfSSL's development and QA diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 67db112c53..e6c3cd35d3 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -6,10 +6,10 @@ USER root # Set timezone to UTC RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone -ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu" +ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu" ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_UDP_PROXY="wget libevent-dev" -ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev" +ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" ARG DEPS_TOOLS="ccache clang-tidy maven" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ @@ -40,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH RUN mkdir /var/empty -RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install +RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install # Install udp/tcp-proxy RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/. +# Install libbacktrace +RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install # Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container) RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump diff --git a/Docker/Dockerfile.cross-compiler b/Docker/Dockerfile.cross-compiler index 573ab0cbbe..f7635b3e42 100644 --- a/Docker/Dockerfile.cross-compiler +++ b/Docker/Dockerfile.cross-compiler @@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE USER root -ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu" +ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi" RUN DEBIAN_FRONTEND=noninteractive apt update \ && apt install -y ${DEPS_TESTING} \ && apt clean -y && rm -rf /var/lib/apt/lists/* diff --git a/Docker/buildAndPush.sh b/Docker/buildAndPush.sh index d66e2c8486..a8ed88c524 100755 --- a/Docker/buildAndPush.sh +++ b/Docker/buildAndPush.sh @@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest if [ $? -eq 0 ]; then - echo "Pushing containers to DockerHub" - docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \ - docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest + echo "Push containers to DockerHub [y/N]? " + read val + if [ "$val" = "y" ]; then + docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \ + docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest + if [ $? -ne 0 ]; then + echo "Warning: push failed. Continuing" + ((NUM_FAILURES++)) + fi + fi else echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing" ((NUM_FAILURES++)) fi echo "Building wolfssl/wolfCLU:${CUR_DATE}" -docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \ -docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" -if [ $? -ne 0 ]; then +DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU" +docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \ + docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS} +if [ $? -eq 0 ]; then + echo "Push containers to DockerHub [y/N]? " + read val + if [ "$val" = "y" ]; then + docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \ + docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest + if [ $? -ne 0 ]; then + echo "Warning: push failed. Continuing" + ((NUM_FAILURES++)) + fi + fi +else echo "Warning: Build wolfssl/wolfclu failed. Continuing" ((NUM_FAILURES++)) fi diff --git a/Docker/wolfCLU/Dockerfile b/Docker/wolfCLU/Dockerfile index 4c07e853be..da10d73dd6 100644 --- a/Docker/wolfCLU/Dockerfile +++ b/Docker/wolfCLU/Dockerfile @@ -1,9 +1,9 @@ ARG DOCKER_BASE_IMAGE=ubuntu FROM ubuntu as BUILDER -ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap" +ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ - && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \ + && apt install -y ${DEPS_WOLFSSL} \ && apt clean -y && rm -rf /var/lib/apt/lists/* ARG NUM_CPU=16 diff --git a/Docker/yocto/Dockerfile b/Docker/yocto/Dockerfile index 2da6769322..87f786716c 100644 --- a/Docker/yocto/Dockerfile +++ b/Docker/yocto/Dockerfile @@ -19,7 +19,9 @@ WORKDIR /opt/poky ARG YOCTO_VERSION=kirkstone RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull -RUN git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \ +# This arg is to be able to force a rebuild starting from this line +ARG DUMMY=date +RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \ /bin/bash -c "source oe-init-build-env" && \ echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \ sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf diff --git a/Docker/yocto/buildAndPush.sh b/Docker/yocto/buildAndPush.sh index d76a603e8c..8c749502c6 100755 --- a/Docker/yocto/buildAndPush.sh +++ b/Docker/yocto/buildAndPush.sh @@ -11,9 +11,9 @@ fi NUM_FAILURES=0 CUR_DATE=$(date -u +%F) -for ver in kirkstone dunfell; do +for ver in kirkstone langdale scarthgap; do echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}" - docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \ + docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \ docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest if [ $? -eq 0 ]; then echo "Pushing containers to DockerHub" diff --git a/IDE/ARDUINO/Arduino_README_prepend.md b/IDE/ARDUINO/Arduino_README_prepend.md index 594a067847..c11b35dbb9 100644 --- a/IDE/ARDUINO/Arduino_README_prepend.md +++ b/IDE/ARDUINO/Arduino_README_prepend.md @@ -10,4 +10,6 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. +The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) + See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index 21a84deb00..e4727dce1a 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino index 3a894323e4..387052ca6b 100644 --- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino +++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino @@ -1,6 +1,6 @@ /* wolfssl_server.ino * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index d48b416626..59fd238dfd 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -29,7 +29,7 @@ ROOT_DIR="/wolfssl" # The Arduino Version will initially have a suffix appended during fine tuning stage. -WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3" +WOLFSSL_VERSION_ARUINO_SUFFIX="" # For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp" # Do not set to empty string, as copy will fail with this: CP_CMD="" @@ -65,6 +65,11 @@ if ! [ "$CP_CMD" = "cp " ]; then fi fi +if [ "$ROOT_DIR" = "" ]; then + echo "ERROR: ROOT_DIR cannot be blank" + exit 1 +fi + # Check environment if [ -n "$WSL_DISTRO_NAME" ]; then # we found a non-blank WSL environment distro name @@ -84,6 +89,11 @@ if [ $# -gt 0 ]; then if [ "$THIS_OPERATION" = "INSTALL" ]; then THIS_INSTALL_DIR=$2 + if [ "$THIS_INSTALL_DIR" = "/" ]; then + echo "ERROR: THIS_INSTALL_DIR cannot be /" + exit 1 + fi + echo "Install is active." if [ "$THIS_INSTALL_DIR" = "" ]; then @@ -300,20 +310,22 @@ echo "" # Note we should have exited above if a problem was encountered, # as we'll never want to install a bad library. if [ "$THIS_OPERATION" = "INSTALL" ]; then + echo "Config:" + echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h" + # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments) + grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1 + + # Show the user_settings.h revision string: + grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h" + echo "" + if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then echo "Installing to GitHub directory: $THIS_INSTALL_DIR" cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 + echo "Removing workspace library directory: .$ROOT_DIR" + rm -rf ".$ROOT_DIR" else - echo "Config:" - echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h" - # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments) - grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1 - - # Show the user_settings.h revision string: - grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h" - echo "" - - echo "Install:" + echo "Installing to local directory:" echo "mv .$ROOT_DIR $ARDUINO_ROOT" mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1 diff --git a/IDE/AURIX/Cpu0_Main.c b/IDE/AURIX/Cpu0_Main.c index 536ddbb10c..687511c68f 100644 --- a/IDE/AURIX/Cpu0_Main.c +++ b/IDE/AURIX/Cpu0_Main.c @@ -1,6 +1,6 @@ /* Cpu0_Main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/AURIX/user_settings.h b/IDE/AURIX/user_settings.h index 4b41446b9e..d041a99862 100644 --- a/IDE/AURIX/user_settings.h +++ b/IDE/AURIX/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/AURIX/wolf_main.c b/IDE/AURIX/wolf_main.c index 9f90038985..f88140339b 100644 --- a/IDE/AURIX/wolf_main.c +++ b/IDE/AURIX/wolf_main.c @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/CRYPTOCELL/main.c b/IDE/CRYPTOCELL/main.c index 7938d0dfae..8cd8a20284 100644 --- a/IDE/CRYPTOCELL/main.c +++ b/IDE/CRYPTOCELL/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/CRYPTOCELL/user_settings.h b/IDE/CRYPTOCELL/user_settings.h index dc9822f5cf..b6ffe4c781 100644 --- a/IDE/CRYPTOCELL/user_settings.h +++ b/IDE/CRYPTOCELL/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -401,6 +401,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/ECLIPSE/DEOS/deos_malloc.c b/IDE/ECLIPSE/DEOS/deos_malloc.c index b944e3bf05..9dcc7a473d 100644 --- a/IDE/ECLIPSE/DEOS/deos_malloc.c +++ b/IDE/ECLIPSE/DEOS/deos_malloc.c @@ -1,6 +1,6 @@ /* deos_malloc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project index 181e57ed6c..3e7019fb79 100644 --- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project +++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project @@ -240,9 +240,9 @@ WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c - wolfcrypt/src/fe_x25519_128.i + wolfcrypt/src/fe_x25519_128.h 1 - WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.i + WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.h wolfcrypt/src/fp_mont_small.i diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.c b/IDE/ECLIPSE/DEOS/tls_wolfssl.c index 41149aa442..d74cc436ed 100644 --- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c +++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c @@ -1,6 +1,6 @@ /* tls_wolfssl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.h b/IDE/ECLIPSE/DEOS/tls_wolfssl.h index 02a0e53161..427eef6388 100644 --- a/IDE/ECLIPSE/DEOS/tls_wolfssl.h +++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.h @@ -1,6 +1,6 @@ /* tls_wolfssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/DEOS/user_settings.h b/IDE/ECLIPSE/DEOS/user_settings.h index ca68a2a909..16dc09ee74 100644 --- a/IDE/ECLIPSE/DEOS/user_settings.h +++ b/IDE/ECLIPSE/DEOS/user_settings.h @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/README.md b/IDE/ECLIPSE/MICRIUM/README.md index bd0c8bc9f5..517dfdc4fc 100644 --- a/IDE/ECLIPSE/MICRIUM/README.md +++ b/IDE/ECLIPSE/MICRIUM/README.md @@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the 4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL. -5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder. +5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm, aes_xts_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder. 6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths. Here's an example of the paths that must be added. diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c index 43d2e9be86..2c9b296417 100644 --- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c +++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c @@ -1,6 +1,6 @@ /* client_wolfssl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h index f86cc98d51..edf6559f84 100644 --- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h +++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h @@ -1,6 +1,6 @@ /* client_wolfssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c index 225aaa2eef..e31f4ca615 100644 --- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c +++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c @@ -1,6 +1,6 @@ /* server_wolfssl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h index 715e17b07c..b94e1fe6e2 100644 --- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h +++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h @@ -1,6 +1,6 @@ /* server_wolfssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/user_settings.h b/IDE/ECLIPSE/MICRIUM/user_settings.h index b6b93fce84..27f8e08e25 100644 --- a/IDE/ECLIPSE/MICRIUM/user_settings.h +++ b/IDE/ECLIPSE/MICRIUM/user_settings.h @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c index 99a9212e42..e7553c3d77 100644 --- a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c +++ b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c @@ -1,6 +1,6 @@ /* wolfsslRunTests.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/RTTHREAD/user_settings.h b/IDE/ECLIPSE/RTTHREAD/user_settings.h index 28157c2026..5e5ec18b43 100644 --- a/IDE/ECLIPSE/RTTHREAD/user_settings.h +++ b/IDE/ECLIPSE/RTTHREAD/user_settings.h @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c index 84d7f460a3..511801209c 100644 --- a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c +++ b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c @@ -1,6 +1,6 @@ /* wolfsslRunTests.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index 65eef865ed..2075bde353 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,8 +1,8 @@ # ESP-IDF Port These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html). -The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended. +[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). +The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). @@ -44,6 +44,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized in your project `user_settings.h` as desired. +The `user_settings.h` include file should not be explicitly included in an project source files. Be +sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files. + +A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure +the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c). + +``` +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + See the respective project directory: `[project-dir]/components/wolfssl/user_settings.h` @@ -116,7 +138,7 @@ See the specific examples for additional details. ## Setup for Linux (wolfSSL local copy) -This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. +This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree 2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/` @@ -124,7 +146,7 @@ This is a legacy method for installation. It is recommended to use the new `CMak ## Setup for Windows -This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. +This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. 1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment 2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\` diff --git a/IDE/Espressif/ESP-IDF/dummy_config_h b/IDE/Espressif/ESP-IDF/dummy_config_h index 9d13eb2844..258ffd3f3d 100644 --- a/IDE/Espressif/ESP-IDF/dummy_config_h +++ b/IDE/Espressif/ESP-IDF/dummy_config_h @@ -1,6 +1,6 @@ /* config.h - dummy * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/dummy_test_paths.h b/IDE/Espressif/ESP-IDF/dummy_test_paths.h index adac40c1a9..38e9124070 100644 --- a/IDE/Espressif/ESP-IDF/dummy_test_paths.h +++ b/IDE/Espressif/ESP-IDF/dummy_test_paths.h @@ -1,6 +1,6 @@ /* wolfcrypt/test/test_paths.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index e0414d2fe1..1cd6696f7b 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -10,9 +10,9 @@ These are the core examples for wolfSSL: - [Test](./wolfssl_test/README.md) -- [TLS Client](./wolfssl_client/README.md) +- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls). -- [TLS Server](./wolfssl_server/README.md) +- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) ## Other Espressif wolfSSL Examples diff --git a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj index 21772b2f9a..92eec93a6f 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM37 diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index e129a64efb..18e513b983 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -1,21 +1,21 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl Espressif projects # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + # esp_timer + # driver # this will typically only be needed for wolfSSL benchmark ) else() @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) @@ -384,7 +393,10 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 819ce60b75..1a13d10fe8 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,54 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + + -#define WOLFSSL_ESP32 /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +107,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +124,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -92,22 +139,31 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -/* Reminder: ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 /* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #Optional HAVE_PKCS7 */ +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -127,27 +183,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -159,9 +199,10 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -170,6 +211,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -205,7 +247,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -213,10 +255,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -234,6 +280,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -246,6 +293,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -259,6 +307,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -284,6 +333,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -301,6 +351,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -317,6 +368,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -325,21 +377,63 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -353,14 +447,26 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -383,8 +489,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -393,12 +499,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -414,15 +583,49 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c index 5e41a28fd7..f2f69bcb28 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,8 +22,23 @@ /* Espressif */ #include -/* wolfSSL */ -#include +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif + /* project */ #include "main.h" @@ -32,18 +47,32 @@ static const char* const TAG = "My Project"; void app_main(void) { +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + int ret = 0; +#endif ESP_LOGI(TAG, "Hello wolfSSL!"); #ifdef HAVE_VERSION_EXTENDED_INFO - esp_ShowExtendedSystemInfo(); + ret = esp_ShowExtendedSystemInfo(); #endif #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) - esp_hw_show_metrics(); + ret += esp_hw_show_metrics(); #endif +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); +#else ESP_LOGI(TAG, "\n\nDone!" "If running from idf.py monitor, press twice: Ctrl+]\n\n" "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */ ); +#endif } diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index b49373e693..8c66ae2695 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -5,6 +5,7 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: # @@ -21,13 +22,20 @@ cmake_minimum_required(VERSION 3.16) # # Optionally specify a location for wolfSSL component source code -# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" ) +# set(WOLFSSL_ROOT "c:/mydir/wolfssl" ) +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# +#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") +# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +#else() +# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +#endif() +# Not only is a project-level "set(COMPONENTS" not needed here, this will cause +# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". include($ENV{IDF_PATH}/tools/cmake/project.cmake) -set(COMPONENTS - main - wolfssl -) # set components - project(wolfssl_benchmark) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile index dbbe9edb4a..27637c64d9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile @@ -3,9 +3,10 @@ # project subdirectory. # -PROJECT_NAME := wolfssl_benchmark - CFLAGS += -DWOLFSSL_USER_SETTINGS +# Some of the tests are CPU intenstive, so we'll force the watchdog timer off. +# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig. +EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG +PROJECT_NAME := wolfssl_benchmark include $(IDF_PATH)/make/project.mk - diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 7decc9aa4b..7b3a4f255b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -19,6 +19,13 @@ other local port to `COM20` as needed: change port com20=com23 ``` +## Bulk Testing + +If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out +the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those +bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will +be machine-specific. + ## VisualGDB Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj index 276a342dee..b5e6eb6529 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj @@ -18,9 +18,9 @@ com.visualgdb.xtensa-esp32-elf - 11.2.0 - 9.2.90 - 2 + 13.2.0 + 12.1 + 1 .. @@ -67,8 +67,8 @@ true - release/v5.0 - esp-idf/v5.0 + release/v5.2 + esp-idf/v5.2 ESPIDF COM20 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index e129a64efb..f0bef7fc31 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -1,34 +1,113 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.0 template update + THIS_IDF_PATH # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -45,6 +124,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) - return() + message(STATUS "Found WOLFSSL_ROOT via prior specification.") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -149,17 +279,47 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + ${THIS_INCLUDE_TIMER} + ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark ) else() @@ -171,24 +331,52 @@ else() # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Searching for wolfSL source code...") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "Failed: wolfssl directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + # Abort CMake after fatal error. endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" @@ -200,16 +388,19 @@ else() message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h is in the local project. set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -232,11 +423,13 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + # Abort CMake after fatal error. + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -286,6 +479,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -355,17 +549,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS "./include" # this is the location of wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -374,7 +573,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -384,9 +583,14 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -423,17 +627,34 @@ else() INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + PRIV_REQUIRES + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) - # some optional diagnostics - if (1) + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -520,6 +741,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION) execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + message(STATUS "************************************************************************************************") message(STATUS "wolfssl component config complete!") message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk index 5234a007e1..54ae8041fd 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk @@ -1,40 +1,240 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# In the wolfSSL GitHub examples for Espressif, +# the root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../../ + +# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + + +# WOLFSSL_ROOT := "" +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test +COMPONENT_SRCDIRS += include + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o + +## +## wolfcrypt +## +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index cc9bae6bc6..1c30597da9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,175 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ -#define WOLFSSL_ESP32 +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + +/* Uncommon settings for testing only */ +#define TEST_ESPIDF_ALL_WOLFSSL +#ifdef TEST_ESPIDF_ALL_WOLFSSL + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + /* #define WC_SRTP_KDF */ + /* TODO Causes failure with Espressif AES HW Enabled */ + /* #define HAVE_AES_ECB */ + /* #define HAVE_AESCCM */ + /* TODO sanity check when missing HAVE_AES_ECB */ + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + /* TODO: SRP Not enabled, known to fail on this target + * See https://github.com/wolfSSL/wolfssl/issues/7210 */ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target::*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif + + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + /* TODO does CHACHA also need alignment? Failing on ESP8266 + * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX not working on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF +#endif /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +228,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +245,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -95,24 +263,34 @@ /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 +/* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ +/* #Optional HAVE_PKCS7 */ #define HAVE_PKCS7 #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -126,27 +304,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -206,7 +368,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -214,10 +376,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -235,6 +401,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -247,6 +414,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -260,6 +428,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -285,6 +454,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -302,6 +472,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -318,6 +489,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -326,7 +498,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -343,13 +519,42 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -363,6 +568,14 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ /* Pause in a loop rather than exit. */ @@ -396,8 +609,9 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 + +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -406,12 +620,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -427,24 +704,49 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif - -/* See settings.h for some of the possible hardening options: - * - * #define NO_ESPIDF_DEFAULT - * #define WC_NO_CACHE_RESISTANT - * #define WC_AES_BITSLICED - * #define HAVE_AES_ECB - * #define HAVE_AES_DIRECT - */ + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk index 0adf45649a..d9b752f161 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk @@ -3,6 +3,7 @@ # # This Makefile can be left empty. By default, it will take the sources in the # src/ directory, compile them and link them into lib(subdirectory_name).a -# in the build directory. This behaviour is entirely configurable, +# in the build directory. This behavior is entirely configurable, # please read the ESP-IDF documents if you need to do this. # +# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index 219eb15dd8..cae03b4a93 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,6 +1,6 @@ /* benchmark main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 5a40d9cf95..3381f25fe7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -1,6 +1,6 @@ /* benchmark main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,8 +20,8 @@ */ /* ESP-IDF */ -#include #include "sdkconfig.h" +#include /* wolfSSL */ /* The wolfSSL user_settings.h file is automatically included by the settings.h @@ -29,6 +29,7 @@ * The settings.h should also be listed above wolfssl library include files. */ #include #include +#include #include #ifndef WOLFSSL_ESPIDF #error "Problem with wolfSSL user_settings. " \ @@ -40,10 +41,24 @@ #include #include +/* Hardware; include after other libraries, + * particularly after freeRTOS from settings.h */ +#include + /* set to 0 for one benchmark, ** set to 1 for continuous benchmark loop */ #define BENCHMARK_LOOP 0 +#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200 + +#ifdef CONFIG_ESP8266_XTAL_FREQ_26 + /* 26MHz crystal: 74880 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 74880 +#else + /* 40MHz crystal: 115200 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 115200 +#endif + /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */ #ifdef CONFIG_BENCH_ARGV #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV @@ -199,17 +214,42 @@ void app_main(void) { int stack_start = 0; + uart_config_t uart_config = { + .baud_rate = THIS_MONITOR_UART_BAUD_DATE, + .data_bits = UART_DATA_8_BITS, + .parity = UART_PARITY_DISABLE, + .stop_bits = UART_STOP_BITS_1, + }; + esp_err_t ret = 0; + stack_start = esp_sdk_stack_pointer(); + + /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, + * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ + + /* Some targets may need to have UART speed set, such as ESP8266 */ + ESP_LOGI(TAG, "UART init"); + uart_param_config(UART_NUM_0, &uart_config); + uart_driver_install(UART_NUM_0, + THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0); + ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start); + +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling..."); + esp_DisableWatchdog(); +#endif #if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS) esp_ShowExtendedSystemInfo(); #endif + /* all platforms: stack high water mark check */ ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV); /* when using atecc608a on esp32-wroom-32se */ @@ -238,7 +278,7 @@ void app_main(void) do { ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - wolf_benchmark_task(); + wolf_benchmark_task(); /* TODO capture return value! */ ESP_LOGI(TAG, "Stack used: %d\n", stack_start - uxTaskGetStackHighWaterMark(NULL)); @@ -255,8 +295,33 @@ void app_main(void) ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); #endif -#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE - ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); + /* note wolfCrypt_Cleanup() should always be called when finished. + ** This is called at the end of wolf_test_task(); + */ + +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) + esp_hw_show_mp_metrics(); +#endif + +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); +#endif + +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); +#else + ESP_LOGI(TAG, "\n\nDone!\n\n" + "If running from idf.py monitor, press twice: Ctrl+]"); #endif /* after the test, we'll just wait */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults index 8e3c969d94..e7f3037365 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -1,34 +1,87 @@ +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h -# -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55500 +CONFIG_MAIN_TASK_STACK_SIZE=10500 +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n # # Watchdog Timers # -# We don't want to have the watchdog timeout during tests +# We don't want to have the watchdog timeout during tests & benchmarks # CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile index 45d4b1d264..cedefce722 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile @@ -39,6 +39,10 @@ # PROJECT_NAME := wolfssl_client +# Optionally include component source when print path (needs work to then properly build) +# +# include components/wolfssl/component.mk + MY_PRIVATE_CONFIG ?= n USE_MY_PRIVATE_WSL_CONFIG ?= n USE_MY_PRIVATE_MAC_CONFIG ?= n @@ -52,76 +56,76 @@ USE_MY_PRIVATE_WINDOWS_CONFIG ?= n $(info ************* wolfssl_client *************) ifeq ($(MY_PRIVATE_CONFIG),y) - CFLAGS += -DMY_PRIVATE_CONFIG - $(info Enabled MY_PRIVATE_CONFIG") + CFLAGS += -DMY_PRIVATE_CONFIG + $(info Enabled MY_PRIVATE_CONFIG") endif # Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y) - # This hard coded MY_CONFIG_FILE value must match that in the header file. - MY_CONFIG_FILE := /workspace/my_private_config.h - ifeq ($(wildcard $(MY_CONFIG_FILE)),) - $(info File does not exist: $(MY_CONFIG_FILE)) - else - CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG - $(info Using private config file for: Windows) - endif + # This hard coded MY_CONFIG_FILE value must match that in the header file. + MY_CONFIG_FILE := /workspace/my_private_config.h + ifeq ($(wildcard $(MY_CONFIG_FILE)),) + $(info File does not exist: $(MY_CONFIG_FILE)) + else + CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG + $(info Using private config file for: Windows) + endif endif # Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y) - # This hard coded MY_CONFIG_FILE value must match that in the header file. - MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h - ifeq ($(wildcard $(MY_CONFIG_FILE)),) - $(info File does not exist: $(MY_CONFIG_FILE)) - else - CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG - $(info Using private config file for: WSL) - endif + # This hard coded MY_CONFIG_FILE value must match that in the header file. + MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h + ifeq ($(wildcard $(MY_CONFIG_FILE)),) + $(info File does not exist: $(MY_CONFIG_FILE)) + else + CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG + $(info Using private config file for: WSL) + endif endif # Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y) - # This hard coded MY_CONFIG_FILE value must match that in the header file. - MY_CONFIG_FILE := ~/workspace/my_private_config.h - ifeq ($(wildcard $(MY_CONFIG_FILE)),) - $(info File does not exist: $(MY_CONFIG_FILE)) - else - CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG - $(info Using private config file for: Linux) - endif + # This hard coded MY_CONFIG_FILE value must match that in the header file. + MY_CONFIG_FILE := ~/workspace/my_private_config.h + ifeq ($(wildcard $(MY_CONFIG_FILE)),) + $(info File does not exist: $(MY_CONFIG_FILE)) + else + CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG + $(info Using private config file for: Linux) + endif endif # Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y) - # This hard coded MY_CONFIG_FILE value must match that in the header file. - MY_CONFIG_FILE := ~/Documents/my_private_config.h - ifeq ($(wildcard $(MY_CONFIG_FILE)),) - $(info File does not exist: $(MY_CONFIG_FILE)) - else - CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG - $(info Using private config file for: Mac) - endif + # This hard coded MY_CONFIG_FILE value must match that in the header file. + MY_CONFIG_FILE := ~/Documents/my_private_config.h + ifeq ($(wildcard $(MY_CONFIG_FILE)),) + $(info File does not exist: $(MY_CONFIG_FILE)) + else + CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG + $(info Using private config file for: Mac) + endif endif ifneq ($(OS),MY_PRIVATE_CONFIG) - CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)" + CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)" else - ifeq ($(OS),Linux) - CFLAGS += -DOS_LINUX - endif - ifeq ($(OS),Windows_NT) - CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS - endif - ifeq ($(OS),Darwin) - CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE - endif - ifneq (,$(findstring MINGW,$(OS))) - CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW - endif - ifneq (,$(findstring CYGWIN,$(OS))) - CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN - endif + ifeq ($(OS),Linux) + CFLAGS += -DOS_LINUX + endif + ifeq ($(OS),Windows_NT) + CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS + endif + ifeq ($(OS),Darwin) + CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE + endif + ifneq (,$(findstring MINGW,$(OS))) + CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW + endif + ifneq (,$(findstring CYGWIN,$(OS))) + CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN + endif endif # It is essential that the build process sees the WOLFSSL_USER_SETTINGS @@ -132,3 +136,4 @@ EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_ # The Standard Espressif IDF include: include $(IDF_PATH)/make/project.mk + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 1bfd0cc88c..5c667ca243 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -83,12 +83,76 @@ Reminder that we build with `make` and not `cmake` in VisualGDB. Build files will be created in `[project directory]\build` -## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266) +See notes below if building a project in a directory other than the examples. +Problems? + +- Try deleting any existing `sdkconfig` file and/or `./build` directory to start fresh. +- Be sure the RTOS SDK is installed and properly configured. + +## ESP-IDF `make` Commandline (version 3.5 or earlier for the ESP8266) + +In-place example build: + +```bash +export IDF_PATH=~/esp/ESP8266_RTOS_SDK +export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin" +cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client +make clean +make ``` + +When building a in a *different directory*, for example assuming the `wolfssl_client` in the wolfssl examples +directory is copied to the `C:\test\demo` directory in Windows. (aka ` /mnt/c/test/demo` in WSL), +with a clone of wolfSSL `master` branch in `C:\workspace\wolfssl-master`: + +```bash +cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +``` + +Modify the project `./components/wolfssl/component.mk` file. Adjust `WOLFSSL_ROOT` setting, in this case to a value of: + +`WOLFSSL_ROOT := ../../../../workspace/wolfssl-master` + +Ensure the path is *relative* to the project `component.mk` file location and *not* absolute. + +Note the location of the component makefile in this case is `c:\test\demo\components\wolfssl\component.mk`. +Thus we need to navigate up 4 parents to the root of `C:\` to find `/mnt/c` in WSL. + +Proceed to run `make` from the project directory as usual: + +```bash +# setup environment as needed export IDF_PATH=~/esp/ESP8266_RTOS_SDK +export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin" + +# copy and navigate to project directory +mkdir -p /mnt/c/test/demo +cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +cd /mnt/c/test/demo + +# Clean +rm -rf ./build +rm sdkconfig +make clean + +# Edit ./components/wolfssl/component.mk and set WOLFSSL_ROOT value +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# build the example project +make +``` + +When using `make` there should be details in the build log to indicate +the assigned path, and the equivalent, fully-qualified path of `WOLFSSL_ROOT`. ``` +************* wolfssl_client ************* +*********** wolfssl component ************ +WOLFSSL_ROOT defined: ../../../../workspace/wolfssl-master +WOLFSSL_ROOT actual: /mnt/c/workspace/wolfssl-master +********** end wolfssl component ********** +``` ## ESP-IDF CMake Commandline (version 3.5 or earlier for the ESP8266) @@ -158,7 +222,7 @@ Command: ``` cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh idf.py flash -p /dev/ttyS19 -b 115200 monitor ``` @@ -185,4 +249,33 @@ I hear you fa shizzle! ./examples/server/server -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V ``` + +#### Linux Client using Kyber to ESP32 Server + +``` +# Ensure build with Kyber enabled: +# ./configure --enable-kyber=all --enable-experimental && make + +./examples/client/client -h 192.168.1.38 -v 4 -l TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5 +``` + +#### ESP32 Client to WSL Linux Server + +In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server: + +```bash +netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1 +``` + +After the server exits, remove the port proxy forward: + +```bash +netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0 +``` + +For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking). + + +## Additional Information + See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md). diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj index 0fb07f6985..412ec006e8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM19 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index 615142bacd..c3c09ca532 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -1,21 +1,21 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl Espressif projects # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + ${THIS_IDF_PATH}/components/esp_event/include + ${THIS_IDF_PATH}/components/esp_netif/include + ${THIS_IDF_PATH}/components/esp_wifi/include ) @@ -374,7 +383,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -384,9 +393,14 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index 8184da11d0..1008e04afe 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -18,7 +18,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # -# +$(info *********** wolfssl component ************) + + # # Component Makefile # # @@ -48,17 +50,61 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + # NOTICE: the WOLFSSL_ROOT setting MUST be relative! # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables # In the wolfSSL GitHub examples for Espressif: # https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples # When this wolfssl component.mk makefile is in [project]/components/wolfssl -# The root is 7 directories up from here: +# The root is 7 directories up from here (the location of of this component.mk): WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. -COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt @@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o @@ -142,15 +188,15 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o @@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o @@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o @@ -223,6 +269,9 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) @@ -241,4 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o ## ## wolfcrypt ## -# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 99b61e157c..325e54b6a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -22,9 +22,30 @@ /* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ /* This user_settings.h is for Espressif ESP-IDF */ -#include -#define DEBUG_WOLFSSL -#define DEBUG_WOLFSSL_VERBOSE + +#include "sdkconfig.h" + +/* #define DEBUG_WOLFSSL */ +/* #define DEBUG_WOLFSSL_VERBOSE */ + +/* Experimental Kyber */ +#if 0 + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 /* The Espressif sdkconfig will have chipset info. ** @@ -40,23 +61,34 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ +#define NO_ESP_SDK_WIFI + /* * ONE of these Espressif chipsets should be defined: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desparate, try NO_SESSION_CACHE. */ -#define SMALL_SESSION_CACHE + * When really desperate, try NO_SESSION_CACHE. */ +#define MICRO_SESSION_CACHE /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -70,7 +102,7 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 + #define WOLFSSL_SMALL_STACK #define HAVE_ECC #define RSA_LOW_MEM @@ -100,25 +132,36 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -/* #define WOLFSSL_SHA512 */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* Some known low-memory devices have features not enabled by default. */ +#else + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + #define WOLFSSL_SHA3 -/* when you want to use SHA3 */ -/* #define WOLFSSL_SHA3 */ + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 -/* ED25519 requires SHA512 */ -/* #define HAVE_ED25519 */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL + #define HAVE_ED25519 +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ - #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -181,7 +224,9 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ @@ -359,6 +404,7 @@ #endif /* CONFIG_IDF_TARGET Check */ /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -379,7 +425,7 @@ /* #define HASH_SIZE_LIMIT */ /* for test.c */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -402,8 +448,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -497,7 +543,6 @@ #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) - #include #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -517,7 +562,6 @@ #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) - #include #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 30388b3174..1f00afa3c5 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -38,6 +38,13 @@ #include #include +#if defined(WOLFSSL_WC_KYBER) + #include + #include +#endif +#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + #include +#endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif @@ -180,18 +187,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) struct hostent *hp; struct ip4_addr *ip4_addr; int ret_i; /* interim return values */ + int err; /* interim return values */ int sockfd; int doPeerCheck; int sendGet; +#ifdef DEBUG_WOLFSSL + int this_heap = 0; +#endif #ifndef NO_DH int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; #endif - size_t len; /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; WOLFSSL* ssl; + size_t len; + wolfSSL_Debugging_ON(); WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); @@ -286,7 +298,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */ #ifndef NO_DH ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); - if (ret != SSL_SUCCESS) { + if (ret != WOLFSSL_SUCCESS) { ESP_LOGE(TAG, "Error setting minimum DH key size"); } #endif @@ -304,24 +316,28 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) CTX_CLIENT_CERT, CTX_CLIENT_CERT_SIZE, CTX_CLIENT_CERT_TYPE); - if (ret_i != SSL_SUCCESS) { - ESP_LOGE(TAG, "ERROR: failed to load chain %d, " + if (ret_i != WOLFSSL_SUCCESS) { + ESP_LOGE(TAG, "ERROR: failed to load our cert chain %d, " "please check the file.", ret_i); } /* Load client certificates into WOLFSSL_CTX */ - WOLFSSL_MSG("Loading...cert"); + WOLFSSL_MSG("Loading... CA cert"); ret_i = wolfSSL_CTX_load_verify_buffer(ctx, CTX_CA_CERT, CTX_CA_CERT_SIZE, CTX_CA_CERT_TYPE); + if (ret_i != WOLFSSL_SUCCESS) { + ESP_LOGE(TAG, "ERROR: failed to load CA cert %d, " + "please check the file.\n", ret_i) ; + } + WOLFSSL_MSG("Loading... our key"); ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx, CTX_CLIENT_KEY, CTX_CLIENT_KEY_SIZE, CTX_CLIENT_KEY_TYPE); - if(ret_i != SSL_SUCCESS) { - wolfSSL_CTX_free(ctx) ; ctx = NULL ; + if (ret_i != WOLFSSL_SUCCESS) { ESP_LOGE(TAG, "ERROR: failed to load key %d, " "please check the file.\n", ret_i) ; } @@ -351,11 +367,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Connect to the server */ sprintf(buff, - "Connecting to server....%s(port:%d)", + "Connecting to server....%s (port:%d)", TLS_SMP_TARGET_HOST, TLS_SMP_DEFAULT_PORT); - WOLFSSL_MSG(buff); - printf("%s\n", buff); + ESP_LOGI(TAG, "%s\n", buff); if ((ret_i = connect(sockfd, (struct sockaddr *)&servAddr, @@ -363,6 +378,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i); } +#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS) + ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled"); +#endif + WOLFSSL_MSG("Create a WOLFSSL object"); /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { @@ -372,6 +391,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) #ifdef DEBUG_WOLFSSL ESP_LOGI(TAG, "\nCreated WOLFSSL object:"); ShowCiphers(ssl); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d", + &this_heap, this_heap); +#endif +#if defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_KYBER1024) + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL5"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5); + #elif defined(WOLFSSL_KYBER768) + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL3"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3); + #elif defined(WOLFSSL_KYBER512) + /* This will typically be a low memory situation, such as ESP8266 */ + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL1"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1); + #else + ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available."); + ret_i = ESP_FAIL; + #endif + if (ret_i == WOLFSSL_SUCCESS) { + ESP_LOGI(TAG, "UseKeyShare Kyber success"); + } + else { + ESP_LOGE(TAG, "UseKeyShare Kyber failed"); + } +#else + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); #endif } @@ -396,7 +445,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif #endif - +#ifdef DEBUG_WOLFSSL + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d", + &this_heap, this_heap); +#endif /* Attach wolfSSL to the socket */ ret_i = wolfSSL_set_fd(ssl, sockfd); if (ret_i == WOLFSSL_SUCCESS) { @@ -406,42 +459,86 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i); } - WOLFSSL_MSG("Connect to wolfSSL on the server side"); - /* Connect to wolfSSL on the server side */ + ESP_LOGI(TAG, "Connect to wolfSSL server..."); ret_i = wolfSSL_connect(ssl); - if (wolfSSL_connect(ssl) == SSL_SUCCESS) { +#ifdef DEBUG_WOLFSSL + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d", + &this_heap, this_heap); +#endif + if (ret_i == WOLFSSL_SUCCESS) { #ifdef DEBUG_WOLFSSL ShowCiphers(ssl); #endif + ESP_LOGI(TAG, "Connect success! Sending message..."); /* Get a message for the server from stdin */ WOLFSSL_MSG("Message for server: "); memset(buff, 0, sizeof(buff)); if (sendGet) { - printf("SSL connect ok, sending GET...\n"); len = XSTRLEN(sndMsg); strncpy(buff, sndMsg, len); - buff[len] = '\0'; } else { - sprintf(buff, "message from esp32 tls client\n"); + sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n"); len = strnlen(buff, sizeof(buff)); } + buff[len] = '\0'; + ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff); + /* Send the message to the server */ - if (wolfSSL_write(ssl, buff, len) != len) { + do { + err = 0; /* reset error */ + ret_i = wolfSSL_write(ssl, buff, len); + if (ret_i <= 0) { + err = wolfSSL_get_error(ssl, 0); + } + } while (err == WOLFSSL_ERROR_WANT_WRITE || + err == WOLFSSL_ERROR_WANT_READ); + + if (ret_i != len) { ESP_LOGE(TAG, "ERROR: failed to write\n"); } + else { + ESP_LOGI(TAG, "Message sent! Awaiting response..."); + } /* Read the server data into our buff array */ memset(buff, 0, sizeof(buff)); - if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) { + + do { + err = 0; /* reset error */ + ret_i =wolfSSL_read(ssl, buff, sizeof(buff)); + if (ret_i <= 0) { + err = wolfSSL_get_error(ssl, 0); + } + } while ((err == WOLFSSL_ERROR_WANT_READ) || + (err == WOLFSSL_ERROR_WANT_WRITE) ); + + if (ret_i < 0) { ESP_LOGE(TAG, "ERROR: failed to read\n"); } - /* Print to stdout any data the server sends */ - printf("Server: "); - printf("%s\n", buff); + /* Show any data the server sends */ + ESP_LOGI(TAG, "Server response: \n\n%s\n", buff); + + ret_i = wolfSSL_shutdown(ssl); + while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret_i == WOLFSSL_SUCCESS) { + ESP_LOGI(TAG, "Bidirectional shutdown complete\n"); + break; + } + else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) { + ESP_LOGE(TAG, "Bidirectional shutdown failed\n"); + break; + } } + if (ret_i != WOLFSSL_SUCCESS) { + ESP_LOGE(TAG, "Bidirectional shutdown failed\n"); + } + + } /* wolfSSL_connect(ssl) == WOLFSSL_SUCCESS) */ else { ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. " "Error: %d\n", ret_i); @@ -450,8 +547,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ShowCiphers(ssl); #endif - /* Cleanup and return */ - wolfSSL_free(ssl); /* Free the wolfSSL object */ + ESP_LOGI(TAG, "Cleanup and exit"); + wolfSSL_free(ssl); /* Release the wolfSSL object memory */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ close(sockfd); /* Close the connection to the server */ @@ -476,7 +573,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */ if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) { /* Observed approximately 6KB limit for the RTOS task stack size. - * Reminder parameter is bytes, not words as with generic FreeeRTOS. */ + * Reminder parameter is bytes, not words as with generic FreeRTOS. */ ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB"); } #ifndef WOLFSSL_SMALL_STACK @@ -485,7 +582,8 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here: */ + * Espressif uses BYTES for the task stack size here. + * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index de53403573..b016f29a61 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -29,9 +29,9 @@ /* See main/Kconfig.projbuild for default configuration settings */ #ifdef CONFIG_WOLFSSL_TARGET_HOST - #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST + #define TLS_SMP_TARGET_HOST "192.168.1.36" #else - #define TLS_SMP_TARGET_HOST "192.168.1.37" + #define TLS_SMP_TARGET_HOST "192.168.1.41" #endif #ifdef CONFIG_WOLFSSL_TARGET_PORT @@ -44,9 +44,23 @@ /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */ #if defined(WOLFSSL_ESP8266) - #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024) + #if defined(WOLFSSL_HAVE_KYBER) + /* Minimum ESP8266 stack size = 10K with Kyber. + * Note there's a maximum not far away as Kyber needs heap + * and the total DRAM is typically only 80KB total. */ + #define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024) + #else + /* Minimum ESP8266 stack size = 6K without Kyber */ + #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024) + #endif #else - #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024) + #if defined(WOLFSSL_HAVE_KYBER) + /* Minimum ESP32 stack size = 12K with Kyber enabled. */ + #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024) + #else + /* Minimum ESP32 stack size = 8K without Kyber */ + #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024) + #endif #endif #define TLS_SMP_CLIENT_TASK_PRIORITY 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index b29d58120b..6888228f3f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index fa116ed10f..838ad66bd4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -124,6 +124,7 @@ void my_atmel_free(int slotId) void app_main(void) { int stack_start = 0; + int this_heap = 0; esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -260,7 +261,6 @@ void app_main(void) /* HWM is maximum amount of stack space that has been unused, in bytes * not words (unlike vanilla freeRTOS). */ - int this_heap; this_heap = esp_get_free_heap_size(); ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", CONFIG_ESP_MAIN_TASK_STACK_SIZE diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 5eb06a140a..0adfefcbce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -117,8 +117,8 @@ int set_fixed_default_time(void) * but let's set a default time, just in case */ struct tm timeinfo = { .tm_year = 2024 - 1900, - .tm_mon = 1, - .tm_mday = 05, + .tm_mon = 3, + .tm_mday = 01, .tm_hour = 13, .tm_min = 01, .tm_sec = 05 @@ -203,7 +203,8 @@ int set_time_from_string(const char* time_buffer) /* we found a match for all componets */ const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; for (int i = 0; i < 12; i++) { if (strcmp(month_str, months[i]) == 0) { @@ -216,7 +217,7 @@ int set_time_from_string(const char* time_buffer) this_timeinfo.tm_hour = hour; this_timeinfo.tm_min = minute; this_timeinfo.tm_sec = second; - this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ interim_time = mktime(&this_timeinfo); now = (struct timeval){ .tv_sec = interim_time }; @@ -350,7 +351,7 @@ int set_time_wait_for_ntp(void) ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); #else - ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined"); + ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined"); #endif /* HAS_ESP_NETIF_SNTP */ esp_show_current_datetime(); @@ -370,7 +371,7 @@ int set_time_wait_for_ntp(void) #endif if (ret == ESP_OK) { - ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + ESP_LOGI(TAG, "Successfully set time via NTP servers."); } else { ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults index ff9a5d4c52..765df0fe6b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults @@ -1,5 +1,41 @@ # sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size. See user_settings.h +# +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n CONFIG_ESP_PANIC_PRINT_HALT=y @@ -7,9 +43,51 @@ CONFIG_ESP_PANIC_PRINT_HALT=y # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n +# ESP8266 Memory CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y + # # Partition Table # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj index 6181d50c7c..7074a28a9c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -53,7 +53,7 @@ - COM70 + COM80 74880 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 3380c0f2d2..c663c78cbc 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -68,6 +68,19 @@ Linux Server ./examples/server/server -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V ``` +#### ESP32 Client to WSL Linux Server + +In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server: + +```bash +netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1 +``` + +After the server exits, remove the port proxy forward: + +```bash +netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0 +``` Cipers to consider diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj index 2aa5313936..396be8bd6a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM19 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index e129a64efb..b809a17142 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -1,21 +1,21 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl Espressif projects # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + # esp_timer + # driver # this will typically only be needed for wolfSSL benchmark ) else() @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + ${THIS_IDF_PATH}/components/esp_event/include + ${THIS_IDF_PATH}/components/esp_netif/include + ${THIS_IDF_PATH}/components/esp_wifi/include ) @@ -384,9 +393,14 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk index 5234a007e1..02c36849b9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk @@ -1,40 +1,248 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../.. + +# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src + +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test + +## +## wolfcrypt +## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 8a49155d64..380da3e691 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,36 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ + /* This user_settings.h is for Espressif ESP-IDF */ -#include + +#include "sdkconfig.h" + +#define DEBUG_WOLFSSL +/* #define DEBUG_WOLFSSL_VERBOSE */ + +/* Experimental Kyber */ +#if 0 + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +60,34 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ +#define NO_ESP_SDK_WIFI + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chipsets should be defined: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif +/* See below for chipset detection from sdkconfig.h */ -#define WOLFSSL_ESP32 +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate, try NO_SESSION_CACHE. */ +#define MICRO_SESSION_CACHE /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +101,10 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 + +#define WOLFSSL_SMALL_STACK +#define HAVE_ECC +#define RSA_LOW_MEM /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,39 +122,45 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* Some known low-memory devices have features not enabled by default. */ +#else + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 + /* when you want to use SHA3 */ + #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL -#define HAVE_ED25519 + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL + #define HAVE_ED25519 +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ - #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ - -#define HAVE_PKCS7 - #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -125,7 +174,7 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ +/* RSA primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE @@ -145,8 +194,6 @@ #endif #endif -#define RSA_LOW_MEM - /* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ @@ -173,10 +220,6 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ - -#define WOLFSSL_SMALL_STACK - - #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ @@ -190,7 +233,6 @@ #define WOLFSSL_CERT_EXT #define WOLFSSL_SYS_CA_CERTS - #define WOLFSSL_CERT_TEXT #define WOLFSSL_ASN_TEMPLATE @@ -203,7 +245,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -211,10 +253,11 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -232,6 +275,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -244,6 +288,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -257,6 +302,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -282,6 +328,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -299,6 +346,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -315,6 +363,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -323,7 +372,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -340,6 +393,7 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -347,6 +401,7 @@ #endif /* CONFIG_IDF_TARGET Check */ /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -367,7 +422,7 @@ /* #define HASH_SIZE_LIMIT */ /* for test.c */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -390,8 +445,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -400,12 +455,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -421,15 +539,45 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif + #if defined(USE_CERT_BUFFERS_2048) + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h index ea9126fe60..c7483039e9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h @@ -1,6 +1,6 @@ /* server-tls.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index a47f940016..b3574b66b8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,7 +38,8 @@ int esp_show_current_datetime(); int set_fixed_default_time(void); /* set time from string (e.g. GitHub commit time) */ -int set_time_from_string(char* time_buffer); +/* When not using the new esp-sdk-lib.h helpers: */ +/* int set_time_from_string(char* time_buffer); */ /* set time from NTP servers, * also initially calls set_fixed_default_time or set_time_from_string */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index a045b23ba8..b5debf3641 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,7 @@ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY #define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" -#define TLS_SMP_SERVER_TASK_WORDS 22240 +#define TLS_SMP_SERVER_TASK_BYTES 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID @@ -77,13 +77,19 @@ #ifdef CONFIG_ESP_WIFI_SSID #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #else - #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif #endif #ifdef CONFIG_ESP_WIFI_PASSWORD #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #else - #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif #endif #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index 1c0d537e40..b25991ca2b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -234,24 +234,15 @@ void app_main(void) /* done */ while (1) { - ESP_LOGV(TAG, "\n\nLoop...\n\n"); -#ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack delta: %d\n", stack_start - - uxTaskGetStackHighWaterMark(NULL)); -#endif #if defined(SINGLE_THREADED) ESP_LOGV(TAG, "\n\nDone!\n\n"); while (1); #else - vTaskDelay(60000); + /* Delete this main task to free up memory */ ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); vTaskDelete(NULL); #endif - } /* done whle */ + } /* done while */ } /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index 9df8283d24..b966e4e17b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,10 +31,16 @@ /* socket includes */ #include #include +#include /* For TCP options */ +#include + +#ifndef TCP_RTO_MIN + #define TCP_RTO_MIN 1500 +#endif /* wolfSSL */ #include -#include "user_settings.h" +#include #include #ifdef WOLFSSL_TRACK_MEMORY @@ -50,30 +56,6 @@ #define DEFAULT_MAX_DHKEY_BITS 2048 #endif -#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) - #include - #define CTX_CA_CERT root_sm2 - #define CTX_CA_CERT_SIZE sizeof_root_sm2 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_CERT server_sm2 - #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_KEY server_sm2_priv - #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -#else - #include - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif - /* Project */ #include "wifi_connect.h" #include "time_helper.h" @@ -112,7 +94,6 @@ int ShowCiphers(WOLFSSL* ssl) return ret; } - /* FreeRTOS */ /* server task */ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) @@ -133,7 +114,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) int ret; socklen_t size = sizeof(clientAddr); size_t len; - +#if 0 + /* optionally set TCP RTO. See also below. */ + int rto_min = 200; /* Minimum TCP RTO in milliseconds */ +#endif /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; WOLFSSL* ssl; @@ -157,16 +141,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGE(TAG, "ERROR: failed to create the socket"); } + /* Optionally set TCP RTO + setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MIN, &rto_min, sizeof(rto_min)); */ + /* Create and initialize WOLFSSL_CTX */ WOLFSSL_MSG("Create and initialize WOLFSSL_CTX"); #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); /* only TLS 1.3 */ + /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); for only TLS 1.3 */ if (ctx == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); } #else - /* TODO remove duplicate */ if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); } @@ -304,8 +290,8 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES + - uxTaskGetStackHighWaterMark(NULL) ); WOLFSSL_MSG("Waiting for a connection..."); wifi_show_ip(); @@ -314,16 +300,33 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) == -1) { ESP_LOGE(TAG, "ERROR: failed to accept the connection"); } +#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS) + ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled"); +#endif /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object"); } - +#if defined(WOLFSSL_HAVE_KYBER) + else { + /* If success creating CTX and Kyber enabled, set key share: */ + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5); + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success"); + } + else { + ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed"); + } + } +#else + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); +#endif /* show what cipher connected for this WOLFSSL* object */ ShowCiphers(ssl); /* Attach wolfSSL to the socket */ wolfSSL_set_fd(ssl, connd); + /* Establish TLS connection */ ret = wolfSSL_accept(ssl); if (ret == SSL_SUCCESS) { @@ -333,23 +336,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret)); } - WOLFSSL_MSG("Client connected successfully"); - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Client connected successfully"); /* Read the client data into our buff array */ memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { ESP_LOGE(TAG, "ERROR: failed to read"); } - /* Print to stdout any data the client sends */ - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); - WOLFSSL_MSG("Client sends:"); - WOLFSSL_MSG(buff); + + ESP_LOGI(TAG, "Client sends: %s", buff); /* Check for server shutdown command */ if (strncmp(buff, "shutdown", 8) == 0) { - WOLFSSL_MSG("Shutdown command issued!"); + ESP_LOGI(TAG, "Shutdown command issued!"); shutdown = 1; } /* Write our reply into buff */ @@ -360,10 +358,12 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) if (wolfSSL_write(ssl, buff, len) != len) { ESP_LOGE(TAG, "ERROR: failed to write"); } + + ESP_LOGI(TAG, "Done! Cleanup..."); /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ close(connd); /* Close the connection to the client */ - } + } /* !shutdown */ /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ @@ -397,12 +397,14 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) #else xTaskHandle _handle; #endif - /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + /* Note that despite vanilla FreeRTOS using WORDS for a parameter, + * Espressif uses BYTES for the task stack size here. + * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", - TLS_SMP_SERVER_TASK_WORDS); + TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, TLS_SMP_SERVER_TASK_NAME, - TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */ + TLS_SMP_SERVER_TASK_BYTES, (void*)&thisPort, TLS_SMP_SERVER_TASK_PRIORITY, &_handle); @@ -411,7 +413,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME); } - /* vTaskStartScheduler(); // called automatically in ESP-IDF */ + /* vTaskStartScheduler(); called automatically in ESP-IDF */ return TLS_SMP_CLIENT_TASK_RET; } #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 1f16e4be7d..41a0e09751 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 7401c5d7e9..1b33f98052 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -1,6 +1,6 @@ /* wifi_connect.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 0dadfac600..6e70b4a626 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,79 +1,15 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.0 +# v1.1 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.16) +cmake_minimum_required(VERSION 3.5) -# The wolfSSL CMake file should be able to find the source code. -# Otherwise, assign an environment variable or set it here: -# -# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") -# -# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find -# USE_MY_PRIVATE_CONFIG path for my_private_config.h -# -# Expected path varies: -# -# WSL: /mnt/c/workspace -# Linux: ~/workspace -# Windows: C:\workspace -# -if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") -endif() -if(CMAKE_HOST_UNIX) - message("Detected UNIX") -endif() -if(APPLE) - message("Detected APPLE") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") -endif() -if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") -endif() -# End optional WOLFSSL_CMAKE_SYSTEM_NAME - -# Check that there are not conflicting wolfSSL components -# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl -# The local component wolfSSL directory will be in ./components/wolfssl -if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) - # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) - # So we'll error out and let the user decide how to proceed: - message(WARNING "\nFound wolfSSL components in\n" - "./managed_components/wolfssl__wolfssl\n" - "and\n" - "./components/wolfssl\n" - "in project directory: \n" - "${CMAKE_HOME_DIRECTORY}") - message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" - "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " - "or rename the idf_component.yml file typically found in ./main/") -else() - message(STATUS "No conflicting wolfSSL components found.") -endif() +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) include($ENV{IDF_PATH}/tools/cmake/project.cmake) -set(COMPONENTS - main - wolfssl - # cryptoauthlib -) # set components +# Not only is a project-level "set(COMPONENTS" not needed here, this will cause +# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile index fd971485a5..b110e86aa6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile @@ -3,9 +3,12 @@ # project subdirectory. # -PROJECT_NAME := wolfssl_test - CFLAGS += -DWOLFSSL_USER_SETTINGS -include $(IDF_PATH)/make/project.mk +# Some of the tests are CPU intenstive, so we'll force the watchdog timer off. +# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig. +EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG +PROJECT_NAME := wolfssl_test + +include $(IDF_PATH)/make/project.mk diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj index 6c3af79883..4334b8c6b7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj @@ -71,7 +71,7 @@ esp-idf/v5.0 ESPIDF - COM9 + COM19 false false ESP32 @@ -93,7 +93,7 @@ - COM20 + COM19 115200 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index e129a64efb..5f42ad3452 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -1,34 +1,113 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.0 template update + THIS_IDF_PATH # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -45,6 +124,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) - return() + message(STATUS "Found WOLFSSL_ROOT via prior specification.") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -149,17 +279,47 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + ${THIS_INCLUDE_TIMER} + ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark ) else() @@ -171,24 +331,52 @@ else() # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Searching for wolfSL source code...") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "Failed: wolfssl directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + # Abort CMake after fatal error. endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" @@ -200,16 +388,19 @@ else() message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h is in the local project. set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -232,11 +423,13 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + # Abort CMake after fatal error. + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -286,6 +479,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -355,17 +549,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS "./include" # this is the location of wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -374,7 +573,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -384,9 +583,14 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -423,17 +627,34 @@ else() INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + PRIV_REQUIRES + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) - # some optional diagnostics - if (1) + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -520,6 +741,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION) execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + message(STATUS "************************************************************************************************") message(STATUS "wolfssl component config complete!") message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk index 5234a007e1..2540584c8f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk @@ -1,40 +1,240 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# In the wolfSSL GitHub examples for Espressif, +# the root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../../ + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + + +# WOLFSSL_ROOT := "" +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test +COMPONENT_SRCDIRS += include + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o + +## +## wolfcrypt test (optional) +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o + +## +## wolfcrypt +## +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index d6eeebbb42..9cf87e8fdb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,175 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + +/* Uncommon settings for testing only */ +#define TEST_ESPIDF_ALL_WOLFSSL +#ifdef TEST_ESPIDF_ALL_WOLFSSL + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + /* #define WC_SRTP_KDF */ + /* TODO Causes failure with Espressif AES HW Enabled */ + /* #define HAVE_AES_ECB */ + /* #define HAVE_AESCCM */ + /* TODO sanity check when missing HAVE_AES_ECB */ + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target::*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif -#define WOLFSSL_ESP32 + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + /* TODO does CHACHA also need alignment? Failing on ESP8266 + * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX not working on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF +#endif /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +228,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +245,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -95,24 +263,34 @@ /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 +/* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ +/* #Optional HAVE_PKCS7 */ #define HAVE_PKCS7 #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -126,27 +304,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif - -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -158,7 +320,7 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -206,7 +368,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -214,10 +376,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -235,6 +401,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -247,6 +414,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -260,6 +428,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -285,6 +454,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -302,6 +472,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -318,6 +489,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -326,7 +498,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -343,13 +519,42 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -363,6 +568,14 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ /* Pause in a loop rather than exit. */ @@ -396,8 +609,9 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 + +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -406,12 +620,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -427,24 +704,72 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" #endif - -/* See settings.h for some of the possible hardening options: - * - * #define NO_ESPIDF_DEFAULT - * #define WC_NO_CACHE_RESISTANT - * #define WC_AES_BITSLICED - * #define HAVE_AES_ECB - * #define HAVE_AES_DIRECT - */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 8787e3b883..2fe1790be0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -3,78 +3,7 @@ # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") -set(COMPONENT_SRCS "main.c") - -# when using time helper: -# set(COMPONENT_SRCS "main.c" "time_helper.c") - -set(COMPONENT_ADD_INCLUDEDIRS ".") - -set (git_cmd "git") - -if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) - # - # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user - # - message(STATUS "") - message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH") - message(STATUS "") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") -endif() - -idf_component_register(SRCS main.c - INCLUDE_DIRS "." - "./include") - -# -# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) -# -# Save the THIS_VAR as a string in a macro called VAR_OUPUT -# -# VAR_OUPUT: the name of the macro to define -# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process() -# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful. -# -function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) - # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true. - string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE) - - # if we had a successful operation, save the THIS_VAR in VAR_OUPUT - if(${IS_VALID_VALUE}) - # strip newline chars in THIS_VAR parameter and save in VAR_VALUE - string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR}) - - # we'll could percolate the value to the parent for possible later use - # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE) - - # but we're only using it here in this function - set(${VAR_OUPUT} ${VAR_VALUE}) - - # we'll print what we found to the console - message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}") - - # the interesting part is defining the VAR_OUPUT name a value to use in the app - add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") - else() - # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") - set(${VAR_OUPUT} "Unknown") - endif() -endfunction() # LIBWOLFSSL_SAVE_INFO - -if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH - execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH - execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - - # LIBWOLFSSL_VERSION_GIT_HASH_DATE - execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") -endif() - -message(STATUS "") - +idf_component_register(SRCS + "main.c" + INCLUDE_DIRS + ".") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk index d31083f65b..df684f1e0b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -1,3 +1,9 @@ # -# Main Makefile. This is basically the same as a component makefile. -# \ No newline at end of file +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behavior is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# +# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 2fd41d3f0f..315ff304c9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,22 +24,43 @@ #include "sdkconfig.h" /* wolfSSL */ -#include -#include -#include -#include - -#ifndef WOLFSSL_ESPIDF -#warning "problem with wolfSSL user settings. Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include + #include + #include + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include -#include +#include "driver/uart.h" -/* set to 0 for one benchmark, -** set to 1 for continuous benchmark loop */ + +/* set to 0 for one test, +** set to 1 for continuous test loop */ #define TEST_LOOP 0 +#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200 + +#ifdef CONFIG_ESP8266_XTAL_FREQ_26 + /* 26MHz crystal: 74880 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 74880 +#else + /* 40MHz crystal: 115200 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 115200 +#endif + /* ** the wolfssl component can be installed in either: ** @@ -55,13 +76,9 @@ /* ** although the wolfcrypt/test includes a default time setting, -** see the enclosed optional time helper for adding NNTP. -** be sure to add "time_helper.c" in main/CMakeLists.txt -*/ +** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */ + #undef WOLFSSL_USE_TIME_HELPER -#if defined(WOLFSSL_USE_TIME_HELPER) - #include "time_helper.h" */ -#endif /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); @@ -132,14 +149,36 @@ void my_atmel_free(int slotId) /* entry point */ void app_main(void) { - int stack_start = 0; + uart_config_t uart_config = { + .baud_rate = THIS_MONITOR_UART_BAUD_DATE, + .data_bits = UART_DATA_8_BITS, + .parity = UART_PARITY_DISABLE, + .stop_bits = UART_STOP_BITS_1, + }; esp_err_t ret = 0; + wc_ptr_t stack_start = esp_sdk_stack_pointer(); + + /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, + * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ + + /* Some targets may need to have UART speed set. TODO: which? */ + ESP_LOGI(TAG, "UART init"); + uart_param_config(UART_NUM_0, &uart_config); + uart_driver_install(UART_NUM_0, + THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0); + ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start); + +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling..."); + esp_DisableWatchdog(); +#endif #ifdef ESP_TASK_MAIN_STACK ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); @@ -166,51 +205,9 @@ void app_main(void) esp_ShowExtendedSystemInfo(); #endif - /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32) - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#elif defined(CONFIG_IDF_TARGET_ESP32S2) - ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#else - /* not available for other platformas at this time */ -#endif - /* all platforms: stack high water mark check */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - /* check to see if we are using hardware encryption - * TODO: move this to esp_util.c */ -#if defined(NO_ESP32_CRYPT) - ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); -#else - #if defined(CONFIG_IDF_TARGET_ESP32C2) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2."); - - #elif defined(CONFIG_IDF_TARGET_ESP32C3) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3."); - - #elif defined(CONFIG_IDF_TARGET_ESP32S2) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2."); - - #elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3."); - - #else - ESP_LOGI(TAG, "ESP32_CRYPT is enabled."); - #endif -#endif - #if defined (WOLFSSL_USE_TIME_HELPER) set_time(); #endif @@ -256,19 +253,10 @@ void app_main(void) ** This is called at the end of wolf_test_task(); */ - if (ret == 0) { - ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret); - } - else { - ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret); - /* see wolfssl/wolfcrypt/error-crypt.h */ - } - -#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI) +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #endif - /* after the test, we'll just wait */ #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); @@ -276,7 +264,14 @@ void app_main(void) - (uxTaskGetStackHighWaterMark(NULL))); #endif -#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); #else ESP_LOGI(TAG, "\n\nDone!\n\n" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c deleted file mode 100644 index 8b7da74a00..0000000000 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c +++ /dev/null @@ -1,120 +0,0 @@ -/* time_helper.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include -#include - -#include "sdkconfig.h" -#include "esp_log.h" - -#include "time_helper.h" - -const static char* TAG = "Time Helper"; - -#define TIME_ZONE "PST-8" -/* NELEMS(x) number of elements - * To determine the number of elements in the array, we can divide the total size of - * the array by the size of the array element - * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c - **/ -#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) -#define NTP_SERVER_LIST ( (char*[]) { \ - "pool.ntp.org", \ - "time.nist.gov", \ - "utcnist.colorado.edu" \ - } \ - ) -/* #define NTP_SERVER_COUNT using NELEMS: - * - * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) - */ -#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) -char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; - -/* our NTP server list is global info */ -extern char* ntpServerList[NTP_SERVER_COUNT]; - - -int set_time(void) -{ - /* we'll also return a result code of zero */ - int res = 0; - int i = 0; /* counter for time servers */ - time_t interim_time; - - /* ideally, we'd like to set time from network, - * but let's set a default time, just in case */ - struct tm timeinfo = { - .tm_year = 2022 - 1900, - .tm_mon = 11, - .tm_mday = 15, - .tm_hour = 3, - .tm_min = 25, - .tm_sec = 0 - }; - struct timeval now; - -#ifndef NTP_SERVER_COUNT - #define NTP_SERVER_COUNT 0 - char* ntpServerList[NTP_SERVER_COUNT]; -#endif /* not defined: NTP_SERVER_COUNT */ - -#ifndef TIME_ZONE - #define TIME_ZONE "PST-8" -#endif /* not defined: TIME_ZONE */ - - - /* set interim static time */ - interim_time = mktime(&timeinfo); - now = (struct timeval){ .tv_sec = interim_time }; - settimeofday(&now, NULL); - - - /* set timezone */ - setenv("TZ", TIME_ZONE, 1); - tzset(); - - if (NTP_SERVER_COUNT) { - /* next, let's setup NTP time servers - * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization - */ - sntp_setoperatingmode(SNTP_OPMODE_POLL); - - ESP_LOGI(TAG, "sntp_setservername:"); - for (i = 0; i < NTP_SERVER_COUNT; i++) { - const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1) == 0) { - /* just in case we run out of NTP servers */ - break; - } - ESP_LOGI(TAG, "%s", thisServer); - sntp_setservername(i, thisServer); - } - sntp_init(); - ESP_LOGI(TAG, "sntp_init done."); - } - else { - ESP_LOGI(TAG, "No sntp time servers found."); - } - return res; -} - diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index 17097709d9..2a5ad756d7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,41 +1,88 @@ -# This tag is used to include this file in the ESP Component Registry: +# sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h -# -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55000 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55000 +CONFIG_MAIN_TASK_STACK_SIZE=10500 +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n # # Watchdog Timers # -# We don't want to have the watchdog timeout during tests +# We don't want to have the watchdog timeout during tests & benchmarks # CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options -# minimum C3 chip revision known to work is 2. -# rev 0 and 1 not available for testing. -# all revisions expected to work. -CONFIG_ESP32C3_REV_MIN_0= -CONFIG_ESP32C3_REV_MIN_1= +# We don't know that the min is actually v2, +# but this is the earliest tested. CONFIG_ESP32C3_REV_MIN_2=y -CONFIG_ESP32C3_REV_MIN_3= - # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh new file mode 100644 index 0000000000..e0a7643bea --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# +# testAll.sh [keyword suffix] +# +# Build and compile the wolfssl_test for all platforms. +# +# Supply optional keyword suffix value for log file names. +# +# See testMonitor.sh for USB port settings. +# +# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty. +# instead of using `idf.py monitor` +#============================================================================== + +# Run shell check to ensure this a good script. +shellcheck "$0" + +if [[ "$PATH" == *"rtos-sdk"* ]]; then + echo "Error. Detected rtos-sdk in path." + echo "Need to start with clean path (no prior idf.py setup) " + exit 1 +fi + +# Save the current PATH to a temporary variable +ORIGINAL_PATH="$PATH" +echo "ORIGINAL_PATH=$PATH" + +export ESPIDF_PUTTY_MONITOR="TRUE" + +THIS_SUFFIX="$1" + + +#****************************************************************************** +# ESP8266 uses rtos-sdk/v3.4 toolchain. Test this first, as it is slowest. +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 +#****************************************************************************** + +# Clear ESP-IDF environment variables to ensure clean start for export.sh +unset ESP_IDF_VERSION +unset ESP_ROM_ELF_DIR +unset IDF_DEACTIVATE_FILE_PATH +unset IDF_PATH +unset IDF_PYTHON_ENV_PATH +unset IDF_TOOLS_EXPORT_CMD +unset IDF_TOOLS_INSTALL_CMD +unset OPENOCD_SCRIPTS + +echo "Run ESP8266 export.sh from ${WRK_IDF_PATH}" + +# shell check should not follow into the ESP-IDF export.sh +# shellcheck disable=SC1091 +. "$WRK_IDF_PATH"/export.sh + +# Tensilica +./testMonitor.sh wolfssl_test esp8266 "$THIS_SUFFIX" || exit 1 # 2715073 + + +#****************************************************************************** +# ESP32[-N] uses esp-idf/v5.2 toolchain +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +#****************************************************************************** +# Restore the original PATH +export PATH="$ORIGINAL_PATH" + +# Clear ESP-IDF environment variables to ensure clean start +unset ESP_IDF_VERSION +unset ESP_ROM_ELF_DIR +unset IDF_DEACTIVATE_FILE_PATH +unset IDF_PATH +unset IDF_PYTHON_ENV_PATH +unset IDF_TOOLS_EXPORT_CMD +unset IDF_TOOLS_INSTALL_CMD +unset OPENOCD_SCRIPTS + +echo "Run ESP32 export.sh from ${WRK_IDF_PATH}" + +# shell check should not follow into the ESP-IDF export.sh +# shellcheck disable=SC1091 +. "$WRK_IDF_PATH"/export.sh + +# Comment numeric values are recently observed runtime durations. +# Different tests may be enabled for each device. +# This list is not indicative of relative performance. + +# Limited hardware acceleration, test slowest first: +./testMonitor.sh wolfssl_test esp32h2 "$THIS_SUFFIX" || exit 1 # 1424084 esp32h2 COM31" ok +./testMonitor.sh wolfssl_test esp8684 "$THIS_SUFFIX" || exit 1 # 1065290 esp8684 COM49" ok + +# RISC-V +./testMonitor.sh wolfssl_test esp32c2 "$THIS_SUFFIX" || exit 1 # 1133856 esp32c2 COM79" ok +./testMonitor.sh wolfssl_test esp32c3 "$THIS_SUFFIX" || exit 1 # 344677 esp32c3 COM35" NT +./testMonitor.sh wolfssl_test esp32c6 "$THIS_SUFFIX" || exit 1 # 346393 esp32c6 COM36" ok + +# Xtensa +./testMonitor.sh wolfssl_test esp32 "$THIS_SUFFIX" || exit 1 # 259093 esp32 COM9" NT +./testMonitor.sh wolfssl_test esp32s2 "$THIS_SUFFIX" || exit 1 # 305004 esp32s2 COM30" NT +./testMonitor.sh wolfssl_test esp32s3 "$THIS_SUFFIX" || exit 1 # 267518 esp32s3 COM24" NT + +# Restore the original PATH +export PATH="$ORIGINAL_PATH" + +echo "Done!" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh new file mode 100644 index 0000000000..f71c0f6cc9 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh @@ -0,0 +1,230 @@ +#!/bin/bash +# +# Syntax: +# ./testMonitor.sh +# +# Example: +# +# ./testMonitor.sh wolfssl_test esp32c6 WIP +# +# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty +# instead of using `idf.py monitor` +#======================================================================================== + +# Run shell check to ensure this a good script. +shellcheck "$0" + +PUTTY_EXE="/mnt/c/tools/putty.exe" + +THIS_HOME_DIR="$(pwd)" +# export WOLFSSL_ESPIDF="/mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples" + +# the first parameter is expected to be a project name in the WOLFSSL_ESPIDF directory. +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +else + THIS_EXAMPLE="$1" +# pushd "${WOLFSSL_ESPIDF}" || exit 1 +# pushd "./${THIS_EXAMPLE}" || exit 1 + + THIS_TARGET="$2" + THIS_KEYWORD="$3" +fi + +echo "testMonitor current path:" +pwd + +#ESP32c2 monitor is 78800 +# These are the WSL Serial Ports for each respective ESP32 SoC Device. +# Unfortunately they are currently hard coded and computer-specific. +esp32_PORT="/dev/ttyS9" +esp32c2_PORT="/dev/ttyS79" +esp32c3_PORT="/dev/ttyS35" +esp32c6_PORT="/dev/ttyS36" +esp32h2_PORT="/dev/ttyS31" +esp32s2_PORT="/dev/ttyS30" +esp32s3_PORT="/dev/ttyS24" +esp8266_PORT="/dev/ttyS70" + +esp8684_PORT="/dev/ttyS49" +# esp32c2_PORT="/dev/ttyS49" #8684 + +# Load putty profiles. Note profiles names need to have been previously +# defined and saved in putty! These are the saved sessions in putty: +esp32_PUTTY="COM9" +esp32c2_PUTTY="COM79 - ESP32-C2 74880" +esp32c3_PUTTY="COM35" +esp32c6_PUTTY="COM36" +esp32h2_PUTTY="COM31" +esp32s2_PUTTY="COM30" +esp32s3_PUTTY="COM24" +esp8684_PUTTY="COM49" +esp8266_PUTTY="COM70 - 74880" + +echo "esp32_PORT: $esp32_PORT" +echo "esp32c2_PORT: $esp32c2_PORT" +echo "esp32c3_PORT: $esp32c3_PORT" +echo "esp32c6_PORT: $esp32c6_PORT" +echo "esp32s2_PORT: $esp32s2_PORT" +echo "esp32s3_PORT: $esp32s3_PORT" +echo "esp32h2_PORT: $esp32h2_PORT" +echo "esp8266_PORT: $esp8266_PORT" +echo "esp8684_PORT: $esp8684_PORT" + +# given a THIS_TARGET, assign THIS_TARGET_PORT to the respective port. +THIS_TARGET_PORT="${THIS_TARGET}_PORT" + +# Check that THIS_TARGET_PORT is defined. +if [ -z "$THIS_TARGET_PORT" ]; then + echo "Error: No port defined for ${THIS_TARGET}" + exit 1 +else + echo "THIS_TARGET_PORT=${THIS_TARGET_PORT}" +fi + +THIS_TARGET_PORT="${!THIS_TARGET_PORT}" +echo THIS_TARGET_PORT="${THIS_TARGET_PORT}" + + +# The use of putty is optional +THIS_TARGET_PUTTY="${THIS_TARGET}_PUTTY" + +if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then + echo "Using ESP-IDF monitor" +else + # Check that THIS_TARGET_PUTTY is defined. + echo "" + echo "Using saved putty profile session names:" + echo "esp32_PUTTY: $esp32_PUTTY" + echo "esp32c2_PUTTY: $esp32c2_PUTTY" + echo "esp32c3_PUTTY: $esp32c3_PUTTY" + echo "esp32c6_PUTTY: $esp32c6_PUTTY" + echo "esp32s2_PUTTY: $esp32s2_PUTTY" + echo "esp32s3_PUTTY: $esp32s3_PUTTY" + echo "esp32h2_PUTTY: $esp32h2_PUTTY" + echo "esp8684_PUTTY: $esp8684_PUTTY" + echo "esp8266_PUTTY: $esp8266_PUTTY" + echo "" + + if [ -z "$THIS_TARGET_PUTTY" ]; then + echo "Error: No putty profile defined for ${THIS_TARGET}" + exit 1 + else + echo "THIS_TARGET_PUTTY=${THIS_TARGET_PUTTY}" + fi + + THIS_TARGET_PUTTY="${!THIS_TARGET_PUTTY}" + echo THIS_TARGET_PUTTY="${THIS_TARGET_PUTTY}" +fi + +if [[ "$THIS_TARGET" == "esp8684" ]]; then + echo "Treating esp8684 like an esp32c2" + THIS_TARGET=esp32c2 +fi + + +# Assemble some log file names. +echo "" +BUILD_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_build_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +FLASH_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_flash_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +THIS_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_output_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +THIS_CFG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_user_settings_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +THIS_WLOG="logs\\${THIS_TARGET}_output.log" +# cp ./components/wolfssl/include/user_settings.h "${THIS_CFG}" + +echo "BUILD_LOG = ${BUILD_LOG}" +echo "FLASH_LOG = ${FLASH_LOG}" +echo "THIS_LOG = ${THIS_LOG}" +echo "THIS_CFG = ${THIS_CFG}" + + +if [[ "$THIS_TARGET" == "esp8266" ]]; then + # idf.py for the ESP8266 does not support --version + echo "ESP8266 using $IDF_PATH" +else + idf.py --version > "${BUILD_LOG}" 2>&1 +fi + +echo "Full clean for $THIS_TARGET..." +#--------------------------------------------------------------------- +idf.py fullclean >> "${BUILD_LOG}" 2>&1 +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Error during fullclean. Deleting build directory." + rm -rf ./build +fi + +#--------------------------------------------------------------------- +if [[ "$THIS_TARGET" == "esp8266" ]]; then + #always start with a fresh sdkconfig-debug (or sdkconfig-release) from defaults + rm -f ./sdkconfig-debug + rm -f ./sdkconfig-release + + # idf.py for the ESP8266 does not support --set-target + echo "Target is $THIS_TARGET" + + # Since we don't "set-target" for the ESP8266, ensure the sdkconfig is not present + rm -f ./sdkconfig +else + # Start with fresh sdkconfig + rm -f ./sdkconfig + + # ESP8266 debug and release files not used for non-ESP8266 targets here,delete anyhow: + rm -f ./sdkconfig-debug + rm -f ./sdkconfig-release + + echo "idf.py set-target $THIS_TARGET" + idf.py "set-target" "$THIS_TARGET" >> "${BUILD_LOG}" 2>&1 + THIS_ERROR_CODE=$? + if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + tail -n 5 "${BUILD_LOG}" + echo "Error during set-target" + exit 1 + fi +fi + +#--------------------------------------------------------------------- +echo "" +echo "Build $THIS_TARGET..." +echo "idf.py build" +idf.py build >> "${BUILD_LOG}" 2>&1 +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + tail -n 5 "${BUILD_LOG}" + echo "Error during build for $THIS_TARGET" + echo "" + echo "" + exit 1 +fi + +#--------------------------------------------------------------------- +echo "" +echo "Flash $THIS_TARGET..." +echo "idf.py flash -p ${THIS_TARGET_PORT} -b 115200" +idf.py flash -p "${THIS_TARGET_PORT}" -b 115200 2>&1 | tee -a "${FLASH_LOG}" +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + tail -n 5 "${FLASH_LOG}" + echo "Error during flash" + exit 1 +fi + +# popd || exit 1 +# popd || exit 1 + +# Note both of the options spawn a separate process: +if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then + echo "Monitor..." + echo ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" + + ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" & +else + echo "Calling putty..." + echo "$PUTTY_EXE -load \"$THIS_TARGET_PUTTY\"" + $PUTTY_EXE -load "$THIS_TARGET_PUTTY" -logoverwrite -sessionlog "${THIS_WLOG}" & +fi diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj new file mode 100644 index 0000000000..41509e0fd9 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj @@ -0,0 +1,292 @@ + + + + + + Unknown + + true + + c9687472-a434-43a7-9026-7914f425b9b4 + true + true + SourceDirs + + + + + + com.visualgdb.xtensa-lx106-elf + + 8.4.0 + 8.1 + 1 + + + + release/v3.4 + rtos-sdk/v3.4 + RTOS_SDK + + 0 + + + + + + + + + + + + + Default + + false + + BuildMachine + BuiltinShortcut + + + + + + + COM80 + + 74880 + 8 + None + One + None + + + 0 + false + true + false + ASCII + + + 255 + 0 + 0 + 0 + + + 255 + 169 + 169 + 169 + + + 255 + 211 + 211 + 211 + + + 255 + 144 + 238 + 144 + + + 255 + 169 + 169 + 169 + + + + 16 + true + true + true + true + 0 + + LF + false + false + true + + + + true + + + + + True + + true + true + + Enabled + true + true + true + + true + + + + false + + apiModeling.google.GTest + core.builtin.BuiltinFunctions + core.builtin.NoReturnFunctions + core.CallAndMessage + core.DivideZero + core.DynamicTypePropagation + core.NonnilStringConstants + core.NonNullParamChecker + core.NullDereference + core.StackAddressEscape + core.UndefinedBinaryOperatorResult + core.uninitialized.ArraySubscript + core.uninitialized.Assign + core.uninitialized.Branch + core.uninitialized.CapturedBlockVariable + core.uninitialized.UndefReturn + core.VLASize + cplusplus.NewDelete + cplusplus.NewDeleteLeaks + cplusplus.SelfAssignment + deadcode.DeadStores + nullability.NullPassedToNonnull + nullability.NullReturnedFromNonnull + security.insecureAPI.getpw + security.insecureAPI.gets + security.insecureAPI.mkstemp + security.insecureAPI.mktemp + security.insecureAPI.UncheckedReturn + security.insecureAPI.vfork + unix.API + unix.cstring.BadSizeArg + unix.cstring.NullArg + unix.Malloc + unix.MallocSizeof + unix.MismatchedDeallocator + unix.StdCLibraryFunctions + unix.Vfork + + + -analyzer-store=region + -analyzer-opt-analyze-nested-blocks + -analyzer-eagerly-assume + + + + + + Debug + + build/Debug + sdkconfig-debug + false + + + + Release + + build/Release + sdkconfig-release + false + + + + + + + + + + + + + false + false + false + false + false + false + false + false + false + + false + false + false + false + false + false + true + false + None + false + false + + true + false + false + true + 0 + false + 0 + true + false + + + openocd + + -f interface/ftdi/tigard.cfg -f target/esp8266.cfg + + + + false + + 131072 + Enabled + + set remotetimeout 60 + target remote :$$SYS:GDB_PORT$$ + mon reset halt + load + mon xtensa_no_interrupts_during_steps on + mon esp8266_autofeed_watchdog on + + false + 0 + 0 + false + + 0 + Soft + 4096 + 4096 + + size4M + freq40M + QIO + + + + true + Disabled + 0 + false + false + true + false + false + + _estack + 0 + false + + true + + \ No newline at end of file diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c index 5d3844206e..ba8c82a76e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex index b301e65201..a1a18d9812 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index c3cccde41a..70a6cb816e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h index 1de6f0f8bc..e0bee14e52 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h @@ -1,6 +1,6 @@ #ifndef _TIME_HELPER_H /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt index ab9cb25f46..a0ec798a2b 100644 --- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt @@ -1,21 +1,21 @@ # -# Copyright (C) 2006-2022 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. +# This file is part of wolfSSL. # -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # # cmake for wolfssl # @@ -75,7 +75,10 @@ set(COMPONENT_SRCEXCLUDE "./src/ssl_bn.c" # included by ssl.c "./src/ssl_certman.c" # included by ssl.c "./src/ssl_crypto.c" # included by ssl.c + "./src/ssl_load.c" # included by ssl.c "./src/ssl_misc.c" # included by ssl.c + "./src/ssl_p7p12.c" # included by ssl.c + "./src/ssl_sess.c" # included by ssl.c "./src/x509.c" "./src/x509_str.c" "./wolfcrypt/src/evp.c" diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk index 5234a007e1..047bb83ea0 100644 --- a/IDE/Espressif/ESP-IDF/libs/component.mk +++ b/IDE/Espressif/ESP-IDF/libs/component.mk @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -16,6 +16,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +#/ # # # Component Makefile diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h index 4b29234182..828aab9ff5 100644 --- a/IDE/Espressif/ESP-IDF/user_settings.h +++ b/IDE/Espressif/ESP-IDF/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 5011e51f2c..7fa3887361 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -133,6 +133,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_ser EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj # wolfSSL Test +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh + EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main @@ -151,11 +154,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C6.sln diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h index f1f8fd6d11..40986b08b4 100644 --- a/IDE/GCC-ARM/Header/user_settings.h +++ b/IDE/GCC-ARM/Header/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -250,10 +250,10 @@ extern "C" { /* AES */ #undef NO_AES #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + #undef HAVE_AES_CBC + #define HAVE_AES_CBC - #undef HAVE_AESGCM + #undef HAVE_AESGCM #define HAVE_AESGCM /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ @@ -419,6 +419,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c index 4780be1f1d..8b62a6b756 100644 --- a/IDE/GCC-ARM/Source/armtarget.c +++ b/IDE/GCC-ARM/Source/armtarget.c @@ -1,6 +1,6 @@ /* armtarget.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c index e113c86ef6..1151bbc32c 100644 --- a/IDE/GCC-ARM/Source/benchmark_main.c +++ b/IDE/GCC-ARM/Source/benchmark_main.c @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c index bf7216b116..c63246368b 100644 --- a/IDE/GCC-ARM/Source/test_main.c +++ b/IDE/GCC-ARM/Source/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c index 00afe6ef95..927b854d3d 100644 --- a/IDE/GCC-ARM/Source/tls_client.c +++ b/IDE/GCC-ARM/Source/tls_client.c @@ -1,6 +1,6 @@ /* tls_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c index 50e93d1a1e..1a19b4e53c 100644 --- a/IDE/GCC-ARM/Source/tls_server.c +++ b/IDE/GCC-ARM/Source/tls_server.c @@ -1,6 +1,6 @@ /* tls_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/GCC-ARM/Source/wolf_main.c b/IDE/GCC-ARM/Source/wolf_main.c index 3c705d2451..0956773b6e 100644 --- a/IDE/GCC-ARM/Source/wolf_main.c +++ b/IDE/GCC-ARM/Source/wolf_main.c @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/HEXAGON/DSP/Makefile b/IDE/HEXAGON/DSP/Makefile index 5b73cef4db..361873ee8c 100644 --- a/IDE/HEXAGON/DSP/Makefile +++ b/IDE/HEXAGON/DSP/Makefile @@ -1,6 +1,6 @@ # Makefile # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/HEXAGON/Makefile b/IDE/HEXAGON/Makefile index cdf6a1c59e..cf7252c866 100644 --- a/IDE/HEXAGON/Makefile +++ b/IDE/HEXAGON/Makefile @@ -1,6 +1,6 @@ # Makefile # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/HEXAGON/ecc-verify-benchmark.c b/IDE/HEXAGON/ecc-verify-benchmark.c index 24f9125702..d000925a5e 100644 --- a/IDE/HEXAGON/ecc-verify-benchmark.c +++ b/IDE/HEXAGON/ecc-verify-benchmark.c @@ -1,6 +1,6 @@ /* ecc-verify-benchmark.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/HEXAGON/ecc-verify.c b/IDE/HEXAGON/ecc-verify.c index ccbc18d81b..1e2d9510fb 100644 --- a/IDE/HEXAGON/ecc-verify.c +++ b/IDE/HEXAGON/ecc-verify.c @@ -1,6 +1,6 @@ /* ecc-verify.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/HEXAGON/user_settings.h b/IDE/HEXAGON/user_settings.h index 1897e883c4..5643e759db 100644 --- a/IDE/HEXAGON/user_settings.h +++ b/IDE/HEXAGON/user_settings.h @@ -13,25 +13,25 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #ifdef HAVE_ECC - #define ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT #endif #ifndef NO_RSA - #define WC_RSA_BLINDING + #define WC_RSA_BLINDING #endif #if 1 - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH - #if 1 - /* ARM NEON instructions */ - #define WOLFSSL_SP_ARM64_ASM - #endif - #if 1 - /* Use DSP */ - #define WOLFSSL_DSP - #endif + #if 1 + /* ARM NEON instructions */ + #define WOLFSSL_SP_ARM64_ASM + #endif + #if 1 + /* Use DSP */ + #define WOLFSSL_DSP + #endif #endif #endif diff --git a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c index f5e51cd977..76d4470c75 100644 --- a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c +++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c @@ -1,6 +1,6 @@ /* benchmark-main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c index 0e8d402687..cf0f57ac68 100644 --- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c +++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c @@ -1,6 +1,6 @@ /* current-time.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c index ec79e29a4f..4463b158d2 100644 --- a/IDE/IAR-EWARM/Projects/common/minimum-startup.c +++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c @@ -1,6 +1,6 @@ /* minimum-startup.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/IAR-EWARM/Projects/test/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c index d472d5d1e1..13d1308d55 100644 --- a/IDE/IAR-EWARM/Projects/test/test-main.c +++ b/IDE/IAR-EWARM/Projects/test/test-main.c @@ -1,6 +1,6 @@ /* test-main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/IAR-MSP430/main.c b/IDE/IAR-MSP430/main.c index e89afb6280..c99cb0075a 100644 --- a/IDE/IAR-MSP430/main.c +++ b/IDE/IAR-MSP430/main.c @@ -1,6 +1,6 @@ /* MSP430 example main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/IAR-MSP430/user_settings.h b/IDE/IAR-MSP430/user_settings.h index 1e4caea9d3..fc8f6ba621 100644 --- a/IDE/IAR-MSP430/user_settings.h +++ b/IDE/IAR-MSP430/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c index dd27de2665..1bd3c8ecd2 100644 --- a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c +++ b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c @@ -1,6 +1,6 @@ /* lpc_18xx_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c index 8f67b1c33e..f5ffe3fe6c 100644 --- a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c +++ b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c @@ -1,6 +1,6 @@ /* lpc_18xx_startup.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/M68K/README.md b/IDE/M68K/README.md index 2fe43b67ac..64eaad8b5d 100644 --- a/IDE/M68K/README.md +++ b/IDE/M68K/README.md @@ -34,7 +34,7 @@ BUILD_C RSA 2048 public 7.619 ops/sec RSA 2048 private 0.276 ops/sec -###Building testwolfcryt/benchmark +###Building testwolfcrypt/benchmark To build either testwolfcrypt or benchmark first build wolfssl.a, place it in $(NBROOT)/lib and then cd into the respective directory. Running "make" will then create a .s19 application that can be ran on the board. diff --git a/IDE/M68K/benchmark/main.cpp b/IDE/M68K/benchmark/main.cpp index a7a76fb2d5..263b9289a2 100644 --- a/IDE/M68K/benchmark/main.cpp +++ b/IDE/M68K/benchmark/main.cpp @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/M68K/testwolfcrypt/main.cpp b/IDE/M68K/testwolfcrypt/main.cpp index 8b31c9e893..3df8ebd37c 100644 --- a/IDE/M68K/testwolfcrypt/main.cpp +++ b/IDE/M68K/testwolfcrypt/main.cpp @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MCUEXPRESSO/RT1170/user_settings.h b/IDE/MCUEXPRESSO/RT1170/user_settings.h index f620b1cc9f..f89e398664 100644 --- a/IDE/MCUEXPRESSO/RT1170/user_settings.h +++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h @@ -53,7 +53,7 @@ /* using the RTC */ //#define NO_ASN_TIME #ifndef NO_ASN_TIME - #define FREESCALE_SNVS_RTC + #define FREESCALE_SNVS_RTC #endif #define NO_CRYPT_TEST @@ -64,19 +64,19 @@ #include static void myPrintf(const char* fmt, ...) { - int ret; - char line[150]; - va_list ap; + int ret; + char line[150]; + va_list ap; - va_start(ap, fmt); - ret = vsnprintf(line, sizeof(line), fmt, ap); - line[sizeof(line)-1] = '\0'; + va_start(ap, fmt); + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; - DbgConsole_Printf("%s", line); + DbgConsole_Printf("%s", line); - /* add CR on newlines */ - if (ret > 0 && line[ret-1] == '\n') { - DbgConsole_Printf("\r"); + /* add CR on newlines */ + if (ret > 0 && line[ret-1] == '\n') { + DbgConsole_Printf("\r"); } } #define XPRINTF myPrintf diff --git a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c index c413251325..bf092fce9c 100644 --- a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c +++ b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c @@ -1,6 +1,6 @@ /* run_benchmark.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MCUEXPRESSO/user_settings.h b/IDE/MCUEXPRESSO/user_settings.h index 77e137852f..d9fd0766c2 100644 --- a/IDE/MCUEXPRESSO/user_settings.h +++ b/IDE/MCUEXPRESSO/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,19 +40,19 @@ #include static void myPrintf(const char* fmt, ...) { - int ret; - char line[150]; - va_list ap; + int ret; + char line[150]; + va_list ap; - va_start(ap, fmt); - ret = vsnprintf(line, sizeof(line), fmt, ap); - line[sizeof(line)-1] = '\0'; + va_start(ap, fmt); + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; - DbgConsole_Printf("%s", line); + DbgConsole_Printf("%s", line); - /* add CR on newlines */ - if (ret > 0 && line[ret-1] == '\n') { - DbgConsole_Printf("\r"); + /* add CR on newlines */ + if (ret > 0 && line[ret-1] == '\n') { + DbgConsole_Printf("\r"); } } #define XPRINTF myPrintf @@ -70,9 +70,9 @@ #define USE_FAST_MATH #ifdef USE_FAST_MATH /* big enough for even 4096 bit RSA key */ - #define FP_MAX_BITS 8192 - #define TFM_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT + #define FP_MAX_BITS 8192 + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT #define ALT_ECC_SIZE #endif diff --git a/IDE/MCUEXPRESSO/wolfcrypt_test.c b/IDE/MCUEXPRESSO/wolfcrypt_test.c index 08a0d432e8..8d8993dda2 100644 --- a/IDE/MCUEXPRESSO/wolfcrypt_test.c +++ b/IDE/MCUEXPRESSO/wolfcrypt_test.c @@ -1,6 +1,6 @@ /* wolfcrypt_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c index 1e7fba4f12..04d4802165 100644 --- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c +++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c @@ -1,6 +1,6 @@ /* time.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c index 3f2af99c99..0f57692e27 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c @@ -1,6 +1,6 @@ /* certs_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h index ca36781692..04373c97ab 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h @@ -1,6 +1,6 @@ /* config-BEREFOOT.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h index 45b8c1b329..85e02db34c 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h @@ -1,6 +1,6 @@ /* config-FS.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h index a96e5d7862..eb93fa931a 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h @@ -1,6 +1,6 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h index 98562cd164..d6fe1aa16d 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h @@ -1,6 +1,6 @@ /* config.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c index de71e9941e..84d3bc4ba0 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c index 63e2cdc2f1..1ce952e037 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c index 024943bd3d..f7cb61f0df 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c @@ -1,6 +1,6 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c index bd7d515026..f41a948137 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c @@ -1,6 +1,6 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c index 9b68ab8158..7908dfec68 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c @@ -1,6 +1,6 @@ /* wolfssl_KEIL_RL.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h index 6e3464ba6e..b52c547fde 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h @@ -1,6 +1,6 @@ /* wolfssl_KEIL_RL.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,7 +78,7 @@ typedef int socklen_t ; #define tcp_listen wolfssl_tcp_listen #define tcp_select wolfssl_tcp_select -extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; +extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen); extern int wolfssl_recv(int sd, void *buf, size_t len, int flags); extern int wolfssl_send(int sd, const void *buf, size_t len, int flags); diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c index 08dcbdf8f3..3a30349cac 100644 --- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c +++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c @@ -1,6 +1,6 @@ /* time-STM32F2xx.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Conf/user_settings.h b/IDE/MDK5-ARM/Conf/user_settings.h index c58b5fb6a9..089712b852 100644 --- a/IDE/MDK5-ARM/Conf/user_settings.h +++ b/IDE/MDK5-ARM/Conf/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h index e6d314a771..66623a9441 100644 --- a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h +++ b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h @@ -1,6 +1,6 @@ /* wolfssl_MDK_ARM.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c index 1b055e7fa0..a9b0bc0add 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c index 6425e654e5..826a8ade2b 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/main.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c index 22f27cb153..0e40a7249e 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/main.c +++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c index 53a27bec00..a99244f63c 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/main.c +++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c index 0461547014..686cda6b6a 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c index 973fdbbe1d..22e6a9b056 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c index 9eab03cc69..db26c5b262 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c index 3958f4a23e..06f39b0e86 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c index 8b1de0aa51..a4ce55fc60 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c @@ -1,6 +1,6 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c index 7cfd82ec69..734b126ce0 100644 --- a/IDE/MDK5-ARM/Src/ssl-dummy.c +++ b/IDE/MDK5-ARM/Src/ssl-dummy.c @@ -1,6 +1,6 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c index 9834251c0d..70ef3b4eaa 100644 --- a/IDE/MQX/client-tls.c +++ b/IDE/MQX/client-tls.c @@ -1,6 +1,6 @@ /* client-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c index e7e1a48529..ae2c7ae947 100644 --- a/IDE/MQX/server-tls.c +++ b/IDE/MQX/server-tls.c @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.c b/IDE/MSVS-2019-AZSPHERE/client/client.c index 6756c89a57..d758a39fd1 100644 --- a/IDE/MSVS-2019-AZSPHERE/client/client.c +++ b/IDE/MSVS-2019-AZSPHERE/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.h b/IDE/MSVS-2019-AZSPHERE/client/client.h index f10c0db94f..edef19afc3 100644 --- a/IDE/MSVS-2019-AZSPHERE/client/client.h +++ b/IDE/MSVS-2019-AZSPHERE/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.c b/IDE/MSVS-2019-AZSPHERE/server/server.c index 7c4528a06d..dbf49efedf 100644 --- a/IDE/MSVS-2019-AZSPHERE/server/server.c +++ b/IDE/MSVS-2019-AZSPHERE/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.h b/IDE/MSVS-2019-AZSPHERE/server/server.h index e4d5edfeaf..e3a53b5e3a 100644 --- a/IDE/MSVS-2019-AZSPHERE/server/server.h +++ b/IDE/MSVS-2019-AZSPHERE/server/server.h @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/shared/util.h b/IDE/MSVS-2019-AZSPHERE/shared/util.h index fc54a709ae..0cab4bf60e 100644 --- a/IDE/MSVS-2019-AZSPHERE/shared/util.h +++ b/IDE/MSVS-2019-AZSPHERE/shared/util.h @@ -1,6 +1,6 @@ /* util.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/user_settings.h b/IDE/MSVS-2019-AZSPHERE/user_settings.h index 3c4c03aa54..ea18de895f 100644 --- a/IDE/MSVS-2019-AZSPHERE/user_settings.h +++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,9 +31,9 @@ #ifndef SERVER_IP #define SERVER_IP "192.168.1.200" /* Local Test Server IP */ #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 11111 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 11111 + #endif #define CERT ca_cert_der_2048 #define SIZEOF_CERT sizeof_ca_cert_der_2048 static const char msg[] = "Are you listening wolfSSL Server?"; @@ -41,9 +41,9 @@ #ifndef SERVER_IP #define SERVER_IP "www.wolfssl.com" #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 443 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 443 + #endif #define CERT wolfssl_website_root_ca #define SIZEOF_CERT sizeof_wolfssl_website_root_ca static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n"; @@ -85,6 +85,7 @@ /* Filesystem */ #define NO_FILESYSTEM +#define HAVE_NETDB_H /* Debug */ #include diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt index 902050c276..18c3633b0e 100644 --- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt +++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt @@ -41,7 +41,10 @@ list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_asn1.c ) list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_bn.c ) list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_certman.c ) list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_crypto.c ) +list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_load.c ) list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_misc.c ) +list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_p7p12.c ) +list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_sess.c ) aux_source_directory( ${CRYPTO_SRC_DIR} CRYPTO_SOURCES ) list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/evp.c ) list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/misc.c ) diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h index 2837ac3c2d..cb3721ec43 100644 --- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h +++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h @@ -1,6 +1,6 @@ /* template_appliance.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h index 05ed1790f6..974d2d8e10 100644 --- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h +++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h @@ -1,4 +1,5 @@ -/* Copyright (C) 2006-2022 wolfSSL Inc. +/ * Copyright (C) 2006-2024 wolfSSL Inc. + * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h index 051b6ac03b..ad9cab58bf 100644 --- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h +++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h @@ -1,6 +1,6 @@ /* template_appliance.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c index ca8e80577c..acd8668264 100644 --- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c +++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt index 566b7d8b80..ba6d98116a 100644 --- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt +++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt @@ -1,6 +1,6 @@ # CMakeLists.txt # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/MYSQL/CMakeLists_wolfSSL.txt b/IDE/MYSQL/CMakeLists_wolfSSL.txt index e95c929103..7bfaa88c90 100644 --- a/IDE/MYSQL/CMakeLists_wolfSSL.txt +++ b/IDE/MYSQL/CMakeLists_wolfSSL.txt @@ -1,6 +1,6 @@ # CMakeLists.txt # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h index ceb70ec663..efdbf01614 100644 --- a/IDE/NETOS/user_settings.h +++ b/IDE/NETOS/user_settings.h @@ -1,23 +1,23 @@ /* user_settings.h * -* Copyright (C) 2006-2021 wolfSSL Inc. -* -* This file is part of wolfSSL. -* -* wolfSSL is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* wolfSSL is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -*/ + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ /* Custom wolfSSL user settings for GCC ARM */ @@ -410,6 +410,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/NETOS/wolfssl_netos_custom.c b/IDE/NETOS/wolfssl_netos_custom.c index 8617eee66b..db4b518aa0 100644 --- a/IDE/NETOS/wolfssl_netos_custom.c +++ b/IDE/NETOS/wolfssl_netos_custom.c @@ -1,6 +1,6 @@ /* wolfssl_netos_custom.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/PlatformIO/README.md b/IDE/PlatformIO/README.md new file mode 100644 index 0000000000..7ba3d470bf --- /dev/null +++ b/IDE/PlatformIO/README.md @@ -0,0 +1,26 @@ +# PlatformIO + +Follow the [instructions](https://docs.platformio.org/en/latest/core/installation/methods/index.html) to install PlatformIO. + +Note there are two options for using PlatformIO: + +- [Core CLI](https://docs.platformio.org/en/latest/core/index.html) +- [VSCode IDE](https://docs.platformio.org/en/latest/integration/ide/vscode.html#ide-vscode) + +There are two types wolfSSL libraries for PlatformIO: + +- Regular (release): https://registry.platformio.org/libraries/wolfssl/wolfssl +- Arduino (release): https://registry.platformio.org/libraries/wolfssl/Arduino-wolfSSL + +There are staging / preview libraries for each of the two types wolfSSL libraries for PlatformIO: + +- Regular (staging / preview): https://registry.platformio.org/libraries/wolfssl-staging/wolfSSL +- Arduino (staging / preview): https://registry.platformio.org/libraries/wolfssl-staging/Arduino-wolfSSL + +# Examples + +See the [examples directory](./examples/) + +## Publishing + +The wolfSSL publishing is performed from the `scripts`. diff --git a/IDE/PlatformIO/examples/README.md b/IDE/PlatformIO/examples/README.md new file mode 100644 index 0000000000..f4ab164368 --- /dev/null +++ b/IDE/PlatformIO/examples/README.md @@ -0,0 +1,13 @@ +# PlatformIO + +Follow the [instructions](https://docs.platformio.org/en/latest/core/installation/methods/index.html) to install PlatformIO. + +Note there are two options: + +- [Core CLI](https://docs.platformio.org/en/latest/core/index.html) +- [VSCode IDE](https://docs.platformio.org/en/latest/integration/ide/vscode.html#ide-vscode) + +# Examples + +- [wolfssl_benchmark](./wolfssl_benchmark/README.md) +- [wolfssl_test](./wolfssl_test/README.md) diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt new file mode 100644 index 0000000000..196bba158e --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt @@ -0,0 +1,3 @@ +cmake_minimum_required(VERSION 3.16.0) +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(ESP_IDF_Hello_World) diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md new file mode 100644 index 0000000000..c602facfe5 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md @@ -0,0 +1,214 @@ +# wolfSSL Benchmark Example + +This ESP32 example uses the [wolfSSL wolfcrypt Benchmark Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/benchmark). + +Other target boards _should_ work, but have not yet been tested. + +For general information on [wolfSSL examples for Espressif](../README.md), see the +[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file. + +## Example Output + +Note the default wolfSSL `user_settings.h` is configured by default to be the most +compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com +for help in optimizing for your particular application, or see the +[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). + +``` +ets Jun 8 2016 00:22:57 + +rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) +configsip: 0, SPIWP:0xee +clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 +mode:DIO, clock div:2 +load:0x3fff0030,len:7168 +load:0x40078000,len:15612 +load:0x40080400,len:4 +load:0x40080404,len:3736 +entry 0x40080624 +I (28) boot: ESP-IDF 5.2.1 2nd stage bootloader +I (29) boot: compile time May 17 2024 19:42:46 +W (29) boot: Unicore bootloader +I (32) boot: chip revision: v1.0 +I (36) boot.esp32: SPI Speed : 40MHz +I (41) boot.esp32: SPI Mode : DIO +I (45) boot.esp32: SPI Flash Size : 4MB +I (50) boot: Enabling RNG early entropy source... +I (55) boot: Partition Table: +I (59) boot: ## Label Usage Type ST Offset Length +I (66) boot: 0 nvs WiFi data 01 02 00009000 00006000 +I (74) boot: 1 phy_init RF data 01 01 0000f000 00001000 +I (81) boot: 2 factory factory app 00 00 00010000 00100000 +I (89) boot: End of partition table +I (93) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=1900ch (102412) map +I (138) esp_image: segment 1: paddr=00029034 vaddr=3ffb0000 size=01794h ( 6036) load +I (141) esp_image: segment 2: paddr=0002a7d0 vaddr=40080000 size=05848h ( 22600) load +I (154) esp_image: segment 3: paddr=00030020 vaddr=400d0020 size=4bc50h (310352) map +I (266) esp_image: segment 4: paddr=0007bc78 vaddr=40085848 size=05b64h ( 23396) load +I (276) esp_image: segment 5: paddr=000817e4 vaddr=50000000 size=00004h ( 4) load +I (282) boot: Loaded app from partition at offset 0x10000 +I (282) boot: Disabling RNG early entropy source... +I (297) cpu_start: Unicore app +I (297) cpu_start: Single core mode +I (305) cpu_start: Pro cpu start user code +I (305) cpu_start: cpu freq: 240000000 Hz +I (305) cpu_start: Application information: +I (310) cpu_start: Project name: ESP_IDF_Hello_World +I (316) cpu_start: App version: v5.7.0-stable-512-g15af87af8-di +I (323) cpu_start: Compile time: May 17 2024 19:42:07 +I (329) cpu_start: ELF file SHA256: eebe816ce... +I (334) cpu_start: ESP-IDF: 5.2.1 +I (339) cpu_start: Min chip rev: v0.0 +I (344) cpu_start: Max chip rev: v3.99 +I (349) cpu_start: Chip rev: v1.0 +I (354) heap_init: Initializing. RAM available for dynamic allocation: +I (361) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM +I (367) heap_init: At 3FFB2018 len 0002DFE8 (183 KiB): DRAM +I (373) heap_init: At 3FFE0440 len 0001FBC0 (126 KiB): D/IRAM +I (379) heap_init: At 40078000 len 00008000 (32 KiB): IRAM +I (386) heap_init: At 4008B3AC len 00014C54 (83 KiB): IRAM +I (392) heap_init: At 3FF80000 len 00002000 (8 KiB): RTCRAM +I (399) spi_flash: detected chip: generic +I (403) spi_flash: flash io: dio +I (407) main_task: Started on CPU0 +I (410) main_task: Calling app_main() +I (415) wolfSSL demo: Found WOLFSSL_ESPIDF! + +Hello World wolfSSL Version 5.7.0 +I (423) esp32_util: Extended Version and Platform Information. +I (429) esp32_util: Chip revision: v1.0 +I (434) esp32_util: SSID and plain text WiFi password not displayed in startup logs. +I (442) esp32_util: Define SHOW_SSID_AND_PASSWORD to enable display. +W (449) esp32_util: Warning: old cmake, user_settings.h location unknown. +I (457) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0 +I (463) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000 +I (468) esp32_util: Stack HWM: 9204 +I (472) esp32_util: +I (475) esp32_util: Macro Name Defined Not Defined +I (482) esp32_util: ------------------------- --------- ------------- +I (489) esp32_util: NO_ESPIDF_DEFAULT........ X +I (496) esp32_util: HW_MATH_ENABLED.......... X +I (502) esp32_util: WOLFSSL_SHA224........... X +I (507) esp32_util: WOLFSSL_SHA384........... X +I (513) esp32_util: WOLFSSL_SHA512........... X +I (518) esp32_util: WOLFSSL_SHA3............. X +I (524) esp32_util: HAVE_ED25519............. X +I (529) esp32_util: HAVE_AES_ECB............. X +I (536) esp32_util: HAVE_AES_DIRECT.......... X +I (543) esp32_util: USE_FAST_MATH............ X +I (548) esp32_util: WOLFSSL_SP_MATH_ALL...... X +I (555) esp32_util: SP_MATH.................. X +I (561) esp32_util: WOLFSSL_HW_METRICS....... X +I (567) esp32_util: RSA_LOW_MEM.............. X +I (572) esp32_util: SMALL_SESSION_CACHE...... X +I (579) esp32_util: WC_NO_HARDEN............. X +I (586) esp32_util: TFM_TIMING_RESISTANT..... X +I (591) esp32_util: ECC_TIMING_RESISTANT..... X +I (597) esp32_util: WC_NO_CACHE_RESISTANT.... X +I (602) esp32_util: WC_AES_BITSLICED......... X +I (609) esp32_util: WOLFSSL_AES_NO_UNROLL.... X +I (615) esp32_util: TFM_TIMING_RESISTANT..... X +I (621) esp32_util: ECC_TIMING_RESISTANT..... X +I (627) esp32_util: WC_RSA_BLINDING.......... X +I (632) esp32_util: NO_WRITEV................ X +I (638) esp32_util: FREERTOS................. X +I (643) esp32_util: NO_WOLFSSL_DIR........... X +I (649) esp32_util: WOLFSSL_NO_CURRDIR....... X +I (654) esp32_util: WOLFSSL_LWIP............. X +I (660) esp32_util: +I (663) esp32_util: Compiler Optimization: Default +I (668) esp32_util: +I (671) esp32_util: CONFIG_IDF_TARGET = esp32 +W (676) esp32_util: Watchdog active; missing WOLFSSL_ESP_NO_WATCHDOG definition. +I (684) esp32_util: CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: 240 MHz +I (691) esp32_util: Xthal_have_ccount: 1 +I (695) esp32_util: CONFIG_MAIN_TASK_STACK_SIZE: 10500 +I (701) esp32_util: CONFIG_ESP_MAIN_TASK_STACK_SIZE: 10500 +I (707) esp32_util: CONFIG_TIMER_TASK_STACK_SIZE: 3584 +I (713) esp32_util: CONFIG_TIMER_TASK_STACK_DEPTH: 2048 +I (719) esp32_util: Stack HWM: 3ffb4ebf +I (724) esp32_util: ESP32_CRYPT is enabled for ESP32. +I (729) esp32_util: SINGLE_THREADED +I (733) esp32_util: Boot count: 1 +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +RNG 1625 KiB took 1.016 seconds, 1599.409 KiB/s Cycles per byte = 251.56 +AES-128-CBC-enc 7600 KiB took 1.003 seconds, 7577.268 KiB/s Cycles per byte = 30.93 +AES-128-CBC-dec 7350 KiB took 1.001 seconds, 7342.657 KiB/s Cycles per byte = 31.94 +AES-192-CBC-enc 7575 KiB took 1.001 seconds, 7567.433 KiB/s Cycles per byte = 30.97 +AES-192-CBC-dec 7325 KiB took 1.000 seconds, 7325.000 KiB/s Cycles per byte = 31.98 +AES-256-CBC-enc 7375 KiB took 1.000 seconds, 7375.000 KiB/s Cycles per byte = 31.77 +AES-256-CBC-dec 7325 KiB took 1.001 seconds, 7317.682 KiB/s Cycles per byte = 32.02 +AES-128-GCM-enc 350 KiB took 1.008 seconds, 347.222 KiB/s Cycles per byte = 675.33 +AES-128-GCM-dec 350 KiB took 1.009 seconds, 346.878 KiB/s Cycles per byte = 675.81 +AES-192-GCM-enc 350 KiB took 1.013 seconds, 345.508 KiB/s Cycles per byte = 678.52 +AES-192-GCM-dec 350 KiB took 1.014 seconds, 345.168 KiB/s Cycles per byte = 679.06 +AES-256-GCM-enc 350 KiB took 1.018 seconds, 343.811 KiB/s Cycles per byte = 681.98 +AES-256-GCM-dec 350 KiB took 1.020 seconds, 343.137 KiB/s Cycles per byte = 682.55 +GMAC Default 415 KiB took 1.001 seconds, 414.585 KiB/s Cycles per byte = 565.02 +AES-XTS-enc 1950 KiB took 1.000 seconds, 1950.000 KiB/s Cycles per byte = 120.17 +AES-XTS-dec 1950 KiB took 1.002 seconds, 1946.108 KiB/s Cycles per byte = 120.49 +AES-128-CFB 2425 KiB took 1.009 seconds, 2403.370 KiB/s Cycles per byte = 97.53 +AES-192-CFB 2350 KiB took 1.010 seconds, 2326.733 KiB/s Cycles per byte = 100.67 +AES-256-CFB 2250 KiB took 1.000 seconds, 2250.000 KiB/s Cycles per byte = 104.12 +AES-128-OFB 2425 KiB took 1.009 seconds, 2403.370 KiB/s Cycles per byte = 97.47 +AES-192-OFB 2350 KiB took 1.009 seconds, 2329.039 KiB/s Cycles per byte = 100.62 +AES-256-OFB 2275 KiB took 1.010 seconds, 2252.475 KiB/s Cycles per byte = 104.07 +AES-128-CTR 2450 KiB took 1.007 seconds, 2432.969 KiB/s Cycles per byte = 96.33 +AES-192-CTR 2375 KiB took 1.009 seconds, 2353.816 KiB/s Cycles per byte = 99.50 +AES-256-CTR 2275 KiB took 1.000 seconds, 2275.000 KiB/s Cycles per byte = 102.92 +AES-256-SIV-enc 900 KiB took 1.019 seconds, 883.219 KiB/s Cycles per byte = 265.22 +AES-256-SIV-dec 900 KiB took 1.019 seconds, 883.219 KiB/s Cycles per byte = 265.40 +AES-384-SIV-enc 875 KiB took 1.015 seconds, 862.069 KiB/s Cycles per byte = 271.82 +AES-384-SIV-dec 875 KiB took 1.016 seconds, 861.220 KiB/s Cycles per byte = 272.09 +AES-512-SIV-enc 850 KiB took 1.012 seconds, 839.921 KiB/s Cycles per byte = 279.14 +AES-512-SIV-dec 850 KiB took 1.014 seconds, 838.264 KiB/s Cycles per byte = 279.36 +ARC4 4100 KiB took 1.003 seconds, 4087.737 KiB/s Cycles per byte = 57.30 +3DES 450 KiB took 1.001 seconds, 449.550 KiB/s Cycles per byte = 521.21 +MD5 13775 KiB took 1.000 seconds, 13775.000 KiB/s Cycles per byte = 17.01 +POLY1305 7350 KiB took 1.000 seconds, 7350.000 KiB/s Cycles per byte = 31.89 +SHA 16175 KiB took 1.000 seconds, 16175.000 KiB/s Cycles per byte = 14.49 +SHA-224 1325 KiB took 1.004 seconds, 1319.721 KiB/s Cycles per byte = 177.55 +SHA-256 15975 KiB took 1.001 seconds, 15959.041 KiB/s Cycles per byte = 14.69 +SHA-384 17400 KiB took 1.000 seconds, 17400.000 KiB/s Cycles per byte = 13.48 +SHA-512 17200 KiB took 1.000 seconds, 17200.000 KiB/s Cycles per byte = 13.63 +SHA-512/224 1150 KiB took 1.012 seconds, 1136.364 KiB/s Cycles per byte = 206.14 +SHA-512/256 1150 KiB took 1.010 seconds, 1138.614 KiB/s Cycles per byte = 205.91 +SHA3-224 1125 KiB took 1.001 seconds, 1123.876 KiB/s Cycles per byte = 208.50 +SHA3-256 1075 KiB took 1.013 seconds, 1061.204 KiB/s Cycles per byte = 220.77 +SHA3-384 825 KiB took 1.007 seconds, 819.265 KiB/s Cycles per byte = 285.94 +SHA3-512 575 KiB took 1.002 seconds, 573.852 KiB/s Cycles per byte = 408.48 +SHAKE128 1300 KiB took 1.000 seconds, 1300.000 KiB/s Cycles per byte = 180.29 +SHAKE256 1075 KiB took 1.012 seconds, 1062.253 KiB/s Cycles per byte = 220.72 +BLAKE2b 1650 KiB took 1.007 seconds, 1638.530 KiB/s Cycles per byte = 143.04 +BLAKE2s 3475 KiB took 1.003 seconds, 3464.606 KiB/s Cycles per byte = 67.59 +AES-128-CMAC 2350 KiB took 1.009 seconds, 2329.039 KiB/s Cycles per byte = 100.65 +AES-256-CMAC 2200 KiB took 1.006 seconds, 2186.879 KiB/s Cycles per byte = 107.22 +HMAC-MD5 13625 KiB took 1.000 seconds, 13625.000 KiB/s Cycles per byte = 17.21 +HMAC-SHA 15800 KiB took 1.000 seconds, 15800.000 KiB/s Cycles per byte = 14.84 +HMAC-SHA224 1325 KiB took 1.012 seconds, 1309.289 KiB/s Cycles per byte = 179.02 +HMAC-SHA256 15575 KiB took 1.000 seconds, 15575.000 KiB/s Cycles per byte = 15.05 +HMAC-SHA384 16375 KiB took 1.000 seconds, 16375.000 KiB/s Cycles per byte = 14.32 +HMAC-SHA512 15850 KiB took 1.000 seconds, 15850.000 KiB/s Cycles per byte = 14.80 +PBKDF2 1 KiB took 1.024 seconds, 0.549 KiB/s Cycles per byte = 426593.36 +RSA 1024 key gen 1 ops took 1.142 sec, avg 1142.000 ms, 0.876 ops/sec +RSA 2048 key gen 1 ops took 2.817 sec, avg 2817.000 ms, 0.355 ops/sec +RSA 2048 public 14 ops took 1.115 sec, avg 79.643 ms, 12.556 ops/sec +RSA 2048 private 6 ops took 1.272 sec, avg 212.000 ms, 4.717 ops/sec +DH 2048 key gen 5 ops took 1.206 sec, avg 241.200 ms, 4.146 ops/sec +DH 2048 agree 14 ops took 1.106 sec, avg 79.000 ms, 12.658 ops/sec +ECC [ SECP256R1] 256 key gen 4 ops took 1.525 sec, avg 381.250 ms, 2.623 ops/sec +ECDHE [ SECP256R1] 256 agree 4 ops took 1.522 sec, avg 380.500 ms, 2.628 ops/sec +ECDSA [ SECP256R1] 256 sign 4 ops took 1.541 sec, avg 385.250 ms, 2.596 ops/sec +ECDSA [ SECP256R1] 256 verify 4 ops took 1.014 sec, avg 253.500 ms, 3.945 ops/sec +CURVE 25519 key gen 3 ops took 1.186 sec, avg 395.333 ms, 2.530 ops/sec +CURVE 25519 agree 4 ops took 1.577 sec, avg 394.250 ms, 2.536 ops/sec +ED 25519 key gen 45 ops took 1.006 sec, avg 22.356 ms, 44.732 ops/sec +ED 25519 sign 40 ops took 1.036 sec, avg 25.900 ms, 38.610 ops/sec +ED 25519 verify 26 ops took 1.014 sec, avg 39.000 ms, 25.641 ops/sec +Benchmark complete + +benchmark_test complete! result code: 0 +I (82083) main_task: Returned from app_main() +``` + +See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md). diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/include/README b/IDE/PlatformIO/examples/wolfssl_benchmark/include/README new file mode 100644 index 0000000000..45496b1f1e --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/include/README @@ -0,0 +1,39 @@ + +This directory is intended for project header files. + +A header file is a file containing C declarations and macro definitions +to be shared between several project source files. You request the use of a +header file in your project source file (C, C++, etc) located in `src` folder +by including it, with the C preprocessing directive `#include'. + +```src/main.c + +#include "header.h" + +int main (void) +{ + ... +} +``` + +Including a header file produces the same results as copying the header file +into each source file that needs it. Such copying would be time-consuming +and error-prone. With a header file, the related declarations appear +in only one place. If they need to be changed, they can be changed in one +place, and programs that include the header file will automatically use the +new version when next recompiled. The header file eliminates the labor of +finding and changing all the copies as well as the risk that a failure to +find one copy will result in inconsistencies within a program. + +In C, the usual convention is to give header files names that end with `.h'. +It is most portable to use only letters, digits, dashes, and underscores in +header file names, and at most one dot. + +Read more about using header files in official GCC documentation: + +* Include Syntax +* Include Operation +* Once-Only Headers +* Computed Includes + +https://gcc.gnu.org/onlinedocs/cpp/Header-Files.html diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h similarity index 78% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h rename to IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h index 37b770415a..4eff19f856 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h @@ -1,5 +1,6 @@ -/* - * Copyright (C) 2006-2023 wolfSSL Inc. +/* PlatformIO wolfssl_benchmark main.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -17,16 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _TIME_HELPER_H +#ifndef _MAIN_H_ +#define _MAIN_H_ -#ifdef __cplusplus -extern "C" { #endif - -int set_time(void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README b/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README new file mode 100644 index 0000000000..a10cadebe8 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README @@ -0,0 +1,46 @@ + +This directory is intended for project specific (private) libraries. +PlatformIO will compile them to static libraries and link into executable file. + +The source code of each library should be placed in an own separate directory +("lib/your_library_name/[here are source files]"). + +For example, see a structure of the following two libraries `Foo` and `Bar`: + +|--lib +| | +| |--Bar +| | |--docs +| | |--examples +| | |--src +| | |- Bar.c +| | |- Bar.h +| | |- library.json (optional, custom build options, etc) https://docs.platformio.org/page/librarymanager/config.html +| | +| |--Foo +| | |- Foo.c +| | |- Foo.h +| | +| |- README --> THIS FILE +| +|- platformio.ini +|--src + |- main.c + +and a contents of `src/main.c`: +``` +#include +#include + +int main (void) +{ + ... +} + +``` + +PlatformIO Library Dependency Finder will find automatically dependent +libraries scanning project source files. + +More information about PlatformIO Library Dependency Finder +- https://docs.platformio.org/page/librarymanager/ldf.html diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini new file mode 100644 index 0000000000..a83ae32410 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini @@ -0,0 +1,20 @@ +; PlatformIO Project Configuration File +; +; Build options: build flags, source filter +; Upload options: custom upload port, speed and extra flags +; Library options: dependencies, extra library storages +; Advanced options: extra scripting +; +; Please visit documentation for the other options and examples +; https://docs.platformio.org/page/projectconf.html + +[env:esp32dev] +platform = espressif32 +board = esp32dev +framework = espidf +upload_port = COM19 +monitor_port = COM19 +monitor_speed = 115200 +build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32 +monitor_filters = direct +lib_deps = wolfssl/wolfSSL@^5.7.2 diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults new file mode 100644 index 0000000000..2a5ad756d7 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults @@ -0,0 +1,98 @@ +# sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size. See user_settings.h +# +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y + +# +# Partition Table +# +# CONFIG_PARTITION_TABLE_SINGLE_APP is not set +CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y +# CONFIG_PARTITION_TABLE_TWO_OTA is not set +# CONFIG_PARTITION_TABLE_CUSTOM is not set +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv" +CONFIG_PARTITION_TABLE_OFFSET=0x8000 +CONFIG_PARTITION_TABLE_MD5=y +# end of Partition Table diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt new file mode 100644 index 0000000000..ab3ad38f1b --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt @@ -0,0 +1,6 @@ +# This file was automatically generated for projects +# without default 'CMakeLists.txt' file. + +FILE(GLOB_RECURSE app_sources ${CMAKE_SOURCE_DIR}/src/*.*) + +idf_component_register(SRCS ${app_sources}) diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c new file mode 100644 index 0000000000..4a8f6561e5 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c @@ -0,0 +1,48 @@ +/* PlatformIO wolfssl_benchmark main.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "main.h" + +#include +#ifdef WOLFSSL_ESPIDF + #include + #include + #include +#endif + +#include +#include +#include + +#define TAG "wolfSSL demo" + +void app_main() { + int ret = 0; +#ifdef WOLFSSL_ESPIDF + ESP_LOGI(TAG, "Found WOLFSSL_ESPIDF!"); +#endif + printf("\nHello World wolfSSL Version %s\n", LIBWOLFSSL_VERSION_STRING); + +#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_ESPIDF) + esp_ShowExtendedSystemInfo(); +#endif + ret = benchmark_test(NULL); + printf("\nbenchmark_test complete! result code: %d\n", ret); +} diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/test/README b/IDE/PlatformIO/examples/wolfssl_benchmark/test/README new file mode 100644 index 0000000000..b0416ad8be --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/test/README @@ -0,0 +1,11 @@ + +This directory is intended for PlatformIO Test Runner and project tests. + +Unit Testing is a software testing method by which individual units of +source code, sets of one or more MCU program modules together with associated +control data, usage procedures, and operating procedures, are tested to +determine whether they are fit for use. Unit testing finds problems early +in the development cycle. + +More information about PlatformIO Unit Testing: +- https://docs.platformio.org/en/latest/advanced/unit-testing/index.html diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace b/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace new file mode 100644 index 0000000000..67488baf28 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace @@ -0,0 +1,13 @@ +{ + "folders": [ + { + "name": "wolfssl_benchmark", + "path": "." + } + ], + "settings": { + "files.associations": { + "settings.h": "c" + } + } +} diff --git a/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace b/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace new file mode 100644 index 0000000000..1c1f915989 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace @@ -0,0 +1,22 @@ +{ + "folders": [ + { + "name": "wolfsl_test", + "path": "wolfsl_test" + }, + { + "name": "wolfsl_benchmark", + "path": "wolfsl_benchmark" + } + ], + "settings": { + "files.associations": { + "version.h": "c", + "types.h": "c", + "settings.h": "c", + "freertos.h": "c", + "esp32-crypt.h": "c", + "esp_log.h": "c" + } + } +} diff --git a/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt new file mode 100644 index 0000000000..196bba158e --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt @@ -0,0 +1,3 @@ +cmake_minimum_required(VERSION 3.16.0) +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(ESP_IDF_Hello_World) diff --git a/IDE/PlatformIO/examples/wolfssl_test/README.md b/IDE/PlatformIO/examples/wolfssl_test/README.md new file mode 100644 index 0000000000..d67d76111c --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/README.md @@ -0,0 +1,241 @@ +# wolfSSL Crypt Test Example + +This ESP32 example uses the [wolfSSL wolfcrypt Test Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + +Other target boards _should_ work, but have not yet been tested. + +For general information on [wolfSSL examples for Espressif](../README.md), see the +[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file. + + +## Example Output + +Note the default wolfSSL `user_settings.h` is configured by default to be the most +compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com +for help in optimizing for your particular application, or see the +[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). + + +``` +ets Jun 8 2016 00:22:57 + +rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) +configsip: 0, SPIWP:0xee +clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 +mode:DIO, clock div:2 +load:0x3fff0030,len:7168 +load:0x40078000,len:15612 +load:0x40080400,len:4 +load:0x40080404,len:3736 +entry 0x40080624 +I (28) boot: ESP-IDF 5.2.1 2nd stage bootloader +I (29) boot: compile time May 17 2024 19:32:25 +W (29) boot: Unicore bootloader +I (32) boot: chip revision: v1.0 +I (36) boot.esp32: SPI Speed : 40MHz +I (41) boot.esp32: SPI Mode : DIO +I (45) boot.esp32: SPI Flash Size : 4MB +I (50) boot: Enabling RNG early entropy source... +I (55) boot: Partition Table: +I (59) boot: ## Label Usage Type ST Offset Length +I (66) boot: 0 nvs WiFi data 01 02 00009000 00006000 +I (74) boot: 1 phy_init RF data 01 01 0000f000 00001000 +I (81) boot: 2 factory factory app 00 00 00010000 00100000 +I (89) boot: End of partition table +I (93) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=31e24h (204324) map +I (175) esp_image: segment 1: paddr=00041e4c vaddr=3ffb0000 size=01c54h ( 7252) load +I (178) esp_image: segment 2: paddr=00043aa8 vaddr=40080000 size=0b3c0h ( 46016) load +I (200) esp_image: segment 3: paddr=0004ee70 vaddr=50000000 size=00004h ( 4) load +I (200) esp_image: segment 4: paddr=0004ee7c vaddr=00000000 size=0119ch ( 4508) +I (207) esp_image: segment 5: paddr=00050020 vaddr=400d0020 size=abb7ch (703356) map +I (473) boot: Loaded app from partition at offset 0x10000 +I (474) boot: Disabling RNG early entropy source... +I (485) cpu_start: Unicore app +I (485) cpu_start: Single core mode +I (493) cpu_start: Pro cpu start user code +I (493) cpu_start: cpu freq: 240000000 Hz +I (493) cpu_start: Application information: +I (498) cpu_start: Project name: ESP_IDF_Hello_World +I (504) cpu_start: App version: v5.7.0-stable-512-g15af87af8-di +I (511) cpu_start: Compile time: May 17 2024 19:31:47 +I (517) cpu_start: ELF file SHA256: 40b2541a0... +I (523) cpu_start: ESP-IDF: 5.2.1 +I (528) cpu_start: Min chip rev: v0.0 +I (532) cpu_start: Max chip rev: v3.99 +I (537) cpu_start: Chip rev: v1.0 +I (542) heap_init: Initializing. RAM available for dynamic allocation: +I (549) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM +I (555) heap_init: At 3FFB38C0 len 0002C740 (177 KiB): DRAM +I (561) heap_init: At 3FFE0440 len 0001FBC0 (126 KiB): D/IRAM +I (568) heap_init: At 40078000 len 00008000 (32 KiB): IRAM +I (574) heap_init: At 4008B3C0 len 00014C40 (83 KiB): IRAM +I (580) heap_init: At 3FF80000 len 00002000 (8 KiB): RTCRAM +I (588) spi_flash: detected chip: generic +I (591) spi_flash: flash io: dio +I (595) main_task: Started on CPU0 +I (598) main_task: Calling app_main() +I (603) wolfSSL demo: Found WOLFSSL_ESPIDF! +Hello World wolfSSL Version 5.7.0 +I (611) esp32_util: Extended Version and Platform Information. +I (617) esp32_util: Chip revision: v1.0 +I (622) esp32_util: SSID and plain text WiFi password not displayed in startup logs. +I (630) esp32_util: Define SHOW_SSID_AND_PASSWORD to enable display. +W (637) esp32_util: Warning: old cmake, user_settings.h location unknown. +I (645) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0 +I (650) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000 +I (656) esp32_util: Stack HWM: 9212 +I (660) esp32_util: +I (663) esp32_util: Macro Name Defined Not Defined +I (670) esp32_util: ------------------------- --------- ------------- +I (677) esp32_util: NO_ESPIDF_DEFAULT........ X +I (684) esp32_util: HW_MATH_ENABLED.......... X +I (689) esp32_util: WOLFSSL_SHA224........... X +I (695) esp32_util: WOLFSSL_SHA384........... X +I (700) esp32_util: WOLFSSL_SHA512........... X +I (706) esp32_util: WOLFSSL_SHA3............. X +I (712) esp32_util: HAVE_ED25519............. X +I (717) esp32_util: HAVE_AES_ECB............. X +I (724) esp32_util: HAVE_AES_DIRECT.......... X +I (730) esp32_util: USE_FAST_MATH............ X +I (736) esp32_util: WOLFSSL_SP_MATH_ALL...... X +I (743) esp32_util: SP_MATH.................. X +I (749) esp32_util: WOLFSSL_HW_METRICS....... X +I (755) esp32_util: RSA_LOW_MEM.............. X +I (760) esp32_util: SMALL_SESSION_CACHE...... X +I (767) esp32_util: WC_NO_HARDEN............. X +I (773) esp32_util: TFM_TIMING_RESISTANT..... X +I (779) esp32_util: ECC_TIMING_RESISTANT..... X +I (785) esp32_util: WC_NO_CACHE_RESISTANT.... X +I (790) esp32_util: WC_AES_BITSLICED......... X +I (797) esp32_util: WOLFSSL_AES_NO_UNROLL.... X +I (803) esp32_util: TFM_TIMING_RESISTANT..... X +I (809) esp32_util: ECC_TIMING_RESISTANT..... X +I (814) esp32_util: WC_RSA_BLINDING.......... X +I (820) esp32_util: NO_WRITEV................ X +I (825) esp32_util: FREERTOS................. X +I (831) esp32_util: NO_WOLFSSL_DIR........... X +I (837) esp32_util: WOLFSSL_NO_CURRDIR....... X +I (842) esp32_util: WOLFSSL_LWIP............. X +I (848) esp32_util: +I (851) esp32_util: Compiler Optimization: Default +I (856) esp32_util: +I (859) esp32_util: CONFIG_IDF_TARGET = esp32 +W (864) esp32_util: Watchdog active; missing WOLFSSL_ESP_NO_WATCHDOG definition. +I (872) esp32_util: CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: 240 MHz +I (879) esp32_util: Xthal_have_ccount: 1 +I (883) esp32_util: CONFIG_MAIN_TASK_STACK_SIZE: 10500 +I (889) esp32_util: CONFIG_ESP_MAIN_TASK_STACK_SIZE: 10500 +I (895) esp32_util: CONFIG_TIMER_TASK_STACK_SIZE: 3584 +I (901) esp32_util: CONFIG_TIMER_TASK_STACK_DEPTH: 2048 +I (907) esp32_util: Stack HWM: 8988 +I (911) esp32_util: ESP32_CRYPT is enabled for ESP32. +I (917) esp32_util: NOT SINGLE_THREADED +I (921) esp32_util: Boot count: 1 +------------------------------------------------------------------------------ + wolfSSL version 5.7.0 +------------------------------------------------------------------------------ +error test passed! +MEMORY test passed! +base64 test passed! +base16 test passed! +asn test passed! +RANDOM test passed! +MD5 test passed! +MD2 test passed! +MD4 test passed! +SHA test passed! +SHA-224 test passed! +SHA-256 test passed! +SHA-384 test passed! +SHA-512 test passed! +SHA-512/224 test passed! +SHA-512/256 test passed! +SHA-3 test passed! +SHAKE128 test passed! +SHAKE256 test passed! +Hash test passed! +BLAKE2b test passed! +BLAKE2s test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HMAC-SHA224 test passed! +HMAC-SHA256 test passed! +HMAC-SHA384 test passed! +HMAC-SHA512 test passed! +HMAC-SHA3 test passed! +HMAC-KDF test passed! +SSH-KDF test passed! +PRF test passed! +TLSv1.2 KDF test passed! +TLSv1.3 KDF test passed! +X963-KDF test passed! +HPKE test passed! +GMAC test passed! +RC2 test passed! +ARC4 test passed! +POLY1305 test passed! +DES test passed! +DES3 test passed! +AES test passed! +AES192 test passed! +AES256 test passed! +AES-OFB test passed! +AES-GCM test passed! +AES-CFB test passed! +AES-XTS test passed! +AES Key Wrap test passed! +AES-SIV test passed! +AES-EAX test passed! +RSA test passed! +DH test passed! +DSA test passed! +SRP test passed! +PWDBASED test passed! +PKCS12 test passed! +openSSL extra test +OPENSSL test passed! +OPENSSL (EVP MD) passed! +OPENSSL (PKEY0) passed! +OPENSSL (PKEY1) passed! +OPENSSL (EVP Sign/Verify) passed! +ECC test passed! +ECC buffer test passed! +CURVE25519 test passed! +ED25519 test passed! +CMAC test passed! +PKCS7encrypted test passed! +PKCS7signed test passed! +PKCS7enveloped test passed! +PKCS7authenveloped test passed! +mp test passed! +prime test passed! +logging test passed! +time test passed! +mutex test passed! +cert piv test passed! +I (261247) wolfssl_esp32_mp: +I (261248) wolfssl_esp32_mp: esp_mp_mul HW acceleration enabled. +I (261255) wolfssl_esp32_mp: Number of calls to esp_mp_mul: 3413 +I (261262) wolfssl_esp32_mp: Success: no esp_mp_mul() errors. +I (261268) wolfssl_esp32_mp: +I (261272) wolfssl_esp32_mp: esp_mp_mulmod HW acceleration enabled. +I (261279) wolfssl_esp32_mp: Number of calls to esp_mp_mulmod: 2170 +I (261286) wolfssl_esp32_mp: Number of fallback to SW mp_mulmod: 331 +I (261293) wolfssl_esp32_mp: Success: no esp_mp_mulmod errors. +I (261299) wolfssl_esp32_mp: Success: no esp_mp_mulmod even mod. +I (261306) wolfssl_esp32_mp: Success: no esp_mp_mulmod small x or y. +I (261313) wolfssl_esp32_mp: +I (261317) wolfssl_esp32_mp: Number of calls to esp_mp_exptmod: 659 +I (261324) wolfssl_esp32_mp: Number of fallback to SW mp_exptmod: 105 +I (261331) wolfssl_esp32_mp: Success: no esp_mp_exptmod errors. +I (261337) wolfssl_esp32_mp: Max N->used: esp_mp_max_used = 64 +I (261344) wolfssl_esp32_mp: Max timeout: esp_mp_max_timeout = 1 +Test complete +I (261352) wc_test: Exiting main with return code: 0 + + +wolf_test_task complete! result code: 0 +I (261361) main_task: Returned from app_main() +``` + +See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md). diff --git a/IDE/PlatformIO/examples/wolfssl_test/include/README b/IDE/PlatformIO/examples/wolfssl_test/include/README new file mode 100644 index 0000000000..45496b1f1e --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/include/README @@ -0,0 +1,39 @@ + +This directory is intended for project header files. + +A header file is a file containing C declarations and macro definitions +to be shared between several project source files. You request the use of a +header file in your project source file (C, C++, etc) located in `src` folder +by including it, with the C preprocessing directive `#include'. + +```src/main.c + +#include "header.h" + +int main (void) +{ + ... +} +``` + +Including a header file produces the same results as copying the header file +into each source file that needs it. Such copying would be time-consuming +and error-prone. With a header file, the related declarations appear +in only one place. If they need to be changed, they can be changed in one +place, and programs that include the header file will automatically use the +new version when next recompiled. The header file eliminates the labor of +finding and changing all the copies as well as the risk that a failure to +find one copy will result in inconsistencies within a program. + +In C, the usual convention is to give header files names that end with `.h'. +It is most portable to use only letters, digits, dashes, and underscores in +header file names, and at most one dot. + +Read more about using header files in official GCC documentation: + +* Include Syntax +* Include Operation +* Once-Only Headers +* Computed Includes + +https://gcc.gnu.org/onlinedocs/cpp/Header-Files.html diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h b/IDE/PlatformIO/examples/wolfssl_test/include/main.h similarity index 78% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h rename to IDE/PlatformIO/examples/wolfssl_test/include/main.h index 1de6f0f8bc..182fc1fbba 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h +++ b/IDE/PlatformIO/examples/wolfssl_test/include/main.h @@ -1,6 +1,6 @@ -#ifndef _TIME_HELPER_H -/* - * Copyright (C) 2006-2023 wolfSSL Inc. +/* PlatformIO wolfssl_test main.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -18,15 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifndef _MAIN_H_ +#define _MAIN_H_ -#ifdef __cplusplus -extern "C" { #endif - -int set_time(void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/PlatformIO/examples/wolfssl_test/lib/README b/IDE/PlatformIO/examples/wolfssl_test/lib/README new file mode 100644 index 0000000000..a10cadebe8 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/lib/README @@ -0,0 +1,46 @@ + +This directory is intended for project specific (private) libraries. +PlatformIO will compile them to static libraries and link into executable file. + +The source code of each library should be placed in an own separate directory +("lib/your_library_name/[here are source files]"). + +For example, see a structure of the following two libraries `Foo` and `Bar`: + +|--lib +| | +| |--Bar +| | |--docs +| | |--examples +| | |--src +| | |- Bar.c +| | |- Bar.h +| | |- library.json (optional, custom build options, etc) https://docs.platformio.org/page/librarymanager/config.html +| | +| |--Foo +| | |- Foo.c +| | |- Foo.h +| | +| |- README --> THIS FILE +| +|- platformio.ini +|--src + |- main.c + +and a contents of `src/main.c`: +``` +#include +#include + +int main (void) +{ + ... +} + +``` + +PlatformIO Library Dependency Finder will find automatically dependent +libraries scanning project source files. + +More information about PlatformIO Library Dependency Finder +- https://docs.platformio.org/page/librarymanager/ldf.html diff --git a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini new file mode 100644 index 0000000000..5382576311 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini @@ -0,0 +1,42 @@ +; PlatformIO Project Configuration File +; +; Build options: build flags, source filter +; Upload options: custom upload port, speed and extra flags +; Library options: dependencies, extra library storages +; Advanced options: extra scripting +; +; Please visit documentation for the other options and examples +; https://docs.platformio.org/page/projectconf.html + +; +; To ensure that you are always using the newest version of a library: +; lib_deps = wolfssl/wolfSSL@* +; +; If you want to stay within a certain range of versions while still +; getting updates, you can use semantic versioning to specify an acceptable +; range. For example, to get any version in the 5.x.x series: +; lib_deps = wolfssl/wolfSSL@^5.0.0 +; +; If you specifically want to ensure that you always get the latest version +; that matches 5.7.0 or newer, you could use: +; lib_deps = wolfssl/wolfSSL@>=5.7.0 +; +; If you want to test drive previews, see the staging versions: +; https://registry.platformio.org/search?q=owner%3Awolfssl-staging +; +; lib_deps = wolfssl-staging/wolfSSL@^5.7.0-test.rev03 +; +; The regular release of wolfssl (yes there's a case difference from staging') +; +; lib_deps = wolfssl/wolfssl@^5.7.0-rev.3c + +[env:esp32dev] +platform = espressif32 +board = esp32dev +framework = espidf +upload_port = COM19 +monitor_port = COM19 +monitor_speed = 115200 +build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32 +monitor_filters = direct +lib_deps = wolfssl/wolfssl@^5.7.2 diff --git a/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults b/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults new file mode 100644 index 0000000000..2a5ad756d7 --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults @@ -0,0 +1,98 @@ +# sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size. See user_settings.h +# +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y + +# +# Partition Table +# +# CONFIG_PARTITION_TABLE_SINGLE_APP is not set +CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y +# CONFIG_PARTITION_TABLE_TWO_OTA is not set +# CONFIG_PARTITION_TABLE_CUSTOM is not set +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv" +CONFIG_PARTITION_TABLE_OFFSET=0x8000 +CONFIG_PARTITION_TABLE_MD5=y +# end of Partition Table diff --git a/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt new file mode 100644 index 0000000000..ab3ad38f1b --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt @@ -0,0 +1,6 @@ +# This file was automatically generated for projects +# without default 'CMakeLists.txt' file. + +FILE(GLOB_RECURSE app_sources ${CMAKE_SOURCE_DIR}/src/*.*) + +idf_component_register(SRCS ${app_sources}) diff --git a/IDE/PlatformIO/examples/wolfssl_test/src/main.c b/IDE/PlatformIO/examples/wolfssl_test/src/main.c new file mode 100644 index 0000000000..41bdc7278f --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/src/main.c @@ -0,0 +1,48 @@ +/* PlatformIO wolfssl_test main.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "main.h" + +#include +#ifdef WOLFSSL_ESPIDF + #include + #include + #include +#endif + +#include +#include +#include + +#define TAG "wolfSSL demo" + +void app_main() { + int ret = 0; +#ifdef WOLFSSL_ESPIDF + ESP_LOGI(TAG, "Found WOLFSSL_ESPIDF!"); +#endif + printf("Hello World wolfSSL Version %s\n", LIBWOLFSSL_VERSION_STRING); + +#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_ESPIDF) + esp_ShowExtendedSystemInfo(); +#endif + ret = wolf_test_task(); + printf("\nwolf_test_task complete! result code: %d\n", ret); +} diff --git a/IDE/PlatformIO/examples/wolfssl_test/test/README b/IDE/PlatformIO/examples/wolfssl_test/test/README new file mode 100644 index 0000000000..b0416ad8be --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/test/README @@ -0,0 +1,11 @@ + +This directory is intended for PlatformIO Test Runner and project tests. + +Unit Testing is a software testing method by which individual units of +source code, sets of one or more MCU program modules together with associated +control data, usage procedures, and operating procedures, are tested to +determine whether they are fit for use. Unit testing finds problems early +in the development cycle. + +More information about PlatformIO Unit Testing: +- https://docs.platformio.org/en/latest/advanced/unit-testing/index.html diff --git a/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace b/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace new file mode 100644 index 0000000000..85bc4e058f --- /dev/null +++ b/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace @@ -0,0 +1,14 @@ +{ + "folders": [ + { + "name": "wolfssl_test", + "path": "." + } + ], + "settings": { + "files.associations": { + "settings.h": "c", + "sdkconfig.h": "c" + } + } +} diff --git a/IDE/PlatformIO/include.am b/IDE/PlatformIO/include.am new file mode 100644 index 0000000000..6a92d89919 --- /dev/null +++ b/IDE/PlatformIO/include.am @@ -0,0 +1,41 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root +# +# NOTE: append_wolfssl_git_version.sh is not included as the +# distribution file set will not contain GitHub info +# +# see: https://github.com/wolfSSL/wolfssl/pull/5955 +# +# Don't list any config.h files here + +EXTRA_DIST+= IDE/PlatformIO/README.md + +EXTRA_DIST+= IDE/PlatformIO/examples/README.md +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_platformio.code-workspace + +# wolfssl_benchmark example +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/include/README +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/lib/README +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/test/README + +# wolfssl_test example +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/platformio.ini +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/README.md +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/include/main.h +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/include/README +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/lib/README +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/src/main.c +EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/test/README diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c index 27e56e3438..9c9b6e4b0c 100644 --- a/IDE/QNX/example-client/client-tls.c +++ b/IDE/QNX/example-client/client-tls.c @@ -1,6 +1,6 @@ /* client-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c index f72277e9d9..64d5ccacd4 100644 --- a/IDE/QNX/example-cmac/cmac-test.c +++ b/IDE/QNX/example-cmac/cmac-test.c @@ -1,6 +1,6 @@ /* cmac-test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/QNX/example-server/server-tls.c b/IDE/QNX/example-server/server-tls.c index 6c2a9f1f4e..1257e3b331 100644 --- a/IDE/QNX/example-server/server-tls.c +++ b/IDE/QNX/example-server/server-tls.c @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/main.c b/IDE/RISCV/SIFIVE-HIFIVE1/main.c index ff0488956b..3431232af8 100644 --- a/IDE/RISCV/SIFIVE-HIFIVE1/main.c +++ b/IDE/RISCV/SIFIVE-HIFIVE1/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h index e0a4a9077c..75d5f54d22 100644 --- a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h +++ b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -397,6 +397,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c index 2e1d7707bc..085fa4109a 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c @@ -1,6 +1,6 @@ /* arm_startup.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c index e95059e9ef..94f55bfb52 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c index 5626126920..ffe76bf1b8 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c @@ -1,6 +1,6 @@ /* kinetis_hw.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c index bfd53ff703..752ec6e663 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c @@ -1,6 +1,6 @@ /* retarget.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c index 1f6339d908..062c0982b7 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/common/strings.h b/IDE/Renesas/cs+/Projects/common/strings.h index 030e4ffad0..a66c8bbbf8 100644 --- a/IDE/Renesas/cs+/Projects/common/strings.h +++ b/IDE/Renesas/cs+/Projects/common/strings.h @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/common/unistd.h b/IDE/Renesas/cs+/Projects/common/unistd.h index d288552e6c..12f9374948 100644 --- a/IDE/Renesas/cs+/Projects/common/unistd.h +++ b/IDE/Renesas/cs+/Projects/common/unistd.h @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h index 5e0d375360..b03faa7681 100644 --- a/IDE/Renesas/cs+/Projects/common/user_settings.h +++ b/IDE/Renesas/cs+/Projects/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c index 8feffe8f31..3c425b357b 100644 --- a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c +++ b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c index e0d903644c..e25b038c9e 100644 --- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c +++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,12 +104,12 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init() } #if !defined(NO_FILESYSTEM) - if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { + if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != WOLFSSL_SUCCESS) { printf("ERROR: can't load \"%s\"\n", cert); return NULL; } #else - if (wolfSSL_CTX_load_verify_buffer(ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){ + if (wolfSSL_CTX_load_verify_buffer(ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){ printf("ERROR: can't load certificate data\n"); return NULL; } @@ -138,14 +138,14 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args) T_IPV4EP dst_addr; if(args->argc >= 2){ - if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){ - printf("ERROR: IP address\n"); - return; - } - if((dst_addr.portno = getPort(args->argv[2])) == 0){ - printf("ERROR: IP address\n"); - return; - } + if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){ + printf("ERROR: IP address\n"); + return; + } + if((dst_addr.portno = getPort(args->argv[2])) == 0){ + printf("ERROR: Port number\n"); + return; + } } if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) { @@ -162,7 +162,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args) wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid); - if(wolfSSL_connect(ssl) != SSL_SUCCESS) { + if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) { printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); return; } diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c index 3cffc7191c..cd7f74b855 100644 --- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c +++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c index a86ff18c81..858347170f 100644 --- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c +++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/cs+/Projects/test/test_main.c b/IDE/Renesas/cs+/Projects/test/test_main.c index a1e00ef0af..dcb490acde 100644 --- a/IDE/Renesas/cs+/Projects/test/test_main.c +++ b/IDE/Renesas/cs+/Projects/test/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c index 705b53fc46..353f906dc0 100644 --- a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c +++ b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c index ea15ee4f12..c52f8aaf3c 100644 --- a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c +++ b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c index a056213313..9edf7ff84e 100644 --- a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c +++ b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/common/strings.h b/IDE/Renesas/e2studio/Projects/common/strings.h index 030e4ffad0..a66c8bbbf8 100644 --- a/IDE/Renesas/e2studio/Projects/common/strings.h +++ b/IDE/Renesas/e2studio/Projects/common/strings.h @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/common/unistd.h b/IDE/Renesas/e2studio/Projects/common/unistd.h index d288552e6c..12f9374948 100644 --- a/IDE/Renesas/e2studio/Projects/common/unistd.h +++ b/IDE/Renesas/e2studio/Projects/common/unistd.h @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/common/user_settings.h b/IDE/Renesas/e2studio/Projects/common/user_settings.h index a9cc84ac76..15ebd73b36 100644 --- a/IDE/Renesas/e2studio/Projects/common/user_settings.h +++ b/IDE/Renesas/e2studio/Projects/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c index b6b21e85bb..bf2006d491 100644 --- a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.c b/IDE/Renesas/e2studio/Projects/test/src/key_data.c index 8d06ccc1dd..d3e7a04164 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/key_data.c +++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.c @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.h b/IDE/Renesas/e2studio/Projects/test/src/key_data.h index 5c58e35298..c9be7039d7 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/key_data.h +++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.h @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/test/src/test_main.c b/IDE/Renesas/e2studio/Projects/test/src/test_main.c index 5264faef29..3e59160275 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/test_main.c +++ b/IDE/Renesas/e2studio/Projects/test/src/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c index 37bcfbb84c..7ebbe29234 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -117,12 +117,12 @@ void wolfSSL_TLS_client_init(const char* cipherlist) } #if !defined(NO_FILESYSTEM) - if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) { + if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != WOLFSSL_SUCCESS) { printf("ERROR: can't load \"%s\"\n", cert); return NULL; } #else - if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){ + if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){ printf("ERROR: can't load certificate data\n"); return; } @@ -157,7 +157,7 @@ void wolfSSL_TLS_client( ) return; } if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){ - printf("ERROR: IP address\n"); + printf("ERROR: Port number\n"); return; } @@ -175,7 +175,7 @@ void wolfSSL_TLS_client( ) wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid); - if(wolfSSL_connect(ssl) != SSL_SUCCESS) { + if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) { printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); return; } diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c index 6454017771..206e91d778 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c +++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h index 385a5d7bd4..2168ad0a05 100644 --- a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c index 0a850be473..cf7f270612 100644 --- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c +++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c index d2c1c815c0..5ba72ce492 100644 --- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c +++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,7 +52,6 @@ void wolfssl_thread_entry(void *pvParameters) { /* FreeRTOS+TCP Objects */ BaseType_t fr_status; - socklen_t xSize = sizeof(struct freertos_sockaddr); xSocket_t xClientSocket = NULL; struct freertos_sockaddr xRemoteAddress; @@ -93,7 +92,7 @@ void wolfssl_thread_entry(void *pvParameters) { FREERTOS_SOCK_STREAM, FREERTOS_IPPROTO_TCP); configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET); - FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xSize)); + FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xRemoteAddress)); /* Client Socket Connect */ ret = FreeRTOS_connect(xClientSocket, diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h index 701e4bd4bb..d1f7e0f8cc 100644 --- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h +++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c index c45d550417..faf154dc13 100644 --- a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c +++ b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c @@ -1,6 +1,6 @@ /* freertos_tcp_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h index 78f7cf86a8..f0d66117f2 100644 --- a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/common/util.h b/IDE/Renesas/e2studio/RA6M3/common/util.h index 036d4627d0..57eaf767b7 100644 --- a/IDE/Renesas/e2studio/RA6M3/common/util.h +++ b/IDE/Renesas/e2studio/RA6M3/common/util.h @@ -1,6 +1,6 @@ /* util.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c index 30006f63b7..47808cb423 100644 --- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c +++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,7 +151,7 @@ void wolfssl_thread_entry(void *pvParameters) { /* Read the client data into our buff array */ if (ret != WOLFSSL_SUCCESS) { - printf("Error [%d]: wolfSSL_set_fd.\n",ret); + printf("Error [%d]: wolfSSL_accept.\n",ret); break; } memset(buff, 0, sizeof(buff)); diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h index 0907433e6d..7720180f1b 100644 --- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h +++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c index e7e4cb6ffe..454f5744a5 100644 --- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c +++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h index 485415317c..6f40f37f22 100644 --- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h index dd56fc1e7f..cbe535b2ab 100644 --- a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c index 41fb29c07a..aec582f1ac 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c +++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c index 4ff71d1548..eb025be711 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c @@ -1,6 +1,6 @@ /* myprintf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c index e6dca444c7..5b34a46752 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,17 +151,11 @@ void Clr_CallbackCtx(FSPSM_ST *g) (void) g; #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) - if (g->wrapped_key_rsapri2048 != NULL) - XFREE(g->wrapped_key_rsapri2048, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->wrapped_key_rsapri2048, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (g->wrapped_key_rsapub2048 != NULL) - XFREE(g->wrapped_key_rsapub2048, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->wrapped_key_rsapub2048, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (g->wrapped_key_rsapri1024 != NULL) - XFREE(g->wrapped_key_rsapri1024, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->wrapped_key_rsapri1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (g->wrapped_key_rsapub2048 != NULL) XFREE(g->wrapped_key_rsapub1024, diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c index 5a920a250e..10f3a31cb6 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c index f3cef8ffc7..591ca3ddce 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c @@ -1,6 +1,6 @@ /* wolfssl_sce_unit_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -691,18 +691,10 @@ static int sce_rsa_test(int prnt, int keySize) wc_FreeRsaKey(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (in != NULL) { - XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (in2 != NULL) { - XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out2 != NULL) { - XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -778,15 +770,9 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize) wc_FreeRsaKey(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (in != NULL) { - XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (in2 != NULL) { - XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h index 030e4ffad0..a66c8bbbf8 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h index d288552e6c..12f9374948 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h index fa80de8404..043c031933 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c index 251d6481b6..db2911cf3a 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c index dcc59aac32..951e76e921 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h index 2d6bead068..80df72cb31 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c index 733da69714..8c79e8d409 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c index 76cfb41a57..4506a6d4bc 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -114,7 +114,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist) char *cert = "./certs/ca-cert.pem"; #endif #else - #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) + #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) const unsigned char *cert = ca_ecc_cert_der_256; #define SIZEOF_CERT sizeof_ca_ecc_cert_der_256 #else @@ -137,7 +137,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist) if ((client_ctx = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heapHint), heapHint)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); - return; + return; } if ((wolfSSL_CTX_load_static_memory(&client_ctx, NULL, heapBufIO, @@ -149,7 +149,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist) #else /* Create and initialize WOLFSSL_CTX */ - if ((client_ctx = + if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); return; @@ -168,8 +168,8 @@ void wolfSSL_TLS_client_init(const char* cipherlist) /* Root CA certificate */ /*---------------------------------------------*/ - if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, - SSL_FILETYPE_ASN1) != SSL_SUCCESS){ + if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, + SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){ printf("ERROR: can't load certificate data\n"); return; } @@ -186,15 +186,15 @@ void wolfSSL_TLS_client_init(const char* cipherlist) /*---------------------------------------------*/ /* use specific cipher */ - if (cipherlist != NULL && + if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(client_ctx); client_ctx = NULL; printf("client can't set cipher list"); return; } - + #if defined(WOLFSSL_TLS13) - if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1) + if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(client_ctx); client_ctx = NULL; printf("client can't set use supported curves\n"); @@ -213,11 +213,11 @@ void wolfSSL_TLS_client( ) #define BUFF_SIZE 256 static const char sendBuff[]= "Hello Server\n" ; - + char rcvBuff[BUFF_SIZE] = {0}; - + static T_IPV4EP my_addr = { 0, 0 }; - + T_IPV4EP dst_addr; if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){ @@ -225,7 +225,7 @@ void wolfSSL_TLS_client( ) goto out; } if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){ - printf("ERROR: IP address\n"); + printf("ERROR: Port number\n"); goto out; } @@ -256,22 +256,22 @@ void wolfSSL_TLS_client( ) /*---------------------------------------------*/ #ifdef USE_ECC_CERT - /* ECDSA client certificate */ + /* ECDSA client certificate */ if (wolfSSL_use_certificate_buffer(ssl, cliecc_cert_der_256, - sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) { + sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR wolfSSL_use_certificate_buffer: %d\n", wolfSSL_get_error(ssl, 0)); - goto out; + goto out; } #else /* RSA client certificate */ if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, - sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) { + sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR wolfSSL_use_certificate_buffer: %d\n", wolfSSL_get_error(ssl, 0)); - goto out; + goto out; } #endif /* USE_ECC_CERT */ @@ -292,17 +292,17 @@ void wolfSSL_TLS_client( ) printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); goto out; } - + #else /* DER format ECC private key */ if (wolfSSL_use_PrivateKey_buffer(ssl, ecc_clikey_der_256, - sizeof_ecc_clikey_der_256, - WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) { + sizeof_ecc_clikey_der_256, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", wolfSSL_get_error(ssl, 0)); - goto out; + goto out; } #endif @@ -334,10 +334,10 @@ void wolfSSL_TLS_client( ) #else if (wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048, - sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) { + sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", wolfSSL_get_error(ssl, 0)); - goto out; + goto out; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -356,7 +356,7 @@ void wolfSSL_TLS_client( ) /* TLS handshake */ /*---------------------------------------------*/ - if(wolfSSL_connect(ssl) != SSL_SUCCESS) { + if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) { printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); goto out; } diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c index 52ad49bba5..2e7e357955 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h index 5f0a537d30..9558d8f12b 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c index 29d0adcbd5..4d176ccaa7 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h index 2d6bead068..80df72cb31 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h index f856d4e5e6..174826f0ee 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c index 5614f3f1f2..010c38137a 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c @@ -1,6 +1,6 @@ /* wolfssl_demo.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h index 6eb3b9641a..cb916e6536 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c index 2c48ed510c..3e4c1e56ea 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,8 +21,8 @@ #include -#define YEAR 2023 -#define MON 5 +#define YEAR 2024 +#define MON 7 static int tick = 0; diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c index eaeb627405..b45157faa0 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c @@ -1,6 +1,6 @@ /* simple_tcp_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c index 0bc5caa178..62c426ca08 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c @@ -1,6 +1,6 @@ /* simpel_tls_tsip_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #endif -#define SIMPLE_TLSSEVER_IP "192.168.11.9" +#define SIMPLE_TLSSEVER_IP "192.168.11.5" #define SIMPLE_TLSSERVER_PORT "11111" ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk); @@ -198,7 +198,7 @@ void wolfSSL_TLS_client( ) { ID cepid = 1; ER ercd; - int ret; + int ret = 0; WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx; WOLFSSL *ssl = NULL; @@ -216,7 +216,7 @@ void wolfSSL_TLS_client( ) goto out; } if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){ - printf("ERROR: IP address\n"); + printf("ERROR: Port number\n"); goto out; } @@ -231,44 +231,95 @@ void wolfSSL_TLS_client( ) } #ifdef SIMPLE_TLS_TSIP_CLIENT - tsip_set_callback_ctx(ssl, &userContext); + ret = tsip_set_callback_ctx(ssl, &userContext); #endif /* set client private key data */ -#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT) - #if defined(USE_ECC_CERT) - if (tsip_use_PrivateKey_buffer_TLS(ssl, - (const char*)g_key_block_data.encrypted_user_ecc256_private_key, +#ifdef USE_ECC_CERT + + #ifdef WOLFSSL_RENESAS_TSIP_TLS + + /* TSIP specific ECC private key */ + if (ret == 0){ + ret = tsip_use_PrivateKey_buffer_TLS(ssl, + (const char*)g_key_block_data.encrypted_user_ecc256_private_key, sizeof(g_key_block_data.encrypted_user_ecc256_private_key), - TSIP_ECCP256) != 0) { - printf("ERROR: can't load client-private key\n"); - return; + TSIP_ECCP256); + if (ret != 0) { + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); + } + } + # if defined(WOLFSSL_CHECK_SIG_FAULTS) + if (ret == 0){ + ret = tsip_use_PublicKey_buffer_TLS(ssl, + (const char*)g_key_block_data.encrypted_user_ecc256_public_key, + sizeof(g_key_block_data.encrypted_user_ecc256_public_key), + TSIP_ECCP256); + if (ret != 0) { + printf("ERROR tsip_use_PublicKey_buffer_TLS\n"); } + } + #endif /* WOLFSSL_CHECK_SIG_FAULTS */ + #else - if (tsip_use_PrivateKey_buffer_TLS(ssl, + + /* DER format ECC private key */ + if (ret == 0) { + ret = wolfSSL_use_PrivateKey_buffer(ssl, + ecc_clikey_der_256, + sizeof_ecc_clikey_der_256, + WOLFSSL_FILETYPE_ASN1); + if (ret != SSL_SUCCESS) { + printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", + wolfSSL_get_error(ssl, 0)); + ret = -1; + } + } + + #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#else + + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + + /* Note: TSIP asks RSA client key pair for client authentication. */ + + /* TSIP specific RSA private key */ + if (ret == 0) { + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_private_key, sizeof(g_key_block_data.encrypted_user_rsa2048_private_key), - TSIP_RSA2048) != 0) { - printf("ERROR: can't load client-private key\n"); - return; + TSIP_RSA2048); + if (ret != 0) { + printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret); } + } + if (ret == 0) { ret = tsip_use_PublicKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_public_key, - sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048); + sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), + TSIP_RSA2048); if (ret != 0) { - printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret); - return; + printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret); } - #endif -#else - if (wolfSSL_use_PrivateKey_buffer(ssl, - ecc_clikey_der_256, - sizeof_ecc_clikey_der_256, - SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { - printf("ERROR: can't load private-key data.\n"); - return; } -#endif /* WOLFSSL_TLS13 */ + + #else + + if (ret == 0) { + err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048, + sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1); + + if (err != SSL_SUCCESS) { + printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", + wolfSSL_get_error(ssl, 0)); + ret = -1; + } + } + + #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#endif /* USE_ECC_CERT */ /* set callback context */ wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c index dfa4858916..1a096d37f6 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c @@ -1,6 +1,6 @@ /* simple_tcp_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c index d5138b0ea6..55892f491e 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c @@ -1,6 +1,6 @@ /* simple_tls_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c index 42d62359ff..2fb3d2489c 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h index c62cd4a38d..d8e035d8df 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h @@ -1,6 +1,6 @@ /* wolfssl_simple_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c index fe3aaaaf01..8ee29ee301 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,43 +31,43 @@ const st_key_block_data_t g_key_block_data = { /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ { - 0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF, - 0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3, - 0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83 + 0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24, + 0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF, + 0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD }, /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ { - 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, - 0x34, 0xB2, 0x4D, 0x92 + 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, + 0x45, 0x67, 0x89, 0x01 }, - /* uint8_t + /* uint8_t * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ { - 0xC8, 0x12, 0x94, 0x44, 0x43, 0x35, 0x82, 0x09, 0xF2, 0x54, 0x69, 0xB6, - 0x9B, 0x8E, 0x6F, 0x92, 0xE3, 0x3A, 0xB2, 0x55, 0x63, 0x8D, 0xDB, 0x47, - 0x75, 0x8D, 0x9D, 0x56, 0xD7, 0x7F, 0x42, 0x3A, 0x04, 0x4C, 0xAA, 0xF1, - 0x94, 0x9C, 0x8C, 0x97, 0xAF, 0x5C, 0xBA, 0x0E, 0xBD, 0x8A, 0xE3, 0x67, - 0x3E, 0xF8, 0x4C, 0x8E, 0xB7, 0x71, 0xB0, 0xCE, 0x09, 0x3C, 0xEC, 0x9C, - 0xCC, 0x81, 0x9D, 0x37, 0x9E, 0x34, 0x39, 0x6D, 0xF0, 0x7D, 0x1A, 0x4A, - 0xEB, 0xF5, 0x99, 0x91, 0xE1, 0xB0, 0x99, 0x72, 0xB3, 0xF3, 0x2B, 0xE1, - 0x6F, 0x5B, 0xD4, 0xA3, 0xB9, 0x9C, 0xEB, 0x95, 0xC3, 0xB2, 0x8F, 0x5C, - 0x58, 0xD5, 0x0A, 0xAA, 0x02, 0x01, 0xBF, 0xE1, 0xE9, 0x23, 0xFB, 0x03, - 0xCF, 0x54, 0x6D, 0x29, 0xE7, 0x5E, 0x96, 0x51, 0x68, 0x6B, 0xDD, 0x06, - 0x67, 0x5E, 0x84, 0x50, 0x21, 0x50, 0x78, 0x89, 0x80, 0xF8, 0x61, 0x9C, - 0xBE, 0xDA, 0x75, 0x55, 0x1A, 0xE6, 0x3C, 0xA5, 0x1C, 0xE4, 0x5A, 0x5C, - 0x68, 0x7C, 0x48, 0xC7, 0x6A, 0xC9, 0x80, 0x54, 0x31, 0xE7, 0x65, 0x8A, - 0x13, 0xF3, 0x6D, 0x0F, 0xB3, 0x62, 0x8D, 0x1B, 0xEA, 0x71, 0x12, 0x86, - 0x50, 0x98, 0xA3, 0x8E, 0x64, 0x1D, 0x3E, 0xA4, 0x5A, 0x99, 0xB3, 0xBD, - 0x3E, 0x3D, 0xF5, 0x0F, 0x41, 0x09, 0xFB, 0x04, 0x7B, 0x8D, 0xA1, 0xCF, - 0xBA, 0x71, 0x85, 0x86, 0x3C, 0x04, 0xDD, 0x74, 0x8D, 0xE3, 0x3C, 0x8E, - 0x52, 0x3C, 0x05, 0x7A, 0xBE, 0xCC, 0xEA, 0x9D, 0x57, 0x2C, 0x40, 0x05, - 0xEE, 0x49, 0x1D, 0xD2, 0xA3, 0x5A, 0xFA, 0x25, 0x1D, 0x1F, 0xDD, 0xB5, - 0x36, 0x7D, 0x25, 0xD3, 0x34, 0x39, 0xC2, 0x59, 0x57, 0xAD, 0x3C, 0x9D, - 0xC9, 0xBF, 0x09, 0x8D, 0xA0, 0x40, 0x5A, 0x14, 0x7B, 0xCF, 0xFE, 0x05, - 0x3E, 0xF3, 0xD1, 0x7D, 0xBB, 0x33, 0x96, 0x40, 0x79, 0xC2, 0x7B, 0x15, - 0x2E, 0xEE, 0xE3, 0x5B, 0x9C, 0x06, 0x72, 0x95, 0xFF, 0xCB, 0xC9, 0xE4, - 0x96, 0x97, 0x18, 0x0D, 0xE7, 0x78, 0xCD, 0xE9, 0xA7, 0xEA, 0xE9, 0xDF + 0x8F, 0xCE, 0xBA, 0x0C, 0xF6, 0x6F, 0x65, 0x7F, 0xF7, 0xB7, 0x31, 0x11, + 0x20, 0x17, 0x7D, 0x8F, 0x5B, 0xA4, 0x43, 0x4F, 0x0A, 0x7C, 0x64, 0x24, + 0x57, 0x03, 0xEB, 0xBB, 0xDD, 0xF4, 0x60, 0x1E, 0x30, 0x97, 0xB1, 0xC7, + 0xFA, 0xEF, 0x5D, 0x16, 0x93, 0x16, 0xD6, 0x24, 0xA8, 0xC3, 0xCA, 0x7C, + 0xF4, 0x00, 0x77, 0x0E, 0x62, 0xB1, 0x7E, 0x8E, 0x57, 0x19, 0x91, 0xEC, + 0x47, 0xE1, 0x81, 0x6F, 0x79, 0x43, 0x51, 0xB9, 0x0A, 0x3F, 0x6B, 0x38, + 0x9A, 0xB6, 0x2F, 0x97, 0x59, 0xA2, 0x7C, 0x6B, 0xBD, 0x8A, 0xCC, 0x52, + 0x37, 0x2A, 0x22, 0xC9, 0x60, 0xB8, 0x99, 0x17, 0x2D, 0x94, 0x8B, 0x02, + 0x51, 0xAB, 0xD2, 0x09, 0xEE, 0x08, 0x92, 0x19, 0x68, 0x0F, 0xBB, 0xEE, + 0x0F, 0xFF, 0xAF, 0x7F, 0x08, 0x55, 0x81, 0xE6, 0x12, 0x34, 0x12, 0xBD, + 0x2C, 0x8E, 0x8E, 0x9D, 0xC3, 0x34, 0x47, 0xF0, 0xF6, 0x01, 0x24, 0x05, + 0x3D, 0x2E, 0x2E, 0x3E, 0x9C, 0x19, 0x8C, 0x99, 0x19, 0x06, 0x93, 0xD0, + 0x14, 0x78, 0x89, 0x37, 0x2B, 0xA2, 0xD0, 0xBE, 0x67, 0x7C, 0xC6, 0xB3, + 0x61, 0x85, 0xF9, 0x4E, 0xC7, 0x33, 0x00, 0x45, 0x34, 0x1B, 0x3F, 0xD9, + 0xF1, 0xA4, 0x4B, 0x82, 0x34, 0x69, 0xF0, 0xE5, 0x4D, 0xCF, 0xC7, 0xAD, + 0xD9, 0xF7, 0x86, 0x84, 0x1A, 0x5B, 0x7D, 0xBA, 0x7B, 0xC1, 0xF8, 0xB0, + 0xE4, 0xAB, 0xA3, 0x05, 0xE0, 0xF0, 0x14, 0xDE, 0x8D, 0x7A, 0x98, 0xCA, + 0x02, 0xDE, 0x02, 0xB6, 0xCC, 0xE4, 0xF9, 0x84, 0x1A, 0x1D, 0x5E, 0x00, + 0x64, 0x80, 0x4F, 0x65, 0xDE, 0x48, 0x5D, 0x5C, 0x5C, 0x4B, 0x00, 0xD3, + 0x03, 0xF0, 0x77, 0xB2, 0x8F, 0x2A, 0xFE, 0x38, 0x73, 0x2D, 0xFE, 0xDC, + 0x18, 0xE0, 0x9A, 0xAC, 0x1D, 0x09, 0x41, 0x38, 0x99, 0x4C, 0xA6, 0x0E, + 0x0F, 0xB4, 0xC0, 0x59, 0x38, 0x31, 0xC7, 0x69, 0x8A, 0x6A, 0x94, 0x8E, + 0xEE, 0x38, 0x63, 0x2C, 0x4C, 0x0C, 0x65, 0x3F, 0xC6, 0xA2, 0x91, 0x48, + 0x0A, 0xE2, 0x09, 0x50, 0x8F, 0x9E, 0x91, 0xF8, 0xAC, 0x3B, 0xDA, 0xBA }, /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */ { @@ -77,100 +77,100 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16] */ { - 0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE, - 0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA, - 0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6, - 0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE, - 0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F, - 0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE, - 0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC, - 0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3, - 0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7, - 0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15, - 0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF, - 0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D, - 0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E, - 0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3, - 0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5, - 0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72, - 0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D, - 0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9, - 0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26, - 0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3, - 0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D, - 0x25, 0x5B, 0x52, 0xF3, 0xBC, 0xCE, 0x10, 0x77, 0x76, 0xE4, 0x5C, 0xCF, - 0xC3, 0xA4, 0xCC, 0x11, 0xD3, 0x1E, 0x02, 0x98, 0x33, 0xA5, 0xF7, 0xD9, - 0x43, 0xAB, 0x45, 0x9A, 0x97, 0x0D, 0x08, 0x03, 0xBD, 0xB2, 0xAB, 0x50 - }, - /* uint8_t + 0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44, + 0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51, + 0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0, + 0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9, + 0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9, + 0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11, + 0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58, + 0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB, + 0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66, + 0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4, + 0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1, + 0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D, + 0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B, + 0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0, + 0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3, + 0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84, + 0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F, + 0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E, + 0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A, + 0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7, + 0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD, + 0x71, 0xB1, 0x1B, 0x1E, 0xFB, 0xDE, 0x19, 0xB8, 0x11, 0x61, 0x09, 0xA2, + 0x89, 0x66, 0xE3, 0xA6, 0x3D, 0x7F, 0xFE, 0xFF, 0xE8, 0x1B, 0xD3, 0x2D, + 0xEA, 0xA5, 0x86, 0xCF, 0x96, 0xDE, 0xDE, 0xC1, 0x17, 0x96, 0x77, 0x41 + }, + /* uint8_t * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16] */ { - 0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE, - 0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA, - 0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6, - 0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE, - 0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F, - 0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE, - 0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC, - 0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3, - 0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7, - 0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15, - 0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF, - 0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D, - 0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E, - 0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3, - 0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5, - 0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72, - 0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D, - 0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9, - 0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26, - 0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3, - 0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D, - 0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61, - 0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78, - 0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3, - 0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52, - 0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32, - 0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B, - 0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98, - 0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B, - 0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88, - 0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64, - 0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3, - 0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48, - 0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE, - 0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42, - 0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95, - 0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75, - 0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F, - 0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB, - 0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C, - 0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5, - 0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4, - 0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D, - 0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83 + 0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44, + 0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51, + 0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0, + 0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9, + 0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9, + 0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11, + 0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58, + 0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB, + 0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66, + 0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4, + 0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1, + 0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D, + 0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B, + 0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0, + 0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3, + 0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84, + 0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F, + 0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E, + 0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A, + 0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7, + 0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD, + 0x71, 0xB1, 0x1B, 0x1E, 0x45, 0xE8, 0xE9, 0xF1, 0x1F, 0x8D, 0x7B, 0x7B, + 0xD5, 0xDE, 0xE0, 0x8B, 0x67, 0x64, 0x4D, 0x9F, 0x6E, 0xC5, 0xB3, 0x03, + 0xC6, 0x35, 0x93, 0xE9, 0xE1, 0xA5, 0xC4, 0x6B, 0xD9, 0x29, 0xA6, 0x86, + 0xBB, 0x4B, 0xD9, 0xA4, 0x82, 0x68, 0xAF, 0x1E, 0x57, 0x30, 0x8C, 0xC6, + 0x94, 0xCA, 0xE5, 0xAB, 0x9E, 0x11, 0x51, 0x22, 0xEC, 0x28, 0x63, 0xBD, + 0xAA, 0xE8, 0xE5, 0x27, 0x7B, 0x68, 0x6C, 0x94, 0x42, 0xBA, 0x05, 0xEA, + 0x68, 0x5F, 0x18, 0xE9, 0x64, 0x23, 0x07, 0x11, 0xE4, 0x7B, 0x37, 0x77, + 0xFC, 0x35, 0xBC, 0xFC, 0x06, 0x2E, 0x7F, 0x15, 0xB8, 0xE1, 0x07, 0x42, + 0x04, 0xD2, 0x4A, 0xD5, 0x43, 0xE1, 0x49, 0x7C, 0x43, 0x49, 0x80, 0x3A, + 0x86, 0xE0, 0x10, 0x98, 0x77, 0xF2, 0x55, 0xC9, 0x21, 0x24, 0x6D, 0x01, + 0x36, 0xC5, 0x1F, 0xB8, 0x2D, 0x5B, 0x62, 0x99, 0x15, 0x74, 0x19, 0x44, + 0x82, 0xC1, 0x09, 0x16, 0x1B, 0xF1, 0x7E, 0xFD, 0xC5, 0xFD, 0x6C, 0x20, + 0xC3, 0x35, 0x8D, 0x46, 0xE3, 0x98, 0xCF, 0xE7, 0x6F, 0xC7, 0xD7, 0x71, + 0xCC, 0x95, 0x23, 0x60, 0xE7, 0x9E, 0x19, 0xD1, 0xA1, 0x0F, 0xDD, 0xFF, + 0x6B, 0x79, 0x12, 0x06, 0xB6, 0x12, 0x28, 0x42, 0x20, 0x16, 0x1C, 0xA4, + 0x0B, 0x94, 0x7D, 0xF5, 0xE3, 0x73, 0x62, 0x7B, 0x3B, 0x6B, 0xB7, 0xEC, + 0xCF, 0xAF, 0xF9, 0x8E, 0x09, 0x84, 0x50, 0x25, 0xF6, 0x2C, 0x1F, 0x7E, + 0x58, 0xE2, 0x5F, 0x06, 0x6D, 0xBB, 0x49, 0x9F, 0x29, 0x0A, 0x77, 0x95, + 0xF2, 0x02, 0xA6, 0x10, 0xC6, 0x3C, 0x12, 0xC5, 0xD3, 0xA2, 0x73, 0x0A, + 0x88, 0x86, 0x1D, 0xD7, 0x12, 0xF7, 0x49, 0x25, 0xFC, 0x81, 0x9F, 0xF6, + 0x2D, 0xF8, 0xB4, 0xE9, 0xE7, 0xC5, 0x3D, 0x40, 0x73, 0x6C, 0xFD, 0xE7, + 0xDA, 0x42, 0x34, 0xDB, 0x88, 0x72, 0x9E, 0xAE, 0x22, 0x68, 0x5B, 0xB1, + 0x68, 0xF7, 0xF7, 0x2A, 0xD6, 0x6A, 0x02, 0x07, 0x5F, 0x8F, 0xD7, 0xE9 }, /* uint8_t * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16]; */ { - 0xAD, 0x59, 0x2A, 0x12, 0xAA, 0xA8, 0x34, 0x30, 0xD4, 0xC9, 0xA1, 0x5A, - 0xD2, 0xD8, 0xF8, 0x99, 0xA0, 0x26, 0x87, 0x27, 0x90, 0x39, 0x00, 0xEA, - 0x64, 0x8F, 0x70, 0xF8, 0x1A, 0xA7, 0x44, 0xC8, 0xE6, 0x66, 0xCB, 0xF6, - 0x8B, 0x00, 0xC7, 0x86, 0x2B, 0x14, 0x98, 0xDB, 0x03, 0xE8, 0xD5, 0x02, - 0xB8, 0x02, 0x6D, 0x73, 0x66, 0x19, 0x94, 0x83, 0xC4, 0xB9, 0x57, 0x3D, - 0xFE, 0xA7, 0x19, 0xAC, 0xBC, 0xE3, 0x75, 0x40, 0xC2, 0x48, 0x5E, 0xEF, - 0x1E, 0x9E, 0xCC, 0xE2, 0xAC, 0xE6, 0xC8, 0x08 + 0xF2, 0x01, 0x30, 0xFE, 0x9F, 0xC6, 0x8F, 0x18, 0x81, 0xD9, 0xFF, 0xB9, + 0x8F, 0xF3, 0x93, 0x7E, 0xBA, 0x5C, 0x12, 0xA1, 0x7F, 0x39, 0x85, 0x3E, + 0xB0, 0xE7, 0x3E, 0xC7, 0xEF, 0x48, 0xA7, 0x75, 0x7B, 0x24, 0x16, 0x63, + 0x7B, 0x8D, 0x13, 0x5B, 0xCA, 0xC9, 0xF7, 0xB1, 0xC7, 0x46, 0xCE, 0xBB, + 0xB9, 0xEE, 0x89, 0xAE, 0x90, 0xDF, 0x74, 0xF1, 0x2B, 0x61, 0x41, 0x2B, + 0xF9, 0x5D, 0x41, 0x14, 0x92, 0x9E, 0xBC, 0x9D, 0xFE, 0x0D, 0x9A, 0x72, + 0x5A, 0x52, 0x3F, 0xE1, 0xFA, 0xED, 0x40, 0x47 }, /* uint8_t * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16]; */ { - 0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4, - 0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6, - 0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62, - 0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21 + 0x49, 0x3E, 0xC8, 0x9B, 0xB0, 0x04, 0xAE, 0x16, 0x98, 0xB2, 0x57, 0x70, + 0x8D, 0x40, 0x6B, 0xAC, 0x59, 0xDD, 0x09, 0xB8, 0xCC, 0x10, 0xDE, 0xBE, + 0x4F, 0xD4, 0x9E, 0x6B, 0xB4, 0x03, 0x85, 0x95, 0x73, 0xA7, 0x48, 0x6D, + 0x08, 0xD8, 0x71, 0xD7, 0xDA, 0x50, 0x2F, 0x18, 0x48, 0x3D, 0xBF, 0x02 }, }; @@ -186,87 +186,95 @@ const uint32_t encrypted_user_key_type = const unsigned char ca_ecc_cert_der_sig[] = { - 0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa, - 0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c, - 0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6, - 0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a, - 0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd, - 0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba, - 0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44, - 0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc, - 0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61, - 0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35, - 0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a, - 0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6, - 0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e, - 0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b, - 0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18, - 0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5, - 0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f, - 0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c, - 0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b, - 0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8, - 0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99, - 0xc0, 0x73, 0x11, 0x1e + 0x85, 0x76, 0x96, 0x7D, 0xB5, 0x14, 0xD9, 0x4F, 0x3E, 0xCF, + 0xF3, 0xD3, 0xAB, 0x76, 0x77, 0xBA, 0xDB, 0xB8, 0x87, 0xD2, + 0x2E, 0xB5, 0x87, 0x69, 0x79, 0x8C, 0x34, 0x1A, 0x06, 0xB9, + 0xD5, 0x0D, 0xA8, 0x4B, 0x05, 0x6A, 0xF4, 0x26, 0x86, 0xB6, + 0x91, 0x0F, 0x27, 0x6F, 0xA7, 0xF1, 0x3C, 0xEC, 0x3D, 0x34, + 0xE7, 0x82, 0xEB, 0x10, 0xE6, 0xFA, 0x04, 0x11, 0x78, 0xCD, + 0xEB, 0xA0, 0xB4, 0x6C, 0xBC, 0x7C, 0x8C, 0x83, 0xD3, 0x68, + 0xC2, 0x72, 0x17, 0xE0, 0x41, 0xA3, 0xE3, 0x5A, 0xB6, 0x2D, + 0x52, 0xA4, 0x4A, 0x4E, 0x9B, 0x3E, 0x98, 0xD7, 0xBB, 0x17, + 0xF5, 0x19, 0xAB, 0x30, 0xBF, 0xE2, 0x8B, 0xD7, 0x47, 0x7B, + 0x99, 0x7B, 0x97, 0x46, 0x53, 0x34, 0xCA, 0x74, 0x00, 0x39, + 0x04, 0x6F, 0x0B, 0xC0, 0x42, 0x73, 0x65, 0xCA, 0x3F, 0xE2, + 0x58, 0x1E, 0x26, 0xE5, 0xA2, 0x86, 0x63, 0xF3, 0x41, 0x89, + 0x0E, 0x6B, 0x74, 0xF4, 0x73, 0x4D, 0x8E, 0x04, 0x1E, 0x64, + 0x7E, 0x9C, 0x37, 0x3A, 0xF2, 0x4E, 0x5B, 0xF2, 0x67, 0x9A, + 0x48, 0xFB, 0x70, 0xDD, 0x70, 0x8C, 0xC0, 0x8F, 0xE9, 0x77, + 0x7B, 0xC0, 0x1F, 0xB7, 0xE2, 0xB8, 0xC2, 0x67, 0xF0, 0x1D, + 0x13, 0xFB, 0x8D, 0xEB, 0x69, 0xE8, 0xC0, 0x31, 0xAC, 0xB9, + 0x0C, 0x2D, 0x89, 0x77, 0x81, 0xC5, 0x87, 0xDD, 0x28, 0x7C, + 0x03, 0x34, 0xFA, 0xD8, 0xE5, 0x20, 0x4A, 0x88, 0x42, 0x6B, + 0x16, 0x55, 0x33, 0x16, 0x57, 0x19, 0x6B, 0x5A, 0x0C, 0xAC, + 0x12, 0xF4, 0x72, 0x7B, 0x1C, 0x8E, 0x85, 0xCE, 0x2D, 0xE7, + 0x94, 0xAD, 0xFC, 0xA8, 0x92, 0x70, 0xE0, 0xFA, 0x19, 0xB3, + 0xB4, 0x97, 0x25, 0x10, 0xCB, 0x27, 0x74, 0x57, 0x5D, 0x22, + 0xDB, 0x1D, 0x2F, 0xB4, 0x27, 0x52, 0xDE, 0x56, 0x77, 0xFB, + 0xBA, 0x75, 0x5F, 0xC3, 0x84, 0xA6 }; const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig); /* ./ca-cert.der.sign, */ const unsigned char ca_cert_der_sig[] = { - 0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba, - 0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89, - 0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18, - 0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1, - 0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74, - 0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a, - 0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7, - 0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed, - 0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2, - 0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7, - 0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34, - 0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47, - 0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52, - 0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84, - 0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e, - 0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa, - 0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89, - 0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4, - 0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0, - 0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8, - 0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae, - 0x1d, 0xdb, 0x57, 0xb8 + 0x3C, 0x99, 0x92, 0x6F, 0x0A, 0xE7, 0xC1, 0x31, 0x1F, 0xC2, + 0x60, 0xFD, 0x26, 0x54, 0x2F, 0xEA, 0xA4, 0xB6, 0x99, 0x8F, + 0xCF, 0x01, 0x6F, 0x37, 0x7A, 0xF5, 0xB7, 0xD1, 0xCC, 0x51, + 0x0B, 0x34, 0xF1, 0xF4, 0xF0, 0x48, 0xCF, 0x53, 0xD3, 0xE1, + 0xF1, 0x08, 0xD1, 0x3F, 0x2B, 0x9A, 0x0E, 0x5A, 0x15, 0xB7, + 0xAD, 0x14, 0x27, 0x24, 0x70, 0xE8, 0x02, 0x68, 0x21, 0xA2, + 0xA2, 0x9D, 0x63, 0x41, 0x6A, 0xE3, 0xD2, 0xC9, 0x48, 0x7B, + 0xF2, 0x6E, 0x7A, 0x80, 0xB8, 0xA9, 0x28, 0x61, 0x7B, 0x93, + 0x93, 0x18, 0x68, 0x19, 0x6A, 0x6F, 0x78, 0x53, 0x32, 0xBF, + 0xAB, 0x28, 0x10, 0x44, 0xAC, 0xB9, 0x15, 0xFD, 0x51, 0xFE, + 0x5E, 0x47, 0x07, 0xCD, 0xAF, 0x94, 0x69, 0x7A, 0x66, 0x31, + 0x3E, 0xED, 0x1B, 0x93, 0x97, 0x1A, 0x83, 0xA2, 0xC7, 0x5B, + 0xD3, 0x34, 0xAE, 0x24, 0xC8, 0xE9, 0xA9, 0x9E, 0x64, 0xEA, + 0x57, 0xA8, 0xA8, 0xD8, 0xA2, 0x74, 0x5F, 0xDB, 0x70, 0xCC, + 0x07, 0x1D, 0xD0, 0xA7, 0x91, 0x61, 0xD6, 0x9F, 0x6F, 0x77, + 0x80, 0xE9, 0x6C, 0x2F, 0x90, 0xF1, 0xBE, 0x25, 0x3F, 0x1C, + 0x76, 0xB6, 0xAC, 0xD7, 0xD1, 0x1E, 0x97, 0x15, 0x94, 0x96, + 0xD6, 0xF6, 0xBF, 0x39, 0x6D, 0xC7, 0xF5, 0x13, 0xE0, 0xBB, + 0xC4, 0xDC, 0x18, 0x13, 0x65, 0x2B, 0x80, 0x23, 0x9A, 0x6A, + 0x70, 0x30, 0x9A, 0xB3, 0xE5, 0x2D, 0xC1, 0xCB, 0xBF, 0x5A, + 0xC2, 0xEE, 0xF6, 0x65, 0x50, 0xD4, 0xF2, 0xA3, 0xD5, 0xF9, + 0xF8, 0x16, 0xD3, 0x05, 0xAC, 0xE9, 0x8B, 0x5A, 0x75, 0xD7, + 0xF9, 0xB9, 0x05, 0xF3, 0x9C, 0xD0, 0xCE, 0x39, 0xA5, 0x7D, + 0xB6, 0xC6, 0x78, 0x6A, 0x31, 0x6C, 0xD2, 0xBB, 0x6F, 0x8E, + 0x11, 0xD4, 0x84, 0x8B, 0x21, 0x65, 0xFC, 0x2D, 0xD3, 0x51, + 0xC6, 0x31, 0x80, 0xCD, 0xE9, 0x5F }; const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig); /* ./client-cert.der.sign, */ const unsigned char client_cert_der_sign[] = { - 0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, - 0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, - 0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, - 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1, - 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95, - 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21, - 0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, - 0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, - 0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, - 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1, - 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA, - 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81, - 0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, - 0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, - 0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, - 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5, - 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71, - 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5, - 0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, - 0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, - 0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, - 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9, - 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F, - 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C, - 0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, - 0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05 + 0x58, 0x04, 0xD2, 0xCA, 0x82, 0x7F, 0x7C, 0xB3, 0x93, 0x8A, + 0x81, 0x5F, 0x48, 0x91, 0xA4, 0x04, 0x13, 0x55, 0x20, 0x02, + 0x1A, 0xCC, 0xD6, 0x09, 0x56, 0x89, 0x37, 0xBD, 0x3F, 0x88, + 0x10, 0x3E, 0x8D, 0x2E, 0x30, 0x0E, 0x97, 0xA8, 0x68, 0xE1, + 0xAE, 0x00, 0x9A, 0x42, 0xA0, 0xAF, 0x3E, 0xAE, 0xFF, 0xFF, + 0xA7, 0xF3, 0x9C, 0xA7, 0x59, 0xB1, 0xA9, 0x67, 0x2D, 0xCE, + 0xAE, 0x27, 0x0D, 0x9F, 0x22, 0x99, 0x43, 0x49, 0xC3, 0xC7, + 0x50, 0x11, 0xDB, 0xD4, 0xE8, 0xA4, 0x6B, 0x30, 0x95, 0x6C, + 0x66, 0x69, 0xF2, 0x2D, 0xE4, 0x41, 0x7D, 0x45, 0x73, 0xD5, + 0xE7, 0x3D, 0x15, 0x34, 0x99, 0xB7, 0x27, 0xAC, 0xFB, 0x6D, + 0xDC, 0xFF, 0x1F, 0x17, 0xF3, 0x37, 0x92, 0x44, 0x58, 0x57, + 0x50, 0xA6, 0x3A, 0xB4, 0xB2, 0xB9, 0xAE, 0x8E, 0x4E, 0x63, + 0x42, 0xBD, 0xDD, 0xAA, 0xC8, 0x26, 0x0D, 0xE8, 0x57, 0xCF, + 0xBD, 0x75, 0xAB, 0xDD, 0x92, 0x53, 0x1F, 0x7A, 0x9F, 0x4D, + 0x0E, 0xB0, 0xF5, 0x7F, 0xCE, 0x92, 0xD4, 0xEC, 0x3E, 0x44, + 0x99, 0x27, 0x32, 0x42, 0xFA, 0x68, 0xCE, 0x2E, 0x75, 0x31, + 0xEE, 0x74, 0xDA, 0xB4, 0x42, 0x8C, 0x30, 0xF8, 0xB7, 0xB6, + 0xF4, 0x29, 0x5C, 0x18, 0x59, 0xE8, 0x39, 0x06, 0xF2, 0xDB, + 0x50, 0xC4, 0x75, 0x3A, 0xD2, 0xDA, 0x9B, 0xEA, 0xBF, 0x80, + 0x42, 0x97, 0x01, 0x7B, 0xBA, 0x5D, 0xA0, 0x29, 0x40, 0xAE, + 0x3C, 0x4D, 0x75, 0x98, 0xEB, 0xCE, 0x5E, 0x67, 0xDC, 0xE3, + 0xC5, 0x70, 0x8F, 0x22, 0x15, 0xCB, 0x31, 0x39, 0x8F, 0x6E, + 0x8B, 0xA9, 0x22, 0x09, 0x18, 0xDC, 0x19, 0xD5, 0x65, 0x5E, + 0xD5, 0x59, 0xAE, 0xD9, 0xAD, 0xF7, 0x9C, 0x2C, 0xD5, 0x79, + 0x15, 0x62, 0xF8, 0xAE, 0xBA, 0x11, 0x24, 0x98, 0xC8, 0xB6, + 0xF5, 0xDE, 0x32, 0x10, 0x03, 0x07 }; const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h index 2d6bead068..80df72cb31 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h index 516bbfe8e0..5d4c2f341f 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -246,7 +246,6 @@ #define WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB #if defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -278,3 +277,5 @@ #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock +/* use original ASN parsing */ +#define WOLFSSL_ASN_ORIGINAL diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c index 5d1f913677..56f07cf90c 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c @@ -1,6 +1,6 @@ /* wolfssl_demo.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h index c11e59c830..4aa90b5d5a 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c index f89b48cf15..1b84878d3c 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c @@ -1,6 +1,6 @@ /* wolfssl_tsip_unit_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -107,22 +107,13 @@ typedef struct tagInfo void Clr_CallbackCtx(TsipUserCtx *g) { + XFREE(g->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (g->rsa1024pri_keyIdx != NULL) - XFREE(g->rsa1024pri_keyIdx, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (g->rsa1024pub_keyIdx != NULL) - XFREE(g->rsa1024pub_keyIdx, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (g->rsa2048pri_keyIdx != NULL) - XFREE(g->rsa2048pri_keyIdx, - NULL, DYNAMIC_TYPE_TMP_BUFFER); - - if (g->rsa2048pub_keyIdx != NULL) - XFREE(g->rsa2048pub_keyIdx, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); XMEMSET(g, 0, sizeof(TsipUserCtx)); } @@ -139,7 +130,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) byte plain[AES_BLOCK_SIZE]; int ret = 0; - WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, @@ -154,7 +145,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { printf(" tsip_aes_cbc_test() "); } - + ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); @@ -196,7 +187,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { RESULT_STR(ret) } - + return ret; } @@ -205,7 +196,7 @@ static void tskAes128_Cbc_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aes_cbc_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -257,7 +248,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) printf(" tsip_aes256_test() "); - + if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) { ret = -1; goto out; @@ -315,7 +306,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -323,7 +314,7 @@ static void tskAes256_Cbc_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aes256_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -345,8 +336,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) Aes enc[1]; Aes dec[1]; TsipUserCtx userContext; - - + + /* * This is Test Case 16 from the document Galois/ * Counter Mode of Operation (GCM) by McGrew and @@ -416,7 +407,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) if (prnt) { printf(" tsip_aes256_gcm_test() "); } - + ForceZero(resultT, sizeof(resultT)); ForceZero(resultC, sizeof(resultC)); ForceZero(resultP, sizeof(resultP)); @@ -443,8 +434,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), - (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), + result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), + (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a), &userContext); if (result != 0) { @@ -461,7 +452,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), - iv1, sizeof(iv1), resultT, sizeof(resultT), + iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a), &userContext); if (result != 0){ ret = -8; @@ -479,7 +470,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) wc_AesGcmSetKey(enc, k1, sizeof(k1)); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1), - resultT + 1, sizeof(resultT) - 1, + resultT + 1, sizeof(resultT) - 1, a, sizeof(a), &userContext); if (result != 0) { ret = -10; @@ -487,7 +478,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p), - iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, + iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a), &userContext); if (result != 0) { @@ -504,11 +495,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) out: wc_AesFree(enc); wc_AesFree(dec); - + if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -516,7 +507,7 @@ static void tskAes256_Gcm_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aesgcm256_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -616,16 +607,16 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) enc->ctx.keySize = enc->keylen; } /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), + result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), - resultT, sizeof(t3), + resultT, sizeof(t3), a3, sizeof(a3), &userContext); if (result != 0) { ret = -4; goto out; } result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3), - iv3, sizeof(iv3), resultT, sizeof(resultT), + iv3, sizeof(iv3), resultT, sizeof(resultT), a3, sizeof(a3), &userContext); if (result != 0) { ret = -5; @@ -641,11 +632,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) out: wc_AesFree(enc); wc_AesFree(dec); - + if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -790,15 +781,9 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize) wc_FreeRsaKey(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (in != NULL) { - XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (in2 != NULL) { - XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -812,7 +797,7 @@ int tsip_crypt_sha_multitest() int num = 0; int i; BaseType_t xRet; - + #ifndef NO_SHA num++; #endif @@ -825,14 +810,14 @@ int tsip_crypt_sha_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #ifndef NO_SHA - xRet = xTaskCreate(tskSha_Test, "sha_test", + xRet = xTaskCreate(tskSha_Test, "sha_test", SMALL_STACK_SIZE, NULL, 3, NULL); #endif #ifndef NO_SHA256 if (xRet == pdPASS) - xRet = xTaskCreate(tskSha256_Test, "sha256_test", + xRet = xTaskCreate(tskSha256_Test, "sha256_test", SMALL_STACK_SIZE, NULL, 3, NULL); #endif @@ -849,15 +834,15 @@ int tsip_crypt_sha_multitest() } } } - + vSemaphoreDelete(exit_semaph); - + if ((xRet == pdPASS) && (sha_multTst_rslt == 0 && sha256_multTst_rslt == 0)) ret = 0; else ret = -1; - + RESULT_STR(ret) return ret; @@ -874,7 +859,7 @@ int tsip_crypt_AesCbc_multitest() Info info_aes256_1; Info info_aes256_2; BaseType_t xRet; - + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) num+=2; #endif @@ -887,7 +872,7 @@ int tsip_crypt_AesCbc_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1, sizeof(tsip_aes_key_index_t)); @@ -916,7 +901,7 @@ int tsip_crypt_AesCbc_multitest() xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2", SMALL_STACK_SIZE, &info_aes256_2, 3, NULL); #endif - + if (xRet == pdPASS) { printf(" Waiting for completing tasks ..."); vTaskDelay(10000/portTICK_PERIOD_MS); @@ -930,7 +915,7 @@ int tsip_crypt_AesCbc_multitest() } } } - + vSemaphoreDelete(exit_semaph); if ((xRet == pdPASS) && @@ -955,7 +940,7 @@ int tsip_crypt_AesGcm_multitest() Info info_aes256_1; Info info_aes256_2; BaseType_t xRet; - + #if defined(WOLFSSL_AES_128) num+=2; #endif @@ -1010,7 +995,7 @@ int tsip_crypt_AesGcm_multitest() } } } - + vSemaphoreDelete(exit_semaph); if ((xRet == pdPASS) && @@ -1032,7 +1017,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() Info info_aes256cbc; Info info_aes256gcm; BaseType_t xRet; - + #ifndef NO_SHA num++; #endif @@ -1051,7 +1036,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #ifndef NO_SHA xRet = xTaskCreate(tskSha_Test, "sha_test", SMALL_STACK_SIZE, NULL, 3, NULL); @@ -1069,7 +1054,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, sizeof(tsip_aes_key_index_t)); if (xRet == pdPASS) - xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", + xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", STACK_SIZE, &info_aes256gcm, 3, NULL); #endif @@ -1086,9 +1071,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() } } } - + vSemaphoreDelete(exit_semaph); - + if (xRet == pdPASS && sha_multTst_rslt == 0 && (Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) { ret = 0; @@ -1096,7 +1081,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() else { ret = -1; } - + RESULT_STR(ret) return ret; @@ -1158,11 +1143,10 @@ int tsip_crypt_test() ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); } - #if defined(WOLFSSL_KEY_GEN)&& \ + #if defined(WOLFSSL_KEY_GEN) && \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) if (ret == 0) { - Clr_CallbackCtx(&userContext); ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext); @@ -1172,11 +1156,10 @@ int tsip_crypt_test() } if (ret == 0) { - printf(" tsip_rsa_SignVerify_test(1024)"); userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024; - userContext.sing_hash_type = sha256_mac; + userContext.sign_hash_type = sha256_mac; userContext.keyflgs_crypt.bits.message_type = 0; ret = tsip_rsa_SignVerify_test(1, 1024); @@ -1189,7 +1172,7 @@ int tsip_crypt_test() printf(" tsip_rsa_SignVerify_test(2048)"); userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048; - userContext.sing_hash_type = sha256_mac; + userContext.sign_hash_type = sha256_mac; userContext.keyflgs_crypt.bits.message_type = 0; ret = tsip_rsa_SignVerify_test(1, 2048); diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md index 55df4f2c15..c53605b79d 100644 --- a/IDE/Renesas/e2studio/RZN2L/README.md +++ b/IDE/Renesas/e2studio/RZN2L/README.md @@ -10,7 +10,7 @@ They also include benchmark and cryptography tests for the wolfCrypt library. The example project contains both the wolfSSL and wolfCrypt libraries. It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ configuration. The wolfssl project uses `Renesas Secure IP on RZ` -as hardware acceleration for cyptography. +as hardware acceleration for cryptography. **Limitation** @@ -22,7 +22,7 @@ The example project summary is listed below and is relevant for every project. |Item|Name/Version| |:--|:--| |Board|RZN2L| -|Device|R9A07G084M04GBG| +|Device|R9A07G084M08GBG| |Toolchain|GCC for Renesas RZ| |Toolchain Version|10.3.1.20210824| |FSP Version|1.2.0| @@ -34,7 +34,7 @@ The example project summary is listed below and is relevant for every project. |Board Support Package Common Files|v1.20|| |I/O Port|v1.2.0|| |Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1|| -|Board support package for R9A07G084M04GBG|v1.2.0|| +|Board support package for R9A07G084M04GBG|v1.2.0|Note1| |Board support package for RZN2L|v1.2.0|| |Board support package for RZN2L - FSP Data|v1.2.0|| |RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0|| @@ -50,6 +50,8 @@ The example project summary is listed below and is relevant for every project. |Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| |RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| +Note1:\ + To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. ## Setup Steps and Build wolfSSL Library @@ -75,7 +77,7 @@ The example project summary is listed below and is relevant for every project. |Thread Symbol|rzn2l_tst_thread| |Thread Name|rzn2l_tst_thread| |Thread Stack size|increase depending on your environment
e.g. 0xA000| -|Thread MemoryAllocation|Dyamic| +|Thread MemoryAllocation|Dynamic| |Common General Use Mutexes|Enabled| |Common General Enable Backward Compatibility|Enabled| |Common Memory Allocation Support Dynamic Allocation|Enabled| @@ -93,16 +95,18 @@ The example project summary is listed below and is relevant for every project. 3.) Prepare UART to logging + Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk) -+ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L` - + um_serial_io_uart.c - + um_serial_io_task_writer.c - + um_serial_io_cfg.h - + um_common_api.h - + um_common_cfg.h - + um_serial_io.c - + um_serial_io.h - + um_serial_io_api.h - + um_serial_io_internal.h ++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\ +um_serial_io_uart.c\ +um_serial_io_task_writer.c\ +um_serial_io_cfg.h\ +um_common_api.h\ +um_common_cfg.h\ +um_serial_io.c\ +um_serial_io.h\ +um_serial_io_api.h\ +um_serial_io_internal.h + + + Open um_serial_io_task_writer.c and re-name printf to uart_printf 3.) Build `test_RZN2L` project @@ -113,7 +117,7 @@ The example project summary is listed below and is relevant for every project. 2). Select J-Link ARM and R9A07G084M04 -3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da +3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da ## Run TLS 1.3 Client 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h` @@ -472,7 +476,7 @@ Test complete ``` **Note** -`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test. +`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above while running wolfCrypt test. ## Run Benchmark @@ -532,7 +536,8 @@ Benchmark complete End wolfCrypt Benchmark ``` **Note** -`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above. +`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above. + ## Support For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well. diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h index 48e4522493..beb89aae6f 100644 --- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h +++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h index 9f5a8cd0ae..6357c0b640 100644 --- a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c index 0e4c459ed0..cb9b3b7a0e 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c +++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c @@ -1,6 +1,6 @@ /* rzn2l_tst_thread_entry.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c index f2d610da1f..227d75f488 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c index b4ce624c99..fc3d9706c8 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c index 4f437bc7df..795d8286e1 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c @@ -1,6 +1,6 @@ /* wolfssl_sce_unit_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -718,18 +718,10 @@ static int rsip_rsa_test(int prnt, int keySize) wc_FreeRsaKey(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (in != NULL) { - XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (in2 != NULL) { - XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out2 != NULL) { - XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); (void) prnt; return ret; @@ -808,15 +800,9 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize) wc_FreeRsaKey(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (in != NULL) { - XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (in2 != NULL) { - XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c index 2b9642c0c5..94cdc9bbcf 100644 --- a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/STARCORE/starcore_test.c b/IDE/STARCORE/starcore_test.c index 72c3613f11..966b4b69f3 100644 --- a/IDE/STARCORE/starcore_test.c +++ b/IDE/STARCORE/starcore_test.c @@ -1,6 +1,6 @@ /* starcore_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/STARCORE/user_settings.h b/IDE/STARCORE/user_settings.h index e62f12d67a..df74dbee70 100644 --- a/IDE/STARCORE/user_settings.h +++ b/IDE/STARCORE/user_settings.h @@ -1,23 +1,23 @@ /* user_settings.h * -* Copyright (C) 2006-2023 wolfSSL Inc. -* -* This file is part of wolfSSL. -* -* wolfSSL is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* wolfSSL is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -*/ + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ /* Custom wolfSSL user settings for Vortec Scheduler, * VxWorks 6.9 and VxWorks 7.0 */ @@ -417,6 +417,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index b976c55df2..d7a68aac42 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -148,11 +148,11 @@ extern ${variable.value} ${variable.name}; #define HAL_CONSOLE_UART huart2 #define NO_STM32_RNG #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */ -#elif defined(STM32U575xx) || defined(STM32U585xx) +#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx) #define HAL_CONSOLE_UART huart1 #define WOLFSSL_STM32U5 #define STM32_HAL_V2 - #ifdef STM32U585xx + #if defined(STM32U585xx) || defined(STM32U5A9xx) #undef NO_STM32_HASH #undef NO_STM32_CRYPTO #define WOLFSSL_STM32_PKA @@ -534,6 +534,25 @@ extern ${variable.value} ${variable.name}; #define NO_MD5 #endif +/* ------------------------------------------------------------------------- */ +/* Crypto Acceleration */ +/* ------------------------------------------------------------------------- */ +/* This enables inline assembly speedups for SHA2, SHA3, AES, + * ChaCha20/Poly1305 and Ed/Curve25519. These settings work for Cortex M4/M7 + * and the source code is located in wolfcrypt/src/port/arm/ + */ +#if defined(WOLF_CONF_ARMASM) && WOLF_CONF_ARMASM == 1 + #define WOLFSSL_ARMASM + #define WOLFSSL_ARMASM_INLINE + #define WOLFSSL_ARMASM_NO_HW_CRYPTO + #define WOLFSSL_ARMASM_NO_NEON + #define WOLFSSL_ARM_ARCH 7 + /* Disable H/W offloading if accelerating S/W crypto */ + #undef NO_STM32_HASH + #define NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define NO_STM32_CRYPTO +#endif /* ------------------------------------------------------------------------- */ /* Benchmark / Test */ diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c index f056c8cd6a..ddf81cbd3e 100644 --- a/IDE/STM32Cube/main.c +++ b/IDE/STM32Cube/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index fc813483f1..d356af5e7b 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -1,6 +1,6 @@ /* wolfssl_example.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -284,7 +284,7 @@ typedef struct { typedef struct { int ret; - osThreadId threadId; + osThreadId_t threadId; #ifdef CMSIS_OS2_H_ osSemaphoreId_t mutex; #else @@ -1700,9 +1700,7 @@ static int tls13_uart_server(void) } #ifdef WOLFSSL_SMALL_STACK - if (tbuf != NULL) { - XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -1795,9 +1793,7 @@ static int tls13_uart_client(void) wolfSSL_CTX_free(ctx); } #ifdef WOLFSSL_SMALL_STACK - if (tbuf != NULL) { - XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; diff --git a/IDE/STM32Cube/wolfssl_example.h b/IDE/STM32Cube/wolfssl_example.h index 5720511f30..792c7d9844 100644 --- a/IDE/STM32Cube/wolfssl_example.h +++ b/IDE/STM32Cube/wolfssl_example.h @@ -1,6 +1,6 @@ /* wolfssl_example.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,7 +27,7 @@ #endif #ifndef WOLFSSL_USER_SETTINGS - #include + #include #endif #include #include diff --git a/IDE/SimplicityStudio/test_wolf.c b/IDE/SimplicityStudio/test_wolf.c index e52266ac40..f05ee30476 100644 --- a/IDE/SimplicityStudio/test_wolf.c +++ b/IDE/SimplicityStudio/test_wolf.c @@ -1,6 +1,6 @@ /* test_wolf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/SimplicityStudio/user_settings.h b/IDE/SimplicityStudio/user_settings.h index cfe138a695..05ba8d517d 100644 --- a/IDE/SimplicityStudio/user_settings.h +++ b/IDE/SimplicityStudio/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -337,6 +337,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/VS-AZURE-SPHERE/client/client.c b/IDE/VS-AZURE-SPHERE/client/client.c index 9a326e0695..920b8b7b6a 100644 --- a/IDE/VS-AZURE-SPHERE/client/client.c +++ b/IDE/VS-AZURE-SPHERE/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/VS-AZURE-SPHERE/client/client.h b/IDE/VS-AZURE-SPHERE/client/client.h index f2d6fd805f..72a3f7b970 100644 --- a/IDE/VS-AZURE-SPHERE/client/client.h +++ b/IDE/VS-AZURE-SPHERE/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/VS-AZURE-SPHERE/server/server.c b/IDE/VS-AZURE-SPHERE/server/server.c index aad4ef7235..39938a9c95 100644 --- a/IDE/VS-AZURE-SPHERE/server/server.c +++ b/IDE/VS-AZURE-SPHERE/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/VS-AZURE-SPHERE/server/server.h b/IDE/VS-AZURE-SPHERE/server/server.h index 497a3c41ca..f43231682b 100644 --- a/IDE/VS-AZURE-SPHERE/server/server.h +++ b/IDE/VS-AZURE-SPHERE/server/server.h @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/VS-AZURE-SPHERE/user_settings.h b/IDE/VS-AZURE-SPHERE/user_settings.h index 91de4d2513..a55c0b0915 100644 --- a/IDE/VS-AZURE-SPHERE/user_settings.h +++ b/IDE/VS-AZURE-SPHERE/user_settings.h @@ -7,9 +7,9 @@ #ifndef SERVER_IP #define SERVER_IP "192.168.1.200" /* Local Test Server IP */ #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 11111 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 11111 + #endif #define CERT ca_cert_der_2048 #define SIZEOF_CERT sizeof_ca_cert_der_2048 static const char msg[] = "Are you listening wolfSSL Server?"; @@ -17,9 +17,9 @@ #ifndef SERVER_IP #define SERVER_IP "www.wolfssl.com" #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 443 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 443 + #endif #define CERT wolfssl_website_root_ca #define SIZEOF_CERT sizeof_wolfssl_website_root_ca static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n"; diff --git a/IDE/VisualDSP/user_settings.h b/IDE/VisualDSP/user_settings.h index 2ce8e1eba0..40790b7e06 100644 --- a/IDE/VisualDSP/user_settings.h +++ b/IDE/VisualDSP/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/VisualDSP/wolf_tasks.c b/IDE/VisualDSP/wolf_tasks.c index 5d38879f4a..4fd316aa2a 100644 --- a/IDE/VisualDSP/wolf_tasks.c +++ b/IDE/VisualDSP/wolf_tasks.c @@ -1,6 +1,6 @@ /* wolf-tasks.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/WICED-STUDIO/user_settings.h b/IDE/WICED-STUDIO/user_settings.h index 70ce019d6e..e4a6f2e8a5 100644 --- a/IDE/WICED-STUDIO/user_settings.h +++ b/IDE/WICED-STUDIO/user_settings.h @@ -1,4 +1,4 @@ - /* Copyright (C) 2006-2018 wolfSSL Inc. + / * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -411,6 +411,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/WIN-SRTP-KDF-140-3/README.txt b/IDE/WIN-SRTP-KDF-140-3/README.txt new file mode 100644 index 0000000000..4ef0a14540 --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/README.txt @@ -0,0 +1,118 @@ +# Notes on the wolfssl-fips project + +First, if you did not get the FIPS files with your archive, you must contact +wolfSSL to obtain them. + +The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS 140-3 certificate or later. + +# Building the wolfssl-fips project + +The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It +must be built as a static library, for the moment. + +The library project is built with Whole Program Optimization disabled. This is +required so that necessary components of the library are not optimized away. +There are two functions added to the library that are used as markers in +memory for the in-core memory check of the code. WPO consolidates them into a +single function. WPO also optimizes away the automatic FIPS entry function. + +Each of the source files inside the FIPS boundary defines their own code and +constant section. The code section names start with ".fipsA$" and the constant +section names start with ".fipsB$". Each subsection has a letter to organize +them in a specific order. This specific ordering puts marker functions and +constants on either end of the boundary so it can be hashed. + + +# In Core Memory Test + +The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt +FIPS library code and constant data and compares it with a known value in +the code. + +The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration: +1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170) +needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail. +2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170) +option need turned off so function pointers go to actual code, not a jump instruction. +3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170) +option to YES, which disables the support for ASLR. + +The "verifyCore" check value in the source fips_test.c needs to be updated when +building the code. The POS performs this check and the default failure callback +will print out the calculated checksum. When developing your code, copy this +value and paste it back into your code in the verifyCore initializer then +rebuild the code. When statically linking, you may have to recalculate your +check value when changing your application. + +# Build Options + +The default build options should be the proper default set of options: + + * HAVE_FIPS + * HAVE_FIPS_VERSION=5 + * HAVE_FIPS_VERSION_MINOR=1 (Also for FIPS Ready) + * HAVE_THREAD_LS + * WOLFSSL_KEY_GEN + * HAVE_AESGCM + * HAVE_HASHDRBG + * WOLFSSL_SHA384 + * WOLFSSL_SHA512 + * NO_PSK + * NO_RC4 + * NO_DSA + * NO_MD4 + * WOLFSSL_SHA224 + * WOLFSSL_SHA3 + * WC_RSA_PSS + * WC_RSA_NO_PADDING + * HAVE_ECC + * ECC_SHAMIR + * HAVE_ECC_CDH + * ECC_TIMING_RESISTANT + * TFM_TIMING_RESISTANT + * WOLFSSL_AES_COUNTER + * WOLFSSL_AES_DIRECT + * HAVE_AES_ECB + * HAVE_AESCCM + * WOLFSSL_CMAC + * HAVE_HKDF + * WOLFSSL_VALIDATE_ECC_IMPORT + * WOLFSSL_VALIDATE_FFC_IMPORT + * HAVE_FFDHE_Q + * NO_DES + * NO_DES3 + * NO_MD5 + * NO_OLD_TLS + * WOLFSSL_TLS13 + * HAVE_TLS_EXTENSIONS + * HAVE_SUPPORTED_CURVES + * GCM_TABLE_4BIT + * WOLFSSL_NO_SHAKE256 + * WOLFSSL_VALIDATE_ECC_KEYGEN + * WOLFSSL_ECDSA_SET_K + * WOLFSSL_WOLFSSH + * WOLFSSL_PUBLIC_MP + * WC_RNG_SEED_CB + * TFM_ECC256 + * ECC_USER_CURVES + * HAVE_ECC192 + * HAVE_ECC224 + * HAVE_ECC256 + * HAVE_ECC384 + * HAVE_ECC521 + * HAVE_FFDHE_2048 + * HAVE_FFDHE_3072 + * HAVE_FFDHE_4096 + * HAVE_FFDHE_6144 + * HAVE_FFDHE_8192 + * FP_MAX_BITS 16384 + +The "NO" options explicitly disable algorithms that are not allowed in +FIPS mode. + +Additionally one may enable: + + * WOLFSSL_AESNI + * OPENSSL_EXTRA + +These settings are defined in IDE/WIN10/user_settings.h. diff --git a/IDE/WIN-SRTP-KDF-140-3/include.am b/IDE/WIN-SRTP-KDF-140-3/include.am new file mode 100644 index 0000000000..c85379e90e --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/include.am @@ -0,0 +1,11 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/README.txt +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/test.vcxproj +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/user_settings.h +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/resource.h +EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc diff --git a/IDE/WIN-SRTP-KDF-140-3/resource.h b/IDE/WIN-SRTP-KDF-140-3/resource.h new file mode 100644 index 0000000000..e92769c505 --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/resource.h @@ -0,0 +1,14 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Visual C++ generated include file. +// Used by wolfssl-fips.rc + +// Next default values for new objects +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 101 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1001 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/IDE/WIN-SRTP-KDF-140-3/test.vcxproj b/IDE/WIN-SRTP-KDF-140-3/test.vcxproj new file mode 100644 index 0000000000..a41ff9ac49 --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/test.vcxproj @@ -0,0 +1,277 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + Release + Win32 + + + Release + x64 + + + + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + Application + v142 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>11.0.61030.0 + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + false + + + + Disabled + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + ProgramDatabase + + + true + Console + MachineX86 + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + false + + + + + Disabled + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + ProgramDatabase + + + true + Console + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + + + + + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + true + + + true + Console + MachineX86 + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + true + UseLinkTimeCodeGeneration + false + + + + + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + true + + + true + Console + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + true + UseLinkTimeCodeGeneration + + + + + Disabled + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + ProgramDatabase + false + + + true + Console + MachineX86 + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + + + + + Disabled + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;CYASSL_DLL;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + ProgramDatabase + false + + + true + Console + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + false + + + + + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + true + Console + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + true + MachineX86 + UseLinkTimeCodeGeneration + true + + + + + .\;..\..\;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + true + Console + ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + true + true + UseLinkTimeCodeGeneration + true + + + + + + + + {73973223-5ee8-41ca-8e88-1d60e89a237b} + false + + + + + + \ No newline at end of file diff --git a/IDE/WIN-SRTP-KDF-140-3/user_settings.h b/IDE/WIN-SRTP-KDF-140-3/user_settings.h new file mode 100644 index 0000000000..3c5127eb7c --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/user_settings.h @@ -0,0 +1,177 @@ +#ifndef _WIN_USER_SETTINGS_H_ +#define _WIN_USER_SETTINGS_H_ + +/* For FIPS 140-2 3389 build set to "#if 1" */ +#if 0 +#undef HAVE_FIPS +#define HAVE_FIPS +#undef HAVE_FIPS_VERSION +#define HAVE_FIPS_VERSION 2 +#undef HAVE_FIPS_VERSION_MINOR +#define HAVE_FIPS_VERSION_MINOR 0 +#endif + +/* Set the following to 1 for WCv5.0-RC12 build. */ +#if 1 +#undef HAVE_FIPS +#define HAVE_FIPS +#undef HAVE_FIPS_VERSION +#define HAVE_FIPS_VERSION 6 +#undef HAVE_FIPS_VERSION_MAJOR +#define HAVE_FIPS_VERSION_MAJOR 6 +#undef HAVE_FIPS_VERSION_MINOR +#define HAVE_FIPS_VERSION_MINOR 0 +#undef HAVE_FIPS_VERSION_PATCH +#define HAVE_FIPS_VERSION_PATCH 0 +#endif + +/* For FIPS Ready, uncomment the following: */ +/* #define WOLFSSL_FIPS_READY */ +#ifdef WOLFSSL_FIPS_READY + #undef HAVE_FIPS + #define HAVE_FIPS + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 5 + #undef HAVE_FIPS_VERSION_MINOR + #define HAVE_FIPS_VERSION_MINOR 3 +#endif + + +/* Verify this is Windows */ +#ifndef _WIN32 +#error This user_settings.h header is only designed for Windows +#endif + +/* Configurations */ +#if defined(HAVE_FIPS) + /* FIPS */ + #define OPENSSL_EXTRA + #define HAVE_THREAD_LS + #define WOLFSSL_KEY_GEN + #define HAVE_AESGCM + #define HAVE_HASHDRBG + #define WOLFSSL_SHA384 + #define WOLFSSL_SHA512 + #define NO_PSK + #define NO_RC4 + #define NO_DSA + #define NO_MD4 + + #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #define WOLFSSL_SHA224 + #define WOLFSSL_SHA3 + #define WC_RSA_PSS + #define WC_RSA_NO_PADDING + #define HAVE_ECC + #define HAVE_ECC384 + #define HAVE_ECC521 + #define HAVE_SUPPORTED_CURVES + #define HAVE_TLS_EXTENSIONS + #define ECC_SHAMIR + #define HAVE_ECC_CDH + #define ECC_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + #define WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_DIRECT + #define HAVE_AES_ECB + #define HAVE_AESCCM + #define WOLFSSL_CMAC + #define HAVE_HKDF + #define WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #define HAVE_PUBLIC_FFDHE + #ifdef _WIN64 + #define WOLFSSL_AESNI + #define HAVE_INTEL_RDSEED + #endif + #define FORCE_FAILURE_RDSEED + #endif /* FIPS v2 */ + #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + #undef WOLFSSL_AESNI /* Comment out if using PAA */ + #undef HAVE_INTEL_RDSEED + #undef FORCE_FAILURE_RDSEED + #undef HAVE_PUBLIC_FFDHE + + #define NO_DES + #define NO_DES3 + #define NO_MD5 + #define NO_OLD_TLS + + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define GCM_TABLE_4BIT + #define WOLFSSL_NO_SHAKE256 + #define WOLFSSL_VALIDATE_ECC_KEYGEN + #define WOLFSSL_ECDSA_SET_K + #define WOLFSSL_WOLFSSH + #define WOLFSSL_PUBLIC_MP + #define WC_RNG_SEED_CB + #define TFM_ECC256 + #define ECC_USER_CURVES + #define HAVE_ECC192 + #define HAVE_ECC224 + #define HAVE_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_3072 + #define HAVE_FFDHE_4096 + #define HAVE_FFDHE_6144 + #define HAVE_FFDHE_8192 + #define WOLFSSL_AES_OFB + #define FP_MAX_BITS 16384 + #endif /* FIPS v5 */ + #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6) + #define HAVE_ED25519 + #define HAVE_ED448 + #define WOLFSSL_SHAKE256 + #define WOLFSSL_SHAKE128 + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + #define HAVE_AES_KEYWRAP + #define WC_SRTP_KDF + #define HAVE_PBKDF2 + #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \ + AA9F70F147FAB898A76F587873AC4E9C7050D6E1F5828046BE871C54EDF2BF1C + #define WOLFSSL_NOSHA512_224 + #define WOLFSSL_NOSHA512_256 + + /* uncomment for FIPS debugging */ + /* #define DEBUG_FIPS_VERBOSE */ + + /* uncomment for whole library debugging */ + /* #define DEBUG_WOLFSSL */ + #endif /* FIPS v6 */ +#else + /* Enables blinding mode, to prevent timing attacks */ + #define WC_RSA_BLINDING + + #if defined(WOLFSSL_LIB) + /* The lib */ + #define OPENSSL_EXTRA + #define WOLFSSL_RIPEMD + #define NO_PSK + #define HAVE_EXTENDED_MASTER + #define WOLFSSL_SNIFFER + #define HAVE_SECURE_RENEGOTIATION + + #define HAVE_AESGCM + #define WOLFSSL_SHA384 + #define WOLFSSL_SHA512 + + #define HAVE_SUPPORTED_CURVES + #define HAVE_TLS_EXTENSIONS + + #define HAVE_ECC + #define ECC_SHAMIR + #define ECC_TIMING_RESISTANT + #else + /* The servers and clients */ + #define OPENSSL_EXTRA + #define NO_PSK + #endif +#endif /* HAVE_FIPS */ + +#endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc new file mode 100644 index 0000000000..956269fb67 --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc @@ -0,0 +1,100 @@ +// Microsoft Visual C++ generated resource script. +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 2 resource. +// +#include "winres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// English (United States) resources + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) +LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US +#pragma code_page(1252) + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE +BEGIN + "#include ""winres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + + +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 5,7,0,0 + PRODUCTVERSION 5,7,0,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x40004L + FILETYPE 0x7L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "CompanyName", "wolfSSL Inc." + VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." + VALUE "FileVersion", "5.7.0.0" + VALUE "InternalName", "wolfssl-fips" + VALUE "LegalCopyright", "Copyright (C) 2023" + VALUE "OriginalFilename", "wolfssl-fips.dll" + VALUE "ProductName", "wolfSSL FIPS" + VALUE "ProductVersion", "5.7.0.0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END + +#endif // English (United States) resources +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 3 resource. +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // not APSTUDIO_INVOKED + diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln new file mode 100644 index 0000000000..1609e6d91e --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln @@ -0,0 +1,61 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.32510.428 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + DLL Debug|Win32 = DLL Debug|Win32 + DLL Debug|x64 = DLL Debug|x64 + DLL Release|Win32 = DLL Release|Win32 + DLL Release|x64 = DLL Release|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = DLL Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {0CFCC869-45D3-42AD-BA73-29938093A38F} + EndGlobalSection +EndGlobal diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj new file mode 100644 index 0000000000..dfe4877e18 --- /dev/null +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj @@ -0,0 +1,391 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + Release + Win32 + + + Release + x64 + + + + {73973223-5EE8-41CA-8E88-1D60E89A237B} + wolfssl-fips + Win32Proj + + + + StaticLibrary + v142 + Unicode + true + + + DynamicLibrary + v142 + Unicode + true + + + StaticLibrary + v142 + Unicode + true + + + DynamicLibrary + v142 + Unicode + true + + + StaticLibrary + v142 + Unicode + + + DynamicLibrary + v142 + Unicode + + + StaticLibrary + v142 + Unicode + + + DynamicLibrary + v142 + Unicode + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + + + false + + + false + + + false + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + 0x5A000000 + false + false + true + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + 0x5A000000 + false + false + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + Level3 + ProgramDatabase + false + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + false + 0x5A000000 + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + Level3 + ProgramDatabase + false + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + false + + + + + + + + + + + + + + + + + + + + + false + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + + + + + + + false + false + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h index 225108946a..a1011abf8c 100644 --- a/IDE/WIN/user_settings.h +++ b/IDE/WIN/user_settings.h @@ -74,6 +74,9 @@ #if 0 #define HAVE_INTEL_AVX2 #endif + + #define USE_INTEL_CHACHA_SPEEDUP + #define USE_INTEL_POLY1305_SPEEDUP #endif /* Single Precision Support for RSA/DH 1024/2048/3072 and diff --git a/IDE/WIN10/user_settings.h b/IDE/WIN10/user_settings.h index cc1c34edeb..1fcb317318 100644 --- a/IDE/WIN10/user_settings.h +++ b/IDE/WIN10/user_settings.h @@ -119,6 +119,9 @@ #define WOLFSSL_AES_OFB #define FP_MAX_BITS 16384 #endif /* FIPS v5 */ + #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6) + #define WOLFSSL_AES_XTS + #endif #else /* Enables blinding mode, to prevent timing attacks */ #define WC_RSA_BLINDING @@ -133,6 +136,7 @@ #define HAVE_SECURE_RENEGOTIATION #define HAVE_AESGCM + #define WOLFSSL_AES_XTS #define WOLFSSL_SHA384 #define WOLFSSL_SHA512 diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc index 956269fb67..aa46cb8a9b 100644 --- a/IDE/WIN10/wolfssl-fips.rc +++ b/IDE/WIN10/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,0,0 - PRODUCTVERSION 5,7,0,0 + FILEVERSION 5,7,2,0 + PRODUCTVERSION 5,7,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.0.0" + VALUE "FileVersion", "5.7.2.0" VALUE "InternalName", "wolfssl-fips" - VALUE "LegalCopyright", "Copyright (C) 2023" + VALUE "LegalCopyright", "Copyright (C) 2024" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.0.0" + VALUE "ProductVersion", "5.7.2.0" END END BLOCK "VarFileInfo" diff --git a/IDE/WIN10/wolfssl-fips.vcxproj b/IDE/WIN10/wolfssl-fips.vcxproj index 5d0122ea57..2736bc4448 100644 --- a/IDE/WIN10/wolfssl-fips.vcxproj +++ b/IDE/WIN10/wolfssl-fips.vcxproj @@ -258,10 +258,17 @@ + + + + + + + false false @@ -269,6 +276,9 @@ false + + + @@ -337,6 +347,20 @@ $(IntDir)%(Filename).obj $(IntDir)%(Filename).obj + + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(IntDir)%(Filename).obj + $(IntDir)%(Filename).obj + diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h index 2c472db89e..eca61f0436 100644 --- a/IDE/WINCE/user_settings.h +++ b/IDE/WINCE/user_settings.h @@ -1,21 +1,93 @@ -#ifndef _WIN_USER_SETTINGS_H_ -#define _WIN_USER_SETTINGS_H_ +/* user_settings.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Custom wolfSSL user settings for GCC ARM */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_GENERAL_ALIGNMENT +#define WOLFSSL_GENERAL_ALIGNMENT 4 -/* For FIPS Ready, uncomment the following: */ -/* #define WOLFSSL_FIPS_READY */ -#ifdef WOLFSSL_FIPS_READY - #undef HAVE_FIPS_VERSION - #define HAVE_FIPS_VERSION 3 +/* Multi-threaded support */ +#undef SINGLE_THREADED +#if 0 + #define SINGLE_THREADED +#else + #define ERROR_QUEUE_PER_THREAD /* if applicable otherwise comment out */ +#endif + +#ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS #endif +#undef WOLFSSL_USER_IO +//#define WOLFSSL_USER_IO + +#undef NO_WRITE_TEMP_FILES +#define NO_WRITE_TEMP_FILES -/* Verify this is Windows */ -#ifndef _WIN32 -#error This user_settings.h header is only designed for Windows +/* FIPS 140-3 OE specific section(s) */ + +/* Uncomment for Android devices */ +#undef ANDROID_V454 +/* #define ANDROID_V454 */ +#ifdef ANDROID_V454 + #if 1 + /* To have all printouts go to the app view on the device use: */ + extern int appendToTextView(const char* fmt, ...); + #undef printf + #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__) + #else + #include + #define WOLFLOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, "wolfCrypt_android", __VA_ARGS__) + #undef printf + #define printf WOLFLOGV + #endif #endif -/* Configurations */ -#define WOLFCRYPT_ONLY +/* Uncomment for WINCE 6.0 devices. NOTE: _WIN32_WCE defined by system */ +#if 1 + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_ATOMICS + #define WC_NO_ASYNC_THREADING + #define USE_WINDOWS_API + #define WOLFSSL_SMALL_STACK + #define MAX_SUPPORTED_THREADS 1024 + #define MAX_SUPPORTED_PRIV_KEYS 1024 + #define MAX_CONFIGURED_THREAD 512 +#endif + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +#undef SIZEOF_LONG_LONG +#define SIZEOF_LONG_LONG 8 #undef USE_FAST_MATH #if 1 @@ -24,26 +96,39 @@ #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT + #undef TFM_NO_ASM + #define TFM_NO_ASM + /* Optimizations */ //#define TFM_ARM + + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 16384 +#else + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_INT_NEGATIVE + /* Maximum math bits (largest supported key bits) */ + #undef SP_INT_BITS + #define SP_INT_BITS 8192 #endif /* Wolf Single Precision Math */ #undef WOLFSSL_SP -#if 0 - #define WOLFSSL_SP +#if 0 /* SP Assembly Speedups (wPAA) */ + //#define WOLFSSL_SP //#define WOLFSSL_SP_SMALL /* use smaller version of code */ - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_HAVE_SP_DH - #define WOLFSSL_HAVE_SP_ECC - //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ - - /* SP Assembly Speedups */ - //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ - //#define WOLFSSL_SP_ARM32_ASM + //#define WOLFSSL_SP_1024 + //#define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */ + //#define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */ + //#define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */ + //#define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */ + //#define WOLFSSL_HAVE_SP_RSA + //#define WOLFSSL_HAVE_SP_DH + //#define WOLFSSL_HAVE_SP_ECC + /* If no PAA, leave out */ + //#define WOLFSSL_ARMASM //#define WOLFSSL_SP_ARM64_ASM - //#define WOLFSSL_SP_ARM_THUMB_ASM - //#define WOLFSSL_SP_ARM_CORTEX_M_ASM #endif /* ------------------------------------------------------------------------- */ @@ -51,288 +136,698 @@ /* ------------------------------------------------------------------------- */ #undef HAVE_FIPS #if 1 + + #define WOLFCRYPT_FIPS_CORE_HASH_VALUE C82E8BD05125ED82DE72A521EEB369E026526D089ADCB6FB2B943479A9D5DB63 #define HAVE_FIPS #undef HAVE_FIPS_VERSION - #define HAVE_FIPS_VERSION 2 + #define HAVE_FIPS_VERSION 5 - #ifdef SINGLE_THREADED - #undef NO_THREAD_LS - #define NO_THREAD_LS - #else - #ifndef USE_WINDOWS_API - #define USE_WINDOWS_API - #endif - #endif + #undef HAVE_FIPS_VERSION_MINOR + #define HAVE_FIPS_VERSION_MINOR 2 + + #undef WOLFSSL_WOLFSSH + #define WOLFSSL_WOLFSSH - #undef NO_ATTRIBUTE_CONSTRUCTOR - //#define NO_ATTRIBUTE_CONSTRUCTOR + #undef WC_RNG_SEED_CB + #define WC_RNG_SEED_CB + + #if 0 + #undef NO_ATTRIBUTE_CONSTRUCTOR + #define NO_ATTRIBUTE_CONSTRUCTOR + #endif #endif -/* FIPS */ -//#define OPENSSL_EXTRA -//#define HAVE_THREAD_LS -#define WOLFSSL_KEY_GEN -#define HAVE_AESGCM -#define HAVE_HASHDRBG -#define WOLFSSL_SHA384 -#define WOLFSSL_SHA512 -#define NO_PSK -#define NO_RC4 -//#define NO_DSA -#define NO_MD4 +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* RSA */ +#undef NO_RSA +#if 1 -#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - /* ------------------------------------------------------------------------- */ - /* Crypto */ - /* ------------------------------------------------------------------------- */ - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - /* RSA */ - #undef NO_RSA - #if 1 - #ifdef USE_FAST_MATH - /* Maximum math bits (Max RSA key bits * 2) */ - #undef FP_MAX_BITS - #define FP_MAX_BITS 8192 - #endif + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM - /* half as much memory but twice as slow */ - #undef RSA_LOW_MEM - //#define RSA_LOW_MEM + /* Enables blinding mode, to prevent timing attacks */ + #if 1 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif - /* Enables blinding mode, to prevent timing attacks */ - #if 0 - #undef WC_RSA_BLINDING - #define WC_RSA_BLINDING - #else - #undef WC_NO_HARDEN - #define WC_NO_HARDEN - #endif + /* RSA PSS Support */ + #if 1 + #undef WC_RSA_PSS + #define WC_RSA_PSS - /* RSA PSS Support */ - #if 1 - #define WC_RSA_PSS - #endif + #undef WOLFSSL_PSS_LONG_SALT + #define WOLFSSL_PSS_LONG_SALT - #if 1 - #define WC_RSA_NO_PADDING - #endif - #else - #define NO_RSA + #undef WOLFSSL_PSS_SALT_LEN_DISCOVER + #define WOLFSSL_PSS_SALT_LEN_DISCOVER #endif - /* ECC */ - #undef HAVE_ECC + #if 1 - #define HAVE_ECC - - /* Manually define enabled curves */ - #undef ECC_USER_CURVES - //#define ECC_USER_CURVES - - #ifdef ECC_USER_CURVES - /* Manual Curve Selection */ - //#define HAVE_ECC192 - //#define HAVE_ECC224 - #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 - #endif + #define WC_RSA_NO_PADDING + #endif +#else + #define NO_RSA +#endif - /* Fixed point cache (speeds repeated operations against same private key) */ - #undef FP_ECC - //#define FP_ECC - #ifdef FP_ECC - /* Bits / Entries */ - #undef FP_ENTRIES - #define FP_ENTRIES 2 - #undef FP_LUT - #define FP_LUT 4 - #endif +/* ECC */ +#undef HAVE_ECC +#if 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES + + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + #define HAVE_ECC192 + #define HAVE_ECC224 + #undef NO_ECC256 + #define HAVE_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 + #endif + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ + + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ - /* Optional ECC calculation method */ - /* Note: doubles heap usage, but slightly faster */ - #undef ECC_SHAMIR - #define ECC_SHAMIR + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ - /* Reduces heap usage, but slower */ - #undef ECC_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT + #undef WOLFSSL_VALIDATE_ECC_KEYGEN + #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */ - #ifdef HAVE_FIPS - #undef HAVE_ECC_CDH - #define HAVE_ECC_CDH /* Enable cofactor support */ + #undef WOLFSSL_ECDSA_SET_K + #define WOLFSSL_ECDSA_SET_K - #undef NO_STRICT_ECDSA_LEN - #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + #endif + + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY - #undef WOLFSSL_VALIDATE_ECC_IMPORT - #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) #endif - /* Compressed Key Support */ - #undef HAVE_COMP_KEY - //#define HAVE_COMP_KEY - - /* Use alternate ECC size for ECC math */ - #ifdef USE_FAST_MATH - /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ - #ifdef NO_RSA - /* Custom fastmath size if not using RSA */ - #undef FP_MAX_BITS - #define FP_MAX_BITS (256 * 2) - #else - #undef ALT_ECC_SIZE - #define ALT_ECC_SIZE - /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */ - //#undef FP_MAX_BITS_ECC - //#define FP_MAX_BITS_ECC (256 * 2) - #endif - - /* Speedups specific to curve */ - #ifndef NO_ECC256 - #undef TFM_ECC256 - #define TFM_ECC256 - #endif + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 #endif #endif +#endif - /* AES */ - #undef NO_AES +/* DH */ +#undef NO_DH +#if 1 + /* Use table for DH instead of -lm (math) lib dependency */ #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + #define HAVE_DH_DEFAULT_PARAMS + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_3072 + #define HAVE_FFDHE_4096 + #define HAVE_FFDHE_6144 + #define HAVE_FFDHE_8192 + #endif + + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif +#else + #define NO_DH +#endif - #undef HAVE_AESGCM - #define HAVE_AESGCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - //#define GCM_SMALL - //#define GCM_WORD32 - #define GCM_TABLE +/* AES */ +#undef NO_AES +#if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC - #undef WOLFSSL_AES_DIRECT - #define WOLFSSL_AES_DIRECT + #undef HAVE_AESGCM + #define HAVE_AESGCM - #undef HAVE_AES_ECB - #define HAVE_AES_ECB + /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or + * GCM_TABLE_4BIT */ + #define GCM_TABLE_4BIT - #undef WOLFSSL_AES_COUNTER - #define WOLFSSL_AES_COUNTER + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT - #undef HAVE_AESCCM - #define HAVE_AESCCM + #undef HAVE_AES_ECB + #define HAVE_AES_ECB - #else - #define NO_AES - #endif + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER + + #undef HAVE_AESCCM + #define HAVE_AESCCM + + #undef WOLFSSL_AES_OFB + #define WOLFSSL_AES_OFB +#else + #define NO_AES +#endif - /* DES3 */ - #undef NO_DES3 +/* DES3 */ +#undef NO_DES3 +#if 0 #if 1 - #else - #define NO_DES3 + #undef WOLFSSL_DES_ECB + #define WOLFSSL_DES_ECB #endif +#else + #define NO_DES3 +#endif + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if 0 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif - /* ------------------------------------------------------------------------- */ - /* Hashing */ - /* ------------------------------------------------------------------------- */ - /* Sha */ - #undef NO_SHA +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if 0 + #define HAVE_CURVE25519 + #define HAVE_ED25519 /* ED25519 Requires SHA512 */ + + /* Optionally use small math (less flash usage, but much slower) */ #if 1 - /* 1k smaller, but 25% slower */ - //#define USE_SLOW_SHA - #else - #define NO_SHA + #define CURVED25519_SMALL #endif +#endif - /* Sha256 */ - #undef NO_SHA256 - #if 1 - /* not unrolled - ~2k smaller and ~25% slower */ - //#define USE_SLOW_SHA256 - /* Sha224 */ - #if 1 - #define WOLFSSL_SHA224 - #endif - #else - #define NO_SHA256 - #endif +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha */ +#undef NO_SHA +#if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif - /* Sha512 */ - #undef WOLFSSL_SHA512 +/* Sha256 */ +#undef NO_SHA256 +#if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + /* Sha224 */ #if 1 - #define WOLFSSL_SHA512 + #define WOLFSSL_SHA224 + #endif +#else + #define NO_SHA256 +#endif - /* Sha384 */ - #undef WOLFSSL_SHA384 - #if 1 - #define WOLFSSL_SHA384 - #endif +/* Sha512 */ +#undef WOLFSSL_SHA512 +#if 1 + #define WOLFSSL_SHA512 - /* over twice as small, but 50% slower */ - //#define USE_SLOW_SHA512 - #endif + #undef WOLFSSL_NOSHA512_224 /* Not in FIPS mode */ + #undef WOLFSSL_NOSHA512_256 /* Not in FIPS mode */ - /* Sha3 */ - #undef WOLFSSL_SHA3 + /* Sha384 */ + #undef WOLFSSL_SHA384 #if 1 - #define WOLFSSL_SHA3 + #define WOLFSSL_SHA384 #endif - /* MD5 */ - #undef NO_MD5 - #if 0 + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 +#endif - #else - #define NO_MD5 - #endif +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if 1 + #define WOLFSSL_SHA3 + #define Sha3 wc_Sha3 +#endif - /* HKDF */ - #undef HAVE_HKDF - #if 1 - #define HAVE_HKDF +/* MD5 */ +#undef NO_MD5 +#if 0 + +#else + #define NO_MD5 +#endif + +/* HKDF / PRF */ +#undef HAVE_HKDF +#if 1 + #define HAVE_HKDF + #define WOLFSSL_HAVE_PRF +#endif + +/* CMAC */ +#undef WOLFSSL_CMAC +#if 1 + #define WOLFSSL_CMAC +#endif + + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#undef BENCH_EMBEDDED +#define BENCH_EMBEDDED + +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 + +#undef USE_CERT_BUFFERS_1024 +//#define USE_CERT_BUFFERS_1024 + +#undef USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_256 + + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ + +#undef DEBUG_WOLFSSL +#undef NO_ERROR_STRINGS +#if 1 + #define DEBUG_WOLFSSL +#else + #if 0 + #define NO_ERROR_STRINGS #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Memory */ +/* ------------------------------------------------------------------------- */ - /* CMAC */ - #undef WOLFSSL_CMAC +/* Override Memory API's */ +#if 0 + #undef XMALLOC_OVERRIDE + #define XMALLOC_OVERRIDE + + /* prototypes for user heap override functions */ + /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ + #include /* for size_t */ + extern void *myMalloc(size_t n, void* heap, int type); + extern void myFree(void *p, void* heap, int type); + extern void *myRealloc(void *p, size_t n, void* heap, int type); + + #define XMALLOC(n, h, t) myMalloc(n, h, t) + #define XFREE(p, h, t) myFree(p, h, t) + #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) +#endif + +#if 0 + /* Static memory requires fast math */ + #define WOLFSSL_STATIC_MEMORY + + /* Disable fallback malloc/free */ + #define WOLFSSL_NO_MALLOC #if 1 - #define WOLFSSL_CMAC + #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ #endif +#endif - /* DH */ - #undef NO_DH - #if 1 - /* Use table for DH instead of -lm (math) lib dependency */ - #if 0 - #define WOLFSSL_DH_CONST - #define HAVE_FFDHE_2048 - #define HAVE_FFDHE_4096 - //#define HAVE_FFDHE_6144 - //#define HAVE_FFDHE_8192 - #endif +/* Memory callbacks */ +#if 1 + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY - #ifdef HAVE_FIPS - #define WOLFSSL_VALIDATE_FFC_IMPORT - #define HAVE_FFDHE_Q - #endif - #else - #define NO_DH + /* Use this to measure / print heap usage */ + #if 0 + #undef WOLFSSL_TRACK_MEMORY +// #define WOLFSSL_TRACK_MEMORY + + #undef WOLFSSL_DEBUG_MEMORY + //#define WOLFSSL_DEBUG_MEMORY + + #undef WOLFSSL_DEBUG_MEMORY_PRINT + //#define WOLFSSL_DEBUG_MEMORY_PRINT + #endif +#else + #ifndef WOLFSSL_STATIC_MEMORY + #define NO_WOLFSSL_MEMORY + /* Otherwise we will use stdlib malloc, free and realloc */ #endif -#endif /* FIPS v2 */ +#endif + + +/* ------------------------------------------------------------------------- */ +/* Port */ +/* ------------------------------------------------------------------------- */ + +/* Override Current Time */ +/* Allows custom "custom_time()" function to be used for benchmark */ +//#define WOLFSSL_USER_CURRTIME +//#define WOLFSSL_GMTIME +//#define USER_TICKS +//extern unsigned long my_time(unsigned long* timer); +//#define XTIME my_time + + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ + +/* Seed Source */ + /* Seed Source */ +// extern int my_rng_generate_seed(unsigned char* output, int sz); +// #undef CUSTOM_RAND_GENERATE_SEED +// #define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed + +/* Choose RNG method */ +#if 1 + /* Use built-in P-RNG (SHA256 based) with HW RNG */ + /* P-RNG + HW RNG (P-RNG is ~8K) */ + //#define WOLFSSL_GENSEED_FORTEST + #undef HAVE_HASHDRBG + #define HAVE_HASHDRBG +#else + #undef WC_NO_HASHDRBG + #define WC_NO_HASHDRBG + + /* Bypass P-RNG and use only HW RNG */ + extern int my_rng_gen_block(unsigned char* output, unsigned int sz); + #undef CUSTOM_RAND_GENERATE_BLOCK + #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block +#endif + + +/* ------------------------------------------------------------------------- */ +/* Custom Standard Lib */ +/* ------------------------------------------------------------------------- */ +/* Allows override of all standard library functions */ +#undef STRING_USER +#if 0 + #define STRING_USER + + #include + + #undef USE_WOLF_STRSEP + #define USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + + #undef USE_WOLF_STRTOK + #define USE_WOLF_STRTOK + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + + #define XSNPRINTF snprintf +#endif + + -//#define DEBUG_WOLFSSL +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_ASN_TEMPLATE + +#undef WOLFSSL_ASN_PRINT +#define WOLFSSL_ASN_PRINT + +#undef WOLFSSL_TLS13 +#if 1 + #define WOLFSSL_TLS13 +#endif + +#undef WOLFSSL_KEY_GEN +#if 1 + #define WOLFSSL_KEY_GEN +#endif + +#undef KEEP_PEER_CERT +//#define KEEP_PEER_CERT + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + +#undef HAVE_SUPPORTED_CURVES +#define HAVE_SUPPORTED_CURVES + +#undef WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE64_ENCODE + +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + +#undef OPENSSL_EXTRA +//#define OPENSSL_EXTRA + +#undef WOLFSSL_DER_LOAD +#define WOLFSSL_DER_LOAD + +#undef HAVE_SESSION_TICKET +#define HAVE_SESSION_TICKET + +#undef HAVE_EX_DATA +#define HAVE_EX_DATA + +#undef HAVE_ENCRYPT_THEN_MAC +#define HAVE_ENCRYPT_THEN_MAC + +#undef WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_GEN + +#undef ATOMIC_USER +#define ATOMIC_USER + +#undef HAVE_SECRET_CALLBACK +#define HAVE_SECRET_CALLBACK + +/* wolfEngine */ +#if 1 + #define OPENSSL_COEXIST + + /* HKDF for engine */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #define HAVE_X963_KDF + #endif + + #undef WOLFSSL_PUBLIC_MP + #define WOLFSSL_PUBLIC_MP + + #undef NO_OLD_RNGNAME + #define NO_OLD_RNGNAME + + #undef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + + #undef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + + #undef NO_OLD_SHA_NAMES + #define NO_OLD_SHA_NAMES + + #undef NO_OLD_MD5_NAME + #define NO_OLD_MD5_NAME + + #undef NO_OLD_SHA256_NAMES + #define NO_OLD_SHA256_NAMES +#endif + +#undef WOLFSSL_SYS_CA_CERTS +#define WOLFSSL_SYS_CA_CERTS + +#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS +#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS + +#undef HAVE_SERVER_RENEGOTIATION_INFO +#define HAVE_SERVER_RENEGOTIATION_INFO + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +#undef NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_SERVER + +#undef NO_WOLFSSL_CLIENT +//#define NO_WOLFSSL_CLIENT + +#undef NO_CRYPT_TEST +//#define NO_CRYPT_TEST + +#undef NO_CRYPT_BENCHMARK +//#define NO_CRYPT_BENCHMARK + +#undef WOLFCRYPT_ONLY +#define WOLFCRYPT_ONLY + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +#undef NO_INLINE +//#define NO_INLINE + +#undef NO_FILESYSTEM +//#define NO_FILESYSTEM + +#undef NO_WRITEV +//#define NO_WRITEV + +#undef NO_MAIN_DRIVER #define NO_MAIN_DRIVER -/* wolfEngine settings */ -#define WOLFSSL_PUBLIC_MP -#define NO_WOLFSSL_DIR +#undef NO_DEV_RANDOM +//#define NO_DEV_RANDOM + +#undef NO_DSA +#define NO_DSA + +#undef NO_RC4 +#define NO_RC4 + +#undef NO_OLD_TLS +#define NO_OLD_TLS + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef NO_PWDBASED +//#define NO_PWDBASED + +#undef NO_CODING +//#define NO_CODING + +#undef NO_ASN_TIME +//#define NO_ASN_TIME + +#undef NO_CERTS +//#define NO_CERTS + +#undef NO_SIG_WRAPPER +//#define NO_SIG_WRAPPER + +#undef NO_DO178 +#define NO_DO178 + +#undef WOLFSSL_NO_SHAKE128 +#define WOLFSSL_NO_SHAKE128 + +#undef WOLFSSL_NO_SHAKE256 +#define WOLFSSL_NO_SHAKE256 + +/* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */ +#if 1 + #undef WOLFSSL_PUBLIC_MP + #define WOLFSSL_PUBLIC_MP + + #undef OPTEST_LOGGING_ENABLED + //#define OPTEST_LOGGING_ENABLED + + #undef OPTEST_INVALID_LOGGING_ENABLED + //#define OPTEST_INVALID_LOGGING_ENABLED + + #undef NO_MAIN_OPTEST_DRIVER + #define NO_MAIN_OPTEST_DRIVER + + #undef DEBUG_FIPS_VERBOSE + #define DEBUG_FIPS_VERBOSE + + #undef HAVE_FORCE_FIPS_FAILURE + #define HAVE_FORCE_FIPS_FAILURE + + #undef NO_WRITE_TEMP_FILES + #define NO_WRITE_TEMPT_FILES +#endif + +#ifdef __cplusplus +} +#endif -//#define WOLFENGINE_DEBUG -/* TODO: Add WE_HAVE_* settings here */ -#endif /* _WIN_USER_SETTINGS_H_ */ +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md index 6020d6ac2c..6565045790 100644 --- a/IDE/WORKBENCH/README.md +++ b/IDE/WORKBENCH/README.md @@ -10,6 +10,7 @@ src and wolfcrypt directories. Uncheck the following: ``` wolfcrypt/src/aes_asm.asm wolfcrypt/src/aes_gcm_asm.asm + wolfcrypt/src/aes_xts_asm.asm wolfcrypt/src/aes_asm.s examples/echoclient/ examples/echoserver/ diff --git a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h index 28df853cbf..cbbdfe3a0e 100644 --- a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h +++ b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -407,6 +407,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h index f7c5693cc9..768ed06c2a 100644 --- a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h +++ b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -418,6 +418,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/XCODE-FIPSv2/user_settings.h b/IDE/XCODE-FIPSv2/user_settings.h index 031f54b52b..cf039344df 100644 --- a/IDE/XCODE-FIPSv2/user_settings.h +++ b/IDE/XCODE-FIPSv2/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -419,6 +419,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/IDE/XCODE-FIPSv5/user_settings.h b/IDE/XCODE-FIPSv5/user_settings.h index aff1e444f7..74fdb284e2 100644 --- a/IDE/XCODE-FIPSv5/user_settings.h +++ b/IDE/XCODE-FIPSv5/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,21 +33,61 @@ extern "C" { #undef WOLFSSL_GENERAL_ALIGNMENT #define WOLFSSL_GENERAL_ALIGNMENT 4 +/* Multi-threaded support */ #undef SINGLE_THREADED -//#define SINGLE_THREADED +#if 0 + #define SINGLE_THREADED +#else + #define ERROR_QUEUE_PER_THREAD /* if applicable otherwise comment out */ +#endif -#undef WOLFSSL_SMALL_STACK -//#define WOLFSSL_SMALL_STACK +#ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS +#endif #undef WOLFSSL_USER_IO //#define WOLFSSL_USER_IO -#undef IPHONE -#define IPHONE - #undef NO_WRITE_TEMP_FILES #define NO_WRITE_TEMP_FILES +/* FIPS 140-3 OE specific section(s) */ + +/* Uncomment for Android devices */ +#undef ANDROID_V454 +/* #define ANDROID_V454 */ +#ifdef ANDROID_V454 + #if 1 + /* To have all printouts go to the app view on the device use: */ + extern int appendToTextView(const char* fmt, ...); + #undef printf + #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__) + #else + #include + #define WOLFLOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, "wolfCrypt_android", __VA_ARGS__) + #undef printf + #define printf WOLFLOGV + #endif +#endif + +/* Uncomment for WINCE 6.0 devices. NOTE: _WIN32_WCE defined by system */ +#if 0 + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_ATOMICS + #define WC_NO_ASYNC_THREADING + #define USE_WINDOWS_API + #define WOLFSSL_SMALL_STACK +#endif + +/* Uncomment for iOS devices with PAA */ +#undef IPHONE +/* #define IPHONE */ + +#ifdef IPHONE + #define YES_WPAA +#endif + /* ------------------------------------------------------------------------- */ /* Math Configuration */ /* ------------------------------------------------------------------------- */ @@ -55,31 +95,48 @@ extern "C" { #define SIZEOF_LONG_LONG 8 #undef USE_FAST_MATH -#if 1 +#if 0 #define USE_FAST_MATH #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT #undef TFM_NO_ASM - #define TFM_NO_ASM + //#define TFM_NO_ASM /* Optimizations */ //#define TFM_ARM + + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 16384 +#else + #define WOLFSSL_SP_MATH_ALL + #define WOLFSSL_SP_INT_NEGATIVE + /* Maximum math bits (largest supported key bits) */ + #undef SP_INT_BITS + #define SP_INT_BITS 8192 #endif /* Wolf Single Precision Math */ #undef WOLFSSL_SP #if 1 /* SP Assembly Speedups (wPAA) */ - #define SP_INT_BITS 8192 #define WOLFSSL_SP - #define WOLFSSL_SP_SMALL /* use smaller version of code */ + //#define WOLFSSL_SP_SMALL /* use smaller version of code */ + #define WOLFSSL_SP_1024 + #define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */ + #define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */ + #define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */ #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_HAVE_SP_DH #define WOLFSSL_HAVE_SP_ECC - /* Customer indicated no desire for PAA, leave out */ - //#define WOLFSSL_ARMASM - //#define WOLFSSL_SP_ARM64_ASM + /* If no PAA, leave out */ + #if defined(IPHONE) && defined(YES_WPAA) + #define WOLFSSL_SP_ASM + #define WOLFSSL_ARMASM + #define WOLFSSL_SP_ARM64 + #define WOLFSSL_SP_ARM64_ASM + #endif #endif /* ------------------------------------------------------------------------- */ @@ -87,7 +144,8 @@ extern "C" { /* ------------------------------------------------------------------------- */ #undef HAVE_FIPS #if 1 - #define WOLFCRYPT_FIPS_CORE_HASH_VALUE 7E1F475996F8BBAB1903D108A9B0AD8D679C5DF6C1598D05924BCAF42A673040 + + #define WOLFCRYPT_FIPS_CORE_HASH_VALUE E10668763A70618419DF0D90190AE23B47D07BBF613F4CD73A54339B0F672203 #define HAVE_FIPS #undef HAVE_FIPS_VERSION @@ -99,17 +157,9 @@ extern "C" { #undef WOLFSSL_WOLFSSH #define WOLFSSL_WOLFSSH - #undef WOLFSSL_ECDSA_SET_K - #define WOLFSSL_ECDSA_SET_K - #undef WC_RNG_SEED_CB #define WC_RNG_SEED_CB - #ifdef SINGLE_THREADED - #undef NO_THREAD_LS - #define NO_THREAD_LS - #endif - #if 0 #undef NO_ATTRIBUTE_CONSTRUCTOR #define NO_ATTRIBUTE_CONSTRUCTOR @@ -124,18 +174,13 @@ extern "C" { /* RSA */ #undef NO_RSA #if 1 - #ifdef USE_FAST_MATH - /* Maximum math bits (Max RSA key bits * 2) */ - #undef FP_MAX_BITS - #define FP_MAX_BITS 16384 - #endif /* half as much memory but twice as slow */ #undef RSA_LOW_MEM //#define RSA_LOW_MEM /* Enables blinding mode, to prevent timing attacks */ - #if 0 + #if 1 #undef WC_RSA_BLINDING #define WC_RSA_BLINDING #else @@ -147,6 +192,12 @@ extern "C" { #if 1 #undef WC_RSA_PSS #define WC_RSA_PSS + + #undef WOLFSSL_PSS_LONG_SALT + #define WOLFSSL_PSS_LONG_SALT + + #undef WOLFSSL_PSS_SALT_LEN_DISCOVER + #define WOLFSSL_PSS_SALT_LEN_DISCOVER #endif #if 1 @@ -163,15 +214,16 @@ extern "C" { /* Manually define enabled curves */ #undef ECC_USER_CURVES - //#define ECC_USER_CURVES + #define ECC_USER_CURVES #ifdef ECC_USER_CURVES /* Manual Curve Selection */ - //#define HAVE_ECC192 - //#define HAVE_ECC224 + #define HAVE_ECC192 + #define HAVE_ECC224 #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 + #define HAVE_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 #endif /* Fixed point cache (speeds repeated operations against same private key) */ @@ -205,13 +257,16 @@ extern "C" { #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ #undef WOLFSSL_VALIDATE_ECC_KEYGEN - #define WOLFSSL_VALIDATE_ECC_KEYGEN + #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */ + + #undef WOLFSSL_ECDSA_SET_K + #define WOLFSSL_ECDSA_SET_K #endif /* Compressed Key Support */ #undef HAVE_COMP_KEY - //#define HAVE_COMP_KEY + #define HAVE_COMP_KEY /* Use alternate ECC size for ECC math */ #ifdef USE_FAST_MATH @@ -241,6 +296,7 @@ extern "C" { #if 1 /* Use table for DH instead of -lm (math) lib dependency */ #if 1 + #define HAVE_DH_DEFAULT_PARAMS #define WOLFSSL_DH_CONST #define HAVE_FFDHE_2048 #define HAVE_FFDHE_3072 @@ -267,8 +323,9 @@ extern "C" { #undef HAVE_AESGCM #define HAVE_AESGCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - #define GCM_TABLE + /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or + * GCM_TABLE_4BIT */ + #define GCM_TABLE_4BIT #undef WOLFSSL_AES_DIRECT #define WOLFSSL_AES_DIRECT @@ -282,8 +339,9 @@ extern "C" { #undef HAVE_AESCCM #define HAVE_AESCCM - #undef HAVE_AES_KEYWRAP - #define HAVE_AES_KEYWRAP + #undef WOLFSSL_AES_OFB + #define WOLFSSL_AES_OFB + #else #define NO_AES #endif @@ -374,6 +432,7 @@ extern "C" { #undef WOLFSSL_SHA3 #if 1 #define WOLFSSL_SHA3 + #define NO_OLD_WC_NAMES #endif /* MD5 */ @@ -384,10 +443,11 @@ extern "C" { #define NO_MD5 #endif -/* HKDF */ +/* HKDF / PRF */ #undef HAVE_HKDF #if 1 #define HAVE_HKDF + #define WOLFSSL_HAVE_PRF #endif /* CMAC */ @@ -440,6 +500,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); @@ -567,8 +628,14 @@ extern "C" { /* ------------------------------------------------------------------------- */ /* Enable Features */ /* ------------------------------------------------------------------------- */ +#undef WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_ASN_TEMPLATE + +#undef WOLFSSL_ASN_PRINT +#define WOLFSSL_ASN_PRINT + #undef WOLFSSL_TLS13 -#if 0 +#if 1 #define WOLFSSL_TLS13 #endif @@ -577,35 +644,31 @@ extern "C" { #define WOLFSSL_KEY_GEN #endif -#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) - #define WOLFSSL_OLD_PRIME_CHECK -#endif - #undef KEEP_PEER_CERT //#define KEEP_PEER_CERT -#undef HAVE_COMP_KEY -//#define HAVE_COMP_KEY - #undef HAVE_TLS_EXTENSIONS #define HAVE_TLS_EXTENSIONS +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + #undef HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES #undef WOLFSSL_BASE64_ENCODE #define WOLFSSL_BASE64_ENCODE +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + /* TLS Session Cache */ -#if 0 +#if 1 #define SMALL_SESSION_CACHE #else #define NO_SESSION_CACHE #endif -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA - #undef WOLFSSL_DER_LOAD #define WOLFSSL_DER_LOAD @@ -626,6 +689,55 @@ extern "C" { #undef HAVE_SECRET_CALLBACK #define HAVE_SECRET_CALLBACK + +/* wolfEngine */ +#if 0 + #define OPENSSL_COEXIST + + /* HKDF for engine */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #define HAVE_X963_KDF + #endif + + #undef WOLFSSL_PUBLIC_MP + #define WOLFSSL_PUBLIC_MP + + #undef NO_OLD_RNGNAME + #define NO_OLD_RNGNAME + + #undef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + + #undef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + + #undef NO_OLD_SHA_NAMES + #define NO_OLD_SHA_NAMES + + #undef NO_OLD_MD5_NAME + #define NO_OLD_MD5_NAME + + #undef NO_OLD_SHA256_NAMES + #define NO_OLD_SHA256_NAMES +#endif + +#undef WOLFSSL_SYS_CA_CERTS +//#define WOLFSSL_SYS_CA_CERTS + +#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS +#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS + +#undef HAVE_SERVER_RENEGOTIATION_INFO +#define HAVE_SERVER_RENEGOTIATION_INFO + +#undef WOLFSSL_PEM_TO_DER +#define WOLFSSL_PEM_TO_DER + +#undef WOLFSSL_PUB_PEM_TO_DER +#define WOLFSSL_PUB_PEM_TO_DER + /* ------------------------------------------------------------------------- */ /* Disable Features */ /* ------------------------------------------------------------------------- */ @@ -642,7 +754,7 @@ extern "C" { //#define NO_CRYPT_BENCHMARK #undef WOLFCRYPT_ONLY -#define WOLFCRYPT_ONLY +//#define WOLFCRYPT_ONLY /* In-lining of misc.c functions */ /* If defined, must include wolfcrypt/src/misc.c in build */ @@ -692,21 +804,98 @@ extern "C" { #undef NO_SIG_WRAPPER //#define NO_SIG_WRAPPER +#undef NO_DO178 +#define NO_DO178 + +#undef WOLFSSL_NO_SHAKE128 +#define WOLFSSL_NO_SHAKE128 + +#undef WOLFSSL_NO_SHAKE256 +#define WOLFSSL_NO_SHAKE256 + /* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */ -#if 1 +#if 0 + #undef NO_EARLY_BAIL + #define NO_EARLY_BAIL + #undef WOLFSSL_PUBLIC_MP #define WOLFSSL_PUBLIC_MP + #undef OPTEST_LOGGING_ENABLED + //#define OPTEST_LOGGING_ENABLED + + #undef OPTEST_INVALID_LOGGING_ENABLED + //#define OPTEST_INVALID_LOGGING_ENABLED + + #undef NO_MAIN_OPTEST_DRIVER + #define NO_MAIN_OPTEST_DRIVER + + #undef DEBUG_FIPS_VERBOSE + #define DEBUG_FIPS_VERBOSE + #undef HAVE_FORCE_FIPS_FAILURE #define HAVE_FORCE_FIPS_FAILURE + + #undef NO_WRITE_TEMP_FILES + #define NO_WRITE_TEMPT_FILES #endif #ifdef __cplusplus } #endif +/* Customer Specific Section */ +/* #define CUSTOMER_1_IOS */ +#ifdef CUSTOMER_1_IOS -#endif /* WOLFSSL_USER_SETTINGS_H */ + /* not certified, disable for full FIPS compliance, will attempt to include + * in UPDT submission and/or next FS submission */ + #undef HAVE_AES_KEYWRAP + #define HAVE_AES_KEYWRAP + + #undef HAVE_PKCS7 + #define HAVE_PKCS7 + + #undef HAVE_SNI + #define HAVE_SNI + #undef HAVE_THREAD_LS + #define HAVE_THREAD_LS + /* Not certifiable but external to module boundary and out of scope */ + #undef WOLFCRYPT_HAVE_ECCSI + #define WOLFCRYPT_HAVE_ECCSI + /* Not certifiable but external to module boundary and out of scope */ + #undef WOLFCRYPT_HAVE_SAKKE + #define WOLFCRYPT_HAVE_SAKKE + + #undef WOLFSSL_DTLS + #define WOLFSSL_DTLS + + #undef WOLFSSL_DTLS_MTU + #define WOLFSSL_DTLS_MTU + + /* OpenSSL Compatibility (NOTE: Incompatible with wolfEngine and + OPENSSL_COEXIST) */ + #ifndef OPENSSL_COEXIST + #undef OPENSSL_EXTRA + #if 1 + #define OPENSSL_EXTRA + /* Larger footprint but enable ALL compatibility not just a subset */ + #if 1 + #define OPENSSL_ALL + #endif + #endif + #endif +#endif /* CUSTOMER_1_IOS */ + +#define CUSTOMER_1_ANDROID +#ifdef CUSTOMER_1_ANDROID +/* TODO */ + +#endif + + + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h index 2feebb2112..f6a3eeee78 100644 --- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h +++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h @@ -1,6 +1,6 @@ /* AppDelegate.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m index cfb4bd57f4..eb6a1d88ca 100644 --- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m +++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m @@ -1,6 +1,6 @@ /* AppDelegate.m * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.h b/IDE/XCODE/Benchmark/wolfBench/ViewController.h index 2dc6e90fd6..d8f1a9a3e6 100644 --- a/IDE/XCODE/Benchmark/wolfBench/ViewController.h +++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.h @@ -1,6 +1,6 @@ /* ViewController.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.m b/IDE/XCODE/Benchmark/wolfBench/ViewController.m index cf4f036925..94c3f63822 100644 --- a/IDE/XCODE/Benchmark/wolfBench/ViewController.m +++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.m @@ -1,6 +1,6 @@ /* ViewController.m * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XCODE/Benchmark/wolfBench/main.m b/IDE/XCODE/Benchmark/wolfBench/main.m index 8966a562db..bee606d429 100644 --- a/IDE/XCODE/Benchmark/wolfBench/main.m +++ b/IDE/XCODE/Benchmark/wolfBench/main.m @@ -1,6 +1,6 @@ /* main.m * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project b/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project index 252a8b47a1..068e630bd9 100644 --- a/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project +++ b/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project @@ -326,9 +326,9 @@ PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_operations.c - src/wolfcrypt/src/fe_x25519_128.i + src/wolfcrypt/src/fe_x25519_128.h 1 - PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_x25519_128.i + PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_x25519_128.h src/wolfcrypt/src/fp_mont_small.i diff --git a/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project b/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project index 23ce39a74e..dc79a4eca4 100644 --- a/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project +++ b/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project @@ -1016,9 +1016,9 @@ PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_operations.c - src/wolfcrypt/src/fe_x25519_128.i + src/wolfcrypt/src/fe_x25519_128.h 1 - PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.i + PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.h src/wolfcrypt/src/fp_mont_small.i diff --git a/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project b/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project index 60b0945e33..d4a25e9384 100644 --- a/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project +++ b/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project @@ -1016,9 +1016,9 @@ PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_operations.c - src/wolfcrypt/src/fe_x25519_128.i + src/wolfcrypt/src/fe_x25519_128.h 1 - PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.i + PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.h src/wolfcrypt/src/fp_mont_small.i diff --git a/IDE/XilinxSDK/user_settings.h b/IDE/XilinxSDK/user_settings.h index 1b0c324c41..39bb710bcc 100644 --- a/IDE/XilinxSDK/user_settings.h +++ b/IDE/XilinxSDK/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/XilinxSDK/wolfssl_example.c b/IDE/XilinxSDK/wolfssl_example.c index d111d2580b..ee11846825 100644 --- a/IDE/XilinxSDK/wolfssl_example.c +++ b/IDE/XilinxSDK/wolfssl_example.c @@ -1,6 +1,6 @@ /* wolfssl_example.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/README.md b/IDE/apple-universal/README.md index 7a4d38dac6..a13f349244 100644 --- a/IDE/apple-universal/README.md +++ b/IDE/apple-universal/README.md @@ -4,7 +4,7 @@ This example shows how to build a wolfSSL static library for Apple targets on al The example was created using Xcode version 14.3.1. # Why? -Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `cURL`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app. +Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `curl`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app. However, if you do want to compile wolfSSL from source manually in your Xcode project using `user_settings.h`, see the example in [IDE/XCODE](https://github.com/wolfSSL/wolfssl/tree/master/IDE/XCODE). @@ -16,7 +16,7 @@ This example consists of a build script and an Xcode example project. The build To use the build script, you can run it without arguments to build a default configuration, or you can use the `-c` option to pass in a quoted string containing any additional flags to `configure` that you need. Note that `--enable-static --disable-shared` is always passed to `configure` by default. Consider the following usage example, with descriptions in the comments: -``` +```sh # default configuration ./build-wolfssl-framework.sh @@ -60,7 +60,7 @@ If you are developing on a macOS machine and want to compile wolfSSL to run on m The generic `configure` invocation required to cross compile a static library for an Apple device is as follows: -``` +```sh ./configure --disable-shared --enable-static \ --prefix=${INSTALL_DIR} \ --host=${HOST} \ @@ -89,4 +89,43 @@ Low-level programming in the Apple ecosystem is sparsely documented, and certain 2. Cross compiling for the **iOS simulator** with a min version specifier present (`-miphoneos-version-min`) requires the `-target ${ARCH}-apple-ios-simulator` compiler flag in order to build . It is unclear why this is required, as The GNU documentation claims that the `target` option is only required if cross-compiling a compiler to run on architecture X but emit code for architecture Y (known as a canadian cross-compilation scenario). Regardless, if you do not include a `-target` option, the build will generate a large number of warnings when linking against system libraries with messages like: `ld: warning: building for iOS, but linking in .tbd file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator16.4.sdk/usr/lib/libnetwork.tbd) built for iOS Simulator`. It was thought that perhaps the host option should instead be `--host=${ARCH}-apple-ios-simulator` but this is not a valid option, and `configure` will fail with a different error: `checking host system type... Invalid configuration 'arm64-apple-ios-simulator': Kernel 'ios' not known to work with OS 'simulator`. If you do not specify a min iOS version, this is not required. Mysteriously, the other simulators (tvOS, watchOS) do not have this issue.... +## Building wolfSSL and curl + +Building curl with wolfSSL for Apple targets using configure/autotools can be accomplished with the following procedure: + +1. Build wolfSSL as described in the above steps with curl compatibility enabled, either as a framework using the helper script, or as a cross-compiled library for your desired platform + +```sh +cd /path/to/wolfssl/IDE/apple-universal + +# build wolfSSL as a framework using the helper script +./build-wolfssl-framework.sh -c "--enable-curl" + +# or build as a static library for one platform (using iOS as an example) +ARCH=arm64 +WOLFSSL_INSTALL=/path/to/output/install/wolfssl-iphoneos-${ARCH} +./configure --host=${ARCH}-apple-darwin \ + --enable-curl \ + --enable-static --disable-shared \ + --prefix=${WOLFSSL_INSTALL} \ + CFLAGS="-arch ${ARCH} -isysroot $(xcrun --sdk iphoneos --show-sdk-path)" + +make +``` + +2. Configure and build curl to use the wolfSSL library for your platform that was built in step 1. Note that you must use `--with-wolfssl` to point curl to the wolfSSL *library install* for your specific platform, not to the xcframework. + +```sh +cd /path/to/curl + +# Note that it is necessary to manually link curl against the Apple CoreFoundation and Security frameworks, +# as they are required by wolfSSL on Apple platforms. Using iOS as an example: +./configure --host=${ARCH}-apple-darwin \ + --with-wolfssl=${WOLFSSL_INSTALL} \ + CFLAGS="-arch ${ARCH} -isysroot $(xcrun -sdk iphoneos --show-sdk-path)" \ + LDFLAGS="-framework CoreFoundation -framework Security" + +make +``` + diff --git a/IDE/apple-universal/build-wolfssl-framework.sh b/IDE/apple-universal/build-wolfssl-framework.sh index a3ff12a6cc..85763e281b 100755 --- a/IDE/apple-universal/build-wolfssl-framework.sh +++ b/IDE/apple-universal/build-wolfssl-framework.sh @@ -2,7 +2,7 @@ # build-wolfssl-framework.sh # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift index 6e452c5029..29ca2b4099 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift @@ -1,6 +1,6 @@ /* ContentView.swift * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c index b18d058da1..d97bf559f0 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c @@ -1,6 +1,6 @@ /* simple_client_example.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h index ce88958216..915f7cc2e5 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h @@ -1,6 +1,6 @@ /* simple_client_example.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h index f232f13bd0..e156376bb1 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h @@ -1,6 +1,6 @@ /* wolfssl-multiplatform-Bridging-Header.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift index acf2a03aac..6627afb345 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift @@ -1,6 +1,6 @@ /* wolfssl_multiplatformApp.swift * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c index 50655c834e..20f605ff7d 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c @@ -1,6 +1,6 @@ /* wolfssl_test_driver.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h index a3104e64ef..768518554e 100644 --- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h +++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h @@ -1,6 +1,6 @@ /* wolfssl_test_driver.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/include.am b/IDE/include.am index 72879b18e6..65e07cc338 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -2,65 +2,73 @@ # included from Top Level Makefile.am # All paths should be given relative to the root -include IDE/XCODE/include.am -include IDE/XCODE-FIPSv2/include.am -include IDE/XCODE-FIPSv5/include.am -include IDE/WIN/include.am -include IDE/WIN10/include.am -include IDE/WIN-SGX/include.am -include IDE/LINUX-SGX/include.am -include IDE/WORKBENCH/include.am -include IDE/ROWLEY-CROSSWORKS-ARM/include.am -include IDE/TRUESTUDIO/include.am +include IDE/Android/include.am +include IDE/apple-universal/include.am include IDE/ARDUINO/include.am -include IDE/INTIME-RTOS/include.am -include IDE/KDS/include.am -include IDE/STM32Cube/include.am -include IDE/VS-ARM/include.am -include IDE/MSVS-2019-AZSPHERE/include.am -include IDE/VS-AZURE-SPHERE/include.am -include IDE/GCC-ARM/include.am +include IDE/AURIX/include.am +include IDE/CRYPTOCELL/include.am include IDE/CSBENCH/include.am include IDE/ECLIPSE/DEOS/include.am include IDE/ECLIPSE/MICRIUM/include.am +include IDE/ECLIPSE/RTTHREAD/include.am include IDE/ECLIPSE/SIFIVE/include.am +include IDE/Espressif/include.am +include IDE/GCC-ARM/include.am +include IDE/HEXAGON/include.am +include IDE/IAR-MSP430/include.am +include IDE/Infineon/include.am +include IDE/INTIME-RTOS/include.am +include IDE/iotsafe/include.am +include IDE/KDS/include.am +include IDE/LINUX-SGX/include.am +include IDE/M68K/include.am +include IDE/MCUEXPRESSO/include.am +include IDE/MDK5-ARM/include.am +include IDE/MPLABX16/include.am +include IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am +include IDE/MPLABX16/wolfssl.X/nbproject/include.am include IDE/MQX/include.am -include IDE/ECLIPSE/RTTHREAD/include.am +include IDE/MSVS-2019-AZSPHERE/include.am include IDE/mynewt/include.am -include IDE/Renesas/e2studio/DK-S7G2/include.am +include IDE/NETOS/include.am +include IDE/PlatformIO/include.am +include IDE/QNX/include.am include IDE/Renesas/cs+/Projects/include.am +include IDE/Renesas/e2studio/DK-S7G2/include.am include IDE/Renesas/e2studio/Projects/include.am include IDE/Renesas/e2studio/RA6M3/include.am +include IDE/Renesas/e2studio/RA6M4/include.am include IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am -include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am include IDE/Renesas/e2studio/RX65N/RSK/include.am -include IDE/Renesas/e2studio/RA6M4/include.am +include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am include IDE/Renesas/e2studio/RZN2L/include.am -include IDE/WICED-STUDIO/include.am -include IDE/CRYPTOCELL/include.am -include IDE/M68K/include.am -include IDE/HEXAGON/include.am include IDE/RISCV/include.am -include IDE/XilinxSDK/include.am +include IDE/ROWLEY-CROSSWORKS-ARM/include.am +include IDE/SimplicityStudio/include.am +include IDE/STARCORE/include.am +include IDE/STM32Cube/include.am +include IDE/TRUESTUDIO/include.am include IDE/VisualDSP/include.am -include IDE/QNX/include.am +include IDE/VS-ARM/include.am +include IDE/VS-AZURE-SPHERE/include.am +include IDE/WICED-STUDIO/include.am +include IDE/WIN-SGX/include.am +include IDE/WIN-SRTP-KDF-140-3/include.am +include IDE/WIN/include.am +include IDE/WIN10/include.am include IDE/WINCE/include.am -include IDE/iotsafe/include.am -include IDE/Android/include.am -include IDE/NETOS/include.am -include IDE/IAR-MSP430/include.am +include IDE/WORKBENCH/include.am +include IDE/XCODE-FIPSv2/include.am +include IDE/XCODE-FIPSv5/include.am +include IDE/XCODE/include.am +include IDE/XilinxSDK/include.am include IDE/zephyr/include.am -include IDE/AURIX/include.am -include IDE/MCUEXPRESSO/include.am -include IDE/Espressif/include.am -include IDE/STARCORE/include.am -include IDE/MDK5-ARM/include.am -include IDE/SimplicityStudio/include.am -include IDE/apple-universal/include.am -include IDE/MPLABX16/include.am -include IDE/MPLABX16/wolfssl.X/nbproject/include.am -include IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am -include IDE/Infineon/include.am -EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif +EXTRA_DIST+= IDE/Espressif +EXTRA_DIST+= IDE/HEXIWEAR +EXTRA_DIST+= IDE/IAR-EWARM +EXTRA_DIST+= IDE/LPCXPRESSO +EXTRA_DIST+= IDE/MDK-ARM +EXTRA_DIST+= IDE/MYSQL EXTRA_DIST+= IDE/OPENSTM32/README.md +EXTRA_DIST+= IDE/PlatformIO diff --git a/IDE/iotsafe-raspberrypi/client-tls13.c b/IDE/iotsafe-raspberrypi/client-tls13.c index 91383d5d06..0bcad0b774 100644 --- a/IDE/iotsafe-raspberrypi/client-tls13.c +++ b/IDE/iotsafe-raspberrypi/client-tls13.c @@ -1,6 +1,6 @@ /* client-tls13.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe-raspberrypi/main.c b/IDE/iotsafe-raspberrypi/main.c index f8cb3c51e8..aaa4129306 100644 --- a/IDE/iotsafe-raspberrypi/main.c +++ b/IDE/iotsafe-raspberrypi/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/ca-cert.c b/IDE/iotsafe/ca-cert.c index f8d75623c0..7b99b25cc1 100644 --- a/IDE/iotsafe/ca-cert.c +++ b/IDE/iotsafe/ca-cert.c @@ -1,6 +1,6 @@ /* ca-cert.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/devices.c b/IDE/iotsafe/devices.c index 59b739cf5d..83c6b58871 100644 --- a/IDE/iotsafe/devices.c +++ b/IDE/iotsafe/devices.c @@ -1,6 +1,6 @@ /* devices.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/devices.h b/IDE/iotsafe/devices.h index f19ae3b8ad..5752fb550e 100644 --- a/IDE/iotsafe/devices.h +++ b/IDE/iotsafe/devices.h @@ -1,6 +1,6 @@ /* devices.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,8 +95,8 @@ #define FLASH_ACR_LATENCY_MASK (0x03) /* RCC: Periph enable flags */ -#define USART1_APB2_CLOCK_ER_VAL (1 << 14) -#define USART2_APB1_CLOCK_ER_VAL (1 << 17) +#define USART1_APB2_CLOCK_ER_VAL (1 << 14) +#define USART2_APB1_CLOCK_ER_VAL (1 << 17) #define PWR_APB1_CLOCK_ER_VAL (1 << 28) #define GPIOA_AHB2_CLOCK_ER_VAL (1 << 0) #define GPIOB_AHB2_CLOCK_ER_VAL (1 << 1) @@ -208,11 +208,11 @@ #define SYSTICK_CALIB (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C)) -/* STMod+ connector pinout +/* STMod+ connector pinout * * Connector STM32L4 * pins pins - * + * * 1 11 PG11 PH2 * 2 12 PB6 PB2 * 3 13 PG10 PA4 @@ -243,7 +243,7 @@ void stmod_modem_disable(void); /* inline functions for GPIO */ static inline void gpio_set(uint32_t port, uint32_t pin) { - GPIO_BSSR(port) |= (1 << pin); + GPIO_BSSR(port) |= (1 << pin); } static inline void gpio_clear(uint32_t port, uint32_t pin) diff --git a/IDE/iotsafe/main.c b/IDE/iotsafe/main.c index 90aa08da6e..df065551c0 100644 --- a/IDE/iotsafe/main.c +++ b/IDE/iotsafe/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/memory-tls.c b/IDE/iotsafe/memory-tls.c index 96d9216865..3d4bf088fb 100644 --- a/IDE/iotsafe/memory-tls.c +++ b/IDE/iotsafe/memory-tls.c @@ -1,6 +1,6 @@ /* memory-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/startup.c b/IDE/iotsafe/startup.c index a5418b1ab6..2b0123a30a 100644 --- a/IDE/iotsafe/startup.c +++ b/IDE/iotsafe/startup.c @@ -1,6 +1,6 @@ /* startup.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/target.ld b/IDE/iotsafe/target.ld index df0f2272bc..0afe8a75ab 100644 --- a/IDE/iotsafe/target.ld +++ b/IDE/iotsafe/target.ld @@ -1,6 +1,6 @@ /* target.ld * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h index 3852464e82..368a76ed43 100644 --- a/IDE/iotsafe/user_settings.h +++ b/IDE/iotsafe/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/mynewt/apps.wolfcrypttest.pkg.yml b/IDE/mynewt/apps.wolfcrypttest.pkg.yml index c072dd50a2..f3392e93df 100644 --- a/IDE/mynewt/apps.wolfcrypttest.pkg.yml +++ b/IDE/mynewt/apps.wolfcrypttest.pkg.yml @@ -1,4 +1,4 @@ -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/mynewt/crypto.wolfssl.pkg.yml b/IDE/mynewt/crypto.wolfssl.pkg.yml index ebb4bfaeb4..aa1b924bee 100644 --- a/IDE/mynewt/crypto.wolfssl.pkg.yml +++ b/IDE/mynewt/crypto.wolfssl.pkg.yml @@ -1,4 +1,4 @@ -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/Makefile.am b/Makefile.am index f65d371a33..1d4f26c6b4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -207,7 +207,8 @@ if BUILD_LINUXKM SUBDIRS_OPT += linuxkm DIST_SUBDIRS_OPT += linuxkm - export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \ + export build_triplet host_triplet CC AS LD \ + KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \ EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \ AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \ AM_CCASFLAGS CCASFLAGS \ @@ -310,3 +311,8 @@ merge-clean: @find ./ | $(GREP) \.BASE | xargs rm -f @find ./ | $(GREP) \~$$ | xargs rm -f +%.o: %.cu + $(NVCC) -dc $(CUDAFLAGS) -o $@ $< + +.cu.lo: + $(LIBTOOL) --tag=CC --mode=compile $(COMPILE) --compile -o $@ $< -static diff --git a/README b/README index 72d5cb36f0..261eb200d6 100644 --- a/README +++ b/README @@ -70,99 +70,114 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.0 (Mar 20, 2024) +# wolfSSL Release 5.7.2 (July 08, 2024) -Release 5.7.0 has been developed according to wolfSSL's development and QA +Release 5.7.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition. This option should only be used in backward compatibility scenarios, as it is inherently insecure. - -NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199. - - ## Vulnerabilities -* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099 +* [Medium] CVE-2024-1544 +Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. +Fixed https://github.com/wolfSSL/wolfssl/pull/7020 -* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)." -Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167 +* [Medium] CVE-2024-5288 +A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 -* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia). -Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212 +* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 +* [Low] CVE-2024-5991 +In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 -## New Feature Additions - -* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag. +* [Medium] CVE-2024-5814 +A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 -### POST QUANTUM SUPPORT ADDITIONS -* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161) -* Experimental framework for using wolfSSL’s LMS implementation (PR 7283) -* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318) -* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112) -* CryptoCb support for PQC algorithms (PR 7110) +* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 -### OTHER FEATURE ADDITIONS -* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems. In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation. -* CryptoCb hook to one-shot CMAC functions (PR 7059) -* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184) -* IoT-Safe SHA-384 and SHA-512 support (PR 7176) -* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272) -* Microchip PIC24 support and example project (PR 7151) -* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296) -* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245) -* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236) +* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 -## Enhancements and Optimizations +## New Feature Additions +* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) +* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) +* Added CUDA support for AES encryption (PR 7436) +* Added support for gRPC (PR 7445) +* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) +* Added crypto callback for SHA-3 (PR 7670) +* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) +* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) +* C# wrapper SNI support added (PR 7610) +* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) +* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) +* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) +* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) -* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097) -* Support for RSA-PSS signatures with CRL use (PR 7119) -* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051) -* Support for crypto cb only build with ECC and NXP CAAM (PR 7269) -* Improve liboqs integration adding locking and init/cleanup functions (PR 7026) -* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096) -* Enhancements to reproducible build (PR 7267) -* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177) -* XC32 compiler version 4.x compatibility (PR 7128) -* Porting for build on PlayStation 3 and 4 (PR 7072) -* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240) -* Allow crypto callbacks with SHA-1 HW (PR 7087) -* Update OpenSSH port to version 9.6p1(PR 7203) -* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221) -* Expand heap hint support for static memory build with more x509 functions (PR 7136) -* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182) -* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194) -* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271) -* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102) -* Send alert on bad PSK binder error (PR 7235) -* Enhancements to CMake build files for use with cross compiling (PR 7188) +## Enhancements and Optimizations +* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) +* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) +* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) +* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) +* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) +* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) +* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) +* Improvements for Renesas RZ support (PR 7474) +* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) +* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) +* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) +* Changed subject name comparison to match different upper and lower cases (PR 7420) +* Support for DTLS 1.3 downgrade when using PSK (PR 7367) +* Update to static memory build for more generic memory pools used (PR 7418) +* Improved performance of Kyber C implementation (PR 7654) +* Support for ECC_CACHE_CURVE with no malloc (PR 7490) +* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) +* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) +* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) +* Cortex-M inline assembly labels with unique number appended (PR 7649) +* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) +* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) +* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) +* Added stubs required for latest nginx (1.25.5) (PR 7449) +* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) +* Added PQ files for Windows (PR 7419) +* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) +* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) +* Exposed DTLS in Ada wrapper and updated examples (PR 7397) +* Added additional minimum TLS extension size sanity checks (PR 7602) +* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) +* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) +* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) +* XCODE support for v5.2.3 of the FIPS module (PR 7140) +* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) ## Fixes +* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report +* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) +* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) +* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) +* Fixed OCSP response message build for DTLS (PR 7671) +* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) +* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) +* Added sanity check on record header with QUIC use (PR 7638) +* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) +* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) +* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) +* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) +* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) +* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) +* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) + -* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051) -* Fix for Aria sign use (PR 7082) -* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085) -* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018) -* Fixes for STM32 PKA use with ECC (PR 7098) -* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070) -* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101) -* Siphash x64 asm fix for use with older compilers (PR 7299) -* Fix for SGX build with SP (PR 7308) -* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190) -* Fix for wrap around behavior with BIO pairs (PR 7169) -* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255) -* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150) -* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214) -* Fix for write_dup use with chacha-poly cipher suites (PR 7206) -* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141) -* Fix for AES ECB build with Thumb and alignment (PR 7094) -* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/README.md b/README.md index 89acd73688..8ab5a28064 100644 --- a/README.md +++ b/README.md @@ -75,98 +75,112 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.0 (Mar 20, 2024) +# wolfSSL Release 5.7.2 (July 08, 2024) -Release 5.7.0 has been developed according to wolfSSL's development and QA +Release 5.7.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition. This option should only be used in backward compatibility scenarios, as it is inherently insecure. - -NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199. - ## Vulnerabilities -* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099 +* [Medium] CVE-2024-1544 +Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. +Fixed https://github.com/wolfSSL/wolfssl/pull/7020 -* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)." -Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167 +* [Medium] CVE-2024-5288 +A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 -* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia). -Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212 +* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 +* [Low] CVE-2024-5991 +In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 -## New Feature Additions - -* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag. +* [Medium] CVE-2024-5814 +A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 -### POST QUANTUM SUPPORT ADDITIONS -* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161) -* Experimental framework for using wolfSSL’s LMS implementation (PR 7283) -* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318) -* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112) -* CryptoCb support for PQC algorithms (PR 7110) +* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 -### OTHER FEATURE ADDITIONS -* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems. In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation. -* CryptoCb hook to one-shot CMAC functions (PR 7059) -* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184) -* IoT-Safe SHA-384 and SHA-512 support (PR 7176) -* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272) -* Microchip PIC24 support and example project (PR 7151) -* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296) -* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245) -* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236) +* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. +Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 -## Enhancements and Optimizations +## New Feature Additions +* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) +* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) +* Added CUDA support for AES encryption (PR 7436) +* Added support for gRPC (PR 7445) +* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) +* Added crypto callback for SHA-3 (PR 7670) +* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) +* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) +* C# wrapper SNI support added (PR 7610) +* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) +* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) +* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) +* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) -* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097) -* Support for RSA-PSS signatures with CRL use (PR 7119) -* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051) -* Support for crypto cb only build with ECC and NXP CAAM (PR 7269) -* Improve liboqs integration adding locking and init/cleanup functions (PR 7026) -* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096) -* Enhancements to reproducible build (PR 7267) -* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177) -* XC32 compiler version 4.x compatibility (PR 7128) -* Porting for build on PlayStation 3 and 4 (PR 7072) -* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240) -* Allow crypto callbacks with SHA-1 HW (PR 7087) -* Update OpenSSH port to version 9.6p1(PR 7203) -* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221) -* Expand heap hint support for static memory build with more x509 functions (PR 7136) -* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182) -* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194) -* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271) -* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102) -* Send alert on bad PSK binder error (PR 7235) -* Enhancements to CMake build files for use with cross compiling (PR 7188) +## Enhancements and Optimizations +* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) +* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) +* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) +* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) +* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) +* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) +* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) +* Improvements for Renesas RZ support (PR 7474) +* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) +* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) +* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) +* Changed subject name comparison to match different upper and lower cases (PR 7420) +* Support for DTLS 1.3 downgrade when using PSK (PR 7367) +* Update to static memory build for more generic memory pools used (PR 7418) +* Improved performance of Kyber C implementation (PR 7654) +* Support for ECC_CACHE_CURVE with no malloc (PR 7490) +* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) +* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) +* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) +* Cortex-M inline assembly labels with unique number appended (PR 7649) +* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) +* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) +* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) +* Added stubs required for latest nginx (1.25.5) (PR 7449) +* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) +* Added PQ files for Windows (PR 7419) +* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) +* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) +* Exposed DTLS in Ada wrapper and updated examples (PR 7397) +* Added additional minimum TLS extension size sanity checks (PR 7602) +* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) +* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) +* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) +* XCODE support for v5.2.3 of the FIPS module (PR 7140) +* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) ## Fixes - -* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051) -* Fix for Aria sign use (PR 7082) -* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085) -* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018) -* Fixes for STM32 PKA use with ECC (PR 7098) -* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070) -* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101) -* Siphash x64 asm fix for use with older compilers (PR 7299) -* Fix for SGX build with SP (PR 7308) -* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190) -* Fix for wrap around behavior with BIO pairs (PR 7169) -* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255) -* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150) -* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214) -* Fix for write_dup use with chacha-poly cipher suites (PR 7206) -* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141) -* Fix for AES ECB build with Thumb and alignment (PR 7094) -* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237) +* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report +* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) +* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) +* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) +* Fixed OCSP response message build for DTLS (PR 7671) +* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) +* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) +* Added sanity check on record header with QUIC use (PR 7638) +* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) +* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) +* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) +* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) +* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) +* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) +* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/RTOS/nuttx/wolfssl/Make.defs b/RTOS/nuttx/wolfssl/Make.defs index 78ff34afe2..95e85e06b3 100644 --- a/RTOS/nuttx/wolfssl/Make.defs +++ b/RTOS/nuttx/wolfssl/Make.defs @@ -1,9 +1,9 @@ ############################################################################ # apps/crypto/wolfssl/Make.defs # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. (formerly known as CyaSSL) +# This file is part of wolfSSL. # # wolfSSL is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # ############################################################################ diff --git a/RTOS/nuttx/wolfssl/Makefile b/RTOS/nuttx/wolfssl/Makefile index 0f2b7cfd4e..b9dd8c7793 100644 --- a/RTOS/nuttx/wolfssl/Makefile +++ b/RTOS/nuttx/wolfssl/Makefile @@ -1,9 +1,9 @@ ############################################################################ # apps/crypto/wolfssl/Makefile # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL. (formerly known as CyaSSL) +# This file is part of wolfSSL. # # wolfSSL is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # ############################################################################ diff --git a/certs/dh-priv-2048.der b/certs/dh-priv-2048.der new file mode 100644 index 0000000000..f74c641432 Binary files /dev/null and b/certs/dh-priv-2048.der differ diff --git a/certs/dh-priv-2048.pem b/certs/dh-priv-2048.pem new file mode 100644 index 0000000000..3a9fef2f3c --- /dev/null +++ b/certs/dh-priv-2048.pem @@ -0,0 +1,14 @@ +-----BEGIN PRIVATE KEY----- +MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDB +T0Sn1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjH +cPq07gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSD +VzD72naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1 +uO+3sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU +9vHjSNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MC +AQIEggEEAoIBAGgTxi13nL+WV5P+7N5Pog7yPpAD+2VCLWQh7akd6hZQ2DMlHsUe +ptoAexAcst8vQOI1/Q1CX9ItJmUmLzUFNJSeYBp9kxNmNtSmgu2JUmQDF1GBsUlK +ERt4h2PuXGAaRH39V13QP7KfYnb+7k5vo6z90XaDubLq1OQIaTpM4TbLVZBKoCmx +ozuZjUQdC97adAKHQKBmpyI2AbfWM+Af43vV5uyfq4k4X+Y7k5habXFPRXcNKklk +n6OA/isuvSN6S4i2fVmAG0hguT0utQJq6oScMZmav8izdbfOdOavXILLjRf/2Qv+ ++IMa9qlwxfqcj4oZahATC2Vd9242JWUdOpQ= +-----END PRIVATE KEY----- diff --git a/certs/dh-pub-2048.der b/certs/dh-pub-2048.der new file mode 100644 index 0000000000..017b4af57e Binary files /dev/null and b/certs/dh-pub-2048.der differ diff --git a/certs/dh-pub-2048.pem b/certs/dh-pub-2048.pem new file mode 100644 index 0000000000..48b3e3ff58 --- /dev/null +++ b/certs/dh-pub-2048.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICJTCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDBT0Sn +1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjHcPq0 +7gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSDVzD7 +2naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1uO+3 +sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU9vHj +SNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MCAQID +ggEGAAKCAQEAgZ77PUjCE1nV8MPEk9zpTR6k1wYrpQKy3fjMK+kbuHUEw5AaMTK9 +Gi3vpfwpg5ZaZTgTkPgakEcMwEagNDXEjzYOwxK5Ui6FVQ3VaDydVkhZppxpULu4 +H1H2WwWUFTZTZlpCmhVsDWZwzy1RoxEfBnhC78hpLYKLzyASWC1EnCC9oP/U4aI/ +D6i0bK1pXxPGFrML5jRkVpQReCkLI/aOgeTNUAcJC+USxIPSXpdPYl81zsWRgawP +bd2saVqE9DqJVSpoRY9yh1JoFqAagANNQL1x3sohEmMZq3EBbzReyawVW6Cbe5mb +LMtSN/UWqN/NwbYNcVj/GxFuoutVnS5jmw== +-----END PUBLIC KEY----- diff --git a/certs/dsa2048.pem b/certs/dsa2048.pem new file mode 100644 index 0000000000..f21cc19fcc --- /dev/null +++ b/certs/dsa2048.pem @@ -0,0 +1,20 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIDPwIBAAKCAQEAzI7JoNWaJxzaUt/HwOYGpD6KZknQWTNRacScXmSFx/Gr1dli +rP2h4BtX/5bvDJ/IRIfrXJHQRkIJUGojy4lvVelqEamoMqszDVG1eVG0q6IlEY3l +JL7Y8Z1OEm+sRFSAqbSBaE5EDrg5876DCHSixnrXan0KiFeDSNzPXm/uaAz3/wME +kKr3B5j4Z1qDI2ZHYMNDbgORrChmy/DTBcgJl7WuAV6AO51P3j6U/suCsLH8kYsd +iu7GBh83kUjS+GxdYBODp4Gsyo3QagQK6j4iThPxDbtga828XIejZytCoZ/NOVi+ +VbGThM6yEE7kw5+yU2EBKaqWyyBgQh26dUtjwQIVAOelOdRqN16VBjkHdwrroAPr +eIKbAoIBAQCa1ExxL+z6MrKAfmFKa18YdkPDabpBx6cdeQHsrzSHZ08pgKg7h/bo +oejNGxyGOPbRDEYuyODJMCbVLH/BCL/MWoKO1NRJqqL65sGd8NmWsP8MWzOOBt2d +KKnpgEE72HqUIY9W8aK0K4kcdP9+kdwfkROYr8cG0kyQor3aFrplsC1ohzxuJY2Q +x7wNqUMDyb7PhW/bB3uM+LHCSRBpY1Y3xTDS+3Ga6IIHLj6VUPNzzzRb1asCFfLM +11LFKNhBGVVvuF/xmbPH2bNx9C3fIlk1hts5yhtNNZAZazHjyMYJv3ztAbSy9W7a +Y0E85jpyLWVI9gfNkoSLHacxa9bw+9n0AoIBAGZLu7fJSJUNWqYtoX/fH2dt7VJL +FmwXxq74asRX7S+z8CpVq7rK6hfoNXzlMQ1KlfxDb5c8XGesvmd/6U6qSLOSoXZ1 +6gQ0f4czLSS2KZfjBHeTiRPbG5O4LJAaCTsm2VnzKglY3KwltKlFO6I6bGGEv2jU +6pvFKUhgFRA1LEQdtZrurMFo6Ee3QTQ5mvilIOkkxCxYP0xBMDoUbo3qrbqbQ9OY +L4PYFGfo+NVPrOA7v6dUFl5JZCZUpGtpfLqKg9kuZQqiJ++ZmQjXtZ+gAe9+F7+D +ay7dwDk4I2i0dmvlyvd87sBS4t2tWTpCBkWwx8F3BbIMMkBGqtp5dwRx33oCFQCY +7rlRNz51ExMGj5TT5ukAy2Jtmg== +-----END DSA PRIVATE KEY----- diff --git a/certs/ecc/ca-secp256k1-cert.pem b/certs/ecc/ca-secp256k1-cert.pem new file mode 100644 index 0000000000..419d027346 --- /dev/null +++ b/certs/ecc/ca-secp256k1-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICkTCCAjagAwIBAgIUcmBIdEUi0WtpofKM3r46Llhv86IwCgYIKoZIzj0EAwIw +gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT +ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wHhcNMjQwNzEyMDIxODUwWhcNNDQwNzA3MDIxODUwWjCBljELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +ETAPBgNVBAoMCEVsbGlwdGljMRIwEAYDVQQLDAlTRUNQMjU2SzExGDAWBgNVBAMM +D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTBWMBAGByqGSM49AgEGBSuBBAAKA0IABORg5kLTHlkHvjnrRKUTmBXLdhxkdsIC +s0ybo6r3oD6qGjX33FsBHp9nwos93gT7CECrexVlEUrH4wbfMN42+46jYzBhMB0G +A1UdDgQWBBRzL8o6Lcvi46LBqy81zGRTZIwGLTAfBgNVHSMEGDAWgBRzL8o6Lcvi +46LBqy81zGRTZIwGLTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAK +BggqhkjOPQQDAgNJADBGAiEA0dfMbQlfjY+VhKuDfluyBtoAsQA1BqJnV+XBayBx +HYYCIQCJr2YrYRwW4OvtP0yIqUH2fViOq12aqf1ByStksuL3mg== +-----END CERTIFICATE----- diff --git a/certs/ecc/ca-secp256k1-key.pem b/certs/ecc/ca-secp256k1-key.pem new file mode 100644 index 0000000000..1c2e0bc546 --- /dev/null +++ b/certs/ecc/ca-secp256k1-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgoiOQsNn1L/vT3mU0e+Rz +LMlaDEIuKp6RHZhKrPnOJOShRANCAATkYOZC0x5ZB74560SlE5gVy3YcZHbCArNM +m6Oq96A+qho199xbAR6fZ8KLPd4E+whAq3sVZRFKx+MG3zDeNvuO +-----END PRIVATE KEY----- diff --git a/certs/ecc/genecc.sh b/certs/ecc/genecc.sh index f90c5cbe93..d068d0d028 100755 --- a/certs/ecc/genecc.sh +++ b/certs/ecc/genecc.sh @@ -140,6 +140,13 @@ openssl x509 -req -in ./certs/ecc/client-bp256r1-req.pem -days 3650 -extfile ./c openssl x509 -inform pem -in ./certs/ecc/client-bp256r1-cert.pem -outform der -out ./certs/ecc/client-bp256r1-cert.der rm ./certs/ecc/client-bp256r1-req.pem +# Create self-signed ECC secp256k1 (Koblitz) certificate +openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:certs/ecc/secp256k1-param.pem -keyout ./certs/ecc/ca-secp256k1-key.pem -out ./certs/ecc/ca-secp256k1-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" +# Create server ECC secp256k1 (Koblitz) certificate +openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/secp256k1-privkey.pem -out ./certs/ecc/server2-secp256k1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1-SVR/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/" +openssl x509 -req -in ./certs/ecc/server2-secp256k1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions server_cert -CAkey ./certs/ecc/ca-secp256k1-key.pem -CA ./certs/ecc/ca-secp256k1-cert.pem -text -out ./certs/ecc/server2-secp256k1-cert.pem +openssl x509 -inform pem -in ./certs/ecc/server2-secp256k1-cert.pem -outform der -out ./certs/ecc/server2-secp256k1-cert.der +rm ./certs/ecc/server2-secp256k1-req.pem # update bad certificate with last byte in signature changed cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der diff --git a/certs/ecc/include.am b/certs/ecc/include.am index c5a4f858aa..3408449acf 100644 --- a/certs/ecc/include.am +++ b/certs/ecc/include.am @@ -16,6 +16,13 @@ EXTRA_DIST += \ certs/ecc/server-secp256k1-cert.der \ certs/ecc/server-secp256k1-cert.pem +EXTRA_DIST += \ + certs/ecc/ca-secp256k1-cert.pem \ + certs/ecc/ca-secp256k1-key.pem \ + certs/ecc/secp256k1-param.pem \ + certs/ecc/secp256k1-privkey.pem \ + certs/ecc/server2-secp256k1-cert.pem + # Brainpool Curves EXTRA_DIST += \ certs/ecc/bp256r1-key.der \ diff --git a/certs/ecc/secp256k1-param.pem b/certs/ecc/secp256k1-param.pem new file mode 100644 index 0000000000..32d952ea91 --- /dev/null +++ b/certs/ecc/secp256k1-param.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACg== +-----END EC PARAMETERS----- diff --git a/certs/ecc/secp256k1-privkey.der b/certs/ecc/secp256k1-privkey.der new file mode 100644 index 0000000000..74e151bc51 Binary files /dev/null and b/certs/ecc/secp256k1-privkey.der differ diff --git a/certs/ecc/secp256k1-privkey.pem b/certs/ecc/secp256k1-privkey.pem new file mode 100644 index 0000000000..c229ff83cf --- /dev/null +++ b/certs/ecc/secp256k1-privkey.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgwdc3WnnD2eX1ti0IbCT5 +POy/xb1WDV8/7BgQd37MsWGhRANCAARvf9jvkv6kKKkzhWmk6OM3Rjmivo8mMVkg +itdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASY +-----END PRIVATE KEY----- diff --git a/certs/ecc/server2-secp256k1-cert.der b/certs/ecc/server2-secp256k1-cert.der new file mode 100644 index 0000000000..d3c0c1cff4 Binary files /dev/null and b/certs/ecc/server2-secp256k1-cert.der differ diff --git a/certs/ecc/server2-secp256k1-cert.pem b/certs/ecc/server2-secp256k1-cert.pem new file mode 100644 index 0000000000..08a8ee9b52 --- /dev/null +++ b/certs/ecc/server2-secp256k1-cert.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 23:8d:e3:d0:5a:a6:1f:e6:d3:b6:4c:e0:a2:a1:dd:2f:ee:35:b2:bb + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Jul 15 05:41:52 2024 GMT + Not After : Jul 13 05:41:52 2034 GMT + Subject: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1-SVR, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:6f:7f:d8:ef:92:fe:a4:28:a9:33:85:69:a4:e8: + e3:37:46:39:a2:be:8f:26:31:59:20:8a:d7:5b:74: + 7a:ca:01:5e:54:4f:dc:d2:d2:a5:db:1e:8e:e6:94: + f6:4e:39:e8:c4:b2:87:52:93:dc:af:ce:30:00:9c: + 79:d2:48:04:98 + ASN1 OID: secp256k1 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + F4:A3:FD:34:57:E6:51:1F:0A:96:2F:F0:87:A9:7C:C7:EB:6B:34:8F + X509v3 Authority Key Identifier: + keyid:73:2F:CA:3A:2D:CB:E2:E3:A2:C1:AB:2F:35:CC:64:53:64:8C:06:2D + DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:72:60:48:74:45:22:D1:6B:69:A1:F2:8C:DE:BE:3A:2E:58:6F:F3:A2 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + Signature Value: + 30:44:02:20:3d:12:5a:0c:7a:1b:ff:b5:a6:70:8a:70:33:03: + 6c:d9:9c:98:8b:80:1b:70:3b:15:3a:85:7e:23:8a:85:f0:76: + 02:20:02:ca:71:2c:cc:5a:c2:a8:e2:c5:24:62:06:62:a0:53: + 41:2a:bb:2e:88:9f:f0:b4:bd:dc:23:1c:06:4c:18:a2 +-----BEGIN CERTIFICATE----- +MIIDcTCCAxigAwIBAgIUI43j0FqmH+bTtkzgoqHdL+41srswCgYIKoZIzj0EAwIw +gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT +ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wHhcNMjQwNzE1MDU0MTUyWhcNMzQwNzEzMDU0MTUyWjCBmjELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx +ETAPBgNVBAoMCEVsbGlwdGljMRYwFAYDVQQLDA1TRUNQMjU2SzEtU1ZSMRgwFgYD +VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz +bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAARvf9jvkv6kKKkzhWmk6OM3Rjmi +vo8mMVkgitdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASYo4IB +PzCCATswCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFPSj +/TRX5lEfCpYv8IepfMfrazSPMIHWBgNVHSMEgc4wgcuAFHMvyjoty+LjosGrLzXM +ZFNkjAYtoYGcpIGZMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv +bjEQMA4GA1UEBwwHU2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxEjAQBgNVBAsM +CVNFQ1AyNTZLMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tghRyYEh0RSLRa2mh8ozevjouWG/zojAOBgNV +HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDRwAw +RAIgPRJaDHob/7WmcIpwMwNs2ZyYi4AbcDsVOoV+I4qF8HYCIALKcSzMWsKo4sUk +YgZioFNBKrsuiJ/wtL3cIxwGTBii +-----END CERTIFICATE----- diff --git a/certs/include.am b/certs/include.am index de8d2edf08..dd87e3265f 100644 --- a/certs/include.am +++ b/certs/include.am @@ -73,7 +73,12 @@ EXTRA_DIST += \ certs/x942dh2048.der \ certs/x942dh2048.pem \ certs/fpki-cert.der \ - certs/rid-cert.der + certs/rid-cert.der \ + certs/dh-priv-2048.der \ + certs/dh-priv-2048.pem \ + certs/dh-pub-2048.der \ + certs/dh-pub-2048.pem \ + certs/dsa2048.pem EXTRA_DIST += \ certs/ca-key.der \ diff --git a/certs/test/cert-over-max-altnames.cfg b/certs/test/cert-over-max-altnames.cfg new file mode 100644 index 0000000000..5aa44eb751 --- /dev/null +++ b/certs/test/cert-over-max-altnames.cfg @@ -0,0 +1,1070 @@ +[ req ] +default_bits = 2048 +prompt = no +distinguished_name = dn +x509_extensions = extensions + +[ dn ] +C = US +ST = Montana +L = Bozeman +O = wolfSSL Inc +OU = Engineering +CN = www.wolfssl.com + +[ extensions ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = example1.com +DNS.2 = example2.com +DNS.3 = example3.com +DNS.4 = example4.com +DNS.5 = example5.com +DNS.6 = example6.com +DNS.7 = example7.com +DNS.8 = example8.com +DNS.9 = example9.com +DNS.10 = example10.com +DNS.11 = example11.com +DNS.12 = example12.com +DNS.13 = example13.com +DNS.14 = example14.com +DNS.15 = example15.com +DNS.16 = example16.com +DNS.17 = example17.com +DNS.18 = example18.com +DNS.19 = example19.com +DNS.20 = example20.com +DNS.21 = example21.com +DNS.22 = example22.com +DNS.23 = example23.com +DNS.24 = example24.com +DNS.25 = example25.com +DNS.26 = example26.com +DNS.27 = example27.com +DNS.28 = example28.com +DNS.29 = example29.com +DNS.30 = example30.com +DNS.31 = example31.com +DNS.32 = example32.com +DNS.33 = example33.com +DNS.34 = example34.com +DNS.35 = example35.com +DNS.36 = example36.com +DNS.37 = example37.com +DNS.38 = example38.com +DNS.39 = example39.com +DNS.40 = example40.com +DNS.41 = example41.com +DNS.42 = example42.com +DNS.43 = example43.com +DNS.44 = example44.com +DNS.45 = example45.com +DNS.46 = example46.com +DNS.47 = example47.com +DNS.48 = example48.com +DNS.49 = example49.com +DNS.50 = example50.com +DNS.51 = example51.com +DNS.52 = example52.com +DNS.53 = example53.com +DNS.54 = example54.com +DNS.55 = example55.com +DNS.56 = example56.com +DNS.57 = example57.com +DNS.58 = example58.com +DNS.59 = example59.com +DNS.60 = example60.com +DNS.61 = example61.com +DNS.62 = example62.com +DNS.63 = example63.com +DNS.64 = example64.com +DNS.65 = example65.com +DNS.66 = example66.com +DNS.67 = example67.com +DNS.68 = example68.com +DNS.69 = example69.com +DNS.70 = example70.com +DNS.71 = example71.com +DNS.72 = example72.com +DNS.73 = example73.com +DNS.74 = example74.com +DNS.75 = example75.com +DNS.76 = example76.com +DNS.77 = example77.com +DNS.78 = example78.com +DNS.79 = example79.com +DNS.80 = example80.com +DNS.81 = example81.com +DNS.82 = example82.com +DNS.83 = example83.com +DNS.84 = example84.com +DNS.85 = example85.com +DNS.86 = example86.com +DNS.87 = example87.com +DNS.88 = example88.com +DNS.89 = example89.com +DNS.90 = example90.com +DNS.91 = example91.com +DNS.92 = example92.com +DNS.93 = example93.com +DNS.94 = example94.com +DNS.95 = example95.com +DNS.96 = example96.com +DNS.97 = example97.com +DNS.98 = example98.com +DNS.99 = example99.com +DNS.100 = example100.com +DNS.101 = example101.com +DNS.102 = example102.com +DNS.103 = example103.com +DNS.104 = example104.com +DNS.105 = example105.com +DNS.106 = example106.com +DNS.107 = example107.com +DNS.108 = example108.com +DNS.109 = example109.com +DNS.110 = example110.com +DNS.111 = example111.com +DNS.112 = example112.com +DNS.113 = example113.com +DNS.114 = example114.com +DNS.115 = example115.com +DNS.116 = example116.com +DNS.117 = example117.com +DNS.118 = example118.com +DNS.119 = example119.com +DNS.120 = example120.com +DNS.121 = example121.com +DNS.122 = example122.com +DNS.123 = example123.com +DNS.124 = example124.com +DNS.125 = example125.com +DNS.126 = example126.com +DNS.127 = example127.com +DNS.128 = example128.com +DNS.129 = example129.com +DNS.130 = example130.com +DNS.131 = example131.com +DNS.132 = example132.com +DNS.133 = example133.com +DNS.134 = example134.com +DNS.135 = example135.com +DNS.136 = example136.com +DNS.137 = example137.com +DNS.138 = example138.com +DNS.139 = example139.com +DNS.140 = example140.com +DNS.141 = example141.com +DNS.142 = example142.com +DNS.143 = example143.com +DNS.144 = example144.com +DNS.145 = example145.com +DNS.146 = example146.com +DNS.147 = example147.com +DNS.148 = example148.com +DNS.149 = example149.com +DNS.150 = example150.com +DNS.151 = example151.com +DNS.152 = example152.com +DNS.153 = example153.com +DNS.154 = example154.com +DNS.155 = example155.com +DNS.156 = example156.com +DNS.157 = example157.com +DNS.158 = example158.com +DNS.159 = example159.com +DNS.160 = example160.com +DNS.161 = example161.com +DNS.162 = example162.com +DNS.163 = example163.com +DNS.164 = example164.com +DNS.165 = example165.com +DNS.166 = example166.com +DNS.167 = example167.com +DNS.168 = example168.com +DNS.169 = example169.com +DNS.170 = example170.com +DNS.171 = example171.com +DNS.172 = example172.com +DNS.173 = example173.com +DNS.174 = example174.com +DNS.175 = example175.com +DNS.176 = example176.com +DNS.177 = example177.com +DNS.178 = example178.com +DNS.179 = example179.com +DNS.180 = example180.com +DNS.181 = example181.com +DNS.182 = example182.com +DNS.183 = example183.com +DNS.184 = example184.com +DNS.185 = example185.com +DNS.186 = example186.com +DNS.187 = example187.com +DNS.188 = example188.com +DNS.189 = example189.com +DNS.190 = example190.com +DNS.191 = example191.com +DNS.192 = example192.com +DNS.193 = example193.com +DNS.194 = example194.com +DNS.195 = example195.com +DNS.196 = example196.com +DNS.197 = example197.com +DNS.198 = example198.com +DNS.199 = example199.com +DNS.200 = example200.com +DNS.201 = example201.com +DNS.202 = example202.com +DNS.203 = example203.com +DNS.204 = example204.com +DNS.205 = example205.com +DNS.206 = example206.com +DNS.207 = example207.com +DNS.208 = example208.com +DNS.209 = example209.com +DNS.210 = example210.com +DNS.211 = example211.com +DNS.212 = example212.com +DNS.213 = example213.com +DNS.214 = example214.com +DNS.215 = example215.com +DNS.216 = example216.com +DNS.217 = example217.com +DNS.218 = example218.com +DNS.219 = example219.com +DNS.220 = example220.com +DNS.221 = example221.com +DNS.222 = example222.com +DNS.223 = example223.com +DNS.224 = example224.com +DNS.225 = example225.com +DNS.226 = example226.com +DNS.227 = example227.com +DNS.228 = example228.com +DNS.229 = example229.com +DNS.230 = example230.com +DNS.231 = example231.com +DNS.232 = example232.com +DNS.233 = example233.com +DNS.234 = example234.com +DNS.235 = example235.com +DNS.236 = example236.com +DNS.237 = example237.com +DNS.238 = example238.com +DNS.239 = example239.com +DNS.240 = example240.com +DNS.241 = example241.com +DNS.242 = example242.com +DNS.243 = example243.com +DNS.244 = example244.com +DNS.245 = example245.com +DNS.246 = example246.com +DNS.247 = example247.com +DNS.248 = example248.com +DNS.249 = example249.com +DNS.250 = example250.com +DNS.251 = example251.com +DNS.252 = example252.com +DNS.253 = example253.com +DNS.254 = example254.com +DNS.255 = example255.com +DNS.256 = example256.com +DNS.257 = example257.com +DNS.258 = example258.com +DNS.259 = example259.com +DNS.260 = example260.com +DNS.261 = example261.com +DNS.262 = example262.com +DNS.263 = example263.com +DNS.264 = example264.com +DNS.265 = example265.com +DNS.266 = example266.com +DNS.267 = example267.com +DNS.268 = example268.com +DNS.269 = example269.com +DNS.270 = example270.com +DNS.271 = example271.com +DNS.272 = example272.com +DNS.273 = example273.com +DNS.274 = example274.com +DNS.275 = example275.com +DNS.276 = example276.com +DNS.277 = example277.com +DNS.278 = example278.com +DNS.279 = example279.com +DNS.280 = example280.com +DNS.281 = example281.com +DNS.282 = example282.com +DNS.283 = example283.com +DNS.284 = example284.com +DNS.285 = example285.com +DNS.286 = example286.com +DNS.287 = example287.com +DNS.288 = example288.com +DNS.289 = example289.com +DNS.290 = example290.com +DNS.291 = example291.com +DNS.292 = example292.com +DNS.293 = example293.com +DNS.294 = example294.com +DNS.295 = example295.com +DNS.296 = example296.com +DNS.297 = example297.com +DNS.298 = example298.com +DNS.299 = example299.com +DNS.300 = example300.com +DNS.301 = example301.com +DNS.302 = example302.com +DNS.303 = example303.com +DNS.304 = example304.com +DNS.305 = example305.com +DNS.306 = example306.com +DNS.307 = example307.com +DNS.308 = example308.com +DNS.309 = example309.com +DNS.310 = example310.com +DNS.311 = example311.com +DNS.312 = example312.com +DNS.313 = example313.com +DNS.314 = example314.com +DNS.315 = example315.com +DNS.316 = example316.com +DNS.317 = example317.com +DNS.318 = example318.com +DNS.319 = example319.com +DNS.320 = example320.com +DNS.321 = example321.com +DNS.322 = example322.com +DNS.323 = example323.com +DNS.324 = example324.com +DNS.325 = example325.com +DNS.326 = example326.com +DNS.327 = example327.com +DNS.328 = example328.com +DNS.329 = example329.com +DNS.330 = example330.com +DNS.331 = example331.com +DNS.332 = example332.com +DNS.333 = example333.com +DNS.334 = example334.com +DNS.335 = example335.com +DNS.336 = example336.com +DNS.337 = example337.com +DNS.338 = example338.com +DNS.339 = example339.com +DNS.340 = example340.com +DNS.341 = example341.com +DNS.342 = example342.com +DNS.343 = example343.com +DNS.344 = example344.com +DNS.345 = example345.com +DNS.346 = example346.com +DNS.347 = example347.com +DNS.348 = example348.com +DNS.349 = example349.com +DNS.350 = example350.com +DNS.351 = example351.com +DNS.352 = example352.com +DNS.353 = example353.com +DNS.354 = example354.com +DNS.355 = example355.com +DNS.356 = example356.com +DNS.357 = example357.com +DNS.358 = example358.com +DNS.359 = example359.com +DNS.360 = example360.com +DNS.361 = example361.com +DNS.362 = example362.com +DNS.363 = example363.com +DNS.364 = example364.com +DNS.365 = example365.com +DNS.366 = example366.com +DNS.367 = example367.com +DNS.368 = example368.com +DNS.369 = example369.com +DNS.370 = example370.com +DNS.371 = example371.com +DNS.372 = example372.com +DNS.373 = example373.com +DNS.374 = example374.com +DNS.375 = example375.com +DNS.376 = example376.com +DNS.377 = example377.com +DNS.378 = example378.com +DNS.379 = example379.com +DNS.380 = example380.com +DNS.381 = example381.com +DNS.382 = example382.com +DNS.383 = example383.com +DNS.384 = example384.com +DNS.385 = example385.com +DNS.386 = example386.com +DNS.387 = example387.com +DNS.388 = example388.com +DNS.389 = example389.com +DNS.390 = example390.com +DNS.391 = example391.com +DNS.392 = example392.com +DNS.393 = example393.com +DNS.394 = example394.com +DNS.395 = example395.com +DNS.396 = example396.com +DNS.397 = example397.com +DNS.398 = example398.com +DNS.399 = example399.com +DNS.400 = example400.com +DNS.401 = example401.com +DNS.402 = example402.com +DNS.403 = example403.com +DNS.404 = example404.com +DNS.405 = example405.com +DNS.406 = example406.com +DNS.407 = example407.com +DNS.408 = example408.com +DNS.409 = example409.com +DNS.410 = example410.com +DNS.411 = example411.com +DNS.412 = example412.com +DNS.413 = example413.com +DNS.414 = example414.com +DNS.415 = example415.com +DNS.416 = example416.com +DNS.417 = example417.com +DNS.418 = example418.com +DNS.419 = example419.com +DNS.420 = example420.com +DNS.421 = example421.com +DNS.422 = example422.com +DNS.423 = example423.com +DNS.424 = example424.com +DNS.425 = example425.com +DNS.426 = example426.com +DNS.427 = example427.com +DNS.428 = example428.com +DNS.429 = example429.com +DNS.430 = example430.com +DNS.431 = example431.com +DNS.432 = example432.com +DNS.433 = example433.com +DNS.434 = example434.com +DNS.435 = example435.com +DNS.436 = example436.com +DNS.437 = example437.com +DNS.438 = example438.com +DNS.439 = example439.com +DNS.440 = example440.com +DNS.441 = example441.com +DNS.442 = example442.com +DNS.443 = example443.com +DNS.444 = example444.com +DNS.445 = example445.com +DNS.446 = example446.com +DNS.447 = example447.com +DNS.448 = example448.com +DNS.449 = example449.com +DNS.450 = example450.com +DNS.451 = example451.com +DNS.452 = example452.com +DNS.453 = example453.com +DNS.454 = example454.com +DNS.455 = example455.com +DNS.456 = example456.com +DNS.457 = example457.com +DNS.458 = example458.com +DNS.459 = example459.com +DNS.460 = example460.com +DNS.461 = example461.com +DNS.462 = example462.com +DNS.463 = example463.com +DNS.464 = example464.com +DNS.465 = example465.com +DNS.466 = example466.com +DNS.467 = example467.com +DNS.468 = example468.com +DNS.469 = example469.com +DNS.470 = example470.com +DNS.471 = example471.com +DNS.472 = example472.com +DNS.473 = example473.com +DNS.474 = example474.com +DNS.475 = example475.com +DNS.476 = example476.com +DNS.477 = example477.com +DNS.478 = example478.com +DNS.479 = example479.com +DNS.480 = example480.com +DNS.481 = example481.com +DNS.482 = example482.com +DNS.483 = example483.com +DNS.484 = example484.com +DNS.485 = example485.com +DNS.486 = example486.com +DNS.487 = example487.com +DNS.488 = example488.com +DNS.489 = example489.com +DNS.490 = example490.com +DNS.491 = example491.com +DNS.492 = example492.com +DNS.493 = example493.com +DNS.494 = example494.com +DNS.495 = example495.com +DNS.496 = example496.com +DNS.497 = example497.com +DNS.498 = example498.com +DNS.499 = example499.com +DNS.500 = example500.com +DNS.501 = example501.com +DNS.502 = example502.com +DNS.503 = example503.com +DNS.504 = example504.com +DNS.505 = example505.com +DNS.506 = example506.com +DNS.507 = example507.com +DNS.508 = example508.com +DNS.509 = example509.com +DNS.510 = example510.com +DNS.511 = example511.com +DNS.512 = example512.com +DNS.513 = example513.com +DNS.514 = example514.com +DNS.515 = example515.com +DNS.516 = example516.com +DNS.517 = example517.com +DNS.518 = example518.com +DNS.519 = example519.com +DNS.520 = example520.com +DNS.521 = example521.com +DNS.522 = example522.com +DNS.523 = example523.com +DNS.524 = example524.com +DNS.525 = example525.com +DNS.526 = example526.com +DNS.527 = example527.com +DNS.528 = example528.com +DNS.529 = example529.com +DNS.530 = example530.com +DNS.531 = example531.com +DNS.532 = example532.com +DNS.533 = example533.com +DNS.534 = example534.com +DNS.535 = example535.com +DNS.536 = example536.com +DNS.537 = example537.com +DNS.538 = example538.com +DNS.539 = example539.com +DNS.540 = example540.com +DNS.541 = example541.com +DNS.542 = example542.com +DNS.543 = example543.com +DNS.544 = example544.com +DNS.545 = example545.com +DNS.546 = example546.com +DNS.547 = example547.com +DNS.548 = example548.com +DNS.549 = example549.com +DNS.550 = example550.com +DNS.551 = example551.com +DNS.552 = example552.com +DNS.553 = example553.com +DNS.554 = example554.com +DNS.555 = example555.com +DNS.556 = example556.com +DNS.557 = example557.com +DNS.558 = example558.com +DNS.559 = example559.com +DNS.560 = example560.com +DNS.561 = example561.com +DNS.562 = example562.com +DNS.563 = example563.com +DNS.564 = example564.com +DNS.565 = example565.com +DNS.566 = example566.com +DNS.567 = example567.com +DNS.568 = example568.com +DNS.569 = example569.com +DNS.570 = example570.com +DNS.571 = example571.com +DNS.572 = example572.com +DNS.573 = example573.com +DNS.574 = example574.com +DNS.575 = example575.com +DNS.576 = example576.com +DNS.577 = example577.com +DNS.578 = example578.com +DNS.579 = example579.com +DNS.580 = example580.com +DNS.581 = example581.com +DNS.582 = example582.com +DNS.583 = example583.com +DNS.584 = example584.com +DNS.585 = example585.com +DNS.586 = example586.com +DNS.587 = example587.com +DNS.588 = example588.com +DNS.589 = example589.com +DNS.590 = example590.com +DNS.591 = example591.com +DNS.592 = example592.com +DNS.593 = example593.com +DNS.594 = example594.com +DNS.595 = example595.com +DNS.596 = example596.com +DNS.597 = example597.com +DNS.598 = example598.com +DNS.599 = example599.com +DNS.600 = example600.com +DNS.601 = example601.com +DNS.602 = example602.com +DNS.603 = example603.com +DNS.604 = example604.com +DNS.605 = example605.com +DNS.606 = example606.com +DNS.607 = example607.com +DNS.608 = example608.com +DNS.609 = example609.com +DNS.610 = example610.com +DNS.611 = example611.com +DNS.612 = example612.com +DNS.613 = example613.com +DNS.614 = example614.com +DNS.615 = example615.com +DNS.616 = example616.com +DNS.617 = example617.com +DNS.618 = example618.com +DNS.619 = example619.com +DNS.620 = example620.com +DNS.621 = example621.com +DNS.622 = example622.com +DNS.623 = example623.com +DNS.624 = example624.com +DNS.625 = example625.com +DNS.626 = example626.com +DNS.627 = example627.com +DNS.628 = example628.com +DNS.629 = example629.com +DNS.630 = example630.com +DNS.631 = example631.com +DNS.632 = example632.com +DNS.633 = example633.com +DNS.634 = example634.com +DNS.635 = example635.com +DNS.636 = example636.com +DNS.637 = example637.com +DNS.638 = example638.com +DNS.639 = example639.com +DNS.640 = example640.com +DNS.641 = example641.com +DNS.642 = example642.com +DNS.643 = example643.com +DNS.644 = example644.com +DNS.645 = example645.com +DNS.646 = example646.com +DNS.647 = example647.com +DNS.648 = example648.com +DNS.649 = example649.com +DNS.650 = example650.com +DNS.651 = example651.com +DNS.652 = example652.com +DNS.653 = example653.com +DNS.654 = example654.com +DNS.655 = example655.com +DNS.656 = example656.com +DNS.657 = example657.com +DNS.658 = example658.com +DNS.659 = example659.com +DNS.660 = example660.com +DNS.661 = example661.com +DNS.662 = example662.com +DNS.663 = example663.com +DNS.664 = example664.com +DNS.665 = example665.com +DNS.666 = example666.com +DNS.667 = example667.com +DNS.668 = example668.com +DNS.669 = example669.com +DNS.670 = example670.com +DNS.671 = example671.com +DNS.672 = example672.com +DNS.673 = example673.com +DNS.674 = example674.com +DNS.675 = example675.com +DNS.676 = example676.com +DNS.677 = example677.com +DNS.678 = example678.com +DNS.679 = example679.com +DNS.680 = example680.com +DNS.681 = example681.com +DNS.682 = example682.com +DNS.683 = example683.com +DNS.684 = example684.com +DNS.685 = example685.com +DNS.686 = example686.com +DNS.687 = example687.com +DNS.688 = example688.com +DNS.689 = example689.com +DNS.690 = example690.com +DNS.691 = example691.com +DNS.692 = example692.com +DNS.693 = example693.com +DNS.694 = example694.com +DNS.695 = example695.com +DNS.696 = example696.com +DNS.697 = example697.com +DNS.698 = example698.com +DNS.699 = example699.com +DNS.700 = example700.com +DNS.701 = example701.com +DNS.702 = example702.com +DNS.703 = example703.com +DNS.704 = example704.com +DNS.705 = example705.com +DNS.706 = example706.com +DNS.707 = example707.com +DNS.708 = example708.com +DNS.709 = example709.com +DNS.710 = example710.com +DNS.711 = example711.com +DNS.712 = example712.com +DNS.713 = example713.com +DNS.714 = example714.com +DNS.715 = example715.com +DNS.716 = example716.com +DNS.717 = example717.com +DNS.718 = example718.com +DNS.719 = example719.com +DNS.720 = example720.com +DNS.721 = example721.com +DNS.722 = example722.com +DNS.723 = example723.com +DNS.724 = example724.com +DNS.725 = example725.com +DNS.726 = example726.com +DNS.727 = example727.com +DNS.728 = example728.com +DNS.729 = example729.com +DNS.730 = example730.com +DNS.731 = example731.com +DNS.732 = example732.com +DNS.733 = example733.com +DNS.734 = example734.com +DNS.735 = example735.com +DNS.736 = example736.com +DNS.737 = example737.com +DNS.738 = example738.com +DNS.739 = example739.com +DNS.740 = example740.com +DNS.741 = example741.com +DNS.742 = example742.com +DNS.743 = example743.com +DNS.744 = example744.com +DNS.745 = example745.com +DNS.746 = example746.com +DNS.747 = example747.com +DNS.748 = example748.com +DNS.749 = example749.com +DNS.750 = example750.com +DNS.751 = example751.com +DNS.752 = example752.com +DNS.753 = example753.com +DNS.754 = example754.com +DNS.755 = example755.com +DNS.756 = example756.com +DNS.757 = example757.com +DNS.758 = example758.com +DNS.759 = example759.com +DNS.760 = example760.com +DNS.761 = example761.com +DNS.762 = example762.com +DNS.763 = example763.com +DNS.764 = example764.com +DNS.765 = example765.com +DNS.766 = example766.com +DNS.767 = example767.com +DNS.768 = example768.com +DNS.769 = example769.com +DNS.770 = example770.com +DNS.771 = example771.com +DNS.772 = example772.com +DNS.773 = example773.com +DNS.774 = example774.com +DNS.775 = example775.com +DNS.776 = example776.com +DNS.777 = example777.com +DNS.778 = example778.com +DNS.779 = example779.com +DNS.780 = example780.com +DNS.781 = example781.com +DNS.782 = example782.com +DNS.783 = example783.com +DNS.784 = example784.com +DNS.785 = example785.com +DNS.786 = example786.com +DNS.787 = example787.com +DNS.788 = example788.com +DNS.789 = example789.com +DNS.790 = example790.com +DNS.791 = example791.com +DNS.792 = example792.com +DNS.793 = example793.com +DNS.794 = example794.com +DNS.795 = example795.com +DNS.796 = example796.com +DNS.797 = example797.com +DNS.798 = example798.com +DNS.799 = example799.com +DNS.800 = example800.com +DNS.801 = example801.com +DNS.802 = example802.com +DNS.803 = example803.com +DNS.804 = example804.com +DNS.805 = example805.com +DNS.806 = example806.com +DNS.807 = example807.com +DNS.808 = example808.com +DNS.809 = example809.com +DNS.810 = example810.com +DNS.811 = example811.com +DNS.812 = example812.com +DNS.813 = example813.com +DNS.814 = example814.com +DNS.815 = example815.com +DNS.816 = example816.com +DNS.817 = example817.com +DNS.818 = example818.com +DNS.819 = example819.com +DNS.820 = example820.com +DNS.821 = example821.com +DNS.822 = example822.com +DNS.823 = example823.com +DNS.824 = example824.com +DNS.825 = example825.com +DNS.826 = example826.com +DNS.827 = example827.com +DNS.828 = example828.com +DNS.829 = example829.com +DNS.830 = example830.com +DNS.831 = example831.com +DNS.832 = example832.com +DNS.833 = example833.com +DNS.834 = example834.com +DNS.835 = example835.com +DNS.836 = example836.com +DNS.837 = example837.com +DNS.838 = example838.com +DNS.839 = example839.com +DNS.840 = example840.com +DNS.841 = example841.com +DNS.842 = example842.com +DNS.843 = example843.com +DNS.844 = example844.com +DNS.845 = example845.com +DNS.846 = example846.com +DNS.847 = example847.com +DNS.848 = example848.com +DNS.849 = example849.com +DNS.850 = example850.com +DNS.851 = example851.com +DNS.852 = example852.com +DNS.853 = example853.com +DNS.854 = example854.com +DNS.855 = example855.com +DNS.856 = example856.com +DNS.857 = example857.com +DNS.858 = example858.com +DNS.859 = example859.com +DNS.860 = example860.com +DNS.861 = example861.com +DNS.862 = example862.com +DNS.863 = example863.com +DNS.864 = example864.com +DNS.865 = example865.com +DNS.866 = example866.com +DNS.867 = example867.com +DNS.868 = example868.com +DNS.869 = example869.com +DNS.870 = example870.com +DNS.871 = example871.com +DNS.872 = example872.com +DNS.873 = example873.com +DNS.874 = example874.com +DNS.875 = example875.com +DNS.876 = example876.com +DNS.877 = example877.com +DNS.878 = example878.com +DNS.879 = example879.com +DNS.880 = example880.com +DNS.881 = example881.com +DNS.882 = example882.com +DNS.883 = example883.com +DNS.884 = example884.com +DNS.885 = example885.com +DNS.886 = example886.com +DNS.887 = example887.com +DNS.888 = example888.com +DNS.889 = example889.com +DNS.890 = example890.com +DNS.891 = example891.com +DNS.892 = example892.com +DNS.893 = example893.com +DNS.894 = example894.com +DNS.895 = example895.com +DNS.896 = example896.com +DNS.897 = example897.com +DNS.898 = example898.com +DNS.899 = example899.com +DNS.900 = example900.com +DNS.901 = example901.com +DNS.902 = example902.com +DNS.903 = example903.com +DNS.904 = example904.com +DNS.905 = example905.com +DNS.906 = example906.com +DNS.907 = example907.com +DNS.908 = example908.com +DNS.909 = example909.com +DNS.910 = example910.com +DNS.911 = example911.com +DNS.912 = example912.com +DNS.913 = example913.com +DNS.914 = example914.com +DNS.915 = example915.com +DNS.916 = example916.com +DNS.917 = example917.com +DNS.918 = example918.com +DNS.919 = example919.com +DNS.920 = example920.com +DNS.921 = example921.com +DNS.922 = example922.com +DNS.923 = example923.com +DNS.924 = example924.com +DNS.925 = example925.com +DNS.926 = example926.com +DNS.927 = example927.com +DNS.928 = example928.com +DNS.929 = example929.com +DNS.930 = example930.com +DNS.931 = example931.com +DNS.932 = example932.com +DNS.933 = example933.com +DNS.934 = example934.com +DNS.935 = example935.com +DNS.936 = example936.com +DNS.937 = example937.com +DNS.938 = example938.com +DNS.939 = example939.com +DNS.940 = example940.com +DNS.941 = example941.com +DNS.942 = example942.com +DNS.943 = example943.com +DNS.944 = example944.com +DNS.945 = example945.com +DNS.946 = example946.com +DNS.947 = example947.com +DNS.948 = example948.com +DNS.949 = example949.com +DNS.950 = example950.com +DNS.951 = example951.com +DNS.952 = example952.com +DNS.953 = example953.com +DNS.954 = example954.com +DNS.955 = example955.com +DNS.956 = example956.com +DNS.957 = example957.com +DNS.958 = example958.com +DNS.959 = example959.com +DNS.960 = example960.com +DNS.961 = example961.com +DNS.962 = example962.com +DNS.963 = example963.com +DNS.964 = example964.com +DNS.965 = example965.com +DNS.966 = example966.com +DNS.967 = example967.com +DNS.968 = example968.com +DNS.969 = example969.com +DNS.970 = example970.com +DNS.971 = example971.com +DNS.972 = example972.com +DNS.973 = example973.com +DNS.974 = example974.com +DNS.975 = example975.com +DNS.976 = example976.com +DNS.977 = example977.com +DNS.978 = example978.com +DNS.979 = example979.com +DNS.980 = example980.com +DNS.981 = example981.com +DNS.982 = example982.com +DNS.983 = example983.com +DNS.984 = example984.com +DNS.985 = example985.com +DNS.986 = example986.com +DNS.987 = example987.com +DNS.988 = example988.com +DNS.989 = example989.com +DNS.990 = example990.com +DNS.991 = example991.com +DNS.992 = example992.com +DNS.993 = example993.com +DNS.994 = example994.com +DNS.995 = example995.com +DNS.996 = example996.com +DNS.997 = example997.com +DNS.998 = example998.com +DNS.999 = example999.com +DNS.1000 = example1000.com +DNS.1001 = example1001.com +DNS.1002 = example1002.com +DNS.1003 = example1003.com +DNS.1004 = example1004.com +DNS.1005 = example1005.com +DNS.1006 = example1006.com +DNS.1007 = example1007.com +DNS.1008 = example1008.com +DNS.1009 = example1009.com +DNS.1010 = example1010.com +DNS.1011 = example1011.com +DNS.1012 = example1012.com +DNS.1013 = example1013.com +DNS.1014 = example1014.com +DNS.1015 = example1015.com +DNS.1016 = example1016.com +DNS.1017 = example1017.com +DNS.1018 = example1018.com +DNS.1019 = example1019.com +DNS.1020 = example1020.com +DNS.1021 = example1021.com +DNS.1022 = example1022.com +DNS.1023 = example1023.com +DNS.1024 = example1024.com +DNS.1025 = example1025.com +DNS.1026 = example1026.com +DNS.1027 = example1027.com +DNS.1028 = example1028.com +DNS.1029 = example1029.com +DNS.1030 = example1030.com +DNS.1031 = example1031.com +DNS.1032 = example1032.com +DNS.1033 = example1033.com +DNS.1034 = example1034.com +DNS.1035 = example1035.com +DNS.1036 = example1036.com +DNS.1037 = example1037.com +DNS.1038 = example1038.com +DNS.1039 = example1039.com +DNS.1040 = example1040.com +DNS.1041 = example1041.com +DNS.1042 = example1042.com +DNS.1043 = example1043.com +DNS.1044 = example1044.com +DNS.1045 = example1045.com +DNS.1046 = example1046.com +DNS.1047 = example1047.com +DNS.1048 = example1048.com +DNS.1049 = example1049.com +DNS.1050 = example1050.com + + diff --git a/certs/test/cert-over-max-altnames.der b/certs/test/cert-over-max-altnames.der new file mode 100644 index 0000000000..244eec0eb7 Binary files /dev/null and b/certs/test/cert-over-max-altnames.der differ diff --git a/certs/test/cert-over-max-altnames.pem b/certs/test/cert-over-max-altnames.pem new file mode 100644 index 0000000000..f7f3fde3e8 --- /dev/null +++ b/certs/test/cert-over-max-altnames.pem @@ -0,0 +1,371 @@ +-----BEGIN CERTIFICATE----- +MIJFGTCCRAGgAwIBAgIUF5nmfrjmbW0wm+StvWrMOmpvGaUwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcxODE4MDUxMVoXDTI3 +MDQxNDE4MDUxMVowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF +bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY +06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGL +YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc +OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+ +Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+ +k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4JBmzCC +QZcwgkF0BgNVHREEgkFrMIJBZ4IMZXhhbXBsZTEuY29tggxleGFtcGxlMi5jb22C +DGV4YW1wbGUzLmNvbYIMZXhhbXBsZTQuY29tggxleGFtcGxlNS5jb22CDGV4YW1w +bGU2LmNvbYIMZXhhbXBsZTcuY29tggxleGFtcGxlOC5jb22CDGV4YW1wbGU5LmNv +bYINZXhhbXBsZTEwLmNvbYINZXhhbXBsZTExLmNvbYINZXhhbXBsZTEyLmNvbYIN +ZXhhbXBsZTEzLmNvbYINZXhhbXBsZTE0LmNvbYINZXhhbXBsZTE1LmNvbYINZXhh +bXBsZTE2LmNvbYINZXhhbXBsZTE3LmNvbYINZXhhbXBsZTE4LmNvbYINZXhhbXBs +ZTE5LmNvbYINZXhhbXBsZTIwLmNvbYINZXhhbXBsZTIxLmNvbYINZXhhbXBsZTIy +LmNvbYINZXhhbXBsZTIzLmNvbYINZXhhbXBsZTI0LmNvbYINZXhhbXBsZTI1LmNv +bYINZXhhbXBsZTI2LmNvbYINZXhhbXBsZTI3LmNvbYINZXhhbXBsZTI4LmNvbYIN +ZXhhbXBsZTI5LmNvbYINZXhhbXBsZTMwLmNvbYINZXhhbXBsZTMxLmNvbYINZXhh +bXBsZTMyLmNvbYINZXhhbXBsZTMzLmNvbYINZXhhbXBsZTM0LmNvbYINZXhhbXBs +ZTM1LmNvbYINZXhhbXBsZTM2LmNvbYINZXhhbXBsZTM3LmNvbYINZXhhbXBsZTM4 +LmNvbYINZXhhbXBsZTM5LmNvbYINZXhhbXBsZTQwLmNvbYINZXhhbXBsZTQxLmNv +bYINZXhhbXBsZTQyLmNvbYINZXhhbXBsZTQzLmNvbYINZXhhbXBsZTQ0LmNvbYIN +ZXhhbXBsZTQ1LmNvbYINZXhhbXBsZTQ2LmNvbYINZXhhbXBsZTQ3LmNvbYINZXhh +bXBsZTQ4LmNvbYINZXhhbXBsZTQ5LmNvbYINZXhhbXBsZTUwLmNvbYINZXhhbXBs +ZTUxLmNvbYINZXhhbXBsZTUyLmNvbYINZXhhbXBsZTUzLmNvbYINZXhhbXBsZTU0 +LmNvbYINZXhhbXBsZTU1LmNvbYINZXhhbXBsZTU2LmNvbYINZXhhbXBsZTU3LmNv +bYINZXhhbXBsZTU4LmNvbYINZXhhbXBsZTU5LmNvbYINZXhhbXBsZTYwLmNvbYIN +ZXhhbXBsZTYxLmNvbYINZXhhbXBsZTYyLmNvbYINZXhhbXBsZTYzLmNvbYINZXhh +bXBsZTY0LmNvbYINZXhhbXBsZTY1LmNvbYINZXhhbXBsZTY2LmNvbYINZXhhbXBs +ZTY3LmNvbYINZXhhbXBsZTY4LmNvbYINZXhhbXBsZTY5LmNvbYINZXhhbXBsZTcw +LmNvbYINZXhhbXBsZTcxLmNvbYINZXhhbXBsZTcyLmNvbYINZXhhbXBsZTczLmNv +bYINZXhhbXBsZTc0LmNvbYINZXhhbXBsZTc1LmNvbYINZXhhbXBsZTc2LmNvbYIN +ZXhhbXBsZTc3LmNvbYINZXhhbXBsZTc4LmNvbYINZXhhbXBsZTc5LmNvbYINZXhh +bXBsZTgwLmNvbYINZXhhbXBsZTgxLmNvbYINZXhhbXBsZTgyLmNvbYINZXhhbXBs +ZTgzLmNvbYINZXhhbXBsZTg0LmNvbYINZXhhbXBsZTg1LmNvbYINZXhhbXBsZTg2 +LmNvbYINZXhhbXBsZTg3LmNvbYINZXhhbXBsZTg4LmNvbYINZXhhbXBsZTg5LmNv +bYINZXhhbXBsZTkwLmNvbYINZXhhbXBsZTkxLmNvbYINZXhhbXBsZTkyLmNvbYIN +ZXhhbXBsZTkzLmNvbYINZXhhbXBsZTk0LmNvbYINZXhhbXBsZTk1LmNvbYINZXhh +bXBsZTk2LmNvbYINZXhhbXBsZTk3LmNvbYINZXhhbXBsZTk4LmNvbYINZXhhbXBs +ZTk5LmNvbYIOZXhhbXBsZTEwMC5jb22CDmV4YW1wbGUxMDEuY29tgg5leGFtcGxl +MTAyLmNvbYIOZXhhbXBsZTEwMy5jb22CDmV4YW1wbGUxMDQuY29tgg5leGFtcGxl +MTA1LmNvbYIOZXhhbXBsZTEwNi5jb22CDmV4YW1wbGUxMDcuY29tgg5leGFtcGxl +MTA4LmNvbYIOZXhhbXBsZTEwOS5jb22CDmV4YW1wbGUxMTAuY29tgg5leGFtcGxl +MTExLmNvbYIOZXhhbXBsZTExMi5jb22CDmV4YW1wbGUxMTMuY29tgg5leGFtcGxl +MTE0LmNvbYIOZXhhbXBsZTExNS5jb22CDmV4YW1wbGUxMTYuY29tgg5leGFtcGxl +MTE3LmNvbYIOZXhhbXBsZTExOC5jb22CDmV4YW1wbGUxMTkuY29tgg5leGFtcGxl +MTIwLmNvbYIOZXhhbXBsZTEyMS5jb22CDmV4YW1wbGUxMjIuY29tgg5leGFtcGxl +MTIzLmNvbYIOZXhhbXBsZTEyNC5jb22CDmV4YW1wbGUxMjUuY29tgg5leGFtcGxl +MTI2LmNvbYIOZXhhbXBsZTEyNy5jb22CDmV4YW1wbGUxMjguY29tgg5leGFtcGxl +MTI5LmNvbYIOZXhhbXBsZTEzMC5jb22CDmV4YW1wbGUxMzEuY29tgg5leGFtcGxl +MTMyLmNvbYIOZXhhbXBsZTEzMy5jb22CDmV4YW1wbGUxMzQuY29tgg5leGFtcGxl +MTM1LmNvbYIOZXhhbXBsZTEzNi5jb22CDmV4YW1wbGUxMzcuY29tgg5leGFtcGxl +MTM4LmNvbYIOZXhhbXBsZTEzOS5jb22CDmV4YW1wbGUxNDAuY29tgg5leGFtcGxl +MTQxLmNvbYIOZXhhbXBsZTE0Mi5jb22CDmV4YW1wbGUxNDMuY29tgg5leGFtcGxl +MTQ0LmNvbYIOZXhhbXBsZTE0NS5jb22CDmV4YW1wbGUxNDYuY29tgg5leGFtcGxl +MTQ3LmNvbYIOZXhhbXBsZTE0OC5jb22CDmV4YW1wbGUxNDkuY29tgg5leGFtcGxl +MTUwLmNvbYIOZXhhbXBsZTE1MS5jb22CDmV4YW1wbGUxNTIuY29tgg5leGFtcGxl +MTUzLmNvbYIOZXhhbXBsZTE1NC5jb22CDmV4YW1wbGUxNTUuY29tgg5leGFtcGxl +MTU2LmNvbYIOZXhhbXBsZTE1Ny5jb22CDmV4YW1wbGUxNTguY29tgg5leGFtcGxl +MTU5LmNvbYIOZXhhbXBsZTE2MC5jb22CDmV4YW1wbGUxNjEuY29tgg5leGFtcGxl +MTYyLmNvbYIOZXhhbXBsZTE2My5jb22CDmV4YW1wbGUxNjQuY29tgg5leGFtcGxl +MTY1LmNvbYIOZXhhbXBsZTE2Ni5jb22CDmV4YW1wbGUxNjcuY29tgg5leGFtcGxl +MTY4LmNvbYIOZXhhbXBsZTE2OS5jb22CDmV4YW1wbGUxNzAuY29tgg5leGFtcGxl +MTcxLmNvbYIOZXhhbXBsZTE3Mi5jb22CDmV4YW1wbGUxNzMuY29tgg5leGFtcGxl +MTc0LmNvbYIOZXhhbXBsZTE3NS5jb22CDmV4YW1wbGUxNzYuY29tgg5leGFtcGxl +MTc3LmNvbYIOZXhhbXBsZTE3OC5jb22CDmV4YW1wbGUxNzkuY29tgg5leGFtcGxl +MTgwLmNvbYIOZXhhbXBsZTE4MS5jb22CDmV4YW1wbGUxODIuY29tgg5leGFtcGxl +MTgzLmNvbYIOZXhhbXBsZTE4NC5jb22CDmV4YW1wbGUxODUuY29tgg5leGFtcGxl +MTg2LmNvbYIOZXhhbXBsZTE4Ny5jb22CDmV4YW1wbGUxODguY29tgg5leGFtcGxl +MTg5LmNvbYIOZXhhbXBsZTE5MC5jb22CDmV4YW1wbGUxOTEuY29tgg5leGFtcGxl +MTkyLmNvbYIOZXhhbXBsZTE5My5jb22CDmV4YW1wbGUxOTQuY29tgg5leGFtcGxl +MTk1LmNvbYIOZXhhbXBsZTE5Ni5jb22CDmV4YW1wbGUxOTcuY29tgg5leGFtcGxl +MTk4LmNvbYIOZXhhbXBsZTE5OS5jb22CDmV4YW1wbGUyMDAuY29tgg5leGFtcGxl +MjAxLmNvbYIOZXhhbXBsZTIwMi5jb22CDmV4YW1wbGUyMDMuY29tgg5leGFtcGxl +MjA0LmNvbYIOZXhhbXBsZTIwNS5jb22CDmV4YW1wbGUyMDYuY29tgg5leGFtcGxl +MjA3LmNvbYIOZXhhbXBsZTIwOC5jb22CDmV4YW1wbGUyMDkuY29tgg5leGFtcGxl +MjEwLmNvbYIOZXhhbXBsZTIxMS5jb22CDmV4YW1wbGUyMTIuY29tgg5leGFtcGxl +MjEzLmNvbYIOZXhhbXBsZTIxNC5jb22CDmV4YW1wbGUyMTUuY29tgg5leGFtcGxl +MjE2LmNvbYIOZXhhbXBsZTIxNy5jb22CDmV4YW1wbGUyMTguY29tgg5leGFtcGxl +MjE5LmNvbYIOZXhhbXBsZTIyMC5jb22CDmV4YW1wbGUyMjEuY29tgg5leGFtcGxl +MjIyLmNvbYIOZXhhbXBsZTIyMy5jb22CDmV4YW1wbGUyMjQuY29tgg5leGFtcGxl +MjI1LmNvbYIOZXhhbXBsZTIyNi5jb22CDmV4YW1wbGUyMjcuY29tgg5leGFtcGxl +MjI4LmNvbYIOZXhhbXBsZTIyOS5jb22CDmV4YW1wbGUyMzAuY29tgg5leGFtcGxl +MjMxLmNvbYIOZXhhbXBsZTIzMi5jb22CDmV4YW1wbGUyMzMuY29tgg5leGFtcGxl +MjM0LmNvbYIOZXhhbXBsZTIzNS5jb22CDmV4YW1wbGUyMzYuY29tgg5leGFtcGxl +MjM3LmNvbYIOZXhhbXBsZTIzOC5jb22CDmV4YW1wbGUyMzkuY29tgg5leGFtcGxl +MjQwLmNvbYIOZXhhbXBsZTI0MS5jb22CDmV4YW1wbGUyNDIuY29tgg5leGFtcGxl +MjQzLmNvbYIOZXhhbXBsZTI0NC5jb22CDmV4YW1wbGUyNDUuY29tgg5leGFtcGxl +MjQ2LmNvbYIOZXhhbXBsZTI0Ny5jb22CDmV4YW1wbGUyNDguY29tgg5leGFtcGxl +MjQ5LmNvbYIOZXhhbXBsZTI1MC5jb22CDmV4YW1wbGUyNTEuY29tgg5leGFtcGxl +MjUyLmNvbYIOZXhhbXBsZTI1My5jb22CDmV4YW1wbGUyNTQuY29tgg5leGFtcGxl +MjU1LmNvbYIOZXhhbXBsZTI1Ni5jb22CDmV4YW1wbGUyNTcuY29tgg5leGFtcGxl +MjU4LmNvbYIOZXhhbXBsZTI1OS5jb22CDmV4YW1wbGUyNjAuY29tgg5leGFtcGxl +MjYxLmNvbYIOZXhhbXBsZTI2Mi5jb22CDmV4YW1wbGUyNjMuY29tgg5leGFtcGxl +MjY0LmNvbYIOZXhhbXBsZTI2NS5jb22CDmV4YW1wbGUyNjYuY29tgg5leGFtcGxl +MjY3LmNvbYIOZXhhbXBsZTI2OC5jb22CDmV4YW1wbGUyNjkuY29tgg5leGFtcGxl +MjcwLmNvbYIOZXhhbXBsZTI3MS5jb22CDmV4YW1wbGUyNzIuY29tgg5leGFtcGxl +MjczLmNvbYIOZXhhbXBsZTI3NC5jb22CDmV4YW1wbGUyNzUuY29tgg5leGFtcGxl +Mjc2LmNvbYIOZXhhbXBsZTI3Ny5jb22CDmV4YW1wbGUyNzguY29tgg5leGFtcGxl +Mjc5LmNvbYIOZXhhbXBsZTI4MC5jb22CDmV4YW1wbGUyODEuY29tgg5leGFtcGxl +MjgyLmNvbYIOZXhhbXBsZTI4My5jb22CDmV4YW1wbGUyODQuY29tgg5leGFtcGxl +Mjg1LmNvbYIOZXhhbXBsZTI4Ni5jb22CDmV4YW1wbGUyODcuY29tgg5leGFtcGxl +Mjg4LmNvbYIOZXhhbXBsZTI4OS5jb22CDmV4YW1wbGUyOTAuY29tgg5leGFtcGxl +MjkxLmNvbYIOZXhhbXBsZTI5Mi5jb22CDmV4YW1wbGUyOTMuY29tgg5leGFtcGxl +Mjk0LmNvbYIOZXhhbXBsZTI5NS5jb22CDmV4YW1wbGUyOTYuY29tgg5leGFtcGxl +Mjk3LmNvbYIOZXhhbXBsZTI5OC5jb22CDmV4YW1wbGUyOTkuY29tgg5leGFtcGxl +MzAwLmNvbYIOZXhhbXBsZTMwMS5jb22CDmV4YW1wbGUzMDIuY29tgg5leGFtcGxl +MzAzLmNvbYIOZXhhbXBsZTMwNC5jb22CDmV4YW1wbGUzMDUuY29tgg5leGFtcGxl +MzA2LmNvbYIOZXhhbXBsZTMwNy5jb22CDmV4YW1wbGUzMDguY29tgg5leGFtcGxl +MzA5LmNvbYIOZXhhbXBsZTMxMC5jb22CDmV4YW1wbGUzMTEuY29tgg5leGFtcGxl +MzEyLmNvbYIOZXhhbXBsZTMxMy5jb22CDmV4YW1wbGUzMTQuY29tgg5leGFtcGxl +MzE1LmNvbYIOZXhhbXBsZTMxNi5jb22CDmV4YW1wbGUzMTcuY29tgg5leGFtcGxl +MzE4LmNvbYIOZXhhbXBsZTMxOS5jb22CDmV4YW1wbGUzMjAuY29tgg5leGFtcGxl +MzIxLmNvbYIOZXhhbXBsZTMyMi5jb22CDmV4YW1wbGUzMjMuY29tgg5leGFtcGxl +MzI0LmNvbYIOZXhhbXBsZTMyNS5jb22CDmV4YW1wbGUzMjYuY29tgg5leGFtcGxl +MzI3LmNvbYIOZXhhbXBsZTMyOC5jb22CDmV4YW1wbGUzMjkuY29tgg5leGFtcGxl +MzMwLmNvbYIOZXhhbXBsZTMzMS5jb22CDmV4YW1wbGUzMzIuY29tgg5leGFtcGxl +MzMzLmNvbYIOZXhhbXBsZTMzNC5jb22CDmV4YW1wbGUzMzUuY29tgg5leGFtcGxl +MzM2LmNvbYIOZXhhbXBsZTMzNy5jb22CDmV4YW1wbGUzMzguY29tgg5leGFtcGxl +MzM5LmNvbYIOZXhhbXBsZTM0MC5jb22CDmV4YW1wbGUzNDEuY29tgg5leGFtcGxl +MzQyLmNvbYIOZXhhbXBsZTM0My5jb22CDmV4YW1wbGUzNDQuY29tgg5leGFtcGxl +MzQ1LmNvbYIOZXhhbXBsZTM0Ni5jb22CDmV4YW1wbGUzNDcuY29tgg5leGFtcGxl +MzQ4LmNvbYIOZXhhbXBsZTM0OS5jb22CDmV4YW1wbGUzNTAuY29tgg5leGFtcGxl +MzUxLmNvbYIOZXhhbXBsZTM1Mi5jb22CDmV4YW1wbGUzNTMuY29tgg5leGFtcGxl +MzU0LmNvbYIOZXhhbXBsZTM1NS5jb22CDmV4YW1wbGUzNTYuY29tgg5leGFtcGxl +MzU3LmNvbYIOZXhhbXBsZTM1OC5jb22CDmV4YW1wbGUzNTkuY29tgg5leGFtcGxl +MzYwLmNvbYIOZXhhbXBsZTM2MS5jb22CDmV4YW1wbGUzNjIuY29tgg5leGFtcGxl +MzYzLmNvbYIOZXhhbXBsZTM2NC5jb22CDmV4YW1wbGUzNjUuY29tgg5leGFtcGxl +MzY2LmNvbYIOZXhhbXBsZTM2Ny5jb22CDmV4YW1wbGUzNjguY29tgg5leGFtcGxl +MzY5LmNvbYIOZXhhbXBsZTM3MC5jb22CDmV4YW1wbGUzNzEuY29tgg5leGFtcGxl +MzcyLmNvbYIOZXhhbXBsZTM3My5jb22CDmV4YW1wbGUzNzQuY29tgg5leGFtcGxl +Mzc1LmNvbYIOZXhhbXBsZTM3Ni5jb22CDmV4YW1wbGUzNzcuY29tgg5leGFtcGxl +Mzc4LmNvbYIOZXhhbXBsZTM3OS5jb22CDmV4YW1wbGUzODAuY29tgg5leGFtcGxl +MzgxLmNvbYIOZXhhbXBsZTM4Mi5jb22CDmV4YW1wbGUzODMuY29tgg5leGFtcGxl +Mzg0LmNvbYIOZXhhbXBsZTM4NS5jb22CDmV4YW1wbGUzODYuY29tgg5leGFtcGxl +Mzg3LmNvbYIOZXhhbXBsZTM4OC5jb22CDmV4YW1wbGUzODkuY29tgg5leGFtcGxl +MzkwLmNvbYIOZXhhbXBsZTM5MS5jb22CDmV4YW1wbGUzOTIuY29tgg5leGFtcGxl +MzkzLmNvbYIOZXhhbXBsZTM5NC5jb22CDmV4YW1wbGUzOTUuY29tgg5leGFtcGxl +Mzk2LmNvbYIOZXhhbXBsZTM5Ny5jb22CDmV4YW1wbGUzOTguY29tgg5leGFtcGxl +Mzk5LmNvbYIOZXhhbXBsZTQwMC5jb22CDmV4YW1wbGU0MDEuY29tgg5leGFtcGxl +NDAyLmNvbYIOZXhhbXBsZTQwMy5jb22CDmV4YW1wbGU0MDQuY29tgg5leGFtcGxl +NDA1LmNvbYIOZXhhbXBsZTQwNi5jb22CDmV4YW1wbGU0MDcuY29tgg5leGFtcGxl +NDA4LmNvbYIOZXhhbXBsZTQwOS5jb22CDmV4YW1wbGU0MTAuY29tgg5leGFtcGxl +NDExLmNvbYIOZXhhbXBsZTQxMi5jb22CDmV4YW1wbGU0MTMuY29tgg5leGFtcGxl +NDE0LmNvbYIOZXhhbXBsZTQxNS5jb22CDmV4YW1wbGU0MTYuY29tgg5leGFtcGxl +NDE3LmNvbYIOZXhhbXBsZTQxOC5jb22CDmV4YW1wbGU0MTkuY29tgg5leGFtcGxl +NDIwLmNvbYIOZXhhbXBsZTQyMS5jb22CDmV4YW1wbGU0MjIuY29tgg5leGFtcGxl +NDIzLmNvbYIOZXhhbXBsZTQyNC5jb22CDmV4YW1wbGU0MjUuY29tgg5leGFtcGxl +NDI2LmNvbYIOZXhhbXBsZTQyNy5jb22CDmV4YW1wbGU0MjguY29tgg5leGFtcGxl +NDI5LmNvbYIOZXhhbXBsZTQzMC5jb22CDmV4YW1wbGU0MzEuY29tgg5leGFtcGxl +NDMyLmNvbYIOZXhhbXBsZTQzMy5jb22CDmV4YW1wbGU0MzQuY29tgg5leGFtcGxl +NDM1LmNvbYIOZXhhbXBsZTQzNi5jb22CDmV4YW1wbGU0MzcuY29tgg5leGFtcGxl +NDM4LmNvbYIOZXhhbXBsZTQzOS5jb22CDmV4YW1wbGU0NDAuY29tgg5leGFtcGxl +NDQxLmNvbYIOZXhhbXBsZTQ0Mi5jb22CDmV4YW1wbGU0NDMuY29tgg5leGFtcGxl +NDQ0LmNvbYIOZXhhbXBsZTQ0NS5jb22CDmV4YW1wbGU0NDYuY29tgg5leGFtcGxl +NDQ3LmNvbYIOZXhhbXBsZTQ0OC5jb22CDmV4YW1wbGU0NDkuY29tgg5leGFtcGxl +NDUwLmNvbYIOZXhhbXBsZTQ1MS5jb22CDmV4YW1wbGU0NTIuY29tgg5leGFtcGxl +NDUzLmNvbYIOZXhhbXBsZTQ1NC5jb22CDmV4YW1wbGU0NTUuY29tgg5leGFtcGxl +NDU2LmNvbYIOZXhhbXBsZTQ1Ny5jb22CDmV4YW1wbGU0NTguY29tgg5leGFtcGxl +NDU5LmNvbYIOZXhhbXBsZTQ2MC5jb22CDmV4YW1wbGU0NjEuY29tgg5leGFtcGxl +NDYyLmNvbYIOZXhhbXBsZTQ2My5jb22CDmV4YW1wbGU0NjQuY29tgg5leGFtcGxl +NDY1LmNvbYIOZXhhbXBsZTQ2Ni5jb22CDmV4YW1wbGU0NjcuY29tgg5leGFtcGxl +NDY4LmNvbYIOZXhhbXBsZTQ2OS5jb22CDmV4YW1wbGU0NzAuY29tgg5leGFtcGxl +NDcxLmNvbYIOZXhhbXBsZTQ3Mi5jb22CDmV4YW1wbGU0NzMuY29tgg5leGFtcGxl +NDc0LmNvbYIOZXhhbXBsZTQ3NS5jb22CDmV4YW1wbGU0NzYuY29tgg5leGFtcGxl +NDc3LmNvbYIOZXhhbXBsZTQ3OC5jb22CDmV4YW1wbGU0NzkuY29tgg5leGFtcGxl +NDgwLmNvbYIOZXhhbXBsZTQ4MS5jb22CDmV4YW1wbGU0ODIuY29tgg5leGFtcGxl +NDgzLmNvbYIOZXhhbXBsZTQ4NC5jb22CDmV4YW1wbGU0ODUuY29tgg5leGFtcGxl +NDg2LmNvbYIOZXhhbXBsZTQ4Ny5jb22CDmV4YW1wbGU0ODguY29tgg5leGFtcGxl +NDg5LmNvbYIOZXhhbXBsZTQ5MC5jb22CDmV4YW1wbGU0OTEuY29tgg5leGFtcGxl +NDkyLmNvbYIOZXhhbXBsZTQ5My5jb22CDmV4YW1wbGU0OTQuY29tgg5leGFtcGxl +NDk1LmNvbYIOZXhhbXBsZTQ5Ni5jb22CDmV4YW1wbGU0OTcuY29tgg5leGFtcGxl +NDk4LmNvbYIOZXhhbXBsZTQ5OS5jb22CDmV4YW1wbGU1MDAuY29tgg5leGFtcGxl +NTAxLmNvbYIOZXhhbXBsZTUwMi5jb22CDmV4YW1wbGU1MDMuY29tgg5leGFtcGxl +NTA0LmNvbYIOZXhhbXBsZTUwNS5jb22CDmV4YW1wbGU1MDYuY29tgg5leGFtcGxl +NTA3LmNvbYIOZXhhbXBsZTUwOC5jb22CDmV4YW1wbGU1MDkuY29tgg5leGFtcGxl +NTEwLmNvbYIOZXhhbXBsZTUxMS5jb22CDmV4YW1wbGU1MTIuY29tgg5leGFtcGxl +NTEzLmNvbYIOZXhhbXBsZTUxNC5jb22CDmV4YW1wbGU1MTUuY29tgg5leGFtcGxl +NTE2LmNvbYIOZXhhbXBsZTUxNy5jb22CDmV4YW1wbGU1MTguY29tgg5leGFtcGxl +NTE5LmNvbYIOZXhhbXBsZTUyMC5jb22CDmV4YW1wbGU1MjEuY29tgg5leGFtcGxl +NTIyLmNvbYIOZXhhbXBsZTUyMy5jb22CDmV4YW1wbGU1MjQuY29tgg5leGFtcGxl +NTI1LmNvbYIOZXhhbXBsZTUyNi5jb22CDmV4YW1wbGU1MjcuY29tgg5leGFtcGxl +NTI4LmNvbYIOZXhhbXBsZTUyOS5jb22CDmV4YW1wbGU1MzAuY29tgg5leGFtcGxl +NTMxLmNvbYIOZXhhbXBsZTUzMi5jb22CDmV4YW1wbGU1MzMuY29tgg5leGFtcGxl +NTM0LmNvbYIOZXhhbXBsZTUzNS5jb22CDmV4YW1wbGU1MzYuY29tgg5leGFtcGxl +NTM3LmNvbYIOZXhhbXBsZTUzOC5jb22CDmV4YW1wbGU1MzkuY29tgg5leGFtcGxl +NTQwLmNvbYIOZXhhbXBsZTU0MS5jb22CDmV4YW1wbGU1NDIuY29tgg5leGFtcGxl +NTQzLmNvbYIOZXhhbXBsZTU0NC5jb22CDmV4YW1wbGU1NDUuY29tgg5leGFtcGxl +NTQ2LmNvbYIOZXhhbXBsZTU0Ny5jb22CDmV4YW1wbGU1NDguY29tgg5leGFtcGxl +NTQ5LmNvbYIOZXhhbXBsZTU1MC5jb22CDmV4YW1wbGU1NTEuY29tgg5leGFtcGxl +NTUyLmNvbYIOZXhhbXBsZTU1My5jb22CDmV4YW1wbGU1NTQuY29tgg5leGFtcGxl +NTU1LmNvbYIOZXhhbXBsZTU1Ni5jb22CDmV4YW1wbGU1NTcuY29tgg5leGFtcGxl +NTU4LmNvbYIOZXhhbXBsZTU1OS5jb22CDmV4YW1wbGU1NjAuY29tgg5leGFtcGxl +NTYxLmNvbYIOZXhhbXBsZTU2Mi5jb22CDmV4YW1wbGU1NjMuY29tgg5leGFtcGxl +NTY0LmNvbYIOZXhhbXBsZTU2NS5jb22CDmV4YW1wbGU1NjYuY29tgg5leGFtcGxl +NTY3LmNvbYIOZXhhbXBsZTU2OC5jb22CDmV4YW1wbGU1NjkuY29tgg5leGFtcGxl +NTcwLmNvbYIOZXhhbXBsZTU3MS5jb22CDmV4YW1wbGU1NzIuY29tgg5leGFtcGxl +NTczLmNvbYIOZXhhbXBsZTU3NC5jb22CDmV4YW1wbGU1NzUuY29tgg5leGFtcGxl +NTc2LmNvbYIOZXhhbXBsZTU3Ny5jb22CDmV4YW1wbGU1NzguY29tgg5leGFtcGxl +NTc5LmNvbYIOZXhhbXBsZTU4MC5jb22CDmV4YW1wbGU1ODEuY29tgg5leGFtcGxl +NTgyLmNvbYIOZXhhbXBsZTU4My5jb22CDmV4YW1wbGU1ODQuY29tgg5leGFtcGxl +NTg1LmNvbYIOZXhhbXBsZTU4Ni5jb22CDmV4YW1wbGU1ODcuY29tgg5leGFtcGxl +NTg4LmNvbYIOZXhhbXBsZTU4OS5jb22CDmV4YW1wbGU1OTAuY29tgg5leGFtcGxl +NTkxLmNvbYIOZXhhbXBsZTU5Mi5jb22CDmV4YW1wbGU1OTMuY29tgg5leGFtcGxl +NTk0LmNvbYIOZXhhbXBsZTU5NS5jb22CDmV4YW1wbGU1OTYuY29tgg5leGFtcGxl +NTk3LmNvbYIOZXhhbXBsZTU5OC5jb22CDmV4YW1wbGU1OTkuY29tgg5leGFtcGxl +NjAwLmNvbYIOZXhhbXBsZTYwMS5jb22CDmV4YW1wbGU2MDIuY29tgg5leGFtcGxl +NjAzLmNvbYIOZXhhbXBsZTYwNC5jb22CDmV4YW1wbGU2MDUuY29tgg5leGFtcGxl +NjA2LmNvbYIOZXhhbXBsZTYwNy5jb22CDmV4YW1wbGU2MDguY29tgg5leGFtcGxl +NjA5LmNvbYIOZXhhbXBsZTYxMC5jb22CDmV4YW1wbGU2MTEuY29tgg5leGFtcGxl +NjEyLmNvbYIOZXhhbXBsZTYxMy5jb22CDmV4YW1wbGU2MTQuY29tgg5leGFtcGxl +NjE1LmNvbYIOZXhhbXBsZTYxNi5jb22CDmV4YW1wbGU2MTcuY29tgg5leGFtcGxl +NjE4LmNvbYIOZXhhbXBsZTYxOS5jb22CDmV4YW1wbGU2MjAuY29tgg5leGFtcGxl +NjIxLmNvbYIOZXhhbXBsZTYyMi5jb22CDmV4YW1wbGU2MjMuY29tgg5leGFtcGxl +NjI0LmNvbYIOZXhhbXBsZTYyNS5jb22CDmV4YW1wbGU2MjYuY29tgg5leGFtcGxl +NjI3LmNvbYIOZXhhbXBsZTYyOC5jb22CDmV4YW1wbGU2MjkuY29tgg5leGFtcGxl +NjMwLmNvbYIOZXhhbXBsZTYzMS5jb22CDmV4YW1wbGU2MzIuY29tgg5leGFtcGxl +NjMzLmNvbYIOZXhhbXBsZTYzNC5jb22CDmV4YW1wbGU2MzUuY29tgg5leGFtcGxl +NjM2LmNvbYIOZXhhbXBsZTYzNy5jb22CDmV4YW1wbGU2MzguY29tgg5leGFtcGxl +NjM5LmNvbYIOZXhhbXBsZTY0MC5jb22CDmV4YW1wbGU2NDEuY29tgg5leGFtcGxl +NjQyLmNvbYIOZXhhbXBsZTY0My5jb22CDmV4YW1wbGU2NDQuY29tgg5leGFtcGxl +NjQ1LmNvbYIOZXhhbXBsZTY0Ni5jb22CDmV4YW1wbGU2NDcuY29tgg5leGFtcGxl +NjQ4LmNvbYIOZXhhbXBsZTY0OS5jb22CDmV4YW1wbGU2NTAuY29tgg5leGFtcGxl +NjUxLmNvbYIOZXhhbXBsZTY1Mi5jb22CDmV4YW1wbGU2NTMuY29tgg5leGFtcGxl +NjU0LmNvbYIOZXhhbXBsZTY1NS5jb22CDmV4YW1wbGU2NTYuY29tgg5leGFtcGxl +NjU3LmNvbYIOZXhhbXBsZTY1OC5jb22CDmV4YW1wbGU2NTkuY29tgg5leGFtcGxl +NjYwLmNvbYIOZXhhbXBsZTY2MS5jb22CDmV4YW1wbGU2NjIuY29tgg5leGFtcGxl +NjYzLmNvbYIOZXhhbXBsZTY2NC5jb22CDmV4YW1wbGU2NjUuY29tgg5leGFtcGxl +NjY2LmNvbYIOZXhhbXBsZTY2Ny5jb22CDmV4YW1wbGU2NjguY29tgg5leGFtcGxl +NjY5LmNvbYIOZXhhbXBsZTY3MC5jb22CDmV4YW1wbGU2NzEuY29tgg5leGFtcGxl +NjcyLmNvbYIOZXhhbXBsZTY3My5jb22CDmV4YW1wbGU2NzQuY29tgg5leGFtcGxl +Njc1LmNvbYIOZXhhbXBsZTY3Ni5jb22CDmV4YW1wbGU2NzcuY29tgg5leGFtcGxl +Njc4LmNvbYIOZXhhbXBsZTY3OS5jb22CDmV4YW1wbGU2ODAuY29tgg5leGFtcGxl +NjgxLmNvbYIOZXhhbXBsZTY4Mi5jb22CDmV4YW1wbGU2ODMuY29tgg5leGFtcGxl +Njg0LmNvbYIOZXhhbXBsZTY4NS5jb22CDmV4YW1wbGU2ODYuY29tgg5leGFtcGxl +Njg3LmNvbYIOZXhhbXBsZTY4OC5jb22CDmV4YW1wbGU2ODkuY29tgg5leGFtcGxl +NjkwLmNvbYIOZXhhbXBsZTY5MS5jb22CDmV4YW1wbGU2OTIuY29tgg5leGFtcGxl +NjkzLmNvbYIOZXhhbXBsZTY5NC5jb22CDmV4YW1wbGU2OTUuY29tgg5leGFtcGxl +Njk2LmNvbYIOZXhhbXBsZTY5Ny5jb22CDmV4YW1wbGU2OTguY29tgg5leGFtcGxl +Njk5LmNvbYIOZXhhbXBsZTcwMC5jb22CDmV4YW1wbGU3MDEuY29tgg5leGFtcGxl +NzAyLmNvbYIOZXhhbXBsZTcwMy5jb22CDmV4YW1wbGU3MDQuY29tgg5leGFtcGxl +NzA1LmNvbYIOZXhhbXBsZTcwNi5jb22CDmV4YW1wbGU3MDcuY29tgg5leGFtcGxl +NzA4LmNvbYIOZXhhbXBsZTcwOS5jb22CDmV4YW1wbGU3MTAuY29tgg5leGFtcGxl +NzExLmNvbYIOZXhhbXBsZTcxMi5jb22CDmV4YW1wbGU3MTMuY29tgg5leGFtcGxl +NzE0LmNvbYIOZXhhbXBsZTcxNS5jb22CDmV4YW1wbGU3MTYuY29tgg5leGFtcGxl +NzE3LmNvbYIOZXhhbXBsZTcxOC5jb22CDmV4YW1wbGU3MTkuY29tgg5leGFtcGxl +NzIwLmNvbYIOZXhhbXBsZTcyMS5jb22CDmV4YW1wbGU3MjIuY29tgg5leGFtcGxl +NzIzLmNvbYIOZXhhbXBsZTcyNC5jb22CDmV4YW1wbGU3MjUuY29tgg5leGFtcGxl +NzI2LmNvbYIOZXhhbXBsZTcyNy5jb22CDmV4YW1wbGU3MjguY29tgg5leGFtcGxl +NzI5LmNvbYIOZXhhbXBsZTczMC5jb22CDmV4YW1wbGU3MzEuY29tgg5leGFtcGxl +NzMyLmNvbYIOZXhhbXBsZTczMy5jb22CDmV4YW1wbGU3MzQuY29tgg5leGFtcGxl +NzM1LmNvbYIOZXhhbXBsZTczNi5jb22CDmV4YW1wbGU3MzcuY29tgg5leGFtcGxl +NzM4LmNvbYIOZXhhbXBsZTczOS5jb22CDmV4YW1wbGU3NDAuY29tgg5leGFtcGxl +NzQxLmNvbYIOZXhhbXBsZTc0Mi5jb22CDmV4YW1wbGU3NDMuY29tgg5leGFtcGxl +NzQ0LmNvbYIOZXhhbXBsZTc0NS5jb22CDmV4YW1wbGU3NDYuY29tgg5leGFtcGxl +NzQ3LmNvbYIOZXhhbXBsZTc0OC5jb22CDmV4YW1wbGU3NDkuY29tgg5leGFtcGxl +NzUwLmNvbYIOZXhhbXBsZTc1MS5jb22CDmV4YW1wbGU3NTIuY29tgg5leGFtcGxl +NzUzLmNvbYIOZXhhbXBsZTc1NC5jb22CDmV4YW1wbGU3NTUuY29tgg5leGFtcGxl +NzU2LmNvbYIOZXhhbXBsZTc1Ny5jb22CDmV4YW1wbGU3NTguY29tgg5leGFtcGxl +NzU5LmNvbYIOZXhhbXBsZTc2MC5jb22CDmV4YW1wbGU3NjEuY29tgg5leGFtcGxl +NzYyLmNvbYIOZXhhbXBsZTc2My5jb22CDmV4YW1wbGU3NjQuY29tgg5leGFtcGxl +NzY1LmNvbYIOZXhhbXBsZTc2Ni5jb22CDmV4YW1wbGU3NjcuY29tgg5leGFtcGxl +NzY4LmNvbYIOZXhhbXBsZTc2OS5jb22CDmV4YW1wbGU3NzAuY29tgg5leGFtcGxl +NzcxLmNvbYIOZXhhbXBsZTc3Mi5jb22CDmV4YW1wbGU3NzMuY29tgg5leGFtcGxl +Nzc0LmNvbYIOZXhhbXBsZTc3NS5jb22CDmV4YW1wbGU3NzYuY29tgg5leGFtcGxl +Nzc3LmNvbYIOZXhhbXBsZTc3OC5jb22CDmV4YW1wbGU3NzkuY29tgg5leGFtcGxl +NzgwLmNvbYIOZXhhbXBsZTc4MS5jb22CDmV4YW1wbGU3ODIuY29tgg5leGFtcGxl +NzgzLmNvbYIOZXhhbXBsZTc4NC5jb22CDmV4YW1wbGU3ODUuY29tgg5leGFtcGxl +Nzg2LmNvbYIOZXhhbXBsZTc4Ny5jb22CDmV4YW1wbGU3ODguY29tgg5leGFtcGxl +Nzg5LmNvbYIOZXhhbXBsZTc5MC5jb22CDmV4YW1wbGU3OTEuY29tgg5leGFtcGxl +NzkyLmNvbYIOZXhhbXBsZTc5My5jb22CDmV4YW1wbGU3OTQuY29tgg5leGFtcGxl +Nzk1LmNvbYIOZXhhbXBsZTc5Ni5jb22CDmV4YW1wbGU3OTcuY29tgg5leGFtcGxl +Nzk4LmNvbYIOZXhhbXBsZTc5OS5jb22CDmV4YW1wbGU4MDAuY29tgg5leGFtcGxl +ODAxLmNvbYIOZXhhbXBsZTgwMi5jb22CDmV4YW1wbGU4MDMuY29tgg5leGFtcGxl +ODA0LmNvbYIOZXhhbXBsZTgwNS5jb22CDmV4YW1wbGU4MDYuY29tgg5leGFtcGxl +ODA3LmNvbYIOZXhhbXBsZTgwOC5jb22CDmV4YW1wbGU4MDkuY29tgg5leGFtcGxl +ODEwLmNvbYIOZXhhbXBsZTgxMS5jb22CDmV4YW1wbGU4MTIuY29tgg5leGFtcGxl +ODEzLmNvbYIOZXhhbXBsZTgxNC5jb22CDmV4YW1wbGU4MTUuY29tgg5leGFtcGxl +ODE2LmNvbYIOZXhhbXBsZTgxNy5jb22CDmV4YW1wbGU4MTguY29tgg5leGFtcGxl +ODE5LmNvbYIOZXhhbXBsZTgyMC5jb22CDmV4YW1wbGU4MjEuY29tgg5leGFtcGxl +ODIyLmNvbYIOZXhhbXBsZTgyMy5jb22CDmV4YW1wbGU4MjQuY29tgg5leGFtcGxl +ODI1LmNvbYIOZXhhbXBsZTgyNi5jb22CDmV4YW1wbGU4MjcuY29tgg5leGFtcGxl +ODI4LmNvbYIOZXhhbXBsZTgyOS5jb22CDmV4YW1wbGU4MzAuY29tgg5leGFtcGxl +ODMxLmNvbYIOZXhhbXBsZTgzMi5jb22CDmV4YW1wbGU4MzMuY29tgg5leGFtcGxl +ODM0LmNvbYIOZXhhbXBsZTgzNS5jb22CDmV4YW1wbGU4MzYuY29tgg5leGFtcGxl +ODM3LmNvbYIOZXhhbXBsZTgzOC5jb22CDmV4YW1wbGU4MzkuY29tgg5leGFtcGxl +ODQwLmNvbYIOZXhhbXBsZTg0MS5jb22CDmV4YW1wbGU4NDIuY29tgg5leGFtcGxl +ODQzLmNvbYIOZXhhbXBsZTg0NC5jb22CDmV4YW1wbGU4NDUuY29tgg5leGFtcGxl +ODQ2LmNvbYIOZXhhbXBsZTg0Ny5jb22CDmV4YW1wbGU4NDguY29tgg5leGFtcGxl +ODQ5LmNvbYIOZXhhbXBsZTg1MC5jb22CDmV4YW1wbGU4NTEuY29tgg5leGFtcGxl +ODUyLmNvbYIOZXhhbXBsZTg1My5jb22CDmV4YW1wbGU4NTQuY29tgg5leGFtcGxl +ODU1LmNvbYIOZXhhbXBsZTg1Ni5jb22CDmV4YW1wbGU4NTcuY29tgg5leGFtcGxl +ODU4LmNvbYIOZXhhbXBsZTg1OS5jb22CDmV4YW1wbGU4NjAuY29tgg5leGFtcGxl +ODYxLmNvbYIOZXhhbXBsZTg2Mi5jb22CDmV4YW1wbGU4NjMuY29tgg5leGFtcGxl +ODY0LmNvbYIOZXhhbXBsZTg2NS5jb22CDmV4YW1wbGU4NjYuY29tgg5leGFtcGxl +ODY3LmNvbYIOZXhhbXBsZTg2OC5jb22CDmV4YW1wbGU4NjkuY29tgg5leGFtcGxl +ODcwLmNvbYIOZXhhbXBsZTg3MS5jb22CDmV4YW1wbGU4NzIuY29tgg5leGFtcGxl +ODczLmNvbYIOZXhhbXBsZTg3NC5jb22CDmV4YW1wbGU4NzUuY29tgg5leGFtcGxl +ODc2LmNvbYIOZXhhbXBsZTg3Ny5jb22CDmV4YW1wbGU4NzguY29tgg5leGFtcGxl +ODc5LmNvbYIOZXhhbXBsZTg4MC5jb22CDmV4YW1wbGU4ODEuY29tgg5leGFtcGxl +ODgyLmNvbYIOZXhhbXBsZTg4My5jb22CDmV4YW1wbGU4ODQuY29tgg5leGFtcGxl +ODg1LmNvbYIOZXhhbXBsZTg4Ni5jb22CDmV4YW1wbGU4ODcuY29tgg5leGFtcGxl +ODg4LmNvbYIOZXhhbXBsZTg4OS5jb22CDmV4YW1wbGU4OTAuY29tgg5leGFtcGxl +ODkxLmNvbYIOZXhhbXBsZTg5Mi5jb22CDmV4YW1wbGU4OTMuY29tgg5leGFtcGxl +ODk0LmNvbYIOZXhhbXBsZTg5NS5jb22CDmV4YW1wbGU4OTYuY29tgg5leGFtcGxl +ODk3LmNvbYIOZXhhbXBsZTg5OC5jb22CDmV4YW1wbGU4OTkuY29tgg5leGFtcGxl +OTAwLmNvbYIOZXhhbXBsZTkwMS5jb22CDmV4YW1wbGU5MDIuY29tgg5leGFtcGxl +OTAzLmNvbYIOZXhhbXBsZTkwNC5jb22CDmV4YW1wbGU5MDUuY29tgg5leGFtcGxl +OTA2LmNvbYIOZXhhbXBsZTkwNy5jb22CDmV4YW1wbGU5MDguY29tgg5leGFtcGxl +OTA5LmNvbYIOZXhhbXBsZTkxMC5jb22CDmV4YW1wbGU5MTEuY29tgg5leGFtcGxl +OTEyLmNvbYIOZXhhbXBsZTkxMy5jb22CDmV4YW1wbGU5MTQuY29tgg5leGFtcGxl +OTE1LmNvbYIOZXhhbXBsZTkxNi5jb22CDmV4YW1wbGU5MTcuY29tgg5leGFtcGxl +OTE4LmNvbYIOZXhhbXBsZTkxOS5jb22CDmV4YW1wbGU5MjAuY29tgg5leGFtcGxl +OTIxLmNvbYIOZXhhbXBsZTkyMi5jb22CDmV4YW1wbGU5MjMuY29tgg5leGFtcGxl +OTI0LmNvbYIOZXhhbXBsZTkyNS5jb22CDmV4YW1wbGU5MjYuY29tgg5leGFtcGxl +OTI3LmNvbYIOZXhhbXBsZTkyOC5jb22CDmV4YW1wbGU5MjkuY29tgg5leGFtcGxl +OTMwLmNvbYIOZXhhbXBsZTkzMS5jb22CDmV4YW1wbGU5MzIuY29tgg5leGFtcGxl +OTMzLmNvbYIOZXhhbXBsZTkzNC5jb22CDmV4YW1wbGU5MzUuY29tgg5leGFtcGxl +OTM2LmNvbYIOZXhhbXBsZTkzNy5jb22CDmV4YW1wbGU5MzguY29tgg5leGFtcGxl +OTM5LmNvbYIOZXhhbXBsZTk0MC5jb22CDmV4YW1wbGU5NDEuY29tgg5leGFtcGxl +OTQyLmNvbYIOZXhhbXBsZTk0My5jb22CDmV4YW1wbGU5NDQuY29tgg5leGFtcGxl +OTQ1LmNvbYIOZXhhbXBsZTk0Ni5jb22CDmV4YW1wbGU5NDcuY29tgg5leGFtcGxl +OTQ4LmNvbYIOZXhhbXBsZTk0OS5jb22CDmV4YW1wbGU5NTAuY29tgg5leGFtcGxl +OTUxLmNvbYIOZXhhbXBsZTk1Mi5jb22CDmV4YW1wbGU5NTMuY29tgg5leGFtcGxl +OTU0LmNvbYIOZXhhbXBsZTk1NS5jb22CDmV4YW1wbGU5NTYuY29tgg5leGFtcGxl +OTU3LmNvbYIOZXhhbXBsZTk1OC5jb22CDmV4YW1wbGU5NTkuY29tgg5leGFtcGxl +OTYwLmNvbYIOZXhhbXBsZTk2MS5jb22CDmV4YW1wbGU5NjIuY29tgg5leGFtcGxl +OTYzLmNvbYIOZXhhbXBsZTk2NC5jb22CDmV4YW1wbGU5NjUuY29tgg5leGFtcGxl +OTY2LmNvbYIOZXhhbXBsZTk2Ny5jb22CDmV4YW1wbGU5NjguY29tgg5leGFtcGxl +OTY5LmNvbYIOZXhhbXBsZTk3MC5jb22CDmV4YW1wbGU5NzEuY29tgg5leGFtcGxl +OTcyLmNvbYIOZXhhbXBsZTk3My5jb22CDmV4YW1wbGU5NzQuY29tgg5leGFtcGxl +OTc1LmNvbYIOZXhhbXBsZTk3Ni5jb22CDmV4YW1wbGU5NzcuY29tgg5leGFtcGxl +OTc4LmNvbYIOZXhhbXBsZTk3OS5jb22CDmV4YW1wbGU5ODAuY29tgg5leGFtcGxl +OTgxLmNvbYIOZXhhbXBsZTk4Mi5jb22CDmV4YW1wbGU5ODMuY29tgg5leGFtcGxl +OTg0LmNvbYIOZXhhbXBsZTk4NS5jb22CDmV4YW1wbGU5ODYuY29tgg5leGFtcGxl +OTg3LmNvbYIOZXhhbXBsZTk4OC5jb22CDmV4YW1wbGU5ODkuY29tgg5leGFtcGxl +OTkwLmNvbYIOZXhhbXBsZTk5MS5jb22CDmV4YW1wbGU5OTIuY29tgg5leGFtcGxl +OTkzLmNvbYIOZXhhbXBsZTk5NC5jb22CDmV4YW1wbGU5OTUuY29tgg5leGFtcGxl +OTk2LmNvbYIOZXhhbXBsZTk5Ny5jb22CDmV4YW1wbGU5OTguY29tgg5leGFtcGxl +OTk5LmNvbYIPZXhhbXBsZTEwMDAuY29tgg9leGFtcGxlMTAwMS5jb22CD2V4YW1w +bGUxMDAyLmNvbYIPZXhhbXBsZTEwMDMuY29tgg9leGFtcGxlMTAwNC5jb22CD2V4 +YW1wbGUxMDA1LmNvbYIPZXhhbXBsZTEwMDYuY29tgg9leGFtcGxlMTAwNy5jb22C +D2V4YW1wbGUxMDA4LmNvbYIPZXhhbXBsZTEwMDkuY29tgg9leGFtcGxlMTAxMC5j +b22CD2V4YW1wbGUxMDExLmNvbYIPZXhhbXBsZTEwMTIuY29tgg9leGFtcGxlMTAx +My5jb22CD2V4YW1wbGUxMDE0LmNvbYIPZXhhbXBsZTEwMTUuY29tgg9leGFtcGxl +MTAxNi5jb22CD2V4YW1wbGUxMDE3LmNvbYIPZXhhbXBsZTEwMTguY29tgg9leGFt +cGxlMTAxOS5jb22CD2V4YW1wbGUxMDIwLmNvbYIPZXhhbXBsZTEwMjEuY29tgg9l +eGFtcGxlMTAyMi5jb22CD2V4YW1wbGUxMDIzLmNvbYIPZXhhbXBsZTEwMjQuY29t +gg9leGFtcGxlMTAyNS5jb22CD2V4YW1wbGUxMDI2LmNvbYIPZXhhbXBsZTEwMjcu +Y29tgg9leGFtcGxlMTAyOC5jb22CD2V4YW1wbGUxMDI5LmNvbYIPZXhhbXBsZTEw +MzAuY29tgg9leGFtcGxlMTAzMS5jb22CD2V4YW1wbGUxMDMyLmNvbYIPZXhhbXBs +ZTEwMzMuY29tgg9leGFtcGxlMTAzNC5jb22CD2V4YW1wbGUxMDM1LmNvbYIPZXhh +bXBsZTEwMzYuY29tgg9leGFtcGxlMTAzNy5jb22CD2V4YW1wbGUxMDM4LmNvbYIP +ZXhhbXBsZTEwMzkuY29tgg9leGFtcGxlMTA0MC5jb22CD2V4YW1wbGUxMDQxLmNv +bYIPZXhhbXBsZTEwNDIuY29tgg9leGFtcGxlMTA0My5jb22CD2V4YW1wbGUxMDQ0 +LmNvbYIPZXhhbXBsZTEwNDUuY29tgg9leGFtcGxlMTA0Ni5jb22CD2V4YW1wbGUx +MDQ3LmNvbYIPZXhhbXBsZTEwNDguY29tgg9leGFtcGxlMTA0OS5jb22CD2V4YW1w +bGUxMDUwLmNvbTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwDQYJKoZI +hvcNAQELBQADggEBAAafsXELXxtWZERkGxkH1a6sXrqD9xdMUIu/Bf8QAKePLOLX +VbJeGNW9UHCKA5jntP4BKP86/b+43KF3g8qMyphS9DBTvOZ+rbRe8z3K6ouTi4Cv +4jxL0ej4QINeIEbNAC5GqVkSHnVB0ul5drsIXHEAHi72BTkSlFHOU0umlL99O8UG +R++z7qkXJWjrHkUA7zVIS4pRne80AtDVd3WB3lCmG/hs9p8Dj7igUGfaQYF1T6uK +zkgpT2PCjvVfXadTG9FTqe+MEkjOwpUqClJ0SS1Et7KF56Q++FdFx7msammI2SC+ +XrBKQPqYZviTlK1YepjwtXe1SxasL7tjabJuIyU= +-----END CERTIFICATE----- diff --git a/certs/test/cert-over-max-nc.cfg b/certs/test/cert-over-max-nc.cfg new file mode 100644 index 0000000000..21bdebeabf --- /dev/null +++ b/certs/test/cert-over-max-nc.cfg @@ -0,0 +1,61 @@ +[ req ] +default_bits = 2048 +prompt = no +distinguished_name = dn +x509_extensions = extensions + +[ dn ] +C = US +ST = Montana +L = Bozeman +O = wolfSSL Inc +OU = Engineering +CN = www.wolfssl.com + +[ extensions ] +basicConstraints=critical,CA:true +nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;\ +DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;\ +DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;\ +DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;\ +DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;\ +DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;\ +DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;\ +DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;\ +DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;\ +DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;\ +DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;\ +DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;\ +DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;\ +DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;\ +DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;\ +DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;\ +DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;\ +DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;\ +DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;\ +DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;\ +DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;\ +DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;\ +DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;\ +DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;\ +DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;\ +DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;\ +DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;\ +DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;\ +DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;\ +DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;\ +DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;\ +DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;\ +DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;\ +DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;\ +DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;\ +DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;\ +DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;\ +DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;\ +DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;\ +DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;\ +DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;\ +DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;\ +DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;\ +DNS:.ex129.com,permitted;DNS:.ex130.com + diff --git a/certs/test/cert-over-max-nc.der b/certs/test/cert-over-max-nc.der new file mode 100644 index 0000000000..1d0c740b71 Binary files /dev/null and b/certs/test/cert-over-max-nc.der differ diff --git a/certs/test/cert-over-max-nc.pem b/certs/test/cert-over-max-nc.pem new file mode 100644 index 0000000000..8e42d53fac --- /dev/null +++ b/certs/test/cert-over-max-nc.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIKWDCCCUCgAwIBAgIUYdELMUH7vrK6aNntrMnvR+5sZ7UwDQYJKoZIhvcNAQEL +BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcwODA2MzQwNFoXDTI3 +MDQwNDA2MzQwNFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO +BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF +bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY +06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGL +YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc +OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+ +Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+ +k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4IG2jCC +BtYwDwYDVR0TAQH/BAUwAwEB/zCCBsEGA1UdHgSCBrgwgga0oIIGsDAKggguZXgx +LmNvbTAKggguZXgyLmNvbTAKggguZXgzLmNvbTAKggguZXg0LmNvbTAKggguZXg1 +LmNvbTAKggguZXg2LmNvbTAKggguZXg3LmNvbTAKggguZXg4LmNvbTAKggguZXg5 +LmNvbTALggkuZXgxMC5jb20wC4IJLmV4MTEuY29tMAuCCS5leDEyLmNvbTALggku +ZXgxMy5jb20wC4IJLmV4MTQuY29tMAuCCS5leDE1LmNvbTALggkuZXgxNi5jb20w +C4IJLmV4MTcuY29tMAuCCS5leDE4LmNvbTALggkuZXgxOS5jb20wC4IJLmV4MjAu +Y29tMAuCCS5leDIxLmNvbTALggkuZXgyMi5jb20wC4IJLmV4MjMuY29tMAuCCS5l +eDI0LmNvbTALggkuZXgyNS5jb20wC4IJLmV4MjYuY29tMAuCCS5leDI3LmNvbTAL +ggkuZXgyOC5jb20wC4IJLmV4MjkuY29tMAuCCS5leDMwLmNvbTALggkuZXgzMS5j +b20wC4IJLmV4MzIuY29tMAuCCS5leDMzLmNvbTALggkuZXgzNC5jb20wC4IJLmV4 +MzUuY29tMAuCCS5leDM2LmNvbTALggkuZXgzNy5jb20wC4IJLmV4MzguY29tMAuC +CS5leDM5LmNvbTALggkuZXg0MC5jb20wC4IJLmV4NDEuY29tMAuCCS5leDQyLmNv +bTALggkuZXg0My5jb20wC4IJLmV4NDQuY29tMAuCCS5leDQ1LmNvbTALggkuZXg0 +Ni5jb20wC4IJLmV4NDcuY29tMAuCCS5leDQ4LmNvbTALggkuZXg0OS5jb20wC4IJ +LmV4NTAuY29tMAuCCS5leDUxLmNvbTALggkuZXg1Mi5jb20wC4IJLmV4NTMuY29t +MAuCCS5leDU0LmNvbTALggkuZXg1NS5jb20wC4IJLmV4NTYuY29tMAuCCS5leDU3 +LmNvbTALggkuZXg1OC5jb20wC4IJLmV4NTkuY29tMAuCCS5leDYwLmNvbTALggku +ZXg2MS5jb20wC4IJLmV4NjIuY29tMAuCCS5leDYzLmNvbTALggkuZXg2NC5jb20w +C4IJLmV4NjUuY29tMAuCCS5leDY2LmNvbTALggkuZXg2Ny5jb20wC4IJLmV4Njgu +Y29tMAuCCS5leDY5LmNvbTALggkuZXg3MC5jb20wC4IJLmV4NzEuY29tMAuCCS5l +eDcyLmNvbTALggkuZXg3My5jb20wC4IJLmV4NzQuY29tMAuCCS5leDc1LmNvbTAL +ggkuZXg3Ni5jb20wC4IJLmV4NzcuY29tMAuCCS5leDc4LmNvbTALggkuZXg3OS5j +b20wC4IJLmV4ODAuY29tMAuCCS5leDgxLmNvbTALggkuZXg4Mi5jb20wC4IJLmV4 +ODMuY29tMAuCCS5leDg0LmNvbTALggkuZXg4NS5jb20wC4IJLmV4ODYuY29tMAuC +CS5leDg3LmNvbTALggkuZXg4OC5jb20wC4IJLmV4ODkuY29tMAuCCS5leDkwLmNv +bTALggkuZXg5MS5jb20wC4IJLmV4OTIuY29tMAuCCS5leDkzLmNvbTALggkuZXg5 +NC5jb20wC4IJLmV4OTUuY29tMAuCCS5leDk2LmNvbTALggkuZXg5Ny5jb20wC4IJ +LmV4OTguY29tMAuCCS5leDk5LmNvbTAMggouZXgxMDAuY29tMAyCCi5leDEwMS5j +b20wDIIKLmV4MTAyLmNvbTAMggouZXgxMDMuY29tMAyCCi5leDEwNC5jb20wDIIK +LmV4MTA1LmNvbTAMggouZXgxMDYuY29tMAyCCi5leDEwNy5jb20wDIIKLmV4MTA4 +LmNvbTAMggouZXgxMDkuY29tMAyCCi5leDExMC5jb20wDIIKLmV4MTExLmNvbTAM +ggouZXgxMTIuY29tMAyCCi5leDExMy5jb20wDIIKLmV4MTE0LmNvbTAMggouZXgx +MTUuY29tMAyCCi5leDExNi5jb20wDIIKLmV4MTE3LmNvbTAMggouZXgxMTguY29t +MAyCCi5leDExOS5jb20wDIIKLmV4MTIwLmNvbTAMggouZXgxMjEuY29tMAyCCi5l +eDEyMi5jb20wDIIKLmV4MTIzLmNvbTAMggouZXgxMjQuY29tMAyCCi5leDEyNS5j +b20wDIIKLmV4MTI2LmNvbTAMggouZXgxMjcuY29tMAyCCi5leDEyOC5jb20wDIIK +LmV4MTI5LmNvbTAMggouZXgxMzAuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCvchQQ +uZ5TEwvxjK/qdHuyOJISaodU5kDalvZz8dyt28HuU+cVyof4D4IS1KwS3RtlPXXP +EOWEzDVEGKKE3DeFyiNT7VZa4ImnXvleJj+GxhDJJ1OQY/DLZDuwtSgn684QPPzI +HTJxjtQ8NEbFCa5dZc819CXsiz0YTKrDxOHysFPmroAKvjBUNiwCp/IIJOalIMIx +loV0tsxD2gmLuvZfHOVyaM8TrX/iq1EYxcF/QRtcAHC8H2gDfgwEkVVfhGBPXc/D +c/cT89HeX5N0lv4+VQaclVMB6viKjMmvIA7Xg8CMOURFUt909SoGFGLnRcBoSH3i +UpV7rICJ6+OGc1KT +-----END CERTIFICATE----- diff --git a/certs/test/gen-ext-certs.sh b/certs/test/gen-ext-certs.sh index badb1b4d32..65e8caca5c 100755 --- a/certs/test/gen-ext-certs.sh +++ b/certs/test/gen-ext-certs.sh @@ -311,3 +311,1148 @@ authorityKeyIdentifier = keyid:always,issuer:always EOF gen_cert +OUT=certs/test/cert-over-max-nc +KEYFILE=certs/ca-key.der +CONFIG=certs/test/cert-over-max-nc.cfg +tee >$CONFIG <$CONFIG <]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ]) @@ -1113,8 +1210,7 @@ AC_ARG_WITH([liboqs], # KYBER # Used: -# - SHA3, Shake128 and Shake256, or -# - SHA256, SHA512, AES-CTR +# - SHA3, Shake128 and Shake256 AC_ARG_ENABLE([kyber], [AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])], [ ENABLED_KYBER=$enableval ], @@ -1144,6 +1240,9 @@ do 1024) ENABLED_KYBER1024=yes ;; + ml-kem) + ENABLED_ML_KEM=yes + ;; *) AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.]) break;; @@ -1170,6 +1269,9 @@ then if test "$ENABLED_KYBER1024" = ""; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" fi + if test "$ENABLED_ML_KEM" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ML_KEM" + fi if test "$ENABLED_WC_KYBER" = "yes" then @@ -1179,6 +1281,100 @@ then fi fi +# Dilithium +# - SHA3, Shake128, Shake256 and AES-CTR +AC_ARG_ENABLE([dilithium], + [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (requires --enable-experimental) (default: disabled)])], + [ ENABLED_DILITHIUM=$enableval ], + [ ENABLED_DILITHIUM=no ] + ) + +ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM +ENABLED_DILITHIUM_MAKE_KEY=no +ENABLED_DILITHIUM_SIGN=no +ENABLED_DILITHIUM_VERIFY=no +for v in `echo $ENABLED_DILITHIUM_OPTS | tr "," " "` +do + case $v in + yes) + ENABLED_MLDSA44=yes + ENABLED_MLDSA65=yes + ENABLED_MLDSA87=yes + ENABLED_DILITHIUM_MAKE_KEY=yes + ENABLED_DILITHIUM_SIGN=yes + ENABLED_DILITHIUM_VERIFY=yes + ;; + no) + ;; + all) + ENABLED_DILITHIUM_MAKE_KEY=yes + ENABLED_DILITHIUM_SIGN=yes + ENABLED_DILITHIUM_VERIFY=yes + ;; + make) + ENABLED_DILITHIUM_MAKE_KEY=yes + ;; + sign) + ENABLED_DILITHIUM_SIGN=yes + ;; + verify) + ENABLED_DILITHIUM_VERIFY=yes + ;; + verify-only) + ENABLED_DILITHIUM_MAKE_KEY=no + ENABLED_DILITHIUM_SIGN=no + ENABLED_DILITHIUM_VERIFY=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_VERIFY_ONLY" + ;; + small) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_SMALL" + ;; + 44) + ENABLED_MLDSA44=yes + ;; + 65) + ENABLED_MLDSA65=yes + ;; + 87) + ENABLED_MLDSA87=yes + ;; + *) + AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.]) + break;; + esac +done + +if test "$ENABLED_DILITHIUM" != "no" +then + AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ]) + AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM" + + if test "$ENABLED_MLDSA44" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44" + fi + if test "$ENABLED_MLDSA65" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_65" + fi + if test "$ENABLED_MLDSA87" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87" + fi + if test "$ENABLED_DILITHIUM_MAKE_KEY" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_MAKE_KEY" + fi + if test "$ENABLED_DILITHIUM_SIGN" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_SIGN" + fi + if test "$ENABLED_DILITHIUM_VERIFY" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_VERIFY" + fi + + if test "$ENABLED_LIBOQS" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_DILITHIUM" + test "$enable_sha3" = "" && enable_sha3=yes + test "$enable_shake128" = "" && enable_shake128=yes + test "$enable_shake256" = "" && enable_shake256=yes + fi +fi # XMSS AC_ARG_ENABLE([xmss], @@ -1187,7 +1383,6 @@ AC_ARG_ENABLE([xmss], [ ENABLED_XMSS=no ] ) -ENABLED_WC_XMSS=no for v in `echo $ENABLED_XMSS | tr "," " "` do case $v in @@ -1196,15 +1391,9 @@ do no) ;; verify-only) - XMSS_VERIFY_ONLY=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XMSS_VERIFY_ONLY -DXMSS_VERIFY_ONLY" ;; - wolfssl) - ENABLED_WC_XMSS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS" - ;; small) - ENABLED_WC_XMSS=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS_SMALL" ;; *) @@ -1213,20 +1402,6 @@ do esac done -if test "$ENABLED_XMSS" != "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS" - - if test "$ENABLED_WC_XMSS" = "no"; - then - # Default is to use hash-sigs XMSS lib. Make sure it's enabled. - if test "$ENABLED_LIBXMSS" = "no"; then - AC_MSG_ERROR([The default implementation for XMSS is the xmss-reference lib. - Please use --with-libxmss.]) - fi - fi -fi - # libxmss # Get the path to xmss-reference. ENABLED_LIBXMSS="no" @@ -1279,6 +1454,19 @@ AC_ARG_WITH([libxmss], [XMSS_ROOT=""] ) +if test "$ENABLED_XMSS" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS" + + # Use hash-sigs XMSS lib if enabled. + if test "$ENABLED_LIBXMSS" = "yes"; then + ENABLED_WC_XMSS=no + else + ENABLED_WC_XMSS=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS" + fi +fi + # LMS AC_ARG_ENABLE([lms], [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])], @@ -1286,7 +1474,6 @@ AC_ARG_ENABLE([lms], [ ENABLED_LMS=no ] ) -ENABLED_WC_LMS=no for v in `echo $ENABLED_LMS | tr "," " "` do case $v in @@ -1295,37 +1482,17 @@ do no) ;; verify-only) - LMS_VERIFY_ONLY=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY" ;; small) - ENABLED_WC_LMS=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL" ;; - wolfssl) - ENABLED_WC_LMS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS" - ;; *) AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.]) break;; esac done -if test "$ENABLED_LMS" != "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS" - - if test "$ENABLED_WC_LMS" = "no"; - then - # Default is to use hash-sigs LMS lib. Make sure it's enabled. - if test "$ENABLED_LIBLMS" = "no"; then - AC_MSG_ERROR([The default implementation for LMS is the hash-sigs LMS/HSS lib. - Please use --with-liblms.]) - fi - fi -fi - # liblms # Get the path to the hash-sigs LMS HSS lib. ENABLED_LIBLMS="no" @@ -1394,6 +1561,19 @@ AC_ARG_WITH([liblms], ] ) +if test "$ENABLED_LMS" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS" + + # Use hash-sigs LMS lib if enabled. + if test "$ENABLED_LIBLMS" = "yes"; then + ENABLED_WC_LMS=no + else + ENABLED_WC_LMS=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS" + fi +fi + # SINGLE THREADED AC_ARG_ENABLE([singlethreaded], [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])], @@ -1648,6 +1828,7 @@ AC_ARG_ENABLE([mcast], # OpenLDAP (--enable-openldap) # hitch (--enable-hitch) # memcached (--enable-memcached) +# Mosquitto (--enable-mosquitto) HAVE_MOSQUITTO # Bind DNS compatibility Build AC_ARG_ENABLE([bind], @@ -1711,12 +1892,25 @@ AC_ARG_ENABLE([openldap], [ ENABLED_OPENLDAP=no ] ) +# Mosquitto support +AC_ARG_ENABLE([mosquitto], + [AS_HELP_STRING([--enable-mosquitto],[Enable Mosquitto support (default: disabled)])], + [ ENABLED_MOSQUITTO=$enableval ], + [ ENABLED_MOSQUITTO=no ] + ) + +if test "x$ENABLED_MOSQUITTO" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_MOSQUITTO" +fi + # lighty Support AC_ARG_ENABLE([lighty], [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], [ ENABLED_LIGHTY=$enableval ], [ ENABLED_LIGHTY=no ] ) + # rsyslog Support AC_ARG_ENABLE([rsyslog], [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])], @@ -1804,7 +1998,7 @@ AC_ARG_ENABLE([ffmpeg], ) -#IP alternative name Support +# IP alternative name Support AC_ARG_ENABLE([ip-alt-name], [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])], [ ENABLE_IP_ALT_NAME=$enableval ], @@ -1816,7 +2010,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME" fi -#Qt Support +# QT Support AC_ARG_ENABLE([qt], [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])], [ ENABLED_QT=$enableval ], @@ -1874,9 +2068,9 @@ AC_ARG_ENABLE([opensslcoexist], if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" || test "$ENABLED_WOLFENGINE" = "yes" then - # make sure old names are disabled - enable_oldnames=no - + # make sure old names are disabled (except RNG) + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST" fi @@ -1976,7 +2170,7 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \ test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \ test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \ - test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" + test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes" then ENABLED_OPENSSLALL="yes" fi @@ -2766,7 +2960,7 @@ then esac AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]) ;; - armv7a*) + armv7a* | armv7l*) AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm" # Include options.h AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" @@ -2774,6 +2968,14 @@ then ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=yes AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon]) + if test "$ENABLED_FIPS" != "no" || + test "$HAVE_FIPS_VERSION_MAJOR" -ge 5; + then + # Use inline ASM with FIPS because of known "issue" with the + # assembly code + ENABLED_ARMASM_INLINE=yes + AC_MSG_NOTICE([32bit ARMv7-a found, setting inline for FIPS]) + fi ;; armv7m*) # QEMU doesn't work with armv7-m @@ -2784,6 +2986,14 @@ then ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=no AC_MSG_NOTICE([32bit ARMv7-m found]) + if test "$ENABLED_FIPS" != "no" || + test "$HAVE_FIPS_VERSION_MAJOR" -ge 5; + then + # Use inline ASM with FIPS because of known "issue" with the + # assembly code + ENABLED_ARMASM_INLINE=yes + AC_MSG_NOTICE([32bit ARMv7-m found, setting inline for FIPS]) + fi ;; armv6*) AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=6" @@ -2835,6 +3045,80 @@ if test "$ENABLED_ARMASM_INLINE" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_INLINE" fi +# RISC-V Assembly +AC_ARG_ENABLE([riscv-asm], + [AS_HELP_STRING([--enable-riscv-asm],[Enable wolfSSL RISC-V ASM support (default: disabled).])], + [ ENABLED_RISCV_ASM=$enableval ], + [ ENABLED_RISCV_ASM=no ] + ) +if test "$ENABLED_RISCV_ASM" != "no" && test "$ENABLED_ASM" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_ASM" + ENABLED_AESGCM_STREAM=no # not yet implemented + AC_MSG_NOTICE([64bit RISC-V assembly for AES]) +fi + +ENABLED_RISCV_ASM_OPTS=$ENABLED_RISCV_ASM +for v in `echo $ENABLED_RISCV_ASM_OPTS | tr "," " "` +do + case $v in + yes) + ;; + no) + ;; + zbkb) + # PACK, REV8 + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION" + ;; + zbb) + # REV8 + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION" + ;; + zbc|zbkc) + # CLMUL, CLMULH + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_CARRYLESS" + ;; + zkn|zkned) + # AES encrypt/decrpyt, SHA-2 + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM" + ;; + zv) + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR" + ;; + zvkg) + # VGMUL, VHHSH + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_GCM" + ;; + zvbc) + # VCLMUL, VCLMULH + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CARRYLESS" + ;; + zvbb|zvkb) + # VBREV8 + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION" + ;; + zvkned) + # Vector AES, SHA-2 + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CRYPTO_ASM" + ;; + *) + AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zv,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.]) + break + ;; + esac +done + + # Xilinx hardened crypto AC_ARG_ENABLE([xilinx], [AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])], @@ -2952,7 +3236,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWC_AES_C_DYNAMIC_FALLBACK" + AM_CFLAGS="$AM_CFLAGS -DWC_C_DYNAMIC_FALLBACK" fi if test "$CC" != "icc" then @@ -3296,11 +3580,6 @@ AC_ARG_ENABLE([nullcipher], [ ENABLED_NULL_CIPHER=no ] ) -if test "$ENABLED_OPENSSH" = "yes" -then - ENABLED_NULL_CIPHER="yes" -fi - if test "$ENABLED_NULL_CIPHER" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" @@ -3377,7 +3656,8 @@ fi # set sha3 default SHA3_DEFAULT=no -if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64") && test "$ENABLED_32BIT" = "no" +if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || + test "$host_cpu" = "amd64") then if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2 then @@ -3419,7 +3699,7 @@ AC_ARG_ENABLE([sha512], ) # options that don't require sha512 -if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes" +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes" then ENABLED_SHA512="no" fi @@ -3445,7 +3725,7 @@ AC_ARG_ENABLE([sha384], ) # options that don't require sha384 -if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes" +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes" then ENABLED_SHA384="no" fi @@ -3486,7 +3766,7 @@ AC_ARG_ENABLE([sessioncerts], if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ - test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" + test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes" then ENABLED_SESSIONCERTS=yes fi @@ -3503,7 +3783,7 @@ fi # KEY GENERATION AC_ARG_ENABLE([keygen], - [AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])], + [AS_HELP_STRING([--enable-keygen],[Enable key generation (only applies to RSA key generation) (default: disabled)])], [ ENABLED_KEYGEN=$enableval ], [ ENABLED_KEYGEN=no ] ) @@ -3626,15 +3906,6 @@ AC_ARG_ENABLE([srtp-kdf], [ ENABLED_SRTP_KDF=$enableval ], [ ENABLED_SRTP_KDF=no ] ) -if test "$ENABLED_SRTP" = "yes" -then - ENABLED_SRTP_KDF="yes" -fi -if test "$ENABLED_SRTP_KDF" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT" -fi - # DSA AC_ARG_ENABLE([dsa], @@ -3736,36 +4007,20 @@ then ENABLED_ECCCUSTCURVES="all" fi -if test "$ENABLED_ECCCUSTCURVES" != "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES" - - # For distro, all or ecccustcurves=all builds, enable all curve types - if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all" - then - # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ" - - # Enable ECC Cofactor support - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH" - - # If fastmath enabled and on x86 use speedups - if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64" - then - AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521" - fi - fi -fi - # ECC Minimum Key Size -ENABLED_ECCMINSZ=224 AC_ARG_WITH([eccminsz], - [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])], + [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits non-FIPS / 192 bits with FIPS)])], + [ ENABLED_ECCMINSZ=$withval ], [ - ENABLED_ECCMINSZ=$withval - AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval" + if test "x$ENABLED_FIPS" = "xno" + then + ENABLED_ECCMINSZ=224 + else + ENABLED_ECCMINSZ=192 + fi ] ) +AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ" # Compressed Key AC_ARG_ENABLE([compkey], @@ -3840,6 +4095,17 @@ then ENABLED_CURVE25519=yes fi + if test "$ENABLED_CURVE25519" = "noasm" + then + AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64" + fi + + if test "$ENABLED_CURVE25519" = "yes" && test "$ENABLED_LINUXKM_DEFAULTS" = "yes" + then + ENABLED_CURVE25519=noasm + AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64" + fi + AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519" AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519" ENABLED_FEMATH=yes @@ -3876,25 +4142,6 @@ AC_ARG_ENABLE([curve448], [ ENABLED_CURVE448=no ] ) -if test "$ENABLED_CURVE448" != "no" -then - if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL" - ENABLED_CURVE448_SMALL=yes - ENABLED_CURVE448=yes - fi - - if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT" - ENABLED_CURVE448=yes - fi - - AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448" - ENABLED_FE448=yes -fi - # ED448 AC_ARG_ENABLE([ed448], [AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])], @@ -3907,50 +4154,6 @@ AC_ARG_ENABLE([ed448-stream], [ ENABLED_ED448_STREAM=no ] ) -if test "$ENABLED_ED448" != "no" && test "$ENABLED_32BIT" = "no" -then - if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DED448_SMALL" - ENABLED_ED448_SMALL=yes - ENABLED_CURVE448_SMALL=yes - ENABLED_ED448=yes - fi - - if test "$ENABLED_SHA512" = "no" - then - AC_MSG_ERROR([cannot enable ed448 without enabling sha512.]) - fi - if test "$HAVE_FIPS_VERSION" = 2 - then - AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode]) - fi - ENABLED_FE448=yes - ENABLED_GE448=yes - AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448" - - # EdDSA448 requires SHAKE256 which requires SHA-3 - if test "$ENABLED_SHA3" = "no" - then - ENABLED_SHA3=yes - fi - ENABLED_SHAKE256=yes - - ENABLED_CERTS=yes -fi - -if test "$ENABLED_ED448_STREAM" != "no" -then - if test "$ENABLED_ED448" = "no" - then - AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled]) - else - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" - fi -fi - - # FP ECC, Fixed Point cache ECC AC_ARG_ENABLE([fpecc], [AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])], @@ -4047,6 +4250,11 @@ AC_ARG_ENABLE([psk], [ ENABLED_PSK=no ] ) +if test "x$ENABLED_MOSQUITTO" = "xyes" +then + ENABLED_PSK=yes +fi + # Single PSK identity AC_ARG_ENABLE([psk-one-id], [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])], @@ -4541,43 +4749,52 @@ fi # ASN + # turn off asn, which means no certs, no rsa, no dsa, no ecc, # and no big int (unless dh is on) + +# turn off ASN if leanpsk on +if test "$ENABLED_LEANPSK" = "yes" +then + enable_asn=no +fi + AC_ARG_ENABLE([asn], [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])], [ ENABLED_ASN=$enableval ], [ ENABLED_ASN=yes ] ) -if test "$ENABLED_ASN" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" - enable_pwdbased=no -else - if test "$ENABLED_ASN" = "template"; then - ENABLED_ASN="yes" - fi - if test "$ENABLED_ASN" = "yes"; then +for v in `echo $ENABLED_ASN | tr "," " "` +do + case $v in + all) + # Enable all ASN features + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL" + ENABLED_ASN=yes + ;; + template | yes) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" - else - if test "$ENABLED_ASN" != "original"; then - AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.]) - fi - fi - - # turn off ASN if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT" + ENABLED_ASN=yes + ;; + original) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL" + ENABLED_ASN=yes + ;; + nocrypt) + AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" + enable_pwdbased=no + ;; + no) + AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" + enable_pwdbased=no ENABLED_ASN=no - else - if test "$ENABLED_ASN" = "nocrypt" - then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" - enable_pwdbased=no - fi - fi -fi + ;; + *) + AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.]) + break;; +esac +done if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \ test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no" @@ -4590,11 +4807,6 @@ then AC_MSG_ERROR([please disable dsa if disabling asn.]) fi -if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno" -then - AC_MSG_ERROR([please disable ecc if disabling asn.]) -fi - # No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint) if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \ test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \ @@ -4857,91 +5069,331 @@ then fi -# SipHash -AC_ARG_ENABLE([siphash], - [AS_HELP_STRING([--enable-siphash],[Enable SipHash (default: disabled)])], - [ ENABLED_SIPHASH=$enableval ], - [ ENABLED_SIPHASH=no ] - ) +# SipHash +AC_ARG_ENABLE([siphash], + [AS_HELP_STRING([--enable-siphash],[Enable SipHash (default: disabled)])], + [ ENABLED_SIPHASH=$enableval ], + [ ENABLED_SIPHASH=no ] + ) + +AS_IF([test "x$ENABLED_SIPHASH" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"]) + + +# CMAC +AC_ARG_ENABLE([cmac], + [AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])], + [ ENABLED_CMAC=$enableval ], + [ ENABLED_CMAC=no ] + ) + +if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes" +then + ENABLED_CMAC=yes +fi + +AS_IF([test "x$ENABLED_CMAC" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"]) + + +# AES-XTS +AC_ARG_ENABLE([aesxts], + [AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])], + [ ENABLED_AESXTS=$enableval ], + [ ENABLED_AESXTS=no ] + ) + +AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_ARMASM" = "no"], + [ ENABLED_AESXTS_STREAM_DEFAULT=yes ], + [ ENABLED_AESXTS_STREAM_DEFAULT=no ] + ) + +AC_ARG_ENABLE([aesxts-stream], + [AS_HELP_STRING([--enable-aesxts-stream],[Enable wolfSSL AES-XTS support with streaming APIs (default: disabled)])], + [ ENABLED_AESXTS_STREAM=$enableval ], + [ ENABLED_AESXTS_STREAM=$ENABLED_AESXTS_STREAM_DEFAULT ] + ) + +# legacy old option name, for compatibility: +AC_ARG_ENABLE([xts], + [AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])], + [ ENABLED_AESXTS=$enableval ] + ) + +# Web Server Build +AC_ARG_ENABLE([webserver], + [AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])], + [ ENABLED_WEBSERVER=$enableval ], + [ ENABLED_WEBSERVER=no ] + ) + +if test "$ENABLED_WEBSERVER" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER" +fi + +# Web Client Build (HTTP Client) +AC_ARG_ENABLE([webclient], + [AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])], + [ ENABLED_WEBCLIENT=$enableval ], + [ ENABLED_WEBCLIENT=no ] + ) + +if test "$ENABLED_WEBCLIENT" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT" +fi + +# RC2 +AC_ARG_ENABLE([rc2], + [AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])], + [ ENABLED_RC2=$enableval ], + [ ENABLED_RC2=no ] + ) + +if test "$ENABLED_RC2" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWC_RC2" +fi + +# CUDA +AC_ARG_ENABLE([cuda], + [AS_HELP_STRING([--enable-cuda],[Enable NVidia CUDA support (default: disabled)])], + [ ENABLED_CUDA=$enableval ], + [ ENABLED_CUDA=no ] + ) + +if test "$ENABLED_CUDA" = "yes" +then + CC=nvcc + AM_CFLAGS="$AM_CFLAGS -DWC_CUDA -DHAVE_CUDA" +fi + +# Certificate Service Support (CFLAG sections later) keep above FIPS section +AC_ARG_ENABLE([certservice], + [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])], + [ ENABLED_CERT_SERVICE=$enableval ], + [ ENABLED_CERT_SERVICE=no ] + ) + +# PWDBASED (CFLAG sections later) keep above FIPS section +AC_ARG_ENABLE([pwdbased], + [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])], + [ ENABLED_PWDBASED=$enableval ], + [ ENABLED_PWDBASED=no ] + ) + +# MemUse Entropy +# wolfEntropy Software Jitter SP800-90B certifiable entropy source +AC_ARG_ENABLE([wolfEntropy], + [AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])], + [ ENABLED_ENTROPY_MEMUSE=$enableval ], + [ ENABLED_ENTROPY_MEMUSE=no ] + ) +AC_ARG_ENABLE([entropy-memuse], + [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])], + [ ENABLED_ENTROPY_MEMUSE=$enableval ], + [ ENABLED_ENTROPY_MEMUSE=no ] + ) + +# AES key wrap +AC_ARG_ENABLE([aeskeywrap], + [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])], + [ ENABLED_AESKEYWRAP=$enableval ], + [ ENABLED_AESKEYWRAP=no ] + ) + +# FIPS feature and macro setup +AS_CASE([$FIPS_VERSION], + [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF + AM_CFLAGS="$AM_CFLAGS \ + -DHAVE_FIPS \ + -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ + -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \ + -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ + -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \ + -DHAVE_ECC_CDH \ + -DWC_RSA_NO_PADDING \ + -DECC_USER_CURVES \ + -DHAVE_ECC384 \ + -DHAVE_ECC521 \ + -DWOLFSSL_VALIDATE_FFC_IMPORT \ + -DHAVE_FFDHE_Q \ + -DHAVE_FFDHE_3072 \ + -DHAVE_FFDHE_4096 \ + -DHAVE_FFDHE_6144 \ + -DHAVE_FFDHE_8192" + + # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback + AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"], + [AM_CFLAGS="$AM_CFLAGS \ + -DWC_RNG_SEED_CB \ + -DWOLFSSL_ECDSA_SET_K \ + -DWOLFSSL_VALIDATE_ECC_IMPORT \ + -DWOLFSSL_VALIDATE_ECC_KEYGEN \ + -DHAVE_ECC192 \ + -DHAVE_ECC224 \ + -DHAVE_ECC256"]) + + DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 +# optimizations section + +# protocol section + AS_IF([test "$ENABLED_WOLFSSH" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")], + [enable_ssh="yes"]) + + AS_IF([test "$ENABLED_HKDF" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")], + [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) + + AS_IF([test "x$ENABLED_PWDBASED" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_pwdbased" != "no")], + [ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"]) + + AS_IF([test "x$ENABLED_SRTP" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_srtp" != "no")], + [ENABLED_SRTP="yes"]) + AS_IF([test "x$ENABLED_SRTP_KDF" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_srtp_kdf" != "no")], + [ENABLED_SRTP_KDF="yes"]) + +# public key section + AS_IF([test "$ENABLED_KEYGEN" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")], + [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"]) + +# AS_IF([test "$ENABLED_COMPKEY" = "yes" && +# (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")], +# [ENABLED_COMPKEY="yes"]) + + AS_IF([test "$ENABLED_RSAPSS" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")], + [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) + + AS_IF([test "$ENABLED_ECC" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")], + [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" + AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"], + [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) + + AS_IF([test "x$ENABLED_ED25519" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519" != "no")], + [ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"]) + AS_IF([test "$ENABLED_CURVE25519" = "no" && + (test "$FIPS_VERSION" != "dev" || test "$enable_curve25519" != "no")], + [ENABLED_CURVE25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"]) + + AS_IF([test "x$ENABLED_ED448" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ed448" != "no")], + [ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"]) + AS_IF([test "x$ENABLED_CURVE448" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_curve448" != "no")], + [ENABLED_CURVE448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"]) + + AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519_stream" != "no")], + [ENABLED_ED25519_STREAM="yes"]) + AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_ed448_stream" != "no")], + [ENABLED_ED448_STREAM="yes"]) + + AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" && + test "$FIPS_VERSION" != "dev"], + [ENABLED_ECCCUSTCURVES="no"]) + +# Hashing section + AS_IF([test "x$ENABLED_SHA3" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_sha3" != "no")], + [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"]) + + AS_IF([test "$ENABLED_SHA224" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")], + [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"]) + + AS_IF([test "$ENABLED_SHA512" = "no" && + (test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")], + [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) -AS_IF([test "x$ENABLED_SIPHASH" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"]) + # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" + # Shake128 because we're testing SHAKE256 + AS_IF([test "x$ENABLED_SHAKE128" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "no")], + [ENABLED_SHAKE128="yes"]) -# CMAC -AC_ARG_ENABLE([cmac], - [AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])], - [ ENABLED_CMAC=$enableval ], - [ ENABLED_CMAC=no ] - ) + # Shake256 mandated for ED448 + AS_IF([test "x$ENABLED_SHAKE256" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "no")], + [ENABLED_SHAKE256="yes"]) -if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes" -then - ENABLED_CMAC=yes -fi +# Aes section + AS_IF([test "$ENABLED_AESCCM" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")], + [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) -AS_IF([test "x$ENABLED_CMAC" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"]) + AS_IF([test "$ENABLED_AESCTR" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")], + [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) + AS_IF([test "$ENABLED_CMAC" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")], + [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) -# AES-XTS -AC_ARG_ENABLE([aesxts], - [AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])], - [ ENABLED_AESXTS=$enableval ], - [ ENABLED_AESXTS=no ] - ) + AS_IF([test "$ENABLED_AESGCM" = "no" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")], + [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"]) -# legacy old option name, for compatibility: -AC_ARG_ENABLE([xts], - [AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])], - [ ENABLED_AESXTS=$enableval ] - ) + # AES-GCM streaming is part of the v6 FIPS suite, but isn't implemented + # for armasm on arm-v7 or earlier (see armasm setup above). + AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") && + ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")], + [ENABLED_AESGCM_STREAM="yes"]) -# Web Server Build -AC_ARG_ENABLE([webserver], - [AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])], - [ ENABLED_WEBSERVER=$enableval ], - [ ENABLED_WEBSERVER=no ] - ) + AS_IF([test "x$ENABLED_AESOFB" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")], + [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"]) -if test "$ENABLED_WEBSERVER" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER" -fi + AS_IF([test "x$ENABLED_AESCFB" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aescfb" != "no")], + [ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"]) -# Web Client Build (HTTP Client) -AC_ARG_ENABLE([webclient], - [AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])], - [ ENABLED_WEBCLIENT=$enableval ], - [ ENABLED_WEBCLIENT=no ] - ) + AS_IF([test "x$ENABLED_AESXTS" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "no")], + [ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"]) + AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"], + [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"]) -if test "$ENABLED_WEBCLIENT" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT" -fi + AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") && + ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")], + [ENABLED_AESXTS_STREAM="yes"]) -# RC2 -AC_ARG_ENABLE([rc2], - [AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])], - [ ENABLED_RC2=$enableval ], - [ ENABLED_RC2=no ] - ) + AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") || + (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") || + (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") || + (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"]) -if test "$ENABLED_RC2" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWC_RC2" -fi + AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" && + (test "$FIPS_VERSION" != "dev" || test "$enable_aeskeywrap" != "no")], + [ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"]) +# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3 + AS_IF([test "$ENABLED_OLD_TLS" != "no"], + [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"]) -# FIPS feature and macro setup -AS_CASE([$FIPS_VERSION], - [v5*|ready|dev], [ # FIPS 140-3 + ], + [v5*], [ # FIPS 140-3 AM_CFLAGS="$AM_CFLAGS \ -DHAVE_FIPS \ -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ + -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \ -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ + -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \ -DHAVE_ECC_CDH \ -DWC_RSA_NO_PADDING \ -DECC_USER_CURVES \ @@ -4969,63 +5421,84 @@ AS_CASE([$FIPS_VERSION], # force various features to FIPS 140-3 defaults, unless overridden with dev: - AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")], + AS_IF([test "$ENABLED_KEYGEN" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")], [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"]) - AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")], + AS_IF([test "$ENABLED_COMPKEY" = "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")], [ENABLED_COMPKEY="no"]) - AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")], + AS_IF([test "$ENABLED_SHA224" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")], [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"]) - AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")], + AS_IF([test "$ENABLED_SHA3" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")], + [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"]) + + AS_IF([test "$ENABLED_WOLFSSH" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")], [enable_ssh="yes"]) - # Shake128 is a SHA-3 algorithm not in our FIPS algorithm list - AS_IF([test "$ENABLED_SHAKE128" != "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "yes")], + # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list + AS_IF([test "$ENABLED_SHAKE128" != "no" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")], [ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"]) - # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list - AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "yes")], + # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list + AS_IF([test "$ENABLED_SHAKE256" != "no" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")], [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"]) - # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list + # SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" - AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")], + AS_IF([test "$ENABLED_AESCCM" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")], [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) - AS_IF([test "$ENABLED_AESXTS" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "yes")], + AS_IF([test "$ENABLED_AESXTS" = "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")], [ENABLED_AESXTS="no"]) - AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")], + AS_IF([test "$ENABLED_RSAPSS" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")], [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) - AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")], + AS_IF([test "$ENABLED_ECC" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")], [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" - AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_eccshamir" != "no")], + AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")], [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) - AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")], + AS_IF([test "$ENABLED_AESCTR" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")], [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) - AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")], + AS_IF([test "$ENABLED_CMAC" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")], [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) - AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")], + AS_IF([test "$ENABLED_HKDF" != "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")], [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) AS_IF([test "$ENABLED_INTELASM" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) - AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")], + AS_IF([test "$ENABLED_SHA512" = "no" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")], [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) - AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")], + AS_IF([test "$ENABLED_AESGCM" = "no" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")], [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"]) - # AES-GCM streaming isn't part of the current FIPS suite. - AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "yes")], + # AES-GCM streaming isn't part of the v5 FIPS suite. + AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")], [ENABLED_AESGCM_STREAM="no"]) # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3 @@ -5033,7 +5506,8 @@ AS_CASE([$FIPS_VERSION], [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"]) AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2], - [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")], + [AS_IF([test "x$ENABLED_AESOFB" = "xno" && + (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")], [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])]) AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") || @@ -5048,7 +5522,9 @@ AS_CASE([$FIPS_VERSION], AM_CFLAGS="$AM_CFLAGS \ -DHAVE_FIPS \ -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ + -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \ -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ + -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \ -DWOLFSSL_KEY_GEN \ -DWOLFSSL_SHA224 \ -DWOLFSSL_AES_DIRECT \ @@ -5099,11 +5575,22 @@ AS_CASE([$FIPS_VERSION], ], ["rand"],[ - AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR" + AM_CFLAGS="$AM_CFLAGS \ + -DWOLFCRYPT_FIPS_RAND \ + -DHAVE_FIPS \ + -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ + -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \ + -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ + -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH" ], ["v1"],[ # FIPS 140-2, Cert 2425 - AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" + AM_CFLAGS="$AM_CFLAGS \ + -DHAVE_FIPS \ + -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ + -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \ + -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ + -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH" AS_IF([test "x$ENABLED_SHA512" = "xno"], [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) AS_IF([test "x$ENABLED_AESGCM" = "xno"], @@ -5114,7 +5601,7 @@ AS_CASE([$FIPS_VERSION], AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno" && test "$ENABLE_LINUXKM" = "no"], [AC_MSG_ERROR([FIPS requires Thread Local Storage])]) -AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev"], +AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev" && test "$FIPS_VERSION" != "v5-dev"], [AC_MSG_ERROR([FIPS is incompatible with nullcipher])]) # SELFTEST @@ -5145,7 +5632,6 @@ AS_CASE([$SELFTEST_VERSION], AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE" ]) - AS_IF([test "x$ENABLED_AESXTS" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"]) AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"], @@ -5153,18 +5639,115 @@ AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"], AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"], [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"]) +# ECC Custom Curves +if test "$ENABLED_ECCCUSTCURVES" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES" + + # For distro, all or ecccustcurves=all builds, enable all curve types + if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all" + then + # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ" + + # Enable ECC Cofactor support + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH" + + # If fastmath enabled and on x86 use speedups + if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64" + then + AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521" + fi + fi +fi + +# Curve448 +if test "$ENABLED_CURVE448" != "no" +then + if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL" + ENABLED_CURVE448_SMALL=yes + ENABLED_CURVE448=yes + fi + + if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT" + ENABLED_CURVE448=yes + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448" + ENABLED_FE448=yes +fi + +# Ed448 +if test "$ENABLED_ED448" != "no" +then + if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DED448_SMALL" + ENABLED_ED448_SMALL=yes + ENABLED_CURVE448_SMALL=yes + ENABLED_ED448=yes + fi + + if test "$ENABLED_SHA512" = "no" + then + AC_MSG_ERROR([cannot enable ed448 without enabling sha512.]) + fi + if test "x$HAVE_FIPS_VERSION" = "x2" + then + AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode]) + fi + ENABLED_FE448=yes + ENABLED_GE448=yes + AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448" + + # EdDSA448 requires SHAKE256 which requires SHA-3 + if test "$ENABLED_SHA3" = "no" + then + ENABLED_SHA3=yes + fi + ENABLED_SHAKE256=yes + + ENABLED_CERTS=yes +fi + +if test "$ENABLED_ED448_STREAM" != "no" +then + if test "$ENABLED_ED448" = "no" + then + AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled]) + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" + fi +fi + + +# SRTP-KDF +if test "$ENABLED_SRTP" = "yes" +then + ENABLED_SRTP_KDF="yes" +fi +if test "$ENABLED_SRTP_KDF" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT" +fi # Set SHA-3 flags -if test "$ENABLED_SHA3" != "no" && test "$ENABLED_32BIT" = "no" +if test "$ENABLED_SHA3" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3" fi # Set SHAKE128 flags -# FIPS does not support SHAKE 128 -AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE128="no"]) +# FIPS traditionally does not support SHAKE 128, v6 does +AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6], + [ENABLED_SHAKE128="no"]) -if test "$ENABLED_SHAKE128" != "no" && test "$ENABLED_32BIT" = "no" +if test "$ENABLED_SHAKE128" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE128" if test "$ENABLED_SHA3" = "no" @@ -5176,10 +5759,11 @@ else fi # Set SHAKE256 flags -# FIPS does not support SHAKE 256 -AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE256="no"]) +# FIPS traditionally does not support SHAKE 256, v6 does +AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6], + [ENABLED_SHAKE256="no"]) -if test "$ENABLED_SHAKE256" != "no" && test "$ENABLED_32BIT" = "no" +if test "$ENABLED_SHAKE256" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256" if test "$ENABLED_SHA3" = "no" @@ -5287,14 +5871,7 @@ else fi fi - -# MemUse Entropy -AC_ARG_ENABLE([entropy-memuse], - [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])], - [ ENABLED_ENTROPY_MEMUSE=$enableval ], - [ ENABLED_ENTROPY_MEMUSE=no ] - ) - +# MemUse Entropy (AKA wolfEntropy) if test "x$ENABLED_ENTROPY_MEMUSE" != "xno" then AM_CFLAGS="$AM_CFLAGS -DHAVE_ENTROPY_MEMUSE" @@ -5359,7 +5936,8 @@ fi # OCSP -if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" +if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \ + test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes" then test "$enable_ocsp" = "" && enable_ocsp=yes fi @@ -5391,7 +5969,9 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \ + test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \ + test "x$ENABLED_MOSQUITTO" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi @@ -5439,9 +6019,11 @@ AC_ARG_ENABLE([crl], [ ENABLED_CRL=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ - test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ - test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || \ + test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || \ + test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ + test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" || \ + test "x$ENABLED_MOSQUITTO" = "xyes" then ENABLED_CRL=yes fi @@ -5802,7 +6384,7 @@ then ENABLED_ENCRYPT_THEN_MAC=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA" # Check the ECC supported curves prereq - AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"], + AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"], [ENABLED_SUPPORTED_CURVES=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi @@ -6068,13 +6650,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER" fi - # Certificate Service Support -AC_ARG_ENABLE([certservice], - [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])], - [ ENABLED_CERT_SERVICE=$enableval ], - [ ENABLED_CERT_SERVICE=no ] - ) if test "$ENABLED_CERT_SERVICE" = "yes" then # Requires ecc,certgen, and opensslextra make sure on @@ -6223,6 +6799,12 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS" fi + if test "x$ENABLED_SESSIONCERTS" = "xno" + then + ENABLED_SESSIONCERTS="yes" + AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" + fi + # cert gen requires alt names ENABLED_ALTNAMES="yes" fi @@ -6641,7 +7223,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC" # Check the ECC supported curves prereq - AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes"], + AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no"], [ENABLED_SUPPORTED_CURVES=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi @@ -6966,13 +7548,6 @@ then fi # PWDBASED has to come after certservice since we want it on w/o explicit on -# PWDBASED -AC_ARG_ENABLE([pwdbased], - [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])], - [ ENABLED_PWDBASED=$enableval ], - [ ENABLED_PWDBASED=no ] - ) - if test "$ENABLED_PWDBASED" = "no" then if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \ @@ -7743,7 +8318,7 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM" ENABLED_SP_ARM64_ASM=yes ;; - *armv7a*) + *armv7a* | *armv7l*) if test "$ENABLED_ARMASM" = "no"; then AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm" fi @@ -7814,6 +8389,27 @@ AC_ARG_ENABLE([staticmemory], [ ENABLED_STATICMEMORY=no ] ) +for v in `echo $ENABLED_STATICMEMORY | tr "," " "` +do + case $v in + yes) + ;; + no) + ;; + small|lean) + ENABLED_STATICMEMORY=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_LEAN" + ;; + debug) + ENABLED_STATICMEMORY=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK" + ;; + *) + AC_MSG_ERROR([Invalid choice for staticmemory.]) + break;; + esac +done + if test "x$ENABLED_STATICMEMORY" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY" @@ -7992,14 +8588,8 @@ then fi -# AES key wrap -AC_ARG_ENABLE([aeskeywrap], - [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])], - [ ENABLED_AESKEYWRAP=$enableval ], - [ ENABLED_AESKEYWRAP=no ] - ) - -if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no" +if test "$ENABLED_WPAS" != "no" && + ( test "$ENABLED_FIPS" = "no" || test "x$FIPS_VERSION" = "xv6" ) then ENABLED_AESKEYWRAP="yes" fi @@ -8086,7 +8676,7 @@ fi AC_ARG_WITH([max-ecc-bits], [AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])], [WITH_MAX_ECC_BITS=$withval], - [WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"]) + ) if test -n "$WITH_MAX_ECC_BITS"; then if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then @@ -8117,7 +8707,7 @@ if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none" then AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER" - if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_FIPS" = "no"; then + if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_RISCV_ASM" = "no" && test "$ENABLED_FIPS" = "no"; then ENABLED_AESGCM_STREAM=yes fi @@ -8129,15 +8719,20 @@ then for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ') do case "$lkcapi_alg" in - all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL" ;; + all) test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.]) + AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL" ;; 'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.]) + test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;; 'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.]) + test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;; 'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.]) test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.]) + test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;; 'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.]) + test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.]) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;; *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;; esac @@ -8225,6 +8820,13 @@ AC_ARG_ENABLE([dual-alg-certs], AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ]) +# Adds functionality to support Raw Public Key (RPK) RFC7250 +AC_ARG_ENABLE([rpk], + [AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])], + [ ENABLED_RPK=$enableval ], + [ ENABLED_RPK=no ] + ) + # check if should run the trusted peer certs test # (for now checking both C_FLAGS and C_EXTRA_FLAGS) AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes]) @@ -8435,12 +9037,12 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \ test "$ENABLED_LIBWEBSOCKETS" = "yes" || \ test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \ test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \ - test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" + test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" then ENABLED_OPENSSLEXTRA="yes" fi -if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no" +if test "$ENABLED_ED25519" != "no" then if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" then @@ -8593,6 +9195,9 @@ AS_IF([test "x$ENABLED_SYS_CA_CERTS" = "xyes"], AS_IF([test "x$ENABLED_DUAL_ALG_CERTS" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DUAL_ALG_CERTS"]) +AS_IF([test "x$ENABLED_RPK" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DHAVE_RPK"]) + AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"]) @@ -8608,9 +9213,9 @@ AS_IF([test "x$ENABLED_CERTGEN" = "xyes"], AS_IF([test "x$ENABLED_CERTEXT" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"]) -AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"], +AS_IF([test "x$ENABLED_ED25519" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"]) -AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"], +AS_IF([test "x$ENABLED_ED25519" = "xyes"], [AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_ED25519"]) AS_IF([test "x$ENABLED_ED25519_SMALL" = "xyes"], @@ -8624,6 +9229,8 @@ AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"], AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"]) +AS_IF([test "x$ENABLED_MOSQUITTO" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"]) + if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY" @@ -8777,6 +9384,17 @@ then fi fi +if test "$ENABLED_AESXTS_STREAM" != "no" +then + if test "$ENABLED_AESXTS" = "no" + then + AC_MSG_ERROR([AES-XTS streaming enabled but AES-XTS is disabled]) + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESXTS_STREAM" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESXTS_STREAM" + fi +fi + if test "$ENABLED_IOTSAFE" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE" @@ -8795,7 +9413,6 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP" - AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=192" fi if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no" @@ -8931,7 +9548,10 @@ fi # For distro disable custom build options that interfere with symbol generation if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no" then - AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused" + if test "$ENABLED_CUDA" != "yes" + then + AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused" + fi if test "$ax_enable_debug" = "no" then AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [ @@ -9089,6 +9709,7 @@ AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"]) +AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"]) AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"]) AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"]) AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"]) @@ -9108,7 +9729,8 @@ AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENA AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_CURVE25519],[test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_CURVE25519_INTELASM],[test "$ENABLED_CURVE25519" != "noasm" && test "$ENABLED_INTELASM" = "yes"]) AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"]) @@ -9119,6 +9741,7 @@ AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -9136,6 +9759,7 @@ AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1]) AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 0]) AM_CONDITIONAL([BUILD_FIPS_RAND],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1]) AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5]) +AM_CONDITIONAL([BUILD_FIPS_V6],[test $HAVE_FIPS_VERSION -ge 6]) AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "$HAVE_FIPS_VERSION" -ge 2 ]) # BUILD_FIPS_CURRENT is for builds after cert 2425. AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -9215,6 +9839,7 @@ AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"]) AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"]) AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"]) AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"]) +AM_CONDITIONAL([BUILD_CUDA],[test "x$ENABLED_CUDA" = "xyes"]) AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" != "xno"]) AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"]) AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"]) @@ -9331,7 +9956,7 @@ rm -f $OPTION_FILE echo "/* wolfssl options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE -echo " * Copyright (C) 2006-2023 wolfSSL Inc." >> $OPTION_FILE +echo " * Copyright (C) 2006-2024 wolfSSL Inc." >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE echo " *" >> $OPTION_FILE @@ -9351,7 +9976,7 @@ echo "" >> $OPTION_FILE # note: cut requires an argument to exit with success. if colrm >/dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 > $OPTION_FILE echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE echo "" >> $OPTION_FILE +if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no" +then + support/gen-debug-trace-error-codes.sh || AC_MSG_ERROR([Header generation for debug-trace-errcodes failed.]) +fi + if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no" then SAVE_CFLAGS=$CFLAGS @@ -9531,13 +10161,16 @@ echo " * AES-CTR: $ENABLED_AESCTR" echo " * AES-CFB: $ENABLED_AESCFB" echo " * AES-OFB: $ENABLED_AESOFB" echo " * AES-XTS: $ENABLED_AESXTS" +echo " * AES-XTS streaming: $ENABLED_AESXTS_STREAM" echo " * AES-SIV: $ENABLED_AESSIV" echo " * AES-EAX: $ENABLED_AESEAX" echo " * AES Bitspliced: $ENABLED_AESBS" +echo " * AES Key Wrap: $ENABLED_AESKEYWRAP" echo " * ARIA: $ENABLED_ARIA" echo " * DES3: $ENABLED_DES3" echo " * DES3 TLS Suites: $ENABLED_DES3_TLS_SUITES" echo " * Camellia: $ENABLED_CAMELLIA" +echo " * CUDA: $ENABLED_CUDA" echo " * SM4-ECB: $ENABLED_SM4_ECB" echo " * SM4-CBC: $ENABLED_SM4_CBC" echo " * SM4-CTR: $ENABLED_SM4_CTR" @@ -9568,7 +10201,8 @@ echo " * certgencache: $ENABLED_certgencache" echo " * CHACHA: $ENABLED_CHACHA" echo " * XCHACHA: $ENABLED_XCHACHA" echo " * Hash DRBG: $ENABLED_HASHDRBG" -echo " * MmemUse Entropy: $ENABLED_ENTROPY_MEMUSE" +echo " * MmemUse Entropy:" +echo " * (AKA: wolfEntropy): $ENABLED_ENTROPY_MEMUSE" echo " * PWDBASED: $ENABLED_PWDBASED" echo " * Encrypted keys: $ENABLED_ENCKEYS" echo " * scrypt: $ENABLED_SCRYPT" @@ -9608,6 +10242,7 @@ echo " * XMSS_ROOT: $XMSS_ROOT" fi echo " * KYBER: $ENABLED_KYBER" echo " * KYBER wolfSSL impl: $ENABLED_WC_KYBER" +echo " * DILITHIUM: $ENABLED_DILITHIUM" echo " * ECCSI $ENABLED_ECCSI" echo " * SAKKE $ENABLED_SAKKE" echo " * ASN: $ENABLED_ASN" @@ -9637,6 +10272,7 @@ echo " * strongSwan: $ENABLED_STRONGSWAN" echo " * OpenLDAP: $ENABLED_OPENLDAP" echo " * hitch: $ENABLED_HITCH" echo " * memcached: $ENABLED_MEMCACHED" +echo " * Mosquitto $ENABLED_MOSQUITTO" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * DTLS v1.3: $ENABLED_DTLS13" @@ -9649,6 +10285,7 @@ echo " * TLS v1.0 (Old): $ENABLED_TLSV10" echo " * TLS v1.1 (Old): $ENABLED_OLD_TLS" echo " * TLS v1.2: $ENABLED_TLSV12" echo " * TLS v1.3: $ENABLED_TLS13" +echo " * RPK: $ENABLED_RPK" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * QUIC: $ENABLED_QUIC" @@ -9716,7 +10353,7 @@ fi echo " * ARM ASM: $ENABLED_ARMASM" echo " * ARM ASM SHA512/SHA3 Crypto $ENABLED_ARMASM_SHA3" echo " * ARM ASM SM3/SM4 Crypto $ENABLED_ARMASM_CRYPTO_SM4" -echo " * AES Key Wrap: $ENABLED_AESKEYWRAP" +echo " * RISC-V ASM $ENABLED_RISCV_ASM" echo " * Write duplicate: $ENABLED_WRITEDUP" echo " * Xilinx Hardware Acc.: $ENABLED_XILINX" echo " * Inline Code: $ENABLED_INLINE" @@ -9770,3 +10407,10 @@ if test "$MINGW_LIB_WARNING" = "yes" then AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.]) fi + +if test -n "$WITH_MAX_ECC_BITS"; then + if test "$WITH_MAX_ECC_BITS" -lt "$ENABLED_ECCMINSZ"; then + AC_MSG_ERROR([--with-max-ecc-bits argument ($WITH_MAX_ECC_BITS) must be greater than --with-eccminsz argument ($ENABLED_ECCMINSZ)]) + fi +fi + diff --git a/doc/dox_comments/header_files-ja/hmac.h b/doc/dox_comments/header_files-ja/hmac.h index 7202e3c07f..7a60f4eb2d 100644 --- a/doc/dox_comments/header_files-ja/hmac.h +++ b/doc/dox_comments/header_files-ja/hmac.h @@ -3,8 +3,8 @@ \brief この関数はHMACオブジェクトを初期化し、その暗号化タイプ、キー、およびHMACの長さを設定します。 \return 0 HMACオブジェクトの初期化に成功しました \return BAD_FUNC_ARG 入力タイプが無効な場合は返されます。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512 - \return MEMORY_E ハッシュに使用する構造体の割り当てメモリの割り当てがある場合 - \return HMAC_MIN_KEYLEN_E FIPS実装を使用するときに返されることがあり、指定されたキー長は最小許容FIPS規格よりも短いです。 + \return MEMORY_E ハッシュに使用する構造体の割り当てメモリの割り当てエラーがある場合 + \return HMAC_MIN_KEYLEN_E FIPS実装を使用するときに、指定されたキーがFIPS規格の最小許容(14バイト)よりも短い \param hmac 初期化するHMACオブジェクトへのポインタ \param type HMACオブジェクトを使用する暗号化方式を指定します。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512 \param key HMACオブジェクトを初期化するキーを含むバッファへのポインタ @@ -13,7 +13,7 @@ Hmac hmac; byte key[] = { // initialize with key to use for encryption }; if (wc_HmacSetKey(&hmac, MD5, key, sizeof(key)) != 0) { - // error initializing Hmac object + // error initializing Hmac object } \endcode \sa wc_HmacUpdate @@ -25,7 +25,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz); \ingroup HMAC \brief この関数は、HMACを使用して認証するメッセージを更新します。HMACオブジェクトがWC_HMACSETKEYで初期化された後に呼び出されるべきです。この関数は、ハッシュへのメッセージを更新するために複数回呼び出されることがあります。必要に応じてwc_hmacupdateを呼び出した後、最終認証済みメッセージタグを取得するためにwc_hmacfinalを呼び出す必要があります。 \return 0 認証するメッセージの更新に成功しました - \return MEMORY_E ハッシュアルゴリズムで使用するためにメモリを割り当てるエラーがある場合 + \return MEMORY_E ハッシュアルゴリズムで使用するためのメモリ割り当てエラーがある場合 \param hmac メッセージを更新するHMACオブジェクトへのポインタ \param msg 追加するメッセージを含むバッファへのポインタ _Example_ diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h index 49de5aa02d..bad010751e 100644 --- a/doc/dox_comments/header_files/ecc.h +++ b/doc/dox_comments/header_files/ecc.h @@ -1722,7 +1722,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); \param ctx pointer to the ecEncCtx for which to set the salt \param salt pointer to salt buffer - \param len length salt in bytes + \param sz length salt in bytes _Example_ \code @@ -1742,7 +1742,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); \sa wc_ecc_ctx_get_peer_salt */ -int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len); +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); /*! \ingroup ECC diff --git a/doc/dox_comments/header_files/hmac.h b/doc/dox_comments/header_files/hmac.h index a7c416828e..1db707a8b6 100644 --- a/doc/dox_comments/header_files/hmac.h +++ b/doc/dox_comments/header_files/hmac.h @@ -8,9 +8,9 @@ \return BAD_FUNC_ARG Returned if the input type is invalid (see type param) \return MEMORY_E Returned if there is an error allocating memory for the structure to use for hashing - \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation + \return HMAC_MIN_KEYLEN_E Returned when using a FIPS implementation and the key length specified is shorter than the minimum acceptable - FIPS standard + FIPS standard of 14 bytes \param hmac pointer to the Hmac object to initialize \param type type specifying which encryption method the Hmac object diff --git a/doc/dox_comments/header_files/kdf.h b/doc/dox_comments/header_files/kdf.h index 02088c75d7..145811bd0f 100644 --- a/doc/dox_comments/header_files/kdf.h +++ b/doc/dox_comments/header_files/kdf.h @@ -223,3 +223,39 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, */ int wc_SRTP_KDF_kdr_to_idx(word32 kdr); +/** + * \brief Performs the single-step key derivation function (KDF) as specified in + * SP800-56C option 1. + * + * \param [in] z The input keying material. + * \param [in] zSz The size of the input keying material. + * \param [in] fixedInfo The fixed information to be included in the KDF. + * \param [in] fixedInfoSz The size of the fixed information. + * \param [in] derivedSecretSz The desired size of the derived secret. + * \param [in] hashType The hash algorithm to be used in the KDF. + * \param [out] output The buffer to store the derived secret. + * \param [in] outputSz The size of the output buffer. + * + + * \return 0 if the KDF operation is successful, + * \return BAD_FUNC_ARG if the input parameters are invalid. + * \return negative error code if the KDF operation fails. + * + * _Example_ + \code + unsigned char z[32] = { ... }; + unsigned char fixedInfo[16] = { ... }; + unsigned char output[32]; + int ret; + + ret = wc_KDA_KDF_onestep(z, sizeof(z), fixedInfo, sizeof(fixedInfo), + sizeof(output), WC_HASH_TYPE_SHA256, output, sizeof(output)); + if (ret != 0) { + WOLFSSL_MSG("wc_KDA_KDF_onestep failed"); + } + \endcode + */ +int wc_KDA_KDF_onestep(const byte* z, word32 zSz, + const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz, + enum wc_HashType hashType, byte* output, word32 outputSz); + diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index 24594783da..02dbf4e41f 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -217,3 +217,195 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); \sa wolfSSL_Free */ int wolfSSL_MemoryPaddingSz(void); + +/*! + \ingroup Memory + + \brief This function is used to set aside static memory for a CTX. + Memory set aside is then used for the CTX’s lifetime and for any SSL objects created + from the CTX. By passing in a NULL ctx pointer and a wolfSSL_method_func function the creation + of the CTX itself will also use static memory. wolfSSL_method_func has the function signature + of WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);. + Passing in 0 for max makes it behave as if not set and no max concurrent use restrictions + is in place. + The flag value passed in determines how the memory is used and behavior while operating. + Available flags are the following. + + 0 - default general memory + + WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages. + Overrides general memory, so all memory in buffer passed in is used for IO. + WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two + buffers to themselves for their lifetime. + WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running. + + \return If successful, SSL_SUCCESS will be returned. + \return All unsuccessful return values will be less than 0 or equal to SSL_FAILURE. + + \param ctx address of pointer to a WOLFSSL_CTX structure. + \param method function to create protocol. (should be NULL if ctx is not also NULL) + \param buf memory to use for all operations. + \param sz size of memory buffer being passed in. + \param flag type of memory. + \param max max concurrent operations. + + _Example_ + \code + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + unsigned char IO[MAX]; + int IOSz = MAX; + int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS; + ... + // create ctx also using static memory, start with general memory to use + ctx = NULL: + ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex, memory, memorySz, 0, + MAX_CONCURRENT_HANDSHAKES); + if (ret != SSL_SUCCESS) { + // handle error case + } + // load in memory for use with IO + ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag, MAX_CONCURRENT_IO); + if (ret != SSL_SUCCESS) { + // handle error case + } + ... + \endcode + + \sa wolfSSL_CTX_new + \sa wolfSSL_CTX_is_static_memory + \sa wolfSSL_is_static_memory +*/ +int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method, + unsigned char* buf, unsigned int sz, int flag, int max); + +/*! + \ingroup Memory + + \brief This function does not change any of the connections behavior and is used only for + gathering information about the static memory usage. + + \return A value of 1 is returned if using static memory for the CTX is true. + \return 0 is returned if not using static memory. + + \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). + \param mem_stats structure to hold information about staic memory usage. + + _Example_ + \code + WOLFSSL_CTX* ctx; + int ret; + WOLFSSL_MEM_STATS mem_stats; + ... + //get information about static memory with CTX + + ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats); + + if (ret == 1) { + // handle case of is using static memory + // print out or inspect elements of mem_stats + } + + if (ret == 0) { + //handle case of ctx not using static memory + } + ... + \endcode + + \sa wolfSSL_CTX_new + \sa wolfSSL_CTX_load_static_memory + \sa wolfSSL_is_static_memory +*/ +int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats); + +/*! + \ingroup Memory + + \brief wolfSSL_is_static_memory is used to gather information about a SSL’s static + memory usage. The return value indicates if static memory is being used and + WOLFSSL_MEM_CONN_STATS will be filled out if and only if the flag WOLFMEM_TRACK_STATS was + passed to the parent CTX when loading in static memory. + + \return A value of 1 is returned if using static memory for the CTX is true. + \return 0 is returned if not using static memory. + + \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param mem_stats structure to contain static memory usage + + _Example_ + \code + WOLFSSL* ssl; + int ret; + WOLFSSL_MEM_CONN_STATS mem_stats; + + ... + + ret = wolfSSL_is_static_memory(ssl, mem_stats); + + if (ret == 1) { + // handle case when is static memory + // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag + } + ... + \endcode + + \sa wolfSSL_new + \sa wolfSSL_CTX_is_static_memory +*/ +int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); + +/*! + \ingroup Memory + + \brief This function is used to set aside static memory for wolfCrypt use. Memory can be + used by passing the created heap hint into functions. An example of this is when calling + wc_InitRng_ex. The flag value passed in determines how the memory is used and behavior + while operating, in general wolfCrypt operations will use memory from a WOLFMEM_GENERAL pool. + Available flags are the following. + + WOLFMEM_GENERAL - default general memory + + WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages. + Overrides general memory, so all memory in buffer passed in is used for IO. + WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two + buffers to themselves for their lifetime. + WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running + + \return If successful, 0 will be returned. + \return All unsuccessful return values will be less than 0. + + \param hint WOLFSSL_HEAP_HINT structure to use + \param buf memory to use for all operations. + \param sz size of memory buffer being passed in. + \param flag type of memory. + \param max max concurrent operations (handshakes, IO). + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; + ... + + // load in memory for use + + ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0); + if (ret != SSL_SUCCESS) { + // handle error case + } + ... + + ret = wc_InitRng_ex(&rng, hint, 0); + + // check ret value + \endcode + + \sa none +*/ +int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, + int flag, int max); diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 7569daf4c1..bdf1d49f02 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -4040,8 +4040,8 @@ int wolfSSL_session_reused(WOLFSSL* ssl); \return 0 returned if the connection is not established, i.e. the WOLFSSL struct is NULL or the handshake is not done. - \return 1 returned if the connection is not established i.e. the WOLFSSL - struct is null or the handshake is not done. + \return 1 returned if the connection is established i.e. the WOLFSSL + handshake is done. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). @@ -10197,7 +10197,7 @@ int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm, \sa wolfSSL_CertManagerSetOCSPOverrideURL \sa wolfSSL_CertManagerCheckOCSP \sa wolfSSL_CertManagerEnableOCSPStapling - \sa wolfSSL_ENableOCSP + \sa wolfSSL_EnableOCSP \sa wolfSSL_DisableOCSP \sa wolfSSL_SetOCSP_Cb */ @@ -10356,7 +10356,13 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor); int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb); /*! - \brief This function enables OCSP certificate verification. + \brief This function enables OCSP certificate verification. The value of + options if formed by or’ing one or more of the following options: + WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in + certificates. The override URL is specified using the + wolfSSL_CTX_SetOCSP_OverrideURL() function. + WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on + WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests \return SSL_SUCCESS returned if the function and subroutines executes without errors. @@ -10611,10 +10617,13 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); \brief This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: - WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - - use the override URL instead of the URL in certificates. The override URL - is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This - function only sets the OCSP options when wolfSSL has been compiled with + WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in + certificates. The override URL is specified using the + wolfSSL_CTX_SetOCSP_OverrideURL() function. + WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on + WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests + + This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (--enable-ocsp, #define HAVE_OCSP). \return SSL_SUCCESS is returned upon success. @@ -10627,12 +10636,17 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); _Example_ \code - WOLFSSL_CTX* ctx = 0; - ... - wolfSSL_CTX_OCSP_set_options(ctx, WOLFSSL_OCSP_ENABLE); + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); + int options; // initialize to option constant + … + int ret = wolfSSL_CTX_EnableOCSP(ctx, options); + if(ret != SSL_SUCCESS){ + // OCSP is not enabled + } \endcode - \sa wolfSSL_CTX_OCSP_set_override_url + \sa wolfSSL_CertManagerEnableOCSP + \sa wolfSSL_EnableOCSP */ int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options); diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c index 57d38d1157..92a0a19528 100644 --- a/examples/asn1/asn1.c +++ b/examples/asn1/asn1.c @@ -1,6 +1,6 @@ /* asn1.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -73,6 +73,11 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen) while ((read_len = fread(data + len, 1, DATA_INC_LEN, fp)) != 0) { unsigned char* p; + if (ferror(fp)) { + free(data); + return IO_FAILED_E; + } + /* Add read data amount to length. */ len += (word32)read_len; @@ -133,6 +138,7 @@ static int PrintDer(FILE* fp) return ret; } +#ifndef NO_CODING /* Print ASN.1 of a file containing Base64 encoding of BER/DER data. * * @param [in] fp File pointer to read from. @@ -279,6 +285,7 @@ static int PrintPem(FILE* fp, int pem_skip) return ret; } +#endif /* Usage lines to show. */ const char* usage[] = { @@ -288,7 +295,9 @@ const char* usage[] = { "Options:", " -?, --help display this help and exit", " -b, --branch draw branches before tag name", +#ifndef NO_CODING " -B, --base64 file contents are Base64 encoded", +#endif " -d, --dump show all ASN.1 item data as a hex dump", " -h, --headers show all ASN.1 item headers as a hex dump", " -i, --indent indent tag name with depth", @@ -297,7 +306,9 @@ const char* usage[] = { " -N, --no-dump-text do not show data as a hex dump text", " -o, --offset OFFSET start decoding from offset", " -O, --oid show wolfSSL OID value in text", +#ifndef NO_CODING " -p, --pem file contents are PEM", +#endif " -s, --skip-pem NUM number of PEM blocks to skip", }; /* Number of usage lines. */ @@ -342,11 +353,13 @@ int main(int argc, char* argv[]) (strcmp(argv[0], "--branch") == 0)) { wc_Asn1PrintOptions_Set(&opts, ASN1_PRINT_OPT_DRAW_BRANCH, 1); } +#ifndef NO_CODING /* File is Base64 encoded data. */ else if ((strcmp(argv[0], "-b64") == 0) || (strcmp(argv[0], "--base64") == 0)) { file_format = FORMAT_BASE64; } +#endif /* Dump all ASN.1 item data. */ else if ((strcmp(argv[0], "-d") == 0) || (strcmp(argv[0], "--dump") == 0)) { @@ -403,11 +416,13 @@ int main(int argc, char* argv[]) (strcmp(argv[0], "--oid") == 0)) { wc_Asn1PrintOptions_Set(&opts, ASN1_PRINT_OPT_SHOW_OID, 1); } +#ifndef NO_CODING /* File contains PEM blocks. */ else if ((strcmp(argv[0], "-p") == 0) || (strcmp(argv[0], "--pem") == 0)) { file_format = FORMAT_PEM; } +#endif /* Skip a number of PEM blocks. */ else if ((strcmp(argv[0], "-s") == 0) || (strcmp(argv[0], "--skip-pem") == 0)) { @@ -436,6 +451,10 @@ int main(int argc, char* argv[]) return 1; } else { + if (fp != stdin) { + fprintf(stderr, "At most one input file can be supplied.\n"); + return 1; + } /* Name of file to read. */ fp = fopen(argv[0], "r"); if (fp == NULL) { @@ -458,12 +477,16 @@ int main(int argc, char* argv[]) if (file_format == FORMAT_DER) { ret = PrintDer(fp); } +#ifndef NO_CODING else if (file_format == FORMAT_BASE64) { ret = PrintBase64(fp); } +#endif +#ifndef NO_CODING else if (file_format == FORMAT_PEM) { ret = PrintPem(fp, pem_skip); } +#endif if (ret != 0) { fprintf(stderr, "%s\n", wc_GetErrorString(ret)); diff --git a/examples/async/async_client.c b/examples/async/async_client.c index a0df6a1465..27d66df9ce 100644 --- a/examples/async/async_client.c +++ b/examples/async/async_client.c @@ -1,8 +1,8 @@ /* async_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* TLS client demonstrating asynchronous cryptography features and optionally diff --git a/examples/async/async_server.c b/examples/async/async_server.c index 41eaae86ec..6740c0b37c 100644 --- a/examples/async/async_server.c +++ b/examples/async/async_server.c @@ -1,8 +1,8 @@ /* async_server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* TLS server demonstrating asynchronous cryptography features and optionally diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c index 1d4f68d530..4ab9de003c 100644 --- a/examples/async/async_tls.c +++ b/examples/async/async_tls.c @@ -1,8 +1,8 @@ /* async-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifndef WOLFSSL_USER_SETTINGS diff --git a/examples/async/async_tls.h b/examples/async/async_tls.h index d5403e24f2..43b249021c 100644 --- a/examples/async/async_tls.h +++ b/examples/async/async_tls.h @@ -1,6 +1,6 @@ /* async-tls.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/async/include.am b/examples/async/include.am index b8a6117503..5f189451ca 100644 --- a/examples/async/include.am +++ b/examples/async/include.am @@ -2,20 +2,25 @@ # All paths should be given relative to the root if BUILD_ASYNCCRYPT + noinst_HEADERS += examples/async/async_tls.h +if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/async/async_client examples_async_async_client_SOURCES = examples/async/async_client.c examples/async/async_tls.c examples_async_async_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_async_async_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_async_async_client_CFLAGS = $(AM_CFLAGS) +endif +if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/async/async_server examples_async_async_server_SOURCES = examples/async/async_server.c examples/async/async_tls.c examples_async_async_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_async_async_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_async_async_server_CFLAGS = $(AM_CFLAGS) endif +endif dist_example_DATA+= examples/async/async_server.c dist_example_DATA+= examples/async/async_client.c diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 8289d6a7f5..585fa7b2d0 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -1,6 +1,6 @@ /* tls_bench.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -383,6 +383,32 @@ char* myoptarg = NULL; int DoneHandShake = 0; #endif + +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5) +static int run_all_CAST(void) +{ + int ret = 0; + int cast_idx = 0; + + for (cast_idx = 0; cast_idx < FIPS_CAST_COUNT; cast_idx++) { + if ((ret = wc_RunCast_fips(cast_idx)) != 0) { +#ifdef NO_ERROR_STRINGS + fprintf(stderr, + "ERROR: FIPS CAST failed with return code: %d\n", ret); +#else + fprintf(stderr, + "ERROR: FIPS CAST failed for algorithm: %s\n", + wc_GetErrorString(ret)); +#endif + return ret; + } + } + + return ret; +} +#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */ + + static double gettime_secs(int reset) { struct timeval tv; @@ -412,7 +438,7 @@ static int ServerMemSend(info_t* info, char* buf, int sz) } #endif - XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz); + XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, (size_t)sz); info->to_client.write_idx += sz; info->to_client.write_bytes += sz; @@ -443,7 +469,7 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) } #endif - XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], sz); + XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], (size_t)sz); info->to_server.read_idx += sz; info->to_server.read_bytes += sz; @@ -486,7 +512,7 @@ static int ClientMemSend(info_t* info, char* buf, int sz) } #endif - XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz); + XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, (size_t)sz); info->to_server.write_idx += sz; info->to_server.write_bytes += sz; @@ -517,7 +543,7 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) } #endif - XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], sz); + XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], (size_t)sz); info->to_client.read_idx += sz; info->to_client.read_bytes += sz; @@ -544,7 +570,7 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) static int SocketRecv(int sockFd, char* buf, int sz) { - int recvd = (int)recv(sockFd, buf, sz, 0); + int recvd = (int)recv(sockFd, buf, (size_t)sz, 0); if (recvd == -1) { switch (errno) { #if EAGAIN != SOCKET_EWOULDBLOCK @@ -572,7 +598,7 @@ static int SocketRecv(int sockFd, char* buf, int sz) static int SocketSend(int sockFd, char* buf, int sz) { - int sent = (int)send(sockFd, buf, sz, 0); + int sent = (int)send(sockFd, buf, (size_t)sz, 0); if (sent == -1) { switch (errno) { #if EAGAIN != SOCKET_EWOULDBLOCK @@ -618,7 +644,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz) } } - recvd = (int)recvfrom(sd, buf, sz, 0, (SOCKADDR*)&peer, &peerSz); + recvd = (int)recvfrom(sd, buf, (size_t)sz, 0, (SOCKADDR*)&peer, &peerSz); if (recvd < 0) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { @@ -658,7 +684,7 @@ static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer, { int sent; - sent = (int)sendto(sd, buf, sz, 0, peer, peerSz); + sent = (int)sendto(sd, buf, (size_t)sz, 0, peer, peerSz); if (sent < 0) { if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) { @@ -813,13 +839,13 @@ static int SetupSocketAndConnect(info_t* info, const char* host, /* Setup server address */ XMEMSET(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; - servAddr.sin_port = htons(port); + servAddr.sin_port = htons((uint16_t)port); /* Resolve host */ entry = gethostbyname(host); if (entry) { XMEMCPY(&servAddr.sin_addr.s_addr, entry->h_addr_list[0], - entry->h_length); + (size_t)entry->h_length); } else { servAddr.sin_addr.s_addr = inet_addr(host); @@ -981,7 +1007,7 @@ static int bench_tls_client(info_t* info) /* Allocate and initialize a packet sized buffer */ - writeBuf = (unsigned char*)XMALLOC(info->packetSize, NULL, + writeBuf = (unsigned char*)XMALLOC((size_t)info->packetSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (writeBuf == NULL) { fprintf(stderr, "failed to allocate write memory\n"); @@ -990,7 +1016,7 @@ static int bench_tls_client(info_t* info) /* Allocate read buffer */ readBufSz = info->packetSize; - readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + readBuf = (unsigned char*)XMALLOC((size_t)readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (readBuf == NULL) { fprintf(stderr, "failed to allocate read memory\n"); ret = MEMORY_E; goto exit; @@ -1089,7 +1115,7 @@ static int bench_tls_client(info_t* info) info->client.shutdown = 1; writeSz = (int)XSTRLEN(kShutdown) + 1; - XMEMCPY(writeBuf, kShutdown, writeSz); /* include null term */ + XMEMCPY(writeBuf, kShutdown, (size_t)writeSz); /* include null term */ if (info->showVerbose) { fprintf(stderr, "Sending shutdown\n"); } @@ -1102,8 +1128,8 @@ static int bench_tls_client(info_t* info) } } else { - XMEMSET(writeBuf, 0, info->packetSize); - XSTRNCPY((char*)writeBuf, kTestStr, info->packetSize); + XMEMSET(writeBuf, 0, (size_t)info->packetSize); + XSTRNCPY((char*)writeBuf, kTestStr, (size_t)info->packetSize); } /* write / read echo loop */ @@ -1131,7 +1157,7 @@ static int bench_tls_client(info_t* info) total_sz += ret; /* read echo of message from server */ - XMEMSET(readBuf, 0, readBufSz); + XMEMSET(readBuf, 0, (size_t)readBufSz); start = gettime_secs(1); #ifndef BENCH_USE_NONBLOCK ret = wolfSSL_read(cli_ssl, readBuf, readBufSz); @@ -1152,7 +1178,7 @@ static int bench_tls_client(info_t* info) ret = 0; /* reset return code */ /* validate echo */ - if (XMEMCMP((char*)writeBuf, (char*)readBuf, writeSz) != 0) { + if (XMEMCMP((char*)writeBuf, (char*)readBuf, (size_t)writeSz) != 0) { fprintf(stderr, "echo check failed!\n"); ret = wolfSSL_get_error(cli_ssl, ret); goto exit; @@ -1169,7 +1195,7 @@ static int bench_tls_client(info_t* info) if (ret != 0 && ret != WOLFSSL_SUCCESS) { fprintf(stderr, "Client Error: %d (%s)\n", ret, - wolfSSL_ERR_reason_error_string(ret)); + wolfSSL_ERR_reason_error_string((unsigned long)ret)); } /* clean up */ @@ -1224,7 +1250,7 @@ static int SetupSocketAndListen(int* listenFd, word32 port, int doDTLS) /* Setup server address */ XMEMSET(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; - servAddr.sin_port = htons(port); + servAddr.sin_port = htons((uint16_t)port); servAddr.sin_addr.s_addr = INADDR_ANY; #ifdef WOLFSSL_DTLS @@ -1440,7 +1466,7 @@ static int bench_tls_server(info_t* info) /* Allocate read buffer */ readBufSz = info->packetSize; - readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + readBuf = (unsigned char*)XMALLOC((size_t)readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (readBuf == NULL) { fprintf(stderr, "failed to allocate read memory\n"); ret = MEMORY_E; goto exit; @@ -1538,7 +1564,7 @@ static int bench_tls_server(info_t* info) double rxTime; /* read message from client */ - XMEMSET(readBuf, 0, readBufSz); + XMEMSET(readBuf, 0, (size_t)readBufSz); start = gettime_secs(1); #ifndef BENCH_USE_NONBLOCK ret = wolfSSL_read(srv_ssl, readBuf, readBufSz); @@ -1615,7 +1641,7 @@ static int bench_tls_server(info_t* info) if (ret != 0 && ret != WOLFSSL_SUCCESS) { fprintf(stderr, "Server Error: %d (%s)\n", ret, - wolfSSL_ERR_reason_error_string(ret)); + wolfSSL_ERR_reason_error_string((unsigned long)ret)); } /* clean up */ @@ -1834,7 +1860,7 @@ int bench_tls(void* args) int argClientOnly = 0; int argServerOnly = 0; const char* argHost = BENCH_DEFAULT_HOST; - int argPort = BENCH_DEFAULT_PORT; + word32 argPort = BENCH_DEFAULT_PORT; int argShowPeerInfo = 0; #ifndef SINGLE_THREADED int doShutdown; @@ -1863,6 +1889,23 @@ int bench_tls(void* args) /* Initialize wolfSSL */ wolfSSL_Init(); +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5) + /* + * When running benchmarks on FIPS builds, we need to run ALL CASTs up + * front before spawning client/server threads, otherwise there is the + * possibility that both threads try to run a CAST at the same time during + * the handshake. In this scenario, the thread that doesn't win the race + * will not be able to run the CAST, since it returns "busy", which is treated + * as a failure. Running the CASTs up front is a simpler solution than + * implementing an additional layer of synchronization. + */ + if ((ret = run_all_CAST()) != 0) + { + fprintf(stderr, "CAST failed. Exiting benchmark\n"); + goto exit; + } +#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */ + /* Parse command line arguments */ while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) { switch (ch) { @@ -1883,7 +1926,7 @@ int bench_tls(void* args) break; case 'P': - argPort = atoi(myoptarg); + argPort = (word32)atoi(myoptarg); break; case 'd' : @@ -2003,12 +2046,12 @@ int bench_tls(void* args) #endif /* Allocate test info array */ - theadInfo = (info_t*)XMALLOC(sizeof(info_t) * argThreadPairs, NULL, + theadInfo = (info_t*)XMALLOC(sizeof(info_t) * (size_t)argThreadPairs, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (theadInfo == NULL) { ret = MEMORY_E; goto exit; } - XMEMSET(theadInfo, 0, sizeof(info_t) * argThreadPairs); + XMEMSET(theadInfo, 0, sizeof(info_t) * (size_t)argThreadPairs); #ifndef NO_WOLFSSL_SERVER /* Use same listen socket to avoid timing issues between client and server */ @@ -2073,7 +2116,7 @@ int bench_tls(void* args) XMEMSET(info, 0, sizeof(info_t)); info->host = argHost; - info->port = argPort + i; /* threads must have separate ports */ + info->port = argPort + (word32)i; /* threads must have separate ports */ info->cipher = cipher; #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) diff --git a/examples/benchmark/tls_bench.h b/examples/benchmark/tls_bench.h index 6ed021b63d..67599cb1c5 100644 --- a/examples/benchmark/tls_bench.h +++ b/examples/benchmark/tls_bench.h @@ -1,6 +1,6 @@ /* tls_bench.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/client/client.c b/examples/client/client.c index 6a133f3ddf..3a63ff74c0 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -461,7 +461,7 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg, } while (err == WC_PENDING_E); if (ret != msgSz) { LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); wolfSSL_free(ssl); ssl = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("SSL_write_early_data failed"); @@ -683,8 +683,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, conn_time = current_time(0) - start; /* Allocate TX/RX buffers */ - tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); - rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tx_buffer && rx_buffer) { WC_RNG rng; @@ -698,7 +698,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, size_t xfer_bytes; /* Generate random data to send */ - ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block); + ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, (word32)block); wc_FreeRng(&rng); if(ret != 0) { err_sys("wc_RNG_GenerateBlock failed"); @@ -710,7 +710,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, int len, rx_pos, select_ret; /* Determine packet size */ - len = min(block, (int)(throughput - xfer_bytes)); + len = (int)min((word32)block, (word32)(throughput - xfer_bytes)); /* Perform TX */ start = current_time(1); @@ -766,7 +766,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, } /* Compare TX and RX buffers */ - if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) { + if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) { free(tx_buffer); tx_buffer = NULL; free(rx_buffer); @@ -775,7 +775,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, } /* Update overall position */ - xfer_bytes += len; + xfer_bytes += (size_t)len; } } else { @@ -801,7 +801,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, if (exitWithRet) return err; -#ifdef __MINGW32__ +#if defined(__MINGW32__) || defined(_WIN32) #define SIZE_FMT "%d" #define SIZE_TYPE int #else @@ -815,8 +815,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, "\tRX %8.3f ms (%8.3f MBps)\n", (SIZE_TYPE)throughput, conn_time * 1000, - tx_time * 1000, throughput / tx_time / 1024 / 1024, - rx_time * 1000, throughput / rx_time / 1024 / 1024 + (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024, + (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024 ); return EXIT_SUCCESS; @@ -852,7 +852,7 @@ static int StartTLS_Init(SOCKET_T* sockfd) } /* C: EHLO mail.example.com */ - if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) != + if (send(*sockfd, starttlsCmd[1], (SIZE_TYPE)XSTRLEN(starttlsCmd[1]), 0) != (int)XSTRLEN(starttlsCmd[1])) err_sys("failed to send STARTTLS EHLO command\n"); @@ -869,7 +869,7 @@ static int StartTLS_Init(SOCKET_T* sockfd) } /* C: STARTTLS */ - if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) != + if (send(*sockfd, starttlsCmd[3], (SIZE_TYPE)XSTRLEN(starttlsCmd[3]), 0) != (int)XSTRLEN(starttlsCmd[3])) { err_sys("failed to send STARTTLS command\n"); } @@ -980,7 +980,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str if (ret != msgSz) { char buffer[WOLFSSL_MAX_ERROR_SZ]; LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); if (!exitWithRet) { err_sys("SSL_write failed"); } @@ -1011,7 +1011,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) { LOG_ERROR("SSL_read reply error %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); if (!exitWithRet) { err_sys("SSL_read failed"); } @@ -1090,7 +1090,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, if (ret != 0) { char buffer[WOLFSSL_MAX_ERROR_SZ]; LOG_ERROR("SSL_write%s msg error %d, %s\n", str, ret, - wolfSSL_ERR_error_string(ret, buffer)); + wolfSSL_ERR_error_string((unsigned long)ret, buffer)); } return ret; @@ -1162,6 +1162,7 @@ static const char* client_usage_msg[][78] = { "-D Override Date Errors example\n", /* 18 */ "-e List Every cipher suite available, \n", /* 19 */ "-g Send server HTTP GET\n", /* 20 */ +#ifdef WOLFSSL_DTLS #ifndef WOLFSSL_DTLS13 "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" " (default)\n", /* 21 */ @@ -1169,6 +1170,7 @@ static const char* client_usage_msg[][78] = { "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" " (default), -v 4 for DTLSv1.3\n", /* 21 */ #endif /* !WOLFSSL_DTLS13 */ +#endif #ifdef WOLFSSL_SCTP "-G Use SCTP DTLS," " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */ @@ -1387,6 +1389,7 @@ static const char* client_usage_msg[][78] = { "-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */ "-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */ "-g サーバーへ HTTP GET を送信\n", /* 20 */ +#ifdef WOLFSSL_DTLS "-u UDP DTLSを使用する。\n" #ifndef WOLFSSL_DTLS13 " -v 2 を追加指定するとDTLSv1, " @@ -1396,6 +1399,7 @@ static const char* client_usage_msg[][78] = { "-v 3 を追加指定すると DTLSv1.2 (既定値),\n" " -v 4 を追加指定すると DTLSv1.3\n", /* 21 */ #endif /* !WOLFSSL_DTLS13 */ +#endif /* WOLFSSL_DTLS */ #ifdef WOLFSSL_SCTP "-G SCTP DTLSを使用する。-v 2 を追加指定すると" " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */ @@ -1865,6 +1869,39 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args) } #endif /* WOLFSSL_SRTP */ +#if defined(WOLFSSL_STATIC_MEMORY) && \ + defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK) +static void ExampleDebugMemoryCb(size_t sz, int bucketSz, byte st, int type) { + switch (st) { + case WOLFSSL_DEBUG_MEMORY_ALLOC: + if (type == DYNAMIC_TYPE_IN_BUFFER) { + printf("IN BUFFER: "); + } + + if (type == DYNAMIC_TYPE_OUT_BUFFER) { + printf("OUT BUFFER: "); + } + + printf("Alloc'd %d bytes using bucket size %d\n", (int)sz, + bucketSz); + break; + + case WOLFSSL_DEBUG_MEMORY_FAIL: + printf("Failed when trying to allocate %d bytes\n", (int)sz); + break; + + case WOLFSSL_DEBUG_MEMORY_FREE: + printf("Free'ing : %d\n", (int)sz); + break; + + case WOLFSSL_DEBUG_MEMORY_INIT: + printf("Creating memory bucket of size : %d\n", bucketSz); + break; + } +} +#endif + + THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { @@ -2096,15 +2133,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) byte memory[80000]; #endif byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */ + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) WOLFSSL_MEM_CONN_STATS ssl_stats; - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) WOLFSSL_MEM_STATS mem_stats; #endif + #endif WOLFSSL_HEAP_HINT *heap = NULL; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS - /* Set our preference for verfication to be for both the native and + /* Set our preference for verification to be for both the native and * alternative chains. Ultimately, its the server's choice. This will be * used in the call to wolfSSL_UseCKS(). */ byte cks_order[3] = { @@ -2166,6 +2205,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void)usePqc; (void)pqcAlg; (void)opensslPsk; + (void)fileFormat; StackTrap(); /* Reinitialize the global myVerifyAction. */ @@ -2425,7 +2465,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; case 'B' : - throughput = atol(myoptarg); + throughput = (size_t)atol(myoptarg); for (; *myoptarg != '\0'; myoptarg++) { if (*myoptarg == ',') { block = atoi(myoptarg + 1); @@ -2488,7 +2528,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) case 'F' : #ifdef HAVE_MAX_FRAGMENT - maxFragment = atoi(myoptarg); + maxFragment = (byte)atoi(myoptarg); if (maxFragment < WOLFSSL_MFL_MIN || maxFragment > WOLFSSL_MFL_MAX) { Usage(); @@ -2515,7 +2555,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { word32 myoptargSz; - statusRequest = atoi(myoptarg); + statusRequest = (byte)atoi(myoptarg); if (statusRequest > OCSP_STAPLING_OPT_MAX) { Usage(); XEXIT_T(MY_EX_USAGE); @@ -3025,7 +3065,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef WOLFSSL_STATIC_MEMORY - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) /* print off helper buffer sizes for use with static memory * printing to stderr in case of debug mode turned on */ LOG_ERROR("static memory management size = %d\n", @@ -3042,6 +3082,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to load static memory"); } +#if defined(WOLFSSL_STATIC_MEMORY) && \ + defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK) + wolfSSL_SetDebugMemoryCb(ExampleDebugMemoryCb); +#endif ctx = wolfSSL_CTX_new_ex(method(heap), heap); if (ctx == NULL) err_sys("unable to get ctx"); @@ -3541,8 +3585,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) - wolfSSL_CTX_allow_post_handshake_auth(ctx); + if (postHandAuth) { + if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) { + err_sys("unable to support post handshake auth"); + } + } #endif if (benchmark) { @@ -3583,7 +3630,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif -#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) LOG_ERROR("Before creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys("ctx not using static memory"); @@ -3681,7 +3729,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif -#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) LOG_ERROR("After creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys("ctx not using static memory"); @@ -3928,7 +3977,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); LOG_ERROR("wolfSSL_connect error %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); /* cleanup */ wolfSSL_free(ssl); ssl = NULL; @@ -4269,11 +4318,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("SSL connect ok, sending GET...\n"); msgSz = (int)XSTRLEN(kHttpGetMsg); - XMEMCPY(msg, kHttpGetMsg, msgSz); + XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz); } else { msgSz = (int)XSTRLEN(kHelloMsg); - XMEMCPY(msg, kHelloMsg, msgSz); + XMEMCPY(msg, kHelloMsg, (size_t)msgSz); } /* allow some time for exporting the session */ @@ -4389,7 +4438,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif /* display collected statistics */ -#ifdef WOLFSSL_STATIC_MEMORY +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) err_sys("static memory was not used with ssl"); @@ -4520,7 +4569,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif if (ret != WOLFSSL_SUCCESS) { LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; @@ -4601,11 +4650,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) XMEMSET(msg, 0, sizeof(msg)); if (sendGET) { msgSz = (int)XSTRLEN(kHttpGetMsg); - XMEMCPY(msg, kHttpGetMsg, msgSz); + XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz); } else { msgSz = (int)XSTRLEN(kResumeMsg); - XMEMCPY(msg, kResumeMsg, msgSz); + XMEMCPY(msg, kResumeMsg, (size_t)msgSz); } (void)ClientWriteRead(sslResume, msg, msgSz, reply, sizeof(reply)-1, @@ -4616,7 +4665,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_shutdown(sslResume); /* bidirectional shutdown */ /* display collected statistics */ - #ifdef WOLFSSL_STATIC_MEMORY + #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1) err_sys("static memory was not used with ssl"); diff --git a/examples/client/client.h b/examples/client/client.h index 3317670e59..09581fcac7 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/README.md b/examples/configs/README.md index 8ed282cc72..048c79d456 100644 --- a/examples/configs/README.md +++ b/examples/configs/README.md @@ -6,13 +6,17 @@ Example wolfSSL configuration file templates for use when autoconf is not availa * `user_settings_template.h`: Template that allows modular algorithm and feature selection using `#if 0` logic. * `user_settings_all.h`: This is wolfSSL with all features enabled. Equivalent to `./configure --enable-all`. -* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`. -* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20. +* `user_settings_arduino.h`: An example Arduino file. See also [wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL). +*.`user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports. * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options. * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`. +* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`. +* `user_settings_platformio.h`: An example for PlatformIO library. See also [platformio/wolfssl](https://registry.platformio.org/libraries/wolfssl/wolfssl) * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack. +* `user_settings_tls12`: Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only. +* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20. +* `user_settings_wolfssh.h`: Minimum options for building wolfSSH. See comment at top for ./configure used to generate. * `user_settings_wolftpm.h`: Minimum options for building wolfTPM. See comment at top for ./configure used to generate. -*.`user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports. ## Usage diff --git a/examples/configs/include.am b/examples/configs/include.am index 61154167a1..0319d21d86 100644 --- a/examples/configs/include.am +++ b/examples/configs/include.am @@ -4,12 +4,14 @@ EXTRA_DIST += examples/configs/README.md EXTRA_DIST += examples/configs/user_settings_all.h EXTRA_DIST += examples/configs/user_settings_arduino.h -EXTRA_DIST += examples/configs/user_settings_min_ecc.h -EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h -EXTRA_DIST += examples/configs/user_settings_template.h +EXTRA_DIST += examples/configs/user_settings_EBSnet.h EXTRA_DIST += examples/configs/user_settings_fipsv2.h EXTRA_DIST += examples/configs/user_settings_fipsv5.h +EXTRA_DIST += examples/configs/user_settings_min_ecc.h +EXTRA_DIST += examples/configs/user_settings_platformio.h EXTRA_DIST += examples/configs/user_settings_stm32.h +EXTRA_DIST += examples/configs/user_settings_template.h EXTRA_DIST += examples/configs/user_settings_tls12.h +EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h +EXTRA_DIST += examples/configs/user_settings_wolfssh.h EXTRA_DIST += examples/configs/user_settings_wolftpm.h -EXTRA_DIST += examples/configs/user_settings_EBSnet.h diff --git a/examples/configs/user_settings_EBSnet.h b/examples/configs/user_settings_EBSnet.h index 3d1486998b..dacd02af0d 100644 --- a/examples/configs/user_settings_EBSnet.h +++ b/examples/configs/user_settings_EBSnet.h @@ -1,6 +1,6 @@ /* user_settings_EBSnet.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h index c484b90bef..9340ea38c0 100644 --- a/examples/configs/user_settings_all.h +++ b/examples/configs/user_settings_all.h @@ -1,6 +1,6 @@ /* user_settings_all.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,7 +46,7 @@ extern "C" { #define HAVE_EXT_CACHE #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */ #define HAVE_PK_CALLBACKS /* Enable public key callbacks */ -#define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */ +#define WOLFSSL_ALT_CERT_CHAINS /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */ #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */ #define WOLFSSL_HAVE_CERT_SERVICE #define WOLFSSL_JNI @@ -126,6 +126,7 @@ extern "C" { #define WOLFSSL_CUSTOM_OID #define HAVE_OID_ENCODING #define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_ALT_NAMES /* Support subject alternative names extension */ /* Certificate Revocation */ #define HAVE_OCSP diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h index cf64c75d77..178511ed0f 100644 --- a/examples/configs/user_settings_arduino.h +++ b/examples/configs/user_settings_arduino.h @@ -1,6 +1,6 @@ /* examples/configs/user_settings_arduino.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_fipsv2.h b/examples/configs/user_settings_fipsv2.h index f6096341e4..b15b1283b2 100644 --- a/examples/configs/user_settings_fipsv2.h +++ b/examples/configs/user_settings_fipsv2.h @@ -1,6 +1,6 @@ /* user_settings_fipsv2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_fipsv5.h b/examples/configs/user_settings_fipsv5.h index 9f6bbfd463..afc4b63c9b 100644 --- a/examples/configs/user_settings_fipsv5.h +++ b/examples/configs/user_settings_fipsv5.h @@ -1,6 +1,6 @@ /* user_settings_fipsv5.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h index f052500331..e43fb08418 100644 --- a/examples/configs/user_settings_min_ecc.h +++ b/examples/configs/user_settings_min_ecc.h @@ -1,6 +1,6 @@ /* user_settings_min_ecc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h new file mode 100644 index 0000000000..25babd2113 --- /dev/null +++ b/examples/configs/user_settings_platformio.h @@ -0,0 +1,791 @@ +/* examples/configs/user_settings_platformio.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This is a sample PlatformIO user_settings.h for wolfSSL + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + + /* Define a macro to display user settings version in example code: */ +#define WOLFSSL_USER_SETTINGS_ID "PlatformIO user_settings.h v5.7.0-test.rev02" + +/* + * For other platforms see: + * https://github.com/wolfSSL/wolfssl/tree/master/examples/configs + */ + +#if defined(ESP_IDF_VERSION_MAJOR) || defined(WOLFSSL_ESPIDF) || \ + defined(ESP_PLATFORM) || defined(WOLFSSL_ESP32) + #include "sdkconfig.h" + /* The #include "protocol_examples_common.h" fails for PlatformIO, + * so disable the WiFi *not needed for test and benchmark examples. */ + #define NO_ESP_SDK_WIFI +#endif + + +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + +/* Used only by benchmark: */ +#define BENCH_EMBEDDED +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + + +#define HAVE_VERSION_EXTENDED_INFO +/* Due to limited build control, we'll ignore file warnings. */ +/* See github.com/arduino/arduino-cli/issues/631 */ +#undef WOLFSSL_IGNORE_FILE_WARN +#define WOLFSSL_IGNORE_FILE_WARN + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* TODO: known PlatformIO problem if SINGLE_THREADED is not enabled. */ +/* See https://github.com/wolfSSL/wolfssl/issues/7533 */ +#define SINGLE_THREADED + +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + +/* Uncommon settings for testing only */ +#define TEST_ESPIDF_ALL_WOLFSSL +#ifdef TEST_ESPIDF_ALL_WOLFSSL + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + /* SRP Known to be working on this target:*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target:*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif + + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + /* TODO does CHACHA also need alignment? Failing on ESP8266 + * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX not working on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF +#endif + +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ + +/* Cannot use WOLFSSL_NO_MALLOC with small stack */ +/* #define WOLFSSL_NO_MALLOC */ + +#define BENCH_EMBEDDED + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + +#define NO_FILESYSTEM + +/* To further reduce size, client or server functionality can be disabled. + * Here, we check if the example code gave us a hint. + * + * The calling application can define either one of these macros before + * including the Arduino wolfssl.h library file: + * + * WOLFSSL_CLIENT_EXAMPLE + * WOLFSSL_SERVER_EXAMPLE + */ +#if defined(WOLFSSL_CLIENT_EXAMPLE) + #define NO_WOLFSSL_SERVER +#elif defined(WOLFSSL_SERVER_EXAMPLE) + #define NO_WOLFSSL_CLIENT +#else + /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE + * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */ + #define NO_WOLFSSL_SERVER_CLIENT_MISSING + /* Both can be disabled in wolfssl test & benchmark */ +#endif + +#define NO_OLD_TLS + +#define HAVE_AESGCM + +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + +/* when you want to use SHA224 */ +#define WOLFSSL_SHA224 + +/* when you want to use SHA384 */ +#define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ +#define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + + /* ED25519 requires SHA512 */ +#define HAVE_ED25519 + +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + +#define HAVE_ED25519 + +/* Optional OPENSSL compatibility */ +#define OPENSSL_EXTRA + +/* #Optional HAVE_PKCS7 */ +#define HAVE_PKCS7 + +#if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + + #define HAVE_AES_KEYWRAP + #define HAVE_X963_KDF + #define WOLFSSL_AES_DIRECT +#endif + +/* when you want to use AES counter mode */ +/* #define WOLFSSL_AES_DIRECT */ +/* #define WOLFSSL_AES_COUNTER */ + +/* esp32-wroom-32se specific definition */ +#if defined(WOLFSSL_ESPWROOM32SE) + #define WOLFSSL_ATECC508A + #define HAVE_PK_CALLBACKS + /* when you want to use a custom slot allocation for ATECC608A */ + /* unless your configuration is unusual, you can use default */ + /* implementation. */ + /* #define CUSTOM_SLOT_ALLOCATION */ +#endif + +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ + +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ + +/* #define WOLFSSL_ATECC508A_DEBUG */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ + + +/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ +#define ESP_RSA_TIMEOUT_CNT 0x349F00 + +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT + +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH + +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + + +#define WOLFSSL_SMALL_STACK + + +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* command-line options +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ + +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ +#if defined(CONFIG_IDF_TARGET_ESP32) + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See www.espressif.com/en/products/socs/esp32-c2 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + +#else + /* Anything else encountered, disable HW acceleration */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + +/* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG +*/ + +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + +#define WOLFSSL_HW_METRICS +#define ALT_ECC_SIZE + +/* for test.c: */ +/* #define HASH_SIZE_LIMIT */ + +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */ + +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * github.com/wolfSSL/wolfssl/pull/6825 + * github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +/* Conditional macros used in wolfSSL TLS client and server examples */ +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #if defined(USE_CERT_BUFFERS_2048) + #ifdef USE_CERT_BUFFERS_1024 + #error "USE_CERT_BUFFERS_1024 is already defined. Pick one." + #endif + #include + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + #ifdef USE_CERT_BUFFERS_2048 + #error "USE_CERT_BUFFERS_2048 is already defined. Pick one." + #endif + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h index 9f02cf2bf5..20f0d5cfa7 100644 --- a/examples/configs/user_settings_stm32.h +++ b/examples/configs/user_settings_stm32.h @@ -1,7 +1,7 @@ /* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h using * default_conf.ftl and STM32CubeIDE or STM32CubeMX tool) * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/configs/user_settings_template.h b/examples/configs/user_settings_template.h index f8673fab34..680376ad2d 100644 --- a/examples/configs/user_settings_template.h +++ b/examples/configs/user_settings_template.h @@ -1,6 +1,6 @@ /* user_settings_template.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -354,6 +354,7 @@ extern "C" { /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ + /* Note2: XFREE(NULL) must be properly handled */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h index ee283710b4..31ff456e1c 100644 --- a/examples/configs/user_settings_wolfboot_keytools.h +++ b/examples/configs/user_settings_wolfboot_keytools.h @@ -4,7 +4,7 @@ * Enabled via WOLFSSL_USER_SETTINGS. * * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -86,7 +86,7 @@ #define NO_RABBIT #define NO_MD5 #define NO_SIG_WRAPPER -#define NO_CERT +#define NO_CERTS #define NO_SESSION_CACHE #define NO_HC128 #define NO_DES3 diff --git a/examples/configs/user_settings_wolfssh.h b/examples/configs/user_settings_wolfssh.h new file mode 100644 index 0000000000..45821a729b --- /dev/null +++ b/examples/configs/user_settings_wolfssh.h @@ -0,0 +1,214 @@ +/* user_settings_wolfssh.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */ + +/* Started from the following configure and hand tuned, organized and commented: +./configure --enable-wolfssh --enable-sp=small --enable-sp-math \ +--disable-sp-asm --disable-asm --disable-sys-ca-certs --enable-aesgcm=small \ +--enable-cryptonly --disable-sha3 --disable-chacha --disable-poly1305 \ +--disable-md5 --disable-error-queue-per-thread --disable-pkcs12 \ +--disable-errorstrings --disable-sni --disable-sha224 +make +*/ + +/* Tested using: +cp ./examples/configs/user_settings_wolfssh.h user_settings.h +cp ./examples/configs/user_settings_wolfssh.h ../wolfSSH/user_settings.h + +wolfSSL: +./configure --enable-usersettings --disable-examples CFLAGS="-Os" +make +sudo make install + +wolfSSH: +./configure --enable-scp --disable-shared --disable-term \ + CFLAGS="-DWOLFSSL_USER_SETTINGS -Os" +make +*/ + +#ifndef WOLFSSL_USER_SETTINGS_SSH_H +#define WOLFSSL_USER_SETTINGS_SSH_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* #define USE_LOW_RESOURCE */ + +/* Platform */ +#ifdef USE_LOW_RESOURCE + /* Threading and filesystem required for wolfSSH tests \ + * Can be set for wolfSSH library only use */ + #define SINGLE_THREADED + #define NO_FILESYSTEM + #define BENCH_EMBEDDED +#endif + +/* Features */ +#define WOLFSSL_WOLFSSH +#if 1 + #define WOLFCRYPT_ONLY /* no TLS */ +#endif +#define HAVE_HASHDRBG +#define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_PUBLIC_MP +#ifndef USE_LOW_RESOURCE + #define WOLFSSL_BASE64_ENCODE +#endif + +#ifndef WOLFCRYPT_ONLY + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_ENCRYPT_THEN_MAC +#endif + +/* Timing Resistance */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* Asymmetric */ +#if 1 /* RSA - PKCS1v1.5 */ + #undef NO_RSA + #define WC_NO_RSA_OAEP /* SSH does not use OAEP */ + + #ifdef USE_LOW_RESOURCE + #define RSA_LOW_MEM + #endif +#else + #define NO_RSA +#endif + +#if 1 /* DH */ + /* RFC 4253 requires "DH w/SHA-1" + * RFC 9142 requires "diffie-hellman-group14-sha256" + */ + #undef NO_DH + #ifndef WOLFCRYPT_ONLY + #define HAVE_DH_DEFAULT_PARAMS + #define HAVE_FFDHE_2048 + #endif +#else + #define NO_DH +#endif +#if 1 /* ECC */ + #define HAVE_ECC + #ifndef USE_LOW_RESOURCE /* optional ECC SHAMIR speedup */ + #define ECC_SHAMIR + #endif + #define ECC_USER_CURVES + #ifndef USE_LOW_RESOURCE + #define HAVE_ECC384 + #define HAVE_ECC521 + #endif +#endif + +/* Symmetric AES CBC/GCM */ +#undef NO_AES_CBC +#if 1 /* GCM */ + #define HAVE_AESGCM + #define GCM_SMALL +#endif +#ifdef USE_LOW_RESOURCE + #define WOLFSSL_AES_SMALL_TABLES +#endif + +/* Hashing SHA-1/SHA2-256 */ +#undef NO_SHA +#undef NO_SHA256 +#ifdef USE_LOW_RESOURCE + #define USE_SLOW_SHA + #define USE_SLOW_SHA256 +#endif +#if 0 + #define WOLFSSL_SHA384 + #define WOLFSSL_SHA512 + #ifdef USE_LOW_RESOURCE + #define USE_SLOW_SHA512 + #endif +#endif + + +/* Math */ +/* Multi Precision (MP): Enable support for uncommon key sizes / curves */ +#if 0 + #define WOLFSSL_SP_MATH_ALL +#endif + +/* Single Precision (SP) Math */ +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_SMALL + +#if !defined(NO_RSA) || !defined(NO_DH) + #undef WOLFSSL_SP_NO_2048 /* 2048-bit */ + #ifdef USE_LOW_RESOURCE + #define WOLFSSL_SP_NO_3072 /* 3072-bit */ + #else + #undef WOLFSSL_SP_NO_3072 /* 3072-bit */ + #define WOLFSSL_SP_4096 /* 4096-bit */ + #endif + + #ifndef NO_RSA + #define WOLFSSL_HAVE_SP_RSA + #endif + #ifndef NO_DH + #define WOLFSSL_HAVE_SP_DH + #endif +#endif +#ifdef HAVE_ECC + #define WOLFSSL_HAVE_SP_ECC + + #undef WOLFSSL_SP_NO_256 /* 256-bit */ + #ifdef HAVE_ECC384 + #define WOLFSSL_SP_384 /* 384-bit */ + #endif + #ifdef HAVE_ECC521 + #define WOLFSSL_SP_521 /* 521-bit */ + #endif +#endif + +/* Disable Algorithms */ +#define NO_DSA +#define NO_DES3 +#define NO_MD4 +#define NO_MD5 +#define NO_RC4 +#define NO_PSK +#define NO_PKCS12 +#define NO_PWDBASED +#define WOLFSSL_NO_SHAKE128 +#define WOLFSSL_NO_SHAKE256 + +/* Disable Features */ +#define NO_ERROR_STRINGS +#define WC_NO_ASYNC_THREADING +#define NO_DES3_TLS_SUITES +#define NO_OLD_TLS +#define WOLFSSL_NO_TLS12 + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_USER_SETTINGS_SSH_H */ diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h index 20da890b30..960536cb30 100644 --- a/examples/configs/user_settings_wolftpm.h +++ b/examples/configs/user_settings_wolftpm.h @@ -1,6 +1,6 @@ /* user_settings_wolftpm.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 662aca0f1c..89a8d6ba96 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -257,7 +257,7 @@ void echoclient_test(void* args) } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "SSL_connect error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); err_sys("SSL_connect failed"); } @@ -280,7 +280,7 @@ void echoclient_test(void* args) } while (err == WC_PENDING_E); if (ret != sendSz) { fprintf(stderr, "SSL_write msg error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); err_sys("SSL_write failed"); } @@ -329,7 +329,7 @@ void echoclient_test(void* args) #endif else { fprintf(stderr, "SSL_read msg error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); err_sys("SSL_read failed"); } } diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 23c4597c3d..90fb387be7 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index c6afdcb09a..68a86bce48 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -350,7 +350,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "SSL_accept error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); fprintf(stderr, "SSL_accept failed\n"); wolfSSL_free(ssl); CloseSocket(clientfd); @@ -391,7 +391,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) if (ret <= 0) { if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){ fprintf(stderr, "SSL_read echo error %d, %s!\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); } break; } @@ -453,7 +453,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) } while (err == WC_PENDING_E); if (ret != echoSz) { fprintf(stderr, "SSL_write get error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); err_sys("SSL_write get failed"); } break; @@ -480,7 +480,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) if (ret != echoSz) { fprintf(stderr, "SSL_write echo error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); err_sys("SSL_write echo failed"); } } diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index a73c549ea3..29ab5a9f1b 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/pem/pem.c b/examples/pem/pem.c index e69b1199c7..3d32e8472c 100644 --- a/examples/pem/pem.c +++ b/examples/pem/pem.c @@ -1,6 +1,6 @@ /* pem.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -778,6 +778,10 @@ int main(int argc, char* argv[]) fprintf(stderr, "No filename provided\n"); return 1; } + if (in_file != stdin) { + fprintf(stderr, "At most one input file can be supplied.\n"); + return 1; + } in_file = fopen(argv[0], "r"); if (in_file == NULL) { fprintf(stderr, "File not able to be read: %s\n", argv[0]); diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c index d38f5579af..36be1aed41 100644 --- a/examples/sctp/sctp-client-dtls.c +++ b/examples/sctp/sctp-client-dtls.c @@ -1,6 +1,6 @@ /* sctp-client-dtls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/sctp/sctp-client.c b/examples/sctp/sctp-client.c index fdabe43c4a..b76639f484 100644 --- a/examples/sctp/sctp-client.c +++ b/examples/sctp/sctp-client.c @@ -1,6 +1,6 @@ /* sctp-client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c index c02522f209..530a4b65b5 100644 --- a/examples/sctp/sctp-server-dtls.c +++ b/examples/sctp/sctp-server-dtls.c @@ -1,6 +1,6 @@ /* sctp-server-dtls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/sctp/sctp-server.c b/examples/sctp/sctp-server.c index 3f8f6d803e..71143e8057 100644 --- a/examples/sctp/sctp-server.c +++ b/examples/sctp/sctp-server.c @@ -1,6 +1,6 @@ /* sctp-server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/server/server.c b/examples/server/server.c index 6f0faf3385..d7f4f07b57 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -262,7 +262,8 @@ static WC_INLINE int PeekSeq(const char* buf, word32* seq) const char* c = buf + 3; if ((c[0] | c[1] | c[2] | c[3]) == 0) { - *seq = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7]; + *seq = ((word32)c[4] << 24) | ((word32)c[5] << 16) | + ((word32)c[6] << 8) | (word32)c[7]; return 1; } @@ -292,8 +293,8 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) } } - sent = (int)sendto(sd, buf, sz, 0, (const SOCKADDR*)&dtlsCtx->peer.sa, - dtlsCtx->peer.sz); + sent = (int)sendto(sd, buf, (size_t)sz, 0, + (const SOCKADDR*)&dtlsCtx->peer.sa, dtlsCtx->peer.sz); sent = TranslateReturnCode(sent, sd); @@ -419,7 +420,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, size_t xfer_bytes = 0; char* buffer; - buffer = (char*)malloc(block); + buffer = (char*)malloc((size_t)block); if (!buffer) { err_sys_ex(runWithErrors, "Server buffer malloc failed"); } @@ -431,7 +432,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, if (select_ret == TEST_RECV_READY) { if (throughput) - len = min(block, (int)(throughput - xfer_bytes)); + len = (int)min((word32)block, (word32)(throughput - xfer_bytes)); else len = block; rx_pos = 0; @@ -479,7 +480,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, /* Write data */ do { err = 0; /* reset error */ - ret = SSL_write(ssl, buffer, min(len, rx_pos)); + ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)); if (ret <= 0) { err = SSL_get_error(ssl, 0); #ifdef WOLFSSL_ASYNC_CRYPT @@ -490,7 +491,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, #endif } } while (err == WC_PENDING_E); - if (ret != (int)min(len, rx_pos)) { + if (ret != (int)min((word32)len, (word32)rx_pos)) { LOG_ERROR("SSL_write echo error %d\n", err); err_sys_ex(runWithErrors, "SSL_write failed"); } @@ -499,7 +500,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, tx_time += current_time(0) - start; } - xfer_bytes += len; + xfer_bytes += (size_t)len; } } @@ -519,8 +520,8 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, "\tRX %8.3f ms (%8.3f MBps)\n" "\tTX %8.3f ms (%8.3f MBps)\n", (SIZE_TYPE)throughput, - rx_time * 1000, throughput / rx_time / 1024 / 1024, - tx_time * 1000, throughput / tx_time / 1024 / 1024 + (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024, + (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024 ); } else { @@ -582,7 +583,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) #endif ) { LOG_ERROR("SSL_read input error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); err_sys_ex(runWithErrors, "SSL_read failed"); } } @@ -655,7 +656,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) if (ret != outputLen) { char buffer[WOLFSSL_MAX_ERROR_SZ]; LOG_ERROR("SSL_write msg error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); err_sys_ex(runWithErrors, "SSL_write failed"); } } @@ -1600,10 +1601,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) byte memory[80000]; #endif byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */ + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) WOLFSSL_MEM_CONN_STATS ssl_stats; - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) WOLFSSL_MEM_STATS mem_stats; #endif + #endif #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) int onlyKeyShare = 0; @@ -1984,7 +1987,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; case 'B': - throughput = atol(myoptarg); + throughput = (size_t)atol(myoptarg); for (; *myoptarg != '\0'; myoptarg++) { if (*myoptarg == ',') { block = atoi(myoptarg + 1); @@ -2143,7 +2146,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) XMEMSET(&dtlsCtx, 0, sizeof(dtlsCtx)); doBlockSeq = 1; - dtlsCtx.blockSeq = atoi(myoptarg); + dtlsCtx.blockSeq = (word32)atoi(myoptarg); #endif break; @@ -2502,7 +2505,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "unable to get method"); #ifdef WOLFSSL_STATIC_MEMORY - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) /* print off helper buffer sizes for use with static memory * printing to stderr in case of debug mode turned on */ LOG_ERROR("static memory management size = %d\n", @@ -2963,7 +2966,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "tcp accept failed"); } } -#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) LOG_ERROR("Before creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys_ex(runWithErrors, "ctx not using static memory"); @@ -3052,7 +3056,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif -#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) LOG_ERROR("After creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys_ex(runWithErrors, "ctx not using static memory"); @@ -3182,7 +3187,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef CAN_FORCE_CURVE if (force_curve_group_id > 0) { do { - ret = wolfSSL_UseKeyShare(ssl, force_curve_group_id); + ret = wolfSSL_UseKeyShare(ssl, (word16)force_curve_group_id); if (ret == WOLFSSL_SUCCESS) { } @@ -3444,7 +3449,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (ret != WOLFSSL_SUCCESS) { err = SSL_get_error(ssl, 0); LOG_ERROR("SSL_accept error %d, %s\n", err, - ERR_error_string(err, buffer)); + ERR_error_string((unsigned long)err, buffer)); if (!exitWithRet) { err_sys_ex(runWithErrors, "SSL_accept failed"); } else { @@ -3528,10 +3533,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) size = wolfSSL_get_server_random(ssl, rnd, size); if (size == 0) { - if (rnd) { - XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); - rnd = NULL; - } + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rnd = NULL; err_sys_ex(runWithErrors, "error getting server random buffer"); } @@ -3708,8 +3711,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); - wolfSSL_request_certificate(ssl); - + if (wolfSSL_request_certificate(ssl) != WOLFSSL_SUCCESS) { + LOG_ERROR("Request for post-hs certificate failed\n"); + } + else { + LOG_ERROR("Successfully requested post-hs certificate\n"); + } } #endif @@ -3798,7 +3805,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } /* display collected statistics */ -#ifdef WOLFSSL_STATIC_MEMORY +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) err_sys_ex(runWithErrors, "static memory was not used with ssl"); diff --git a/examples/server/server.h b/examples/server/server.h index e0c8ad7bab..0750f4ca99 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/fips-check.sh b/fips-check.sh index 8d116c1964..4f57d2d040 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -32,6 +32,7 @@ Flavor is one of: fips-ready (ready FIPS 140-3) fips-dev (dev FIPS 140-3) wolfrand + wolfentropy Keep (default off) retains the temp dir $TEST_DIR for inspection. Example: @@ -254,6 +255,41 @@ wolfrand) 'wolfssl/wolfcrypt/sha256.h:WCv4-stable' ) ;; +wolfentropy) + FIPS_OPTION='v6' + FIPS_FILES=( + 'wolfcrypt/src/fips.c:wolfEntropy1' + 'wolfcrypt/src/fips_test.c:wolfEntropy1' + 'wolfcrypt/src/wolfcrypt_first.c:wolfEntropy1' + 'wolfcrypt/src/wolfcrypt_last.c:wolfEntropy1' + 'wolfssl/wolfcrypt/fips.h:wolfEntropy1' + ) + WOLFCRYPT_FILES=( + 'wolfcrypt/src/aes.c:wolfEntropy1' + 'wolfcrypt/src/aes_asm.asm:wolfEntropy1' + 'wolfcrypt/src/aes_asm.S:wolfEntropy1' + 'wolfcrypt/src/aes_gcm_asm.S:wolfEntropy1' + 'wolfcrypt/src/ecc.c:wolfEntropy1' + 'wolfcrypt/src/hmac.c:wolfEntropy1' + 'wolfcrypt/src/kdf.c:wolfEntropy1' + 'wolfcrypt/src/random.c:wolfEntropy1' + 'wolfcrypt/src/sha256.c:wolfEntropy1' + 'wolfcrypt/src/sha256_asm.S:wolfEntropy1' + 'wolfcrypt/src/sha3.c:wolfEntropy1' + 'wolfcrypt/src/sha512.c:wolfEntropy1' + 'wolfcrypt/src/sha512_asm.S:wolfEntropy1' + 'wolfssl/wolfcrypt/aes.h:wolfEntropy1' + 'wolfssl/wolfcrypt/ecc.h:wolfEntropy1' + 'wolfssl/wolfcrypt/fips_test.h:wolfEntropy1' + 'wolfssl/wolfcrypt/hmac.h:wolfEntropy1' + 'wolfssl/wolfcrypt/kdf.h:wolfEntropy1' + 'wolfssl/wolfcrypt/random.h:wolfEntropy1' + 'wolfssl/wolfcrypt/sha256.h:wolfEntropy1' + 'wolfssl/wolfcrypt/sha3.h:wolfEntropy1' + 'wolfssl/wolfcrypt/sha512.h:wolfEntropy1' + ) + ;; + *) Usage exit 1 diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 29e8092ab6..f29690481e 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -1,6 +1,6 @@ # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -18,7 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -SHELL=/bin/bash +SHELL=bash ifeq "$(WOLFSSL_OBJ_FILES)" "" $(error $$WOLFSSL_OBJ_FILES is unset.) @@ -48,9 +48,17 @@ endif $(obj)/linuxkm/module_exports.o: $(WOLFSSL_OBJ_TARGETS) +ifndef KERNEL_THREAD_STACK_SIZE + ifdef CROSS_COMPILE + KERNEL_THREAD_STACK_SIZE=16384 + endif +endif + # this mechanism only works in kernel 5.x+ (fallback to hardcoded value) -hostprogs := linuxkm/get_thread_size -always-y := $(hostprogs) +ifndef KERNEL_THREAD_STACK_SIZE + hostprogs := linuxkm/get_thread_size + always-y := $(hostprogs) +endif HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer @@ -63,8 +71,10 @@ endif # this rule is needed to get build to succeed in 4.x (get_thread_size still doesn't get built) $(obj)/linuxkm/get_thread_size: $(src)/linuxkm/get_thread_size.c -$(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size -KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384) +ifndef KERNEL_THREAD_STACK_SIZE + $(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size + KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384) +endif MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4))) libwolfssl-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o @@ -114,6 +124,16 @@ $(obj)/wolfcrypt/src/aes_xts_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU $(obj)/wolfcrypt/src/aes_xts_asm.o: OBJECT_FILES_NON_STANDARD := y $(obj)/wolfcrypt/src/sp_x86_64_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) $(obj)/wolfcrypt/src/sp_x86_64_asm.o: OBJECT_FILES_NON_STANDARD := y +$(obj)/wolfcrypt/src/sha256_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) +$(obj)/wolfcrypt/src/sha256_asm.o: OBJECT_FILES_NON_STANDARD := y +$(obj)/wolfcrypt/src/sha512_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) +$(obj)/wolfcrypt/src/sha512_asm.o: OBJECT_FILES_NON_STANDARD := y +$(obj)/wolfcrypt/src/sha3_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) +$(obj)/wolfcrypt/src/sha3_asm.o: OBJECT_FILES_NON_STANDARD := y +$(obj)/wolfcrypt/src/chacha_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) +$(obj)/wolfcrypt/src/chacha_asm.o: OBJECT_FILES_NON_STANDARD := y +$(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE) +$(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y ifeq "$(ENABLED_LINUXKM_PIE)" "yes" @@ -162,17 +182,17 @@ ifneq "$(quiet)" "silent_" @echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt' endif -$(src)/linuxkm/module_exports.c: rename-pie-text-and-data-sections +$(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections endif # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. # exclude symbols that don't match wc_* or wolf*. -$(src)/linuxkm/module_exports.c: $(src)/linuxkm/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) +$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) @cp $< $@ - @readelf --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \ - awk '/^ *[0-9]+: / { \ + @$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \ + $(AWK) '/^ *[0-9]+: / { \ if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} \ if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { \ print "EXPORT_SYMBOL_NS_GPL(" $$8 ", WOLFSSL);"; \ @@ -180,4 +200,4 @@ $(src)/linuxkm/module_exports.c: $(src)/linuxkm/module_exports.c.template $(WOLF }' >> $@ @echo -e '#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, WOLFSSL);\n#endif' >> $@ -clean-files := module_exports.c linuxkm src wolfcrypt/src wolfcrypt/test wolfcrypt +clean-files := linuxkm src wolfcrypt diff --git a/linuxkm/Makefile b/linuxkm/Makefile index 4830458cc7..a4adad90da 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -1,6 +1,6 @@ # libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile) # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -18,7 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -SHELL=/bin/bash +SHELL=bash all: libwolfssl.ko libwolfssl.ko.signed @@ -58,16 +58,41 @@ endif export WOLFSSL_CFLAGS WOLFSSL_ASFLAGS WOLFSSL_OBJ_FILES WOLFCRYPT_PIE_FILES +ifneq "$(host_triplet)" "$(build_triplet)" + CROSS_COMPILE := 'CROSS_COMPILE=$(host_triplet)-' +endif + +OVERRIDE_PATHS := + +ifdef CC + ifneq "$(CC)" "cc" + OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'CC=$(CC)' + endif +endif +ifdef AS + ifneq "$(AS)" "as" + OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'AS=$(AS)' + endif +endif +ifdef LD + ifneq "$(LD)" "ld" + OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'LD=$(LD)' + endif +endif + libwolfssl.ko: - @if test -z "$(KERNEL_ROOT)"; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi - @if test -z "$(AM_CFLAGS)$(CFLAGS)"; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi - @if test -z "$(src_libwolfssl_la_OBJECTS)"; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi - @mkdir -p linuxkm src wolfcrypt/src wolfcrypt/test - @if test ! -h $(SRC_TOP)/Kbuild; then ln -s $(MODULE_TOP)/Kbuild $(SRC_TOP)/Kbuild; fi + @if test -z '$(KERNEL_ROOT)'; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi + @if test -z '$(AM_CFLAGS)$(CFLAGS)'; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi + @if test -z '$(src_libwolfssl_la_OBJECTS)'; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi + # after commit 9a0ebe5011 (6.10), sources must be in $(obj). work around this by making links to all needed sources: + @mkdir -p '$(MODULE_TOP)/linuxkm' + @test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)/linuxkm/' + @test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/' + @test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/' ifeq "$(ENABLED_LINUXKM_PIE)" "yes" - +$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= + +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= else - +$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) $(KBUILD_EXTRA_FLAGS) + +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) endif libwolfssl.ko.signed: libwolfssl.ko @@ -110,6 +135,9 @@ install modules_install: # note, must supply $(MODULE_TOP) as the src value for clean so that Kbuild is included, else # the top Makefile (which is not for the kernel build) would be included here. clean: + $(RM) -rf '$(MODULE_TOP)/linuxkm' + $(RM) -rf '$(MODULE_TOP)/wolfcrypt' + $(RM) -rf '$(MODULE_TOP)/src' +$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(MODULE_TOP) clean .PHONY: check diff --git a/linuxkm/get_thread_size.c b/linuxkm/get_thread_size.c index ed273864e3..cf6172db5f 100644 --- a/linuxkm/get_thread_size.c +++ b/linuxkm/get_thread_size.c @@ -1,7 +1,7 @@ /* get_thread_size.c -- trivial program to determine stack frame size * for a Linux kernel thread, given a configured source tree. * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/linuxkm/include.am b/linuxkm/include.am index b89aab40a0..3fac8ca93a 100644 --- a/linuxkm/include.am +++ b/linuxkm/include.am @@ -13,4 +13,5 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \ linuxkm/pie_last.c \ linuxkm/linuxkm_memory.c \ linuxkm/linuxkm_wc_port.h \ - linuxkm/lkcapi_glue.c + linuxkm/lkcapi_glue.c \ + linuxkm/x86_vector_register_glue.c diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c index 81a7dfab36..e2c4a0476e 100644 --- a/linuxkm/linuxkm_memory.c +++ b/linuxkm/linuxkm_memory.c @@ -1,6 +1,6 @@ /* linuxkm_memory.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,300 +71,6 @@ void *lkm_realloc(void *ptr, size_t newsize) { } #endif /* HAVE_KVMALLOC */ -#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) - -static unsigned int wc_linuxkm_fpu_states_n_tracked = 0; - -struct wc_thread_fpu_count_ent { - volatile pid_t pid; - unsigned int fpu_state; -}; -struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_states = NULL; - -#ifdef WOLFSSL_COMMERCIAL_LICENSE - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-parameter" -#pragma GCC diagnostic ignored "-Wnested-externs" -/* avoid dependence on "alternatives_patched" and "xfd_validate_state()". */ -#undef CONFIG_X86_DEBUG_FPU -#include "../kernel/fpu/internal.h" -#include "../kernel/fpu/xstate.h" -#pragma GCC diagnostic pop - -static union wc_linuxkm_fpu_savebuf { - byte buf[1024]; /* must be 64-byte-aligned */ - struct fpstate fpstate; -} *wc_linuxkm_fpu_savebufs = NULL; - -#endif /* WOLFSSL_COMMERCIAL_LICENSE */ - -#define WC_FPU_COUNT_MASK 0x7fffffffU -#define WC_FPU_SAVED_MASK 0x80000000U - -WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void) -{ - if (wc_linuxkm_fpu_states != NULL) { - static int warned_for_repeat_alloc = 0; - if (! warned_for_repeat_alloc) { - pr_err("attempt at repeat allocation" - " in allocate_wolfcrypt_linuxkm_fpu_states\n"); - warned_for_repeat_alloc = 1; - } - return BAD_STATE_E; - } - - if (nr_cpu_ids >= 16) - wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids * 2; - else - wc_linuxkm_fpu_states_n_tracked = 32; - - wc_linuxkm_fpu_states = - (struct wc_thread_fpu_count_ent *)malloc( - wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0])); - - if (! wc_linuxkm_fpu_states) { - pr_err("allocation of %lu bytes for " - "wc_linuxkm_fpu_states failed.\n", - nr_cpu_ids * sizeof(struct fpu_state *)); - return MEMORY_E; - } - - memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked - * sizeof(wc_linuxkm_fpu_states[0])); - -#ifdef WOLFSSL_COMMERCIAL_LICENSE - wc_linuxkm_fpu_savebufs = (union wc_linuxkm_fpu_savebuf *)malloc( - wc_linuxkm_fpu_states_n_tracked * sizeof(*wc_linuxkm_fpu_savebufs)); - if (! wc_linuxkm_fpu_savebufs) { - pr_err("allocation of %lu bytes for " - "wc_linuxkm_fpu_savebufs failed.\n", - WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked) - * sizeof(*wc_linuxkm_fpu_savebufs)); - free(wc_linuxkm_fpu_states); - wc_linuxkm_fpu_states = NULL; - return MEMORY_E; - } - if ((uintptr_t)wc_linuxkm_fpu_savebufs - & (WC_LINUXKM_ROUND_UP_P_OF_2(sizeof(*wc_linuxkm_fpu_savebufs)) - 1)) - { - pr_err("allocation of %lu bytes for " - "wc_linuxkm_fpu_savebufs allocated with wrong alignment 0x%lx.\n", - WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked) - * sizeof(*wc_linuxkm_fpu_savebufs), - (uintptr_t)wc_linuxkm_fpu_savebufs); - free(wc_linuxkm_fpu_savebufs); - wc_linuxkm_fpu_savebufs = NULL; - free(wc_linuxkm_fpu_states); - wc_linuxkm_fpu_states = NULL; - return MEMORY_E; - } - -#endif - - return 0; -} - -void free_wolfcrypt_linuxkm_fpu_states(void) { - struct wc_thread_fpu_count_ent *i, *i_endptr; - pid_t i_pid; - - if (wc_linuxkm_fpu_states == NULL) { - pr_err("free_wolfcrypt_linuxkm_fpu_states called" - " before allocate_wolfcrypt_linuxkm_fpu_states.\n"); - return; - } - - for (i = wc_linuxkm_fpu_states, - i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked]; - i < i_endptr; - ++i) - { - i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME); - if (i_pid == 0) - continue; - if (i->fpu_state != 0) { - pr_err("free_wolfcrypt_linuxkm_fpu_states called" - " with nonzero state 0x%x for pid %d.\n", i->fpu_state, i_pid); - i->fpu_state = 0; - } - } - -#ifdef WOLFSSL_COMMERCIAL_LICENSE - free(wc_linuxkm_fpu_savebufs); - wc_linuxkm_fpu_savebufs = NULL; -#endif - free(wc_linuxkm_fpu_states); - wc_linuxkm_fpu_states = NULL; -} - -/* lock-(mostly)-free thread-local storage facility for tracking recursive fpu - * pushing/popping - */ -static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p) { - struct wc_thread_fpu_count_ent *i, *i_endptr, *i_empty; - pid_t my_pid = task_pid_nr(current), i_pid; - - { - static int _warned_on_null = 0; - if (wc_linuxkm_fpu_states == NULL) - { - if (_warned_on_null == 0) { - pr_err("wc_linuxkm_fpu_state_assoc called by pid %d" - " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid); - _warned_on_null = 1; - } - return NULL; - } - } - - i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked]; - - for (;;) { - for (i = wc_linuxkm_fpu_states, - i_empty = NULL; - i < i_endptr; - ++i) - { - i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME); - if (i_pid == my_pid) - return i; - if ((i_empty == NULL) && (i_pid == 0)) - i_empty = i; - } - if ((i_empty == NULL) || (! create_p)) - return NULL; - - i_pid = 0; - if (__atomic_compare_exchange_n( - &(i_empty->pid), - &i_pid, - my_pid, - 0 /* weak */, - __ATOMIC_SEQ_CST /* success_memmodel */, - __ATOMIC_SEQ_CST /* failure_memmodel */)) - { - return i_empty; - } - } -} - -#ifdef WOLFSSL_COMMERCIAL_LICENSE -static struct fpstate *wc_linuxkm_fpstate_buf_from_fpu_state( - struct wc_thread_fpu_count_ent *state) -{ - size_t i = (size_t)(state - wc_linuxkm_fpu_states) / sizeof(*state); - return &wc_linuxkm_fpu_savebufs[i].fpstate; -} -#endif - -static void wc_linuxkm_fpu_state_release(struct wc_thread_fpu_count_ent *ent) { - if (ent->fpu_state != 0) { - static int warned_nonzero_fpu_state = 0; - if (! warned_nonzero_fpu_state) { - pr_err("wc_linuxkm_fpu_state_free for pid %d" - " with nonzero fpu_state 0x%x.\n", ent->pid, ent->fpu_state); - warned_nonzero_fpu_state = 1; - } - ent->fpu_state = 0; - } - __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE); -} - -WARN_UNUSED_RESULT int save_vector_registers_x86(void) -{ - struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(1); - if (pstate == NULL) - return MEMORY_E; - - /* allow for nested calls */ - if (pstate->fpu_state != 0U) { - if ((pstate->fpu_state & WC_FPU_COUNT_MASK) - == WC_FPU_COUNT_MASK) - { - pr_err("save_vector_registers_x86 recursion register overflow for " - "pid %d.\n", pstate->pid); - return BAD_STATE_E; - } else { - ++pstate->fpu_state; - return 0; - } - } - - if (irq_fpu_usable()) { -#ifdef WOLFSSL_COMMERCIAL_LICENSE - struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate); - fpregs_lock(); - fpstate->xfeatures = ~0UL; - os_xsave(fpstate); -#else /* !WOLFSSL_COMMERCIAL_LICENSE */ -#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - /* inhibit migration, which gums up the algorithm in - * kernel_fpu_{begin,end}(). - */ - migrate_disable(); -#endif - kernel_fpu_begin(); -#endif /* !WOLFSSL_COMMERCIAL_LICENSE */ - /* set msb 0 to trigger kernel_fpu_end() at cleanup. */ - pstate->fpu_state = 1U; - } else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) { - static int warned_fpu_forbidden = 0; - if (! warned_fpu_forbidden) - pr_err("save_vector_registers_x86 called from IRQ handler.\n"); - wc_linuxkm_fpu_state_release(pstate); - return BAD_STATE_E; - } else { -#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ - !defined(WOLFSSL_COMMERCIAL_LICENSE) - migrate_disable(); -#endif - /* assume already safely in_kernel_fpu. */ - /* set msb 1 to inhibit kernel_fpu_end() at cleanup. */ - pstate->fpu_state = - WC_FPU_SAVED_MASK + 1U; - } - - return 0; -} - -void restore_vector_registers_x86(void) -{ - struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0); - if (pstate == NULL) { - pr_err("restore_vector_registers_x86 called by pid %d " - "with no saved state.\n", task_pid_nr(current)); - return; - } - - if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) { - return; - } - - if (pstate->fpu_state == 0U) { -#ifdef WOLFSSL_COMMERCIAL_LICENSE - struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate); - os_xrstor(fpstate, fpstate->xfeatures); - fpregs_unlock(); -#else - kernel_fpu_end(); -#endif - } else - pstate->fpu_state = 0U; -#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ - !defined(WOLFSSL_COMMERCIAL_LICENSE) - migrate_enable(); -#endif - - wc_linuxkm_fpu_state_release(pstate); - - return; -} -#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS && CONFIG_X86 */ - #if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)) /* needed in 6.1+ because show_free_areas() static definition in mm.h calls * __show_free_areas(), which isn't exported (neither was show_free_areas()). diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 3553eb8bc5..189a26e348 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -1,6 +1,6 @@ /* linuxkm_wc_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -115,6 +115,7 @@ _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); _Pragma("GCC diagnostic ignored \"-Wtype-limits\""); _Pragma("GCC diagnostic ignored \"-Wswitch-enum\""); + _Pragma("GCC diagnostic ignored \"-Wcast-function-type\""); /* needed for kernel 4.14.336 */ #include #include @@ -333,11 +334,25 @@ #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \ defined(CONFIG_X86) + + extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); + extern void free_wolfcrypt_linuxkm_fpu_states(void); + extern __must_check int can_save_vector_registers_x86(void); + extern __must_check int save_vector_registers_x86(void); + extern void restore_vector_registers_x86(void); + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #include #else #include #endif + #ifndef CAN_SAVE_VECTOR_REGISTERS + #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING + #define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0)) + #else + #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86() + #endif + #endif #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(fail_clause) { \ int _svr_ret = save_vector_registers_x86(); \ @@ -361,20 +376,46 @@ #ifndef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86() #endif + #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) + + #error kernel module ARM SIMD is not yet tested or usable. + #include + + static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void) + { + preempt_disable(); + if (! may_use_simd()) { + preempt_enable(); + return BAD_STATE_E; + } else { + fpsimd_preserve_current_state(); + return 0; + } + } + static inline void restore_vector_registers_arm(void) + { + fpsimd_restore_current_state(); + preempt_enable(); + } + #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } } #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() save_vector_registers_arm() #endif + #ifndef CAN_SAVE_VECTOR_REGISTERS + #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_arm() + #endif #ifndef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm() #endif + #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. - #endif + #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ _Pragma("GCC diagnostic pop"); @@ -393,6 +434,25 @@ #ifdef HAVE_FIPS extern int wolfCrypt_FIPS_first(void); extern int wolfCrypt_FIPS_last(void); + #if FIPS_VERSION3_GE(6,0,0) + extern int wolfCrypt_FIPS_AES_sanity(void); + extern int wolfCrypt_FIPS_CMAC_sanity(void); + extern int wolfCrypt_FIPS_DH_sanity(void); + extern int wolfCrypt_FIPS_ECC_sanity(void); + extern int wolfCrypt_FIPS_ED25519_sanity(void); + extern int wolfCrypt_FIPS_ED448_sanity(void); + extern int wolfCrypt_FIPS_HMAC_sanity(void); + extern int wolfCrypt_FIPS_KDF_sanity(void); + extern int wolfCrypt_FIPS_PBKDF_sanity(void); + extern int wolfCrypt_FIPS_DRBG_sanity(void); + extern int wolfCrypt_FIPS_RSA_sanity(void); + extern int wolfCrypt_FIPS_SHA_sanity(void); + extern int wolfCrypt_FIPS_SHA256_sanity(void); + extern int wolfCrypt_FIPS_SHA512_sanity(void); + extern int wolfCrypt_FIPS_SHA3_sanity(void); + extern int wolfCrypt_FIPS_FT_sanity(void); + extern int wc_RunAllCast_fips(void); + #endif #endif #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) @@ -473,22 +533,37 @@ const unsigned char *_ctype; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + typeof(kmalloc_noprof) *kmalloc_noprof; + typeof(krealloc_noprof) *krealloc_noprof; + typeof(kzalloc_noprof) *kzalloc_noprof; + typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof; + typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) + typeof(kmalloc_noprof) *kmalloc_noprof; + typeof(krealloc_noprof) *krealloc_noprof; + typeof(kzalloc_noprof) *kzalloc_noprof; + typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof; + typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof; +#else /* <6.10.0 */ typeof(kmalloc) *kmalloc; - typeof(kfree) *kfree; - typeof(ksize) *ksize; typeof(krealloc) *krealloc; #ifdef HAVE_KVMALLOC typeof(kvmalloc_node) *kvmalloc_node; - typeof(kvfree) *kvfree; #endif - typeof(is_vmalloc_addr) *is_vmalloc_addr; - #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) typeof(kmalloc_trace) *kmalloc_trace; #else typeof(kmem_cache_alloc_trace) *kmem_cache_alloc_trace; typeof(kmalloc_order_trace) *kmalloc_order_trace; #endif +#endif /* <6.10.0 */ + #ifdef HAVE_KVMALLOC + typeof(kvfree) *kvfree; + #endif + typeof(kfree) *kfree; + typeof(ksize) *ksize; + typeof(is_vmalloc_addr) *is_vmalloc_addr; typeof(get_random_bytes) *get_random_bytes; #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) @@ -500,39 +575,15 @@ #endif struct task_struct *(*get_current)(void); - int (*preempt_count)(void); #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0) - typeof(cpu_number) *cpu_number; - #else - typeof(pcpu_hot) *pcpu_hot; - #endif - typeof(nr_cpu_ids) *nr_cpu_ids; - - #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && !defined(WOLFSSL_COMMERCIAL_LICENSE) - /* note the current and needed version of these were added in af449901b8 (2020-Sep-17) */ - typeof(migrate_disable) *migrate_disable; - typeof(migrate_enable) *migrate_enable; - #endif - #ifdef CONFIG_X86 - typeof(irq_fpu_usable) *irq_fpu_usable; - #ifdef WOLFSSL_COMMERCIAL_LICENSE - typeof(fpregs_lock) *fpregs_lock; - typeof(fpregs_lock) *fpregs_unlock; - #else /* !WOLFSSL_COMMERCIAL_LICENSE */ - /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289, - * released in kernel 5.11, backported to 5.4.93 - */ - #ifdef kernel_fpu_begin - typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask; - #else - typeof(kernel_fpu_begin) *kernel_fpu_begin; - #endif - typeof(kernel_fpu_end) *kernel_fpu_end; - #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */ + typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states; + typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86; + typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states; + typeof(restore_vector_registers_x86) *restore_vector_registers_x86; + typeof(save_vector_registers_x86) *save_vector_registers_x86; #else /* !CONFIG_X86 */ #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* arch */ @@ -553,6 +604,25 @@ #ifdef HAVE_FIPS typeof(wolfCrypt_FIPS_first) *wolfCrypt_FIPS_first; typeof(wolfCrypt_FIPS_last) *wolfCrypt_FIPS_last; + #if FIPS_VERSION3_GE(6,0,0) + typeof(wolfCrypt_FIPS_AES_sanity) *wolfCrypt_FIPS_AES_sanity; + typeof(wolfCrypt_FIPS_CMAC_sanity) *wolfCrypt_FIPS_CMAC_sanity; + typeof(wolfCrypt_FIPS_DH_sanity) *wolfCrypt_FIPS_DH_sanity; + typeof(wolfCrypt_FIPS_ECC_sanity) *wolfCrypt_FIPS_ECC_sanity; + typeof(wolfCrypt_FIPS_ED25519_sanity) *wolfCrypt_FIPS_ED25519_sanity; + typeof(wolfCrypt_FIPS_ED448_sanity) *wolfCrypt_FIPS_ED448_sanity; + typeof(wolfCrypt_FIPS_HMAC_sanity) *wolfCrypt_FIPS_HMAC_sanity; + typeof(wolfCrypt_FIPS_KDF_sanity) *wolfCrypt_FIPS_KDF_sanity; + typeof(wolfCrypt_FIPS_PBKDF_sanity) *wolfCrypt_FIPS_PBKDF_sanity; + typeof(wolfCrypt_FIPS_DRBG_sanity) *wolfCrypt_FIPS_DRBG_sanity; + typeof(wolfCrypt_FIPS_RSA_sanity) *wolfCrypt_FIPS_RSA_sanity; + typeof(wolfCrypt_FIPS_SHA_sanity) *wolfCrypt_FIPS_SHA_sanity; + typeof(wolfCrypt_FIPS_SHA256_sanity) *wolfCrypt_FIPS_SHA256_sanity; + typeof(wolfCrypt_FIPS_SHA512_sanity) *wolfCrypt_FIPS_SHA512_sanity; + typeof(wolfCrypt_FIPS_SHA3_sanity) *wolfCrypt_FIPS_SHA3_sanity; + typeof(wolfCrypt_FIPS_FT_sanity) *wolfCrypt_FIPS_FT_sanity; + typeof(wc_RunAllCast_fips) *wc_RunAllCast_fips; + #endif #endif #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) @@ -621,22 +691,42 @@ #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + /* see include/linux/alloc_tag.h and include/linux/slab.h */ + #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) + #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) + #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) + #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof) + #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) + /* see include/linux/alloc_tag.h and include/linux/slab.h */ + #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) + #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) + #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) + #define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof) + #define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof) +#else /* <6.10.0 */ #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc) - #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree) - #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc) #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO) #ifdef HAVE_KVMALLOC #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node) - #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree) #endif - #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace) #else #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace) #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace) #endif +#endif /* <6.10.0 */ + + #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree) + #ifdef HAVE_KVMALLOC + #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree) + #endif + #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) + + #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr) #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) @@ -649,38 +739,15 @@ #undef get_current #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current) - #undef preempt_count - #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count) - #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0) - #define cpu_number (*(wolfssl_linuxkm_get_pie_redirect_table()->cpu_number)) - #else - #define pcpu_hot (*(wolfssl_linuxkm_get_pie_redirect_table()->pcpu_hot)) - #endif - #define nr_cpu_ids (*(wolfssl_linuxkm_get_pie_redirect_table()->nr_cpu_ids)) - - #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && !defined(WOLFSSL_COMMERCIAL_LICENSE) - #define migrate_disable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_disable)) - #define migrate_enable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_enable)) - #endif - - #ifdef CONFIG_X86 - #define irq_fpu_usable (wolfssl_linuxkm_get_pie_redirect_table()->irq_fpu_usable) - #ifdef WOLFSSL_COMMERCIAL_LICENSE - #define fpregs_lock() (wolfssl_linuxkm_get_pie_redirect_table()->fpregs_lock()) - #define fpregs_unlock() (wolfssl_linuxkm_get_pie_redirect_table()->fpregs_unlock()) - #else /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */ - #ifdef kernel_fpu_begin - #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask) - #else - #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin) - #endif - #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end) - #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */ - #else /* !CONFIG_X86 */ - #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. - #endif /* archs */ + #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) + #define allocate_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->allocate_wolfcrypt_linuxkm_fpu_states) + #define can_save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->can_save_vector_registers_x86) + #define free_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->free_wolfcrypt_linuxkm_fpu_states) + #define restore_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->restore_vector_registers_x86) + #define save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->save_vector_registers_x86) + #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init) @@ -714,40 +781,6 @@ #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ -#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - -#ifdef CONFIG_X86 - - extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); - extern void free_wolfcrypt_linuxkm_fpu_states(void); - extern __must_check int save_vector_registers_x86(void); - extern void restore_vector_registers_x86(void); - -#elif defined(CONFIG_ARM) || defined(CONFIG_ARM64) - - #error kernel module ARM SIMD is not yet tested or usable. - - static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void) - { - preempt_disable(); - if (! may_use_simd()) { - preempt_enable(); - return BAD_STATE_E; - } else { - fpsimd_preserve_current_state(); - return 0; - } - } - static inline void restore_vector_registers_arm(void) - { - fpsimd_restore_current_state(); - preempt_enable(); - } - -#endif - -#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ - /* remove this multifariously conflicting macro, picked up from * Linux arch//include/asm/current.h. */ diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index 7fe91afee3..29bd701c2d 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -20,6 +20,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* included by linuxkm/module_hooks.c */ + #ifndef LINUXKM_LKCAPI_REGISTER #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif @@ -31,6 +33,12 @@ #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000 #endif +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS +static int disable_setkey_warnings = 0; +#else +#define disable_setkey_warnings 0 +#endif + #ifndef NO_AES /* note the FIPS code will be returned on failure even in non-FIPS builds. */ @@ -73,16 +81,25 @@ #if defined(HAVE_AES_CBC) && \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ defined(LINUXKM_LKCAPI_REGISTER_AESCBC)) +#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS + #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS +#endif static int linuxkm_test_aescbc(void); #endif #if defined(WOLFSSL_AES_CFB) && \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ defined(LINUXKM_LKCAPI_REGISTER_AESCFB)) +#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS + #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS +#endif static int linuxkm_test_aescfb(void); #endif #if defined(HAVE_AESGCM) && \ (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ defined(LINUXKM_LKCAPI_REGISTER_AESGCM)) +#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS + #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS +#endif static int linuxkm_test_aesgcm(void); #endif #if defined(WOLFSSL_AES_XTS) && \ @@ -187,7 +204,8 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION); if (unlikely(err)) { - pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); return -ENOKEY; } @@ -196,8 +214,9 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key, AES_DECRYPTION); if (unlikely(err)) { - pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", - name, err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", + name, err); return -ENOKEY; } } @@ -309,8 +328,9 @@ static int km_AesCbcDecrypt(struct skcipher_request *req) err = wc_AesSetIV(ctx->aes_decrypt, walk.iv); if (unlikely(err)) { - pr_err("%s: wc_AesSetKey failed: %d\n", - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesSetKey failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -397,8 +417,9 @@ static int km_AesCfbEncrypt(struct skcipher_request *req) err = wc_AesSetIV(ctx->aes_encrypt, walk.iv); if (unlikely(err)) { - pr_err("%s: wc_AesSetKey failed: %d\n", - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesSetKey failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -446,8 +467,9 @@ static int km_AesCfbDecrypt(struct skcipher_request *req) err = wc_AesSetIV(ctx->aes_encrypt, walk.iv); if (unlikely(err)) { - pr_err("%s: wc_AesSetKey failed: %d\n", - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesSetKey failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -523,8 +545,9 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key, err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len); if (unlikely(err)) { - pr_err("%s: wc_AesGcmSetKey failed: %d\n", - crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesGcmSetKey failed: %d\n", + crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -ENOKEY; } @@ -788,6 +811,10 @@ static int gcmAesAead_loaded = 0; (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ defined(LINUXKM_LKCAPI_REGISTER_AESXTS)) +#ifndef WOLFSSL_AESXTS_STREAM + #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream). +#endif + struct km_AesXtsCtx { XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment * for AESNI. @@ -837,8 +864,9 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key, AES_ENCRYPTION_AND_DECRYPTION); if (unlikely(err)) { - pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n", - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + if (! disable_setkey_warnings) + pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } @@ -850,7 +878,6 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key, static int km_AesXtsEncrypt(struct skcipher_request *req) { int err = 0; - struct crypto_skcipher * tfm = NULL; struct km_AesXtsCtx * ctx = NULL; struct skcipher_walk walk; @@ -859,6 +886,9 @@ static int km_AesXtsEncrypt(struct skcipher_request *req) tfm = crypto_skcipher_reqtfm(req); ctx = crypto_skcipher_ctx(tfm); + if (req->cryptlen < AES_BLOCK_SIZE) + return -EINVAL; + err = skcipher_walk_virt(&walk, req, false); if (unlikely(err)) { @@ -867,10 +897,9 @@ static int km_AesXtsEncrypt(struct skcipher_request *req) return err; } - while ((nbytes = walk.nbytes) != 0) { + if (walk.nbytes == walk.total) { err = wc_AesXtsEncrypt(ctx->aesXts, walk.dst.virt.addr, - walk.src.virt.addr, nbytes, - walk.iv, walk.ivsize); + walk.src.virt.addr, walk.nbytes, walk.iv, walk.ivsize); if (unlikely(err)) { pr_err("%s: wc_AesXtsEncrypt failed: %d\n", @@ -878,12 +907,100 @@ static int km_AesXtsEncrypt(struct skcipher_request *req) return -EINVAL; } - err = skcipher_walk_done(&walk, walk.nbytes - nbytes); + err = skcipher_walk_done(&walk, 0); + + } else { + int tail = req->cryptlen % AES_BLOCK_SIZE; + struct skcipher_request subreq; + struct XtsAesStreamData stream; + + if (tail > 0) { + int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2; + + skcipher_walk_abort(&walk); + + skcipher_request_set_tfm(&subreq, tfm); + skcipher_request_set_callback(&subreq, + skcipher_request_flags(req), + NULL, NULL); + skcipher_request_set_crypt(&subreq, req->src, req->dst, + blocks * AES_BLOCK_SIZE, req->iv); + req = &subreq; + + err = skcipher_walk_virt(&walk, req, false); + if (!walk.nbytes) + return err ? : -EINVAL; + } else { + tail = 0; + } + + err = wc_AesXtsEncryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream); if (unlikely(err)) { - pr_err("%s: skcipher_walk_done failed: %d\n", + pr_err("%s: wc_AesXtsEncryptInit failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); - return err; + return -EINVAL; + } + + while ((nbytes = walk.nbytes) != 0) { + /* if this isn't the final call, pass block-aligned data to prevent + * end-of-message ciphertext stealing. + */ + if (nbytes < walk.total) + nbytes &= ~(AES_BLOCK_SIZE - 1); + + if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U)) + err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + &stream); + else + err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + &stream); + + if (unlikely(err)) { + pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return -EINVAL; + } + + err = skcipher_walk_done(&walk, walk.nbytes - nbytes); + + if (unlikely(err)) { + pr_err("%s: skcipher_walk_done failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return err; + } + } + + if (unlikely(tail > 0)) { + struct scatterlist sg_src[2], sg_dst[2]; + struct scatterlist *src, *dst; + + dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen); + if (req->dst != req->src) + dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen); + + skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail, + req->iv); + + err = skcipher_walk_virt(&walk, &subreq, false); + if (err) + return err; + + err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, walk.nbytes, + &stream); + + if (unlikely(err)) { + pr_err("%s: wc_AesXtsEncryptFinal failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return -EINVAL; + } + + err = skcipher_walk_done(&walk, 0); + } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))) { + err = wc_AesXtsEncryptFinal(ctx->aesXts, NULL, NULL, 0, &stream); } } @@ -901,6 +1018,9 @@ static int km_AesXtsDecrypt(struct skcipher_request *req) tfm = crypto_skcipher_reqtfm(req); ctx = crypto_skcipher_ctx(tfm); + if (req->cryptlen < AES_BLOCK_SIZE) + return -EINVAL; + err = skcipher_walk_virt(&walk, req, false); if (unlikely(err)) { @@ -909,26 +1029,112 @@ static int km_AesXtsDecrypt(struct skcipher_request *req) return err; } - while ((nbytes = walk.nbytes) != 0) { - err = wc_AesXtsDecrypt(ctx->aesXts, walk.dst.virt.addr, - walk.src.virt.addr, nbytes, - walk.iv, walk.ivsize); + if (walk.nbytes == walk.total) { + err = wc_AesXtsDecrypt(ctx->aesXts, + walk.dst.virt.addr, walk.src.virt.addr, + walk.nbytes, walk.iv, walk.ivsize); if (unlikely(err)) { - pr_err("%s: wc_AesCbcDecrypt failed: %d\n", + pr_err("%s: wc_AesXtsDecrypt failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; } - err = skcipher_walk_done(&walk, walk.nbytes - nbytes); + err = skcipher_walk_done(&walk, 0); + } else { + int tail = req->cryptlen % AES_BLOCK_SIZE; + struct skcipher_request subreq; + struct XtsAesStreamData stream; + + if (unlikely(tail > 0)) { + int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2; + + skcipher_walk_abort(&walk); + + skcipher_request_set_tfm(&subreq, tfm); + skcipher_request_set_callback(&subreq, + skcipher_request_flags(req), + NULL, NULL); + skcipher_request_set_crypt(&subreq, req->src, req->dst, + blocks * AES_BLOCK_SIZE, req->iv); + req = &subreq; + + err = skcipher_walk_virt(&walk, req, false); + if (!walk.nbytes) + return err ? : -EINVAL; + } else { + tail = 0; + } + + err = wc_AesXtsDecryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream); if (unlikely(err)) { - pr_err("%s: skcipher_walk_done failed: %d\n", + pr_err("%s: wc_AesXtsDecryptInit failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); - return err; + return -EINVAL; } - } + while ((nbytes = walk.nbytes) != 0) { + /* if this isn't the final call, pass block-aligned data to prevent + * end-of-message ciphertext stealing. + */ + if (nbytes < walk.total) + nbytes &= ~(AES_BLOCK_SIZE - 1); + + if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U)) + err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + &stream); + else + err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + &stream); + + if (unlikely(err)) { + pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return -EINVAL; + } + + err = skcipher_walk_done(&walk, walk.nbytes - nbytes); + + if (unlikely(err)) { + pr_err("%s: skcipher_walk_done failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return err; + } + } + + if (unlikely(tail > 0)) { + struct scatterlist sg_src[2], sg_dst[2]; + struct scatterlist *src, *dst; + + dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen); + if (req->dst != req->src) + dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen); + + skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail, + req->iv); + + err = skcipher_walk_virt(&walk, &subreq, false); + if (err) + return err; + + err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr, + walk.src.virt.addr, walk.nbytes, + &stream); + + if (unlikely(err)) { + pr_err("%s: wc_AesXtsDecryptFinal failed: %d\n", + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); + return -EINVAL; + } + + err = skcipher_walk_done(&walk, 0); + } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))) { + err = wc_AesXtsDecryptFinal(ctx->aesXts, NULL, NULL, 0, &stream); + } + } return err; } @@ -1686,7 +1892,7 @@ static int aes_xts_128_test(void) struct scatterlist * dst = NULL; struct crypto_skcipher *tfm = NULL; struct skcipher_request *req = NULL; - u8 iv[AES_BLOCK_SIZE]; + struct XtsAesStreamData stream; byte* large_input = NULL; /* 128 key tests */ @@ -1818,7 +2024,7 @@ static int aes_xts_128_test(void) goto out; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); @@ -1832,6 +2038,24 @@ static int aes_xts_128_test(void) XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ); + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); + if (ret != 0) + goto out; + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, + p2 + AES_BLOCK_SIZE, + sizeof(p2) - AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if (XMEMCMP(c2, buf, sizeof(c2))) { + ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E; + goto out; + } + + XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) goto out; @@ -1843,7 +2067,7 @@ static int aes_xts_128_test(void) goto out; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); @@ -1865,7 +2089,7 @@ static int aes_xts_128_test(void) goto out; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ); ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); @@ -1891,7 +2115,7 @@ static int aes_xts_128_test(void) goto out; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ); ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); @@ -1914,7 +2138,7 @@ static int aes_xts_128_test(void) goto out; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ); ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); @@ -1983,6 +2207,7 @@ static int aes_xts_128_test(void) #define LARGE_XTS_SZ 1024 int i; int j; + int k; large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1994,15 +2219,24 @@ static int aes_xts_128_test(void) for (i = 0; i < (int)LARGE_XTS_SZ; i++) large_input[i] = (byte)i; + /* first, encrypt block by block then decrypt with a one-shot call. */ for (j = 16; j < (int)LARGE_XTS_SZ; j++) { ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) goto out; - ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, - sizeof(i1)); + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); if (ret != 0) goto out; - + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); if (ret != 0) goto out; @@ -2017,6 +2251,39 @@ static int aes_xts_128_test(void) } } } + + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, + sizeof(i1)); + if (ret != 0) + goto out; + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + if (ret != 0) + goto out; + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E; + goto out; + } + } + } } /* now the kernel crypto part */ @@ -2071,10 +2338,10 @@ static int aes_xts_128_test(void) #endif ret = crypto_skcipher_ivsize(tfm); - if (ret != sizeof(iv)) { + if (ret != sizeof(stream.tweak_block)) { pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()" " returned %d but expected %d\n", - WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(iv)); + WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block)); ret = -EINVAL; goto test_xts_end; } @@ -2100,8 +2367,8 @@ static int aes_xts_128_test(void) sg_init_one(src, dec2, sizeof(p1)); sg_init_one(dst, enc2, sizeof(p1)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block); ret = crypto_skcipher_encrypt(req); @@ -2121,8 +2388,8 @@ static int aes_xts_128_test(void) sg_init_one(src, enc2, sizeof(p1)); sg_init_one(dst, dec2, sizeof(p1)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block); ret = crypto_skcipher_decrypt(req); @@ -2144,8 +2411,8 @@ static int aes_xts_128_test(void) sg_init_one(src, dec2, sizeof(pp)); sg_init_one(dst, enc2, sizeof(pp)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block); ret = crypto_skcipher_encrypt(req); @@ -2165,8 +2432,8 @@ static int aes_xts_128_test(void) sg_init_one(src, enc2, sizeof(pp)); sg_init_one(dst, dec2, sizeof(pp)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block); ret = crypto_skcipher_decrypt(req); @@ -2184,14 +2451,10 @@ static int aes_xts_128_test(void) test_xts_end: - if (enc2) - XFREE(enc2, NULL, DYNAMIC_TYPE_AES); - if (dec2) - XFREE(dec2, NULL, DYNAMIC_TYPE_AES); - if (src) - XFREE(src, NULL, DYNAMIC_TYPE_AES); - if (dst) - XFREE(dst, NULL, DYNAMIC_TYPE_AES); + XFREE(enc2, NULL, DYNAMIC_TYPE_AES); + XFREE(dec2, NULL, DYNAMIC_TYPE_AES); + XFREE(src, NULL, DYNAMIC_TYPE_AES); + XFREE(dst, NULL, DYNAMIC_TYPE_AES); if (req) skcipher_request_free(req); if (tfm) @@ -2199,19 +2462,14 @@ static int aes_xts_128_test(void) out: - if (large_input) - XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (aes_inited) wc_AesXtsFree(aes); - if (buf) - XFREE(buf, NULL, DYNAMIC_TYPE_AES); - if (cipher) - XFREE(cipher, NULL, DYNAMIC_TYPE_AES); - - if (aes) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(buf, NULL, DYNAMIC_TYPE_AES); + XFREE(cipher, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #undef AES_XTS_128_TEST_BUF_SIZ @@ -2234,7 +2492,8 @@ static int aes_xts_256_test(void) struct scatterlist * dst = NULL; struct crypto_skcipher *tfm = NULL; struct skcipher_request *req = NULL; - u8 iv[AES_BLOCK_SIZE]; + struct XtsAesStreamData stream; + byte* large_input = NULL; /* 256 key tests */ static const unsigned char k1[] = { @@ -2353,6 +2612,24 @@ static int aes_xts_256_test(void) goto out; } + XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ); + + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); + if (ret != 0) + goto out; + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, + p2 + AES_BLOCK_SIZE, + sizeof(p2) - AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if (XMEMCMP(c2, buf, sizeof(c2))) { + ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E; + goto out; + } + XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ); ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) @@ -2406,6 +2683,89 @@ static int aes_xts_256_test(void) goto out; } + { + #define LARGE_XTS_SZ 1024 + int i; + int j; + int k; + + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) { + ret = MEMORY_E; + goto out; + } + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + if (ret != 0) + goto out; + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1, + sizeof(i1)); + if (ret != 0) + goto out; + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E; + goto out; + } + } + } + + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, + sizeof(i1)); + if (ret != 0) + goto out; + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + goto out; + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + if (ret != 0) + goto out; + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + if (ret != 0) + goto out; + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E; + goto out; + } + } + } + } + /* now the kernel crypto part */ enc2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES); @@ -2457,10 +2817,10 @@ static int aes_xts_256_test(void) #endif ret = crypto_skcipher_ivsize(tfm); - if (ret != sizeof(iv)) { + if (ret != sizeof(stream.tweak_block)) { pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()" " returned %d but expected %d\n", - WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(iv)); + WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block)); ret = -EINVAL; goto test_xts_end; } @@ -2486,8 +2846,8 @@ static int aes_xts_256_test(void) sg_init_one(src, dec2, sizeof(p1)); sg_init_one(dst, enc2, sizeof(p1)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block); ret = crypto_skcipher_encrypt(req); @@ -2507,8 +2867,8 @@ static int aes_xts_256_test(void) sg_init_one(src, enc2, sizeof(p1)); sg_init_one(dst, dec2, sizeof(p1)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block); ret = crypto_skcipher_decrypt(req); @@ -2530,8 +2890,8 @@ static int aes_xts_256_test(void) sg_init_one(src, dec2, sizeof(pp)); sg_init_one(dst, enc2, sizeof(pp)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block); ret = crypto_skcipher_encrypt(req); @@ -2551,8 +2911,8 @@ static int aes_xts_256_test(void) sg_init_one(src, enc2, sizeof(pp)); sg_init_one(dst, dec2, sizeof(pp)); - memcpy(iv, i1, sizeof(iv)); - skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv); + memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block)); + skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block); ret = crypto_skcipher_decrypt(req); @@ -2570,14 +2930,10 @@ static int aes_xts_256_test(void) test_xts_end: - if (enc2) - XFREE(enc2, NULL, DYNAMIC_TYPE_AES); - if (dec2) - XFREE(dec2, NULL, DYNAMIC_TYPE_AES); - if (src) - XFREE(src, NULL, DYNAMIC_TYPE_AES); - if (dst) - XFREE(dst, NULL, DYNAMIC_TYPE_AES); + XFREE(enc2, NULL, DYNAMIC_TYPE_AES); + XFREE(dec2, NULL, DYNAMIC_TYPE_AES); + XFREE(src, NULL, DYNAMIC_TYPE_AES); + XFREE(dst, NULL, DYNAMIC_TYPE_AES); if (req) skcipher_request_free(req); if (tfm) @@ -2585,16 +2941,15 @@ static int aes_xts_256_test(void) out: + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (aes_inited) wc_AesXtsFree(aes); - if (buf) - XFREE(buf, NULL, DYNAMIC_TYPE_AES); - if (cipher) - XFREE(cipher, NULL, DYNAMIC_TYPE_AES); + XFREE(buf, NULL, DYNAMIC_TYPE_AES); + XFREE(cipher, NULL, DYNAMIC_TYPE_AES); - if (aes) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #undef AES_XTS_256_TEST_BUF_SIZ @@ -2631,15 +2986,46 @@ static int linuxkm_test_aesxts(void) { #endif /* !NO_AES */ +#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ + !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + #ifdef CONFIG_CRYPTO_FIPS + #include + #else + #error wolfCrypt FIPS with LINUXKM_LKCAPI_REGISTER and CONFIG_CRYPTO_MANAGER requires CONFIG_CRYPTO_FIPS + #endif +#endif + static int linuxkm_lkcapi_register(void) { int ret = 0; +#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ + !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + int enabled_fips = 0; +#endif + +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + /* temporarily disable warnings around setkey failures, which are expected + * from the crypto fuzzer in FIPS configs, and potentially in others. + * unexpected setkey failures are fatal errors returned by the fuzzer. + */ + disable_setkey_warnings = 1; +#endif +#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ + !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + if (! fips_enabled) { + /* temporarily assert system-wide FIPS status, to disable FIPS-forbidden + * test vectors and fuzzing from the CRYPTO_MANAGER. + */ + enabled_fips = fips_enabled = 1; + } +#endif #define REGISTER_ALG(alg, installer, tester) do { \ if (alg ## _loaded) { \ pr_err("ERROR: %s is already registered.\n", \ (alg).base.cra_driver_name); \ - return -EEXIST; \ + ret = -EEXIST; \ + goto out; \ } \ \ ret = (installer)(&(alg)); \ @@ -2648,7 +3034,7 @@ static int linuxkm_lkcapi_register(void) pr_err("ERROR: " #installer " for %s failed " \ "with return code %d.\n", \ (alg).base.cra_driver_name, ret); \ - return ret; \ + goto out; \ } \ \ alg ## _loaded = 1; \ @@ -2659,7 +3045,7 @@ static int linuxkm_lkcapi_register(void) pr_err("ERROR: self-test for %s failed " \ "with return code %d.\n", \ (alg).base.cra_driver_name, ret); \ - return ret; \ + goto out; \ } \ pr_info("%s self-test OK -- " \ "registered for %s with priority %d.\n", \ @@ -2698,7 +3084,18 @@ static int linuxkm_lkcapi_register(void) #undef REGISTER_ALG - return 0; + out: + +#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ + !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + if (enabled_fips) + fips_enabled = 0; +#endif +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + disable_setkey_warnings = 0; +#endif + + return ret; } static void linuxkm_lkcapi_unregister(void) diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index b8266f84bc..4dff197e9c 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -1,7 +1,7 @@ /* module_exports.c.template -- static preamble for dynamically generated * module_exports.c (see Kbuild) * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -149,6 +149,29 @@ #include #endif +#ifdef WOLFSSL_HAVE_KYBER + #include +#ifdef WOLFSSL_WC_KYBER + #include +#endif +#endif +#if defined(WOLFSSL_HAVE_XMSS) + #include +#ifdef HAVE_LIBXMSS + #include +#else + #include +#endif +#endif +#if defined(WOLFSSL_HAVE_LMS) + #include +#ifdef HAVE_LIBLMS + #include +#else + #include +#endif +#endif + #ifdef OPENSSL_EXTRA #ifndef WOLFCRYPT_ONLY #include diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 6030480eee..f1bf46f8fb 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -1,6 +1,6 @@ /* module_hooks.c -- module load/unload hooks for libwolfssl.ko * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -128,6 +128,10 @@ extern int wolfcrypt_benchmark_main(int argc, char** argv); #include "linuxkm/lkcapi_glue.c" #endif +#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) + #include "linuxkm/x86_vector_register_glue.c" +#endif + #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0) static int __init wolfssl_init(void) #else @@ -232,7 +236,7 @@ static int wolfssl_init(void) fipsEntry(); ret = wolfCrypt_GetStatus_fips(); if (ret != 0) { - pr_err("wolfCrypt_GetStatus_fips() failed: %s\n", wc_GetErrorString(ret)); + pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret)); if (ret == IN_CORE_FIPS_E) { const char *newhash = wolfCrypt_GetCoreHash_fips(); pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n", @@ -379,11 +383,6 @@ static struct task_struct *my_get_current_thread(void) { return get_current(); } -/* ditto for preempt_count(). */ -static int my_preempt_count(void) { - return preempt_count(); -} - #if defined(WOLFSSL_LINUXKM_SIMD_X86) && defined(WOLFSSL_COMMERCIAL_LICENSE) /* ditto for fpregs_lock/fpregs_unlock */ @@ -460,15 +459,24 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfssl_linuxkm_pie_redirect_table._ctype = _ctype; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; + wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof; + wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) + wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; + wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof; + wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof; +#else wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc; - wolfssl_linuxkm_pie_redirect_table.kfree = kfree; - wolfssl_linuxkm_pie_redirect_table.ksize = ksize; wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc; #ifdef HAVE_KVMALLOC wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node; - wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree; #endif - wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr; #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) wolfssl_linuxkm_pie_redirect_table.kmalloc_trace = kmalloc_trace; @@ -478,6 +486,14 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfssl_linuxkm_pie_redirect_table.kmalloc_order_trace = kmalloc_order_trace; #endif +#endif + + wolfssl_linuxkm_pie_redirect_table.kfree = kfree; + wolfssl_linuxkm_pie_redirect_table.ksize = ksize; +#ifdef HAVE_KVMALLOC + wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree; +#endif + wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr; wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes; #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) @@ -492,41 +508,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { #endif wolfssl_linuxkm_pie_redirect_table.get_current = my_get_current_thread; - wolfssl_linuxkm_pie_redirect_table.preempt_count = my_preempt_count; - -#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS - - #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0) - wolfssl_linuxkm_pie_redirect_table.cpu_number = &cpu_number; - #else - wolfssl_linuxkm_pie_redirect_table.pcpu_hot = &pcpu_hot; - #endif - wolfssl_linuxkm_pie_redirect_table.nr_cpu_ids = &nr_cpu_ids; - - #if defined(CONFIG_SMP) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ - !defined(WOLFSSL_COMMERCIAL_LICENSE) - wolfssl_linuxkm_pie_redirect_table.migrate_disable = &migrate_disable; - wolfssl_linuxkm_pie_redirect_table.migrate_enable = &migrate_enable; - #endif - -#ifdef WOLFSSL_LINUXKM_SIMD_X86 - wolfssl_linuxkm_pie_redirect_table.irq_fpu_usable = irq_fpu_usable; - #ifdef WOLFSSL_COMMERCIAL_LICENSE - wolfssl_linuxkm_pie_redirect_table.fpregs_lock = my_fpregs_lock; - wolfssl_linuxkm_pie_redirect_table.fpregs_unlock = my_fpregs_unlock; - #else /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */ - #ifdef kernel_fpu_begin - wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin_mask = - kernel_fpu_begin_mask; - #else - wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin = - kernel_fpu_begin; - #endif - wolfssl_linuxkm_pie_redirect_table.kernel_fpu_end = kernel_fpu_end; - #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */ -#endif /* WOLFSSL_LINUXKM_SIMD_X86 */ +#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) + wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states; + wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86; + wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states; + wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86; + wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86; +#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ wolfssl_linuxkm_pie_redirect_table.__mutex_init = __mutex_init; @@ -545,6 +535,42 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfCrypt_FIPS_first; wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_last = wolfCrypt_FIPS_last; + #if FIPS_VERSION3_GE(6,0,0) + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_AES_sanity = + wolfCrypt_FIPS_AES_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_CMAC_sanity = + wolfCrypt_FIPS_CMAC_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DH_sanity = + wolfCrypt_FIPS_DH_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ECC_sanity = + wolfCrypt_FIPS_ECC_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED25519_sanity = + wolfCrypt_FIPS_ED25519_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED448_sanity = + wolfCrypt_FIPS_ED448_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_HMAC_sanity = + wolfCrypt_FIPS_HMAC_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_KDF_sanity = + wolfCrypt_FIPS_KDF_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_PBKDF_sanity = + wolfCrypt_FIPS_PBKDF_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DRBG_sanity = + wolfCrypt_FIPS_DRBG_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_RSA_sanity = + wolfCrypt_FIPS_RSA_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA_sanity = + wolfCrypt_FIPS_SHA_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA256_sanity = + wolfCrypt_FIPS_SHA256_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA512_sanity = + wolfCrypt_FIPS_SHA512_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA3_sanity = + wolfCrypt_FIPS_SHA3_sanity; + wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_FT_sanity = + wolfCrypt_FIPS_FT_sanity; + wolfssl_linuxkm_pie_redirect_table.wc_RunAllCast_fips = + wc_RunAllCast_fips; + #endif #endif #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) @@ -777,16 +803,11 @@ static int updateFipsHash(void) if (tfm != NULL) crypto_free_shash(tfm); - if (desc != NULL) - XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hash != NULL) - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (base16_hash != NULL) - XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (binCoreKey != NULL) - XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (binVerify != NULL) - XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/linuxkm/pie_first.c b/linuxkm/pie_first.c index aa2117bc6c..0bf1b1ae4f 100644 --- a/linuxkm/pie_first.c +++ b/linuxkm/pie_first.c @@ -1,6 +1,6 @@ /* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/linuxkm/pie_last.c b/linuxkm/pie_last.c index 35de6fc473..8d687f14cc 100644 --- a/linuxkm/pie_last.c +++ b/linuxkm/pie_last.c @@ -1,6 +1,6 @@ /* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/linuxkm/pie_redirect_table.c b/linuxkm/pie_redirect_table.c index c624b9efc8..9142ef49e2 100644 --- a/linuxkm/pie_redirect_table.c +++ b/linuxkm/pie_redirect_table.c @@ -1,6 +1,6 @@ /* pie_redirect_table.c -- module load/unload hooks for libwolfssl.ko * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c new file mode 100644 index 0000000000..8f0ffb4caf --- /dev/null +++ b/linuxkm/x86_vector_register_glue.c @@ -0,0 +1,574 @@ +/* x86_vector_register_glue.c -- glue logic to save and restore vector registers + * on x86 + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* included by linuxkm/module_hooks.c */ + +#if !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86) + #error x86_vector_register_glue.c included in non-vectorized/non-x86 project. +#endif + +/* kernel 4.19 -- the most recent LTS before 5.4 -- lacks the necessary safety + * checks in __kernel_fpu_begin(), and lacks TIF_NEED_FPU_LOAD. + */ +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0)) + #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS on x86 requires kernel 5.4.0 or higher. +#endif + +static unsigned int wc_linuxkm_fpu_states_n_tracked = 0; + +struct wc_thread_fpu_count_ent { + volatile pid_t pid; + unsigned int fpu_state; +}; +struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_states = NULL; + +#ifdef WOLFSSL_COMMERCIAL_LICENSE + +#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + #error WOLFSSL_COMMERCIAL_LICENSE requires LINUXKM_FPU_STATES_FOLLOW_THREADS +#endif + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" +#pragma GCC diagnostic ignored "-Wnested-externs" +/* avoid dependence on "alternatives_patched" and "xfd_validate_state()". */ +#undef CONFIG_X86_DEBUG_FPU +#include "../kernel/fpu/internal.h" +#include "../kernel/fpu/xstate.h" +#pragma GCC diagnostic pop + +static union wc_linuxkm_fpu_savebuf { + byte buf[1024]; /* must be 64-byte-aligned */ + struct fpstate fpstate; +} *wc_linuxkm_fpu_savebufs = NULL; + +#endif /* WOLFSSL_COMMERCIAL_LICENSE */ + +#define WC_FPU_COUNT_MASK 0x7fffffffU +#define WC_FPU_SAVED_MASK 0x80000000U + +WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void) +{ + if (wc_linuxkm_fpu_states != NULL) { +#ifdef HAVE_FIPS + /* see note below in wc_linuxkm_fpu_state_assoc_unlikely(). */ + return 0; +#else + static int warned_for_repeat_alloc = 0; + if (! warned_for_repeat_alloc) { + pr_err("attempt at repeat allocation" + " in allocate_wolfcrypt_linuxkm_fpu_states\n"); + warned_for_repeat_alloc = 1; + } + return BAD_STATE_E; +#endif + } + +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + if (nr_cpu_ids >= 16) + wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids * 2; + else + wc_linuxkm_fpu_states_n_tracked = 32; +#else + wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids; +#endif + + wc_linuxkm_fpu_states = + (struct wc_thread_fpu_count_ent *)malloc( + wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0])); + + if (! wc_linuxkm_fpu_states) { + pr_err("allocation of %lu bytes for " + "wc_linuxkm_fpu_states failed.\n", + nr_cpu_ids * sizeof(struct fpu_state *)); + return MEMORY_E; + } + + memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked + * sizeof(wc_linuxkm_fpu_states[0])); + +#ifdef WOLFSSL_COMMERCIAL_LICENSE + wc_linuxkm_fpu_savebufs = (union wc_linuxkm_fpu_savebuf *)malloc( + wc_linuxkm_fpu_states_n_tracked * sizeof(*wc_linuxkm_fpu_savebufs)); + if (! wc_linuxkm_fpu_savebufs) { + pr_err("allocation of %lu bytes for " + "wc_linuxkm_fpu_savebufs failed.\n", + WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked) + * sizeof(*wc_linuxkm_fpu_savebufs)); + free(wc_linuxkm_fpu_states); + wc_linuxkm_fpu_states = NULL; + return MEMORY_E; + } + if ((uintptr_t)wc_linuxkm_fpu_savebufs + & (WC_LINUXKM_ROUND_UP_P_OF_2(sizeof(*wc_linuxkm_fpu_savebufs)) - 1)) + { + pr_err("allocation of %lu bytes for " + "wc_linuxkm_fpu_savebufs allocated with wrong alignment 0x%lx.\n", + WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked) + * sizeof(*wc_linuxkm_fpu_savebufs), + (uintptr_t)wc_linuxkm_fpu_savebufs); + free(wc_linuxkm_fpu_savebufs); + wc_linuxkm_fpu_savebufs = NULL; + free(wc_linuxkm_fpu_states); + wc_linuxkm_fpu_states = NULL; + return MEMORY_E; + } + +#endif + + return 0; +} + +void free_wolfcrypt_linuxkm_fpu_states(void) { + struct wc_thread_fpu_count_ent *i, *i_endptr; + pid_t i_pid; + + if (wc_linuxkm_fpu_states == NULL) { + pr_err("free_wolfcrypt_linuxkm_fpu_states called" + " before allocate_wolfcrypt_linuxkm_fpu_states.\n"); + return; + } + + for (i = wc_linuxkm_fpu_states, + i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked]; + i < i_endptr; + ++i) + { + i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME); + if (i_pid == 0) + continue; + if (i->fpu_state != 0) { + pr_err("free_wolfcrypt_linuxkm_fpu_states called" + " with nonzero state 0x%x for pid %d.\n", i->fpu_state, i_pid); + i->fpu_state = 0; + } + } + +#ifdef WOLFSSL_COMMERCIAL_LICENSE + free(wc_linuxkm_fpu_savebufs); + wc_linuxkm_fpu_savebufs = NULL; +#endif + free(wc_linuxkm_fpu_states); + wc_linuxkm_fpu_states = NULL; +} + +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS +/* legacy thread-local storage facility for tracking recursive fpu + * pushing/popping + */ +static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p) { + struct wc_thread_fpu_count_ent *i, *i_endptr, *i_empty; + pid_t my_pid = task_pid_nr(current), i_pid; + + { + static int _warned_on_null = 0; + if (wc_linuxkm_fpu_states == NULL) + { +#ifdef HAVE_FIPS + /* FIPS needs to use SHA256 for the core verify HMAC, before + * reaching the regular wolfCrypt_Init() logic. to break the + * dependency loop on intelasm builds, we allocate here. + * this is not thread-safe and doesn't need to be. + */ + if ((! create_p) || (allocate_wolfcrypt_linuxkm_fpu_states() != 0)) +#endif + { + if (_warned_on_null == 0) { + pr_err("wc_linuxkm_fpu_state_assoc called by pid %d" + " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid); + _warned_on_null = 1; + } + return NULL; + } + } + } + + i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked]; + + for (;;) { + for (i = wc_linuxkm_fpu_states, + i_empty = NULL; + i < i_endptr; + ++i) + { + i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME); + if (i_pid == my_pid) + return i; + if ((i_empty == NULL) && (i_pid == 0)) + i_empty = i; + } + if ((i_empty == NULL) || (! create_p)) + return NULL; + + i_pid = 0; + if (__atomic_compare_exchange_n( + &(i_empty->pid), + &i_pid, + my_pid, + 0 /* weak */, + __ATOMIC_SEQ_CST /* success_memmodel */, + __ATOMIC_SEQ_CST /* failure_memmodel */)) + { + return i_empty; + } + } +} + +#else /* !LINUXKM_FPU_STATES_FOLLOW_THREADS */ + +/* lock-free O(1)-lookup CPU-local storage facility for tracking recursive fpu + * pushing/popping. + * + * caller must have already called kernel_fpu_begin() or preempt_disable() + * before entering this or the streamlined inline version of it below. + */ +static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc_unlikely(int create_p) { + int my_cpu = raw_smp_processor_id(); + pid_t my_pid = task_pid_nr(current), slot_pid; + struct wc_thread_fpu_count_ent *slot; + + { + static int _warned_on_null = 0; + if (wc_linuxkm_fpu_states == NULL) + { +#ifdef HAVE_FIPS + /* FIPS needs to use SHA256 for the core verify HMAC, before + * reaching the regular wolfCrypt_Init() logic. to break the + * dependency loop on intelasm builds, we allocate here. + * this is not thread-safe and doesn't need to be. + */ + int ret = allocate_wolfcrypt_linuxkm_fpu_states(); + if (ret != 0) +#endif + { + if (_warned_on_null == 0) { + pr_err("wc_linuxkm_fpu_state_assoc called by pid %d" + " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid); + _warned_on_null = 1; + } + return NULL; + } + } + } + + slot = &wc_linuxkm_fpu_states[my_cpu]; + slot_pid = __atomic_load_n(&slot->pid, __ATOMIC_CONSUME); + if (slot_pid == my_pid) { + if (create_p) { + static int _warned_on_redundant_create_p = 0; + if (_warned_on_redundant_create_p < 10) { + pr_err("wc_linuxkm_fpu_state_assoc called with create_p=1 by" + " pid %d on cpu %d with cpu slot already reserved by" + " said pid.\n", my_pid, my_cpu); + ++_warned_on_redundant_create_p; + } + } + return slot; + } + if (create_p) { + if (slot_pid == 0) { + __atomic_store_n(&slot->pid, my_pid, __ATOMIC_RELEASE); + return slot; + } else { + /* if the slot is already occupied, that can be benign due to a + * migration, but it will require fixup by the thread that owns the + * slot, which will happen when it releases its lock, or sooner (see + * below). + */ + static int _warned_on_mismatched_pid = 0; + if (_warned_on_mismatched_pid < 10) { + pr_warn("wc_linuxkm_fpu_state_assoc called by pid %d on cpu %d" + " but cpu slot already reserved by pid %d.\n", + my_pid, my_cpu, slot_pid); + ++_warned_on_mismatched_pid; + } + return NULL; + } + } else { + /* check for migration. this can happen despite our best efforts if any + * I/O occured while locked, e.g. kernel messages like "uninitialized + * urandom read". since we're locked now, we can safely migrate the + * entry in wc_linuxkm_fpu_states[], freeing up the slot on the previous + * cpu. + */ + unsigned int cpu_i; + for (cpu_i = 0; cpu_i < wc_linuxkm_fpu_states_n_tracked; ++cpu_i) { + if (__atomic_load_n( + &wc_linuxkm_fpu_states[cpu_i].pid, + __ATOMIC_CONSUME) + == my_pid) + { + wc_linuxkm_fpu_states[my_cpu] = wc_linuxkm_fpu_states[cpu_i]; + __atomic_store_n(&wc_linuxkm_fpu_states[cpu_i].fpu_state, 0, + __ATOMIC_RELEASE); + __atomic_store_n(&wc_linuxkm_fpu_states[cpu_i].pid, 0, + __ATOMIC_RELEASE); + return &wc_linuxkm_fpu_states[my_cpu]; + } + } + return NULL; + } +} + +static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc( + int create_p) +{ + int my_cpu = raw_smp_processor_id(); /* my_cpu is only trustworthy if we're + * already nonpreemptible -- we'll + * determine that soon enough by + * checking if the pid matches or, + * failing that, if create_p. + */ + pid_t my_pid = task_pid_nr(current), slot_pid; + struct wc_thread_fpu_count_ent *slot; + + if (unlikely(wc_linuxkm_fpu_states == NULL)) + return wc_linuxkm_fpu_state_assoc_unlikely(create_p); + + slot = &wc_linuxkm_fpu_states[my_cpu]; + slot_pid = __atomic_load_n(&slot->pid, __ATOMIC_CONSUME); + if (slot_pid == my_pid) { + if (unlikely(create_p)) + return wc_linuxkm_fpu_state_assoc_unlikely(create_p); + else + return slot; + } + if (likely(create_p)) { + if (likely(slot_pid == 0)) { + __atomic_store_n(&slot->pid, my_pid, __ATOMIC_RELEASE); + return slot; + } else { + return wc_linuxkm_fpu_state_assoc_unlikely(create_p); + } + } else { + return wc_linuxkm_fpu_state_assoc_unlikely(create_p); + } +} + +#endif /* !LINUXKM_FPU_STATES_FOLLOW_THREADS */ + +#ifdef WOLFSSL_COMMERCIAL_LICENSE +static struct fpstate *wc_linuxkm_fpstate_buf_from_fpu_state( + struct wc_thread_fpu_count_ent *state) +{ + size_t i = (size_t)(state - wc_linuxkm_fpu_states) / sizeof(*state); + return &wc_linuxkm_fpu_savebufs[i].fpstate; +} +#endif + +static void wc_linuxkm_fpu_state_release_unlikely( + struct wc_thread_fpu_count_ent *ent) +{ + if (ent->fpu_state != 0) { + static int warned_nonzero_fpu_state = 0; + if (! warned_nonzero_fpu_state) { + pr_err("wc_linuxkm_fpu_state_free for pid %d" + " with nonzero fpu_state 0x%x.\n", ent->pid, ent->fpu_state); + warned_nonzero_fpu_state = 1; + } + ent->fpu_state = 0; + } + __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE); +} + +static inline void wc_linuxkm_fpu_state_release( + struct wc_thread_fpu_count_ent *ent) +{ + if (unlikely(ent->fpu_state != 0)) + return wc_linuxkm_fpu_state_release_unlikely(ent); + __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE); +} + +WARN_UNUSED_RESULT int can_save_vector_registers_x86(void) +{ + if (irq_fpu_usable()) + return 1; + else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) + return 0; + else if (test_thread_flag(TIF_NEED_FPU_LOAD)) + return 1; + return 0; +} + +WARN_UNUSED_RESULT int save_vector_registers_x86(void) +{ +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(1); +#else + struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0); +#endif + + /* allow for nested calls */ +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + if (pstate == NULL) + return MEMORY_E; +#endif + if ( +#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + (pstate != NULL) && +#endif + (pstate->fpu_state != 0U)) + { + if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) + == WC_FPU_COUNT_MASK)) + { + pr_err("save_vector_registers_x86 recursion register overflow for " + "pid %d.\n", pstate->pid); + return BAD_STATE_E; + } else { + ++pstate->fpu_state; + return 0; + } + } + + if (irq_fpu_usable() +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) + /* work around a kernel bug -- see linux commit 59f5ede3bc0f0. + * what we really want here is this_cpu_read(in_kernel_fpu), but + * in_kernel_fpu is an unexported static array. + */ + && !test_thread_flag(TIF_NEED_FPU_LOAD) +#endif + ) + { +#ifdef WOLFSSL_COMMERCIAL_LICENSE + struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate); + fpregs_lock(); + fpstate->xfeatures = ~0UL; + os_xsave(fpstate); +#else /* !WOLFSSL_COMMERCIAL_LICENSE */ + #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) + /* inhibit migration, which gums up the algorithm in + * kernel_fpu_{begin,end}(). + */ + migrate_disable(); + #endif + kernel_fpu_begin(); + +#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + pstate = wc_linuxkm_fpu_state_assoc(1); + if (pstate == NULL) { + kernel_fpu_end(); + #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ + !defined(WOLFSSL_COMMERCIAL_LICENSE) + migrate_enable(); + #endif + return BAD_STATE_E; + } +#endif + +#endif /* !WOLFSSL_COMMERCIAL_LICENSE */ + /* set msb to 0 to trigger kernel_fpu_end() at cleanup. */ + pstate->fpu_state = 1U; + } else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) { + static int warned_fpu_forbidden = 0; + if (! warned_fpu_forbidden) + pr_err("save_vector_registers_x86 called from IRQ handler.\n"); +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + wc_linuxkm_fpu_state_release(pstate); +#endif + return BAD_STATE_E; + } else if (!test_thread_flag(TIF_NEED_FPU_LOAD)) { + static int warned_fpu_forbidden = 0; + if (! warned_fpu_forbidden) + pr_err("save_vector_registers_x86 called with !irq_fpu_usable from" + " thread without previous FPU save.\n"); +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + wc_linuxkm_fpu_state_release(pstate); +#endif + return BAD_STATE_E; + } else { + /* assume already safely in_kernel_fpu from caller, but recursively + * preempt_disable() to be extra-safe. + */ + preempt_disable(); +#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ + !defined(WOLFSSL_COMMERCIAL_LICENSE) + migrate_disable(); +#endif +#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + pstate = wc_linuxkm_fpu_state_assoc(1); + if (pstate == NULL) { + #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ + !defined(WOLFSSL_COMMERCIAL_LICENSE) + migrate_enable(); + #endif + preempt_enable(); + return BAD_STATE_E; + } +#endif + /* set msb to 1 to inhibit kernel_fpu_end() at cleanup. */ + pstate->fpu_state = + WC_FPU_SAVED_MASK + 1U; + } + + return 0; +} + +void restore_vector_registers_x86(void) +{ + struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0); + if (unlikely(pstate == NULL)) { + pr_err("restore_vector_registers_x86 called by pid %d on CPU %d " + "with no saved state.\n", task_pid_nr(current), + raw_smp_processor_id()); + return; + } + + if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) { + return; + } + + if (pstate->fpu_state == 0U) { +#ifdef WOLFSSL_COMMERCIAL_LICENSE + struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate); + os_xrstor(fpstate, fpstate->xfeatures); + fpregs_unlock(); +#else + #ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + wc_linuxkm_fpu_state_release(pstate); + #endif + kernel_fpu_end(); +#endif + } else { + pstate->fpu_state = 0U; + #ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS + wc_linuxkm_fpu_state_release(pstate); + #endif + preempt_enable(); + } +#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \ + !defined(WOLFSSL_COMMERCIAL_LICENSE) + migrate_enable(); +#endif + +#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS + wc_linuxkm_fpu_state_release(pstate); +#endif + + return; +} diff --git a/m4/ax_linuxkm.m4 b/m4/ax_linuxkm.m4 index aebc2a6036..a3ba5ccaf1 100644 --- a/m4/ax_linuxkm.m4 +++ b/m4/ax_linuxkm.m4 @@ -1,6 +1,6 @@ # ax_linuxkm.m4 -- macros for getting attributes of default configured kernel # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/mcapi/crypto.c b/mcapi/crypto.c index abfe65f783..aa5e430199 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -1,6 +1,6 @@ /* crypto.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 4511193076..dd95c1ca93 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 7e5acbc08f..64aee92639 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1,6 +1,6 @@ /* mcapi_test.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c index ef4c82a914..8a9cf81427 100644 --- a/mplabx/benchmark_main.c +++ b/mplabx/benchmark_main.c @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/mplabx/test_main.c b/mplabx/test_main.c index e072c08db5..64f3556a16 100644 --- a/mplabx/test_main.c +++ b/mplabx/test_main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/mqx/wolfssl_client/Sources/main.h b/mqx/wolfssl_client/Sources/main.h index 1740ddcb49..beb1fdfa9e 100644 --- a/mqx/wolfssl_client/Sources/main.h +++ b/mqx/wolfssl_client/Sources/main.h @@ -15,7 +15,7 @@ #include -#define MAIN_TASK 1 +#define MAIN_TASK 1 extern void Main_task(uint32_t); extern void setup_ethernet(void); @@ -34,10 +34,10 @@ static inline void err_sys(const char* msg) _mqx_exit(1); } -/* PPP device must be set manually and +/* PPP device must be set manually and * must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL) */ -#define PPP_DEVICE "ittyb:" +#define PPP_DEVICE "ittyb:" /* * Define PPP_DEVICE_DUN only when using PPP to communicate @@ -54,7 +54,7 @@ static inline void err_sys(const char* msg) #define ENET_IPMASK IPADDR(255,255,255,0) #endif -#define GATE_IPADDR IPADDR(192,168,1,1) +#define GATE_IPADDR IPADDR(192,168,1,1) #endif /* __main_h_ */ diff --git a/scripts/aria-cmake-build-test.sh b/scripts/aria-cmake-build-test.sh index 1a6258fc48..0454fbb381 100644 --- a/scripts/aria-cmake-build-test.sh +++ b/scripts/aria-cmake-build-test.sh @@ -115,8 +115,7 @@ build_aria_test() { # View the available ciphers with: echo "checking wolfsl client ssl version numbers SSLv3(0) - TLS1.3(4):" - ./examples/client/client -V - if [ $? -eq 0 ]; then + if ./examples/client/client -V; then echo "Confirmed ./examples/client/client operational." else echo "ERROR ./examples/client/client error = $?" diff --git a/scripts/benchmark_compare.sh b/scripts/benchmark_compare.sh new file mode 100755 index 0000000000..b4ae1d603f --- /dev/null +++ b/scripts/benchmark_compare.sh @@ -0,0 +1,164 @@ +#!/bin/bash +# This script is designed to compare the output of wolfcrypt/benchmark test +# application. If the file has an extension ".csv", then it will parse the +# comma separated format, otherwise it will use the standard output format. The +# green colored output field is the better result. +# Usage: benchmark_compare.sh +# You can define a few variables to set options: +# THRESHOLD - set the threshold for equality between two results +# OUTPUT_CSV - set to "1" to print CSV + +FIRST_FILE=$1 +SECOND_FILE=$2 +THRESHOLD=${THRESHOLD:-"10"} +OUTPUT_CSV=${OUTPUT_CSV:-"0"} + +declare -A symStats +declare -A asymStats + +function getAlgo() { # getAlgo + if [ "$asCSV" = 1 ]; then + declare -a fields + IFS=',' read -ra fields <<< "$line" + if [ "$mode" = 1 ]; then + echo "${fields[0]}" + else + if [ "${fields[2]}" = "" ]; then + echo "${fields[0]}" + else + echo "${fields[0]}-${fields[2]}" + fi + fi + else + if [ "$mode" = 1 ]; then + echo "$line" | sed 's/ *[0-9]* MiB.*//g' + else + if [[ $line == "scrypt"* ]]; then + echo "scrypt" + else + echo "$line" | sed 's/ *[0-9]* ops.*//g' | sed 's/ \+[0-9]\+ \+/-/g' + fi + fi + fi +} + +function getValue() { # getValue + if [ "$asCSV" = 1 ]; then + declare -a fields + IFS=',' read -ra fields <<< "$line" + if [ "$mode" = 1 ]; then + echo "${fields[1]}" + else + echo "${fields[4]}" + fi + else + if [ "$mode" = 1 ]; then + echo "$line" | sed 's/.*seconds, *//g' | sed 's/ *MiB\/s.*//g' + else + echo "$line" | sed 's/.* ms, *//g' | sed 's/ ops\/sec.*//g' + fi + fi +} + +asCSV=0 +mode=0 +while IFS= read -r line; do + if [[ $FIRST_FILE == *".csv" ]]; then + asCSV=1 + if [[ $line == *"Symmetric Ciphers"* ]]; then + mode=1 + read + read + elif [[ $line == *"Asymmetric Ciphers"* ]]; then + mode=2 + read + read + elif [[ $line == "" ]]; then + mode=0 + fi + else + asCSV=0 + if [[ $line == *"MiB/s"* ]]; then + mode=1 + elif [[ $line == *"ops/sec"* ]]; then + mode=2 + else + mode=0 + fi + fi + if [ "$mode" -ne 0 ]; then + ALGO=`getAlgo "$asCSV" "$mode" "$line"` + VALUE=`getValue "$asCSV" "$mode" "$line"` + + if [ "$mode" = "1" ]; then + symStats["${ALGO}"]=${VALUE} + elif [ "$mode" = "2" ]; then + asymStats["${ALGO}"]=${VALUE} + fi + fi +done < ${FIRST_FILE} + +RED='\033[0;31m' +GRN='\033[0;32m' +NC='\033[0m' # No Color +function printData() { # printData + ALGO=$1 + VAL1=$2 + VAL2=$3 + if (( $(echo "sqrt( (${VAL1} - ${VAL2})^2 ) < ${THRESHOLD}" | bc -l) )); then + # take absolute value and check if less than a threshold + echo "${ALGO},${GRN}${VAL1}${NC},=,${GRN}${VAL2}${NC}\n" + elif (( $(echo "${VAL1} > ${VAL2}" | bc -l) )); then + echo "${ALGO},${GRN}${VAL1}${NC},>,${VAL2}\n" + else + echo "${ALGO},${VAL1},<,${GRN}${VAL2}${NC}\n" + fi +} + +asCSV=0 +mode=0 +while IFS= read -r line; do + if [[ $SECOND_FILE == *".csv" ]]; then + asCSV=1 + if [[ $line == *"Symmetric Ciphers"* ]]; then + RES+="ALGO,${FIRST_FILE},diff(MB/s),${SECOND_FILE}\n" + mode=1 + read + read + elif [[ $line == *"Asymmetric Ciphers"* ]]; then + RES+="\nALGO,${FIRST_FILE},diff(ops/sec),${SECOND_FILE}\n" + mode=2 + read + read + elif [[ $line == "" ]]; then + mode=0 + fi + else + asCSV=0 + if [[ $line == *"MiB/s"* ]]; then + mode=1 + elif [[ $line == *"ops/sec"* ]]; then + mode=2 + else + mode=0 + fi + fi + if [ "$mode" -ne 0 ]; then + if [[ $line == *","* ]]; then + ALGO=`getAlgo "$asCSV" "$mode" "$line"` + VALUE=`getValue "$asCSV" "$mode" "$line"` + + if [ "$mode" = "1" ]; then + RES+=`printData "${ALGO}" "${symStats["${ALGO}"]}" "${VALUE}"` + elif [ "$mode" = "2" ]; then + RES+=`printData "${ALGO}" "${asymStats["${ALGO}"]}" "${VALUE}"` + fi + fi + fi +done < ${SECOND_FILE} + +if [ "${OUTPUT_CSV}" = "1" ]; then + echo -e "$RES" +else + echo -e "$RES" | column -t -s ',' -L +fi diff --git a/scripts/dtls.test b/scripts/dtls.test index 2bf36d197b..8229d31bdd 100755 --- a/scripts/dtls.test +++ b/scripts/dtls.test @@ -25,17 +25,21 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then fi fi +kill_server() { + for i in $(jobs -pr); do + if [ "$i" != "$TCPDUMP_PID" ]; then + kill -9 $i + fi + done + # empty print to show which backgrounded processes were killed + sleep 0.2 && echo +} + cleanup () { echo echo "Cleaning up..." - if [ ! -z "$UDP_PROXY_PID" ];then - echo "Killing udp_proxy $UDP_PROXY_PID" - kill $UDP_PROXY_PID - fi - if [ ! -z "$SERVER_PID" ];then - echo "Killing server $SERVER_PID" - kill $SERVER_PID - fi + kill_server + if [ ! -z "$TCPDUMP_PID" ];then echo "Killing tcpdump $TCPDUMP_PID" sleep 1 @@ -69,9 +73,8 @@ run_test() { # usage: run_test "" "" "" " echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file echo -e "\n${1}\n" stdbuf -oL -eL $WOLFSSL_ROOT/examples/server/server -u -p$SERVER_PORT $DTLS_VERSION $3 2>&1 | prepend "[server] " & - SERVER_PID=$(($! - 1)) + sleep 0.2 stdbuf -oL -eL $UDP_PROXY_BIN -p $PROXY_PORT -s 127.0.0.1:$SERVER_PORT $UDP_PROXY_EXTRA_ARGS $2 2>&1 | prepend "[udp-proxy] " & - UDP_PROXY_PID=$(($! - 1)) sleep 0.2 # Wrap this command in a timeout so that a deadlock won't bring down the entire test timeout -s KILL 1m stdbuf -oL -eL $WOLFSSL_ROOT/examples/client/client -u -p$PROXY_PORT $DTLS_VERSION $4 2>&1 | prepend "[client] " @@ -79,10 +82,7 @@ run_test() { # usage: run_test "" "" "" " echo "***Test failed***" ((NUM_TESTS_FAILED++)) fi - kill $SERVER_PID >&/dev/null # make sure the server is no longer running - SERVER_PID= - kill $UDP_PROXY_PID - UDP_PROXY_PID= + kill_server } test_dropping_packets () { diff --git a/scripts/dtlscid.test b/scripts/dtlscid.test index ff05181e92..f38bf4307e 100755 --- a/scripts/dtlscid.test +++ b/scripts/dtlscid.test @@ -1,6 +1,7 @@ #!/bin/bash -set -e +# dtlscid.test +# Copyright wolfSSL 2022-2024 # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then diff --git a/scripts/google.test b/scripts/google.test index 6eacc4d4fe..ab640d3590 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -6,6 +6,11 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then + echo "WOLFSSL_EXTERNAL_TEST not set, won't run" + exit 77 +fi + if ! ./examples/client/client -V | grep -q 3; then echo 'skipping google.test because TLS1.2 is not available.' 1>&2 exit 77 diff --git a/scripts/include.am b/scripts/include.am index eab99c611e..f4f925a080 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -128,5 +128,6 @@ dist_noinst_SCRIPTS+= scripts/dtlscid.test endif EXTRA_DIST += scripts/bench/bench_functions.sh +EXTRA_DIST += scripts/benchmark_compare.sh EXTRA_DIST += scripts/user_settings_asm.sh diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index c14fbf0e76..04d8ce9ace 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -388,6 +388,40 @@ else echo 'skipping TLS1.3 stapling tests.' 1>&2 fi +# DTLS 1.2 and 1.3 cases +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then + printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------" + # client test against our own server, must staple - GOOD CERT + echo $ready_file2 + ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ + -k certs/ocsp/server1-key.pem -u -v 3 \ + -p $port3 & + wolf_pid3=$! + + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ + -W 1 -p $port3 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" +fi + +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------" + # client test against our own server, must staple - GOOD CERT + ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ + -k certs/ocsp/server1-key.pem -u -v 4 \ + -p $port3 & + wolf_pid3=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ + -W 1 -p $port3 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + +fi + # need a unique port since may run the same time as testsuite generate_port() { #-------------------------------------------------------------------------# diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 18df014634..0b3f5b12f5 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -334,9 +334,19 @@ openssl ocsp -port $port3 -nmin 1 \ "$@" \ & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port4 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + "$@" \ + & + sleep 0.1 # "jobs" is not portable for posix. Must use bash interpreter! -[ $(jobs -r | wc -l) -ne 3 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 +[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 printf '\n\n%s\n\n' "All OCSP responders started successfully!" printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" @@ -352,18 +362,18 @@ RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" -printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW" -#printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------" -#remove_single_rF $ready_file5 -#./examples/server/server -c certs/ocsp/server3-cert.pem \ -# -k certs/ocsp/server3-key.pem -R $ready_file5 \ -# -p $port5 & -#wait_for_readyFile $ready_file5 $server_pid5 $port5 -#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -# -p $port5 -#RESULT=$? -#[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 -#printf '%s\n\n' "Test PASSED!" +printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------" +remove_single_rF $ready_file5 +./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 & +server_pid5=$! +wait_for_readyFile $ready_file5 $server_pid5 $port5 +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $port5 +RESULT=$? +[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 +printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED SERVER CERT @@ -499,6 +509,22 @@ RESULT=$? && exit 1 printf '%s\n\n' "Test PASSED!" + +if ./examples/client/client -? 2>&1 | grep -q 'DTLS'; then +printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------" +# client test against our own server - GOOD CERTS +./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -u -v 3 & +server_pid5=$! +sleep 0.2 +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ + -p $port5 +RESULT=$? +[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 +printf '%s\n\n' "Test PASSED!" +fi + printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------" exit 0 diff --git a/scripts/openssl.test b/scripts/openssl.test index 7cbe3833a4..0be450c135 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -279,7 +279,7 @@ check_server_ready() { server_ready=0 while [ "$counter" -lt 20 ]; do echo -e "waiting for $server_name ready..." - echo -e Checking | nc localhost $server_port + echo -e Checking | nc -w 5 localhost $server_port nc_result=$? if [ $nc_result = 0 ] then diff --git a/src/bio.c b/src/bio.c index 2dab43e679..494234c735 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,7 +50,7 @@ */ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len) { - word32 frmtSz = len; + word32 frmtSz = (word32)len; WOLFSSL_ENTER("wolfSSL_BIO_BASE64_read"); @@ -77,6 +77,8 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) if (buf == NULL || len == 0) return 0; + /* default no retry */ + bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY); sz1 = wolfSSL_BIO_nread(bio, &pt, len); if (sz1 > 0) { XMEMCPY(buf, pt, sz1); @@ -91,8 +93,10 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } } } - if (sz1 == 0) + if (sz1 == 0) { + bio->flags |= WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY; sz1 = -1; + } return sz1; } @@ -157,7 +161,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->wrSz = 0; bio->mem_buf->length = 0; } - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { @@ -175,8 +179,8 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error"); return WOLFSSL_BIO_ERROR; } - bio->mem_buf->length = bio->wrSz; - bio->ptr = bio->mem_buf->data; + bio->mem_buf->length = (size_t)bio->wrSz; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } } else { @@ -213,11 +217,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return WOLFSSL_FATAL_ERROR; bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len); + ret = wolfSSL_read(bio->ptr.ssl, buf, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -231,15 +235,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, - sz) != WOLFSSL_SUCCESS) + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, + (unsigned int)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } @@ -286,6 +290,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -298,19 +305,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh); } else { - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \ + #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XREAD(bio->num, buf, len); + ret = (int)XREAD(bio->num.fd, buf, (size_t)len); #else WOLFSSL_MSG("No file pointer and XREAD not enabled"); ret = NOT_COMPILED_IN; @@ -341,14 +351,52 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + else { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr, + (char*)buf, len, 0); + } + if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (!inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -399,7 +447,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, /* get the encoded length */ if (bio->flags & WOLFSSL_BIO_FLAG_BASE64_NO_NL) { if (Base64_Encode_NoNl((const byte*)data, inLen, NULL, - &sz) != LENGTH_ONLY_E) { + &sz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_MSG("Error with base64 get length"); return WOLFSSL_FATAL_ERROR; } @@ -448,7 +496,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, (void)heap; - return inLen; + return (int)inLen; } #endif /* WOLFSSL_BASE64_ENCODE */ @@ -464,16 +512,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); - if (bio->ptr == NULL) { + if (bio->ptr.ssl == NULL) { return BAD_FUNC_ARG; } bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len); + ret = wolfSSL_write(bio->ptr.ssl, data, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -502,8 +550,11 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, if (bio == NULL || data == NULL || len == 0) return 0; + /* default no retry */ + bio->flags &= ~(WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY); sz1 = wolfSSL_BIO_nwrite(bio, &buf, len); if (sz1 == 0) { + bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; WOLFSSL_MSG("No room left to write"); return WOLFSSL_BIO_ERROR; } @@ -521,6 +572,8 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, if (sz2 > 0) { XMEMCPY(buf, data, sz2); sz1 += sz2; + if (len > sz2) + bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; } } @@ -567,8 +620,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, } XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); - bio->ptr = bio->mem_buf->data; - bio->num = (int)bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; @@ -589,14 +642,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, - len) != WOLFSSL_SUCCESS) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, + (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, len) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } @@ -638,6 +691,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -652,7 +708,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) if (ret > 0) { /* change so that data is formatted buffer */ data = frmt; - len = frmtSz; + len = (int)frmtSz; } #else WOLFSSL_MSG("WOLFSSL_BIO_BASE64 used without " @@ -663,19 +719,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh); } else { - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \ + #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XWRITE(bio->num, data, len); + ret = (int)XWRITE(bio->num.fd, data, (size_t)len); #else WOLFSSL_MSG("No file pointer and XWRITE not enabled"); ret = NOT_COMPILED_IN; @@ -716,14 +775,50 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Send(bio->num, (char*)data, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; + else + ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0); + if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -739,9 +834,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) (const char*)data, len, 0, ret); } - if (frmt != NULL) { - XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_BASE64_ENCODE if (retB64 > 0 && ret > 0) @@ -784,6 +877,49 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) case BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case BIO_CTRL_DGRAM_CONNECT: + case BIO_CTRL_DGRAM_SET_PEER: + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + ret = WOLFSSL_SUCCESS; + break; + } + + case BIO_CTRL_DGRAM_SET_CONNECTED: + if (parg == NULL) { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + bio->connected = 0; + } + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + bio->connected = 1; + } + ret = WOLFSSL_SUCCESS; + break; + + case BIO_CTRL_DGRAM_QUERY_MTU: + ret = 0; /* not implemented */ + break; + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + default: WOLFSSL_MSG("CMD not yet implemented"); ret = WOLFSSL_FAILURE; @@ -817,8 +953,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + if (addr) + addr->sa.sa_family = AF_UNSPEC; + return addr; +} + +void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) { + XFREE(addr, NULL, DYNAMIC_TYPE_BIO); +} + +void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) { + if (addr == NULL) + return; + XMEMSET(addr, 0, sizeof(*addr)); + addr->sa.sa_family = AF_UNSPEC; +} + +socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { + switch (addr->sa.sa_family) { +#ifndef WOLFSSL_NO_BIO_ADDR_IN + case AF_INET: + return sizeof(addr->sa_in); +#endif +#ifdef WOLFSSL_IPV6 + case AF_INET6: + return sizeof(addr->sa_in6); #endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + case AF_UNIX: + return sizeof(addr->sa_un); +#endif + default: + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; + } +} +#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ /* helper function for wolfSSL_BIO_gets * size till a newline is hit @@ -879,15 +1058,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (((XFILE)bio->ptr) == XBADFILE) { + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_BIO_ERROR; } #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET) WOLFSSL_MSG("XFGETS not ported for this system yet"); - ret = XFGETS(buf, sz, (XFILE)bio->ptr); + ret = XFGETS(buf, sz, bio->ptr.fh); #else - if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) { + if (XFGETS(buf, sz, bio->ptr.fh) != NULL) { ret = (int)XSTRLEN(buf); } else { @@ -963,16 +1142,16 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) #ifndef WOLFCRYPT_ONLY /* call final on hash */ case WOLFSSL_BIO_MD: - if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) { + if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) { WOLFSSL_MSG("Output buffer was too small for digest"); ret = WOLFSSL_FAILURE; } else { unsigned int szOut = 0; - ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr, + ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx, (unsigned char*)buf, &szOut); if (ret == WOLFSSL_SUCCESS) { - ret = szOut; + ret = (int)szOut; } } break; @@ -1124,8 +1303,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) } #ifndef WOLFCRYPT_ONLY - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) { - return (long)wolfSSL_pending((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { + return (long)wolfSSL_pending(bio->ptr.ssl); } #endif @@ -1199,8 +1378,8 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; - bio->num = (int)bio->mem_buf->max; - bio->ptr = bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->wrIdx = 0; bio->rdIdx = 0; @@ -1233,15 +1412,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } - if (bio->ptr != NULL) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data != NULL) { + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->ptr == NULL) { + bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); bio->wrSz = 0; - bio->num = 0; + bio->num.length = 0; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1252,13 +1432,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num = (int)size; + bio->num.length = size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->ptr; - bio->mem_buf->length = bio->num; - bio->mem_buf->max = bio->num; + bio->mem_buf->data = (char*)bio->ptr.mem_buf_data; + bio->mem_buf->length = bio->num.length; + bio->mem_buf->max = bio->num.length; } return WOLFSSL_SUCCESS; @@ -1286,12 +1466,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) } /* set default write size if not already set */ - if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1, + if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2, + if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -1332,7 +1512,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) WOLFSSL_BIO* pair = bio->pair; /* case where have wrapped around write buffer */ - *buf = (char*)pair->ptr + pair->rdIdx; + *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx; if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { return pair->wrSz - pair->rdIdx; } @@ -1364,7 +1544,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { /* special case if asking to read 0 bytes */ if (num == 0) { - *buf = (char*)bio->pair->ptr + bio->pair->rdIdx; + *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx; return 0; } @@ -1378,6 +1558,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1415,7 +1598,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { if (num == 0) { - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; return 0; } @@ -1454,8 +1637,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (num < sz) { sz = num; } - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1467,6 +1653,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; +} + +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; +} +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -1482,7 +1699,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0) return WOLFSSL_BIO_ERROR; else return 0; @@ -1501,9 +1718,9 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } else { bio->wrSz = 0; - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; - bio->num = 0; + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; + bio->num.length = 0; if (bio->mem_buf != NULL) { bio->mem_buf->data = NULL; bio->mem_buf->length = 0; @@ -1514,12 +1731,12 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) #ifndef WOLFCRYPT_ONLY case WOLFSSL_BIO_MD: - if (bio->ptr != NULL) { + if (bio->ptr.md_ctx != NULL) { const WOLFSSL_EVP_MD* md = - wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md); + wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx); + wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md); } return 0; #endif /* WOLFCRYPT_ONLY */ @@ -1571,7 +1788,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) } bio->shutdown = (byte)c; - bio->ptr = (XFILE)fp; + bio->ptr.fh = fp; return WOLFSSL_SUCCESS; } @@ -1589,7 +1806,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp) return WOLFSSL_FAILURE; } - *fp = (XFILE)bio->ptr; + *fp = bio->ptr.fh; return WOLFSSL_SUCCESS; } @@ -1604,12 +1821,17 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + XFCLOSE(bio->ptr.fh); } - bio->ptr = XFOPEN(name, "w"); - if (((XFILE)bio->ptr) == XBADFILE) { + /* 'b' flag is ignored on POSIX targets, but on Windows it assures + * inhibition of LF<->CRLF rewriting, so that there is consistency + * between the size and contents of the representation in memory and on + * disk. + */ + bio->ptr.fh = XFOPEN(name, "wb"); + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } bio->shutdown = BIO_CLOSE; @@ -1631,7 +1853,7 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) /* offset ofs from beginning of file */ if (bio->type == WOLFSSL_BIO_FILE && - XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) { + XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) { return -1; } @@ -1656,7 +1878,7 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) return 0; } - pos = (int)XFTELL((XFILE)bio->ptr); + pos = (int)XFTELL(bio->ptr.fh); if (pos < 0) return -1; else @@ -1785,15 +2007,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) if (bio) { switch (bio->type) { case WOLFSSL_BIO_SOCKET: + case WOLFSSL_BIO_DGRAM: #ifdef XFCNTL { int ret; - int flag = XFCNTL(bio->num, F_GETFL, 0); + int flag = XFCNTL(bio->num.fd, F_GETFL, 0); if (on) { - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK); } else { - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK); } if (ret == -1) { @@ -1804,7 +2027,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) break; case WOLFSSL_BIO_SSL: #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on); #endif break; @@ -1952,7 +2175,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p) } if (p) { - *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx; + *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx; } return mem_bio->wrSz - mem_bio->rdIdx; @@ -1977,7 +2200,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) - if (XFFLUSH((FILE *)bio->ptr) != 0) + if (XFFLUSH(bio->ptr.fh) != 0) return WOLFSSL_FAILURE; #endif /* !NO_FILESYSTEM && XFFLUSH */ @@ -2004,7 +2227,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) int ret = WOLFSSL_FAILURE; if ((bio != NULL) && (mdcp != NULL)) { - *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr; + *mdcp = bio->ptr.md_ctx; ret = WOLFSSL_SUCCESS; } @@ -2096,10 +2319,38 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio) { bio->type = WOLFSSL_BIO_SOCKET; bio->shutdown = (byte)closeF; - bio->num = sfd; + bio->num.fd = (SOCKET_T)sfd; + } + return bio; + } + + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); + + WOLFSSL_ENTER("wolfSSL_BIO_s_datagram"); + + return &meth; + } + + + WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram()); + + WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); + if (bio) { + bio->type = WOLFSSL_BIO_DGRAM; + bio->shutdown = (byte)closeF; + bio->num.fd = (SOCKET_T)fd; } return bio; } +#endif + /** * Create new socket BIO object. This is a pure TCP connection with @@ -2217,7 +2468,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2241,17 +2492,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - if (b->num == WOLFSSL_BIO_ERROR) { + if (b->num.fd == SOCKET_INVALID) { if (wolfIO_TcpBind(&sfd, b->port) < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; - int newfd = wolfIO_TcpAccept(b->num, NULL, NULL); + int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL); if (newfd < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; @@ -2308,8 +2559,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) { - return wolfSSL_negotiate((WOLFSSL*)b->ptr); + if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) { + return wolfSSL_negotiate(b->ptr.ssl); } else { WOLFSSL_MSG("Not SSL BIO or no SSL object set"); @@ -2334,12 +2585,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return; } - if (b->ptr != NULL) { - int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + if (b->ptr.ssl != NULL) { + int rc = wolfSSL_shutdown(b->ptr.ssl); if (rc == SSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ - wolfSSL_shutdown((WOLFSSL*)b->ptr); + wolfSSL_shutdown(b->ptr.ssl); } } else { @@ -2354,7 +2605,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); if (b != NULL) { - b->ptr = ssl; + b->ptr.ssl = ssl; b->shutdown = (byte)closeF; if (b->next != NULL) wolfSSL_set_bio(ssl, b->next, b->next); @@ -2382,7 +2633,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - *ssl = (WOLFSSL*)bio->ptr; + *ssl = bio->ptr.ssl; return WOLFSSL_SUCCESS; } @@ -2526,7 +2777,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { - b->num = fd; + b->num.fd = (SOCKET_T)fd; b->shutdown = (byte)closeF; } @@ -2570,7 +2821,14 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->method = method; #endif bio->shutdown = BIO_CLOSE; /* default to close things */ - bio->num = WOLFSSL_BIO_ERROR; + + if ((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) + { + bio->num.fd = SOCKET_INVALID; + } else { + bio->num.length = 0; + } bio->init = 1; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) @@ -2602,8 +2860,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (method->type == WOLFSSL_BIO_MD) { - bio->ptr = wolfSSL_EVP_MD_CTX_new(); - if (bio->ptr == NULL) { + bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new(); + if (bio->ptr.md_ctx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_BIO_free(bio); return NULL; @@ -2637,16 +2895,16 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) len = (int)XSTRLEN((const char*)buf) + 1; } - if (len > 0 && wolfSSL_BUF_MEM_resize(bio->mem_buf, len) == 0) { + if (len > 0 && wolfSSL_BUF_MEM_resize(bio->mem_buf, (size_t)len) == 0) { wolfSSL_BIO_free(bio); return NULL; } - bio->num = (int)bio->mem_buf->max; + bio->num.length = bio->mem_buf->max; bio->wrSz = len; - bio->ptr = bio->mem_buf->data; - if (len > 0 && bio->ptr != NULL) { - XMEMCPY(bio->ptr, buf, len); + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + if (len > 0 && bio->ptr.mem_buf_data != NULL) { + XMEMCPY(bio->ptr.mem_buf_data, buf, len); bio->flags |= BIO_FLAGS_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2709,44 +2967,51 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->pair->pair = NULL; } - if (bio->ip != NULL) { - XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->shutdown) { - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr) - wolfSSL_free((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl) + wolfSSL_free(bio->ptr.ssl); #ifdef CloseSocket - if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) - CloseSocket(bio->num); + if (((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) && + (bio->num.fd != SOCKET_INVALID)) + { + CloseSocket(bio->num.fd); + } #endif } #ifndef NO_FILESYSTEM if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { - if (bio->ptr) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh) { + XFCLOSE(bio->ptr.fh); } #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else if (bio->num != WOLFSSL_BIO_ERROR) { - XCLOSE(bio->num); + else if (bio->num.fd != SOCKET_INVALID) { + XCLOSE(bio->num.fd); } #endif } #endif if (bio->shutdown != BIO_NOCLOSE) { - if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) { + if (bio->type == WOLFSSL_BIO_MEMORY && + bio->ptr.mem_buf_data != NULL) + { if (bio->mem_buf != NULL) { - if (bio->mem_buf->data != (char*)bio->ptr) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data) + { + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } else { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } if (bio->mem_buf != NULL) { @@ -2756,7 +3021,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (bio->type == WOLFSSL_BIO_MD) { - wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr); + wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx); } XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); @@ -2795,8 +3060,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } /* SSL BIO's should use the next object in the chain for IO */ - if (top->type == WOLFSSL_BIO_SSL && top->ptr) - wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append); + if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl) + wolfSSL_set_bio(top->ptr.ssl, append, append); return top; } @@ -2900,9 +3165,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd) WOLFSSL_ENTER("wolfSSL_BIO_get_fd"); if (bio != NULL) { + if (bio->num.fd == SOCKET_INVALID) + return WOLFSSL_BIO_ERROR; if (fd != NULL) - *fd = bio->num; - return bio->num; + *fd = (int)bio->num.fd; + return (int)bio->num.fd; } return WOLFSSL_BIO_ERROR; @@ -2977,10 +3244,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) switch (bio->type) { #if !defined(NO_FILESYSTEM) case WOLFSSL_BIO_FILE: - if (bio->ptr == NULL) { + if (bio->ptr.fh == XBADFILE) { return -1; } - ret = XVFPRINTF((XFILE)bio->ptr, format, args); + ret = XVFPRINTF(bio->ptr.fh, format, args); break; #endif @@ -3074,21 +3341,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/conf.c b/src/conf.c index cfc6085a48..8bf4b1ea95 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,6 +1,6 @@ /* conf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -146,9 +146,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) wolfSSL_TXT_DB_free(ret); ret = NULL; } - if (buf) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -793,8 +791,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, return ret ? ret : str; expand_cleanup: - if (ret) - XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); return NULL; } @@ -961,8 +958,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) cleanup: if (in) wolfSSL_BIO_free(in); - if (buf) - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (eline) *eline = line; return ret; @@ -986,13 +982,11 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val) if (val->name) { /* Not a section. Don't free section as it is a shared pointer. */ XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL); - if (val->value) - XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL); } else { /* Section so val->value is a stack */ - if (val->section) - XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL); /* Only free the stack structures. The contained conf values * will be freed in wolfSSL_NCONF_free */ sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value; @@ -1599,4 +1593,33 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd) * END OF CONF API ******************************************************************************/ +#if defined(OPENSSL_EXTRA) +OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void) +{ + OPENSSL_INIT_SETTINGS* init = (OPENSSL_INIT_SETTINGS*)XMALLOC( + sizeof(OPENSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL); + + return init; +} + +void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init) +{ + XFREE(init, NULL, DYNAMIC_TYPE_OPENSSL); +} + +#ifndef NO_WOLFSSL_STUB +int wolfSSL_OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS* init, + char* appname) +{ + (void)init; + (void)appname; + WOLFSSL_STUB("OPENSSL_INIT_set_config_appname"); + return WOLFSSL_SUCCESS; +} +#endif + +#endif /* OPENSSL_EXTRA */ + + + #endif /* WOLFSSL_CONF_INCLUDED */ diff --git a/src/crl.c b/src/crl.c index 3e61ec95e4..48c1476ec1 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -110,18 +110,18 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, #if defined(OPENSSL_EXTRA) crle->lastDateAsn1.length = MAX_DATE_SIZE; XMEMCPY (crle->lastDateAsn1.data, crle->lastDate, - crle->lastDateAsn1.length); + (size_t)crle->lastDateAsn1.length); crle->lastDateAsn1.type = crle->lastDateFormat; crle->nextDateAsn1.length = MAX_DATE_SIZE; XMEMCPY (crle->nextDateAsn1.data, crle->nextDate, - crle->nextDateAsn1.length); + (size_t)crle->nextDateAsn1.length); crle->nextDateAsn1.type = crle->nextDateFormat; crle->issuer = NULL; wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer, dcrl->issuerSz); if (crle->issuer == NULL) { - return WOLFSSL_FAILURE; + return -1; } #endif #ifdef CRL_STATIC_REVOKED_LIST @@ -219,13 +219,10 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap) tmp = next; } #endif - if (crle->signature != NULL) - XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); - if (crle->toBeSigned != NULL) - XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); #ifdef WC_RSA_PSS - if (crle->sigParams != NULL) - XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY); #endif #if defined(OPENSSL_EXTRA) if (crle->issuer != NULL) { @@ -318,14 +315,14 @@ static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz, while (rc) { if (serialHash == NULL) { if (rc->serialSz == serialSz && - XMEMCMP(rc->serialNumber, serial, rc->serialSz) == 0) { + XMEMCMP(rc->serialNumber, serial, (size_t)rc->serialSz) == 0) { WOLFSSL_MSG("Cert revoked"); ret = CRL_CERT_REVOKED; break; } } else { - ret = CalcHashId(rc->serialNumber, rc->serialSz, hash); + ret = CalcHashId(rc->serialNumber, (word32)rc->serialSz, hash); if (ret != 0) break; if (XMEMCMP(hash, serialHash, SIGNER_DIGEST_SIZE) == 0) { @@ -362,7 +359,7 @@ static int VerifyCRLE(const WOLFSSL_CRL* crl, CRL_Entry* crle) ret = VerifyCRL_Signature(&sigCtx, crle->toBeSigned, crle->tbsSz, crle->signature, crle->signatureSz, crle->signatureOID, #ifdef WC_RSA_PSS - crle->sigParams, crle->sigParamsSz, + crle->sigParams, (int)crle->sigParamsSz, #else NULL, 0, #endif @@ -392,6 +389,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, for (crle = crl->crlList; crle != NULL; crle = crle->next) { if (XMEMCMP(crle->issuerHash, issuerHash, CRL_DIGEST_SIZE) == 0) { + int nextDateValid = 1; + WOLFSSL_MSG("Found CRL Entry on list"); if (crle->verified == 0) { @@ -424,19 +423,22 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, #endif { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) - if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { + if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL next date is no longer valid"); - ret = ASN_AFTER_DATE_E; + nextDateValid = 0; } #endif } - if (ret == 0) { + if (nextDateValid) { foundEntry = 1; ret = FindRevokedSerial(crle->certs, serial, serialSz, serialHash, crle->totalCerts); if (ret != 0) break; } + else if (foundEntry == 0) { + ret = ASN_AFTER_DATE_E; + } } } @@ -498,8 +500,8 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, /* Loading .rN form CRL file if find at the folder, */ /* and try again checking Cert in the CRL list. */ /* When not set the folder or not use hash_dir, do nothing. */ - if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) { - if (crl->cm->x509_store_p != NULL) { + if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) { + if (crl->cm != NULL && crl->cm->x509_store_p != NULL) { ret = LoadCertByIssuer(crl->cm->x509_store_p, (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL); if (ret == WOLFSSL_SUCCESS) { @@ -512,18 +514,18 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, #endif if (foundEntry == 0) { WOLFSSL_MSG("Couldn't find CRL for status check"); - if (ret != CRL_CERT_DATE_ERR) { + if (ret != WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR)) { ret = CRL_MISSING; } - if (crl->cm->cbMissingCRL) { + if (crl->cm != NULL && crl->cm->cbMissingCRL) { char url[256]; WOLFSSL_MSG("Issuing missing CRL callback"); url[0] = '\0'; if (extCrlInfo) { if (extCrlInfoSz < (int)sizeof(url) -1 ) { - XMEMCPY(url, extCrlInfo, extCrlInfoSz); + XMEMCPY(url, extCrlInfo, (size_t)extCrlInfoSz); url[extCrlInfoSz] = '\0'; } else { @@ -650,13 +652,15 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, InitDecodedCRL(dcrl, crl->heap); ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz, verify, crl->cm); - if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) { + if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E) + && verify == NO_VERIFY)) { WOLFSSL_MSG("ParseCRL error"); CRL_Entry_free(crl->currentEntry, crl->heap); crl->currentEntry = NULL; } else { - ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E); + ret = AddCRL(crl, dcrl, myBuffer, + ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); if (ret != 0) { WOLFSSL_MSG("AddCRL error"); crl->currentEntry = NULL; @@ -680,8 +684,8 @@ static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_X509_CRL* ret; - ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap, - DYNAMIC_TYPE_CRL); + ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), + cm != NULL ? cm->heap : NULL, DYNAMIC_TYPE_CRL); if (ret != NULL) { if (InitCRL(ret, cm) < 0) { WOLFSSL_MSG("Unable to initialize new CRL structure"); @@ -844,7 +848,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) #ifdef HAVE_CRL_MONITOR if (crl->monitors[0].path) { - int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1; + size_t pathSz = XSTRLEN(crl->monitors[0].path) + 1; dupl->monitors[0].path = (char*)XMALLOC(pathSz, dupl->heap, DYNAMIC_TYPE_CRL_MONITOR); if (dupl->monitors[0].path != NULL) { @@ -856,7 +860,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) } if (crl->monitors[1].path) { - int pathSz = (int)XSTRLEN(crl->monitors[1].path) + 1; + size_t pathSz = XSTRLEN(crl->monitors[1].path) + 1; dupl->monitors[1].path = (char*)XMALLOC(pathSz, dupl->heap, DYNAMIC_TYPE_CRL_MONITOR); if (dupl->monitors[1].path != NULL) { @@ -880,6 +884,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) return 0; } +WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl) +{ + WOLFSSL_X509_CRL* ret; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_dup"); + + ret = wolfSSL_X509_crl_new(crl->cm); + if (ret != NULL && DupX509_CRL(ret, crl) != 0) { + FreeCRL(ret, 1); + ret = NULL; + } + return ret; +} + /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) { diff --git a/src/dtls.c b/src/dtls.c index aecd2605a4..9961ac21a4 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -1,6 +1,6 @@ /* dtls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -107,14 +107,14 @@ int DtlsIgnoreError(int err) { /* Whitelist of errors not to ignore */ switch (err) { - case MEMORY_E: - case MEMORY_ERROR: - case ASYNC_INIT_E: - case ASYNC_OP_E: - case SOCKET_ERROR_E: - case WANT_READ: - case WANT_WRITE: - case COOKIE_ERROR: + case WC_NO_ERR_TRACE(MEMORY_E): + case WC_NO_ERR_TRACE(MEMORY_ERROR): + case WC_NO_ERR_TRACE(ASYNC_INIT_E): + case WC_NO_ERR_TRACE(ASYNC_OP_E): + case WC_NO_ERR_TRACE(SOCKET_ERROR_E): + case WC_NO_ERR_TRACE(WANT_READ): + case WC_NO_ERR_TRACE(WANT_WRITE): + case WC_NO_ERR_TRACE(COOKIE_ERROR): return 0; default: return 1; @@ -187,14 +187,14 @@ typedef struct WolfSSL_CH { byte dtls12cookieSet:1; } WolfSSL_CH; -static int ReadVector8(const byte* input, WolfSSL_ConstVector* v) +static word32 ReadVector8(const byte* input, WolfSSL_ConstVector* v) { v->size = *input; v->elements = input + OPAQUE8_LEN; return v->size + OPAQUE8_LEN; } -static int ReadVector16(const byte* input, WolfSSL_ConstVector* v) +static word32 ReadVector16(const byte* input, WolfSSL_ConstVector* v) { word16 size16; ato16(input, &size16); @@ -267,7 +267,7 @@ static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch, return BUFFER_E; ret = TlsCheckCookie(ssl, ch->cookieExt.elements + OPAQUE16_LEN, (word16)(ch->cookieExt.size - OPAQUE16_LEN)); - if (ret < 0 && ret != HRR_COOKIE_ERROR) + if (ret < 0 && ret != WC_NO_ERR_TRACE(HRR_COOKIE_ERROR)) return ret; *cookieGood = ret > 0; ret = 0; @@ -1010,11 +1010,20 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, ssl->options.dtlsStateful = 1; /* Update the window now that we enter the stateful parsing */ #ifdef WOLFSSL_DTLS13 - if (isTls13) + if (isTls13) { + /* Set record numbers before current record number as read */ + Dtls13Epoch* e; ret = Dtls13UpdateWindowRecordRecvd(ssl); + e = Dtls13GetEpoch(ssl, ssl->keys.curEpoch64); + if (e != NULL) + XMEMSET(e->window, 0xFF, sizeof(e->window)); + } else #endif DtlsUpdateWindow(ssl); + /* Set record numbers before current record number as read */ + XMEMSET(ssl->keys.peerSeq->window, 0xFF, + sizeof(ssl->keys.peerSeq->window)); } } @@ -1141,10 +1150,8 @@ void TLSX_ConnectionID_Free(byte* ext, void* heap) info = DtlsCidGetInfoFromExt(ext); if (info == NULL) return; - if (info->rx != NULL) - XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX); - if (info->tx != NULL) - XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX); + XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX); + XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX); XFREE(info, heap, DYNAMIC_TYPE_TLSX); DtlsCidUnsetInfoFromExt(ext); XFREE(ext, heap, DYNAMIC_TYPE_TLSX); @@ -1333,10 +1340,8 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size) if (cidInfo == NULL) return WOLFSSL_FAILURE; - if (cidInfo->rx != NULL) { - XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX); - cidInfo->rx = NULL; - } + XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX); + cidInfo->rx = NULL; /* empty CID */ if (size == 0) diff --git a/src/dtls13.c b/src/dtls13.c index 86e5fb8be3..4d2365f38a 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -1,6 +1,6 @@ /* dtls13.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -396,7 +396,8 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) * WANT_WRITE means that we are done with processing the msg and we are * waiting to flush the output buffer. */ if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request && - ssl->options.handShakeDone && ret == WC_PENDING_E)) { + ssl->options.handShakeDone && + ret == WC_NO_ERR_TRACE(WC_PENDING_E))) { if (IsAtLeastTLSv1_3(ssl->version)) Dtls13MsgWasProcessed(ssl, (enum HandShakeType)msg->type); else if (downgraded) @@ -810,9 +811,7 @@ static void Dtls13MaybeSaveClientHello(WOLFSSL* ssl) while (r != NULL) { if (r->handshakeType == client_hello) { Dtls13RtxRecordUnlink(ssl, prev_next, r); - if (ssl->dtls13ClientHello != NULL) - XFREE(ssl->dtls13ClientHello, ssl->heap, - DYNAMIC_TYPE_DTLS_MSG); + XFREE(ssl->dtls13ClientHello, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); ssl->dtls13ClientHello = r->data; ssl->dtls13ClientHelloSz = r->length; r->data = NULL; diff --git a/src/include.am b/src/include.am index b89618b0eb..544ad3ea8e 100644 --- a/src/include.am +++ b/src/include.am @@ -21,7 +21,10 @@ EXTRA_DIST += src/ssl_asn1.c EXTRA_DIST += src/ssl_bn.c EXTRA_DIST += src/ssl_certman.c EXTRA_DIST += src/ssl_crypto.c +EXTRA_DIST += src/ssl_load.c EXTRA_DIST += src/ssl_misc.c +EXTRA_DIST += src/ssl_p7p12.c +EXTRA_DIST += src/ssl_sess.c EXTRA_DIST += src/x509.c EXTRA_DIST += src/x509_str.c @@ -59,6 +62,9 @@ endif if BUILD_AES src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c +if BUILD_CUDA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu +endif BUILD_CUDA endif if BUILD_AESNI @@ -151,6 +157,9 @@ endif if BUILD_AES src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c +if BUILD_CUDA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu +endif BUILD_CUDA if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM @@ -173,7 +182,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM endif !BUILD_ARMASM_NEON -endif BUILD_AES if BUILD_AESNI src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S @@ -185,6 +193,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S endif endif +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c +endif BUILD_RISCV_ASM +endif BUILD_AES + if BUILD_SHA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c endif @@ -216,7 +229,14 @@ endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE @@ -245,6 +265,7 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM endif BUILD_SHA512 if BUILD_SHA3 @@ -256,6 +277,15 @@ else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM_NEON +if BUILD_ARMASM +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S @@ -278,6 +308,238 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fips.c \ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c endif BUILD_FIPS_V5 +if BUILD_FIPS_V6 +# FIPS 140-3 SRTP-KDF first file +src_libwolfssl@LIBSUFFIX@_la_SOURCES += \ + wolfcrypt/src/wolfcrypt_first.c + +src_libwolfssl@LIBSUFFIX@_la_SOURCES += \ + wolfcrypt/src/hmac.c \ + wolfcrypt/src/random.c + +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c + +if BUILD_RSA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rsa.c +endif + +if BUILD_ECC +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ecc.c +endif + +if BUILD_AES +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c +if BUILD_ARMASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c +endif BUILD_ARMASM +if BUILD_ARMASM_NEON +if !BUILD_ARMASM_CRYPTO +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +endif !BUILD_ARMASM_INLINE +endif !BUILD_ARMASM_CRYPTO +else +if BUILD_ARMASM +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM +endif !BUILD_ARMASM_NEON +endif BUILD_AES + +if BUILD_AESNI +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S +if BUILD_X86_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S +endif +endif + +if BUILD_SHA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c +endif + +if BUILD_ARMASM_NEON +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +endif !BUILD_ARMASM_INLINE +else +if BUILD_ARMASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S +endif !BUILD_ARMASM_INLINE +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c +if BUILD_INTELASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S +endif BUILD_INTELASM +endif !BUILD_ARMASM +endif !BUILD_ARMASM_NEON + +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + +if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else +if BUILD_ARMASM_NEON +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +endif !BUILD_ARMASM_INLINE +else +if BUILD_ARMASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S +endif !BUILD_ARMASM_INLINE +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c +if BUILD_INTELASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S +endif BUILD_INTELASM +endif !BUILD_ARMASM +endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM +endif BUILD_SHA512 + +if BUILD_SHA3 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3.c +if BUILD_ARMASM_NEON +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM_NEON +if BUILD_ARMASM +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM +if BUILD_INTELASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S +endif +endif + +if BUILD_DH +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dh.c +endif + +if BUILD_CMAC +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/cmac.c +endif + +if BUILD_CURVE448 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve448.c +endif + +if BUILD_ED448 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed448.c +endif + +if BUILD_CURVE25519 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c +endif + +if BUILD_ED25519 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed25519.c +endif + +if BUILD_ARMASM +if BUILD_ARMASM_NEON +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif !BUILD_ARMASM_INLINE +else +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif !BUILD_ARMASM_INLINE +endif !BUILD_ARMASM_NEON +endif BUILD_ARMASM + +if BUILD_PWDBASED +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pwdbased.c +endif BUILD_PWDBASED + +if BUILD_SP +if BUILD_SP_C32 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c32.c +endif +if BUILD_SP_C64 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c64.c +endif + +if BUILD_SP_X86_64 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_x86_64.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_x86_64_asm.S +endif +if !BUILD_FIPS_V2 +if BUILD_SP_ARM32 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_arm32.c +endif +endif +if BUILD_SP_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_armthumb.c +endif +if !BUILD_FIPS_V2 +if BUILD_SP_ARM64 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_arm64.c +endif +endif +if BUILD_SP_ARM_CORTEX +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_cortexm.c +endif +endif BUILD_SP + +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fips.c \ + wolfcrypt/src/fips_test.c + +# fips last file +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c +endif BUILD_FIPS_V6 + + endif BUILD_FIPS # For wolfRand, exclude everything else. @@ -309,9 +571,11 @@ endif !BUILD_DO178 if !BUILD_FIPS_RAND if !BUILD_FIPS_V5 +if !BUILD_FIPS_V6 if BUILD_KDF src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c endif +endif !BUILD_FIPS_V6 endif !BUILD_FIPS_V5 if !BUILD_FIPS_CURRENT @@ -347,6 +611,11 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON + +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + endif !BUILD_FIPS_CURRENT if BUILD_AFALG @@ -380,6 +649,7 @@ if BUILD_RC2 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rc2.c endif +if !BUILD_FIPS_V6 if BUILD_SP if BUILD_SP_C32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c32.c @@ -409,6 +679,8 @@ if BUILD_SP_ARM_CORTEX src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_cortexm.c endif endif BUILD_SP +endif !BUILD_FIPS_V6 + if BUILD_SP_INT src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_int.c endif @@ -416,6 +688,9 @@ endif if !BUILD_FIPS_CURRENT if BUILD_AES src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c +if BUILD_CUDA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu +endif BUILD_CUDA if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM @@ -440,9 +715,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM endif !BUILD_ARMASM_NEON + if BUILD_AFALG src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c endif BUILD_AFALG + +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c +endif BUILD_RISCV_ASM endif BUILD_AES endif !BUILD_FIPS_CURRENT @@ -466,6 +746,9 @@ endif !BUILD_FIPS_CURRENT if !BUILD_FIPS_CURRENT if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE @@ -494,6 +777,7 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM endif BUILD_SHA512 endif !BUILD_FIPS_CURRENT @@ -507,6 +791,15 @@ else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM_NEON +if BUILD_ARMASM +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S @@ -641,10 +934,15 @@ if BUILD_MD5 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/md5.c endif +if !BUILD_FIPS_V6 if BUILD_PWDBASED src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pwdbased.c +endif BUILD_PWDBASED +endif !BUILD_FIPS_V6 + +if BUILD_PKCS12 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pkcs12.c -endif +endif BUILD_PKCS12 if BUILD_DSA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dsa.c @@ -685,17 +983,21 @@ if BUILD_CHACHA if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c else +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c +else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c +endif !BUILD_RISCV_ASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S -endif -endif -endif +endif BUILD_INTELASM +endif !BUILD_X86_ASM +endif !BUILD_ARMASM_NEON if BUILD_POLY1305 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c -endif -endif +endif BUILD_POLY1305 +endif BUILD_CHACHA if !BUILD_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/misc.c @@ -722,7 +1024,6 @@ if BUILD_SAKKE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sakke.c endif -if !BUILD_FIPS_CURRENT if BUILD_WC_KYBER src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c @@ -732,6 +1033,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S endif endif endif + +if BUILD_DILITHIUM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c endif if BUILD_WC_LMS @@ -744,6 +1048,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c endif +if !BUILD_FIPS_V6 if BUILD_CURVE25519 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c endif @@ -751,17 +1056,19 @@ endif if BUILD_ED25519 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed25519.c endif +endif !BUILD_FIPS_V6 if BUILD_FEMATH if BUILD_CURVE25519_SMALL src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_low_mem.c else -if BUILD_INTELASM +if BUILD_CURVE25519_INTELASM if !BUILD_X86_ASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S endif !BUILD_X86_ASM else if BUILD_ARMASM +if !BUILD_FIPS_V6 if BUILD_ARMASM_NEON if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -781,10 +1088,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S endif !BUILD_ARMASM_INLINE endif !BUILD_ARMASM_NEON +endif !BUILD_FIPS_V6 else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c endif !BUILD_ARMASM -endif !BUILD_INTELASM +endif !BUILD_CURVE25519_INTELASM endif !BUILD_CURVE25519_SMALL endif BUILD_FEMATH @@ -794,18 +1102,19 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_low_mem.c else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c if !BUILD_FEMATH -if BUILD_INTELASM +if BUILD_CURVE25519_INTELASM if !BUILD_X86_ASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S endif !BUILD_X86_ASM else +if !BUILD_FIPS_V6 if BUILD_ARMASM if BUILD_ARMASM_NEON if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S -endif +endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -813,16 +1122,18 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_ else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S -endif -endif +endif !BUILD_ARMASM_INLINE +endif !BUILD_ARMASM_NEON else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c -endif -endif -endif -endif -endif +endif !BUILD_ARMASM +endif !BUILD_FIPS_V6 +endif !BUILD_CURVE25519_INTELASM +endif !BUILD_FEMATH +endif !BUILD_ED25519_SMALL +endif BUILD_GEMATH +if !BUILD_FIPS_V6 if BUILD_CURVE448 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve448.c endif @@ -830,6 +1141,7 @@ endif if BUILD_ED448 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed448.c endif +endif !BUILD_FIPS_V6 if BUILD_FE448 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_448.c diff --git a/src/internal.c b/src/internal.c index 872721e02a..b08e6f7715 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -149,7 +149,7 @@ #endif -#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } +#define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; } #ifdef _MSC_VER /* disable for while(0) cases at the .c level for now */ @@ -266,6 +266,49 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, #endif /* !WOLFSSL_NO_TLS12 */ +#if !defined(NO_CERT) && defined(WOLFSSL_BLIND_PRIVATE_KEY) +int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key, DerBuffer** mask) +{ + int ret = 0; + WC_RNG local_rng; + + if (key != NULL) { + if (*mask != NULL) { + FreeDer(mask); + } + ret = AllocDer(mask, key->length, key->type, key->heap); + if ((ret == 0) && (rng == NULL)) { + if (wc_InitRng(&local_rng) != 0) { + ret = RNG_FAILURE_E; + } + else { + rng = &local_rng; + } + } + if (ret == 0) { + ret = wc_RNG_GenerateBlock(rng, (*mask)->buffer, (*mask)->length); + } + if (ret == 0) { + xorbuf(key->buffer, (*mask)->buffer, (*mask)->length); + } + + if (rng == &local_rng) { + wc_FreeRng(rng); + } + } + + return ret; +} + +void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) +{ + if (key != NULL) { + xorbuf(key->buffer, mask->buffer, mask->length); + } +} +#endif + + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) #include #endif @@ -301,7 +344,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, { wolfSSL_CTX_keylog_cb_func logCb = NULL; int msSz; - int hasVal; + int invalidCount; int i; const char* label = SSC_CR; int labelSz = sizeof(SSC_CR); @@ -312,32 +355,34 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int ret; (void)ctx; - if (ssl == NULL || secret == NULL || *secretSz == 0) + if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0) return BAD_FUNC_ARG; if (ssl->arrays == NULL) return BAD_FUNC_ARG; - /* get the user-callback func from CTX*/ + /* get the user-callback func from CTX */ logCb = ssl->ctx->keyLogCb; - if (logCb == NULL) - return 0; + if (logCb == NULL) { + return 0; /* no logging callback */ + } - /* need to make sure the given master-secret has a meaningful value */ + /* make sure the given master-secret has a meaningful value */ msSz = *secretSz; - hasVal = 0; + invalidCount = 0; for (i = 0; i < msSz; i++) { - if (*((byte*)secret) != 0) { - hasVal = 1; - break; + if (((byte*)secret)[i] == 0) { + invalidCount++; } } - if (hasVal == 0) - return 0; /* master-secret looks invalid */ + if (invalidCount == *secretSz) { + WOLFSSL_MSG("master-secret is not valid"); + return 0; /* ignore error */ + } /* build up a hex-decoded keylog string - "CLIENT_RANDOM " - note that each keylog string does not have CR/LF. - */ + * "CLIENT_RANDOM " + * note that each keylog string does not have CR/LF. + */ buffSz = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1; log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET); if (log == NULL) @@ -367,8 +412,9 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = 0; } } - else - ret = MEMORY_E; + else { + ret = BUFFER_E; + } } /* Zero out Base16 encoded secret and other data. */ ForceZero(log, buffSz); @@ -517,6 +563,22 @@ int IsTLS(const WOLFSSL* ssl) { if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR) return 1; +#ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) + return 1; +#endif + + return 0; +} + +int IsTLS_ex(const ProtocolVersion pv) +{ + if (pv.major == SSLv3_MAJOR && pv.minor >=TLSv1_MINOR) + return 1; +#ifdef WOLFSSL_DTLS + if (pv.major == DTLS_MAJOR) + return 1; +#endif return 0; } @@ -2108,7 +2170,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz, } } - if (ret != 0 && ret != LENGTH_ONLY_E && buf != NULL) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && buf != NULL) { /*in a fail case clear the buffer which could contain partial key info*/ XMEMSET(buf, 0, *sz); } @@ -2169,7 +2231,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) ssl->options.haveECC = 1; /* server turns on with ECC key cert */ } #endif -#ifdef HAVE_PQC #ifdef HAVE_FALCON if (ssl->options.side == WOLFSSL_CLIENT_END) { ssl->options.haveFalconSig = 1; /* always on client side */ @@ -2180,7 +2241,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) ssl->options.haveDilithiumSig = 1; /* always on client side */ } #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) if (ssl->options.side == WOLFSSL_CLIENT_END) { @@ -2267,14 +2327,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->minEccKeySz = MIN_ECCKEY_SZ; ctx->eccTempKeySz = ECDHE_SIZE; #endif -#ifdef HAVE_PQC #ifdef HAVE_FALCON ctx->minFalconKeySz = MIN_FALCONKEY_SZ; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ; #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ ctx->verifyDepth = MAX_CHAIN_DEPTH; #ifdef OPENSSL_EXTRA ctx->cbioFlag = WOLFSSL_CBIO_NONE; @@ -2338,7 +2396,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) wolfSSL_CTX_set_server_cert_type(ctx, NULL, 0); /* set to default */ #endif /* HAVE_RPK */ -#ifdef HAVE_PQC #ifdef HAVE_FALCON if (method->side == WOLFSSL_CLIENT_END) ctx->haveFalconSig = 1; /* always on client side */ @@ -2349,7 +2406,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->haveDilithiumSig = 1; /* always on client side */ /* server can turn on by loading key */ #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ #ifdef HAVE_ECC if (method->side == WOLFSSL_CLIENT_END) { ctx->haveECDSAsig = 1; /* always on client side */ @@ -2401,22 +2457,27 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) return MEMORY_E; } XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + /* WOLFSSL_X509_LOOKUP */ - if ((ctx->x509_store.lookup.dirs = - (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), - heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { - WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); - XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; + if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC( + sizeof(WOLFSSL_BY_DIR), + heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { + WOLFSSL_MSG("ctx->x509_store.lookup.dirs: allocation error"); return MEMORY_E; } XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); + + /* param */ + if ((ctx->x509_store.param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), + heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { + WOLFSSL_MSG("ctx->x509_store.param: allocation error"); + return MEMORY_E; + } + XMEMSET(ctx->x509_store.param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { WOLFSSL_MSG("Bad mutex init"); - XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; - XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); - ctx->x509_store.lookup.dirs = NULL; WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -2515,8 +2576,7 @@ static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) XFREE(working_config->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(working_config->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (working_config->raw != NULL) - XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); if (working_config->receiverPrivkey != NULL) { wc_HpkeFreeKey(NULL, working_config->kemId, @@ -2563,10 +2623,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD); ctx->method = NULL; - if (ctx->suites) { - XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); - ctx->suites = NULL; - } + XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); + ctx->suites = NULL; #ifndef NO_DH XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -2588,11 +2646,17 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ForceZero(ctx->privateKey->buffer, ctx->privateKey->length); } FreeDer(&ctx->privateKey); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ctx->privateKeyMask); +#endif #ifdef WOLFSSL_DUAL_ALG_CERTS if (ctx->altPrivateKey != NULL && ctx->altPrivateKey->buffer != NULL) { ForceZero(ctx->altPrivateKey->buffer, ctx->altPrivateKey->length); } FreeDer(&ctx->altPrivateKey); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ctx->altPrivateKeyMask); +#endif #endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef OPENSSL_ALL wolfSSL_EVP_PKEY_free(ctx->privateKeyPKey); @@ -2659,9 +2723,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->alpn_cli_protos = NULL; } - if (ctx->param) { - XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; + XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; + + if (ctx->x509_store.param) { + XFREE(ctx->x509_store.param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); + ctx->x509_store.param = NULL; } if (ctx->x509_store.lookup.dirs) { @@ -2705,6 +2772,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #ifdef WOLFSSL_STATIC_MEMORY static void SSL_CtxResourceFreeStaticMem(void* heap) { +#ifndef SINGLE_THREADED if (heap != NULL #ifdef WOLFSSL_HEAP_TEST /* avoid dereferencing a test value */ @@ -2715,6 +2783,9 @@ static void SSL_CtxResourceFreeStaticMem(void* heap) WOLFSSL_HEAP* mem = hint->memory; wc_FreeMutex(&mem->memory_mutex); } +#else + (void)heap; +#endif } #endif /* WOLFSSL_STATIC_MEMORY */ @@ -2735,7 +2806,7 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) if (ret < 0) { /* check error state, if mutex error code then mutex init failed but * CTX was still malloc'd */ - if (ctx->err == CTX_INIT_MUTEX_E) { + if (ctx->err == WC_NO_ERR_TRACE(CTX_INIT_MUTEX_E)) { SSL_CtxResourceFree(ctx); XFREE(ctx, heap, DYNAMIC_TYPE_CTX); #ifdef WOLFSSL_STATIC_MEMORY @@ -2999,7 +3070,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, } else #endif - #ifdef HAVE_PQC #ifdef HAVE_FALCON if (sigAlgo == falcon_level1_sa_algo) { ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, @@ -3029,7 +3099,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, } else #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ #ifdef WC_RSA_PSS if (sigAlgo == rsa_pss_sa_algo) { /* RSA PSS is sig then mac */ @@ -3048,7 +3117,7 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, } } -void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2, +void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2, int keySz, word16* len) { word16 idx = 0; @@ -3090,7 +3159,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2, &idx); } #endif -#if defined(HAVE_PQC) #ifdef HAVE_FALCON if (haveSig & SIG_FALCON) { AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, @@ -3109,7 +3177,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2, keySz, &idx); } #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ if (haveSig & SIG_RSA) { #ifdef WC_RSA_PSS if (tls1_2) { @@ -3155,30 +3222,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2, *len = idx; } -void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, - int haveFalconSig, int haveDilithiumSig, int haveAnon, int tls1_2, - int keySz) -{ - InitSuitesHashSigAlgo_ex(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, - haveFalconSig, haveDilithiumSig, haveAnon, tls1_2, keySz, - &suites->hashSigAlgoSz); -} - -void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, - int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz, word16* len) -{ - int have = 0; - - if (haveECDSAsig) have |= SIG_ECDSA; - if (haveRSAsig) have |= SIG_RSA; - if (haveFalconSig) have |= SIG_FALCON; - if (haveDilithiumSig) have |= SIG_DILITHIUM; - if (haveAnon) have |= SIG_ANON; - - InitSuitesHashSigAlgo_ex2(hashSigAlgo, have, tls1_2, keySz, len); -} - int AllocateCtxSuites(WOLFSSL_CTX* ctx) { if (ctx->suites == NULL) { @@ -3241,6 +3284,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, (void)haveStaticRSA; (void)haveStaticECC; (void)haveECC; + (void)haveECDSAsig; (void)side; (void)haveRSA; /* some builds won't read */ (void)haveRSAsig; /* non ecc builds won't read */ @@ -4265,18 +4309,27 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suiteSz = idx; if (suites->hashSigAlgoSz == 0) { - int haveSig = 0; - haveSig |= (haveRSAsig | haveRSA) ? SIG_RSA : 0; - haveSig |= (haveECDSAsig | haveECC) ? SIG_ECDSA : 0; - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - haveSig |= (haveECDSAsig | haveECC) ? SIG_SM2 : 0; - #endif - haveSig |= haveFalconSig ? SIG_FALCON : 0; - haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0; - haveSig &= ~SIG_ANON; - InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, tls1_2, keySz, + InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, keySz, &suites->hashSigAlgoSz); } + + /* Moved to the end as we set some of the vars but never use them */ + (void)tls; /* shut up compiler */ + (void)tls1_2; + (void)dtls; + (void)haveDH; + (void)havePSK; + (void)haveStaticRSA; + (void)haveStaticECC; + (void)haveECC; + (void)haveECDSAsig; + (void)side; + (void)haveRSA; /* some builds won't read */ + (void)haveRSAsig; /* non ecc builds won't read */ + (void)haveAnon; /* anon ciphers optional */ + (void)haveNull; + (void)haveFalconSig; + (void)haveDilithiumSig; } #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \ @@ -4334,7 +4387,7 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) } break; #endif -#ifdef HAVE_PQC +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) case PQC_SA_MAJOR: /* Hash performed as part of sign/verify operation. * However, if we want a dual alg signature with a @@ -4517,23 +4570,15 @@ void FreeX509(WOLFSSL_X509* x509) x509->authKeyId = NULL; XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); x509->subjKeyId = NULL; - if (x509->authInfo != NULL) { - XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->authInfo = NULL; - } - if (x509->rawCRLInfo != NULL) { - XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->rawCRLInfo = NULL; - } - if (x509->CRLInfo != NULL) { - XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->CRLInfo = NULL; - } + XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->authInfo = NULL; + XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->rawCRLInfo = NULL; + XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->CRLInfo = NULL; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_QT) - if (x509->authInfoCaIssuer != NULL) { - XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT); - } + XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT); if (x509->ext_sk != NULL) { wolfSSL_sk_X509_EXTENSION_pop_free(x509->ext_sk, NULL); } @@ -4588,11 +4633,16 @@ void FreeX509(WOLFSSL_X509* x509) x509->altNames = NULL; } -#ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef WOLFSSL_DUAL_ALG_CERTS XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->sapkiDer = NULL; XFREE(x509->altSigAlgDer, x509->heap, DYNAMIC_TYPE_X509_EXT); - XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT); -#endif /* WOLFSSL_DUAL_ALG_CERTS */ + x509->altSigAlgDer = NULL; + if (x509->altSigValDer) { + XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->altSigValDer= NULL; + } + #endif /* WOLFSSL_DUAL_ALG_CERTS */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) wolfSSL_RefFree(&x509->ref); @@ -4859,14 +4909,14 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (key && ret == WC_PENDING_E) { + if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ /* For positive response return in outSz */ if (ret > 0) { - *outSz = ret; + *outSz = (word32)ret; ret = 0; } @@ -4879,7 +4929,7 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, int hashAlgo, RsaKey* key, buffer* keyBufInfo) { - int ret = SIG_VERIFY_E; + int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E); #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; @@ -4935,7 +4985,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, !defined(WOLFSSL_RENESAS_TSIP_TLS) else #else - if (!ssl->ctx->RsaVerifyCb || ret == CRYPTOCB_UNAVAILABLE) + if (!ssl->ctx->RsaVerifyCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif #endif /*HAVE_PK_CALLBACKS */ { @@ -4944,7 +4994,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5017,7 +5067,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, TypeHash(hashAlgo), mgf, keyBuf, keySz, ctx); if (ret > 0) { - ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, + ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, (word32)ret, hashType); if (ret != 0) { ret = VERIFY_CERT_ERROR; @@ -5035,7 +5085,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType); #else - ret = wc_RsaPSS_CheckPadding_ex(plain, plainSz, out, ret, + ret = wc_RsaPSS_CheckPadding_ex(plain, plainSz, out, (word32)ret, hashType, -1, mp_count_bits(&key->n)); #endif @@ -5082,7 +5132,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (key && ret == WC_PENDING_E) { + if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5142,7 +5192,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5162,7 +5212,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, RsaKey* key, buffer* keyBufInfo) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; word32 keySz = 0; @@ -5194,7 +5244,7 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, !defined(WOLFSSL_RENESAS_TSIP_TLS) else #else - if (!ssl->ctx->RsaEncCb || ret == CRYPTOCB_UNAVAILABLE) + if (!ssl->ctx->RsaEncCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif #endif /* HAVE_PK_CALLBACKS */ { @@ -5203,14 +5253,14 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ /* For positive response return in outSz */ if (ret > 0) { - *outSz = ret; + *outSz = (word32)ret; ret = 0; } @@ -5263,7 +5313,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz, ctx); #if defined(WOLFSSL_RENESAS_TSIP_TLS) - if (ret == CRYPTOCB_UNAVAILABLE) { + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key); } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -5276,7 +5326,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (key && ret == WC_PENDING_E) { + if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5289,7 +5339,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo) { - int ret = SIG_VERIFY_E; + int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E); #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; word32 keySz = 0; @@ -5323,7 +5373,7 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, !defined(WOLFSSL_MAXQ108X) else #else - if (!ssl->ctx->EccVerifyCb || ret == CRYPTOCB_UNAVAILABLE) + if (!ssl->ctx->EccVerifyCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif #endif /* HAVE_PK_CALLBACKS */ { @@ -5332,7 +5382,7 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } else @@ -5405,7 +5455,7 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5464,7 +5514,7 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) #ifdef HAVE_PK_CALLBACKS if (ssl->ctx->EccKeyGenCb) { void* ctx = wolfSSL_GetEccKeyGenCtx(ssl); - ret = ssl->ctx->EccKeyGenCb(ssl, key, keySz, ecc_curve, ctx); + ret = ssl->ctx->EccKeyGenCb(ssl, key, (unsigned int)keySz, ecc_curve, ctx); } else #endif @@ -5482,7 +5532,7 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5522,7 +5572,7 @@ int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, word32 idSz, const byte* sig, word32 sigSz, const byte* msg, word32 msgSz, ecc_key* key, buffer* keyBufInfo) { - int ret = SIG_VERIFY_E; + int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E); byte hash[WC_SM3_DIGEST_SIZE]; (void)ssl; @@ -5645,7 +5695,7 @@ int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5719,7 +5769,7 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } else @@ -5745,7 +5795,6 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, */ static int X25519GetKey(WOLFSSL* ssl, curve25519_key** otherKey) { - int ret = NO_PEER_KEY; struct curve25519_key* tmpKey = NULL; if (ssl == NULL || otherKey == NULL) { @@ -5768,10 +5817,11 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, if (tmpKey) { *otherKey = (curve25519_key *)tmpKey; - ret = 0; + return 0; + } + else { + return NO_PEER_KEY; } - - return ret; } #endif /* HAVE_PK_CALLBACKS */ @@ -5815,7 +5865,7 @@ static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5861,7 +5911,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -5969,7 +6019,7 @@ int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -6043,7 +6093,7 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } else @@ -6069,7 +6119,6 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, */ static int X448GetKey(WOLFSSL* ssl, curve448_key** otherKey) { - int ret = NO_PEER_KEY; struct curve448_key* tmpKey = NULL; if (ssl == NULL || otherKey == NULL) { @@ -6091,10 +6140,11 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, if (tmpKey) { *otherKey = (curve448_key *)tmpKey; - ret = 0; + return 0; + } + else { + return NO_PEER_KEY; } - - return ret; } #endif /* HAVE_PK_CALLBACKS */ @@ -6139,7 +6189,7 @@ static int X448SharedSecret(WOLFSSL* ssl, curve448_key* priv_key, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -6184,7 +6234,7 @@ static int X448MakeKey(WOLFSSL* ssl, curve448_key* key, curve448_key* peer) /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -6221,7 +6271,7 @@ int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, ret = ssl->ctx->DhGenerateKeyPairCb(dhKey, ssl->rng, priv, privSz, pub, pubSz); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif { PRIVATE_KEY_UNLOCK(); @@ -6231,7 +6281,7 @@ int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -6301,7 +6351,7 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, /* Handle async pending response */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev); } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -6711,14 +6761,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef HAVE_ECC ssl->options.minEccKeySz = ctx->minEccKeySz; #endif -#ifdef HAVE_PQC #ifdef HAVE_FALCON ssl->options.minFalconKeySz = ctx->minFalconKeySz; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz; #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) ssl->options.verifyDepth = ctx->verifyDepth; #endif @@ -6761,14 +6809,45 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = ctx->certChainCnt; #endif +#ifndef WOLFSSL_BLIND_PRIVATE_KEY ssl->buffers.key = ctx->privateKey; +#else + if (ctx->privateKey != NULL) { + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + ssl->buffers.weOwnKey = 1; + /* Blind the private key for the SSL with new random mask. */ + wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + if (ret != 0) { + return ret; + } + } +#endif ssl->buffers.keyType = ctx->privateKeyType; ssl->buffers.keyId = ctx->privateKeyId; ssl->buffers.keyLabel = ctx->privateKeyLabel; ssl->buffers.keySz = ctx->privateKeySz; ssl->buffers.keyDevId = ctx->privateKeyDevId; #ifdef WOLFSSL_DUAL_ALG_CERTS - ssl->buffers.altKey = ctx->altPrivateKey; +#ifndef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.altKey = ctx->altPrivateKey; +#else + if (ctx->altPrivateKey != NULL) { + AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ctx->altPrivateKey->length, ctx->altPrivateKey->type, + ctx->altPrivateKey->heap); + /* Blind the private key for the SSL with new random mask. */ + wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, + &ssl->buffers.altKeyMask); + if (ret != 0) { + return ret; + } + } +#endif ssl->buffers.altKeyType = ctx->altPrivateKeyType; ssl->buffers.altKeyId = ctx->altPrivateKeyId; ssl->buffers.altKeyLabel = ctx->altPrivateKeyLabel; @@ -6961,7 +7040,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl) int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, HS_Hashes** destination) { - int ret = 0; + int ret; HS_Hashes* tmpHashes; if (source == NULL) @@ -6971,7 +7050,11 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, tmpHashes = ssl->hsHashes; ssl->hsHashes = NULL; - InitHandshakeHashes(ssl); + ret = InitHandshakeHashes(ssl); + if (ret != 0) { + WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret); + return ret; + } *destination = ssl->hsHashes; ssl->hsHashes = tmpHashes; @@ -6979,50 +7062,50 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, /* now copy the source contents to the destination */ #ifndef NO_OLD_TLS #ifndef NO_SHA - ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha); + ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha); #endif #ifndef NO_MD5 - if (ret == 0) - ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5); + if (ret == 0) + ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5); #endif #endif /* !NO_OLD_TLS */ #ifndef NO_SHA256 - if (ret == 0) - ret = wc_Sha256Copy(&source->hashSha256, - &(*destination)->hashSha256); + if (ret == 0) + ret = wc_Sha256Copy(&source->hashSha256, + &(*destination)->hashSha256); #endif #ifdef WOLFSSL_SHA384 - if (ret == 0) - ret = wc_Sha384Copy(&source->hashSha384, - &(*destination)->hashSha384); + if (ret == 0) + ret = wc_Sha384Copy(&source->hashSha384, + &(*destination)->hashSha384); #endif #ifdef WOLFSSL_SHA512 - if (ret == 0) - ret = wc_Sha512Copy(&source->hashSha512, - &(*destination)->hashSha512); + if (ret == 0) + ret = wc_Sha512Copy(&source->hashSha512, + &(*destination)->hashSha512); #endif #ifdef WOLFSSL_SM3 - if (ret == 0) - ret = wc_Sm3Copy(&source->hashSm3, - &(*destination)->hashSm3); + if (ret == 0) + ret = wc_Sm3Copy(&source->hashSm3, + &(*destination)->hashSm3); #endif #if (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) - if (ret == 0 && source->messages != NULL) { - (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap, - DYNAMIC_TYPE_HASHES); - (*destination)->length = source->length; - (*destination)->prevLen = source->prevLen; + if (ret == 0 && source->messages != NULL) { + (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap, + DYNAMIC_TYPE_HASHES); + (*destination)->length = source->length; + (*destination)->prevLen = source->prevLen; - if ((*destination)->messages == NULL) { - ret = MEMORY_E; - } - else { - XMEMCPY((*destination)->messages, source->messages, - source->length); - } + if ((*destination)->messages == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY((*destination)->messages, source->messages, + source->length); } + } #endif return ret; @@ -7149,6 +7232,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap)); ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap)); + ssl_hint->memory = ctx_hint->memory; + #ifndef WOLFSSL_STATIC_MEMORY_LEAN + #ifndef SINGLE_THREADED /* lock and check IO count / handshake count */ if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); @@ -7157,10 +7243,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } + #endif if (ctx_hint->memory->maxHa > 0 && ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) { WOLFSSL_MSG("At max number of handshakes for static memory"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); ssl->heap = NULL; /* free and set to NULL for IO counter */ return MEMORY_E; @@ -7169,16 +7258,19 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ctx_hint->memory->maxIO > 0 && ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) { WOLFSSL_MSG("At max number of IO allowed for static memory"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); ssl->heap = NULL; /* free and set to NULL for IO counter */ return MEMORY_E; } ctx_hint->memory->curIO++; ctx_hint->memory->curHa++; - ssl_hint->memory = ctx_hint->memory; ssl_hint->haFlag = 1; + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif /* check if tracking stats */ if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) { @@ -7192,26 +7284,37 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* check if using fixed IO buffers */ if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) { + #ifndef SINGLE_THREADED if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } + #endif if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) { + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) { + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) { WOLFSSL_MSG("Not enough memory to create fixed IO buffers"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif } + #endif /* !WOLFSSL_STATIC_MEMORY_LEAN */ #ifdef WOLFSSL_HEAP_TEST } #endif @@ -7583,6 +7686,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) defined(WOLFSSL_SSLKEYLOGFILE) && defined(WOLFSSL_TLS13) (void)wolfSSL_set_tls13_secret_cb(ssl, tls13ShowSecrets, NULL); #endif +#if defined(HAVE_SECRET_CALLBACK) && defined(SHOW_SECRETS) + (void)wolfSSL_set_secret_cb(ssl, tlsShowSecrets, NULL); +#endif #ifdef WOLFSSL_DUAL_ALG_CERTS ssl->sigSpec = ctx->sigSpec; ssl->sigSpecSz = ctx->sigSpecSz; @@ -7657,7 +7763,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey) wc_curve448_free((curve448_key*)*pKey); break; #endif /* HAVE_CURVE448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case DYNAMIC_TYPE_FALCON: wc_falcon_free((falcon_key*)*pKey); @@ -7668,7 +7773,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey) wc_dilithium_free((dilithium_key*)*pKey); break; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ #ifndef NO_DH case DYNAMIC_TYPE_DH: wc_FreeDhKey((DhKey*)*pKey); @@ -7686,7 +7790,7 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey) int AllocKey(WOLFSSL* ssl, int type, void** pKey) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int sz = 0; #ifdef HAVE_ECC ecc_key* eccKey; @@ -7705,7 +7809,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) WOLFSSL_MSG("Key already present!"); #ifdef WOLFSSL_ASYNC_CRYPT /* allow calling this again for async reentry */ - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { return 0; } #endif @@ -7744,7 +7848,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) sz = sizeof(curve448_key); break; #endif /* HAVE_CURVE448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case DYNAMIC_TYPE_FALCON: sz = sizeof(falcon_key); @@ -7755,7 +7858,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) sz = sizeof(dilithium_key); break; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ #ifndef NO_DH case DYNAMIC_TYPE_DH: sz = sizeof(DhKey); @@ -7819,7 +7921,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) ret = 0; break; #endif /* HAVE_CURVE448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case DYNAMIC_TYPE_FALCON: wc_falcon_init_ex((falcon_key*)*pKey, ssl->heap, ssl->devId); @@ -7832,7 +7933,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) ret = 0; break; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ #ifdef HAVE_CURVE448 case DYNAMIC_TYPE_CURVE448: wc_curve448_init((curve448_key*)*pKey); @@ -7858,8 +7958,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \ - defined(HAVE_CURVE448) || (defined(HAVE_PQC) && defined(HAVE_FALCON)) || \ - (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) + defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) static int ReuseKey(WOLFSSL* ssl, int type, void* pKey) { int ret = 0; @@ -7905,12 +8004,18 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey) ret = wc_curve448_init((curve448_key*)pKey); break; #endif /* HAVE_CURVE448 */ - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) case DYNAMIC_TYPE_FALCON: wc_falcon_free((falcon_key*)pKey); ret = wc_falcon_init((falcon_key*)pKey); break; - #endif /* HAVE_PQC && HAVE_FALCON */ + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) + case DYNAMIC_TYPE_DILITHIUM: + wc_dilithium_free((dilithium_key*)pKey); + ret = wc_dilithium_init((dilithium_key*)pKey); + break; + #endif /* HAVE_DILITHIUM */ #ifndef NO_DH case DYNAMIC_TYPE_DH: wc_FreeDhKey((DhKey*)pKey); @@ -8204,7 +8309,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) } #endif #endif -#if defined(HAVE_PQC) && defined(HAVE_FALCON) +#if defined(HAVE_FALCON) FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; #endif @@ -8254,9 +8359,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) } #endif #ifdef OPENSSL_EXTRA - if (ssl->param) { - XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL); #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) while (ssl->certReqCtx != NULL) { @@ -8287,14 +8390,17 @@ void SSL_ResourceFree(WOLFSSL* ssl) /* avoid dereferencing a test value */ if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) { #endif + void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap; + #ifndef WOLFSSL_STATIC_MEMORY_LEAN WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap; WOLFSSL_HEAP* ctx_heap; - void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap; ctx_heap = ssl_hint->memory; + #ifndef SINGLE_THREADED if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); } + #endif ctx_heap->curIO--; if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) { WOLFSSL_MSG("Error freeing fixed output buffer"); @@ -8302,15 +8408,20 @@ void SSL_ResourceFree(WOLFSSL* ssl) if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) { WOLFSSL_MSG("Error freeing fixed output buffer"); } - if (ssl_hint->haFlag && ctx_heap->curHa > 0) { /* check if handshake count has been decreased*/ + + /* check if handshake count has been decreased*/ + if (ssl_hint->haFlag && ctx_heap->curHa > 0) { ctx_heap->curHa--; } + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_heap->memory_mutex)); + #endif /* check if tracking stats */ if (ctx_heap->flag & WOLFMEM_TRACK_STATS) { XFREE(ssl_hint->stats, heap, DYNAMIC_TYPE_SSL); } + #endif /* !WOLFSSL_STATIC_MEMORY_LEAN */ XFREE(ssl->heap, heap, DYNAMIC_TYPE_SSL); #ifdef WOLFSSL_HEAP_TEST } @@ -8447,10 +8558,10 @@ void FreeHandshakeResources(WOLFSSL* ssl) FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key); ssl->peerEd448KeyPresent = 0; #endif /* HAVE_ED448 */ -#if defined(HAVE_PQC) && defined(HAVE_FALCON) +#if defined(HAVE_FALCON) FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; -#endif /* HAVE_PQC */ +#endif /* HAVE_FALCON */ } #ifdef HAVE_ECC @@ -8513,8 +8624,14 @@ void FreeHandshakeResources(WOLFSSL* ssl) } #endif /* !NO_DH */ -#ifndef NO_CERTS - wolfSSL_UnloadCertsKeys(ssl); +#if !defined(NO_CERTS) && !defined(OPENSSL_EXTRA) && \ + !defined(WOLFSSL_WPAS_SMALL) +#ifndef WOLFSSL_POST_HANDSHAKE_AUTH + if (ssl->options.side != WOLFSSL_CLIENT_END) +#endif + { + wolfSSL_UnloadCertsKeys(ssl); + } #endif #ifdef HAVE_PK_CALLBACKS #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) @@ -8572,14 +8689,20 @@ void FreeHandshakeResources(WOLFSSL* ssl) WOLFSSL_HEAP* ctx_heap; ctx_heap = ssl_hint->memory; + #ifndef SINGLE_THREADED if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); } + #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN if (ctx_heap->curHa > 0) { ctx_heap->curHa--; } ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */ + #endif + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_heap->memory_mutex)); + #endif #ifdef WOLFSSL_HEAP_TEST } #endif @@ -8779,8 +8902,7 @@ void DtlsMsgDelete(DtlsMsg* item, void* heap) DtlsMsgDestroyFragBucket(item->fragBucketList, heap); item->fragBucketList = next; } - if (item->raw != NULL) - XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG); + XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG); XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); } } @@ -9432,7 +9554,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket) int inputSz, sendSz; input = pool->raw; - inputSz = pool->sz; + inputSz = (int)pool->sz; sendSz = inputSz + cipherExtraData(ssl); #ifdef HAVE_SECURE_RENEGOTIATION @@ -9696,7 +9818,12 @@ ProtocolVersion MakeDTLSv1_3(void) #elif defined(FREERTOS) - #include "task.h" + #ifdef PLATFORMIO + #include + #include + #else + #include "task.h" + #endif unsigned int LowResTimer(void) { @@ -9779,7 +9906,7 @@ ProtocolVersion MakeDTLSv1_3(void) word32 LowResTimer(void) { int64_t t; - #if defined(CONFIG_ARCH_POSIX) + #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX) k_cpu_idle(); #endif t = k_uptime_get(); /* returns current uptime in milliseconds */ @@ -9876,7 +10003,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_StoreMessage(ssl, data, sz); - if (ret != 0 && ret != CRYPTOCB_UNAVAILABLE) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -9891,7 +10018,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, data, sz); + ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, data, (word32)sz); if (ret != 0) return ret; #ifdef WOLFSSL_DEBUG_TLS @@ -9901,7 +10028,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #endif #endif #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, data, sz); + ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, data, (word32)sz); if (ret != 0) return ret; #ifdef WOLFSSL_DEBUG_TLS @@ -9911,7 +10038,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #endif #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, data, sz); + ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, data, (word32)sz); if (ret != 0) return ret; #ifdef WOLFSSL_DEBUG_TLS @@ -10459,7 +10586,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) ssl->buffers.inputBuffer.dynamicFlag = 0; ssl->buffers.inputBuffer.offset = 0; ssl->buffers.inputBuffer.idx = 0; - ssl->buffers.inputBuffer.length = usedLength; + ssl->buffers.inputBuffer.length = (word32)usedLength; } int SendBuffered(WOLFSSL* ssl) @@ -10714,7 +10841,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) ssl->buffers.inputBuffer.buffer = tmp; ssl->buffers.inputBuffer.bufferSize = size + usedLength; ssl->buffers.inputBuffer.idx = 0; - ssl->buffers.inputBuffer.length = usedLength; + ssl->buffers.inputBuffer.length = (word32)usedLength; return 0; } @@ -11018,7 +11145,7 @@ static int MsgCheckBoundary(const WOLFSSL* ssl, byte type, * @param ssl The current connection * @param type The enum HandShakeType of the current message * @param msgSz Size of the current message - * @return + * @return int (less than 0 on fail, 0 on success) */ int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz) { @@ -11174,7 +11301,9 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, /* version 1.3 already negotiated */ if (ssl->options.tls1_3) { ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); - if (ret == 0 || ret != SEQUENCE_ERROR || ret != DTLS_CID_ERROR) + if (ret == 0 || + ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || + ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) return ret; } @@ -11196,7 +11325,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->buffers.inputBuffer.length - *inOutIdx < DTLS_RECORD_HEADER_SZ) { ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ); /* Check if Dtls13RtxTimeout(ssl) returned socket error */ - if (ret == SOCKET_ERROR_E) + if (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) return ret; if (ret != 0) return LENGTH_ERROR; @@ -11265,7 +11394,13 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, ssl->fuzzerCb(ssl, ssl->buffers.inputBuffer.buffer + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD, ssl->fuzzerCtx); #endif - XMEMCPY(rh, ssl->buffers.inputBuffer.buffer + *inOutIdx, RECORD_HEADER_SZ); + /* Set explicitly rather than make assumptions on struct layout */ + rh->type = ssl->buffers.inputBuffer.buffer[*inOutIdx]; + rh->pvMajor = ssl->buffers.inputBuffer.buffer[*inOutIdx + 1]; + rh->pvMinor = ssl->buffers.inputBuffer.buffer[*inOutIdx + 2]; + rh->length[0] = ssl->buffers.inputBuffer.buffer[*inOutIdx + 3]; + rh->length[1] = ssl->buffers.inputBuffer.buffer[*inOutIdx + 4]; + *inOutIdx += RECORD_HEADER_SZ; ato16(rh->length, size); } @@ -11328,7 +11463,20 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, } } #endif /* WOLFSSL_DTLS13 */ - else { + /* Don't care about protocol version being lower than expected on alerts + * sent back before version negotiation. */ + else if (!(ssl->options.side == WOLFSSL_CLIENT_END && + ssl->options.connectState == CLIENT_HELLO_SENT && + rh->type == alert && + rh->pvMajor == ssl->version.major && + #ifdef WOLFSSL_DTLS + ((ssl->options.dtls && rh->pvMinor == DTLS_MINOR) || + (!ssl->options.dtls && + rh->pvMinor < ssl->version.minor)) + #else + rh->pvMinor < ssl->version.minor + #endif + )) { WOLFSSL_MSG("SSL version error"); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; /* only use requested version */ @@ -12265,53 +12413,77 @@ int CipherRequires(byte first, byte second, int requirement) *.z.com matches y.z.com but not x.y.z.com return 1 on success */ -int MatchDomainName(const char* pattern, int len, const char* str) +int MatchDomainName(const char* pattern, int patternLen, const char* str, + word32 strLen) { int ret = 0; - if (pattern == NULL || str == NULL || len <= 0) + if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; - while (len > 0) { - - char p = (char)XTOLOWER((unsigned char)*pattern++); + while (patternLen > 0) { + /* Get the next pattern char to evaluate */ + char p = (char)XTOLOWER((unsigned char)*pattern); if (p == '\0') break; + pattern++; + if (p == '*') { char s; + /* We will always match '*' */ + patternLen--; - while (--len > 0) { + /* Consume any extra '*' chars until the next non '*' char. */ + while (patternLen > 0) { p = (char)XTOLOWER((unsigned char)*pattern); pattern++; + if (p == '\0' && patternLen > 0) + return 0; if (p != '*') break; + + patternLen--; } - if (len == 0) - p = '\0'; + /* Consume str until we reach next char in pattern after '*' or + * end of string */ + while (strLen > 0) { + s = (char)XTOLOWER((unsigned char) *str); + str++; + strLen--; + + /* p is next char in pattern after '*', or '*' if '*' is the + * last char in the pattern (in which case patternLen is 1) */ + if ( ((s == p) && (patternLen > 0))) { + /* We had already counted the '*' as matched, this means + * we also matched the next non '*' char in pattern */ + patternLen--; + break; + } - while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') { - if (s == p) + /* If strlen is 0, we have consumed the entire string. Count that + * as a match of '*' */ + if (strLen == 0) { break; + } + if (s == '.') return 0; - str++; } } else { + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; - } - - if (len > 0) { str++; - len--; + strLen--; + patternLen--; } } - if (*str == '\0' && len == 0) { + if (strLen == 0 && patternLen == 0) { ret = 1; /* success */ } @@ -12323,14 +12495,16 @@ int MatchDomainName(const char* pattern, int len, const char* str) * Fail if there are wild patterns and they didn't match. * Check the common name if no alternative names matched. * - * dCert Decoded cert to get the alternative names from. - * domain Domain name to compare against. - * checkCN Whether to check the common name. - * returns 1 : match was found. - * 0 : no match found. - * -1 : No matches and wild pattern match failed. + * dCert Decoded cert to get the alternative names from. + * domain Domain name to compare against. + * domainLen Length of the domain name. + * checkCN Whether to check the common name. + * returns 1 : match was found. + * 0 : no match found. + * -1 : No matches and wild pattern match failed. */ -int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) +int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, + int* checkCN) { int match = 0; DNS_entry* altName = NULL; @@ -12349,19 +12523,19 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME if (altName->type == ASN_IP_TYPE) { buf = altName->ipString; len = (word32)XSTRLEN(buf); } else -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ { buf = altName->name; - len = altName->len; + len = (word32)altName->len; } - if (MatchDomainName(buf, len, domain)) { + if (MatchDomainName(buf, (int)len, domain, domainLen)) { match = 1; if (checkCN != NULL) { *checkCN = 0; @@ -12393,12 +12567,11 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) { int checkCN; - int ret = DOMAIN_NAME_MISMATCH; + int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH); - /* Assume name is NUL terminated. */ - (void)domainNameLen; - - if (CheckForAltNames(dCert, domainName, &checkCN) != 1) { + if (CheckForAltNames(dCert, domainName, (word32)domainNameLen, + &checkCN) != 1) { + ret = DOMAIN_NAME_MISMATCH; WOLFSSL_MSG("DomainName match on alt names failed"); } else { @@ -12408,10 +12581,11 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY if (checkCN == 1) { if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, - domainName) == 1) { + domainName, (word32)domainNameLen) == 1) { ret = 0; } else { + ret = DOMAIN_NAME_MISMATCH; WOLFSSL_MSG("DomainName match on common name failed"); } } @@ -12434,7 +12608,7 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, { if (chain->count < MAX_CHAIN_DEPTH && certSz < MAX_X509_SIZE) { - chain->certs[chain->count].length = certSz; + chain->certs[chain->count].length = (int)certSz; XMEMCPY(chain->certs[chain->count].buffer, certBuf, certSz); chain->count++; } @@ -12448,7 +12622,13 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType) { - if (nameType == SUBJECT) { + if (name->dynamicName) { + XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); + name->name = name->staticName; + name->dynamicName = 0; + } + + if (nameType == ASN_SUBJECT) { XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); name->name[ASN_NAME_MAX - 1] = '\0'; name->sz = (int)XSTRLEN(name->name) + 1; @@ -12472,52 +12652,37 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType) } } - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(IGNORE_NAME_CONSTRAINTS) -/* copies over additional alt names such as dirName - * returns 0 on success - */ -static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type, - void* heap) +static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap) { - DNS_entry* cur = from; + /* Copy from to the beginning of to */ + DNS_entry** prev_next = to; + DNS_entry* next; if (to == NULL) { return BAD_FUNC_ARG; } - while (cur != NULL) { - if (cur->type == type) { - DNS_entry* dnsEntry; - int strLen = cur->len; + next = *to; - dnsEntry = AltNameNew(heap); - if (dnsEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } + for (; from != NULL; from = from->next) { + DNS_entry* dnsEntry; - dnsEntry->type = type; - dnsEntry->name = (char*)XMALLOC(strLen + 1, heap, - DYNAMIC_TYPE_ALTNAME); - if (dnsEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - dnsEntry->len = strLen; - XMEMCPY(dnsEntry->name, cur->name, strLen); - dnsEntry->name[strLen] = '\0'; + if (type != -1 && from->type != type) + continue; - dnsEntry->next = *to; - *to = dnsEntry; + dnsEntry = AltNameDup(from, heap); + if (dnsEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; } - cur = cur->next; + + dnsEntry->next = next; + *prev_next = dnsEntry; + prev_next = &dnsEntry->next; } + return 0; } -#endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_CERT_REQ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) @@ -12632,11 +12797,10 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* WOLFSSL_CERT_REQ */ /* Copy parts X509 needs from Decoded cert, 0 on success */ -/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the - * altNames pointers could be free'd by second x509 still active by first */ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; + int minSz; if (x509 == NULL || dCert == NULL || dCert->subjectCNLen < 0) @@ -12650,7 +12814,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->version = dCert->version + 1; - CopyDecodedName(&x509->issuer, dCert, ISSUER); + CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->issuerName != NULL) { wolfSSL_X509_set_issuer_name(x509, @@ -12658,7 +12822,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->issuer.x509 = x509; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - CopyDecodedName(&x509->subject, dCert, SUBJECT); + CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->subjectName != NULL) { wolfSSL_X509_set_subject_name(x509, @@ -12686,55 +12850,51 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* WOLFSSL_CERT_REQ */ #ifdef WOLFSSL_SEP - { - int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->deviceTypeSz = minSz; - XMEMCPY(x509->deviceType, dCert->deviceType, minSz); - } - else - x509->deviceTypeSz = 0; - minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwTypeSz = minSz; - XMEMCPY(x509->hwType, dCert->hwType, minSz); - } - else - x509->hwTypeSz = 0; - minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwSerialNumSz = minSz; - XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); - } - else - x509->hwSerialNumSz = 0; + minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->deviceTypeSz = minSz; + XMEMCPY(x509->deviceType, dCert->deviceType, minSz); } + else + x509->deviceTypeSz = 0; + minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwTypeSz = minSz; + XMEMCPY(x509->hwType, dCert->hwType, minSz); + } + else + x509->hwTypeSz = 0; + minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwSerialNumSz = minSz; + XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); + } + else + x509->hwSerialNumSz = 0; #endif /* WOLFSSL_SEP */ - { - int minSz; - if (dCert->beforeDateLen > 0) { - minSz = min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dCert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); - } - else - x509->notBefore.length = 0; - if (dCert->afterDateLen > 0) { - minSz = min(dCert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); - } - else - x509->notAfter.length = 0; + + if (dCert->beforeDateLen > 0) { + minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); + x509->notBefore.type = dCert->beforeDate[0]; + x509->notBefore.length = minSz; + XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); + } + else + x509->notBefore.length = 0; + if (dCert->afterDateLen > 0) { + minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); + x509->notAfter.type = dCert->afterDate[0]; + x509->notAfter.length = minSz; + XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); } + else + x509->notAfter.length = 0; if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (x509->pubKey.buffer != NULL) { - x509->pubKeyOID = dCert->keyOID; + x509->pubKeyOID = (int)dCert->keyOID; x509->pubKey.length = dCert->pubKeySize; XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize); } @@ -12742,7 +12902,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; #if defined(OPENSSL_ALL) if (ret == 0) { - x509->key.pubKeyOID = dCert->keyOID; + x509->key.pubKeyOID = (int)dCert->keyOID; if (!x509->key.algor) { x509->key.algor = wolfSSL_X509_ALGOR_new(); @@ -12780,7 +12940,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) else { XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength); x509->sig.length = dCert->sigLength; - x509->sigOID = dCert->signatureOID; + x509->sigOID = (int)dCert->signatureOID; } #if defined(OPENSSL_ALL) wolfSSL_ASN1_OBJECT_free(x509->algor.algorithm); @@ -12804,19 +12964,21 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } } - x509->altNames = dCert->altNames; - dCert->weOwnAltNames = 0; + /* add alt names from dCert to X509 */ + if (CopyAltNames(&x509->altNames, dCert->altNames, -1, x509->heap) != 0) { + return MEMORY_E; + } #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(IGNORE_NAME_CONSTRAINTS) /* add copies of email names from dCert to X509 */ - if (CopyAdditionalAltNames(&x509->altNames, dCert->altEmailNames, + if (CopyAltNames(&x509->altNames, dCert->altEmailNames, ASN_RFC822_TYPE, x509->heap) != 0) { return MEMORY_E; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) /* add copies of alternate directory names from dCert to X509 */ - if (CopyAdditionalAltNames(&x509->altNames, dCert->altDirNames, + if (CopyAltNames(&x509->altNames, dCert->altDirNames, ASN_DIR_TYPE, x509->heap) != 0) { return MEMORY_E; } @@ -12865,7 +13027,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) { x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap, DYNAMIC_TYPE_X509_EXT); @@ -12951,10 +13113,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #ifndef IGNORE_NETSCAPE_CERT_TYPE x509->nsCertType = dCert->nsCertType; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #endif #ifdef WOLFSSL_CERT_EXT { int i; @@ -13081,12 +13243,9 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - if (status) - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - if (single) - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - if (response) - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); return MEMORY_ERROR; } @@ -13135,7 +13294,7 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); WOLFSSL* ssl = (WOLFSSL*)ctx; if (ssl && ssl->ctx->EccVerifyCb) { @@ -13150,7 +13309,7 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); WOLFSSL* ssl = (WOLFSSL*)ctx; if (ssl && ssl->ctx->RsaVerifyCb) { @@ -13212,24 +13371,26 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret) /* Determine alert reason */ alertWhy = bad_certificate; - if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) { + if (ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E) || + ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E)) { alertWhy = certificate_expired; } - else if (ret == ASN_NO_SIGNER_E || ret == ASN_PATHLEN_INV_E || - ret == ASN_PATHLEN_SIZE_E) { + else if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + ret == WC_NO_ERR_TRACE(ASN_PATHLEN_INV_E) || + ret == WC_NO_ERR_TRACE(ASN_PATHLEN_SIZE_E)) { alertWhy = unknown_ca; } #ifdef OPENSSL_EXTRA - else if (ret == CRL_CERT_REVOKED) { + else if (ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED)) { alertWhy = certificate_revoked; } #endif #if defined(HAVE_RPK) - else if (ret == UNSUPPORTED_CERTIFICATE) { + else if (ret == WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)) { alertWhy = unsupported_certificate; } #endif /* HAVE_RPK */ - else if (ret == NO_PEER_CERT) { + else if (ret == WC_NO_ERR_TRACE(NO_PEER_CERT)) { #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { alertWhy = certificate_required; @@ -13246,6 +13407,166 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret) ssl->options.isClosed = 1; } + +int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, + WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args, + int cert_err, void* heap, int* x509Free) +{ + WOLFSSL_X509_STORE_CTX* store = NULL; + char* domain = NULL; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_X509* x509 = NULL; +#endif + + *x509Free = 0; + + store = wolfSSL_X509_STORE_CTX_new_ex(heap); + if (store == NULL) + goto mem_error; + domain = (char*)XMALLOC(ASN_NAME_MAX, heap, DYNAMIC_TYPE_STRING); + if (domain == NULL) + goto mem_error; + + domain[0] = '\0'; + + /* build subject CN as string to return in store */ + if (args->dCertInit && args->dCert && args->dCert->subjectCN) { + int subjectCNLen = args->dCert->subjectCNLen; + if (subjectCNLen > ASN_NAME_MAX-1) + subjectCNLen = ASN_NAME_MAX-1; + if (subjectCNLen > 0) { + XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); + domain[subjectCNLen] = '\0'; + } + } + +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + store->error = cert_err; +#else + store->error = GetX509Error(cert_err); +#endif + store->error_depth = args->certIdx; + store->discardSessionCerts = 0; + store->domain = domain; + if (ssl != NULL) { + if (ssl->verifyCbCtx != NULL) { + /* Use the WOLFSSL user context if set */ + store->userCtx = ssl->verifyCbCtx; + } + else { + /* Else use the WOLFSSL_CTX user context */ + store->userCtx = ssl->ctx->verifyCbCtx; + } + } + else { + store->userCtx = cm; + } + store->certs = args->certs; + store->totalCerts = args->totalCerts; +#if defined(HAVE_EX_DATA) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX"); + } +#endif + + if (ssl != NULL) { +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + store->store = SSL_STORE(ssl); +#if defined(OPENSSL_EXTRA) + store->depth = args->count; + /* Overwrite with non-default param values in SSL */ + if (ssl->param) { + if (ssl->param->check_time) + store->param->check_time = ssl->param->check_time; + + if (ssl->param->flags) + store->param->flags = ssl->param->flags; +#ifdef WOLFSSL_LOCAL_X509_STORE + else if (SSL_STORE(ssl) && SSL_STORE(ssl)->param && + SSL_STORE(ssl)->param->flags) + store->param->flags = SSL_STORE(ssl)->param->flags; +#endif + + + if (ssl->param->hostName[0]) + XMEMCPY(store->param->hostName, ssl->param->hostName, + WOLFSSL_HOST_NAME_MAX); + + } +#endif /* defined(OPENSSL_EXTRA) */ +#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #ifdef KEEP_PEER_CERT + if (args->certIdx == 0) { + FreeX509(&ssl->peerCert); + InitX509(&ssl->peerCert, 0, ssl->heap); + if (CopyDecodedToX509(&ssl->peerCert, args->dCert) == 0) + WOLFSSL_MSG("Unable to copy to ssl->peerCert"); + store->current_cert = &ssl->peerCert; /* use existing X509 */ + } + else + #endif + { + x509 = wolfSSL_X509_new_ex(heap); + if (x509 == NULL) + goto mem_error; + if (CopyDecodedToX509(x509, args->dCert) == 0) { + store->current_cert = x509; + *x509Free = 1; + } + else { + goto mem_error; + } + } +#endif +#ifdef SESSION_CERTS + store->sesChain = &ssl->session->chain; +#endif + } + *store_pt = store; + return 0; +mem_error: + if (store != NULL) + wolfSSL_X509_STORE_CTX_free(store); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + if (x509 != NULL) + wolfSSL_X509_free(x509); +#endif + XFREE(domain, heap, DYNAMIC_TYPE_STRING); + return MEMORY_E; +} + +void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, + WOLFSSL* ssl, void* heap, int x509Free) +{ + (void)ssl; + (void)x509Free; + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + wolfSSL_sk_X509_pop_free(store->chain, NULL); + store->chain = NULL; +#endif +#ifdef SESSION_CERTS + if ((ssl != NULL) && (store->discardSessionCerts)) { + WOLFSSL_MSG("Verify callback requested discard sess certs"); + ssl->session->chain.count = 0; + #ifdef WOLFSSL_ALT_CERT_CHAINS + ssl->session->altChain.count = 0; + #endif + } +#endif /* SESSION_CERTS */ + XFREE(store->domain, heap, DYNAMIC_TYPE_STRING); + store->domain = NULL; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + if (x509Free) + wolfSSL_X509_free(store->current_cert); + store->current_cert = NULL; +#endif + wolfSSL_X509_STORE_CTX_free(store); +} + /* WOLFSSL_ALWAYS_VERIFY_CB: Use verify callback for success or failure cases */ /* WOLFSSL_VERIFY_CB_ALL_CERTS: Issue callback for all intermediate certificates */ @@ -13254,10 +13575,10 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret) * store->error_depth member to determine index (0=peer, >1 intermediates) */ -int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, +int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, ProcPeerCertArgs* args) { - int verify_ok = 0, use_cb = 0; + int verify_ok = 0, use_cb = 0, ret = cert_err; void *heap; if (cm == NULL) { @@ -13267,12 +13588,12 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, heap = (ssl != NULL) ? ssl->heap : cm->heap; /* Determine if verify was okay */ - if (ret == 0) { + if (cert_err == 0) { verify_ok = 1; } /* Determine if verify callback should be used */ - if (ret != 0) { + if (cert_err != 0) { if ((ssl != NULL) && (!ssl->options.verifyNone)) { use_cb = 1; /* always report errors */ } @@ -13297,8 +13618,9 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, ssl->param && ssl->param->hostName[0]) { /* If altNames names is present, then subject common name is ignored */ if (args->dCert->altNames != NULL) { - if (CheckForAltNames(args->dCert, ssl->param->hostName, NULL) != 1) { - if (ret == 0) { + if (CheckForAltNames(args->dCert, ssl->param->hostName, + (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) { + if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); } @@ -13307,10 +13629,12 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY else { if (args->dCert->subjectCN) { - if (MatchDomainName(args->dCert->subjectCN, - args->dCert->subjectCNLen, - ssl->param->hostName) == 0) { - if (ret == 0) { + if (MatchDomainName( + args->dCert->subjectCN, + args->dCert->subjectCNLen, + ssl->param->hostName, + (word32)XSTRLEN(ssl->param->hostName)) == 0) { + if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); } @@ -13319,7 +13643,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, } #else else { - if (ret == 0) { + if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); } @@ -13331,7 +13655,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, if ((args->dCertInit != 0) && (args->dCert != NULL) && (ssl != NULL) && (ssl->param != NULL) && (XSTRLEN(ssl->param->ipasc) > 0)) { if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) { - if (ret == 0) { + if (cert_err == 0) { ret = IPADDR_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); } @@ -13343,6 +13667,10 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, if ((use_cb && (ssl != NULL) && ((ssl->verifyCallback != NULL) #ifdef OPENSSL_ALL || (ssl->ctx->verifyCertCb != NULL) + #endif + #if defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) + || (SSL_STORE(ssl) != NULL && SSL_STORE(ssl)->verify_cb != NULL) #endif )) #ifndef NO_WOLFSSL_CM_VERIFY @@ -13350,157 +13678,20 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, #endif ) { int verifyFail = 0; - #ifdef WOLFSSL_SMALL_STACK - WOLFSSL_X509_STORE_CTX* store; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - WOLFSSL_X509* x509; - #endif - char* domain = NULL; - #else - WOLFSSL_X509_STORE_CTX store[1]; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - WOLFSSL_X509 x509[1]; - #endif - char domain[ASN_NAME_MAX]; - #endif - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_X509_STORE_CTX* store = NULL; int x509Free = 0; - #endif - - #ifdef WOLFSSL_SMALL_STACK - store = (WOLFSSL_X509_STORE_CTX*)XMALLOC( - sizeof(WOLFSSL_X509_STORE_CTX), heap, DYNAMIC_TYPE_X509_STORE); - if (store == NULL) { - return MEMORY_E; - } - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, - DYNAMIC_TYPE_X509); - if (x509 == NULL) { - XFREE(store, heap, DYNAMIC_TYPE_X509_STORE); - return MEMORY_E; - } - #endif - domain = (char*)XMALLOC(ASN_NAME_MAX, heap, DYNAMIC_TYPE_STRING); - if (domain == NULL) { - XFREE(store, heap, DYNAMIC_TYPE_X509_STORE); - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XFREE(x509, heap, DYNAMIC_TYPE_X509); - #endif - return MEMORY_E; - } - #endif /* WOLFSSL_SMALL_STACK */ - - XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX)); - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); - #endif - domain[0] = '\0'; - - /* build subject CN as string to return in store */ - if (args->dCertInit && args->dCert && args->dCert->subjectCN) { - int subjectCNLen = args->dCert->subjectCNLen; - if (subjectCNLen > ASN_NAME_MAX-1) - subjectCNLen = ASN_NAME_MAX-1; - if (subjectCNLen > 0) { - XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); - domain[subjectCNLen] = '\0'; - } - } - -#ifndef OPENSSL_COMPATIBLE_DEFAULTS - store->error = ret; -#else - store->error = GetX509Error(ret); -#endif - store->error_depth = args->certIdx; - store->discardSessionCerts = 0; - store->domain = domain; - if (ssl != NULL) { - if (ssl->verifyCbCtx != NULL) { - /* Use the WOLFSSL user context if set */ - store->userCtx = ssl->verifyCbCtx; - } - else { - /* Else use the WOLFSSL_CTX user context */ - store->userCtx = ssl->ctx->verifyCbCtx; - } - } - else { - store->userCtx = cm; - } - store->certs = args->certs; - store->totalCerts = args->totalCerts; - #if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) - if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl) - != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX"); - } - #endif + int setupRet = SetupStoreCtxCallback(&store, ssl, cm, args, cert_err, + heap, &x509Free); - if (ssl != NULL) { - #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - store->store = SSL_STORE(ssl); - #if defined(OPENSSL_EXTRA) - store->depth = args->count; - store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( - sizeof(WOLFSSL_X509_VERIFY_PARAM), - heap, DYNAMIC_TYPE_OPENSSL); - if (store->param == NULL) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(domain, heap, DYNAMIC_TYPE_STRING); - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XFREE(x509, heap, DYNAMIC_TYPE_X509); - #endif - XFREE(store, heap, DYNAMIC_TYPE_X509_STORE); - #endif - return MEMORY_E; - } - XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - /* Overwrite with non-default param values in SSL */ - if (ssl->param) { - if (ssl->param->check_time) - store->param->check_time = ssl->param->check_time; + if (setupRet != 0) + return setupRet; - if (ssl->param->flags) - store->param->flags = ssl->param->flags; - - if (ssl->param->hostName[0]) - XMEMCPY(store->param->hostName, ssl->param->hostName, - WOLFSSL_HOST_NAME_MAX); - - } - #endif /* defined(OPENSSL_EXTRA) */ - #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - #ifdef KEEP_PEER_CERT - if (args->certIdx == 0) { - store->current_cert = &ssl->peerCert; /* use existing X509 */ - } - else - #endif - { - InitX509(x509, 0, heap); - if (CopyDecodedToX509(x509, args->dCert) == 0) { - store->current_cert = x509; - x509Free = 1; - } - else { - FreeX509(x509); - } - } - #endif - #ifdef SESSION_CERTS - store->sesChain = &ssl->session->chain; - #endif - } #ifndef NO_WOLFSSL_CM_VERIFY /* non-zero return code indicates failure override */ if (cm->verifyCallback != NULL) { store->userCtx = cm; if (cm->verifyCallback(verify_ok, store)) { - if (ret != 0) { + if (cert_err != 0) { WOLFSSL_MSG("Verify CM callback overriding error!"); ret = 0; } @@ -13516,7 +13707,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, /* non-zero return code indicates failure override */ if (ssl->ctx->verifyCertCb) { if (ssl->ctx->verifyCertCb(store, ssl->ctx->verifyCertCbArg)) { - if (ret != 0) { + if (cert_err != 0) { WOLFSSL_MSG("Verify Cert callback overriding error!"); ret = 0; } @@ -13526,11 +13717,10 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, } } #endif - /* non-zero return code indicates failure override */ if (ssl->verifyCallback) { if (ssl->verifyCallback(verify_ok, store)) { - if (ret != 0) { + if (cert_err != 0) { WOLFSSL_MSG("Verify callback overriding error!"); ret = 0; } @@ -13539,11 +13729,25 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, verifyFail = 1; } } +#if defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) + if (SSL_STORE(ssl) != NULL && SSL_STORE(ssl)->verify_cb != NULL) { + if (SSL_STORE(ssl)->verify_cb(verify_ok, store)) { + if (cert_err != 0) { + WOLFSSL_MSG("Store Verify callback overriding error!"); + ret = 0; + } + } + else { + verifyFail = 1; + } + } +#endif } if (verifyFail) { /* induce error if one not present */ - if (ret == 0) { + if (cert_err == 0) { ret = VERIFY_CERT_ERROR; WOLFSSL_ERROR_VERBOSE(ret); } @@ -13551,36 +13755,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, /* mark as verify error */ args->verifyErr = 1; } - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - if (x509Free) { - FreeX509(x509); - } - #endif - #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - wolfSSL_sk_X509_pop_free(store->chain, NULL); - store->chain = NULL; - #endif - #ifdef SESSION_CERTS - if ((ssl != NULL) && (store->discardSessionCerts)) { - WOLFSSL_MSG("Verify callback requested discard sess certs"); - ssl->session->chain.count = 0; - #ifdef WOLFSSL_ALT_CERT_CHAINS - ssl->session->altChain.count = 0; - #endif - } - #endif /* SESSION_CERTS */ -#ifdef OPENSSL_EXTRA - if ((ssl != NULL) && (store->param)) { - XFREE(store->param, heap, DYNAMIC_TYPE_OPENSSL); - } -#endif - #ifdef WOLFSSL_SMALL_STACK - XFREE(domain, heap, DYNAMIC_TYPE_STRING); - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XFREE(x509, heap, DYNAMIC_TYPE_X509); - #endif - XFREE(store, heap, DYNAMIC_TYPE_X509_STORE); - #endif + CleanupStoreCtxCallback(store, ssl, heap, x509Free); } (void)heap; @@ -13588,21 +13763,61 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, return ret; } +#ifdef HAVE_CRL +void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, + ProcPeerCertArgs* args, int* outRet) +{ +#if defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) + int ret = 0; + void* heap = (ssl != NULL) ? ssl->heap : cm->heap; + WOLFSSL_X509_STORE* cert_store = (ssl != NULL) ? SSL_STORE(ssl) : NULL; + + if (cert_store != NULL && cert_store->get_crl_cb != NULL) { + WOLFSSL_CRL* userCrl = NULL; + WOLFSSL_X509_STORE_CTX* store = NULL; + int x509Free = 0; + + ret = SetupStoreCtxCallback(&store, ssl, cm, args, 0, heap, + &x509Free); + if (ret != 0) { + *outRet = ret; + return; + } + + ret = cert_store->get_crl_cb(store, &userCrl, store->current_cert); + if (ret == 1 && userCrl != NULL) { + /* Point to current cm to be able to verify CRL */ + userCrl->cm = SSL_CM(ssl); + *outRet = CheckCertCRL(userCrl, args->dCert); + } + else + *outRet = CRL_MISSING; + + if (userCrl != NULL) + wolfSSL_X509_CRL_free(userCrl); + CleanupStoreCtxCallback(store, ssl, heap, x509Free); + } +#else + (void)cm; + (void)ssl; + (void)args; + (void)outRet; +#endif +} +#endif + static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) { ProcPeerCertArgs* args = (ProcPeerCertArgs*)pArgs; (void)ssl; - if (args->certs) { - XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); - args->certs = NULL; - } + XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); + args->certs = NULL; #ifdef WOLFSSL_TLS13 - if (args->exts) { - XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT); - args->exts = NULL; - } + XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT); + args->exts = NULL; #endif if (args->dCert) { if (args->dCertInit) { @@ -13658,7 +13873,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) #if defined(NO_SHA) && !defined(NO_SHA256) retHash = wc_Sha256Hash((const byte*)pbuf, len, dgt); #elif !defined(NO_SHA) - retHash = wc_ShaHash((const byte*)pbuf, len, dgt); + retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt); #endif if (retHash == 0) { /* 4 bytes in little endian as unsigned long */ @@ -13712,9 +13927,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) /* / .(r)N\0 */ /*|1| 8 |1|1|1|1| => 13 */ len = (int)XSTRLEN(entry->dir_name) + 13; - if (filename != NULL) { - XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); - } + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); if (filename == NULL) { @@ -13728,7 +13941,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) for (; suffix < MAX_SUFFIX; suffix++) { /* /folder-path/.(r)N[0..9] */ - if (XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name, + if (XSNPRINTF(filename, (size_t)len, "%s/%08lx.%s%d", entry->dir_name, hash, post, suffix) >= len) { @@ -13823,6 +14036,7 @@ static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args, buffer* cert; byte* subjectHash = NULL; int alreadySigner = 0; + Signer *extraSigners = NULL; #if defined(HAVE_RPK) int cType; #endif @@ -13853,7 +14067,7 @@ PRAGMA_GCC_DIAG_POP /* check if returning from non-blocking OCSP */ /* skip this section because cert is already initialized and parsed */ #ifdef WOLFSSL_NONBLOCK_OCSP - if (args->lastErr == OCSP_WANT_READ) { + if (args->lastErr == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { args->lastErr = 0; /* clear error */ return 0; } @@ -13883,7 +14097,7 @@ PRAGMA_GCC_DIAG_POP } /* perform cert parsing and signature check */ - sigRet = CheckCertSignature(cert->buffer, cert->length, + sigRet = wc_CheckCertSignature(cert->buffer, cert->length, ssl->heap, SSL_CM(ssl)); /* fail on errors here after the ParseCertRelative call, so dCert is populated */ @@ -13924,9 +14138,13 @@ PRAGMA_GCC_DIAG_POP return ret; #endif } - +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (verify != NO_VERIFY && TLSX_CSR2_IsMulti(ssl->extensions)) { + extraSigners = TLSX_CSR2_GetPendingSigners(ssl->extensions); + } +#endif /* Parse Certificate */ - ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl)); + ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl), extraSigners); #if defined(HAVE_RPK) /* if cert type has negotiated with peer, confirm the cert received has @@ -13959,7 +14177,9 @@ PRAGMA_GCC_DIAG_POP #endif /* HAVE_RPK */ /* perform below checks for date failure cases */ - if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { + if (ret == 0 || + ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || + ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* get subject and determine if already loaded */ #ifndef NO_SKID if (args->dCert->extAuthKeyIdSet) @@ -13982,7 +14202,7 @@ PRAGMA_GCC_DIAG_POP *pAlreadySigner = alreadySigner; #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, args->dCert->sigCtx.asyncDev); } @@ -13994,7 +14214,7 @@ PRAGMA_GCC_DIAG_POP * original return code is returned. */ if (ssl->ctx && ssl->ctx->ProcessPeerCertCb) { int new_ret = ssl->ctx->ProcessPeerCertCb(ssl, args->dCert); - if (new_ret != NOT_COMPILED_IN) { + if (new_ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { ret = new_ret; } } @@ -14063,7 +14283,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) } break; #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: if (ssl->options.minFalconKeySz < 0 || @@ -14082,7 +14301,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) } break; #endif /* HAVE_FALCON */ - #endif /* HAVE_PQC */ #if defined(HAVE_DILITHIUM) case DILITHIUM_LEVEL2k: if (ssl->options.minDilithiumKeySz < 0 || @@ -14120,10 +14338,12 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) } #ifdef HAVE_CRL -static int ProcessPeerCertsChainCRLCheck(WOLFSSL_CERT_MANAGER* cm, Signer* ca) +static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) { Signer* prev = NULL; int ret = 0; + WOLFSSL_CERT_MANAGER* cm = SSL_CM(ssl); + Signer* ca = args->dCert->ca; /* End loop if no more issuers found or if we have * found a self signed cert (ca == prev) */ for (; ret == 0 && ca != NULL && ca != prev; @@ -14131,7 +14351,12 @@ static int ProcessPeerCertsChainCRLCheck(WOLFSSL_CERT_MANAGER* cm, Signer* ca) ret = CheckCertCRL_ex(cm->crl, ca->issuerNameHash, NULL, 0, ca->serialHash, NULL, 0, NULL); if (ret != 0) + DoCrlCallback(cm, ssl, args, &ret); + if (ret != 0){ + WOLFSSL_ERROR_VERBOSE(ret); + WOLFSSL_MSG("\tCRL check not ok"); break; + } } return ret; } @@ -14152,6 +14377,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte* subjectHash = NULL; int alreadySigner = 0; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + int addToPendingCAs = 0; +#endif WOLFSSL_ENTER("ProcessPeerCerts"); #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) @@ -14165,7 +14393,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args = (ProcPeerCertArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_ppc; @@ -14173,11 +14401,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, else #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_NONBLOCK_OCSP - if (ssl->error == OCSP_WANT_READ) { + if (ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { /* Re-entry after non-blocking OCSP */ #ifdef WOLFSSL_ASYNC_CRYPT /* if async operationg not pending, reset error code */ - if (ret == WC_NO_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E)) ret = 0; #endif } @@ -14513,7 +14741,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ !defined(NO_STDIO_FILESYSTEM) - if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) { + if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) { WOLFSSL_MSG("try to load certificate if hash dir is set"); ret = LoadCertByIssuer(SSL_STORE(ssl), (WOLFSSL_X509_NAME*)args->dCert->issuerName, @@ -14533,14 +14762,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) goto exit_ppc; #endif if (ret == 0) { ret = ProcessPeerCertCheckKey(ssl, args); } - else if (ret == ASN_PARSE_E || ret == BUFFER_E || - ret == MEMORY_E) { + else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || + ret == WC_NO_ERR_TRACE(BUFFER_E) || + ret == WC_NO_ERR_TRACE(MEMORY_E)) { WOLFSSL_MSG( "Got Peer cert ASN PARSE_E, BUFFER E, MEMORY_E"); ERROR_OUT(ret, exit_ppc); @@ -14575,9 +14805,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ret == 0) { #ifdef HAVE_OCSP #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - if (ssl->status_request_v2) { + addToPendingCAs = 0; + if (ssl->options.side == WOLFSSL_CLIENT_END && + ssl->status_request_v2 && + TLSX_CSR2_IsMulti(ssl->extensions)) { ret = TLSX_CSR2_InitRequests(ssl->extensions, args->dCert, 0, ssl->heap); + addToPendingCAs = 1; } else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ @@ -14587,7 +14821,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = CheckCertOCSP_ex(SSL_CM(ssl)->ocsp, args->dCert, ssl); #ifdef WOLFSSL_NONBLOCK_OCSP - if (ret == OCSP_WANT_READ) { + if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { args->lastErr = ret; goto exit_ppc; } @@ -14611,7 +14845,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, responder, do a CRL lookup. If any other error, skip the CRL lookup and fail the certificate. */ - doCrlLookup = (ret == OCSP_CERT_UNKNOWN); + doCrlLookup = (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)); } #endif /* HAVE_OCSP */ @@ -14624,19 +14858,21 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, * same WOULD_BLOCK error code as OCSP's I/O * callback, and it is enabling it using the * same flag. */ - if (ret == OCSP_WANT_READ) { + if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { args->lastErr = ret; goto exit_ppc; } #endif + if (ret != 0) + DoCrlCallback(SSL_CM(ssl), ssl, args, &ret); if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("\tCRL check not ok"); } if (ret == 0 && args->certIdx == args->totalCerts-1) { - ret = ProcessPeerCertsChainCRLCheck( - SSL_CM(ssl), args->dCert->ca); + ret = ProcessPeerCertsChainCRLCheck(ssl, + args); if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("\tCRL chain check not ok"); @@ -14665,7 +14901,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, chain mode only requires that the peer certificate validate to a trusted CA */ if (ret != 0 && args->dCert->isCA) { - if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) { + if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) { if (!ssl->options.usingAltCertChain) { WOLFSSL_MSG("Trying alternate cert chain"); ssl->options.usingAltCertChain = 1; @@ -14688,7 +14925,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, * for a CA cert to fail validation here, as we will verify * the entire chain when we hit the peer (leaf) cert */ if ((ssl->ctx->doAppleNativeCertValidationFlag) - && (ret == ASN_NO_SIGNER_E)) { + && (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E))) { WOLFSSL_MSG("Bypassing errors to allow for Apple native" " CA validation"); @@ -14706,8 +14943,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Do verify callback */ ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args); if (ssl->options.verifyNone && - (ret == CRL_MISSING || ret == CRL_CERT_REVOKED || - ret == CRL_CERT_DATE_ERR)) { + (ret == WC_NO_ERR_TRACE(CRL_MISSING) || + ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR))) { WOLFSSL_MSG("Ignoring CRL problem based on verify setting"); ret = ssl->error = 0; } @@ -14718,6 +14956,66 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, skipAddCA = 1; } #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ret == 0 && addToPendingCAs && !alreadySigner) { +#ifdef WOLFSSL_SMALL_STACK + DecodedCert *dCertAdd = NULL; +#else + DecodedCert dCertAdd[1]; +#endif + int dCertAdd_inited = 0; + DerBuffer *derBuffer = NULL; + buffer* cert = &args->certs[args->certIdx]; + Signer *s = NULL; + +#ifdef WOLFSSL_SMALL_STACK + dCertAdd = (DecodedCert *) + XMALLOC(sizeof(*dCertAdd), ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (dCertAdd == NULL) { + ret = MEMORY_E; + goto exit_req_v2; + } +#endif + InitDecodedCert(dCertAdd, cert->buffer, cert->length, + ssl->heap); + dCertAdd_inited = 1; + ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY, + SSL_CM(ssl)); + if (ret != 0) { + goto exit_req_v2; + } + ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap); + if (ret != 0 || derBuffer == NULL) { + goto exit_req_v2; + } + XMEMCPY(derBuffer->buffer, cert->buffer, cert->length); + s = MakeSigner(SSL_CM(ssl)->heap); + if (s == NULL) { + ret = MEMORY_E; + goto exit_req_v2; + } + ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer); + if (ret != 0) { + goto exit_req_v2; + } + skipAddCA = 1; + ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s); + + exit_req_v2: + if (s && (ret != 0)) + FreeSigner(s, SSL_CM(ssl)->heap); + if (derBuffer) + FreeDer(&derBuffer); + if (dCertAdd_inited) + FreeDecodedCert(dCertAdd); +#ifdef WOLFSSL_SMALL_STACK + XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (ret != 0) + goto exit_ppc; + } +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ /* If valid CA then add to Certificate Manager */ if (ret == 0 && args->dCert->isCA && @@ -14800,7 +15098,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ !defined(NO_STDIO_FILESYSTEM) - if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) { + if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) { int lastErr = ret; /* save error from last time */ WOLFSSL_MSG("try to load certificate if hash dir is set"); ret = LoadCertByIssuer(SSL_STORE(ssl), @@ -14821,7 +15120,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) goto exit_ppc; #endif if (ret == 0) { @@ -14878,8 +15177,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->fatal = 0; } } - else if (ret == ASN_PARSE_E || ret == BUFFER_E || - ret == MEMORY_E || ret == BAD_FUNC_ARG) { + else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || + ret == WC_NO_ERR_TRACE(BUFFER_E) || + ret == WC_NO_ERR_TRACE(MEMORY_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { WOLFSSL_MSG("Got Peer cert ASN_PARSE_E, BUFFER_E, MEMORY_E," " BAD_FUNC_ARG"); #if defined(WOLFSSL_EXTRA_ALERTS) || defined(OPENSSL_EXTRA) || \ @@ -14897,11 +15198,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (ssl->peerVerifyRet == 0) { /* Return first cert error here */ - if (ret == ASN_BEFORE_DATE_E) { + if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E)) { ssl->peerVerifyRet = (unsigned long)WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID; } - else if (ret == ASN_AFTER_DATE_E) { + else if (ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { ssl->peerVerifyRet = (unsigned long)WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED; } @@ -15039,11 +15340,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = CheckCertOCSP_ex(SSL_CM(ssl)->ocsp, args->dCert, ssl); #ifdef WOLFSSL_NONBLOCK_OCSP - if (ret == OCSP_WANT_READ) { + if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { goto exit_ppc; } #endif - doLookup = (ret == OCSP_CERT_UNKNOWN); + doLookup = (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)); if (ret != 0) { WOLFSSL_MSG("\tOCSP Lookup not ok"); args->fatal = 0; @@ -15069,10 +15370,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, * same WOULD_BLOCK error code as OCSP's I/O * callback, and it is enabling it using the * same flag. */ - if (ret == OCSP_WANT_READ) { + if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { goto exit_ppc; } #endif + if (ret != 0) + DoCrlCallback(SSL_CM(ssl), ssl, args, &ret); if (ret != 0) { WOLFSSL_MSG("\tCRL check not ok"); args->fatal = 0; @@ -15091,8 +15394,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, SSL_CM(ssl)->crlCheckAll && args->totalCerts == 1) { /* Check the entire cert chain */ if (args->dCert->ca != NULL) { - ret = ProcessPeerCertsChainCRLCheck(SSL_CM(ssl), - args->dCert->ca); + ret = ProcessPeerCertsChainCRLCheck(ssl, args); if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("\tCRL chain check not ok"); @@ -15112,28 +15414,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (args->fatal == 0) { int copyRet = 0; - #ifdef WOLFSSL_POST_HANDSHAKE_AUTH - if (ssl->options.handShakeDone) { - FreeX509(&ssl->peerCert); - InitX509(&ssl->peerCert, 0, ssl->heap); - } - else - #endif - #ifdef HAVE_SECURE_RENEGOTIATION - if (ssl->secure_renegotiation && - ssl->secure_renegotiation->enabled) { - /* free old peer cert */ - FreeX509(&ssl->peerCert); - InitX509(&ssl->peerCert, 0, ssl->heap); - } - else - #endif - { - } - - /* set X509 format for peer cert */ + /* free old peer cert */ + FreeX509(&ssl->peerCert); + InitX509(&ssl->peerCert, 0, ssl->heap); copyRet = CopyDecodedToX509(&ssl->peerCert, args->dCert); - if (copyRet == MEMORY_E) { + if (copyRet == WC_NO_ERR_TRACE(MEMORY_E)) { args->fatal = 1; } } @@ -15234,6 +15519,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (args->dCert->altNames) { if (CheckForAltNames(args->dCert, (char*)ssl->buffers.domainName.buffer, + (ssl->buffers.domainName.buffer == NULL ? 0 : + (word32)XSTRLEN( + (const char *)ssl->buffers.domainName.buffer)), NULL) != 1) { WOLFSSL_MSG("DomainName match on alt names failed"); /* try to get peer key still */ @@ -15243,9 +15531,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } else { if (MatchDomainName( - args->dCert->subjectCN, - args->dCert->subjectCNLen, - (char*)ssl->buffers.domainName.buffer) == 0) { + args->dCert->subjectCN, + args->dCert->subjectCNLen, + (char*)ssl->buffers.domainName.buffer, + (ssl->buffers.domainName.buffer == NULL ? 0 : + (word32)XSTRLEN( + (const char *)ssl->buffers.domainName.buffer) + )) == 0) + { WOLFSSL_MSG("DomainName match on common name failed"); ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -15255,10 +15548,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Old behavior. */ if (MatchDomainName(args->dCert->subjectCN, args->dCert->subjectCNLen, - (char*)ssl->buffers.domainName.buffer) == 0) { + (char*)ssl->buffers.domainName.buffer, + (ssl->buffers.domainName.buffer == NULL ? 0 : + (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0) + { WOLFSSL_MSG("DomainName match on common name failed"); if (CheckForAltNames(args->dCert, (char*)ssl->buffers.domainName.buffer, + (ssl->buffers.domainName.buffer == NULL ? 0 : + (word32)XSTRLEN(ssl->buffers.domainName.buffer)), NULL) != 1) { WOLFSSL_MSG( "DomainName match on alt names failed too"); @@ -15550,7 +15848,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: case FALCON_LEVEL5k: @@ -15600,7 +15897,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: @@ -15653,7 +15951,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, break; } #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ default: break; } @@ -15712,8 +16009,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args); if (ssl->options.verifyNone && - (ret == CRL_MISSING || ret == CRL_CERT_REVOKED || - ret == CRL_CERT_DATE_ERR)) { + (ret == WC_NO_ERR_TRACE(CRL_MISSING) || + ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR))) { WOLFSSL_MSG("Ignoring CRL problem based on verify setting"); ret = ssl->error = 0; } @@ -15760,7 +16058,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - if (ret == WC_PENDING_E || ret == OCSP_WANT_READ) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || + ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_certificate = 0; @@ -15806,7 +16105,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Reset the session cert chain count in case the session resume failed, * do not reset if we are resuming after an async wait */ #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - if (ssl->error != OCSP_WANT_READ && ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ) && + ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { ssl->session->chain.count = 0; @@ -15835,6 +16135,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, int ret = 0; byte status_type; word32 status_length; + int endCertificateOK = 0; WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_DO); WOLFSSL_ENTER("DoCertificateStatus"); @@ -15858,6 +16159,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ case WOLFSSL_CSR2_OCSP: ret = ProcessCSR(ssl, input, inOutIdx, status_length); + endCertificateOK = (ret == 0); break; #endif @@ -15868,6 +16170,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, OcspRequest* request; word32 list_length = status_length; byte idx = 0; + Signer *pendingCAs = NULL; #ifdef WOLFSSL_SMALL_STACK CertStatus* status; @@ -15879,14 +16182,12 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, OcspResponse response[1]; #endif - do { - if (ssl->status_request_v2) { - ssl->status_request_v2 = 0; - break; - } - + if (!ssl->status_request_v2) return BUFFER_ERROR; - } while(0); + + ssl->status_request_v2 = 0; + + pendingCAs = TLSX_CSR2_GetPendingSigners(ssl->extensions); #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, @@ -15897,12 +16198,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - if (status) - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - if (single) - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - if (response) - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); return MEMORY_ERROR; } @@ -15926,23 +16224,27 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (status_length) { InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); - + response->pendingCAs = pendingCAs; if ((OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) || (response->responseStatus != OCSP_SUCCESSFUL) || (response->single->status->status != CERT_GOOD)) ret = BAD_CERTIFICATE_STATUS_ERROR; - while (ret == 0) { + if (ret == 0) { request = (OcspRequest*)TLSX_CSR2_GetRequest( - ssl->extensions, status_type, idx++); + ssl->extensions, status_type, idx); - if (request == NULL) + if (request == NULL) { ret = BAD_CERTIFICATE_STATUS_ERROR; - else if (CompareOcspReqResp(request, response) == 0) - break; - else if (idx == 1) /* server cert must be OK */ + } + else if (CompareOcspReqResp(request, response) != 0) { ret = BAD_CERTIFICATE_STATUS_ERROR; + } + else { + if (idx == 0) /* server cert must be OK */ + endCertificateOK = 1; + } } /* only frees 'single' if single->isDynamic is set */ @@ -15951,6 +16253,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; list_length -= status_length; } + idx++; } ssl->status_request_v2 = 0; @@ -15970,6 +16273,20 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = BUFFER_ERROR; } + /* end certificate MUST be present */ + if (endCertificateOK == 0) + ret = BAD_CERTIFICATE_STATUS_ERROR; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ret == 0) { + if (TLSX_CSR2_MergePendingCA(ssl) < 0) { + WOLFSSL_MSG("Failed to merge pending CAs"); + } + } + else { + TLSX_CSR2_ClearPendingCA(ssl); + } +#endif + if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); SendAlert(ssl, alert_fatal, bad_certificate_status_response); @@ -16373,44 +16690,6 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ - defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - if (ssl->msgsReceived.got_certificate_status == 0) { - int csrRet = 0; -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST - if (csrRet == 0 && ssl->status_request) { - WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange"); - csrRet = TLSX_CSR_ForceRequest(ssl); - } -#endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - if (csrRet == 0 && ssl->status_request_v2) { - WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange"); - csrRet = TLSX_CSR2_ForceRequest(ssl); - } -#endif - if (csrRet != 0) { - /* Error out if OCSP lookups are enabled and failed or if - * the user requires stapling. */ - if (SSL_CM(ssl)->ocspEnabled || SSL_CM(ssl)->ocspMustStaple) - return csrRet; - } - /* Check that a status request extension was seen as the - * CertificateStatus wasn't when an OCSP staple is required. - */ - if ( -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST - !ssl->status_request && -#endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - !ssl->status_request_v2 && -#endif - SSL_CM(ssl)->ocspMustStaple) { - WOLFSSL_ERROR_VERBOSE(OCSP_CERT_UNKNOWN); - return OCSP_CERT_UNKNOWN; - } - } -#endif break; #endif @@ -16483,6 +16762,54 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) return OUT_OF_ORDER_E; } } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ssl->msgsReceived.got_certificate_status == 0) { + int csrRet = 0; +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + if (csrRet == 0 && ssl->status_request) { + WOLFSSL_MSG("No CertificateStatus before ServerHelloDone"); + csrRet = TLSX_CSR_ForceRequest(ssl); + } +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (csrRet == 0 && ssl->status_request_v2) { + WOLFSSL_MSG("No CertificateStatus before ServerHelloDone"); + csrRet = TLSX_CSR2_ForceRequest(ssl); + } + if (ssl->status_request_v2) { + if (csrRet == 0) { + if (TLSX_CSR2_MergePendingCA(ssl) < 0) { + WOLFSSL_MSG("Failed to merge pending CAs"); + } + } + else { + TLSX_CSR2_ClearPendingCA(ssl); + } + } +#endif + if (csrRet != 0) { + /* Error out if OCSP lookups are enabled and failed or if + * the user requires stapling. */ + if (SSL_CM(ssl)->ocspEnabled || SSL_CM(ssl)->ocspMustStaple) + return csrRet; + } + /* Check that a status request extension was seen as the + * CertificateStatus wasn't when an OCSP staple is required. + */ + if ( +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + !ssl->status_request && +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + !ssl->status_request_v2 && +#endif + SSL_CM(ssl)->ocspMustStaple) { + WOLFSSL_ERROR_VERBOSE(OCSP_CERT_UNKNOWN); + return OCSP_CERT_UNKNOWN; + } + } +#endif break; #endif @@ -16759,7 +17086,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, && ssl->error != OCSP_WANT_READ #endif ) { - ret = HashInput(ssl, input + *inOutIdx, size); + ret = HashInput(ssl, input + *inOutIdx, (int)size); if (ret != 0) { WOLFSSL_MSG("Incomplete handshake hashes"); return ret; @@ -16852,7 +17179,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, IsAtLeastTLSv1_3(ssl->version)) { #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - if (ret != WC_PENDING_E && ret != OCSP_WANT_READ) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) && + ret != WC_NO_ERR_TRACE(OCSP_WANT_READ)) #endif { ssl->options.cacheMessages = 0; @@ -16934,7 +17262,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.resuming || !ssl->options.verifyPeer || \ !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - if (ret != WC_PENDING_E && ret != OCSP_WANT_READ) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) && + ret != WC_NO_ERR_TRACE(OCSP_WANT_READ)) #endif { ssl->options.cacheMessages = 0; @@ -17000,7 +17329,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) /* if async, offset index so this msg will be processed again */ - if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) { + if ((ret == WC_NO_ERR_TRACE(WC_PENDING_E) || + ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) && *inOutIdx > 0) { *inOutIdx -= HANDSHAKE_HEADER_SZ; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -17010,7 +17340,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, } /* make sure async error is cleared */ - if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { + if (ret == 0 && (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) || + ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) { ssl->error = 0; } #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ @@ -17133,7 +17464,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #ifdef WOLFSSL_ASYNC_CRYPT - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* for async this copy was already done, do not replace, since @@ -17153,7 +17484,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->arrays->pendingMsgSz - idx, ssl->arrays->pendingMsgSz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* setup to process fragment again */ ssl->arrays->pendingMsgOffset -= inputLength; *inOutIdx -= inputLength; @@ -17185,43 +17516,41 @@ int SendFatalAlertOnly(WOLFSSL *ssl, int error) switch (error) { /* not fatal errors */ - case WANT_WRITE: - case WANT_READ: - case ZERO_RETURN: + case WC_NO_ERR_TRACE(WANT_WRITE): + case WC_NO_ERR_TRACE(WANT_READ): + case WC_NO_ERR_TRACE(ZERO_RETURN): #ifdef WOLFSSL_NONBLOCK_OCSP - case OCSP_WANT_READ: + case WC_NO_ERR_TRACE(OCSP_WANT_READ): #endif #ifdef WOLFSSL_ASYNC_CRYPT - case WC_PENDING_E: + case WC_NO_ERR_TRACE(WC_PENDING_E): #endif return 0; /* peer already disconnected and ssl is possibly in bad state * don't try to send an alert */ - case SOCKET_ERROR_E: + case WC_NO_ERR_TRACE(SOCKET_ERROR_E): return error; - case BUFFER_ERROR: - case ASN_PARSE_E: - case COMPRESSION_ERROR: + case WC_NO_ERR_TRACE(BUFFER_ERROR): + case WC_NO_ERR_TRACE(ASN_PARSE_E): + case WC_NO_ERR_TRACE(COMPRESSION_ERROR): why = decode_error; break; - case MATCH_SUITE_ERROR: - why = illegal_parameter; - break; - case VERIFY_FINISHED_ERROR: - case SIG_VERIFY_E: + case WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR): + case WC_NO_ERR_TRACE(SIG_VERIFY_E): why = decrypt_error; break; - case DUPLICATE_MSG_E: - case NO_CHANGE_CIPHER_E: - case OUT_OF_ORDER_E: + case WC_NO_ERR_TRACE(DUPLICATE_MSG_E): + case WC_NO_ERR_TRACE(NO_CHANGE_CIPHER_E): + case WC_NO_ERR_TRACE(OUT_OF_ORDER_E): why = unexpected_message; break; - case ECC_OUT_OF_RANGE_E: + case WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E): why = bad_record_mac; break; - case VERSION_ERROR: + case WC_NO_ERR_TRACE(MATCH_SUITE_ERROR): + case WC_NO_ERR_TRACE(VERSION_ERROR): default: why = handshake_failure; break; @@ -17705,12 +18034,12 @@ int DtlsMsgDrain(WOLFSSL* ssl) DtlsTxMsgListClean(ssl); } else if (!IsAtLeastTLSv1_3(ssl->version)) { - if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E) { + if (SendFatalAlertOnly(ssl, ret) == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { ret = SOCKET_ERROR_E; } } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { break; } #endif @@ -18059,7 +18388,7 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, /* add cipher info and then its length */ XMEMSET(padding, 0, sizeof(padding)); - if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0) + if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, (word32)msglen)) != 0) return ret; /* 32 bit size of cipher to 64 bit endian */ @@ -18444,7 +18773,7 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, - sizeof(add), input, msgLen, tag, sizeof(tag))) != 0) { + sizeof(add), input, (word32)msgLen, tag, sizeof(tag))) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18468,7 +18797,7 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, /* if the tag was good decrypt message */ if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, - input, msgLen)) != 0) + input, (word32)msgLen)) != 0) return ret; #ifdef CHACHA_AEAD_TEST @@ -18567,7 +18896,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E && asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif @@ -18585,7 +18914,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #endif ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E && asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif @@ -18656,7 +18985,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { ret = aes_auth_fn(ssl->encrypt.aes, @@ -18669,7 +18998,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E && asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif @@ -18759,7 +19088,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #endif ret = wc_Sm4CbcEncrypt(ssl->encrypt.sm4, out, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E && asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif @@ -18823,7 +19152,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E && asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) { ret = wolfSSL_AsyncPush(ssl, asyncDev); } #endif @@ -18853,7 +19182,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT /* if async is not okay, then block */ - if (ret == WC_PENDING_E && !asyncOkay) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && !asyncOkay) { ret = wc_AsyncWait(ret, asyncDev, event_flags); } #endif @@ -18867,7 +19196,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->error = 0; /* clear async */ } #endif @@ -18960,7 +19289,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT /* If pending, then leave and return will resume below */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -19056,7 +19385,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev); } #endif @@ -19074,7 +19403,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, #endif ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } #endif @@ -19140,7 +19469,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.additional, AEAD_AUTH_DATA_SZ); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { if ((ret = aes_auth_fn(ssl->decrypt.aes, @@ -19152,7 +19481,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->specs.aead_mac_size, ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } @@ -19238,7 +19567,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, #endif ret = wc_Sm4CbcDecrypt(ssl->decrypt.sm4, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } #endif @@ -19299,7 +19628,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->specs.aead_mac_size, ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.sm4->asyncDev); } @@ -19339,9 +19668,9 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* check for still pending */ - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; ssl->error = 0; /* clear async */ @@ -19456,7 +19785,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) #ifdef WOLFSSL_ASYNC_CRYPT /* If pending, leave and return below */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -20101,7 +20430,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) idx += rawSz; ssl->buffers.clearOutputBuffer.buffer = rawData; - ssl->buffers.clearOutputBuffer.length = dataSz; + ssl->buffers.clearOutputBuffer.length = (unsigned int)dataSz; } idx += ssl->keys.padSz; @@ -20324,7 +20653,11 @@ static void LogAlert(int type) typeStr = AlertTypeToString(type); if (typeStr != NULL) { char buff[60]; - XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr); + if (XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr) + >= (int)sizeof(buff)) + { + buff[sizeof(buff) - 1] = 0; + } WOLFSSL_MSG(buff); } #else @@ -20470,14 +20803,14 @@ static int GetInputData(WOLFSSL *ssl, word32 size) /* remove processed data */ ssl->buffers.inputBuffer.idx = 0; - ssl->buffers.inputBuffer.length = usedLength; + ssl->buffers.inputBuffer.length = (word32)usedLength; /* read data from network */ do { int in = wolfSSLReceive(ssl, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.length, - inSz); + (word32)inSz); if (in == WANT_READ) return WANT_READ; @@ -20528,7 +20861,7 @@ static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz, } ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER); - ret |= ConstantCompare(verify, input + msgSz - digestSz, digestSz); + ret |= ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz); if (ret != 0) { WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; @@ -20568,12 +20901,14 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, void* ctx = wolfSSL_GetVerifyMacCtx(ssl); ret = ssl->ctx->VerifyMacCb(ssl, input, (msgSz - ivExtra) - digestSz - pad - 1, - digestSz, content, ctx); - if (ret != 0 && ret != PROTOCOLCB_UNAVAILABLE) { + digestSz, (word32)content, ctx); + if (ret != 0 && + ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) { return ret; } } - if (!ssl->ctx->VerifyMacCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->VerifyMacCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra, content); @@ -20594,9 +20929,9 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } (void)PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, - pad, content, 1, PEER_ORDER); + (int)pad, content, 1, PEER_ORDER); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, - digestSz) != 0) { + (int)digestSz) != 0) { WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -20609,7 +20944,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, else if (ssl->specs.cipher_type == stream) { ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER); - if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0) { + if (ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz) != 0) { WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -20665,7 +21000,8 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) } if ((ssl->options.handShakeDone && retcode != 0) - || retcode == SEQUENCE_ERROR || retcode == DTLS_CID_ERROR) { + || retcode == WC_NO_ERR_TRACE(SEQUENCE_ERROR) + || retcode == WC_NO_ERR_TRACE(DTLS_CID_ERROR)) { WOLFSSL_MSG_EX("Silently dropping DTLS message: %d", retcode); return 1; } @@ -20725,7 +21061,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #ifdef WOLFSSL_NONBLOCK_OCSP && ssl->error != OCSP_WANT_READ #endif - && (allowSocketErr != 1 || ssl->error != SOCKET_ERROR_E) + && (allowSocketErr != 1 || + ssl->error != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) ) { WOLFSSL_MSG("ProcessReply retry in error state, not allowed"); return ssl->error; @@ -20736,7 +21073,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \ (defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)) if (allowSocketErr == 1 && \ - (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { + (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) || + ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) { return ssl->error; } #endif @@ -20795,7 +21133,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* get header or return error */ if (!ssl->options.dtls) { - if ((ret = GetInputData(ssl, readSz)) < 0) + if ((ret = GetInputData(ssl, (word32)readSz)) < 0) return ret; } else { #ifdef WOLFSSL_DTLS @@ -20803,7 +21141,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) used = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; if (used < readSz) { - if ((ret = GetInputData(ssl, readSz)) < 0) + if ((ret = GetInputData(ssl, (word32)readSz)) < 0) return ret; } #endif @@ -20917,7 +21255,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #endif if (ret != 0) { switch (ret) { - case VERSION_ERROR: + case WC_NO_ERR_TRACE(VERSION_ERROR): /* send alert per RFC5246 Appendix E. Backward * Compatibility */ if (ssl->options.side == WOLFSSL_CLIENT_END) @@ -20925,7 +21263,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) wolfssl_alert_protocol_version); break; #ifdef HAVE_MAX_FRAGMENT - case LENGTH_ERROR: + case WC_NO_ERR_TRACE(LENGTH_ERROR): SendAlert(ssl, alert_fatal, record_overflow); break; #endif /* HAVE_MAX_FRAGMENT */ @@ -21012,7 +21350,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->buffers.inputBuffer.idx, ssl->curSize, ssl->curRL.type); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif if (ret < 0) { @@ -21159,7 +21497,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif @@ -21243,7 +21581,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->curSize, ssl->curRL.type, &ssl->keys.padSz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif if (ret < 0) { @@ -21394,14 +21732,15 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, ssl->buffers.inputBuffer.length); - if (ret == 0 || ret == WC_PENDING_E) { + if (ret == 0 || + ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Reset timeout as we have received a valid * DTLS handshake message */ ssl->dtls_timeout = ssl->dtls_timeout_init; } else { if (SendFatalAlertOnly(ssl, ret) - == SOCKET_ERROR_E) { + == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { ret = SOCKET_ERROR_E; } } @@ -21442,7 +21781,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) &ssl->buffers.inputBuffer.idx, ssl->buffers.inputBuffer.length); if (ret != 0) { - if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E) + if (SendFatalAlertOnly(ssl, ret) == + WC_NO_ERR_TRACE(SOCKET_ERROR_E)) ret = SOCKET_ERROR_E; } #else @@ -21482,7 +21822,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) * Current message should have been DtlsMsgStore'ed and * should be processed with DtlsMsgDrain */ && (!ssl->options.dtls - || ret != WC_PENDING_E) + || ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif ) { WOLFSSL_ERROR(ret); @@ -21595,7 +21935,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* Check for duplicate CCS message in DTLS mode. * DTLS allows for duplicate messages, and it should be * skipped. Also skip if out of order. */ - if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E) + if (ret != WC_NO_ERR_TRACE(DUPLICATE_MSG_E) && + ret != WC_NO_ERR_TRACE(OUT_OF_ORDER_E)) return ret; /* Reset error */ ret = 0; @@ -21690,7 +22031,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) defined(HAVE_SECURE_RENEGOTIATION) /* Not really an error. We will return after cleaning * up the processReply state. */ - if (ret != APP_DATA_READY) + if (ret != WC_NO_ERR_TRACE(APP_DATA_READY)) #endif return ret; } @@ -21819,7 +22160,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #endif #if defined(WOLFSSL_DTLS13) || defined(HAVE_SECURE_RENEGOTIATION) /* Signal to user that we have application data ready to read */ - if (ret == APP_DATA_READY) + if (ret == WC_NO_ERR_TRACE(APP_DATA_READY)) return ret; #endif /* It is safe to shrink the input buffer here now. local vars will @@ -21893,7 +22234,7 @@ int SendChangeCipher(WOLFSSL* ssl) input[0] = 1; /* turn it on */ #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, inputSz, change_cipher_hs)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, change_cipher_hs)) != 0) { return ret; } #endif @@ -21906,7 +22247,7 @@ int SendChangeCipher(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS else { if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, change_cipher_hs)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, change_cipher_hs)) != 0) return ret; DtlsSEQIncrement(ssl, CUR_ORDER); } @@ -22010,7 +22351,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_Md5Final(&md5, result); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE); } #endif @@ -22030,7 +22371,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_Md5Final(&md5, digest); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE); } #endif @@ -22060,7 +22401,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_ShaFinal(&sha, result); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE); } #endif @@ -22080,7 +22421,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_ShaFinal(&sha, digest); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE); } #endif @@ -22313,7 +22654,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args = &ssl->async->buildArgs; ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_buildmsg; @@ -22327,7 +22668,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* Reset state */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E)) #endif { ret = 0; @@ -22556,7 +22897,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, { if (ssl->ctx->MacEncryptCb) { ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx, - output + args->headerSz + args->ivSz, inSz, + output + args->headerSz + args->ivSz, (unsigned int)inSz, type, 0, output + args->headerSz, output + args->headerSz, args->size, ssl->MacEncryptCtx); @@ -22588,7 +22929,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif ret = ssl->hmac(ssl, hmac, - output + args->headerSz + args->ivSz, inSz, + output + args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder); XMEMCPY(output + args->idx, hmac, args->digestSz); @@ -22600,7 +22941,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif { ret = ssl->hmac(ssl, output + args->idx, output + - args->headerSz + args->ivSz, inSz, -1, type, 0, epochOrder); + args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder); } } #endif /* WOLFSSL_AEAD_ONLY */ @@ -22661,7 +23002,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (ret != 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* Zeroize plaintext. */ @@ -22738,7 +23079,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, WOLFSSL_LEAVE("BuildMessage", ret); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -22753,7 +23094,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* return sz on success */ if (ret == 0) { - ret = args->sz; + ret = (int)args->sz; } else { WOLFSSL_ERROR_VERBOSE(ret); @@ -22941,16 +23282,20 @@ int SendFinished(WOLFSSL* ssl) * Returns 0 on success */ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, - DecodedCert* cert, byte* certData, word32 length) + DecodedCert* cert, byte* certData, word32 length, + byte *ctxOwnsRequest) { int ret; if (request != NULL) XMEMSET(request, 0, sizeof(OcspRequest)); + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 0; + InitDecodedCert(cert, certData, length, ssl->heap); /* TODO: Setup async support here */ - ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl)); + ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL); if (ret != 0) { WOLFSSL_MSG("ParseCert failed"); } @@ -22961,8 +23306,11 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, if (!ssl->buffers.weOwnCert) { wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock; if (wc_LockMutex(ocspLock) == 0) { - if (ssl->ctx->certOcspRequest == NULL) + if (ssl->ctx->certOcspRequest == NULL) { ssl->ctx->certOcspRequest = request; + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 1; + } wc_UnLockMutex(ocspLock); } } @@ -22991,6 +23339,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, int ret = 0; OcspRequest* request = NULL; byte createdRequest = 0; + byte ctxOwnsRequest = 0; if (ssl == NULL || ocspRequest == NULL || response == NULL) return BAD_FUNC_ARG; @@ -23028,7 +23377,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, createdRequest = 1; if (ret == 0) { ret = CreateOcspRequest(ssl, request, cert, der->buffer, - der->length); + der->length, &ctxOwnsRequest); } if (ret != 0) { @@ -23047,15 +23396,15 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, ssl->heap); /* Suppressing, not critical */ - if (ret == OCSP_CERT_REVOKED || - ret == OCSP_CERT_UNKNOWN || - ret == OCSP_LOOKUP_FAIL) { + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { ret = 0; } } /* free request up if error case found otherwise return it */ - if (ret != 0 && createdRequest) { + if (ret != 0 && createdRequest && !ctxOwnsRequest) { FreeOcspRequest(request); XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -23181,7 +23530,7 @@ int SendCertificate(WOLFSSL* ssl) maxFragment = MAX_RECORD_SIZE; - maxFragment = wolfSSL_GetMaxFragSize(ssl, maxFragment); + maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, (int)maxFragment); while (length > 0 && ret == 0) { byte* output = NULL; @@ -23276,10 +23625,10 @@ int SendCertificate(WOLFSSL* ssl) fragSz -= CERT_HEADER_SZ; if (ssl->options.dtls || !IsEncryptionOn(ssl, 1)) { - HashRaw(ssl, ssl->buffers.certificate->buffer, certSz); + HashRaw(ssl, ssl->buffers.certificate->buffer, (int)certSz); if (certChainSz) HashRaw(ssl, ssl->buffers.certChain->buffer, - certChainSz); + (int)certChainSz); } } } @@ -23318,7 +23667,7 @@ int SendCertificate(WOLFSSL* ssl) if (IsEncryptionOn(ssl, 1)) { byte* input = NULL; - int inputSz = i; /* build msg adds rec hdr */ + int inputSz = (int)i; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; if (ssl->options.dtls) @@ -23347,7 +23696,7 @@ int SendCertificate(WOLFSSL* ssl) handshake, 1, 0, 0, CUR_ORDER); else /* DTLS 1.2 has to ignore fragmentation in hashing so we need to * calculate the hash ourselves above */ { - if ((ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate)) != 0) { + if ((ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -23362,10 +23711,10 @@ int SendCertificate(WOLFSSL* ssl) return sendSz; } else { - sendSz = i; + sendSz = (int)i; #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate)) != 0) return ret; } if (ssl->options.dtls) @@ -23478,7 +23827,7 @@ int SendCertificateRequest(WOLFSSL* ssl) /* get output buffer */ output = GetOutputBuffer(ssl); - AddHeaders(output, reqSz, certificate_request, ssl); + AddHeaders(output, (word32)reqSz, certificate_request, ssl); /* write to output */ output[i++] = (byte)typeTotal; /* # of types */ @@ -23545,7 +23894,7 @@ int SendCertificateRequest(WOLFSSL* ssl) if (IsEncryptionOn(ssl, 1)) { byte* input = NULL; - int inputSz = i; /* build msg adds rec hdr */ + int inputSz = (int)i; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; if (ssl->options.dtls) @@ -23564,7 +23913,7 @@ int SendCertificateRequest(WOLFSSL* ssl) XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate_request)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate_request)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -23576,10 +23925,10 @@ int SendCertificateRequest(WOLFSSL* ssl) if (sendSz < 0) return sendSz; } else { - sendSz = i; + sendSz = (int)i; #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate_request)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate_request)) != 0) return ret; } if (ssl->options.dtls) @@ -23623,6 +23972,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, byte* output = NULL; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 length = ENUM_LEN; + word32 headerSz= idx; int sendSz = 0; int ret = 0; int i = 0; @@ -23642,88 +23992,42 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, default: return 0; } +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + headerSz = idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; + sendSz = idx + length; - sendSz = idx + length; + } else +#endif + sendSz = (int)(idx + length); if (ssl->keys.encryptionOn) sendSz += MAX_MSG_EXTRA; - /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state - * is not advanced yet */ - ssl->options.buildingMsg = 1; - - if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) { - output = GetOutputBuffer(ssl); - - AddHeaders(output, length, certificate_status, ssl); - - output[idx++] = type; - - if (type == WOLFSSL_CSR2_OCSP_MULTI) { - c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx); - idx += OPAQUE24_LEN; - } - - for (i = 0; i < count; i++) { - c32to24(status[i].length, output + idx); - idx += OPAQUE24_LEN; - - XMEMCPY(output + idx, status[i].buffer, status[i].length); - idx += status[i].length; - } + output =(byte*)XMALLOC(sendSz, ssl->heap, DYNAMIC_TYPE_OCSP); + if (output == NULL) + return MEMORY_E; - if (IsEncryptionOn(ssl, 1)) { - byte* input; - int inputSz = idx; /* build msg adds rec hdr */ - int recordHeaderSz = RECORD_HEADER_SZ; + AddHeaders(output, length, certificate_status, ssl); - if (ssl->options.dtls) - recordHeaderSz += DTLS_RECORD_EXTRA; - inputSz -= recordHeaderSz; - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (input == NULL) - return MEMORY_E; + output[idx++] = type; - XMEMCPY(input, output + recordHeaderSz, inputSz); - #ifdef WOLFSSL_DTLS - ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate_status); - #endif - if (ret == 0) - sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, - handshake, 1, 0, 0, CUR_ORDER); - XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - - if (sendSz < 0) - ret = sendSz; - } - else { - #ifdef WOLFSSL_DTLS - if (ret == 0 && IsDtlsNotSctpMode(ssl)) - ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate_status); - if (ret == 0 && ssl->options.dtls) - DtlsSEQIncrement(ssl, CUR_ORDER); - #endif - ret = HashOutput(ssl, output, sendSz, 0); - } + if (type == WOLFSSL_CSR2_OCSP_MULTI) { + c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx); + idx += OPAQUE24_LEN; + } - #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) - if (ret == 0 && ssl->hsInfoOn) - AddPacketName(ssl, "CertificateStatus"); - if (ret == 0 && ssl->toInfoOn) { - ret = AddPacketInfo(ssl, "CertificateStatus", handshake, output, - sendSz, WRITE_PROTO, 0, ssl->heap); - if (ret != 0) - return ret; - } - #endif + for (i = 0; i < count; i++) { + c32to24(status[i].length, output + idx); + idx += OPAQUE24_LEN; - if (ret == 0) { - ssl->options.buildingMsg = 0; - ssl->buffers.outputBuffer.length += sendSz; - if (!ssl->options.groupMessages) - ret = SendBuffered(ssl); - } + XMEMCPY(output + idx, status[i].buffer, status[i].length); + idx += status[i].length; } + /* Send Message. Handled message fragmentation in the function if needed */ + ret = SendHandshakeMsg(ssl, output, (sendSz - headerSz), certificate_status, + "Certificate Status"); + XFREE(output, ssl->heap, DYNAMIC_TYPE_OCSP); WOLFSSL_LEAVE("BuildCertificateStatus", ret); return ret; @@ -23776,7 +24080,8 @@ int SendCertificateStatus(WOLFSSL* ssl) } /* Let's not error out the connection if we can't verify our cert */ - if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E) + if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) || + ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) ret = 0; if (response.buffer) { @@ -23794,6 +24099,7 @@ int SendCertificateStatus(WOLFSSL* ssl) { OcspRequest* request = ssl->ctx->certOcspRequest; buffer responses[1 + MAX_CHAIN_DEPTH]; + byte ctxOwnsRequest = 0; int i = 0; XMEMSET(responses, 0, sizeof(responses)); @@ -23852,27 +24158,28 @@ int SendCertificateStatus(WOLFSSL* ssl) break; ret = CreateOcspRequest(ssl, request, cert, der.buffer, - der.length); + der.length, &ctxOwnsRequest); if (ret == 0) { request->ssl = ssl; ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, request, &responses[i + 1], ssl->heap); /* Suppressing, not critical */ - if (ret == OCSP_CERT_REVOKED || - ret == OCSP_CERT_UNKNOWN || - ret == OCSP_LOOKUP_FAIL) { + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { ret = 0; } i++; - FreeOcspRequest(request); + if (!ctxOwnsRequest) + FreeOcspRequest(request); } } } - - XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (!ctxOwnsRequest) + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #ifdef WOLFSSL_SMALL_STACK XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif @@ -23885,9 +24192,9 @@ int SendCertificateStatus(WOLFSSL* ssl) request, &responses[++i], ssl->heap); /* Suppressing, not critical */ - if (ret == OCSP_CERT_REVOKED || - ret == OCSP_CERT_UNKNOWN || - ret == OCSP_LOOKUP_FAIL) { + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { ret = 0; } } @@ -23908,7 +24215,8 @@ int SendCertificateStatus(WOLFSSL* ssl) } /* Let's not error out the connection if we can't verify our cert */ - if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E) + if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) || + ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) ret = 0; break; @@ -24162,7 +24470,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } /* don't allow write after decrypt or mac error */ - if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) { + if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { /* For DTLS allow these possible errors and allow the session to continue despite them */ if (ssl->options.dtls) { @@ -24201,7 +24510,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { #ifdef WOLFSSL_ASYNC_CRYPT /* if async would block return WANT_WRITE */ - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { return WOLFSSL_CBIO_ERR_WANT_WRITE; } #endif @@ -24218,8 +24527,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("output buffer was full, trying to send again"); if ( (ssl->error = SendBuffered(ssl)) < 0) { WOLFSSL_ERROR(ssl->error); - if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset || - ssl->options.isClosed)) { + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { ssl->error = SOCKET_PEER_CLOSED_E; WOLFSSL_ERROR(ssl->error); return 0; /* peer reset or closed */ @@ -24365,7 +24674,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } if (sendSz < 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (sendSz == WC_PENDING_E) + if (sendSz == WC_NO_ERR_TRACE(WC_PENDING_E)) ssl->error = sendSz; #endif return BUILD_MSG_ERROR; @@ -24382,8 +24691,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) doesn't present like WANT_WRITE */ ssl->buffers.plainSz = buffSz; ssl->buffers.prevSent = sent; - if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset || - ssl->options.isClosed)) { + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { ssl->error = SOCKET_PEER_CLOSED_E; WOLFSSL_ERROR(ssl->error); return 0; /* peer reset or closed */ @@ -24419,9 +24728,9 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if (ssl->options.dtls) { /* In DTLS mode, we forgive some errors and allow the session * to continue despite them. */ - if (ssl->error == VERIFY_MAC_ERROR || - ssl->error == DECRYPT_ERROR || - ssl->error == DTLS_SIZE_ERROR) { + if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || + ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { ssl->error = 0; } @@ -24453,7 +24762,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { #ifdef WOLFSSL_ASYNC_CRYPT /* if async would block return WANT_WRITE */ - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { return WOLFSSL_CBIO_ERR_WANT_READ; } #endif @@ -24480,7 +24789,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) WOLFSSL_MSG("Zero return, no more data coming"); return 0; /* no more data coming */ } - if (ssl->error == SOCKET_ERROR_E) { + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { if (ssl->options.connReset || ssl->options.isClosed) { WOLFSSL_MSG("Peer reset or closed, connection done"); ssl->error = SOCKET_PEER_CLOSED_E; @@ -24516,7 +24825,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { #ifdef WOLFSSL_ASYNC_CRYPT /* if async would block return WANT_WRITE */ - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { return WOLFSSL_CBIO_ERR_WANT_READ; } #endif @@ -24691,6 +25000,11 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) #endif /* WOLFSSL_DTLS13 */ { AddRecordHeader(output, ALERT_SIZE, alert, ssl, CUR_ORDER); +#ifdef WOLFSSL_DTLS + /* AddRecordHeader doesn't increment the seq number */ + if (ssl->options.dtls) + DtlsSEQIncrement(ssl, CUR_ORDER); +#endif } output += RECORD_HEADER_SZ; @@ -24781,6 +25095,10 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) return SendAlert_ex(ssl, severity, type); } +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H +#include +#endif + const char* wolfSSL_ERR_reason_error_string(unsigned long e) { #ifdef NO_ERROR_STRINGS @@ -25319,6 +25637,10 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) #endif /* NO_ERROR_STRINGS */ } +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#include +#endif + const char* wolfSSL_ERR_func_error_string(unsigned long e) { (void)e; @@ -25357,7 +25679,7 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e) void SetErrorString(int error, char* str) { - XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ); + XSTRNCPY(str, wolfSSL_ERR_reason_error_string((unsigned long)error), WOLFSSL_MAX_ERROR_SZ); str[WOLFSSL_MAX_ERROR_SZ-1] = 0; } @@ -26260,7 +26582,7 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, byte* cipherSuite, int* flags) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int i; unsigned long len; const char* nameDelim; @@ -26331,8 +26653,11 @@ static int ParseCipherList(Suites* suites, return 0; } - if (next[0] == 0 || XSTRCMP(next, "ALL") == 0 || - XSTRCMP(next, "DEFAULT") == 0 || XSTRCMP(next, "HIGH") == 0) { + if (next[0] == '\0' || + XSTRCMP(next, "ALL") == 0 || + XSTRCMP(next, "DEFAULT") == 0 || + XSTRCMP(next, "HIGH") == 0) + { /* Add all ciphersuites except anonymous and null ciphers. Prefer RSA */ #ifndef NO_RSA haveRSA = 1; @@ -26344,7 +26669,8 @@ static int ParseCipherList(Suites* suites, 0, #endif haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0, - side); + side + ); return 1; /* wolfSSL default */ } @@ -26364,6 +26690,8 @@ static int ParseCipherList(Suites* suites, if (length > currLen) { length = currLen; } + if (currLen == 0) + break; } #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) @@ -26394,7 +26722,7 @@ static int ParseCipherList(Suites* suites, substrCurrent[length] = '\0'; } else { - length = (int)XSTRLEN(substrCurrent); + length = (word32)XSTRLEN(substrCurrent); } /* check if is a public key type */ @@ -26617,14 +26945,12 @@ static int ParseCipherList(Suites* suites, defined(HAVE_ED448) haveSig |= SIG_ECDSA; #endif - #if defined(HAVE_PQC) #ifdef HAVE_FALCON haveSig |= SIG_FALCON; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM haveSig |= SIG_DILITHIUM; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ } else #ifdef BUILD_TLS_SM4_GCM_SM3 @@ -26687,7 +27013,7 @@ static int ParseCipherList(Suites* suites, } } } - while (next++); /* ++ needed to skip ':' */ + while (next++); /* increment to skip ':' */ if (ret) { int keySz = 0; @@ -26717,7 +27043,7 @@ static int ParseCipherList(Suites* suites, #endif { suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz, + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, &suites->hashSigAlgoSz); } @@ -26736,7 +27062,9 @@ static int ParseCipherList(Suites* suites, suites->setSuites = 1; } +#ifdef NO_CERTS (void)privateKeySz; +#endif return ret; } @@ -26854,14 +27182,12 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) haveECDSAsig = 1; #endif - #if defined(HAVE_PQC) #ifdef HAVE_FALCON haveFalconSig = 1; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM haveDilithiumSig = 1; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ } else #endif /* WOLFSSL_TLS13 */ @@ -26901,7 +27227,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, haveSig |= haveFalconSig ? SIG_FALCON : 0; haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0; haveSig |= haveAnon ? SIG_ANON : 0; - InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz, + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, &suites->hashSigAlgoSz); #ifdef HAVE_RENEGOTIATION_INDICATION if (ctx->method->side == WOLFSSL_CLIENT_END) { @@ -27102,7 +27428,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) return sigAlgo == ed448_sa_algo; } #endif -#ifdef HAVE_PQC #ifdef HAVE_FALCON if (ssl->pkCurveOID == CTC_FALCON_LEVEL1) { /* Certificate has Falcon level 1 key, only match with Falcon level 1 @@ -27129,7 +27454,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) return sigAlgo == dilithium_level5_sa_algo; } #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ #ifdef WC_RSA_PSS /* RSA certificate and PSS sig alg. */ if (ssl->options.sigAlgo == rsa_sa_algo) { @@ -27180,10 +27504,43 @@ static byte MinHashAlgo(WOLFSSL* ssl) return sha_mac; } -int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) +/* Check if a given peer hashSigAlgo is supported in our ssl->suites or + * ssl->ctx->suites. + * + * Returns 1 on match. + * Returns 0 otherwise. + * */ +static int SupportedHashSigAlgo(WOLFSSL* ssl, const byte * hashSigAlgo) +{ + const Suites * suites = NULL; + word32 i = 0; + + if (ssl == NULL || hashSigAlgo == NULL) { + return 0; + } + + suites = WOLFSSL_SUITES(ssl); + + if (suites == NULL || suites->hashSigAlgoSz == 0) { + return 0; + } + + for (i = 0; (i+1) < suites->hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) { + if (XMEMCMP(&suites->hashSigAlgo[i], hashSigAlgo, + HELLO_EXT_SIGALGO_SZ) == 0) { + /* Match found. */ + return 1; + } + } + + return 0; +} + +int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz, + int matchSuites) { word32 i; - int ret = MATCH_SUITE_ERROR; + int ret = WC_NO_ERR_TRACE(MATCH_SUITE_ERROR); byte minHash; /* set defaults */ @@ -27221,6 +27578,14 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) if (!MatchSigAlgo(ssl, sigAlgo)) continue; + if (matchSuites) { + /* Keep looking if peer algorithm isn't supported in our ssl->suites + * or ssl->ctx->suites. */ + if (!SupportedHashSigAlgo(ssl, &hashSigAlgo[i])) { + continue; + } + } + #ifdef HAVE_ED25519 if (ssl->pkCurveOID == ECC_ED25519_OID) { /* Matched Ed25519 - set chosen and finished. */ @@ -27239,7 +27604,6 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) break; } #endif - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 || ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) { @@ -27261,7 +27625,6 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) break; } #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ #if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO) #error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot " @@ -27622,7 +27985,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, int label, int id, void* heap, int devId) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (hsType == DYNAMIC_TYPE_RSA) { #ifndef NO_RSA @@ -27637,7 +28000,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, ret = wc_InitRsaKey_Label(rsaKey, (char*)data, heap, devId); } else if (id) { - ret = wc_InitRsaKey_Id(rsaKey, data, length, heap, devId); + ret = wc_InitRsaKey_Id(rsaKey, data, (int)length, heap, devId); } if (ret == 0) { *pkey = (void*)rsaKey; @@ -27660,7 +28023,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, ret = wc_ecc_init_label(ecKey, (char*)data, heap, devId); } else if (id) { - ret = wc_ecc_init_id(ecKey, data, length, heap, devId); + ret = wc_ecc_init_id(ecKey, data, (int)length, heap, devId); } if (ret == 0) { *pkey = (void*)ecKey; @@ -27671,7 +28034,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, #endif } else if (hsType == DYNAMIC_TYPE_DILITHIUM) { -#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) dilithium_key* dilithiumKey; dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, @@ -27696,7 +28059,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, #endif } else if (hsType == DYNAMIC_TYPE_FALCON) { -#if defined(HAVE_PQC) && defined(HAVE_FALCON) +#if defined(HAVE_FALCON) falcon_key* falconKey; falconKey = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, @@ -27736,7 +28099,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, */ int DecodePrivateKey(WOLFSSL *ssl, word32* length) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int keySz; word32 idx; @@ -27749,7 +28112,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) #endif ) { - *length = GetPrivateKeySigSize(ssl); + *length = (word32)GetPrivateKeySigSize(ssl); return 0; } else @@ -27799,7 +28162,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } /* Return the maximum signature length. */ - *length = ssl->buffers.keySz; + *length = (word32)ssl->buffers.keySz; } #else ret = NOT_COMPILED_IN; @@ -27825,7 +28188,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } /* Return the maximum signature length. */ - *length = wc_ecc_sig_size_calc(ssl->buffers.keySz); + *length = (word32)wc_ecc_sig_size_calc(ssl->buffers.keySz); } #else ret = NOT_COMPILED_IN; @@ -27833,7 +28196,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if ((ssl->buffers.keyType == falcon_level1_sa_algo) || (ssl->buffers.keyType == falcon_level5_sa_algo)) { - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (ssl->buffers.keyLabel) { ret = wc_falcon_init_label((falcon_key*)ssl->hsKey, (char*)ssl->buffers.key->buffer, @@ -27869,7 +28232,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) || (ssl->buffers.keyType == dilithium_level3_sa_algo) || (ssl->buffers.keyType == dilithium_level5_sa_algo)) { - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->buffers.keyLabel) { ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey, (char*)ssl->buffers.key->buffer, @@ -27953,7 +28316,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } /* Return the maximum signature length. */ - *length = keySz; + *length = (word32)keySz; goto exit_dpk; } @@ -28001,6 +28364,12 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) (ecc_key*)ssl->hsKey, ssl->buffers.key->length); } + #endif + #ifdef WOLFSSL_SM2 + if ((ret == 0) && (ssl->buffers.keyType == sm2_sa_algo)) { + ret = wc_ecc_set_curve((ecc_key*)ssl->hsKey, + WOLFSSL_SM2_KEY_BITS / 8, ECC_SM2P256V1); + } #endif if (ret == 0) { WOLFSSL_MSG("Using ECC private key"); @@ -28013,7 +28382,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } /* Return the maximum signature length. */ - *length = wc_ecc_sig_size((ecc_key*)ssl->hsKey); + *length = (word32)wc_ecc_sig_size((ecc_key*)ssl->hsKey); goto exit_dpk; } @@ -28133,7 +28502,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } } #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); @@ -28200,7 +28568,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } } #endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); #endif @@ -28252,9 +28621,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_dilithium_import_private_only(ssl->buffers.key->buffer, - ssl->buffers.key->length, - (dilithium_key*)ssl->hsKey); + ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer, + &idx, + (dilithium_key*)ssl->hsKey, + ssl->buffers.key->length); if (ret == 0) { WOLFSSL_MSG("Using Dilithium private key"); @@ -28272,7 +28642,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } } #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ (void)idx; (void)keySz; @@ -28292,7 +28661,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) */ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int keySz; word32 idx; @@ -28302,6 +28671,10 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) ERROR_OUT(NO_PRIVATE_KEY, exit_dapk); } +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.altKey, ssl->buffers.altKeyMask); +#endif + #ifdef WOLF_PRIVATE_KEY_ID if (ssl->buffers.altKeyDevId != INVALID_DEVID && (ssl->buffers.altKeyId || ssl->buffers.altKeyLabel)) { @@ -28375,7 +28748,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) } else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) || (ssl->buffers.altKeyType == falcon_level5_sa_algo)) { - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (ssl->buffers.altKeyLabel) { ret = wc_falcon_init_label((falcon_key*)ssl->hsAltKey, (char*)ssl->buffers.altKey->buffer, @@ -28411,7 +28784,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) || (ssl->buffers.altKeyType == dilithium_level3_sa_algo) || (ssl->buffers.altKeyType == dilithium_level5_sa_algo)) { - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) if (ssl->buffers.altKeyLabel) { ret = wc_dilithium_init_label((dilithium_key*)ssl->hsAltKey, (char*)ssl->buffers.altKey->buffer, @@ -28566,7 +28939,6 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) } } #endif -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) #if !defined(NO_RSA) || defined(HAVE_ECC) FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey); @@ -28677,9 +29049,10 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_dilithium_import_private_only(ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, - (dilithium_key*)ssl->hsAltKey); + ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer, + &idx, + (dilithium_key*)ssl->hsAltKey, + ssl->buffers.altKey->length); if (ret == 0) { WOLFSSL_MSG("Using Dilithium private key"); @@ -28697,13 +29070,22 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) } } #endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ (void)idx; (void)keySz; (void)length; exit_dapk: +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, + &ssl->buffers.altKeyMask); + } + else { + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + } +#endif + if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); } @@ -28928,7 +29310,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif length = VERSION_SZ + RAN_LEN - + idSz + ENUM_LEN + + (word32)idSz + ENUM_LEN + SUITE_LEN + COMP_LEN + ENUM_LEN; #ifndef NO_FORCE_SCR_SAME_SUITE @@ -28958,7 +29340,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (extSz != 0) length += extSz + HELLO_EXT_SZ_SZ; #endif - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; if (ssl->arrays == NULL) { return BAD_FUNC_ARG; @@ -28968,7 +29350,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (ssl->options.dtls) { length += ENUM_LEN; /* cookie */ if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz; - sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ; + sendSz = (int)length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ; idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; } #endif @@ -29099,7 +29481,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (IsEncryptionOn(ssl, 1)) { byte* input; - int inputSz = idx; /* build msg adds rec hdr */ + int inputSz = (int)idx; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; if (ssl->options.dtls) @@ -29112,7 +29494,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, inputSz, client_hello)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, client_hello)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -29126,7 +29508,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } else { #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, client_hello)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, client_hello)) != 0) return ret; } if (ssl->options.dtls) @@ -29183,6 +29565,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { DtlsMsgPoolReset(ssl); +#ifdef WOLFSSL_DTLS_CID + if (ssl->options.useDtlsCID) + DtlsCIDOnExtensionsParsed(ssl); +#endif /* WOLFSSL_DTLS_CID */ } #endif @@ -29220,6 +29606,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (!ssl->options.downgrade || ssl->options.minDowngrade <= DTLSv1_3_MINOR) return VERSION_ERROR; + + /* Cannot be DTLS1.3 as HELLO_VERIFY_REQUEST */ + ssl->options.tls1_3 = 0; } #endif /* defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) */ @@ -29821,7 +30210,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if ((len > size) || ((*inOutIdx - begin) + len > size)) return BUFFER_ERROR; - if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 && + if (PickHashSigAlgo(ssl, input + *inOutIdx, len, 0) != 0 && ssl->buffers.certificate && ssl->buffers.certificate->buffer) { #ifdef HAVE_PK_CALLBACKS @@ -29892,7 +30281,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap); - ret = GetName(cert, SUBJECT, dnSz); + ret = GetName(cert, ASN_SUBJECT, dnSz); if (ret == 0) { if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL) @@ -29900,7 +30289,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); + CopyDecodedName(name, cert, ASN_SUBJECT); } if (ret == 0) { @@ -29994,7 +30383,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, static int CheckCurveId(int tlsCurveId) { - int ret = ECC_CURVE_ERROR; + int ret = WC_NO_ERR_TRACE(ECC_CURVE_ERROR); switch (tlsCurveId) { #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 @@ -30062,7 +30451,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID; #endif /* !NO_ECC_SECP */ #endif - default: break; + default: + ret = WC_NO_ERR_TRACE(ECC_CURVE_ERROR); + break; } return ret; @@ -30098,10 +30489,8 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs) #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif } @@ -30388,7 +30777,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, args = (DskeArgs*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_dske; @@ -30440,7 +30829,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } /* get PSK server hint from the wire */ - srvHintLen = min(length, MAX_PSK_ID_LEN); + srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, srvHintLen); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ @@ -30483,7 +30872,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, if ((curveOid = CheckCurveId(b)) < 0) { ERROR_OUT(ECC_CURVE_ERROR, exit_dske); } - ssl->ecdhCurveOID = curveOid; + ssl->ecdhCurveOID = (word32)curveOid; #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) ssl->namedGroup = 0; #endif @@ -30514,9 +30903,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, input + args->idx, length, EC25519_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, illegal_parameter); @@ -30557,9 +30946,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, input + args->idx, length, EC448_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, illegal_parameter); @@ -30594,7 +30983,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } } - curveId = wc_ecc_get_oid(curveOid, NULL, NULL); + curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL); if (wc_ecc_import_x963_ex(input + args->idx, length, ssl->peerEccKey, curveId) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS @@ -30627,7 +31016,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } /* get PSK server hint from the wire */ - srvHintLen = min(length, MAX_PSK_ID_LEN); + srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, srvHintLen); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ @@ -30660,7 +31049,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } /* get PSK server hint from the wire */ - srvHintLen = min(length, MAX_PSK_ID_LEN); + srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, srvHintLen); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ @@ -30683,7 +31072,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, if ((curveOid = CheckCurveId(b)) < 0) { ERROR_OUT(ECC_CURVE_ERROR, exit_dske); } - ssl->ecdhCurveOID = curveOid; + ssl->ecdhCurveOID = (word32)curveOid; length = input[args->idx++]; if ((args->idx - args->begin) + length > size) { @@ -30711,9 +31100,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, input + args->idx, length, EC25519_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, illegal_parameter); @@ -30754,9 +31143,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, input + args->idx, length, EC448_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, illegal_parameter); @@ -30791,7 +31180,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } } - curveId = wc_ecc_get_oid(curveOid, NULL, NULL); + curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL); if (wc_ecc_import_x963_ex(input + args->idx, length, ssl->peerEccKey, curveId) != 0) { ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske); @@ -30854,6 +31243,15 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ERROR_OUT(BUFFER_ERROR, exit_dske); } + /* Check if hashSigAlgo in Server Key Exchange is supported + * in our ssl->suites or ssl->ctx->suites. */ + if (!SupportedHashSigAlgo(ssl, &input[args->idx])) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, handshake_failure); + #endif + ERROR_OUT(MATCH_SUITE_ERROR, exit_dske); + } + DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo, &sigAlgo); #ifndef NO_RSA @@ -31052,7 +31450,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ret = 0; } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* peerRsaKey */ @@ -31080,7 +31478,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, (ssl->buffers.sig.length - SEED_LEN)); } #endif /* HAVE_PK_CALLBACKS */ - if (ret == NOT_COMPILED_IN) { + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (ssl->options.peerSigAlgo == sm2_sa_algo) { ret = Sm2wSm3Verify(ssl, @@ -31114,7 +31512,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* peerEccDsaKey */ @@ -31144,7 +31542,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* peerEccDsaKey */ @@ -31174,7 +31572,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* peerEccDsaKey */ @@ -31391,7 +31789,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_server_key_exchange = 0; @@ -31428,14 +31826,10 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; - if (args->encSecret) { - XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - args->encSecret = NULL; - } - if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - args->input = NULL; - } + XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + args->encSecret = NULL; + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; } /* handle generation client_key_exchange (16) */ @@ -31472,7 +31866,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_scke; @@ -31772,11 +32166,13 @@ int SendClientKeyExchange(WOLFSSL* ssl) void* ctx = wolfSSL_GetGenPreMasterCtx(ssl); ret = ssl->ctx->GenPreMasterCb(ssl, ssl->arrays->preMasterSecret, ENCRYPT_LEN, ctx); - if (ret != 0 && ret != PROTOCOLCB_UNAVAILABLE) { + if (ret != 0 && + ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) { goto exit_scke; } } - if (!ssl->ctx->GenPreMasterCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->GenPreMasterCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif { /* build PreMasterSecret with RNG data */ @@ -31871,7 +32267,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { ERROR_OUT(PSK_KEY_ERROR, exit_scke); } @@ -31916,7 +32312,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { ERROR_OUT(PSK_KEY_ERROR, exit_scke); } @@ -31999,7 +32395,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { ERROR_OUT(PSK_KEY_ERROR, exit_scke); } @@ -32274,7 +32670,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) WOLFSSL_CLIENT_END ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { FreeKey(ssl, DYNAMIC_TYPE_ECC, @@ -32506,7 +32902,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) } idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - args->sendSz = args->encSz + tlsSz + idx; + args->sendSz = (int)(args->encSz + tlsSz + idx); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -32639,7 +33035,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_IO /* Handle async operation */ - if (ret == WC_PENDING_E || ret == WANT_WRITE) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WANT_WRITE) { if (ssl->options.buildingMsg) return ret; /* If we have completed all states then we will not enter this function @@ -32698,15 +33094,11 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; #ifndef NO_RSA - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif - if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - args->input = NULL; - } + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; } /* handle generation of certificate_verify (15) */ @@ -32723,6 +33115,10 @@ int SendCertificateVerify(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND); WOLFSSL_ENTER("SendCertificateVerify"); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); +#endif + #ifdef WOLFSSL_ASYNC_IO if (ssl->async == NULL) { ssl->async = (struct WOLFSSL_ASYNC*) @@ -32735,10 +33131,10 @@ int SendCertificateVerify(WOLFSSL* ssl) args = (ScvArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT /* BuildMessage does its own Pop */ - if (ssl->error != WC_PENDING_E || + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) || ssl->options.asyncState != TLS_ASYNC_END) ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_scv; @@ -32769,6 +33165,10 @@ int SendCertificateVerify(WOLFSSL* ssl) case TLS_ASYNC_BEGIN: { if (ssl->options.sendVerify == SEND_BLANK_CERT) { + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, + ssl->buffers.keyMask); + #endif return 0; /* sent blank cert, can't verify */ } @@ -33124,7 +33524,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ); /* free temporary buffer now */ - if (ret != WC_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; } @@ -33173,6 +33573,15 @@ int SendCertificateVerify(WOLFSSL* ssl) } /* switch(ssl->options.asyncState) */ exit_scv: +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + } + else { + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + } +#endif WOLFSSL_LEAVE("SendCertificateVerify", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND); @@ -33336,7 +33745,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef NO_CERTS -#ifdef WOLF_PRIVATE_KEY_ID +#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) int GetPrivateKeySigSize(WOLFSSL* ssl) { int sigSz = 0; @@ -33377,7 +33786,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } return sigSz; } -#endif /* HAVE_PK_CALLBACKS */ +#endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */ #endif /* NO_CERTS */ @@ -33469,29 +33878,47 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, int TranslateErrorToAlert(int err) { switch (err) { - case BUFFER_ERROR: + case WC_NO_ERR_TRACE(BUFFER_ERROR): return decode_error; - case EXT_NOT_ALLOWED: - case PEER_KEY_ERROR: - case ECC_PEERKEY_ERROR: - case BAD_KEY_SHARE_DATA: - case PSK_KEY_ERROR: - case INVALID_PARAMETER: - case HRR_COOKIE_ERROR: - case BAD_BINDER: + case WC_NO_ERR_TRACE(EXT_NOT_ALLOWED): + case WC_NO_ERR_TRACE(PEER_KEY_ERROR): + case WC_NO_ERR_TRACE(ECC_PEERKEY_ERROR): + case WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA): + case WC_NO_ERR_TRACE(PSK_KEY_ERROR): + case WC_NO_ERR_TRACE(INVALID_PARAMETER): + case WC_NO_ERR_TRACE(HRR_COOKIE_ERROR): + case WC_NO_ERR_TRACE(BAD_BINDER): return illegal_parameter; - case INCOMPLETE_DATA: + case WC_NO_ERR_TRACE(INCOMPLETE_DATA): return missing_extension; - case MATCH_SUITE_ERROR: - case MISSING_HANDSHAKE_DATA: + case WC_NO_ERR_TRACE(MATCH_SUITE_ERROR): + case WC_NO_ERR_TRACE(MISSING_HANDSHAKE_DATA): return handshake_failure; - case VERSION_ERROR: + case WC_NO_ERR_TRACE(VERSION_ERROR): return wolfssl_alert_protocol_version; default: return invalid_alert; } } + /* search suites for specific one, idx on success, negative on error */ + int FindSuite(const Suites* suites, byte first, byte second) + { + int i; + + if (suites == NULL || suites->suiteSz == 0) { + WOLFSSL_MSG("Suites pointer error or suiteSz 0"); + return SUITES_ERROR; + } + + for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) { + if (suites->suites[i] == first && + suites->suites[i+1] == second ) + return i; + } + + return MATCH_SUITE_ERROR; + } #ifndef NO_WOLFSSL_SERVER @@ -33680,7 +34107,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsEncryptionOn(ssl, 1)) { byte* input; - int inputSz = idx; /* build msg adds rec hdr */ + int inputSz = (int)idx; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; if (ssl->options.dtls) @@ -33693,7 +34120,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, inputSz, server_hello)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -33707,7 +34134,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else { #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, server_hello)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello)) != 0) return ret; } if (ssl->options.dtls) @@ -33790,16 +34217,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, (void)ssl; #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) - if (args->exportBuf) { - XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); - args->exportBuf = NULL; - } + XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); + args->exportBuf = NULL; #endif #ifndef NO_RSA - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif (void)args; } @@ -33818,6 +34241,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND); WOLFSSL_ENTER("SendServerKeyExchange"); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + #endif + #ifdef WOLFSSL_ASYNC_IO if (ssl->async == NULL) { ssl->async = (struct WOLFSSL_ASYNC*) @@ -33830,7 +34257,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args = (SskeArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_sske; @@ -34120,7 +34547,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->eccTempKeyPresent == 0) { ret = X25519MakeKey(ssl, (curve25519_key*)ssl->eccTempKey, NULL); - if (ret == 0 || ret == WC_PENDING_E) { + if (ret == 0 || + ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->eccTempKeyPresent = DYNAMIC_TYPE_CURVE25519; } @@ -34147,7 +34575,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->eccTempKeyPresent == 0) { ret = X448MakeKey(ssl, (curve448_key*)ssl->eccTempKey, NULL); - if (ret == 0 || ret == WC_PENDING_E) { + if (ret == 0 || + ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->eccTempKeyPresent = DYNAMIC_TYPE_CURVE448; } @@ -34172,7 +34601,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->eccTempKeyPresent == 0) { ret = EccMakeKey(ssl, ssl->eccTempKey, NULL); - if (ret == 0 || ret == WC_PENDING_E) { + if (ret == 0 || + ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->eccTempKeyPresent = DYNAMIC_TYPE_ECC; } } @@ -34496,7 +34926,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->buffers.key == NULL) { #ifdef HAVE_PK_CALLBACKS if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { - args->tmpSigSz = GetPrivateKeySigSize(ssl); + args->tmpSigSz = (word32)GetPrivateKeySigSize(ssl); if (args->tmpSigSz == 0) { ERROR_OUT(NO_PRIVATE_KEY, exit_sske); } @@ -34533,7 +34963,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { word32 keySz; - ssl->buffers.keyType = ecc_dsa_sa_algo; + ssl->buffers.keyType = ssl->options.sigAlgo; ret = DecodePrivateKey(ssl, &keySz); if (ret != 0) { goto exit_sske; @@ -35374,6 +35804,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, exit_sske: + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + } + else { + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + } + #endif + WOLFSSL_LEAVE("SendServerKeyExchange", ret); WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_SEND); @@ -35411,30 +35851,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } -#if defined(HAVE_SERVER_RENEGOTIATION_INFO) || defined(HAVE_FALLBACK_SCSV) || \ - defined(OPENSSL_ALL) - - /* search suites for specific one, idx on success, negative on error */ - static int FindSuite(Suites* suites, byte first, byte second) - { - int i; - - if (suites == NULL || suites->suiteSz == 0) { - WOLFSSL_MSG("Suites pointer error or suiteSz 0"); - return SUITES_ERROR; - } - - for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) { - if (suites->suites[i] == first && - suites->suites[i+1] == second ) - return i; - } - - return MATCH_SUITE_ERROR; - } - -#endif - #endif /* !WOLFSSL_NO_TLS12 */ /* Make sure server cert/key are valid for this suite, true on success @@ -35544,7 +35960,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, int ret = TLSX_KeyShare_Choose(ssl, extensions, first, second, &cs->clientKSE, &searched); - if (ret == MEMORY_E) { + if (ret == WC_NO_ERR_TRACE(MEMORY_E)) { WOLFSSL_MSG("TLSX_KeyShare_Choose() failed in " "VerifyServerSuite() with MEMORY_E"); return 0; @@ -35559,7 +35975,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, cs->doHelloRetry = 1; } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif if (!cs->doHelloRetry && ret != 0) @@ -35626,7 +36042,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, for (i = 0; i < suites->suiteSz; i += 2) { for (j = 0; j < peerSuites->suiteSz; j += 2) { ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions); - if (ret != MATCH_SUITE_ERROR) + if (ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) return ret; } } @@ -35636,7 +36052,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, for (j = 0; j < peerSuites->suiteSz; j += 2) { for (i = 0; i < suites->suiteSz; i += 2) { ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions); - if (ret != MATCH_SUITE_ERROR) + if (ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) return ret; } } @@ -35675,7 +36091,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) return ret; ret = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, - peerSuites->hashSigAlgoSz); + peerSuites->hashSigAlgoSz, 1); if (ret != 0) return ret; @@ -35927,6 +36343,47 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret = 0; WOLFSSL_SESSION* session; + +#ifdef HAVE_SECRET_CALLBACK + if (ssl->sessionSecretCb != NULL +#ifdef HAVE_SESSION_TICKET + && ssl->session->ticketLen > 0 +#endif + ) { + int secretSz = SECRET_LEN; + WOLFSSL_MSG("Calling session secret callback"); + ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, + RAN_LEN); + if (ret == 0) { + ret = ssl->sessionSecretCb(ssl, ssl->arrays->masterSecret, + &secretSz, ssl->sessionSecretCtx); + if (secretSz != SECRET_LEN) + ret = SESSION_SECRET_CB_E; + } + if (ret == 0) + ret = MatchSuite(ssl, clSuites); + if (ret == 0) { + #ifdef NO_OLD_TLS + ret = DeriveTlsKeys(ssl); + #else + #ifndef NO_TLS + if (ssl->options.tls) + ret = DeriveTlsKeys(ssl); + #endif + if (!ssl->options.tls) + ret = DeriveKeys(ssl); + #endif + /* SERVER: peer auth based on session secret. */ + ssl->options.peerAuthGood = (ret == 0); + ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; + } + if (ret != 0) + WOLFSSL_ERROR_VERBOSE(ret); + WOLFSSL_LEAVE("HandleTlsResumption", ret); + return ret; + } +#endif /* HAVE_SECRET_CALLBACK */ + #ifdef HAVE_SESSION_TICKET if (ssl->options.useTicket == 1) { session = ssl->session; @@ -35997,7 +36454,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = SetCipherSpecs(ssl); if (ret == 0) { ret = PickHashSigAlgo(ssl, clSuites->hashSigAlgo, - clSuites->hashSigAlgoSz); + clSuites->hashSigAlgoSz, 0); } } else if (ret == 0) { @@ -36073,7 +36530,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* propagate socket errors to avoid re-calling send alert */ err = SendAlert(ssl, alert_fatal, alertType); - if (err == SOCKET_ERROR_E) + if (err == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) ret = SOCKET_ERROR_E; } *inOutIdx += helloSz; @@ -36381,8 +36838,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); - if (ret != WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) { + ret = SECURE_RENEGOTIATION_E; goto out; + } else { + ret = 0; + } extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO); if (extension) { @@ -36586,6 +37047,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ + WOLFSSL_MSG_EX("ssl->options.resuming %d", ssl->options.resuming); if (ssl->options.resuming) { ret = HandleTlsResumption(ssl, clSuites); if (ret != 0) @@ -36657,8 +37119,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->clSuites = NULL; #endif #ifdef WOLFSSL_SMALL_STACK - if (clSuites != NULL) - XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); #endif WOLFSSL_LEAVE("DoClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); @@ -36717,7 +37178,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args = (DcvArgs*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_dcv; @@ -36882,9 +37343,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); if (ret >= 0) { if (ssl->options.peerSigAlgo == rsa_sa_algo) - args->sendSz = ret; + args->sendSz = (word32)ret; else { - args->sigSz = ret; + args->sigSz = (word32)ret; args->sendSz = ssl->buffers.digest.length; } ret = 0; @@ -36970,7 +37431,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_ASYNC_CRYPT /* handle async pending */ - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) goto exit_dcv; #endif @@ -37108,7 +37569,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_certificate_verify = 0; @@ -37116,9 +37577,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_ERROR) + if (ret == WC_NO_ERR_TRACE(BUFFER_ERROR)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == SIG_VERIFY_E) + else if (ret == WC_NO_ERR_TRACE(SIG_VERIFY_E)) SendAlert(ssl, alert_fatal, decrypt_error); else if (ret != 0) SendAlert(ssl, alert_fatal, bad_certificate); @@ -37200,7 +37661,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, inputSz, server_hello_done)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -37214,7 +37675,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else { #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, server_hello_done)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello_done)) != 0) return ret; } if (ssl->options.dtls) @@ -37331,7 +37792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, it = (InternalTicket*)et->enc_ticket; #ifdef WOLFSSL_ASYNC_CRYPT - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { XMEMSET(et, 0, sizeof(*et)); @@ -37429,7 +37890,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, itHash = HashObject((byte*)it, sizeof(*it), &error); if (error == 0) { ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, - 1, et->enc_ticket, sizeof(InternalTicket), &encLen, + 1, et->enc_ticket, WOLFSSL_INTERNAL_TICKET_LEN, &encLen, SSL_TICKET_CTX(ssl)); } else { @@ -37438,13 +37899,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (ret != WOLFSSL_TICKET_RET_OK) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif goto error; } - if (encLen < (int)sizeof(InternalTicket) || + if (encLen < (int)WOLFSSL_INTERNAL_TICKET_LEN || encLen > (int)WOLFSSL_TICKET_ENC_SZ) { WOLFSSL_MSG("Bad user ticket encrypt size"); ret = BAD_TICKET_KEY_CB_SZ; @@ -37520,7 +37981,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("DoDecryptTicket"); if (len > SESSION_TICKET_LEN || - len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) { + len < (word32)(WOLFSSL_INTERNAL_TICKET_LEN + + WOLFSSL_TICKET_FIXED_SZ)) { WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); return WOLFSSL_TICKET_RET_REJECT; } @@ -37559,7 +38021,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (ret != WOLFSSL_TICKET_RET_OK) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -37568,7 +38030,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return WOLFSSL_TICKET_RET_REJECT; } } - if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) { + if (outLen > (int)inLen || outLen < (int)WOLFSSL_INTERNAL_TICKET_LEN) { WOLFSSL_MSG("Bad user ticket decrypt len"); WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); return BAD_TICKET_KEY_CB_SZ; @@ -37845,7 +38307,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif if (sess == NULL) { ret = TlsSessionCacheGetAndRdLock(id, &sess, &freeCtx->row, - ssl->options.side); + (byte)ssl->options.side); if (ret != 0) sess = NULL; } @@ -37967,6 +38429,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_START(WC_FUNC_TICKET_DO); WOLFSSL_ENTER("DoClientTicket"); +#ifdef HAVE_SECRET_CALLBACK + if (ssl->ticketParseCb != NULL) { + decryptRet = WOLFSSL_TICKET_RET_OK; + if (!ssl->ticketParseCb(ssl, input, len, ssl->ticketParseCtx)) { + /* Failure kills the connection */ + decryptRet = WOLFSSL_TICKET_RET_FATAL; + } + else { + if (wolfSSL_set_SessionTicket(ssl, input, len) != + WOLFSSL_SUCCESS) + decryptRet = WOLFSSL_TICKET_RET_REJECT; + } + goto cleanup; + } + else +#endif #ifdef WOLFSSL_TLS13 if (len == ID_LEN && IsAtLeastTLSv1_3(ssl->version)) { /* This is a stateful ticket. We can be sure about this because @@ -37981,7 +38459,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else #endif + if (len >= sizeof(*it)) decryptRet = DoDecryptTicket(ssl, input, len, &it); + else + WOLFSSL_MSG("Ticket is smaller than InternalTicket. Rejecting."); + if (decryptRet != WOLFSSL_TICKET_RET_OK && decryptRet != WOLFSSL_TICKET_RET_CREATE) { @@ -38057,7 +38539,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } length += ssl->session->ticketLen; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; if (!ssl->options.dtls) { if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) @@ -38099,7 +38581,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) { byte* input; - int inputSz = idx; /* build msg adds rec hdr */ + int inputSz = (int)idx; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; if (ssl->options.dtls) @@ -38120,7 +38602,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else { #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { - if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, session_ticket)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, session_ticket)) != 0) return ret; DtlsSEQIncrement(ssl, CUR_ORDER); @@ -38242,7 +38724,123 @@ static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx) wc_FreeRng(&keyCtx->rng); } -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ +#ifdef WOLFSSL_TICKET_ENC_CBC_HMAC +/* Ticket encryption/decryption implementation. + * + * @param [in] key Key for encryption/decryption and HMAC. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv IV/Nonce for encryption/decryption. + * @param [in] aad Additional authentication data. + * @param [in] aadSz Length of additional authentication data. + * @param [in] in Data to encrypt/decrypt. + * @param [in] inLen Length of encrypted data. + * @param [out] out Resulting data from encrypt/decrypt. + * @param [out] outLen Size of resulting data. + * @param [in] tag Authentication tag for encrypted data. + * @param [in] heap Dynamic memory allocation data hint. + * @param [in] enc 1 when encrypting, 0 when decrypting. + * @return 0 on success. + * @return Other value when encryption/decryption fails. + */ +static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz, + byte* in, int inLen, byte* out, int* outLen, byte* tag, + void* heap, int enc) +{ + int ret; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes; + Hmac* hmac; +#else + Aes aes[1]; + Hmac hmac[1]; +#endif + + (void)heap; + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (hmac == NULL) { + XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + XMEMSET(aes, 0, sizeof(Aes)); + XMEMSET(hmac, 0, sizeof(Hmac)); + + ret = wc_HmacInit(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0) { + ret = wc_HmacSetKey(hmac, WOLFSSL_TICKET_ENC_HMAC, key + keyLen - + WOLFSSL_TICKET_HMAC_KEY_SZ, WOLFSSL_TICKET_HMAC_KEY_SZ); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, aad, aadSz); + } + + if (ret == 0) { + if (enc) { + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, key, + keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, in, inLen); + } + if (ret == 0) { + ret = wc_AesCbcEncrypt(aes, in, out, inLen); + } + if (ret == 0) { + XMEMSET(tag, 0, WOLFSSL_TICKET_MAC_SZ); + ret = wc_HmacFinal(hmac, tag); + } + wc_AesFree(aes); + } + else { + unsigned char calcTag[WOLFSSL_TICKET_MAC_SZ]; + + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, key, + keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_DECRYPTION); + } + if (ret == 0) { + ret = wc_AesCbcDecrypt(aes, in, out, inLen); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, out, inLen); + } + if (ret == 0) { + XMEMSET(calcTag, 0, WOLFSSL_TICKET_MAC_SZ); + ret = wc_HmacFinal(hmac, calcTag); + } + if (ret == 0) { + int i; + calcTag[0] ^= tag[0]; + for (i = 1; i < WOLFSSL_TICKET_MAC_SZ; i++) { + calcTag[0] |= calcTag[i] ^ tag[i]; + } + /* Return a negative value when no match. */ + ret = -calcTag[0]; + } + wc_AesFree(aes); + } + } + wc_HmacFree(hmac); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + *outLen = inLen; + + return ret; +} +#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ !defined(WOLFSSL_TICKET_ENC_AES256_GCM) /* Ticket encryption/decryption implementation. @@ -38537,6 +39135,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_ENTER("DefTicketEncCb"); + if ((!enc) && (inLen != WOLFSSL_INTERNAL_TICKET_LEN)) { + return BUFFER_E; + } + /* Check we have setup the RNG, name and primary key. */ if (keyCtx->expirary[0] == 0) { #ifndef SINGLE_THREADED @@ -38774,7 +39376,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi; ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo; } - AddHeaders(output, length, hello_verify_request, ssl); + AddHeaders(output, (word32)length, hello_verify_request, ssl); output[idx++] = DTLS_MAJOR; output[idx++] = DTLS_MINOR; @@ -38858,6 +39460,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO); WOLFSSL_ENTER("DoClientKeyExchange"); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + #endif + #ifdef WOLFSSL_ASYNC_CRYPT if (ssl->async == NULL) { ssl->async = (struct WOLFSSL_ASYNC*) @@ -38869,7 +39475,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], args = (DckeArgs*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_dcke; @@ -39091,7 +39697,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { #if defined(WOLFSSL_EXTRA_ALERTS) || \ defined(WOLFSSL_PSK_IDENTITY_ALERT) SendAlert(ssl, alert_fatal, @@ -39183,9 +39789,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], input + args->idx, args->length, EC25519_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, @@ -39240,9 +39846,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], input + args->idx, args->length, EC448_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, @@ -39308,7 +39914,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke); } - ssl->arrays->preMasterSz = private_key->dp->size; + ssl->arrays->preMasterSz = (word32)private_key->dp->size; ssl->peerEccKeyPresent = 1; @@ -39485,9 +40091,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], input + args->idx, args->length, EC25519_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, @@ -39544,9 +40150,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], input + args->idx, args->length, EC448_LITTLE_ENDIAN)) != 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) SendAlert(ssl, alert_fatal, decode_error); - else if (ret == ECC_OUT_OF_RANGE_E) + else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E)) SendAlert(ssl, alert_fatal, bad_record_mac); else { SendAlert(ssl, alert_fatal, @@ -39647,10 +40253,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) goto exit_dcke; #endif - if (ret == BAD_FUNC_ARG) + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) goto exit_dcke; lenErrMask = 0 - (SECRET_LEN != args->sigSz); @@ -39713,7 +40319,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_SERVER_END ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { FreeKey(ssl, DYNAMIC_TYPE_ECC, @@ -39769,7 +40375,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_SERVER_END ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, @@ -39790,7 +40396,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_SERVER_END ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { FreeKey(ssl, DYNAMIC_TYPE_CURVE448, @@ -39934,7 +40540,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { #if defined(WOLFSSL_EXTRA_ALERTS) || \ defined(WOLFSSL_PSK_IDENTITY_ALERT) SendAlert(ssl, alert_fatal, @@ -39980,7 +40586,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { ERROR_OUT(PSK_KEY_ERROR, exit_dcke); } /* SERVER: Pre-shared Key for peer authentication. */ @@ -40052,11 +40658,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], exit_dcke: + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + } + else { + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + } + #endif + WOLFSSL_LEAVE("DoClientKeyExchange", ret); WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO); #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_client_key_exchange = 0; @@ -40148,7 +40764,8 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state) event = &asyncDev->event; ret = wolfAsync_EventPop(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL); - if (ret != WC_NO_PENDING_E && ret != WC_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E) && + ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { /* advance key share state if doesn't need called again */ if (state && (asyncDev->event.flags & WC_ASYNC_FLAG_CALL_AGAIN) == 0) { (*state)++; @@ -40161,7 +40778,7 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state) #if (defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)) && \ !defined(WOLFSSL_ASYNC_CRYPT_SW) && !defined(HAVE_INTEL_QA) && \ !defined(HAVE_CAVIUM) - else if (ret == WC_PENDING_E) { + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Allow the underlying crypto API to be called again to trigger the * crypto or PK callback. The actual callback must be called, since * the completion is not detected in the poll like Intel QAT or @@ -40529,9 +41146,7 @@ void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) wolfSSL_sk_BY_DIR_HASH_free(entry->hashes); } - if (entry->dir_name != NULL) { - XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); - } + XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL); } diff --git a/src/keys.c b/src/keys.c index fa04c4dbbd..3123a610e0 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,7 +105,7 @@ int SetCipherSpecs(WOLFSSL* ssl) * @param cipherSuite [in] * @param specs [out] CipherSpecs * @param opts [in/out] Options can be NULL - * @return + * @return int (less than 0 on fail, 0 on success) */ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, CipherSpecs* specs, Options* opts) @@ -672,7 +672,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; @@ -690,7 +690,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -708,7 +708,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1069,7 +1069,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1087,7 +1087,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1105,7 +1105,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; if (opts != NULL) @@ -1125,7 +1125,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; if (opts != NULL) @@ -1145,7 +1145,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1165,7 +1165,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1185,7 +1185,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1205,7 +1205,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_IMP_IV_SZ; + specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; if (opts != NULL) @@ -1330,7 +1330,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_NONCE_SZ; + specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; @@ -1348,7 +1348,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->block_size = AES_BLOCK_SIZE; - specs->iv_size = AESGCM_NONCE_SZ; + specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -1440,7 +1440,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = SM4_KEY_SIZE; specs->block_size = SM4_BLOCK_SIZE; - specs->iv_size = GCM_IMP_IV_SZ; + specs->iv_size = CCM_IMP_IV_SZ; specs->aead_mac_size = SM4_CCM_AUTH_SZ; break; @@ -3561,7 +3561,8 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); ret = ssl->ctx->EncryptKeysCb(ssl, ctx); } - if (!ssl->ctx->EncryptKeysCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->EncryptKeysCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif { ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, @@ -3668,7 +3669,8 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) /* TLS can call too */ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) { - int sz, i = 0; + size_t sz; + int i = 0; Keys* keys = &ssl->keys; #ifdef WOLFSSL_DTLS /* In case of DTLS, ssl->keys is updated here */ @@ -3712,7 +3714,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); #endif - i += sz; + i += (int)sz; } sz = ssl->specs.key_size; #ifdef WOLFSSL_DTLS @@ -3725,7 +3727,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) #endif XMEMCPY(keys->client_write_key, &keyData[i], sz); XMEMCPY(keys->server_write_key, &keyData[i], sz); - i += sz; + i += (int)sz; sz = ssl->specs.iv_size; #ifdef WOLFSSL_DTLS @@ -3767,7 +3769,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) #endif XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); #endif - i += sz; + i += (int)sz; } if (side & PROVISION_SERVER) { #ifndef WOLFSSL_AEAD_ONLY @@ -3778,7 +3780,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) #endif XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); #endif - i += sz; + i += (int)sz; } } sz = ssl->specs.key_size; @@ -3789,7 +3791,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) keys->client_write_key, sz); #endif XMEMCPY(keys->client_write_key, &keyData[i], sz); - i += sz; + i += (int)sz; } if (side & PROVISION_SERVER) { #ifdef WOLFSSL_DTLS @@ -3798,7 +3800,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) keys->server_write_key, sz); #endif XMEMCPY(keys->server_write_key, &keyData[i], sz); - i += sz; + i += (int)sz; } sz = ssl->specs.iv_size; @@ -3809,7 +3811,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) keys->client_write_IV, sz); #endif XMEMCPY(keys->client_write_IV, &keyData[i], sz); - i += sz; + i += (int)sz; } if (side & PROVISION_SERVER) { #ifdef WOLFSSL_DTLS @@ -3874,12 +3876,12 @@ int DeriveKeys(WOLFSSL* ssl) if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || keyData == NULL || md5 == NULL || sha == NULL) { - if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } @@ -4011,11 +4013,11 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || md5 == NULL || sha == NULL) { - if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } diff --git a/src/ocsp.c b/src/ocsp.c index c56ec22f1f..89a6f6ffb6 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -90,8 +90,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap) for (status = entry->status; status; status = next) { next = status->next; - if (status->rawOcspResponse) - XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS); #ifdef OPENSSL_EXTRA if (status->serialInt) { @@ -144,7 +143,7 @@ static int xstat2err(int st) int CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert, WOLFSSL* ssl) { - int ret = OCSP_LOOKUP_FAIL; + int ret = WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL); #ifdef WOLFSSL_SMALL_STACK OcspRequest* ocspRequest; @@ -227,7 +226,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, OcspEntry* entry, CertStatus** status, buffer* responseBuffer, void* heap) { - int ret = OCSP_INVALID_STATUS; + int ret = WC_NO_ERR_TRACE(OCSP_INVALID_STATUS); WOLFSSL_ENTER("GetOcspStatus"); @@ -241,7 +240,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, for (*status = entry->status; *status; *status = (*status)->next) if ((*status)->serialSz == request->serialSz - && !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz)) + && !XMEMCMP((*status)->serial, request->serial, (size_t)(*status)->serialSz)) break; if (responseBuffer && *status && !(*status)->rawOcspResponse) { @@ -251,10 +250,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, else if (*status) { #ifndef NO_ASN_TIME if (XVALIDATE_DATE((*status)->thisDate, - (*status)->thisDateFormat, BEFORE) + (*status)->thisDateFormat, ASN_BEFORE) && ((*status)->nextDate[0] != 0) && XVALIDATE_DATE((*status)->nextDate, - (*status)->nextDateFormat, AFTER)) + (*status)->nextDateFormat, ASN_AFTER)) #endif { ret = xstat2err((*status)->status); @@ -284,7 +283,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, * ocsp Context object for OCSP status. * response OCSP response message data. * responseSz Length of OCSP response message data. - * reponseBuffer Buffer object to return the response with. + * responseBuffer Buffer object to return the response with. * status The certificate status object. * entry The OCSP entry for this certificate. * ocspRequest Request corresponding to response. @@ -318,17 +317,22 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, DYNAMIC_TYPE_OCSP_REQUEST); if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) { - if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); - if (newSingle) XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_E; } #endif - InitOcspResponse(ocspResponse, newSingle, newStatus, response, responseSz, - ocsp->cm->heap); - + InitOcspResponse(ocspResponse, newSingle, newStatus, response, + (word32)responseSz, ocsp->cm->heap); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ocspRequest != NULL && ocspRequest->ssl != NULL && + TLSX_CSR2_IsMulti(((WOLFSSL*)ocspRequest->ssl)->extensions)) { + ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions); + } +#endif ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0); if (ret != 0) { ocsp->error = ret; @@ -350,12 +354,12 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, } if (responseBuffer) { - responseBuffer->buffer = (byte*)XMALLOC(responseSz, heap, + responseBuffer->buffer = (byte*)XMALLOC((size_t)responseSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (responseBuffer->buffer) { - responseBuffer->length = responseSz; - XMEMCPY(responseBuffer->buffer, response, responseSz); + responseBuffer->length = (unsigned int)responseSz; + XMEMCPY(responseBuffer->buffer, response, (size_t)responseSz); } } @@ -370,10 +374,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, } if (status != NULL) { - if (status->rawOcspResponse) { - XFREE(status->rawOcspResponse, ocsp->cm->heap, - DYNAMIC_TYPE_OCSP_STATUS); - } + XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); /* Replace existing certificate entry with updated */ ocspResponse->single->status->next = status->next; @@ -410,10 +411,10 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, if (ret == 0 && validated == 1) { WOLFSSL_MSG("New OcspResponse validated"); } - else if (ret == OCSP_CERT_REVOKED) { + else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)) { WOLFSSL_MSG("OCSP revoked"); } - else if (ret == OCSP_CERT_UNKNOWN) { + else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) { WOLFSSL_MSG("OCSP unknown"); } else { @@ -466,7 +467,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer, heap); - if (ret != OCSP_INVALID_STATUS) + if (ret != WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)) return ret; if (responseBuffer) { @@ -488,8 +489,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, ret = wolfSSL_get_ocsp_response(ssl, &response); ret = CheckOcspResponse(ocsp, response, ret, responseBuffer, status, entry, NULL, heap); - if (response != NULL) - XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); break; case SSL_TLSEXT_ERR_NOACK: ret = OCSP_LOOKUP_FAIL; @@ -522,13 +522,13 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, return 0; } - request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); + request = (byte*)XMALLOC((size_t)requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); if (request == NULL) { WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_ERROR; } - requestSz = EncodeOcspRequest(ocspRequest, request, requestSz); + requestSz = EncodeOcspRequest(ocspRequest, request, (word32)requestSz); if (requestSz > 0 && ocsp->cm->ocspIOCb) { responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz, request, requestSz, &response); @@ -555,7 +555,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert, - void* vp) { + void* vp, Signer* pendingCAs) { /* Attempt to build a chain up to cert's issuer */ WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; Signer* ca = NULL; @@ -574,8 +574,16 @@ static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert, /* End loop if no more issuers found or if we have found a self * signed cert (ca == prev) */ - for (ca = GetCAByName(cm, single->issuerHash); ca != NULL && ca != prev; - prev = ca, ca = GetCAByName(cm, ca->issuerNameHash)) { + ca = GetCAByName(cm, single->issuerHash); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ca == NULL && pendingCAs != NULL) { + ca = findSignerByName(pendingCAs, single->issuerHash); + } +#else + (void)pendingCAs; +#endif + for (; ca != NULL && ca != prev; + prev = ca) { if (XMEMCMP(cert->issuerHash, ca->issuerNameHash, OCSP_DIGEST_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by authorized " @@ -584,6 +592,12 @@ static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert, passed = 1; break; } + ca = GetCAByName(cm, ca->issuerNameHash); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ca == NULL && pendingCAs != NULL) { + ca = findSignerByName(pendingCAs, single->issuerHash); + } +#endif } return passed; } @@ -632,7 +646,7 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK else if (vp != NULL) { - passed = CheckOcspResponderChain(single, cert, vp); + passed = CheckOcspResponderChain(single, cert, vp, bs->pendingCAs); } #endif } @@ -649,8 +663,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) return ret; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) + +/* compatibility layer OCSP functions */ +#ifdef OPENSSL_EXTRA int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd, @@ -663,7 +678,7 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, single = bs->single; while (single != NULL) { - if ((XMEMCMP(single->status->serial, id->status->serial, single->status->serialSz) == 0) + if ((XMEMCMP(single->status->serial, id->status->serial, (size_t)single->status->serialSz) == 0) && (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0) && (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) { break; @@ -676,10 +691,17 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, if (status != NULL) *status = single->status->status; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; +#else + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; +#endif /* TODO: Not needed for Nginx or httpd */ if (reason != NULL) @@ -783,14 +805,14 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( InitDecodedCert(cert, subject->derCert->buffer, subject->derCert->length, NULL); - if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { + if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL) != 0) { FreeDecodedCert(cert); goto out; } else { XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE); XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE); - XMEMCPY(certId->status->serial, cert->serial, cert->serialSz); + XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz); certId->status->serialSz = cert->serialSz; FreeDecodedCert(cert); } @@ -802,16 +824,15 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (ret != 0) { if (derCert != NULL) FreeDer(&derCert); - if (certId != NULL) { + if (cm != NULL) { XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL); certId = NULL; - } - if (certStatus) XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL); + } } #ifdef WOLFSSL_SMALL_STACK - if (cert != NULL) + if (cm != NULL) XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); #endif @@ -853,10 +874,8 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, return WOLFSSL_FAILURE; #endif -#ifdef OPENSSL_EXTRA if (bs->verifyError != OCSP_VERIFY_ERROR_NONE) goto out; -#endif if (flags & OCSP_TRUSTOTHER) { for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) { @@ -864,7 +883,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, int derSz = 0; const byte* der = wolfSSL_X509_get_der(x, &derSz); if (der != NULL && derSz == (int)bs->certSz && - XMEMCMP(bs->cert, der, derSz) == 0) { + XMEMCMP(bs->cert, der, (size_t)derSz) == 0) { ret = WOLFSSL_SUCCESS; goto out; } @@ -873,7 +892,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, InitDecodedCert(cert, bs->cert, bs->certSz, NULL); certInit = 1; - if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm) < 0) + if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0) goto out; if (!(flags & OCSP_NOCHECKS)) { @@ -903,8 +922,7 @@ void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response) XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); } - if (response->source != NULL) - XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -933,18 +951,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, long fcur; long flen; - if (bio->ptr == NULL) + if (bio->ptr.fh == NULL) return NULL; - fcur = XFTELL((XFILE)bio->ptr); + fcur = XFTELL(bio->ptr.fh); if (fcur < 0) return NULL; - if(XFSEEK((XFILE)bio->ptr, 0, SEEK_END) != 0) + if(XFSEEK(bio->ptr.fh, 0, SEEK_END) != 0) return NULL; - flen = XFTELL((XFILE)bio->ptr); + flen = XFTELL(bio->ptr.fh); if (flen < 0) return NULL; - if (XFSEEK((XFILE)bio->ptr, fcur, SEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, fcur, SEEK_SET) != 0) return NULL; /* check calculated length */ @@ -952,7 +970,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, if (fcur > MAX_WOLFSSL_FILE_SIZE || fcur <= 0) return NULL; - data = (byte*)XMALLOC(fcur, 0, DYNAMIC_TYPE_TMP_BUFFER); + data = (byte*)XMALLOC((size_t)fcur, 0, DYNAMIC_TYPE_TMP_BUFFER); if (data == NULL) return NULL; dataAlloced = 1; @@ -997,7 +1015,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, XMEMSET(resp, 0, sizeof(OcspResponse)); } - resp->source = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (resp->source == NULL) { XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); return NULL; @@ -1021,19 +1039,19 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, } XMEMSET(resp->single->status, 0, sizeof(CertStatus)); - XMEMCPY(resp->source, *data, len); - resp->maxIdx = len; + XMEMCPY(resp->source, *data, (size_t)len); + resp->maxIdx = (word32)len; ret = OcspResponseDecode(resp, NULL, NULL, 1); - if (ret != 0 && ret != ASN_OCSP_CONFIRM_E) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) { /* for just converting from a DER to an internal structure the CA may * not yet be known to this function for signature verification */ wolfSSL_OCSP_RESPONSE_free(resp); return NULL; } - if (GetSequence(*data, &idx, &length, len) >= 0) - (*data) += idx + length; + if (GetSequence(*data, &idx, &length, (word32)len) >= 0) + (*data) += (unsigned char) ((int)idx + length); return resp; } @@ -1042,10 +1060,10 @@ int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, unsigned char** data) { if (data == NULL) - return response->maxIdx; + return (int)response->maxIdx; XMEMCPY(*data, response->source, response->maxIdx); - return response->maxIdx; + return (int)response->maxIdx; } int wolfSSL_OCSP_response_status(OcspResponse *response) @@ -1087,10 +1105,8 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response) DYNAMIC_TYPE_OCSP_ENTRY); bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (bs->single == NULL || bs->source == NULL) { - if (bs->single) { - XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - bs->single = NULL; - } + XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + bs->single = NULL; wolfSSL_OCSP_RESPONSE_free(bs); bs = NULL; } @@ -1128,7 +1144,7 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data) if (size <= 0 || data == NULL) return size; - return EncodeOcspRequest(request, *data, size); + return EncodeOcspRequest(request, *data, (word32) size); } WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, @@ -1145,14 +1161,13 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE); if (cid->status->serialSz > req->serialSz) { - if (req->serial != NULL) - XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); - req->serial = (byte*)XMALLOC(cid->status->serialSz, + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); + req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (req->serial == NULL) return NULL; } - XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz); + XMEMCPY(req->serial, cid->status->serial, (size_t)cid->status->serialSz); req->serialSz = cid->status->serialSz; return req; @@ -1172,9 +1187,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id) } return certId; } -#endif -#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY) #ifndef NO_BIO int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req) @@ -1188,7 +1201,7 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, size = wolfSSL_i2d_OCSP_REQUEST(req, NULL); if (size > 0) { - data = (unsigned char*) XMALLOC(size, out->heap, + data = (unsigned char*) XMALLOC((size_t)size, out->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -1217,15 +1230,15 @@ int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data) return WOLFSSL_FAILURE; if (*data != NULL) { - XMEMCPY(*data, id->rawCertId, id->rawCertIdSize); + XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize); *data = *data + id->rawCertIdSize; } else { - *data = (unsigned char*)XMALLOC(id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL); + *data = (unsigned char*)XMALLOC((size_t)id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL); if (*data == NULL) { return WOLFSSL_FAILURE; } - XMEMCPY(*data, id->rawCertId, id->rawCertIdSize); + XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize); } return id->rawCertIdSize; @@ -1254,9 +1267,9 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, } if (cid != NULL) { - cid->rawCertId = (byte*)XMALLOC(length + 1, NULL, DYNAMIC_TYPE_OPENSSL); + cid->rawCertId = (byte*)XMALLOC((size_t)length + 1, NULL, DYNAMIC_TYPE_OPENSSL); if (cid->rawCertId != NULL) { - XMEMCPY(cid->rawCertId, *derIn, length); + XMEMCPY(cid->rawCertId, *derIn, (size_t)length); cid->rawCertIdSize = length; /* Per spec. advance past the data that is being returned @@ -1276,7 +1289,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, return NULL; } -const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) +const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( + const WOLFSSL_OCSP_SINGLERESP *single) { return single; } @@ -1303,7 +1317,7 @@ int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b) if (a->status != NULL && b->status != NULL) { if (a->status->serialSz == b->status->serialSz) ret = XMEMCMP(a->status->serial, b->status->serial, - a->status->serialSz); + (size_t)a->status->serialSz); else ret = -1; } @@ -1324,11 +1338,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, if (single == NULL) return WOLFSSL_FAILURE; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; - +#else + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; +#endif if (reason != NULL) *reason = 0; if (revtime != NULL) @@ -1373,9 +1393,6 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int return single; } -#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */ - -#ifdef OPENSSL_EXTRA #ifndef NO_WOLFSSL_STUB int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx) @@ -1432,13 +1449,13 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, if (cid->status->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) { /* allocate data buffer, +2 for type and length */ - ser->data = (unsigned char*)XMALLOC(cid->status->serialSz + 2, NULL, + ser->data = (unsigned char*)XMALLOC((size_t)cid->status->serialSz + 2, NULL, DYNAMIC_TYPE_OPENSSL); if (ser->data == NULL) { wolfSSL_ASN1_INTEGER_free(ser); return 0; } - ser->dataMax = cid->status->serialSz + 2; + ser->dataMax = (unsigned int)cid->status->serialSz + 2; ser->isDynamic = 1; } else { /* Use array instead of dynamic memory */ @@ -1448,12 +1465,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Serial number starts at 0 index of ser->data */ - XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = cid->status->serialSz; #else ser->data[i++] = ASN_INTEGER; i += SetLength(cid->status->serialSz, ser->data + i); - XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = i + cid->status->serialSz; #endif @@ -1493,7 +1512,7 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, sz = MAX_OCSP_NONCE_SZ; if (val != NULL) { - XMEMCPY(req->nonce, val, sz); + XMEMCPY(req->nonce, val, (size_t)sz); } else { if ( @@ -1506,7 +1525,7 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, WOLFSSL_MSG("RNG init failed"); return WOLFSSL_FAILURE; } - if (wc_RNG_GenerateBlock(&rng, req->nonce, sz) != 0) { + if (wc_RNG_GenerateBlock(&rng, req->nonce, (word32)sz) != 0) { WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); wc_FreeRng(&rng); return WOLFSSL_FAILURE; @@ -1559,7 +1578,7 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs) /* nonces are present and equal, return 1. Extra NULL check for fixing scan-build warning. */ if (reqNonceSz == rspNonceSz && reqNonce && rspNonce) { - if (XMEMCMP(reqNonce, rspNonce, reqNonceSz) == 0) + if (XMEMCMP(reqNonce, rspNonce, (size_t)reqNonceSz) == 0) return 1; } diff --git a/src/pk.c b/src/pk.c index d7d32dd528..34e2727844 100644 --- a/src/pk.c +++ b/src/pk.c @@ -1,6 +1,6 @@ /* pk.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,13 +25,19 @@ #include - #include +#include #ifndef WC_NO_RNG #include #endif #ifdef HAVE_ECC #include + #ifdef HAVE_SELFTEST + /* point compression types. */ + #define ECC_POINT_COMP_EVEN 0x02 + #define ECC_POINT_COMP_ODD 0x03 + #define ECC_POINT_UNCOMP 0x04 + #endif #endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ @@ -49,14 +55,6 @@ #include #endif -#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \ - (defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST))) -/* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY. - * Implementation in ssl.c. - */ -static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); -#endif - /******************************************************************************* * COMMON FUNCTIONS ******************************************************************************/ @@ -167,8 +165,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb, /* Write left over data back to BIO if not a file BIO */ if ((ret > 0) && ((memSz - ret) > 0) && (bio->type != WOLFSSL_BIO_FILE)) { - int res; - res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret); + int res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret); if (res != memSz - ret) { WOLFSSL_ERROR_MSG("Unable to write back excess data"); if (res < 0) { @@ -180,7 +177,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb, } } if (alloced) { - XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER); } } @@ -229,33 +226,36 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass, * @param [in] heap Heap hint for dynamic memory allocation. * @param [out] out Allocated buffer containing PEM. * @param [out] outSz Size of PEM encoding. - * @return WOLFSSL_FAILURE on error. - * @return WOLFSSL_SUCCESS on success. + * @return 1 on success. + * @return 0 on error. */ static int der_to_pem_alloc(const unsigned char* der, int derSz, int type, void* heap, byte** out, int* outSz) { - int ret = WOLFSSL_SUCCESS; + int ret = 1; int pemSz; byte* pem = NULL; (void)heap; + /* Convert DER to PEM - to get size. */ pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, type); if (pemSz < 0) { - ret = WOLFSSL_FAILURE; + ret = 0; } - if (ret == WOLFSSL_SUCCESS) { + if (ret == 1) { + /* Allocate memory for PEM to be encoded into. */ pem = (byte*)XMALLOC((size_t)pemSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - ret = WOLFSSL_FAILURE; + ret = 0; } } - if ((ret == WOLFSSL_SUCCESS) && (wc_DerToPem(der, (word32)derSz, pem, - (word32)pemSz, type) < 0)) { - ret = WOLFSSL_FAILURE; + /* Convert DER to PEM. */ + if ((ret == 1) && (wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, + type) < 0)) { + ret = 0; XFREE(pem, heap, DYNAMIC_TYPE_TMP_BUFFER); pem = NULL; } @@ -272,8 +272,8 @@ static int der_to_pem_alloc(const unsigned char* der, int derSz, int type, * @param [in] derSz Size of DER data in bytes. * @param [in, out] bio BIO object to write with. * @param [in] type Type of key being encoded. - * @return WOLFSSL_FAILURE on error. - * @return WOLFSSL_SUCCESS on success. + * @return 1 on success. + * @return 0 on error. */ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz, WOLFSSL_BIO* bio, int type) @@ -283,11 +283,11 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz, byte* pem = NULL; ret = der_to_pem_alloc(der, derSz, type, bio->heap, &pem, &pemSz); - if (ret == WOLFSSL_SUCCESS) { + if (ret == 1) { int len = wolfSSL_BIO_write(bio, pem, pemSz); if (len != pemSz) { WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO"); - ret = WOLFSSL_FAILURE; + ret = 0; } } @@ -308,8 +308,8 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz, * @param [in] fp File pointer to write with. * @param [in] type Type of key being encoded. * @param [in] heap Heap hint for dynamic memory allocation. - * @return WOLFSSL_FAILURE on error. - * @return WOLFSSL_SUCCESS on success. + * @return 1 on success. + * @return 0 on error. */ static int der_write_to_file_as_pem(const unsigned char* der, int derSz, XFILE fp, int type, void* heap) @@ -319,11 +319,11 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz, byte* pem = NULL; ret = der_to_pem_alloc(der, derSz, type, heap, &pem, &pemSz); - if (ret == WOLFSSL_SUCCESS) { + if (ret == 1) { int len = (int)XFWRITE(pem, 1, (size_t)pemSz, fp); if (len != pemSz) { WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO"); - ret = WOLFSSL_FAILURE; + ret = 0; } } @@ -333,9 +333,154 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz, #endif #endif +#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) +/* Encrypt private key into PEM format. + * + * DER is encrypted in place. + * + * @param [in] der DER encoding of private key. + * @param [in] derSz Size of DER in bytes. + * @param [in] cipher EVP cipher. + * @param [in] passwd Password to use with encryption. + * @param [in] passedSz Size of password in bytes. + * @param [out] cipherInfo PEM cipher information lines. + * @param [in] maxDerSz Maximum size of DER buffer. + * @return 1 on success. + * @return 0 on error. + */ +int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, + unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz) +{ + int ret = 0; + int paddingSz = 0; + word32 idx; + word32 cipherInfoSz; +#ifdef WOLFSSL_SMALL_STACK + EncryptedInfo* info = NULL; +#else + EncryptedInfo info[1]; +#endif + + WOLFSSL_ENTER("EncryptDerKey"); + + /* Validate parameters. */ + if ((der == NULL) || (derSz == NULL) || (cipher == NULL) || + (passwd == NULL) || (cipherInfo == NULL)) { + ret = BAD_FUNC_ARG; + } + + #ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + /* Allocate encrypted info. */ + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, + DYNAMIC_TYPE_ENCRYPTEDINFO); + if (info == NULL) { + WOLFSSL_MSG("malloc failed"); + ret = MEMORY_E; + } + } + #endif + if (ret == 0) { + /* Clear the encrypted info and set name. */ + XMEMSET(info, 0, sizeof(EncryptedInfo)); + XSTRNCPY(info->name, cipher, NAME_SZ - 1); + info->name[NAME_SZ - 1] = '\0'; /* null term */ + + /* Get encrypted info from name. */ + ret = wc_EncryptedInfoGet(info, info->name); + if (ret != 0) { + WOLFSSL_MSG("unsupported cipher"); + } + } + + if (ret == 0) { + /* Generate a random salt. */ + if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) { + WOLFSSL_MSG("generate iv failed"); + ret = -1; + } + } + + if (ret == 0) { + /* Calculate padding size - always a padding block. */ + paddingSz = info->ivSz - ((*derSz) % info->ivSz); + /* Check der is big enough. */ + if (maxDerSz < (*derSz) + paddingSz) { + WOLFSSL_MSG("not enough DER buffer allocated"); + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + /* Set padding bytes to padding length. */ + XMEMSET(der + (*derSz), (byte)paddingSz, paddingSz); + /* Add padding to DER size. */ + (*derSz) += (int)paddingSz; + + /* Encrypt DER buffer. */ + ret = wc_BufferKeyEncrypt(info, der, (word32)*derSz, passwd, passwdSz, + WC_MD5); + if (ret != 0) { + WOLFSSL_MSG("encrypt key failed"); + } + } + + if (ret == 0) { + /* Create cipher info : 'cipher_name,Salt(hex)' */ + cipherInfoSz = (word32)(2 * info->ivSz + XSTRLEN(info->name) + 2); + /* Allocate memory for PEM encryption lines. */ + *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL, DYNAMIC_TYPE_STRING); + if (*cipherInfo == NULL) { + WOLFSSL_MSG("malloc failed"); + ret = MEMORY_E; + } + } + if (ret == 0) { + /* Copy in name and add on comma. */ + XSTRLCPY((char*)*cipherInfo, info->name, cipherInfoSz); + XSTRLCAT((char*)*cipherInfo, ",", cipherInfoSz); + + /* Find end of string. */ + idx = (word32)XSTRLEN((char*)*cipherInfo); + /* Calculate remaining bytes. */ + cipherInfoSz -= idx; + + /* Encode IV into PEM encryption lines. */ + ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo + idx, + &cipherInfoSz); + if (ret != 0) { + WOLFSSL_MSG("Base16_Encode failed"); + XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING); + *cipherInfo = NULL; + } + } + +#ifdef WOLFSSL_SMALL_STACK + /* Free dynamically allocated info. */ + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); +#endif + return ret == 0; +} +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ + + #if defined(WOLFSSL_KEY_GEN) && \ (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) +/* Encrypt the DER in PEM format. + * + * @param [in] der DER encoded private key. + * @param [in] derSz Size of DER in bytes. + * @param [in] cipher EVP cipher. + * @param [in] passwd Password to use in encryption. + * @param [in] passwdSz Size of password in bytes. + * @param [in] type PEM type of write out. + * @param [in] heap Dynamic memory hint. + * @param [out] out Allocated buffer containing PEM encoding. + * heap was NULL and dynamic type is DYNAMIC_TYPE_KEY. + * @param [out] outSz Size of PEM encoding in bytes. + * @return 1 on success. + * @return 0 on failure. + */ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type, void* heap, byte** out, int* outSz) @@ -736,8 +881,11 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name, #endif /* XSNPRINTF && !NO_BIO && !NO_RSA */ -#if !defined(NO_RSA) || (!defined(NO_DH) && !defined(NO_CERTS) && \ - defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || defined(HAVE_ECC) +#endif /* OPENSSL_EXTRA */ + +#if !defined(NO_CERTS) || (defined(OPENSSL_EXTRA) && (!defined(NO_RSA) || \ + (!defined(NO_DH) && defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || \ + defined(HAVE_ECC))) /* Uses the DER SEQUENCE to determine size of DER data. * @@ -765,9 +913,7 @@ static int wolfssl_der_length(const unsigned char* seq, int len) return ret; } -#endif /* !NO_RSA */ - -#endif /* OPENSSL_EXTRA */ +#endif /******************************************************************************* * START OF RSA API @@ -1659,7 +1805,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, rsa->pkcs8HeaderSz = (word16)idx; } /* When decoding and not PKCS#8, return will be ASN_PARSE_E. */ - else if (res != ASN_PARSE_E) { + else if (res != WC_NO_ERR_TRACE(ASN_PARSE_E)) { /* Something went wrong while decoding. */ WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 " "header"); @@ -1787,7 +1933,7 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) ret = 0; } if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, - PUBLICKEY_TYPE) != WOLFSSL_SUCCESS)) { + PUBLICKEY_TYPE) != 1)) { ret = 0; } @@ -1832,7 +1978,7 @@ static int wolfssl_pem_write_rsa_public_key(XFILE fp, WOLFSSL_RSA* rsa, ret = 0; } if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, type, - rsa->heap) != WOLFSSL_SUCCESS)) { + rsa->heap) != 1)) { ret = 0; } @@ -2559,7 +2705,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) } /* Copy down d mod q-1 if available. */ - if ((ret == 1) && (rsa->dmp1 != NULL) && + if ((ret == 1) && (rsa->dmq1 != NULL) && (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) { WOLFSSL_ERROR_MSG("rsa dQ key error"); ret = -1; @@ -3128,6 +3274,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, #endif int initTmpRng = 0; WC_RNG* rng = NULL; + long en; #endif (void)cb; @@ -3141,10 +3288,12 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, /* Something went wrong so return memory error. */ ret = MEMORY_E; } + if ((ret == 0) && ((en = (long)wolfSSL_BN_get_word(e)) <= 0)) { + ret = BAD_FUNC_ARG; + } if (ret == 0) { /* Generate an RSA key. */ - ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, - (long)wolfSSL_BN_get_word(e), rng); + ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, en, rng); if (ret != MP_OKAY) { WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed"); } @@ -3239,7 +3388,7 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int bits, unsigned long e, ret = wolfssl_rsa_generate_key_native(rsa, bits, bn, NULL); #ifdef HAVE_FIPS /* Keep trying if failed to find a prime. */ - if (ret == PRIME_GEN_E) { + if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { continue; } #endif @@ -3290,7 +3439,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, int gen_ret = wolfssl_rsa_generate_key_native(rsa, bits, e, cb); #ifdef HAVE_FIPS /* Keep trying again if public key value didn't work. */ - if (gen_ret == PRIME_GEN_E) { + if (gen_ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { continue; } #endif @@ -3419,7 +3568,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, if (ret == 1) { /* Get length of RSA key - encrypted message length. */ emLen = wolfSSL_RSA_size(rsa); - if (ret <= 0) { + if (emLen <= 0) { WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error"); ret = 0; } @@ -4542,8 +4691,9 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) mp_clear(t); #ifdef WOLFSSL_SMALL_STACK - if (tmp != NULL) + if (rsa != NULL) { XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #endif return ret; @@ -5468,7 +5618,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, } #endif /* !HAVE_SELFTEST */ -WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, +int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, unsigned char** out) { int ret = 0; @@ -5485,7 +5635,7 @@ WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, if (ret == 0) { key = (DsaKey*)dsa->internal; ret = wc_DsaKeyToParamsDer_ex(key, NULL, &derLen); - if (ret == LENGTH_ONLY_E) { + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { ret = 0; } } @@ -5577,99 +5727,115 @@ WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der, * Returns 1 or 0 */ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, - const EVP_CIPHER* cipher, - unsigned char* passwd, int len, - wc_pem_password_cb* cb, void* arg) + const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + wc_pem_password_cb* cb, void* arg) { - int ret = 0, der_max_len = 0, derSz = 0; - byte *derBuf; - WOLFSSL_EVP_PKEY* pkey; + int ret = 1; + byte *pem = NULL; + int pLen = 0; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSAPrivateKey"); - if (bio == NULL || dsa == NULL) { + (void)cb; + (void)arg; + + /* Validate parameters. */ + if ((bio == NULL) || (dsa == NULL)) { WOLFSSL_MSG("Bad Function Arguments"); - return 0; + ret = 0; } - pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); - if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); - return 0; + if (ret == 1) { + ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, cipher, passwd, passwdSz, + &pem, &pLen); } - pkey->type = EVP_PKEY_DSA; - pkey->dsa = dsa; - pkey->ownDsa = 0; + /* Write PEM to BIO. */ + if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) { + WOLFSSL_ERROR_MSG("DSA private key BIO write failed"); + ret = 0; + } - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - der_max_len = MAX_DSA_PRIVKEY_SZ; + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + return ret; +} - derBuf = (byte*)XMALLOC((size_t)der_max_len, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("Malloc failed"); - wolfSSL_EVP_PKEY_free(pkey); - return 0; - } +#ifndef HAVE_SELFTEST +/* Encode the DSA public key as DER. + * + * @param [in] key DSA key to encode. + * @param [out] der Pointer through which buffer is returned. + * @param [in] heap Heap hint. + * @return Size of encoding on success. + * @return 0 on error. + */ +static int wolfssl_dsa_key_to_pubkey_der(WOLFSSL_DSA* key, unsigned char** der, + void* heap) +{ + int sz; + unsigned char* buf = NULL; - /* convert key to der format */ - derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, (word32)der_max_len); - if (derSz < 0) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - return 0; + /* Use maximum encoded size to allocate. */ + sz = MAX_DSA_PUBKEY_SZ; + /* Allocate memory to hold encoding. */ + buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + WOLFSSL_MSG("malloc failed"); + sz = 0; } - - pkey->pkey.ptr = (char*)XMALLOC((size_t)derSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - return 0; + if (sz > 0) { + /* Encode public key to DER using wolfSSL. */ + sz = wc_DsaKeyToPublicDer((DsaKey*)key->internal, buf, (word32)sz); + if (sz < 0) { + WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); + sz = 0; + } } - /* add der info to the evp key */ - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, (size_t)derSz); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - - ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len, - cb, arg); - wolfSSL_EVP_PKEY_free(pkey); + /* Return buffer on success. */ + if (sz > 0) { + *der = buf; + } + else { + /* Dispose of any dynamically allocated data not returned. */ + XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); + } - return ret; + return sz; } -#ifndef HAVE_SELFTEST /* Takes a DSA public key and writes it out to a WOLFSSL_BIO * Returns 1 or 0 */ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) { - int ret = 0; - WOLFSSL_EVP_PKEY* pkey; + int ret = 1; + unsigned char* derBuf = NULL; + int derSz = 0; + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY"); - if (bio == NULL || dsa == NULL) { - WOLFSSL_MSG("Bad function arguments"); + /* Validate parameters. */ + if ((bio == NULL) || (dsa == NULL)) { + WOLFSSL_MSG("Bad Function Arguments"); return 0; } - pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); - if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); - return 0; + /* Encode public key in EC key as DER. */ + derSz = wolfssl_dsa_key_to_pubkey_der(dsa, &derBuf, bio->heap); + if (derSz == 0) { + ret = 0; } - pkey->type = EVP_PKEY_DSA; - pkey->dsa = dsa; - pkey->ownDsa = 0; + /* Write out to BIO the PEM encoding of the DSA public key. */ + if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, + PUBLICKEY_TYPE) != 1)) { + ret = 0; + } + + /* Dispose of any dynamically allocated data. */ + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - ret = pem_write_bio_pubkey(bio, pkey); - wolfSSL_EVP_PKEY_free(pkey); return ret; } #endif /* HAVE_SELFTEST */ @@ -5749,8 +5915,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return 0; } @@ -5761,13 +5926,11 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, WOLFSSL_MSG("wc_DerToPemEx failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return 0; } XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); *pem = (byte*)XMALLOC((size_t)((*pLen)+1), NULL, DYNAMIC_TYPE_KEY); if (*pem == NULL) { @@ -7118,7 +7281,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) #ifndef NO_CERTS -/* Load the DER encoded DH parameters/key into DH key. +/* Load the DER encoded DH parameters into DH key. * * @param [in, out] dh DH key to load parameters into. * @param [in] der Buffer holding DER encoded parameters data. @@ -7129,7 +7292,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) * @return 0 on success. * @return 1 when decoding DER or setting the external key fails. */ -static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der, +static int wolfssl_dh_load_params(WOLFSSL_DH* dh, const unsigned char* der, word32* idx, word32 derSz) { int err = 0; @@ -7242,7 +7405,7 @@ WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp, WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed"); err = 1; } - if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx, + if ((!err) && (wolfssl_dh_load_params(newDh, *pp, &idx, (word32)length) != 0)) { WOLFSSL_ERROR_MSG("Loading DH parameters failed"); err = 1; @@ -7305,7 +7468,7 @@ int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out) *out += len; } /* An error occurred unless only length returned. */ - else if (ret != LENGTH_ONLY_E) { + else if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { err = 1; } } @@ -7402,7 +7565,7 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz) ret = -1; } - if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx, + if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx, (word32)derSz) != 0)) { WOLFSSL_ERROR_MSG("DH key decode failed"); ret = -1; @@ -7455,7 +7618,7 @@ static WOLFSSL_DH *wolfssl_dhparams_read_pem(WOLFSSL_DH **dh, } if (memAlloced) { /* PEM data no longer needed. */ - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (!err) { @@ -7610,7 +7773,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, /* Use wolfSSL API to get length of DER encode DH parameters. */ key = (DhKey*)dh->internal; ret = wc_DhParamsToDer(key, NULL, &derSz); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_ERROR_MSG("Failed to get size of DH params"); err = 1; } @@ -7637,9 +7800,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, *out = der; der = NULL; } - if (der != NULL) { - XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -7681,7 +7842,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) } } if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, - DH_PARAM_TYPE, NULL) != WOLFSSL_SUCCESS)) { + DH_PARAM_TYPE, NULL) != 1)) { ret = 0; } @@ -8569,7 +8730,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, if (ret == 0) { /* Get the public key into the array. */ pubSz = wolfSSL_BN_bn2bin(otherPub, pub); - if (privSz <= 0) { + if (pubSz <= 0) { ret = -1; } } @@ -9715,7 +9876,6 @@ void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point) #endif } -#ifndef HAVE_SELFTEST /* Convert EC point to hex string that as either uncompressed or compressed. * * ECC point compression types were not included in selftest ecc.h @@ -9828,7 +9988,100 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, return hex; } -#endif /* HAVE_SELFTEST */ +static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz) +{ + word32 i; + for (i = 0; i < sz; i++) { + signed char ch1, ch2; + ch1 = HexCharToByte(hex[i * 2]); + ch2 = HexCharToByte(hex[i * 2 + 1]); + if ((ch1 < 0) || (ch2 < 0)) { + WOLFSSL_MSG("hex_to_bytes: syntax error"); + return 0; + } + output[i] = (unsigned char)((ch1 << 4) + ch2); + } + return sz; +} + +WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group, + const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx) +{ + /* for uncompressed mode */ + size_t str_sz; + BIGNUM *Gx = NULL; + BIGNUM *Gy = NULL; + char strGx[MAX_ECC_BYTES * 2 + 1]; + + /* for compressed mode */ + int key_sz; + byte *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */ + + int p_alloc = 0; + int ret; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_hex2point"); + + if (group == NULL || hex == NULL || ctx == NULL) + return NULL; + + if (p == NULL) { + if ((p = wolfSSL_EC_POINT_new(group)) == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new"); + goto err; + } + p_alloc = 1; + } + + key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8; + if (hex[0] == '0' && hex[1] == '4') { /* uncompressed mode */ + str_sz = key_sz * 2; + + XMEMSET(strGx, 0x0, str_sz + 1); + XMEMCPY(strGx, hex + 2, str_sz); + + if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0) + goto err; + + if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0) + goto err; + + ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp + (group, p, Gx, Gy, ctx); + + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp"); + goto err; + } + } + else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) { + size_t sz = XSTRLEN(hex + 2) / 2; + /* compressed mode */ + octGx[0] = ECC_POINT_COMP_ODD; + if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) { + goto err; + } + if (wolfSSL_ECPoint_d2i(octGx, key_sz + 1, group, p) + != WOLFSSL_SUCCESS) { + goto err; + } + } + else + goto err; + + wolfSSL_BN_free(Gx); + wolfSSL_BN_free(Gy); + return p; + +err: + wolfSSL_BN_free(Gx); + wolfSSL_BN_free(Gy); + if (p_alloc) { + EC_POINT_free(p); + } + return NULL; + +} /* Encode the EC point as an uncompressed point in DER. * @@ -9871,7 +10124,8 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, int ret = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)point->internal, out, len); /* Check return. When out is NULL, return will be length only error. */ - if ((ret != MP_OKAY) && ((out != NULL) || (ret != LENGTH_ONLY_E))) { + if ((ret != MP_OKAY) && ((out != NULL) || + (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)))) { WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); res = 0; } @@ -11549,7 +11803,8 @@ static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src) if (ret == 0) { /* Copy private key. */ - ret = mp_copy(wc_ecc_key_get_priv(src), wc_ecc_key_get_priv(dst)); + ret = mp_copy(wc_ecc_key_get_priv((ecc_key*)src), + wc_ecc_key_get_priv(dst)); if (ret != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); } @@ -12005,7 +12260,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, res = 1; } /* Error out on parsing error. */ - else if (ret != ASN_PARSE_E) { + else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); res = -1; } @@ -12076,12 +12331,9 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, * EC key PEM APIs */ -#if (defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM)) || \ - (!defined(NO_BIO) && (defined(WOLFSSL_KEY_GEN) || \ - defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT))) +#ifdef HAVE_ECC_KEY_EXPORT +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_FILESYSTEM) || !defined(NO_BIO)) /* Encode the EC public key as DER. - * - * Also used by pem_write_pubkey(). * * @param [in] key EC key to encode. * @param [out] der Pointer through which buffer is returned. @@ -12176,6 +12428,7 @@ int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key) return ret; } #endif +#endif #ifndef NO_BIO /* Read a PEM encoded EC public key from a BIO. @@ -12302,7 +12555,7 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, } #endif /* !NO_BIO */ -#if defined(WOLFSSL_KEY_GEN) +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC_KEY_EXPORT) #ifndef NO_BIO /* Write out the EC public key as PEM to the BIO. * @@ -12331,7 +12584,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) ret = 0; } - /* Write out to BIO the PEM encoding of the EC private key. */ + /* Write out to BIO the PEM encoding of the EC public key. */ if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, ECC_PUBLICKEY_TYPE) != 1)) { ret = 0; @@ -12534,7 +12787,7 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec, } #endif /* NO_FILESYSTEM */ -#endif /* defined(WOLFSSL_KEY_GEN) */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ECC_KEY_EXPORT */ /* * EC key print APIs @@ -13106,13 +13359,17 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) /* Check if we know which internal curve index to use. */ if (key->group->curve_idx < 0) { /* Generate key using the default curve. */ +#if FIPS_VERSION3_GE(6,0,0) + key->group->curve_idx = ECC_SECP256R1; /* FIPS default to 256 */ +#else key->group->curve_idx = ECC_CURVE_DEF; +#endif } /* Create a random number generator. */ rng = wolfssl_make_rng(tmpRng, &initTmpRng); if (rng == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG"); + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); res = 0; } } @@ -13120,11 +13377,30 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid * is 0 then pass ECC_CURVE_DEF as arg */ int eccEnum = key->group->curve_nid ? +#if FIPS_VERSION3_GE(6,0,0) + NIDToEccEnum(key->group->curve_nid) : ECC_SECP256R1; +#else NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF; +#endif /* Get the internal EC key. */ ecc_key* ecKey = (ecc_key*)key->internal; /* Make the key using internal API. */ - int ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum); + int ret = 0; + +#if FIPS_VERSION3_GE(6,0,0) + /* In the case of FIPS only allow key generation with approved curves */ + if (eccEnum != ECC_SECP256R1 && eccEnum != ECC_SECP224R1 && + eccEnum != ECC_SECP384R1 && eccEnum != ECC_SECP521R1) { + WOLFSSL_MSG("Unsupported curve selected in FIPS mode"); + res = 0; + } + if (res == 1) { +#endif + ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum); +#if FIPS_VERSION3_GE(6,0,0) + } +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) /* Wait on asynchronouse operation. */ ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE); @@ -13383,6 +13659,7 @@ WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig, int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) { word32 len = 0; + int update_p = 1; /* Validate parameter. */ if (sig != NULL) { @@ -13402,6 +13679,17 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) /* Add in the length of the SEQUENCE. */ len += (word32)1 + ASN_LEN_SIZE(len); + #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC + if ((pp != NULL) && (*pp == NULL)) { + *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (*pp != NULL) { + WOLFSSL_MSG("malloc error"); + return 0; + } + update_p = 0; + } + #endif + /* Encode only if there is a buffer to encode into. */ if ((pp != NULL) && (*pp != NULL)) { /* Encode using the internal representations of r and s. */ @@ -13410,7 +13698,7 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) /* No bytes encoded. */ len = 0; } - else { + else if (update_p) { /* Update pointer to after encoding. */ *pp += len; } @@ -13861,13 +14149,2312 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outLen, /* End ECDH */ -#endif /* OPENSSL_EXTRA */ - -#endif /* HAVE_ECC */ +#ifndef NO_WOLFSSL_STUB +const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_OpenSSL"); + + return NULL; +} + +WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new( + const WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_new"); + + (void)meth; + + return NULL; +} + +void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_free"); + + (void)meth; +} + +void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3, void* a4, void* a5, void* a6) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_init"); + + (void)meth; + (void)a1; + (void)a2; + (void)a3; + (void)a4; + (void)a5; + (void)a6; +} + +void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_sign"); + + (void)meth; + (void)a1; + (void)a2; + (void)a3; +} + +const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method( + const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_get_method"); + + (void)key; + + return NULL; +} + +int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_set_method"); + + (void)key; + (void)meth; + + return 0; +} + +#endif /* !NO_WOLFSSL_STUB */ + +#endif /* OPENSSL_EXTRA */ + +#endif /* HAVE_ECC */ /******************************************************************************* * END OF EC API ******************************************************************************/ +/******************************************************************************* + * START OF EC25519 API + ******************************************************************************/ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519) + +/* Generate an EC25519 key pair. + * + * Output keys are in little endian format. + * + * @param [out] priv EC25519 private key data. + * @param [in, out] privSz On in, the size of priv in bytes. + * On out, the length of the private key data in bytes. + * @param [out] pub EC25519 public key data. + * @param [in, out] pubSz On in, the size of pub in bytes. + * On out, the length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifdef WOLFSSL_KEY_GEN + int res = 1; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG *tmpRng = NULL; +#else + WC_RNG tmpRng[1]; +#endif + curve25519_key key; + + WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz == NULL) || (*privSz < CURVE25519_KEYSIZE) || + (pub == NULL) || (pubSz == NULL) || (*pubSz < CURVE25519_KEYSIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + if (res) { + /* Create a random number generator. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); + res = 0; + } + } + + /* Initialize a Curve25519 key. */ + if (res && (wc_curve25519_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve25519_init failed"); + res = 0; + } + if (res) { + /* Make a Curve25519 key pair. */ + int ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key); + if (ret != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_make_key failed"); + res = 0; + } + if (res) { + /* Export Curve25519 key pair to buffers. */ + ret = wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub, + pubSz, EC25519_LITTLE_ENDIAN); + if (ret != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed"); + res = 0; + } + } + + /* Dispose of key. */ + wc_curve25519_free(&key); + } + + if (initTmpRng) { + wc_FreeRng(rng); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + #endif + } + + return res; +#else + WOLFSSL_MSG("No Key Gen built in"); + + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* Compute a shared secret from private and public EC25519 keys. + * + * Input and output keys are in little endian format + * + * @param [out] shared Shared secret buffer. + * @param [in, out] sharedSz On in, the size of shared in bytes. + * On out, the length of the secret in bytes. + * @param [in] priv EC25519 private key data. + * @param [in] privSz Length of the private key data in bytes. + * @param [in] pub EC25519 public key data. + * @param [in] pubSz Length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, const unsigned char *pub, + unsigned int pubSz) +{ +#ifdef WOLFSSL_KEY_GEN + int res = 1; + curve25519_key privkey; + curve25519_key pubkey; + + WOLFSSL_ENTER("wolfSSL_EC25519_shared_key"); + + /* Validate parameters. */ + if ((shared == NULL) || (sharedSz == NULL) || + (*sharedSz < CURVE25519_KEYSIZE) || (priv == NULL) || + (privSz < CURVE25519_KEYSIZE) || (pub == NULL) || + (pubSz < CURVE25519_KEYSIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize private key object. */ + if (res && (wc_curve25519_init(&privkey) != 0)) { + WOLFSSL_MSG("wc_curve25519_init privkey failed"); + res = 0; + } + if (res) { + /* Initialize public key object. */ + if (wc_curve25519_init(&pubkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init pubkey failed"); + res = 0; + } + if (res) { + /* Import our private key. */ + int ret = wc_curve25519_import_private_ex(priv, privSz, &privkey, + EC25519_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve25519_import_private_ex failed"); + res = 0; + } + + if (res) { + /* Import peer's public key. */ + ret = wc_curve25519_import_public_ex(pub, pubSz, &pubkey, + EC25519_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve25519_import_public_ex failed"); + res = 0; + } + } + if (res) { + /* Compute shared secret. */ + ret = wc_curve25519_shared_secret_ex(&privkey, &pubkey, shared, + sharedSz, EC25519_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + res = 0; + } + } + + wc_curve25519_free(&pubkey); + } + wc_curve25519_free(&privkey); + } + + return res; +#else + WOLFSSL_MSG("No Key Gen built in"); + + (void)shared; + (void)sharedSz; + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN */ +} +#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */ + +/******************************************************************************* + * END OF EC25519 API + ******************************************************************************/ + +/******************************************************************************* + * START OF ED25519 API + ******************************************************************************/ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) +/* Generate an ED25519 key pair. + * + * Output keys are in little endian format. + * + * @param [out] priv ED25519 private key data. + * @param [in, out] privSz On in, the size of priv in bytes. + * On out, the length of the private key data in bytes. + * @param [out] pub ED25519 public key data. + * @param [in, out] pubSz On in, the size of pub in bytes. + * On out, the length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED25519_KEY_EXPORT) + int res = 1; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG *tmpRng = NULL; +#else + WC_RNG tmpRng[1]; +#endif + ed25519_key key; + + WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz == NULL) || + (*privSz < ED25519_PRV_KEY_SIZE) || (pub == NULL) || + (pubSz == NULL) || (*pubSz < ED25519_PUB_KEY_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + if (res) { + /* Create a random number generator. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); + res = 0; + } + } + + /* Initialize an Ed25519 key. */ + if (res && (wc_ed25519_init(&key) != 0)) { + WOLFSSL_MSG("wc_ed25519_init failed"); + res = 0; + } + if (res) { + /* Make an Ed25519 key pair. */ + int ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed25519_make_key failed"); + res = 0; + } + if (res) { + /* Export Curve25519 key pair to buffers. */ + ret = wc_ed25519_export_key(&key, priv, privSz, pub, pubSz); + if (ret != 0) { + WOLFSSL_MSG("wc_ed25519_export_key failed"); + res = 0; + } + } + + wc_ed25519_free(&key); + } + + if (initTmpRng) { + wc_FreeRng(rng); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + #endif + } + + return res; +#else +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); +#else + WOLFSSL_MSG("No ED25519 key export built in"); +#endif + + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ +} + +/* Sign a message with Ed25519 using the private key. + * + * Input and output keys are in little endian format. + * Priv is a buffer containing private and public part of key. + * + * @param [in] msg Message to be signed. + * @param [in] msgSz Length of message in bytes. + * @param [in] priv ED25519 private key data. + * @param [in] privSz Length in bytes of private key data. + * @param [out] sig Signature buffer. + * @param [in, out] sigSz On in, the length of the signature buffer in bytes. + * On out, the length of the signature in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, unsigned char *sig, + unsigned int *sigSz) +{ +#if defined(HAVE_ED25519_SIGN) && defined(WOLFSSL_KEY_GEN) && \ + defined(HAVE_ED25519_KEY_IMPORT) + ed25519_key key; + int res = 1; + + WOLFSSL_ENTER("wolfSSL_ED25519_sign"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz != ED25519_PRV_KEY_SIZE) || + (msg == NULL) || (sig == NULL) || (sigSz == NULL) || + (*sigSz < ED25519_SIG_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize Ed25519 key. */ + if (res && (wc_ed25519_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve25519_init failed"); + res = 0; + } + if (res) { + /* Import private and public key. */ + int ret = wc_ed25519_import_private_key(priv, privSz / 2, + priv + (privSz / 2), ED25519_PUB_KEY_SIZE, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed25519_import_private failed"); + res = 0; + } + + if (res) { + /* Sign message with Ed25519. */ + ret = wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + res = 0; + } + } + + wc_ed25519_free(&key); + } + + return res; +#else +#if !defined(HAVE_ED25519_SIGN) + WOLFSSL_MSG("No ED25519 sign built in"); +#elif !defined(WOLFSSL_KEY_GEN) + WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED25519_KEY_IMPORT) + WOLFSSL_MSG("No ED25519 Key import built in"); +#endif + + (void)msg; + (void)msgSz; + (void)priv; + (void)privSz; + (void)sig; + (void)sigSz; + + return 0; +#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ +} + +/* Verify a message with Ed25519 using the public key. + * + * Input keys are in little endian format. + * + * @param [in] msg Message to be verified. + * @param [in] msgSz Length of message in bytes. + * @param [in] pub ED25519 public key data. + * @param [in] privSz Length in bytes of public key data. + * @param [in] sig Signature buffer. + * @param [in] sigSz Length of the signature in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, const unsigned char *sig, + unsigned int sigSz) +{ +#if defined(HAVE_ED25519_VERIFY) && defined(WOLFSSL_KEY_GEN) && \ + defined(HAVE_ED25519_KEY_IMPORT) + ed25519_key key; + int res = 1; + + WOLFSSL_ENTER("wolfSSL_ED25519_verify"); + + /* Validate parameters. */ + if ((pub == NULL) || (pubSz != ED25519_PUB_KEY_SIZE) || (msg == NULL) || + (sig == NULL) || (sigSz != ED25519_SIG_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize Ed25519 key. */ + if (res && (wc_ed25519_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve25519_init failed"); + res = 0; + } + if (res) { + /* Import public key. */ + int ret = wc_ed25519_import_public(pub, pubSz, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed25519_import_public failed"); + res = 0; + } + + if (res) { + int check = 0; + + /* Verify signature with message and public key. */ + ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz, &check, + &key); + /* Check for errors in verification process. */ + if (ret != 0) { + WOLFSSL_MSG("wc_ed25519_verify_msg failed"); + res = 0; + } + /* Check signature is valid. */ + else if (!check) { + WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)"); + res = 0; + } + } + + wc_ed25519_free(&key); + } + + return res; +#else +#if !defined(HAVE_ED25519_VERIFY) + WOLFSSL_MSG("No ED25519 verify built in"); +#elif !defined(WOLFSSL_KEY_GEN) + WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED25519_KEY_IMPORT) + WOLFSSL_MSG("No ED25519 Key import built in"); +#endif + + (void)msg; + (void)msgSz; + (void)pub; + (void)pubSz; + (void)sig; + (void)sigSz; + + return 0; +#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ +} + +#endif /* OPENSSL_EXTRA && HAVE_ED25519 */ + +/******************************************************************************* + * END OF ED25519 API + ******************************************************************************/ + +/******************************************************************************* + * START OF EC448 API + ******************************************************************************/ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448) +/* Generate an EC448 key pair. + * + * Output keys are in little endian format. + * + * @param [out] priv EC448 private key data. + * @param [in, out] privSz On in, the size of priv in bytes. + * On out, the length of the private key data in bytes. + * @param [out] pub EC448 public key data. + * @param [in, out] pubSz On in, the size of pub in bytes. + * On out, the length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifdef WOLFSSL_KEY_GEN + int res = 1; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG *tmpRng = NULL; +#else + WC_RNG tmpRng[1]; +#endif + curve448_key key; + + WOLFSSL_ENTER("wolfSSL_EC448_generate_key"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz == NULL) || (*privSz < CURVE448_KEY_SIZE) || + (pub == NULL) || (pubSz == NULL) || (*pubSz < CURVE448_KEY_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + if (res) { + /* Create a random number generator. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); + res = 0; + } + } + + /* Initialize a Curve448 key. */ + if (res && (wc_curve448_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve448_init failed"); + res = 0; + } + if (res) { + /* Make a Curve448 key pair. */ + int ret = wc_curve448_make_key(rng, CURVE448_KEY_SIZE, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_make_key failed"); + res = 0; + } + if (res) { + /* Export Curve448 key pair to buffers. */ + ret = wc_curve448_export_key_raw_ex(&key, priv, privSz, pub, pubSz, + EC448_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_export_key_raw_ex failed"); + res = 0; + } + } + + /* Dispose of key. */ + wc_curve448_free(&key); + } + + if (initTmpRng) { + wc_FreeRng(rng); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + #endif + } + + return res; +#else + WOLFSSL_MSG("No Key Gen built in"); + + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* Compute a shared secret from private and public EC448 keys. + * + * Input and output keys are in little endian format + * + * @param [out] shared Shared secret buffer. + * @param [in, out] sharedSz On in, the size of shared in bytes. + * On out, the length of the secret in bytes. + * @param [in] priv EC448 private key data. + * @param [in] privSz Length of the private key data in bytes. + * @param [in] pub EC448 public key data. + * @param [in] pubSz Length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz) +{ +#ifdef WOLFSSL_KEY_GEN + int res = 1; + curve448_key privkey; + curve448_key pubkey; + + WOLFSSL_ENTER("wolfSSL_EC448_shared_key"); + + /* Validate parameters. */ + if ((shared == NULL) || (sharedSz == NULL) || + (*sharedSz < CURVE448_KEY_SIZE) || (priv == NULL) || + (privSz < CURVE448_KEY_SIZE) || (pub == NULL) || + (pubSz < CURVE448_KEY_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize private key object. */ + if (res && (wc_curve448_init(&privkey) != 0)) { + WOLFSSL_MSG("wc_curve448_init privkey failed"); + res = 0; + } + if (res) { + /* Initialize public key object. */ + if (wc_curve448_init(&pubkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve448_init pubkey failed"); + res = 0; + } + if (res) { + /* Import our private key. */ + int ret = wc_curve448_import_private_ex(priv, privSz, &privkey, + EC448_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_import_private_ex failed"); + res = 0; + } + + if (res) { + /* Import peer's public key. */ + ret = wc_curve448_import_public_ex(pub, pubSz, &pubkey, + EC448_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_import_public_ex failed"); + res = 0; + } + } + if (res) { + /* Compute shared secret. */ + ret = wc_curve448_shared_secret_ex(&privkey, &pubkey, shared, + sharedSz, EC448_LITTLE_ENDIAN); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_shared_secret_ex failed"); + res = 0; + } + } + + wc_curve448_free(&pubkey); + } + wc_curve448_free(&privkey); + } + + return res; +#else + WOLFSSL_MSG("No Key Gen built in"); + + (void)shared; + (void)sharedSz; + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN */ +} +#endif /* OPENSSL_EXTRA && HAVE_CURVE448 */ + +/******************************************************************************* + * END OF EC448 API + ******************************************************************************/ + +/******************************************************************************* + * START OF ED448 API + ******************************************************************************/ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448) +/* Generate an ED448 key pair. + * + * Output keys are in little endian format. + * + * @param [out] priv ED448 private key data. + * @param [in, out] privSz On in, the size of priv in bytes. + * On out, the length of the private key data in bytes. + * @param [out] pub ED448 public key data. + * @param [in, out] pubSz On in, the size of pub in bytes. + * On out, the length of the public key data in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED448_KEY_EXPORT) + int res = 1; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG *tmpRng = NULL; +#else + WC_RNG tmpRng[1]; +#endif + ed448_key key; + + WOLFSSL_ENTER("wolfSSL_ED448_generate_key"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz == NULL) || + (*privSz < ED448_PRV_KEY_SIZE) || (pub == NULL) || + (pubSz == NULL) || (*pubSz < ED448_PUB_KEY_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + if (res) { + /* Create a random number generator. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); + res = 0; + } + } + + /* Initialize an Ed448 key. */ + if (res && (wc_ed448_init(&key) != 0)) { + WOLFSSL_MSG("wc_ed448_init failed"); + res = 0; + } + if (res) { + /* Make an Ed448 key pair. */ + int ret = wc_ed448_make_key(rng, ED448_KEY_SIZE, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed448_make_key failed"); + res = 0; + } + if (res) { + /* Export Curve448 key pair to buffers. */ + ret = wc_ed448_export_key(&key, priv, privSz, pub, pubSz); + if (ret != 0) { + WOLFSSL_MSG("wc_ed448_export_key failed"); + res = 0; + } + } + + wc_ed448_free(&key); + } + + if (initTmpRng) { + wc_FreeRng(rng); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + #endif + } + + return res; +#else +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); +#else + WOLFSSL_MSG("No ED448 key export built in"); +#endif + + (void)priv; + (void)privSz; + (void)pub; + (void)pubSz; + + return 0; +#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ +} + +/* Sign a message with Ed448 using the private key. + * + * Input and output keys are in little endian format. + * Priv is a buffer containing private and public part of key. + * + * @param [in] msg Message to be signed. + * @param [in] msgSz Length of message in bytes. + * @param [in] priv ED448 private key data. + * @param [in] privSz Length in bytes of private key data. + * @param [out] sig Signature buffer. + * @param [in, out] sigSz On in, the length of the signature buffer in bytes. + * On out, the length of the signature in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, unsigned char *sig, + unsigned int *sigSz) +{ +#if defined(HAVE_ED448_SIGN) && defined(WOLFSSL_KEY_GEN) && \ + defined(HAVE_ED448_KEY_IMPORT) + ed448_key key; + int res = 1; + + WOLFSSL_ENTER("wolfSSL_ED448_sign"); + + /* Validate parameters. */ + if ((priv == NULL) || (privSz != ED448_PRV_KEY_SIZE) || + (msg == NULL) || (sig == NULL) || (sigSz == NULL) || + (*sigSz < ED448_SIG_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize Ed448 key. */ + if (res && (wc_ed448_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve448_init failed"); + res = 0; + } + if (res) { + /* Import private and public key. */ + int ret = wc_ed448_import_private_key(priv, privSz / 2, + priv + (privSz / 2), ED448_PUB_KEY_SIZE, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed448_import_private failed"); + res = 0; + } + + if (res) { + /* Sign message with Ed448 - no context. */ + ret = wc_ed448_sign_msg(msg, msgSz, sig, sigSz, &key, NULL, 0); + if (ret != 0) { + WOLFSSL_MSG("wc_curve448_shared_secret_ex failed"); + res = 0; + } + } + + wc_ed448_free(&key); + } + + return res; +#else +#if !defined(HAVE_ED448_SIGN) + WOLFSSL_MSG("No ED448 sign built in"); +#elif !defined(WOLFSSL_KEY_GEN) + WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED448_KEY_IMPORT) + WOLFSSL_MSG("No ED448 Key import built in"); +#endif + + (void)msg; + (void)msgSz; + (void)priv; + (void)privSz; + (void)sig; + (void)sigSz; + + return 0; +#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ +} + +/* Verify a message with Ed448 using the public key. + * + * Input keys are in little endian format. + * + * @param [in] msg Message to be verified. + * @param [in] msgSz Length of message in bytes. + * @param [in] pub ED448 public key data. + * @param [in] privSz Length in bytes of public key data. + * @param [in] sig Signature buffer. + * @param [in] sigSz Length of the signature in bytes. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, const unsigned char *sig, + unsigned int sigSz) +{ +#if defined(HAVE_ED448_VERIFY) && defined(WOLFSSL_KEY_GEN) && \ + defined(HAVE_ED448_KEY_IMPORT) + ed448_key key; + int res = 1; + + WOLFSSL_ENTER("wolfSSL_ED448_verify"); + + /* Validate parameters. */ + if ((pub == NULL) || (pubSz != ED448_PUB_KEY_SIZE) || (msg == NULL) || + (sig == NULL) || (sigSz != ED448_SIG_SIZE)) { + WOLFSSL_MSG("Bad arguments"); + res = 0; + } + + /* Initialize Ed448 key. */ + if (res && (wc_ed448_init(&key) != 0)) { + WOLFSSL_MSG("wc_curve448_init failed"); + res = 0; + } + if (res) { + /* Import public key. */ + int ret = wc_ed448_import_public(pub, pubSz, &key); + if (ret != 0) { + WOLFSSL_MSG("wc_ed448_import_public failed"); + res = 0; + } + + if (res) { + int check = 0; + + /* Verify signature with message and public key - no context. */ + ret = wc_ed448_verify_msg((byte*)sig, sigSz, msg, msgSz, &check, + &key, NULL, 0); + /* Check for errors in verification process. */ + if (ret != 0) { + WOLFSSL_MSG("wc_ed448_verify_msg failed"); + res = 0; + } + /* Check signature is valid. */ + else if (!check) { + WOLFSSL_MSG("wc_ed448_verify_msg failed (signature invalid)"); + res = 0; + } + } + + wc_ed448_free(&key); + } + + return res; +#else +#if !defined(HAVE_ED448_VERIFY) + WOLFSSL_MSG("No ED448 verify built in"); +#elif !defined(WOLFSSL_KEY_GEN) + WOLFSSL_MSG("No Key Gen built in"); +#elif !defined(HAVE_ED448_KEY_IMPORT) + WOLFSSL_MSG("No ED448 Key import built in"); +#endif + + (void)msg; + (void)msgSz; + (void)pub; + (void)pubSz; + (void)sig; + (void)sigSz; + + return 0; +#endif /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ +} +#endif /* OPENSSL_EXTRA && HAVE_ED448 */ + +/******************************************************************************* + * END OF ED448 API + ******************************************************************************/ + +/******************************************************************************* + * START OF GENERIC PUBLIC KEY PEM APIs + ******************************************************************************/ + +#ifdef OPENSSL_EXTRA +/* Sets default callback password for PEM. + * + * @param [out] buf Buffer to hold password. + * @param [in] num Number of characters in buffer. + * @param [in] rwFlag Read/write flag. Ignored. + * @param [in] userData User data - assumed to be default password. + * @return Password size on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_def_callback(char* buf, int num, int rwFlag, void* userData) +{ + int sz = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_def_callback"); + + (void)rwFlag; + + /* We assume that the user passes a default password as userdata */ + if ((buf != NULL) && (userData != NULL)) { + sz = (int)XSTRLEN((const char*)userData); + sz = (int)min((word32)sz, (word32)num); + XMEMCPY(buf, userData, sz); + } + else { + WOLFSSL_MSG("Error, default password cannot be created."); + } + + return sz; +} + +#ifndef NO_BIO +/* Writes a public key to a WOLFSSL_BIO encoded in PEM format. + * + * @param [in] bio BIO to write to. + * @param [in] key Public key to write in PEM format. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY"); + + if ((bio != NULL) && (key != NULL)) { + switch (key->type) { +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + case EVP_PKEY_RSA: + ret = wolfSSL_PEM_write_bio_RSA_PUBKEY(bio, key->rsa); + break; +#endif /* WOLFSSL_KEY_GEN && !NO_RSA */ +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + case EVP_PKEY_DSA: + ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa); + break; +#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ + defined(WOLFSSL_KEY_GEN) + case EVP_PKEY_EC: + ret = wolfSSL_PEM_write_bio_EC_PUBKEY(bio, key->ecc); + break; +#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case EVP_PKEY_DH: + /* DH public key not supported. */ + WOLFSSL_MSG("Writing DH PUBKEY not supported!"); + break; +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + default: + /* Key type not supported. */ + WOLFSSL_MSG("Unknown Key type!"); + break; + } + } + + return ret; +} + +/* Writes a private key to a WOLFSSL_BIO encoded in PEM format. + * + * @param [in] bio BIO to write to. + * @param [in] key Public key to write in PEM format. + * @param [in] cipher Encryption cipher to use. + * @param [in] passwd Password to use when encrypting. + * @param [in] len Length of password. + * @param [in] cb Password callback. + * @param [in] arg Password callback argument. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, + wc_pem_password_cb* cb, void* arg) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); + + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; + + /* Validate parameters. */ + if ((bio == NULL) || (key == NULL)) { + WOLFSSL_MSG("Bad Function Arguments"); + ret = 0; + } + + if (ret == 1) { + #ifdef WOLFSSL_KEY_GEN + switch (key->type) { + #ifndef NO_RSA + case EVP_PKEY_RSA: + /* Write using RSA specific API. */ + ret = wolfSSL_PEM_write_bio_RSAPrivateKey(bio, key->rsa, + cipher, passwd, len, cb, arg); + break; + #endif + #ifndef NO_DSA + case EVP_PKEY_DSA: + /* Write using DSA specific API. */ + ret = wolfSSL_PEM_write_bio_DSAPrivateKey(bio, key->dsa, + cipher, passwd, len, cb, arg); + break; + #endif + #ifdef HAVE_ECC + case EVP_PKEY_EC: + #if defined(HAVE_ECC_KEY_EXPORT) + /* Write using EC specific API. */ + ret = wolfSSL_PEM_write_bio_ECPrivateKey(bio, key->ecc, + cipher, passwd, len, cb, arg); + #else + ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr, + key->pkey_sz, bio, EC_PRIVATEKEY_TYPE); + #endif + break; + #endif + #ifndef NO_DH + case EVP_PKEY_DH: + /* Write using generic API with DH type. */ + ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr, + key->pkey_sz, bio, DH_PRIVATEKEY_TYPE); + break; + #endif + default: + WOLFSSL_MSG("Unknown Key type!"); + ret = 0; + break; + } + #else + int type = 0; + + switch (key->type) { + #ifndef NO_DSA + case EVP_PKEY_DSA: + type = DSA_PRIVATEKEY_TYPE; + break; + #endif + #ifdef HAVE_ECC + case EVP_PKEY_EC: + type = ECC_PRIVATEKEY_TYPE; + break; + #endif + #ifndef NO_DH + case EVP_PKEY_DH: + type = DH_PRIVATEKEY_TYPE; + break; + #endif + #ifndef NO_RSA + case EVP_PKEY_RSA: + type = PRIVATEKEY_TYPE; + break; + #endif + default: + ret = 0; + break; + } + if (ret == 1) { + /* Write using generic API with generic type. */ + ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr, key->pkey_sz, + bio, type); + } + #endif + } + + return ret; +} +#endif /* !NO_BIO */ + +#ifndef NO_BIO +/* Create a private key object from the data in the BIO. + * + * @param [in] bio BIO to read from. + * @param [in, out] key Public key object. Object used if passed in. + * @param [in] cb Password callback. + * @param [in] arg Password callback argument. + * @return A WOLFSSL_EVP_PKEY object on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY **key, wc_pem_password_cb *cb, void *arg) +{ + int err = 0; + WOLFSSL_EVP_PKEY* pkey = NULL; + DerBuffer* der = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY"); + + if (bio == NULL) { + err = 1; + } + + /* Read the PEM public key from the BIO and convert to DER. */ + if ((!err) && (pem_read_bio_key(bio, cb, arg, PUBLICKEY_TYPE, NULL, + &der) < 0)) { + err = 1; + } + + if (!err) { + const unsigned char* ptr = der->buffer; + + /* Use key passed in if set. */ + if ((key != NULL) && (*key != NULL)) { + pkey = *key; + } + + /* Convert DER data to a public key object. */ + if (wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) { + WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); + pkey = NULL; + err = 1; + } + } + + /* Return the key if possible. */ + if ((!err) && (key != NULL) && (pkey != NULL)) { + *key = pkey; + } + /* Dispose of the DER encoding. */ + FreeDer(&der); + + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0); + + return pkey; +} + +/* Create a private key object from the data in the BIO. + * + * @param [in] bio BIO to read from. + * @param [in, out] key Private key object. Object used if passed in. + * @param [in] cb Password callback. + * @param [in] arg Password callback argument. + * @return A WOLFSSL_EVP_PKEY object on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* arg) +{ + int err = 0; + WOLFSSL_EVP_PKEY* pkey = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); + + /* Validate parameters. */ + if (bio == NULL) { + err = 1; + } + + /* Read the PEM private key from the BIO and convert to DER. */ + if ((!err) && (pem_read_bio_key(bio, cb, arg, PRIVATEKEY_TYPE, &keyFormat, + &der) < 0)) { + err = 1; + } + + if (!err) { + const unsigned char* ptr = der->buffer; + int type = -1; + + /* Set key type based on format returned. */ + switch (keyFormat) { + /* No key format set - default to RSA. */ + case 0: + case RSAk: + type = EVP_PKEY_RSA; + break; + case DSAk: + type = EVP_PKEY_DSA; + break; + case ECDSAk: + type = EVP_PKEY_EC; + break; + case DHk: + type = EVP_PKEY_DH; + break; + default: + break; + } + + /* Use key passed in if set. */ + if ((key != NULL) && (*key != NULL)) { + pkey = *key; + } + + /* Convert DER data to a private key object. */ + if (wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length) == NULL) { + WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); + pkey = NULL; + err = 1; + } + } + + /* Return the key if possible. */ + if ((!err) && (key != NULL) && (pkey != NULL)) { + *key = pkey; + } + /* Dispose of the DER encoding. */ + FreeDer(&der); + + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", err); + + return pkey; +} +#endif /* !NO_BIO */ + +#if !defined(NO_FILESYSTEM) +/* Create a private key object from the data in a file. + * + * @param [in] fp File pointer. + * @param [in, out] key Public key object. Object used if passed in. + * @param [in] cb Password callback. + * @param [in] arg Password callback argument. + * @return A WOLFSSL_EVP_PKEY object on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **key, + wc_pem_password_cb *cb, void *arg) +{ + int err = 0; + WOLFSSL_EVP_PKEY* pkey = NULL; + DerBuffer* der = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_read_PUBKEY"); + + /* Validate parameters. */ + if (fp == XBADFILE) { + err = 1; + } + + /* Read the PEM public key from the file and convert to DER. */ + if ((!err) && ((pem_read_file_key(fp, cb, arg, PUBLICKEY_TYPE, NULL, + &der) < 0) || (der == NULL))) { + err = 1; + } + if (!err) { + const unsigned char* ptr = der->buffer; + + /* Use key passed in if set. */ + if ((key != NULL) && (*key != NULL)) { + pkey = *key; + } + + /* Convert DER data to a public key object. */ + if (wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) { + WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); + pkey = NULL; + err = 1; + } + } + + /* Return the key if possible. */ + if ((!err) && (key != NULL) && (pkey != NULL)) { + *key = pkey; + } + /* Dispose of the DER encoding. */ + FreeDer(&der); + + WOLFSSL_LEAVE("wolfSSL_PEM_read_PUBKEY", 0); + + return pkey; +} + +#ifndef NO_CERTS +/* Create a private key object from the data in a file. + * + * @param [in] fp File pointer. + * @param [in, out] key Private key object. Object used if passed in. + * @param [in] cb Password callback. + * @param [in] arg Password callback argument. + * @return A WOLFSSL_EVP_PKEY object on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, + wc_pem_password_cb *cb, void *arg) +{ + int err = 0; + WOLFSSL_EVP_PKEY* pkey = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey"); + + /* Validate parameters. */ + if (fp == XBADFILE) { + err = 1; + } + + /* Read the PEM private key from the file and convert to DER. */ + if ((!err) && (pem_read_file_key(fp, cb, arg, PRIVATEKEY_TYPE, &keyFormat, + &der)) < 0) { + err = 1; + } + + if (!err) { + const unsigned char* ptr = der->buffer; + int type = -1; + + /* Set key type based on format returned. */ + switch (keyFormat) { + /* No key format set - default to RSA. */ + case 0: + case RSAk: + type = EVP_PKEY_RSA; + break; + case DSAk: + type = EVP_PKEY_DSA; + break; + case ECDSAk: + type = EVP_PKEY_EC; + break; + case DHk: + type = EVP_PKEY_DH; + break; + default: + break; + } + + /* Use key passed in if set. */ + if ((key != NULL) && (*key != NULL)) { + pkey = *key; + } + + /* Convert DER data to a private key object. */ + if (wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length) == NULL) { + WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); + pkey = NULL; + err = 1; + } + } + + /* Return the key if possible. */ + if ((!err) && (key != NULL) && (pkey != NULL)) { + *key = pkey; + } + /* Dispose of the DER encoding. */ + FreeDer(&der); + + WOLFSSL_LEAVE("wolfSSL_PEM_read_PrivateKey", 0); + + return pkey; +} +#endif /* !NO_CERTS */ +#endif /* !NO_FILESYSTEM */ + +#ifndef NO_CERTS + +#if !defined(NO_BIO) || !defined(NO_FILESYSTEM) +#define PEM_BEGIN "-----BEGIN " +#define PEM_BEGIN_SZ 11 +#define PEM_END "-----END " +#define PEM_END_SZ 9 +#define PEM_HDR_FIN "-----" +#define PEM_HDR_FIN_SZ 5 +#define PEM_HDR_FIN_EOL_NEWLINE "-----\n" +#define PEM_HDR_FIN_EOL_NULL_TERM "-----\0" +#define PEM_HDR_FIN_EOL_SZ 6 + +/* Find strings and return middle offsets. + * + * Find first string in pem as a prefix and then locate second string as a + * postfix. + * len returning with 0 indicates not found. + * + * @param [in] pem PEM data. + * @param [in] pemLen Length of PEM data. + * @param [in] idx Current index. + * @param [in] prefix First string to find. + * @param [in] postfix Second string to find after first. + * @param [out] start Start index of data between strings. + * @param [out] len Length of data between strings. + */ +static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix, + const char* postfix, int* start, int* len) +{ + int prefixLen = (int)XSTRLEN(prefix); + int postfixLen = (int)XSTRLEN(postfix); + + *start = *len = 0; + /* Find prefix part. */ + for (; idx < pemLen - prefixLen; idx++) { + if ((pem[idx] == prefix[0]) && + (XMEMCMP(pem + idx, prefix, prefixLen) == 0)) { + idx += prefixLen; + *start = idx; + break; + } + } + /* Find postfix part. */ + for (; idx < pemLen - postfixLen; idx++) { + if ((pem[idx] == postfix[0]) && + (XMEMCMP(pem + idx, postfix, postfixLen) == 0)) { + *len = idx - *start; + break; + } + } +} + +/* Parse out content type name, any encryption headers and DER encoding. + * + * @param [in] pem PEM data. + * @param [in] pemLen Length of PEM data. + * @param [out] name Name of content type. + * @param [out] header Encryption headers. + * @param [out] data DER encoding from PEM. + * @param [out] len Length of DER data. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return ASN_NO_PEM_HEADER when no header found or different names found. + */ +static int pem_read_data(char* pem, int pemLen, char **name, char **header, + unsigned char **data, long *len) +{ + int ret = 0; + int start; + int nameLen; + int startHdr = 0; + int hdrLen = 0; + int startEnd = 0; + int endLen; + + *name = NULL; + *header = NULL; + + /* Find header. */ + pem_find_pattern(pem, pemLen, 0, PEM_BEGIN, PEM_HDR_FIN, &start, &nameLen); + /* Allocate memory for header name. */ + *name = (char*)XMALLOC(nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*name == NULL) { + ret = MEMORY_E; + } + if (ret == 0) { + /* Put in header name. */ + (*name)[nameLen] = '\0'; + if (nameLen == 0) { + ret = ASN_NO_PEM_HEADER; + } + else { + XMEMCPY(*name, pem + start, nameLen); + } + } + if (ret == 0) { + /* Find encryption headers after header. */ + start += nameLen + PEM_HDR_FIN_SZ; + pem_find_pattern(pem, pemLen, start, "\n", "\n\n", &startHdr, &hdrLen); + if (hdrLen > 0) { + /* Include first of two '\n' characters. */ + hdrLen++; + } + /* Allocate memory for encryption header string. */ + *header = (char*)XMALLOC(hdrLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*header == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + /* Put in encryption header string. */ + (*header)[hdrLen] = '\0'; + if (hdrLen > 0) { + XMEMCPY(*header, pem + startHdr, hdrLen); + start = startHdr + hdrLen + 1; + } + + /* Find footer. */ + pem_find_pattern(pem, pemLen, start, PEM_END, PEM_HDR_FIN, &startEnd, + &endLen); + /* Validate header name and footer name are the same. */ + if ((endLen != nameLen) || + (XMEMCMP(*name, pem + startEnd, nameLen) != 0)) { + ret = ASN_NO_PEM_HEADER; + } + } + if (ret == 0) { + unsigned char* der = (unsigned char*)pem; + word32 derLen; + + /* Convert PEM body to DER. */ + derLen = (word32)(startEnd - PEM_END_SZ - start); + ret = Base64_Decode(der + start, derLen, der, &derLen); + if (ret == 0) { + /* Return the DER data. */ + *data = der; + *len = derLen; + } + } + + return ret; +} + +/* Encode the DER data in PEM format into a newly allocated buffer. + * + * @param [in] name Header/footer name. + * @param [in] header Encryption header. + * @param [in] data DER data. + * @param [in] len Length of DER data. + * @param [out] pemOut PEM encoded data. + * @param [out] pemOutLen Length of PEM encoded data. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int pem_write_data(const char *name, const char *header, + const unsigned char *data, long len, char** pemOut, word32* pemOutLen) +{ + int ret = 0; + int nameLen; + int headerLen; + char* pem = NULL; + word32 pemLen; + word32 derLen = (word32)len; + byte* p; + + nameLen = (int)XSTRLEN(name); + headerLen = (int)XSTRLEN(header); + + /* DER encode for PEM. */ + pemLen = (derLen + 2) / 3 * 4; + pemLen += (pemLen + 63) / 64; + /* Header */ + pemLen += PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + if (headerLen > 0) { + /* Encryption lines plus extra carriage return. */ + pemLen += headerLen + 1; + } + /* Trailer */ + pemLen += PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + + pem = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ret = MEMORY_E; + } + p = (byte*)pem; + + if (ret == 0) { + /* Add header. */ + XMEMCPY(p, PEM_BEGIN, PEM_BEGIN_SZ); + p += PEM_BEGIN_SZ; + XMEMCPY(p, name, nameLen); + p += nameLen; + XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); + p += PEM_HDR_FIN_EOL_SZ; + + if (headerLen > 0) { + /* Add encryption header. */ + XMEMCPY(p, header, headerLen); + p += headerLen; + /* Blank line after a header and before body. */ + *(p++) = '\n'; + } + + /* Add DER data as PEM. */ + pemLen -= (word32)((size_t)p - (size_t)pem); + ret = Base64_Encode(data, derLen, p, &pemLen); + } + if (ret == 0) { + p += pemLen; + + /* Add trailer. */ + XMEMCPY(p, PEM_END, PEM_END_SZ); + p += PEM_END_SZ; + XMEMCPY(p, name, nameLen); + p += nameLen; + XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); + p += PEM_HDR_FIN_EOL_SZ; + + /* Return buffer and length of data. */ + *pemOut = pem; + *pemOutLen = (word32)((size_t)p - (size_t)pem); + } + + return ret; +} +#endif /* !NO_BIO || !NO_FILESYSTEM */ + +#ifndef NO_BIO +/* Read PEM encoded data from a BIO. + * + * Reads the entire contents in. + * + * @param [in] bio BIO to read from. + * @param [out] name Name of content type. + * @param [out] header Encryption headers. + * @param [out] data DER encoding from PEM. + * @param [out] len Length of DER data. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, + unsigned char **data, long *len) +{ + int res = 1; + char* pem = NULL; + int pemLen = 0; + int memAlloced = 1; + + /* Validate parameters. */ + if ((bio == NULL) || (name == NULL) || (header == NULL) || (data == NULL) || + (len == NULL)) { + res = 0; + } + + /* Load all the data from the BIO. */ + if ((res == 1) && (wolfssl_read_bio(bio, &pem, &pemLen, &memAlloced) != + 0)) { + res = 0; + } + if ((res == 1) && (!memAlloced)) { + /* Need to return allocated memory - make sure it is allocated. */ + char* p = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) { + res = 0; + } + else { + /* Copy the data into new buffer. */ + XMEMCPY(p, pem, pemLen); + pem = p; + } + } + + /* Read the PEM data. */ + if ((res == 1) && (pem_read_data(pem, pemLen, name, header, data, len) != + 0)) { + /* Dispose of any allocated memory. */ + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(*name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(*header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *name = NULL; + *header = NULL; + res = 0; + } + + return res; +} + +/* Encode the DER data in PEM format into a BIO. + * + * @param [in] bio BIO to write to. + * @param [in] name Header/footer name. + * @param [in] header Encryption header. + * @param [in] data DER data. + * @param [in] len Length of DER data. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, + const char *header, const unsigned char *data, long len) +{ + int err = 0; + char* pem = NULL; + word32 pemLen = 0; + + /* Validate parameters. */ + if ((bio == NULL) || (name == NULL) || (header == NULL) || (data == NULL)) { + err = BAD_FUNC_ARG; + } + + /* Encode into a buffer. */ + if (!err) { + err = pem_write_data(name, header, data, len, &pem, &pemLen); + } + + /* Write PEM into BIO. */ + if ((!err) && (wolfSSL_BIO_write(bio, pem, (int)pemLen) != (int)pemLen)) { + err = IO_FAILED_E; + } + + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return (!err) ? pemLen : 0; +} +#endif /* !NO_BIO */ + +#if !defined(NO_FILESYSTEM) +/* Read PEM encoded data from a file. + * + * Reads the entire contents in. + * + * @param [in] bio BIO to read from. + * @param [out] name Name of content type. + * @param [out] header Encryption headers. + * @param [out] data DER encoding from PEM. + * @param [out] len Length of DER data. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_read(XFILE fp, char **name, char **header, unsigned char **data, + long *len) +{ + int res = 1; + char* pem = NULL; + int pemLen = 0; + + /* Validate parameters. */ + if ((fp == XBADFILE) || (name == NULL) || (header == NULL) || + (data == NULL) || (len == NULL)) { + res = 0; + } + + /* Load all the data from the file. */ + if ((res == 1) && (wolfssl_read_file(fp, &pem, &pemLen) != 0)) { + res = 0; + } + + /* Read the PEM data. */ + if ((res == 1) && (pem_read_data(pem, pemLen, name, header, data, len) != + 0)) { + /* Dispose of any allocated memory. */ + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(*name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(*header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *name = NULL; + *header = NULL; + res = 0; + } + + return res; +} + +/* Encode the DER data in PEM format into a file. + * + * @param [in] fp File pointer to write to. + * @param [in] name Header/footer name. + * @param [in] header Encryption header. + * @param [in] data DER data. + * @param [in] len Length of DER data. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, + const unsigned char *data, long len) +{ + int err = 0; + char* pem = NULL; + word32 pemLen = 0; + + /* Validate parameters. */ + if ((fp == XBADFILE) || (name == NULL) || (header == NULL) || + (data == NULL)) { + err = 1; + } + + /* Encode into a buffer. */ + if ((!err) && (pem_write_data(name, header, data, len, &pem, &pemLen) != + 0)) { + pemLen = 0; + err = 1; + } + + /* Write PEM to a file. */ + if ((!err) && (XFWRITE(pem, 1, pemLen, fp) != pemLen)) { + pemLen = 0; + } + + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return (int)pemLen; +} +#endif + +/* Get EVP cipher info from encryption header string. + * + * @param [in] header Encryption header. + * @param [out] cipher EVP Cipher info. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header, EncryptedInfo* cipher) +{ + int res = 1; + + /* Validate parameters. */ + if ((header == NULL) || (cipher == NULL)) { + res = 0; + } + + if (res == 1) { + XMEMSET(cipher, 0, sizeof(*cipher)); + + if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0) { + res = 0; + } + } + + return res; +} + +/* Apply cipher to DER data. + * + * @param [in] cipher EVP cipher info. + * @param [in, out] data On in, encrypted DER data. + * On out, unencrypted DER data. + * @param [in, out] len On in, length of encrypted DER data. + * On out, length of unencrypted DER data. + * @param [in] cb Password callback. + * @param [in] ctx Context for password callback. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, + wc_pem_password_cb* cb, void* ctx) +{ + int ret = 1; + char password[NAME_SZ]; + int passwordSz = 0; + + /* Validate parameters. */ + if ((cipher == NULL) || (data == NULL) || (len == NULL) || (cb == NULL)) { + ret = 0; + } + + if (ret == 1) { + /* Get password and length. */ + passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); + if (passwordSz < 0) { + ret = 0; + } + } + + if (ret == 1) { + /* Decrypt the data using password and MD5. */ + if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password, + passwordSz, WC_MD5) != 0) { + ret = WOLFSSL_FAILURE; + } + } + + if (passwordSz > 0) { + /* Ensure password is erased from memory. */ + ForceZero(password, (word32)passwordSz); + } + + return ret; +} + +#endif /* !NO_CERTS */ +#endif /* OPENSSL_EXTRA */ + +#ifdef OPENSSL_ALL +#if !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + +#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM)) +/* Encrypt the key into a buffer using PKCS$8 and a password. + * + * @param [in] pkey Private key to encrypt. + * @param [in] enc EVP cipher. + * @param [in] passwd Password to encrypt with. + * @param [in] passwdSz Number of bytes in password. + * @param [in] key Buffer to hold encrypted key. + * @param [in, out] keySz On in, size of buffer in bytes. + * On out, size of encrypted key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when EVP cipher not supported. + */ +static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, + word32* keySz) +{ + int ret; + WC_RNG rng; + + /* Initialize a new random number generator. */ + ret = wc_InitRng(&rng); + if (ret == 0) { + int encAlgId = 0; + + /* Convert EVP cipher to a support encryption id. */ + #ifndef NO_DES3 + if (enc == EVP_DES_CBC) { + encAlgId = DESb; + } + else if (enc == EVP_DES_EDE3_CBC) { + encAlgId = DES3b; + } + else + #endif +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + if (enc == EVP_AES_128_CBC) { + encAlgId = AES128CBCb; + } + else + #endif + #ifdef WOLFSSL_AES_256 + if (enc == EVP_AES_256_CBC) { + encAlgId = AES256CBCb; + } + else + #endif +#endif + { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Encrypt private into buffer. */ + ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, + key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId, + NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); + if (ret > 0) { + *keySz = (word32)ret; + } + } + /* Dispose of random number generator. */ + wc_FreeRng(&rng); + } + + return ret; +} + +/* Encode private key in PKCS#8 format. + * + * @param [in] pkey Private key. + * @param [out] key Buffer to hold encoding. + * @param [in, out] keySz On in, size of buffer in bytes. + * @param On out, size of encoded key in bytes. + * @return 0 on success. + */ +static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) +{ + int ret = 0; + int algId; + const byte* curveOid; + word32 oidSz; + + /* Get the details of the private key. */ +#ifdef HAVE_ECC + if (pkey->type == EVP_PKEY_EC) { + /* ECC private and get curve OID information. */ + algId = ECDSAk; + ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, + &oidSz); + } + else +#endif + if (pkey->type == EVP_PKEY_RSA) { + /* RSA private has no curve information. */ + algId = RSAk; + curveOid = NULL; + oidSz = 0; + } + else { + ret = NOT_COMPILED_IN; + } + + if (ret >= 0) { + /* Encode private key in PKCS#8 format. */ + ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr, + pkey->pkey_sz, algId, curveOid, oidSz); + } + + return ret; +} + +/* Write PEM encoded, PKCS#8 formatted private key to BIO. + * + * @param [out] pem Buffer holding PEM encoding. + * @param [out] pemSz Size of data in buffer in bytes. + * @param [in] pkey Private key to write. + * @param [in] enc Encryption information to use. May be NULL. + * @param [in] passwd Password to use when encrypting. May be NULL. + * @param [in] passwdSz Size of password in bytes. + * @param [in] cb Password callback. Used when passwd is NULL. May be + * NULL. + * @param [in] ctx Context for password callback. + * @return Length of PEM encoding on success. + * @return 0 on failure. + */ +static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, + WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, + int passwdSz, wc_pem_password_cb* cb, void* ctx) +{ + int res = 1; + int ret = 0; + char password[NAME_SZ]; + byte* key = NULL; + word32 keySz; + int type = PKCS8_PRIVATEKEY_TYPE; + + /* Validate parameters. */ + if (pkey == NULL) { + res = 0; + } + + if (res == 1) { + /* Guestimate key size and PEM size. */ + if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + res = 0; + } + } + if (res == 1) { + if (enc != NULL) { + /* Add on enough for extra DER data when encrypting. */ + keySz += 128; + } + /* PEM encoding size from DER size. */ + *pemSz = (int)(keySz + 2) / 3 * 4; + *pemSz += (*pemSz + 63) / 64; + /* Header and footer. */ + if (enc != NULL) { + /* Name is: 'ENCRYPTED PRIVATE KEY'. */ + *pemSz += 74; + } + else { + /* Name is: 'PRIVATE KEY'. */ + *pemSz += 54; + } + + /* Allocate enough memory to hold PEM encoded encrypted key. */ + *pem = (byte*)XMALLOC((size_t)*pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*pem == NULL) { + res = 0; + } + else { + /* Use end of PEM buffer for key data. */ + key = *pem + *pemSz - keySz; + } + } + + if ((res == 1) && (enc != NULL)) { + /* Set type for PEM. */ + type = PKCS8_ENC_PRIVATEKEY_TYPE; + + if (passwd == NULL) { + /* Get the password by using callback. */ + passwdSz = cb(password, sizeof(password), 1, ctx); + if (passwdSz < 0) { + res = 0; + } + passwd = password; + } + + if (res == 1) { + /* Encrypt the private key. */ + ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); + if (ret <= 0) { + res = 0; + } + } + + /* Zeroize the password from memory. */ + if ((password == passwd) && (passwdSz > 0)) { + ForceZero(password, (word32)passwdSz); + } + } + else if ((res == 1) && (enc == NULL)) { + /* Set type for PEM. */ + type = PKCS8_PRIVATEKEY_TYPE; + + /* Encode private key in PKCS#8 format. */ + ret = pem_pkcs8_encode(pkey, key, &keySz); + if (ret < 0) { + res = 0; + } + } + + if (res == 1) { + /* Encode PKCS#8 formatted key to PEM. */ + ret = wc_DerToPemEx(key, keySz, *pem, (word32)*pemSz, NULL, type); + if (ret < 0) { + res = 0; + } + else { + *pemSz = ret; + } + } + + /* Return appropriate return code. */ + return (res == 0) ? 0 : ret; + +} +#endif /* !NO_BIO || (!NO_FILESYSTEM && !NO_STDIO_FILESYSTEM) */ + +#ifndef NO_BIO +/* Write PEM encoded, PKCS#8 formatted private key to BIO. + * + * TODO: OpenSSL returns 1 and 0 only. + * + * @param [in] bio BIO to write to. + * @param [in] pkey Private key to write. + * @param [in] enc Encryption information to use. May be NULL. + * @param [in] passwd Password to use when encrypting. May be NULL. + * @param [in] passwdSz Size of password in bytes. + * @param [in] cb Password callback. Used when passwd is NULL. May be + * NULL. + * @param [in] ctx Context for password callback. + * @return Length of PEM encoding on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, + int passwdSz, wc_pem_password_cb* cb, void* ctx) +{ + byte* pem = NULL; + int pemSz = 0; + int res = 1; + + /* Validate parameters. */ + if (bio == NULL) { + res = 0; + } + if (res == 1) { + /* Write private key to memory. */ + res = pem_write_mem_pkcs8privatekey(&pem, &pemSz, pkey, enc, passwd, + passwdSz, cb, ctx); + } + + /* Write encoded key to BIO. */ + if ((res >= 1) && (wolfSSL_BIO_write(bio, pem, pemSz) != pemSz)) { + res = 0; + } + + /* Dispose of dynamically allocated memory (pem and key). */ + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return res; +} +#endif /* !NO_BIO */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +/* Write PEM encoded, PKCS#8 formatted private key to BIO. + * + * TODO: OpenSSL returns 1 and 0 only. + * + * @param [in] f File pointer. + * @param [in] pkey Private key to write. + * @param [in] enc Encryption information to use. May be NULL. + * @param [in] passwd Password to use when encrypting. May be NULL. + * @param [in] passwdSz Size of password in bytes. + * @param [in] cb Password callback. Used when passwd is NULL. May be + * NULL. + * @param [in] ctx Context for password callback. + * @return Length of PEM encoding on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_PKCS8PrivateKey(XFILE f, WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, + wc_pem_password_cb* cb, void* ctx) +{ + byte* pem = NULL; + int pemSz = 0; + int res = 1; + + /* Validate parameters. */ + if (f == XBADFILE) { + res = 0; + } + if (res == 1) { + /* Write private key to memory. */ + res = pem_write_mem_pkcs8privatekey(&pem, &pemSz, pkey, enc, passwd, + passwdSz, cb, ctx); + } + + /* Write encoded key to file. */ + if ((res >= 1) && (XFWRITE(pem, 1, (size_t)pemSz, f) != (size_t)pemSz)) { + res = 0; + } + + /* Dispose of dynamically allocated memory (pem and key). */ + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return res; +} +#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ + +#endif /* !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* OPENSSL_ALL */ + +/******************************************************************************* + * END OF GENERIC PUBLIC KEY PEM APIs + ******************************************************************************/ + #endif /* !WOLFSSL_PK_INCLUDED */ diff --git a/src/quic.c b/src/quic.c index 66f866a484..d28abe5a02 100644 --- a/src/quic.c +++ b/src/quic.c @@ -1,6 +1,6 @@ /* quic.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,7 +82,7 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl, qr->capacity = qr->len = (word32)len; } else { - qr->capacity = qr->len = qr_length(data, len); + qr->capacity = qr->len = (word32) qr_length(data, len); if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) { WOLFSSL_MSG("QUIC length read larger than expected"); quic_record_free(ssl, qr); @@ -123,17 +123,17 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data, missing = 4 - qr->end; if (len < missing) { XMEMCPY(qr->data + qr->end, data, len); - qr->end += len; + qr->end += (word32)len; consumed = len; goto cleanup; /* len consumed, but qr->len still unknown */ } XMEMCPY(qr->data + qr->end, data, missing); - qr->end += missing; + qr->end += (word32)missing; len -= missing; data += missing; consumed = missing; - qr->len = qr_length(qr->data, qr->end); + qr->len = (word32)qr_length(qr->data, qr->end); /* sanity check on length read from wire before use */ if (qr->len > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) { @@ -163,7 +163,7 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data, len = missing; } XMEMCPY(qr->data + qr->end, data, len); - qr->end += len; + qr->end += (word32)len; consumed += len; cleanup: @@ -172,7 +172,7 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data, } -static word32 add_rec_header(byte* output, word32 length, int type) +static word32 add_rec_header(byte* output, word32 length, byte type) { RecordLayerHeader* rl; @@ -188,15 +188,21 @@ static word32 add_rec_header(byte* output, word32 length, int type) return RECORD_HEADER_SZ; } -static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) +static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) { word32 len = qr->end - qr->start; word32 offset = 0; - word16 rlen; + word32 rlen; if (len <= 0) { return 0; } + + /* We check if the buf is at least RECORD_HEADER_SZ */ + if (sz < RECORD_HEADER_SZ) { + return -1; + } + if (qr->rec_hdr_remain == 0) { /* start a new TLS record */ rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ? @@ -218,7 +224,7 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) qr->start += len; qr->rec_hdr_remain -= len; } - return len + offset; + return (sword32)(len + offset); } @@ -236,7 +242,7 @@ const QuicTransportParam* QuicTransportParam_new(const uint8_t* data, return NULL; } XMEMCPY((uint8_t*)tp->data, data, len); - tp->len = len; + tp->len = (word16)len; return tp; } @@ -766,7 +772,7 @@ int wolfSSL_provide_quic_data(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level, /* Called internally when SSL wants a certain amount of input. */ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) { - word32 n = 0; + sword32 n = 0; int transferred = 0; WOLFSSL_ENTER("wolfSSL_quic_receive"); @@ -774,6 +780,11 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) n = 0; if (ssl->quic.input_head) { n = quic_record_transfer(ssl->quic.input_head, buf, sz); + + /* record too small to be fit into a RecordLayerHeader struct. */ + if (n == -1) { + return -1; + } if (quic_record_done(ssl->quic.input_head)) { QuicRecord* qr = ssl->quic.input_head; ssl->quic.input_head = qr->next; @@ -791,9 +802,9 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) ssl->error = transferred = WANT_READ; goto cleanup; } - sz -= n; + sz -= (word32)n; buf += n; - transferred += n; + transferred += (int)n; } cleanup: WOLFSSL_LEAVE("wolfSSL_quic_receive", transferred); @@ -836,8 +847,8 @@ static int wolfSSL_quic_send_internal(WOLFSSL* ssl) goto cleanup; } output += len; - length -= len; - ssl->quic.output_rec_remain -= len; + length -= (word32)len; + ssl->quic.output_rec_remain -= (word32)len; } else { /* at start of a TLS Record */ @@ -990,11 +1001,13 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl) evp_cipher = wolfSSL_EVP_chacha20_poly1305(); break; #endif -#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) case TLS_AES_128_CCM_SHA256: - FALL_THROUGH; + evp_cipher = wolfSSL_EVP_aes_128_ccm(); + break; case TLS_AES_128_CCM_8_SHA256: - evp_cipher = wolfSSL_EVP_aes_128_ctr(); + WOLFSSL_MSG("wolfSSL_quic_get_aead: no CCM-8 support in EVP layer"); + evp_cipher = NULL; break; #endif @@ -1011,7 +1024,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl) return evp_cipher; } -static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1, +/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */ +WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1, const WOLFSSL_EVP_CIPHER* c2) { /* We could check on nid equality, but we seem to have singulars */ @@ -1034,27 +1048,40 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp(WOLFSSL* ssl) } switch (cipher->cipherSuite) { -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_COUNTER) + /* This has to be CTR even though the spec says that ECB is used for + * mask generation. ngtcp2_crypto_hp_mask uses a hack where they pass + * in the "ECB" input as the IV for the CTR cipher and then the input + * is just a cleared buffer. They do this so that the EVP + * init-update-final cycle can be used without the padding that is added + * for EVP_aes_(128|256)_ecb. */ +#if defined(WOLFSSL_AES_128) case TLS_AES_128_GCM_SHA256: evp_cipher = wolfSSL_EVP_aes_128_ctr(); break; +#endif +#if defined(WOLFSSL_AES_256) case TLS_AES_256_GCM_SHA384: evp_cipher = wolfSSL_EVP_aes_256_ctr(); break; #endif +#endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case TLS_CHACHA20_POLY1305_SHA256: evp_cipher = wolfSSL_EVP_chacha20(); break; #endif -#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) && \ + defined(WOLFSSL_AES_COUNTER) + /* This has to be CTR. See comment above. */ case TLS_AES_128_CCM_SHA256: - FALL_THROUGH; - case TLS_AES_128_CCM_8_SHA256: evp_cipher = wolfSSL_EVP_aes_128_ctr(); break; + case TLS_AES_128_CCM_8_SHA256: + WOLFSSL_MSG("wolfSSL_quic_get_hp: no CCM-8 support in EVP layer"); + evp_cipher = NULL; + break; #endif - default: evp_cipher = NULL; break; @@ -1072,8 +1099,7 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher) { size_t ret; #ifdef WOLFSSL_SMALL_STACK - WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX *)XMALLOC( - sizeof(*ctx), NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new(); if (ctx == NULL) return 0; #else @@ -1083,7 +1109,7 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher) XMEMSET(ctx, 0, sizeof(*ctx)); if (wolfSSL_EVP_CipherInit(ctx, aead_cipher, NULL, NULL, 0) == WOLFSSL_SUCCESS) { - ret = ctx->authTagSz; + ret = (size_t)ctx->authTagSz; } else { ret = 0; } @@ -1098,30 +1124,12 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher) int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER* aead_cipher) { -#if !defined(NO_AES) && defined(HAVE_AESGCM) - if (evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_128_gcm()) -#ifdef WOLFSSL_AES_256 - || evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_256_gcm()) -#endif - ) { - return 1; - } -#else - (void)aead_cipher; -#endif - return 0; + return WOLFSSL_EVP_CIPHER_mode(aead_cipher) == WOLFSSL_EVP_CIPH_GCM_MODE; } int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER* aead_cipher) { -#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) - if (evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_128_ctr())) { - return 1; - } -#else - (void)aead_cipher; -#endif - return 0; + return WOLFSSL_EVP_CIPHER_mode(aead_cipher) == WOLFSSL_EVP_CIPH_CCM_MODE; } int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER* aead_cipher) @@ -1358,7 +1366,7 @@ int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx, return WOLFSSL_FAILURE; } - enclen -= ctx->authTagSz; + enclen -= (size_t)ctx->authTagSz; tag = enc + enclen; if (wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0) != WOLFSSL_SUCCESS diff --git a/src/sniffer.c b/src/sniffer.c index d5fc5c1746..31d54a949f 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -851,14 +851,11 @@ static void FreeSnifferSession(SnifferSession* session) XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); #endif #ifdef WOLFSSL_TLS13 - if (session->cliKeyShare) - XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif #ifdef HAVE_MAX_FRAGMENT - if (session->tlsFragBuf) { - XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - session->tlsFragBuf = NULL; - } + XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + session->tlsFragBuf = NULL; #endif } XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION); @@ -2481,7 +2478,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, args = (SetupKeysArgs*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_sk; @@ -3089,7 +3086,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #endif /* HAVE_CURVE448 */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Handle async pending response */ ret = wolfSSL_AsyncPush(ssl, asyncDev); break; @@ -3228,7 +3225,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, exit_sk: /* Handle async pending response */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -3897,7 +3894,8 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, #endif #ifdef WOLFSSL_ASYNC_CRYPT - if (session->sslServer->error != WC_PENDING_E && session->pendSeq == 0) + if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) && + session->pendSeq == 0) #endif { /* hash server_hello */ @@ -3931,7 +3929,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, session, error, &session->cliKs); if (ret != 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -4578,7 +4576,8 @@ static int DoHandShake(const byte* input, int* sslBytes, #ifdef WOLFSSL_TLS13 if (type != client_hello && type != server_hello #ifdef WOLFSSL_ASYNC_CRYPT - && session->sslServer->error != WC_PENDING_E && session->pendSeq == 0 + && session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) + && session->pendSeq == 0 #endif ) { /* For resumption the hash is before / after client_hello PSK binder */ @@ -4696,7 +4695,7 @@ static int DoHandShake(const byte* input, int* sslBytes, if (ret == 0) { ret = ProcessClientKeyExchange(input, sslBytes, session, error); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif if (ret != 0) { @@ -4721,10 +4720,8 @@ static int DoHandShake(const byte* input, int* sslBytes, exit: #endif #ifdef HAVE_MAX_FRAGMENT - if (session->tlsFragBuf) { - XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - session->tlsFragBuf = NULL; - } + XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + session->tlsFragBuf = NULL; #endif *sslBytes = startBytes - size; /* actual bytes of full process */ @@ -4763,7 +4760,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev); } #endif @@ -4781,7 +4778,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, #endif ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } #endif @@ -4826,7 +4823,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, NULL, 0)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } #endif @@ -4884,9 +4881,9 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT if (ssl->decrypt.state != CIPHER_STATE_BEGIN) { ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* check for still pending */ - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; ssl->error = 0; /* clear async */ @@ -4942,7 +4939,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT /* If pending, return now */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -4994,7 +4991,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, } #ifdef WOLFSSL_ASYNC_CRYPT /* for async the symmetric operations are blocking */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { do { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); } while (ret == 0); @@ -5254,7 +5251,7 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame, ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, (word16)*rhSize); - if (ret < 0 && ret != MATCH_SUITE_ERROR) { + if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) { SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); return -1; } @@ -5679,7 +5676,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, if (real + *sslBytes > *expected) { #ifdef WOLFSSL_ASYNC_CRYPT - if (session->sslServer->error != WC_PENDING_E && + if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) && session->pendSeq != tcpInfo->sequence) #endif { @@ -5735,7 +5732,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, * already been ack'd during handshake */ if ( #ifdef WOLFSSL_ASYNC_CRYPT - session->sslServer->error != WC_PENDING_E && + session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) && session->pendSeq != tcpInfo->sequence && #endif FindPrevAck(session, real)) { @@ -6039,7 +6036,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, #ifdef WOLFSSL_ASYNC_CRYPT /* if this is a pending async packet do not "grow" on partial (we already did) */ if (session->pendSeq == tcpInfo->sequence) { - if (session->sslServer->error == WC_PENDING_E) { + if (session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { return 0; /* don't check pre-record again */ } /* if record check already done then restore, otherwise process normal */ @@ -6371,7 +6368,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, Trace(GOT_HANDSHAKE_STR); ret = DoHandShake(sslFrame, &sslBytes, session, error, rhSize); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif if (ret != 0 || sslBytes > startIdx) { @@ -6655,7 +6652,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return WOLFSSL_SNIFFER_FATAL_ERROR; #ifdef WOLFSSL_ASYNC_CRYPT - else if (ret == WC_PENDING_E) return WC_PENDING_E; + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E; #endif else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; else if (ret == 1) { @@ -6706,7 +6703,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, #ifdef WOLFSSL_ASYNC_CRYPT /* make sure this server was polled */ - if (asyncOkay && session->sslServer->error == WC_PENDING_E && + if (asyncOkay && + session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) && !session->flags.wasPolled) { return WC_PENDING_E; } @@ -6714,7 +6712,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, #ifdef WOLFSSL_SNIFFER_STATS #ifdef WOLFSSL_ASYNC_CRYPT - if (session->sslServer->error != WC_PENDING_E) + if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { if (sslBytes > 0) { @@ -6736,7 +6734,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, session->sslServer->error = ret; #ifdef WOLFSSL_ASYNC_CRYPT /* capture the seq pending for this session */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { session->flags.wasPolled = 0; session->pendSeq = tcpInfo.sequence; if (!asyncOkay || CryptoDeviceId == INVALID_DEVID) { @@ -6751,7 +6749,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, else { session->pendSeq = 0; } - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #else (void)asyncOkay; #endif diff --git a/src/ssl.c b/src/ssl.c index b19b2c7f21..afd505027a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,7 +54,8 @@ #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \ && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) - #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README" + #error "No cipher suites defined because DH disabled, ECC disabled, " + "and no static suites defined. Please see top of README" #endif #ifdef WOLFSSL_CERT_GEN /* need access to Cert struct for creating certificate */ @@ -115,7 +116,6 @@ #include #include #include - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) #include #endif /* HAVE_FALCON */ @@ -125,7 +125,6 @@ #if defined(HAVE_SPHINCS) #include #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) #ifdef HAVE_OCSP #include @@ -140,12 +139,6 @@ && !defined(WC_NO_RNG) #include #endif - #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) - #include - #endif - #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) - #include - #endif /* OPENSSL_ALL && HAVE_PKCS7 */ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -163,25 +156,6 @@ #endif #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */ -#ifdef WOLFSSL_SYS_CA_CERTS - -#ifdef _WIN32 - #include - #include - - /* mingw gcc does not support pragma comment, and the - * linking with crypt32 is handled in configure.ac */ - #if !defined(__MINGW32__) && !defined(__MINGW64__) - #pragma comment(lib, "crypt32") - #endif -#endif - -#if defined(__APPLE__) && defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) -#include -#endif - -#endif /* WOLFSSL_SYS_CA_CERTS */ - /* * OPENSSL_COMPATIBLE_DEFAULTS: * Enable default behaviour that is compatible with OpenSSL. For example @@ -218,6 +192,9 @@ #ifndef WOLFCRYPT_ONLY #define WOLFSSL_SSL_CERTMAN_INCLUDED #include "src/ssl_certman.c" + +#define WOLFSSL_SSL_SESS_INCLUDED +#include "src/ssl_sess.c" #endif #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ @@ -310,9 +287,10 @@ int wc_OBJ_sn2nid(const char *sn) #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */ static WC_RNG globalRNG; -static int initGlobalRNG = 0; +static volatile int initGlobalRNG = 0; -static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex); +static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex); #ifndef WOLFSSL_MUTEX_INITIALIZER static int globalRNGMutex_valid = 0; #endif @@ -411,7 +389,8 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local) * OPENSSL_EXTRA where RAND callbacks are not used */ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB static const WOLFSSL_RAND_METHOD* gRandMethods = NULL; - static wolfSSL_Mutex gRandMethodMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gRandMethodMutex); + static wolfSSL_Mutex gRandMethodMutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gRandMethodMutex); #ifndef WOLFSSL_MUTEX_INITIALIZER static int gRandMethodsInit = 0; #endif @@ -431,47 +410,6 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local) #include -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -const WOLF_EC_NIST_NAME kNistCurves[] = { - {XSTR_SIZEOF("P-192"), "P-192", NID_X9_62_prime192v1}, - {XSTR_SIZEOF("P-256"), "P-256", NID_X9_62_prime256v1}, - {XSTR_SIZEOF("P-112"), "P-112", NID_secp112r1}, - {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2}, - {XSTR_SIZEOF("P-128"), "P-128", NID_secp128r1}, - {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2}, - {XSTR_SIZEOF("P-160"), "P-160", NID_secp160r1}, - {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2}, - {XSTR_SIZEOF("P-224"), "P-224", NID_secp224r1}, - {XSTR_SIZEOF("P-384"), "P-384", NID_secp384r1}, - {XSTR_SIZEOF("P-521"), "P-521", NID_secp521r1}, - {XSTR_SIZEOF("K-160"), "K-160", NID_secp160k1}, - {XSTR_SIZEOF("K-192"), "K-192", NID_secp192k1}, - {XSTR_SIZEOF("K-224"), "K-224", NID_secp224k1}, - {XSTR_SIZEOF("K-256"), "K-256", NID_secp256k1}, - {XSTR_SIZEOF("B-160"), "B-160", NID_brainpoolP160r1}, - {XSTR_SIZEOF("B-192"), "B-192", NID_brainpoolP192r1}, - {XSTR_SIZEOF("B-224"), "B-224", NID_brainpoolP224r1}, - {XSTR_SIZEOF("B-256"), "B-256", NID_brainpoolP256r1}, - {XSTR_SIZEOF("B-320"), "B-320", NID_brainpoolP320r1}, - {XSTR_SIZEOF("B-384"), "B-384", NID_brainpoolP384r1}, - {XSTR_SIZEOF("B-512"), "B-512", NID_brainpoolP512r1}, -#ifdef HAVE_PQC - {XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1}, - {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3}, - {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5}, -#ifdef HAVE_LIBOQS - {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1}, - {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3}, - {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5}, -#endif -#endif -#ifdef WOLFSSL_SM2 - {XSTR_SIZEOF("SM2"), "SM2", NID_sm2}, -#endif - {0, NULL, 0}, -}; -#endif - #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) /* create the hpke key and ech config to send to clients */ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, @@ -1040,7 +978,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) workingOutputLen = *outputLen - totalLen; /* only error we break on, other 2 we need to keep finding length */ - if (ret == BAD_FUNC_ARG) + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return BAD_FUNC_ARG; workingConfig = workingConfig->next; @@ -1070,209 +1008,11 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) #include #endif -#ifdef WOLFSSL_SESSION_EXPORT -/* Used to import a serialized TLS session. - * WARNING: buf contains sensitive information about the state and is best to be - * encrypted before storing if stored. - * - * @param ssl WOLFSSL structure to import the session into - * @param buf serialized session - * @param sz size of buffer 'buf' - * @return the number of bytes read from buffer 'buf' - */ -int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz) -{ - if (ssl == NULL || buf == NULL) { - return BAD_FUNC_ARG; - } - return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS); -} - - -/* Used to export a serialized TLS session. - * WARNING: buf contains sensitive information about the state and is best to be - * encrypted before storing if stored. - * - * @param ssl WOLFSSL structure to export the session from - * @param buf output of serialized session - * @param sz size in bytes set in 'buf' - * @return the number of bytes written into buffer 'buf' - */ -int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz) -{ - if (ssl == NULL || sz == NULL) { - return BAD_FUNC_ARG; - } - return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS); -} - -#ifdef WOLFSSL_DTLS -int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz) -{ - WOLFSSL_ENTER("wolfSSL_session_import"); - - if (ssl == NULL || buf == NULL) { - return BAD_FUNC_ARG; - } - - /* sanity checks on buffer and protocol are done in internal function */ - return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS); -} - - -/* Sets the function to call for serializing the session. This function is - * called right after the handshake is completed. */ -int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func) -{ - - WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export"); - - /* purposefully allow func to be NULL */ - if (ctx == NULL) { - return BAD_FUNC_ARG; - } - - ctx->dtls_export = func; - - return WOLFSSL_SUCCESS; -} - - -/* Sets the function in WOLFSSL struct to call for serializing the session. This - * function is called right after the handshake is completed. */ -int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func) -{ - - WOLFSSL_ENTER("wolfSSL_dtls_set_export"); - - /* purposefully allow func to be NULL */ - if (ssl == NULL) { - return BAD_FUNC_ARG; - } - - ssl->dtls_export = func; - - return WOLFSSL_SUCCESS; -} - - -/* This function allows for directly serializing a session rather than using - * callbacks. It has less overhead by removing a temporary buffer and gives - * control over when the session gets serialized. When using callbacks the - * session is always serialized immediately after the handshake is finished. - * - * buf is the argument to contain the serialized session - * sz is the size of the buffer passed in - * ssl is the WOLFSSL struct to serialize - * returns the size of serialized session on success, 0 on no action, and - * negative value on error */ -int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz) -{ - WOLFSSL_ENTER("wolfSSL_dtls_export"); - - if (ssl == NULL || sz == NULL) { - return BAD_FUNC_ARG; - } - - if (buf == NULL) { - *sz = MAX_EXPORT_BUFFER; - return 0; - } - - /* if not DTLS do nothing */ - if (!ssl->options.dtls) { - WOLFSSL_MSG("Currently only DTLS export is supported"); - return 0; - } - - /* copy over keys, options, and dtls state struct */ - return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS); -} - - -/* This function is similar to wolfSSL_dtls_export but only exports the portion - * of the WOLFSSL structure related to the state of the connection, i.e. peer - * sequence number, epoch, AEAD state etc. - * - * buf is the argument to contain the serialized state, if null then set "sz" to - * buffer size required - * sz is the size of the buffer passed in - * ssl is the WOLFSSL struct to serialize - * returns the size of serialized session on success, 0 on no action, and - * negative value on error */ -int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf, - unsigned int* sz) -{ - WOLFSSL_ENTER("wolfSSL_dtls_export_state_only"); - - if (ssl == NULL || sz == NULL) { - return BAD_FUNC_ARG; - } - - if (buf == NULL) { - *sz = MAX_EXPORT_STATE_BUFFER; - return 0; - } - - /* if not DTLS do nothing */ - if (!ssl->options.dtls) { - WOLFSSL_MSG("Currently only DTLS export state is supported"); - return 0; - } - - /* copy over keys, options, and dtls state struct */ - return wolfSSL_dtls_export_state_internal(ssl, buf, *sz); -} - - -/* returns 0 on success */ -int wolfSSL_send_session(WOLFSSL* ssl) -{ - int ret; - byte* buf; - word32 bufSz = MAX_EXPORT_BUFFER; - - WOLFSSL_ENTER("wolfSSL_send_session"); - - if (ssl == NULL) { - return BAD_FUNC_ARG; - } - - buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - return MEMORY_E; - } - - /* if not DTLS do nothing */ - if (!ssl->options.dtls) { - XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("Currently only DTLS export is supported"); - return 0; - } - - /* copy over keys, options, and dtls state struct */ - ret = wolfSSL_session_export_internal(ssl, buf, &bufSz, WOLFSSL_EXPORT_DTLS); - if (ret < 0) { - XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - - /* if no error ret has size of buffer */ - ret = ssl->dtls_export(ssl, buf, ret, NULL); - if (ret != WOLFSSL_SUCCESS) { - XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - - XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - return 0; -} -#endif /* WOLFSSL_DTLS */ -#endif /* WOLFSSL_SESSION_EXPORT */ - /* prevent multiple mutex initializations */ static volatile WOLFSSL_GLOBAL int initRefCount = 0; -static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); /* init ref count mutex */ +/* init ref count mutex */ +static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); #ifndef WOLFSSL_MUTEX_INITIALIZER static WOLFSSL_GLOBAL int inits_count_mutex_valid = 0; #endif @@ -1294,9 +1034,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_Init failed"); WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0); - if (method != NULL) { - XFREE(method, heap, DYNAMIC_TYPE_METHOD); - } + XFREE(method, heap, DYNAMIC_TYPE_METHOD); return NULL; } } @@ -1342,8 +1080,8 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); if (wolfSSL_CTX_set_min_proto_version(ctx, - (method->version.major == DTLS_MAJOR) ? - DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS || + (method->version.major == DTLS_MAJOR) ? + DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS || #ifdef HAVE_ANON wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS || #endif @@ -1392,10 +1130,8 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) if (ctx->srp != NULL) { - if (ctx->srp_password != NULL){ - XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; - } + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; wc_SrpTerm(ctx->srp); XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); ctx->srp = NULL; @@ -1613,8 +1349,8 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl) #ifdef HAVE_ONE_TIME_AUTH #ifdef HAVE_POLY1305 if (ssl->auth.setup && ssl->auth.poly1305 != NULL) { - dup->auth.poly1305 = - (Poly1305*)XMALLOC(sizeof(Poly1305), dup->heap, DYNAMIC_TYPE_CIPHER); + dup->auth.poly1305 = (Poly1305*)XMALLOC(sizeof(Poly1305), dup->heap, + DYNAMIC_TYPE_CIPHER); if (dup->auth.poly1305 == NULL) return MEMORY_E; dup->auth.setup = 1; @@ -1948,7 +1684,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) return NULL; cipher = wolfSSL_get_cipher_name_iana(ssl); - len = min(len, (int)(XSTRLEN(cipher) + 1)); + len = (int)min((word32)len, (int)(XSTRLEN(cipher) + 1)); XMEMCPY(buf, cipher, len); return buf; } @@ -2214,6 +1950,15 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { + if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) + return SSL_SUCCESS; + else + return SSL_FAILURE; +} +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ + #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ #ifdef WOLFSSL_SRTP @@ -2221,10 +1966,12 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) static const WOLFSSL_SRTP_PROTECTION_PROFILE gSrtpProfiles[] = { /* AES CCM 128, Salt:112-bits, Auth HMAC-SHA1 Tag: 80-bits * (master_key:128bits + master_salt:112bits) * 2 = 480 bits (60) */ - {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, (((128 + 112) * 2) / 8) }, + {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, + (((128 + 112) * 2) / 8) }, /* AES CCM 128, Salt:112-bits, Auth HMAC-SHA1 Tag: 32-bits * (master_key:128bits + master_salt:112bits) * 2 = 480 bits (60) */ - {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, (((128 + 112) * 2) / 8) }, + {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, + (((128 + 112) * 2) / 8) }, /* NULL Cipher, Salt:112-bits, Auth HMAC-SHA1 Tag 80-bits */ {"SRTP_NULL_SHA1_80", SRTP_NULL_SHA1_80, ((112 * 2) / 8)}, /* NULL Cipher, Salt:112-bits, Auth HMAC-SHA1 Tag 32-bits */ @@ -2351,7 +2098,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, return EXT_MISSING; } if (out == NULL) { - *olen = profile->kdfBits; + *olen = (size_t)profile->kdfBits; return LENGTH_ONLY_E; } @@ -2468,7 +2215,8 @@ int wolfSSL_set_secret(WOLFSSL* ssl, word16 epoch, if (ret == 0) { XMEMCPY(ssl->arrays->preMasterSecret, preMasterSecret, preMasterSz); - XMEMSET(ssl->arrays->preMasterSecret + preMasterSz, 0, ENCRYPT_LEN - preMasterSz); + XMEMSET(ssl->arrays->preMasterSecret + preMasterSz, 0, + ENCRYPT_LEN - preMasterSz); ssl->arrays->preMasterSz = preMasterSz; XMEMCPY(ssl->arrays->clientRandom, clientRandom, RAN_LEN); XMEMCPY(ssl->arrays->serverRandom, serverRandom, RAN_LEN); @@ -2719,7 +2467,8 @@ int wolfSSL_GetObjectSize(void) #ifdef WOLFSSL_SM4 printf("\tsizeof sm4 = %lu\n", (unsigned long)sizeof(Sm4)); #endif - printf("sizeof cipher specs = %lu\n", (unsigned long)sizeof(CipherSpecs)); + printf("sizeof cipher specs = %lu\n", (unsigned long) + sizeof(CipherSpecs)); printf("sizeof keys = %lu\n", (unsigned long)sizeof(Keys)); printf("sizeof Hashes(2) = %lu\n", (unsigned long)sizeof(Hashes)); #ifndef NO_MD5 @@ -2752,10 +2501,13 @@ int wolfSSL_GetObjectSize(void) #ifdef HAVE_ECC printf("sizeof ecc_key = %lu\n", (unsigned long)sizeof(ecc_key)); #endif - printf("sizeof WOLFSSL_CIPHER = %lu\n", (unsigned long)sizeof(WOLFSSL_CIPHER)); - printf("sizeof WOLFSSL_SESSION = %lu\n", (unsigned long)sizeof(WOLFSSL_SESSION)); + printf("sizeof WOLFSSL_CIPHER = %lu\n", (unsigned long) + sizeof(WOLFSSL_CIPHER)); + printf("sizeof WOLFSSL_SESSION = %lu\n", (unsigned long) + sizeof(WOLFSSL_SESSION)); printf("sizeof WOLFSSL = %lu\n", (unsigned long)sizeof(WOLFSSL)); - printf("sizeof WOLFSSL_CTX = %lu\n", (unsigned long)sizeof(WOLFSSL_CTX)); + printf("sizeof WOLFSSL_CTX = %lu\n", (unsigned long) + sizeof(WOLFSSL_CTX)); #endif return sizeof(WOLFSSL); @@ -2775,13 +2527,11 @@ int wolfSSL_METHOD_GetObjectSize(void) #ifdef WOLFSSL_STATIC_MEMORY -int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method, - unsigned char* buf, unsigned int sz, - int flag, int maxSz) +int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, + wolfSSL_method_func method, unsigned char* buf, unsigned int sz, int flag, + int maxSz) { - WOLFSSL_HEAP* heap; - WOLFSSL_HEAP_HINT* hint; - word32 idx = 0; + WOLFSSL_HEAP_HINT* hint = NULL; if (ctx == NULL || buf == NULL) { return BAD_FUNC_ARG; @@ -2791,42 +2541,23 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method return BAD_FUNC_ARG; } - if (*ctx == NULL || (*ctx)->heap == NULL) { - if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) { - return BUFFER_E; /* not enough memory for structures */ - } - heap = (WOLFSSL_HEAP*)buf; - idx += sizeof(WOLFSSL_HEAP); - if (wolfSSL_init_memory_heap(heap) != 0) { - return WOLFSSL_FAILURE; - } - hint = (WOLFSSL_HEAP_HINT*)(buf + idx); - idx += sizeof(WOLFSSL_HEAP_HINT); - XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT)); - hint->memory = heap; - - if (*ctx && (*ctx)->heap == NULL) { - (*ctx)->heap = (void*)hint; - } - } - else { -#ifdef WOLFSSL_HEAP_TEST - /* do not load in memory if test has been set */ - if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) { - return WOLFSSL_SUCCESS; - } -#endif - hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap); - heap = hint->memory; + /* If there is a heap already, capture it in hint. */ + if (*ctx && (*ctx)->heap != NULL) { + hint = (*ctx)->heap; } - if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) { - WOLFSSL_MSG("Error partitioning memory"); + if (wc_LoadStaticMemory(&hint, buf, sz, flag, maxSz)) { + WOLFSSL_MSG("Error loading static memory"); return WOLFSSL_FAILURE; } - /* create ctx if needed */ - if (*ctx == NULL) { + if (*ctx) { + if ((*ctx)->heap == NULL) { + (*ctx)->heap = (void*)hint; + } + } + else { + /* create ctx if needed */ *ctx = wolfSSL_CTX_new_ex(method(hint), hint); if (*ctx == NULL) { WOLFSSL_MSG("Error creating ctx"); @@ -2834,19 +2565,6 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method } } - /* determine what max applies too */ - if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { - heap->maxIO = maxSz; - } - else { /* general memory used in handshakes */ - heap->maxHa = maxSz; - } - - heap->flag |= flag; - - (void)maxSz; - (void)method; - return WOLFSSL_SUCCESS; } @@ -2858,6 +2576,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats) } WOLFSSL_ENTER("wolfSSL_is_static_memory"); +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */ if (mem_stats != NULL && ssl->heap != NULL) { WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap)); @@ -2866,7 +2585,9 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats) XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS)); } } +#endif + (void)mem_stats; return (ssl->heap) ? 1 : 0; } @@ -2878,6 +2599,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats) } WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory"); +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* fill out statistics if wanted */ if (mem_stats != NULL && ctx->heap != NULL) { WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory; @@ -2885,7 +2607,9 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats) return MEMORY_E; } } +#endif + (void)mem_stats; return (ctx->heap) ? 1 : 0; } @@ -2925,13 +2649,15 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz) if (inSz > maxSize) return INPUT_SIZE_E; - return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0, CUR_ORDER); + return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0, + CUR_ORDER); } #ifdef HAVE_ECC int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) { + WOLFSSL_ENTER("wolfSSL_CTX_SetMinEccKey_Sz"); if (ctx == NULL || keySz < 0 || keySz % 8 != 0) { WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null"); return BAD_FUNC_ARG; @@ -2947,6 +2673,7 @@ int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz) { + WOLFSSL_ENTER("wolfSSL_SetMinEccKey_Sz"); if (ssl == NULL || keySz < 0 || keySz % 8 != 0) { WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null"); return BAD_FUNC_ARG; @@ -2986,138 +2713,6 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz) #ifndef NO_DH -#ifdef OPENSSL_EXTRA -long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) -{ - int pSz, gSz; - byte *p, *g; - int ret = 0; - - WOLFSSL_ENTER("wolfSSL_set_tmp_dh"); - - if (!ssl || !dh) - return BAD_FUNC_ARG; - - /* Get needed size for p and g */ - pSz = wolfSSL_BN_bn2bin(dh->p, NULL); - gSz = wolfSSL_BN_bn2bin(dh->g, NULL); - - if (pSz <= 0 || gSz <= 0) - return -1; - - p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (!p) - return MEMORY_E; - - g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (!g) { - XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - return MEMORY_E; - } - - pSz = wolfSSL_BN_bn2bin(dh->p, p); - gSz = wolfSSL_BN_bn2bin(dh->g, g); - - if (pSz >= 0 && gSz >= 0) /* Conversion successful */ - ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); - - XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - - return pSz > 0 && gSz > 0 ? ret : -1; -} -#endif /* OPENSSL_EXTRA */ - -/* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ -int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, - const unsigned char* g, int gSz) -{ - WOLFSSL_ENTER("wolfSSL_SetTmpDH"); - - if (ssl == NULL || p == NULL || g == NULL) - return BAD_FUNC_ARG; - - if ((word16)pSz < ssl->options.minDhKeySz) - return DH_KEY_SIZE_E; - if ((word16)pSz > ssl->options.maxDhKeySz) - return DH_KEY_SIZE_E; - - /* this function is for server only */ - if (ssl->options.side == WOLFSSL_CLIENT_END) - return SIDE_ERROR; - - #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) - ssl->options.dhKeyTested = 0; - ssl->options.dhDoKeyTest = 1; - #endif - - if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ssl->buffers.serverDH_P.buffer = NULL; - } - if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ssl->buffers.serverDH_G.buffer = NULL; - } - - ssl->buffers.weOwnDH = 1; /* SSL owns now */ - ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (ssl->buffers.serverDH_P.buffer == NULL) - return MEMORY_E; - - ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (ssl->buffers.serverDH_G.buffer == NULL) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ssl->buffers.serverDH_P.buffer = NULL; - return MEMORY_E; - } - - ssl->buffers.serverDH_P.length = pSz; - ssl->buffers.serverDH_G.length = gSz; - - XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz); - XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz); - - ssl->options.haveDH = 1; - - if (ssl->options.side != WOLFSSL_NEITHER_END) { - word16 havePSK; - word16 haveRSA; - int keySz = 0; - int ret; - - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #else - havePSK = 0; - #endif - #ifdef NO_RSA - haveRSA = 0; - #else - haveRSA = 1; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif - ret = AllocateSuites(ssl); - if (ret != 0) - return ret; - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); - } - - WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); - - return WOLFSSL_SUCCESS; -} - - #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) /* Enables or disables the session's DH key prime test. */ @@ -3138,82 +2733,6 @@ int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable) } #endif - -/* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ -int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, - const unsigned char* g, int gSz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH"); - if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; - - if ((word16)pSz < ctx->minDhKeySz) - return DH_KEY_SIZE_E; - if ((word16)pSz > ctx->maxDhKeySz) - return DH_KEY_SIZE_E; - - #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) - { - WC_RNG rng; - int error, freeKey = 0; - #ifdef WOLFSSL_SMALL_STACK - DhKey *checkKey = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); - if (checkKey == NULL) - return MEMORY_E; - #else - DhKey checkKey[1]; - #endif - - error = wc_InitRng(&rng); - if (!error) - error = wc_InitDhKey(checkKey); - if (!error) { - freeKey = 1; - error = wc_DhSetCheckKey(checkKey, - p, pSz, g, gSz, NULL, 0, 0, &rng); - } - if (freeKey) - wc_FreeDhKey(checkKey); - #ifdef WOLFSSL_SMALL_STACK - XFREE(checkKey, NULL, DYNAMIC_TYPE_DH); - #endif - wc_FreeRng(&rng); - if (error) - return error; - - ctx->dhKeyTested = 1; - } - #endif - - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ctx->serverDH_P.buffer = NULL; - XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ctx->serverDH_G.buffer = NULL; - - ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (ctx->serverDH_P.buffer == NULL) - return MEMORY_E; - - ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (ctx->serverDH_G.buffer == NULL) { - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ctx->serverDH_P.buffer = NULL; - return MEMORY_E; - } - - ctx->serverDH_P.length = pSz; - ctx->serverDH_G.length = gSz; - - XMEMCPY(ctx->serverDH_P.buffer, p, pSz); - XMEMCPY(ctx->serverDH_G.buffer, g, gSz); - - ctx->haveDH = 1; - - WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0); - return WOLFSSL_SUCCESS; -} - - int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits) { if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0) @@ -3552,7 +3071,7 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data) *data = NULL; if (ssl && ssl->extensions) - return TLSX_SNI_GetRequest(ssl->extensions, type, data); + return TLSX_SNI_GetRequest(ssl->extensions, type, data, 0); return 0; } @@ -3753,11 +3272,11 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_FFDHE_6144: case WOLFSSL_FFDHE_8192: -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER case WOLFSSL_KYBER_LEVEL1: case WOLFSSL_KYBER_LEVEL3: case WOLFSSL_KYBER_LEVEL5: - #ifdef HAVE_LIBOQS + #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) case WOLFSSL_P256_KYBER_LEVEL1: case WOLFSSL_P384_KYBER_LEVEL3: case WOLFSSL_P521_KYBER_LEVEL5: @@ -3797,7 +3316,7 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name) #endif /* NO_TLS */ } -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) +#if defined(OPENSSL_EXTRA) int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups, int count) { @@ -3815,7 +3334,7 @@ int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups, #ifdef HAVE_ECC else { /* groups may be populated with curve NIDs */ - int oid = nid2oid(groups[i], oidCurveType); + int oid = (int)nid2oid(groups[i], oidCurveType); int name = (int)GetCurveByOID(oid); if (name == 0) { WOLFSSL_MSG("Invalid group name"); @@ -3850,7 +3369,7 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count) #ifdef HAVE_ECC else { /* groups may be populated with curve NIDs */ - int oid = nid2oid(groups[i], oidCurveType); + int oid = (int)nid2oid(groups[i], oidCurveType); int name = (int)GetCurveByOID(oid); if (name == 0) { WOLFSSL_MSG("Invalid group name"); @@ -3868,7 +3387,7 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count) return wolfSSL_set_groups(ssl, _groups, count) == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } -#endif /* OPENSSL_EXTRA && WOLFSSL_TLS13 */ +#endif /* OPENSSL_EXTRA */ #endif /* HAVE_SUPPORTED_CURVES */ /* Application-Layer Protocol Negotiation */ @@ -3909,7 +3428,8 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, return MEMORY_ERROR; } - token = (char **)XMALLOC(sizeof(char *) * (WOLFSSL_MAX_ALPN_NUMBER+1), ssl->heap, DYNAMIC_TYPE_ALPN); + token = (char **)XMALLOC(sizeof(char *) * (WOLFSSL_MAX_ALPN_NUMBER+1), + ssl->heap, DYNAMIC_TYPE_ALPN); if (token == NULL) { XFREE(list, ssl->heap, DYNAMIC_TYPE_ALPN); WOLFSSL_MSG("Memory failure"); @@ -4015,12 +3535,14 @@ int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list) /* user is forcing ability to use secure renegotiation, we discourage it */ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); #if defined(NO_TLS) (void)ssl; #else if (ssl) ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap); + else + ret = BAD_FUNC_ARG; if (ret == WOLFSSL_SUCCESS) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO); @@ -4342,7 +3864,8 @@ int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf, } } else { /* Ticket requires dynamic ticket storage */ - if (ssl->session->ticketLen < bufSz) { /* is dyn buffer big enough */ + /* is dyn buffer big enough */ + if (ssl->session->ticketLen < bufSz) { if (ssl->session->ticketLenAlloc > 0) { XFREE(ssl->session->ticket, ssl->session->heap, DYNAMIC_TYPE_SESSION_TICK); @@ -4455,6 +3978,25 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags) } #endif +int wolfSSL_SendUserCanceled(WOLFSSL* ssl) +{ + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_recv"); + + if (ssl != NULL) { + ssl->error = SendAlert(ssl, alert_warning, user_canceled); + if (ssl->error < 0) { + WOLFSSL_ERROR(ssl->error); + } + else { + ret = wolfSSL_shutdown(ssl); + } + } + + WOLFSSL_LEAVE("wolfSSL_SendUserCanceled", ret); + + return ret; +} /* WOLFSSL_SUCCESS on ok */ WOLFSSL_ABI @@ -4502,13 +4044,14 @@ int wolfSSL_shutdown(WOLFSSL* ssl) /* call wolfSSL_shutdown again for bidirectional shutdown */ if (ssl->options.sentNotify && !ssl->options.closeNotify) { ret = ProcessReply(ssl); - if ((ret == ZERO_RETURN) || (ret == SOCKET_ERROR_E)) { + if ((ret == ZERO_RETURN) || + (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))) { /* simulate OpenSSL behavior */ ssl->options.shutdownDone = 1; /* Clear error */ ssl->error = WOLFSSL_ERROR_NONE; ret = WOLFSSL_SUCCESS; - } else if (ret == MEMORY_E) { + } else if (ret == WC_NO_ERR_TRACE(MEMORY_E)) { ret = WOLFSSL_FATAL_ERROR; } else if (ssl->error == WOLFSSL_ERROR_NONE) { ret = WOLFSSL_SHUTDOWN_NOT_DONE; @@ -4566,14 +4109,10 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret) else if (ssl->error == ZERO_RETURN || ssl->options.shutdownDone) return WOLFSSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */ #ifdef OPENSSL_EXTRA - else if (ssl->error == SOCKET_PEER_CLOSED_E) + else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E)) return WOLFSSL_ERROR_SYSCALL; /* convert to OpenSSL type */ #endif -#if defined(WOLFSSL_HAPROXY) - return GetX509Error(ssl->error); -#else - return (ssl->error); -#endif + return ssl->error; } @@ -5712,14 +5251,15 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) #endif XMEMCPY(peerCert->subjectNameHash, cert->subjectHash, SIGNER_DIGEST_SIZE); - peerCert->next = NULL; /* If Key Usage not set, all uses valid. */ + /* If Key Usage not set, all uses valid. */ + peerCert->next = NULL; cert->subjectCN = 0; #ifndef IGNORE_NAME_CONSTRAINTS cert->permittedNames = NULL; cert->excludedNames = NULL; #endif - row = TrustedPeerHashSigner(peerCert->subjectNameHash); + row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash); if (wc_LockMutex(&cm->tpLock) == 0) { peerCert->next = cm->tpTable[row]; @@ -5748,6 +5288,38 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) } #endif /* WOLFSSL_TRUST_PEER_CERT */ +int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s) +{ + byte* subjectHash; + Signer* signers; + word32 row; + + if (cm == NULL || s == NULL) + return BAD_FUNC_ARG; + +#ifndef NO_SKID + subjectHash = s->subjectKeyIdHash; +#else + subjectHash = s->subjectNameHash; +#endif + + if (AlreadySigner(cm, subjectHash)) { + FreeSigner(s, cm->heap); + return 0; + } + + row = HashSigner(subjectHash); + + if (wc_LockMutex(&cm->caLock) != 0) + return BAD_MUTEX_E; + + signers = cm->caTable[row]; + s->next = signers; + cm->caTable[row] = s; + + wc_UnLockMutex(&cm->caLock); + return 0; +} /* owns der, internal now uses too */ /* type flag ids from user or from chain received during verify @@ -5782,6 +5354,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif InitDecodedCert(cert, der->buffer, der->length, cm->heap); + +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (cm->unknownExtCallback != NULL) { + wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); + } +#endif + ret = ParseCert(cert, CA_TYPE, verify, cm); WOLFSSL_MSG("\tParsed new CA"); @@ -5833,7 +5412,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } break; #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: if (cm->minFalconKeySz < 0 || @@ -5873,7 +5451,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } break; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ default: WOLFSSL_MSG("\tNo key size check done on CA"); @@ -5904,73 +5481,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) if (!signer) ret = MEMORY_ERROR; } -#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL) - if (ret == 0 && signer != NULL) - ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash); -#endif - if (ret == 0 && signer != NULL) { - #ifdef WOLFSSL_SIGNER_DER_CERT - ret = AllocDer(&signer->derCert, der->length, der->type, NULL); - } if (ret == 0 && signer != NULL) { - XMEMCPY(signer->derCert->buffer, der->buffer, der->length); - #endif - signer->keyOID = cert->keyOID; - if (cert->pubKeyStored) { - signer->publicKey = cert->publicKey; - signer->pubKeySize = cert->pubKeySize; - } - -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (cert->extSapkiSet && cert->sapkiLen > 0) { - /* Allocated space for alternative public key. */ - signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cm->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (signer->sapkiDer == NULL) { - ret = MEMORY_E; - } - else { - XMEMCPY(signer->sapkiDer, cert->sapkiDer, cert->sapkiLen); - signer->sapkiLen = cert->sapkiLen; - signer->sapkiOID = cert->sapkiOID; - } - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - - if (cert->subjectCNStored) { - signer->nameLen = cert->subjectCNLen; - signer->name = cert->subjectCN; - } - signer->maxPathLen = cert->maxPathLen; - signer->selfSigned = cert->selfSigned; - #ifndef IGNORE_NAME_CONSTRAINTS - signer->permittedNames = cert->permittedNames; - signer->excludedNames = cert->excludedNames; - #endif - #ifndef NO_SKID - XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId, - SIGNER_DIGEST_SIZE); - #endif - XMEMCPY(signer->subjectNameHash, cert->subjectHash, - SIGNER_DIGEST_SIZE); - #if defined(HAVE_OCSP) || defined(HAVE_CRL) - XMEMCPY(signer->issuerNameHash, cert->issuerHash, - SIGNER_DIGEST_SIZE); - #endif - #ifdef HAVE_OCSP - XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash, - KEYID_SIZE); - #endif - signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage - : 0xFFFF; - signer->next = NULL; /* If Key Usage not set, all uses valid. */ - cert->publicKey = 0; /* in case lock fails don't free here. */ - cert->subjectCN = 0; - #ifndef IGNORE_NAME_CONSTRAINTS - cert->permittedNames = NULL; - cert->excludedNames = NULL; - #endif - signer->type = (byte)type; + ret = FillSigner(signer, cert, type, der); #ifndef NO_SKID row = HashSigner(signer->subjectKeyIdHash); @@ -5978,7 +5490,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) row = HashSigner(signer->subjectNameHash); #endif - if (wc_LockMutex(&cm->caLock) == 0) { + + if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { signer->next = cm->caTable[row]; cm->caTable[row] = signer; /* takes ownership */ wc_UnLockMutex(&cm->caLock); @@ -6032,191 +5545,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif /* !NO_CERTS */ -#ifndef NO_SESSION_CACHE - - /* basic config gives a cache with 33 sessions, adequate for clients and - embedded servers - - TITAN_SESSION_CACHE allows just over 2 million sessions, for servers - with titanic amounts of memory with long session ID timeouts and high - levels of traffic. - - ENABLE_SESSION_CACHE_ROW_LOCK: Allows row level locking for increased - performance with large session caches - - HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load, - allows over 13,000 new sessions per minute or over 200 new sessions per - second - - BIG_SESSION_CACHE yields 20,027 sessions - - MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that - aren't under heavy load, basically allows 200 new sessions per minute - - SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients - or systems where the default of is too much RAM. - SessionCache takes about 2K, ClientCache takes about 3Kbytes - - MICRO_SESSION_CACHE only stores 1 session, good for embedded clients - or systems where memory is at a premium. - SessionCache takes about 400 bytes, ClientCache takes 576 bytes - - default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined) - SessionCache takes about 13K bytes, ClientCache takes 17K bytes - */ - #if defined(TITAN_SESSION_CACHE) - #define SESSIONS_PER_ROW 31 - #define SESSION_ROWS 64937 - #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - #define ENABLE_SESSION_CACHE_ROW_LOCK - #endif - #elif defined(HUGE_SESSION_CACHE) - #define SESSIONS_PER_ROW 11 - #define SESSION_ROWS 5981 - #elif defined(BIG_SESSION_CACHE) - #define SESSIONS_PER_ROW 7 - #define SESSION_ROWS 2861 - #elif defined(MEDIUM_SESSION_CACHE) - #define SESSIONS_PER_ROW 5 - #define SESSION_ROWS 211 - #elif defined(SMALL_SESSION_CACHE) - #define SESSIONS_PER_ROW 2 - #define SESSION_ROWS 3 - #elif defined(MICRO_SESSION_CACHE) - #define SESSIONS_PER_ROW 1 - #define SESSION_ROWS 1 - #else - #define SESSIONS_PER_ROW 3 - #define SESSION_ROWS 11 - #endif - #define INVALID_SESSION_ROW (-1) - - #ifdef NO_SESSION_CACHE_ROW_LOCK - #undef ENABLE_SESSION_CACHE_ROW_LOCK - #endif - - typedef struct SessionRow { - int nextIdx; /* where to place next one */ - int totalCount; /* sessions ever on this row */ -#ifdef SESSION_CACHE_DYNAMIC_MEM - WOLFSSL_SESSION* Sessions[SESSIONS_PER_ROW]; - void* heap; -#else - WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW]; -#endif - - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - /* not included in import/export */ - wolfSSL_RwLock row_lock; - int lock_valid; - #endif - } SessionRow; - #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2)) - - static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS]; - - #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) - static WOLFSSL_GLOBAL word32 PeakSessions; - #endif - - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&(row)->row_lock) - #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) - #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); - #else - static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ - static WOLFSSL_GLOBAL int session_lock_valid = 0; - #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) - #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) - #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); - #endif - - #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE) - #error ClientCache is required when not using NO_SESSION_CACHE_REF - #endif - - #ifndef NO_CLIENT_CACHE - - #ifndef CLIENT_SESSIONS_MULTIPLIER - #ifdef NO_SESSION_CACHE_REF - #define CLIENT_SESSIONS_MULTIPLIER 1 - #else - /* ClientSession objects are lightweight (compared to - * WOLFSSL_SESSION) so to decrease chance that user will reuse - * the wrong session, increase the ClientCache size. This will - * make the entire ClientCache about the size of one - * WOLFSSL_SESSION object. */ - #define CLIENT_SESSIONS_MULTIPLIER 8 - #endif - #endif - #define CLIENT_SESSIONS_PER_ROW \ - (SESSIONS_PER_ROW * CLIENT_SESSIONS_MULTIPLIER) - #define CLIENT_SESSION_ROWS (SESSION_ROWS * CLIENT_SESSIONS_MULTIPLIER) - - #if CLIENT_SESSIONS_PER_ROW > 65535 - #error CLIENT_SESSIONS_PER_ROW too big - #endif - #if CLIENT_SESSION_ROWS > 65535 - #error CLIENT_SESSION_ROWS too big - #endif - - struct ClientSession { - word16 serverRow; /* SessionCache Row id */ - word16 serverIdx; /* SessionCache Idx (column) */ - word32 sessionIDHash; - }; - #ifndef WOLFSSL_CLIENT_SESSION_DEFINED - typedef struct ClientSession ClientSession; - #define WOLFSSL_CLIENT_SESSION_DEFINED - #endif - - typedef struct ClientRow { - int nextIdx; /* where to place next one */ - int totalCount; /* sessions ever on this row */ - ClientSession Clients[CLIENT_SESSIONS_PER_ROW]; - } ClientRow; - - static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS]; - /* Client Cache */ - /* uses session mutex */ - - static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex); /* ClientCache mutex */ - #ifndef WOLFSSL_MUTEX_INITIALIZER - static WOLFSSL_GLOBAL int clisession_mutex_valid = 0; - #endif - #endif /* !NO_CLIENT_CACHE */ - - void EvictSessionFromCache(WOLFSSL_SESSION* session) - { -#ifdef HAVE_EX_DATA - int save_ownExData = session->ownExData; - session->ownExData = 1; /* Make sure ex_data access doesn't lead back - * into the cache. */ -#endif -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - if (session->rem_sess_cb != NULL) { - session->rem_sess_cb(NULL, session); - session->rem_sess_cb = NULL; - } -#endif - ForceZero(session->masterSecret, SECRET_LEN); - XMEMSET(session->sessionID, 0, ID_LEN); - session->sessionIDSz = 0; -#ifdef HAVE_SESSION_TICKET - if (session->ticketLenAlloc > 0) { - XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); - session->ticket = session->staticTicket; - session->ticketLen = 0; - session->ticketLenAlloc = 0; - } -#endif -#ifdef HAVE_EX_DATA - session->ownExData = save_ownExData; -#endif - } - -#endif /* !NO_SESSION_CACHE */ - #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int wolfSSL_RAND_InitMutex(void); #endif @@ -6258,13 +5586,13 @@ int wolfSSL_Init(void) return BAD_MUTEX_E; } - #if FIPS_VERSION_GE(5,1) +#if FIPS_VERSION_GE(5,1) if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) { ret = wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL); if (ret == 0) ret = WOLFSSL_SUCCESS; } - #endif +#endif if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) { /* Initialize crypto for use with TLS connection */ @@ -6354,11 +5682,13 @@ int wolfSSL_Init(void) if (ret == WOLFSSL_SUCCESS) { initRefCount++; } + else { + initRefCount = 1; /* Force cleanup */ + } wc_UnLockMutex(&inits_count_mutex); if (ret != WOLFSSL_SUCCESS) { - initRefCount = 1; /* Force cleanup */ (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */ } @@ -6366,30421 +5696,18993 @@ int wolfSSL_Init(void) } +#define WOLFSSL_SSL_LOAD_INCLUDED +#include + #ifndef NO_CERTS -/* process user cert chain to pass during the handshake */ -static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff, - long sz, int format, int type, WOLFSSL* ssl, - long* used, EncryptedInfo* info, int verify) +#ifdef HAVE_CRL + +int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, + long sz, int type) { - int ret = 0; - void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer"); - if ((type == CA_TYPE) && (ctx == NULL)) { - WOLFSSL_MSG("Need context for CA load"); + if (ctx == NULL) return BAD_FUNC_ARG; - } - - /* we may have a user cert chain, try to consume */ - if ((type == CERT_TYPE || type == CHAIN_CERT_TYPE || type == CA_TYPE) && - (info->consumed < sz)) { - #ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ - #else - byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ - #endif - byte* chainBuffer = staticBuffer; - int dynamicBuffer = 0; - word32 bufferSz; - long consumed = info->consumed; - word32 idx = 0; - int gotOne = 0; - #ifdef WOLFSSL_TLS13 - int cnt = 0; - #endif - - /* Calculate max possible size, including max headers */ - bufferSz = (word32)(sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH); - if (bufferSz > sizeof(staticBuffer)) { - WOLFSSL_MSG("Growing Tmp Chain Buffer"); - /* will shrink to actual size */ - chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE); - if (chainBuffer == NULL) { - return MEMORY_E; - } - dynamicBuffer = 1; - } - WOLFSSL_MSG("Processing Cert Chain"); - while (consumed < sz) { - DerBuffer* part = NULL; - word32 remain = (word32)(sz - consumed); - info->consumed = 0; - - if (format == WOLFSSL_FILETYPE_PEM) { - #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff + consumed, remain, type, &part, - heap, info, NULL); - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - int length = remain; - if (format == WOLFSSL_FILETYPE_ASN1) { - /* get length of der (read sequence) */ - word32 inOutIdx = 0; - if (GetSequence(buff + consumed, &inOutIdx, &length, - remain) < 0) { - ret = ASN_NO_PEM_HEADER; - } - length += inOutIdx; /* include leading sequence */ - } - info->consumed = length; - if (ret == 0) { - ret = AllocDer(&part, length, type, heap); - if (ret == 0) { - XMEMCPY(part->buffer, buff + consumed, length); - } - } - } - if (ret == 0) { - gotOne = 1; -#ifdef WOLFSSL_TLS13 - cnt++; -#endif - if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) { - WOLFSSL_MSG(" Cert Chain bigger than buffer. " - "Consider increasing MAX_CHAIN_DEPTH"); - ret = BUFFER_E; - } - else { - c32to24(part->length, &chainBuffer[idx]); - idx += CERT_HEADER_SZ; - XMEMCPY(&chainBuffer[idx], part->buffer, part->length); - idx += part->length; - consumed += info->consumed; - if (used) - *used += info->consumed; - } + return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type); +} - /* add CA's to certificate manager */ - if (ret == 0 && type == CA_TYPE) { - /* verify CA unless user set to no verify */ - ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, verify); - if (ret == WOLFSSL_SUCCESS) { - ret = 0; /* converted success case */ - } - gotOne = 0; /* don't exit loop for CA type */ - } - } - FreeDer(&part); +int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, + long sz, int type) +{ + WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer"); - if (ret == ASN_NO_PEM_HEADER && gotOne) { - WOLFSSL_MSG("We got one good cert, so stuff at end ok"); - break; - } + if (ssl == NULL || ssl->ctx == NULL) + return BAD_FUNC_ARG; - if (ret < 0) { - WOLFSSL_MSG(" Error in Cert in Chain"); - if (dynamicBuffer) - XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); - return ret; - } - WOLFSSL_MSG(" Consumed another Cert in Chain"); - } - WOLFSSL_MSG("Finished Processing Cert Chain"); + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type); +} - /* only retain actual size used */ - ret = 0; - if (idx > 0) { - if (ssl) { - if (ssl->buffers.weOwnCertChain) { - FreeDer(&ssl->buffers.certChain); - } - ret = AllocDer(&ssl->buffers.certChain, idx, type, heap); - if (ret == 0) { - XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, - idx); - ssl->buffers.weOwnCertChain = 1; - } - #ifdef WOLFSSL_TLS13 - ssl->buffers.certChainCnt = cnt; - #endif - } else if (ctx) { - FreeDer(&ctx->certChain); - ret = AllocDer(&ctx->certChain, idx, type, heap); - if (ret == 0) { - XMEMCPY(ctx->certChain->buffer, chainBuffer, idx); - } - #ifdef WOLFSSL_TLS13 - ctx->certChainCnt = cnt; - #endif - } - } +#endif /* HAVE_CRL */ - if (dynamicBuffer) - XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); +#ifdef HAVE_OCSP +int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) +{ + WOLFSSL_ENTER("wolfSSL_EnableOCSP"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); } - - return ret; + else + return BAD_FUNC_ARG; } -#ifndef NO_RSA -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) -static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - int devId, int type) +int wolfSSL_DisableOCSP(WOLFSSL* ssl) { - int ret; + WOLFSSL_ENTER("wolfSSL_DisableOCSP"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} - (void)devId; - (void)type; - *idx = 0; - ret = wc_RsaPrivateKeyValidate(der->buffer, idx, keySz, der->length); -#ifdef WOLF_PRIVATE_KEY_ID - if ((ret != 0) && (devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) : - wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - #endif - )) { - word32 nSz; +int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} - /* if using crypto or PK callbacks, try public key decode */ - *idx = 0; - ret = wc_RsaPublicKeyDecode_ex(der->buffer, idx, der->length, NULL, - &nSz, NULL, NULL); - if (ret == 0) { - *keySz = (int)nSz; - } +int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); } -#endif - if (ret != 0) { - #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \ - !defined(HAVE_ED448) && !defined(HAVE_PQC) - WOLFSSL_MSG("RSA decode failed and other algorithms " - "not enabled to try"); - ret = WOLFSSL_BAD_FILE; - #else - if (*keyFormat == 0) { - /* Format unknown so keep trying. */ - ret = 0; /* continue trying other algorithms */ - } - #endif + else + return BAD_FUNC_ARG; +} + +int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); } - else { - /* check that the size of the RSA key is enough */ - int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz; - if (*keySz < minRsaSz) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Private Key size too small"); - } - - if (ssl) { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ssl->buffers.altKeyType = rsa_sa_algo; - ssl->buffers.altKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ssl->buffers.keyType = rsa_sa_algo; - ssl->buffers.keySz = *keySz; - } - } - else { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ctx->altPrivateKeyType = rsa_sa_algo; - ctx->altPrivateKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ctx->privateKeyType = rsa_sa_algo; - ctx->privateKeySz = *keySz; - } - } + else + return BAD_FUNC_ARG; +} - *keyFormat = RSAk; - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { - ssl->options.haveStaticECC = 0; - *resetSuites = 1; - } +int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, + CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ + return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), + ioCb, respFreeCb, NULL); } - - return ret; + else + return BAD_FUNC_ARG; } -#else -static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int devId, int type) -{ - int ret; - (void)type; - - /* make sure RSA key can be used */ -#ifdef WOLFSSL_SMALL_STACK - RsaKey* key; -#else - RsaKey key[1]; -#endif +int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP"); + if (ctx) + return wolfSSL_CertManagerEnableOCSP(ctx->cm, options); + else + return BAD_FUNC_ARG; +} -#ifdef WOLFSSL_SMALL_STACK - key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key == NULL) - return MEMORY_E; -#endif - ret = wc_InitRsaKey_ex(key, heap, devId); - if (ret == 0) { - *idx = 0; - ret = wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length); - #ifdef WOLF_PRIVATE_KEY_ID - if (ret != 0 && (devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) : - wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - #endif - )) { - /* if using crypto or PK callbacks, try public key decode */ - *idx = 0; - ret = wc_RsaPublicKeyDecode(der->buffer, idx, key, der->length); - } - #endif - if (ret != 0) { - #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \ - !defined(HAVE_ED448) && !defined(HAVE_PQC) - WOLFSSL_MSG("RSA decode failed and other algorithms " - "not enabled to try"); - ret = WOLFSSL_BAD_FILE; - #else - if (*keyFormat == 0) { - /* Format unknown so keep trying. */ - ret = 0; /* continue trying other algorithms */ - } - #endif - } - else { - /* check that the size of the RSA key is enough */ - int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz; - *keySz = wc_RsaEncryptSize((RsaKey*)key); - if (*keySz < minRsaSz) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Private Key size too small"); - } +int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP"); + if (ctx) + return wolfSSL_CertManagerDisableOCSP(ctx->cm); + else + return BAD_FUNC_ARG; +} - if (ssl) { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ssl->buffers.altKeyType = rsa_sa_algo; - ssl->buffers.altKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ssl->buffers.keyType = rsa_sa_algo; - ssl->buffers.keySz = *keySz; - } - } - else { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ctx->altPrivateKeyType = rsa_sa_algo; - ctx->altPrivateKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ctx->privateKeyType = rsa_sa_algo; - ctx->privateKeySz = *keySz; - } - } - *keyFormat = RSAk; +int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); + if (ctx) + return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url); + else + return BAD_FUNC_ARG; +} - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { - ssl->options.haveStaticECC = 0; - *resetSuites = 1; - } - } - wc_FreeRsaKey(key); - } +int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, + CbOCSPRespFree respFreeCb, void* ioCbCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb"); + if (ctx) + return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, + respFreeCb, ioCbCtx); + else + return BAD_FUNC_ARG; +} -#ifdef WOLFSSL_SMALL_STACK - XFREE(key, heap, DYNAMIC_TYPE_RSA); -#endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; +} - return ret; +int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; } -#endif -#endif /* !NO_RSA */ -#ifdef HAVE_ECC -static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int devId, int type) +int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx) { - int ret = 0; - /* make sure ECC key can be used */ -#ifdef WOLFSSL_SMALL_STACK - ecc_key* key; -#else - ecc_key key[1]; -#endif + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm); + else + return BAD_FUNC_ARG; +} - (void)type; +int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple"); + if (ctx) + return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm); + else + return BAD_FUNC_ARG; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \ + * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ -#ifdef WOLFSSL_SMALL_STACK - key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC); - if (key == NULL) - return MEMORY_E; -#endif +#endif /* HAVE_OCSP */ - if (wc_ecc_init_ex(key, heap, devId) == 0) { - *idx = 0; - ret = wc_EccPrivateKeyDecode(der->buffer, idx, key, der->length); - #ifdef WOLF_PRIVATE_KEY_ID - if (ret != 0 && (devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) : - wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - #endif - )) { - /* if using crypto or PK callbacks, try public key decode */ - *idx = 0; - ret = wc_EccPublicKeyDecode(der->buffer, idx, key, der->length); - } - #endif - if (ret == 0) { - /* check for minimum ECC key size and then free */ - int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; - *keySz = wc_ecc_size(key); - if (*keySz < minKeySz) { - WOLFSSL_MSG("ECC private key too small"); - ret = ECC_KEY_SIZE_E; - } +#ifdef HAVE_CRL - *keyFormat = ECDSAk; - if (ssl) { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ssl->buffers.altKeyType = ecc_dsa_sa_algo; - ssl->buffers.altKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ssl->options.haveStaticECC = 1; - #ifdef WOLFSSL_SM2 - if (key->dp->id == ECC_SM2P256V1) - ssl->buffers.keyType = sm2_sa_algo; - else - #endif - ssl->buffers.keyType = ecc_dsa_sa_algo; - ssl->buffers.keySz = *keySz; - } - } - else { - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - ctx->altPrivateKeyType = ecc_dsa_sa_algo; - ctx->altPrivateKeySz = *keySz; - } - else - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - ctx->haveStaticECC = 1; - #ifdef WOLFSSL_SM2 - if (key->dp->id == ECC_SM2P256V1) - ctx->privateKeyType = sm2_sa_algo; - else - #endif - ctx->privateKeyType = ecc_dsa_sa_algo; - ctx->privateKeySz = *keySz; - } - } +int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) +{ + WOLFSSL_ENTER("wolfSSL_EnableCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); + } + else + return BAD_FUNC_ARG; +} - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { - *resetSuites = 1; - } - } - else if (*keyFormat == 0) { - ret = 0; /* continue trying other algorithms */ - } - wc_ecc_free(key); +int wolfSSL_DisableCRL(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_DisableCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(key, heap, DYNAMIC_TYPE_ECC); -#endif - return ret; + else + return BAD_FUNC_ARG; } -#endif /* HAVE_ECC */ -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) -static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int devId) +#ifndef NO_FILESYSTEM +int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) { - int ret; - /* make sure Ed25519 key can be used */ -#ifdef WOLFSSL_SMALL_STACK - ed25519_key* key; -#else - ed25519_key key[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, - DYNAMIC_TYPE_ED25519); - if (key == NULL) - return MEMORY_E; -#endif - - ret = wc_ed25519_init_ex(key, heap, devId); - if (ret == 0) { - *idx = 0; - ret = wc_Ed25519PrivateKeyDecode(der->buffer, idx, key, der->length); - #ifdef WOLF_PRIVATE_KEY_ID - if (ret != 0 && (devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) : - wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - #endif - )) { - /* if using crypto or PK callbacks, try public key decode */ - *idx = 0; - ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length); - } - #endif - if (ret == 0) { - /* check for minimum key size and then free */ - int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; - *keySz = ED25519_KEY_SIZE; - if (*keySz < minKeySz) { - WOLFSSL_MSG("ED25519 private key too small"); - ret = ECC_KEY_SIZE_E; - } - if (ret == 0) { - if (ssl) { - ssl->buffers.keyType = ed25519_sa_algo; - ssl->buffers.keySz = *keySz; - } - else { - ctx->privateKeyType = ed25519_sa_algo; - ctx->privateKeySz = *keySz; - } - - *keyFormat = ED25519k; - if (ssl != NULL) { -#if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED25519_CLIENT_AUTH) - /* ED25519 requires caching enabled for tracking message - * hash used in EdDSA_Update for signing */ - ssl->options.cacheMessages = 1; -#endif - if (ssl->options.side == WOLFSSL_SERVER_END) { - *resetSuites = 1; - } - } - } - } - else if (*keyFormat == 0) { - ret = 0; /* continue trying other algorithms */ - } - - wc_ed25519_free(key); + WOLFSSL_ENTER("wolfSSL_LoadCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(key, heap, DYNAMIC_TYPE_ED25519); -#endif - return ret; + else + return BAD_FUNC_ARG; } -#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) -static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int devId) +int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) { - int ret; - /* make sure Ed448 key can be used */ -#ifdef WOLFSSL_SMALL_STACK - ed448_key* key = NULL; -#else - ed448_key key[1]; + WOLFSSL_ENTER("wolfSSL_LoadCRLFile"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); + } + else + return BAD_FUNC_ARG; +} #endif -#ifdef WOLFSSL_SMALL_STACK - key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448); - if (key == NULL) - return MEMORY_E; -#endif - - ret = wc_ed448_init_ex(key, heap, devId); - if (ret == 0) { - *idx = 0; - ret = wc_Ed448PrivateKeyDecode(der->buffer, idx, key, der->length); - #ifdef WOLF_PRIVATE_KEY_ID - if (ret != 0 && (devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) : - wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - #endif - )) { - /* if using crypto or PK callbacks, try public key decode */ - *idx = 0; - ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, der->length); - } - #endif - if (ret == 0) { - /* check for minimum key size and then free */ - int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; - *keySz = ED448_KEY_SIZE; - if (*keySz < minKeySz) { - WOLFSSL_MSG("ED448 private key too small"); - ret = ECC_KEY_SIZE_E; - } - } - if (ret == 0) { - if (ssl) { - ssl->buffers.keyType = ed448_sa_algo; - ssl->buffers.keySz = *keySz; - } - else if (ctx) { - ctx->privateKeyType = ed448_sa_algo; - ctx->privateKeySz = *keySz; - } - - *keyFormat = ED448k; - if (ssl != NULL) { - /* ED448 requires caching enabled for tracking message - * hash used in EdDSA_Update for signing */ - ssl->options.cacheMessages = 1; - if (ssl->options.side == WOLFSSL_SERVER_END) { - *resetSuites = 1; - } - } - } - else if (*keyFormat == 0) { - ret = 0; /* continue trying other algorithms */ - } - - wc_ed448_free(key); +int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) +{ + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(key, heap, DYNAMIC_TYPE_ED448); -#endif - return ret; + else + return BAD_FUNC_ARG; } -#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ -#if defined(HAVE_PQC) -#if defined(HAVE_FALCON) -static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int type) +#ifdef HAVE_CRL_IO +int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) { - int ret; - /* make sure Falcon key can be used */ - falcon_key* key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, - DYNAMIC_TYPE_FALCON); - (void) type; - if (key == NULL) { - return MEMORY_E; - } - ret = wc_falcon_init(key); - if (ret == 0) { - if (*keyFormat == FALCON_LEVEL1k) { - ret = wc_falcon_set_level(key, 1); - } - else if (*keyFormat == FALCON_LEVEL5k) { - ret = wc_falcon_set_level(key, 5); - } - else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - wc_falcon_free(key); - ret = ALGO_ID_E; - } - } - - if (ret == 0) { - *idx = 0; - ret = wc_falcon_import_private_only(der->buffer, der->length, key); - if (ret == 0) { - /* check for minimum key size and then free */ - int minKeySz = ssl ? ssl->options.minFalconKeySz : - ctx->minFalconKeySz; - *keySz = wc_falcon_size(key); - if (*keySz < minKeySz) { - WOLFSSL_MSG("Falcon private key too small"); - ret = FALCON_KEY_SIZE_E; - } - if (ssl) { -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - if (*keyFormat == FALCON_LEVEL1k) { - ssl->buffers.altKeyType = falcon_level1_sa_algo; - } - else { - ssl->buffers.altKeyType = falcon_level5_sa_algo; - } - ssl->buffers.altKeySz = *keySz; - } - else -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - if (*keyFormat == FALCON_LEVEL1k) { - ssl->buffers.keyType = falcon_level1_sa_algo; - } - else { - ssl->buffers.keyType = falcon_level5_sa_algo; - } - ssl->buffers.keySz = *keySz; - } - } - else { -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - if (*keyFormat == FALCON_LEVEL1k) { - ctx->altPrivateKeyType = falcon_level1_sa_algo; - } - else { - ctx->altPrivateKeyType = falcon_level5_sa_algo; - } - ctx->altPrivateKeySz = *keySz; - } - else -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - if (*keyFormat == FALCON_LEVEL1k) { - ctx->privateKeyType = falcon_level1_sa_algo; - } - else { - ctx->privateKeyType = falcon_level5_sa_algo; - } - ctx->privateKeySz = *keySz; - } - } - - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { - *resetSuites = 1; - } - } - else if (*keyFormat == 0) { - ret = 0; /* continue trying other algorithms */ - } - - wc_falcon_free(key); + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb); } - XFREE(key, heap, DYNAMIC_TYPE_FALCON); - return ret; + else + return BAD_FUNC_ARG; } #endif -#if defined(HAVE_DILITHIUM) -static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int type) +int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options) { - int ret; - /* make sure Dilithium key can be used */ - dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, - DYNAMIC_TYPE_DILITHIUM); - (void) type; - if (key == NULL) { - return MEMORY_E; - } - ret = wc_dilithium_init(key); - if (ret == 0) { - if (*keyFormat == DILITHIUM_LEVEL2k) { - ret = wc_dilithium_set_level(key, 2); - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - ret = wc_dilithium_set_level(key, 3); - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - ret = wc_dilithium_set_level(key, 5); - } - else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - wc_dilithium_free(key); - ret = ALGO_ID_E; - } - } + WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL"); + if (ctx) + return wolfSSL_CertManagerEnableCRL(ctx->cm, options); + else + return BAD_FUNC_ARG; +} - if (ret == 0) { - *idx = 0; - ret = wc_dilithium_import_private_only(der->buffer, der->length, key); - if (ret == 0) { - /* check for minimum key size and then free */ - int minKeySz = ssl ? ssl->options.minDilithiumKeySz : - ctx->minDilithiumKeySz; - *keySz = wc_dilithium_size(key); - if (*keySz < minKeySz) { - WOLFSSL_MSG("Dilithium private key too small"); - ret = DILITHIUM_KEY_SIZE_E; - } - if (ssl) { -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - if (*keyFormat == DILITHIUM_LEVEL2k) { - ssl->buffers.altKeyType = dilithium_level2_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - ssl->buffers.altKeyType = dilithium_level3_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - ssl->buffers.altKeyType = dilithium_level5_sa_algo; - } - ssl->buffers.altKeySz = *keySz; - } - else -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - if (*keyFormat == DILITHIUM_LEVEL2k) { - ssl->buffers.keyType = dilithium_level2_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - ssl->buffers.keyType = dilithium_level3_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - ssl->buffers.keyType = dilithium_level5_sa_algo; - } - ssl->buffers.keySz = *keySz; - } - } - else { -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (type == ALT_PRIVATEKEY_TYPE) { - if (*keyFormat == DILITHIUM_LEVEL2k) { - ctx->altPrivateKeyType = dilithium_level2_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - ctx->altPrivateKeyType = dilithium_level3_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - ctx->altPrivateKeyType = dilithium_level5_sa_algo; - } - ctx->altPrivateKeySz = *keySz; - } - else -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - { - if (*keyFormat == DILITHIUM_LEVEL2k) { - ctx->privateKeyType = dilithium_level2_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - ctx->privateKeyType = dilithium_level3_sa_algo; - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - ctx->privateKeyType = dilithium_level5_sa_algo; - } - ctx->privateKeySz = *keySz; - } - } - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { - *resetSuites = 1; - } - } - else if (*keyFormat == 0) { - ret = 0; /* continue trying other algorithms */ - } +int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL"); + if (ctx) + return wolfSSL_CertManagerDisableCRL(ctx->cm); + else + return BAD_FUNC_ARG; +} - wc_dilithium_free(key); - } - XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); - return ret; +#ifndef NO_FILESYSTEM +int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, + int type, int monitor) +{ + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); + if (ctx) + return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); + else + return BAD_FUNC_ARG; } -#endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ -static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat, - void* heap, int devId, int type) +int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file, + int type) { - int ret = 0; + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); + if (ctx) + return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type); + else + return BAD_FUNC_ARG; +} +#endif - (void)heap; - (void)devId; - (void)type; - if (ctx == NULL && ssl == NULL) - return BAD_FUNC_ARG; - if (!der || !keySz || !idx || !resetSuites || !keyFormat) +int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb); + else return BAD_FUNC_ARG; - -#ifndef NO_RSA - if ((*keyFormat == 0 || *keyFormat == RSAk)) { -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keySz, idx, resetSuites, - keyFormat, devId, type); -#else - ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keySz, idx, resetSuites, - keyFormat, heap, devId, type); -#endif - if (ret != 0) - return ret; - } -#endif -#ifdef HAVE_ECC - if ((*keyFormat == 0) || (*keyFormat == ECDSAk) - #ifdef WOLFSSL_SM2 - || (*keyFormat == SM2k) - #endif - ) { - ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keySz, idx, resetSuites, - keyFormat, heap, devId, type); - if (ret != 0) - return ret; - } -#endif /* HAVE_ECC */ -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) - if ((*keyFormat == 0 || *keyFormat == ED25519k)) { - ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keySz, idx, - resetSuites, keyFormat, heap, devId); - if (ret != 0) - return ret; - } -#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) - if ((*keyFormat == 0 || *keyFormat == ED448k)) { - ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keySz, idx, - resetSuites, keyFormat, heap, devId); - if (ret != 0) - return ret; - } -#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ -#if defined(HAVE_PQC) -#if defined(HAVE_FALCON) - if (((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) || - (*keyFormat == FALCON_LEVEL5k))) { - ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keySz, idx, - resetSuites, keyFormat, heap, type); - if (ret != 0) - return ret; - } -#endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) - if ((*keyFormat == 0) || - (*keyFormat == DILITHIUM_LEVEL2k) || - (*keyFormat == DILITHIUM_LEVEL3k) || - (*keyFormat == DILITHIUM_LEVEL5k)) { - ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keySz, idx, - resetSuites, keyFormat, heap, type); - if (ret != 0) { - return ret; - } - } -#endif /* HAVE_DILITHIUM */ -#endif /* HAVE_PQC */ - return ret; } -/* process the buffer buff, length sz, into ctx of format and type - used tracks bytes consumed, userChain specifies a user cert chain - to pass during the handshake */ -int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, - long sz, int format, int type, WOLFSSL* ssl, - long* used, int userChain, int verify) -{ - DerBuffer* der = NULL; - int ret = 0; - int done = 0; - int keyFormat = 0; - int resetSuites = 0; - void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); - int devId = wolfSSL_CTX_GetDevId(ctx, ssl); - word32 idx = 0; - int keySz = 0; -#if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \ - defined(HAVE_PKCS8) - word32 algId = 0; -#endif -#ifdef WOLFSSL_SMALL_STACK - EncryptedInfo* info = NULL; -#else - EncryptedInfo info[1]; +#ifdef HAVE_CRL_IO +int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb); + else + return BAD_FUNC_ARG; +} #endif - (void)devId; - (void)idx; - (void)keySz; - if (used) - *used = sz; /* used bytes default to sz, PEM chain may shorten*/ +#endif /* HAVE_CRL */ - /* check args */ - if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM) - return WOLFSSL_BAD_FILETYPE; - if (ctx == NULL && ssl == NULL) - return BAD_FUNC_ARG; +/* Sets the max chain depth when verifying a certificate chain. Default depth + * is set to MAX_CHAIN_DEPTH. + * + * ctx WOLFSSL_CTX structure to set depth in + * depth max depth + */ +void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { + WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); - /* This API does not handle CHAIN_CERT_TYPE */ - if (type == CHAIN_CERT_TYPE) - return BAD_FUNC_ARG; + if (ctx == NULL || depth < 0 || depth > MAX_CHAIN_DEPTH) { + WOLFSSL_MSG("Bad depth argument, too large or less than 0"); + return; + } -#ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap, - DYNAMIC_TYPE_ENCRYPTEDINFO); - if (info == NULL) - return MEMORY_E; -#endif + ctx->verifyDepth = (byte)depth; +} - XMEMSET(info, 0, sizeof(EncryptedInfo)); -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) - if (ctx) { - info->passwd_cb = ctx->passwd_cb; - info->passwd_userdata = ctx->passwd_userdata; + +/* get cert chaining depth using ssl struct */ +long wolfSSL_get_verify_depth(WOLFSSL* ssl) +{ + if(ssl == NULL) { + return BAD_FUNC_ARG; } +#ifndef OPENSSL_EXTRA + return MAX_CHAIN_DEPTH; +#else + return ssl->options.verifyDepth; #endif +} - if (format == WOLFSSL_FILETYPE_PEM) { - #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat); - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - /* ASN1 (DER) */ - int length = (int)sz; - word32 inOutIdx = 0; - /* get length of der (read sequence or octet string) */ - if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) { - length += inOutIdx; /* include leading sequence */ - } - /* get length using octet string (allowed for private key types) */ - else if (type == PRIVATEKEY_TYPE && - GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) { - length += inOutIdx; /* include leading oct string */ - } - else { - ret = ASN_PARSE_E; - } - info->consumed = length; +/* get cert chaining depth using ctx struct */ +long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } +#ifndef OPENSSL_EXTRA + return MAX_CHAIN_DEPTH; +#else + return ctx->verifyDepth; +#endif +} - if (ret == 0) { - ret = AllocDer(&der, (word32)length, type, heap); - if (ret == 0) { - XMEMCPY(der->buffer, buff, length); - } +#ifndef NO_CHECK_PRIVATE_KEY - #ifdef HAVE_PKCS8 - /* if private key try and remove PKCS8 header */ - if (ret == 0 && type == PRIVATEKEY_TYPE) { - if ((ret = ToTraditional_ex(der->buffer, der->length, - &algId)) > 0) { - /* Found PKCS8 header */ - /* ToTraditional_ex moves buff and returns adjusted length */ - der->length = ret; - keyFormat = algId; - } - ret = 0; /* failures should be ignored */ - } - #endif - } - } +#ifdef WOLF_PRIVATE_KEY_ID +/* Check private against public in certificate for match using external + * device with given devId */ +static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, + const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId) +{ + int ret = 0; + int type = 0; + void *pkey = NULL; - if (used) { - *used = info->consumed; + if (privKey == NULL) { + return MISSING_KEY; } - /* process user chain */ - if (ret >= 0) { - /* Chain should have server cert first, then intermediates, then root. - * First certificate in chain is processed below after ProcessUserChain - * and is loaded into ssl->buffers.certificate. - * Remainder are processed using ProcessUserChain and are loaded into - * ssl->buffers.certChain. */ - if (userChain) { - ret = ProcessUserChain(ctx, buff, sz, format, CHAIN_CERT_TYPE, ssl, - used, info, verify); - if (ret == ASN_NO_PEM_HEADER) { /* Additional chain is optional */ - unsigned long pemErr = 0; - CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr); - ret = 0; - } - } +#ifndef NO_RSA + if (keyOID == RSAk) { + type = DYNAMIC_TYPE_RSA; } - - /* info is only used for private key with DER or PEM, so free now */ - if (ret < 0 || type != PRIVATEKEY_TYPE) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif +#ifdef WC_RSA_PSS + if (keyOID == RSAPSSk) { + type = DYNAMIC_TYPE_RSA; } - - /* check for error */ - if (ret < 0) { - FreeDer(&der); - done = 1; +#endif +#endif +#ifdef HAVE_ECC + if (keyOID == ECDSAk) { + type = DYNAMIC_TYPE_ECC; } - - if (done == 1) { - /* No operation, just skip the next section */ +#endif +#if defined(HAVE_DILITHIUM) + if ((keyOID == DILITHIUM_LEVEL2k) || + (keyOID == DILITHIUM_LEVEL3k) || + (keyOID == DILITHIUM_LEVEL5k)) { + type = DYNAMIC_TYPE_DILITHIUM; } - /* Handle DER owner */ - else if (type == CA_TYPE) { - if (ctx == NULL) { - WOLFSSL_MSG("Need context for CA load"); - FreeDer(&der); - return BAD_FUNC_ARG; - } - /* verify CA unless user set to no verify */ - ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify); - done = 1; +#endif +#if defined(HAVE_FALCON) + if ((keyOID == FALCON_LEVEL1k) || + (keyOID == FALCON_LEVEL5k)) { + type = DYNAMIC_TYPE_FALCON; } -#ifdef WOLFSSL_TRUST_PEER_CERT - else if (type == TRUSTED_PEER_TYPE) { - /* add trusted peer cert. der is freed within */ - if (ctx != NULL) - ret = AddTrustedPeer(ctx->cm, &der, verify); - else { - SSL_CM_WARNING(ssl); - ret = AddTrustedPeer(SSL_CM(ssl), &der, verify); +#endif + + ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, + heap, devId); + #ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef NO_RSA + if (keyOID == RSAk + #ifdef WC_RSA_PSS + || keyOID == RSAPSSk + #endif + ) { + ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz); } - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error adding trusted peer"); + #endif + #ifdef HAVE_ECC + if (keyOID == ECDSAk) { + ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, pubSz); } - done = 1; - } -#endif /* WOLFSSL_TRUST_PEER_CERT */ - else if (type == CERT_TYPE) { - if (ssl != NULL) { - /* Make sure previous is free'd */ - if (ssl->buffers.weOwnCert) { - FreeDer(&ssl->buffers.certificate); - #ifdef KEEP_OUR_CERT - wolfSSL_X509_free(ssl->ourCert); - ssl->ourCert = NULL; - #endif - } - ssl->buffers.certificate = der; - #ifdef KEEP_OUR_CERT - ssl->keepCert = 1; /* hold cert for ssl lifetime */ #endif - ssl->buffers.weOwnCert = 1; - } - else if (ctx != NULL) { - FreeDer(&ctx->certificate); /* Make sure previous is free'd */ - #ifdef KEEP_OUR_CERT - if (ctx->ourCert) { - if (ctx->ownOurCert) - wolfSSL_X509_free(ctx->ourCert); - ctx->ourCert = NULL; - } + #if defined(HAVE_DILITHIUM) + if ((keyOID == DILITHIUM_LEVEL2k) || + (keyOID == DILITHIUM_LEVEL3k) || + (keyOID == DILITHIUM_LEVEL5k)) { + ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, + WC_PQC_SIG_TYPE_DILITHIUM, + pubKey, pubSz); + } #endif - ctx->certificate = der; + #if defined(HAVE_FALCON) + if ((keyOID == FALCON_LEVEL1k) || + (keyOID == FALCON_LEVEL5k)) { + ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, + WC_PQC_SIG_TYPE_FALCON, + pubKey, pubSz); } + #endif } - else if (type == PRIVATEKEY_TYPE) { - if (ssl != NULL) { - /* Make sure previous is free'd */ - if (ssl->buffers.weOwnKey) { - ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length); - FreeDer(&ssl->buffers.key); - } - ssl->buffers.keyId = 0; - ssl->buffers.keyLabel = 0; - ssl->buffers.keyDevId = INVALID_DEVID; - ssl->buffers.key = der; -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("SSL Buffers key", der->buffer, der->length); -#endif - ssl->buffers.weOwnKey = 1; + #else + /* devId was set, don't check, for now */ + /* TODO: Add callback for private key check? */ + (void) pubKey; + (void) pubSz; + #endif + if (pkey != NULL) { + #ifndef NO_RSA + if (keyOID == RSAk + #ifdef WC_RSA_PSS + || keyOID == RSAPSSk + #endif + ) { + wc_FreeRsaKey((RsaKey*)pkey); } - else if (ctx != NULL) { - if (ctx->privateKey != NULL && ctx->privateKey->buffer != NULL) { - ForceZero(ctx->privateKey->buffer, ctx->privateKey->length); - } - FreeDer(&ctx->privateKey); - ctx->privateKeyId = 0; - ctx->privateKeyLabel = 0; - ctx->privateKeyDevId = INVALID_DEVID; - ctx->privateKey = der; -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("CTX private key", der->buffer, der->length); -#endif + #endif + #ifdef HAVE_ECC + if (keyOID == ECDSAk) { + wc_ecc_free((ecc_key*)pkey); } - } -#ifdef WOLFSSL_DUAL_ALG_CERTS - else if (type == ALT_PRIVATEKEY_TYPE) { - if (ssl != NULL) { - /* Make sure previous is free'd */ - if (ssl->buffers.weOwnAltKey) { - ForceZero(ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length); - FreeDer(&ssl->buffers.altKey); - } - ssl->buffers.altKeyId = 0; - ssl->buffers.altKeyLabel = 0; - ssl->buffers.altKeyDevId = INVALID_DEVID; - ssl->buffers.altKey = der; -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("SSL Buffers key", der->buffer, der->length); -#endif - ssl->buffers.weOwnAltKey = 1; + #endif + #if defined(HAVE_DILITHIUM) + if ((keyOID == DILITHIUM_LEVEL2k) || + (keyOID == DILITHIUM_LEVEL3k) || + (keyOID == DILITHIUM_LEVEL5k)) { + wc_dilithium_free((dilithium_key*)pkey); } - else if (ctx != NULL) { - if (ctx->altPrivateKey != NULL && - ctx->altPrivateKey->buffer != NULL) { - ForceZero(ctx->altPrivateKey->buffer, - ctx->altPrivateKey->length); - } - FreeDer(&ctx->altPrivateKey); - ctx->altPrivateKeyId = 0; - ctx->altPrivateKeyLabel = 0; - ctx->altPrivateKeyDevId = INVALID_DEVID; - ctx->altPrivateKey = der; -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("CTX private key", der->buffer, der->length); -#endif + #endif + #if defined(HAVE_FALCON) + if ((keyOID == FALCON_LEVEL1k) || + (keyOID == FALCON_LEVEL5k)) { + wc_falcon_free((falcon_key*)pkey); } - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - else { - FreeDer(&der); - return WOLFSSL_BAD_CERTTYPE; + #endif + XFREE(pkey, heap, type); } - if (done == 1) { - /* No operation, just skip the next section */ - } - else if (type == PRIVATEKEY_TYPE -#ifdef WOLFSSL_DUAL_ALG_CERTS - || type == ALT_PRIVATEKEY_TYPE -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - ) { - ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites, - &keyFormat, heap, devId, type); - - #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) - /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */ - /* If private key type PKCS8 header wasn't already removed (algoId == 0) */ - if ((ret != 0 || keyFormat == 0) - && format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0) - { - int passwordSz = NAME_SZ; - #ifndef WOLFSSL_SMALL_STACK - char password[NAME_SZ]; - #else - char* password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING); - if (password == NULL) { - XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); - FreeDer(&der); - return MEMORY_E; - } - #endif - /* get password */ - ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ, - info->passwd_userdata); - if (ret >= 0) { - passwordSz = ret; - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("ProcessBuffer password", password, passwordSz); - #endif + return ret; +} +#endif /* WOLF_PRIVATE_KEY_ID */ - /* PKCS8 decrypt */ - ret = ToTraditionalEnc(der->buffer, der->length, - password, passwordSz, &algId); - if (ret >= 0) { - ForceZero(der->buffer + ret, der->length - ret); - der->length = ret; - } - /* ignore failures and try parsing as unencrypted */ +/* Check private against public in certificate for match + * + * Returns WOLFSSL_SUCCESS on good private key + * WOLFSSL_FAILURE if mismatched */ +static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, + void* heap, int devId, int isKeyLabel, int isKeyId, int altDevId, + int isAltKeyLabel, int isAltKeyId) +{ +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* der = NULL; +#else + DecodedCert der[1]; +#endif + word32 size; + byte* buff; + int ret = WOLFSSL_FAILURE; - ForceZero(password, passwordSz); - } + WOLFSSL_ENTER("check_cert_key"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(password, heap, DYNAMIC_TYPE_STRING); - #elif defined(WOLFSSL_CHECK_MEM_ZERO) - wc_MemZero_Check(password, NAME_SZ); - #endif - ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, - &resetSuites, &keyFormat, heap, devId, type); - } - #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ + if (cert == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } - if (ret != 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - return ret; - } - if (keyFormat == 0) { -#ifdef OPENSSL_EXTRA - /* Reaching this point probably means that the - * decryption password is wrong */ - if (info->passwd_cb) - EVPerr(0, EVP_R_BAD_DECRYPT); +#ifdef WOLFSSL_SMALL_STACK + der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_DCERT); + if (der == NULL) + return MEMORY_E; #endif - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - WOLFSSL_ERROR(WOLFSSL_BAD_FILE); - return WOLFSSL_BAD_FILE; - } + size = cert->length; + buff = cert->buffer; + InitDecodedCert_ex(der, buff, size, heap, devId); + if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { + FreeDecodedCert(der); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); + XFREE(der, heap, DYNAMIC_TYPE_DCERT); #endif - - (void)devId; + return WOLFSSL_FAILURE; } - else if (type == CERT_TYPE) { - #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert; - #else - DecodedCert cert[1]; - #endif - int keyType = 0; - - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, - DYNAMIC_TYPE_DCERT); - if (cert == NULL) - return MEMORY_E; - #endif - - WOLFSSL_MSG("Checking cert signature type"); - InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId); - if (DecodeToKey(cert, 0) < 0) { - WOLFSSL_MSG("Decode to key failed"); - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, heap, DYNAMIC_TYPE_DCERT); - #endif - return WOLFSSL_BAD_FILE; + size = key->length; + buff = key->buffer; +#ifdef WOLF_PRIVATE_KEY_ID + if (devId != INVALID_DEVID) { + ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey, + der->pubKeySize, isKeyLabel, isKeyId, heap, + devId); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } -#if defined(HAVE_RPK) - if (ssl) { - ssl->options.rpkState.isRPKLoaded = 0; - if (cert->isRPK) { - ssl->options.rpkState.isRPKLoaded = 1; - } - } - else if (ctx) { - ctx->rpkState.isRPKLoaded = 0; - if (cert->isRPK) { - ctx->rpkState.isRPKLoaded = 1; - } - } -#endif /* HAVE_RPK */ + } + else { + /* fall through if unavailable */ + ret = CRYPTOCB_UNAVAILABLE; + } - if (ssl) { - if (ssl->options.side == WOLFSSL_SERVER_END) - resetSuites = 1; - } - else if (ctx && ctx->method->side == WOLFSSL_SERVER_END) { - resetSuites = 1; - } - if (ssl && ssl->ctx->haveECDSAsig) { - WOLFSSL_MSG("SSL layer setting cert, CTX had ECDSA, turning off"); - ssl->options.haveECDSAsig = 0; /* may turn back on next */ - } + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) +#endif /* WOLF_PRIVATE_KEY_ID */ + { + ret = wc_CheckPrivateKeyCert(buff, size, der, 0); + ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; + } - switch (cert->signatureOID) { - case CTC_SHAwECDSA: - case CTC_SHA256wECDSA: - case CTC_SHA384wECDSA: - case CTC_SHA512wECDSA: - case CTC_ED25519: - case CTC_ED448: - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - case CTC_SM3wSM2: - #endif - WOLFSSL_MSG("ECDSA/ED25519/ED448 cert signature"); - if (ssl) - ssl->options.haveECDSAsig = 1; - else if (ctx) - ctx->haveECDSAsig = 1; - break; - case CTC_FALCON_LEVEL1: - case CTC_FALCON_LEVEL5: - WOLFSSL_MSG("Falcon cert signature"); - if (ssl) - ssl->options.haveFalconSig = 1; - else if (ctx) - ctx->haveFalconSig = 1; - break; - case CTC_DILITHIUM_LEVEL2: - case CTC_DILITHIUM_LEVEL3: - case CTC_DILITHIUM_LEVEL5: - WOLFSSL_MSG("Dilithium cert signature"); - if (ssl) - ssl->options.haveDilithiumSig = 1; - else if (ctx) - ctx->haveDilithiumSig = 1; - break; - default: - WOLFSSL_MSG("Not ECDSA cert signature"); - break; +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (ret == WOLFSSL_SUCCESS && der->extSapkiSet && der->sapkiDer != NULL) { + /* Certificate contains an alternative public key. Hence, we also + * need an alternative private key. */ + if (altKey == NULL) { + ret = MISSING_KEY; + buff = NULL; + size = 0; } - - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - (defined(HAVE_PQC) && defined(HAVE_LIBOQS)) || !defined(NO_RSA) - if (ssl) { - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - (defined(HAVE_CURVE448) && defined(HAVE_ED448)) - ssl->pkCurveOID = cert->pkCurveOID; - #endif - #ifndef WC_STRICT_SIG - if (cert->keyOID == ECDSAk) { - ssl->options.haveECC = 1; - } - #ifndef NO_RSA - else if (cert->keyOID == RSAk) { - ssl->options.haveRSA = 1; - } - #ifdef WC_RSA_PSS - else if (cert->keyOID == RSAPSSk) { - ssl->options.haveRSA = 1; + else { + size = altKey->length; + buff = altKey->buffer; + } +#ifdef WOLF_PRIVATE_KEY_ID + if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) { + /* We have to decode the public key first */ + word32 idx = 0; + /* Dilithium has the largest public key at the moment */ + word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (decodedPubKey == NULL) { + ret = MEMORY_E; } - #endif - #endif - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - else if (cert->keyOID == SM2k) { - ssl->options.haveECC = 1; - } - #endif - #ifdef HAVE_ED25519 - else if (cert->keyOID == ED25519k) { - ssl->options.haveECC = 1; - } - #endif - #ifdef HAVE_ED448 - else if (cert->keyOID == ED448k) { - ssl->options.haveECC = 1; - } - #endif - #ifdef HAVE_PQC - #ifdef HAVE_FALCON - else if (cert->keyOID == FALCON_LEVEL1k || - cert->keyOID == FALCON_LEVEL5k) { - ssl->options.haveFalconSig = 1; + if (ret == WOLFSSL_SUCCESS) { + if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) { + /* Simply copy the data */ + XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); + pubKeyLen = der->sapkiLen; + ret = 0; } - #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM - else if (cert->keyOID == DILITHIUM_LEVEL2k || - cert->keyOID == DILITHIUM_LEVEL3k || - cert->keyOID == DILITHIUM_LEVEL5k) { - ssl->options.haveDilithiumSig = 1; + else { + ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, + der->sapkiLen, decodedPubKey, + &pubKeyLen, der->sapkiOID); } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ - #else - ssl->options.haveECC = ssl->options.haveECDSAsig; - #endif - } - else if (ctx) { - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) - ctx->pkCurveOID = cert->pkCurveOID; - #endif - #ifndef WC_STRICT_SIG - if (cert->keyOID == ECDSAk) { - ctx->haveECC = 1; - } - #ifndef NO_RSA - else if (cert->keyOID == RSAk) { - ctx->haveRSA = 1; } - #ifdef WC_RSA_PSS - else if (cert->keyOID == RSAPSSk) { - ctx->haveRSA = 1; + if (ret == 0) { + ret = check_cert_key_dev(der->sapkiOID, buff, size, + decodedPubKey, pubKeyLen, + isAltKeyLabel, isAltKeyId, + heap, altDevId); } - #endif - #endif - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - else if (cert->keyOID == SM2k) { - ctx->haveECC = 1; + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } - #endif - #ifdef HAVE_ED25519 - else if (cert->keyOID == ED25519k) { - ctx->haveECC = 1; - } - #endif - #ifdef HAVE_ED448 - else if (cert->keyOID == ED448k) { - ctx->haveECC = 1; - } - #endif - #ifdef HAVE_PQC - #ifdef HAVE_FALCON - else if (cert->keyOID == FALCON_LEVEL1k || - cert->keyOID == FALCON_LEVEL5k) { - ctx->haveFalconSig = 1; - } - #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM - else if (cert->keyOID == DILITHIUM_LEVEL2k || - cert->keyOID == DILITHIUM_LEVEL3k || - cert->keyOID == DILITHIUM_LEVEL5k) { - ctx->haveDilithiumSig = 1; - } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ - #else - ctx->haveECC = ctx->haveECDSAsig; - #endif } - #endif - - /* check key size of cert unless specified not to */ - switch (cert->keyOID) { - #ifndef NO_RSA - #ifdef WC_RSA_PSS - case RSAPSSk: - #endif - case RSAk: - keyType = rsa_sa_algo; - /* Determine RSA key size by parsing public key */ - idx = 0; - ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx, - cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL); - if (ret < 0) - break; - - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minRsaKeySz < 0 || - keySz < (int)ssl->options.minRsaKeySz || - keySz > (RSA_MAX_SIZE / 8)) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Certificate RSA key size too small"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minRsaKeySz < 0 || - keySz < (int)ctx->minRsaKeySz || - keySz > (RSA_MAX_SIZE / 8)) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Certificate RSA key size too small"); - } - } - break; - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - keyType = ecc_dsa_sa_algo; - /* Determine ECC key size based on curve */ - #ifdef WOLFSSL_CUSTOM_CURVES - if (cert->pkCurveOID == 0 && cert->pkCurveSize != 0) { - keySz = cert->pkCurveSize * 8; - } - else - #endif - { - keySz = wc_ecc_get_curve_size_from_id( - wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL)); - } - - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ECC */ - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - case SM2k: - keyType = sm2_sa_algo; - /* Determine ECC key size based on curve */ - keySz = wc_ecc_get_curve_size_from_id( - wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL)); - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED25519 - case ED25519k: - keyType = ed25519_sa_algo; - /* ED25519 is fixed key size */ - keySz = ED25519_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED448 - case ED448k: - keyType = ed448_sa_algo; - /* ED448 is fixed key size */ - keySz = ED448_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) - case FALCON_LEVEL1k: - keyType = falcon_level1_sa_algo; - /* Falcon is fixed key size */ - keySz = FALCON_LEVEL1_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minFalconKeySz < 0 || - keySz < (int)ssl->options.minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minFalconKeySz < 0 || - keySz < (int)ctx->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - break; - case FALCON_LEVEL5k: - keyType = falcon_level5_sa_algo; - /* Falcon is fixed key size */ - keySz = FALCON_LEVEL5_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minFalconKeySz < 0 || - keySz < (int)ssl->options.minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minFalconKeySz < 0 || - keySz < (int)ctx->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - break; - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) - case DILITHIUM_LEVEL2k: - keyType = dilithium_level2_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL2_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - case DILITHIUM_LEVEL3k: - keyType = dilithium_level3_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL3_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - case DILITHIUM_LEVEL5k: - keyType = dilithium_level5_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL5_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + else { + /* fall through if unavailable */ + ret = CRYPTOCB_UNAVAILABLE; + } - default: - WOLFSSL_MSG("No key size check done on certificate"); - break; /* do no check if not a case for the key */ + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) +#endif /* WOLF_PRIVATE_KEY_ID */ + { + ret = wc_CheckPrivateKeyCert(buff, size, der, 1); + ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } + } +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + FreeDecodedCert(der); +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, heap, DYNAMIC_TYPE_DCERT); +#endif - if (ssl != NULL) { - ssl->buffers.keyType = (byte)keyType; - ssl->buffers.keySz = keySz; - } - else if (ctx != NULL) { - ctx->privateKeyType = (byte)keyType; - ctx->privateKeySz = keySz; - } - - #ifdef WOLFSSL_DUAL_ALG_CERTS - keyType = 0; - keySz = 0; - /* check alternative key size of cert */ - switch (cert->sapkiOID) { - case 0: - if (cert->sapkiLen != 0) - ret = NOT_COMPILED_IN; - break; - #ifndef NO_RSA - #ifdef WC_RSA_PSS - case RSAPSSk: - #endif - case RSAk: - keyType = rsa_sa_algo; - /* Determine RSA key size by parsing public key */ - idx = 0; - ret = wc_RsaPublicKeyDecode_ex(cert->sapkiDer, &idx, - cert->sapkiLen, NULL, (word32*)&keySz, NULL, NULL); - if (ret < 0) - break; + (void)devId; + (void)isKeyLabel; + (void)isKeyId; + (void)altKey; + (void)altDevId; + (void)isAltKeyLabel; + (void)isAltKeyId; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minRsaKeySz < 0 || - keySz < (int)ssl->options.minRsaKeySz || - keySz > (RSA_MAX_SIZE / 8)) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Certificate RSA key size too small"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minRsaKeySz < 0 || - keySz < (int)ctx->minRsaKeySz || - keySz > (RSA_MAX_SIZE / 8)) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG("Certificate RSA key size too small"); - } - } - break; - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - { - #ifdef WOLFSSL_SMALL_STACK - ecc_key* temp_key = NULL; - #else - ecc_key temp_key[1]; - #endif - keyType = ecc_dsa_sa_algo; + return ret; +} - #ifdef WOLFSSL_SMALL_STACK - temp_key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, - DYNAMIC_TYPE_ECC); - if (temp_key == NULL) - ret = MEMORY_E; - #endif +/* Check private against public in certificate for match + * + * ctx WOLFSSL_CTX structure to check private key in + * + * Returns WOLFSSL_SUCCESS on good private key + * WOLFSSL_FAILURE if mismatched. */ +int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) +{ + int res; - /* Determine ECC key size. We have to decode the sapki for - * that. */ - if (ret == 0) { - ret = wc_ecc_init_ex(temp_key, heap, INVALID_DEVID); - } - if (ret == 0) { - idx = 0; - ret = wc_EccPublicKeyDecode(cert->sapkiDer, &idx, temp_key, - cert->sapkiLen); - } - if (ret == 0) { - keySz = wc_ecc_size(temp_key); - } - wc_ecc_free(temp_key); - #ifdef WOLFSSL_SMALL_STACK - XFREE(temp_key, heap, DYNAMIC_TYPE_ECC); - #endif + if (ctx == NULL) { + return WOLFSSL_FAILURE; + } - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - } - #endif /* HAVE_ECC */ - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - case SM2k: - keyType = sm2_sa_algo; - /* Determine ECC key size based on curve */ - keySz = wc_ecc_get_curve_size_from_id( - wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL)); - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED25519 - case ED25519k: - keyType = ed25519_sa_algo; - /* ED25519 is fixed key size */ - keySz = ED25519_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED448 - case ED448k: - keyType = ed448_sa_algo; - /* ED448 is fixed key size */ - keySz = ED448_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minEccKeySz < 0 || - keySz < (int)ssl->options.minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Ed key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minEccKeySz < 0 || - keySz < (int)ctx->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("Certificate ECC key size error"); - } - } - break; - #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) - case FALCON_LEVEL1k: - keyType = falcon_level1_sa_algo; - /* Falcon is fixed key size */ - keySz = FALCON_LEVEL1_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minFalconKeySz < 0 || - keySz < (int)ssl->options.minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minFalconKeySz < 0 || - keySz < (int)ctx->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - break; - case FALCON_LEVEL5k: - keyType = falcon_level5_sa_algo; - /* Falcon is fixed key size */ - keySz = FALCON_LEVEL5_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minFalconKeySz < 0 || - keySz < (int)ssl->options.minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minFalconKeySz < 0 || - keySz < (int)ctx->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Falcon key size error"); - } - } - break; - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) - case DILITHIUM_LEVEL2k: - keyType = dilithium_level2_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL2_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - case DILITHIUM_LEVEL3k: - keyType = dilithium_level3_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL3_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - case DILITHIUM_LEVEL5k: - keyType = dilithium_level5_sa_algo; - /* Dilithium is fixed key size */ - keySz = DILITHIUM_LEVEL5_KEY_SIZE; - if (ssl && !ssl->options.verifyNone) { - if (ssl->options.minDilithiumKeySz < 0 || - keySz < (int)ssl->options.minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - else if (ctx && !ctx->verifyNone) { - if (ctx->minDilithiumKeySz < 0 || - keySz < (int)ctx->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("Certificate Dilithium key size error"); - } - } - break; - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ - - default: - /* In this case, there was an OID that we didn't recognize. - * This is an error. Use not compiled in because likely the - * given algorithm was not enabled. */ - ret = NOT_COMPILED_IN; - WOLFSSL_MSG("No alt key size check done on certificate"); - break; - } - - if (ssl != NULL) { - ssl->buffers.altKeyType = (byte)keyType; - ssl->buffers.altKeySz = keySz; - } - else if (ctx != NULL) { - ctx->altPrivateKeyType = (byte)keyType; - ctx->altPrivateKeySz = keySz; +#ifdef WOLFSSL_DUAL_ALG_CERTS +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); + wolfssl_priv_der_unblind(ctx->altPrivateKey, ctx->altPrivateKeyMask); +#endif + res = check_cert_key(ctx->certificate, ctx->privateKey, ctx->altPrivateKey, + ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel, + ctx->privateKeyId, ctx->altPrivateKeyDevId, ctx->altPrivateKeyLabel, + ctx->altPrivateKeyId) != 0; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + { + int ret; + ret = wolfssl_priv_der_blind(NULL, ctx->privateKey, + (DerBuffer**)&ctx->privateKeyMask); + if (ret == 0) { + ret = wolfssl_priv_der_blind(NULL, ctx->altPrivateKey, + (DerBuffer**)&ctx->altPrivateKeyMask); } - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, heap, DYNAMIC_TYPE_DCERT); - #endif - if (ret != 0) { - done = 1; + res = WOLFSSL_FAILURE; } } - - if (done == 1) { - #if !defined(NO_WOLFSSL_CM_VERIFY) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) - if ((type == CA_TYPE) || (type == CERT_TYPE)) { - /* Call to over-ride status */ - if ((ctx != NULL) && (ctx->cm != NULL) && - (ctx->cm->verifyCallback != NULL)) { - ret = CM_VerifyBuffer_ex(ctx->cm, buff, - sz, format, (ret == WOLFSSL_SUCCESS ? 0 : ret)); - } +#endif +#else +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); +#endif + res = check_cert_key(ctx->certificate, ctx->privateKey, NULL, ctx->heap, + ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId, + INVALID_DEVID, 0, 0); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + { + int ret = wolfssl_priv_der_blind(NULL, ctx->privateKey, + (DerBuffer**)&ctx->privateKeyMask); + if (ret != 0) { + res = WOLFSSL_FAILURE; } - #endif /* NO_WOLFSSL_CM_VERIFY */ - - return ret; } +#endif +#endif + return res; +} +#endif /* !NO_CHECK_PRIVATE_KEY */ - if (ssl && resetSuites) { - word16 havePSK = 0; - word16 haveRSA = 0; +#ifdef OPENSSL_ALL +/** + * Return the private key of the WOLFSSL_CTX struct + * @return WOLFSSL_EVP_PKEY* The caller doesn *NOT*` free the returned object. + */ +WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) +{ + WOLFSSL_EVP_PKEY* res; + const unsigned char *key; + int type; - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (ssl->options.havePSK) { - havePSK = 1; - } - #endif - #ifndef NO_RSA - haveRSA = 1; - #endif - keySz = ssl->buffers.keySz; + WOLFSSL_ENTER("wolfSSL_CTX_get0_privatekey"); - if (AllocateSuites(ssl) != 0) - return WOLFSSL_FAILURE; - /* let's reset suites */ - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, - havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + if (ctx == NULL || ctx->privateKey == NULL || + ctx->privateKey->buffer == NULL) { + WOLFSSL_MSG("Bad parameter or key not set"); + return NULL; } - else if (ctx && resetSuites) { - word16 havePSK = 0; - word16 haveRSA = 0; - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (ctx->havePSK) { - havePSK = 1; - } + switch (ctx->privateKeyType) { +#ifndef NO_RSA + case rsa_sa_algo: + type = EVP_PKEY_RSA; + break; +#endif +#ifdef HAVE_ECC + case ecc_dsa_sa_algo: + type = EVP_PKEY_EC; + break; +#endif +#ifdef WOLFSSL_SM2 + case sm2_sa_algo: + type = EVP_PKEY_EC; + break; +#endif + default: + /* Other key types not supported either as ssl private keys + * or in the EVP layer */ + WOLFSSL_MSG("Unsupported key type"); + return NULL; + } + + key = ctx->privateKey->buffer; + + if (ctx->privateKeyPKey != NULL) { + res = ctx->privateKeyPKey; + } + else { + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); #endif - #ifndef NO_RSA - haveRSA = 1; + res = wolfSSL_d2i_PrivateKey(type, + (WOLFSSL_EVP_PKEY**)&ctx->privateKeyPKey, &key, + (long)ctx->privateKey->length); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); #endif - keySz = ctx->privateKeySz; - - if (AllocateCtxSuites(ctx) != 0) - return WOLFSSL_FAILURE; - /* let's reset suites */ - InitSuites(ctx->suites, ctx->method->version, keySz, haveRSA, - havePSK, ctx->haveDH, ctx->haveECDSAsig, - ctx->haveECC, TRUE, ctx->haveStaticECC, - ctx->haveFalconSig, ctx->haveDilithiumSig, -#ifdef HAVE_ANON - ctx->useAnon, -#else - FALSE, -#endif - TRUE, ctx->method->side); } - return WOLFSSL_SUCCESS; + return res; } +#endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* CA PEM file for verification, may have multiple/chain certs to process */ -static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, - long sz, int format, int type, WOLFSSL* ssl, int verify) +#if !defined(NO_RSA) +static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - long used = 0; - int ret = 0; - int gotOne = 0; - - WOLFSSL_MSG("Processing CA PEM file"); - while (used < sz) { - long consumed = 0; + WOLFSSL_EVP_PKEY* pkey; + word32 keyIdx = 0; + int isRsaKey; + int ret = 1; +#ifndef WOLFSSL_SMALL_STACK + RsaKey rsa[1]; +#else + RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + if (rsa == NULL) + return 0; +#endif - ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, - &consumed, 0, verify); + XMEMSET(rsa, 0, sizeof(RsaKey)); - if (ret == MEMORY_E) { - return ret; - } - else if (ret < 0) { -#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL) - DerBuffer* der = NULL; - EncryptedInfo info; - - WOLFSSL_MSG("Trying a CRL"); - if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info, - NULL) == 0) { - WOLFSSL_MSG(" Processed a CRL"); - wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, - der->length, WOLFSSL_FILETYPE_ASN1); - FreeDer(&der); - used += info.consumed; - continue; - } + if (wc_InitRsaKey(rsa, NULL) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return 0; + } + /* test if RSA key */ + if (priv) { + isRsaKey = + (wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); + } + else { + isRsaKey = + (wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); + } + wc_FreeRsaKey(rsa); +#ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); #endif - if (consumed > 0) { /* Made progress in file */ - WOLFSSL_ERROR(ret); - WOLFSSL_MSG("CA Parse failed, with progress in file."); - WOLFSSL_MSG("Search for other certs in file"); - } - else { - WOLFSSL_MSG("CA Parse failed, no progress in file."); - WOLFSSL_MSG("Do not continue search for other certs in file"); - break; - } + if (!isRsaKey) { + return -1; + } + + if (*out != NULL) { + pkey = *out; + } + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("RSA wolfSSL_EVP_PKEY_new error"); + return 0; } - else { - WOLFSSL_MSG(" Processed a CA"); - gotOne = 1; + } + + pkey->pkey_sz = (int)keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_RSA; + + pkey->ownRsa = 1; + pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz, + priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC); + if (pkey->rsa == NULL) { + ret = 0; } - used += consumed; } - if (gotOne) { - WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK"); - return WOLFSSL_SUCCESS; + if (ret == 1) { + *out = pkey; + } + + if ((ret == 0) && (*out == NULL)) { + wolfSSL_EVP_PKEY_free(pkey); } return ret; } +#endif /* !NO_RSA */ - -#ifdef HAVE_CRL - -int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, - long sz, int type) +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) +static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer"); + WOLFSSL_EVP_PKEY* pkey; + word32 keyIdx = 0; + int isEccKey; + int ret = 1; +#ifndef WOLFSSL_SMALL_STACK + ecc_key ecc[1]; +#else + ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, + DYNAMIC_TYPE_ECC); + if (ecc == NULL) + return 0; +#endif - if (ctx == NULL) - return BAD_FUNC_ARG; + XMEMSET(ecc, 0, sizeof(ecc_key)); - return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type); -} + if (wc_ecc_init(ecc) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + return 0; + } + if (priv) { + isEccKey = + (wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); + } + else { + isEccKey = + (wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); + } + wc_ecc_free(ecc); +#ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); +#endif -int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, - long sz, int type) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer"); + if (!isEccKey) { + return -1; + } - if (ssl == NULL || ssl->ctx == NULL) - return BAD_FUNC_ARG; + if (*out != NULL) { + pkey = *out; + } + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("ECC wolfSSL_EVP_PKEY_new error"); + return 0; + } + } - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type); -} + pkey->pkey_sz = (int)keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_EC; -#endif /* HAVE_CRL */ + pkey->ownEcc = 1; + pkey->ecc = wolfSSL_EC_KEY_new(); + if (pkey->ecc == NULL) { + ret = 0; + } + } + if ((ret == 1) && (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE + : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { + ret = 0; + } + if (ret == 1) { + *out = pkey; + } -#ifdef HAVE_OCSP -int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) -{ - WOLFSSL_ENTER("wolfSSL_EnableOCSP"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); + if ((ret == 0) && (*out == NULL)) { + wolfSSL_EVP_PKEY_free(pkey); } - else - return BAD_FUNC_ARG; + return ret; } +#endif /* HAVE_ECC && OPENSSL_EXTRA */ -int wolfSSL_DisableOCSP(WOLFSSL* ssl) +#if !defined(NO_DSA) +static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - WOLFSSL_ENTER("wolfSSL_DisableOCSP"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} + WOLFSSL_EVP_PKEY* pkey; + word32 keyIdx = 0; + int isDsaKey; + int ret = 1; +#ifndef WOLFSSL_SMALL_STACK + DsaKey dsa[1]; +#else + DsaKey *dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA); + if (dsa == NULL) + return 0; +#endif + XMEMSET(dsa, 0, sizeof(DsaKey)); -int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); + if (wc_InitDsaKey(dsa) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); + #endif + return 0; } - else - return BAD_FUNC_ARG; -} -int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); + if (priv) { + isDsaKey = + (wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) -{ - WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); + else { + isDsaKey = + (wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); } - else - return BAD_FUNC_ARG; -} + wc_FreeDsaKey(dsa); +#ifdef WOLFSSL_SMALL_STACK + XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); +#endif + /* test if DSA key */ + if (!isDsaKey) { + return -1; + } -int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, - CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) -{ - WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ - return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), - ioCb, respFreeCb, NULL); + if (*out != NULL) { + pkey = *out; + } + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("DSA wolfSSL_EVP_PKEY_new error"); + return 0; + } } - else - return BAD_FUNC_ARG; -} + pkey->pkey_sz = (int)keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_DSA; -int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP"); - if (ctx) - return wolfSSL_CertManagerEnableOCSP(ctx->cm, options); - else - return BAD_FUNC_ARG; -} + pkey->ownDsa = 1; + pkey->dsa = wolfSSL_DSA_new(); + if (pkey->dsa == NULL) { + ret = 0; + } + } + if ((ret == 1) && (wolfSSL_DSA_LoadDer_ex(pkey->dsa, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE + : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { + ret = 0; + } + if (ret == 1) { + *out = pkey; + } -int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP"); - if (ctx) - return wolfSSL_CertManagerDisableOCSP(ctx->cm); - else - return BAD_FUNC_ARG; + if ((ret == 0) && (*out == NULL)) { + wolfSSL_EVP_PKEY_free(pkey); + } + return ret; } +#endif /* NO_DSA */ - -int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url) +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) +static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); - if (ctx) - return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url); - else - return BAD_FUNC_ARG; -} + WOLFSSL_EVP_PKEY* pkey; + int isDhKey; + word32 keyIdx = 0; + int ret = 1; +#ifndef WOLFSSL_SMALL_STACK + DhKey dh[1]; +#else + DhKey *dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); + if (dh == NULL) + return 0; +#endif + XMEMSET(dh, 0, sizeof(DhKey)); -int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, - CbOCSPRespFree respFreeCb, void* ioCbCtx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb"); - if (ctx) - return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, - respFreeCb, ioCbCtx); - else - return BAD_FUNC_ARG; -} + if (wc_InitDhKey(dh) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(dh, NULL, DYNAMIC_TYPE_DH); + #endif + return 0; + } -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) -int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); - if (ctx) - return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); - else - return BAD_FUNC_ARG; -} + isDhKey = (wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0); + wc_FreeDhKey(dh); +#ifdef WOLFSSL_SMALL_STACK + XFREE(dh, NULL, DYNAMIC_TYPE_DH); +#endif -int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling"); - if (ctx) - return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm); - else - return BAD_FUNC_ARG; -} + /* test if DH key */ + if (!isDhKey) { + return -1; + } -int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple"); - if (ctx) - return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm); - else - return BAD_FUNC_ARG; -} + if (*out != NULL) { + pkey = *out; + } + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("DH wolfSSL_EVP_PKEY_new error"); + return 0; + } + } -int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple"); - if (ctx) - return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm); - else - return BAD_FUNC_ARG; -} -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + pkey->pkey_sz = (int)memSz; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + XMEMCPY(pkey->pkey.ptr, mem, memSz); + pkey->type = EVP_PKEY_DH; -#endif /* HAVE_OCSP */ + pkey->ownDh = 1; + pkey->dh = wolfSSL_DH_new(); + if (pkey->dh == NULL) { + ret = 0; + } + } -/* macro to get verify settings for AddCA */ -#define GET_VERIFY_SETTING_CTX(ctx) \ - ((ctx) && (ctx)->verifyNone ? NO_VERIFY : VERIFY) -#define GET_VERIFY_SETTING_SSL(ssl) \ - ((ssl)->options.verifyNone ? NO_VERIFY : VERIFY) + if ((ret == 1) && (wolfSSL_DH_LoadDer(pkey->dh, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz) != WOLFSSL_SUCCESS)) { + ret = 0; + } + if (ret == 1) { + *out = pkey; + } -#ifndef NO_FILESYSTEM + if ((ret == 0) && (*out == NULL)) { + wolfSSL_EVP_PKEY_free(pkey); + } + return ret; +} +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ -/* process a file with name fname into ctx of format and type - userChain specifies a user certificate chain to pass during handshake */ -int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, - WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify) +#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) +static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { -#ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ + WOLFSSL_EVP_PKEY* pkey; + word32 keyIdx = 0; + DhKey* key = NULL; + int elements; + int ret; +#ifndef WOLFSSL_SMALL_STACK + DhKey dh[1]; #else - byte staticBuffer[FILE_BUFFER_SIZE]; -#endif - byte* myBuffer = staticBuffer; - int dynamic = 0; - int ret; - long sz = 0; - XFILE file; - void* heapHint = wolfSSL_CTX_GetHeap(ctx, ssl); -#ifndef NO_CODING - const char* header = NULL; - const char* footer = NULL; + DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); + if (dh == NULL) + return 0; #endif + XMEMSET(dh, 0, sizeof(DhKey)); - (void)crl; - (void)heapHint; + /* test if DH-public key */ + if (wc_InitDhKey(dh) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(dh, NULL, DYNAMIC_TYPE_DH); +#endif + return 0; + } - if (fname == NULL) return WOLFSSL_BAD_FILE; + ret = wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz); + wc_FreeDhKey(dh); +#ifdef WOLFSSL_SMALL_STACK + XFREE(dh, NULL, DYNAMIC_TYPE_DH); +#endif - file = XFOPEN(fname, "rb"); - if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if (XFSEEK(file, 0, XSEEK_END) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; - } - sz = XFTELL(file); - if (XFSEEK(file, 0, XSEEK_SET) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; + if (ret != 0) { + return -1; } - if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) { - WOLFSSL_MSG("ProcessFile file size error"); - XFCLOSE(file); - return WOLFSSL_BAD_FILE; + if (*out != NULL) { + pkey = *out; } - - if (sz > (long)sizeof(staticBuffer)) { - WOLFSSL_MSG("Getting dynamic buffer"); - myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE); - if (myBuffer == NULL) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + return 0; } - dynamic = 1; } - if ((size_t)XFREAD(myBuffer, 1, sz, file) != (size_t)sz) - ret = WOLFSSL_BAD_FILE; - else { - /* Try to detect type by parsing cert header and footer */ - if (type == DETECT_CERT_TYPE) { -#ifndef NO_CODING - if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { - type = CA_TYPE; - } -#ifdef HAVE_CRL - else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { - type = CRL_TYPE; - } -#endif - else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { - type = CERT_TYPE; - } - else -#endif - { - WOLFSSL_MSG("Failed to detect certificate type"); - if (dynamic) - XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); - XFCLOSE(file); - return WOLFSSL_BAD_CERTTYPE; - } - } - if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE) - && format == WOLFSSL_FILETYPE_PEM) { - ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl, - verify); + ret = 1; + pkey->type = EVP_PKEY_DH; + pkey->pkey_sz = (int)memSz; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + XMEMCPY(pkey->pkey.ptr, mem, memSz); + pkey->ownDh = 1; + pkey->dh = wolfSSL_DH_new(); + if (pkey->dh == NULL) { + ret = 0; } -#ifdef HAVE_CRL - else if (type == CRL_TYPE) - ret = BufferLoadCRL(crl, myBuffer, sz, format, verify); -#endif -#ifdef WOLFSSL_DUAL_ALG_CERTS - else if (type == PRIVATEKEY_TYPE) - { - /* When support for dual algorithm certificates is enabled, the - * private key file may contain both the primary and the - * alternative private key. Hence, we have to parse both of them. - */ - long consumed = 0; + } - ret = ProcessBuffer(ctx, myBuffer, sz, format, PRIVATEKEY_TYPE, - ssl, &consumed, 0, verify); + if (ret == 1) { + key = (DhKey*)pkey->dh->internal; - if (ret == WOLFSSL_SUCCESS && consumed < sz) { - ret = ProcessBuffer(ctx, myBuffer + consumed, sz - consumed, - format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, - verify); - } + keyIdx = 0; + if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) != 0) { + ret = 0; } -#endif - else - ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL, - userChain, verify); } - XFCLOSE(file); - if (dynamic) - XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); + if (ret == 1) { + elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; + if (priv) { + elements |= ELEMENT_PRV; + } + if (SetDhExternal_ex(pkey->dh, elements) != WOLFSSL_SUCCESS ) { + ret = 0; + } + } + if (ret == 1) { + *out = pkey; + } + if ((ret == 0) && (*out == NULL)) { + wolfSSL_EVP_PKEY_free(pkey); + } return ret; } +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ -/* loads file then loads each file in path, no c_rehash */ -int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, - const char* path, word32 flags) +#ifdef HAVE_FALCON +static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - int ret = WOLFSSL_SUCCESS; -#ifndef NO_WOLFSSL_DIR - int successCount = 0; + WOLFSSL_EVP_PKEY* pkey; + int isFalcon = 0; +#ifndef WOLFSSL_SMALL_STACK + falcon_key falcon[1]; +#else + falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL, + DYNAMIC_TYPE_FALCON); + if (falcon == NULL) { + return 0; + } #endif - int verify; - WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex"); - - if (ctx == NULL || (file == NULL && path == NULL)) { - return WOLFSSL_FAILURE; + if (wc_falcon_init(falcon) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON); + #endif + return 0; } - verify = GET_VERIFY_SETTING_CTX(ctx); - if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) - verify = VERIFY_SKIP_DATE; - - if (file) { - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, - NULL, verify); -#ifndef NO_WOLFSSL_DIR - if (ret == WOLFSSL_SUCCESS) - successCount++; -#endif -#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) - ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error"); + /* test if Falcon key */ + if (priv) { + /* Try level 1 */ + isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) && + (wc_falcon_import_private_only(mem, (word32)memSz, + falcon) == 0)); + if (!isFalcon) { + /* Try level 5 */ + isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) && + (wc_falcon_import_private_only(mem, (word32)memSz, + falcon) == 0)); } -#endif } + else { + /* Try level 1 */ + isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) && + (wc_falcon_import_public(mem, (word32)memSz, falcon) == 0)); - if (ret == WOLFSSL_SUCCESS && path) { -#ifndef NO_WOLFSSL_DIR - char* name = NULL; - int fileRet; - int failCount = 0; - #ifdef WOLFSSL_SMALL_STACK - ReadDirCtx* readCtx; - readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_DIRCTX); - if (readCtx == NULL) - return MEMORY_E; - #else - ReadDirCtx readCtx[1]; - #endif - - /* try to load each regular file in path */ - fileRet = wc_ReadDirFirst(readCtx, path, &name); - while (fileRet == 0 && name) { - WOLFSSL_MSG(name); /* log file name */ - ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE, - NULL, 0, NULL, verify); - if (ret != WOLFSSL_SUCCESS) { - /* handle flags for ignoring errors, skipping expired certs or - by PEM certificate header error */ - if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) || - ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) && - (ret == ASN_NO_PEM_HEADER))) { - /* Do not fail here if a certificate fails to load, - continue to next file */ - unsigned long err = 0; - CLEAR_ASN_NO_PEM_HEADER_ERROR(err); - #if defined(WOLFSSL_QT) - ret = WOLFSSL_SUCCESS; - #endif - } - else { - WOLFSSL_ERROR(ret); - WOLFSSL_MSG("Load CA file failed, continuing"); - failCount++; - } - } - else { - #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) - ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. Ignoring" - "this error."); - } - #endif - successCount++; - } - fileRet = wc_ReadDirNext(readCtx, path, &name); - } - wc_ReadDirClose(readCtx); - - /* pass directory read failure to response code */ - if (fileRet != WC_READDIR_NOFILE) { - ret = fileRet; - #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH) - if (ret == BAD_PATH_ERROR && - flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) { - /* QSslSocket always loads certs in system folder - * when it is initialized. - * Compliant with OpenSSL when flag sets. - */ - ret = WOLFSSL_SUCCESS; - } - else { - /* qssl socket wants to know errors. */ - WOLFSSL_ERROR(ret); - } - #endif - } - /* report failure if no files were loaded or there were failures */ - else if (successCount == 0 || failCount > 0) { - /* use existing error code if exists */ - #if defined(WOLFSSL_QT) - /* compliant with OpenSSL when flag sets*/ - if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) - #endif - { - ret = WOLFSSL_FAILURE; - } - } - else { - ret = WOLFSSL_SUCCESS; + if (!isFalcon) { + /* Try level 5 */ + isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) && + (wc_falcon_import_public(mem, (word32)memSz, + falcon) == 0)); } - - #ifdef WOLFSSL_SMALL_STACK - XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX); - #endif -#else - ret = NOT_COMPILED_IN; - (void)flags; + } + wc_falcon_free(falcon); +#ifdef WOLFSSL_SMALL_STACK + XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON); #endif + + if (!isFalcon) { + return -1; } - return ret; -} + if (*out != NULL) { + pkey = *out; + } + else { + /* Create a fake Falcon EVP_PKEY. In the future, we might integrate + * Falcon into the compatibility layer. */ + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error"); + return 0; + } + } + pkey->type = EVP_PKEY_FALCON; + pkey->pkey.ptr = NULL; + pkey->pkey_sz = 0; -WOLFSSL_ABI -int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, - const char* path) -{ - int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + *out = pkey; + return 1; - return WS_RETURN_CODE(ret,WOLFSSL_FAILURE); } +#endif /* HAVE_FALCON */ -#ifdef WOLFSSL_SYS_CA_CERTS - -#ifdef USE_WINDOWS_API - -static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded) +#ifdef HAVE_DILITHIUM +static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) { - int ret = WOLFSSL_SUCCESS; - word32 i; - HANDLE handle = NULL; - PCCERT_CONTEXT certCtx = NULL; - LPCSTR storeNames[2] = {"ROOT", "CA"}; - HCRYPTPROV_LEGACY hProv = (HCRYPTPROV_LEGACY)NULL; + WOLFSSL_EVP_PKEY* pkey; + int isDilithium = 0; +#ifndef WOLFSSL_SMALL_STACK + dilithium_key dilithium[1]; +#else + dilithium_key *dilithium = (dilithium_key *) + XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM); + if (dilithium == NULL) { + return 0; + } +#endif - if (ctx == NULL || loaded == NULL) { - ret = WOLFSSL_FAILURE; + if (wc_dilithium_init(dilithium) != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); + #endif + return 0; } - for (i = 0; ret == WOLFSSL_SUCCESS && - i < sizeof(storeNames)/sizeof(*storeNames); ++i) { - handle = CertOpenSystemStoreA(hProv, storeNames[i]); - if (handle != NULL) { - while ((certCtx = CertEnumCertificatesInStore(handle, certCtx)) - != NULL) { - if (certCtx->dwCertEncodingType == X509_ASN_ENCODING) { - if (ProcessBuffer(ctx, certCtx->pbCertEncoded, - certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1, - CA_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - /* - * Set "loaded" as long as we've loaded one CA - * cert. - */ - *loaded = 1; - } - } - } + /* Test if Dilithium key. Try all levels. */ + if (priv) { + isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) && + (wc_dilithium_import_private(mem, + (word32)memSz, dilithium) == 0)); + if (!isDilithium) { + isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) && + (wc_dilithium_import_private(mem, + (word32)memSz, dilithium) == 0)); } - else { - WOLFSSL_MSG_EX("Failed to open cert store %s.", storeNames[i]); + if (!isDilithium) { + isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) && + (wc_dilithium_import_private(mem, + (word32)memSz, dilithium) == 0)); } - - if (handle != NULL && !CertCloseStore(handle, 0)) { - WOLFSSL_MSG_EX("Failed to close cert store %s.", storeNames[i]); - ret = WOLFSSL_FAILURE; + } + else { + isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) && + (wc_dilithium_import_public(mem, (word32)memSz, + dilithium) == 0)); + if (!isDilithium) { + isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) && + (wc_dilithium_import_public(mem, (word32)memSz, + dilithium) == 0)); + } + if (!isDilithium) { + isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) && + (wc_dilithium_import_public(mem, (word32)memSz, + dilithium) == 0)); } } + wc_dilithium_free(dilithium); +#ifdef WOLFSSL_SMALL_STACK + XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); +#endif - return ret; -} - -#elif defined(__APPLE__) - -#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \ - && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) -/* - * Manually obtains certificates from the system trust store and loads them - * directly into wolfSSL "the old way". - * - * As of MacOS 14.0 we are still able to use this method to access system - * certificates. Accessibility of this API is indicated by the presence of the - * Security/SecTrustSettings.h header. In the likely event that Apple removes - * access to this API on Macs, this function should be removed and the - * DoAppleNativeCertValidation() routine should be used for all devices. - */ -static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded) -{ - int ret = WOLFSSL_SUCCESS; - word32 i; - const unsigned int trustDomains[] = { - kSecTrustSettingsDomainUser, - kSecTrustSettingsDomainAdmin, - kSecTrustSettingsDomainSystem - }; - CFArrayRef certs; - OSStatus stat; - CFIndex numCerts; - CFDataRef der; - CFIndex j; - - if (ctx == NULL || loaded == NULL) { - ret = WOLFSSL_FAILURE; + if (!isDilithium) { + return -1; } - for (i = 0; ret == WOLFSSL_SUCCESS && - i < sizeof(trustDomains)/sizeof(*trustDomains); ++i) { - stat = SecTrustSettingsCopyCertificates( - (SecTrustSettingsDomain)trustDomains[i], &certs); - if (stat == errSecSuccess) { - numCerts = CFArrayGetCount(certs); - for (j = 0; j < numCerts; ++j) { - der = SecCertificateCopyData((SecCertificateRef) - CFArrayGetValueAtIndex(certs, j)); - if (der != NULL) { - if (ProcessBuffer(ctx, CFDataGetBytePtr(der), - CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1, - CA_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - /* - * Set "loaded" as long as we've loaded one CA - * cert. - */ - *loaded = 1; - } - - CFRelease(der); - } - } - - CFRelease(certs); - } - else if (stat == errSecNoTrustSettings) { - WOLFSSL_MSG_EX("No trust settings for domain %d, moving to next " - "domain.", trustDomains[i]); - } - else { - WOLFSSL_MSG_EX("SecTrustSettingsCopyCertificates failed with" - " status %d.", stat); - ret = WOLFSSL_FAILURE; - break; + if (*out != NULL) { + pkey = *out; + } + else { + /* Create a fake Dilithium EVP_PKEY. In the future, we might + * integrate Dilithium into the compatibility layer. */ + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error"); + return 0; } } + pkey->type = EVP_PKEY_DILITHIUM; + pkey->pkey.ptr = NULL; + pkey->pkey_sz = 0; - return ret; + *out = pkey; + return 1; } -#endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */ - -#else - -/* Potential system CA certs directories on Linux/Unix distros. */ -static const char* systemCaDirs[] = { -#if defined(__ANDROID__) || defined(ANDROID) - "/system/etc/security/cacerts" /* Android */ -#else - "/etc/ssl/certs", /* Debian, Ubuntu, Gentoo, others */ - "/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */ - "/etc/pki/tls/certs" /* Older RHEL */ -#endif -}; +#endif /* HAVE_DILITHIUM */ -const char** wolfSSL_get_system_CA_dirs(word32* num) +static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, + const unsigned char** in, long inSz, int priv) { - const char** ret; + WOLFSSL_EVP_PKEY* pkey = NULL; - if (num == NULL) { - ret = NULL; - } - else { - ret = systemCaDirs; - *num = sizeof(systemCaDirs)/sizeof(*systemCaDirs); + WOLFSSL_ENTER("d2iGenericKey"); + + if (in == NULL || *in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; } - return ret; -} + if ((out != NULL) && (*out != NULL)) { + pkey = *out; + } -static int LoadSystemCaCertsNix(WOLFSSL_CTX* ctx, byte* loaded) { - int ret = WOLFSSL_SUCCESS; - word32 i; +#if !defined(NO_RSA) + if (d2iTryRsaKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* NO_RSA */ +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) + if (d2iTryEccKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_ECC && OPENSSL_EXTRA */ +#if !defined(NO_DSA) + if (d2iTryDsaKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* NO_DSA */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + if (d2iTryDhKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ - if (ctx == NULL || loaded == NULL) { - ret = WOLFSSL_FAILURE; +#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + if (d2iTryAltDhKey(&pkey, *in, inSz, priv) >= 0) { + ; } + else +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ - for (i = 0; ret == WOLFSSL_SUCCESS && - i < sizeof(systemCaDirs)/sizeof(*systemCaDirs); ++i) { - WOLFSSL_MSG_EX("Attempting to load system CA certs from %s.", - systemCaDirs[i]); - /* - * We want to keep trying to load more CAs even if one cert in - * the directory is bad and can't be used (e.g. if one is expired), - * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR. - */ - if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, systemCaDirs[i], - WOLFSSL_LOAD_FLAG_IGNORE_ERR) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG_EX("Failed to load CA certs from %s, trying " - "next possible location.", systemCaDirs[i]); - } - else { - WOLFSSL_MSG_EX("Loaded CA certs from %s.", - systemCaDirs[i]); - *loaded = 1; - /* Stop searching after we've loaded one directory. */ - break; - } +#ifdef HAVE_FALCON + if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_FALCON */ +#ifdef HAVE_DILITHIUM + if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_DILITHIUM */ + { + WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type"); } - return ret; + if ((pkey != NULL) && (out != NULL)) { + *out = pkey; + } + return pkey; } +#endif /* OPENSSL_EXTRA || WPA_SMALL */ -#endif +#ifdef OPENSSL_EXTRA -int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx) +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, + long keyLen) { + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER int ret; - byte loaded = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_load_system_CA_certs"); - -#ifdef USE_WINDOWS_API - - ret = LoadSystemCaCertsWindows(ctx, &loaded); - -#elif defined(__APPLE__) - -#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \ - && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) - /* As of MacOS 14.0 we are still able to access system certificates and - * load them manually into wolfSSL "the old way". Accessibility of this API - * is indicated by the presence of the Security/SecTrustSettings.h header */ - ret = LoadSystemCaCertsMac(ctx, &loaded); -#elif defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) - /* For other Apple devices, Apple has removed the ability to obtain - * certificates from the trust store, so we can't use wolfSSL's built-in - * certificate validation mechanisms anymore. We instead must call into the - * Security Framework APIs to authenticate peer certificates when received. - * (see src/internal.c:DoAppleNativeCertValidation()). - * Thus, there is no CA "loading" required, but to keep behavior consistent - * with the current API (not using system CA certs unless this function has - * been called), we simply set a flag indicating that the new apple trust - * verification routine should be used later */ - ctx->doAppleNativeCertValidationFlag = 1; - ret = WOLFSSL_SUCCESS; - loaded = 1; - -#if FIPS_VERSION_GE(2,0) /* Gate back to cert 3389 FIPS modules */ -#warning "Cryptographic operations may occur outside the FIPS module boundary" \ - "Please review FIPS claims for cryptography on this Apple device" -#endif /* FIPS_VERSION_GE(2,0) */ + DerBuffer* der = NULL; -#else -/* HAVE_SECURITY_SECXXX_H macros are set by autotools or CMake when searching - * system for the required SDK headers. If building with user_settings.h, you - * will need to manually define WOLFSSL_APPLE_NATIVE_CERT_VALIDATION - * and ensure the appropriate Security.framework headers and libraries are - * visible to your compiler */ -#error "WOLFSSL_SYS_CA_CERTS on Apple devices requires Security.framework" \ - " header files to be detected, or a manual override with" \ - " WOLFSSL_APPLE_NATIVE_CERT_VALIDATION" -#endif + if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { + WOLFSSL_MSG("Bad key PEM/DER args"); + return NULL; + } -#else + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + if (ret < 0) { + WOLFSSL_MSG("Not PEM format"); + ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + if (ret == 0) { + XMEMCPY(der->buffer, *keyBuf, keyLen); + } + } - ret = LoadSystemCaCertsNix(ctx, &loaded); + if (ret == 0) { + /* Verify this is PKCS8 Key */ + word32 inOutIdx = 0; + word32 algId; + ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, + &algId); + if (ret >= 0) { + ret = 0; /* good DER */ + } + } -#endif + if (ret == 0) { + pkcs8 = wolfSSL_EVP_PKEY_new(); + if (pkcs8 == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkcs8->pkey.ptr == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); + pkcs8->pkey_sz = (int)der->length; + } - if (ret == WOLFSSL_SUCCESS && !loaded) { - ret = WOLFSSL_BAD_PATH; + FreeDer(&der); + if (ret != 0) { + wolfSSL_EVP_PKEY_free(pkcs8); + pkcs8 = NULL; + } + if (pkey != NULL) { + *pkey = pkcs8; } - WOLFSSL_LEAVE("wolfSSL_CTX_load_system_CA_certs", ret); +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ - return ret; + return pkcs8; } -#endif /* WOLFSSL_SYS_CA_CERTS */ -#ifdef WOLFSSL_TRUST_PEER_CERT -/* Used to specify a peer cert to match when connecting - ctx : the ctx structure to load in peer cert - file: the string name of cert file - type: type of format such as PEM/DER +#ifndef NO_BIO +/* put SSL type in extra for now, not very common */ + +/* Converts a DER format key read from "bio" to a PKCS8 structure. + * + * bio input bio to read DER from + * pkey If not NULL then this pointer will be overwritten with a new PKCS8 + * structure. + * + * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail + * case. */ -int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type) +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) { - WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert"); - - if (ctx == NULL || file == NULL) { - return WOLFSSL_FAILURE; - } - - return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); -} + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + unsigned char* mem = NULL; + int memSz; -int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int type) -{ - WOLFSSL_ENTER("wolfSSL_trust_peer_cert"); + WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); - if (ssl == NULL || file == NULL) { - return WOLFSSL_FAILURE; + if (bio == NULL) { + return NULL; } - return ProcessFile(NULL, file, type, TRUSTED_PEER_TYPE, ssl, 0, NULL, - GET_VERIFY_SETTING_SSL(ssl)); -} -#endif /* WOLFSSL_TRUST_PEER_CERT */ - -#endif /* NO_FILESYSTEM */ + if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { + return NULL; + } -#ifdef HAVE_CRL + pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ -int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) -{ - WOLFSSL_ENTER("wolfSSL_EnableCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); - } - else - return BAD_FUNC_ARG; + return pkcs8; } -int wolfSSL_DisableCRL(WOLFSSL* ssl) +/* expecting DER format public key + * + * bio input bio to read DER from + * out If not NULL then this pointer will be overwritten with a new + * WOLFSSL_EVP_PKEY pointer + * + * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) { - WOLFSSL_ENTER("wolfSSL_DisableCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} + unsigned char* mem; + long memSz; + WOLFSSL_EVP_PKEY* pkey = NULL; -#ifndef NO_FILESYSTEM -int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); - } - else - return BAD_FUNC_ARG; -} + WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio"); -int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRLFile"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); + if (bio == NULL) { + return NULL; } - else - return BAD_FUNC_ARG; -} -#endif + (void)out; + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + return NULL; + } -int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) -{ - WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + return NULL; } - else - return BAD_FUNC_ARG; -} -#ifdef HAVE_CRL_IO -int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) -{ - WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb); + if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { + pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); + if (out != NULL && pkey != NULL) { + *out = pkey; + } } - else - return BAD_FUNC_ARG; -} -#endif -int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL"); - if (ctx) - return wolfSSL_CertManagerEnableCRL(ctx->cm, options); - else - return BAD_FUNC_ARG; + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return pkey; } - -int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL"); - if (ctx) - return wolfSSL_CertManagerDisableCRL(ctx->cm); - else - return BAD_FUNC_ARG; -} +#endif /* !NO_BIO */ -#ifndef NO_FILESYSTEM -int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, - int type, int monitor) +/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. + * + * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL + * in DER buffer to convert + * inSz size of in buffer + * + * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL + * on fail + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, + const unsigned char** in, long inSz) { - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); - if (ctx) - return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); - else - return BAD_FUNC_ARG; + WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); + return d2iGenericKey(out, in, inSz, 0); } -int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file, - int type) +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \ + !defined(NO_PWDBASED) + +/* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */ +static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, + unsigned char** der) { - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); - if (ctx) - return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type); - else - return BAD_FUNC_ARG; -} -#endif + int sz; + word16 pkcs8HeaderSz; + if (!key || !key->pkey_sz) + return WOLFSSL_FATAL_ERROR; -int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb"); - if (ctx) - return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb); - else - return BAD_FUNC_ARG; + /* return the key without PKCS8 for compatibility */ + /* if pkcs8HeaderSz is invalid, use 0 and return all of pkey */ + pkcs8HeaderSz = 0; + if (key->pkey_sz > key->pkcs8HeaderSz) + pkcs8HeaderSz = key->pkcs8HeaderSz; + sz = key->pkey_sz - pkcs8HeaderSz; + if (der) { + unsigned char* pt = (unsigned char*)key->pkey.ptr; + if (*der) { + /* since this function signature has no size value passed in it is + * assumed that the user has allocated a large enough buffer */ + XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + *der += sz; + } + else { + *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); + if (*der == NULL) { + return WOLFSSL_FATAL_ERROR; + } + XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + } + } + return sz; } -#ifdef HAVE_CRL_IO -int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) +int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) { - WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb"); - if (ctx) - return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb); - else - return BAD_FUNC_ARG; + return wolfSSL_i2d_PublicKey(key, der); } -#endif - -#endif /* HAVE_CRL */ - - -#ifndef NO_FILESYSTEM - - -#ifdef WOLFSSL_DER_LOAD +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ -/* Add format parameter to allow DER load of CA files */ -int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, - int format) +static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz, int priv) { - WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations"); - if (ctx == NULL || file == NULL) - return WOLFSSL_FAILURE; - - if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; - } - - return WOLFSSL_FAILURE; -} + int ret = 0; + word32 idx = 0, algId; + word16 pkcs8HeaderSz = 0; + WOLFSSL_EVP_PKEY* local; + int opt = 0; -#endif /* WOLFSSL_DER_LOAD */ + (void)opt; + if (in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + if (priv == 1) { + /* Check if input buffer has PKCS8 header. In the case that it does not + * have a PKCS8 header then do not error out. */ + if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, + (word32)inSz, &algId)) > 0) { + WOLFSSL_MSG("Found PKCS8 header"); + pkcs8HeaderSz = (word16)idx; -WOLFSSL_ABI -int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file"); + if ((type == EVP_PKEY_RSA && algId != RSAk + #ifdef WC_RSA_PSS + && algId != RSAPSSk + #endif + ) || + (type == EVP_PKEY_EC && algId != ECDSAk) || + (type == EVP_PKEY_DSA && algId != DSAk) || + (type == EVP_PKEY_DH && algId != DHk)) { + WOLFSSL_MSG("PKCS8 does not match EVP key type"); + return NULL; + } - if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + (void)idx; /* not used */ + } + else { + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 " + "header"); + return NULL; + } + } } - return WOLFSSL_FAILURE; -} - - -WOLFSSL_ABI -int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); + if (out != NULL && *out != NULL) { + wolfSSL_EVP_PKEY_free(*out); + *out = NULL; + } + local = wolfSSL_EVP_PKEY_new(); + if (local == NULL) { + return NULL; + } - if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + local->type = type; + local->pkey_sz = (int)inSz; + local->pkcs8HeaderSz = pkcs8HeaderSz; + local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + if (local->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(local); + local = NULL; + return NULL; + } + else { + XMEMCPY(local->pkey.ptr, *in, inSz); } - return WOLFSSL_FAILURE; -} + switch (type) { +#ifndef NO_RSA + case EVP_PKEY_RSA: + opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC; + local->ownRsa = 1; + local->rsa = wolfssl_rsa_d2i(NULL, + (const unsigned char*)local->pkey.ptr, local->pkey_sz, opt); + if (local->rsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* NO_RSA */ +#ifdef HAVE_ECC + case EVP_PKEY_EC: + local->ownEcc = 1; + local->ecc = wolfSSL_EC_KEY_new(); + if (local->ecc == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + opt = priv ? WOLFSSL_EC_KEY_LOAD_PRIVATE : + WOLFSSL_EC_KEY_LOAD_PUBLIC; + if (wolfSSL_EC_KEY_LoadDer_ex(local->ecc, + (const unsigned char*)local->pkey.ptr, local->pkey_sz, + opt) + != WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* HAVE_ECC */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) +#ifndef NO_DSA + case EVP_PKEY_DSA: + local->ownDsa = 1; + local->dsa = wolfSSL_DSA_new(); + if (local->dsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + opt = priv ? WOLFSSL_DSA_LOAD_PRIVATE : WOLFSSL_DSA_LOAD_PUBLIC; + if (wolfSSL_DSA_LoadDer_ex(local->dsa, + (const unsigned char*)local->pkey.ptr, local->pkey_sz, + opt) + != WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* NO_DSA */ +#ifndef NO_DH +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + case EVP_PKEY_DH: + local->ownDh = 1; + local->dh = wolfSSL_DH_new(); + if (local->dh == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + if (wolfSSL_DH_LoadDer(local->dh, + (const unsigned char*)local->pkey.ptr, local->pkey_sz) + != WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* HAVE_DH */ +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ + default: + WOLFSSL_MSG("Unsupported key type"); + wolfSSL_EVP_PKEY_free(local); + return NULL; + } -#ifdef WOLFSSL_DUAL_ALG_CERTS -int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file"); + /* advance pointer with success */ + if (local != NULL) { + if (local->pkey_sz <= (int)inSz) { + *in += local->pkey_sz; + } - if (ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if (out != NULL) { + *out = local; + } } - return WOLFSSL_FAILURE; + return local; } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ -#endif /* NO_FILESYSTEM */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PublicKey"); -/* Sets the max chain depth when verifying a certificate chain. Default depth - * is set to MAX_CHAIN_DEPTH. + return _d2i_PublicKey(type, out, in, inSz, 0); +} +/* Reads in a DER format key. If PKCS8 headers are found they are stripped off. * - * ctx WOLFSSL_CTX structure to set depth in - * depth max depth + * type type of key + * out newly created WOLFSSL_EVP_PKEY structure + * in pointer to input key DER + * inSz size of in buffer + * + * On success a non null pointer is returned and the pointer in is advanced the + * same number of bytes read. */ -void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { - WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); - - if (ctx == NULL || depth < 0 || depth > MAX_CHAIN_DEPTH) { - WOLFSSL_MSG("Bad depth argument, too large or less than 0"); - return; - } +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); - ctx->verifyDepth = (byte)depth; + return _d2i_PublicKey(type, out, in, inSz, 1); } - -/* get cert chaining depth using ssl struct */ -long wolfSSL_get_verify_depth(WOLFSSL* ssl) +#ifdef WOLF_PRIVATE_KEY_ID +/* Create an EVP structure for use with crypto callbacks */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, + void* heap, int devId) { - if(ssl == NULL) { - return BAD_FUNC_ARG; - } -#ifndef OPENSSL_EXTRA - return MAX_CHAIN_DEPTH; -#else - return ssl->options.verifyDepth; -#endif -} - + WOLFSSL_EVP_PKEY* local; -/* get cert chaining depth using ctx struct */ -long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) -{ - if (ctx == NULL) { - return BAD_FUNC_ARG; + if (out != NULL && *out != NULL) { + wolfSSL_EVP_PKEY_free(*out); + *out = NULL; } -#ifndef OPENSSL_EXTRA - return MAX_CHAIN_DEPTH; -#else - return ctx->verifyDepth; -#endif -} + local = wolfSSL_EVP_PKEY_new_ex(heap); + if (local == NULL) { + return NULL; + } -#ifndef NO_FILESYSTEM + local->type = type; + local->pkey_sz = 0; + local->pkcs8HeaderSz = 0; + switch (type) { +#ifndef NO_RSA + case EVP_PKEY_RSA: + { + RsaKey* key; + local->ownRsa = 1; + local->rsa = wolfSSL_RSA_new_ex(heap, devId); + if (local->rsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + key = (RsaKey*)local->rsa->internal; + #ifdef WOLF_CRYPTO_CB + key->devId = devId; + #endif + (void)key; + local->rsa->inSet = 1; + break; + } +#endif /* !NO_RSA */ +#ifdef HAVE_ECC + case EVP_PKEY_EC: + { + ecc_key* key; + local->ownEcc = 1; + local->ecc = wolfSSL_EC_KEY_new_ex(heap, devId); + if (local->ecc == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + key = (ecc_key*)local->ecc->internal; + #ifdef WOLF_CRYPTO_CB + key->devId = devId; + #endif + key->type = ECC_PRIVATEKEY; + /* key is required to have a key size / curve set, although + * actual one used is determined by devId callback function */ + wc_ecc_set_curve(key, ECDHE_SIZE, ECC_CURVE_DEF); -WOLFSSL_ABI -int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) -{ - /* process up to MAX_CHAIN_DEPTH plus subject cert */ - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); + local->ecc->inSet = 1; + break; + } +#endif /* HAVE_ECC */ + default: + WOLFSSL_MSG("Unsupported private key id type"); + wolfSSL_EVP_PKEY_free(local); + return NULL; + } - if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if (local != NULL && out != NULL) { + *out = local; } - return WOLFSSL_FAILURE; + return local; } +#endif /* WOLF_PRIVATE_KEY_ID */ +#ifndef NO_CERTS /* // NOLINT(readability-redundant-preprocessor) */ -int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, - const char* file, int format) +#ifndef NO_CHECK_PRIVATE_KEY +/* Check private against public in certificate for match + * + * ssl WOLFSSL structure to check private key in + * + * Returns WOLFSSL_SUCCESS on good private key + * WOLFSSL_FAILURE if mismatched. */ +int wolfSSL_check_private_key(const WOLFSSL* ssl) { - /* process up to MAX_CHAIN_DEPTH plus subject cert */ - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); + int res = WOLFSSL_SUCCESS; - if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL, - GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if (ssl == NULL) { + return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_DUAL_ALG_CERTS +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + wolfssl_priv_der_unblind(ssl->buffers.altKey, ssl->buffers.altKeyMask); +#endif + res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key, + ssl->buffers.altKey, ssl->heap, ssl->buffers.keyDevId, + ssl->buffers.keyLabel, ssl->buffers.keyId, ssl->buffers.altKeyDevId, + ssl->buffers.altKeyLabel, ssl->buffers.altKeyId); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (res == WOLFSSL_SUCCESS) { + int ret; + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + (DerBuffer**)&ssl->buffers.keyMask); + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, + (DerBuffer**)&ssl->buffers.altKeyMask); + } + if (ret != 0) { + res = WOLFSSL_FAILURE; + } + } +#endif +#else +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); +#endif + res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key, NULL, + ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel, + ssl->buffers.keyId, INVALID_DEVID, 0, 0); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (res == WOLFSSL_SUCCESS) { + int ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + (DerBuffer**)&ssl->buffers.keyMask); + if (ret != 0) { + res = WOLFSSL_FAILURE; + } + } +#endif +#endif - return WOLFSSL_FAILURE; -} - + return res; +} +#endif /* !NO_CHECK_PRIVATE_KEY */ -#ifndef NO_DH +#endif /* !NO_CERTS */ + +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_RPK) +/* Confirm that all the byte data in the buffer is unique. + * return 1 if all the byte data in the buffer is unique, otherwise 0. + */ +static int isArrayUnique(const char* buf, size_t len) +{ + size_t i, j; + /* check the array is unique */ + for (i = 0; i < len -1; ++i) { + for (j = i+ 1; j < len; ++j) { + if (buf[i] == buf[j]) { + return 0; + } + } + } + return 1; +} -/* server Diffie-Hellman parameters */ -static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - const char* fname, int format) +/* Set user preference for the client_cert_type exetnsion. + * Takes byte array containing cert types the caller can provide to its peer. + * Cert types are in preferred order in the array. + */ +WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, + const char* buf, int bufLen) { -#ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ -#else - byte staticBuffer[FILE_BUFFER_SIZE]; -#endif - byte* myBuffer = staticBuffer; - int dynamic = 0; - int ret; - long sz = 0; - XFILE file; + int i; - if (ctx == NULL || fname == NULL) + if (ctx == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) { return BAD_FUNC_ARG; - - file = XFOPEN(fname, "rb"); - if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if(XFSEEK(file, 0, XSEEK_END) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; } - sz = XFTELL(file); - if(XFSEEK(file, 0, XSEEK_SET) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; + + /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ + if (buf == NULL || bufLen == 0) { + ctx->rpkConfig.preferred_ClientCertTypeCnt = 1; + ctx->rpkConfig.preferred_ClientCertTypes[0]= WOLFSSL_CERT_TYPE_X509; + ctx->rpkConfig.preferred_ClientCertTypes[1]= WOLFSSL_CERT_TYPE_X509; + return WOLFSSL_SUCCESS; } - if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) { - WOLFSSL_MSG("SetTmpDH file size error"); - XFCLOSE(file); - return WOLFSSL_BAD_FILE; + if (!isArrayUnique(buf, (size_t)bufLen)) + return BAD_FUNC_ARG; + + for (i = 0; i < bufLen; i++){ + if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) + return BAD_FUNC_ARG; + + ctx->rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i]; } + ctx->rpkConfig.preferred_ClientCertTypeCnt = bufLen; - if (sz > (long)sizeof(staticBuffer)) { - WOLFSSL_MSG("Getting dynamic buffer"); - myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); - if (myBuffer == NULL) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; - } - dynamic = 1; + return WOLFSSL_SUCCESS; +} + +/* Set user preference for the server_cert_type exetnsion. + * Takes byte array containing cert types the caller can provide to its peer. + * Cert types are in preferred order in the array. + */ +WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, + const char* buf, int bufLen) +{ + int i; + + if (ctx == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) { + return BAD_FUNC_ARG; } - if ((size_t)XFREAD(myBuffer, 1, sz, file) != (size_t)sz) - ret = WOLFSSL_BAD_FILE; - else { - if (ssl) - ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); - else - ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format); + /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ + if (buf == NULL || bufLen == 0) { + ctx->rpkConfig.preferred_ServerCertTypeCnt = 1; + ctx->rpkConfig.preferred_ServerCertTypes[0]= WOLFSSL_CERT_TYPE_X509; + ctx->rpkConfig.preferred_ServerCertTypes[1]= WOLFSSL_CERT_TYPE_X509; + return WOLFSSL_SUCCESS; } - XFCLOSE(file); - if (dynamic) - XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); + if (!isArrayUnique(buf, (size_t)bufLen)) + return BAD_FUNC_ARG; - return ret; + for (i = 0; i < bufLen; i++){ + if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) + return BAD_FUNC_ARG; + + ctx->rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i]; + } + ctx->rpkConfig.preferred_ServerCertTypeCnt = bufLen; + + return WOLFSSL_SUCCESS; } -/* server Diffie-Hellman parameters */ -int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format) +/* Set user preference for the client_cert_type exetnsion. + * Takes byte array containing cert types the caller can provide to its peer. + * Cert types are in preferred order in the array. + */ +WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl, + const char* buf, int bufLen) { - if (ssl == NULL) - return BAD_FUNC_ARG; + int i; - return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format); -} + if (ssl == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) { + return BAD_FUNC_ARG; + } + /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ + if (buf == NULL || bufLen == 0) { + ssl->options.rpkConfig.preferred_ClientCertTypeCnt = 1; + ssl->options.rpkConfig.preferred_ClientCertTypes[0] + = WOLFSSL_CERT_TYPE_X509; + ssl->options.rpkConfig.preferred_ClientCertTypes[1] + = WOLFSSL_CERT_TYPE_X509; + return WOLFSSL_SUCCESS; + } -/* server Diffie-Hellman parameters */ -int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) -{ - return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format); -} + if (!isArrayUnique(buf, (size_t)bufLen)) + return BAD_FUNC_ARG; -#endif /* NO_DH */ + for (i = 0; i < bufLen; i++){ + if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) + return BAD_FUNC_ARG; -#endif /* NO_FILESYSTEM */ + ssl->options.rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i]; + } + ssl->options.rpkConfig.preferred_ClientCertTypeCnt = bufLen; -#ifndef NO_CHECK_PRIVATE_KEY + return WOLFSSL_SUCCESS; +} -#ifdef WOLF_PRIVATE_KEY_ID -/* Check private against public in certificate for match using external - * device with given devId */ -static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, - const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId) +/* Set user preference for the server_cert_type exetnsion. + * Takes byte array containing cert types the caller can provide to its peer. + * Cert types are in preferred order in the array. + */ +WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl, + const char* buf, int bufLen) { - int ret = 0; - int type = 0; - void *pkey = NULL; + int i; - if (privKey == NULL) { - return MISSING_KEY; + if (ssl == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) { + return BAD_FUNC_ARG; } -#ifndef NO_RSA - if (keyOID == RSAk) { - type = DYNAMIC_TYPE_RSA; - } -#ifdef WC_RSA_PSS - if (keyOID == RSAPSSk) { - type = DYNAMIC_TYPE_RSA; + /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ + if (buf == NULL || bufLen == 0) { + ssl->options.rpkConfig.preferred_ServerCertTypeCnt = 1; + ssl->options.rpkConfig.preferred_ServerCertTypes[0] + = WOLFSSL_CERT_TYPE_X509; + ssl->options.rpkConfig.preferred_ServerCertTypes[1] + = WOLFSSL_CERT_TYPE_X509; + return WOLFSSL_SUCCESS; } -#endif -#endif -#ifdef HAVE_ECC - if (keyOID == ECDSAk) { - type = DYNAMIC_TYPE_ECC; + + if (!isArrayUnique(buf, (size_t)bufLen)) + return BAD_FUNC_ARG; + + for (i = 0; i < bufLen; i++){ + if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) + return BAD_FUNC_ARG; + + ssl->options.rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i]; } -#endif -#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { - type = DYNAMIC_TYPE_DILITHIUM; + ssl->options.rpkConfig.preferred_ServerCertTypeCnt = bufLen; + + return WOLFSSL_SUCCESS; +} + +/* get negotiated certificate type value and return it to the second parameter. + * cert type value: + * -1: WOLFSSL_CERT_TYPE_UNKNOWN + * 0: WOLFSSL_CERT_TYPE_X509 + * 2: WOLFSSL_CERT_TYPE_RPK + * return WOLFSSL_SUCCESS on success, otherwise negative value. + * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for + * cert type. + */ +WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) +{ + int ret = WOLFSSL_SUCCESS; + + if (ssl == NULL || tp == NULL) + return BAD_FUNC_ARG; + + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.rpkState.received_ClientCertTypeCnt == 1) + *tp = ssl->options.rpkState.received_ClientCertTypes[0]; + else + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; } -#endif -#if defined(HAVE_PQC) && defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - type = DYNAMIC_TYPE_FALCON; + else { + if (ssl->options.rpkState.sending_ClientCertTypeCnt == 1) + *tp = ssl->options.rpkState.sending_ClientCertTypes[0]; + else + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; } -#endif + return ret; +} - ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, - heap, devId); - #ifdef WOLF_CRYPTO_CB - if (ret == 0) { - #ifndef NO_RSA - if (keyOID == RSAk - #ifdef WC_RSA_PSS - || keyOID == RSAPSSk - #endif - ) { - ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz); - } - #endif - #ifdef HAVE_ECC - if (keyOID == ECDSAk) { - ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, pubSz); - } - #endif - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { - ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, - WC_PQC_SIG_TYPE_DILITHIUM, - pubKey, pubSz); - } - #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, - WC_PQC_SIG_TYPE_FALCON, - pubKey, pubSz); - } - #endif +/* get negotiated certificate type value and return it to the second parameter. + * cert type value: + * -1: WOLFSSL_CERT_TYPE_UNKNOWN + * 0: WOLFSSL_CERT_TYPE_X509 + * 2: WOLFSSL_CERT_TYPE_RPK + * return WOLFSSL_SUCCESS on success, otherwise negative value. + * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for + * cert type. + */ +WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) +{ + int ret = WOLFSSL_SUCCESS; + + if (ssl == NULL || tp == NULL) + return BAD_FUNC_ARG; + + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.rpkState.received_ServerCertTypeCnt == 1) + *tp = ssl->options.rpkState.received_ServerCertTypes[0]; + else + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; } - #else - /* devId was set, don't check, for now */ - /* TODO: Add callback for private key check? */ - (void) pubKey; - (void) pubSz; - #endif - if (pkey != NULL) { - #ifndef NO_RSA - if (keyOID == RSAk - #ifdef WC_RSA_PSS - || keyOID == RSAPSSk - #endif - ) { - wc_FreeRsaKey((RsaKey*)pkey); - } - #endif - #ifdef HAVE_ECC - if (keyOID == ECDSAk) { - wc_ecc_free((ecc_key*)pkey); - } - #endif - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { - wc_dilithium_free((dilithium_key*)pkey); - } - #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - wc_falcon_free((falcon_key*)pkey); - } - #endif - XFREE(pkey, heap, type); + else { + if (ssl->options.rpkState.sending_ServerCertTypeCnt == 1) + *tp = ssl->options.rpkState.sending_ServerCertTypes[0]; + else + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; } - return ret; } -#endif /* WOLF_PRIVATE_KEY_ID */ -/* Check private against public in certificate for match - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched */ -static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, - void* heap, int devId, int isKeyLabel, int isKeyId, int altDevId, - int isAltKeyLabel, int isAltKeyId) -{ -#ifdef WOLFSSL_SMALL_STACK - DecodedCert* der = NULL; -#else - DecodedCert der[1]; -#endif - word32 size; - byte* buff; - int ret = WOLFSSL_FAILURE; +#endif /* HAVE_RPK */ - WOLFSSL_ENTER("check_cert_key"); +#ifdef HAVE_ECC - if (cert == NULL || key == NULL) { - return WOLFSSL_FAILURE; - } +/* Set Temp CTX EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ +int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetTmpEC_DHE_Sz"); -#ifdef WOLFSSL_SMALL_STACK - der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_DCERT); - if (der == NULL) - return MEMORY_E; -#endif + if (ctx == NULL) + return BAD_FUNC_ARG; - size = cert->length; - buff = cert->buffer; - InitDecodedCert_ex(der, buff, size, heap, devId); - if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { - FreeDecodedCert(der); - #ifdef WOLFSSL_SMALL_STACK - XFREE(der, heap, DYNAMIC_TYPE_DCERT); - #endif - return WOLFSSL_FAILURE; - } + /* if 0 then get from loaded private key */ + if (sz == 0) { + /* applies only to ECDSA */ + if (ctx->privateKeyType != ecc_dsa_sa_algo) + return WOLFSSL_SUCCESS; - size = key->length; - buff = key->buffer; -#ifdef WOLF_PRIVATE_KEY_ID - if (devId != INVALID_DEVID) { - ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey, - der->pubKeySize, isKeyLabel, isKeyId, heap, - devId); - if (ret != CRYPTOCB_UNAVAILABLE) { - ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; + if (ctx->privateKeySz == 0) { + WOLFSSL_MSG("Must set private key/cert first"); + return BAD_FUNC_ARG; } - } - else { - /* fall through if unavailable */ - ret = CRYPTOCB_UNAVAILABLE; - } - if (ret == CRYPTOCB_UNAVAILABLE) -#endif /* WOLF_PRIVATE_KEY_ID */ - { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0); - ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; + sz = (word16)ctx->privateKeySz; } -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS && der->extSapkiSet && der->sapkiDer != NULL) { - /* Certificate contains an alternative public key. Hence, we also - * need an alternative private key. */ - if (altKey == NULL) { - ret = MISSING_KEY; - buff = NULL; - size = 0; - } - else { - size = altKey->length; - buff = altKey->buffer; - } -#ifdef WOLF_PRIVATE_KEY_ID - if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) { - /* We have to decode the public key first */ - word32 idx = 0; - /* Dilithium has the largest public key at the moment */ - word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (decodedPubKey == NULL) { - ret = MEMORY_E; - } - if (ret == WOLFSSL_SUCCESS) { - if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) { - /* Simply copy the data */ - XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); - pubKeyLen = der->sapkiLen; - ret = 0; - } - else { - ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, - der->sapkiLen, decodedPubKey, - &pubKeyLen, der->sapkiOID); - } - } - if (ret == 0) { - ret = check_cert_key_dev(der->sapkiOID, buff, size, - decodedPubKey, pubKeyLen, - isAltKeyLabel, isAltKeyId, - heap, altDevId); - } - XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (ret != CRYPTOCB_UNAVAILABLE) { - ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - } - else { - /* fall through if unavailable */ - ret = CRYPTOCB_UNAVAILABLE; - } - - if (ret == CRYPTOCB_UNAVAILABLE) -#endif /* WOLF_PRIVATE_KEY_ID */ - { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1); - ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - FreeDecodedCert(der); -#ifdef WOLFSSL_SMALL_STACK - XFREE(der, heap, DYNAMIC_TYPE_DCERT); + /* check size */ +#if ECC_MIN_KEY_SZ > 0 + if (sz < ECC_MINSIZE) + return BAD_FUNC_ARG; #endif + if (sz > ECC_MAXSIZE) + return BAD_FUNC_ARG; - (void)devId; - (void)isKeyLabel; - (void)isKeyId; - (void)altKey; - (void)altDevId; - (void)isAltKeyLabel; - (void)isAltKeyId; + ctx->eccTempKeySz = sz; - return ret; + return WOLFSSL_SUCCESS; } -/* Check private against public in certificate for match - * - * ctx WOLFSSL_CTX structure to check private key in - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched. */ -int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) + +/* Set Temp SSL EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ +int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz) { - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } + WOLFSSL_ENTER("wolfSSL_SetTmpEC_DHE_Sz"); -#ifdef WOLFSSL_DUAL_ALG_CERTS - return check_cert_key(ctx->certificate, ctx->privateKey, ctx->altPrivateKey, - ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel, - ctx->privateKeyId, ctx->altPrivateKeyDevId, ctx->altPrivateKeyLabel, - ctx->altPrivateKeyId); -#else - return check_cert_key(ctx->certificate, ctx->privateKey, NULL, ctx->heap, - ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId, - INVALID_DEVID, 0, 0); + if (ssl == NULL) + return BAD_FUNC_ARG; + + /* check size */ +#if ECC_MIN_KEY_SZ > 0 + if (sz < ECC_MINSIZE) + return BAD_FUNC_ARG; #endif + if (sz > ECC_MAXSIZE) + return BAD_FUNC_ARG; + + ssl->eccTempKeySz = sz; + + return WOLFSSL_SUCCESS; } -#endif /* !NO_CHECK_PRIVATE_KEY */ -#ifdef OPENSSL_ALL -/** - * Return the private key of the WOLFSSL_CTX struct - * @return WOLFSSL_EVP_PKEY* The caller doesn *NOT*` free the returned object. - */ -WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) -{ - const unsigned char *key; - int type; +#endif /* HAVE_ECC */ - WOLFSSL_ENTER("wolfSSL_CTX_get0_privatekey"); - if (ctx == NULL || ctx->privateKey == NULL || - ctx->privateKey->buffer == NULL) { - WOLFSSL_MSG("Bad parameter or key not set"); - return NULL; - } +typedef struct { + byte verifyPeer:1; + byte verifyNone:1; + byte failNoCert:1; + byte failNoCertxPSK:1; + byte verifyPostHandshake:1; +} SetVerifyOptions; - switch (ctx->privateKeyType) { -#ifndef NO_RSA - case rsa_sa_algo: - type = EVP_PKEY_RSA; - break; -#endif -#ifdef HAVE_ECC - case ecc_dsa_sa_algo: - type = EVP_PKEY_EC; - break; -#endif -#ifdef WOLFSSL_SM2 - case sm2_sa_algo: - type = EVP_PKEY_EC; - break; +static SetVerifyOptions ModeToVerifyOptions(int mode) +{ + SetVerifyOptions opts; + XMEMSET(&opts, 0, sizeof(SetVerifyOptions)); + + if (mode != WOLFSSL_VERIFY_DEFAULT) { + opts.verifyNone = (mode == WOLFSSL_VERIFY_NONE); + if (!opts.verifyNone) { + opts.verifyPeer = + (mode & WOLFSSL_VERIFY_PEER) != 0; + opts.failNoCertxPSK = + (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) != 0; + opts.failNoCert = + (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) != 0; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + opts.verifyPostHandshake = + (mode & WOLFSSL_VERIFY_POST_HANDSHAKE) != 0; #endif - default: - /* Other key types not supported either as ssl private keys - * or in the EVP layer */ - WOLFSSL_MSG("Unsupported key type"); - return NULL; + } } - key = ctx->privateKey->buffer; + return opts; +} - if (ctx->privateKeyPKey != NULL) - return ctx->privateKeyPKey; - else - return wolfSSL_d2i_PrivateKey(type, - (WOLFSSL_EVP_PKEY**)&ctx->privateKeyPKey, &key, - (long)ctx->privateKey->length); +WOLFSSL_ABI +void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc) +{ + SetVerifyOptions opts; + + WOLFSSL_ENTER("wolfSSL_CTX_set_verify"); + if (ctx == NULL) + return; + + opts = ModeToVerifyOptions(mode); + + ctx->verifyNone = opts.verifyNone; + ctx->verifyPeer = opts.verifyPeer; + ctx->failNoCert = opts.failNoCert; + ctx->failNoCertxPSK = opts.failNoCertxPSK; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ctx->verifyPostHandshake = opts.verifyPostHandshake; +#endif + + ctx->verifyCallback = vc; +} + +#ifdef OPENSSL_ALL +void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, + CertVerifyCallback cb, void* arg) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_cert_verify_callback"); + if (ctx == NULL) + return; + + ctx->verifyCertCb = cb; + ctx->verifyCertCbArg = arg; } #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, - const unsigned char** in, long inSz, int priv) +void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc) { + SetVerifyOptions opts; - WOLFSSL_EVP_PKEY* pkey = NULL; - const unsigned char* mem; - long memSz = inSz; + WOLFSSL_ENTER("wolfSSL_set_verify"); + if (ssl == NULL) + return; - WOLFSSL_ENTER("d2iGenericKey"); + opts = ModeToVerifyOptions(mode); - if (in == NULL || *in == NULL || inSz < 0) { - WOLFSSL_MSG("Bad argument"); - return NULL; - } - mem = *in; + ssl->options.verifyNone = opts.verifyNone; + ssl->options.verifyPeer = opts.verifyPeer; + ssl->options.failNoCert = opts.failNoCert; + ssl->options.failNoCertxPSK = opts.failNoCertxPSK; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ssl->options.verifyPostHandshake = opts.verifyPostHandshake; +#endif - #if !defined(NO_RSA) - { - word32 keyIdx = 0; - int isRsaKey; - #ifdef WOLFSSL_SMALL_STACK - RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); - if (rsa == NULL) - return NULL; - #else - RsaKey rsa[1]; - #endif - XMEMSET(rsa, 0, sizeof(RsaKey)); + ssl->verifyCallback = vc; +} - /* test if RSA key */ - if (priv) - isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 && - wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0; - else - isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 && - wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0; - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif +void wolfSSL_set_verify_result(WOLFSSL *ssl, long v) +{ + WOLFSSL_ENTER("wolfSSL_set_verify_result"); - if (isRsaKey) { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey != NULL) { - pkey->pkey_sz = keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_RSA; - if (out != NULL) { - *out = pkey; - } + if (ssl == NULL) + return; - pkey->ownRsa = 1; - pkey->rsa = wolfssl_rsa_d2i(NULL, mem, inSz, - priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC); - if (pkey->rsa == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) + ssl->peerVerifyRet = (unsigned long)v; +#else + (void)v; + WOLFSSL_STUB("wolfSSL_set_verify_result"); +#endif +} - return pkey; - } - else { - WOLFSSL_MSG("RSA wolfSSL_EVP_PKEY_new error"); - } +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +/* For TLS v1.3 send handshake messages after handshake completes. */ +/* Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */ +int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl) +{ + int ret = wolfSSL_request_certificate(ssl); + if (ret != WOLFSSL_SUCCESS) { + if (!IsAtLeastTLSv1_3(ssl->version)) { + /* specific error of wrong version expected */ + WOLFSSL_ERROR(UNSUPPORTED_PROTO_VERSION); + + } + else { + WOLFSSL_ERROR(ret); /* log the error in the error queue */ } } - #endif /* NO_RSA */ + return (ret == WOLFSSL_SUCCESS) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} - #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - { - word32 keyIdx = 0; - int isEccKey; - #ifdef WOLFSSL_SMALL_STACK - ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); - if (ecc == NULL) - return NULL; - #else - ecc_key ecc[1]; - #endif - XMEMSET(ecc, 0, sizeof(ecc_key)); +int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val) +{ + int ret = wolfSSL_CTX_allow_post_handshake_auth(ctx); + if (ret == 0) { + ctx->postHandshakeAuth = (val != 0); + } + return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} +int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val) +{ + int ret = wolfSSL_allow_post_handshake_auth(ssl); + if (ret == 0) { + ssl->options.postHandshakeAuth = (val != 0); + } + return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} +#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && + * WOLFSSL_POST_HANDSHAKE_AUTH */ - if (priv) - isEccKey = wc_ecc_init(ecc) == 0 && - wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0; - else - isEccKey = wc_ecc_init(ecc) == 0 && - wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0; - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif +/* store user ctx for verify callback */ +void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_SetCertCbCtx"); + if (ssl) + ssl->verifyCbCtx = ctx; +} - if (isEccKey) { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey != NULL) { - pkey->pkey_sz = keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_EC; - if (out != NULL) { - *out = pkey; - } - pkey->ownEcc = 1; - pkey->ecc = wolfSSL_EC_KEY_new(); - if (pkey->ecc == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } +/* store user ctx for verify callback */ +void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCertCbCtx"); + if (ctx) + ctx->verifyCbCtx = userCtx; +} - if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE - : WOLFSSL_RSA_LOAD_PUBLIC) != 1) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - return pkey; - } - else { - WOLFSSL_MSG("ECC wolfSSL_EVP_PKEY_new error"); - } - } - } - #endif /* HAVE_ECC && OPENSSL_EXTRA */ +/* store context CA Cache addition callback */ +void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb) +{ + if (ctx && ctx->cm) + ctx->cm->caCacheCallback = cb; +} - #if !defined(NO_DSA) - { - word32 keyIdx = 0; - int isDsaKey; - #ifdef WOLFSSL_SMALL_STACK - DsaKey *dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA); - if (dsa == NULL) - return NULL; - #else - DsaKey dsa[1]; - #endif - XMEMSET(dsa, 0, sizeof(DsaKey)); - if (priv) - isDsaKey = wc_InitDsaKey(dsa) == 0 && - wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0; - else - isDsaKey = wc_InitDsaKey(dsa) == 0 && - wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0; - wc_FreeDsaKey(dsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); - #endif +#if defined(PERSIST_CERT_CACHE) - /* test if DSA key */ - if (isDsaKey) { - pkey = wolfSSL_EVP_PKEY_new(); - - if (pkey != NULL) { - pkey->pkey_sz = keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_DSA; - if (out != NULL) { - *out = pkey; - } +#if !defined(NO_FILESYSTEM) - pkey->ownDsa = 1; - pkey->dsa = wolfSSL_DSA_new(); - if (pkey->dsa == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } +/* Persist cert cache to file */ +int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname) +{ + WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache"); - if (wolfSSL_DSA_LoadDer_ex(pkey->dsa, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE - : WOLFSSL_RSA_LOAD_PUBLIC) != 1) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } + if (ctx == NULL || fname == NULL) + return BAD_FUNC_ARG; - return pkey; - } - else { - WOLFSSL_MSG("DSA wolfSSL_EVP_PKEY_new error"); - } - } - } - #endif /* NO_DSA */ + return CM_SaveCertCache(ctx->cm, fname); +} - #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - { - int isDhKey; - word32 keyIdx = 0; - #ifdef WOLFSSL_SMALL_STACK - DhKey *dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); - if (dh == NULL) - return NULL; - #else - DhKey dh[1]; - #endif - XMEMSET(dh, 0, sizeof(DhKey)); - - isDhKey = wc_InitDhKey(dh) == 0 && - wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0; - wc_FreeDhKey(dh); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dh, NULL, DYNAMIC_TYPE_DH); - #endif - - /* test if DH key */ - if (isDhKey) { - pkey = wolfSSL_EVP_PKEY_new(); - - if (pkey != NULL) { - pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - XMEMCPY(pkey->pkey.ptr, mem, memSz); - pkey->type = EVP_PKEY_DH; - if (out != NULL) { - *out = pkey; - } - pkey->ownDh = 1; - pkey->dh = wolfSSL_DH_new(); - if (pkey->dh == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } +/* Persist cert cache from file */ +int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname) +{ + WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache"); - if (wolfSSL_DH_LoadDer(pkey->dh, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz) != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } + if (ctx == NULL || fname == NULL) + return BAD_FUNC_ARG; - return pkey; - } - else { - WOLFSSL_MSG("DH wolfSSL_EVP_PKEY_new error"); - } - } - } - #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ - #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + return CM_RestoreCertCache(ctx->cm, fname); +} - #if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) - #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - { - word32 keyIdx = 0; - DhKey* key = NULL; - int ret; - #ifdef WOLFSSL_SMALL_STACK - DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); - if (dh == NULL) - return NULL; - #else - DhKey dh[1]; - #endif - XMEMSET(dh, 0, sizeof(DhKey)); +#endif /* NO_FILESYSTEM */ - /* test if DH-public key */ - if (wc_InitDhKey(dh) != 0) - return NULL; +/* Persist cert cache to memory */ +int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, + int sz, int* used) +{ + WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache"); - ret = wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz); - wc_FreeDhKey(dh); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dh, NULL, DYNAMIC_TYPE_DH); - #endif + if (ctx == NULL || mem == NULL || used == NULL || sz <= 0) + return BAD_FUNC_ARG; - if (ret == 0) { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey != NULL) { - pkey->type = EVP_PKEY_DH; - pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - XMEMCPY(pkey->pkey.ptr, mem, memSz); - if (out != NULL) { - *out = pkey; - } - pkey->ownDh = 1; - pkey->dh = wolfSSL_DH_new(); - if (pkey->dh == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } + return CM_MemSaveCertCache(ctx->cm, mem, sz, used); +} - key = (DhKey*)pkey->dh->internal; - - keyIdx = 0; - if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) - { - int elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | - ELEMENT_PUB; - if (priv) - elements |= ELEMENT_PRV; - if(SetDhExternal_ex(pkey->dh, elements) - == WOLFSSL_SUCCESS ) { - return pkey; - } - } - else { - wolfSSL_EVP_PKEY_free(pkey); - return NULL; - } - } - } - } - #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ - #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ - #ifdef HAVE_PQC - #ifdef HAVE_FALCON - { - int isFalcon = 0; - #ifdef WOLFSSL_SMALL_STACK - falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL, - DYNAMIC_TYPE_FALCON); - if (falcon == NULL) { - return NULL; - } - #else - falcon_key falcon[1]; - #endif +/* Restore cert cache from memory */ +int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz) +{ + WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache"); - if (wc_falcon_init(falcon) == 0) { - /* test if Falcon key */ - if (priv) { - /* Try level 1 */ - isFalcon = wc_falcon_set_level(falcon, 1) == 0 && - wc_falcon_import_private_only(mem, (word32)memSz, - falcon) == 0; - if (!isFalcon) { - /* Try level 5 */ - isFalcon = wc_falcon_set_level(falcon, 5) == 0 && - wc_falcon_import_private_only(mem, (word32)memSz, - falcon) == 0; - } - } else { - /* Try level 1 */ - isFalcon = wc_falcon_set_level(falcon, 1) == 0 && - wc_falcon_import_public(mem, (word32)memSz, falcon) - == 0; - - if (!isFalcon) { - /* Try level 5 */ - isFalcon = wc_falcon_set_level(falcon, 5) == 0 && - wc_falcon_import_public(mem, (word32)memSz, - falcon) == 0; - } - } - wc_falcon_free(falcon); - } + if (ctx == NULL || mem == NULL || sz <= 0) + return BAD_FUNC_ARG; - #ifdef WOLFSSL_SMALL_STACK - XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON); - #endif - if (isFalcon) { - /* Create a fake Falcon EVP_PKEY. In the future, we might integrate - * Falcon into the compatibility layer. */ - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error"); - return NULL; - } - pkey->type = EVP_PKEY_FALCON; - pkey->pkey.ptr = NULL; - pkey->pkey_sz = 0; - return pkey; - } + return CM_MemRestoreCertCache(ctx->cm, mem, sz); +} - } - #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM - { - int isDilithium = 0; - #ifdef WOLFSSL_SMALL_STACK - dilithium_key *dilithium = (dilithium_key *) - XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM); - if (dilithium == NULL) { - return NULL; - } - #else - dilithium_key dilithium[1]; - #endif - if (wc_dilithium_init(dilithium) == 0) { - /* Test if Dilithium key. Try all levels. */ - if (priv) { - isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 && - wc_dilithium_import_private_only(mem, - (word32)memSz, dilithium) == 0; - if (!isDilithium) { - isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 && - wc_dilithium_import_private_only(mem, - (word32)memSz, dilithium) == 0; - } - if (!isDilithium) { - isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 && - wc_dilithium_import_private_only(mem, - (word32)memSz, dilithium) == 0; - } - } else { - isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 && - wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0; - if (!isDilithium) { - isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 && - wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0; - } - if (!isDilithium) { - isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 && - wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0; - } - } - wc_dilithium_free(dilithium); - } +/* get how big the the cert cache save buffer needs to be */ +int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); - #endif - if (isDilithium) { - /* Create a fake Dilithium EVP_PKEY. In the future, we might - * integrate Dilithium into the compatibility layer. */ - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error"); - return NULL; - } - pkey->type = EVP_PKEY_DILITHIUM; - pkey->pkey.ptr = NULL; - pkey->pkey_sz = 0; - return pkey; - } + if (ctx == NULL) + return BAD_FUNC_ARG; - } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + return CM_GetCertCacheMemSize(ctx->cm); +} - if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type"); - } +#endif /* PERSIST_CERT_CACHE */ +#endif /* !NO_CERTS */ - return pkey; +void wolfSSL_load_error_strings(void) +{ + /* compatibility only */ } -#endif /* OPENSSL_EXTRA || WPA_SMALL */ -#ifdef OPENSSL_EXTRA -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen) +int wolfSSL_library_init(void) { - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - int ret; - DerBuffer* der = NULL; + WOLFSSL_ENTER("wolfSSL_library_init"); + if (wolfSSL_Init() == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + else + return WOLFSSL_FATAL_ERROR; +} - if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { - WOLFSSL_MSG("Bad key PEM/DER args"); - return NULL; - } - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); - if (ret < 0) { - WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); - if (ret == 0) { - XMEMCPY(der->buffer, *keyBuf, keyLen); - } - } +#ifdef HAVE_SECRET_CALLBACK - if (ret == 0) { - /* Verify this is PKCS8 Key */ - word32 inOutIdx = 0; - word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId); - if (ret >= 0) { - ret = 0; /* good DER */ - } - } +int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_set_session_secret_cb"); + if (ssl == NULL) + return WOLFSSL_FAILURE; - if (ret == 0) { - pkcs8 = wolfSSL_EVP_PKEY_new(); - if (pkcs8 == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkcs8->pkey.ptr == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = der->length; + ssl->sessionSecretCb = cb; + ssl->sessionSecretCtx = ctx; + if (cb != NULL) { + /* If using a pre-set key, assume session resumption. */ + ssl->session->sessionIDSz = 0; + ssl->options.resuming = 1; } - FreeDer(&der); - if (ret != 0) { - wolfSSL_EVP_PKEY_free(pkcs8); - pkcs8 = NULL; - } - if (pkey != NULL) { - *pkey = pkcs8; - } + return WOLFSSL_SUCCESS; +} -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ +int wolfSSL_set_session_ticket_ext_cb(WOLFSSL* ssl, TicketParseCb cb, + void *ctx) +{ + WOLFSSL_ENTER("wolfSSL_set_session_ticket_ext_cb"); + if (ssl == NULL) + return WOLFSSL_FAILURE; - return pkcs8; + ssl->ticketParseCb = cb; + ssl->ticketParseCtx = ctx; + + return WOLFSSL_SUCCESS; } +int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_set_secret_cb"); + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; -#ifndef NO_BIO -/* put SSL type in extra for now, not very common */ + ssl->tlsSecretCb = cb; + ssl->tlsSecretCtx = ctx; -/* Converts a DER format key read from "bio" to a PKCS8 structure. - * - * bio input bio to read DER from - * pkey If not NULL then this pointer will be overwritten with a new PKCS8 - * structure. - * - * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail - * case. - */ -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) + return WOLFSSL_SUCCESS; +} + +#ifdef SHOW_SECRETS +int tlsShowSecrets(WOLFSSL* ssl, void* secret, int secretSz, + void* ctx) { - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - unsigned char* mem = NULL; - int memSz; + /* Wireshark Pre-Master-Secret Format: + * CLIENT_RANDOM + */ + const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM"; + int i, pmsPos = 0; + char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1]; + byte clientRandom[RAN_LEN]; + int clientRandomSz; - WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); + (void)ctx; - if (bio == NULL) { - return NULL; + clientRandomSz = (int)wolfSSL_get_client_random(ssl, clientRandom, + sizeof(clientRandom)); + + if (clientRandomSz <= 0) { + printf("Error getting server random %d\n", clientRandomSz); + return BAD_FUNC_ARG; } - if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { - return NULL; + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ", + CLIENT_RANDOM_LABEL); + pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1; + for (i = 0; i < clientRandomSz; i++) { + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", + clientRandom[i]); + pmsPos += 2; + } + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " "); + pmsPos += 1; + for (i = 0; i < secretSz; i++) { + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", + ((byte*)secret)[i]); + pmsPos += 2; } + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n"); + pmsPos += 1; - pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ + /* print master secret */ + puts(pmsBuf); - return pkcs8; + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) + { + FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a"); + if (f != XBADFILE) { + XFWRITE(pmsBuf, 1, pmsPos, f); + XFCLOSE(f); + } + } + #endif + return 0; } +#endif /* SHOW_SECRETS */ +#endif -/* expecting DER format public key - * - * bio input bio to read DER from - * out If not NULL then this pointer will be overwritten with a new - * WOLFSSL_EVP_PKEY pointer - * - * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** out) -{ - unsigned char* mem; - long memSz; - WOLFSSL_EVP_PKEY* pkey = NULL; - WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio"); +#ifdef OPENSSL_EXTRA - if (bio == NULL) { - return NULL; - } - (void)out; +/* + * check if the list has TLS13 and pre-TLS13 suites + * @param list cipher suite list that user want to set + * (caller required to check for NULL) + * @return mixed: 0, only pre-TLS13: 1, only TLS13: 2 + */ +static int CheckcipherList(const char* list) +{ + int ret; + int findTLSv13Suites = 0; + int findbeforeSuites = 0; + byte cipherSuite0; + byte cipherSuite1; + int flags; + char* next = (char*)list; - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - return NULL; - } + do { + char* current = next; + char name[MAX_SUITE_NAME + 1]; + word32 length = MAX_SUITE_NAME; + word32 current_length; - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - return NULL; - } + next = XSTRSTR(next, ":"); - if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { - pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); - if (out != NULL && pkey != NULL) { - *out = pkey; + current_length = (!next) ? (word32)XSTRLEN(current) + : (word32)(next - current); + if (current_length == 0) { + break; } - } - - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return pkey; -} -#endif /* !NO_BIO */ + if (current_length < length) { + length = current_length; + } + XMEMCPY(name, current, length); + name[length] = 0; + if (XSTRCMP(name, "ALL") == 0 || + XSTRCMP(name, "DEFAULT") == 0 || + XSTRCMP(name, "HIGH") == 0) + { + findTLSv13Suites = 1; + findbeforeSuites = 1; + break; + } -/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. - * - * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL - * in DER buffer to convert - * inSz size of in buffer - * - * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL - * on fail - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, - const unsigned char** in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); - return d2iGenericKey(out, in, inSz, 0); -} + ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0, + &cipherSuite1, &flags); + if (ret == 0) { + if (cipherSuite0 == TLS13_BYTE) { + /* TLSv13 suite */ + findTLSv13Suites = 1; + } + else { + findbeforeSuites = 1; + } + } -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \ - !defined(NO_PWDBASED) + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + /* check if mixed due to names like RSA:ECDHE+AESGCM etc. */ + if (ret != 0) { + char* subStr = name; + char* subStrNext; -/* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */ -static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** der) -{ - int sz; - word16 pkcs8HeaderSz; + do { + subStrNext = XSTRSTR(subStr, "+"); - if (!key || !key->pkey_sz) - return WOLFSSL_FATAL_ERROR; + if ((XSTRCMP(subStr, "ECDHE") == 0) || + (XSTRCMP(subStr, "RSA") == 0)) { + return 0; + } - /* return the key without PKCS8 for compatibility */ - /* if pkcs8HeaderSz is invalid, use 0 and return all of pkey */ - pkcs8HeaderSz = 0; - if (key->pkey_sz > key->pkcs8HeaderSz) - pkcs8HeaderSz = key->pkcs8HeaderSz; - sz = key->pkey_sz - pkcs8HeaderSz; - if (der) { - unsigned char* pt = (unsigned char*)key->pkey.ptr; - if (*der) { - /* since this function signature has no size value passed in it is - * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); - *der += sz; + if (subStrNext && (XSTRLEN(subStrNext) > 0)) { + subStr = subStrNext + 1; /* +1 to skip past '+' */ + } + } while (subStrNext != NULL); } - else { - *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); - if (*der == NULL) { - return WOLFSSL_FATAL_ERROR; - } - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + #endif + + if (findTLSv13Suites == 1 && findbeforeSuites == 1) { + /* list has mixed suites */ + return 0; } } - return sz; -} + while (next++); /* increment to skip ':' */ -int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) -{ - return wolfSSL_i2d_PublicKey(key, der); + if (findTLSv13Suites == 0 && findbeforeSuites == 1) { + ret = 1;/* only before TLSv13 suites */ + } + else if (findTLSv13Suites == 1 && findbeforeSuites == 0) { + ret = 2;/* only TLSv13 suties */ + } + else { + ret = 0;/* handle as mixed */ + } + return ret; } -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ - -static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz, int priv) +/* parse some bulk lists like !eNULL / !aNULL + * + * returns WOLFSSL_SUCCESS on success and sets the cipher suite list + */ +static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + Suites* suites, const char* list) { - int ret = 0; - word32 idx = 0, algId; - word16 pkcs8HeaderSz = 0; - WOLFSSL_EVP_PKEY* local; - int opt = 0; - - (void)opt; + int ret = 0; + int listattribute = 0; + int tls13Only = 0; +#ifndef WOLFSSL_SMALL_STACK + byte suitesCpy[WOLFSSL_MAX_SUITE_SZ]; +#else + byte* suitesCpy = NULL; +#endif + word16 suitesCpySz = 0; + word16 i = 0; + word16 j = 0; - if (in == NULL || inSz < 0) { - WOLFSSL_MSG("Bad argument"); - return NULL; + if (suites == NULL || list == NULL) { + WOLFSSL_MSG("NULL argument"); + return WOLFSSL_FAILURE; } - if (priv == 1) { - /* Check if input buffer has PKCS8 header. In the case that it does not - * have a PKCS8 header then do not error out. */ - if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, - (word32)inSz, &algId)) > 0) { - WOLFSSL_MSG("Found PKCS8 header"); - pkcs8HeaderSz = (word16)idx; - - if ((type == EVP_PKEY_RSA && algId != RSAk - #ifdef WC_RSA_PSS - && algId != RSAPSSk - #endif - ) || - (type == EVP_PKEY_EC && algId != ECDSAk) || - (type == EVP_PKEY_DSA && algId != DSAk) || - (type == EVP_PKEY_DH && algId != DHk)) { - WOLFSSL_MSG("PKCS8 does not match EVP key type"); - return NULL; - } + listattribute = CheckcipherList(list); - (void)idx; /* not used */ - } - else { - if (ret != ASN_PARSE_E) { - WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 " - "header"); - return NULL; - } - } + if (listattribute == 0) { + /* list has mixed(pre-TLSv13 and TLSv13) suites + * update cipher suites the same as before + */ + return (SetCipherList_ex(ctx, ssl, suites, list)) ? WOLFSSL_SUCCESS : + WOLFSSL_FAILURE; } - - if (out != NULL && *out != NULL) { - wolfSSL_EVP_PKEY_free(*out); - *out = NULL; + else if (listattribute == 1) { + /* list has only pre-TLSv13 suites. + * Only update before TLSv13 suites. + */ + tls13Only = 0; } - local = wolfSSL_EVP_PKEY_new(); - if (local == NULL) { - return NULL; + else if (listattribute == 2) { + /* list has only TLSv13 suites. Only update TLv13 suites + * simulate set_ciphersuites() compatibility layer API + */ + tls13Only = 1; + if ((ctx != NULL && !IsAtLeastTLSv1_3(ctx->method->version)) || + (ssl != NULL && !IsAtLeastTLSv1_3(ssl->version))) { + /* Silently ignore TLS 1.3 ciphers if we don't support it. */ + return WOLFSSL_SUCCESS; + } } - local->type = type; - local->pkey_sz = (int)inSz; - local->pkcs8HeaderSz = pkcs8HeaderSz; - local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - if (local->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(local); - local = NULL; - return NULL; + /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */ + if (suites->suiteSz == 0) { + WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ"); + suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; } - else { - XMEMCPY(local->pkey.ptr, *in, inSz); +#ifdef WOLFSSL_SMALL_STACK + if (suites->suiteSz > 0) { + suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (suitesCpy == NULL) { + return WOLFSSL_FAILURE; + } + + XMEMSET(suitesCpy, 0, suites->suiteSz); } +#else + XMEMSET(suitesCpy, 0, sizeof(suitesCpy)); +#endif - switch (type) { -#ifndef NO_RSA - case EVP_PKEY_RSA: - opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC; - local->ownRsa = 1; - local->rsa = wolfssl_rsa_d2i(NULL, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, opt); - if (local->rsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* NO_RSA */ -#ifdef HAVE_ECC - case EVP_PKEY_EC: - local->ownEcc = 1; - local->ecc = wolfSSL_EC_KEY_new(); - if (local->ecc == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - opt = priv ? WOLFSSL_EC_KEY_LOAD_PRIVATE : - WOLFSSL_EC_KEY_LOAD_PUBLIC; - if (wolfSSL_EC_KEY_LoadDer_ex(local->ecc, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, - opt) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* HAVE_ECC */ -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) -#ifndef NO_DSA - case EVP_PKEY_DSA: - local->ownDsa = 1; - local->dsa = wolfSSL_DSA_new(); - if (local->dsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - opt = priv ? WOLFSSL_DSA_LOAD_PRIVATE : WOLFSSL_DSA_LOAD_PUBLIC; - if (wolfSSL_DSA_LoadDer_ex(local->dsa, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, - opt) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* NO_DSA */ -#ifndef NO_DH -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - case EVP_PKEY_DH: - local->ownDh = 1; - local->dh = wolfSSL_DH_new(); - if (local->dh == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - if (wolfSSL_DH_LoadDer(local->dh, - (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* HAVE_DH */ -#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ - default: - WOLFSSL_MSG("Unsupported key type"); - wolfSSL_EVP_PKEY_free(local); - return NULL; + if (suites->suiteSz > 0) + XMEMCPY(suitesCpy, suites->suites, suites->suiteSz); + suitesCpySz = suites->suiteSz; + + ret = SetCipherList_ex(ctx, ssl, suites, list); + if (ret != 1) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return WOLFSSL_FAILURE; } - /* advance pointer with success */ - if (local != NULL) { - if (local->pkey_sz <= (int)inSz) { - *in += local->pkey_sz; + for (i = 0; i < suitesCpySz && + suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) { + /* Check for duplicates */ + int duplicate = 0; + for (j = 0; j < suites->suiteSz; j += 2) { + if (suitesCpy[i] == suites->suites[j] && + suitesCpy[i+1] == suites->suites[j+1]) { + duplicate = 1; + break; + } } - - if (out != NULL) { - *out = local; + if (!duplicate) { + if (tls13Only) { + /* Updating TLS 1.3 ciphers */ + if (suitesCpy[i] != TLS13_BYTE) { + /* Only copy over <= TLS 1.2 ciphers */ + /* TLS 1.3 ciphers take precedence */ + suites->suites[suites->suiteSz++] = suitesCpy[i]; + suites->suites[suites->suiteSz++] = suitesCpy[i+1]; + } + } + else { + /* Updating <= TLS 1.2 ciphers */ + if (suitesCpy[i] == TLS13_BYTE) { + /* Only copy over TLS 1.3 ciphers */ + /* TLS 1.3 ciphers take precedence */ + XMEMMOVE(suites->suites + SUITE_LEN, suites->suites, + suites->suiteSz); + suites->suites[0] = suitesCpy[i]; + suites->suites[1] = suitesCpy[i+1]; + suites->suiteSz += 2; + } + } } } - return local; +#ifdef WOLFSSL_SMALL_STACK + XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz) +#endif + + +int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list) { - WOLFSSL_ENTER("wolfSSL_d2i_PublicKey"); + WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list"); - return _d2i_PublicKey(type, out, in, inSz, 0); + if (ctx == NULL) + return WOLFSSL_FAILURE; + + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; + +#ifdef OPENSSL_EXTRA + return wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list); +#else + return (SetCipherList(ctx, ctx->suites, list)) ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +#endif } -/* Reads in a DER format key. If PKCS8 headers are found they are stripped off. - * - * type type of key - * out newly created WOLFSSL_EVP_PKEY structure - * in pointer to input key DER - * inSz size of in buffer - * - * On success a non null pointer is returned and the pointer in is advanced the - * same number of bytes read. - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz) + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) +int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, + const int listSz) { - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); + WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list_bytes"); - return _d2i_PublicKey(type, out, in, inSz, 1); + if (ctx == NULL) + return WOLFSSL_FAILURE; + + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; + + return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } +#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ -#ifdef WOLF_PRIVATE_KEY_ID -/* Create an EVP structure for use with crypto callbacks */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, - void* heap, int devId) +int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list) { - WOLFSSL_EVP_PKEY* local; + WOLFSSL_ENTER("wolfSSL_set_cipher_list"); - if (out != NULL && *out != NULL) { - wolfSSL_EVP_PKEY_free(*out); - *out = NULL; + if (ssl == NULL || ssl->ctx == NULL) { + return WOLFSSL_FAILURE; } - local = wolfSSL_EVP_PKEY_new_ex(heap); - if (local == NULL) { - return NULL; + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; + +#ifdef OPENSSL_EXTRA + return wolfSSL_parse_cipher_list(NULL, ssl, ssl->suites, list); +#else + return (SetCipherList_ex(NULL, ssl, ssl->suites, list)) ? + WOLFSSL_SUCCESS : + WOLFSSL_FAILURE; +#endif +} + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) +int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list, + const int listSz) +{ + WOLFSSL_ENTER("wolfSSL_set_cipher_list_bytes"); + + if (ssl == NULL || ssl->ctx == NULL) { + return WOLFSSL_FAILURE; } - local->type = type; - local->pkey_sz = 0; - local->pkcs8HeaderSz = 0; + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; - switch (type) { -#ifndef NO_RSA - case EVP_PKEY_RSA: - { - RsaKey* key; - local->ownRsa = 1; - local->rsa = wolfSSL_RSA_new_ex(heap, devId); - if (local->rsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - key = (RsaKey*)local->rsa->internal; - #ifdef WOLF_CRYPTO_CB - key->devId = devId; - #endif - (void)key; - local->rsa->inSet = 1; - break; - } -#endif /* !NO_RSA */ -#ifdef HAVE_ECC - case EVP_PKEY_EC: - { - ecc_key* key; - local->ownEcc = 1; - local->ecc = wolfSSL_EC_KEY_new_ex(heap, devId); - if (local->ecc == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - key = (ecc_key*)local->ecc->internal; - #ifdef WOLF_CRYPTO_CB - key->devId = devId; - #endif - key->type = ECC_PRIVATEKEY; - /* key is required to have a key size / curve set, although - * actual one used is determined by devId callback function */ - wc_ecc_set_curve(key, ECDHE_SIZE, ECC_CURVE_DEF); + return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz)) + ? WOLFSSL_SUCCESS + : WOLFSSL_FAILURE; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ - local->ecc->inSet = 1; - break; - } -#endif /* HAVE_ECC */ - default: - WOLFSSL_MSG("Unsupported private key id type"); - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - if (local != NULL && out != NULL) { - *out = local; - } +#ifdef HAVE_KEYING_MATERIAL - return local; -} -#endif /* WOLF_PRIVATE_KEY_ID */ +#define TLS_PRF_LABEL_CLIENT_FINISHED "client finished" +#define TLS_PRF_LABEL_SERVER_FINISHED "server finished" +#define TLS_PRF_LABEL_MASTER_SECRET "master secret" +#define TLS_PRF_LABEL_EXT_MASTER_SECRET "extended master secret" +#define TLS_PRF_LABEL_KEY_EXPANSION "key expansion" -#ifndef NO_CERTS /* // NOLINT(readability-redundant-preprocessor) */ +static const struct ForbiddenLabels { + const char* label; + size_t labelLen; +} forbiddenLabels[] = { + {TLS_PRF_LABEL_CLIENT_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_CLIENT_FINISHED)}, + {TLS_PRF_LABEL_SERVER_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_SERVER_FINISHED)}, + {TLS_PRF_LABEL_MASTER_SECRET, XSTR_SIZEOF(TLS_PRF_LABEL_MASTER_SECRET)}, + {TLS_PRF_LABEL_EXT_MASTER_SECRET, + XSTR_SIZEOF(TLS_PRF_LABEL_EXT_MASTER_SECRET)}, + {TLS_PRF_LABEL_KEY_EXPANSION, XSTR_SIZEOF(TLS_PRF_LABEL_KEY_EXPANSION)}, + {NULL, 0}, +}; -#ifndef NO_CHECK_PRIVATE_KEY -/* Check private against public in certificate for match - * - * ssl WOLFSSL structure to check private key in - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched. */ -int wolfSSL_check_private_key(const WOLFSSL* ssl) +/** + * Implement RFC 5705 + * TLS 1.3 uses a different exporter definition (section 7.5 of RFC 8446) + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + */ +int wolfSSL_export_keying_material(WOLFSSL *ssl, + unsigned char *out, size_t outLen, + const char *label, size_t labelLen, + const unsigned char *context, size_t contextLen, + int use_context) { - if (ssl == NULL) { + byte* seed = NULL; + word32 seedLen; + const struct ForbiddenLabels* fl; + + WOLFSSL_ENTER("wolfSSL_export_keying_material"); + + if (ssl == NULL || out == NULL || label == NULL || + (use_context && contextLen && context == NULL)) { + WOLFSSL_MSG("Bad argument"); return WOLFSSL_FAILURE; } -#ifdef WOLFSSL_DUAL_ALG_CERTS - return check_cert_key(ssl->buffers.certificate, ssl->buffers.key, - ssl->buffers.altKey, ssl->heap, ssl->buffers.keyDevId, - ssl->buffers.keyLabel, ssl->buffers.keyId, ssl->buffers.altKeyDevId, - ssl->buffers.altKeyLabel, ssl->buffers.altKeyId); -#else - return check_cert_key(ssl->buffers.certificate, ssl->buffers.key, NULL, - ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel, - ssl->buffers.keyId, INVALID_DEVID, 0, 0); -#endif -} -#endif /* !NO_CHECK_PRIVATE_KEY */ -#endif /* !NO_CERTS */ + /* clientRandom + serverRandom + * OR + * clientRandom + serverRandom + ctx len encoding + ctx */ + seedLen = !use_context ? (word32)SEED_LEN : + (word32)SEED_LEN + 2 + (word32)contextLen; -int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) -{ - WOLFSSL_ENTER("wolfSSL_use_PrivateKey"); - if (ssl == NULL || pkey == NULL ) { + if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + WOLFSSL_MSG("To export keying material wolfSSL needs to keep handshake " + "data. Call wolfSSL_KeepArrays before attempting to " + "export keyid material."); return WOLFSSL_FAILURE; } - return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1); -} + /* check forbidden labels */ + for (fl = &forbiddenLabels[0]; fl->label != NULL; fl++) { + if (labelLen >= fl->labelLen && + XMEMCMP(label, fl->label, fl->labelLen) == 0) { + WOLFSSL_MSG("Forbidden label"); + return WOLFSSL_FAILURE; + } + } +#ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->version)) { + /* Path for TLS 1.3 */ + if (!use_context) { + contextLen = 0; + context = (byte*)""; /* Give valid pointer for 0 length memcpy */ + } -int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der, - long derSz) -{ - WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1"); - if (ssl == NULL || der == NULL ) { - return WOLFSSL_FAILURE; + if (Tls13_Exporter(ssl, out, (word32)outLen, label, labelLen, + context, contextLen) != 0) { + WOLFSSL_MSG("Tls13_Exporter error"); + return WOLFSSL_FAILURE; + } + return WOLFSSL_SUCCESS; } +#endif - (void)pri; /* type of private key */ - return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1); -} -/****************************************************************************** -* wolfSSL_CTX_use_PrivateKey_ASN1 - loads a private key buffer into the SSL ctx -* -* RETURNS: -* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE -*/ - -int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, - unsigned char* der, long derSz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1"); - if (ctx == NULL || der == NULL ) { + /* Path for <=TLS 1.2 */ + seed = (byte*)XMALLOC(seedLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (seed == NULL) { + WOLFSSL_MSG("malloc error"); return WOLFSSL_FAILURE; } - (void)pri; /* type of private key */ - return wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1); -} + XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); + XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); + if (use_context) { + /* Encode len in big endian */ + seed[SEED_LEN ] = (contextLen >> 8) & 0xFF; + seed[SEED_LEN + 1] = (contextLen) & 0xFF; + if (contextLen) { + /* 0 length context is allowed */ + XMEMCPY(seed + SEED_LEN + 2, context, contextLen); + } + } -#ifndef NO_RSA -int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz) -{ - WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1"); - if (ssl == NULL || der == NULL ) { + PRIVATE_KEY_UNLOCK(); + if (wc_PRF_TLS(out, (word32)outLen, ssl->arrays->masterSecret, SECRET_LEN, + (byte*)label, (word32)labelLen, seed, seedLen, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, ssl->heap, + ssl->devId) != 0) { + WOLFSSL_MSG("wc_PRF_TLS error"); + PRIVATE_KEY_LOCK(); + XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } + PRIVATE_KEY_LOCK(); - return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1); + XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_SUCCESS; } -#endif +#endif /* HAVE_KEYING_MATERIAL */ -int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) +int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl) { - long idx = 0; + int useNb = 0; - WOLFSSL_ENTER("wolfSSL_use_certificate"); - if (x509 != NULL && ssl != NULL && x509->derCert != NULL) { - if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, - WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0, - GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; - } - } + if (ssl == NULL) + return WOLFSSL_FAILURE; - (void)idx; - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock"); + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + useNb = ssl->options.dtlsUseNonblock; +#endif + } + else { + WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } + return useNb; } -#endif /* OPENSSL_EXTRA */ -#if defined(HAVE_RPK) -/* Confirm that all the byte data in the buffer is unique. - * return 1 if all the byte data in the buffer is unique, otherwise 0. - */ -static int isArrayUnique(const char* buf, size_t len) -{ - size_t i, j; - /* check the array is unique */ - for (i = 0; i < len -1; ++i) { - for (j = i+ 1; j < len; ++j) { - if (buf[i] == buf[j]) { - return 0; - } - } - } - return 1; -} +#ifndef WOLFSSL_LEANPSK -/* Set user preference for the client_cert_type exetnsion. - * Takes byte array containing cert types the caller can provide to its peer. - * Cert types are in preferred order in the array. - */ -WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, - const char* buf, int bufLen) +void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock) { - int i; + (void)nonblock; - if (ctx == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) { - return BAD_FUNC_ARG; - } + WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock"); - /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ - if (buf == NULL || bufLen == 0) { - ctx->rpkConfig.preferred_ClientCertTypeCnt = 1; - ctx->rpkConfig.preferred_ClientCertTypes[0]= WOLFSSL_CERT_TYPE_X509; - ctx->rpkConfig.preferred_ClientCertTypes[1]= WOLFSSL_CERT_TYPE_X509; - return WOLFSSL_SUCCESS; + if (ssl == NULL) + return; + + if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS + ssl->options.dtlsUseNonblock = (nonblock != 0); +#endif } + else { + WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is " + "DEPRECATED for non-DTLS use."); + } +} - if (!isArrayUnique(buf, bufLen)) - return BAD_FUNC_ARG; - for (i = 0; i < bufLen; i++){ - if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) - return BAD_FUNC_ARG; +#ifdef WOLFSSL_DTLS - ctx->rpkConfig.preferred_ClientCertTypes[i] = buf[i]; - } - ctx->rpkConfig.preferred_ClientCertTypeCnt = bufLen; +int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) +{ + int timeout = 0; + if (ssl) + timeout = ssl->dtls_timeout; - return WOLFSSL_SUCCESS; + WOLFSSL_LEAVE("wolfSSL_dtls_get_current_timeout", timeout); + return timeout; } -/* Set user preference for the server_cert_type exetnsion. - * Takes byte array containing cert types the caller can provide to its peer. - * Cert types are in preferred order in the array. +#ifdef WOLFSSL_DTLS13 + +/* + * This API returns 1 when the user should set a short timeout for receiving + * data. It is recommended that it is at most 1/4 the value returned by + * wolfSSL_dtls_get_current_timeout(). */ -WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, - const char* buf, int bufLen) +int wolfSSL_dtls13_use_quick_timeout(WOLFSSL* ssl) { - int i; - - if (ctx == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) { - return BAD_FUNC_ARG; - } - - /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ - if (buf == NULL || bufLen == 0) { - ctx->rpkConfig.preferred_ServerCertTypeCnt = 1; - ctx->rpkConfig.preferred_ServerCertTypes[0]= WOLFSSL_CERT_TYPE_X509; - ctx->rpkConfig.preferred_ServerCertTypes[1]= WOLFSSL_CERT_TYPE_X509; - return WOLFSSL_SUCCESS; - } - - if (!isArrayUnique(buf, bufLen)) - return BAD_FUNC_ARG; + return ssl->dtls13FastTimeout; +} - for (i = 0; i < bufLen; i++){ - if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) - return BAD_FUNC_ARG; +/* + * When this is set, a DTLS 1.3 connection will send acks immediately when a + * disruption is detected to shortcut timeouts. This results in potentially + * more traffic but may make the handshake quicker. + */ +void wolfSSL_dtls13_set_send_more_acks(WOLFSSL* ssl, int value) +{ + if (ssl != NULL) + ssl->options.dtls13SendMoreAcks = !!value; +} +#endif /* WOLFSSL_DTLS13 */ - ctx->rpkConfig.preferred_ServerCertTypes[i] = buf[i]; +int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, WOLFSSL_TIMEVAL* timeleft) +{ + if (ssl && timeleft) { + XMEMSET(timeleft, 0, sizeof(WOLFSSL_TIMEVAL)); + timeleft->tv_sec = ssl->dtls_timeout; } - ctx->rpkConfig.preferred_ServerCertTypeCnt = bufLen; + return 0; +} - return WOLFSSL_SUCCESS; +#ifndef NO_WOLFSSL_STUB +int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl) +{ + WOLFSSL_STUB("SSL_DTLSv1_handle_timeout"); + (void)ssl; + return 0; } +#endif -/* Set user preference for the client_cert_type exetnsion. - * Takes byte array containing cert types the caller can provide to its peer. - * Cert types are in preferred order in the array. - */ -WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl, - const char* buf, int bufLen) +#ifndef NO_WOLFSSL_STUB +void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, + word32 duration_ms) { - int i; + WOLFSSL_STUB("SSL_DTLSv1_set_initial_timeout_duration"); + (void)ssl; + (void)duration_ms; +} +#endif - if (ssl == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) { +/* user may need to alter init dtls recv timeout, WOLFSSL_SUCCESS on ok */ +int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout) +{ + if (ssl == NULL || timeout < 0) return BAD_FUNC_ARG; - } - - /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ - if (buf == NULL || bufLen == 0) { - ssl->options.rpkConfig.preferred_ClientCertTypeCnt = 1; - ssl->options.rpkConfig.preferred_ClientCertTypes[0] - = WOLFSSL_CERT_TYPE_X509; - ssl->options.rpkConfig.preferred_ClientCertTypes[1] - = WOLFSSL_CERT_TYPE_X509; - return WOLFSSL_SUCCESS; - } - if (!isArrayUnique(buf, bufLen)) + if (timeout > ssl->dtls_timeout_max) { + WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout " + "max"); return BAD_FUNC_ARG; - - for (i = 0; i < bufLen; i++){ - if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) - return BAD_FUNC_ARG; - - ssl->options.rpkConfig.preferred_ClientCertTypes[i] = buf[i]; } - ssl->options.rpkConfig.preferred_ClientCertTypeCnt = bufLen; + + ssl->dtls_timeout_init = timeout; + ssl->dtls_timeout = timeout; return WOLFSSL_SUCCESS; } -/* Set user preference for the server_cert_type exetnsion. - * Takes byte array containing cert types the caller can provide to its peer. - * Cert types are in preferred order in the array. - */ -WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl, - const char* buf, int bufLen) -{ - int i; - if (ssl == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) { +/* user may need to alter max dtls recv timeout, WOLFSSL_SUCCESS on ok */ +int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout) +{ + if (ssl == NULL || timeout < 0) return BAD_FUNC_ARG; - } - - /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/ - if (buf == NULL || bufLen == 0) { - ssl->options.rpkConfig.preferred_ServerCertTypeCnt = 1; - ssl->options.rpkConfig.preferred_ServerCertTypes[0] - = WOLFSSL_CERT_TYPE_X509; - ssl->options.rpkConfig.preferred_ServerCertTypes[1] - = WOLFSSL_CERT_TYPE_X509; - return WOLFSSL_SUCCESS; - } - if (!isArrayUnique(buf, bufLen)) + if (timeout < ssl->dtls_timeout_init) { + WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init"); return BAD_FUNC_ARG; - - for (i = 0; i < bufLen; i++){ - if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) - return BAD_FUNC_ARG; - - ssl->options.rpkConfig.preferred_ServerCertTypes[i] = buf[i]; } - ssl->options.rpkConfig.preferred_ServerCertTypeCnt = bufLen; + + ssl->dtls_timeout_max = timeout; return WOLFSSL_SUCCESS; } -/* get negotiated certificate type value and return it to the second parameter. - * cert type value: - * -1: WOLFSSL_CERT_TYPE_UNKNOWN - * 0: WOLFSSL_CERT_TYPE_X509 - * 2: WOLFSSL_CERT_TYPE_RPK - * return WOLFSSL_SUCCESS on success, otherwise negative value. - * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for - * cert type. - */ -WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) -{ - int ret = WOLFSSL_SUCCESS; - - if (ssl == NULL || tp == NULL) - return BAD_FUNC_ARG; - - if (ssl->options.side == WOLFSSL_CLIENT_END) { - if (ssl->options.rpkState.received_ClientCertTypeCnt == 1) - *tp = ssl->options.rpkState.received_ClientCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - else { - if (ssl->options.rpkState.sending_ClientCertTypeCnt == 1) - *tp = ssl->options.rpkState.sending_ClientCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - return ret; -} -/* get negotiated certificate type value and return it to the second parameter. - * cert type value: - * -1: WOLFSSL_CERT_TYPE_UNKNOWN - * 0: WOLFSSL_CERT_TYPE_X509 - * 2: WOLFSSL_CERT_TYPE_RPK - * return WOLFSSL_SUCCESS on success, otherwise negative value. - * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for - * cert type. - */ -WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) +int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) { - int ret = WOLFSSL_SUCCESS; - - if (ssl == NULL || tp == NULL) - return BAD_FUNC_ARG; + int result = WOLFSSL_SUCCESS; + WOLFSSL_ENTER("wolfSSL_dtls_got_timeout"); - if (ssl->options.side == WOLFSSL_CLIENT_END) { - if (ssl->options.rpkState.received_ServerCertTypeCnt == 1) - *tp = ssl->options.rpkState.received_ServerCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - else { - if (ssl->options.rpkState.sending_ServerCertTypeCnt == 1) - *tp = ssl->options.rpkState.sending_ServerCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - return ret; -} + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; -#endif /* HAVE_RPK */ +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { + result = Dtls13RtxTimeout(ssl); + if (result < 0) { + if (result == WANT_WRITE) + ssl->dtls13SendingAckOrRtx = 1; + ssl->error = result; + WOLFSSL_ERROR(result); + return WOLFSSL_FATAL_ERROR; + } -int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, - int derSz) -{ - long idx = 0; + return WOLFSSL_SUCCESS; + } +#endif /* WOLFSSL_DTLS13 */ - WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1"); - if (der != NULL && ssl != NULL) { - if (ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, - ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { + if (DtlsMsgPoolTimeout(ssl) < 0){ + ssl->error = SOCKET_ERROR_E; + WOLFSSL_ERROR(ssl->error); + result = WOLFSSL_FATAL_ERROR; + } + else if ((result = DtlsMsgPoolSend(ssl, 0)) < 0) { + ssl->error = result; + WOLFSSL_ERROR(result); + result = WOLFSSL_FATAL_ERROR; + } + else { + /* Reset return value to success */ + result = WOLFSSL_SUCCESS; } } - (void)idx; - return WOLFSSL_FAILURE; + WOLFSSL_LEAVE("wolfSSL_dtls_got_timeout", result); + return result; } -#ifndef NO_FILESYSTEM -WOLFSSL_ABI -int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) +/* retransmit all the saves messages, WOLFSSL_SUCCESS on ok */ +int wolfSSL_dtls_retransmit(WOLFSSL* ssl) { - WOLFSSL_ENTER("wolfSSL_use_certificate_file"); + WOLFSSL_ENTER("wolfSSL_dtls_retransmit"); - if (ssl == NULL) { - return BAD_FUNC_ARG; - } + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; - if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, - ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if (!ssl->options.handShakeDone) { + int result = DtlsMsgPoolSend(ssl, 0); + if (result < 0) { + ssl->error = result; + WOLFSSL_ERROR(result); + return WOLFSSL_FATAL_ERROR; + } } - return WOLFSSL_FAILURE; + return 0; } +#endif /* DTLS */ +#endif /* LEANPSK */ -WOLFSSL_ABI -int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format) + +#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) + +/* Not an SSL function, return 0 for success, error code otherwise */ +/* Prereq: ssl's RNG needs to be initialized. */ +int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, + const byte* secret, word32 secretSz) { - WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file"); + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret"); if (ssl == NULL) { + WOLFSSL_MSG("need a SSL object"); return BAD_FUNC_ARG; } - if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, - ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + if (secret != NULL && secretSz == 0) { + WOLFSSL_MSG("can't have a new secret without a size"); + return BAD_FUNC_ARG; } - return WOLFSSL_FAILURE; -} + /* If secretSz is 0, use the default size. */ + if (secretSz == 0) + secretSz = COOKIE_SECRET_SZ; + if (secretSz != ssl->buffers.dtlsCookieSecret.length) { + byte* newSecret; -WOLFSSL_ABI -int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) -{ - /* process up to MAX_CHAIN_DEPTH plus subject cert */ - WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file"); + if (ssl->buffers.dtlsCookieSecret.buffer != NULL) { + ForceZero(ssl->buffers.dtlsCookieSecret.buffer, + ssl->buffers.dtlsCookieSecret.length); + XFREE(ssl->buffers.dtlsCookieSecret.buffer, + ssl->heap, DYNAMIC_TYPE_COOKIE_PWD); + } - if (ssl == NULL) { - return BAD_FUNC_ARG; + newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD); + if (newSecret == NULL) { + ssl->buffers.dtlsCookieSecret.buffer = NULL; + ssl->buffers.dtlsCookieSecret.length = 0; + WOLFSSL_MSG("couldn't allocate new cookie secret"); + return MEMORY_ERROR; + } + ssl->buffers.dtlsCookieSecret.buffer = newSecret; + ssl->buffers.dtlsCookieSecret.length = secretSz; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wolfSSL_DTLS_SetCookieSecret secret", + ssl->buffers.dtlsCookieSecret.buffer, + ssl->buffers.dtlsCookieSecret.length); + #endif } - if (ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, - ssl, 1, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; + /* If the supplied secret is NULL, randomly generate a new secret. */ + if (secret == NULL) { + ret = wc_RNG_GenerateBlock(ssl->rng, + ssl->buffers.dtlsCookieSecret.buffer, secretSz); } + else + XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz); - return WOLFSSL_FAILURE; + WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0); + return ret; } -int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file, - int format) -{ - /* process up to MAX_CHAIN_DEPTH plus subject cert */ - WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format"); +#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ - if (ssl == NULL) { - return BAD_FUNC_ARG; - } - if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, - NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; +/* EITHER SIDE METHODS */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + WOLFSSL_METHOD* wolfSSLv23_method(void) + { + return wolfSSLv23_method_ex(NULL); } - return WOLFSSL_FAILURE; -} - -#endif /* !NO_FILESYSTEM */ - -#ifdef HAVE_ECC - -/* Set Temp CTX EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ -int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz) -{ - if (ctx == NULL) - return BAD_FUNC_ARG; + WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap) + { + WOLFSSL_METHOD* m = NULL; + WOLFSSL_ENTER("wolfSSLv23_method"); + #if !defined(NO_WOLFSSL_CLIENT) + m = wolfSSLv23_client_method_ex(heap); + #elif !defined(NO_WOLFSSL_SERVER) + m = wolfSSLv23_server_method_ex(heap); + #else + (void)heap; + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } - /* if 0 then get from loaded private key */ - if (sz == 0) { - /* applies only to ECDSA */ - if (ctx->privateKeyType != ecc_dsa_sa_algo) - return WOLFSSL_SUCCESS; + return m; + } - if (ctx->privateKeySz == 0) { - WOLFSSL_MSG("Must set private key/cert first"); - return BAD_FUNC_ARG; + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + WOLFSSL_METHOD* wolfSSLv3_method(void) + { + return wolfSSLv3_method_ex(NULL); + } + WOLFSSL_METHOD* wolfSSLv3_method_ex(void* heap) + { + WOLFSSL_METHOD* m = NULL; + WOLFSSL_ENTER("wolfSSLv3_method_ex"); + #if !defined(NO_WOLFSSL_CLIENT) + m = wolfSSLv3_client_method_ex(heap); + #elif !defined(NO_WOLFSSL_SERVER) + m = wolfSSLv3_server_method_ex(heap); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; } - sz = (word16)ctx->privateKeySz; + return m; } + #endif + #endif +#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - /* check size */ -#if ECC_MIN_KEY_SZ > 0 - if (sz < ECC_MINSIZE) - return BAD_FUNC_ARG; -#endif - if (sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; - - ctx->eccTempKeySz = sz; +/* client only parts */ +#ifndef NO_WOLFSSL_CLIENT - return WOLFSSL_SUCCESS; -} + #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv2_client_method(void) + { + WOLFSSL_STUB("wolfSSLv2_client_method"); + return NULL; + } + #endif + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv3_client_method(void) + { + return wolfSSLv3_client_method_ex(NULL); + } + WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + (void)heap; + WOLFSSL_ENTER("wolfSSLv3_client_method_ex"); + if (method) + InitSSL_Method(method, MakeSSLv3()); + return method; + } + #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ -/* Set Temp SSL EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ -int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - /* check size */ -#if ECC_MIN_KEY_SZ > 0 - if (sz < ECC_MINSIZE) - return BAD_FUNC_ARG; -#endif - if (sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; + WOLFSSL_METHOD* wolfSSLv23_client_method(void) + { + return wolfSSLv23_client_method_ex(NULL); + } + WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + (void)heap; + WOLFSSL_ENTER("wolfSSLv23_client_method_ex"); + if (method) { + #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512) + #if defined(WOLFSSL_TLS13) + InitSSL_Method(method, MakeTLSv1_3()); + #elif !defined(WOLFSSL_NO_TLS12) + InitSSL_Method(method, MakeTLSv1_2()); + #elif !defined(NO_OLD_TLS) + InitSSL_Method(method, MakeTLSv1_1()); + #endif + #else + #ifndef NO_OLD_TLS + InitSSL_Method(method, MakeTLSv1_1()); + #endif + #endif + #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) + method->downgrade = 1; + #endif + } + return method; + } - ssl->eccTempKeySz = sz; + /* please see note at top of README if you get an error from connect */ + WOLFSSL_ABI + int wolfSSL_connect(WOLFSSL* ssl) + { + #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \ + defined(WOLFSSL_TLS13)) + int neededState; + byte advanceState; + #endif + int ret = 0; - return WOLFSSL_SUCCESS; -} + (void)ret; -#endif /* HAVE_ECC */ + #ifdef HAVE_ERRNO_H + errno = 0; + #endif + if (ssl == NULL) + return BAD_FUNC_ARG; -#ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (ssl->options.side == WOLFSSL_NEITHER_END) { + ssl->error = InitSSL_Side(ssl, WOLFSSL_CLIENT_END); + if (ssl->error != WOLFSSL_SUCCESS) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->error = 0; /* expected to be zero here */ + } -#ifndef NO_FILESYSTEM -int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file, - int format) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey_file"); + #ifdef OPENSSL_EXTRA + if (ssl->CBIS != NULL) { + ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS); + ssl->cbmode = SSL_CB_WRITE; + } + #endif + #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format); -} + #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \ + defined(WOLFSSL_TLS13) + return wolfSSL_connect_TLSv13(ssl); + #else + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) { + WOLFSSL_MSG("TLS 1.3"); + return wolfSSL_connect_TLSv13(ssl); + } + #endif + WOLFSSL_MSG("TLS 1.2 or lower"); + WOLFSSL_ENTER("wolfSSL_connect"); -int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format) -{ - WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file"); + /* make sure this wolfSSL object has arrays and rng setup. Protects + * case where the WOLFSSL object is reused via wolfSSL_clear() */ + if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { + return ret; + } - return wolfSSL_use_PrivateKey_file(ssl, file, format); -} -#endif /* NO_FILESYSTEM */ +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + if ((ssl->ConnectFilter != NULL) && + (ssl->options.connectState == CONNECT_BEGIN)) { + wolfSSL_netfilter_decision_t res; + if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) == + WOLFSSL_SUCCESS) && + (res == WOLFSSL_NETFILTER_REJECT)) { + ssl->error = SOCKET_FILTERED_E; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ + if (ssl->options.side != WOLFSSL_CLIENT_END) { + ssl->error = SIDE_ERROR; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } -/* Copies the master secret over to out buffer. If outSz is 0 returns the size - * of master secret. - * - * ses : a session from completed TLS/SSL handshake - * out : buffer to hold copy of master secret - * outSz : size of out buffer - * returns : number of bytes copied into out buffer on success - * less then or equal to 0 is considered a failure case - */ -int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, - unsigned char* out, int outSz) -{ - int size; - - ses = ClientSessionToSession(ses); - - if (outSz == 0) { - return SECRET_LEN; - } - - if (ses == NULL || out == NULL || outSz < 0) { - return 0; - } - - if (outSz > SECRET_LEN) { - size = SECRET_LEN; - } - else { - size = outSz; - } + #ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + ssl->options.dtls = 1; + ssl->options.tls = 1; + ssl->options.tls1_1 = 1; + ssl->options.dtlsStateful = 1; + } + #endif - XMEMCPY(out, ses->masterSecret, size); - return size; -} + /* fragOffset is non-zero when sending fragments. On the last + * fragment, fragOffset is zero again, and the state can be + * advanced. */ + advanceState = ssl->fragOffset == 0 && + (ssl->options.connectState == CONNECT_BEGIN || + ssl->options.connectState == HELLO_AGAIN || + (ssl->options.connectState >= FIRST_REPLY_DONE && + ssl->options.connectState <= FIRST_REPLY_FOURTH)); +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) + advanceState = advanceState && !ssl->dtls13SendingAckOrRtx; +#endif /* WOLFSSL_DTLS13 */ -int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses) -{ - (void)ses; - return SECRET_LEN; -} + if (ssl->buffers.outputBuffer.length > 0 + #ifdef WOLFSSL_ASYNC_CRYPT + /* do not send buffered or advance state if last error was an + async pending operation */ + && ssl->error != WC_PENDING_E + #endif + ) { + ret = SendBuffered(ssl); + if (ret == 0) { + if (ssl->fragOffset == 0 && !ssl->options.buildingMsg) { + if (advanceState) { + ssl->options.connectState++; + WOLFSSL_MSG("connect state: Advanced from last " + "buffered fragment send"); + #ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #endif + } + } + else { + WOLFSSL_MSG("connect state: " + "Not advanced, more fragments to send"); + } + } + else { + ssl->error = ret; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) + ssl->dtls13SendingAckOrRtx = 0; +#endif /* WOLFSSL_DTLS13 */ + } -#ifdef WOLFSSL_EARLY_DATA -unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session) -{ - return session->maxEarlyDataSz; -} -#endif /* WOLFSSL_EARLY_DATA */ + ret = RetrySendAlert(ssl); + if (ret != 0) { + ssl->error = ret; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } -#endif /* OPENSSL_EXTRA */ + switch (ssl->options.connectState) { -typedef struct { - byte verifyPeer:1; - byte verifyNone:1; - byte failNoCert:1; - byte failNoCertxPSK:1; - byte verifyPostHandshake:1; -} SetVerifyOptions; + case CONNECT_BEGIN : + /* always send client hello first */ + if ( (ssl->error = SendClientHello(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.connectState = CLIENT_HELLO_SENT; + WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT"); + FALL_THROUGH; -static SetVerifyOptions ModeToVerifyOptions(int mode) -{ - SetVerifyOptions opts; - XMEMSET(&opts, 0, sizeof(SetVerifyOptions)); + case CLIENT_HELLO_SENT : + neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : + SERVER_HELLODONE_COMPLETE; + #ifdef WOLFSSL_DTLS + /* In DTLS, when resuming, we can go straight to FINISHED, + * or do a cookie exchange and then skip to FINISHED, assume + * we need the cookie exchange first. */ + if (IsDtlsNotSctpMode(ssl)) + neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; + #endif + /* get response */ + WOLFSSL_MSG("Server state up to needed state."); + while (ssl->options.serverState < neededState) { + WOLFSSL_MSG("Progressing server state..."); + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif + WOLFSSL_MSG("ProcessReply..."); + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + /* if resumption failed, reset needed state */ + else if (neededState == SERVER_FINISHED_COMPLETE) { + if (!ssl->options.resuming) { + #ifdef WOLFSSL_DTLS + if (IsDtlsNotSctpMode(ssl)) + neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; + else + #endif + neededState = SERVER_HELLODONE_COMPLETE; + } + } + WOLFSSL_MSG("ProcessReply done."); - if (mode != WOLFSSL_VERIFY_DEFAULT) { - opts.verifyNone = (mode == WOLFSSL_VERIFY_NONE); - if (!opts.verifyNone) { - opts.verifyPeer = - (mode & WOLFSSL_VERIFY_PEER) != 0; - opts.failNoCertxPSK = - (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) != 0; - opts.failNoCert = - (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) != 0; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - opts.verifyPostHandshake = - (mode & WOLFSSL_VERIFY_POST_HANDSHAKE) != 0; -#endif - } - } +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version) + && ssl->dtls13Rtx.sendAcks == 1 + && ssl->options.seenUnifiedHdr) { + /* we aren't negotiated the version yet, so we aren't sure + * the other end can speak v1.3. On the other side we have + * received a unified records, assuming that the + * ServerHello got lost, we will send an empty ACK. In case + * the server is a DTLS with version less than 1.3, it + * should just ignore the message */ + ssl->dtls13Rtx.sendAcks = 0; + if ((ssl->error = SendDtls13Ack(ssl)) < 0) { + if (ssl->error == WANT_WRITE) + ssl->dtls13SendingAckOrRtx = 1; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* WOLFSSL_DTLS13 */ + } - return opts; -} + ssl->options.connectState = HELLO_AGAIN; + WOLFSSL_MSG("connect state: HELLO_AGAIN"); + FALL_THROUGH; -WOLFSSL_ABI -void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc) -{ - SetVerifyOptions opts; + case HELLO_AGAIN : - WOLFSSL_ENTER("wolfSSL_CTX_set_verify"); - if (ctx == NULL) - return; + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif - opts = ModeToVerifyOptions(mode); + #ifdef WOLFSSL_DTLS + if (ssl->options.serverState == + SERVER_HELLOVERIFYREQUEST_COMPLETE) { + if (IsDtlsNotSctpMode(ssl)) { + /* re-init hashes, exclude first hello and verify request */ + if ((ssl->error = InitHandshakeHashes(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + if ( (ssl->error = SendClientHello(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } + } + #endif - ctx->verifyNone = opts.verifyNone; - ctx->verifyPeer = opts.verifyPeer; - ctx->failNoCert = opts.failNoCert; - ctx->failNoCertxPSK = opts.failNoCertxPSK; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - ctx->verifyPostHandshake = opts.verifyPostHandshake; -#endif + ssl->options.connectState = HELLO_AGAIN_REPLY; + WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY"); + FALL_THROUGH; - ctx->verifyCallback = vc; -} + case HELLO_AGAIN_REPLY : + #ifdef WOLFSSL_DTLS + if (IsDtlsNotSctpMode(ssl)) { + neededState = ssl->options.resuming ? + SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE; -#ifdef OPENSSL_ALL -void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, - CertVerifyCallback cb, void* arg) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_cert_verify_callback"); - if (ctx == NULL) - return; + /* get response */ + while (ssl->options.serverState < neededState) { + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + /* if resumption failed, reset needed state */ + if (neededState == SERVER_FINISHED_COMPLETE) { + if (!ssl->options.resuming) + neededState = SERVER_HELLODONE_COMPLETE; + } + } + } + #endif - ctx->verifyCertCb = cb; - ctx->verifyCertCbArg = arg; -} -#endif + ssl->options.connectState = FIRST_REPLY_DONE; + WOLFSSL_MSG("connect state: FIRST_REPLY_DONE"); + FALL_THROUGH; + case FIRST_REPLY_DONE : + if (ssl->options.certOnly) + return WOLFSSL_SUCCESS; + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif + if (ssl->options.sendVerify) { + if ( (ssl->error = SendCertificate(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + WOLFSSL_MSG("sent: certificate"); + } -void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc) -{ - SetVerifyOptions opts; - - WOLFSSL_ENTER("wolfSSL_set_verify"); - if (ssl == NULL) - return; - - opts = ModeToVerifyOptions(mode); + #endif + ssl->options.connectState = FIRST_REPLY_FIRST; + WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST"); + FALL_THROUGH; - ssl->options.verifyNone = opts.verifyNone; - ssl->options.verifyPeer = opts.verifyPeer; - ssl->options.failNoCert = opts.failNoCert; - ssl->options.failNoCertxPSK = opts.failNoCertxPSK; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - ssl->options.verifyPostHandshake = opts.verifyPostHandshake; + case FIRST_REPLY_FIRST : + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_connect_TLSv13(ssl); + #endif + if (!ssl->options.resuming) { + if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif +#ifdef WOLFSSL_EXTRA_ALERTS + if (ssl->error == NO_PEER_KEY || + ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) { + SendAlert(ssl, alert_fatal, handshake_failure); + } #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + WOLFSSL_MSG("sent: client key exchange"); + } - ssl->verifyCallback = vc; -} - -void wolfSSL_set_verify_result(WOLFSSL *ssl, long v) -{ - WOLFSSL_ENTER("wolfSSL_set_verify_result"); - - if (ssl == NULL) - return; + ssl->options.connectState = FIRST_REPLY_SECOND; + WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND"); + FALL_THROUGH; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(OPENSSL_ALL) - ssl->peerVerifyRet = v; -#else - (void)v; - WOLFSSL_STUB("wolfSSL_set_verify_result"); -#endif -} + #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + case FIRST_REPLY_SECOND : + /* CLIENT: Fail-safe for Server Authentication. */ + if (!ssl->options.peerAuthGood) { + WOLFSSL_MSG("Server authentication did not happen"); + ssl->error = NO_PEER_VERIFY; + return WOLFSSL_FATAL_ERROR; + } -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) -/* For TLS v1.3 send handshake messages after handshake completes. */ -/* Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */ -int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl) -{ - int ret = wolfSSL_request_certificate(ssl); - if (ret != WOLFSSL_SUCCESS) { - if (!IsAtLeastTLSv1_3(ssl->version)) { - /* specific error of wrong version expected */ - WOLFSSL_ERROR(UNSUPPORTED_PROTO_VERSION); + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) + if (ssl->options.sendVerify) { + if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + WOLFSSL_MSG("sent: certificate verify"); + } + #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ + ssl->options.connectState = FIRST_REPLY_THIRD; + WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); + FALL_THROUGH; - } - else { - WOLFSSL_ERROR(ret); /* log the error in the error queue */ - } - } - return (ret == WOLFSSL_SUCCESS) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} + case FIRST_REPLY_THIRD : + if ( (ssl->error = SendChangeCipher(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + WOLFSSL_MSG("sent: change cipher spec"); + ssl->options.connectState = FIRST_REPLY_FOURTH; + WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH"); + FALL_THROUGH; -int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val) -{ - int ret = wolfSSL_CTX_allow_post_handshake_auth(ctx); - if (ret == 0) { - ctx->postHandshakeAuth = (val != 0); - } - return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val) -{ - int ret = wolfSSL_allow_post_handshake_auth(ssl); - if (ret == 0) { - ssl->options.postHandshakeAuth = (val != 0); - } - return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */ + case FIRST_REPLY_FOURTH : + if ( (ssl->error = SendFinished(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + WOLFSSL_MSG("sent: finished"); + ssl->options.connectState = FINISHED_DONE; + WOLFSSL_MSG("connect state: FINISHED_DONE"); + FALL_THROUGH; -/* store user ctx for verify callback */ -void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx) -{ - WOLFSSL_ENTER("wolfSSL_SetCertCbCtx"); - if (ssl) - ssl->verifyCbCtx = ctx; -} +#ifdef WOLFSSL_DTLS13 + case WAIT_FINISHED_ACK: + ssl->options.connectState = FINISHED_DONE; + FALL_THROUGH; +#endif /* WOLFSSL_DTLS13 */ + case FINISHED_DONE : + /* get response */ + while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } -/* store user ctx for verify callback */ -void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCertCbCtx"); - if (ctx) - ctx->verifyCbCtx = userCtx; -} + ssl->options.connectState = SECOND_REPLY_DONE; + WOLFSSL_MSG("connect state: SECOND_REPLY_DONE"); + FALL_THROUGH; + case SECOND_REPLY_DONE: + #ifndef NO_HANDSHAKE_DONE_CB + if (ssl->hsDoneCb) { + int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); + if (cbret < 0) { + ssl->error = cbret; + WOLFSSL_MSG("HandShake Done Cb don't continue error"); + return WOLFSSL_FATAL_ERROR; + } + } + #endif /* NO_HANDSHAKE_DONE_CB */ -/* store context CA Cache addition callback */ -void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb) -{ - if (ctx && ctx->cm) - ctx->cm->caCacheCallback = cb; -} + if (!ssl->options.dtls) { + if (!ssl->options.keepResources) { + FreeHandshakeResources(ssl); + } + } + #ifdef WOLFSSL_DTLS + else { + ssl->options.dtlsHsRetain = 1; + } + #endif /* WOLFSSL_DTLS */ + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION) + /* This may be necessary in async so that we don't try to + * renegotiate again */ + if (ssl->secure_renegotiation && + ssl->secure_renegotiation->startScr) { + ssl->secure_renegotiation->startScr = 0; + } + #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ + #if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); + #endif -#if defined(PERSIST_CERT_CACHE) + ssl->error = 0; /* clear the error */ -#if !defined(NO_FILESYSTEM) + WOLFSSL_LEAVE("wolfSSL_connect", WOLFSSL_SUCCESS); + return WOLFSSL_SUCCESS; + #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */ -/* Persist cert cache to file */ -int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname) -{ - WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache"); + default: + WOLFSSL_MSG("Unknown connect state ERROR"); + return WOLFSSL_FATAL_ERROR; /* unknown connect state */ + } + #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */ + } - if (ctx == NULL || fname == NULL) - return BAD_FUNC_ARG; +#endif /* NO_WOLFSSL_CLIENT */ - return CM_SaveCertCache(ctx->cm, fname); -} +/* server only parts */ +#ifndef NO_WOLFSSL_SERVER -/* Persist cert cache from file */ -int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname) -{ - WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache"); + #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv2_server_method(void) + { + WOLFSSL_STUB("wolfSSLv2_server_method"); + return 0; + } + #endif - if (ctx == NULL || fname == NULL) - return BAD_FUNC_ARG; - - return CM_RestoreCertCache(ctx->cm, fname); -} - -#endif /* NO_FILESYSTEM */ - -/* Persist cert cache to memory */ -int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, - int sz, int* used) -{ - WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache"); - - if (ctx == NULL || mem == NULL || used == NULL || sz <= 0) - return BAD_FUNC_ARG; - - return CM_MemSaveCertCache(ctx->cm, mem, sz, used); -} - - -/* Restore cert cache from memory */ -int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache"); - - if (ctx == NULL || mem == NULL || sz <= 0) - return BAD_FUNC_ARG; - - return CM_MemRestoreCertCache(ctx->cm, mem, sz); -} - - -/* get how big the the cert cache save buffer needs to be */ -int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - return CM_GetCertCacheMemSize(ctx->cm); -} - -#endif /* PERSIST_CERT_CACHE */ -#endif /* !NO_CERTS */ - - -#ifndef NO_SESSION_CACHE - -WOLFSSL_ABI -WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_session"); - if (ssl) { -#ifdef NO_SESSION_CACHE_REF - return ssl->session; -#else - if (ssl->options.side == WOLFSSL_CLIENT_END) { - /* On the client side we want to return a persistent reference for - * backwards compatibility. */ -#ifndef NO_CLIENT_CACHE - if (ssl->clientSession) { - return (WOLFSSL_SESSION*)ssl->clientSession; - } - else { - /* Try to add a ClientCache entry to associate with the current - * session. Ignore any session cache options. */ - int err; - const byte* id = ssl->session->sessionID; - byte idSz = ssl->session->sessionIDSz; - if (ssl->session->haveAltSessionID) { - id = ssl->session->altSessionID; - idSz = ID_LEN; - } - err = AddSessionToCache(ssl->ctx, ssl->session, id, idSz, - NULL, ssl->session->side, - #ifdef HAVE_SESSION_TICKET - ssl->session->ticketLen > 0, - #else - 0, - #endif - &ssl->clientSession); - if (err == 0) { - return (WOLFSSL_SESSION*)ssl->clientSession; - } - } -#endif - } - else { - return ssl->session; - } -#endif + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv3_server_method(void) + { + return wolfSSLv3_server_method_ex(NULL); } - - return NULL; -} - -/* The get1 version requires caller to call SSL_SESSION_free */ -WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) -{ - WOLFSSL_SESSION* sess = NULL; - WOLFSSL_ENTER("wolfSSL_get1_session"); - if (ssl != NULL) { - sess = ssl->session; - if (sess != NULL) { - /* increase reference count if allocated session */ - if (sess->type == WOLFSSL_SESSION_TYPE_HEAP) { - if (wolfSSL_SESSION_up_ref(sess) != WOLFSSL_SUCCESS) - sess = NULL; - } + WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + (void)heap; + WOLFSSL_ENTER("wolfSSLv3_server_method_ex"); + if (method) { + InitSSL_Method(method, MakeSSLv3()); + method->side = WOLFSSL_SERVER_END; } + return method; } - return sess; -} - - -/* - * Sets the session object to use when establishing a TLS/SSL session using - * the ssl object. Therefore, this function must be called before - * wolfSSL_connect. The session object to use can be obtained in a previous - * TLS/SSL connection using wolfSSL_get_session. - * - * This function rejects the session if it has been expired when this function - * is called. Note that this expiration check is wolfSSL specific and differs - * from OpenSSL return code behavior. - * - * By default, wolfSSL_set_session returns WOLFSSL_SUCCESS on successfully - * setting the session, WOLFSSL_FAILURE on failure due to the session cache - * being disabled, or the session has expired. - * - * To match OpenSSL return code behavior when session is expired, define - * OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL. This behavior will return - * WOLFSSL_SUCCESS even when the session is expired and rejected. - */ -WOLFSSL_ABI -int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session) -{ - WOLFSSL_ENTER("wolfSSL_set_session"); - if (session) - return wolfSSL_SetSession(ssl, session); - - return WOLFSSL_FAILURE; -} - - -#ifndef NO_CLIENT_CACHE - -/* Associate client session with serverID, find existing or store for saving - if newSession flag on, don't reuse existing session - WOLFSSL_SUCCESS on ok */ -int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession) -{ - WOLFSSL_SESSION* session = NULL; - byte idHash[SERVER_ID_LEN]; - - WOLFSSL_ENTER("wolfSSL_SetServerID"); - - if (ssl == NULL || id == NULL || len <= 0) - return BAD_FUNC_ARG; + #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ - if (len > SERVER_ID_LEN) { -#if defined(NO_SHA) && !defined(NO_SHA256) - if (wc_Sha256Hash(id, len, idHash) != 0) - return WOLFSSL_FAILURE; -#else - if (wc_ShaHash(id, len, idHash) != 0) - return WOLFSSL_FAILURE; -#endif - id = idHash; - len = SERVER_ID_LEN; + WOLFSSL_METHOD* wolfSSLv23_server_method(void) + { + return wolfSSLv23_server_method_ex(NULL); } - if (newSession == 0) { - session = wolfSSL_GetSessionClient(ssl, id, len); - if (session) { - if (wolfSSL_SetSession(ssl, session) != WOLFSSL_SUCCESS) { - #ifdef HAVE_EXT_CACHE - wolfSSL_FreeSession(ssl->ctx, session); - #endif - WOLFSSL_MSG("wolfSSL_SetSession failed"); - session = NULL; - } + WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + (void)heap; + WOLFSSL_ENTER("wolfSSLv23_server_method_ex"); + if (method) { + #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512) + #ifdef WOLFSSL_TLS13 + InitSSL_Method(method, MakeTLSv1_3()); + #elif !defined(WOLFSSL_NO_TLS12) + InitSSL_Method(method, MakeTLSv1_2()); + #elif !defined(NO_OLD_TLS) + InitSSL_Method(method, MakeTLSv1_1()); + #endif + #else + #ifndef NO_OLD_TLS + InitSSL_Method(method, MakeTLSv1_1()); + #else + #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 + #endif + #endif + #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) + method->downgrade = 1; + #endif + method->side = WOLFSSL_SERVER_END; } + return method; } - if (session == NULL) { - WOLFSSL_MSG("Valid ServerID not cached already"); - - ssl->session->idLen = (word16)len; - XMEMCPY(ssl->session->serverID, id, len); - } -#ifdef HAVE_EXT_CACHE - else { - wolfSSL_FreeSession(ssl->ctx, session); - } -#endif - - return WOLFSSL_SUCCESS; -} - -#endif /* !NO_CLIENT_CACHE */ - -/* TODO: Add SESSION_CACHE_DYNAMIC_MEM support for PERSIST_SESSION_CACHE. - * Need a count of current sessions to get an accurate memsize (totalCount is - * not decremented when sessions are removed). - * Need to determine ideal layout for mem/filesave. - * Also need mem/filesave checking to ensure not restoring non DYNAMIC_MEM cache. - */ -#if defined(PERSIST_SESSION_CACHE) && !defined(SESSION_CACHE_DYNAMIC_MEM) - -/* for persistence, if changes to layout need to increment and modify - save_session_cache() and restore_session_cache and memory versions too */ -#define WOLFSSL_CACHE_VERSION 2 - -/* Session Cache Header information */ -typedef struct { - int version; /* cache layout version id */ - int rows; /* session rows */ - int columns; /* session columns */ - int sessionSz; /* sizeof WOLFSSL_SESSION */ -} cache_header_t; - -/* current persistence layout is: - 1) cache_header_t - 2) SessionCache - 3) ClientCache - - update WOLFSSL_CACHE_VERSION if change layout for the following - PERSISTENT_SESSION_CACHE functions -*/ - -/* get how big the the session cache save buffer needs to be */ -int wolfSSL_get_session_cache_memsize(void) -{ - int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t)); -#ifndef NO_CLIENT_CACHE - sz += (int)(sizeof(ClientCache)); + WOLFSSL_ABI + int wolfSSL_accept(WOLFSSL* ssl) + { +#if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \ + defined(WOLFSSL_TLS13)) + word16 havePSK = 0; + word16 haveAnon = 0; + word16 haveMcast = 0; #endif - return sz; -} - + int ret = 0; -/* Persist session cache to memory */ -int wolfSSL_memsave_session_cache(void* mem, int sz) -{ - int i; - cache_header_t cache_header; - SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); + (void)ret; - WOLFSSL_ENTER("wolfSSL_memsave_session_cache"); + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; - if (sz < wolfSSL_get_session_cache_memsize()) { - WOLFSSL_MSG("Memory buffer too small"); - return BUFFER_E; - } + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (ssl->options.side == WOLFSSL_NEITHER_END) { + WOLFSSL_MSG("Setting WOLFSSL_SSL to be server side"); + ssl->error = InitSSL_Side(ssl, WOLFSSL_SERVER_END); + if (ssl->error != WOLFSSL_SUCCESS) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->error = 0; /* expected to be zero here */ + } + #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - cache_header.version = WOLFSSL_CACHE_VERSION; - cache_header.rows = SESSION_ROWS; - cache_header.columns = SESSIONS_PER_ROW; - cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION); - XMEMCPY(mem, &cache_header, sizeof(cache_header)); +#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13) + return wolfSSL_accept_TLSv13(ssl); +#else + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) + return wolfSSL_accept_TLSv13(ssl); + #endif + WOLFSSL_ENTER("wolfSSL_accept"); -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_RD_LOCK(row) != 0) { - WOLFSSL_MSG("Session cache mutex lock failed"); - return BAD_MUTEX_E; - } -#endif - for (i = 0; i < cache_header.rows; ++i) { - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { - WOLFSSL_MSG("Session row cache mutex lock failed"); - return BAD_MUTEX_E; + /* make sure this wolfSSL object has arrays and rng setup. Protects + * case where the WOLFSSL object is reused via wolfSSL_clear() */ + if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { + return ret; } - #endif - XMEMCPY(row++, &SessionCache[i], SIZEOF_SESSION_ROW); - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[i]); - #endif - } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(row); +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + if ((ssl->AcceptFilter != NULL) && + ((ssl->options.acceptState == ACCEPT_BEGIN) +#ifdef HAVE_SECURE_RENEGOTIATION + || (ssl->options.acceptState == ACCEPT_BEGIN_RENEG) #endif + )) + { + wolfSSL_netfilter_decision_t res; + if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == + WOLFSSL_SUCCESS) && + (res == WOLFSSL_NETFILTER_REJECT)) { + ssl->error = SOCKET_FILTERED_E; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ -#ifndef NO_CLIENT_CACHE - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - return BAD_MUTEX_E; - } - XMEMCPY(row, ClientCache, sizeof(ClientCache)); - wc_UnLockMutex(&clisession_mutex); -#endif + #ifdef HAVE_ERRNO_H + errno = 0; + #endif - WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", WOLFSSL_SUCCESS); + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + (void)havePSK; - return WOLFSSL_SUCCESS; -} + #ifdef HAVE_ANON + haveAnon = ssl->options.useAnon; + #endif + (void)haveAnon; + #ifdef WOLFSSL_MULTICAST + haveMcast = ssl->options.haveMcast; + #endif + (void)haveMcast; -/* Restore the persistent session cache from memory */ -int wolfSSL_memrestore_session_cache(const void* mem, int sz) -{ - int i; - cache_header_t cache_header; - SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); + if (ssl->options.side != WOLFSSL_SERVER_END) { + ssl->error = SIDE_ERROR; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } - WOLFSSL_ENTER("wolfSSL_memrestore_session_cache"); - - if (sz < wolfSSL_get_session_cache_memsize()) { - WOLFSSL_MSG("Memory buffer too small"); - return BUFFER_E; - } - - XMEMCPY(&cache_header, mem, sizeof(cache_header)); - if (cache_header.version != WOLFSSL_CACHE_VERSION || - cache_header.rows != SESSION_ROWS || - cache_header.columns != SESSIONS_PER_ROW || - cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) { + #ifndef NO_CERTS + /* in case used set_accept_state after init */ + if (!havePSK && !haveAnon && !haveMcast) { + #ifdef OPENSSL_EXTRA + if (ssl->ctx->certSetupCb != NULL) { + WOLFSSL_MSG("CertSetupCb set. server cert and " + "key not checked"); + } + else + #endif + { + if (!ssl->buffers.certificate || + !ssl->buffers.certificate->buffer) { - WOLFSSL_MSG("Session cache header match failed"); - return CACHE_MATCH_ERROR; - } + WOLFSSL_MSG("accept error: server cert required"); + ssl->error = NO_PRIVATE_KEY; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { - WOLFSSL_MSG("Session cache mutex lock failed"); - return BAD_MUTEX_E; - } -#endif - for (i = 0; i < cache_header.rows; ++i) { - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { - WOLFSSL_MSG("Session row cache mutex lock failed"); - return BAD_MUTEX_E; + if (!ssl->buffers.key || !ssl->buffers.key->buffer) { + /* allow no private key if using existing key */ + #ifdef WOLF_PRIVATE_KEY_ID + if (ssl->devId != INVALID_DEVID + #ifdef HAVE_PK_CALLBACKS + || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) + #endif + ) { + WOLFSSL_MSG("Allowing no server private key " + "(external)"); + } + else + #endif + { + WOLFSSL_MSG("accept error: server key required"); + ssl->error = NO_PRIVATE_KEY; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } + } } #endif - XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW); - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[i]); - #endif - } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[0]); -#endif - -#ifndef NO_CLIENT_CACHE - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - return BAD_MUTEX_E; - } - XMEMCPY(ClientCache, row, sizeof(ClientCache)); - wc_UnLockMutex(&clisession_mutex); -#endif - - WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", WOLFSSL_SUCCESS); - - return WOLFSSL_SUCCESS; -} - -#if !defined(NO_FILESYSTEM) - -/* Persist session cache to file */ -/* doesn't use memsave because of additional memory use */ -int wolfSSL_save_session_cache(const char *fname) -{ - XFILE file; - int ret; - int rc = WOLFSSL_SUCCESS; - int i; - cache_header_t cache_header; - - WOLFSSL_ENTER("wolfSSL_save_session_cache"); - - file = XFOPEN(fname, "w+b"); - if (file == XBADFILE) { - WOLFSSL_MSG("Couldn't open session cache save file"); - return WOLFSSL_BAD_FILE; - } - cache_header.version = WOLFSSL_CACHE_VERSION; - cache_header.rows = SESSION_ROWS; - cache_header.columns = SESSIONS_PER_ROW; - cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION); - - /* cache header */ - ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file); - if (ret != 1) { - WOLFSSL_MSG("Session cache header file write failed"); - XFCLOSE(file); - return FWRITE_ERROR; - } - -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_RD_LOCK(&SessionCache[0]) != 0) { - WOLFSSL_MSG("Session cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; - } -#endif - /* session cache */ - for (i = 0; i < cache_header.rows; ++i) { - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { - WOLFSSL_MSG("Session row cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; + #ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + ssl->options.dtls = 1; + ssl->options.tls = 1; + ssl->options.tls1_1 = 1; + if (!IsDtlsNotSctpMode(ssl) || !IsDtlsNotSrtpMode(ssl) || + IsSCR(ssl)) + ssl->options.dtlsStateful = 1; } #endif - ret = (int)XFWRITE(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[i]); - #endif - if (ret != 1) { - WOLFSSL_MSG("Session cache member file write failed"); - rc = FWRITE_ERROR; - break; + if (ssl->buffers.outputBuffer.length > 0 + #ifdef WOLFSSL_ASYNC_CRYPT + /* do not send buffered or advance state if last error was an + async pending operation */ + && ssl->error != WC_PENDING_E + #endif + ) { + ret = SendBuffered(ssl); + if (ret == 0) { + /* fragOffset is non-zero when sending fragments. On the last + * fragment, fragOffset is zero again, and the state can be + * advanced. */ + if (ssl->fragOffset == 0 && !ssl->options.buildingMsg) { + if (ssl->options.acceptState == ACCEPT_FIRST_REPLY_DONE || + ssl->options.acceptState == SERVER_HELLO_SENT || + ssl->options.acceptState == CERT_SENT || + ssl->options.acceptState == CERT_STATUS_SENT || + ssl->options.acceptState == KEY_EXCHANGE_SENT || + ssl->options.acceptState == CERT_REQ_SENT || + ssl->options.acceptState == ACCEPT_SECOND_REPLY_DONE || + ssl->options.acceptState == TICKET_SENT || + ssl->options.acceptState == CHANGE_CIPHER_SENT) { + ssl->options.acceptState++; + WOLFSSL_MSG("accept state: Advanced from last " + "buffered fragment send"); + #ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #endif + } + } + else { + WOLFSSL_MSG("accept state: " + "Not advanced, more fragments to send"); + } + } + else { + ssl->error = ret; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) + ssl->dtls13SendingAckOrRtx = 0; +#endif /* WOLFSSL_DTLS13 */ } - } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[0]); -#endif - -#ifndef NO_CLIENT_CACHE - /* client cache */ - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; - } - ret = (int)XFWRITE(ClientCache, sizeof(ClientCache), 1, file); - if (ret != 1) { - WOLFSSL_MSG("Client cache member file write failed"); - rc = FWRITE_ERROR; - } - wc_UnLockMutex(&clisession_mutex); -#endif /* !NO_CLIENT_CACHE */ - - XFCLOSE(file); - WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc); - - return rc; -} - - -/* Restore the persistent session cache from file */ -/* doesn't use memstore because of additional memory use */ -int wolfSSL_restore_session_cache(const char *fname) -{ - XFILE file; - int rc = WOLFSSL_SUCCESS; - int ret; - int i; - cache_header_t cache_header; - WOLFSSL_ENTER("wolfSSL_restore_session_cache"); - - file = XFOPEN(fname, "rb"); - if (file == XBADFILE) { - WOLFSSL_MSG("Couldn't open session cache save file"); - return WOLFSSL_BAD_FILE; - } - /* cache header */ - ret = (int)XFREAD(&cache_header, sizeof(cache_header), 1, file); - if (ret != 1) { - WOLFSSL_MSG("Session cache header file read failed"); - XFCLOSE(file); - return FREAD_ERROR; - } - if (cache_header.version != WOLFSSL_CACHE_VERSION || - cache_header.rows != SESSION_ROWS || - cache_header.columns != SESSIONS_PER_ROW || - cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) { + ret = RetrySendAlert(ssl); + if (ret != 0) { + ssl->error = ret; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } - WOLFSSL_MSG("Session cache header match failed"); - XFCLOSE(file); - return CACHE_MATCH_ERROR; - } + switch (ssl->options.acceptState) { -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { - WOLFSSL_MSG("Session cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; - } + case ACCEPT_BEGIN : +#ifdef HAVE_SECURE_RENEGOTIATION + case ACCEPT_BEGIN_RENEG: #endif - /* session cache */ - for (i = 0; i < cache_header.rows; ++i) { - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { - WOLFSSL_MSG("Session row cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; - } - #endif + /* get response */ + while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } +#ifdef WOLFSSL_TLS13 + ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; + WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); + FALL_THROUGH; - ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[i]); - #endif - if (ret != 1) { - WOLFSSL_MSG("Session cache member file read failed"); - XMEMSET(SessionCache, 0, sizeof SessionCache); - rc = FREAD_ERROR; - break; - } - } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[0]); + case ACCEPT_CLIENT_HELLO_DONE : + if (ssl->options.tls1_3) { + return wolfSSL_accept_TLSv13(ssl); + } #endif -#ifndef NO_CLIENT_CACHE - /* client cache */ - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - XFCLOSE(file); - return BAD_MUTEX_E; - } - ret = (int)XFREAD(ClientCache, sizeof(ClientCache), 1, file); - if (ret != 1) { - WOLFSSL_MSG("Client cache member file read failed"); - XMEMSET(ClientCache, 0, sizeof ClientCache); - rc = FREAD_ERROR; - } - wc_UnLockMutex(&clisession_mutex); -#endif /* !NO_CLIENT_CACHE */ - - XFCLOSE(file); - WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc); - - return rc; -} - -#endif /* !NO_FILESYSTEM */ -#endif /* PERSIST_SESSION_CACHE && !SESSION_CACHE_DYNAMIC_MEM */ -#endif /* NO_SESSION_CACHE */ + ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; + WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); + FALL_THROUGH; + case ACCEPT_FIRST_REPLY_DONE : + if ( (ssl->error = SendServerHello(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.acceptState = SERVER_HELLO_SENT; + WOLFSSL_MSG("accept state SERVER_HELLO_SENT"); + FALL_THROUGH; -void wolfSSL_load_error_strings(void) -{ - /* compatibility only */ -} + case SERVER_HELLO_SENT : + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) { + return wolfSSL_accept_TLSv13(ssl); + } + #endif + #ifndef NO_CERTS + if (!ssl->options.resuming) + if ( (ssl->error = SendCertificate(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + #endif + ssl->options.acceptState = CERT_SENT; + WOLFSSL_MSG("accept state CERT_SENT"); + FALL_THROUGH; + case CERT_SENT : + #ifndef NO_CERTS + if (!ssl->options.resuming) + if ( (ssl->error = SendCertificateStatus(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + #endif + ssl->options.acceptState = CERT_STATUS_SENT; + WOLFSSL_MSG("accept state CERT_STATUS_SENT"); + FALL_THROUGH; -int wolfSSL_library_init(void) -{ - WOLFSSL_ENTER("wolfSSL_library_init"); - if (wolfSSL_Init() == WOLFSSL_SUCCESS) - return WOLFSSL_SUCCESS; - else - return WOLFSSL_FATAL_ERROR; -} + case CERT_STATUS_SENT : + #ifdef WOLFSSL_TLS13 + if (ssl->options.tls1_3) { + return wolfSSL_accept_TLSv13(ssl); + } + #endif + if (!ssl->options.resuming) + if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.acceptState = KEY_EXCHANGE_SENT; + WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT"); + FALL_THROUGH; + case KEY_EXCHANGE_SENT : + #ifndef NO_CERTS + if (!ssl->options.resuming) { + if (ssl->options.verifyPeer) { + if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + /* See if an alert was sent. */ + ProcessReplyEx(ssl, 1); + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } + else { + /* SERVER: Peer auth good if not verifying client. */ + ssl->options.peerAuthGood = 1; + } + } + #endif + ssl->options.acceptState = CERT_REQ_SENT; + WOLFSSL_MSG("accept state CERT_REQ_SENT"); + FALL_THROUGH; -#ifdef HAVE_SECRET_CALLBACK + case CERT_REQ_SENT : + if (!ssl->options.resuming) + if ( (ssl->error = SendServerHelloDone(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.acceptState = SERVER_HELLO_DONE; + WOLFSSL_MSG("accept state SERVER_HELLO_DONE"); + FALL_THROUGH; -int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx) -{ - WOLFSSL_ENTER("wolfSSL_set_session_secret_cb"); - if (ssl == NULL) - return WOLFSSL_FATAL_ERROR; + case SERVER_HELLO_DONE : + if (!ssl->options.resuming) { + while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } + ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; + WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); + FALL_THROUGH; - ssl->sessionSecretCb = cb; - ssl->sessionSecretCtx = ctx; - if (cb != NULL) { - /* If using a pre-set key, assume session resumption. */ - ssl->session->sessionIDSz = 0; - ssl->options.resuming = 1; - } + case ACCEPT_SECOND_REPLY_DONE : + #ifndef NO_CERTS + /* SERVER: When not resuming and verifying peer but no certificate + * received and not failing when not received then peer auth good. + */ + if (!ssl->options.resuming && ssl->options.verifyPeer && + !ssl->options.havePeerCert && !ssl->options.failNoCert) { + ssl->options.peerAuthGood = 1; + } + #endif /* !NO_CERTS */ + #ifdef WOLFSSL_NO_CLIENT_AUTH + if (!ssl->options.resuming) { + ssl->options.peerAuthGood = 1; + } + #endif - return WOLFSSL_SUCCESS; -} +#ifdef HAVE_SESSION_TICKET + if (ssl->options.createTicket && !ssl->options.noTicketTls12) { + if ( (ssl->error = SendTicket(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_MSG("Thought we need ticket but failed"); + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* HAVE_SESSION_TICKET */ + ssl->options.acceptState = TICKET_SENT; + WOLFSSL_MSG("accept state TICKET_SENT"); + FALL_THROUGH; -#endif + case TICKET_SENT: + /* SERVER: Fail-safe for CLient Authentication. */ + if (!ssl->options.peerAuthGood) { + WOLFSSL_MSG("Client authentication did not happen"); + return WOLFSSL_FATAL_ERROR; + } + if ( (ssl->error = SendChangeCipher(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.acceptState = CHANGE_CIPHER_SENT; + WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT"); + FALL_THROUGH; -#ifndef NO_SESSION_CACHE + case CHANGE_CIPHER_SENT : + if ( (ssl->error = SendFinished(ssl)) != 0) { + #ifdef WOLFSSL_CHECK_ALERT_ON_ERR + ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ + #endif + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } -/* on by default if built in but allow user to turn off */ -WOLFSSL_ABI -long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_session_cache_mode"); + ssl->options.acceptState = ACCEPT_FINISHED_DONE; + WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE"); + FALL_THROUGH; - if (ctx == NULL) - return WOLFSSL_FAILURE; + case ACCEPT_FINISHED_DONE : + if (ssl->options.resuming) { + while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) { + if ( (ssl->error = ProcessReply(ssl)) < 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } + } + ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; + WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); + FALL_THROUGH; - if (mode == WOLFSSL_SESS_CACHE_OFF) { - ctx->sessionCacheOff = 1; -#ifdef HAVE_EXT_CACHE - ctx->internalCacheOff = 1; - ctx->internalCacheLookupOff = 1; -#endif - } + case ACCEPT_THIRD_REPLY_DONE : +#ifndef NO_HANDSHAKE_DONE_CB + if (ssl->hsDoneCb) { + int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); + if (cbret < 0) { + ssl->error = cbret; + WOLFSSL_MSG("HandShake Done Cb don't continue error"); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* NO_HANDSHAKE_DONE_CB */ - if ((mode & WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR) != 0) - ctx->sessionCacheFlushOff = 1; + if (!ssl->options.dtls) { + if (!ssl->options.keepResources) { + FreeHandshakeResources(ssl); + } + } +#ifdef WOLFSSL_DTLS + else { + ssl->options.dtlsHsRetain = 1; + } +#endif /* WOLFSSL_DTLS */ -#ifdef HAVE_EXT_CACHE - /* WOLFSSL_SESS_CACHE_NO_INTERNAL activates both if's */ - if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) - ctx->internalCacheOff = 1; - if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP) != 0) - ctx->internalCacheLookupOff = 1; +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION) + /* This may be necessary in async so that we don't try to + * renegotiate again */ + if (ssl->secure_renegotiation && + ssl->secure_renegotiation->startScr) { + ssl->secure_renegotiation->startScr = 0; + } +#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ +#if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); #endif - return WOLFSSL_SUCCESS; -} - -#ifdef OPENSSL_EXTRA -/* Get the session cache mode for CTX - * - * ctx WOLFSSL_CTX struct to get cache mode from - * - * Returns a bit mask that has the session cache mode */ -long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) -{ - long m = 0; +#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) + if (ssl->dtls_export) { + if ((ssl->error = wolfSSL_send_session(ssl)) != 0) { + WOLFSSL_MSG("Export DTLS session error"); + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif + ssl->error = 0; /* clear the error */ - WOLFSSL_ENTER("wolfSSL_CTX_get_session_cache_mode"); + WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); + return WOLFSSL_SUCCESS; - if (ctx == NULL) { - return m; + default : + WOLFSSL_MSG("Unknown accept state ERROR"); + return WOLFSSL_FATAL_ERROR; + } +#endif /* !WOLFSSL_NO_TLS12 */ } - if (ctx->sessionCacheOff != 1) { - m |= WOLFSSL_SESS_CACHE_SERVER; - } +#endif /* NO_WOLFSSL_SERVER */ - if (ctx->sessionCacheFlushOff == 1) { - m |= WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR; - } +#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) +int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx) +{ + WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); -#ifdef HAVE_EXT_CACHE - if (ctx->internalCacheOff == 1) { - m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE; - } - if (ctx->internalCacheLookupOff == 1) { - m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP; - } -#endif + if (ssl == NULL) + return BAD_FUNC_ARG; - return m; -} -#endif /* OPENSSL_EXTRA */ + ssl->chGoodCb = cb; + ssl->chGoodCtx = user_ctx; -#endif /* NO_SESSION_CACHE */ + return WOLFSSL_SUCCESS; +} +#endif -#ifdef OPENSSL_EXTRA +#ifndef NO_HANDSHAKE_DONE_CB -/* - * check if the list has TLS13 and pre-TLS13 suites - * @param list cipher suite list that user want to set - * @return mixed: 0, only pre-TLS13: 1, only TLS13: 2 - */ -static int CheckcipherList(const char* list) +int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx) { - int ret; - int findTLSv13Suites = 0; - int findbeforeSuites = 0; - byte cipherSuite0; - byte cipherSuite1; - int flags; - char* next = (char*)list; + WOLFSSL_ENTER("wolfSSL_SetHsDoneCb"); - do { - char* current = next; - char name[MAX_SUITE_NAME + 1]; - word32 length = MAX_SUITE_NAME; - word32 current_length; + if (ssl == NULL) + return BAD_FUNC_ARG; - next = XSTRSTR(next, ":"); + ssl->hsDoneCb = cb; + ssl->hsDoneCtx = user_ctx; - current_length = (!next) ? (word32)XSTRLEN(current) - : (word32)(next - current); + return WOLFSSL_SUCCESS; +} - if (current_length < length) { - length = current_length; - } - XMEMCPY(name, current, length); - name[length] = 0; +#endif /* NO_HANDSHAKE_DONE_CB */ - if (XSTRCMP(name, "ALL") == 0 || XSTRCMP(name, "DEFAULT") == 0 || - XSTRCMP(name, "HIGH") == 0) { - findTLSv13Suites = 1; - findbeforeSuites = 1; - break; - } +WOLFSSL_ABI +int wolfSSL_Cleanup(void) +{ + int ret = WOLFSSL_SUCCESS; /* Only the first error will be returned */ + int release = 0; +#if !defined(NO_SESSION_CACHE) + int i; + int j; +#endif - ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0, - &cipherSuite1, &flags); - if (ret == 0) { - if (cipherSuite0 == TLS13_BYTE) { - /* TLSv13 suite */ - findTLSv13Suites = 1; - } - else { - findbeforeSuites = 1; - } + WOLFSSL_ENTER("wolfSSL_Cleanup"); + +#ifndef WOLFSSL_MUTEX_INITIALIZER + if (inits_count_mutex_valid == 1) { +#endif + if (wc_LockMutex(&inits_count_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_E; } +#ifndef WOLFSSL_MUTEX_INITIALIZER + } +#endif - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - /* check if mixed due to names like RSA:ECDHE+AESGCM etc. */ - if (ret != 0) { - char* subStr = name; - char* subStrNext; + if (initRefCount > 0) { + --initRefCount; + if (initRefCount == 0) + release = 1; + } - do { - subStrNext = XSTRSTR(subStr, "+"); +#ifndef WOLFSSL_MUTEX_INITIALIZER + if (inits_count_mutex_valid == 1) { +#endif + wc_UnLockMutex(&inits_count_mutex); +#ifndef WOLFSSL_MUTEX_INITIALIZER + } +#endif - if ((XSTRCMP(subStr, "ECDHE") == 0) || - (XSTRCMP(subStr, "RSA") == 0)) { - return 0; - } + if (!release) + return ret; - if (subStrNext && (XSTRLEN(subStrNext) > 0)) { - subStr = subStrNext + 1; /* +1 to skip past '+' */ - } - } while (subStrNext != NULL); - } - #endif +#ifdef OPENSSL_EXTRA + wolfSSL_BN_free_one(); +#endif - if (findTLSv13Suites == 1 && findbeforeSuites == 1) { - /* list has mixed suites */ - return 0; +#ifndef NO_SESSION_CACHE + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + for (i = 0; i < SESSION_ROWS; ++i) { + if ((SessionCache[i].lock_valid == 1) && + (wc_FreeRwLock(&SessionCache[i].row_lock) != 0)) { + if (ret == WOLFSSL_SUCCESS) + ret = BAD_MUTEX_E; } + SessionCache[i].lock_valid = 0; } - while (next++); /* ++ needed to skip ':' */ - - if (findTLSv13Suites == 0 && findbeforeSuites == 1) { - ret = 1;/* only before TLSv13 suites */ + #else + if ((session_lock_valid == 1) && (wc_FreeRwLock(&session_lock) != 0)) { + if (ret == WOLFSSL_SUCCESS) + ret = BAD_MUTEX_E; } - else if (findTLSv13Suites == 1 && findbeforeSuites == 0) { - ret = 2;/* only TLSv13 suties */ + session_lock_valid = 0; + #endif + for (i = 0; i < SESSION_ROWS; i++) { + for (j = 0; j < SESSIONS_PER_ROW; j++) { + #ifdef SESSION_CACHE_DYNAMIC_MEM + if (SessionCache[i].Sessions[j]) { + EvictSessionFromCache(SessionCache[i].Sessions[j]); + XFREE(SessionCache[i].Sessions[j], SessionCache[i].heap, + DYNAMIC_TYPE_SESSION); + SessionCache[i].Sessions[j] = NULL; + } + #else + EvictSessionFromCache(&SessionCache[i].Sessions[j]); + #endif + } } - else { - ret = 0;/* handle as mixed */ + #ifndef NO_CLIENT_CACHE + #ifndef WOLFSSL_MUTEX_INITIALIZER + if ((clisession_mutex_valid == 1) && + (wc_FreeMutex(&clisession_mutex) != 0)) { + if (ret == WOLFSSL_SUCCESS) + ret = BAD_MUTEX_E; } - return ret; -} - -/* parse some bulk lists like !eNULL / !aNULL - * - * returns WOLFSSL_SUCCESS on success and sets the cipher suite list - */ -static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - Suites* suites, const char* list) -{ - int ret = 0; - int listattribute = 0; - int tls13Only = 0; -#ifndef WOLFSSL_SMALL_STACK - byte suitesCpy[WOLFSSL_MAX_SUITE_SZ]; -#else - byte* suitesCpy = NULL; -#endif - word16 suitesCpySz = 0; - word16 i = 0; - word16 j = 0; + clisession_mutex_valid = 0; + #endif + #endif +#endif /* !NO_SESSION_CACHE */ - if (suites == NULL || list == NULL) { - WOLFSSL_MSG("NULL argument"); - return WOLFSSL_FAILURE; +#ifndef WOLFSSL_MUTEX_INITIALIZER + if ((inits_count_mutex_valid == 1) && + (wc_FreeMutex(&inits_count_mutex) != 0)) { + if (ret == WOLFSSL_SUCCESS) + ret = BAD_MUTEX_E; } + inits_count_mutex_valid = 0; +#endif - listattribute = CheckcipherList(list); +#ifdef OPENSSL_EXTRA + wolfSSL_RAND_Cleanup(); +#endif - if (listattribute == 0) { - /* list has mixed(pre-TLSv13 and TLSv13) suites - * update cipher suites the same as before - */ - return (SetCipherList_ex(ctx, ssl, suites, list)) ? WOLFSSL_SUCCESS : - WOLFSSL_FAILURE; - } - else if (listattribute == 1) { - /* list has only pre-TLSv13 suites. - * Only update before TLSv13 suites. - */ - tls13Only = 0; - } - else if (listattribute == 2) { - /* list has only TLSv13 suites. Only update TLv13 suites - * simulate set_ciphersuites() compatibility layer API - */ - tls13Only = 1; - if ((ctx != NULL && !IsAtLeastTLSv1_3(ctx->method->version)) || - (ssl != NULL && !IsAtLeastTLSv1_3(ssl->version))) { - /* Silently ignore TLS 1.3 ciphers if we don't support it. */ - return WOLFSSL_SUCCESS; - } + if (wolfCrypt_Cleanup() != 0) { + WOLFSSL_MSG("Error with wolfCrypt_Cleanup call"); + if (ret == WOLFSSL_SUCCESS) + ret = WC_CLEANUP_E; } - /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */ - if (suites->suiteSz == 0) { - WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ"); - suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; +#if FIPS_VERSION_GE(5,1) + if (wolfCrypt_SetPrivateKeyReadEnable_fips(0, WC_KEYTYPE_ALL) < 0) { + if (ret == WOLFSSL_SUCCESS) + ret = WC_CLEANUP_E; } -#ifdef WOLFSSL_SMALL_STACK - if (suites->suiteSz > 0) { - suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (suitesCpy == NULL) { - return WOLFSSL_FAILURE; - } +#endif - XMEMSET(suitesCpy, 0, suites->suiteSz); +#ifdef HAVE_GLOBAL_RNG +#ifndef WOLFSSL_MUTEX_INITIALIZER + if ((globalRNGMutex_valid == 1) && (wc_FreeMutex(&globalRNGMutex) != 0)) { + if (ret == WOLFSSL_SUCCESS) + ret = BAD_MUTEX_E; } -#else - XMEMSET(suitesCpy, 0, sizeof(suitesCpy)); + globalRNGMutex_valid = 0; +#endif /* !WOLFSSL_MUTEX_INITIALIZER */ + + #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG) + wolfSSL_FIPS_drbg_free(gDrbgDefCtx); + gDrbgDefCtx = NULL; + #endif #endif - if (suites->suiteSz > 0) - XMEMCPY(suitesCpy, suites->suites, suites->suiteSz); - suitesCpySz = suites->suiteSz; +#if defined(HAVE_EX_DATA) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ + defined(WOLFSSL_WPAS_SMALL) + crypto_ex_cb_free(crypto_ex_cb_ctx_session); + crypto_ex_cb_ctx_session = NULL; +#endif - ret = SetCipherList_ex(ctx, ssl, suites, list); - if (ret != 1) { -#ifdef WOLFSSL_SMALL_STACK - XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_MEM_FAIL_COUNT + wc_MemFailCount_Free(); #endif + + return ret; +} + + +/* call before SSL_connect, if verifying will add name check to + date check and signature check */ +WOLFSSL_ABI +int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) +{ + WOLFSSL_ENTER("wolfSSL_check_domain_name"); + + if (ssl == NULL || dn == NULL) { + WOLFSSL_MSG("Bad function argument: NULL"); return WOLFSSL_FAILURE; } - for (i = 0; i < suitesCpySz && - suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) { - /* Check for duplicates */ - int duplicate = 0; - for (j = 0; j < suites->suiteSz; j += 2) { - if (suitesCpy[i] == suites->suites[j] && - suitesCpy[i+1] == suites->suites[j+1]) { - duplicate = 1; - break; - } - } - if (!duplicate) { - if (tls13Only) { - /* Updating TLS 1.3 ciphers */ - if (suitesCpy[i] != TLS13_BYTE) { - /* Only copy over <= TLS 1.2 ciphers */ - /* TLS 1.3 ciphers take precedence */ - suites->suites[suites->suiteSz++] = suitesCpy[i]; - suites->suites[suites->suiteSz++] = suitesCpy[i+1]; - } - } - else { - /* Updating <= TLS 1.2 ciphers */ - if (suitesCpy[i] == TLS13_BYTE) { - /* Only copy over TLS 1.3 ciphers */ - /* TLS 1.3 ciphers take precedence */ - XMEMMOVE(suites->suites + SUITE_LEN, suites->suites, - suites->suiteSz); - suites->suites[0] = suitesCpy[i]; - suites->suites[1] = suitesCpy[i+1]; - suites->suiteSz += 2; - } - } - } - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - return ret; -} + if (ssl->buffers.domainName.buffer) + XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); -#endif + ssl->buffers.domainName.length = (word32)XSTRLEN(dn); + ssl->buffers.domainName.buffer = (byte*)XMALLOC( + ssl->buffers.domainName.length + 1, ssl->heap, DYNAMIC_TYPE_DOMAIN); + if (ssl->buffers.domainName.buffer) { + unsigned char* domainName = ssl->buffers.domainName.buffer; + XMEMCPY(domainName, dn, ssl->buffers.domainName.length); + domainName[ssl->buffers.domainName.length] = '\0'; + return WOLFSSL_SUCCESS; + } + else { + ssl->error = MEMORY_ERROR; + return WOLFSSL_FAILURE; + } +} -int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list"); +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +const char *wolfSSL_get0_peername(WOLFSSL *ssl) { + if (ssl == NULL) { + return NULL; + } - if (ctx == NULL) - return WOLFSSL_FAILURE; + if (ssl->buffers.domainName.buffer) + return (const char *)ssl->buffers.domainName.buffer; + else if (ssl->session && ssl->session->peer) + return ssl->session->peer->subjectCN; + else if (ssl->peerCert.subjectCN[0]) + return ssl->peerCert.subjectCN; + else { + ssl->error = NO_PEER_CERT; + return NULL; + } +} - if (AllocateCtxSuites(ctx) != 0) - return WOLFSSL_FAILURE; +#endif /* SESSION_CERTS && OPENSSL_EXTRA */ -#ifdef OPENSSL_EXTRA - return wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list); +/* turn on wolfSSL zlib compression + returns WOLFSSL_SUCCESS for success, else error (not built in) +*/ +int wolfSSL_set_compression(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_set_compression"); + (void)ssl; +#ifdef HAVE_LIBZ + ssl->options.usingCompression = 1; + return WOLFSSL_SUCCESS; #else - return (SetCipherList(ctx, ctx->suites, list)) ? - WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + return NOT_COMPILED_IN; #endif } -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) -int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, - const int listSz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list_bytes"); - if (ctx == NULL) - return WOLFSSL_FAILURE; +#ifndef USE_WINDOWS_API + #ifndef NO_WRITEV - if (AllocateCtxSuites(ctx) != 0) - return WOLFSSL_FAILURE; + /* simulate writev semantics, doesn't actually do block at a time though + because of SSL_write behavior and because front adds may be small */ + int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt) + { + #ifdef WOLFSSL_SMALL_STACK + byte staticBuffer[1]; /* force heap usage */ + #else + byte staticBuffer[FILE_BUFFER_SIZE]; + #endif + byte* myBuffer = staticBuffer; + int dynamic = 0; + int sending = 0; + int idx = 0; + int i; + int ret; - return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ? - WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ + WOLFSSL_ENTER("wolfSSL_writev"); -int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list) -{ - WOLFSSL_ENTER("wolfSSL_set_cipher_list"); + for (i = 0; i < iovcnt; i++) + sending += (int)iov[i].iov_len; - if (ssl == NULL || ssl->ctx == NULL) { - return WOLFSSL_FAILURE; - } + if (sending > (int)sizeof(staticBuffer)) { + myBuffer = (byte*)XMALLOC(sending, ssl->heap, + DYNAMIC_TYPE_WRITEV); + if (!myBuffer) + return MEMORY_ERROR; - if (AllocateSuites(ssl) != 0) - return WOLFSSL_FAILURE; + dynamic = 1; + } -#ifdef OPENSSL_EXTRA - return wolfSSL_parse_cipher_list(NULL, ssl, ssl->suites, list); -#else - return (SetCipherList_ex(NULL, ssl, ssl->suites, list)) ? - WOLFSSL_SUCCESS : - WOLFSSL_FAILURE; -#endif -} + for (i = 0; i < iovcnt; i++) { + XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len); + idx += (int)iov[i].iov_len; + } -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) -int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list, - const int listSz) -{ - WOLFSSL_ENTER("wolfSSL_set_cipher_list_bytes"); + /* myBuffer may not be initialized fully, but the span up to the + * sending length will be. + */ + PRAGMA_GCC_DIAG_PUSH + PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") + ret = wolfSSL_write(ssl, myBuffer, sending); + PRAGMA_GCC_DIAG_POP - if (ssl == NULL || ssl->ctx == NULL) { - return WOLFSSL_FAILURE; - } + if (dynamic) + XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); - if (AllocateSuites(ssl) != 0) - return WOLFSSL_FAILURE; + return ret; + } + #endif +#endif - return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz)) - ? WOLFSSL_SUCCESS - : WOLFSSL_FAILURE; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ +#ifdef WOLFSSL_CALLBACKS -#ifdef HAVE_KEYING_MATERIAL + typedef struct itimerval Itimerval; -#define TLS_PRF_LABEL_CLIENT_FINISHED "client finished" -#define TLS_PRF_LABEL_SERVER_FINISHED "server finished" -#define TLS_PRF_LABEL_MASTER_SECRET "master secret" -#define TLS_PRF_LABEL_EXT_MASTER_SECRET "extended master secret" -#define TLS_PRF_LABEL_KEY_EXPANSION "key expansion" + /* don't keep calling simple functions while setting up timer and signals + if no inlining these are the next best */ -static const struct ForbiddenLabels { - const char* label; - size_t labelLen; -} forbiddenLabels[] = { - {TLS_PRF_LABEL_CLIENT_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_CLIENT_FINISHED)}, - {TLS_PRF_LABEL_SERVER_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_SERVER_FINISHED)}, - {TLS_PRF_LABEL_MASTER_SECRET, XSTR_SIZEOF(TLS_PRF_LABEL_MASTER_SECRET)}, - {TLS_PRF_LABEL_EXT_MASTER_SECRET, XSTR_SIZEOF(TLS_PRF_LABEL_EXT_MASTER_SECRET)}, - {TLS_PRF_LABEL_KEY_EXPANSION, XSTR_SIZEOF(TLS_PRF_LABEL_KEY_EXPANSION)}, - {NULL, 0}, -}; + #define AddTimes(a, b, c) \ + do { \ + (c).tv_sec = (a).tv_sec + (b).tv_sec; \ + (c).tv_usec = (a).tv_usec + (b).tv_usec;\ + if ((c).tv_usec >= 1000000) { \ + (c).tv_sec++; \ + (c).tv_usec -= 1000000; \ + } \ + } while (0) -/** - * Implement RFC 5705 - * TLS 1.3 uses a different exporter definition (section 7.5 of RFC 8446) - * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error - */ -int wolfSSL_export_keying_material(WOLFSSL *ssl, - unsigned char *out, size_t outLen, - const char *label, size_t labelLen, - const unsigned char *context, size_t contextLen, - int use_context) -{ - byte* seed = NULL; - word32 seedLen; - const struct ForbiddenLabels* fl; - WOLFSSL_ENTER("wolfSSL_export_keying_material"); + #define SubtractTimes(a, b, c) \ + do { \ + (c).tv_sec = (a).tv_sec - (b).tv_sec; \ + (c).tv_usec = (a).tv_usec - (b).tv_usec;\ + if ((c).tv_usec < 0) { \ + (c).tv_sec--; \ + (c).tv_usec += 1000000; \ + } \ + } while (0) - if (ssl == NULL || out == NULL || label == NULL || - (use_context && contextLen && context == NULL)) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } + #define CmpTimes(a, b, cmp) \ + (((a).tv_sec == (b).tv_sec) ? \ + ((a).tv_usec cmp (b).tv_usec) : \ + ((a).tv_sec cmp (b).tv_sec)) \ - /* clientRandom + serverRandom - * OR - * clientRandom + serverRandom + ctx len encoding + ctx */ - seedLen = !use_context ? (word32)SEED_LEN : - (word32)SEED_LEN + 2 + (word32)contextLen; - if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { - WOLFSSL_MSG("To export keying material wolfSSL needs to keep handshake " - "data. Call wolfSSL_KeepArrays before attempting to " - "export keyid material."); - return WOLFSSL_FAILURE; + /* do nothing handler */ + static void myHandler(int signo) + { + (void)signo; + return; } - /* check forbidden labels */ - for (fl = &forbiddenLabels[0]; fl->label != NULL; fl++) { - if (labelLen >= fl->labelLen && - XMEMCMP(label, fl->label, fl->labelLen) == 0) { - WOLFSSL_MSG("Forbidden label"); - return WOLFSSL_FAILURE; - } - } -#ifdef WOLFSSL_TLS13 - if (IsAtLeastTLSv1_3(ssl->version)) { - /* Path for TLS 1.3 */ - if (!use_context) { - contextLen = 0; - context = (byte*)""; /* Give valid pointer for 0 length memcpy */ - } - - if (Tls13_Exporter(ssl, out, (word32)outLen, label, labelLen, - context, contextLen) != 0) { - WOLFSSL_MSG("Tls13_Exporter error"); - return WOLFSSL_FAILURE; - } - return WOLFSSL_SUCCESS; - } -#endif - - /* Path for <=TLS 1.2 */ - seed = (byte*)XMALLOC(seedLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (seed == NULL) { - WOLFSSL_MSG("malloc error"); - return WOLFSSL_FAILURE; - } + static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb, + TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) + { + int ret = WOLFSSL_FATAL_ERROR; + int oldTimerOn = 0; /* was timer already on */ + WOLFSSL_TIMEVAL startTime; + WOLFSSL_TIMEVAL endTime; + WOLFSSL_TIMEVAL totalTime; + Itimerval myTimeout; + Itimerval oldTimeout; /* if old timer adjust from total time to reset */ + struct sigaction act, oact; - XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); - XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); + #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; } - if (use_context) { - /* Encode len in big endian */ - seed[SEED_LEN ] = (contextLen >> 8) & 0xFF; - seed[SEED_LEN + 1] = (contextLen) & 0xFF; - if (contextLen) { - /* 0 length context is allowed */ - XMEMCPY(seed + SEED_LEN + 2, context, contextLen); + if (hsCb) { + ssl->hsInfoOn = 1; + InitHandShakeInfo(&ssl->handShakeInfo, ssl); } - } + if (toCb) { + ssl->toInfoOn = 1; + InitTimeoutInfo(&ssl->timeoutInfo); - PRIVATE_KEY_UNLOCK(); - if (wc_PRF_TLS(out, (word32)outLen, ssl->arrays->masterSecret, SECRET_LEN, - (byte*)label, (word32)labelLen, seed, seedLen, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm, ssl->heap, ssl->devId) != 0) { - WOLFSSL_MSG("wc_PRF_TLS error"); - PRIVATE_KEY_LOCK(); - XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - PRIVATE_KEY_LOCK(); + if (gettimeofday(&startTime, 0) < 0) + ERR_OUT(GETTIME_ERROR); - XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_SUCCESS; -} -#endif /* HAVE_KEYING_MATERIAL */ + /* use setitimer to simulate getitimer, init 0 myTimeout */ + myTimeout.it_interval.tv_sec = 0; + myTimeout.it_interval.tv_usec = 0; + myTimeout.it_value.tv_sec = 0; + myTimeout.it_value.tv_usec = 0; + if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0) + ERR_OUT(SETITIMER_ERROR); -int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl) -{ - int useNb = 0; + if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) { + oldTimerOn = 1; - if (ssl == NULL) - return WOLFSSL_FAILURE; + /* is old timer going to expire before ours */ + if (CmpTimes(oldTimeout.it_value, timeout, <)) { + timeout.tv_sec = oldTimeout.it_value.tv_sec; + timeout.tv_usec = oldTimeout.it_value.tv_usec; + } + } + myTimeout.it_value.tv_sec = timeout.tv_sec; + myTimeout.it_value.tv_usec = timeout.tv_usec; - WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock"); - if (ssl->options.dtls) { -#ifdef WOLFSSL_DTLS - useNb = ssl->options.dtlsUseNonblock; + /* set up signal handler, don't restart socket send/recv */ + act.sa_handler = myHandler; + sigemptyset(&act.sa_mask); + act.sa_flags = 0; +#ifdef SA_INTERRUPT + act.sa_flags |= SA_INTERRUPT; #endif - } - else { - WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is " - "DEPRECATED for non-DTLS use."); - } - return useNb; -} + if (sigaction(SIGALRM, &act, &oact) < 0) + ERR_OUT(SIGACT_ERROR); + if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0) + ERR_OUT(SETITIMER_ERROR); + } -#ifndef WOLFSSL_LEANPSK + /* do main work */ +#ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) + ret = wolfSSL_connect(ssl); +#endif +#ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) + ret = wolfSSL_accept(ssl); +#endif -void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock) -{ - (void)nonblock; + /* do callbacks */ + if (toCb) { + if (oldTimerOn) { + if (gettimeofday(&endTime, 0) < 0) + ERR_OUT(SYSLIB_FAILED_E); + SubtractTimes(endTime, startTime, totalTime); + /* adjust old timer for elapsed time */ + if (CmpTimes(totalTime, oldTimeout.it_value, <)) + SubtractTimes(oldTimeout.it_value, totalTime, + oldTimeout.it_value); + else { + /* reset value to interval, may be off */ + oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec; + oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec; + } + /* keep iter the same whether there or not */ + } + /* restore old handler */ + if (sigaction(SIGALRM, &oact, 0) < 0) + ret = SIGACT_ERROR; /* more pressing error, stomp */ + else + /* use old settings which may turn off (expired or not there) */ + if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0) + ret = SETITIMER_ERROR; - WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock"); + /* if we had a timeout call callback */ + if (ssl->timeoutInfo.timeoutName[0]) { + ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec; + ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec; + (toCb)(&ssl->timeoutInfo); + } + ssl->toInfoOn = 0; + } - if (ssl == NULL) - return; + /* clean up buffers allocated by AddPacketInfo */ + FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap); - if (ssl->options.dtls) { -#ifdef WOLFSSL_DTLS - ssl->options.dtlsUseNonblock = (nonblock != 0); -#endif - } - else { - WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is " - "DEPRECATED for non-DTLS use."); + if (hsCb) { + FinishHandShakeInfo(&ssl->handShakeInfo); + (hsCb)(&ssl->handShakeInfo); + ssl->hsInfoOn = 0; + } + return ret; } -} -#ifdef WOLFSSL_DTLS - -int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) -{ - int timeout = 0; - if (ssl) - timeout = ssl->dtls_timeout; +#ifndef NO_WOLFSSL_CLIENT - WOLFSSL_LEAVE("wolfSSL_dtls_get_current_timeout", timeout); - return timeout; -} + int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, + TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) + { + WOLFSSL_ENTER("wolfSSL_connect_ex"); + return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout); + } -#ifdef WOLFSSL_DTLS13 +#endif -/* - * This API returns 1 when the user should set a short timeout for receiving - * data. It is recommended that it is at most 1/4 the value returned by - * wolfSSL_dtls_get_current_timeout(). - */ -int wolfSSL_dtls13_use_quick_timeout(WOLFSSL* ssl) -{ - return ssl->dtls13FastTimeout; -} -/* - * When this is set, a DTLS 1.3 connection will send acks immediately when a - * disruption is detected to shortcut timeouts. This results in potentially - * more traffic but may make the handshake quicker. - */ -void wolfSSL_dtls13_set_send_more_acks(WOLFSSL* ssl, int value) -{ - if (ssl != NULL) - ssl->options.dtls13SendMoreAcks = !!value; -} -#endif /* WOLFSSL_DTLS13 */ +#ifndef NO_WOLFSSL_SERVER -int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, WOLFSSL_TIMEVAL* timeleft) -{ - if (ssl && timeleft) { - XMEMSET(timeleft, 0, sizeof(WOLFSSL_TIMEVAL)); - timeleft->tv_sec = ssl->dtls_timeout; + int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, + TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) + { + WOLFSSL_ENTER("wolfSSL_accept_ex"); + return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout); } - return 0; -} -#ifndef NO_WOLFSSL_STUB -int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl) -{ - WOLFSSL_STUB("SSL_DTLSv1_handle_timeout"); - (void)ssl; - return 0; -} #endif -#ifndef NO_WOLFSSL_STUB -void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms) -{ - WOLFSSL_STUB("SSL_DTLSv1_set_initial_timeout_duration"); - (void)ssl; - (void)duration_ms; -} -#endif +#endif /* WOLFSSL_CALLBACKS */ -/* user may need to alter init dtls recv timeout, WOLFSSL_SUCCESS on ok */ -int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout) -{ - if (ssl == NULL || timeout < 0) - return BAD_FUNC_ARG; - if (timeout > ssl->dtls_timeout_max) { - WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max"); - return BAD_FUNC_ARG; - } +#ifndef NO_PSK - ssl->dtls_timeout_init = timeout; - ssl->dtls_timeout = timeout; + void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx, + wc_psk_client_callback cb) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_psk_client_callback"); - return WOLFSSL_SUCCESS; -} - - -/* user may need to alter max dtls recv timeout, WOLFSSL_SUCCESS on ok */ -int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout) -{ - if (ssl == NULL || timeout < 0) - return BAD_FUNC_ARG; + if (ctx == NULL) + return; - if (timeout < ssl->dtls_timeout_init) { - WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init"); - return BAD_FUNC_ARG; + ctx->havePSK = 1; + ctx->client_psk_cb = cb; } - ssl->dtls_timeout_max = timeout; + void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb) + { + byte haveRSA = 1; + int keySz = 0; - return WOLFSSL_SUCCESS; -} + WOLFSSL_ENTER("wolfSSL_set_psk_client_callback"); + if (ssl == NULL) + return; -int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) -{ - int result = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("wolfSSL_dtls_got_timeout"); + ssl->options.havePSK = 1; + ssl->options.client_psk_cb = cb; - if (ssl == NULL) - return WOLFSSL_FATAL_ERROR; + #ifdef NO_RSA + haveRSA = 0; + #endif + #ifndef NO_CERTS + keySz = ssl->buffers.keySz; + #endif + if (AllocateSuites(ssl) != 0) + return; + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, + ssl->options.haveDH, ssl->options.haveECDSAsig, + ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, + ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, + ssl->options.useAnon, TRUE, ssl->options.side); + } + #ifdef OPENSSL_EXTRA + /** + * set call back function for psk session use + * @param ssl a pointer to WOLFSSL structure + * @param cb a function pointer to wc_psk_use_session_cb + * @return none + */ + void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, + wc_psk_use_session_cb_func cb) + { + WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback"); -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { - result = Dtls13RtxTimeout(ssl); - if (result < 0) { - if (result == WANT_WRITE) - ssl->dtls13SendingAckOrRtx = 1; - ssl->error = result; - WOLFSSL_ERROR(result); - return WOLFSSL_FATAL_ERROR; + if (ssl != NULL) { + ssl->options.havePSK = 1; + ssl->options.session_psk_cb = cb; } - return WOLFSSL_SUCCESS; + WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS); } -#endif /* WOLFSSL_DTLS13 */ + #endif - if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { - if (DtlsMsgPoolTimeout(ssl) < 0){ - ssl->error = SOCKET_ERROR_E; - WOLFSSL_ERROR(ssl->error); - result = WOLFSSL_FATAL_ERROR; - } - else if ((result = DtlsMsgPoolSend(ssl, 0)) < 0) { - ssl->error = result; - WOLFSSL_ERROR(result); - result = WOLFSSL_FATAL_ERROR; - } - else { - /* Reset return value to success */ - result = WOLFSSL_SUCCESS; - } + void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, + wc_psk_server_callback cb) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_psk_server_callback"); + if (ctx == NULL) + return; + ctx->havePSK = 1; + ctx->server_psk_cb = cb; } - WOLFSSL_LEAVE("wolfSSL_dtls_got_timeout", result); - return result; -} - + void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb) + { + byte haveRSA = 1; + int keySz = 0; -/* retransmit all the saves messages, WOLFSSL_SUCCESS on ok */ -int wolfSSL_dtls_retransmit(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_dtls_retransmit"); + WOLFSSL_ENTER("wolfSSL_set_psk_server_callback"); + if (ssl == NULL) + return; - if (ssl == NULL) - return WOLFSSL_FATAL_ERROR; + ssl->options.havePSK = 1; + ssl->options.server_psk_cb = cb; - if (!ssl->options.handShakeDone) { - int result = DtlsMsgPoolSend(ssl, 0); - if (result < 0) { - ssl->error = result; - WOLFSSL_ERROR(result); - return WOLFSSL_FATAL_ERROR; - } + #ifdef NO_RSA + haveRSA = 0; + #endif + #ifndef NO_CERTS + keySz = ssl->buffers.keySz; + #endif + if (AllocateSuites(ssl) != 0) + return; + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, + ssl->options.haveDH, ssl->options.haveECDSAsig, + ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, + ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, + ssl->options.useAnon, TRUE, ssl->options.side); } - return 0; -} + const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) + { + WOLFSSL_ENTER("wolfSSL_get_psk_identity_hint"); -#endif /* DTLS */ -#endif /* LEANPSK */ + if (ssl == NULL || ssl->arrays == NULL) + return NULL; + return ssl->arrays->server_hint; + } -#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) -/* Not an SSL function, return 0 for success, error code otherwise */ -/* Prereq: ssl's RNG needs to be initialized. */ -int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, - const byte* secret, word32 secretSz) -{ - int ret = 0; + const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl) + { + WOLFSSL_ENTER("wolfSSL_get_psk_identity"); - WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret"); + if (ssl == NULL || ssl->arrays == NULL) + return NULL; - if (ssl == NULL) { - WOLFSSL_MSG("need a SSL object"); - return BAD_FUNC_ARG; + return ssl->arrays->client_identity; } - if (secret != NULL && secretSz == 0) { - WOLFSSL_MSG("can't have a new secret without a size"); - return BAD_FUNC_ARG; + int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint) + { + WOLFSSL_ENTER("wolfSSL_CTX_use_psk_identity_hint"); + if (hint == 0) + ctx->server_hint[0] = '\0'; + else { + /* Qt does not call CTX_set_*_psk_callbacks where havePSK is set */ + #ifdef WOLFSSL_QT + ctx->havePSK=1; + #endif + XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN); + ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */ + } + return WOLFSSL_SUCCESS; } - /* If secretSz is 0, use the default size. */ - if (secretSz == 0) - secretSz = COOKIE_SECRET_SZ; - - if (secretSz != ssl->buffers.dtlsCookieSecret.length) { - byte* newSecret; + int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint) + { + WOLFSSL_ENTER("wolfSSL_use_psk_identity_hint"); - if (ssl->buffers.dtlsCookieSecret.buffer != NULL) { - ForceZero(ssl->buffers.dtlsCookieSecret.buffer, - ssl->buffers.dtlsCookieSecret.length); - XFREE(ssl->buffers.dtlsCookieSecret.buffer, - ssl->heap, DYNAMIC_TYPE_COOKIE_PWD); - } + if (ssl == NULL || ssl->arrays == NULL) + return WOLFSSL_FAILURE; - newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD); - if (newSecret == NULL) { - ssl->buffers.dtlsCookieSecret.buffer = NULL; - ssl->buffers.dtlsCookieSecret.length = 0; - WOLFSSL_MSG("couldn't allocate new cookie secret"); - return MEMORY_ERROR; + if (hint == 0) + ssl->arrays->server_hint[0] = 0; + else { + XSTRNCPY(ssl->arrays->server_hint, hint, + sizeof(ssl->arrays->server_hint)-1); + ssl->arrays->server_hint[sizeof(ssl->arrays->server_hint)-1] = '\0'; } - ssl->buffers.dtlsCookieSecret.buffer = newSecret; - ssl->buffers.dtlsCookieSecret.length = secretSz; - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wolfSSL_DTLS_SetCookieSecret secret", - ssl->buffers.dtlsCookieSecret.buffer, - ssl->buffers.dtlsCookieSecret.length); - #endif + return WOLFSSL_SUCCESS; } - /* If the supplied secret is NULL, randomly generate a new secret. */ - if (secret == NULL) { - ret = wc_RNG_GenerateBlock(ssl->rng, - ssl->buffers.dtlsCookieSecret.buffer, secretSz); + void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl) + { + return ssl ? ssl->options.psk_ctx : NULL; } - else - XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz); + void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx) + { + return ctx ? ctx->psk_ctx : NULL; + } + int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx) + { + if (ssl == NULL) + return WOLFSSL_FAILURE; + ssl->options.psk_ctx = psk_ctx; + return WOLFSSL_SUCCESS; + } + int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx) + { + if (ctx == NULL) + return WOLFSSL_FAILURE; + ctx->psk_ctx = psk_ctx; + return WOLFSSL_SUCCESS; + } +#endif /* NO_PSK */ - WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0); - return ret; -} -#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ +#ifdef HAVE_ANON + int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx) + { + WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher"); -/* EITHER SIDE METHODS */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) - WOLFSSL_METHOD* wolfSSLv23_method(void) - { - return wolfSSLv23_method_ex(NULL); + if (ctx == NULL) + return WOLFSSL_FAILURE; + + ctx->useAnon = 1; + + return WOLFSSL_SUCCESS; } - WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap) + +#endif /* HAVE_ANON */ + +#ifndef NO_CERTS + + /* unload any certs or keys that SSL owns, leave CTX as is + WOLFSSL_SUCCESS on ok */ + int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl) { - WOLFSSL_METHOD* m = NULL; - WOLFSSL_ENTER("wolfSSLv23_method"); - #if !defined(NO_WOLFSSL_CLIENT) - m = wolfSSLv23_client_method_ex(heap); - #elif !defined(NO_WOLFSSL_SERVER) - m = wolfSSLv23_server_method_ex(heap); - #else - (void)heap; - #endif - if (m != NULL) { - m->side = WOLFSSL_NEITHER_END; + if (ssl == NULL) { + WOLFSSL_MSG("Null function arg"); + return BAD_FUNC_ARG; } - return m; + if (ssl->buffers.weOwnCert && !ssl->keepCert) { + WOLFSSL_MSG("Unloading cert"); + FreeDer(&ssl->buffers.certificate); + #ifdef KEEP_OUR_CERT + wolfSSL_X509_free(ssl->ourCert); + ssl->ourCert = NULL; + #endif + ssl->buffers.weOwnCert = 0; + } + + if (ssl->buffers.weOwnCertChain) { + WOLFSSL_MSG("Unloading cert chain"); + FreeDer(&ssl->buffers.certChain); + ssl->buffers.weOwnCertChain = 0; + } + + if (ssl->buffers.weOwnKey) { + WOLFSSL_MSG("Unloading key"); + ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length); + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif + ssl->buffers.weOwnKey = 0; + } + +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (ssl->buffers.weOwnAltKey) { + WOLFSSL_MSG("Unloading alt key"); + ForceZero(ssl->buffers.altKey->buffer, ssl->buffers.altKey->length); + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + ssl->buffers.weOwnAltKey = 0; + } +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + + return WOLFSSL_SUCCESS; } - #ifdef WOLFSSL_ALLOW_SSLV3 - WOLFSSL_METHOD* wolfSSLv3_method(void) + + int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx) { - return wolfSSLv3_method_ex(NULL); + WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + return wolfSSL_CertManagerUnloadCAs(ctx->cm); } - WOLFSSL_METHOD* wolfSSLv3_method_ex(void* heap) + + int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx) { - WOLFSSL_METHOD* m = NULL; - WOLFSSL_ENTER("wolfSSLv3_method_ex"); - #if !defined(NO_WOLFSSL_CLIENT) - m = wolfSSLv3_client_method_ex(heap); - #elif !defined(NO_WOLFSSL_SERVER) - m = wolfSSLv3_server_method_ex(heap); - #endif - if (m != NULL) { - m->side = WOLFSSL_NEITHER_END; + WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + if (ctx->ref.count > 1) { + WOLFSSL_MSG("ctx object must have a ref count of 1 before " + "unloading intermediate certs"); + return BAD_STATE_E; } - return m; + return wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); } - #endif -#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ -/* client only parts */ -#ifndef NO_WOLFSSL_CLIENT - #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) - WOLFSSL_METHOD* wolfSSLv2_client_method(void) +#ifdef WOLFSSL_TRUST_PEER_CERT + int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx) { - WOLFSSL_STUB("wolfSSLv2_client_method"); - return NULL; + WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + return wolfSSL_CertManagerUnload_trust_peers(ctx->cm); } - #endif - #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) - WOLFSSL_METHOD* wolfSSLv3_client_method(void) +#ifdef WOLFSSL_LOCAL_X509_STORE + int wolfSSL_Unload_trust_peers(WOLFSSL* ssl) { - return wolfSSLv3_client_method_ex(NULL); + WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + + if (ssl == NULL) + return BAD_FUNC_ARG; + + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl)); } - WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap) +#endif /* WOLFSSL_LOCAL_X509_STORE */ +#endif /* WOLFSSL_TRUST_PEER_CERT */ +/* old NO_FILESYSTEM end */ +#endif /* !NO_CERTS */ + + +#ifdef OPENSSL_EXTRA + + int wolfSSL_add_all_algorithms(void) { - WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), - heap, DYNAMIC_TYPE_METHOD); - (void)heap; - WOLFSSL_ENTER("wolfSSLv3_client_method_ex"); - if (method) - InitSSL_Method(method, MakeSSLv3()); - return method; + WOLFSSL_ENTER("wolfSSL_add_all_algorithms"); + if (initRefCount != 0 || wolfSSL_Init() == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + else + return WOLFSSL_FATAL_ERROR; } - #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ - - WOLFSSL_METHOD* wolfSSLv23_client_method(void) + int wolfSSL_OpenSSL_add_all_algorithms_noconf(void) { - return wolfSSLv23_client_method_ex(NULL); + WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf"); + + if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) + return WOLFSSL_FATAL_ERROR; + + return WOLFSSL_SUCCESS; } - WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) + + int wolfSSL_OpenSSL_add_all_algorithms_conf(void) { - WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), - heap, DYNAMIC_TYPE_METHOD); - (void)heap; - WOLFSSL_ENTER("wolfSSLv23_client_method_ex"); - if (method) { - #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) - #if defined(WOLFSSL_TLS13) - InitSSL_Method(method, MakeTLSv1_3()); - #elif !defined(WOLFSSL_NO_TLS12) - InitSSL_Method(method, MakeTLSv1_2()); - #elif !defined(NO_OLD_TLS) - InitSSL_Method(method, MakeTLSv1_1()); - #endif - #else - #ifndef NO_OLD_TLS - InitSSL_Method(method, MakeTLSv1_1()); - #endif - #endif - #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) - method->downgrade = 1; - #endif + WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_conf"); + /* This function is currently the same as + wolfSSL_OpenSSL_add_all_algorithms_noconf since we do not employ + the use of a wolfssl.cnf type configuration file and is only used for + OpenSSL compatibility. */ + + if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) { + return WOLFSSL_FATAL_ERROR; } - return method; + return WOLFSSL_SUCCESS; } - /* please see note at top of README if you get an error from connect */ - WOLFSSL_ABI - int wolfSSL_connect(WOLFSSL* ssl) +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode) { - #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)) - int neededState; - byte advanceState; - #endif - int ret = 0; + WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown"); + if (mode) + ctx->quietShutdown = 1; + } - (void)ret; - #ifdef HAVE_ERRNO_H - errno = 0; - #endif + void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode) + { + WOLFSSL_ENTER("wolfSSL_set_quiet_shutdown"); + if (mode) + ssl->options.quietShutdown = 1; + } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || + WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - if (ssl == NULL) - return BAD_FUNC_ARG; +#ifdef OPENSSL_EXTRA +#ifndef NO_BIO + static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) + { + WOLFSSL_ENTER("wolfSSL_set_bio"); - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) - if (ssl->options.side == WOLFSSL_NEITHER_END) { - ssl->error = InitSSL_Side(ssl, WOLFSSL_CLIENT_END); - if (ssl->error != WOLFSSL_SUCCESS) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument, ssl was NULL"); + return; + } + + /* free any existing WOLFSSL_BIOs in use but don't free those in + * a chain */ + if ((flags & WOLFSSL_BIO_FLAG_READ) && (ssl->biord != NULL)) { + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biord != ssl->biowr)) { + if (ssl->biowr != NULL && ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; } - ssl->error = 0; /* expected to be zero here */ + if (ssl->biord->prev != NULL) + wolfSSL_BIO_free(ssl->biord); + ssl->biord = NULL; + } + else if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biowr != NULL)) { + if (ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; } - #ifdef OPENSSL_EXTRA - if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS); - ssl->cbmode = SSL_CB_WRITE; + /* set flag obviously */ + if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) + rd->flags |= WOLFSSL_BIO_FLAG_READ; + if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE)) + wr->flags |= WOLFSSL_BIO_FLAG_WRITE; + + if (flags & WOLFSSL_BIO_FLAG_READ) + ssl->biord = rd; + if (flags & WOLFSSL_BIO_FLAG_WRITE) + ssl->biowr = wr; + + /* set SSL to use BIO callbacks instead */ + if ((flags & WOLFSSL_BIO_FLAG_READ) && + (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0))) + { + ssl->CBIORecv = BioReceive; + } + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && + (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0))) + { + ssl->CBIOSend = BioSend; } - #endif - #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13) - return wolfSSL_connect_TLSv13(ssl); - #else - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) { - WOLFSSL_MSG("TLS 1.3"); - return wolfSSL_connect_TLSv13(ssl); + /* User programs should always retry reading from these BIOs */ + if (rd) { + /* User writes to rd */ + BIO_set_retry_write(rd); } - #endif + if (wr) { + /* User reads from wr */ + BIO_set_retry_read(wr); + } + } - WOLFSSL_MSG("TLS 1.2 or lower"); - WOLFSSL_ENTER("wolfSSL_connect"); + void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) + { + ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); + } - /* make sure this wolfSSL object has arrays and rng setup. Protects - * case where the WOLFSSL object is reused via wolfSSL_clear() */ - if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { - return ret; - } + void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd) + { + ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); + } -#ifdef WOLFSSL_WOLFSENTRY_HOOKS - if ((ssl->ConnectFilter != NULL) && - (ssl->options.connectState == CONNECT_BEGIN)) { - wolfSSL_netfilter_decision_t res; - if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) == - WOLFSSL_SUCCESS) && - (res == WOLFSSL_NETFILTER_REJECT)) { - ssl->error = SOCKET_FILTERED_E; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr) + { + ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); + } + +#endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) + void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list"); + if (ctx != NULL) { + wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL); + ctx->client_ca_names = names; } -#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ + } - if (ssl->options.side != WOLFSSL_CLIENT_END) { - ssl->error = SIDE_ERROR; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + void wolfSSL_set_client_CA_list(WOLFSSL* ssl, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) + { + WOLFSSL_ENTER("wolfSSL_set_client_CA_list"); + if (ssl != NULL) { + if (ssl->client_ca_names != ssl->ctx->client_ca_names) + wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL); + ssl->client_ca_names = names; } + } - #ifdef WOLFSSL_DTLS - if (ssl->version.major == DTLS_MAJOR) { - ssl->options.dtls = 1; - ssl->options.tls = 1; - ssl->options.tls1_1 = 1; - ssl->options.dtlsStateful = 1; + #ifdef OPENSSL_EXTRA + /* registers client cert callback, called during handshake if server + requests client auth but user has not loaded client cert/key */ + void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_client_cert_cb"); + + if (ctx != NULL) { + ctx->CBClientCert = cb; } - #endif + } - /* fragOffset is non-zero when sending fragments. On the last - * fragment, fragOffset is zero again, and the state can be - * advanced. */ - advanceState = ssl->fragOffset == 0 && - (ssl->options.connectState == CONNECT_BEGIN || - ssl->options.connectState == HELLO_AGAIN || - (ssl->options.connectState >= FIRST_REPLY_DONE && - ssl->options.connectState <= FIRST_REPLY_FOURTH)); + void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, + CertSetupCallback cb, void *arg) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_cert_cb"); + if (ctx == NULL) + return; -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) - advanceState = advanceState && !ssl->dtls13SendingAckOrRtx; -#endif /* WOLFSSL_DTLS13 */ + ctx->certSetupCb = cb; + ctx->certSetupCbArg = arg; + } - if (ssl->buffers.outputBuffer.length > 0 - #ifdef WOLFSSL_ASYNC_CRYPT - /* do not send buffered or advance state if last error was an - async pending operation */ - && ssl->error != WC_PENDING_E - #endif - ) { - ret = SendBuffered(ssl); - if (ret == 0) { - if (ssl->fragOffset == 0 && !ssl->options.buildingMsg) { - if (advanceState) { - ssl->options.connectState++; - WOLFSSL_MSG("connect state: " - "Advanced from last buffered fragment send"); - #ifdef WOLFSSL_ASYNC_IO - /* Cleanup async */ - FreeAsyncCtx(ssl, 0); - #endif - } - } - else { - WOLFSSL_MSG("connect state: " - "Not advanced, more fragments to send"); - } + int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl, + const byte** suites, word16* suiteSz, + const byte** hashSigAlgo, word16* hashSigAlgoSz) + { + WOLFSSL_ENTER("wolfSSL_get_client_suites_sigalgs"); + + if (suites != NULL) + *suites = NULL; + if (suiteSz != NULL) + *suiteSz = 0; + if (hashSigAlgo != NULL) + *hashSigAlgo = NULL; + if (hashSigAlgoSz != NULL) + *hashSigAlgoSz = 0; + + if (ssl != NULL && ssl->clSuites != NULL) { + if (suites != NULL && suiteSz != NULL) { + *suites = ssl->clSuites->suites; + *suiteSz = ssl->clSuites->suiteSz; } - else { - ssl->error = ret; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + if (hashSigAlgo != NULL && hashSigAlgoSz != NULL) { + *hashSigAlgo = ssl->clSuites->hashSigAlgo; + *hashSigAlgoSz = ssl->clSuites->hashSigAlgoSz; } -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) - ssl->dtls13SendingAckOrRtx = 0; -#endif /* WOLFSSL_DTLS13 */ + return WOLFSSL_SUCCESS; } + return WOLFSSL_FAILURE; + } + WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, + byte second) + { + WOLFSSL_CIPHERSUITE_INFO info; + info.rsaAuth = (byte)(CipherRequires(first, second, REQUIRES_RSA) || + CipherRequires(first, second, REQUIRES_RSA_SIG)); + info.eccAuth = (byte)(CipherRequires(first, second, REQUIRES_ECC) || + /* Static ECC ciphers may require RSA for authentication */ + (CipherRequires(first, second, REQUIRES_ECC_STATIC) && + !CipherRequires(first, second, REQUIRES_RSA_SIG))); + info.eccStatic = + (byte)CipherRequires(first, second, REQUIRES_ECC_STATIC); + info.psk = (byte)CipherRequires(first, second, REQUIRES_PSK); + return info; + } - ret = RetrySendAlert(ssl); - if (ret != 0) { - ssl->error = ret; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + /** + * @param first First byte of the hash and signature algorithm + * @param second Second byte of the hash and signature algorithm + * @param hashAlgo The enum wc_HashType of the MAC algorithm + * @param sigAlgo The enum Key_Sum of the authentication algorithm + */ + int wolfSSL_get_sigalg_info(byte first, byte second, + int* hashAlgo, int* sigAlgo) + { + byte input[2]; + byte hashType; + byte sigType; - switch (ssl->options.connectState) { + if (hashAlgo == NULL || sigAlgo == NULL) + return BAD_FUNC_ARG; - case CONNECT_BEGIN : - /* always send client hello first */ - if ( (ssl->error = SendClientHello(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.connectState = CLIENT_HELLO_SENT; - WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT"); - FALL_THROUGH; + input[0] = first; + input[1] = second; + DecodeSigAlg(input, &hashType, &sigType); - case CLIENT_HELLO_SENT : - neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : - SERVER_HELLODONE_COMPLETE; - #ifdef WOLFSSL_DTLS - /* In DTLS, when resuming, we can go straight to FINISHED, - * or do a cookie exchange and then skip to FINISHED, assume - * we need the cookie exchange first. */ - if (IsDtlsNotSctpMode(ssl)) - neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; - #endif - /* get response */ - WOLFSSL_MSG("Server state up to needed state."); - while (ssl->options.serverState < neededState) { - WOLFSSL_MSG("Progressing server state..."); - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif - WOLFSSL_MSG("ProcessReply..."); - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - /* if resumption failed, reset needed state */ - else if (neededState == SERVER_FINISHED_COMPLETE) { - if (!ssl->options.resuming) { - #ifdef WOLFSSL_DTLS - if (IsDtlsNotSctpMode(ssl)) - neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; - else - #endif - neededState = SERVER_HELLODONE_COMPLETE; - } - } - WOLFSSL_MSG("ProcessReply done."); + /* cast so that compiler reminds us of unimplemented values */ + switch ((enum SignatureAlgorithm)sigType) { + case anonymous_sa_algo: + *sigAlgo = ANONk; + break; + case rsa_sa_algo: + *sigAlgo = RSAk; + break; + case dsa_sa_algo: + *sigAlgo = DSAk; + break; + case ecc_dsa_sa_algo: + *sigAlgo = ECDSAk; + break; + case rsa_pss_sa_algo: + *sigAlgo = RSAPSSk; + break; + case ed25519_sa_algo: + *sigAlgo = ED25519k; + break; + case rsa_pss_pss_algo: + *sigAlgo = RSAPSSk; + break; + case ed448_sa_algo: + *sigAlgo = ED448k; + break; + case falcon_level1_sa_algo: + *sigAlgo = FALCON_LEVEL1k; + break; + case falcon_level5_sa_algo: + *sigAlgo = FALCON_LEVEL5k; + break; + case dilithium_level2_sa_algo: + *sigAlgo = DILITHIUM_LEVEL2k; + break; + case dilithium_level3_sa_algo: + *sigAlgo = DILITHIUM_LEVEL3k; + break; + case dilithium_level5_sa_algo: + *sigAlgo = DILITHIUM_LEVEL5k; + break; + case sm2_sa_algo: + *sigAlgo = SM2k; + break; + case invalid_sa_algo: + default: + *hashAlgo = WC_HASH_TYPE_NONE; + *sigAlgo = 0; + return BAD_FUNC_ARG; + } -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version) - && ssl->dtls13Rtx.sendAcks == 1 - && ssl->options.seenUnifiedHdr) { - /* we aren't negotiated the version yet, so we aren't sure - * the other end can speak v1.3. On the other side we have - * received a unified records, assuming that the - * ServerHello got lost, we will send an empty ACK. In case - * the server is a DTLS with version less than 1.3, it - * should just ignore the message */ - ssl->dtls13Rtx.sendAcks = 0; - if ((ssl->error = SendDtls13Ack(ssl)) < 0) { - if (ssl->error == WANT_WRITE) - ssl->dtls13SendingAckOrRtx = 1; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } -#endif /* WOLFSSL_DTLS13 */ + /* cast so that compiler reminds us of unimplemented values */ + switch((enum wc_MACAlgorithm)hashType) { + case no_mac: + case rmd_mac: /* Don't have a RIPEMD type in wc_HashType */ + *hashAlgo = WC_HASH_TYPE_NONE; + break; + case md5_mac: + *hashAlgo = WC_HASH_TYPE_MD5; + break; + case sha_mac: + *hashAlgo = WC_HASH_TYPE_SHA; + break; + case sha224_mac: + *hashAlgo = WC_HASH_TYPE_SHA224; + break; + case sha256_mac: + *hashAlgo = WC_HASH_TYPE_SHA256; + break; + case sha384_mac: + *hashAlgo = WC_HASH_TYPE_SHA384; + break; + case sha512_mac: + *hashAlgo = WC_HASH_TYPE_SHA512; + break; + case blake2b_mac: + *hashAlgo = WC_HASH_TYPE_BLAKE2B; + break; + case sm3_mac: +#ifdef WOLFSSL_SM3 + *hashAlgo = WC_HASH_TYPE_SM3; +#else + *hashAlgo = WC_HASH_TYPE_NONE; +#endif + break; + default: + *hashAlgo = WC_HASH_TYPE_NONE; + *sigAlgo = 0; + return BAD_FUNC_ARG; + } + return 0; + } + + /** + * Internal wrapper for calling certSetupCb + * @param ssl The SSL/TLS Object + * @return 0 on success + */ + int CertSetupCbWrapper(WOLFSSL* ssl) + { + int ret = 0; + if (ssl->ctx->certSetupCb != NULL) { + WOLFSSL_MSG("Calling user cert setup callback"); + ret = ssl->ctx->certSetupCb(ssl, ssl->ctx->certSetupCbArg); + if (ret == 1) { + WOLFSSL_MSG("User cert callback returned success"); + ret = 0; + } + else if (ret == 0) { + SendAlert(ssl, alert_fatal, internal_error); + ret = CLIENT_CERT_CB_ERROR; + } + else if (ret < 0) { + ret = WOLFSSL_ERROR_WANT_X509_LOOKUP; + } + else { + WOLFSSL_MSG("Unexpected user callback return"); + ret = CLIENT_CERT_CB_ERROR; } + } + return ret; + } + #endif /* OPENSSL_EXTRA */ - ssl->options.connectState = HELLO_AGAIN; - WOLFSSL_MSG("connect state: HELLO_AGAIN"); - FALL_THROUGH; +#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */ - case HELLO_AGAIN : +#ifndef WOLFSSL_NO_CA_NAMES + WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( + const WOLFSSL_CTX *ctx) + { + WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list"); - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif + if (ctx == NULL) { + WOLFSSL_MSG("Bad argument passed to " + "wolfSSL_CTX_get_client_CA_list"); + return NULL; + } - #ifdef WOLFSSL_DTLS - if (ssl->options.serverState == - SERVER_HELLOVERIFYREQUEST_COMPLETE) { - if (IsDtlsNotSctpMode(ssl)) { - /* re-init hashes, exclude first hello and verify request */ - if ((ssl->error = InitHandshakeHashes(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - if ( (ssl->error = SendClientHello(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - } - #endif + return ctx->client_ca_names; + } - ssl->options.connectState = HELLO_AGAIN_REPLY; - WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY"); - FALL_THROUGH; + /* returns the CA's set on server side or the CA's sent from server when + * on client side */ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( + const WOLFSSL* ssl) + { + WOLFSSL_ENTER("wolfSSL_get_client_CA_list"); - case HELLO_AGAIN_REPLY : - #ifdef WOLFSSL_DTLS - if (IsDtlsNotSctpMode(ssl)) { - neededState = ssl->options.resuming ? - SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE; + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list"); + return NULL; + } - /* get response */ - while (ssl->options.serverState < neededState) { - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - /* if resumption failed, reset needed state */ - if (neededState == SERVER_FINISHED_COMPLETE) { - if (!ssl->options.resuming) - neededState = SERVER_HELLODONE_COMPLETE; - } - } - } - #endif + return SSL_CA_NAMES(ssl); + } - ssl->options.connectState = FIRST_REPLY_DONE; - WOLFSSL_MSG("connect state: FIRST_REPLY_DONE"); - FALL_THROUGH; + #if !defined(NO_CERTS) + int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) + { + WOLFSSL_X509_NAME *nameCopy = NULL; - case FIRST_REPLY_DONE : - if (ssl->options.certOnly) - return WOLFSSL_SUCCESS; - #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif - if (ssl->options.sendVerify) { - if ( (ssl->error = SendCertificate(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - WOLFSSL_MSG("sent: certificate"); - } + WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); - #endif - ssl->options.connectState = FIRST_REPLY_FIRST; - WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST"); - FALL_THROUGH; + if (ctx == NULL || x509 == NULL){ + WOLFSSL_MSG("Bad argument"); + return WOLFSSL_FAILURE; + } - case FIRST_REPLY_FIRST : - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_connect_TLSv13(ssl); - #endif - if (!ssl->options.resuming) { - if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif -#ifdef WOLFSSL_EXTRA_ALERTS - if (ssl->error == NO_PEER_KEY || - ssl->error == PSK_KEY_ERROR) { - SendAlert(ssl, alert_fatal, handshake_failure); - } -#endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - WOLFSSL_MSG("sent: client key exchange"); + if (ctx->client_ca_names == NULL) { + ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); + if (ctx->client_ca_names == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + return WOLFSSL_FAILURE; } + } - ssl->options.connectState = FIRST_REPLY_SECOND; - WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND"); - FALL_THROUGH; + nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509)); + if (nameCopy == NULL) { + WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); + return WOLFSSL_FAILURE; + } - #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) - case FIRST_REPLY_SECOND : - /* CLIENT: Fail-safe for Server Authentication. */ - if (!ssl->options.peerAuthGood) { - WOLFSSL_MSG("Server authentication did not happen"); - ssl->error = NO_PEER_VERIFY; - return WOLFSSL_FATAL_ERROR; - } + if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); + wolfSSL_X509_NAME_free(nameCopy); + return WOLFSSL_FAILURE; + } - #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) - if (ssl->options.sendVerify) { - if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - WOLFSSL_MSG("sent: certificate verify"); - } - #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ - ssl->options.connectState = FIRST_REPLY_THIRD; - WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); - FALL_THROUGH; + return WOLFSSL_SUCCESS; + } + #endif - case FIRST_REPLY_THIRD : - if ( (ssl->error = SendChangeCipher(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - WOLFSSL_MSG("sent: change cipher spec"); - ssl->options.connectState = FIRST_REPLY_FOURTH; - WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH"); - FALL_THROUGH; + #ifndef NO_BIO + #if !defined(NO_RSA) && !defined(NO_CERTS) + WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file( + const char* fname) + { + /* The webserver build is using this to load a CA into the server + * for client authentication as an option. Have this return NULL in + * that case. If OPENSSL_EXTRA is enabled, go ahead and include + * the function. */ + #ifdef OPENSSL_EXTRA + WOLFSSL_STACK *list = NULL; + WOLFSSL_BIO* bio = NULL; + WOLFSSL_X509 *cert = NULL; + WOLFSSL_X509_NAME *nameCopy = NULL; + unsigned long err = WOLFSSL_FAILURE; - case FIRST_REPLY_FOURTH : - if ( (ssl->error = SendFinished(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); + + bio = wolfSSL_BIO_new_file(fname, "rb"); + if (bio == NULL) { + WOLFSSL_MSG("wolfSSL_BIO_new_file error"); + goto cleanup; } - WOLFSSL_MSG("sent: finished"); - ssl->options.connectState = FINISHED_DONE; - WOLFSSL_MSG("connect state: FINISHED_DONE"); - FALL_THROUGH; -#ifdef WOLFSSL_DTLS13 - case WAIT_FINISHED_ACK: - ssl->options.connectState = FINISHED_DONE; - FALL_THROUGH; -#endif /* WOLFSSL_DTLS13 */ + list = wolfSSL_sk_X509_NAME_new(NULL); + if (list == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + goto cleanup; + } - case FINISHED_DONE : - /* get response */ - while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + /* Read each certificate in the chain out of the file. */ + while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) { + /* Need a persistent copy of the subject name. */ + nameCopy = wolfSSL_X509_NAME_dup( + wolfSSL_X509_get_subject_name(cert)); + if (nameCopy == NULL) { + WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); + goto cleanup; } + /* + * Original cert will be freed so make sure not to try to access + * it in the future. + */ + nameCopy->x509 = NULL; - ssl->options.connectState = SECOND_REPLY_DONE; - WOLFSSL_MSG("connect state: SECOND_REPLY_DONE"); - FALL_THROUGH; - - case SECOND_REPLY_DONE: - #ifndef NO_HANDSHAKE_DONE_CB - if (ssl->hsDoneCb) { - int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); - if (cbret < 0) { - ssl->error = cbret; - WOLFSSL_MSG("HandShake Done Cb don't continue error"); - return WOLFSSL_FATAL_ERROR; + if (wolfSSL_sk_X509_NAME_push(list, nameCopy) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); + /* Do free in loop because nameCopy is now responsibility + * of list to free and adding jumps to cleanup after this + * might result in a double free. */ + wolfSSL_X509_NAME_free(nameCopy); + goto cleanup; } - } - #endif /* NO_HANDSHAKE_DONE_CB */ - if (!ssl->options.dtls) { - if (!ssl->options.keepResources) { - FreeHandshakeResources(ssl); - } - } - #ifdef WOLFSSL_DTLS - else { - ssl->options.dtlsHsRetain = 1; + wolfSSL_X509_free(cert); + cert = NULL; } - #endif /* WOLFSSL_DTLS */ - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION) - /* This may be necessary in async so that we don't try to - * renegotiate again */ - if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { - ssl->secure_renegotiation->startScr = 0; + CLEAR_ASN_NO_PEM_HEADER_ERROR(err); + + err = WOLFSSL_SUCCESS; +cleanup: + wolfSSL_X509_free(cert); + wolfSSL_BIO_free(bio); + if (err != WOLFSSL_SUCCESS) { + /* We failed so return NULL */ + wolfSSL_sk_X509_NAME_pop_free(list, NULL); + list = NULL; } - #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ - #if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) - /* Free the remaining async context if not using it for crypto */ - FreeAsyncCtx(ssl, 1); + return list; + #else + (void)fname; + return NULL; #endif - - ssl->error = 0; /* clear the error */ - - WOLFSSL_LEAVE("wolfSSL_connect", WOLFSSL_SUCCESS); - return WOLFSSL_SUCCESS; - #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */ - - default: - WOLFSSL_MSG("Unknown connect state ERROR"); - return WOLFSSL_FATAL_ERROR; /* unknown connect state */ } - #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */ - } - -#endif /* NO_WOLFSSL_CLIENT */ + #endif + #endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ +#ifdef OPENSSL_EXTRA -/* server only parts */ -#ifndef NO_WOLFSSL_SERVER + #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ + && !defined(WC_NO_RNG) + static const byte srp_N[] = { + 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, + 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, + 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6, + 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13, + 0xD6, 0x92, 0xC6, 0xE0, 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, + 0xE4, 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7, + 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 0xAD, 0x69, + 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, + 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, 0x68, 0xED, 0xBC, + 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, + 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, + 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 + }; + static const byte srp_g[] = { + 0x02 + }; - #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) - WOLFSSL_METHOD* wolfSSLv2_server_method(void) + int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username) { - WOLFSSL_STUB("wolfSSLv2_server_method"); - return 0; - } - #endif + int r = 0; + SrpSide srp_side = SRP_CLIENT_SIDE; + byte salt[SRP_SALT_SIZE]; - #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) - WOLFSSL_METHOD* wolfSSLv3_server_method(void) - { - return wolfSSLv3_server_method_ex(NULL); - } - WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap) - { - WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), - heap, DYNAMIC_TYPE_METHOD); - (void)heap; - WOLFSSL_ENTER("wolfSSLv3_server_method_ex"); - if (method) { - InitSSL_Method(method, MakeSSLv3()); - method->side = WOLFSSL_SERVER_END; - } - return method; - } - #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_username"); + if (ctx == NULL || ctx->srp == NULL || username==NULL) + return WOLFSSL_FAILURE; - WOLFSSL_METHOD* wolfSSLv23_server_method(void) - { - return wolfSSLv23_server_method_ex(NULL); - } + if (ctx->method->side == WOLFSSL_SERVER_END){ + srp_side = SRP_SERVER_SIDE; + } else if (ctx->method->side == WOLFSSL_CLIENT_END){ + srp_side = SRP_CLIENT_SIDE; + } else { + WOLFSSL_MSG("Init CTX failed"); + return WOLFSSL_FAILURE; + } - WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) - { - WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), - heap, DYNAMIC_TYPE_METHOD); - (void)heap; - WOLFSSL_ENTER("wolfSSLv23_server_method_ex"); - if (method) { - #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) - #ifdef WOLFSSL_TLS13 - InitSSL_Method(method, MakeTLSv1_3()); - #elif !defined(WOLFSSL_NO_TLS12) - InitSSL_Method(method, MakeTLSv1_2()); - #elif !defined(NO_OLD_TLS) - InitSSL_Method(method, MakeTLSv1_1()); - #endif - #else - #ifndef NO_OLD_TLS - InitSSL_Method(method, MakeTLSv1_1()); - #else - #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 - #endif - #endif - #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) - method->downgrade = 1; - #endif - method->side = WOLFSSL_SERVER_END; + if (wc_SrpInit(ctx->srp, SRP_TYPE_SHA256, srp_side) < 0) { + WOLFSSL_MSG("Init SRP CTX failed"); + XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp = NULL; + return WOLFSSL_FAILURE; + } + r = wc_SrpSetUsername(ctx->srp, (const byte*)username, + (word32)XSTRLEN(username)); + if (r < 0) { + WOLFSSL_MSG("fail to set srp username."); + return WOLFSSL_FAILURE; } - return method; - } + /* if wolfSSL_CTX_set_srp_password has already been called, */ + /* execute wc_SrpSetPassword here */ + if (ctx->srp_password != NULL) { + WC_RNG rng; + if (wc_InitRng(&rng) < 0){ + WOLFSSL_MSG("wc_InitRng failed"); + return WOLFSSL_FAILURE; + } + XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); + r = wc_RNG_GenerateBlock(&rng, salt, sizeof(salt)/sizeof(salt[0])); + wc_FreeRng(&rng); + if (r < 0) { + WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); + return WOLFSSL_FAILURE; + } - WOLFSSL_ABI - int wolfSSL_accept(WOLFSSL* ssl) + if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), + srp_g, sizeof(srp_g)/sizeof(srp_g[0]), + salt, sizeof(salt)/sizeof(salt[0])) < 0) { + WOLFSSL_MSG("wc_SrpSetParam failed"); + return WOLFSSL_FAILURE; + } + r = wc_SrpSetPassword(ctx->srp, + (const byte*)ctx->srp_password, + (word32)XSTRLEN((char *)ctx->srp_password)); + if (r < 0) { + WOLFSSL_MSG("fail to set srp password."); + return WOLFSSL_FAILURE; + } + + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; + } + + return WOLFSSL_SUCCESS; + } + + int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) { -#if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)) - word16 havePSK = 0; - word16 haveAnon = 0; - word16 haveMcast = 0; -#endif - int ret = 0; + int r; + byte salt[SRP_SALT_SIZE]; - (void)ret; + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_password"); + if (ctx == NULL || ctx->srp == NULL || password == NULL) + return WOLFSSL_FAILURE; - if (ssl == NULL) - return WOLFSSL_FATAL_ERROR; + if (ctx->srp->user != NULL) { + WC_RNG rng; + if (wc_InitRng(&rng) < 0) { + WOLFSSL_MSG("wc_InitRng failed"); + return WOLFSSL_FAILURE; + } + XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); + r = wc_RNG_GenerateBlock(&rng, salt, sizeof(salt)/sizeof(salt[0])); + wc_FreeRng(&rng); + if (r < 0) { + WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); + return WOLFSSL_FAILURE; + } + if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), + srp_g, sizeof(srp_g)/sizeof(srp_g[0]), + salt, sizeof(salt)/sizeof(salt[0])) < 0){ + WOLFSSL_MSG("wc_SrpSetParam failed"); + wc_FreeRng(&rng); + return WOLFSSL_FAILURE; + } + r = wc_SrpSetPassword(ctx->srp, (const byte*)password, + (word32)XSTRLEN(password)); + if (r < 0) { + WOLFSSL_MSG("wc_SrpSetPassword failed."); + wc_FreeRng(&rng); + return WOLFSSL_FAILURE; + } + XFREE(ctx->srp_password, NULL, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; + wc_FreeRng(&rng); + } else { + /* save password for wolfSSL_set_srp_username */ + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) - if (ssl->options.side == WOLFSSL_NEITHER_END) { - WOLFSSL_MSG("Setting WOLFSSL_SSL to be server side"); - ssl->error = InitSSL_Side(ssl, WOLFSSL_SERVER_END); - if (ssl->error != WOLFSSL_SUCCESS) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap, + DYNAMIC_TYPE_SRP); + if (ctx->srp_password == NULL){ + WOLFSSL_MSG("memory allocation error"); + return WOLFSSL_FAILURE; } - ssl->error = 0; /* expected to be zero here */ + XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); } - #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - -#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13) - return wolfSSL_accept_TLSv13(ssl); -#else - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) - return wolfSSL_accept_TLSv13(ssl); - #endif - WOLFSSL_ENTER("wolfSSL_accept"); + return WOLFSSL_SUCCESS; + } - /* make sure this wolfSSL object has arrays and rng setup. Protects - * case where the WOLFSSL object is reused via wolfSSL_clear() */ - if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { - return ret; + /** + * The modulus passed to wc_SrpSetParams in ssl.c is constant so check + * that the requested strength is less than or equal to the size of the + * static modulus size. + * @param ctx Not used + * @param strength Minimum number of bits for the modulus + * @return 1 if strength is less than or equal to static modulus + * 0 if strength is greater than static modulus + */ + int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength) + { + (void)ctx; + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_strength"); + if (strength > (int)(sizeof(srp_N)*8)) { + WOLFSSL_MSG("Bad Parameter"); + return WOLFSSL_FAILURE; } + return WOLFSSL_SUCCESS; + } -#ifdef WOLFSSL_WOLFSENTRY_HOOKS - if ((ssl->AcceptFilter != NULL) && - ((ssl->options.acceptState == ACCEPT_BEGIN) -#ifdef HAVE_SECURE_RENEGOTIATION - || (ssl->options.acceptState == ACCEPT_BEGIN_RENEG) -#endif - )) - { - wolfSSL_netfilter_decision_t res; - if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == - WOLFSSL_SUCCESS) && - (res == WOLFSSL_NETFILTER_REJECT)) { - ssl->error = SOCKET_FILTERED_E; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + char* wolfSSL_get_srp_username(WOLFSSL *ssl) + { + if (ssl && ssl->ctx && ssl->ctx->srp) { + return (char*) ssl->ctx->srp->user; } -#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ + return NULL; + } + #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ - #ifdef HAVE_ERRNO_H - errno = 0; - #endif + /* keyblock size in bytes or -1 */ + int wolfSSL_get_keyblock_size(WOLFSSL* ssl) + { + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - (void)havePSK; + return 2 * (ssl->specs.key_size + ssl->specs.iv_size + + ssl->specs.hash_size); + } - #ifdef HAVE_ANON - haveAnon = ssl->options.useAnon; - #endif - (void)haveAnon; +#endif /* OPENSSL_EXTRA */ - #ifdef WOLFSSL_MULTICAST - haveMcast = ssl->options.haveMcast; - #endif - (void)haveMcast; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || \ + defined(WOLFSSL_WPAS_SMALL) - if (ssl->options.side != WOLFSSL_SERVER_END) { - ssl->error = SIDE_ERROR; - WOLFSSL_ERROR(ssl->error); + /* store keys returns WOLFSSL_SUCCESS or -1 on error */ + int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen, + unsigned char** sr, unsigned int* srLen, + unsigned char** cr, unsigned int* crLen) + { + if (ssl == NULL || ssl->arrays == NULL) return WOLFSSL_FATAL_ERROR; - } - #ifndef NO_CERTS - /* in case used set_accept_state after init */ - if (!havePSK && !haveAnon && !haveMcast) { - #ifdef OPENSSL_EXTRA - if (ssl->ctx->certSetupCb != NULL) { - WOLFSSL_MSG("CertSetupCb set. server cert and " - "key not checked"); - } - else - #endif - { - if (!ssl->buffers.certificate || - !ssl->buffers.certificate->buffer) { + *ms = ssl->arrays->masterSecret; + *sr = ssl->arrays->serverRandom; + *cr = ssl->arrays->clientRandom; - WOLFSSL_MSG("accept error: server cert required"); - ssl->error = NO_PRIVATE_KEY; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + *msLen = SECRET_LEN; + *srLen = RAN_LEN; + *crLen = RAN_LEN; - if (!ssl->buffers.key || !ssl->buffers.key->buffer) { - /* allow no private key if using existing key */ - #ifdef WOLF_PRIVATE_KEY_ID - if (ssl->devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) - #endif - ) { - WOLFSSL_MSG("Allowing no server private key " - "(external)"); - } - else - #endif - { - WOLFSSL_MSG("accept error: server key required"); - ssl->error = NO_PRIVATE_KEY; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - } - } - #endif + return WOLFSSL_SUCCESS; + } - #ifdef WOLFSSL_DTLS - if (ssl->version.major == DTLS_MAJOR) { - ssl->options.dtls = 1; - ssl->options.tls = 1; - ssl->options.tls1_1 = 1; - if (!IsDtlsNotSctpMode(ssl) || !IsDtlsNotSrtpMode(ssl) || - IsSCR(ssl)) - ssl->options.dtlsStateful = 1; - } - #endif + void wolfSSL_set_accept_state(WOLFSSL* ssl) + { + WOLFSSL_ENTER("wolfSSL_set_accept_state"); - if (ssl->buffers.outputBuffer.length > 0 - #ifdef WOLFSSL_ASYNC_CRYPT - /* do not send buffered or advance state if last error was an - async pending operation */ - && ssl->error != WC_PENDING_E + if (ssl == NULL) + return; + + if (ssl->options.side == WOLFSSL_CLIENT_END) { + #ifdef HAVE_ECC + #ifdef WOLFSSL_SMALL_STACK + ecc_key* key = NULL; + #else + ecc_key key[1]; #endif - ) { - ret = SendBuffered(ssl); - if (ret == 0) { - /* fragOffset is non-zero when sending fragments. On the last - * fragment, fragOffset is zero again, and the state can be - * advanced. */ - if (ssl->fragOffset == 0 && !ssl->options.buildingMsg) { - if (ssl->options.acceptState == ACCEPT_FIRST_REPLY_DONE || - ssl->options.acceptState == SERVER_HELLO_SENT || - ssl->options.acceptState == CERT_SENT || - ssl->options.acceptState == CERT_STATUS_SENT || - ssl->options.acceptState == KEY_EXCHANGE_SENT || - ssl->options.acceptState == CERT_REQ_SENT || - ssl->options.acceptState == ACCEPT_SECOND_REPLY_DONE || - ssl->options.acceptState == TICKET_SENT || - ssl->options.acceptState == CHANGE_CIPHER_SENT) { - ssl->options.acceptState++; - WOLFSSL_MSG("accept state: " - "Advanced from last buffered fragment send"); - #ifdef WOLFSSL_ASYNC_IO - /* Cleanup async */ - FreeAsyncCtx(ssl, 0); - #endif + word32 idx = 0; + + #ifdef WOLFSSL_SMALL_STACK + key = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, + DYNAMIC_TYPE_ECC); + if (key == NULL) { + WOLFSSL_MSG("Error allocating memory for ecc_key"); + } + #endif + if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) { + if (wc_ecc_init(key) >= 0) { + if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + key, ssl->buffers.key->length) != 0) { + ssl->options.haveECDSAsig = 0; + ssl->options.haveECC = 0; + ssl->options.haveStaticECC = 0; } - } - else { - WOLFSSL_MSG("accept state: " - "Not advanced, more fragments to send"); + wc_ecc_free(key); } } - else { - ssl->error = ret; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + #ifdef WOLFSSL_SMALL_STACK + XFREE(key, ssl->heap, DYNAMIC_TYPE_ECC); + #endif + #endif + + #ifndef NO_DH + if (!ssl->options.haveDH && ssl->ctx->haveDH) { + ssl->buffers.serverDH_P = ssl->ctx->serverDH_P; + ssl->buffers.serverDH_G = ssl->ctx->serverDH_G; + ssl->options.haveDH = 1; } -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) - ssl->dtls13SendingAckOrRtx = 0; -#endif /* WOLFSSL_DTLS13 */ + #endif } - ret = RetrySendAlert(ssl); - if (ret != 0) { - ssl->error = ret; - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + if (InitSSL_Side(ssl, WOLFSSL_SERVER_END) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error initializing server side"); } + } - switch (ssl->options.acceptState) { +#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - case ACCEPT_BEGIN : -#ifdef HAVE_SECURE_RENEGOTIATION - case ACCEPT_BEGIN_RENEG: -#endif - /* get response */ - while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } -#ifdef WOLFSSL_TLS13 - ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; - WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); - FALL_THROUGH; + /* return true if connection established */ + int wolfSSL_is_init_finished(const WOLFSSL* ssl) + { + if (ssl == NULL) + return 0; - case ACCEPT_CLIENT_HELLO_DONE : - if (ssl->options.tls1_3) { - return wolfSSL_accept_TLSv13(ssl); - } + /* Can't use ssl->options.connectState and ssl->options.acceptState + * because they differ in meaning for TLS <=1.2 and 1.3 */ + if (ssl->options.handShakeState == HANDSHAKE_DONE) + return 1; + + return 0; + } + +#ifdef OPENSSL_EXTRA + void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx, + WOLFSSL_RSA*(*f)(WOLFSSL*, int, int)) + { + /* wolfSSL verifies all these internally */ + (void)ctx; + (void)f; + } + + + void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt) + { + WOLFSSL_ENTER("wolfSSL_set_shutdown"); + if(ssl==NULL) { + WOLFSSL_MSG("Shutdown not set. ssl is null"); + return; + } + + ssl->options.sentNotify = (opt&WOLFSSL_SENT_SHUTDOWN) > 0; + ssl->options.closeNotify = (opt&WOLFSSL_RECEIVED_SHUTDOWN) > 0; + } #endif - ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; - WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); - FALL_THROUGH; + long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) + { + WOLFSSL_ENTER("wolfSSL_CTX_get_options"); + WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); + if(ctx == NULL) + return BAD_FUNC_ARG; + return ctx->mask; + } - case ACCEPT_FIRST_REPLY_DONE : - if ( (ssl->error = SendServerHello(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.acceptState = SERVER_HELLO_SENT; - WOLFSSL_MSG("accept state SERVER_HELLO_SENT"); - FALL_THROUGH; + /* forward declaration */ + static long wolf_set_options(long old_op, long op); - case SERVER_HELLO_SENT : - #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) { - return wolfSSL_accept_TLSv13(ssl); - } - #endif - #ifndef NO_CERTS - if (!ssl->options.resuming) - if ( (ssl->error = SendCertificate(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - #endif - ssl->options.acceptState = CERT_SENT; - WOLFSSL_MSG("accept state CERT_SENT"); - FALL_THROUGH; + long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_options"); - case CERT_SENT : - #ifndef NO_CERTS - if (!ssl->options.resuming) - if ( (ssl->error = SendCertificateStatus(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - #endif - ssl->options.acceptState = CERT_STATUS_SENT; - WOLFSSL_MSG("accept state CERT_STATUS_SENT"); - FALL_THROUGH; + if (ctx == NULL) + return BAD_FUNC_ARG; - case CERT_STATUS_SENT : + ctx->mask = wolf_set_options(ctx->mask, opt); +#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \ + || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)) + if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { + ctx->noTicketTls12 = 1; + } + /* This code is here for documentation purpose. You must not turn off + * session tickets with the WOLFSSL_OP_NO_TICKET option for TLSv1.3. + * Because we need to support both stateful and stateless tickets. #ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) { - return wolfSSL_accept_TLSv13(ssl); + if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { + ctx->noTicketTls13 = 1; } #endif - if (!ssl->options.resuming) - if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.acceptState = KEY_EXCHANGE_SENT; - WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT"); - FALL_THROUGH; - - case KEY_EXCHANGE_SENT : - #ifndef NO_CERTS - if (!ssl->options.resuming) { - if (ssl->options.verifyPeer) { - if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - else { - /* SERVER: Peer auth good if not verifying client. */ - ssl->options.peerAuthGood = 1; - } - } - #endif - ssl->options.acceptState = CERT_REQ_SENT; - WOLFSSL_MSG("accept state CERT_REQ_SENT"); - FALL_THROUGH; + */ +#endif + return ctx->mask; + } - case CERT_REQ_SENT : - if (!ssl->options.resuming) - if ( (ssl->error = SendServerHelloDone(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.acceptState = SERVER_HELLO_DONE; - WOLFSSL_MSG("accept state SERVER_HELLO_DONE"); - FALL_THROUGH; + long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) + { + WOLFSSL_ENTER("wolfSSL_CTX_clear_options"); + if(ctx == NULL) + return BAD_FUNC_ARG; + ctx->mask &= ~opt; + return ctx->mask; + } - case SERVER_HELLO_DONE : - if (!ssl->options.resuming) { - while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; - WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); - FALL_THROUGH; +#ifdef OPENSSL_EXTRA - case ACCEPT_SECOND_REPLY_DONE : - #ifndef NO_CERTS - /* SERVER: When not resuming and verifying peer but no certificate - * received and not failing when not received then peer auth good. - */ - if (!ssl->options.resuming && ssl->options.verifyPeer && - !ssl->options.havePeerCert && !ssl->options.failNoCert) { - ssl->options.peerAuthGood = 1; - } - #endif /* !NO_CERTS */ - #ifdef WOLFSSL_NO_CLIENT_AUTH - if (!ssl->options.resuming) { - ssl->options.peerAuthGood = 1; - } - #endif + int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd) + { + WOLFSSL_ENTER("wolfSSL_set_rfd"); + ssl->rfd = rfd; /* not used directly to allow IO callbacks */ -#ifdef HAVE_SESSION_TICKET - if (ssl->options.createTicket && !ssl->options.noTicketTls12) { - if ( (ssl->error = SendTicket(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_MSG("Thought we need ticket but failed"); - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } -#endif /* HAVE_SESSION_TICKET */ - ssl->options.acceptState = TICKET_SENT; - WOLFSSL_MSG("accept state TICKET_SENT"); - FALL_THROUGH; + ssl->IOCB_ReadCtx = &ssl->rfd; - case TICKET_SENT: - /* SERVER: Fail-safe for CLient Authentication. */ - if (!ssl->options.peerAuthGood) { - WOLFSSL_MSG("Client authentication did not happen"); - return WOLFSSL_FATAL_ERROR; - } + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; + ssl->buffers.dtlsCtx.rfd = rfd; + } + #endif - if ( (ssl->error = SendChangeCipher(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.acceptState = CHANGE_CIPHER_SENT; - WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT"); - FALL_THROUGH; + return WOLFSSL_SUCCESS; + } - case CHANGE_CIPHER_SENT : - if ( (ssl->error = SendFinished(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - ssl->options.acceptState = ACCEPT_FINISHED_DONE; - WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE"); - FALL_THROUGH; + int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd) + { + WOLFSSL_ENTER("wolfSSL_set_wfd"); + ssl->wfd = wfd; /* not used directly to allow IO callbacks */ - case ACCEPT_FINISHED_DONE : - if (ssl->options.resuming) { - while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) { - if ( (ssl->error = ProcessReply(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - } - ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; - WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); - FALL_THROUGH; + ssl->IOCB_WriteCtx = &ssl->wfd; - case ACCEPT_THIRD_REPLY_DONE : -#ifndef NO_HANDSHAKE_DONE_CB - if (ssl->hsDoneCb) { - int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); - if (cbret < 0) { - ssl->error = cbret; - WOLFSSL_MSG("HandShake Done Cb don't continue error"); - return WOLFSSL_FATAL_ERROR; - } - } -#endif /* NO_HANDSHAKE_DONE_CB */ + return WOLFSSL_SUCCESS; + } +#endif /* OPENSSL_EXTRA */ - if (!ssl->options.dtls) { - if (!ssl->options.keepResources) { - FreeHandshakeResources(ssl); - } - } -#ifdef WOLFSSL_DTLS - else { - ssl->options.dtlsHsRetain = 1; - } -#endif /* WOLFSSL_DTLS */ +#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_WPAS_SMALL)) -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION) - /* This may be necessary in async so that we don't try to - * renegotiate again */ - if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { - ssl->secure_renegotiation->startScr = 0; - } -#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ -#if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) - /* Free the remaining async context if not using it for crypto */ - FreeAsyncCtx(ssl, 1); -#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + /** + * Implemented in a similar way that ngx_ssl_ocsp_validate does it when + * SSL_get0_verified_chain is not available. + * @param ssl WOLFSSL object to extract certs from + * @return Stack of verified certs + */ + WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) + { + WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; + WOLFSSL_X509_STORE_CTX* storeCtx = NULL; + WOLFSSL_X509* peerCert = NULL; -#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) - if (ssl->dtls_export) { - if ((ssl->error = wolfSSL_send_session(ssl)) != 0) { - WOLFSSL_MSG("Export DTLS session error"); - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } -#endif - ssl->error = 0; /* clear the error */ + WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); - WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); - return WOLFSSL_SUCCESS; + if (ssl == NULL || ssl->ctx == NULL) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } - default : - WOLFSSL_MSG("Unknown accept state ERROR"); - return WOLFSSL_FATAL_ERROR; + peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); + if (peerCert == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); + return NULL; } -#endif /* !WOLFSSL_NO_TLS12 */ + /* wolfSSL_get_peer_certificate returns a copy. We want the internal + * member so that we don't have to worry about free'ing it. We call + * wolfSSL_get_peer_certificate so that we don't have to worry about + * setting up the internal pointer. */ + wolfSSL_X509_free(peerCert); + peerCert = (WOLFSSL_X509*)&ssl->peerCert; + chain = wolfSSL_get_peer_cert_chain(ssl); + if (chain == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); + return NULL; + } + storeCtx = wolfSSL_X509_STORE_CTX_new(); + if (storeCtx == NULL) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); + return NULL; + } + if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), + peerCert, chain) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; + } + if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { + WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; + } + wolfSSL_X509_STORE_CTX_free(storeCtx); + return chain; } +#endif /* SESSION_CERTS && OPENSSL_EXTRA */ -#endif /* NO_WOLFSSL_SERVER */ - -#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) -int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx) -{ - WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); - - if (ssl == NULL) - return BAD_FUNC_ARG; + WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx) + { + if (ctx == NULL) { + return NULL; + } - ssl->chGoodCb = cb; - ssl->chGoodCtx = user_ctx; + if (ctx->x509_store_pt != NULL) + return ctx->x509_store_pt; + return &((WOLFSSL_CTX*)ctx)->x509_store; + } - return WOLFSSL_SUCCESS; -} -#endif + void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_cert_store"); + if (ctx == NULL || str == NULL || ctx->cm == str->cm) { + return; + } -#ifndef NO_HANDSHAKE_DONE_CB + if (wolfSSL_CertManager_up_ref(str->cm) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_CertManager_up_ref error"); + return; + } + /* free cert manager if have one */ + if (ctx->cm != NULL) { + wolfSSL_CertManagerFree(ctx->cm); + } + ctx->cm = str->cm; + ctx->x509_store.cm = str->cm; -int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx) -{ - WOLFSSL_ENTER("wolfSSL_SetHsDoneCb"); + /* free existing store if it exists */ + wolfSSL_X509_STORE_free(ctx->x509_store_pt); + ctx->x509_store.cache = str->cache; + ctx->x509_store_pt = str; /* take ownership of store and free it + with CTX free */ + ctx->cm->x509_store_p = ctx->x509_store_pt;/* CTX has ownership + and free it with CTX free*/ + } - if (ssl == NULL) - return BAD_FUNC_ARG; +#ifdef OPENSSL_ALL + int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx, + WOLFSSL_X509_STORE* str) + { + WOLFSSL_ENTER("wolfSSL_CTX_set1_verify_cert_store"); - ssl->hsDoneCb = cb; - ssl->hsDoneCtx = user_ctx; + if (ctx == NULL || str == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } - return WOLFSSL_SUCCESS; -} + /* NO-OP when setting existing store */ + if (str == CTX_STORE(ctx)) + return WOLFSSL_SUCCESS; -#endif /* NO_HANDSHAKE_DONE_CB */ + if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); + return WOLFSSL_FAILURE; + } -WOLFSSL_ABI -int wolfSSL_Cleanup(void) -{ - int ret = WOLFSSL_SUCCESS; /* Only the first error will be returned */ - int release = 0; -#if !defined(NO_SESSION_CACHE) - int i; - int j; + /* free existing store if it exists */ + wolfSSL_X509_STORE_free(ctx->x509_store_pt); + ctx->x509_store_pt = str; /* take ownership of store and free it + with CTX free */ + return WOLFSSL_SUCCESS; + } #endif - WOLFSSL_ENTER("wolfSSL_Cleanup"); + int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) + { + WOLFSSL_ENTER("wolfSSL_set0_verify_cert_store"); -#ifndef WOLFSSL_MUTEX_INITIALIZER - if (inits_count_mutex_valid == 1) { -#endif - if (wc_LockMutex(&inits_count_mutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex count"); - return BAD_MUTEX_E; + if (ssl == NULL || str == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } -#ifndef WOLFSSL_MUTEX_INITIALIZER - } -#endif - if (initRefCount > 0) { - --initRefCount; - if (initRefCount == 0) - release = 1; - } + /* NO-OP when setting existing store */ + if (str == SSL_STORE(ssl)) + return WOLFSSL_SUCCESS; -#ifndef WOLFSSL_MUTEX_INITIALIZER - if (inits_count_mutex_valid == 1) { -#endif - wc_UnLockMutex(&inits_count_mutex); -#ifndef WOLFSSL_MUTEX_INITIALIZER + /* free existing store if it exists */ + wolfSSL_X509_STORE_free(ssl->x509_store_pt); + if (str == ssl->ctx->x509_store_pt) + ssl->x509_store_pt = NULL; /* if setting ctx store then just revert + to using that instead */ + else + ssl->x509_store_pt = str; /* take ownership of store and free it + with SSL free */ + return WOLFSSL_SUCCESS; } -#endif - if (!release) - return ret; -#ifdef OPENSSL_EXTRA - wolfSSL_BN_free_one(); -#endif + int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) + { + WOLFSSL_ENTER("wolfSSL_set1_verify_cert_store"); -#ifndef NO_SESSION_CACHE - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - for (i = 0; i < SESSION_ROWS; ++i) { - if ((SessionCache[i].lock_valid == 1) && - (wc_FreeRwLock(&SessionCache[i].row_lock) != 0)) { - if (ret == WOLFSSL_SUCCESS) - ret = BAD_MUTEX_E; + if (ssl == NULL || str == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } - SessionCache[i].lock_valid = 0; - } - #else - if ((session_lock_valid == 1) && (wc_FreeRwLock(&session_lock) != 0)) { - if (ret == WOLFSSL_SUCCESS) - ret = BAD_MUTEX_E; - } - session_lock_valid = 0; - #endif - for (i = 0; i < SESSION_ROWS; i++) { - for (j = 0; j < SESSIONS_PER_ROW; j++) { - #ifdef SESSION_CACHE_DYNAMIC_MEM - if (SessionCache[i].Sessions[j]) { - EvictSessionFromCache(SessionCache[i].Sessions[j]); - XFREE(SessionCache[i].Sessions[j], SessionCache[i].heap, - DYNAMIC_TYPE_SESSION); - SessionCache[i].Sessions[j] = NULL; - } - #else - EvictSessionFromCache(&SessionCache[i].Sessions[j]); - #endif + + /* NO-OP when setting existing store */ + if (str == SSL_STORE(ssl)) + return WOLFSSL_SUCCESS; + + if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); + return WOLFSSL_FAILURE; } - } - #ifndef NO_CLIENT_CACHE - #ifndef WOLFSSL_MUTEX_INITIALIZER - if ((clisession_mutex_valid == 1) && - (wc_FreeMutex(&clisession_mutex) != 0)) { - if (ret == WOLFSSL_SUCCESS) - ret = BAD_MUTEX_E; - } - clisession_mutex_valid = 0; - #endif - #endif -#endif /* !NO_SESSION_CACHE */ -#ifndef WOLFSSL_MUTEX_INITIALIZER - if ((inits_count_mutex_valid == 1) && (wc_FreeMutex(&inits_count_mutex) != 0)) { - if (ret == WOLFSSL_SUCCESS) - ret = BAD_MUTEX_E; + /* free existing store if it exists */ + wolfSSL_X509_STORE_free(ssl->x509_store_pt); + if (str == ssl->ctx->x509_store_pt) + ssl->x509_store_pt = NULL; /* if setting ctx store then just revert + to using that instead */ + else + ssl->x509_store_pt = str; /* take ownership of store and free it + with SSL free */ + return WOLFSSL_SUCCESS; } - inits_count_mutex_valid = 0; -#endif +#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ -#ifdef OPENSSL_EXTRA - wolfSSL_RAND_Cleanup(); -#endif +#ifdef WOLFSSL_ENCRYPTED_KEYS - if (wolfCrypt_Cleanup() != 0) { - WOLFSSL_MSG("Error with wolfCrypt_Cleanup call"); - if (ret == WOLFSSL_SUCCESS) - ret = WC_CLEANUP_E; + void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, + void* userdata) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_default_passwd_cb_userdata"); + if (ctx) + ctx->passwd_userdata = userdata; } -#if FIPS_VERSION_GE(5,1) - if (wolfCrypt_SetPrivateKeyReadEnable_fips(0, WC_KEYTYPE_ALL) < 0) { - if (ret == WOLFSSL_SUCCESS) - ret = WC_CLEANUP_E; - } -#endif -#ifdef HAVE_GLOBAL_RNG -#ifndef WOLFSSL_MUTEX_INITIALIZER - if ((globalRNGMutex_valid == 1) && (wc_FreeMutex(&globalRNGMutex) != 0)) { - if (ret == WOLFSSL_SUCCESS) - ret = BAD_MUTEX_E; + void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, wc_pem_password_cb* + cb) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_default_passwd_cb"); + if (ctx) + ctx->passwd_cb = cb; } - globalRNGMutex_valid = 0; -#endif /* !WOLFSSL_MUTEX_INITIALIZER */ - - #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG) - wolfSSL_FIPS_drbg_free(gDrbgDefCtx); - gDrbgDefCtx = NULL; - #endif -#endif -#if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ - defined(WOLFSSL_WPAS_SMALL) - crypto_ex_cb_free(crypto_ex_cb_ctx_session); - crypto_ex_cb_ctx_session = NULL; -#endif + wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) + { + if (ctx == NULL || ctx->passwd_cb == NULL) { + return NULL; + } -#ifdef WOLFSSL_MEM_FAIL_COUNT - wc_MemFailCount_Free(); -#endif + return ctx->passwd_cb; + } - return ret; -} -void SetupSession(WOLFSSL* ssl) -{ - WOLFSSL_SESSION* session = ssl->session; - - WOLFSSL_ENTER("SetupSession"); - - if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) { - /* Make sure the session ID is available when the user calls any - * get_session API */ - if (!session->haveAltSessionID) { - XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN); - session->sessionIDSz = ssl->arrays->sessionIDSz; - } - else { - XMEMCPY(session->sessionID, session->altSessionID, ID_LEN); - session->sessionIDSz = ID_LEN; + void* wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) + { + if (ctx == NULL) { + return NULL; } - } - session->side = (byte)ssl->options.side; - if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) - XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); - session->haveEMS = ssl->options.haveEMS; -#ifdef WOLFSSL_SESSION_ID_CTX - /* If using compatibility layer then check for and copy over session context - * id. */ - if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) { - XMEMCPY(ssl->session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz); - session->sessionCtxSz = ssl->sessionCtxSz; - } -#endif - session->timeout = ssl->timeout; -#ifndef NO_ASN_TIME - session->bornOn = LowResTimer(); -#endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - session->version = ssl->version; -#endif -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - session->cipherSuite0 = ssl->options.cipherSuite0; - session->cipherSuite = ssl->options.cipherSuite; -#endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - session->peerVerifyRet = (byte)ssl->peerVerifyRet; -#endif - session->isSetup = 1; -} -#ifndef NO_SESSION_CACHE + return ctx->passwd_userdata; + } -WOLFSSL_ABI -void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm) -{ - /* static table now, no flushing needed */ - (void)ctx; - (void)tm; -} +#endif /* WOLFSSL_ENCRYPTED_KEYS */ -void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm) -{ - int i, j; - byte id[ID_LEN]; - (void)ctx; - XMEMSET(id, 0, ID_LEN); - WOLFSSL_ENTER("wolfSSL_flush_sessions"); - for (i = 0; i < SESSION_ROWS; ++i) { - if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { - WOLFSSL_MSG("Session cache mutex lock failed"); - return; - } - for (j = 0; j < SESSIONS_PER_ROW; j++) { -#ifdef SESSION_CACHE_DYNAMIC_MEM - WOLFSSL_SESSION* s = SessionCache[i].Sessions[j]; +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + unsigned long wolfSSL_ERR_get_error(void) + { + WOLFSSL_ENTER("wolfSSL_ERR_get_error"); +#ifdef WOLFSSL_HAVE_ERROR_QUEUE + return wc_GetErrorNodeErr(); #else - WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j]; -#endif - if ( -#ifdef SESSION_CACHE_DYNAMIC_MEM - s != NULL && -#endif - XMEMCMP(s->sessionID, id, ID_LEN) != 0 && - s->bornOn + s->timeout < (word32)tm - ) - { - EvictSessionFromCache(s); -#ifdef SESSION_CACHE_DYNAMIC_MEM - XFREE(s, s->heap, DYNAMIC_TYPE_SESSION); - SessionCache[i].Sessions[j] = NULL; + return (unsigned long)(0 - NOT_COMPILED_IN); #endif - } - } - SESSION_ROW_UNLOCK(&SessionCache[i]); } -} - - -/* set ssl session timeout in seconds */ -WOLFSSL_ABI -int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - - if (to == 0) - to = WOLFSSL_SESSION_TIMEOUT; - ssl->timeout = to; - - return WOLFSSL_SUCCESS; -} - +#endif -/** - * Sets ctx session timeout in seconds. - * The timeout value set here should be reflected in the - * "session ticket lifetime hint" if this API works in the openssl compat-layer. - * Therefore wolfSSL_CTX_set_TicketHint is called internally. - * Arguments: - * - ctx WOLFSSL_CTX object which the timeout is set to - * - to timeout value in second - * Returns: - * WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure. - * When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value - * on success, BAD_FUNC_ARG on failure. - */ -WOLFSSL_ABI -int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) -{ - #if defined(WOLFSSL_ERROR_CODE_OPENSSL) - word32 prev_timeout = 0; - #endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - int ret = WOLFSSL_SUCCESS; - (void)ret; + int wolfSSL_num_locks(void) + { + return 0; + } - if (ctx == NULL) - ret = BAD_FUNC_ARG; + void wolfSSL_set_locking_callback(mutex_cb* f) + { + WOLFSSL_ENTER("wolfSSL_set_locking_callback"); - if (ret == WOLFSSL_SUCCESS) { - #if defined(WOLFSSL_ERROR_CODE_OPENSSL) - prev_timeout = ctx->timeout; - #endif - if (to == 0) { - ctx->timeout = WOLFSSL_SESSION_TIMEOUT; - } - else { - ctx->timeout = to; - } - } -#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \ - !defined(NO_WOLFSSL_SERVER) - if (ret == WOLFSSL_SUCCESS) { - if (to == 0) { - ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT); - } - else { - ret = wolfSSL_CTX_set_TicketHint(ctx, to); + if (wc_SetMutexCb(f) != 0) { + WOLFSSL_MSG("Error when setting mutex call back"); } } -#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ - -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - if (ret == WOLFSSL_SUCCESS) { - return prev_timeout; - } - else { - return ret; - } -#else - return ret; -#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ -} - -#ifndef NO_CLIENT_CACHE - -/* Get Session from Client cache based on id/len, return NULL on failure */ -WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len) -{ - WOLFSSL_SESSION* ret = NULL; - word32 row; - int idx; - int count; - int error = 0; - ClientSession* clSess; - - WOLFSSL_ENTER("wolfSSL_GetSessionClient"); + mutex_cb* wolfSSL_get_locking_callback(void) + { + WOLFSSL_ENTER("wolfSSL_get_locking_callback"); - if (ssl->ctx->sessionCacheOff) { - WOLFSSL_MSG("Session Cache off"); - return NULL; + return wc_GetMutexCb(); } - if (ssl->options.side == WOLFSSL_SERVER_END) - return NULL; - len = min(SERVER_ID_LEN, (word32)len); - - /* Do not access ssl->ctx->get_sess_cb from here. It is using a different - * set of ID's */ + typedef unsigned long (idCb)(void); + static idCb* inner_idCb = NULL; - row = HashObject(id, len, &error) % CLIENT_SESSION_ROWS; - if (error != 0) { - WOLFSSL_MSG("Hash session failed"); - return NULL; + unsigned long wolfSSL_thread_id(void) + { + if (inner_idCb != NULL) { + return inner_idCb(); + } + else { + return 0; + } } - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - return NULL; - } - /* start from most recently used */ - count = min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW); - idx = ClientCache[row].nextIdx - 1; - if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) { - idx = CLIENT_SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */ + void wolfSSL_set_id_callback(unsigned long (*f)(void)) + { + inner_idCb = f; } - clSess = ClientCache[row].Clients; - for (; count > 0; --count) { - WOLFSSL_SESSION* current; - SessionRow* sessRow; +#ifdef WOLFSSL_HAVE_ERROR_QUEUE +#ifndef NO_BIO + /* print out and clear all errors */ + void wolfSSL_ERR_print_errors(WOLFSSL_BIO* bio) + { + const char* file = NULL; + const char* reason = NULL; + int ret; + int line = 0; + char buf[WOLFSSL_MAX_ERROR_SZ * 2]; - if (clSess[idx].serverRow >= SESSION_ROWS) { - WOLFSSL_MSG("Client cache serverRow invalid"); - break; - } + WOLFSSL_ENTER("wolfSSL_ERR_print_errors"); - /* lock row */ - sessRow = &SessionCache[clSess[idx].serverRow]; - if (SESSION_ROW_RD_LOCK(sessRow) != 0) { - WOLFSSL_MSG("Session cache row lock failure"); - break; + if (bio == NULL) { + WOLFSSL_MSG("BIO passed in was null"); + return; } -#ifdef SESSION_CACHE_DYNAMIC_MEM - current = sessRow->Sessions[clSess[idx].serverIdx]; -#else - current = &sessRow->Sessions[clSess[idx].serverIdx]; -#endif - if (current && XMEMCMP(current->serverID, id, len) == 0) { - WOLFSSL_MSG("Found a serverid match for client"); - if (LowResTimer() < (current->bornOn + current->timeout)) { - WOLFSSL_MSG("Session valid"); - ret = current; - SESSION_ROW_UNLOCK(sessRow); - break; - } else { - WOLFSSL_MSG("Session timed out"); /* could have more for id */ + do { + ret = wc_PeekErrorNode(0, &file, &reason, &line); + if (ret >= 0) { + const char* r = wolfSSL_ERR_reason_error_string(0 - ret); + if (XSNPRINTF(buf, sizeof(buf), + "error:%d:wolfSSL library:%s:%s:%d\n", + ret, r, file, line) + >= (int)sizeof(buf)) + { + WOLFSSL_MSG("Buffer overrun formatting error message"); } - } else { - WOLFSSL_MSG("ServerID not a match from client table"); + wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf)); + wc_RemoveErrorNode(0); + } + } while (ret >= 0); + if (wolfSSL_BIO_write(bio, "", 1) != 1) { + WOLFSSL_MSG("Issue writing final string terminator"); } - SESSION_ROW_UNLOCK(sessRow); - - idx = idx > 0 ? idx - 1 : CLIENT_SESSIONS_PER_ROW - 1; } +#endif /* !NO_BIO */ +#endif /* WOLFSSL_HAVE_ERROR_QUEUE */ - wc_UnLockMutex(&clisession_mutex); - - return ret; -} - -#endif /* !NO_CLIENT_CACHE */ - -static int SslSessionCacheOff(const WOLFSSL* ssl, const WOLFSSL_SESSION* session) -{ - (void)session; - return ssl->options.sessionCacheOff - #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET) - && session->ticketLen == 0 - #endif - ; -} +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) -/** - * SessionTicketNoncePrealloc() - prealloc a buffer for ticket nonces - * @output: [in] pointer to WOLFSSL_SESSION object that will soon be a - * destination of a session duplication - * @buf: [out] address of the preallocated buf - * @len: [out] len of the preallocated buf - * - * prealloc a buffer that will likely suffice to contain a ticket nonce. It's - * used when copying session under lock, when syscalls need to be avoided. If - * output already has a dynamic buffer, it's reused. +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_SECRET_CALLBACK) +#if !defined(NO_WOLFSSL_SERVER) +/* Return the amount of random bytes copied over or error case. + * ssl : ssl struct after handshake + * out : buffer to hold random bytes + * outSz : either 0 (return max buffer sz) or size of out buffer */ -static int SessionTicketNoncePrealloc(byte** buf, byte* len, void *heap) +size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, + size_t outSz) { - (void)heap; + size_t size; - *buf = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_NONCE_LEN, heap, - DYNAMIC_TYPE_SESSION_TICK); - if (*buf == NULL) { - WOLFSSL_MSG("Failed to preallocate ticket nonce buffer"); - *len = 0; - return 1; + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; } - *len = PREALLOC_SESSION_TICKET_NONCE_LEN; - return 0; -} -#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */ - -static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, - WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf, - byte* ticketNonceLen, byte* preallocUsed); - -void TlsSessionCacheUnlockRow(word32 row) -{ - SessionRow* sessRow; - - sessRow = &SessionCache[row]; - (void)sessRow; - SESSION_ROW_UNLOCK(sessRow); -} + if (ssl == NULL || out == NULL) { + return 0; + } -/* Don't use this function directly. Use TlsSessionCacheGetAndRdLock and - * TlsSessionCacheGetAndWrLock to fully utilize compiler const support. */ -static int TlsSessionCacheGetAndLock(const byte *id, - const WOLFSSL_SESSION **sess, word32 *lockedRow, byte readOnly, byte side) -{ - SessionRow *sessRow; - const WOLFSSL_SESSION *s; - word32 row; - int count; - int error; - int idx; - - *sess = NULL; - row = HashObject(id, ID_LEN, &error) % SESSION_ROWS; - if (error != 0) - return error; - sessRow = &SessionCache[row]; - if (readOnly) - error = SESSION_ROW_RD_LOCK(sessRow); - else - error = SESSION_ROW_WR_LOCK(sessRow); - if (error != 0) - return FATAL_ERROR; - - /* start from most recently used */ - count = min((word32)sessRow->totalCount, SESSIONS_PER_ROW); - idx = sessRow->nextIdx - 1; - if (idx < 0 || idx >= SESSIONS_PER_ROW) { - idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */ - } - for (; count > 0; --count) { -#ifdef SESSION_CACHE_DYNAMIC_MEM - s = sessRow->Sessions[idx]; -#else - s = &sessRow->Sessions[idx]; -#endif - if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) { - *sess = s; - break; - } - idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1; + if (ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + return 0; } - if (*sess == NULL) { - SESSION_ROW_UNLOCK(sessRow); + + if (outSz > RAN_LEN) { + size = RAN_LEN; } else { - *lockedRow = row; + size = outSz; } - return 0; + XMEMCPY(out, ssl->arrays->serverRandom, size); + return size; } +#endif /* !NO_WOLFSSL_SERVER */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ -static int CheckSessionMatch(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess) -{ - if (ssl == NULL || sess == NULL) - return 0; #ifdef OPENSSL_EXTRA - if (ssl->sessionCtxSz > 0 && (ssl->sessionCtxSz != sess->sessionCtxSz || - XMEMCMP(ssl->sessionCtx, sess->sessionCtx, sess->sessionCtxSz) != 0)) - return 0; -#endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) - if (IsAtLeastTLSv1_3(ssl->version) != IsAtLeastTLSv1_3(sess->version)) - return 0; -#endif - return 1; -} - -int TlsSessionCacheGetAndRdLock(const byte *id, const WOLFSSL_SESSION **sess, - word32 *lockedRow, byte side) -{ - return TlsSessionCacheGetAndLock(id, sess, lockedRow, 1, side); -} - -int TlsSessionCacheGetAndWrLock(const byte *id, WOLFSSL_SESSION **sess, - word32 *lockedRow, byte side) -{ - return TlsSessionCacheGetAndLock(id, (const WOLFSSL_SESSION**)sess, - lockedRow, 0, side); -} - -int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) +#if !defined(NO_WOLFSSL_SERVER) +/* Used to get the peer ephemeral public key sent during the connection + * NOTE: currently wolfSSL_KeepHandshakeResources(WOLFSSL* ssl) must be called + * before the ephemeral key is stored. + * return WOLFSSL_SUCCESS on success */ +int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey) { - const WOLFSSL_SESSION* sess = NULL; - const byte* id = NULL; - word32 row; - int error = 0; -#ifdef HAVE_SESSION_TICKET -#ifndef WOLFSSL_SMALL_STACK - byte tmpTicket[PREALLOC_SESSION_TICKET_LEN]; -#else - byte* tmpTicket = NULL; -#endif -#ifdef WOLFSSL_TLS13 - byte *preallocNonce = NULL; - byte preallocNonceLen = 0; - byte preallocNonceUsed = 0; -#endif /* WOLFSSL_TLS13 */ - byte tmpBufSet = 0; -#endif -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_X509* peer = NULL; -#endif - byte bogusID[ID_LEN]; - byte bogusIDSz = 0; + WOLFSSL_EVP_PKEY* ret = NULL; - WOLFSSL_ENTER("wolfSSL_GetSessionFromCache"); + WOLFSSL_ENTER("wolfSSL_get_server_tmp_key"); - if (output == NULL) { - WOLFSSL_MSG("NULL output"); + if (ssl == NULL || pkey == NULL) { + WOLFSSL_MSG("Bad argument passed in"); return WOLFSSL_FAILURE; } - if (SslSessionCacheOff(ssl, ssl->session)) - return WOLFSSL_FAILURE; - - if (ssl->options.haveSessionId == 0 && !ssl->session->haveAltSessionID) - return WOLFSSL_FAILURE; - -#ifdef HAVE_SESSION_TICKET - if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1) - return WOLFSSL_FAILURE; -#endif +#ifdef HAVE_ECC + if (ssl->peerEccKey != NULL) { + unsigned char* der; + const unsigned char* pt; + unsigned int derSz = 0; + int sz; - XMEMSET(bogusID, 0, sizeof(bogusID)); - if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL - && !ssl->session->haveAltSessionID) - id = ssl->arrays->sessionID; - else if (ssl->session->haveAltSessionID) { - id = ssl->session->altSessionID; - /* We want to restore the bogus ID for TLS compatibility */ - if (output == ssl->session) { - XMEMCPY(bogusID, ssl->session->sessionID, ID_LEN); - bogusIDSz = ssl->session->sessionIDSz; + PRIVATE_KEY_UNLOCK(); + if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) != + LENGTH_ONLY_E) { + WOLFSSL_MSG("get ecc der size failed"); + PRIVATE_KEY_LOCK(); + return WOLFSSL_FAILURE; } - } - else - id = ssl->session->sessionID; - - -#ifdef HAVE_EXT_CACHE - if (ssl->ctx->get_sess_cb != NULL) { - int copy = 0; - int found = 0; - WOLFSSL_SESSION* extSess; - /* Attempt to retrieve the session from the external cache. */ - WOLFSSL_MSG("Calling external session cache"); - extSess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, ©); - if ((extSess != NULL) - && CheckSessionMatch(ssl, extSess) - ) { - WOLFSSL_MSG("Session found in external cache"); - found = 1; + PRIVATE_KEY_LOCK(); - error = wolfSSL_DupSession(extSess, output, 0); -#ifdef HAVE_EX_DATA - extSess->ownExData = 1; - output->ownExData = 0; -#endif - /* We want to restore the bogus ID for TLS compatibility */ - if (ssl->session->haveAltSessionID && - output == ssl->session) { - XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN); - ssl->session->sessionIDSz = bogusIDSz; - } + derSz += MAX_SEQ_SZ + (2 * MAX_ALGO_SZ) + MAX_SEQ_SZ + TRAILING_ZERO; + der = (unsigned char*)XMALLOC(derSz, ssl->heap, DYNAMIC_TYPE_KEY); + if (der == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; } - /* If copy not set then free immediately */ - if (extSess != NULL && !copy) - wolfSSL_FreeSession(ssl->ctx, extSess); - if (found) - return error; - WOLFSSL_MSG("Session not found in external cache"); - } - - if (ssl->options.internalCacheLookupOff) { - WOLFSSL_MSG("Internal cache lookup turned off"); - return WOLFSSL_FAILURE; - } -#endif -#ifdef HAVE_SESSION_TICKET - if (output->ticket == NULL || - output->ticketLenAlloc < PREALLOC_SESSION_TICKET_LEN) { -#ifdef WOLFSSL_SMALL_STACK - tmpTicket = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_LEN, output->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (tmpTicket == NULL) { - WOLFSSL_MSG("tmpTicket malloc failed"); + if ((sz = wc_EccPublicKeyToDer(ssl->peerEccKey, der, derSz, 1)) <= 0) { + WOLFSSL_MSG("get ecc der failed"); + XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY); return WOLFSSL_FAILURE; } -#endif - if (output->ticketLenAlloc) - XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK); - output->ticket = tmpTicket; /* cppcheck-suppress autoVariables - */ - output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN; - output->ticketLen = 0; - tmpBufSet = 1; - } -#endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (output->peer != NULL) { - wolfSSL_X509_free(output->peer); - output->peer = NULL; + pt = der; /* in case pointer gets advanced */ + ret = wolfSSL_d2i_PUBKEY(NULL, &pt, sz); + XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY); } #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (output->ticketNonce.data != output->ticketNonce.dataStatic) { - XFREE(output->ticketNonce.data, output->heap, - DYNAMIC_TYPE_SESSION_TICK); - output->ticketNonce.data = output->ticketNonce.dataStatic; - output->ticketNonce.len = 0; - } - error = SessionTicketNoncePrealloc(&preallocNonce, &preallocNonceLen, - output->heap); - if (error != 0) { - if (tmpBufSet) { - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - } -#ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); + *pkey = ret; +#ifdef HAVE_ECC + if (ret != NULL) + return WOLFSSL_SUCCESS; + else #endif return WOLFSSL_FAILURE; - } -#endif /* WOLFSSL_TLS13 && HAVE_SESSION_TICKET*/ - - /* init to avoid clang static analyzer false positive */ - row = 0; - error = TlsSessionCacheGetAndRdLock(id, &sess, &row, (byte)ssl->options.side); - error = (error == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - if (error != WOLFSSL_SUCCESS || sess == NULL) { - WOLFSSL_MSG("Get Session from cache failed"); - error = WOLFSSL_FAILURE; -#ifdef HAVE_SESSION_TICKET - if (tmpBufSet) { - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - } -#ifdef WOLFSSL_TLS13 - if (preallocNonce != NULL) { - XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); - preallocNonce = NULL; - } -#endif /* WOLFSSL_TLS13 */ -#ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) { - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); - tmpTicket = NULL; - } -#endif -#endif - } - else { - if (!CheckSessionMatch(ssl, sess)) { - WOLFSSL_MSG("Invalid session: can't be used in this context"); - TlsSessionCacheUnlockRow(row); - error = WOLFSSL_FAILURE; - } - else if (LowResTimer() >= (sess->bornOn + sess->timeout)) { - WOLFSSL_SESSION* wrSess = NULL; - WOLFSSL_MSG("Invalid session: timed out"); - sess = NULL; - TlsSessionCacheUnlockRow(row); - /* Attempt to get a write lock */ - error = TlsSessionCacheGetAndWrLock(id, &wrSess, &row, - (byte)ssl->options.side); - if (error == 0 && wrSess != NULL) { - EvictSessionFromCache(wrSess); - TlsSessionCacheUnlockRow(row); - } - error = WOLFSSL_FAILURE; - } - } +} - /* mollify confused cppcheck nullPointer warning. */ - if (sess == NULL) - error = WOLFSSL_FAILURE; +#endif /* !NO_WOLFSSL_SERVER */ - if (error == WOLFSSL_SUCCESS) { -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) - error = wolfSSL_DupSessionEx(sess, output, 1, - preallocNonce, &preallocNonceLen, &preallocNonceUsed); -#else - error = wolfSSL_DupSession(sess, output, 1); -#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */ -#ifdef HAVE_EX_DATA - output->ownExData = !sess->ownExData; /* Session may own ex_data */ -#endif - TlsSessionCacheUnlockRow(row); - } +/** + * This function checks if any compiled in protocol versions are + * left enabled after calls to set_min or set_max API. + * @param major The SSL/TLS major version + * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no + * protocol versions are left enabled. + */ +static int CheckSslMethodVersion(byte major, unsigned long options) +{ + int sanityConfirmed = 0; - /* We want to restore the bogus ID for TLS compatibility */ - if (ssl->session->haveAltSessionID && - output == ssl->session) { - XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN); - ssl->session->sessionIDSz = bogusIDSz; - } + (void)options; -#ifdef HAVE_SESSION_TICKET - if (tmpBufSet) { - if (error == WOLFSSL_SUCCESS) { - if (output->ticketLen > SESSION_TICKET_LEN) { - output->ticket = (byte*)XMALLOC(output->ticketLen, output->heap, - DYNAMIC_TYPE_SESSION_TICK); - if (output->ticket == NULL) { - error = WOLFSSL_FAILURE; - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - output->ticketLen = 0; + switch (major) { + #ifndef NO_TLS + case SSLv3_MAJOR: + #ifdef WOLFSSL_ALLOW_SSLV3 + if (!(options & WOLFSSL_OP_NO_SSLv3)) { + sanityConfirmed = 1; } - } - else { - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - } - } - else { - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - output->ticketLen = 0; - } - if (error == WOLFSSL_SUCCESS) { - XMEMCPY(output->ticket, tmpTicket, output->ticketLen); - } - } -#ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif - -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (error == WOLFSSL_SUCCESS && preallocNonceUsed) { - if (preallocNonceLen < PREALLOC_SESSION_TICKET_NONCE_LEN) { - /* buffer bigger than needed */ -#ifndef XREALLOC - output->ticketNonce.data = (byte*)XMALLOC(preallocNonceLen, - output->heap, DYNAMIC_TYPE_SESSION_TICK); - if (output->ticketNonce.data != NULL) - XMEMCPY(output->ticketNonce.data, preallocNonce, - preallocNonceLen); - XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); - preallocNonce = NULL; -#else - output->ticketNonce.data = (byte*)XREALLOC(preallocNonce, - preallocNonceLen, output->heap, DYNAMIC_TYPE_SESSION_TICK); - if (output->ticketNonce.data != NULL) { - /* don't free the reallocated pointer */ - preallocNonce = NULL; - } -#endif /* !XREALLOC */ - if (output->ticketNonce.data == NULL) { - output->ticketNonce.data = output->ticketNonce.dataStatic; - output->ticketNonce.len = 0; - error = WOLFSSL_FAILURE; - /* preallocNonce will be free'd after the if */ - } - } - else { - output->ticketNonce.data = preallocNonce; - output->ticketNonce.len = preallocNonceLen; - preallocNonce = NULL; - } + #endif + #ifndef NO_OLD_TLS + if (!(options & WOLFSSL_OP_NO_TLSv1)) + sanityConfirmed = 1; + if (!(options & WOLFSSL_OP_NO_TLSv1_1)) + sanityConfirmed = 1; + #endif + #ifndef WOLFSSL_NO_TLS12 + if (!(options & WOLFSSL_OP_NO_TLSv1_2)) + sanityConfirmed = 1; + #endif + #ifdef WOLFSSL_TLS13 + if (!(options & WOLFSSL_OP_NO_TLSv1_3)) + sanityConfirmed = 1; + #endif + break; + #endif + #ifdef WOLFSSL_DTLS + case DTLS_MAJOR: + sanityConfirmed = 1; + break; + #endif + default: + WOLFSSL_MSG("Invalid major version"); + return WOLFSSL_FAILURE; } - if (preallocNonce != NULL) - XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ - -#endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (peer != NULL) { - wolfSSL_X509_free(peer); + if (!sanityConfirmed) { + WOLFSSL_MSG("All compiled in TLS versions disabled"); + return WOLFSSL_FAILURE; } -#endif - - return error; + return WOLFSSL_SUCCESS; } -WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret, - byte restoreSessionCerts) -{ - WOLFSSL_SESSION* ret = NULL; - - (void)restoreSessionCerts; /* Kept for compatibility */ - - if (wolfSSL_GetSessionFromCache(ssl, ssl->session) == WOLFSSL_SUCCESS) { - ret = ssl->session; - } - else { - WOLFSSL_MSG("wolfSSL_GetSessionFromCache did not return a session"); - } - - if (ret != NULL && masterSecret != NULL) - XMEMCPY(masterSecret, ret->masterSecret, SECRET_LEN); - - return ret; -} +/** + * protoVerTbl holds (D)TLS version numbers in ascending order. + * Except DTLS versions, the newer version is located in the latter part of + * the table. This table is referred by wolfSSL_CTX_set_min_proto_version and + * wolfSSL_CTX_set_max_proto_version. + */ +static const int protoVerTbl[] = { + SSL3_VERSION, + TLS1_VERSION, + TLS1_1_VERSION, + TLS1_2_VERSION, + TLS1_3_VERSION, + DTLS1_VERSION, + DTLS1_2_VERSION +}; +/* number of protocol versions listed in protoVerTbl */ +#define NUMBER_OF_PROTOCOLS (sizeof(protoVerTbl)/sizeof(int)) -int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) +/** + * wolfSSL_CTX_set_min_proto_version attempts to set the minimum protocol + * version to use by SSL objects created from this WOLFSSL_CTX. + * This API guarantees that a version of SSL/TLS lower than specified + * here will not be allowed. If the version specified is not compiled in + * then this API sets the lowest compiled in protocol version. + * This API also accept 0 as version, to set the minimum version automatically. + * CheckSslMethodVersion() is called to check if any remaining protocol versions + * are enabled. + * @param ctx The wolfSSL CONTEXT factory for spawning SSL/TLS objects + * @param version Any of the following + * * 0 + * * SSL3_VERSION + * * TLS1_VERSION + * * TLS1_1_VERSION + * * TLS1_2_VERSION + * * TLS1_3_VERSION + * * DTLS1_VERSION + * * DTLS1_2_VERSION + * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no + * protocol versions are left enabled. + */ +static int Set_CTX_min_proto_version(WOLFSSL_CTX* ctx, int version) { - SessionRow* sessRow = NULL; - int ret = WOLFSSL_SUCCESS; - - session = ClientSessionToSession(session); + WOLFSSL_ENTER("wolfSSL_CTX_set_min_proto_version_ex"); - if (ssl == NULL || session == NULL || !session->isSetup) { - WOLFSSL_MSG("ssl or session NULL or not set up"); + if (ctx == NULL) { return WOLFSSL_FAILURE; } - /* We need to lock the session as the first step if its in the cache */ - if (session->type == WOLFSSL_SESSION_TYPE_CACHE) { - if (session->cacheRow < SESSION_ROWS) { - sessRow = &SessionCache[session->cacheRow]; - if (SESSION_ROW_RD_LOCK(sessRow) != 0) { - WOLFSSL_MSG("Session row lock failed"); - return WOLFSSL_FAILURE; - } - } - } - - if (ret == WOLFSSL_SUCCESS && ssl->options.side != WOLFSSL_NEITHER_END && - (byte)ssl->options.side != session->side) { - WOLFSSL_MSG("Setting session for wrong role"); - ret = WOLFSSL_FAILURE; + switch (version) { +#ifndef NO_TLS + case SSL3_VERSION: +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + ctx->minDowngrade = SSLv3_MINOR; + break; +#endif + case TLS1_VERSION: + #ifdef WOLFSSL_ALLOW_TLSV10 + ctx->minDowngrade = TLSv1_MINOR; + break; + #endif + case TLS1_1_VERSION: + #ifndef NO_OLD_TLS + ctx->minDowngrade = TLSv1_1_MINOR; + break; + #endif + case TLS1_2_VERSION: + #ifndef WOLFSSL_NO_TLS12 + ctx->minDowngrade = TLSv1_2_MINOR; + break; + #endif + case TLS1_3_VERSION: + #ifdef WOLFSSL_TLS13 + ctx->minDowngrade = TLSv1_3_MINOR; + break; + #endif +#endif +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + #ifndef NO_OLD_TLS + ctx->minDowngrade = DTLS_MINOR; + break; + #endif + case DTLS1_2_VERSION: + ctx->minDowngrade = DTLSv1_2_MINOR; + break; +#endif + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS) { - if (ssl->session == session) { - WOLFSSL_MSG("ssl->session and session same"); - } - else if (session->type != WOLFSSL_SESSION_TYPE_CACHE) { - if (wolfSSL_SESSION_up_ref(session) == WOLFSSL_SUCCESS) { - wolfSSL_FreeSession(ssl->ctx, ssl->session); - ssl->session = session; - } - else - ret = WOLFSSL_FAILURE; - } - else { - ret = wolfSSL_DupSession(session, ssl->session, 0); - if (ret != WOLFSSL_SUCCESS) - WOLFSSL_MSG("Session duplicate failed"); - } - } - - /* Let's copy over the altSessionID for local cache purposes */ - if (ret == WOLFSSL_SUCCESS && session->haveAltSessionID && - ssl->session != session) { - ssl->session->haveAltSessionID = 1; - XMEMCPY(ssl->session->altSessionID, session->altSessionID, ID_LEN); - } - - if (sessRow != NULL) { - SESSION_ROW_UNLOCK(sessRow); - sessRow = NULL; - } - - /* Note: the `session` variable cannot be used below, since the row is - * un-locked */ - - if (ret != WOLFSSL_SUCCESS) - return ret; - -#ifdef WOLFSSL_SESSION_ID_CTX - /* check for application context id */ - if (ssl->sessionCtxSz > 0) { - if (XMEMCMP(ssl->sessionCtx, ssl->session->sessionCtx, ssl->sessionCtxSz)) { - /* context id did not match! */ - WOLFSSL_MSG("Session context did not match"); - return WOLFSSL_FAILURE; - } - } -#endif /* WOLFSSL_SESSION_ID_CTX */ - - if (LowResTimer() >= (ssl->session->bornOn + ssl->session->timeout)) { -#if !defined(OPENSSL_EXTRA) || !defined(WOLFSSL_ERROR_CODE_OPENSSL) - return WOLFSSL_FAILURE; /* session timed out */ -#else /* defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) */ - WOLFSSL_MSG("Session is expired but return success for " - "OpenSSL compatibility"); -#endif - } - ssl->options.resuming = 1; - ssl->options.haveEMS = ssl->session->haveEMS; - -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - ssl->version = ssl->session->version; - if (IsAtLeastTLSv1_3(ssl->version)) - ssl->options.tls1_3 = 1; -#endif -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - ssl->options.cipherSuite0 = ssl->session->cipherSuite0; - ssl->options.cipherSuite = ssl->session->cipherSuite; + switch (version) { +#ifndef NO_TLS + case TLS1_3_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2); + FALL_THROUGH; + case TLS1_2_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_1); + FALL_THROUGH; + case TLS1_1_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1); + FALL_THROUGH; + case TLS1_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_SSLv3); + break; + case SSL3_VERSION: + case SSL2_VERSION: + /* Nothing to do here */ + break; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - ssl->peerVerifyRet = (unsigned long)ssl->session->peerVerifyRet; +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + case DTLS1_2_VERSION: + break; #endif + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; + } - return WOLFSSL_SUCCESS; + return CheckSslMethodVersion(ctx->method->version.major, ctx->mask); } - -#ifdef WOLFSSL_SESSION_STATS -static int get_locked_session_stats(word32* active, word32* total, - word32* peak); -#endif - -#ifndef NO_CLIENT_CACHE -ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverID, - word16 idLen, const byte* sessionID, - word16 useTicket) +/* Sets the min protocol version allowed with WOLFSSL_CTX + * returns WOLFSSL_SUCCESS on success */ +int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) { - int error = -1; - word32 clientRow = 0, clientIdx = 0; - ClientSession* ret = NULL; - - (void)useTicket; - if (side == WOLFSSL_CLIENT_END - && row != INVALID_SESSION_ROW - && (idLen -#ifdef HAVE_SESSION_TICKET - || useTicket == 1 -#endif - || serverID != NULL - )) { + int ret; + int proto = 0; + int maxProto = 0; + int i; + int idx = 0; - WOLFSSL_MSG("Trying to add client cache entry"); + WOLFSSL_ENTER("wolfSSL_CTX_set_min_proto_version"); - if (idLen) { - clientRow = HashObject(serverID, - idLen, &error) % CLIENT_SESSION_ROWS; - } - else if (serverID != NULL) { - clientRow = HashObject(sessionID, - ID_LEN, &error) % CLIENT_SESSION_ROWS; - } - else { - error = -1; - } - if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) { - clientIdx = ClientCache[clientRow].nextIdx; - if (clientIdx < CLIENT_SESSIONS_PER_ROW) { - ClientCache[clientRow].Clients[clientIdx].serverRow = - (word16)row; - ClientCache[clientRow].Clients[clientIdx].serverIdx = - (word16)idx; - if (sessionID != NULL) { - word32 sessionIDHash = HashObject(sessionID, ID_LEN, - &error); - if (error == 0) { - ClientCache[clientRow].Clients[clientIdx].sessionIDHash - = sessionIDHash; - } - } - } - else { - error = -1; - ClientCache[clientRow].nextIdx = 0; /* reset index as safety */ - WOLFSSL_MSG("Invalid client cache index! " - "Possible corrupted memory"); + if (ctx == NULL) { + return WOLFSSL_FAILURE; + } + if (version != 0) { + proto = version; + ctx->minProto = 0; /* turn min proto flag off */ + for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { + if (protoVerTbl[i] == version) { + break; } - if (error == 0) { - WOLFSSL_MSG("Adding client cache entry"); - - ret = &ClientCache[clientRow].Clients[clientIdx]; - - if (ClientCache[clientRow].totalCount < CLIENT_SESSIONS_PER_ROW) - ClientCache[clientRow].totalCount++; - ClientCache[clientRow].nextIdx++; - ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW; + } + } + else { + /* when 0 is specified as version, try to find out the min version */ + for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { + ret = Set_CTX_min_proto_version(ctx, protoVerTbl[i]); + if (ret == WOLFSSL_SUCCESS) { + proto = protoVerTbl[i]; + ctx->minProto = 1; /* turn min proto flag on */ + break; } - - wc_UnLockMutex(&clisession_mutex); } - else { - WOLFSSL_MSG("Hash session or lock failed"); + } + + /* check case where max > min , if so then clear the NO_* options + * i is the index into the table for proto version used, see if the max + * proto version index found is smaller */ + maxProto = wolfSSL_CTX_get_max_proto_version(ctx); + for (idx = 0; (unsigned)idx < NUMBER_OF_PROTOCOLS; idx++) { + if (protoVerTbl[idx] == maxProto) { + break; } } - else { - WOLFSSL_MSG("Skipping client cache"); + if (idx < i) { + wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_TLSv1 | + WOLFSSL_OP_NO_TLSv1_1 | WOLFSSL_OP_NO_TLSv1_2 | + WOLFSSL_OP_NO_TLSv1_3); } + ret = Set_CTX_min_proto_version(ctx, proto); return ret; } -#endif /* !NO_CLIENT_CACHE */ /** - * For backwards compatibility, this API needs to be used in *ALL* functions - * that access the WOLFSSL_SESSION members directly. - * - * This API checks if the passed in session is actually a ClientSession object - * and returns the matching session cache object. Otherwise just return the - * input. ClientSession objects only occur in the ClientCache. They are not - * allocated anywhere else. + * wolfSSL_CTX_set_max_proto_version attempts to set the maximum protocol + * version to use by SSL objects created from this WOLFSSL_CTX. + * This API guarantees that a version of SSL/TLS higher than specified + * here will not be allowed. If the version specified is not compiled in + * then this API sets the highest compiled in protocol version. + * This API also accept 0 as version, to set the maximum version automatically. + * CheckSslMethodVersion() is called to check if any remaining protocol versions + * are enabled. + * @param ctx The wolfSSL CONTEXT factory for spawning SSL/TLS objects + * @param ver Any of the following + * * 0 + * * SSL3_VERSION + * * TLS1_VERSION + * * TLS1_1_VERSION + * * TLS1_2_VERSION + * * TLS1_3_VERSION + * * DTLS1_VERSION + * * DTLS1_2_VERSION + * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no + * protocol versions are left enabled. */ -WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) +static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver) { - WOLFSSL_ENTER("ClientSessionToSession"); -#ifdef NO_SESSION_CACHE_REF - return (WOLFSSL_SESSION*)session; -#else -#ifndef NO_CLIENT_CACHE - if (session == NULL) - return NULL; - /* Check if session points into ClientCache */ - if ((byte*)session >= (byte*)ClientCache && - /* Cast to byte* to make pointer arithmetic work per byte */ - (byte*)session < ((byte*)ClientCache) + sizeof(ClientCache)) { - ClientSession* clientSession = (ClientSession*)session; - SessionRow* sessRow = NULL; - WOLFSSL_SESSION* cacheSession = NULL; - word32 sessionIDHash = 0; - int error = 0; - session = NULL; /* Default to NULL for failure case */ - if (wc_LockMutex(&clisession_mutex) != 0) { - WOLFSSL_MSG("Client cache mutex lock failed"); - return NULL; - } - if (clientSession->serverRow >= SESSION_ROWS || - clientSession->serverIdx >= SESSIONS_PER_ROW) { - WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); - error = -1; - } - /* Prevent memory access before clientSession->serverRow and - * clientSession->serverIdx are sanitized. */ - XFENCE(); - if (error == 0) { - /* Lock row */ - sessRow = &SessionCache[clientSession->serverRow]; - error = SESSION_ROW_RD_LOCK(sessRow); - if (error != 0) { - WOLFSSL_MSG("Session cache row lock failure"); - sessRow = NULL; - } - } - if (error == 0) { -#ifdef SESSION_CACHE_DYNAMIC_MEM - cacheSession = sessRow->Sessions[clientSession->serverIdx]; -#else - cacheSession = &sessRow->Sessions[clientSession->serverIdx]; + int ret; + WOLFSSL_ENTER("Set_CTX_max_proto_version"); + + if (!ctx || !ctx->method) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + switch (ver) { + case SSL2_VERSION: + WOLFSSL_MSG("wolfSSL does not support SSLv2"); + return WOLFSSL_FAILURE; +#ifndef NO_TLS + case SSL3_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1); + FALL_THROUGH; + case TLS1_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_1); + FALL_THROUGH; + case TLS1_1_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2); + FALL_THROUGH; + case TLS1_2_VERSION: + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_3); + FALL_THROUGH; + case TLS1_3_VERSION: + /* Nothing to do here */ + break; +#endif +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + case DTLS1_2_VERSION: + break; #endif - if (cacheSession && cacheSession->sessionIDSz == 0) { - cacheSession = NULL; - WOLFSSL_MSG("Session cache entry not set"); - error = -1; + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; + } + + ret = CheckSslMethodVersion(ctx->method->version.major, ctx->mask); + if (ret == WOLFSSL_SUCCESS) { + /* Check the major */ + switch (ver) { + #ifndef NO_TLS + case SSL3_VERSION: + case TLS1_VERSION: + case TLS1_1_VERSION: + case TLS1_2_VERSION: + case TLS1_3_VERSION: + if (ctx->method->version.major != SSLv3_MAJOR) { + WOLFSSL_MSG("Mismatched protocol version"); + return WOLFSSL_FAILURE; } + break; + #endif + #ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + case DTLS1_2_VERSION: + if (ctx->method->version.major != DTLS_MAJOR) { + WOLFSSL_MSG("Mismatched protocol version"); + return WOLFSSL_FAILURE; + } + break; + #endif } - if (error == 0) { - /* Calculate the hash of the session ID */ - sessionIDHash = HashObject(cacheSession->sessionID, ID_LEN, - &error); - } - if (error == 0) { - /* Check the session ID hash matches */ - error = clientSession->sessionIDHash != sessionIDHash; - if (error != 0) - WOLFSSL_MSG("session ID hash don't match"); - } - if (error == 0) { - /* Hashes match */ - session = cacheSession; - WOLFSSL_MSG("Found session cache matching client session object"); - } - if (sessRow != NULL) { - SESSION_ROW_UNLOCK(sessRow); + /* Update the method */ + switch (ver) { + case SSL2_VERSION: + WOLFSSL_MSG("wolfSSL does not support SSLv2"); + return WOLFSSL_FAILURE; + #ifndef NO_TLS + case SSL3_VERSION: + ctx->method->version.minor = SSLv3_MINOR; + break; + case TLS1_VERSION: + ctx->method->version.minor = TLSv1_MINOR; + break; + case TLS1_1_VERSION: + ctx->method->version.minor = TLSv1_1_MINOR; + break; + case TLS1_2_VERSION: + ctx->method->version.minor = TLSv1_2_MINOR; + break; + case TLS1_3_VERSION: + ctx->method->version.minor = TLSv1_3_MINOR; + break; + #endif + #ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + ctx->method->version.minor = DTLS_MINOR; + break; + case DTLS1_2_VERSION: + ctx->method->version.minor = DTLSv1_2_MINOR; + break; + #endif + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; } - wc_UnLockMutex(&clisession_mutex); - return (WOLFSSL_SESSION*)session; - } - else { - /* Plain WOLFSSL_SESSION object */ - return (WOLFSSL_SESSION*)session; } -#else - return (WOLFSSL_SESSION*)session; -#endif -#endif + return ret; } -int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, - const byte* id, byte idSz, int* sessionIndex, int side, - word16 useTicket, ClientSession** clientCacheEntry) + +/* Sets the max protocol version allowed with WOLFSSL_CTX + * returns WOLFSSL_SUCCESS on success */ +int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) { - WOLFSSL_SESSION* cacheSession = NULL; - SessionRow* sessRow = NULL; - word32 idx = 0; -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_X509* cachePeer = NULL; - WOLFSSL_X509* addPeer = NULL; -#endif -#ifdef HAVE_SESSION_TICKET - byte* cacheTicBuff = NULL; - byte ticBuffUsed = 0; - byte* ticBuff = NULL; - int ticLen = 0; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - byte *preallocNonce = NULL; - byte preallocNonceLen = 0; - byte preallocNonceUsed = 0; - byte *toFree = NULL; -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC */ -#endif /* HAVE_SESSION_TICKET */ - int ret = 0; - int row; int i; - int overwrite = 0; - (void)ctx; - (void)sessionIndex; - (void)useTicket; - (void)clientCacheEntry; + int ret = WOLFSSL_FAILURE; + int minProto; - WOLFSSL_ENTER("AddSessionToCache"); + WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version"); - if (idSz == 0) { - WOLFSSL_MSG("AddSessionToCache idSz == 0"); - return BAD_FUNC_ARG; - } - - addSession = ClientSessionToSession(addSession); - if (addSession == NULL) { - WOLFSSL_MSG("AddSessionToCache is NULL"); - return MEMORY_E; - } - -#ifdef HAVE_SESSION_TICKET - ticLen = addSession->ticketLen; - /* Alloc Memory here to avoid syscalls during lock */ - if (ticLen > SESSION_TICKET_LEN) { - ticBuff = (byte*)XMALLOC(ticLen, NULL, - DYNAMIC_TYPE_SESSION_TICK); - if (ticBuff == NULL) { - return MEMORY_E; - } - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (addSession->ticketNonce.data != addSession->ticketNonce.dataStatic) { - /* use the AddSession->heap even if the buffer maybe saved in - * CachedSession objects. CachedSession heap and AddSession heap should - * be the same */ - preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len, - addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - if (preallocNonce == NULL) { - if (ticBuff != NULL) - XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - return MEMORY_E; - } - preallocNonceLen = addSession->ticketNonce.len; - } -#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */ -#endif /* HAVE_SESSION_TICKET */ - - /* Find a position for the new session in cache and use that */ - /* Use the session object in the cache for external cache if required */ - row = (int)(HashObject(id, ID_LEN, &ret) % SESSION_ROWS); - if (ret != 0) { - WOLFSSL_MSG("Hash session failed"); - #ifdef HAVE_SESSION_TICKET - XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) - XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - #endif - #endif + if (ctx == NULL) { return ret; } - sessRow = &SessionCache[row]; - if (SESSION_ROW_WR_LOCK(sessRow) != 0) { - #ifdef HAVE_SESSION_TICKET - XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) - XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - #endif - #endif - WOLFSSL_MSG("Session row lock failed"); - return BAD_MUTEX_E; + /* clear out flags and reset min protocol version */ + minProto = wolfSSL_CTX_get_min_proto_version(ctx); + wolfSSL_CTX_clear_options(ctx, + WOLFSSL_OP_NO_TLSv1 | WOLFSSL_OP_NO_TLSv1_1 | + WOLFSSL_OP_NO_TLSv1_2 | WOLFSSL_OP_NO_TLSv1_3); + wolfSSL_CTX_set_min_proto_version(ctx, minProto); + if (version != 0) { + ctx->maxProto = 0; /* turn max proto flag off */ + return Set_CTX_max_proto_version(ctx, version); } - for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { -#ifdef SESSION_CACHE_DYNAMIC_MEM - cacheSession = sessRow->Sessions[i]; -#else - cacheSession = &sessRow->Sessions[i]; -#endif - if (cacheSession && XMEMCMP(id, - cacheSession->sessionID, ID_LEN) == 0 && - cacheSession->side == side) { - WOLFSSL_MSG("Session already exists. Overwriting."); - overwrite = 1; - idx = i; + /* when 0 is specified as version, try to find out the min version from + * the bottom to top of the protoverTbl. + */ + for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) { + ret = Set_CTX_max_proto_version(ctx, protoVerTbl[i]); + if (ret == WOLFSSL_SUCCESS) { + ctx->maxProto = 1; /* turn max proto flag on */ break; } } - if (!overwrite) - idx = sessRow->nextIdx; -#ifdef SESSION_INDEX - if (sessionIndex != NULL) - *sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx; -#endif - -#ifdef SESSION_CACHE_DYNAMIC_MEM - cacheSession = sessRow->Sessions[idx]; - if (cacheSession == NULL) { - cacheSession = (WOLFSSL_SESSION*) XMALLOC(sizeof(WOLFSSL_SESSION), - sessRow->heap, DYNAMIC_TYPE_SESSION); - if (cacheSession == NULL) { - #ifdef HAVE_SESSION_TICKET - XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) - XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - #endif - #endif - SESSION_ROW_UNLOCK(sessRow); - return MEMORY_E; - } - XMEMSET(cacheSession, 0, sizeof(WOLFSSL_SESSION)); - sessRow->Sessions[idx] = cacheSession; - } -#else - cacheSession = &sessRow->Sessions[idx]; -#endif + return ret; +} -#ifdef HAVE_EX_DATA - if (overwrite) { - /* Figure out who owns the ex_data */ - if (cacheSession->ownExData) { - /* Prioritize cacheSession copy */ - XMEMCPY(&addSession->ex_data, &cacheSession->ex_data, - sizeof(WOLFSSL_CRYPTO_EX_DATA)); - } - /* else will be copied in wolfSSL_DupSession call */ - } - else if (cacheSession->ownExData) { - crypto_ex_cb_free_data(cacheSession, crypto_ex_cb_ctx_session, - &cacheSession->ex_data); - cacheSession->ownExData = 0; - } -#endif - if (!overwrite) - EvictSessionFromCache(cacheSession); +static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver) +{ + WOLFSSL_ENTER("Set_SSL_min_proto_version"); - cacheSession->type = WOLFSSL_SESSION_TYPE_CACHE; - cacheSession->cacheRow = row; + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /* Save the peer field to free after unlocking the row */ - if (cacheSession->peer != NULL) - cachePeer = cacheSession->peer; - cacheSession->peer = NULL; -#endif -#ifdef HAVE_SESSION_TICKET - /* If we can reuse the existing buffer in cacheSession then we won't touch - * ticBuff at all making it a very cheap malloc/free. The page on a modern - * OS will most likely not even be allocated to the process. */ - if (ticBuff != NULL && cacheSession->ticketLenAlloc < ticLen) { - /* Save pointer only if separately allocated */ - if (cacheSession->ticket != cacheSession->staticTicket) - cacheTicBuff = cacheSession->ticket; - ticBuffUsed = 1; - cacheSession->ticket = ticBuff; - cacheSession->ticketLenAlloc = (word16) ticLen; - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - /* cache entry never used */ - if (cacheSession->ticketNonce.data == NULL) - cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic; - - if (cacheSession->ticketNonce.data != - cacheSession->ticketNonce.dataStatic) { - toFree = cacheSession->ticketNonce.data; - cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic; - cacheSession->ticketNonce.len = 0; - } -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ + switch (ver) { +#ifndef NO_TLS + case SSL3_VERSION: +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + ssl->options.minDowngrade = SSLv3_MINOR; + break; #endif -#ifdef SESSION_CERTS - if (overwrite && - addSession->chain.count == 0 && - cacheSession->chain.count > 0) { - /* Copy in the certs from the session */ - addSession->chain.count = cacheSession->chain.count; - XMEMCPY(addSession->chain.certs, cacheSession->chain.certs, - sizeof(x509_buffer) * cacheSession->chain.count); - } -#endif /* SESSION_CERTS */ -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /* Don't copy the peer cert into cache */ - addPeer = addSession->peer; - addSession->peer = NULL; -#endif - cacheSession->heap = NULL; - /* Copy data into the cache object */ -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce, - &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE; -#else - ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE; -#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC - && FIPS_VERSION_GE(5,3)*/ -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - addSession->peer = addPeer; + case TLS1_VERSION: + #ifdef WOLFSSL_ALLOW_TLSV10 + ssl->options.minDowngrade = TLSv1_MINOR; + break; + #endif + case TLS1_1_VERSION: + #ifndef NO_OLD_TLS + ssl->options.minDowngrade = TLSv1_1_MINOR; + break; + #endif + case TLS1_2_VERSION: + #ifndef WOLFSSL_NO_TLS12 + ssl->options.minDowngrade = TLSv1_2_MINOR; + break; + #endif + case TLS1_3_VERSION: + #ifdef WOLFSSL_TLS13 + ssl->options.minDowngrade = TLSv1_3_MINOR; + break; + #endif #endif - - if (ret == 0) { - if (!overwrite) { - /* Increment the totalCount and the nextIdx */ - if (sessRow->totalCount < SESSIONS_PER_ROW) - sessRow->totalCount++; - sessRow->nextIdx = (sessRow->nextIdx + 1) % SESSIONS_PER_ROW; - } - if (id != addSession->sessionID) { - /* ssl->session->sessionID may contain the bogus ID or we want the - * ID from the arrays object */ - XMEMCPY(cacheSession->sessionID, id, ID_LEN); - cacheSession->sessionIDSz = ID_LEN; - } -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - if (ctx->rem_sess_cb != NULL) - cacheSession->rem_sess_cb = ctx->rem_sess_cb; +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + #ifndef NO_OLD_TLS + ssl->options.minDowngrade = DTLS_MINOR; + break; + #endif + case DTLS1_2_VERSION: + ssl->options.minDowngrade = DTLSv1_2_MINOR; + break; #endif -#ifdef HAVE_EX_DATA - /* The session in cache now owns the ex_data */ - addSession->ownExData = 0; - cacheSession->ownExData = 1; -#endif -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (preallocNonce != NULL && preallocNonceUsed) { - cacheSession->ticketNonce.data = preallocNonce; - cacheSession->ticketNonce.len = preallocNonceLen; - preallocNonce = NULL; - preallocNonceLen = 0; - } -#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC - * && FIPS_VERSION_GE(5,3)*/ - } -#ifdef HAVE_SESSION_TICKET - else if (ticBuffUsed) { - /* Error occurred. Need to clean up the ticket buffer. */ - cacheSession->ticket = cacheSession->staticTicket; - cacheSession->ticketLenAlloc = 0; - cacheSession->ticketLen = 0; + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; } -#endif - SESSION_ROW_UNLOCK(sessRow); - cacheSession = NULL; /* Can't access after unlocked */ -#ifndef NO_CLIENT_CACHE - if (ret == 0 && clientCacheEntry != NULL) { - ClientSession* clientCache = AddSessionToClientCache(side, row, idx, - addSession->serverID, addSession->idLen, id, useTicket); - if (clientCache != NULL) - *clientCacheEntry = clientCache; - } + switch (ver) { +#ifndef NO_TLS + case TLS1_3_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_2; + FALL_THROUGH; + case TLS1_2_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_1; + FALL_THROUGH; + case TLS1_1_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1; + FALL_THROUGH; + case TLS1_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_SSLv3; + break; + case SSL3_VERSION: + case SSL2_VERSION: + /* Nothing to do here */ + break; #endif - -#ifdef HAVE_SESSION_TICKET - if (ticBuff != NULL && !ticBuffUsed) - XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - XFREE(cacheTicBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); - XFREE(toFree, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + case DTLS1_2_VERSION: + break; #endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (cachePeer != NULL) { - wolfSSL_X509_free(cachePeer); - cachePeer = NULL; /* Make sure not use after this point */ + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; } -#endif - return ret; + return CheckSslMethodVersion(ssl->version.major, ssl->options.mask); } -void AddSession(WOLFSSL* ssl) +int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version) { - int error = 0; - const byte* id = NULL; - byte idSz = 0; - WOLFSSL_SESSION* session = ssl->session; - - (void)error; - - WOLFSSL_ENTER("AddSession"); + int i; + int ret = WOLFSSL_FAILURE;; - if (SslSessionCacheOff(ssl, session)) { - WOLFSSL_MSG("Cache off"); - return; - } + WOLFSSL_ENTER("wolfSSL_set_min_proto_version"); - if (session->haveAltSessionID) { - id = session->altSessionID; - idSz = ID_LEN; + if (ssl == NULL) { + return WOLFSSL_FAILURE; } - else { - id = session->sessionID; - idSz = session->sessionIDSz; - } - - /* Do this only for the client because if the server doesn't have an ID at - * this point, it won't on resumption. */ - if (idSz == 0 && ssl->options.side == WOLFSSL_CLIENT_END) { - WC_RNG* rng = NULL; - if (ssl->rng != NULL) - rng = ssl->rng; -#if defined(HAVE_GLOBAL_RNG) && defined(OPENSSL_EXTRA) - else if (initGlobalRNG == 1 || wolfSSL_RAND_Init() == WOLFSSL_SUCCESS) { - rng = &globalRNG; - } -#endif - if (wc_RNG_GenerateBlock(rng, ssl->session->altSessionID, - ID_LEN) != 0) - return; - ssl->session->haveAltSessionID = 1; - id = ssl->session->altSessionID; - idSz = ID_LEN; + if (version != 0) { + return Set_SSL_min_proto_version(ssl, version); } -#ifdef HAVE_EXT_CACHE - if (!ssl->options.internalCacheOff) -#endif - { - /* Try to add the session to internal cache or external cache - if a new_sess_cb is set. Its ok if we don't succeed. */ - (void)AddSessionToCache(ssl->ctx, session, id, idSz, -#ifdef SESSION_INDEX - &ssl->sessionIndex, -#else - NULL, -#endif - ssl->options.side, -#ifdef HAVE_SESSION_TICKET - ssl->options.useTicket, -#else - 0, -#endif -#ifdef NO_SESSION_CACHE_REF - NULL -#else - (ssl->options.side == WOLFSSL_CLIENT_END) ? - &ssl->clientSession : NULL -#endif - ); + /* when 0 is specified as version, try to find out the min version */ + for (i= 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { + ret = Set_SSL_min_proto_version(ssl, protoVerTbl[i]); + if (ret == WOLFSSL_SUCCESS) + break; } -#ifdef HAVE_EXT_CACHE - if (error == 0 && ssl->ctx->new_sess_cb != NULL) { - int cbRet = 0; - wolfSSL_SESSION_up_ref(session); - cbRet = ssl->ctx->new_sess_cb(ssl, session); - if (cbRet == 0) - wolfSSL_FreeSession(ssl->ctx, session); - } -#endif + return ret; +} -#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) - if (error == 0) { - word32 active = 0; +static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver) +{ - error = get_locked_session_stats(&active, NULL, NULL); - if (error == WOLFSSL_SUCCESS) { - error = 0; /* back to this function ok */ + WOLFSSL_ENTER("Set_SSL_max_proto_version"); - if (PeakSessions < active) { - PeakSessions = active; - } - } + if (!ssl) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } -#endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */ - (void)error; -} + switch (ver) { + case SSL2_VERSION: + WOLFSSL_MSG("wolfSSL does not support SSLv2"); + return WOLFSSL_FAILURE; +#ifndef NO_TLS + case SSL3_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1; + FALL_THROUGH; + case TLS1_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_1; + FALL_THROUGH; + case TLS1_1_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_2; + FALL_THROUGH; + case TLS1_2_VERSION: + ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_3; + FALL_THROUGH; + case TLS1_3_VERSION: + /* Nothing to do here */ + break; +#endif +#ifdef WOLFSSL_DTLS + case DTLS1_VERSION: + case DTLS1_2_VERSION: + break; +#endif + default: + WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + return WOLFSSL_FAILURE; + } -#ifdef SESSION_INDEX - -int wolfSSL_GetSessionIndex(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_GetSessionIndex"); - WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex); - return ssl->sessionIndex; + return CheckSslMethodVersion(ssl->version.major, ssl->options.mask); } - -int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session) +int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version) { - int row, col, result = WOLFSSL_FAILURE; - SessionRow* sessRow; - WOLFSSL_SESSION* cacheSession; - - WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex"); - - session = ClientSessionToSession(session); + int i; + int ret = WOLFSSL_FAILURE;; - row = idx >> SESSIDX_ROW_SHIFT; - col = idx & SESSIDX_IDX_MASK; + WOLFSSL_ENTER("wolfSSL_set_max_proto_version"); - if (session == NULL || - row < 0 || row >= SESSION_ROWS || col >= SESSIONS_PER_ROW) { + if (ssl == NULL) { return WOLFSSL_FAILURE; } - - sessRow = &SessionCache[row]; - if (SESSION_ROW_RD_LOCK(sessRow) != 0) { - return BAD_MUTEX_E; + if (version != 0) { + return Set_SSL_max_proto_version(ssl, version); } -#ifdef SESSION_CACHE_DYNAMIC_MEM - cacheSession = sessRow->Sessions[col]; -#else - cacheSession = &sessRow->Sessions[col]; -#endif - if (cacheSession) { - XMEMCPY(session, cacheSession, sizeof(WOLFSSL_SESSION)); - result = WOLFSSL_SUCCESS; - } - else { - result = WOLFSSL_FAILURE; + /* when 0 is specified as version, try to find out the min version from + * the bottom to top of the protoverTbl. + */ + for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) { + ret = Set_SSL_max_proto_version(ssl, protoVerTbl[i]); + if (ret == WOLFSSL_SUCCESS) + break; } - SESSION_ROW_UNLOCK(sessRow); - - WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result); - return result; + return ret; } -#endif /* SESSION_INDEX */ - -#if defined(SESSION_CERTS) - -WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session) +static int GetMinProtoVersion(int minDowngrade) { - WOLFSSL_X509_CHAIN* chain = NULL; - - WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain"); + int ret; - session = ClientSessionToSession(session); - - if (session) - chain = &session->chain; + switch (minDowngrade) { +#ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + case SSLv3_MINOR: + ret = SSL3_VERSION; + break; + #endif + #ifdef WOLFSSL_ALLOW_TLSV10 + case TLSv1_MINOR: + ret = TLS1_VERSION; + break; + #endif + case TLSv1_1_MINOR: + ret = TLS1_1_VERSION; + break; +#endif +#ifndef WOLFSSL_NO_TLS12 + case TLSv1_2_MINOR: + ret = TLS1_2_VERSION; + break; +#endif +#ifdef WOLFSSL_TLS13 + case TLSv1_3_MINOR: + ret = TLS1_3_VERSION; + break; +#endif + default: + ret = 0; + break; + } - WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0); - return chain; + return ret; } - -#ifdef OPENSSL_EXTRA -/* gets the peer certificate associated with the session passed in - * returns null on failure, the caller should not free the returned pointer */ -WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session) +int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx) { - WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain"); + int ret = 0; - session = ClientSessionToSession(session); - if (session) { - int count; + WOLFSSL_ENTER("wolfSSL_CTX_get_min_proto_version"); - count = wolfSSL_get_chain_count(&session->chain); - if (count < 1 || count >= MAX_CHAIN_DEPTH) { - WOLFSSL_MSG("bad count found"); - return NULL; + if (ctx != NULL) { + if (ctx->minProto) { + ret = 0; } - - if (session->peer == NULL) { - session->peer = wolfSSL_get_chain_X509(&session->chain, 0); + else { + ret = GetMinProtoVersion(ctx->minDowngrade); } - return session->peer; } - WOLFSSL_MSG("No session passed in"); + else { + ret = GetMinProtoVersion(WOLFSSL_MIN_DOWNGRADE); + } - return NULL; -} -#endif /* OPENSSL_EXTRA */ -#endif /* SESSION_INDEX && SESSION_CERTS */ + WOLFSSL_LEAVE("wolfSSL_CTX_get_min_proto_version", ret); + return ret; +} -#ifdef WOLFSSL_SESSION_STATS -static int get_locked_session_stats(word32* active, word32* total, word32* peak) +/* returns the maximum allowed protocol version given the 'options' used + * returns WOLFSSL_FATAL_ERROR on no match */ +static int GetMaxProtoVersion(long options) { - int result = WOLFSSL_SUCCESS; - int i; - int count; - int idx; - word32 now = 0; - word32 seen = 0; - word32 ticks = LowResTimer(); - - WOLFSSL_ENTER("get_locked_session_stats"); - -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_RD_LOCK(&SessionCache[0]); +#ifndef NO_TLS +#ifdef WOLFSSL_TLS13 + if (!(options & WOLFSSL_OP_NO_TLSv1_3)) + return TLS1_3_VERSION; #endif - for (i = 0; i < SESSION_ROWS; i++) { - SessionRow* row = &SessionCache[i]; - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_RD_LOCK(row) != 0) { - WOLFSSL_MSG("Session row cache mutex lock failed"); - return BAD_MUTEX_E; - } +#ifndef WOLFSSL_NO_TLS12 + if (!(options & WOLFSSL_OP_NO_TLSv1_2)) + return TLS1_2_VERSION; +#endif +#ifndef NO_OLD_TLS + if (!(options & WOLFSSL_OP_NO_TLSv1_1)) + return TLS1_1_VERSION; + #ifdef WOLFSSL_ALLOW_TLSV10 + if (!(options & WOLFSSL_OP_NO_TLSv1)) + return TLS1_VERSION; #endif + #ifdef WOLFSSL_ALLOW_SSLV3 + if (!(options & WOLFSSL_OP_NO_SSLv3)) + return SSL3_VERSION; + #endif +#endif +#else + (void)options; +#endif /* NO_TLS */ + return WOLFSSL_FATAL_ERROR; +} - seen += row->totalCount; - - if (active == NULL) { - SESSION_ROW_UNLOCK(row); - continue; - } - - count = min((word32)row->totalCount, SESSIONS_PER_ROW); - idx = row->nextIdx - 1; - if (idx < 0 || idx >= SESSIONS_PER_ROW) { - idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */ - } - for (; count > 0; --count) { - /* if not expired then good */ -#ifdef SESSION_CACHE_DYNAMIC_MEM - if (row->Sessions[idx] && - ticks < (row->Sessions[idx]->bornOn + - row->Sessions[idx]->timeout) ) -#else - if (ticks < (row->Sessions[idx].bornOn + - row->Sessions[idx].timeout) ) -#endif - { - now++; - } +/* returns the maximum protocol version for 'ctx' */ +int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) +{ + int ret = 0; + long options = 0; /* default to nothing set */ - idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1; - } + WOLFSSL_ENTER("wolfSSL_CTX_get_max_proto_version"); - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(row); - #endif + if (ctx != NULL) { + options = wolfSSL_CTX_get_options(ctx); } -#ifndef ENABLE_SESSION_CACHE_ROW_LOCK - SESSION_ROW_UNLOCK(&SessionCache[0]); -#endif - if (active) { - *active = now; - } - if (total) { - *total = seen; + if ((ctx != NULL) && ctx->maxProto) { + ret = 0; } - -#ifdef WOLFSSL_PEAK_SESSIONS - if (peak) { - *peak = PeakSessions; + else { + ret = GetMaxProtoVersion(options); } -#else - (void)peak; -#endif - WOLFSSL_LEAVE("get_locked_session_stats", result); + WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret); - return result; + if (ret == WOLFSSL_FATAL_ERROR) { + WOLFSSL_MSG("Error getting max proto version"); + ret = 0; /* setting ret to 0 to match compat return */ + } + return ret; } +#endif /* OPENSSL_EXTRA */ - -/* return WOLFSSL_SUCCESS on ok */ -int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak, - word32* maxSessions) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_SECRET_CALLBACK) +#if !defined(NO_WOLFSSL_CLIENT) +/* Return the amount of random bytes copied over or error case. + * ssl : ssl struct after handshake + * out : buffer to hold random bytes + * outSz : either 0 (return max buffer sz) or size of out buffer + */ +size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, + size_t outSz) { - int result = WOLFSSL_SUCCESS; - - WOLFSSL_ENTER("wolfSSL_get_session_stats"); - - if (maxSessions) { - *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS; + size_t size; - if (active == NULL && total == NULL && peak == NULL) - return result; /* we're done */ + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; } - /* user must provide at least one query value */ - if (active == NULL && total == NULL && peak == NULL) { - return BAD_FUNC_ARG; + if (ssl == NULL || out == NULL) { + return 0; } - result = get_locked_session_stats(active, total, peak); + if (ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + return 0; + } - WOLFSSL_LEAVE("wolfSSL_get_session_stats", result); + if (outSz > RAN_LEN) { + size = RAN_LEN; + } + else { + size = outSz; + } - return result; + XMEMCPY(out, ssl->arrays->clientRandom, size); + return size; } +#endif /* !NO_WOLFSSL_CLIENT */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ -#endif /* WOLFSSL_SESSION_STATS */ - - - #ifdef PRINT_SESSION_STATS +#ifdef OPENSSL_EXTRA - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_PrintSessionStats(void) + unsigned long wolfSSLeay(void) { - word32 totalSessionsSeen = 0; - word32 totalSessionsNow = 0; - word32 peak = 0; - word32 maxSessions = 0; - int i; - int ret; - double E; /* expected freq */ - double chiSquare = 0; - - ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen, - &peak, &maxSessions); - if (ret != WOLFSSL_SUCCESS) - return ret; - printf("Total Sessions Seen = %u\n", totalSessionsSeen); - printf("Total Sessions Now = %u\n", totalSessionsNow); -#ifdef WOLFSSL_PEAK_SESSIONS - printf("Peak Sessions = %u\n", peak); -#endif - printf("Max Sessions = %u\n", maxSessions); - - E = (double)totalSessionsSeen / SESSION_ROWS; - - for (i = 0; i < SESSION_ROWS; i++) { - double diff = SessionCache[i].totalCount - E; - diff *= diff; /* square */ - diff /= E; /* normalize */ - - chiSquare += diff; - } - printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare, - SESSION_ROWS - 1); - #if (SESSION_ROWS == 11) - printf(" .05 p value = 18.3, chi-square should be less\n"); - #elif (SESSION_ROWS == 211) - printf(".05 p value = 244.8, chi-square should be less\n"); - #elif (SESSION_ROWS == 5981) - printf(".05 p value = 6161.0, chi-square should be less\n"); - #elif (SESSION_ROWS == 3) - printf(".05 p value = 6.0, chi-square should be less\n"); - #elif (SESSION_ROWS == 2861) - printf(".05 p value = 2985.5, chi-square should be less\n"); - #endif - printf("\n"); - - return ret; + return SSLEAY_VERSION_NUMBER; } - #endif /* SESSION_STATS */ - -#else /* NO_SESSION_CACHE */ - -WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) -{ - return (WOLFSSL_SESSION*)session; -} - -/* No session cache version */ -WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret, - byte restoreSessionCerts) -{ - (void)ssl; - (void)masterSecret; - (void)restoreSessionCerts; + unsigned long wolfSSL_OpenSSL_version_num(void) + { + return OPENSSL_VERSION_NUMBER; + } - return NULL; -} + const char* wolfSSLeay_version(int type) + { + (void)type; +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + return wolfSSL_OpenSSL_version(type); +#else + return wolfSSL_OpenSSL_version(); +#endif + } +#endif /* OPENSSL_EXTRA */ -#endif /* NO_SESSION_CACHE */ +#ifdef OPENSSL_EXTRA + void wolfSSL_ERR_free_strings(void) + { + /* handled internally */ + } + void wolfSSL_cleanup_all_ex_data(void) + { + /* nothing to do here */ + } -/* call before SSL_connect, if verifying will add name check to - date check and signature check */ -WOLFSSL_ABI -int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) -{ - WOLFSSL_ENTER("wolfSSL_check_domain_name"); +#endif /* OPENSSL_EXTRA */ - if (ssl == NULL || dn == NULL) { - WOLFSSL_MSG("Bad function argument: NULL"); - return WOLFSSL_FAILURE; +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || \ + defined(HAVE_CURL) + void wolfSSL_ERR_clear_error(void) + { + WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); + #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + wc_ClearErrorNodes(); + #endif } +#endif - if (ssl->buffers.domainName.buffer) - XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + int wolfSSL_clear(WOLFSSL* ssl) + { + WOLFSSL_ENTER("wolfSSL_clear"); - ssl->buffers.domainName.length = (word32)XSTRLEN(dn); - ssl->buffers.domainName.buffer = (byte*)XMALLOC( - ssl->buffers.domainName.length + 1, ssl->heap, DYNAMIC_TYPE_DOMAIN); + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } - if (ssl->buffers.domainName.buffer) { - unsigned char* domainName = ssl->buffers.domainName.buffer; - XMEMCPY(domainName, dn, ssl->buffers.domainName.length); - domainName[ssl->buffers.domainName.length] = '\0'; - return WOLFSSL_SUCCESS; - } - else { - ssl->error = MEMORY_ERROR; - return WOLFSSL_FAILURE; - } -} + if (!ssl->options.handShakeDone) { + /* Only reset the session if we didn't complete a handshake */ + wolfSSL_FreeSession(ssl->ctx, ssl->session); + ssl->session = wolfSSL_NewSession(ssl->heap); + if (ssl->session == NULL) { + return WOLFSSL_FAILURE; + } + } + /* reset error */ + ssl->error = 0; -/* turn on wolfSSL zlib compression - returns WOLFSSL_SUCCESS for success, else error (not built in) -*/ -int wolfSSL_set_compression(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_set_compression"); - (void)ssl; -#ifdef HAVE_LIBZ - ssl->options.usingCompression = 1; - return WOLFSSL_SUCCESS; -#else - return NOT_COMPILED_IN; -#endif -} - + /* reset option bits */ + ssl->options.isClosed = 0; + ssl->options.connReset = 0; + ssl->options.sentNotify = 0; + ssl->options.closeNotify = 0; + ssl->options.sendVerify = 0; + ssl->options.serverState = NULL_STATE; + ssl->options.clientState = NULL_STATE; + ssl->options.connectState = CONNECT_BEGIN; + ssl->options.acceptState = ACCEPT_BEGIN; + ssl->options.handShakeState = NULL_STATE; + ssl->options.handShakeDone = 0; + ssl->options.processReply = 0; /* doProcessInit */ + ssl->options.havePeerVerify = 0; + ssl->options.havePeerCert = 0; + ssl->options.peerAuthGood = 0; + ssl->options.tls1_3 = 0; + ssl->options.haveSessionId = 0; + ssl->options.tls = 0; + ssl->options.tls1_1 = 0; + #ifdef WOLFSSL_DTLS + ssl->options.dtlsStateful = 0; + #endif + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + ssl->options.noPskDheKe = 0; + #ifdef HAVE_SUPPORTED_CURVES + ssl->options.onlyPskDheKe = 0; + #endif + #endif + #ifdef HAVE_SESSION_TICKET + #ifdef WOLFSSL_TLS13 + ssl->options.ticketsSent = 0; + #endif + ssl->options.rejectTicket = 0; + #endif + #ifdef WOLFSSL_EARLY_DATA + ssl->earlyData = no_early_data; + ssl->earlyDataSz = 0; + #endif -#ifndef USE_WINDOWS_API - #ifndef NO_WRITEV + #if defined(HAVE_TLS_EXTENSIONS) && !defined(NO_TLS) + TLSX_FreeAll(ssl->extensions, ssl->heap); + ssl->extensions = NULL; + #endif - /* simulate writev semantics, doesn't actually do block at a time though - because of SSL_write behavior and because front adds may be small */ - int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt) - { - #ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ - #else - byte staticBuffer[FILE_BUFFER_SIZE]; + if (ssl->keys.encryptionOn) { + ForceZero(ssl->buffers.inputBuffer.buffer - + ssl->buffers.inputBuffer.offset, + ssl->buffers.inputBuffer.bufferSize); + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(ssl->buffers.inputBuffer.buffer - + ssl->buffers.inputBuffer.offset, + ssl->buffers.inputBuffer.bufferSize); #endif - byte* myBuffer = staticBuffer; - int dynamic = 0; - int sending = 0; - int idx = 0; - int i; - int ret; + } + ssl->keys.encryptionOn = 0; + XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); - WOLFSSL_ENTER("wolfSSL_writev"); + if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; - for (i = 0; i < iovcnt; i++) - sending += (int)iov[i].iov_len; + if (InitHandshakeHashes(ssl) != 0) + return WOLFSSL_FAILURE; - if (sending > (int)sizeof(staticBuffer)) { - myBuffer = (byte*)XMALLOC(sending, ssl->heap, - DYNAMIC_TYPE_WRITEV); - if (!myBuffer) - return MEMORY_ERROR; +#ifdef KEEP_PEER_CERT + FreeX509(&ssl->peerCert); + InitX509(&ssl->peerCert, 0, ssl->heap); +#endif - dynamic = 1; - } +#ifdef WOLFSSL_QUIC + wolfSSL_quic_clear(ssl); +#endif - for (i = 0; i < iovcnt; i++) { - XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len); - idx += (int)iov[i].iov_len; - } + return WOLFSSL_SUCCESS; + } - /* myBuffer may not be initialized fully, but the span up to the - * sending length will be. - */ - PRAGMA_GCC_DIAG_PUSH - PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") - ret = wolfSSL_write(ssl, myBuffer, sending); - PRAGMA_GCC_DIAG_POP +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - if (dynamic) - XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode) + { + /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ - return ret; + WOLFSSL_ENTER("wolfSSL_CTX_set_mode"); + switch(mode) { + case SSL_MODE_ENABLE_PARTIAL_WRITE: + ctx->partialWrite = 1; + break; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + case SSL_MODE_RELEASE_BUFFERS: + WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); + break; + #endif + case SSL_MODE_AUTO_RETRY: + ctx->autoRetry = 1; + break; + default: + WOLFSSL_MSG("Mode Not Implemented"); } - #endif -#endif + /* SSL_MODE_AUTO_RETRY + * Should not return -1 with renegotiation on read/write */ -#ifdef WOLFSSL_CALLBACKS + return mode; + } - typedef struct itimerval Itimerval; + long wolfSSL_CTX_clear_mode(WOLFSSL_CTX* ctx, long mode) + { + /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ - /* don't keep calling simple functions while setting up timer and signals - if no inlining these are the next best */ + WOLFSSL_ENTER("wolfSSL_CTX_clear_mode"); + switch(mode) { + case SSL_MODE_ENABLE_PARTIAL_WRITE: + ctx->partialWrite = 0; + break; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + case SSL_MODE_RELEASE_BUFFERS: + WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); + break; + #endif + case SSL_MODE_AUTO_RETRY: + ctx->autoRetry = 0; + break; + default: + WOLFSSL_MSG("Mode Not Implemented"); + } - #define AddTimes(a, b, c) \ - do { \ - (c).tv_sec = (a).tv_sec + (b).tv_sec; \ - (c).tv_usec = (a).tv_usec + (b).tv_usec;\ - if ((c).tv_usec >= 1000000) { \ - (c).tv_sec++; \ - (c).tv_usec -= 1000000; \ - } \ - } while (0) + /* SSL_MODE_AUTO_RETRY + * Should not return -1 with renegotiation on read/write */ + return 0; + } +#endif - #define SubtractTimes(a, b, c) \ - do { \ - (c).tv_sec = (a).tv_sec - (b).tv_sec; \ - (c).tv_usec = (a).tv_usec - (b).tv_usec;\ - if ((c).tv_usec < 0) { \ - (c).tv_sec--; \ - (c).tv_usec += 1000000; \ - } \ - } while (0) +#ifdef OPENSSL_EXTRA - #define CmpTimes(a, b, cmp) \ - (((a).tv_sec == (b).tv_sec) ? \ - ((a).tv_usec cmp (b).tv_usec) : \ - ((a).tv_sec cmp (b).tv_sec)) \ + #ifndef NO_WOLFSSL_STUB + long wolfSSL_SSL_get_mode(WOLFSSL* ssl) + { + /* TODO: */ + (void)ssl; + WOLFSSL_STUB("SSL_get_mode"); + return 0; + } + #endif + #ifndef NO_WOLFSSL_STUB + long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx) + { + /* TODO: */ + (void)ctx; + WOLFSSL_STUB("SSL_CTX_get_mode"); + return 0; + } + #endif - /* do nothing handler */ - static void myHandler(int signo) + #ifndef NO_WOLFSSL_STUB + void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m) { - (void)signo; - return; + /* TODO: maybe? */ + (void)ctx; + (void)m; + WOLFSSL_STUB("SSL_CTX_set_default_read_ahead"); } + #endif - static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb, - TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) + /* returns the unsigned error value and increments the pointer into the + * error queue. + * + * file pointer to file name + * line gets set to line number of error when not NULL + */ + unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line) { - int ret = WOLFSSL_FATAL_ERROR; - int oldTimerOn = 0; /* was timer already on */ - WOLFSSL_TIMEVAL startTime; - WOLFSSL_TIMEVAL endTime; - WOLFSSL_TIMEVAL totalTime; - Itimerval myTimeout; - Itimerval oldTimeout; /* if old timer adjust from total time to reset */ - struct sigaction act, oact; - - #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; } + #ifdef WOLFSSL_HAVE_ERROR_QUEUE + int ret = wc_PullErrorNode(file, NULL, line); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) + return 0; /* no errors in queue */ + WOLFSSL_MSG("Issue getting error node"); + WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret); + ret = 0 - ret; /* return absolute value of error */ - if (hsCb) { - ssl->hsInfoOn = 1; - InitHandShakeInfo(&ssl->handShakeInfo, ssl); + /* panic and try to clear out nodes */ + wc_ClearErrorNodes(); } - if (toCb) { - ssl->toInfoOn = 1; - InitTimeoutInfo(&ssl->timeoutInfo); - - if (gettimeofday(&startTime, 0) < 0) - ERR_OUT(GETTIME_ERROR); - - /* use setitimer to simulate getitimer, init 0 myTimeout */ - myTimeout.it_interval.tv_sec = 0; - myTimeout.it_interval.tv_usec = 0; - myTimeout.it_value.tv_sec = 0; - myTimeout.it_value.tv_usec = 0; - if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0) - ERR_OUT(SETITIMER_ERROR); + return (unsigned long)ret; + #else + (void)file; + (void)line; - if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) { - oldTimerOn = 1; + return 0; + #endif + } - /* is old timer going to expire before ours */ - if (CmpTimes(oldTimeout.it_value, timeout, <)) { - timeout.tv_sec = oldTimeout.it_value.tv_sec; - timeout.tv_usec = oldTimeout.it_value.tv_usec; - } - } - myTimeout.it_value.tv_sec = timeout.tv_sec; - myTimeout.it_value.tv_usec = timeout.tv_usec; - /* set up signal handler, don't restart socket send/recv */ - act.sa_handler = myHandler; - sigemptyset(&act.sa_mask); - act.sa_flags = 0; -#ifdef SA_INTERRUPT - act.sa_flags |= SA_INTERRUPT; -#endif - if (sigaction(SIGALRM, &act, &oact) < 0) - ERR_OUT(SIGACT_ERROR); +#if (defined(DEBUG_WOLFSSL) || defined(OPENSSL_EXTRA)) && \ + (!defined(_WIN32) && !defined(NO_ERROR_QUEUE)) + static const char WOLFSSL_SYS_ACCEPT_T[] = "accept"; + static const char WOLFSSL_SYS_BIND_T[] = "bind"; + static const char WOLFSSL_SYS_CONNECT_T[] = "connect"; + static const char WOLFSSL_SYS_FOPEN_T[] = "fopen"; + static const char WOLFSSL_SYS_FREAD_T[] = "fread"; + static const char WOLFSSL_SYS_GETADDRINFO_T[] = "getaddrinfo"; + static const char WOLFSSL_SYS_GETSOCKOPT_T[] = "getsockopt"; + static const char WOLFSSL_SYS_GETSOCKNAME_T[] = "getsockname"; + static const char WOLFSSL_SYS_GETHOSTBYNAME_T[] = "gethostbyname"; + static const char WOLFSSL_SYS_GETNAMEINFO_T[] = "getnameinfo"; + static const char WOLFSSL_SYS_GETSERVBYNAME_T[] = "getservbyname"; + static const char WOLFSSL_SYS_IOCTLSOCKET_T[] = "ioctlsocket"; + static const char WOLFSSL_SYS_LISTEN_T[] = "listen"; + static const char WOLFSSL_SYS_OPENDIR_T[] = "opendir"; + static const char WOLFSSL_SYS_SETSOCKOPT_T[] = "setsockopt"; + static const char WOLFSSL_SYS_SOCKET_T[] = "socket"; - if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0) - ERR_OUT(SETITIMER_ERROR); + /* switch with int mapped to function name for compatibility */ + static const char* wolfSSL_ERR_sys_func(int fun) + { + switch (fun) { + case WOLFSSL_SYS_ACCEPT: return WOLFSSL_SYS_ACCEPT_T; + case WOLFSSL_SYS_BIND: return WOLFSSL_SYS_BIND_T; + case WOLFSSL_SYS_CONNECT: return WOLFSSL_SYS_CONNECT_T; + case WOLFSSL_SYS_FOPEN: return WOLFSSL_SYS_FOPEN_T; + case WOLFSSL_SYS_FREAD: return WOLFSSL_SYS_FREAD_T; + case WOLFSSL_SYS_GETADDRINFO: return WOLFSSL_SYS_GETADDRINFO_T; + case WOLFSSL_SYS_GETSOCKOPT: return WOLFSSL_SYS_GETSOCKOPT_T; + case WOLFSSL_SYS_GETSOCKNAME: return WOLFSSL_SYS_GETSOCKNAME_T; + case WOLFSSL_SYS_GETHOSTBYNAME: return WOLFSSL_SYS_GETHOSTBYNAME_T; + case WOLFSSL_SYS_GETNAMEINFO: return WOLFSSL_SYS_GETNAMEINFO_T; + case WOLFSSL_SYS_GETSERVBYNAME: return WOLFSSL_SYS_GETSERVBYNAME_T; + case WOLFSSL_SYS_IOCTLSOCKET: return WOLFSSL_SYS_IOCTLSOCKET_T; + case WOLFSSL_SYS_LISTEN: return WOLFSSL_SYS_LISTEN_T; + case WOLFSSL_SYS_OPENDIR: return WOLFSSL_SYS_OPENDIR_T; + case WOLFSSL_SYS_SETSOCKOPT: return WOLFSSL_SYS_SETSOCKOPT_T; + case WOLFSSL_SYS_SOCKET: return WOLFSSL_SYS_SOCKET_T; + default: + return "NULL"; } + } +#endif /* DEBUG_WOLFSSL */ - /* do main work */ -#ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END) - ret = wolfSSL_connect(ssl); -#endif -#ifndef NO_WOLFSSL_SERVER - if (ssl->options.side == WOLFSSL_SERVER_END) - ret = wolfSSL_accept(ssl); -#endif - - /* do callbacks */ - if (toCb) { - if (oldTimerOn) { - if (gettimeofday(&endTime, 0) < 0) - ERR_OUT(SYSLIB_FAILED_E); - SubtractTimes(endTime, startTime, totalTime); - /* adjust old timer for elapsed time */ - if (CmpTimes(totalTime, oldTimeout.it_value, <)) - SubtractTimes(oldTimeout.it_value, totalTime, - oldTimeout.it_value); - else { - /* reset value to interval, may be off */ - oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec; - oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec; - } - /* keep iter the same whether there or not */ - } - /* restore old handler */ - if (sigaction(SIGALRM, &oact, 0) < 0) - ret = SIGACT_ERROR; /* more pressing error, stomp */ - else - /* use old settings which may turn off (expired or not there) */ - if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0) - ret = SETITIMER_ERROR; - - /* if we had a timeout call callback */ - if (ssl->timeoutInfo.timeoutName[0]) { - ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec; - ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec; - (toCb)(&ssl->timeoutInfo); - } - ssl->toInfoOn = 0; - } - /* clean up buffers allocated by AddPacketInfo */ - FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap); + void wolfSSL_ERR_put_error(int lib, int fun, int err, const char* file, + int line) + { + WOLFSSL_ENTER("wolfSSL_ERR_put_error"); - if (hsCb) { - FinishHandShakeInfo(&ssl->handShakeInfo); - (hsCb)(&ssl->handShakeInfo); - ssl->hsInfoOn = 0; - } - return ret; + #if !defined(DEBUG_WOLFSSL) && !defined(OPENSSL_EXTRA) + (void)fun; + (void)err; + (void)file; + (void)line; + WOLFSSL_MSG("Not compiled in debug mode"); + #elif defined(OPENSSL_EXTRA) && \ + (defined(_WIN32) || defined(NO_ERROR_QUEUE)) + (void)fun; + (void)file; + (void)line; + WOLFSSL_ERROR(err); + #else + WOLFSSL_ERROR_LINE(err, wolfSSL_ERR_sys_func(fun), (unsigned int)line, + file, NULL); + #endif + (void)lib; } -#ifndef NO_WOLFSSL_CLIENT - - int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, - TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) + /* Similar to wolfSSL_ERR_get_error_line but takes in a flags argument for + * more flexibility. + * + * file output pointer to file where error happened + * line output to line number of error + * data output data. Is a string if ERR_TXT_STRING flag is used + * flags output format of output + * + * Returns the error value or 0 if no errors are in the queue + */ + unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, + const char** data, int *flags) { - WOLFSSL_ENTER("wolfSSL_connect_ex"); - return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout); - } +#ifdef WOLFSSL_HAVE_ERROR_QUEUE + int ret; -#endif + WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); + if (flags != NULL) + *flags = ERR_TXT_STRING; /* Clear the flags */ -#ifndef NO_WOLFSSL_SERVER + ret = wc_PullErrorNode(file, data, line); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) + return 0; /* no errors in queue */ + WOLFSSL_MSG("Error with pulling error node!"); + WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret); + ret = 0 - ret; /* return absolute value of error */ - int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, - TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) - { - WOLFSSL_ENTER("wolfSSL_accept_ex"); - return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout); - } + /* panic and try to clear out nodes */ + wc_ClearErrorNodes(); + } + return (unsigned long)ret; +#else + WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); + WOLFSSL_MSG("Error queue turned off, can not get error line"); + (void)file; + (void)line; + (void)data; + (void)flags; + return 0; #endif + } -#endif /* WOLFSSL_CALLBACKS */ - +#endif /* OPENSSL_EXTRA */ -#ifndef NO_PSK - void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx, - wc_psk_client_callback cb) +#if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \ + (defined(OPENSSL_EXTRA) && defined(SESSION_CERTS)) + /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object. + * + * x509 WOLFSSL_X509 object to decode into. + * in X509 DER data. + * len Length of the X509 DER data. + * returns the new certificate on success, otherwise NULL. + */ + static int DecodeToX509(WOLFSSL_X509* x509, const byte* in, int len) { - WOLFSSL_ENTER("wolfSSL_CTX_set_psk_client_callback"); + int ret; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert; + #else + DecodedCert cert[1]; + #endif + if (x509 == NULL || in == NULL || len <= 0) + return BAD_FUNC_ARG; - if (ctx == NULL) - return; + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) + return MEMORY_E; + #endif - ctx->havePSK = 1; - ctx->client_psk_cb = cb; + /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object. + */ + InitDecodedCert(cert, (byte*)in, (word32)len, NULL); + if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) == 0) { + /* Check if x509 was not previously initialized by wolfSSL_X509_new() */ + if (x509->dynamicMemory != TRUE) + InitX509(x509, 0, NULL); + ret = CopyDecodedToX509(x509, cert); + } + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif + + return ret; } +#endif /* (KEEP_PEER_CERT & SESSION_CERTS) || (OPENSSL_EXTRA & SESSION_CERTS) */ - void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb) - { - byte haveRSA = 1; - int keySz = 0; - - WOLFSSL_ENTER("wolfSSL_set_psk_client_callback"); - - if (ssl == NULL) - return; - ssl->options.havePSK = 1; - ssl->options.client_psk_cb = cb; - - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif - if (AllocateSuites(ssl) != 0) - return; - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); - } - #ifdef OPENSSL_EXTRA - /** - * set call back function for psk session use - * @param ssl a pointer to WOLFSSL structure - * @param cb a function pointer to wc_psk_use_session_cb - * @return none - */ - void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, - wc_psk_use_session_cb_func cb) +#ifdef KEEP_PEER_CERT + WOLFSSL_ABI + WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl) { - WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback"); - + WOLFSSL_X509* ret = NULL; + WOLFSSL_ENTER("wolfSSL_get_peer_certificate"); if (ssl != NULL) { - ssl->options.havePSK = 1; - ssl->options.session_psk_cb = cb; + if (ssl->peerCert.issuer.sz) + ret = wolfSSL_X509_dup(&ssl->peerCert); +#ifdef SESSION_CERTS + else if (ssl->session->chain.count > 0) { + if (DecodeToX509(&ssl->peerCert, + ssl->session->chain.certs[0].buffer, + ssl->session->chain.certs[0].length) == 0) { + ret = wolfSSL_X509_dup(&ssl->peerCert); + } + } +#endif } - - WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS); + WOLFSSL_LEAVE("wolfSSL_get_peer_certificate", ret != NULL); + return ret; } - #endif - void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, - wc_psk_server_callback cb) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_psk_server_callback"); - if (ctx == NULL) - return; - ctx->havePSK = 1; - ctx->server_psk_cb = cb; - } +#endif /* KEEP_PEER_CERT */ - void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb) - { - byte haveRSA = 1; - int keySz = 0; +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +/* Return stack of peer certs. + * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl + * is. + */ +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); - WOLFSSL_ENTER("wolfSSL_set_psk_server_callback"); - if (ssl == NULL) - return; + if (ssl == NULL) + return NULL; - ssl->options.havePSK = 1; - ssl->options.server_psk_cb = cb; + /* Try to populate if NULL or empty */ + if (ssl->peerCertChain == NULL || + wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) + wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); + return ssl->peerCertChain; +} - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif - if (AllocateSuites(ssl) != 0) - return; - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); +#ifndef WOLFSSL_QT +static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, + WOLFSSL_X509 *x); +/** + * Recursively push the issuer CA chain onto the stack + * @param cm The cert manager that is queried for the issuer + * @param x This cert's issuer will be queried in cm + * @param sk The issuer is pushed onto this stack + * @return WOLFSSL_SUCCESS on success + * WOLFSSL_FAILURE on no issuer found + * WOLFSSL_FATAL_ERROR on a fatal error + */ +static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm, + WOLFSSL_X509 *x, WOLFSSL_STACK* sk) +{ + WOLFSSL_X509* issuer[MAX_CHAIN_DEPTH]; + int i; + int push = 1; + int ret = WOLFSSL_SUCCESS; + + for (i = 0; i < MAX_CHAIN_DEPTH; i++) { + if (x509GetIssuerFromCM(&issuer[i], cm, x) + != WOLFSSL_SUCCESS) + break; + x = issuer[i]; + } + if (i == 0) /* No further chain found */ + return WOLFSSL_FAILURE; + i--; + for (; i >= 0; i--) { + if (push) { + if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) { + wolfSSL_X509_free(issuer[i]); + ret = WOLFSSL_FATAL_ERROR; + push = 0; /* Free the rest of the unpushed certs */ + } + } + else { + wolfSSL_X509_free(issuer[i]); + } } + return ret; +} +#endif /* !WOLFSSL_QT */ - const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_get_psk_identity_hint"); +/* Builds up and creates a stack of peer certificates for ssl->peerCertChain + based off of the ssl session chain. Attempts to place CA certificates + at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or + NULL on failure */ +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) +{ + WOLFSSL_STACK* sk; + WOLFSSL_X509* x509; + int i = 0; + int ret; - if (ssl == NULL || ssl->arrays == NULL) + WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); + if ((ssl == NULL) || (ssl->session->chain.count == 0)) + return NULL; + + sk = wolfSSL_sk_X509_new_null(); + i = ssl->session->chain.count-1; + for (; i >= 0; i--) { + x509 = wolfSSL_X509_new_ex(ssl->heap); + if (x509 == NULL) { + WOLFSSL_MSG("Error Creating X509"); + wolfSSL_sk_X509_pop_free(sk, NULL); return NULL; + } + ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer, + ssl->session->chain.certs[i].length); +#if !defined(WOLFSSL_QT) + if (ret == 0 && i == ssl->session->chain.count-1) { + /* On the last element in the chain try to add the CA chain + * first if we have one for this cert */ + SSL_CM_WARNING(ssl); + if (PushCAx509Chain(SSL_CM(ssl), x509, sk) + == WOLFSSL_FATAL_ERROR) { + ret = WOLFSSL_FATAL_ERROR; + } + } +#endif - return ssl->arrays->server_hint; + if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error decoding cert"); + wolfSSL_X509_free(x509); + wolfSSL_sk_X509_pop_free(sk, NULL); + return NULL; + } } + if (sk == NULL) { + WOLFSSL_MSG("Null session chain"); + } +#if defined(OPENSSL_ALL) + else if (ssl->options.side == WOLFSSL_SERVER_END) { + /* to be compliant with openssl + first element is kept as peer cert on server side.*/ + wolfSSL_sk_X509_pop(sk); + } +#endif + if (ssl->peerCertChain != NULL) + wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); + /* This is Free'd when ssl is Free'd */ + ssl->peerCertChain = sk; + return sk; +} +#endif /* SESSION_CERTS && OPENSSL_EXTRA */ - const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_get_psk_identity"); +#ifndef NO_CERTS +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - if (ssl == NULL || ssl->arrays == NULL) - return NULL; +/* create a generic wolfSSL stack node + * returns a new WOLFSSL_STACK structure on success */ +WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap) +{ + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_sk_new_node"); - return ssl->arrays->client_identity; + sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), heap, + DYNAMIC_TYPE_OPENSSL); + if (sk != NULL) { + XMEMSET(sk, 0, sizeof(*sk)); + sk->heap = heap; } - int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint) - { - WOLFSSL_ENTER("wolfSSL_CTX_use_psk_identity_hint"); - if (hint == 0) - ctx->server_hint[0] = '\0'; - else { - /* Qt does not call CTX_set_*_psk_callbacks where havePSK is set */ - #ifdef WOLFSSL_QT - ctx->havePSK=1; - #endif - XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN); - ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */ - } - return WOLFSSL_SUCCESS; + return sk; +} + +/* free's node but does not free internal data such as in->data.x509 */ +void wolfSSL_sk_free_node(WOLFSSL_STACK* in) +{ + if (in != NULL) { + XFREE(in, in->heap, DYNAMIC_TYPE_OPENSSL); } +} - int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint) - { - WOLFSSL_ENTER("wolfSSL_use_psk_identity_hint"); - - if (ssl == NULL || ssl->arrays == NULL) - return WOLFSSL_FAILURE; - - if (hint == 0) - ssl->arrays->server_hint[0] = 0; - else { - XSTRNCPY(ssl->arrays->server_hint, hint, - sizeof(ssl->arrays->server_hint)-1); - ssl->arrays->server_hint[sizeof(ssl->arrays->server_hint)-1] = '\0'; - } - return WOLFSSL_SUCCESS; +/* pushes node "in" onto "stack" and returns pointer to the new stack on success + * also handles internal "num" for number of nodes on stack + * return WOLFSSL_SUCCESS on success + */ +int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in) +{ + if (stack == NULL || in == NULL) { + return WOLFSSL_FAILURE; } - void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl) - { - return ssl ? ssl->options.psk_ctx : NULL; - } - void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx) - { - return ctx ? ctx->psk_ctx : NULL; - } - int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx) - { - if (ssl == NULL) - return WOLFSSL_FAILURE; - ssl->options.psk_ctx = psk_ctx; - return WOLFSSL_SUCCESS; - } - int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx) - { - if (ctx == NULL) - return WOLFSSL_FAILURE; - ctx->psk_ctx = psk_ctx; + if (*stack == NULL) { + in->num = 1; + *stack = in; return WOLFSSL_SUCCESS; } -#endif /* NO_PSK */ + in->num = (*stack)->num + 1; + in->next = *stack; + *stack = in; + return WOLFSSL_SUCCESS; +} -#ifdef HAVE_ANON - - int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher"); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +static WC_INLINE int compare_WOLFSSL_CIPHER( + WOLFSSL_CIPHER *a, + WOLFSSL_CIPHER *b) +{ + if ((a->cipherSuite0 == b->cipherSuite0) && + (a->cipherSuite == b->cipherSuite) && + (a->ssl == b->ssl) && + (XMEMCMP(a->description, b->description, sizeof a->description) == 0) && + (a->offset == b->offset) && + (a->in_stack == b->in_stack) && + (a->bits == b->bits)) + return 0; + else + return -1; +} +#endif /* OPENSSL_ALL || WOLFSSL_QT */ - if (ctx == NULL) - return WOLFSSL_FAILURE; - ctx->useAnon = 1; +/* return 1 on success 0 on fail */ +int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) +{ + WOLFSSL_STACK* node; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_CIPHER ciph; +#endif + WOLFSSL_ENTER("wolfSSL_sk_push"); - return WOLFSSL_SUCCESS; + if (!sk) { + return WOLFSSL_FAILURE; } -#endif /* HAVE_ANON */ - - -#ifndef NO_CERTS -/* used to be defined on NO_FILESYSTEM only, but are generally useful */ - - int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, - const unsigned char* in, - long sz, int format, int userChain, - word32 flags) - { - int verify; - int ret = WOLFSSL_FAILURE; - - WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex"); - - verify = GET_VERIFY_SETTING_CTX(ctx); - if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) - verify = VERIFY_SKIP_DATE; - - if (format == WOLFSSL_FILETYPE_PEM) - ret = ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL, - verify); - else - ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL, - userChain, verify); -#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) - if (ret == WOLFSSL_SUCCESS) - ret = wolfSSL_CTX_trust_peer_buffer(ctx, in, sz, format); + /* Check if empty data */ + switch (sk->type) { + case STACK_TYPE_CIPHER: +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* check if entire struct is zero */ + XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); + if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) { + sk->data.cipher = *(WOLFSSL_CIPHER*)data; + sk->num = 1; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(&sk->data.cipher); + } + return WOLFSSL_SUCCESS; + } + break; #endif - - WOLFSSL_LEAVE("wolfSSL_CTX_load_verify_buffer_ex", ret); - return ret; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + /* All other types are pointers */ + if (!sk->data.generic) { + sk->data.generic = (void*)data; + sk->num = 1; +#ifdef OPENSSL_ALL + if (sk->hash_fn) { + sk->hash = sk->hash_fn(sk->data.generic); + } +#endif + return WOLFSSL_SUCCESS; + } + break; } - /* wolfSSL extension allows DER files to be loaded from buffers as well */ - int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, - long sz, int format) - { - return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + /* stack already has value(s) create a new node and add more */ + node = wolfSSL_sk_new_node(sk->heap); + if (!node) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; } - int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx, - const unsigned char* in, - long sz, int format) - { - return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + /* push new x509 onto head of stack */ + node->next = sk->next; + node->type = sk->type; + sk->next = node; + sk->num += 1; + +#ifdef OPENSSL_ALL + node->hash_fn = sk->hash_fn; + node->hash = sk->hash; + sk->hash = 0; +#endif + switch (sk->type) { + case STACK_TYPE_CIPHER: +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + node->data.cipher = sk->data.cipher; + sk->data.cipher = *(WOLFSSL_CIPHER*)data; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(&sk->data.cipher); + } + break; +#endif + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + /* All other types are pointers */ + node->data.generic = sk->data.generic; + sk->data.generic = (void*)data; +#ifdef OPENSSL_ALL + if (sk->hash_fn) { + sk->hash = sk->hash_fn(sk->data.generic); + } +#endif + break; } + return WOLFSSL_SUCCESS; +} -#ifdef WOLFSSL_TRUST_PEER_CERT - int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, - long sz, int format) - { - int verify; - WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer"); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - /* sanity check on arguments */ - if (sz < 0 || in == NULL || ctx == NULL) { - return BAD_FUNC_ARG; - } +#ifdef OPENSSL_EXTRA - #if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) - verify = VERIFY_SKIP_DATE; - #else - verify = GET_VERIFY_SETTING_CTX(ctx); - #endif +/* returns the node at index "idx", NULL if not found */ +WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx) +{ + int i; + WOLFSSL_STACK* ret = NULL; + WOLFSSL_STACK* current; - if (format == WOLFSSL_FILETYPE_PEM) - return ProcessChainBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, - NULL, verify); - else - return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL, - NULL, 0, verify); + current = sk; + for (i = 0; i <= idx && current != NULL; i++) { + if (i == idx) { + ret = current; + break; + } + current = current->next; } -#endif /* WOLFSSL_TRUST_PEER_CERT */ - + return ret; +} - int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, long sz, int format) - { - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer"); - ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)); - WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret); - return ret; - } +#endif /* OPENSSL_EXTRA */ +#ifdef OPENSSL_EXTRA - int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, long sz, int format) - { - int ret = WOLFSSL_FAILURE; - long consumed = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer"); - ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, - &consumed, 0, GET_VERIFY_SETTING_CTX(ctx)); - - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS && consumed < sz) { - /* When support for dual algorithm certificates is enabled, the - * buffer may contain both the primary and the alternative - * private key. Hence, we have to parse both of them. - */ - ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format, - ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)); - } - #endif +#if defined(OPENSSL_ALL) - WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_buffer", ret); - return ret; - } +void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) +{ + unsigned long hash; + WOLFSSL_ENTER("wolfSSL_lh_retrieve"); -#ifdef WOLFSSL_DUAL_ALG_CERTS - int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, long sz, int format) - { - int ret = WOLFSSL_FAILURE; + if (!sk || !data) { + WOLFSSL_MSG("Bad parameters"); + return NULL; + } - WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer"); - ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL, - NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); - WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret); - return ret; + if (!sk->hash_fn) { + WOLFSSL_MSG("No hash function defined"); + return NULL; } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ + hash = sk->hash_fn(data); -#ifdef WOLF_PRIVATE_KEY_ID - int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, - long sz, int devId, long keySz) - { - int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId); - - if (ret == WOLFSSL_SUCCESS) - ctx->privateKeySz = (word32)keySz; - - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the ID for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_CTX_use_AltPrivateKey_id(ctx, id, sz, devId, keySz); - #endif - - return ret; - } - - int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id, - long sz, int devId) - { - int ret = WOLFSSL_FAILURE; - - FreeDer(&ctx->privateKey); - if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE, - ctx->heap) == 0) { - XMEMCPY(ctx->privateKey->buffer, id, sz); - ctx->privateKeyId = 1; - if (devId != INVALID_DEVID) - ctx->privateKeyDevId = devId; - else - ctx->privateKeyDevId = ctx->devId; - - ret = WOLFSSL_SUCCESS; + while (sk) { + /* Calc hash if not done so yet */ + if (!sk->hash) { + switch (sk->type) { + case STACK_TYPE_CIPHER: + sk->hash = sk->hash_fn(&sk->data.cipher); + break; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + sk->hash = sk->hash_fn(sk->data.generic); + break; + } } - - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the ID for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); - #endif - - return ret; - } - - int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, - int devId) - { - int ret = WOLFSSL_FAILURE; - word32 sz = (word32)XSTRLEN(label) + 1; - - FreeDer(&ctx->privateKey); - if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE, - ctx->heap) == 0) { - XMEMCPY(ctx->privateKey->buffer, label, sz); - ctx->privateKeyLabel = 1; - if (devId != INVALID_DEVID) - ctx->privateKeyDevId = devId; - else - ctx->privateKeyDevId = ctx->devId; - - ret = WOLFSSL_SUCCESS; + if (sk->hash == hash) { + switch (sk->type) { + case STACK_TYPE_CIPHER: + return &sk->data.cipher; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + return sk->data.generic; + } } - - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the label for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_CTX_use_AltPrivateKey_Label(ctx, label, devId); - #endif - - return ret; + sk = sk->next; } -#endif /* WOLF_PRIVATE_KEY_ID */ - -#if defined(WOLF_PRIVATE_KEY_ID) && defined(WOLFSSL_DUAL_ALG_CERTS) - int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, - const unsigned char* id, - long sz, int devId, long keySz) - { - int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); - - if (ret == WOLFSSL_SUCCESS) - ctx->altPrivateKeySz = (word32)keySz; - return ret; - } + return NULL; +} - int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, - const unsigned char* id, - long sz, int devId) - { - int ret = WOLFSSL_FAILURE; +#endif /* OPENSSL_ALL */ - if (ctx == NULL || id == NULL) { - return ret; - } +#endif /* OPENSSL_EXTRA */ - FreeDer(&ctx->altPrivateKey); - if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE, - ctx->heap) == 0) { - XMEMCPY(ctx->altPrivateKey->buffer, id, sz); - ctx->altPrivateKeyId = 1; - if (devId != INVALID_DEVID) - ctx->altPrivateKeyDevId = devId; - else - ctx->altPrivateKeyDevId = ctx->devId; +/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function + KEEP_OUR_CERT is to insure ability for returning ssl certificate */ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + defined(KEEP_OUR_CERT) +WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) +{ + if (ssl == NULL) { + return NULL; + } - ret = WOLFSSL_SUCCESS; + if (ssl->buffers.weOwnCert) { + if (ssl->ourCert == NULL) { + if (ssl->buffers.certificate == NULL) { + WOLFSSL_MSG("Certificate buffer not set!"); + return NULL; + } + #ifndef WOLFSSL_X509_STORE_CERTS + ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, + ssl->buffers.certificate->buffer, + ssl->buffers.certificate->length, + ssl->heap); + #endif } - - return ret; + return ssl->ourCert; } - - int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, - int devId) - { - int ret = WOLFSSL_FAILURE; - word32 sz; - - if (ctx == NULL || label == NULL) { - return ret; + else { /* if cert not owned get parent ctx cert or return null */ + if (ssl->ctx) { + if (ssl->ctx->ourCert == NULL) { + if (ssl->ctx->certificate == NULL) { + WOLFSSL_MSG("Ctx Certificate buffer not set!"); + return NULL; + } + #ifndef WOLFSSL_X509_STORE_CERTS + ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, + ssl->ctx->certificate->buffer, + ssl->ctx->certificate->length, + ssl->heap); + #endif + ssl->ctx->ownOurCert = 1; + } + return ssl->ctx->ourCert; } + } - sz = (word32)XSTRLEN(label) + 1; - FreeDer(&ctx->altPrivateKey); - if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE, - ctx->heap) == 0) { - XMEMCPY(ctx->altPrivateKey->buffer, label, sz); - ctx->altPrivateKeyLabel = 1; - if (devId != INVALID_DEVID) - ctx->altPrivateKeyDevId = devId; - else - ctx->altPrivateKeyDevId = ctx->devId; + return NULL; +} - ret = WOLFSSL_SUCCESS; +WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) +{ + if (ctx) { + if (ctx->ourCert == NULL) { + if (ctx->certificate == NULL) { + WOLFSSL_MSG("Ctx Certificate buffer not set!"); + return NULL; + } + #ifndef WOLFSSL_X509_STORE_CERTS + ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, + ctx->certificate->buffer, + ctx->certificate->length, ctx->heap); + #endif + ctx->ownOurCert = 1; } - - return ret; + return ctx->ourCert; } -#endif /* WOLF_PRIVATE_KEY_ID && WOLFSSL_DUAL_ALG_CERTS */ + return NULL; +} +#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ +#endif /* NO_CERTS */ - int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, - const unsigned char* in, long sz, int format) - { - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format"); - return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1, - GET_VERIFY_SETTING_CTX(ctx)); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +void wolfSSL_set_connect_state(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_set_connect_state"); + if (ssl == NULL) { + WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); + return; } - int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx, - const unsigned char* in, long sz) - { - return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz, - WOLFSSL_FILETYPE_PEM); + #ifndef NO_DH + /* client creates its own DH parameters on handshake */ + if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + } + ssl->buffers.serverDH_P.buffer = NULL; + if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); } + ssl->buffers.serverDH_G.buffer = NULL; + #endif + if (InitSSL_Side(ssl, WOLFSSL_CLIENT_END) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error initializing client side"); + } +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#ifndef NO_DH - /* server wrapper for ctx or ssl Diffie-Hellman parameters */ - static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - const unsigned char* buf, - long sz, int format) - { - DerBuffer* der = NULL; - int ret = 0; - word32 pSz = MAX_DH_SIZE; - word32 gSz = MAX_DH_SIZE; - #ifdef WOLFSSL_SMALL_STACK - byte* p = NULL; - byte* g = NULL; - #else - byte p[MAX_DH_SIZE]; - byte g[MAX_DH_SIZE]; - #endif +int wolfSSL_get_shutdown(const WOLFSSL* ssl) +{ + int isShutdown = 0; - if (ctx == NULL || buf == NULL) - return BAD_FUNC_ARG; + WOLFSSL_ENTER("wolfSSL_get_shutdown"); - ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap); - if (ret != 0) { - return ret; + if (ssl) { +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + if (ssl->options.shutdownDone) { + /* The SSL object was possibly cleared with wolfSSL_clear after + * a successful shutdown. Simulate a response for a full + * bidirectional shutdown. */ + isShutdown = WOLFSSL_SENT_SHUTDOWN | WOLFSSL_RECEIVED_SHUTDOWN; } - der->buffer = (byte*)buf; - der->length = (word32)sz; - - #ifdef WOLFSSL_SMALL_STACK - p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - - if (p == NULL || g == NULL) { - XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - return MEMORY_E; + else +#endif + { + /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * + * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ + if (ssl->options.sentNotify) + isShutdown |= WOLFSSL_SENT_SHUTDOWN; + if (ssl->options.closeNotify||ssl->options.connReset) + isShutdown |= WOLFSSL_RECEIVED_SHUTDOWN; } - #endif - - if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM) - ret = WOLFSSL_BAD_FILETYPE; - else { - if (format == WOLFSSL_FILETYPE_PEM) { -#ifdef WOLFSSL_PEM_TO_DER - FreeDer(&der); - ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, - NULL, NULL); - if (ret < 0) { - /* Also try X9.42 format */ - ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap, - NULL, NULL); - } - #ifdef WOLFSSL_WPAS - #ifndef NO_DSA - if (ret < 0) { - ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap, - NULL, NULL); - } - #endif - #endif /* WOLFSSL_WPAS */ -#else - ret = NOT_COMPILED_IN; -#endif /* WOLFSSL_PEM_TO_DER */ - } - if (ret == 0) { - if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0) - ret = WOLFSSL_BAD_FILETYPE; - else if (ssl) - ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); - else - ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); - } - } + } - FreeDer(&der); + WOLFSSL_LEAVE("wolfSSL_get_shutdown", isShutdown); + return isShutdown; +} - #ifdef WOLFSSL_SMALL_STACK - XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - #endif - return ret; +int wolfSSL_session_reused(WOLFSSL* ssl) +{ + int resuming = 0; + WOLFSSL_ENTER("wolfSSL_session_reused"); + if (ssl) { +#ifndef HAVE_SECURE_RENEGOTIATION + resuming = ssl->options.resuming; +#else + resuming = ssl->options.resuming || ssl->options.resumed; +#endif } + WOLFSSL_LEAVE("wolfSSL_session_reused", resuming); + return resuming; +} +/* helper function that takes in a protocol version struct and returns string */ +static const char* wolfSSL_internal_get_version(const ProtocolVersion* version) +{ + WOLFSSL_ENTER("wolfSSL_get_version"); - /* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ - int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz, - int format) - { - if (ssl == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format); + if (version == NULL) { + return "Bad arg"; } - - /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ - int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf, - long sz, int format) - { - return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format); + if (version->major == SSLv3_MAJOR) { + switch (version->minor) { + case SSLv3_MINOR : + return "SSLv3"; + case TLSv1_MINOR : + return "TLSv1"; + case TLSv1_1_MINOR : + return "TLSv1.1"; + case TLSv1_2_MINOR : + return "TLSv1.2"; + case TLSv1_3_MINOR : + return "TLSv1.3"; + default: + return "unknown"; + } } +#ifdef WOLFSSL_DTLS + else if (version->major == DTLS_MAJOR) { + switch (version->minor) { + case DTLS_MINOR : + return "DTLS"; + case DTLSv1_2_MINOR : + return "DTLSv1.2"; + case DTLSv1_3_MINOR : + return "DTLSv1.3"; + default: + return "unknown"; + } + } +#endif /* WOLFSSL_DTLS */ + return "unknown"; +} -#endif /* NO_DH */ - - - int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, - const unsigned char* in, long sz, int format) - { - WOLFSSL_ENTER("wolfSSL_use_certificate_buffer"); - if (ssl == NULL) - return BAD_FUNC_ARG; - return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0, - GET_VERIFY_SETTING_SSL(ssl)); +const char* wolfSSL_get_version(const WOLFSSL* ssl) +{ + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument"); + return "unknown"; } + return wolfSSL_internal_get_version(&ssl->version); +} - int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, - const unsigned char* in, long sz, int format) - { - int ret = WOLFSSL_FAILURE; - long consumed = 0; - WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer"); - if (ssl == NULL) - return BAD_FUNC_ARG; +/* current library version */ +const char* wolfSSL_lib_version(void) +{ + return LIBWOLFSSL_VERSION_STRING; +} - ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, - ssl, &consumed, 0, GET_VERIFY_SETTING_SSL(ssl)); +#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L +const char* wolfSSL_OpenSSL_version(int a) +{ + (void)a; + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +} +#else +const char* wolfSSL_OpenSSL_version(void) +{ + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +} +#endif /* WOLFSSL_QT */ +#endif - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS && consumed < sz) { - /* When support for dual algorithm certificates is enabled, the - * buffer may contain both the primary and the alternative - * private key. Hence, we have to parse both of them. - */ - ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format, - ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, - GET_VERIFY_SETTING_SSL(ssl)); - } - #endif - return ret; - } +/* current library version in hex */ +word32 wolfSSL_lib_version_hex(void) +{ + return LIBWOLFSSL_VERSION_HEX; +} -#ifdef WOLFSSL_DUAL_ALG_CERTS - int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, - long sz, int format) - { - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer"); - ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl, - NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); - WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret); - return ret; - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ +int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_current_cipher_suite"); + if (ssl) + return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite; + return 0; +} -#ifdef WOLF_PRIVATE_KEY_ID - int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id, - long sz, int devId, long keySz) - { - int ret = wolfSSL_use_PrivateKey_Id(ssl, id, sz, devId); +WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_current_cipher"); + if (ssl) { + ssl->cipher.cipherSuite0 = ssl->options.cipherSuite0; + ssl->cipher.cipherSuite = ssl->options.cipherSuite; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + ssl->cipher.bits = ssl->specs.key_size * 8; +#endif + return &ssl->cipher; + } + else + return NULL; +} - if (ret == WOLFSSL_SUCCESS) - ssl->buffers.keySz = (word32)keySz; - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the ID for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_use_AltPrivateKey_id(ssl, id, sz, devId, keySz); - #endif +const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) +{ + WOLFSSL_ENTER("wolfSSL_CIPHER_get_name"); - return ret; + if (cipher == NULL) { + return NULL; } - int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, - long sz, int devId) - { - int ret = WOLFSSL_FAILURE; + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ + !defined(WOLFSSL_QT) + return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite); + #else + return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0, + cipher->cipherSuite); + #endif +} - if (ssl->buffers.weOwnKey) - FreeDer(&ssl->buffers.key); - if (AllocDer(&ssl->buffers.key, (word32)sz, PRIVATEKEY_TYPE, - ssl->heap) == 0) { - XMEMCPY(ssl->buffers.key->buffer, id, sz); - ssl->buffers.weOwnKey = 1; - ssl->buffers.keyId = 1; - if (devId != INVALID_DEVID) - ssl->buffers.keyDevId = devId; - else - ssl->buffers.keyDevId = ssl->devId; +const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher) +{ + WOLFSSL_ENTER("wolfSSL_CIPHER_get_version"); - ret = WOLFSSL_SUCCESS; - } + if (cipher == NULL || cipher->ssl == NULL) { + return NULL; + } - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the ID for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId); - #endif + return wolfSSL_get_version(cipher->ssl); +} - return ret; - } +const char* wolfSSL_get_cipher(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_cipher"); + return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); +} - int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId) - { - int ret = WOLFSSL_FAILURE; - word32 sz = (word32)XSTRLEN(label) + 1; +/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ +const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) +{ + /* get access to cipher_name_idx in internal.c */ + return wolfSSL_get_cipher_name_internal(ssl); +} - if (ssl->buffers.weOwnKey) - FreeDer(&ssl->buffers.key); - if (AllocDer(&ssl->buffers.key, (word32)sz, PRIVATEKEY_TYPE, - ssl->heap) == 0) { - XMEMCPY(ssl->buffers.key->buffer, label, sz); - ssl->buffers.weOwnKey = 1; - ssl->buffers.keyLabel = 1; - if (devId != INVALID_DEVID) - ssl->buffers.keyDevId = devId; - else - ssl->buffers.keyDevId = ssl->devId; +const char* wolfSSL_get_cipher_name_from_suite(byte cipherSuite0, + byte cipherSuite) +{ + return GetCipherNameInternal(cipherSuite0, cipherSuite); +} - ret = WOLFSSL_SUCCESS; - } +const char* wolfSSL_get_cipher_name_iana_from_suite(byte cipherSuite0, + byte cipherSuite) +{ + return GetCipherNameIana(cipherSuite0, cipherSuite); +} - #ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS) - /* Set the label for the alternative key, too. User can still - * override that afterwards. */ - ret = wolfSSL_use_AltPrivateKey_Label(ssl, label, devId); - #endif +int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0, + byte* cipherSuite, int *flags) { + if ((name == NULL) || + (cipherSuite0 == NULL) || + (cipherSuite == NULL) || + (flags == NULL)) + return BAD_FUNC_ARG; + return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags); +} - return ret; - } -#endif /* WOLF_PRIVATE_KEY_ID */ -#if defined(WOLF_PRIVATE_KEY_ID) && defined(WOLFSSL_DUAL_ALG_CERTS) - int wolfSSL_use_AltPrivateKey_id(WOLFSSL* ssl, const unsigned char* id, - long sz, int devId, long keySz) - { - int ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +/* Creates and returns a new WOLFSSL_CIPHER stack. */ +WOLFSSL_STACK* wolfSSL_sk_new_cipher(void) +{ + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_sk_new_cipher"); - if (ret == WOLFSSL_SUCCESS) - ssl->buffers.altKeySz = (word32)keySz; + sk = wolfSSL_sk_new_null(); + if (sk == NULL) + return NULL; + sk->type = STACK_TYPE_CIPHER; - return ret; - } + return sk; +} - int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, - long sz, int devId) - { - int ret = WOLFSSL_FAILURE; +/* return 1 on success 0 on fail */ +int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, + WOLFSSL_CIPHER* cipher) +{ + return wolfSSL_sk_push(sk, cipher); +} - if (ssl == NULL || id == NULL) { - return ret; - } +#ifndef NO_WOLFSSL_STUB +WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) +{ + WOLFSSL_STUB("wolfSSL_sk_CIPHER_pop"); + (void)sk; + return NULL; +} +#endif /* NO_WOLFSSL_STUB */ +#endif /* WOLFSSL_QT || OPENSSL_ALL */ - if (ssl->buffers.weOwnAltKey) - FreeDer(&ssl->buffers.altKey); - if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE, - ssl->heap) == 0) { - XMEMCPY(ssl->buffers.altKey->buffer, id, sz); - ssl->buffers.weOwnAltKey = 1; - ssl->buffers.altKeyId = 1; - if (devId != INVALID_DEVID) - ssl->buffers.altKeyDevId = devId; - else - ssl->buffers.altKeyDevId = ssl->devId; +word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) +{ + word16 cipher_id = 0; - ret = WOLFSSL_SUCCESS; - } + WOLFSSL_ENTER("wolfSSL_CIPHER_get_id"); - return ret; + if (cipher && cipher->ssl) { + cipher_id = (cipher->ssl->options.cipherSuite0 << 8) | + cipher->ssl->options.cipherSuite; } - int wolfSSL_use_AltPrivateKey_Label(WOLFSSL* ssl, const char* label, - int devId) - { - int ret = WOLFSSL_FAILURE; - word32 sz; + return cipher_id; +} - if (ssl == NULL || label == NULL) { - return ret; - } +const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value) +{ + const WOLFSSL_CIPHER* cipher = NULL; + byte cipherSuite0, cipherSuite; + WOLFSSL_ENTER("wolfSSL_get_cipher_by_value"); - sz = (word32)XSTRLEN(label) + 1; - if (ssl->buffers.weOwnAltKey) - FreeDer(&ssl->buffers.altKey); - if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE, - ssl->heap) == 0) { - XMEMCPY(ssl->buffers.altKey->buffer, label, sz); - ssl->buffers.weOwnAltKey = 1; - ssl->buffers.altKeyLabel = 1; - if (devId != INVALID_DEVID) - ssl->buffers.altKeyDevId = devId; - else - ssl->buffers.altKeyDevId = ssl->devId; + /* extract cipher id information */ + cipherSuite = (value & 0xFF); + cipherSuite0 = ((value >> 8) & 0xFF); - ret = WOLFSSL_SUCCESS; - } + /* TODO: lookup by cipherSuite0 / cipherSuite */ + (void)cipherSuite0; + (void)cipherSuite; - return ret; - } -#endif /* WOLF_PRIVATE_KEY_ID && WOLFSSL_DUAL_ALG_CERTS */ + return cipher; +} - int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, - const unsigned char* in, long sz, int format) - { - WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format"); - if (ssl == NULL) - return BAD_FUNC_ARG; - return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, - ssl, NULL, 1, GET_VERIFY_SETTING_SSL(ssl)); - } +#if defined(OPENSSL_EXTRA) +/* Free the structure for WOLFSSL_CIPHER stack + * + * sk stack to free nodes in + */ +void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_CIPHER_free"); - int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, - const unsigned char* in, long sz) - { - return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz, - WOLFSSL_FILETYPE_PEM); + wolfSSL_sk_free(sk); +} +#endif /* OPENSSL_ALL */ + +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ + !defined(NO_DH) +#ifdef HAVE_FFDHE +static const char* wolfssl_ffdhe_name(word16 group) +{ + const char* str = NULL; + switch (group) { + case WOLFSSL_FFDHE_2048: + str = "FFDHE_2048"; + break; + case WOLFSSL_FFDHE_3072: + str = "FFDHE_3072"; + break; + case WOLFSSL_FFDHE_4096: + str = "FFDHE_4096"; + break; + case WOLFSSL_FFDHE_6144: + str = "FFDHE_6144"; + break; + case WOLFSSL_FFDHE_8192: + str = "FFDHE_8192"; + break; + default: + break; } + return str; +} +#endif +/* Return the name of the curve used for key exchange as a printable string. + * + * ssl The SSL/TLS object. + * returns NULL if ECDH was not used, otherwise the name as a string. + */ +const char* wolfSSL_get_curve_name(WOLFSSL* ssl) +{ + const char* cName = NULL; + WOLFSSL_ENTER("wolfSSL_get_curve_name"); - /* unload any certs or keys that SSL owns, leave CTX as is - WOLFSSL_SUCCESS on ok */ - int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl) - { - if (ssl == NULL) { - WOLFSSL_MSG("Null function arg"); - return BAD_FUNC_ARG; - } + if (ssl == NULL) + return NULL; - if (ssl->buffers.weOwnCert && !ssl->keepCert) { - WOLFSSL_MSG("Unloading cert"); - FreeDer(&ssl->buffers.certificate); - #ifdef KEEP_OUR_CERT - wolfSSL_X509_free(ssl->ourCert); - ssl->ourCert = NULL; - #endif - ssl->buffers.weOwnCert = 0; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_KYBER) + /* Check for post-quantum groups. Return now because we do not want the ECC + * check to override this result in the case of a hybrid. */ + if (IsAtLeastTLSv1_3(ssl->version)) { + switch (ssl->namedGroup) { +#ifdef HAVE_LIBOQS + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; +#elif defined(HAVE_PQM4) + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; +#elif defined(WOLFSSL_WC_KYBER) + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + #endif + #ifdef WOLFSSL_KYBER768 + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + #endif + #ifdef WOLFSSL_KYBER1024 + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #endif +#endif } + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_KYBER */ - if (ssl->buffers.weOwnCertChain) { - WOLFSSL_MSG("Unloading cert chain"); - FreeDer(&ssl->buffers.certChain); - ssl->buffers.weOwnCertChain = 0; - } +#ifdef HAVE_FFDHE + if (ssl->namedGroup != 0) { + cName = wolfssl_ffdhe_name(ssl->namedGroup); + } +#endif - if (ssl->buffers.weOwnKey) { - WOLFSSL_MSG("Unloading key"); - ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length); - FreeDer(&ssl->buffers.key); - ssl->buffers.weOwnKey = 0; - } +#ifdef HAVE_CURVE25519 + if (ssl->ecdhCurveOID == ECC_X25519_OID && cName == NULL) { + cName = "X25519"; + } +#endif -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (ssl->buffers.weOwnAltKey) { - WOLFSSL_MSG("Unloading alt key"); - ForceZero(ssl->buffers.altKey->buffer, ssl->buffers.altKey->length); - FreeDer(&ssl->buffers.altKey); - ssl->buffers.weOwnAltKey = 0; - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ +#ifdef HAVE_CURVE448 + if (ssl->ecdhCurveOID == ECC_X448_OID && cName == NULL) { + cName = "X448"; + } +#endif - return WOLFSSL_SUCCESS; +#ifdef HAVE_ECC + if (ssl->ecdhCurveOID != 0 && cName == NULL) { + cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, + NULL)); } +#endif + return cName; +} +#endif - int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs"); +#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +/* return authentication NID corresponding to cipher suite + * @param cipher a pointer to WOLFSSL_CIPHER + * return NID if found, NID_undef if not found + */ +int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) +{ + static const struct authnid { + const char* alg_name; + const int nid; + } authnid_tbl[] = { + {"RSA", NID_auth_rsa}, + {"PSK", NID_auth_psk}, + {"SRP", NID_auth_srp}, + {"ECDSA", NID_auth_ecdsa}, + {"None", NID_auth_null}, + {NULL, NID_undef} + }; - if (ctx == NULL) - return BAD_FUNC_ARG; + const char* authStr; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - return wolfSSL_CertManagerUnloadCAs(ctx->cm); + if (GetCipherSegment(cipher, n) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return NID_undef; } - int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts"); - - if (ctx == NULL) - return BAD_FUNC_ARG; + authStr = GetCipherAuthStr(n); - if (ctx->ref.count > 1) { - WOLFSSL_MSG("ctx object must have a ref count of 1 before " - "unloading intermediate certs"); - return BAD_STATE_E; + if (authStr != NULL) { + const struct authnid* sa; + for(sa = authnid_tbl; sa->alg_name != NULL; sa++) { + if (XSTRCMP(sa->alg_name, authStr) == 0) { + return sa->nid; + } } - - return wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); } + return NID_undef; +} +/* return cipher NID corresponding to cipher suite + * @param cipher a pointer to WOLFSSL_CIPHER + * return NID if found, NID_undef if not found + */ +int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) +{ + static const struct ciphernid { + const char* alg_name; + const int nid; + } ciphernid_tbl[] = { + {"AESGCM(256)", NID_aes_256_gcm}, + {"AESGCM(128)", NID_aes_128_gcm}, + {"AESCCM(128)", NID_aes_128_ccm}, + {"AES(128)", NID_aes_128_cbc}, + {"AES(256)", NID_aes_256_cbc}, + {"CAMELLIA(256)", NID_camellia_256_cbc}, + {"CAMELLIA(128)", NID_camellia_128_cbc}, + {"RC4", NID_rc4}, + {"3DES", NID_des_ede3_cbc}, + {"CHACHA20/POLY1305(256)", NID_chacha20_poly1305}, + {"None", NID_undef}, + {NULL, NID_undef} + }; -#ifdef WOLFSSL_TRUST_PEER_CERT - int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + const char* encStr; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - if (ctx == NULL) - return BAD_FUNC_ARG; + WOLFSSL_ENTER("wolfSSL_CIPHER_get_cipher_nid"); - return wolfSSL_CertManagerUnload_trust_peers(ctx->cm); + if (GetCipherSegment(cipher, n) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return NID_undef; } -#ifdef WOLFSSL_LOCAL_X509_STORE - int wolfSSL_Unload_trust_peers(WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); - - if (ssl == NULL) - return BAD_FUNC_ARG; + encStr = GetCipherEncStr(n); - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl)); + if (encStr != NULL) { + const struct ciphernid* c; + for(c = ciphernid_tbl; c->alg_name != NULL; c++) { + if (XSTRCMP(c->alg_name, encStr) == 0) { + return c->nid; + } + } } -#endif /* WOLFSSL_LOCAL_X509_STORE */ -#endif /* WOLFSSL_TRUST_PEER_CERT */ -/* old NO_FILESYSTEM end */ -#endif /* !NO_CERTS */ - -#ifdef OPENSSL_EXTRA + return NID_undef; +} +/* return digest NID corresponding to cipher suite + * @param cipher a pointer to WOLFSSL_CIPHER + * return NID if found, NID_undef if not found + */ +int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) +{ + static const struct macnid { + const char* alg_name; + const int nid; + } macnid_tbl[] = { + {"SHA1", NID_sha1}, + {"SHA256", NID_sha256}, + {"SHA384", NID_sha384}, + {NULL, NID_undef} + }; - int wolfSSL_add_all_algorithms(void) - { - WOLFSSL_ENTER("wolfSSL_add_all_algorithms"); - if (initRefCount != 0 || wolfSSL_Init() == WOLFSSL_SUCCESS) - return WOLFSSL_SUCCESS; - else - return WOLFSSL_FATAL_ERROR; - } + const char* name; + const char* macStr; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; + (void)name; - int wolfSSL_OpenSSL_add_all_algorithms_noconf(void) - { - WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf"); + WOLFSSL_ENTER("wolfSSL_CIPHER_get_digest_nid"); - if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) - return WOLFSSL_FATAL_ERROR; + if ((name = GetCipherSegment(cipher, n)) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return NID_undef; + } - return WOLFSSL_SUCCESS; + /* in MD5 case, NID will be NID_md5 */ + if (XSTRSTR(name, "MD5") != NULL) { + return NID_md5; } - int wolfSSL_OpenSSL_add_all_algorithms_conf(void) - { - WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_conf"); - /* This function is currently the same as - wolfSSL_OpenSSL_add_all_algorithms_noconf since we do not employ - the use of a wolfssl.cnf type configuration file and is only used for - OpenSSL compatibility. */ + macStr = GetCipherMacStr(n); - if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) { - return WOLFSSL_FATAL_ERROR; + if (macStr != NULL) { + const struct macnid* mc; + for(mc = macnid_tbl; mc->alg_name != NULL; mc++) { + if (XSTRCMP(mc->alg_name, macStr) == 0) { + return mc->nid; + } } - return WOLFSSL_SUCCESS; - } - - /* returns previous set cache size which stays constant */ - long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) - { - /* cache size fixed at compile time in wolfSSL */ - (void)ctx; - (void)sz; - WOLFSSL_MSG("session cache is set at compile time"); - #ifndef NO_SESSION_CACHE - return (long)(SESSIONS_PER_ROW * SESSION_ROWS); - #else - return 0; - #endif } -#endif + return NID_undef; +} +/* return key exchange NID corresponding to cipher suite + * @param cipher a pointer to WOLFSSL_CIPHER + * return NID if found, NID_undef if not found + */ +int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) +{ + static const struct kxnid { + const char* name; + const int nid; + } kxnid_table[] = { + {"ECDHEPSK", NID_kx_ecdhe_psk}, + {"ECDH", NID_kx_ecdhe}, + {"DHEPSK", NID_kx_dhe_psk}, + {"DH", NID_kx_dhe}, + {"RSAPSK", NID_kx_rsa_psk}, + {"SRP", NID_kx_srp}, + {"EDH", NID_kx_dhe}, + {"RSA", NID_kx_rsa}, + {NULL, NID_undef} + }; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown"); - if (mode) - ctx->quietShutdown = 1; - } + const char* keaStr; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; + WOLFSSL_ENTER("wolfSSL_CIPHER_get_kx_nid"); - void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode) - { - WOLFSSL_ENTER("wolfSSL_set_quiet_shutdown"); - if (mode) - ssl->options.quietShutdown = 1; + if (GetCipherSegment(cipher, n) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return NID_undef; } -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || - WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#ifdef OPENSSL_EXTRA -#ifndef NO_BIO - void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) - { - WOLFSSL_ENTER("wolfSSL_set_bio"); + /* in TLS 1.3 case, NID will be NID_kx_any */ + if (XSTRCMP(n[0], "TLS13") == 0) { + return NID_kx_any; + } - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument, ssl was NULL"); - return; - } + keaStr = GetCipherKeaStr(n); - /* free any existing WOLFSSL_BIOs in use but don't free those in - * a chain */ - if (ssl->biord != NULL) { - if (ssl->biord != ssl->biowr) { - if (ssl->biowr != NULL && ssl->biowr->prev != NULL) - wolfSSL_BIO_free(ssl->biowr); - ssl->biowr = NULL; + if (keaStr != NULL) { + const struct kxnid* k; + for(k = kxnid_table; k->name != NULL; k++) { + if (XSTRCMP(k->name, keaStr) == 0) { + return k->nid; } - if (ssl->biord->prev != NULL) - wolfSSL_BIO_free(ssl->biord); - ssl->biord = NULL; } - /* set flag obviously */ - if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) - rd->flags |= WOLFSSL_BIO_FLAG_READ; - if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE)) - wr->flags |= WOLFSSL_BIO_FLAG_WRITE; + } - ssl->biord = rd; - ssl->biowr = wr; + return NID_undef; +} +/* check if cipher suite is AEAD + * @param cipher a pointer to WOLFSSL_CIPHER + * return 1 if cipher is AEAD, 0 otherwise + */ +int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher) +{ + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - /* set SSL to use BIO callbacks instead */ - if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)) { - ssl->CBIORecv = BioReceive; - } - if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)) { - ssl->CBIOSend = BioSend; - } + WOLFSSL_ENTER("wolfSSL_CIPHER_is_aead"); - /* User programs should always retry reading from these BIOs */ - if (rd) { - /* User writes to rd */ - BIO_set_retry_write(rd); - } - if (wr) { - /* User reads from wr */ - BIO_set_retry_read(wr); - } + if (GetCipherSegment(cipher, n) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return NID_undef; } -#endif /* !NO_BIO */ -#endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) - void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list"); - if (ctx != NULL) { - wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL); - ctx->client_ca_names = names; - } - } + return IsCipherAEAD(n); +} +/* Creates cipher->description based on cipher->offset + * cipher->offset is set in wolfSSL_get_ciphers_compat when it is added + * to a stack of ciphers. + * @param [in] cipher: A cipher from a stack of ciphers. + * return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE + */ +int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) +{ + int strLen; + unsigned long offset; + char* dp; + const char* name; + const char *keaStr, *authStr, *encStr, *macStr, *protocol; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; + int len = MAX_DESCRIPTION_SZ-1; + const CipherSuiteInfo* cipher_names; + ProtocolVersion pv; + WOLFSSL_ENTER("wolfSSL_sk_CIPHER_description"); - void wolfSSL_set_client_CA_list(WOLFSSL* ssl, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_set_client_CA_list"); - if (ssl != NULL) { - if (ssl->client_ca_names != ssl->ctx->client_ca_names) - wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL); - ssl->client_ca_names = names; - } - } + if (cipher == NULL) + return WOLFSSL_FAILURE; - #ifdef OPENSSL_EXTRA - /* registers client cert callback, called during handshake if server - requests client auth but user has not loaded client cert/key */ - void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_client_cert_cb"); + dp = cipher->description; + if (dp == NULL) + return WOLFSSL_FAILURE; - if (ctx != NULL) { - ctx->CBClientCert = cb; - } - } + cipher_names = GetCipherNames(); - void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, - CertSetupCallback cb, void *arg) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_cert_cb"); - if (ctx == NULL) - return; + offset = cipher->offset; + if (offset >= (unsigned long)GetCipherNamesSize()) + return WOLFSSL_FAILURE; + pv.major = cipher_names[offset].major; + pv.minor = cipher_names[offset].minor; + protocol = wolfSSL_internal_get_version(&pv); - ctx->certSetupCb = cb; - ctx->certSetupCbArg = arg; + if ((name = GetCipherSegment(cipher, n)) == NULL) { + WOLFSSL_MSG("no suitable cipher name found"); + return WOLFSSL_FAILURE; } - int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl, - const byte** suites, word16* suiteSz, - const byte** hashSigAlgo, word16* hashSigAlgoSz) - { - WOLFSSL_ENTER("wolfSSL_get_client_suites_sigalgs"); + /* keaStr */ + keaStr = GetCipherKeaStr(n); + /* authStr */ + authStr = GetCipherAuthStr(n); + /* encStr */ + encStr = GetCipherEncStr(n); + if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Cipher Bits Not Set."); + } + /* macStr */ + macStr = GetCipherMacStr(n); - if (suites != NULL) - *suites = NULL; - if (suiteSz != NULL) - *suiteSz = 0; - if (hashSigAlgo != NULL) - *hashSigAlgo = NULL; - if (hashSigAlgoSz != NULL) - *hashSigAlgoSz = 0; - if (ssl != NULL && ssl->clSuites != NULL) { - if (suites != NULL && suiteSz != NULL) { - *suites = ssl->clSuites->suites; - *suiteSz = ssl->clSuites->suiteSz; - } - if (hashSigAlgo != NULL && hashSigAlgoSz != NULL) { - *hashSigAlgo = ssl->clSuites->hashSigAlgo; - *hashSigAlgoSz = ssl->clSuites->hashSigAlgoSz; - } - return WOLFSSL_SUCCESS; - } - return WOLFSSL_FAILURE; - } - WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, - byte second) - { - WOLFSSL_CIPHERSUITE_INFO info; - info.rsaAuth = (byte)(CipherRequires(first, second, REQUIRES_RSA) || - CipherRequires(first, second, REQUIRES_RSA_SIG)); - info.eccAuth = (byte)(CipherRequires(first, second, REQUIRES_ECC) || - /* Static ECC ciphers may require RSA for authentication */ - (CipherRequires(first, second, REQUIRES_ECC_STATIC) && - !CipherRequires(first, second, REQUIRES_RSA_SIG))); - info.eccStatic = - (byte)CipherRequires(first, second, REQUIRES_ECC_STATIC); - info.psk = (byte)CipherRequires(first, second, REQUIRES_PSK); - return info; - } + /* Build up the string by copying onto the end. */ + XSTRNCPY(dp, name, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; - /** - * @param first First byte of the hash and signature algorithm - * @param second Second byte of the hash and signature algorithm - * @param hashAlgo The enum wc_HashType of the MAC algorithm - * @param sigAlgo The enum Key_Sum of the authentication algorithm - */ - int wolfSSL_get_sigalg_info(byte first, byte second, - int* hashAlgo, int* sigAlgo) - { - byte input[2]; - byte hashType; - byte sigType; + XSTRNCPY(dp, " ", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + XSTRNCPY(dp, protocol, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; - if (hashAlgo == NULL || sigAlgo == NULL) - return BAD_FUNC_ARG; + XSTRNCPY(dp, " Kx=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + XSTRNCPY(dp, keaStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; - input[0] = first; - input[1] = second; - DecodeSigAlg(input, &hashType, &sigType); + XSTRNCPY(dp, " Au=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + XSTRNCPY(dp, authStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; - /* cast so that compiler reminds us of unimplemented values */ - switch ((enum SignatureAlgorithm)sigType) { - case anonymous_sa_algo: - *sigAlgo = ANONk; - break; - case rsa_sa_algo: - *sigAlgo = RSAk; - break; - case dsa_sa_algo: - *sigAlgo = DSAk; - break; - case ecc_dsa_sa_algo: - *sigAlgo = ECDSAk; - break; - case rsa_pss_sa_algo: - *sigAlgo = RSAPSSk; - break; - case ed25519_sa_algo: - *sigAlgo = ED25519k; + XSTRNCPY(dp, " Enc=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + XSTRNCPY(dp, encStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + + XSTRNCPY(dp, " Mac=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= strLen; dp += strLen; + XSTRNCPY(dp, macStr, len); + dp[len-1] = '\0'; + + return WOLFSSL_SUCCESS; +} +#endif /* OPENSSL_ALL || WOLFSSL_QT */ + +static WC_INLINE const char* wolfssl_kea_to_string(int kea) +{ + const char* keaStr; + + switch (kea) { + case no_kea: + keaStr = "None"; break; - case rsa_pss_pss_algo: - *sigAlgo = RSAPSSk; +#ifndef NO_RSA + case rsa_kea: + keaStr = "RSA"; break; - case ed448_sa_algo: - *sigAlgo = ED448k; +#endif +#ifndef NO_DH + case diffie_hellman_kea: + keaStr = "DHE"; break; - case falcon_level1_sa_algo: - *sigAlgo = FALCON_LEVEL1k; +#endif + case fortezza_kea: + keaStr = "FZ"; break; - case falcon_level5_sa_algo: - *sigAlgo = FALCON_LEVEL5k; +#ifndef NO_PSK + case psk_kea: + keaStr = "PSK"; break; - case dilithium_level2_sa_algo: - *sigAlgo = DILITHIUM_LEVEL2k; + #ifndef NO_DH + case dhe_psk_kea: + keaStr = "DHEPSK"; break; - case dilithium_level3_sa_algo: - *sigAlgo = DILITHIUM_LEVEL3k; + #endif + #ifdef HAVE_ECC + case ecdhe_psk_kea: + keaStr = "ECDHEPSK"; break; - case dilithium_level5_sa_algo: - *sigAlgo = DILITHIUM_LEVEL5k; + #endif +#endif +#ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + keaStr = "ECDHE"; break; - case sm2_sa_algo: - *sigAlgo = SM2k; + case ecc_static_diffie_hellman_kea: + keaStr = "ECDH"; break; - case invalid_sa_algo: +#endif default: - *hashAlgo = WC_HASH_TYPE_NONE; - *sigAlgo = 0; - return BAD_FUNC_ARG; - } - - /* cast so that compiler reminds us of unimplemented values */ - switch((enum wc_MACAlgorithm)hashType) { - case no_mac: - case rmd_mac: /* Don't have a RIPEMD type in wc_HashType */ - *hashAlgo = WC_HASH_TYPE_NONE; - break; - case md5_mac: - *hashAlgo = WC_HASH_TYPE_MD5; + keaStr = "unknown"; break; - case sha_mac: - *hashAlgo = WC_HASH_TYPE_SHA; + } + + return keaStr; +} + +static WC_INLINE const char* wolfssl_sigalg_to_string(int sig_algo) +{ + const char* authStr; + + switch (sig_algo) { + case anonymous_sa_algo: + authStr = "None"; break; - case sha224_mac: - *hashAlgo = WC_HASH_TYPE_SHA224; +#ifndef NO_RSA + case rsa_sa_algo: + authStr = "RSA"; break; - case sha256_mac: - *hashAlgo = WC_HASH_TYPE_SHA256; + #ifdef WC_RSA_PSS + case rsa_pss_sa_algo: + authStr = "RSA-PSS"; break; - case sha384_mac: - *hashAlgo = WC_HASH_TYPE_SHA384; + #endif +#endif +#ifndef NO_DSA + case dsa_sa_algo: + authStr = "DSA"; break; - case sha512_mac: - *hashAlgo = WC_HASH_TYPE_SHA512; +#endif +#ifdef HAVE_ECC + case ecc_dsa_sa_algo: + authStr = "ECDSA"; break; - case blake2b_mac: - *hashAlgo = WC_HASH_TYPE_BLAKE2B; +#endif +#ifdef WOLFSSL_SM2 + case sm2_sa_algo: + authStr = "SM2"; break; - case sm3_mac: -#ifdef WOLFSSL_SM3 - *hashAlgo = WC_HASH_TYPE_SM3; -#else - *hashAlgo = WC_HASH_TYPE_NONE; #endif +#ifdef HAVE_ED25519 + case ed25519_sa_algo: + authStr = "Ed25519"; + break; +#endif +#ifdef HAVE_ED448 + case ed448_sa_algo: + authStr = "Ed448"; + break; +#endif + default: + authStr = "unknown"; break; - default: - *hashAlgo = WC_HASH_TYPE_NONE; - *sigAlgo = 0; - return BAD_FUNC_ARG; - } - return 0; - } - - /** - * Internal wrapper for calling certSetupCb - * @param ssl The SSL/TLS Object - * @return 0 on success - */ - int CertSetupCbWrapper(WOLFSSL* ssl) - { - int ret = 0; - if (ssl->ctx->certSetupCb != NULL) { - WOLFSSL_MSG("Calling user cert setup callback"); - ret = ssl->ctx->certSetupCb(ssl, ssl->ctx->certSetupCbArg); - if (ret == 1) { - WOLFSSL_MSG("User cert callback returned success"); - ret = 0; - } - else if (ret == 0) { - SendAlert(ssl, alert_fatal, internal_error); - ret = CLIENT_CERT_CB_ERROR; - } - else if (ret < 0) { - ret = WOLFSSL_ERROR_WANT_X509_LOOKUP; - } - else { - WOLFSSL_MSG("Unexpected user callback return"); - ret = CLIENT_CERT_CB_ERROR; - } - } - return ret; } - #endif /* OPENSSL_EXTRA */ -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */ + return authStr; +} -#ifndef WOLFSSL_NO_CA_NAMES - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( - const WOLFSSL_CTX *ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list"); +static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size) +{ + const char* encStr; - if (ctx == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get_client_CA_list"); - return NULL; - } + (void)key_size; - return ctx->client_ca_names; + switch (cipher) { + case wolfssl_cipher_null: + encStr = "None"; + break; +#ifndef NO_RC4 + case wolfssl_rc4: + encStr = "RC4(128)"; + break; +#endif +#ifndef NO_DES3 + case wolfssl_triple_des: + encStr = "3DES(168)"; + break; +#endif +#ifndef NO_AES + case wolfssl_aes: + if (key_size == 128) + encStr = "AES(128)"; + else if (key_size == 256) + encStr = "AES(256)"; + else + encStr = "AES(?)"; + break; + #ifdef HAVE_AESGCM + case wolfssl_aes_gcm: + if (key_size == 128) + encStr = "AESGCM(128)"; + else if (key_size == 256) + encStr = "AESGCM(256)"; + else + encStr = "AESGCM(?)"; + break; + #endif + #ifdef HAVE_AESCCM + case wolfssl_aes_ccm: + if (key_size == 128) + encStr = "AESCCM(128)"; + else if (key_size == 256) + encStr = "AESCCM(256)"; + else + encStr = "AESCCM(?)"; + break; + #endif +#endif +#ifdef HAVE_CHACHA + case wolfssl_chacha: + encStr = "CHACHA20/POLY1305(256)"; + break; +#endif +#ifdef HAVE_ARIA + case wolfssl_aria_gcm: + if (key_size == 128) + encStr = "Aria(128)"; + else if (key_size == 192) + encStr = "Aria(192)"; + else if (key_size == 256) + encStr = "Aria(256)"; + else + encStr = "Aria(?)"; + break; +#endif +#ifdef HAVE_CAMELLIA + case wolfssl_camellia: + if (key_size == 128) + encStr = "Camellia(128)"; + else if (key_size == 256) + encStr = "Camellia(256)"; + else + encStr = "Camellia(?)"; + break; +#endif + default: + encStr = "unknown"; + break; } - /* returns the CA's set on server side or the CA's sent from server when - * on client side */ - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( - const WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_get_client_CA_list"); + return encStr; +} - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list"); - return NULL; - } +static WC_INLINE const char* wolfssl_mac_to_string(int mac) +{ + const char* macStr; - return SSL_CA_NAMES(ssl); + switch (mac) { + case no_mac: + macStr = "None"; + break; +#ifndef NO_MD5 + case md5_mac: + macStr = "MD5"; + break; +#endif +#ifndef NO_SHA + case sha_mac: + macStr = "SHA1"; + break; +#endif +#ifdef HAVE_SHA224 + case sha224_mac: + macStr = "SHA224"; + break; +#endif +#ifndef NO_SHA256 + case sha256_mac: + macStr = "SHA256"; + break; +#endif +#ifdef HAVE_SHA384 + case sha384_mac: + macStr = "SHA384"; + break; +#endif +#ifdef HAVE_SHA512 + case sha512_mac: + macStr = "SHA512"; + break; +#endif + default: + macStr = "unknown"; + break; } - #if !defined(NO_CERTS) - int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) - { - WOLFSSL_X509_NAME *nameCopy = NULL; + return macStr; +} - WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); +char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, + int len) +{ + char *ret = in; + const char *keaStr, *authStr, *encStr, *macStr; + size_t strLen; + WOLFSSL_ENTER("wolfSSL_CIPHER_description"); - if (ctx == NULL || x509 == NULL){ - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } + if (cipher == NULL || in == NULL) + return NULL; - if (ctx->client_ca_names == NULL) { - ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); - if (ctx->client_ca_names == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - return WOLFSSL_FAILURE; - } - } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* if cipher is in the stack from wolfSSL_get_ciphers_compat then + * Return the description based on cipher_names[cipher->offset] + */ + if (cipher->in_stack == TRUE) { + wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher); + XSTRNCPY(in,cipher->description,len); + return ret; + } +#endif - nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509)); - if (nameCopy == NULL) { - WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); - return WOLFSSL_FAILURE; - } + /* Get the cipher description based on the SSL session cipher */ + keaStr = wolfssl_kea_to_string(cipher->ssl->specs.kea); + authStr = wolfssl_sigalg_to_string(cipher->ssl->specs.sig_algo); + encStr = wolfssl_cipher_to_string(cipher->ssl->specs.bulk_cipher_algorithm, + cipher->ssl->specs.key_size); + macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm); - if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); - wolfSSL_X509_NAME_free(nameCopy); - return WOLFSSL_FAILURE; - } + /* Build up the string by copying onto the end. */ + XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - return WOLFSSL_SUCCESS; - } - #endif + XSTRNCPY(in, " ", len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; + XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - #ifndef NO_BIO - #if !defined(NO_RSA) && !defined(NO_CERTS) - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname) - { - /* The webserver build is using this to load a CA into the server - * for client authentication as an option. Have this return NULL in - * that case. If OPENSSL_EXTRA is enabled, go ahead and include - * the function. */ - #ifdef OPENSSL_EXTRA - WOLFSSL_STACK *list = NULL; - WOLFSSL_BIO* bio = NULL; - WOLFSSL_X509 *cert = NULL; - WOLFSSL_X509_NAME *nameCopy = NULL; - unsigned long err = WOLFSSL_FAILURE; + XSTRNCPY(in, " Kx=", len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; + XSTRNCPY(in, keaStr, len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); + XSTRNCPY(in, " Au=", len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; + XSTRNCPY(in, authStr, len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - bio = wolfSSL_BIO_new_file(fname, "rb"); - if (bio == NULL) { - WOLFSSL_MSG("wolfSSL_BIO_new_file error"); - goto cleanup; - } + XSTRNCPY(in, " Enc=", len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; + XSTRNCPY(in, encStr, len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - list = wolfSSL_sk_X509_NAME_new(NULL); - if (list == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - goto cleanup; - } + XSTRNCPY(in, " Mac=", len); + in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; + XSTRNCPY(in, macStr, len); + in[len-1] = '\0'; - /* Read each certificate in the chain out of the file. */ - while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) { - /* Need a persistent copy of the subject name. */ - nameCopy = wolfSSL_X509_NAME_dup( - wolfSSL_X509_get_subject_name(cert)); - if (nameCopy == NULL) { - WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); - goto cleanup; - } - /* - * Original cert will be freed so make sure not to try to access - * it in the future. - */ - nameCopy->x509 = NULL; + return ret; +} - if (wolfSSL_sk_X509_NAME_push(list, nameCopy) != - WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); - /* Do free in loop because nameCopy is now responsibility - * of list to free and adding jumps to cleanup after this - * might result in a double free. */ - wolfSSL_X509_NAME_free(nameCopy); - goto cleanup; - } - wolfSSL_X509_free(cert); - cert = NULL; - } +#ifndef NO_WOLFSSL_STUB +int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, + int* ssl) +{ + (void)url; + (void)host; + (void)port; + (void)path; + (void)ssl; + WOLFSSL_STUB("OCSP_parse_url"); + return 0; +} +#endif - CLEAR_ASN_NO_PEM_HEADER_ERROR(err); +#ifndef NO_WOLFSSL_STUB +WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) +{ + WOLFSSL_STUB("COMP_zlib"); + return 0; +} - err = WOLFSSL_SUCCESS; -cleanup: - wolfSSL_X509_free(cert); - wolfSSL_BIO_free(bio); - if (err != WOLFSSL_SUCCESS) { - /* We failed so return NULL */ - wolfSSL_sk_X509_NAME_pop_free(list, NULL); - list = NULL; - } - return list; - #else - (void)fname; - return NULL; - #endif - } - #endif - #endif /* !NO_BIO */ -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ +WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) +{ + WOLFSSL_STUB("COMP_rle"); + return 0; +} -#ifdef OPENSSL_EXTRA +int wolfSSL_COMP_add_compression_method(int method, void* data) +{ + (void)method; + (void)data; + WOLFSSL_STUB("COMP_add_compression_method"); + return 0; +} - #ifdef WOLFSSL_SYS_CA_CERTS - /* - * This is an OpenSSL compatibility layer function, but it doesn't mirror - * the exact functionality of its OpenSSL counterpart. We don't support the - * notion of an "OpenSSL directory". This function will attempt to load the - * environment variables SSL_CERT_DIR and SSL_CERT_FILE, if either are found, - * they will be loaded. Otherwise, it will act as a wrapper around our - * native wolfSSL_CTX_load_system_CA_certs function. This function does - * conform to OpenSSL's return value conventions. - */ - int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) - { - int ret; -#ifdef XGETENV - char* certDir; - char* certFile; - word32 flags; +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) +{ + static const char ret[] = "not supported"; + + (void)comp; + WOLFSSL_STUB("wolfSSL_COMP_get_name"); + return ret; +} #endif - WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); +/* wolfSSL_set_dynlock_create_callback + * CRYPTO_set_dynlock_create_callback has been deprecated since openSSL 1.0.1. + * This function exists for compatibility purposes because wolfSSL satisfies + * thread safety without relying on the callback. + */ +void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)( + const char*, int)) +{ + WOLFSSL_STUB("CRYPTO_set_dynlock_create_callback"); + (void)f; +} +/* wolfSSL_set_dynlock_lock_callback + * CRYPTO_set_dynlock_lock_callback has been deprecated since openSSL 1.0.1. + * This function exists for compatibility purposes because wolfSSL satisfies + * thread safety without relying on the callback. + */ +void wolfSSL_set_dynlock_lock_callback( + void (*f)(int, WOLFSSL_dynlock_value*, const char*, int)) +{ + WOLFSSL_STUB("CRYPTO_set_set_dynlock_lock_callback"); + (void)f; +} +/* wolfSSL_set_dynlock_destroy_callback + * CRYPTO_set_dynlock_destroy_callback has been deprecated since openSSL 1.0.1. + * This function exists for compatibility purposes because wolfSSL satisfies + * thread safety without relying on the callback. + */ +void wolfSSL_set_dynlock_destroy_callback( + void (*f)(WOLFSSL_dynlock_value*, const char*, int)) +{ + WOLFSSL_STUB("CRYPTO_set_set_dynlock_destroy_callback"); + (void)f; +} -#ifdef XGETENV - certDir = XGETENV("SSL_CERT_DIR"); - certFile = XGETENV("SSL_CERT_FILE"); - flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; - if (certDir || certFile) { - if (certDir) { - /* - * We want to keep trying to load more CAs even if one cert in - * the directory is bad and can't be used (e.g. if one is expired), - * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR. - */ - flags |= WOLFSSL_LOAD_FLAG_IGNORE_ERR; - } +#endif /* OPENSSL_EXTRA */ - ret = wolfSSL_CTX_load_verify_locations_ex(ctx, certFile, certDir, - flags); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG_EX("Failed to load CA certs from SSL_CERT_FILE: %s" - " SSL_CERT_DIR: %s. Error: %d", certFile, - certDir, ret); - return WOLFSSL_FAILURE; - } - return ret; - } -#endif +#ifdef OPENSSL_EXTRA +#ifndef NO_CERTS -#ifdef NO_FILESYSTEM - WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported" - " with NO_FILESYSTEM enabled"); - ret = WOLFSSL_FATAL_ERROR; -#else - ret = wolfSSL_CTX_load_system_CA_certs(ctx); - if (ret == WOLFSSL_BAD_PATH) { - /* - * OpenSSL doesn't treat the lack of a system CA cert directory as a - * failure. We do the same here. - */ - ret = WOLFSSL_SUCCESS; - } -#endif +#if !defined(NO_ASN) && !defined(NO_PWDBASED) +/* Copies unencrypted DER key buffer into "der". If "der" is null then the size + * of buffer needed is returned. If *der == NULL then it allocates a buffer. + * NOTE: This also advances the "der" pointer to be at the end of buffer. + * + * Returns size of key buffer on success + */ +int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der) +{ + return wolfSSL_EVP_PKEY_get_der(key, der); +} - WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); +int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) +{ +#if !defined(NO_RSA) || defined(HAVE_ECC) +#ifdef HAVE_ECC + unsigned char *local_der = NULL; + word32 local_derSz = 0; + unsigned char *pub_der = NULL; + ecc_key *eccKey = NULL; + word32 inOutIdx = 0; +#endif + word32 pub_derSz = 0; + int ret; + int key_type = 0; - return ret; + if (key == NULL) { + return WOLFSSL_FATAL_ERROR; } - #endif /* WOLFSSL_SYS_CA_CERTS */ - #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ - && !defined(WC_NO_RNG) - static const byte srp_N[] = { - 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, - 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, - 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6, - 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13, - 0xD6, 0x92, 0xC6, 0xE0, 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, - 0xE4, 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7, - 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 0xAD, 0x69, - 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, - 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, 0x68, 0xED, 0xBC, - 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, - 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, - 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 - }; - static const byte srp_g[] = { - 0x02 - }; + key_type = key->type; + if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) { + return WOLFSSL_FATAL_ERROR; + } - int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username) - { - int r = 0; - SrpSide srp_side = SRP_CLIENT_SIDE; - byte salt[SRP_SALT_SIZE]; +#ifndef NO_RSA + if (key_type == EVP_PKEY_RSA) { + return wolfSSL_i2d_RSAPublicKey(key->rsa, der); + } +#endif - WOLFSSL_ENTER("wolfSSL_CTX_set_srp_username"); - if (ctx == NULL || ctx->srp == NULL || username==NULL) - return WOLFSSL_FAILURE; + /* Now that RSA is taken care of, we only need to consider the ECC case. */ - if (ctx->method->side == WOLFSSL_SERVER_END){ - srp_side = SRP_SERVER_SIDE; - } else if (ctx->method->side == WOLFSSL_CLIENT_END){ - srp_side = SRP_CLIENT_SIDE; - } else { - WOLFSSL_MSG("Init CTX failed"); - return WOLFSSL_FAILURE; - } +#ifdef HAVE_ECC - if (wc_SrpInit(ctx->srp, SRP_TYPE_SHA256, srp_side) < 0) { - WOLFSSL_MSG("Init SRP CTX failed"); - XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp = NULL; - return WOLFSSL_FAILURE; - } - r = wc_SrpSetUsername(ctx->srp, (const byte*)username, - (word32)XSTRLEN(username)); - if (r < 0) { - WOLFSSL_MSG("fail to set srp username."); - return WOLFSSL_FAILURE; + /* We need to get the DER, then convert it to a public key. But what we get + * might be a buffered private key so we need to decode it and then encode + * the public part. */ + ret = wolfSSL_EVP_PKEY_get_der(key, &local_der); + if (ret <= 0) { + /* In this case, there was no buffered DER at all. This could be the + * case where the key that was passed in was generated. So now we + * have to create the local DER. */ + local_derSz = (word32)wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der); + if (local_derSz == 0) { + ret = WOLFSSL_FATAL_ERROR; } + } else { + local_derSz = (word32)ret; + ret = 0; + } - /* if wolfSSL_CTX_set_srp_password has already been called, */ - /* execute wc_SrpSetPassword here */ - if (ctx->srp_password != NULL) { - WC_RNG rng; - if (wc_InitRng(&rng) < 0){ - WOLFSSL_MSG("wc_InitRng failed"); - return WOLFSSL_FAILURE; - } - XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); - r = wc_RNG_GenerateBlock(&rng, salt, sizeof(salt)/sizeof(salt[0])); - wc_FreeRng(&rng); - if (r < 0) { - WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); - return WOLFSSL_FAILURE; - } + if (ret == 0) { + eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, DYNAMIC_TYPE_ECC); + if (eccKey == NULL) { + WOLFSSL_MSG("Failed to allocate key buffer."); + ret = WOLFSSL_FATAL_ERROR; + } + } - if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), - srp_g, sizeof(srp_g)/sizeof(srp_g[0]), - salt, sizeof(salt)/sizeof(salt[0])) < 0) { - WOLFSSL_MSG("wc_SrpSetParam failed"); - return WOLFSSL_FAILURE; - } - r = wc_SrpSetPassword(ctx->srp, - (const byte*)ctx->srp_password, - (word32)XSTRLEN((char *)ctx->srp_password)); - if (r < 0) { - WOLFSSL_MSG("fail to set srp password."); - return WOLFSSL_FAILURE; - } + if (ret == 0) { + ret = wc_ecc_init(eccKey); + } - XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; + if (ret == 0) { + ret = wc_EccPublicKeyDecode(local_der, &inOutIdx, eccKey, local_derSz); + if (ret < 0) { + /* We now try again as x.963 [point type][x][opt y]. */ + ret = wc_ecc_import_x963(local_der, local_derSz, eccKey); } + } - return WOLFSSL_SUCCESS; + if (ret == 0) { + pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 0); + if ((int)pub_derSz <= 0) { + ret = WOLFSSL_FAILURE; + } } - int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) - { - int r; - byte salt[SRP_SALT_SIZE]; + if (ret == 0) { + pub_der = (unsigned char*)XMALLOC(pub_derSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pub_der == NULL) { + WOLFSSL_MSG("Failed to allocate output buffer."); + ret = WOLFSSL_FATAL_ERROR; + } + } - WOLFSSL_ENTER("wolfSSL_CTX_set_srp_password"); - if (ctx == NULL || ctx->srp == NULL || password == NULL) - return WOLFSSL_FAILURE; + if (ret == 0) { + pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0); + if ((int)pub_derSz <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + } - if (ctx->srp->user != NULL) { - WC_RNG rng; - if (wc_InitRng(&rng) < 0) { - WOLFSSL_MSG("wc_InitRng failed"); - return WOLFSSL_FAILURE; - } - XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); - r = wc_RNG_GenerateBlock(&rng, salt, sizeof(salt)/sizeof(salt[0])); - wc_FreeRng(&rng); - if (r < 0) { - WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); - return WOLFSSL_FAILURE; - } - if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), - srp_g, sizeof(srp_g)/sizeof(srp_g[0]), - salt, sizeof(salt)/sizeof(salt[0])) < 0){ - WOLFSSL_MSG("wc_SrpSetParam failed"); - wc_FreeRng(&rng); - return WOLFSSL_FAILURE; - } - r = wc_SrpSetPassword(ctx->srp, (const byte*)password, - (word32)XSTRLEN(password)); - if (r < 0) { - WOLFSSL_MSG("wc_SrpSetPassword failed."); - wc_FreeRng(&rng); - return WOLFSSL_FAILURE; - } - if (ctx->srp_password != NULL){ - XFREE(ctx->srp_password,NULL, - DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; + /* This block is for actually returning the DER of the public key */ + if ((ret == 0) && (der != NULL)) { + if (*der == NULL) { + *der = (unsigned char*)XMALLOC(pub_derSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (*der == NULL) { + WOLFSSL_MSG("Failed to allocate output buffer."); + ret = WOLFSSL_FATAL_ERROR; } - wc_FreeRng(&rng); - } else { - /* save password for wolfSSL_set_srp_username */ - if (ctx->srp_password != NULL) - XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap, - DYNAMIC_TYPE_SRP); - if (ctx->srp_password == NULL){ - WOLFSSL_MSG("memory allocation error"); - return WOLFSSL_FAILURE; + if (ret == 0) { + XMEMCPY(*der, pub_der, pub_derSz); } - XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); } - return WOLFSSL_SUCCESS; - } - - /** - * The modulus passed to wc_SrpSetParams in ssl.c is constant so check - * that the requested strength is less than or equal to the size of the - * static modulus size. - * @param ctx Not used - * @param strength Minimum number of bits for the modulus - * @return 1 if strength is less than or equal to static modulus - * 0 if strength is greater than static modulus - */ - int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength) - { - (void)ctx; - WOLFSSL_ENTER("wolfSSL_CTX_set_srp_strength"); - if (strength > (int)(sizeof(srp_N)*8)) { - WOLFSSL_MSG("Bad Parameter"); - return WOLFSSL_FAILURE; + else { + XMEMCPY(*der, pub_der, pub_derSz); + *der += pub_derSz; } - return WOLFSSL_SUCCESS; } - char* wolfSSL_get_srp_username(WOLFSSL *ssl) - { - if (ssl && ssl->ctx && ssl->ctx->srp) { - return (char*) ssl->ctx->srp->user; - } - return NULL; - } - #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ + XFREE(pub_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(local_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - /* keyblock size in bytes or -1 */ - int wolfSSL_get_keyblock_size(WOLFSSL* ssl) - { - if (ssl == NULL) - return WOLFSSL_FATAL_ERROR; + wc_ecc_free(eccKey); + XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC); - return 2 * (ssl->specs.key_size + ssl->specs.iv_size + - ssl->specs.hash_size); +#else + ret = WOLFSSL_FATAL_ERROR; +#endif /* HAVE_ECC */ + + if (ret == 0) { + return (int)pub_derSz; } -#endif /* OPENSSL_EXTRA */ + return ret; +#else + return WOLFSSL_FATAL_ERROR; +#endif /* !NO_RSA || HAVE_ECC */ +} +#endif /* !NO_ASN && !NO_PWDBASED */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#endif /* !NO_CERTS */ +#endif /* OPENSSL_EXTRA */ - /* store keys returns WOLFSSL_SUCCESS or -1 on error */ - int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen, - unsigned char** sr, unsigned int* srLen, - unsigned char** cr, unsigned int* crLen) - { - if (ssl == NULL || ssl->arrays == NULL) - return WOLFSSL_FATAL_ERROR; +#ifdef OPENSSL_EXTRA - *ms = ssl->arrays->masterSecret; - *sr = ssl->arrays->serverRandom; - *cr = ssl->arrays->clientRandom; +/* Sets the DNS hostname to name. + * Hostname is cleared if name is NULL or empty. */ +int wolfSSL_set1_host(WOLFSSL * ssl, const char* name) +{ + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } - *msLen = SECRET_LEN; - *srLen = RAN_LEN; - *crLen = RAN_LEN; + return wolfSSL_X509_VERIFY_PARAM_set1_host(ssl->param, name, 0); +} +/****************************************************************************** +* wolfSSL_CTX_set1_param - set a pointer to the SSL verification parameters +* +* RETURNS: +* WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE +* Note: Returns WOLFSSL_SUCCESS, in case either parameter is NULL, +* same as openssl. +*/ +int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm) +{ + if (ctx == NULL || vpm == NULL) return WOLFSSL_SUCCESS; - } - void wolfSSL_set_accept_state(WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_set_accept_state"); + return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, vpm); +} - if (ssl == NULL) - return; +/****************************************************************************** +* wolfSSL_CTX/_get0_param - return a pointer to the SSL verification parameters +* +* RETURNS: +* returns pointer to the SSL verification parameters on success, +* otherwise returns NULL +*/ +WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx) +{ + if (ctx == NULL) { + return NULL; + } - if (ssl->options.side == WOLFSSL_CLIENT_END) { - #ifdef HAVE_ECC - #ifdef WOLFSSL_SMALL_STACK - ecc_key* key = NULL; - #else - ecc_key key[1]; - #endif - word32 idx = 0; + return ctx->param; +} - #ifdef WOLFSSL_SMALL_STACK - key = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, - DYNAMIC_TYPE_ECC); - if (key == NULL) { - WOLFSSL_MSG("Error allocating memory for ecc_key"); - } - #endif - if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) { - if (wc_ecc_init(key) >= 0) { - if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - key, ssl->buffers.key->length) != 0) { - ssl->options.haveECDSAsig = 0; - ssl->options.haveECC = 0; - ssl->options.haveStaticECC = 0; - } - wc_ecc_free(key); - } - } - #ifdef WOLFSSL_SMALL_STACK - XFREE(key, ssl->heap, DYNAMIC_TYPE_ECC); - #endif - #endif - - #ifndef NO_DH - if (!ssl->options.haveDH && ssl->ctx->haveDH) { - ssl->buffers.serverDH_P = ssl->ctx->serverDH_P; - ssl->buffers.serverDH_G = ssl->ctx->serverDH_G; - ssl->options.haveDH = 1; - } - #endif - } - - if (InitSSL_Side(ssl, WOLFSSL_SERVER_END) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error initializing server side"); - } +WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl) +{ + if (ssl == NULL) { + return NULL; } + return ssl->param; +} -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - - /* return true if connection established */ - int wolfSSL_is_init_finished(const WOLFSSL* ssl) - { - if (ssl == NULL) - return 0; +#endif /* OPENSSL_EXTRA */ - /* Can't use ssl->options.connectState and ssl->options.acceptState because - * they differ in meaning for TLS <=1.2 and 1.3 */ - if (ssl->options.handShakeState == HANDSHAKE_DONE) - return 1; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +/* Gets an index to store SSL structure at. + * + * Returns positive index on success and negative values on failure + */ +int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) +{ + WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx"); - return 0; - } + /* store SSL at index 0 */ + return 0; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA - void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx, - WOLFSSL_RSA*(*f)(WOLFSSL*, int, int)) - { - /* wolfSSL verifies all these internally */ - (void)ctx; - (void)f; +/* Sets a function callback that will send information about the state of all + * WOLFSSL objects that have been created by the WOLFSSL_CTX structure passed + * in. + * + * ctx WOLFSSL_CTX structure to set callback function in + * f callback function to use + */ +void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, + void (*f)(const WOLFSSL* ssl, int type, int val)) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_info_callback"); + if (ctx == NULL) { + WOLFSSL_MSG("Bad function argument"); } - - - void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt) - { - WOLFSSL_ENTER("wolfSSL_set_shutdown"); - if(ssl==NULL) { - WOLFSSL_MSG("Shutdown not set. ssl is null"); - return; - } - - ssl->options.sentNotify = (opt&WOLFSSL_SENT_SHUTDOWN) > 0; - ssl->options.closeNotify = (opt&WOLFSSL_RECEIVED_SHUTDOWN) > 0; + else { + ctx->CBIS = f; } -#endif +} - long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_get_options"); - WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); - if(ctx == NULL) - return BAD_FUNC_ARG; - return ctx->mask; +void wolfSSL_set_info_callback(WOLFSSL* ssl, + void (*f)(const WOLFSSL* ssl, int type, int val)) +{ + WOLFSSL_ENTER("wolfSSL_set_info_callback"); + if (ssl == NULL) { + WOLFSSL_MSG("Bad function argument"); } + else { + ssl->CBIS = f; + } +} - /* forward declaration */ - static long wolf_set_options(long old_op, long op); - long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_options"); +unsigned long wolfSSL_ERR_peek_error(void) +{ + WOLFSSL_ENTER("wolfSSL_ERR_peek_error"); - if (ctx == NULL) - return BAD_FUNC_ARG; + return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); +} - ctx->mask = wolf_set_options(ctx->mask, opt); -#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \ - || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)) - if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { - ctx->noTicketTls12 = 1; - } - /* This code is here for documentation purpose. You must not turn off - * session tickets with the WOLFSSL_OP_NO_TICKET option for TLSv1.3. - * Because we need to support both stateful and stateless tickets. - #ifdef WOLFSSL_TLS13 - if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { - ctx->noTicketTls13 = 1; - } - #endif - */ -#endif - return ctx->mask; - } +int wolfSSL_ERR_GET_LIB(unsigned long err) +{ + unsigned long value; - long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) - { - WOLFSSL_ENTER("wolfSSL_CTX_clear_options"); - if(ctx == NULL) - return BAD_FUNC_ARG; - ctx->mask &= ~opt; - return ctx->mask; + value = (err & 0xFFFFFFL); + switch (value) { + case -WC_NO_ERR_TRACE(PARSE_ERROR): + return ERR_LIB_SSL; + case -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER): + case PEM_R_NO_START_LINE: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_BAD_DECRYPT: + return ERR_LIB_PEM; + case EVP_R_BAD_DECRYPT: + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: + case EVP_R_PRIVATE_KEY_DECODE_ERROR: + return ERR_LIB_EVP; + case ASN1_R_HEADER_TOO_LONG: + return ERR_LIB_ASN1; + default: + return 0; } +} -#ifdef OPENSSL_EXTRA - - int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd) - { - WOLFSSL_ENTER("wolfSSL_set_rfd"); - ssl->rfd = rfd; /* not used directly to allow IO callbacks */ +/* This function is to find global error values that are the same through out + * all library version. With wolfSSL having only one set of error codes the + * return value is pretty straight forward. The only thing needed is all wolfSSL + * error values are typically negative. + * + * Returns the error reason + */ +int wolfSSL_ERR_GET_REASON(unsigned long err) +{ + int ret = (int)err; - ssl->IOCB_ReadCtx = &ssl->rfd; + WOLFSSL_ENTER("wolfSSL_ERR_GET_REASON"); - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; - ssl->buffers.dtlsCtx.rfd = rfd; - } - #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + /* Nginx looks for this error to know to stop parsing certificates. + * Same for HAProxy. */ + if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) || + ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) || + ((err & 0xFFFL) == PEM_R_NO_START_LINE )) + return PEM_R_NO_START_LINE; + if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) + return SSL_R_HTTP_REQUEST; +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) + if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) + return ASN1_R_HEADER_TOO_LONG; +#endif - return WOLFSSL_SUCCESS; + /* check if error value is in range of wolfSSL errors */ + ret = 0 - ret; /* setting as negative value */ + /* wolfCrypt range is less than MAX (-100) + wolfSSL range is MIN (-300) and lower */ + if (ret < MAX_CODE_E && ret > MIN_CODE_E) { + return ret; + } + else { + WOLFSSL_MSG("Not in range of typical error values"); + ret = (int)err; } + return ret; +} - int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd) - { - WOLFSSL_ENTER("wolfSSL_set_wfd"); - ssl->wfd = wfd; /* not used directly to allow IO callbacks */ +/* returns a string that describes the alert + * + * alertID the alert value to look up + */ +const char* wolfSSL_alert_type_string_long(int alertID) +{ + WOLFSSL_ENTER("wolfSSL_alert_type_string_long"); - ssl->IOCB_WriteCtx = &ssl->wfd; + return AlertTypeToString(alertID); +} - return WOLFSSL_SUCCESS; - } -#endif /* OPENSSL_EXTRA */ -#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) +const char* wolfSSL_alert_desc_string_long(int alertID) +{ + WOLFSSL_ENTER("wolfSSL_alert_desc_string_long"); -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /** - * Implemented in a similar way that ngx_ssl_ocsp_validate does it when - * SSL_get0_verified_chain is not available. - * @param ssl WOLFSSL object to extract certs from - * @return Stack of verified certs - */ - WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) - { - WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; - WOLFSSL_X509_STORE_CTX* storeCtx = NULL; - WOLFSSL_X509* peerCert = NULL; - - WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); - - if (ssl == NULL || ssl->ctx == NULL) { - WOLFSSL_MSG("Bad parameter"); - return NULL; - } + return AlertTypeToString(alertID); +} - peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); - if (peerCert == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); - return NULL; - } - /* wolfSSL_get_peer_certificate returns a copy. We want the internal - * member so that we don't have to worry about free'ing it. We call - * wolfSSL_get_peer_certificate so that we don't have to worry about - * setting up the internal pointer. */ - wolfSSL_X509_free(peerCert); - peerCert = (WOLFSSL_X509*)&ssl->peerCert; - chain = wolfSSL_get_peer_cert_chain(ssl); - if (chain == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); - return NULL; - } - storeCtx = wolfSSL_X509_STORE_CTX_new(); - if (storeCtx == NULL) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); - return NULL; - } - if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), - peerCert, chain) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { - WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - wolfSSL_X509_STORE_CTX_free(storeCtx); - return chain; +#define STATE_STRINGS_PROTO(s) \ + { \ + {"SSLv3 " s, \ + "SSLv3 " s, \ + "SSLv3 " s}, \ + {"TLSv1 " s, \ + "TLSv1 " s, \ + "TLSv1 " s}, \ + {"TLSv1_1 " s, \ + "TLSv1_1 " s, \ + "TLSv1_1 " s}, \ + {"TLSv1_2 " s, \ + "TLSv1_2 " s, \ + "TLSv1_2 " s}, \ + {"TLSv1_3 " s, \ + "TLSv1_3 " s, \ + "TLSv1_3 " s}, \ + {"DTLSv1 " s, \ + "DTLSv1 " s, \ + "DTLSv1 " s}, \ + {"DTLSv1_2 " s, \ + "DTLSv1_2 " s, \ + "DTLSv1_2 " s}, \ + {"DTLSv1_3 " s, \ + "DTLSv1_3 " s, \ + "DTLSv1_3 " s}, \ } -#endif /* SESSION_CERTS && OPENSSL_EXTRA */ - - WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx) - { - if (ctx == NULL) { - return NULL; - } - if (ctx->x509_store_pt != NULL) - return ctx->x509_store_pt; - return &ctx->x509_store; +#define STATE_STRINGS_PROTO_RW(s) \ + { \ + {"SSLv3 read " s, \ + "SSLv3 write " s, \ + "SSLv3 " s}, \ + {"TLSv1 read " s, \ + "TLSv1 write " s, \ + "TLSv1 " s}, \ + {"TLSv1_1 read " s, \ + "TLSv1_1 write " s, \ + "TLSv1_1 " s}, \ + {"TLSv1_2 read " s, \ + "TLSv1_2 write " s, \ + "TLSv1_2 " s}, \ + {"TLSv1_3 read " s, \ + "TLSv1_3 write " s, \ + "TLSv1_3 " s}, \ + {"DTLSv1 read " s, \ + "DTLSv1 write " s, \ + "DTLSv1 " s}, \ + {"DTLSv1_2 read " s, \ + "DTLSv1_2 write " s, \ + "DTLSv1_2 " s}, \ + {"DTLSv1_3 read " s, \ + "DTLSv1_3 write " s, \ + "DTLSv1_3 " s}, \ } - void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_cert_store"); - if (ctx == NULL || str == NULL || ctx->cm == str->cm) { - return; - } - - if (wolfSSL_CertManager_up_ref(str->cm) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_CertManager_up_ref error"); - return; - } - /* free cert manager if have one */ - if (ctx->cm != NULL) { - wolfSSL_CertManagerFree(ctx->cm); - } - ctx->cm = str->cm; - ctx->x509_store.cm = str->cm; - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ctx->x509_store_pt); - ctx->x509_store.cache = str->cache; - ctx->x509_store_pt = str; /* take ownership of store and free it - with CTX free */ - ctx->cm->x509_store_p = ctx->x509_store_pt;/* CTX has ownership - and free it with CTX free*/ - } +/* Gets the current state of the WOLFSSL structure + * + * ssl WOLFSSL structure to get state of + * + * Returns a human readable string of the WOLFSSL structure state + */ +const char* wolfSSL_state_string_long(const WOLFSSL* ssl) +{ -#ifdef OPENSSL_ALL - int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_CTX_set1_verify_cert_store"); + static const char* OUTPUT_STR[24][8][3] = { + STATE_STRINGS_PROTO("Initialization"), + STATE_STRINGS_PROTO_RW("Server Hello Request"), + STATE_STRINGS_PROTO_RW("Server Hello Verify Request"), + STATE_STRINGS_PROTO_RW("Server Hello Retry Request"), + STATE_STRINGS_PROTO_RW("Server Hello"), + STATE_STRINGS_PROTO_RW("Server Certificate Status"), + STATE_STRINGS_PROTO_RW("Server Encrypted Extensions"), + STATE_STRINGS_PROTO_RW("Server Session Ticket"), + STATE_STRINGS_PROTO_RW("Server Certificate Request"), + STATE_STRINGS_PROTO_RW("Server Cert"), + STATE_STRINGS_PROTO_RW("Server Key Exchange"), + STATE_STRINGS_PROTO_RW("Server Hello Done"), + STATE_STRINGS_PROTO_RW("Server Change CipherSpec"), + STATE_STRINGS_PROTO_RW("Server Finished"), + STATE_STRINGS_PROTO_RW("server Key Update"), + STATE_STRINGS_PROTO_RW("Client Hello"), + STATE_STRINGS_PROTO_RW("Client Key Exchange"), + STATE_STRINGS_PROTO_RW("Client Cert"), + STATE_STRINGS_PROTO_RW("Client Change CipherSpec"), + STATE_STRINGS_PROTO_RW("Client Certificate Verify"), + STATE_STRINGS_PROTO_RW("Client End Of Early Data"), + STATE_STRINGS_PROTO_RW("Client Finished"), + STATE_STRINGS_PROTO_RW("Client Key Update"), + STATE_STRINGS_PROTO("Handshake Done"), + }; + enum ProtocolVer { + SSL_V3 = 0, + TLS_V1, + TLS_V1_1, + TLS_V1_2, + TLS_V1_3, + DTLS_V1, + DTLS_V1_2, + DTLS_V1_3, + UNKNOWN = 100 + }; - if (ctx == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } + enum IOMode { + SS_READ = 0, + SS_WRITE, + SS_NEITHER + }; - /* NO-OP when setting existing store */ - if (str == CTX_STORE(ctx)) - return WOLFSSL_SUCCESS; + enum SslState { + ss_null_state = 0, + ss_server_hellorequest, + ss_server_helloverify, + ss_server_helloretryrequest, + ss_server_hello, + ss_server_certificatestatus, + ss_server_encryptedextensions, + ss_server_sessionticket, + ss_server_certrequest, + ss_server_cert, + ss_server_keyexchange, + ss_server_hellodone, + ss_server_changecipherspec, + ss_server_finished, + ss_server_keyupdate, + ss_client_hello, + ss_client_keyexchange, + ss_client_cert, + ss_client_changecipherspec, + ss_client_certverify, + ss_client_endofearlydata, + ss_client_finished, + ss_client_keyupdate, + ss_handshake_done + }; - if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); - return WOLFSSL_FAILURE; - } + int protocol = 0; + int cbmode = 0; + int state = 0; - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ctx->x509_store_pt); - ctx->x509_store_pt = str; /* take ownership of store and free it - with CTX free */ - return WOLFSSL_SUCCESS; + WOLFSSL_ENTER("wolfSSL_state_string_long"); + if (ssl == NULL) { + WOLFSSL_MSG("Null argument passed in"); + return NULL; } -#endif - - int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_set0_verify_cert_store"); - - if (ssl == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - /* NO-OP when setting existing store */ - if (str == SSL_STORE(ssl)) - return WOLFSSL_SUCCESS; + /* Get state of callback */ + if (ssl->cbmode == SSL_CB_MODE_WRITE) { + cbmode = SS_WRITE; + } + else if (ssl->cbmode == SSL_CB_MODE_READ) { + cbmode = SS_READ; + } + else { + cbmode = SS_NEITHER; + } - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ssl->x509_store_pt); - if (str == ssl->ctx->x509_store_pt) - ssl->x509_store_pt = NULL; /* if setting ctx store then just revert - to using that instead */ - else - ssl->x509_store_pt = str; /* take ownership of store and free it - with SSL free */ - return WOLFSSL_SUCCESS; + /* Get protocol version */ + switch (ssl->version.major) { + case SSLv3_MAJOR: + switch (ssl->version.minor) { + case SSLv3_MINOR: + protocol = SSL_V3; + break; + case TLSv1_MINOR: + protocol = TLS_V1; + break; + case TLSv1_1_MINOR: + protocol = TLS_V1_1; + break; + case TLSv1_2_MINOR: + protocol = TLS_V1_2; + break; + case TLSv1_3_MINOR: + protocol = TLS_V1_3; + break; + default: + protocol = UNKNOWN; + } + break; + case DTLS_MAJOR: + switch (ssl->version.minor) { + case DTLS_MINOR: + protocol = DTLS_V1; + break; + case DTLSv1_2_MINOR: + protocol = DTLS_V1_2; + break; + case DTLSv1_3_MINOR: + protocol = DTLS_V1_3; + break; + default: + protocol = UNKNOWN; + } + break; + default: + protocol = UNKNOWN; } - - int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_set1_verify_cert_store"); - - if (ssl == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; + /* accept process */ + if (ssl->cbmode == SSL_CB_MODE_READ) { + state = ssl->cbtype; + switch (state) { + case hello_request: + state = ss_server_hellorequest; + break; + case client_hello: + state = ss_client_hello; + break; + case server_hello: + state = ss_server_hello; + break; + case hello_verify_request: + state = ss_server_helloverify; + break; + case session_ticket: + state = ss_server_sessionticket; + break; + case end_of_early_data: + state = ss_client_endofearlydata; + break; + case hello_retry_request: + state = ss_server_helloretryrequest; + break; + case encrypted_extensions: + state = ss_server_encryptedextensions; + break; + case certificate: + if (ssl->options.side == WOLFSSL_SERVER_END) + state = ss_client_cert; + else if (ssl->options.side == WOLFSSL_CLIENT_END) + state = ss_server_cert; + else { + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; + } + break; + case server_key_exchange: + state = ss_server_keyexchange; + break; + case certificate_request: + state = ss_server_certrequest; + break; + case server_hello_done: + state = ss_server_hellodone; + break; + case certificate_verify: + state = ss_client_certverify; + break; + case client_key_exchange: + state = ss_client_keyexchange; + break; + case finished: + if (ssl->options.side == WOLFSSL_SERVER_END) + state = ss_client_finished; + else if (ssl->options.side == WOLFSSL_CLIENT_END) + state = ss_server_finished; + else { + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; + } + break; + case certificate_status: + state = ss_server_certificatestatus; + break; + case key_update: + if (ssl->options.side == WOLFSSL_SERVER_END) + state = ss_client_keyupdate; + else if (ssl->options.side == WOLFSSL_CLIENT_END) + state = ss_server_keyupdate; + else { + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; + } + break; + case change_cipher_hs: + if (ssl->options.side == WOLFSSL_SERVER_END) + state = ss_client_changecipherspec; + else if (ssl->options.side == WOLFSSL_CLIENT_END) + state = ss_server_changecipherspec; + else { + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; + } + break; + default: + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; } + } + else { + /* Send process */ + if (ssl->options.side == WOLFSSL_SERVER_END) + state = ssl->options.serverState; + else + state = ssl->options.clientState; - /* NO-OP when setting existing store */ - if (str == SSL_STORE(ssl)) - return WOLFSSL_SUCCESS; - - if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); - return WOLFSSL_FAILURE; + switch (state) { + case SERVER_HELLOVERIFYREQUEST_COMPLETE: + state = ss_server_helloverify; + break; + case SERVER_HELLO_RETRY_REQUEST_COMPLETE: + state = ss_server_helloretryrequest; + break; + case SERVER_HELLO_COMPLETE: + state = ss_server_hello; + break; + case SERVER_ENCRYPTED_EXTENSIONS_COMPLETE: + state = ss_server_encryptedextensions; + break; + case SERVER_CERT_COMPLETE: + state = ss_server_cert; + break; + case SERVER_KEYEXCHANGE_COMPLETE: + state = ss_server_keyexchange; + break; + case SERVER_HELLODONE_COMPLETE: + state = ss_server_hellodone; + break; + case SERVER_CHANGECIPHERSPEC_COMPLETE: + state = ss_server_changecipherspec; + break; + case SERVER_FINISHED_COMPLETE: + state = ss_server_finished; + break; + case CLIENT_HELLO_RETRY: + case CLIENT_HELLO_COMPLETE: + state = ss_client_hello; + break; + case CLIENT_KEYEXCHANGE_COMPLETE: + state = ss_client_keyexchange; + break; + case CLIENT_CHANGECIPHERSPEC_COMPLETE: + state = ss_client_changecipherspec; + break; + case CLIENT_FINISHED_COMPLETE: + state = ss_client_finished; + break; + case HANDSHAKE_DONE: + state = ss_handshake_done; + break; + default: + WOLFSSL_MSG("Unknown State"); + state = ss_null_state; } - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ssl->x509_store_pt); - if (str == ssl->ctx->x509_store_pt) - ssl->x509_store_pt = NULL; /* if setting ctx store then just revert - to using that instead */ - else - ssl->x509_store_pt = str; /* take ownership of store and free it - with SSL free */ - return WOLFSSL_SUCCESS; } -#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ - -#ifdef WOLFSSL_ENCRYPTED_KEYS - void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, - void* userdata) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_default_passwd_cb_userdata"); - if (ctx) - ctx->passwd_userdata = userdata; + if (protocol == UNKNOWN) { + WOLFSSL_MSG("Unknown protocol"); + return ""; } + else { + return OUTPUT_STR[state][protocol][cbmode]; + } +} +#endif /* OPENSSL_EXTRA */ - void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, wc_pem_password_cb* - cb) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_default_passwd_cb"); - if (ctx) - ctx->passwd_cb = cb; +static long wolf_set_options(long old_op, long op) +{ + /* if SSL_OP_ALL then turn all bug workarounds on */ + if ((op & WOLFSSL_OP_ALL) == WOLFSSL_OP_ALL) { + WOLFSSL_MSG("\tSSL_OP_ALL"); } - wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) - { - if (ctx == NULL || ctx->passwd_cb == NULL) { - return NULL; - } + /* by default cookie exchange is on with DTLS */ + if ((op & WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE) { + WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); + } - return ctx->passwd_cb; + if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { + WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); } +#ifdef SSL_OP_NO_TLSv1_3 + if ((op & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3"); + } +#endif - void* wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) - { - if (ctx == NULL) { - return NULL; - } + if ((op & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); + } - return ctx->passwd_userdata; + if ((op & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); } -#endif /* WOLFSSL_ENCRYPTED_KEYS */ + if ((op & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); + } + if ((op & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) { + WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); + } -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) - unsigned long wolfSSL_ERR_get_error(void) - { - WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#ifdef WOLFSSL_HAVE_ERROR_QUEUE - return wc_GetErrorNodeErr(); -#else - return (unsigned long)(0 - NOT_COMPILED_IN); -#endif + if ((op & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("\tWOLFSSL_OP_CIPHER_SERVER_PREFERENCE"); } -#endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + if ((op & WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION) { + #ifdef HAVE_LIBZ + WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); + #else + WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); + #endif + } - int wolfSSL_num_locks(void) - { - return 0; + return old_op | op; +} + +static int FindHashSig(const Suites* suites, byte first, byte second) +{ + word16 i; + + if (suites == NULL || suites->hashSigAlgoSz == 0) { + WOLFSSL_MSG("Suites pointer error or suiteSz 0"); + return SUITES_ERROR; } - void wolfSSL_set_locking_callback(mutex_cb* f) - { - WOLFSSL_ENTER("wolfSSL_set_locking_callback"); + for (i = 0; i < suites->hashSigAlgoSz-1; i += 2) { + if (suites->hashSigAlgo[i] == first && + suites->hashSigAlgo[i+1] == second ) + return i; + } - if (wc_SetMutexCb(f) != 0) { - WOLFSSL_MSG("Error when setting mutex call back"); - } + return MATCH_SUITE_ERROR; +} + +long wolfSSL_set_options(WOLFSSL* ssl, long op) +{ + word16 haveRSA = 1; + word16 havePSK = 0; + int keySz = 0; + + WOLFSSL_ENTER("wolfSSL_set_options"); + + if (ssl == NULL) { + return 0; } - mutex_cb* wolfSSL_get_locking_callback(void) - { - WOLFSSL_ENTER("wolfSSL_get_locking_callback"); + ssl->options.mask = wolf_set_options(ssl->options.mask, op); - return wc_GetMutexCb(); + if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { + WOLFSSL_MSG("Disabling TLS 1.3"); + if (ssl->version.minor == TLSv1_3_MINOR) + ssl->version.minor = TLSv1_2_MINOR; } + if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { + WOLFSSL_MSG("Disabling TLS 1.2"); + if (ssl->version.minor == TLSv1_2_MINOR) + ssl->version.minor = TLSv1_1_MINOR; + } - typedef unsigned long (idCb)(void); - static idCb* inner_idCb = NULL; + if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) { + WOLFSSL_MSG("Disabling TLS 1.1"); + if (ssl->version.minor == TLSv1_1_MINOR) + ssl->version.minor = TLSv1_MINOR; + } - unsigned long wolfSSL_thread_id(void) - { - if (inner_idCb != NULL) { - return inner_idCb(); - } - else { - return 0; - } + if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) { + WOLFSSL_MSG("Disabling TLS 1.0"); + if (ssl->version.minor == TLSv1_MINOR) + ssl->version.minor = SSLv3_MINOR; } + if ((ssl->options.mask & WOLFSSL_OP_NO_COMPRESSION) + == WOLFSSL_OP_NO_COMPRESSION) { + #ifdef HAVE_LIBZ + ssl->options.usingCompression = 0; + #endif + } - void wolfSSL_set_id_callback(unsigned long (*f)(void)) - { - inner_idCb = f; +#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \ + || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)) + if ((ssl->options.mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { + ssl->options.noTicketTls12 = 1; } +#endif -#ifdef WOLFSSL_HAVE_ERROR_QUEUE -#ifndef NO_BIO - /* print out and clear all errors */ - void wolfSSL_ERR_print_errors(WOLFSSL_BIO* bio) - { - const char* file = NULL; - const char* reason = NULL; - int ret; - int line = 0; - char buf[WOLFSSL_MAX_ERROR_SZ * 2]; - WOLFSSL_ENTER("wolfSSL_ERR_print_errors"); + /* in the case of a version change the cipher suites should be reset */ +#ifndef NO_PSK + havePSK = ssl->options.havePSK; +#endif +#ifdef NO_RSA + haveRSA = 0; +#endif +#ifndef NO_CERTS + keySz = ssl->buffers.keySz; +#endif - if (bio == NULL) { - WOLFSSL_MSG("BIO passed in was null"); - return; + if (ssl->options.side != WOLFSSL_NEITHER_END) { + if (AllocateSuites(ssl) != 0) + return 0; + if (!ssl->suites->setSuites) { + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, + havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, + ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, + ssl->options.haveFalconSig, + ssl->options.haveDilithiumSig, ssl->options.useAnon, + TRUE, ssl->options.side); } - - do { - ret = wc_PeekErrorNode(0, &file, &reason, &line); - if (ret >= 0) { - const char* r = wolfSSL_ERR_reason_error_string(0 - ret); - if (XSNPRINTF(buf, sizeof(buf), - "error:%d:wolfSSL library:%s:%s:%d\n", - ret, r, file, line) - >= (int)sizeof(buf)) - { - WOLFSSL_MSG("Buffer overrun formatting error message"); + else { + /* Only preserve overlapping suites */ + Suites tmpSuites; + word16 in, out, haveECDSAsig = 0; + word16 haveStaticECC = ssl->options.haveStaticECC; +#ifdef NO_RSA + haveECDSAsig = 1; + haveStaticECC = 1; +#endif + XMEMSET(&tmpSuites, 0, sizeof(Suites)); + /* Get all possible ciphers and sigalgs for the version. Following + * options limit the allowed ciphers so let's try to get as many as + * possible. + * - haveStaticECC turns off haveRSA + * - haveECDSAsig turns off haveRSAsig */ + InitSuites(&tmpSuites, ssl->version, 0, 1, 1, 1, haveECDSAsig, 1, 1, + haveStaticECC, 1, 1, 1, 1, ssl->options.side); + for (in = 0, out = 0; in < ssl->suites->suiteSz; in += SUITE_LEN) { + if (FindSuite(&tmpSuites, ssl->suites->suites[in], + ssl->suites->suites[in+1]) >= 0) { + ssl->suites->suites[out] = ssl->suites->suites[in]; + ssl->suites->suites[out+1] = ssl->suites->suites[in+1]; + out += SUITE_LEN; + } } - wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf)); - wc_RemoveErrorNode(0); - } - } while (ret >= 0); - if (wolfSSL_BIO_write(bio, "", 1) != 1) { - WOLFSSL_MSG("Issue writing final string terminator"); + ssl->suites->suiteSz = out; + for (in = 0, out = 0; in < ssl->suites->hashSigAlgoSz; in += 2) { + if (FindHashSig(&tmpSuites, ssl->suites->hashSigAlgo[in], + ssl->suites->hashSigAlgo[in+1]) >= 0) { + ssl->suites->hashSigAlgo[out] = + ssl->suites->hashSigAlgo[in]; + ssl->suites->hashSigAlgo[out+1] = + ssl->suites->hashSigAlgo[in+1]; + out += 2; + } + } + ssl->suites->hashSigAlgoSz = out; } } -#endif /* !NO_BIO */ -#endif /* WOLFSSL_HAVE_ERROR_QUEUE */ -#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ + return ssl->options.mask; +} -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(HAVE_SECRET_CALLBACK) -#if !defined(NO_WOLFSSL_SERVER) -/* Return the amount of random bytes copied over or error case. - * ssl : ssl struct after handshake - * out : buffer to hold random bytes - * outSz : either 0 (return max buffer sz) or size of out buffer - */ -size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, - size_t outSz) + +long wolfSSL_get_options(const WOLFSSL* ssl) { - size_t size; + WOLFSSL_ENTER("wolfSSL_get_options"); + if(ssl == NULL) + return WOLFSSL_FAILURE; + return ssl->options.mask; +} - /* return max size of buffer */ - if (outSz == 0) { - return RAN_LEN; - } +#if defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) +/* clears the counter for number of renegotiations done + * returns the current count before it is cleared */ +long wolfSSL_clear_num_renegotiations(WOLFSSL *s) +{ + long total; - if (ssl == NULL || out == NULL) { + WOLFSSL_ENTER("wolfSSL_clear_num_renegotiations"); + if (s == NULL) return 0; - } - if (ssl->arrays == NULL) { - WOLFSSL_MSG("Arrays struct not saved after handshake"); - return 0; - } + total = s->secure_rene_count; + s->secure_rene_count = 0; + return total; +} - if (outSz > RAN_LEN) { - size = RAN_LEN; - } - else { - size = outSz; + +/* return the number of renegotiations since wolfSSL_new */ +long wolfSSL_total_renegotiations(WOLFSSL *s) +{ + WOLFSSL_ENTER("wolfSSL_total_renegotiations"); + return wolfSSL_num_renegotiations(s); +} + + +/* return the number of renegotiations since wolfSSL_new */ +long wolfSSL_num_renegotiations(WOLFSSL* s) +{ + if (s == NULL) { + return 0; } - XMEMCPY(out, ssl->arrays->serverRandom, size); - return size; + return s->secure_rene_count; } -#endif /* !NO_WOLFSSL_SERVER */ -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ -#ifdef OPENSSL_EXTRA -#if !defined(NO_WOLFSSL_SERVER) -/* Used to get the peer ephemeral public key sent during the connection - * NOTE: currently wolfSSL_KeepHandshakeResources(WOLFSSL* ssl) must be called - * before the ephemeral key is stored. - * return WOLFSSL_SUCCESS on success */ -int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey) + +/* Is there a renegotiation currently in progress? */ +int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s) { - WOLFSSL_EVP_PKEY* ret = NULL; + return s && s->options.handShakeDone && + s->options.handShakeState != HANDSHAKE_DONE ? 1 : 0; +} +#endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */ - WOLFSSL_ENTER("wolfSSL_get_server_tmp_key"); +#ifdef OPENSSL_EXTRA - if (ssl == NULL || pkey == NULL) { - WOLFSSL_MSG("Bad argument passed in"); +long wolfSSL_clear_options(WOLFSSL* ssl, long opt) +{ + WOLFSSL_ENTER("wolfSSL_clear_options"); + if(ssl == NULL) + return WOLFSSL_FAILURE; + ssl->options.mask &= ~opt; + return ssl->options.mask; +} + +#ifdef HAVE_PK_CALLBACKS +long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) +{ + if (ssl == NULL) { return WOLFSSL_FAILURE; } -#ifdef HAVE_ECC - if (ssl->peerEccKey != NULL) { - unsigned char* der; - const unsigned char* pt; - unsigned int derSz = 0; - int sz; + ssl->loggingCtx = arg; + return WOLFSSL_SUCCESS; +} +#endif /* HAVE_PK_CALLBACKS */ - PRIVATE_KEY_UNLOCK(); - if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) != - LENGTH_ONLY_E) { - WOLFSSL_MSG("get ecc der size failed"); - PRIVATE_KEY_LOCK(); - return WOLFSSL_FAILURE; - } - PRIVATE_KEY_LOCK(); +/*** TBD ***/ +#ifndef NO_WOLFSSL_STUB +int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) +{ + (void)st; + WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); + /* wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); */ + return WOLFSSL_FAILURE; +} +#endif - derSz += MAX_SEQ_SZ + (2 * MAX_ALGO_SZ) + MAX_SEQ_SZ + TRAILING_ZERO; - der = (unsigned char*)XMALLOC(derSz, ssl->heap, DYNAMIC_TYPE_KEY); - if (der == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) +{ + WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); - if ((sz = wc_EccPublicKeyToDer(ssl->peerEccKey, der, derSz, 1)) <= 0) { - WOLFSSL_MSG("get ecc der failed"); - XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY); - return WOLFSSL_FAILURE; - } - pt = der; /* in case pointer gets advanced */ - ret = wolfSSL_d2i_PUBKEY(NULL, &pt, sz); - XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY); + if (s == NULL){ + return BAD_FUNC_ARG; + } + + if (type == TLSEXT_STATUSTYPE_ocsp){ + int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, + s, s->heap, s->devId); + return (long)r; + } else { + WOLFSSL_MSG( + "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); + return WOLFSSL_FAILURE; } + +} + +long wolfSSL_get_tlsext_status_type(WOLFSSL *s) +{ + TLSX* extension; + + if (s == NULL) + return WOLFSSL_FATAL_ERROR; + extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST); + return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ + +#ifndef NO_WOLFSSL_STUB +long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts"); + return WOLFSSL_FAILURE; +} #endif - *pkey = ret; -#ifdef HAVE_ECC - if (ret != NULL) - return WOLFSSL_SUCCESS; - else +/*** TBD ***/ +#ifndef NO_WOLFSSL_STUB +long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts"); + return WOLFSSL_FAILURE; +} #endif - return WOLFSSL_FAILURE; + +/*** TBD ***/ +#ifndef NO_WOLFSSL_STUB +long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids"); + return WOLFSSL_FAILURE; } +#endif -#endif /* !NO_WOLFSSL_SERVER */ +/*** TBD ***/ +#ifndef NO_WOLFSSL_STUB +long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids"); + return WOLFSSL_FAILURE; +} +#endif -/** - * This function checks if any compiled in protocol versions are - * left enabled after calls to set_min or set_max API. - * @param major The SSL/TLS major version - * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no - * protocol versions are left enabled. - */ -static int CheckSslMethodVersion(byte major, unsigned long options) +#ifndef NO_WOLFSSL_STUB +/*** TBD ***/ +WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) { - int sanityConfirmed = 0; + (void)ssl; + WOLFSSL_STUB("SSL_get_privatekey"); + return NULL; +} +#endif - (void)options; +#ifndef NO_WOLFSSL_STUB +/*** TBD ***/ +void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, + WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) +{ + (void)ctx; + (void)dh; + WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); +} +#endif - switch (major) { - #ifndef NO_TLS - case SSLv3_MAJOR: - #ifdef WOLFSSL_ALLOW_SSLV3 - if (!(options & WOLFSSL_OP_NO_SSLv3)) { - sanityConfirmed = 1; - } - #endif - #ifndef NO_OLD_TLS - if (!(options & WOLFSSL_OP_NO_TLSv1)) - sanityConfirmed = 1; - if (!(options & WOLFSSL_OP_NO_TLSv1_1)) - sanityConfirmed = 1; - #endif - #ifndef WOLFSSL_NO_TLS12 - if (!(options & WOLFSSL_OP_NO_TLSv1_2)) - sanityConfirmed = 1; - #endif - #ifdef WOLFSSL_TLS13 - if (!(options & WOLFSSL_OP_NO_TLSv1_3)) - sanityConfirmed = 1; - #endif - break; - #endif - #ifdef WOLFSSL_DTLS - case DTLS_MAJOR: - sanityConfirmed = 1; - break; - #endif - default: - WOLFSSL_MSG("Invalid major version"); - return WOLFSSL_FAILURE; +#ifndef NO_WOLFSSL_STUB +/*** TBD ***/ +WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) +{ + WOLFSSL_STUB("SSL_COMP_get_compression_methods"); + return NULL; +} +#endif + + +int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p) +{ + WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_num"); + if (p == NULL) { + return WOLFSSL_FATAL_ERROR; } - if (!sanityConfirmed) { - WOLFSSL_MSG("All compiled in TLS versions disabled"); + return (int)p->num; +} + +WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_value"); + return (WOLFSSL_CIPHER*)wolfSSL_sk_value(sk, i); +} + +#if !defined(NETOS) +void ERR_load_SSL_strings(void) +{ + +} +#endif + +#ifdef HAVE_OCSP +long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) +{ + if (s == NULL || resp == NULL) + return 0; + + *resp = s->ocspResp; + return s->ocspRespSz; +} + +long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, + int len) +{ + if (s == NULL) return WOLFSSL_FAILURE; - } + + s->ocspResp = resp; + s->ocspRespSz = len; + return WOLFSSL_SUCCESS; } +#endif /* HAVE_OCSP */ +#ifdef HAVE_MAX_FRAGMENT +#ifndef NO_WOLFSSL_CLIENT /** - * protoVerTbl holds (D)TLS version numbers in ascending order. - * Except DTLS versions, the newer version is located in the latter part of - * the table. This table is referred by wolfSSL_CTX_set_min_proto_version and - * wolfSSL_CTX_set_max_proto_version. + * Set max fragment tls extension + * @param c a pointer to WOLFSSL_CTX object + * @param mode maximum fragment length mode + * @return 1 on success, otherwise 0 or negative error code */ -static const int protoVerTbl[] = { - SSL3_VERSION, - TLS1_VERSION, - TLS1_1_VERSION, - TLS1_2_VERSION, - TLS1_3_VERSION, - DTLS1_VERSION, - DTLS1_2_VERSION -}; -/* number of protocol versions listed in protoVerTbl */ -#define NUMBER_OF_PROTOCOLS (sizeof(protoVerTbl)/sizeof(int)) +int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c, + unsigned char mode) +{ + if (c == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) + return BAD_FUNC_ARG; + return wolfSSL_CTX_UseMaxFragment(c, mode); +} /** - * wolfSSL_CTX_set_min_proto_version attempts to set the minimum protocol - * version to use by SSL objects created from this WOLFSSL_CTX. - * This API guarantees that a version of SSL/TLS lower than specified - * here will not be allowed. If the version specified is not compiled in - * then this API sets the lowest compiled in protocol version. - * This API also accept 0 as version, to set the minimum version automatically. - * CheckSslMethodVersion() is called to check if any remaining protocol versions - * are enabled. - * @param ctx The wolfSSL CONTEXT factory for spawning SSL/TLS objects - * @param version Any of the following - * * 0 - * * SSL3_VERSION - * * TLS1_VERSION - * * TLS1_1_VERSION - * * TLS1_2_VERSION - * * TLS1_3_VERSION - * * DTLS1_VERSION - * * DTLS1_2_VERSION - * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no - * protocol versions are left enabled. + * Set max fragment tls extension + * @param c a pointer to WOLFSSL object + * @param mode maximum fragment length mode + * @return 1 on success, otherwise 0 or negative error code */ -static int Set_CTX_min_proto_version(WOLFSSL_CTX* ctx, int version) +int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode) { - WOLFSSL_ENTER("wolfSSL_CTX_set_min_proto_version_ex"); + if (s == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) + return BAD_FUNC_ARG; - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } + return wolfSSL_UseMaxFragment(s, mode); +} +#endif /* NO_WOLFSSL_CLIENT */ +#endif /* HAVE_MAX_FRAGMENT */ - switch (version) { -#ifndef NO_TLS - case SSL3_VERSION: -#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) - ctx->minDowngrade = SSLv3_MINOR; - break; -#endif - case TLS1_VERSION: - #ifdef WOLFSSL_ALLOW_TLSV10 - ctx->minDowngrade = TLSv1_MINOR; - break; - #endif - case TLS1_1_VERSION: - #ifndef NO_OLD_TLS - ctx->minDowngrade = TLSv1_1_MINOR; - break; - #endif - case TLS1_2_VERSION: - #ifndef WOLFSSL_NO_TLS12 - ctx->minDowngrade = TLSv1_2_MINOR; - break; - #endif - case TLS1_3_VERSION: - #ifdef WOLFSSL_TLS13 - ctx->minDowngrade = TLSv1_3_MINOR; - break; - #endif -#endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - #ifndef NO_OLD_TLS - ctx->minDowngrade = DTLS_MINOR; - break; - #endif - case DTLS1_2_VERSION: - ctx->minDowngrade = DTLSv1_2_MINOR; - break; -#endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); - return WOLFSSL_FAILURE; - } +#endif /* OPENSSL_EXTRA */ - switch (version) { -#ifndef NO_TLS - case TLS1_3_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2); - FALL_THROUGH; - case TLS1_2_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_1); - FALL_THROUGH; - case TLS1_1_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1); - FALL_THROUGH; - case TLS1_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_SSLv3); - break; - case SSL3_VERSION: - case SSL2_VERSION: - /* Nothing to do here */ - break; -#endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - case DTLS1_2_VERSION: - break; -#endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); +#ifdef WOLFSSL_HAVE_TLS_UNIQUE +size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count) +{ + byte len = 0; + + WOLFSSL_ENTER("wolfSSL_get_finished"); + + if (!ssl || !buf || count < TLS_FINISHED_SZ) { + WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - return CheckSslMethodVersion(ctx->method->version.major, ctx->mask); + if (ssl->options.side == WOLFSSL_SERVER_END) { + len = ssl->serverFinished_len; + XMEMCPY(buf, ssl->serverFinished, len); + } + else { + len = ssl->clientFinished_len; + XMEMCPY(buf, ssl->clientFinished, len); + } + return len; } -/* Sets the min protocol version allowed with WOLFSSL_CTX - * returns WOLFSSL_SUCCESS on success */ -int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) +size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count) { - int ret; - int proto = 0; - int maxProto = 0; - int i; - int idx = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_set_min_proto_version"); + byte len = 0; + WOLFSSL_ENTER("wolfSSL_get_peer_finished"); - if (ctx == NULL) { + if (!ssl || !buf || count < TLS_FINISHED_SZ) { + WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - if (version != 0) { - proto = version; - ctx->minProto = 0; /* turn min proto flag off */ - for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { - if (protoVerTbl[i] == version) { - break; - } - } - } - else { - /* when 0 is specified as version, try to find out the min version */ - for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { - ret = Set_CTX_min_proto_version(ctx, protoVerTbl[i]); - if (ret == WOLFSSL_SUCCESS) { - proto = protoVerTbl[i]; - ctx->minProto = 1; /* turn min proto flag on */ - break; - } - } - } - /* check case where max > min , if so then clear the NO_* options - * i is the index into the table for proto version used, see if the max - * proto version index found is smaller */ - maxProto = wolfSSL_CTX_get_max_proto_version(ctx); - for (idx = 0; (unsigned)idx < NUMBER_OF_PROTOCOLS; idx++) { - if (protoVerTbl[idx] == maxProto) { - break; - } + if (ssl->options.side == WOLFSSL_CLIENT_END) { + len = ssl->serverFinished_len; + XMEMCPY(buf, ssl->serverFinished, len); } - if (idx < i) { - wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_TLSv1 | - WOLFSSL_OP_NO_TLSv1_1 | WOLFSSL_OP_NO_TLSv1_2 | - WOLFSSL_OP_NO_TLSv1_3); + else { + len = ssl->clientFinished_len; + XMEMCPY(buf, ssl->clientFinished, len); } - ret = Set_CTX_min_proto_version(ctx, proto); - return ret; + return len; } +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ -/** - * wolfSSL_CTX_set_max_proto_version attempts to set the maximum protocol - * version to use by SSL objects created from this WOLFSSL_CTX. - * This API guarantees that a version of SSL/TLS higher than specified - * here will not be allowed. If the version specified is not compiled in - * then this API sets the highest compiled in protocol version. - * This API also accept 0 as version, to set the maximum version automatically. - * CheckSslMethodVersion() is called to check if any remaining protocol versions - * are enabled. - * @param ctx The wolfSSL CONTEXT factory for spawning SSL/TLS objects - * @param ver Any of the following - * * 0 - * * SSL3_VERSION - * * TLS1_VERSION - * * TLS1_1_VERSION - * * TLS1_2_VERSION - * * TLS1_3_VERSION - * * DTLS1_VERSION - * * DTLS1_2_VERSION - * @return WOLFSSL_SUCCESS on valid settings and WOLFSSL_FAILURE when no - * protocol versions are left enabled. - */ -static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) +long wolfSSL_get_verify_result(const WOLFSSL *ssl) { - int ret; - WOLFSSL_ENTER("Set_CTX_max_proto_version"); - - if (!ctx || !ctx->method) { - WOLFSSL_MSG("Bad parameter"); + if (ssl == NULL) { return WOLFSSL_FAILURE; } - switch (ver) { - case SSL2_VERSION: - WOLFSSL_MSG("wolfSSL does not support SSLv2"); - return WOLFSSL_FAILURE; -#ifndef NO_TLS - case SSL3_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1); - FALL_THROUGH; - case TLS1_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_1); - FALL_THROUGH; - case TLS1_1_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2); - FALL_THROUGH; - case TLS1_2_VERSION: - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_3); - FALL_THROUGH; - case TLS1_3_VERSION: - /* Nothing to do here */ - break; -#endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - case DTLS1_2_VERSION: - break; + return ssl->peerVerifyRet; +} #endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); - return WOLFSSL_FAILURE; - } - - ret = CheckSslMethodVersion(ctx->method->version.major, ctx->mask); - if (ret == WOLFSSL_SUCCESS) { - /* Check the major */ - switch (ver) { - #ifndef NO_TLS - case SSL3_VERSION: - case TLS1_VERSION: - case TLS1_1_VERSION: - case TLS1_2_VERSION: - case TLS1_3_VERSION: - if (ctx->method->version.major != SSLv3_MAJOR) { - WOLFSSL_MSG("Mismatched protocol version"); - return WOLFSSL_FAILURE; - } - break; - #endif - #ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - case DTLS1_2_VERSION: - if (ctx->method->version.major != DTLS_MAJOR) { - WOLFSSL_MSG("Mismatched protocol version"); - return WOLFSSL_FAILURE; - } - break; - #endif - } - /* Update the method */ - switch (ver) { - case SSL2_VERSION: - WOLFSSL_MSG("wolfSSL does not support SSLv2"); - return WOLFSSL_FAILURE; - #ifndef NO_TLS - case SSL3_VERSION: - ctx->method->version.minor = SSLv3_MINOR; - break; - case TLS1_VERSION: - ctx->method->version.minor = TLSv1_MINOR; - break; - case TLS1_1_VERSION: - ctx->method->version.minor = TLSv1_1_MINOR; - break; - case TLS1_2_VERSION: - ctx->method->version.minor = TLSv1_2_MINOR; - break; - case TLS1_3_VERSION: - ctx->method->version.minor = TLSv1_3_MINOR; - break; - #endif - #ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - ctx->method->version.minor = DTLS_MINOR; - break; - case DTLS1_2_VERSION: - ctx->method->version.minor = DTLSv1_2_MINOR; - break; - #endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); - return WOLFSSL_FAILURE; - } - } - return ret; -} +#ifdef OPENSSL_EXTRA -/* Sets the max protocol version allowed with WOLFSSL_CTX - * returns WOLFSSL_SUCCESS on success */ -int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) +#ifndef NO_WOLFSSL_STUB +/* shows the number of accepts attempted by CTX in it's lifetime */ +long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { - int i; - int ret = WOLFSSL_FAILURE; - int minProto; + WOLFSSL_STUB("wolfSSL_CTX_sess_accept"); + (void)ctx; + return 0; +} +#endif - WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version"); +#ifndef NO_WOLFSSL_STUB +/* shows the number of connects attempted CTX in it's lifetime */ +long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_connect"); + (void)ctx; + return 0; +} +#endif - if (ctx == NULL) { - return ret; - } - /* clear out flags and reset min protocol version */ - minProto = wolfSSL_CTX_get_min_proto_version(ctx); - wolfSSL_CTX_clear_options(ctx, - WOLFSSL_OP_NO_TLSv1 | WOLFSSL_OP_NO_TLSv1_1 | - WOLFSSL_OP_NO_TLSv1_2 | WOLFSSL_OP_NO_TLSv1_3); - wolfSSL_CTX_set_min_proto_version(ctx, minProto); - if (version != 0) { - ctx->maxProto = 0; /* turn max proto flag off */ - return Set_CTX_max_proto_version(ctx, version); - } +#ifndef NO_WOLFSSL_STUB +/* shows the number of accepts completed by CTX in it's lifetime */ +long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_accept_good"); + (void)ctx; + return 0; +} +#endif - /* when 0 is specified as version, try to find out the min version from - * the bottom to top of the protoverTbl. - */ - for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) { - ret = Set_CTX_max_proto_version(ctx, protoVerTbl[i]); - if (ret == WOLFSSL_SUCCESS) { - ctx->maxProto = 1; /* turn max proto flag on */ - break; - } - } - return ret; +#ifndef NO_WOLFSSL_STUB +/* shows the number of connects completed by CTX in it's lifetime */ +long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_connect_good"); + (void)ctx; + return 0; } +#endif -static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver) +#ifndef NO_WOLFSSL_STUB +/* shows the number of renegotiation accepts attempted by CTX */ +long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx) { - WOLFSSL_ENTER("Set_SSL_min_proto_version"); + WOLFSSL_STUB("wolfSSL_CTX_sess_accept_renegotiate"); + (void)ctx; + return 0; +} +#endif - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - switch (ver) { -#ifndef NO_TLS - case SSL3_VERSION: -#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) - ssl->options.minDowngrade = SSLv3_MINOR; - break; -#endif - case TLS1_VERSION: - #ifdef WOLFSSL_ALLOW_TLSV10 - ssl->options.minDowngrade = TLSv1_MINOR; - break; - #endif - case TLS1_1_VERSION: - #ifndef NO_OLD_TLS - ssl->options.minDowngrade = TLSv1_1_MINOR; - break; - #endif - case TLS1_2_VERSION: - #ifndef WOLFSSL_NO_TLS12 - ssl->options.minDowngrade = TLSv1_2_MINOR; - break; - #endif - case TLS1_3_VERSION: - #ifdef WOLFSSL_TLS13 - ssl->options.minDowngrade = TLSv1_3_MINOR; - break; - #endif -#endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - #ifndef NO_OLD_TLS - ssl->options.minDowngrade = DTLS_MINOR; - break; - #endif - case DTLS1_2_VERSION: - ssl->options.minDowngrade = DTLSv1_2_MINOR; - break; +#ifndef NO_WOLFSSL_STUB +/* shows the number of renegotiation accepts attempted by CTX */ +long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_connect_renegotiate"); + (void)ctx; + return 0; +} #endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); - return WOLFSSL_FAILURE; - } - switch (ver) { -#ifndef NO_TLS - case TLS1_3_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_2; - FALL_THROUGH; - case TLS1_2_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_1; - FALL_THROUGH; - case TLS1_1_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1; - FALL_THROUGH; - case TLS1_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_SSLv3; - break; - case SSL3_VERSION: - case SSL2_VERSION: - /* Nothing to do here */ - break; + +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_hits"); + (void)ctx; + return 0; +} #endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - case DTLS1_2_VERSION: - break; + + +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_cb_hits"); + (void)ctx; + return 0; +} #endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); - return WOLFSSL_FAILURE; - } - return CheckSslMethodVersion(ssl->version.major, ssl->options.mask); + +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx) +{ + WOLFSSL_STUB("wolfSSL_CTX_sess_cache_full"); + (void)ctx; + return 0; } +#endif -int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version) + +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx) { - int i; - int ret = WOLFSSL_FAILURE;; + WOLFSSL_STUB("wolfSSL_CTX_sess_misses"); + (void)ctx; + return 0; +} +#endif - WOLFSSL_ENTER("wolfSSL_set_min_proto_version"); - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - if (version != 0) { - return Set_SSL_min_proto_version(ssl, version); - } - - /* when 0 is specified as version, try to find out the min version */ - for (i= 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) { - ret = Set_SSL_min_proto_version(ssl, protoVerTbl[i]); - if (ret == WOLFSSL_SUCCESS) - break; - } - - return ret; -} - -static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver) +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx) { + WOLFSSL_STUB("wolfSSL_CTX_sess_timeouts"); + (void)ctx; + return 0; +} +#endif - WOLFSSL_ENTER("Set_SSL_max_proto_version"); +#ifndef NO_CERTS - if (!ssl) { - WOLFSSL_MSG("Bad parameter"); +long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg) +{ + if (ctx == NULL || ctx->cm == NULL) { return WOLFSSL_FAILURE; } - switch (ver) { - case SSL2_VERSION: - WOLFSSL_MSG("wolfSSL does not support SSLv2"); - return WOLFSSL_FAILURE; -#ifndef NO_TLS - case SSL3_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1; - FALL_THROUGH; - case TLS1_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_1; - FALL_THROUGH; - case TLS1_1_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_2; - FALL_THROUGH; - case TLS1_2_VERSION: - ssl->options.mask |= WOLFSSL_OP_NO_TLSv1_3; - FALL_THROUGH; - case TLS1_3_VERSION: - /* Nothing to do here */ - break; -#endif -#ifdef WOLFSSL_DTLS - case DTLS1_VERSION: - case DTLS1_2_VERSION: - break; -#endif - default: - WOLFSSL_MSG("Unrecognized protocol version or not compiled in"); + ctx->cm->ocspIOCtx = arg; + return WOLFSSL_SUCCESS; +} + +#endif /* !NO_CERTS */ + +int wolfSSL_get_read_ahead(const WOLFSSL* ssl) +{ + if (ssl == NULL) { return WOLFSSL_FAILURE; } - return CheckSslMethodVersion(ssl->version.major, ssl->options.mask); + return ssl->readAhead; } -int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version) -{ - int i; - int ret = WOLFSSL_FAILURE;; - - WOLFSSL_ENTER("wolfSSL_set_max_proto_version"); +int wolfSSL_set_read_ahead(WOLFSSL* ssl, int v) +{ if (ssl == NULL) { return WOLFSSL_FAILURE; } - if (version != 0) { - return Set_SSL_max_proto_version(ssl, version); - } - /* when 0 is specified as version, try to find out the min version from - * the bottom to top of the protoverTbl. - */ - for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) { - ret = Set_SSL_max_proto_version(ssl, protoVerTbl[i]); - if (ret == WOLFSSL_SUCCESS) - break; - } + ssl->readAhead = (byte)v; - return ret; + return WOLFSSL_SUCCESS; } -static int GetMinProtoVersion(int minDowngrade) -{ - int ret; - switch (minDowngrade) { -#ifndef NO_OLD_TLS - #ifdef WOLFSSL_ALLOW_SSLV3 - case SSLv3_MINOR: - ret = SSL3_VERSION; - break; - #endif - #ifdef WOLFSSL_ALLOW_TLSV10 - case TLSv1_MINOR: - ret = TLS1_VERSION; - break; - #endif - case TLSv1_1_MINOR: - ret = TLS1_1_VERSION; - break; -#endif -#ifndef WOLFSSL_NO_TLS12 - case TLSv1_2_MINOR: - ret = TLS1_2_VERSION; - break; -#endif -#ifdef WOLFSSL_TLS13 - case TLSv1_3_MINOR: - ret = TLS1_3_VERSION; - break; -#endif - default: - ret = 0; - break; +int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) +{ + if (ctx == NULL) { + return WOLFSSL_FAILURE; } - return ret; + return ctx->readAhead; } -int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx) -{ - int ret = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_get_min_proto_version"); - if (ctx != NULL) { - if (ctx->minProto) { - ret = 0; - } - else { - ret = GetMinProtoVersion(ctx->minDowngrade); - } - } - else { - ret = GetMinProtoVersion(WOLFSSL_MIN_DOWNGRADE); +int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v) +{ + if (ctx == NULL) { + return WOLFSSL_FAILURE; } - WOLFSSL_LEAVE("wolfSSL_CTX_get_min_proto_version", ret); - - return ret; -} - + ctx->readAhead = (byte)v; -/* returns the maximum allowed protocol version given the 'options' used - * returns WOLFSSL_FATAL_ERROR on no match */ -static int GetMaxProtoVersion(long options) -{ -#ifndef NO_TLS -#ifdef WOLFSSL_TLS13 - if (!(options & WOLFSSL_OP_NO_TLSv1_3)) - return TLS1_3_VERSION; -#endif -#ifndef WOLFSSL_NO_TLS12 - if (!(options & WOLFSSL_OP_NO_TLSv1_2)) - return TLS1_2_VERSION; -#endif -#ifndef NO_OLD_TLS - if (!(options & WOLFSSL_OP_NO_TLSv1_1)) - return TLS1_1_VERSION; - #ifdef WOLFSSL_ALLOW_TLSV10 - if (!(options & WOLFSSL_OP_NO_TLSv1)) - return TLS1_VERSION; - #endif - #ifdef WOLFSSL_ALLOW_SSLV3 - if (!(options & WOLFSSL_OP_NO_SSLv3)) - return SSL3_VERSION; - #endif -#endif -#else - (void)options; -#endif /* NO_TLS */ - return WOLFSSL_FATAL_ERROR; + return WOLFSSL_SUCCESS; } -/* returns the maximum protocol version for 'ctx' */ -int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) +long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx, + void* arg) { - int ret = 0; - long options = 0; /* default to nothing set */ - - WOLFSSL_ENTER("wolfSSL_CTX_get_max_proto_version"); - - if (ctx != NULL) { - options = wolfSSL_CTX_get_options(ctx); - } - - if ((ctx != NULL) && ctx->maxProto) { - ret = 0; - } - else { - ret = GetMaxProtoVersion(options); + if (ctx == NULL) { + return WOLFSSL_FAILURE; } - WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret); - - if (ret == WOLFSSL_FATAL_ERROR) { - WOLFSSL_MSG("Error getting max proto version"); - ret = 0; /* setting ret to 0 to match compat return */ - } - return ret; + ctx->userPRFArg = arg; + return WOLFSSL_SUCCESS; } + #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(HAVE_SECRET_CALLBACK) -#if !defined(NO_WOLFSSL_CLIENT) -/* Return the amount of random bytes copied over or error case. - * ssl : ssl struct after handshake - * out : buffer to hold random bytes - * outSz : either 0 (return max buffer sz) or size of out buffer - */ -size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, - size_t outSz) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +int wolfSSL_sk_num(const WOLFSSL_STACK* sk) { - size_t size; - - /* return max size of buffer */ - if (outSz == 0) { - return RAN_LEN; - } - - if (ssl == NULL || out == NULL) { + WOLFSSL_ENTER("wolfSSL_sk_num"); + if (sk == NULL) return 0; - } + return (int)sk->num; +} - if (ssl->arrays == NULL) { - WOLFSSL_MSG("Arrays struct not saved after handshake"); - return 0; - } +void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_value"); - if (outSz > RAN_LEN) { - size = RAN_LEN; - } - else { - size = outSz; - } + for (; sk != NULL && i > 0; i--) + sk = sk->next; + if (sk == NULL) + return NULL; - XMEMCPY(out, ssl->arrays->clientRandom, size); - return size; -} -#endif /* !NO_WOLFSSL_CLIENT */ -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ - -#ifdef OPENSSL_EXTRA - - unsigned long wolfSSLeay(void) - { - return SSLEAY_VERSION_NUMBER; - } - - unsigned long wolfSSL_OpenSSL_version_num(void) - { - return OPENSSL_VERSION_NUMBER; + switch (sk->type) { + case STACK_TYPE_X509: + return (void*)sk->data.x509; + case STACK_TYPE_GEN_NAME: + return (void*)sk->data.gn; + case STACK_TYPE_BIO: + return (void*)sk->data.bio; + case STACK_TYPE_OBJ: + return (void*)sk->data.obj; + case STACK_TYPE_STRING: + return (void*)sk->data.string; + case STACK_TYPE_CIPHER: + return (void*)&sk->data.cipher; + case STACK_TYPE_ACCESS_DESCRIPTION: + return (void*)sk->data.access; + case STACK_TYPE_X509_EXT: + return (void*)sk->data.ext; + case STACK_TYPE_X509_REQ_ATTR: + return (void*)sk->data.generic; + case STACK_TYPE_NULL: + return (void*)sk->data.generic; + case STACK_TYPE_X509_NAME: + return (void*)sk->data.name; + case STACK_TYPE_X509_NAME_ENTRY: + return (void*)sk->data.name_entry; + case STACK_TYPE_CONF_VALUE: + #ifdef OPENSSL_EXTRA + return (void*)sk->data.conf; + #else + return NULL; + #endif + case STACK_TYPE_X509_INFO: + return (void*)sk->data.info; + case STACK_TYPE_BY_DIR_entry: + return (void*)sk->data.dir_entry; + case STACK_TYPE_BY_DIR_hash: + return (void*)sk->data.dir_hash; + case STACK_TYPE_X509_OBJ: + return (void*)sk->data.x509_obj; + case STACK_TYPE_DIST_POINT: + return (void*)sk->data.dp; + case STACK_TYPE_X509_CRL: + return (void*)sk->data.crl; + default: + return (void*)sk->data.generic; } +} - const char* wolfSSLeay_version(int type) - { - (void)type; -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - return wolfSSL_OpenSSL_version(type); -#else - return wolfSSL_OpenSSL_version(); -#endif - } -#endif /* OPENSSL_EXTRA */ +/* copies over data of "in" to "out" */ +static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out) +{ + if (in == NULL || out == NULL) + return; -#ifdef OPENSSL_EXTRA - void wolfSSL_ERR_free_strings(void) - { - /* handled internally */ - } + *out = *in; +} - void wolfSSL_cleanup_all_ex_data(void) - { - /* nothing to do here */ - } +WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) +{ -#endif /* OPENSSL_EXTRA */ + WOLFSSL_STACK* ret = NULL; + WOLFSSL_STACK* last = NULL; -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || \ - defined(HAVE_CURL) - void wolfSSL_ERR_clear_error(void) - { - WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); - #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - wc_ClearErrorNodes(); - #endif - } -#endif + WOLFSSL_ENTER("wolfSSL_sk_dup"); -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - int wolfSSL_clear(WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_clear"); + while (sk) { + WOLFSSL_STACK* cur = wolfSSL_sk_new_node(sk->heap); - if (ssl == NULL) { - return WOLFSSL_FAILURE; + if (!cur) { + WOLFSSL_MSG("wolfSSL_sk_new_node error"); + goto error; } - if (!ssl->options.handShakeDone) { - /* Only reset the session if we didn't complete a handshake */ - wolfSSL_FreeSession(ssl->ctx, ssl->session); - ssl->session = wolfSSL_NewSession(ssl->heap); - if (ssl->session == NULL) { - return WOLFSSL_FAILURE; - } + if (!ret) { + /* Set first node */ + ret = cur; } - /* reset error */ - ssl->error = 0; + if (last) { + last->next = cur; + } - /* reset option bits */ - ssl->options.isClosed = 0; - ssl->options.connReset = 0; - ssl->options.sentNotify = 0; - ssl->options.closeNotify = 0; - ssl->options.sendVerify = 0; - ssl->options.serverState = NULL_STATE; - ssl->options.clientState = NULL_STATE; - ssl->options.connectState = CONNECT_BEGIN; - ssl->options.acceptState = ACCEPT_BEGIN; - ssl->options.handShakeState = NULL_STATE; - ssl->options.handShakeDone = 0; - ssl->options.processReply = 0; /* doProcessInit */ - ssl->options.havePeerVerify = 0; - ssl->options.havePeerCert = 0; - ssl->options.peerAuthGood = 0; - ssl->options.tls1_3 = 0; - ssl->options.haveSessionId = 0; - ssl->options.tls = 0; - ssl->options.tls1_1 = 0; - #ifdef WOLFSSL_DTLS - ssl->options.dtlsStateful = 0; - #endif - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - ssl->options.noPskDheKe = 0; - #ifdef HAVE_SUPPORTED_CURVES - ssl->options.onlyPskDheKe = 0; - #endif - #endif - #ifdef HAVE_SESSION_TICKET - #ifdef WOLFSSL_TLS13 - ssl->options.ticketsSent = 0; - #endif - ssl->options.rejectTicket = 0; - #endif - #ifdef WOLFSSL_EARLY_DATA - ssl->earlyData = no_early_data; - ssl->earlyDataSz = 0; - #endif + XMEMCPY(cur, sk, sizeof(WOLFSSL_STACK)); - #if defined(HAVE_TLS_EXTENSIONS) && !defined(NO_TLS) - TLSX_FreeAll(ssl->extensions, ssl->heap); - ssl->extensions = NULL; - #endif + /* We will allocate new memory for this */ + XMEMSET(&cur->data, 0, sizeof(cur->data)); + cur->next = NULL; - if (ssl->keys.encryptionOn) { - ForceZero(ssl->buffers.inputBuffer.buffer - - ssl->buffers.inputBuffer.offset, - ssl->buffers.inputBuffer.bufferSize); - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(ssl->buffers.inputBuffer.buffer - - ssl->buffers.inputBuffer.offset, - ssl->buffers.inputBuffer.bufferSize); - #endif + switch (sk->type) { + case STACK_TYPE_X509: + if (!sk->data.x509) + break; + cur->data.x509 = wolfSSL_X509_dup(sk->data.x509); + if (!cur->data.x509) { + WOLFSSL_MSG("wolfSSL_X509_dup error"); + goto error; + } + break; + case STACK_TYPE_CIPHER: + wolfSSL_CIPHER_copy(&sk->data.cipher, &cur->data.cipher); + break; + case STACK_TYPE_GEN_NAME: + if (!sk->data.gn) + break; + cur->data.gn = wolfSSL_GENERAL_NAME_dup(sk->data.gn); + if (!cur->data.gn) { + WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error"); + goto error; + } + break; + case STACK_TYPE_OBJ: + if (!sk->data.obj) + break; + cur->data.obj = wolfSSL_ASN1_OBJECT_dup(sk->data.obj); + if (!cur->data.obj) { + WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup error"); + goto error; + } + break; + case STACK_TYPE_BIO: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + WOLFSSL_MSG("Unsupported stack type"); + goto error; } - ssl->keys.encryptionOn = 0; - XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); - if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; + sk = sk->next; + last = cur; + } + return ret; - if (InitHandshakeHashes(ssl) != 0) - return WOLFSSL_FAILURE; +error: + if (ret) { + wolfSSL_sk_GENERAL_NAME_free(ret); + } + return NULL; +} -#ifdef KEEP_PEER_CERT - FreeX509(&ssl->peerCert); - InitX509(&ssl->peerCert, 0, ssl->heap); -#endif -#ifdef WOLFSSL_QUIC - wolfSSL_quic_clear(ssl); -#endif +WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk) +{ - return WOLFSSL_SUCCESS; - } + WOLFSSL_STACK* ret = NULL; + WOLFSSL_STACK** prev = &ret; -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + WOLFSSL_ENTER("wolfSSL_shallow_sk_dup"); -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) - long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode) - { - /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ + for (; sk != NULL; sk = sk->next) { + WOLFSSL_STACK* cur = wolfSSL_sk_new_node(sk->heap); - WOLFSSL_ENTER("wolfSSL_CTX_set_mode"); - switch(mode) { - case SSL_MODE_ENABLE_PARTIAL_WRITE: - ctx->partialWrite = 1; - break; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - case SSL_MODE_RELEASE_BUFFERS: - WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); - break; - #endif - case SSL_MODE_AUTO_RETRY: - ctx->autoRetry = 1; - break; - default: - WOLFSSL_MSG("Mode Not Implemented"); + if (!cur) { + WOLFSSL_MSG("wolfSSL_sk_new_node error"); + goto error; } - /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ + XMEMCPY(cur, sk, sizeof(WOLFSSL_STACK)); + cur->next = NULL; - return mode; + *prev = cur; + prev = &cur->next; } + return ret; - long wolfSSL_CTX_clear_mode(WOLFSSL_CTX* ctx, long mode) - { - /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ - - WOLFSSL_ENTER("wolfSSL_CTX_clear_mode"); - switch(mode) { - case SSL_MODE_ENABLE_PARTIAL_WRITE: - ctx->partialWrite = 0; - break; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - case SSL_MODE_RELEASE_BUFFERS: - WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); - break; - #endif - case SSL_MODE_AUTO_RETRY: - ctx->autoRetry = 0; - break; - default: - WOLFSSL_MSG("Mode Not Implemented"); - } +error: + if (ret) { + wolfSSL_sk_free(ret); + } + return NULL; +} - /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ +/* Free the just the stack structure */ +void wolfSSL_sk_free(WOLFSSL_STACK* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_free"); - return 0; + while (sk != NULL) { + WOLFSSL_STACK* next = sk->next; + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + sk = next; } -#endif - -#ifdef WOLFSSL_SESSION_ID_CTX - /* Storing app session context id, this value is inherited by WOLFSSL - * objects created from WOLFSSL_CTX. Any session that is imported with a - * different session context id will be rejected. - * - * ctx structure to set context in - * sid_ctx value of context to set - * sid_ctx_len length of sid_ctx buffer - * - * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing - */ - int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, - const unsigned char* sid_ctx, - unsigned int sid_ctx_len) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_session_id_context"); +} - /* No application specific context needed for wolfSSL */ - if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) { - return WOLFSSL_FAILURE; - } - XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len); - ctx->sessionCtxSz = (byte)sid_ctx_len; +/* Frees each node in the stack and frees the stack. + */ +void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, + void (*f) (void*)) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERIC_pop_free"); + wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); +} - return WOLFSSL_SUCCESS; - } +/* return 1 on success 0 on fail */ +int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push"); + return wolfSSL_sk_push(sk, generic); +} +void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk) +{ + wolfSSL_sk_free(sk); +} +/* Pop off data from the stack. Checks that the type matches the stack type. + * + * @param [in, out] sk Stack of objects. + * @param [in] type Type of stack. + * @return Object on success. + * @return NULL when stack is NULL or no nodes left in stack. + */ +void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type) +{ + WOLFSSL_STACK* node; + void* data = NULL; - /* Storing app session context id. Any session that is imported with a - * different session context id will be rejected. - * - * ssl structure to set context in - * id value of context to set - * len length of sid_ctx buffer - * - * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing - */ - int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, - unsigned int len) - { - WOLFSSL_ENTER("wolfSSL_set_session_id_context"); + /* Check we have a stack passed in of the right type. */ + if ((sk != NULL) && (sk->type == type)) { + /* Get the next node to become the new first node. */ + node = sk->next; + /* Get the ASN.1 OBJECT_ID object in the first node. */ + data = sk->data.generic; - if (len > ID_LEN || ssl == NULL || id == NULL) { - return WOLFSSL_FAILURE; + /* Check whether there is a next node. */ + if (node != NULL) { + /* Move content out of next node into current node. */ + sk->data.obj = node->data.obj; + sk->next = node->next; + /* Dispose of node. */ + XFREE(node, NULL, DYNAMIC_TYPE_ASN1); + } + else { + /* No more nodes - clear out data. */ + sk->data.obj = NULL; } - XMEMCPY(ssl->sessionCtx, id, len); - ssl->sessionCtxSz = (byte)len; - return WOLFSSL_SUCCESS; + /* Decrement count as long as we thought we had nodes. */ + if (sk->num > 0) { + sk->num -= 1; + } } -#endif - -#ifdef OPENSSL_EXTRA - #ifndef NO_WOLFSSL_STUB - long wolfSSL_SSL_get_mode(WOLFSSL* ssl) - { - /* TODO: */ - (void)ssl; - WOLFSSL_STUB("SSL_get_mode"); - return 0; - } - #endif + return data; +} - #ifndef NO_WOLFSSL_STUB - long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx) - { - /* TODO: */ - (void)ctx; - WOLFSSL_STUB("SSL_CTX_get_mode"); - return 0; - } - #endif +/* Free all nodes in a stack including the pushed objects */ +void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, + wolfSSL_sk_freefunc func) +{ + WOLFSSL_ENTER("wolfSSL_sk_pop_free"); - #ifndef NO_WOLFSSL_STUB - void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m) - { - /* TODO: maybe? */ - (void)ctx; - (void)m; - WOLFSSL_STUB("SSL_CTX_set_default_read_ahead"); + if (sk == NULL) { + /* pop_free can be called with NULL, do not print bad argument */ + return; } - #endif - - - long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) - { - (void)ctx; - #ifndef NO_SESSION_CACHE - return (long)(SESSIONS_PER_ROW * SESSION_ROWS); - #else - return 0; - #endif + #if defined(WOLFSSL_QT) + /* In Qt v15.5, it calls OPENSSL_sk_free(xxx, OPENSSL_sk_free). + * By using OPENSSL_sk_free for free causes access violation. + * Therefore, switching free func to wolfSSL_ACCESS_DESCRIPTION_free + * is needed even the func isn't NULL. + */ + if (sk->type == STACK_TYPE_ACCESS_DESCRIPTION) { + func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free; } - - - /* returns the unsigned error value and increments the pointer into the - * error queue. - * - * file pointer to file name - * line gets set to line number of error when not NULL - */ - unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line) - { - #ifdef WOLFSSL_HAVE_ERROR_QUEUE - int ret = wc_PullErrorNode(file, NULL, line); - if (ret < 0) { - if (ret == BAD_STATE_E) return 0; /* no errors in queue */ - WOLFSSL_MSG("Issue getting error node"); - WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret); - ret = 0 - ret; /* return absolute value of error */ - - /* panic and try to clear out nodes */ - wc_ClearErrorNodes(); - } - return (unsigned long)ret; - #else - (void)file; - (void)line; - - return 0; #endif - } - - -#if (defined(DEBUG_WOLFSSL) || defined(OPENSSL_EXTRA)) && \ - (!defined(_WIN32) && !defined(NO_ERROR_QUEUE)) - static const char WOLFSSL_SYS_ACCEPT_T[] = "accept"; - static const char WOLFSSL_SYS_BIND_T[] = "bind"; - static const char WOLFSSL_SYS_CONNECT_T[] = "connect"; - static const char WOLFSSL_SYS_FOPEN_T[] = "fopen"; - static const char WOLFSSL_SYS_FREAD_T[] = "fread"; - static const char WOLFSSL_SYS_GETADDRINFO_T[] = "getaddrinfo"; - static const char WOLFSSL_SYS_GETSOCKOPT_T[] = "getsockopt"; - static const char WOLFSSL_SYS_GETSOCKNAME_T[] = "getsockname"; - static const char WOLFSSL_SYS_GETHOSTBYNAME_T[] = "gethostbyname"; - static const char WOLFSSL_SYS_GETNAMEINFO_T[] = "getnameinfo"; - static const char WOLFSSL_SYS_GETSERVBYNAME_T[] = "getservbyname"; - static const char WOLFSSL_SYS_IOCTLSOCKET_T[] = "ioctlsocket"; - static const char WOLFSSL_SYS_LISTEN_T[] = "listen"; - static const char WOLFSSL_SYS_OPENDIR_T[] = "opendir"; - static const char WOLFSSL_SYS_SETSOCKOPT_T[] = "setsockopt"; - static const char WOLFSSL_SYS_SOCKET_T[] = "socket"; - - /* switch with int mapped to function name for compatibility */ - static const char* wolfSSL_ERR_sys_func(int fun) - { - switch (fun) { - case WOLFSSL_SYS_ACCEPT: return WOLFSSL_SYS_ACCEPT_T; - case WOLFSSL_SYS_BIND: return WOLFSSL_SYS_BIND_T; - case WOLFSSL_SYS_CONNECT: return WOLFSSL_SYS_CONNECT_T; - case WOLFSSL_SYS_FOPEN: return WOLFSSL_SYS_FOPEN_T; - case WOLFSSL_SYS_FREAD: return WOLFSSL_SYS_FREAD_T; - case WOLFSSL_SYS_GETADDRINFO: return WOLFSSL_SYS_GETADDRINFO_T; - case WOLFSSL_SYS_GETSOCKOPT: return WOLFSSL_SYS_GETSOCKOPT_T; - case WOLFSSL_SYS_GETSOCKNAME: return WOLFSSL_SYS_GETSOCKNAME_T; - case WOLFSSL_SYS_GETHOSTBYNAME: return WOLFSSL_SYS_GETHOSTBYNAME_T; - case WOLFSSL_SYS_GETNAMEINFO: return WOLFSSL_SYS_GETNAMEINFO_T; - case WOLFSSL_SYS_GETSERVBYNAME: return WOLFSSL_SYS_GETSERVBYNAME_T; - case WOLFSSL_SYS_IOCTLSOCKET: return WOLFSSL_SYS_IOCTLSOCKET_T; - case WOLFSSL_SYS_LISTEN: return WOLFSSL_SYS_LISTEN_T; - case WOLFSSL_SYS_OPENDIR: return WOLFSSL_SYS_OPENDIR_T; - case WOLFSSL_SYS_SETSOCKOPT: return WOLFSSL_SYS_SETSOCKOPT_T; - case WOLFSSL_SYS_SOCKET: return WOLFSSL_SYS_SOCKET_T; + if (func == NULL) { + switch(sk->type) { + case STACK_TYPE_ACCESS_DESCRIPTION: + #if defined(OPENSSL_ALL) + func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free; + #endif + break; + case STACK_TYPE_X509: + func = (wolfSSL_sk_freefunc)wolfSSL_X509_free; + break; + case STACK_TYPE_X509_OBJ: + #ifdef OPENSSL_ALL + func = (wolfSSL_sk_freefunc)wolfSSL_X509_OBJECT_free; + #endif + break; + case STACK_TYPE_OBJ: + func = (wolfSSL_sk_freefunc)wolfSSL_ASN1_OBJECT_free; + break; + case STACK_TYPE_DIST_POINT: + #ifdef OPENSSL_EXTRA + func = (wolfSSL_sk_freefunc)wolfSSL_DIST_POINT_free; + #endif + break; + case STACK_TYPE_GEN_NAME: + func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free; + break; + case STACK_TYPE_STRING: + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + func = (wolfSSL_sk_freefunc)wolfSSL_WOLFSSL_STRING_free; + #endif + break; + case STACK_TYPE_X509_NAME: + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_free; + #endif + break; + case STACK_TYPE_X509_NAME_ENTRY: + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_ENTRY_free; + #endif + break; + case STACK_TYPE_X509_EXT: + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free; + #endif + break; + case STACK_TYPE_X509_REQ_ATTR: + #if defined(OPENSSL_ALL) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ)) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free; + #endif + break; + case STACK_TYPE_CONF_VALUE: + #if defined(OPENSSL_ALL) + func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free; + #endif + break; + case STACK_TYPE_X509_INFO: + #if defined(OPENSSL_ALL) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_INFO_free; + #endif + break; + case STACK_TYPE_BIO: +#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) + func = (wolfSSL_sk_freefunc)wolfSSL_BIO_vfree; +#endif + break; + case STACK_TYPE_BY_DIR_entry: +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_entry_free; +#endif + break; + case STACK_TYPE_BY_DIR_hash: +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free; +#endif + break; + case STACK_TYPE_X509_CRL: +#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free; +#endif + break; + case STACK_TYPE_CIPHER: + case STACK_TYPE_NULL: default: - return "NULL"; + break; } } -#endif /* DEBUG_WOLFSSL */ + while (sk != NULL) { + WOLFSSL_STACK* next = sk->next; - void wolfSSL_ERR_put_error(int lib, int fun, int err, const char* file, - int line) - { - WOLFSSL_ENTER("wolfSSL_ERR_put_error"); - - #if !defined(DEBUG_WOLFSSL) && !defined(OPENSSL_EXTRA) - (void)fun; - (void)err; - (void)file; - (void)line; - WOLFSSL_MSG("Not compiled in debug mode"); - #elif defined(OPENSSL_EXTRA) && \ - (defined(_WIN32) || defined(NO_ERROR_QUEUE)) - (void)fun; - (void)file; - (void)line; - WOLFSSL_ERROR(err); - #else - WOLFSSL_ERROR_LINE(err, wolfSSL_ERR_sys_func(fun), (unsigned int)line, - file, NULL); - #endif - (void)lib; + if (func != NULL) { + if (sk->type != STACK_TYPE_CIPHER) + func(sk->data.generic); + } + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + sk = next; } +} +/* Creates a new stack of the requested type. + * + * @param [in] type Type of stack. + * @return Empty stack on success. + * @return NULL when dynamic memory allocation fails. + */ +WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type) +{ + WOLFSSL_STACK* sk; - /* Similar to wolfSSL_ERR_get_error_line but takes in a flags argument for - * more flexibility. - * - * file output pointer to file where error happened - * line output to line number of error - * data output data. Is a string if ERR_TXT_STRING flag is used - * flags output format of output - * - * Returns the error value or 0 if no errors are in the queue - */ - unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, - const char** data, int *flags) - { -#ifdef WOLFSSL_HAVE_ERROR_QUEUE - int ret; - - WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); + /* Allocate a new stack - first node. */ + sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_OPENSSL); + if (sk == NULL) { + WOLFSSL_MSG("WOLFSSL_STACK memory error"); + } + else { + /* Clear node and set type. */ + XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); + sk->type = type; + } - if (flags != NULL) - *flags = ERR_TXT_STRING; /* Clear the flags */ + return sk; +} - ret = wc_PullErrorNode(file, data, line); - if (ret < 0) { - if (ret == BAD_STATE_E) return 0; /* no errors in queue */ - WOLFSSL_MSG("Error with pulling error node!"); - WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret); - ret = 0 - ret; /* return absolute value of error */ +/* Creates and returns a new null stack. */ +WOLFSSL_STACK* wolfSSL_sk_new_null(void) +{ + WOLFSSL_ENTER("wolfSSL_sk_new_null"); - /* panic and try to clear out nodes */ - wc_ClearErrorNodes(); - } + return wolfssl_sk_new_type(STACK_TYPE_NULL); +} - return (unsigned long)ret; -#else - WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); - WOLFSSL_MSG("Error queue turned off, can not get error line"); - (void)file; - (void)line; - (void)data; - (void)flags; +int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk) +{ + if (sk == NULL) return 0; -#endif - } + return (int)sk->num; +} -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#ifdef OPENSSL_EXTRA -#if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \ - (defined(OPENSSL_EXTRA) && defined(SESSION_CERTS)) - /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object. - * - * x509 WOLFSSL_X509 object to decode into. - * in X509 DER data. - * len Length of the X509 DER data. - * returns the new certificate on success, otherwise NULL. - */ - static int DecodeToX509(WOLFSSL_X509* x509, const byte* in, int len) +#if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM) +int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) +{ + int ret = WOLFSSL_FATAL_ERROR; + + WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file"); + if (ssl != NULL && fname != NULL) { - int ret; #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert; + byte staticBuffer[1]; /* force heap usage */ #else - DecodedCert cert[1]; + byte staticBuffer[FILE_BUFFER_SIZE]; #endif - if (x509 == NULL || in == NULL || len <= 0) - return BAD_FUNC_ARG; + byte* myBuffer = staticBuffer; + int dynamic = 0; + XFILE file; + long sz = 0; + WOLFSSL_CTX* ctx = ssl->ctx; + WOLFSSL_X509* peer_cert = &ssl->peerCert; + DerBuffer* fileDer = NULL; - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_DCERT); - if (cert == NULL) - return MEMORY_E; - #endif + file = XFOPEN(fname, "rb"); + if (file == XBADFILE) + return WOLFSSL_BAD_FILE; - /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object. - */ - InitDecodedCert(cert, (byte*)in, len, NULL); - if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) { - /* Check if x509 was not previously initialized by wolfSSL_X509_new() */ - if (x509->dynamicMemory != TRUE) - InitX509(x509, 0, NULL); - ret = CopyDecodedToX509(x509, cert); + if (XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); + return WOLFSSL_BAD_FILE; } - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); - #endif - - return ret; - } -#endif /* (KEEP_PEER_CERT & SESSION_CERTS) || (OPENSSL_EXTRA & SESSION_CERTS) */ - - -#ifdef KEEP_PEER_CERT - WOLFSSL_ABI - WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl) - { - WOLFSSL_X509* ret = NULL; - WOLFSSL_ENTER("wolfSSL_get_peer_certificate"); - if (ssl != NULL) { - if (ssl->peerCert.issuer.sz) - ret = wolfSSL_X509_dup(&ssl->peerCert); -#ifdef SESSION_CERTS - else if (ssl->session->chain.count > 0) { - if (DecodeToX509(&ssl->peerCert, - ssl->session->chain.certs[0].buffer, - ssl->session->chain.certs[0].length) == 0) { - ret = wolfSSL_X509_dup(&ssl->peerCert); - } - } -#endif + sz = XFTELL(file); + if (XFSEEK(file, 0, XSEEK_SET) != 0) { + XFCLOSE(file); + return WOLFSSL_BAD_FILE; } - WOLFSSL_LEAVE("wolfSSL_get_peer_certificate", ret != NULL); - return ret; - } - -#endif /* KEEP_PEER_CERT */ - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) -/* Return stack of peer certs. - * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is. - */ -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); - - if (ssl == NULL) - return NULL; - - /* Try to populate if NULL or empty */ - if (ssl->peerCertChain == NULL || - wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) - wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); - return ssl->peerCertChain; -} - -#ifndef WOLFSSL_QT -static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, - WOLFSSL_X509 *x); -/** - * Recursively push the issuer CA chain onto the stack - * @param cm The cert manager that is queried for the issuer - * @param x This cert's issuer will be queried in cm - * @param sk The issuer is pushed onto this stack - * @return WOLFSSL_SUCCESS on success - * WOLFSSL_FAILURE on no issuer found - * WOLFSSL_FATAL_ERROR on a fatal error - */ -static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm, - WOLFSSL_X509 *x, WOLFSSL_STACK* sk) -{ - WOLFSSL_X509* issuer[MAX_CHAIN_DEPTH]; - int i; - int push = 1; - int ret = WOLFSSL_SUCCESS; - for (i = 0; i < MAX_CHAIN_DEPTH; i++) { - if (x509GetIssuerFromCM(&issuer[i], cm, x) - != WOLFSSL_SUCCESS) - break; - x = issuer[i]; - } - if (i == 0) /* No further chain found */ - return WOLFSSL_FAILURE; - i--; - for (; i >= 0; i--) { - if (push) { - if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) { - wolfSSL_X509_free(issuer[i]); - ret = WOLFSSL_FATAL_ERROR; - push = 0; /* Free the rest of the unpushed certs */ - } - } - else { - wolfSSL_X509_free(issuer[i]); + if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) { + WOLFSSL_MSG("cmp_peer_cert_to_file size error"); + XFCLOSE(file); + return WOLFSSL_BAD_FILE; } - } - return ret; -} -#endif /* !WOLFSSL_QT */ - -/* Builds up and creates a stack of peer certificates for ssl->peerCertChain - based off of the ssl session chain. Attempts to place CA certificates - at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or - NULL on failure */ -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) -{ - WOLFSSL_STACK* sk; - WOLFSSL_X509* x509; - int i = 0; - int ret; - - WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); - if ((ssl == NULL) || (ssl->session->chain.count == 0)) - return NULL; - sk = wolfSSL_sk_X509_new_null(); - i = ssl->session->chain.count-1; - for (; i >= 0; i--) { - x509 = wolfSSL_X509_new_ex(ssl->heap); - if (x509 == NULL) { - WOLFSSL_MSG("Error Creating X509"); - wolfSSL_sk_X509_pop_free(sk, NULL); - return NULL; - } - ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer, - ssl->session->chain.certs[i].length); -#if !defined(WOLFSSL_QT) - if (ret == 0 && i == ssl->session->chain.count-1) { - /* On the last element in the chain try to add the CA chain - * first if we have one for this cert */ - SSL_CM_WARNING(ssl); - if (PushCAx509Chain(SSL_CM(ssl), x509, sk) - == WOLFSSL_FATAL_ERROR) { - ret = WOLFSSL_FATAL_ERROR; - } + if (sz > (long)sizeof(staticBuffer)) { + WOLFSSL_MSG("Getting dynamic buffer"); + myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); + dynamic = 1; } -#endif - if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error decoding cert"); - wolfSSL_X509_free(x509); - wolfSSL_sk_X509_pop_free(sk, NULL); - return NULL; + if ((myBuffer != NULL) && + (sz > 0) && + (XFREAD(myBuffer, 1, (size_t)sz, file) == (size_t)sz) && + (PemToDer(myBuffer, (long)sz, CERT_TYPE, + &fileDer, ctx->heap, NULL, NULL) == 0) && + (fileDer->length != 0) && + (fileDer->length == peer_cert->derCert->length) && + (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer, + fileDer->length) == 0)) + { + ret = 0; } - } - - if (sk == NULL) { - WOLFSSL_MSG("Null session chain"); - } -#if defined(OPENSSL_ALL) - else if (ssl->options.side == WOLFSSL_SERVER_END) { - /* to be compliant with openssl - first element is kept as peer cert on server side.*/ - wolfSSL_sk_X509_pop(sk); - } -#endif - if (ssl->peerCertChain != NULL) - wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); - /* This is Free'd when ssl is Free'd */ - ssl->peerCertChain = sk; - return sk; -} -#endif /* SESSION_CERTS && OPENSSL_EXTRA */ -#ifndef NO_CERTS -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + FreeDer(&fileDer); -/* create a generic wolfSSL stack node - * returns a new WOLFSSL_STACK structure on success */ -WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap) -{ - WOLFSSL_STACK* sk; - WOLFSSL_ENTER("wolfSSL_sk_new_node"); + if (dynamic) + XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); - sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), heap, - DYNAMIC_TYPE_OPENSSL); - if (sk != NULL) { - XMEMSET(sk, 0, sizeof(*sk)); - sk->heap = heap; + XFCLOSE(file); } - return sk; + return ret; } +#endif +#endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +const WOLFSSL_ObjectInfo wolfssl_object_info[] = { +#ifndef NO_CERTS + /* oidCertExtType */ + { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints", + "X509v3 Basic Constraints"}, + { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName", + "X509v3 Subject Alternative Name"}, + { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, + "crlDistributionPoints", "X509v3 CRL Distribution Points"}, + { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess", + "Authority Information Access"}, + { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType, + "authorityKeyIdentifier", "X509v3 Authority Key Identifier"}, + { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType, + "subjectKeyIdentifier", "X509v3 Subject Key Identifier"}, + { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage", + "X509v3 Key Usage"}, + { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType, + "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"}, + { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType, + "extendedKeyUsage", "X509v3 Extended Key Usage"}, + { NID_name_constraints, NAME_CONS_OID, oidCertExtType, + "nameConstraints", "X509v3 Name Constraints"}, + { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, + "certificatePolicies", "X509v3 Certificate Policies"}, -/* free's node but does not free internal data such as in->data.x509 */ -void wolfSSL_sk_free_node(WOLFSSL_STACK* in) -{ - if (in != NULL) { - XFREE(in, in->heap, DYNAMIC_TYPE_OPENSSL); - } -} + /* oidCertAuthInfoType */ + { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP", + "OCSP"}, + { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType, + "caIssuers", "CA Issuers"}, -/* pushes node "in" onto "stack" and returns pointer to the new stack on success - * also handles internal "num" for number of nodes on stack - * return WOLFSSL_SUCCESS on success - */ -int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in) -{ - if (stack == NULL || in == NULL) { - return WOLFSSL_FAILURE; - } + /* oidCertPolicyType */ + { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy", + "X509v3 Any Policy"}, - if (*stack == NULL) { - in->num = 1; - *stack = in; - return WOLFSSL_SUCCESS; - } + /* oidCertAltNameType */ + { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""}, - in->num = (*stack)->num + 1; - in->next = *stack; - *stack = in; - return WOLFSSL_SUCCESS; -} + /* oidCertKeyUseType */ + { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, + "anyExtendedKeyUsage", "Any Extended Key Usage"}, + { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType, + "serverAuth", "TLS Web Server Authentication"}, + { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType, + "clientAuth", "TLS Web Client Authentication"}, + { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType, + "OCSPSigning", "OCSP Signing"}, -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -static WC_INLINE int compare_WOLFSSL_CIPHER( - WOLFSSL_CIPHER *a, - WOLFSSL_CIPHER *b) -{ - if ((a->cipherSuite0 == b->cipherSuite0) && - (a->cipherSuite == b->cipherSuite) && - (a->ssl == b->ssl) && - (XMEMCMP(a->description, b->description, sizeof a->description) == 0) && - (a->offset == b->offset) && - (a->in_stack == b->in_stack) && - (a->bits == b->bits)) - return 0; - else - return -1; -} -#endif /* OPENSSL_ALL || WOLFSSL_QT */ - - -/* return 1 on success 0 on fail */ -int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) -{ - WOLFSSL_STACK* node; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - WOLFSSL_CIPHER ciph; -#endif - WOLFSSL_ENTER("wolfSSL_sk_push"); - - if (!sk) { - return WOLFSSL_FAILURE; - } - - /* Check if empty data */ - switch (sk->type) { - case STACK_TYPE_CIPHER: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* check if entire struct is zero */ - XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); - if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) { - sk->data.cipher = *(WOLFSSL_CIPHER*)data; - sk->num = 1; - if (sk->hash_fn) { - sk->hash = sk->hash_fn(&sk->data.cipher); - } - return WOLFSSL_SUCCESS; - } - break; -#endif - case STACK_TYPE_X509: - case STACK_TYPE_GEN_NAME: - case STACK_TYPE_BIO: - case STACK_TYPE_OBJ: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - /* All other types are pointers */ - if (!sk->data.generic) { - sk->data.generic = (void*)data; - sk->num = 1; -#ifdef OPENSSL_ALL - if (sk->hash_fn) { - sk->hash = sk->hash_fn(sk->data.generic); - } -#endif - return WOLFSSL_SUCCESS; - } - break; - } - - /* stack already has value(s) create a new node and add more */ - node = wolfSSL_sk_new_node(sk->heap); - if (!node) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - - /* push new x509 onto head of stack */ - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->num += 1; - -#ifdef OPENSSL_ALL - node->hash_fn = sk->hash_fn; - node->hash = sk->hash; - sk->hash = 0; -#endif - switch (sk->type) { - case STACK_TYPE_CIPHER: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - node->data.cipher = sk->data.cipher; - sk->data.cipher = *(WOLFSSL_CIPHER*)data; - if (sk->hash_fn) { - sk->hash = sk->hash_fn(&sk->data.cipher); - } - break; -#endif - case STACK_TYPE_X509: - case STACK_TYPE_GEN_NAME: - case STACK_TYPE_BIO: - case STACK_TYPE_OBJ: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - /* All other types are pointers */ - node->data.generic = sk->data.generic; - sk->data.generic = (void*)data; -#ifdef OPENSSL_ALL - if (sk->hash_fn) { - sk->hash = sk->hash_fn(sk->data.generic); - } -#endif - break; - } - - return WOLFSSL_SUCCESS; -} - -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#ifdef OPENSSL_EXTRA - -/* returns the node at index "idx", NULL if not found */ -WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx) -{ - int i; - WOLFSSL_STACK* ret = NULL; - WOLFSSL_STACK* current; - - current = sk; - for (i = 0; i <= idx && current != NULL; i++) { - if (i == idx) { - ret = current; - break; - } - current = current->next; - } - return ret; -} - - -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA - -#if defined(OPENSSL_ALL) - -void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) -{ - unsigned long hash; - - WOLFSSL_ENTER("wolfSSL_lh_retrieve"); - - if (!sk || !data) { - WOLFSSL_MSG("Bad parameters"); - return NULL; - } - - if (!sk->hash_fn) { - WOLFSSL_MSG("No hash function defined"); - return NULL; - } - - hash = sk->hash_fn(data); - - while (sk) { - /* Calc hash if not done so yet */ - if (!sk->hash) { - switch (sk->type) { - case STACK_TYPE_CIPHER: - sk->hash = sk->hash_fn(&sk->data.cipher); - break; - case STACK_TYPE_X509: - case STACK_TYPE_GEN_NAME: - case STACK_TYPE_BIO: - case STACK_TYPE_OBJ: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - sk->hash = sk->hash_fn(sk->data.generic); - break; - } - } - if (sk->hash == hash) { - switch (sk->type) { - case STACK_TYPE_CIPHER: - return &sk->data.cipher; - case STACK_TYPE_X509: - case STACK_TYPE_GEN_NAME: - case STACK_TYPE_BIO: - case STACK_TYPE_OBJ: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - return sk->data.generic; - } - } - sk = sk->next; - } - - return NULL; -} - -#endif /* OPENSSL_ALL */ - -#endif /* OPENSSL_EXTRA */ - -/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function - KEEP_OUR_CERT is to insure ability for returning ssl certificate */ -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - defined(KEEP_OUR_CERT) -WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) -{ - if (ssl == NULL) { - return NULL; - } - - if (ssl->buffers.weOwnCert) { - if (ssl->ourCert == NULL) { - if (ssl->buffers.certificate == NULL) { - WOLFSSL_MSG("Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->buffers.certificate->buffer, - ssl->buffers.certificate->length, - ssl->heap); - #endif - } - return ssl->ourCert; - } - else { /* if cert not owned get parent ctx cert or return null */ - if (ssl->ctx) { - if (ssl->ctx->ourCert == NULL) { - if (ssl->ctx->certificate == NULL) { - WOLFSSL_MSG("Ctx Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->ctx->certificate->buffer, - ssl->ctx->certificate->length, - ssl->heap); - #endif - ssl->ctx->ownOurCert = 1; - } - return ssl->ctx->ourCert; - } - } - - return NULL; -} - -WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) -{ - if (ctx) { - if (ctx->ourCert == NULL) { - if (ctx->certificate == NULL) { - WOLFSSL_MSG("Ctx Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ctx->certificate->buffer, - ctx->certificate->length, ctx->heap); - #endif - ctx->ownOurCert = 1; - } - return ctx->ourCert; - } - return NULL; -} -#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ -#endif /* NO_CERTS */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -void wolfSSL_set_connect_state(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_set_connect_state"); - if (ssl == NULL) { - WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); - return; - } - - #ifndef NO_DH - /* client creates its own DH parameters on handshake */ - if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - } - ssl->buffers.serverDH_P.buffer = NULL; - if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - } - ssl->buffers.serverDH_G.buffer = NULL; - #endif - - if (InitSSL_Side(ssl, WOLFSSL_CLIENT_END) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error initializing client side"); - } -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - - -int wolfSSL_get_shutdown(const WOLFSSL* ssl) -{ - int isShutdown = 0; - - WOLFSSL_ENTER("wolfSSL_get_shutdown"); - - if (ssl) { -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - if (ssl->options.shutdownDone) { - /* The SSL object was possibly cleared with wolfSSL_clear after - * a successful shutdown. Simulate a response for a full - * bidirectional shutdown. */ - isShutdown = WOLFSSL_SENT_SHUTDOWN | WOLFSSL_RECEIVED_SHUTDOWN; - } - else -#endif - { - /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * - * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ - if (ssl->options.sentNotify) - isShutdown |= WOLFSSL_SENT_SHUTDOWN; - if (ssl->options.closeNotify||ssl->options.connReset) - isShutdown |= WOLFSSL_RECEIVED_SHUTDOWN; - } - - } - - WOLFSSL_LEAVE("wolfSSL_get_shutdown", isShutdown); - return isShutdown; -} - - -int wolfSSL_session_reused(WOLFSSL* ssl) -{ - int resuming = 0; - WOLFSSL_ENTER("wolfSSL_session_reused"); - if (ssl) { -#ifndef HAVE_SECURE_RENEGOTIATION - resuming = ssl->options.resuming; -#else - resuming = ssl->options.resuming || ssl->options.resumed; -#endif - } - WOLFSSL_LEAVE("wolfSSL_session_reused", resuming); - return resuming; -} - -/* return a new malloc'd session with default settings on success */ -WOLFSSL_SESSION* wolfSSL_NewSession(void* heap) -{ - WOLFSSL_SESSION* ret = NULL; - - WOLFSSL_ENTER("wolfSSL_NewSession"); - - ret = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), heap, - DYNAMIC_TYPE_SESSION); - if (ret != NULL) { - int err; - XMEMSET(ret, 0, sizeof(WOLFSSL_SESSION)); - wolfSSL_RefInit(&ret->ref, &err); - #ifdef WOLFSSL_REFCNT_ERROR_RETURN - if (err != 0) { - WOLFSSL_MSG("Error setting up session reference mutex"); - XFREE(ret, ret->heap, DYNAMIC_TYPE_SESSION); - return NULL; - } - #else - (void)err; - #endif -#ifndef NO_SESSION_CACHE - ret->cacheRow = INVALID_SESSION_ROW; /* not in cache */ -#endif - ret->type = WOLFSSL_SESSION_TYPE_HEAP; - ret->heap = heap; -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("SESSION master secret", ret->masterSecret, SECRET_LEN); - wc_MemZero_Add("SESSION id", ret->sessionID, ID_LEN); -#endif - #ifdef HAVE_SESSION_TICKET - ret->ticket = ret->staticTicket; - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret->ticketNonce.data = ret->ticketNonce.dataStatic; - #endif - #endif -#ifdef HAVE_EX_DATA - ret->ownExData = 1; - if (crypto_ex_cb_ctx_session != NULL) { - crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session, - &ret->ex_data); - } -#endif - } - return ret; -} - - -WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap) -{ - return wolfSSL_NewSession(heap); -} - -WOLFSSL_SESSION* wolfSSL_SESSION_new(void) -{ - return wolfSSL_SESSION_new_ex(NULL); -} - -/* add one to session reference count - * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ -int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) -{ - int ret; - - session = ClientSessionToSession(session); - - if (session == NULL || session->type != WOLFSSL_SESSION_TYPE_HEAP) - return WOLFSSL_FAILURE; - - wolfSSL_RefInc(&session->ref, &ret); -#ifdef WOLFSSL_REFCNT_ERROR_RETURN - if (ret != 0) { - WOLFSSL_MSG("Failed to lock session mutex"); - return WOLFSSL_FAILURE; - } -#else - (void)ret; -#endif - - return WOLFSSL_SUCCESS; -} - -/** - * Deep copy the contents from input to output. - * @param input The source of the copy. - * @param output The destination of the copy. - * @param avoidSysCalls If true, then system calls will be avoided or an error - * will be returned if it is not possible to proceed - * without a system call. This is useful for fetching - * sessions from cache. When a cache row is locked, we - * don't want to block other threads with long running - * system calls. - * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the - * ticketNonce will happen in this pre allocated buffer - * @param ticketNonceLen @ticketNonceBuf len as input, used length on output - * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet - * @return WOLFSSL_SUCCESS on success - * WOLFSSL_FAILURE on failure - */ -static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, - WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf, - byte* ticketNonceLen, byte* preallocUsed) -{ -#ifdef HAVE_SESSION_TICKET - int ticLenAlloc = 0; - byte *ticBuff = NULL; -#endif - const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + sizeof(input->heap); - int ret = WOLFSSL_SUCCESS; - - (void)avoidSysCalls; - (void)ticketNonceBuf; - (void)ticketNonceLen; - (void)preallocUsed; - - input = ClientSessionToSession(input); - output = ClientSessionToSession(output); - - if (input == NULL || output == NULL || input == output) { - WOLFSSL_MSG("input or output are null or same"); - return WOLFSSL_FAILURE; - } - -#ifdef HAVE_SESSION_TICKET - if (output->ticket != output->staticTicket) { - ticBuff = output->ticket; - ticLenAlloc = output->ticketLenAlloc; - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - /* free the data, it would be better to reuse the buffer but this - * maintain the code simpler. A smart allocator should reuse the free'd - * buffer in the next malloc without much performance penalties. */ - if (output->ticketNonce.data != output->ticketNonce.dataStatic) { - - /* Callers that avoid syscall should never calls this with - * output->tickeNonce.data being a dynamic buffer.*/ - if (avoidSysCalls) { - WOLFSSL_MSG("can't avoid syscalls with dynamic TicketNonce buffer"); - return WOLFSSL_FAILURE; - } - - XFREE(output->ticketNonce.data, - output->heap, DYNAMIC_TYPE_SESSION_TICK); - output->ticketNonce.data = output->ticketNonce.dataStatic; - output->ticketNonce.len = 0; - } -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ -#endif /* HAVE_SESSION_TICKET */ - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (output->peer != NULL) { - if (avoidSysCalls) { - WOLFSSL_MSG("Can't free cert when avoiding syscalls"); - return WOLFSSL_FAILURE; - } - wolfSSL_X509_free(output->peer); - output->peer = NULL; - } -#endif - - XMEMCPY((byte*)output + copyOffset, (byte*)input + copyOffset, - sizeof(WOLFSSL_SESSION) - copyOffset); - -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - /* fix pointer to static after the copy */ - output->ticketNonce.data = output->ticketNonce.dataStatic; -#endif - /* Set sane values for copy */ -#ifndef NO_SESSION_CACHE - if (output->type != WOLFSSL_SESSION_TYPE_CACHE) - output->cacheRow = INVALID_SESSION_ROW; -#endif -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (input->peer != NULL && input->peer->dynamicMemory) { - if (wolfSSL_X509_up_ref(input->peer) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Can't increase peer cert ref count"); - output->peer = NULL; - } - } - else if (!avoidSysCalls) - output->peer = wolfSSL_X509_dup(input->peer); - else - /* output->peer is not that important to copy */ - output->peer = NULL; -#endif -#ifdef HAVE_SESSION_TICKET - if (input->ticketLen > SESSION_TICKET_LEN) { - /* Need dynamic buffer */ - if (ticBuff == NULL || ticLenAlloc < input->ticketLen) { - /* allocate new one */ - byte* tmp; - if (avoidSysCalls) { - WOLFSSL_MSG("Failed to allocate memory for ticket when avoiding" - " syscalls"); - output->ticket = ticBuff; - output->ticketLenAlloc = (word16) ticLenAlloc; - output->ticketLen = 0; - ret = WOLFSSL_FAILURE; - } - else { -#ifdef WOLFSSL_NO_REALLOC - tmp = (byte*)XMALLOC(input->ticketLen, - output->heap, DYNAMIC_TYPE_SESSION_TICK); - XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); - ticBuff = NULL; -#else - tmp = (byte*)XREALLOC(ticBuff, input->ticketLen, - output->heap, DYNAMIC_TYPE_SESSION_TICK); -#endif /* WOLFSSL_NO_REALLOC */ - if (tmp == NULL) { - WOLFSSL_MSG("Failed to allocate memory for ticket"); -#ifndef WOLFSSL_NO_REALLOC - XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); - ticBuff = NULL; -#endif /* WOLFSSL_NO_REALLOC */ - output->ticket = NULL; - output->ticketLen = 0; - output->ticketLenAlloc = 0; - ret = WOLFSSL_FAILURE; - } - else { - ticBuff = tmp; - ticLenAlloc = input->ticketLen; - } - } - } - if (ticBuff != NULL && ret == WOLFSSL_SUCCESS) { - XMEMCPY(ticBuff, input->ticket, input->ticketLen); - output->ticket = ticBuff; - output->ticketLenAlloc = (word16) ticLenAlloc; - } - } - else { - /* Default ticket to non dynamic */ - if (avoidSysCalls) { - /* Try to use ticBuf if available. Caller can later move it to - * the static buffer. */ - if (ticBuff != NULL) { - if (ticLenAlloc >= input->ticketLen) { - output->ticket = ticBuff; - output->ticketLenAlloc = ticLenAlloc; - } - else { - WOLFSSL_MSG("ticket dynamic buffer too small but we are " - "avoiding system calls"); - ret = WOLFSSL_FAILURE; - output->ticket = ticBuff; - output->ticketLenAlloc = (word16) ticLenAlloc; - output->ticketLen = 0; - } - } - else { - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - } - } - else { - if (ticBuff != NULL) - XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); - output->ticket = output->staticTicket; - output->ticketLenAlloc = 0; - } - if (input->ticketLenAlloc > 0 && ret == WOLFSSL_SUCCESS) { - /* Shouldn't happen as session should have placed this in - * the static buffer */ - XMEMCPY(output->ticket, input->ticket, - input->ticketLen); - } - } - ticBuff = NULL; - -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (preallocUsed != NULL) - *preallocUsed = 0; - - if (input->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ && - ret == WOLFSSL_SUCCESS) { - /* TicketNonce does not fit in the static buffer */ - if (!avoidSysCalls) { - output->ticketNonce.data = (byte*)XMALLOC(input->ticketNonce.len, - output->heap, DYNAMIC_TYPE_SESSION_TICK); - - if (output->ticketNonce.data == NULL) { - WOLFSSL_MSG("Failed to allocate space for ticket nonce"); - output->ticketNonce.data = output->ticketNonce.dataStatic; - output->ticketNonce.len = 0; - ret = WOLFSSL_FAILURE; - } - else { - output->ticketNonce.len = input->ticketNonce.len; - XMEMCPY(output->ticketNonce.data, input->ticketNonce.data, - input->ticketNonce.len); - ret = WOLFSSL_SUCCESS; - } - } - /* we can't do syscalls. Use prealloc buffers if provided from the - * caller. */ - else if (ticketNonceBuf != NULL && - *ticketNonceLen >= input->ticketNonce.len) { - XMEMCPY(ticketNonceBuf, input->ticketNonce.data, - input->ticketNonce.len); - *ticketNonceLen = input->ticketNonce.len; - if (preallocUsed != NULL) - *preallocUsed = 1; - ret = WOLFSSL_SUCCESS; - } - else { - WOLFSSL_MSG("TicketNonce bigger than static buffer, and we can't " - "do syscalls"); - ret = WOLFSSL_FAILURE; - } - } -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ - -#endif /* HAVE_SESSION_TICKET */ - -#ifdef HAVE_EX_DATA - if (input->type != WOLFSSL_SESSION_TYPE_CACHE && - output->type != WOLFSSL_SESSION_TYPE_CACHE) { - /* Not called with cache as that passes ownership of ex_data */ - ret = crypto_ex_cb_dup_data(&input->ex_data, &output->ex_data, - crypto_ex_cb_ctx_session); - } -#endif - - return ret; -} - -/** - * Deep copy the contents from input to output. - * @param input The source of the copy. - * @param output The destination of the copy. - * @param avoidSysCalls If true, then system calls will be avoided or an error - * will be returned if it is not possible to proceed - * without a system call. This is useful for fetching - * sessions from cache. When a cache row is locked, we - * don't want to block other threads with long running - * system calls. - * @return WOLFSSL_SUCCESS on success - * WOLFSSL_FAILURE on failure - */ -int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output, - int avoidSysCalls) -{ - return wolfSSL_DupSessionEx(input, output, avoidSysCalls, NULL, NULL, NULL); -} - -WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session) -{ - WOLFSSL_SESSION* copy; - - WOLFSSL_ENTER("wolfSSL_SESSION_dup"); - - session = ClientSessionToSession(session); - if (session == NULL) - return NULL; - -#ifdef HAVE_SESSION_TICKET - if (session->ticketLenAlloc > 0 && !session->ticket) { - WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null"); - return NULL; - } -#endif - - copy = wolfSSL_NewSession(session->heap); - if (copy != NULL && - wolfSSL_DupSession(session, copy, 0) != WOLFSSL_SUCCESS) { - wolfSSL_FreeSession(NULL, copy); - copy = NULL; - } - return copy; -} - -void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) -{ - session = ClientSessionToSession(session); - if (session == NULL) - return; - - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_FreeSession"); - - if (session->ref.count > 0) { - int ret; - int isZero; - wolfSSL_RefDec(&session->ref, &isZero, &ret); - (void)ret; - if (!isZero) { - return; - } - wolfSSL_RefFree(&session->ref); - } - - WOLFSSL_MSG("wolfSSL_FreeSession full free"); - -#ifdef HAVE_EX_DATA - if (session->ownExData) { - crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session, - &session->ex_data); - } -#endif - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS - wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data); -#endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (session->peer) { - wolfSSL_X509_free(session->peer); - session->peer = NULL; - } -#endif - -#ifdef HAVE_SESSION_TICKET - if (session->ticketLenAlloc > 0) { - XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK); - session->ticket = session->staticTicket; - session->ticketLen = 0; - session->ticketLenAlloc = 0; - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - if (session->ticketNonce.data != session->ticketNonce.dataStatic) { - XFREE(session->ticketNonce.data, session->heap, - DYNAMIC_TYPE_SESSION_TICK); - session->ticketNonce.data = session->ticketNonce.dataStatic; - session->ticketNonce.len = 0; - } -#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ -#endif - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS - wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data); -#endif - - /* Make sure masterSecret is zeroed. */ - ForceZero(session->masterSecret, SECRET_LEN); - /* Session ID is sensitive information too. */ - ForceZero(session->sessionID, ID_LEN); - - if (session->type == WOLFSSL_SESSION_TYPE_HEAP) { - XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); - } -} - -/* DO NOT use this API internally. Use wolfSSL_FreeSession directly instead - * and pass in the ctx parameter if possible (like from ssl->ctx). */ -void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) -{ - session = ClientSessionToSession(session); - wolfSSL_FreeSession(NULL, session); -} - -#ifndef NO_SESSION_CACHE -int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) -{ - int error = 0; - const byte* id = NULL; - byte idSz = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_add_session"); - - session = ClientSessionToSession(session); - if (session == NULL) - return WOLFSSL_FAILURE; - - /* Session cache is global */ - (void)ctx; - - if (session->haveAltSessionID) { - id = session->altSessionID; - idSz = ID_LEN; - } - else { - id = session->sessionID; - idSz = session->sessionIDSz; - } - - error = AddSessionToCache(ctx, session, id, idSz, - NULL, session->side, -#ifdef HAVE_SESSION_TICKET - session->ticketLen > 0, -#else - 0, -#endif - NULL); - - return error == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif - -#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) - -/** -* set cipher to WOLFSSL_SESSION from WOLFSSL_CIPHER -* @param session a pointer to WOLFSSL_SESSION structure -* @param cipher a function pointer to WOLFSSL_CIPHER -* @return WOLFSSL_SUCCESS on success, otherwise WOLFSSL_FAILURE -*/ -int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, - const WOLFSSL_CIPHER* cipher) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_set_cipher"); - - session = ClientSessionToSession(session); - /* sanity check */ - if (session == NULL || cipher == NULL) { - WOLFSSL_MSG("bad argument"); - return WOLFSSL_FAILURE; - } - session->cipherSuite0 = cipher->cipherSuite0; - session->cipherSuite = cipher->cipherSuite; - - WOLFSSL_LEAVE("wolfSSL_SESSION_set_cipher", WOLFSSL_SUCCESS); - return WOLFSSL_SUCCESS; -} -#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */ - - -/* helper function that takes in a protocol version struct and returns string */ -static const char* wolfSSL_internal_get_version(const ProtocolVersion* version) -{ - WOLFSSL_ENTER("wolfSSL_get_version"); - - if (version == NULL) { - return "Bad arg"; - } - - if (version->major == SSLv3_MAJOR) { - switch (version->minor) { - case SSLv3_MINOR : - return "SSLv3"; - case TLSv1_MINOR : - return "TLSv1"; - case TLSv1_1_MINOR : - return "TLSv1.1"; - case TLSv1_2_MINOR : - return "TLSv1.2"; - case TLSv1_3_MINOR : - return "TLSv1.3"; - default: - return "unknown"; - } - } -#ifdef WOLFSSL_DTLS - else if (version->major == DTLS_MAJOR) { - switch (version->minor) { - case DTLS_MINOR : - return "DTLS"; - case DTLSv1_2_MINOR : - return "DTLSv1.2"; - case DTLSv1_3_MINOR : - return "DTLSv1.3"; - default: - return "unknown"; - } - } -#endif /* WOLFSSL_DTLS */ - return "unknown"; -} - - -const char* wolfSSL_get_version(const WOLFSSL* ssl) -{ - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument"); - return "unknown"; - } - - return wolfSSL_internal_get_version(&ssl->version); -} - - -/* current library version */ -const char* wolfSSL_lib_version(void) -{ - return LIBWOLFSSL_VERSION_STRING; -} - -#ifdef OPENSSL_EXTRA -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -const char* wolfSSL_OpenSSL_version(int a) -{ - (void)a; - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; -} -#else -const char* wolfSSL_OpenSSL_version(void) -{ - return "wolfSSL " LIBWOLFSSL_VERSION_STRING; -} -#endif /* WOLFSSL_QT */ -#endif - - -/* current library version in hex */ -word32 wolfSSL_lib_version_hex(void) -{ - return LIBWOLFSSL_VERSION_HEX; -} - - -int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_current_cipher_suite"); - if (ssl) - return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite; - return 0; -} - -WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_current_cipher"); - if (ssl) { - ssl->cipher.cipherSuite0 = ssl->options.cipherSuite0; - ssl->cipher.cipherSuite = ssl->options.cipherSuite; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - ssl->cipher.bits = ssl->specs.key_size * 8; -#endif - return &ssl->cipher; - } - else - return NULL; -} - - -const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) -{ - WOLFSSL_ENTER("wolfSSL_CIPHER_get_name"); - - if (cipher == NULL) { - return NULL; - } - - #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ - !defined(WOLFSSL_QT) - return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite); - #else - return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0, - cipher->cipherSuite); - #endif -} - -const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher) -{ - WOLFSSL_ENTER("wolfSSL_CIPHER_get_version"); - - if (cipher == NULL || cipher->ssl == NULL) { - return NULL; - } - - return wolfSSL_get_version(cipher->ssl); -} - -const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session) -{ - session = ClientSessionToSession(session); - if (session == NULL) { - return NULL; - } - -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) - return GetCipherNameIana(session->cipherSuite0, session->cipherSuite); - #else - return GetCipherNameInternal(session->cipherSuite0, session->cipherSuite); - #endif -#else - return NULL; -#endif -} - -const char* wolfSSL_get_cipher(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_cipher"); - return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); -} - -/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ -const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) -{ - /* get access to cipher_name_idx in internal.c */ - return wolfSSL_get_cipher_name_internal(ssl); -} - -const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0, - const byte cipherSuite) -{ - return GetCipherNameInternal(cipherSuite0, cipherSuite); -} - -const char* wolfSSL_get_cipher_name_iana_from_suite(const byte cipherSuite0, - const byte cipherSuite) -{ - return GetCipherNameIana(cipherSuite0, cipherSuite); -} - -int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0, - byte* cipherSuite, int *flags) { - if ((name == NULL) || - (cipherSuite0 == NULL) || - (cipherSuite == NULL) || - (flags == NULL)) - return BAD_FUNC_ARG; - return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags); -} - - -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) -/* Creates and returns a new WOLFSSL_CIPHER stack. */ -WOLFSSL_STACK* wolfSSL_sk_new_cipher(void) -{ - WOLFSSL_STACK* sk; - WOLFSSL_ENTER("wolfSSL_sk_new_cipher"); - - sk = wolfSSL_sk_new_null(); - if (sk == NULL) - return NULL; - sk->type = STACK_TYPE_CIPHER; - - return sk; -} - -/* return 1 on success 0 on fail */ -int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, - WOLFSSL_CIPHER* cipher) -{ - return wolfSSL_sk_push(sk, cipher); -} - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) -{ - WOLFSSL_STUB("wolfSSL_sk_CIPHER_pop"); - (void)sk; - return NULL; -} -#endif /* NO_WOLFSSL_STUB */ -#endif /* WOLFSSL_QT || OPENSSL_ALL */ - -word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) -{ - word16 cipher_id = 0; - - WOLFSSL_ENTER("wolfSSL_CIPHER_get_id"); - - if (cipher && cipher->ssl) { - cipher_id = (cipher->ssl->options.cipherSuite0 << 8) | - cipher->ssl->options.cipherSuite; - } - - return cipher_id; -} - -const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value) -{ - const WOLFSSL_CIPHER* cipher = NULL; - byte cipherSuite0, cipherSuite; - WOLFSSL_ENTER("wolfSSL_get_cipher_by_value"); - - /* extract cipher id information */ - cipherSuite = (value & 0xFF); - cipherSuite0 = ((value >> 8) & 0xFF); - - /* TODO: lookup by cipherSuite0 / cipherSuite */ - (void)cipherSuite0; - (void)cipherSuite; - - return cipher; -} - - -#if defined(OPENSSL_EXTRA) -/* Free the structure for WOLFSSL_CIPHER stack - * - * sk stack to free nodes in - */ -void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_CIPHER_free"); - - wolfSSL_sk_free(sk); -} -#endif /* OPENSSL_ALL */ - -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ - !defined(NO_DH) -#ifdef HAVE_FFDHE -static const char* wolfssl_ffdhe_name(word16 group) -{ - const char* str = NULL; - switch (group) { - case WOLFSSL_FFDHE_2048: - str = "FFDHE_2048"; - break; - case WOLFSSL_FFDHE_3072: - str = "FFDHE_3072"; - break; - case WOLFSSL_FFDHE_4096: - str = "FFDHE_4096"; - break; - case WOLFSSL_FFDHE_6144: - str = "FFDHE_6144"; - break; - case WOLFSSL_FFDHE_8192: - str = "FFDHE_8192"; - break; - default: - break; - } - return str; -} -#endif -/* Return the name of the curve used for key exchange as a printable string. - * - * ssl The SSL/TLS object. - * returns NULL if ECDH was not used, otherwise the name as a string. - */ -const char* wolfSSL_get_curve_name(WOLFSSL* ssl) -{ - const char* cName = NULL; - - WOLFSSL_ENTER("wolfSSL_get_curve_name"); - - if (ssl == NULL) - return NULL; - -#if defined(WOLFSSL_TLS13) && defined(HAVE_PQC) - /* Check for post-quantum groups. Return now because we do not want the ECC - * check to override this result in the case of a hybrid. */ - if (IsAtLeastTLSv1_3(ssl->version)) { - switch (ssl->namedGroup) { -#ifdef HAVE_LIBOQS - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; - case WOLFSSL_KYBER_LEVEL3: - return "KYBER_LEVEL3"; - case WOLFSSL_KYBER_LEVEL5: - return "KYBER_LEVEL5"; - case WOLFSSL_P256_KYBER_LEVEL1: - return "P256_KYBER_LEVEL1"; - case WOLFSSL_P384_KYBER_LEVEL3: - return "P384_KYBER_LEVEL3"; - case WOLFSSL_P521_KYBER_LEVEL5: - return "P521_KYBER_LEVEL5"; -#elif defined(HAVE_PQM4) - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; -#elif defined(WOLFSSL_WC_KYBER) - #ifdef WOLFSSL_KYBER512 - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; - #endif - #ifdef WOLFSSL_KYBER768 - case WOLFSSL_KYBER_LEVEL3: - return "KYBER_LEVEL3"; - #endif - #ifdef WOLFSSL_KYBER1024 - case WOLFSSL_KYBER_LEVEL5: - return "KYBER_LEVEL5"; - #endif -#endif - } - } - -#endif /* WOLFSSL_TLS13 && HAVE_PQC */ -#ifdef HAVE_FFDHE - if (ssl->namedGroup != 0) { - cName = wolfssl_ffdhe_name(ssl->namedGroup); - } -#endif - -#ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID && cName == NULL) { - cName = "X25519"; - } -#endif - -#ifdef HAVE_CURVE448 - if (ssl->ecdhCurveOID == ECC_X448_OID && cName == NULL) { - cName = "X448"; - } -#endif - -#ifdef HAVE_ECC - if (ssl->ecdhCurveOID != 0 && cName == NULL) { - cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, - NULL)); - } -#endif - - return cName; -} -#endif - -#ifdef OPENSSL_EXTRA -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -/* return authentication NID corresponding to cipher suite - * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found - */ -int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) -{ - static const struct authnid { - const char* alg_name; - const int nid; - } authnid_tbl[] = { - {"RSA", NID_auth_rsa}, - {"PSK", NID_auth_psk}, - {"SRP", NID_auth_srp}, - {"ECDSA", NID_auth_ecdsa}, - {"None", NID_auth_null}, - {NULL, NID_undef} - }; - - const char* authStr; - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - - if (GetCipherSegment(cipher, n) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; - } - - authStr = GetCipherAuthStr(n); - - if (authStr != NULL) { - const struct authnid* sa; - for(sa = authnid_tbl; sa->alg_name != NULL; sa++) { - if (XSTRCMP(sa->alg_name, authStr) == 0) { - return sa->nid; - } - } - } - - return NID_undef; -} -/* return cipher NID corresponding to cipher suite - * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found - */ -int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) -{ - static const struct ciphernid { - const char* alg_name; - const int nid; - } ciphernid_tbl[] = { - {"AESGCM(256)", NID_aes_256_gcm}, - {"AESGCM(128)", NID_aes_128_gcm}, - {"AESCCM(128)", NID_aes_128_ccm}, - {"AES(128)", NID_aes_128_cbc}, - {"AES(256)", NID_aes_256_cbc}, - {"CAMELLIA(256)", NID_camellia_256_cbc}, - {"CAMELLIA(128)", NID_camellia_128_cbc}, - {"RC4", NID_rc4}, - {"3DES", NID_des_ede3_cbc}, - {"CHACHA20/POLY1305(256)", NID_chacha20_poly1305}, - {"None", NID_undef}, - {NULL, NID_undef} - }; - - const char* encStr; - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - - WOLFSSL_ENTER("wolfSSL_CIPHER_get_cipher_nid"); - - if (GetCipherSegment(cipher, n) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; - } - - encStr = GetCipherEncStr(n); - - if (encStr != NULL) { - const struct ciphernid* c; - for(c = ciphernid_tbl; c->alg_name != NULL; c++) { - if (XSTRCMP(c->alg_name, encStr) == 0) { - return c->nid; - } - } - } - - return NID_undef; -} -/* return digest NID corresponding to cipher suite - * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found - */ -int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) -{ - static const struct macnid { - const char* alg_name; - const int nid; - } macnid_tbl[] = { - {"SHA1", NID_sha1}, - {"SHA256", NID_sha256}, - {"SHA384", NID_sha384}, - {NULL, NID_undef} - }; - - const char* name; - const char* macStr; - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - (void)name; - - WOLFSSL_ENTER("wolfSSL_CIPHER_get_digest_nid"); - - if ((name = GetCipherSegment(cipher, n)) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; - } - - /* in MD5 case, NID will be NID_md5 */ - if (XSTRSTR(name, "MD5") != NULL) { - return NID_md5; - } - - macStr = GetCipherMacStr(n); - - if (macStr != NULL) { - const struct macnid* mc; - for(mc = macnid_tbl; mc->alg_name != NULL; mc++) { - if (XSTRCMP(mc->alg_name, macStr) == 0) { - return mc->nid; - } - } - } - - return NID_undef; -} -/* return key exchange NID corresponding to cipher suite - * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found - */ -int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) -{ - static const struct kxnid { - const char* name; - const int nid; - } kxnid_table[] = { - {"ECDHEPSK", NID_kx_ecdhe_psk}, - {"ECDH", NID_kx_ecdhe}, - {"DHEPSK", NID_kx_dhe_psk}, - {"DH", NID_kx_dhe}, - {"RSAPSK", NID_kx_rsa_psk}, - {"SRP", NID_kx_srp}, - {"EDH", NID_kx_dhe}, - {"RSA", NID_kx_rsa}, - {NULL, NID_undef} - }; - - const char* keaStr; - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - - WOLFSSL_ENTER("wolfSSL_CIPHER_get_kx_nid"); - - if (GetCipherSegment(cipher, n) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; - } - - /* in TLS 1.3 case, NID will be NID_kx_any */ - if (XSTRCMP(n[0], "TLS13") == 0) { - return NID_kx_any; - } - - keaStr = GetCipherKeaStr(n); - - if (keaStr != NULL) { - const struct kxnid* k; - for(k = kxnid_table; k->name != NULL; k++) { - if (XSTRCMP(k->name, keaStr) == 0) { - return k->nid; - } - } - } - - return NID_undef; -} -/* check if cipher suite is AEAD - * @param cipher a pointer to WOLFSSL_CIPHER - * return 1 if cipher is AEAD, 0 otherwise - */ -int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher) -{ - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - - WOLFSSL_ENTER("wolfSSL_CIPHER_is_aead"); - - if (GetCipherSegment(cipher, n) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; - } - - return IsCipherAEAD(n); -} -/* Creates cipher->description based on cipher->offset - * cipher->offset is set in wolfSSL_get_ciphers_compat when it is added - * to a stack of ciphers. - * @param [in] cipher: A cipher from a stack of ciphers. - * return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE - */ -int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) -{ - int strLen; - unsigned long offset; - char* dp; - const char* name; - const char *keaStr, *authStr, *encStr, *macStr, *protocol; - char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; - int len = MAX_DESCRIPTION_SZ-1; - const CipherSuiteInfo* cipher_names; - ProtocolVersion pv; - WOLFSSL_ENTER("wolfSSL_sk_CIPHER_description"); - - if (cipher == NULL) - return WOLFSSL_FAILURE; - - dp = cipher->description; - if (dp == NULL) - return WOLFSSL_FAILURE; - - cipher_names = GetCipherNames(); - - offset = cipher->offset; - if (offset >= (unsigned long)GetCipherNamesSize()) - return WOLFSSL_FAILURE; - pv.major = cipher_names[offset].major; - pv.minor = cipher_names[offset].minor; - protocol = wolfSSL_internal_get_version(&pv); - - if ((name = GetCipherSegment(cipher, n)) == NULL) { - WOLFSSL_MSG("no suitable cipher name found"); - return WOLFSSL_FAILURE; - } - - /* keaStr */ - keaStr = GetCipherKeaStr(n); - /* authStr */ - authStr = GetCipherAuthStr(n); - /* encStr */ - encStr = GetCipherEncStr(n); - if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) { - WOLFSSL_MSG("Cipher Bits Not Set."); - } - /* macStr */ - macStr = GetCipherMacStr(n); - - - /* Build up the string by copying onto the end. */ - XSTRNCPY(dp, name, len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - - XSTRNCPY(dp, " ", len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, protocol, len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - - XSTRNCPY(dp, " Kx=", len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, keaStr, len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - - XSTRNCPY(dp, " Au=", len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, authStr, len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - - XSTRNCPY(dp, " Enc=", len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, encStr, len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - - XSTRNCPY(dp, " Mac=", len); - dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, macStr, len); - dp[len-1] = '\0'; - - return WOLFSSL_SUCCESS; -} -#endif /* OPENSSL_ALL || WOLFSSL_QT */ - -static WC_INLINE const char* wolfssl_kea_to_string(int kea) -{ - const char* keaStr; - - switch (kea) { - case no_kea: - keaStr = "None"; - break; -#ifndef NO_RSA - case rsa_kea: - keaStr = "RSA"; - break; -#endif -#ifndef NO_DH - case diffie_hellman_kea: - keaStr = "DHE"; - break; -#endif - case fortezza_kea: - keaStr = "FZ"; - break; -#ifndef NO_PSK - case psk_kea: - keaStr = "PSK"; - break; - #ifndef NO_DH - case dhe_psk_kea: - keaStr = "DHEPSK"; - break; - #endif - #ifdef HAVE_ECC - case ecdhe_psk_kea: - keaStr = "ECDHEPSK"; - break; - #endif -#endif -#ifdef HAVE_ECC - case ecc_diffie_hellman_kea: - keaStr = "ECDHE"; - break; - case ecc_static_diffie_hellman_kea: - keaStr = "ECDH"; - break; -#endif - default: - keaStr = "unknown"; - break; - } - - return keaStr; -} - -static WC_INLINE const char* wolfssl_sigalg_to_string(int sig_algo) -{ - const char* authStr; - - switch (sig_algo) { - case anonymous_sa_algo: - authStr = "None"; - break; -#ifndef NO_RSA - case rsa_sa_algo: - authStr = "RSA"; - break; - #ifdef WC_RSA_PSS - case rsa_pss_sa_algo: - authStr = "RSA-PSS"; - break; - #endif -#endif -#ifndef NO_DSA - case dsa_sa_algo: - authStr = "DSA"; - break; -#endif -#ifdef HAVE_ECC - case ecc_dsa_sa_algo: - authStr = "ECDSA"; - break; -#endif -#ifdef WOLFSSL_SM2 - case sm2_sa_algo: - authStr = "SM2"; - break; -#endif -#ifdef HAVE_ED25519 - case ed25519_sa_algo: - authStr = "Ed25519"; - break; -#endif -#ifdef HAVE_ED448 - case ed448_sa_algo: - authStr = "Ed448"; - break; -#endif - default: - authStr = "unknown"; - break; - } - - return authStr; -} - -static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size) -{ - const char* encStr; - - (void)key_size; - - switch (cipher) { - case wolfssl_cipher_null: - encStr = "None"; - break; -#ifndef NO_RC4 - case wolfssl_rc4: - encStr = "RC4(128)"; - break; -#endif -#ifndef NO_DES3 - case wolfssl_triple_des: - encStr = "3DES(168)"; - break; -#endif -#ifndef NO_AES - case wolfssl_aes: - if (key_size == 128) - encStr = "AES(128)"; - else if (key_size == 256) - encStr = "AES(256)"; - else - encStr = "AES(?)"; - break; - #ifdef HAVE_AESGCM - case wolfssl_aes_gcm: - if (key_size == 128) - encStr = "AESGCM(128)"; - else if (key_size == 256) - encStr = "AESGCM(256)"; - else - encStr = "AESGCM(?)"; - break; - #endif - #ifdef HAVE_AESCCM - case wolfssl_aes_ccm: - if (key_size == 128) - encStr = "AESCCM(128)"; - else if (key_size == 256) - encStr = "AESCCM(256)"; - else - encStr = "AESCCM(?)"; - break; - #endif -#endif -#ifdef HAVE_CHACHA - case wolfssl_chacha: - encStr = "CHACHA20/POLY1305(256)"; - break; -#endif -#ifdef HAVE_ARIA - case wolfssl_aria_gcm: - if (key_size == 128) - encStr = "Aria(128)"; - else if (key_size == 192) - encStr = "Aria(192)"; - else if (key_size == 256) - encStr = "Aria(256)"; - else - encStr = "Aria(?)"; - break; -#endif -#ifdef HAVE_CAMELLIA - case wolfssl_camellia: - if (key_size == 128) - encStr = "Camellia(128)"; - else if (key_size == 256) - encStr = "Camellia(256)"; - else - encStr = "Camellia(?)"; - break; -#endif - default: - encStr = "unknown"; - break; - } - - return encStr; -} - -static WC_INLINE const char* wolfssl_mac_to_string(int mac) -{ - const char* macStr; - - switch (mac) { - case no_mac: - macStr = "None"; - break; -#ifndef NO_MD5 - case md5_mac: - macStr = "MD5"; - break; -#endif -#ifndef NO_SHA - case sha_mac: - macStr = "SHA1"; - break; -#endif -#ifdef HAVE_SHA224 - case sha224_mac: - macStr = "SHA224"; - break; -#endif -#ifndef NO_SHA256 - case sha256_mac: - macStr = "SHA256"; - break; -#endif -#ifdef HAVE_SHA384 - case sha384_mac: - macStr = "SHA384"; - break; -#endif -#ifdef HAVE_SHA512 - case sha512_mac: - macStr = "SHA512"; - break; -#endif - default: - macStr = "unknown"; - break; - } - - return macStr; -} - -char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, - int len) -{ - char *ret = in; - const char *keaStr, *authStr, *encStr, *macStr; - size_t strLen; - WOLFSSL_ENTER("wolfSSL_CIPHER_description"); - - if (cipher == NULL || in == NULL) - return NULL; - -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - /* if cipher is in the stack from wolfSSL_get_ciphers_compat then - * Return the description based on cipher_names[cipher->offset] - */ - if (cipher->in_stack == TRUE) { - wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher); - XSTRNCPY(in,cipher->description,len); - return ret; - } -#endif - - /* Get the cipher description based on the SSL session cipher */ - keaStr = wolfssl_kea_to_string(cipher->ssl->specs.kea); - authStr = wolfssl_sigalg_to_string(cipher->ssl->specs.sig_algo); - encStr = wolfssl_cipher_to_string(cipher->ssl->specs.bulk_cipher_algorithm, - cipher->ssl->specs.key_size); - macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm); - - /* Build up the string by copying onto the end. */ - XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - - XSTRNCPY(in, " ", len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - - XSTRNCPY(in, " Kx=", len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, keaStr, len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - - XSTRNCPY(in, " Au=", len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, authStr, len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - - XSTRNCPY(in, " Enc=", len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, encStr, len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - - XSTRNCPY(in, " Mac=", len); - in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, macStr, len); - in[len-1] = '\0'; - - return ret; -} - - -#ifndef NO_WOLFSSL_STUB -int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, - int* ssl) -{ - (void)url; - (void)host; - (void)port; - (void)path; - (void)ssl; - WOLFSSL_STUB("OCSP_parse_url"); - return 0; -} -#endif - -#ifndef NO_WOLFSSL_STUB -void wolfSSL_RAND_screen(void) -{ - WOLFSSL_STUB("RAND_screen"); -} -#endif - - - -int wolfSSL_RAND_load_file(const char* fname, long len) -{ - (void)fname; - /* wolfCrypt provides enough entropy internally or will report error */ - if (len == -1) - return 1024; - else - return (int)len; -} - - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) -{ - WOLFSSL_STUB("COMP_zlib"); - return 0; -} -#endif - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) -{ - WOLFSSL_STUB("COMP_rle"); - return 0; -} -#endif - -#ifndef NO_WOLFSSL_STUB -int wolfSSL_COMP_add_compression_method(int method, void* data) -{ - (void)method; - (void)data; - WOLFSSL_STUB("COMP_add_compression_method"); - return 0; -} -#endif - -/* wolfSSL_set_dynlock_create_callback - * CRYPTO_set_dynlock_create_callback has been deprecated since openSSL 1.0.1. - * This function exists for compatibility purposes because wolfSSL satisfies - * thread safety without relying on the callback. - */ -void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)( - const char*, int)) -{ - WOLFSSL_STUB("CRYPTO_set_dynlock_create_callback"); - (void)f; -} -/* wolfSSL_set_dynlock_lock_callback - * CRYPTO_set_dynlock_lock_callback has been deprecated since openSSL 1.0.1. - * This function exists for compatibility purposes because wolfSSL satisfies - * thread safety without relying on the callback. - */ -void wolfSSL_set_dynlock_lock_callback( - void (*f)(int, WOLFSSL_dynlock_value*, const char*, int)) -{ - WOLFSSL_STUB("CRYPTO_set_set_dynlock_lock_callback"); - (void)f; -} -/* wolfSSL_set_dynlock_destroy_callback - * CRYPTO_set_dynlock_destroy_callback has been deprecated since openSSL 1.0.1. - * This function exists for compatibility purposes because wolfSSL satisfies - * thread safety without relying on the callback. - */ -void wolfSSL_set_dynlock_destroy_callback( - void (*f)(WOLFSSL_dynlock_value*, const char*, int)) -{ - WOLFSSL_STUB("CRYPTO_set_set_dynlock_destroy_callback"); - (void)f; -} - - -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA -#ifndef NO_CERTS - -#if !defined(NO_ASN) && !defined(NO_PWDBASED) -/* Copies unencrypted DER key buffer into "der". If "der" is null then the size - * of buffer needed is returned. If *der == NULL then it allocates a buffer. - * NOTE: This also advances the "der" pointer to be at the end of buffer. - * - * Returns size of key buffer on success - */ -int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der) -{ - return wolfSSL_EVP_PKEY_get_der(key, der); -} - -int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) -{ -#if !defined(NO_RSA) || defined(HAVE_ECC) -#ifdef HAVE_ECC - unsigned char *local_der = NULL; - word32 local_derSz = 0; - unsigned char *pub_der = NULL; - ecc_key *eccKey = NULL; - word32 inOutIdx = 0; -#endif - word32 pub_derSz = 0; - int ret; - int key_type = 0; - - if (key == NULL) { - return WOLFSSL_FATAL_ERROR; - } - - key_type = key->type; - if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) { - return WOLFSSL_FATAL_ERROR; - } - -#ifndef NO_RSA - if (key_type == EVP_PKEY_RSA) { - return wolfSSL_i2d_RSAPublicKey(key->rsa, der); - } -#endif - - /* Now that RSA is taken care of, we only need to consider the ECC case. */ - -#ifdef HAVE_ECC - - /* We need to get the DER, then convert it to a public key. But what we get - * might be a buffered private key so we need to decode it and then encode - * the public part. */ - ret = wolfSSL_EVP_PKEY_get_der(key, &local_der); - if (ret <= 0) { - /* In this case, there was no buffered DER at all. This could be the - * case where the key that was passed in was generated. So now we - * have to create the local DER. */ - local_derSz = wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der); - if (local_derSz == 0) { - ret = WOLFSSL_FATAL_ERROR; - } - } else { - local_derSz = ret; - ret = 0; - } - - if (ret == 0) { - eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, DYNAMIC_TYPE_ECC); - if (eccKey == NULL) { - WOLFSSL_MSG("Failed to allocate key buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - ret = wc_ecc_init(eccKey); - } - - if (ret == 0) { - ret = wc_EccPublicKeyDecode(local_der, &inOutIdx, eccKey, local_derSz); - if (ret < 0) { - /* We now try again as x.963 [point type][x][opt y]. */ - ret = wc_ecc_import_x963(local_der, local_derSz, eccKey); - } - } - - if (ret == 0) { - pub_derSz = wc_EccPublicKeyDerSize(eccKey, 0); - if ((int)pub_derSz <= 0) { - ret = WOLFSSL_FAILURE; - } - } - - if (ret == 0) { - pub_der = (unsigned char*)XMALLOC(pub_derSz, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pub_der == NULL) { - WOLFSSL_MSG("Failed to allocate output buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - pub_derSz = wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0); - if ((int)pub_derSz <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - } - - /* This block is for actually returning the DER of the public key */ - if ((ret == 0) && (der != NULL)) { - if (*der == NULL) { - *der = (unsigned char*)XMALLOC(pub_derSz, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (*der == NULL) { - WOLFSSL_MSG("Failed to allocate output buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - XMEMCPY(*der, pub_der, pub_derSz); - } - } - else { - XMEMCPY(*der, pub_der, pub_derSz); - *der += pub_derSz; - } - } - - XFREE(pub_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(local_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - - wc_ecc_free(eccKey); - XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC); - -#else - ret = WOLFSSL_FATAL_ERROR; -#endif /* HAVE_ECC */ - - if (ret == 0) { - return pub_derSz; - } - - return ret; -#else - return WOLFSSL_FATAL_ERROR; -#endif /* !NO_RSA || HAVE_ECC */ -} -#endif /* !NO_ASN && !NO_PWDBASED */ - -#endif /* !NO_CERTS */ -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA - -/* Sets the DNS hostname to name. - * Hostname is cleared if name is NULL or empty. */ -int wolfSSL_set1_host(WOLFSSL * ssl, const char* name) -{ - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - return wolfSSL_X509_VERIFY_PARAM_set1_host(ssl->param, name, 0); -} - -/****************************************************************************** -* wolfSSL_CTX_set1_param - set a pointer to the SSL verification parameters -* -* RETURNS: -* WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE -* Note: Returns WOLFSSL_SUCCESS, in case either parameter is NULL, -* same as openssl. -*/ -int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm) -{ - if (ctx == NULL || vpm == NULL) - return WOLFSSL_SUCCESS; - - return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, vpm); -} - -/****************************************************************************** -* wolfSSL_CTX/_get0_param - return a pointer to the SSL verification parameters -* -* RETURNS: -* returns pointer to the SSL verification parameters on success, -* otherwise returns NULL -*/ -WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx) -{ - if (ctx == NULL) { - return NULL; - } - - return ctx->param; -} - -WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl) -{ - if (ssl == NULL) { - return NULL; - } - return ssl->param; -} - -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* Gets an index to store SSL structure at. - * - * Returns positive index on success and negative values on failure - */ -int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) -{ - WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx"); - - /* store SSL at index 0 */ - return 0; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#ifdef OPENSSL_EXTRA -/* Sets a function callback that will send information about the state of all - * WOLFSSL objects that have been created by the WOLFSSL_CTX structure passed - * in. - * - * ctx WOLFSSL_CTX structure to set callback function in - * f callback function to use - */ -void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, - void (*f)(const WOLFSSL* ssl, int type, int val)) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_info_callback"); - if (ctx == NULL) { - WOLFSSL_MSG("Bad function argument"); - } - else { - ctx->CBIS = f; - } -} - -void wolfSSL_set_info_callback(WOLFSSL* ssl, - void (*f)(const WOLFSSL* ssl, int type, int val)) -{ - WOLFSSL_ENTER("wolfSSL_set_info_callback"); - if (ssl == NULL) { - WOLFSSL_MSG("Bad function argument"); - } - else { - ssl->CBIS = f; - } -} - - -unsigned long wolfSSL_ERR_peek_error(void) -{ - WOLFSSL_ENTER("wolfSSL_ERR_peek_error"); - - return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); -} - -int wolfSSL_ERR_GET_LIB(unsigned long err) -{ - unsigned long value; - - value = (err & 0xFFFFFFL); - switch (value) { - case -SSL_R_HTTP_REQUEST: - return ERR_LIB_SSL; - case -ASN_NO_PEM_HEADER: - case PEM_R_NO_START_LINE: - case PEM_R_PROBLEMS_GETTING_PASSWORD: - case PEM_R_BAD_PASSWORD_READ: - case PEM_R_BAD_DECRYPT: - return ERR_LIB_PEM; - case EVP_R_BAD_DECRYPT: - case EVP_R_BN_DECODE_ERROR: - case EVP_R_DECODE_ERROR: - case EVP_R_PRIVATE_KEY_DECODE_ERROR: - return ERR_LIB_EVP; - case ASN1_R_HEADER_TOO_LONG: - return ERR_LIB_ASN1; - default: - return 0; - } -} - -/* This function is to find global error values that are the same through out - * all library version. With wolfSSL having only one set of error codes the - * return value is pretty straight forward. The only thing needed is all wolfSSL - * error values are typically negative. - * - * Returns the error reason - */ -int wolfSSL_ERR_GET_REASON(unsigned long err) -{ - int ret = (int)err; - - WOLFSSL_ENTER("wolfSSL_ERR_GET_REASON"); - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - /* Nginx looks for this error to know to stop parsing certificates. - * Same for HAProxy. */ - if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) || - ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) || - ((err & 0xFFFL) == PEM_R_NO_START_LINE )) - return PEM_R_NO_START_LINE; - if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) - return SSL_R_HTTP_REQUEST; -#endif -#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) - return ASN1_R_HEADER_TOO_LONG; -#endif - - /* check if error value is in range of wolfSSL errors */ - ret = 0 - ret; /* setting as negative value */ - /* wolfCrypt range is less than MAX (-100) - wolfSSL range is MIN (-300) and lower */ - if (ret < MAX_CODE_E && ret > MIN_CODE_E) { - return ret; - } - else { - WOLFSSL_MSG("Not in range of typical error values"); - ret = (int)err; - } - - return ret; -} - -/* returns a string that describes the alert - * - * alertID the alert value to look up - */ -const char* wolfSSL_alert_type_string_long(int alertID) -{ - WOLFSSL_ENTER("wolfSSL_alert_type_string_long"); - - return AlertTypeToString(alertID); -} - - -const char* wolfSSL_alert_desc_string_long(int alertID) -{ - WOLFSSL_ENTER("wolfSSL_alert_desc_string_long"); - - return AlertTypeToString(alertID); -} - -#define STATE_STRINGS_PROTO(s) \ - { \ - {"SSLv3 " s, \ - "SSLv3 " s, \ - "SSLv3 " s}, \ - {"TLSv1 " s, \ - "TLSv1 " s, \ - "TLSv1 " s}, \ - {"TLSv1_1 " s, \ - "TLSv1_1 " s, \ - "TLSv1_1 " s}, \ - {"TLSv1_2 " s, \ - "TLSv1_2 " s, \ - "TLSv1_2 " s}, \ - {"TLSv1_3 " s, \ - "TLSv1_3 " s, \ - "TLSv1_3 " s}, \ - {"DTLSv1 " s, \ - "DTLSv1 " s, \ - "DTLSv1 " s}, \ - {"DTLSv1_2 " s, \ - "DTLSv1_2 " s, \ - "DTLSv1_2 " s}, \ - {"DTLSv1_3 " s, \ - "DTLSv1_3 " s, \ - "DTLSv1_3 " s}, \ - } - -#define STATE_STRINGS_PROTO_RW(s) \ - { \ - {"SSLv3 read " s, \ - "SSLv3 write " s, \ - "SSLv3 " s}, \ - {"TLSv1 read " s, \ - "TLSv1 write " s, \ - "TLSv1 " s}, \ - {"TLSv1_1 read " s, \ - "TLSv1_1 write " s, \ - "TLSv1_1 " s}, \ - {"TLSv1_2 read " s, \ - "TLSv1_2 write " s, \ - "TLSv1_2 " s}, \ - {"TLSv1_3 read " s, \ - "TLSv1_3 write " s, \ - "TLSv1_3 " s}, \ - {"DTLSv1 read " s, \ - "DTLSv1 write " s, \ - "DTLSv1 " s}, \ - {"DTLSv1_2 read " s, \ - "DTLSv1_2 write " s, \ - "DTLSv1_2 " s}, \ - {"DTLSv1_3 read " s, \ - "DTLSv1_3 write " s, \ - "DTLSv1_3 " s}, \ - } - -/* Gets the current state of the WOLFSSL structure - * - * ssl WOLFSSL structure to get state of - * - * Returns a human readable string of the WOLFSSL structure state - */ -const char* wolfSSL_state_string_long(const WOLFSSL* ssl) -{ - - static const char* OUTPUT_STR[24][8][3] = { - STATE_STRINGS_PROTO("Initialization"), - STATE_STRINGS_PROTO_RW("Server Hello Request"), - STATE_STRINGS_PROTO_RW("Server Hello Verify Request"), - STATE_STRINGS_PROTO_RW("Server Hello Retry Request"), - STATE_STRINGS_PROTO_RW("Server Hello"), - STATE_STRINGS_PROTO_RW("Server Certificate Status"), - STATE_STRINGS_PROTO_RW("Server Encrypted Extensions"), - STATE_STRINGS_PROTO_RW("Server Session Ticket"), - STATE_STRINGS_PROTO_RW("Server Certificate Request"), - STATE_STRINGS_PROTO_RW("Server Cert"), - STATE_STRINGS_PROTO_RW("Server Key Exchange"), - STATE_STRINGS_PROTO_RW("Server Hello Done"), - STATE_STRINGS_PROTO_RW("Server Change CipherSpec"), - STATE_STRINGS_PROTO_RW("Server Finished"), - STATE_STRINGS_PROTO_RW("server Key Update"), - STATE_STRINGS_PROTO_RW("Client Hello"), - STATE_STRINGS_PROTO_RW("Client Key Exchange"), - STATE_STRINGS_PROTO_RW("Client Cert"), - STATE_STRINGS_PROTO_RW("Client Change CipherSpec"), - STATE_STRINGS_PROTO_RW("Client Certificate Verify"), - STATE_STRINGS_PROTO_RW("Client End Of Early Data"), - STATE_STRINGS_PROTO_RW("Client Finished"), - STATE_STRINGS_PROTO_RW("Client Key Update"), - STATE_STRINGS_PROTO("Handshake Done"), - }; - enum ProtocolVer { - SSL_V3 = 0, - TLS_V1, - TLS_V1_1, - TLS_V1_2, - TLS_V1_3, - DTLS_V1, - DTLS_V1_2, - DTLS_V1_3, - UNKNOWN = 100 - }; - - enum IOMode { - SS_READ = 0, - SS_WRITE, - SS_NEITHER - }; - - enum SslState { - ss_null_state = 0, - ss_server_hellorequest, - ss_server_helloverify, - ss_server_helloretryrequest, - ss_server_hello, - ss_server_certificatestatus, - ss_server_encryptedextensions, - ss_server_sessionticket, - ss_server_certrequest, - ss_server_cert, - ss_server_keyexchange, - ss_server_hellodone, - ss_server_changecipherspec, - ss_server_finished, - ss_server_keyupdate, - ss_client_hello, - ss_client_keyexchange, - ss_client_cert, - ss_client_changecipherspec, - ss_client_certverify, - ss_client_endofearlydata, - ss_client_finished, - ss_client_keyupdate, - ss_handshake_done - }; - - int protocol = 0; - int cbmode = 0; - int state = 0; - - WOLFSSL_ENTER("wolfSSL_state_string_long"); - if (ssl == NULL) { - WOLFSSL_MSG("Null argument passed in"); - return NULL; - } - - /* Get state of callback */ - if (ssl->cbmode == SSL_CB_MODE_WRITE) { - cbmode = SS_WRITE; - } - else if (ssl->cbmode == SSL_CB_MODE_READ) { - cbmode = SS_READ; - } - else { - cbmode = SS_NEITHER; - } - - /* Get protocol version */ - switch (ssl->version.major) { - case SSLv3_MAJOR: - switch (ssl->version.minor) { - case SSLv3_MINOR: - protocol = SSL_V3; - break; - case TLSv1_MINOR: - protocol = TLS_V1; - break; - case TLSv1_1_MINOR: - protocol = TLS_V1_1; - break; - case TLSv1_2_MINOR: - protocol = TLS_V1_2; - break; - case TLSv1_3_MINOR: - protocol = TLS_V1_3; - break; - default: - protocol = UNKNOWN; - } - break; - case DTLS_MAJOR: - switch (ssl->version.minor) { - case DTLS_MINOR: - protocol = DTLS_V1; - break; - case DTLSv1_2_MINOR: - protocol = DTLS_V1_2; - break; - case DTLSv1_3_MINOR: - protocol = DTLS_V1_3; - break; - default: - protocol = UNKNOWN; - } - break; - default: - protocol = UNKNOWN; - } - - /* accept process */ - if (ssl->cbmode == SSL_CB_MODE_READ) { - state = ssl->cbtype; - switch (state) { - case hello_request: - state = ss_server_hellorequest; - break; - case client_hello: - state = ss_client_hello; - break; - case server_hello: - state = ss_server_hello; - break; - case hello_verify_request: - state = ss_server_helloverify; - break; - case session_ticket: - state = ss_server_sessionticket; - break; - case end_of_early_data: - state = ss_client_endofearlydata; - break; - case hello_retry_request: - state = ss_server_helloretryrequest; - break; - case encrypted_extensions: - state = ss_server_encryptedextensions; - break; - case certificate: - if (ssl->options.side == WOLFSSL_SERVER_END) - state = ss_client_cert; - else if (ssl->options.side == WOLFSSL_CLIENT_END) - state = ss_server_cert; - else { - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - break; - case server_key_exchange: - state = ss_server_keyexchange; - break; - case certificate_request: - state = ss_server_certrequest; - break; - case server_hello_done: - state = ss_server_hellodone; - break; - case certificate_verify: - state = ss_client_certverify; - break; - case client_key_exchange: - state = ss_client_keyexchange; - break; - case finished: - if (ssl->options.side == WOLFSSL_SERVER_END) - state = ss_client_finished; - else if (ssl->options.side == WOLFSSL_CLIENT_END) - state = ss_server_finished; - else { - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - break; - case certificate_status: - state = ss_server_certificatestatus; - break; - case key_update: - if (ssl->options.side == WOLFSSL_SERVER_END) - state = ss_client_keyupdate; - else if (ssl->options.side == WOLFSSL_CLIENT_END) - state = ss_server_keyupdate; - else { - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - break; - case change_cipher_hs: - if (ssl->options.side == WOLFSSL_SERVER_END) - state = ss_client_changecipherspec; - else if (ssl->options.side == WOLFSSL_CLIENT_END) - state = ss_server_changecipherspec; - else { - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - break; - default: - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - } - else { - /* Send process */ - if (ssl->options.side == WOLFSSL_SERVER_END) - state = ssl->options.serverState; - else - state = ssl->options.clientState; - - switch (state) { - case SERVER_HELLOVERIFYREQUEST_COMPLETE: - state = ss_server_helloverify; - break; - case SERVER_HELLO_RETRY_REQUEST_COMPLETE: - state = ss_server_helloretryrequest; - break; - case SERVER_HELLO_COMPLETE: - state = ss_server_hello; - break; - case SERVER_ENCRYPTED_EXTENSIONS_COMPLETE: - state = ss_server_encryptedextensions; - break; - case SERVER_CERT_COMPLETE: - state = ss_server_cert; - break; - case SERVER_KEYEXCHANGE_COMPLETE: - state = ss_server_keyexchange; - break; - case SERVER_HELLODONE_COMPLETE: - state = ss_server_hellodone; - break; - case SERVER_CHANGECIPHERSPEC_COMPLETE: - state = ss_server_changecipherspec; - break; - case SERVER_FINISHED_COMPLETE: - state = ss_server_finished; - break; - case CLIENT_HELLO_RETRY: - case CLIENT_HELLO_COMPLETE: - state = ss_client_hello; - break; - case CLIENT_KEYEXCHANGE_COMPLETE: - state = ss_client_keyexchange; - break; - case CLIENT_CHANGECIPHERSPEC_COMPLETE: - state = ss_client_changecipherspec; - break; - case CLIENT_FINISHED_COMPLETE: - state = ss_client_finished; - break; - case HANDSHAKE_DONE: - state = ss_handshake_done; - break; - default: - WOLFSSL_MSG("Unknown State"); - state = ss_null_state; - } - } - - if (protocol == UNKNOWN) { - WOLFSSL_MSG("Unknown protocol"); - return ""; - } - else { - return OUTPUT_STR[state][protocol][cbmode]; - } -} - -/* - * Sets default PEM callback password if null is passed into - * the callback parameter of a PEM_read_bio_* function. - * - * Returns callback phrase size on success or WOLFSSL_FAILURE otherwise. - */ -int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) -{ - (void)w; - WOLFSSL_ENTER("wolfSSL_PEM_def_callback"); - - /* We assume that the user passes a default password as userdata */ - if (key) { - int sz = (int)XSTRLEN((const char*)key); - sz = (sz > num) ? num : sz; - XMEMCPY(name, key, sz); - return sz; - } else { - WOLFSSL_MSG("Error, default password cannot be created."); - return WOLFSSL_FAILURE; - } -} - -#endif /* OPENSSL_EXTRA */ - -static long wolf_set_options(long old_op, long op) -{ - /* if SSL_OP_ALL then turn all bug workarounds on */ - if ((op & WOLFSSL_OP_ALL) == WOLFSSL_OP_ALL) { - WOLFSSL_MSG("\tSSL_OP_ALL"); - } - - /* by default cookie exchange is on with DTLS */ - if ((op & WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE) { - WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); - } - - if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { - WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); - } - -#ifdef SSL_OP_NO_TLSv1_3 - if ((op & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3"); - } -#endif - - if ((op & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); - } - - if ((op & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); - } - - if ((op & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); - } - - if ((op & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) { - WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); - } - - if ((op & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == - WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { - WOLFSSL_MSG("\tWOLFSSL_OP_CIPHER_SERVER_PREFERENCE"); - } - - if ((op & WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION) { - #ifdef HAVE_LIBZ - WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); - #else - WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); - #endif - } - - return old_op | op; -} - -long wolfSSL_set_options(WOLFSSL* ssl, long op) -{ - word16 haveRSA = 1; - word16 havePSK = 0; - int keySz = 0; - - WOLFSSL_ENTER("wolfSSL_set_options"); - - if (ssl == NULL) { - return 0; - } - - ssl->options.mask = wolf_set_options(ssl->options.mask, op); - - if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { - if (ssl->version.minor == TLSv1_3_MINOR) - ssl->version.minor = TLSv1_2_MINOR; - } - - if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { - if (ssl->version.minor == TLSv1_2_MINOR) - ssl->version.minor = TLSv1_1_MINOR; - } - - if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) { - if (ssl->version.minor == TLSv1_1_MINOR) - ssl->version.minor = TLSv1_MINOR; - } - - if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) { - if (ssl->version.minor == TLSv1_MINOR) - ssl->version.minor = SSLv3_MINOR; - } - - if ((ssl->options.mask & WOLFSSL_OP_NO_COMPRESSION) - == WOLFSSL_OP_NO_COMPRESSION) { - #ifdef HAVE_LIBZ - ssl->options.usingCompression = 0; - #endif - } - -#if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \ - || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)) - if ((ssl->options.mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { - ssl->options.noTicketTls12 = 1; - } -#endif - - - /* in the case of a version change the cipher suites should be reset */ -#ifndef NO_PSK - havePSK = ssl->options.havePSK; -#endif -#ifdef NO_RSA - haveRSA = 0; -#endif -#ifndef NO_CERTS - keySz = ssl->buffers.keySz; -#endif - - if (ssl->options.side != WOLFSSL_NEITHER_END) { - if (AllocateSuites(ssl) != 0) - return 0; - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); - } - - return ssl->options.mask; -} - - -long wolfSSL_get_options(const WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_options"); - if(ssl == NULL) - return WOLFSSL_FAILURE; - return ssl->options.mask; -} - -#if defined(HAVE_SECURE_RENEGOTIATION) \ - || defined(HAVE_SERVER_RENEGOTIATION_INFO) -/* clears the counter for number of renegotiations done - * returns the current count before it is cleared */ -long wolfSSL_clear_num_renegotiations(WOLFSSL *s) -{ - long total; - - WOLFSSL_ENTER("wolfSSL_clear_num_renegotiations"); - if (s == NULL) - return 0; - - total = s->secure_rene_count; - s->secure_rene_count = 0; - return total; -} - - -/* return the number of renegotiations since wolfSSL_new */ -long wolfSSL_total_renegotiations(WOLFSSL *s) -{ - WOLFSSL_ENTER("wolfSSL_total_renegotiations"); - return wolfSSL_num_renegotiations(s); -} - - -/* return the number of renegotiations since wolfSSL_new */ -long wolfSSL_num_renegotiations(WOLFSSL* s) -{ - if (s == NULL) { - return 0; - } - - return s->secure_rene_count; -} - - -/* Is there a renegotiation currently in progress? */ -int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s) -{ - return s && s->options.handShakeDone && - s->options.handShakeState != HANDSHAKE_DONE ? 1 : 0; -} -#endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */ - -#ifdef OPENSSL_EXTRA - -long wolfSSL_clear_options(WOLFSSL* ssl, long opt) -{ - WOLFSSL_ENTER("wolfSSL_clear_options"); - if(ssl == NULL) - return WOLFSSL_FAILURE; - ssl->options.mask &= ~opt; - return ssl->options.mask; -} - -#ifdef HAVE_PK_CALLBACKS -long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) -{ - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - ssl->loggingCtx = arg; - return WOLFSSL_SUCCESS; -} -#endif /* HAVE_PK_CALLBACKS */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) -const unsigned char *wolfSSL_SESSION_get0_id_context( - const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length) -{ - return wolfSSL_SESSION_get_id((WOLFSSL_SESSION *)sess, sid_ctx_length); -} -int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, - const unsigned char *sid, unsigned int sid_len) -{ - if (s == NULL) { - return WOLFSSL_FAILURE; - } - if (sid_len > ID_LEN) { - return WOLFSSL_FAILURE; - } - s->sessionIDSz = sid_len; - if (sid != s->sessionID) { - XMEMCPY(s->sessionID, sid, sid_len); - } - return WOLFSSL_SUCCESS; -} - -int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, - const unsigned char *sid_ctx, unsigned int sid_ctx_len) -{ - if (s == NULL) { - return WOLFSSL_FAILURE; - } - if (sid_ctx_len > ID_LEN) { - return WOLFSSL_FAILURE; - } - s->sessionCtxSz = sid_ctx_len; - if (sid_ctx != s->sessionCtx) { - XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len); - } - - return WOLFSSL_SUCCESS; -} - -#endif - -/*** TBD ***/ -#ifndef NO_WOLFSSL_STUB -int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) -{ - (void)st; - WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); - /* wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); */ - return WOLFSSL_FAILURE; -} -#endif - -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST -long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) -{ - WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); - - if (s == NULL){ - return BAD_FUNC_ARG; - } - - if (type == TLSEXT_STATUSTYPE_ocsp){ - int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, s, - s->heap, s->devId); - return (long)r; - } else { - WOLFSSL_MSG( - "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); - return WOLFSSL_FAILURE; - } - -} - -long wolfSSL_get_tlsext_status_type(WOLFSSL *s) -{ - TLSX* extension; - - if (s == NULL) - return WOLFSSL_FATAL_ERROR; - extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST); - return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR; -} -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) -{ - (void)s; - (void)arg; - WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts"); - return WOLFSSL_FAILURE; -} -#endif - -/*** TBD ***/ -#ifndef NO_WOLFSSL_STUB -long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) -{ - (void)s; - (void)arg; - WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts"); - return WOLFSSL_FAILURE; -} -#endif - -/*** TBD ***/ -#ifndef NO_WOLFSSL_STUB -long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) -{ - (void)s; - (void)arg; - WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids"); - return WOLFSSL_FAILURE; -} -#endif - -/*** TBD ***/ -#ifndef NO_WOLFSSL_STUB -long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) -{ - (void)s; - (void)arg; - WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids"); - return WOLFSSL_FAILURE; -} -#endif - -#ifndef NO_WOLFSSL_STUB -/*** TBD ***/ -WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) -{ - (void)ssl; - WOLFSSL_STUB("SSL_get_privatekey"); - return NULL; -} -#endif - -#ifndef NO_WOLFSSL_STUB -/*** TBD ***/ -void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, - WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) -{ - (void)ctx; - (void)dh; - WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); -} -#endif - -#ifndef NO_WOLFSSL_STUB -/*** TBD ***/ -WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) -{ - WOLFSSL_STUB("SSL_COMP_get_compression_methods"); - return NULL; -} -#endif - - -int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p) -{ - WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_num"); - if (p == NULL) { - return WOLFSSL_FATAL_ERROR; - } - return (int)p->num; -} - -WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_value"); - return (WOLFSSL_CIPHER*)wolfSSL_sk_value(sk, i); -} - -#if !defined(NETOS) -void ERR_load_SSL_strings(void) -{ - -} -#endif - -#ifdef HAVE_OCSP -long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) -{ - if (s == NULL || resp == NULL) - return 0; - - *resp = s->ocspResp; - return s->ocspRespSz; -} - -long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, - int len) -{ - if (s == NULL) - return WOLFSSL_FAILURE; - - s->ocspResp = resp; - s->ocspRespSz = len; - - return WOLFSSL_SUCCESS; -} -#endif /* HAVE_OCSP */ - -#ifdef HAVE_MAX_FRAGMENT -#ifndef NO_WOLFSSL_CLIENT -/** - * Set max fragment tls extension - * @param c a pointer to WOLFSSL_CTX object - * @param mode maximum fragment length mode - * @return 1 on success, otherwise 0 or negative error code - */ -int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c, - unsigned char mode) -{ - if (c == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) - return BAD_FUNC_ARG; - - return wolfSSL_CTX_UseMaxFragment(c, mode); -} -/** - * Set max fragment tls extension - * @param c a pointer to WOLFSSL object - * @param mode maximum fragment length mode - * @return 1 on success, otherwise 0 or negative error code - */ -int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode) -{ - if (s == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 )) - return BAD_FUNC_ARG; - - return wolfSSL_UseMaxFragment(s, mode); -} -#endif /* NO_WOLFSSL_CLIENT */ -#endif /* HAVE_MAX_FRAGMENT */ - -#endif /* OPENSSL_EXTRA */ - -#ifdef WOLFSSL_HAVE_TLS_UNIQUE -size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count) -{ - byte len = 0; - - WOLFSSL_ENTER("wolfSSL_get_finished"); - - if (!ssl || !buf || count < TLS_FINISHED_SZ) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - if (ssl->options.side == WOLFSSL_SERVER_END) { - len = ssl->serverFinished_len; - XMEMCPY(buf, ssl->serverFinished, len); - } - else { - len = ssl->clientFinished_len; - XMEMCPY(buf, ssl->clientFinished, len); - } - return len; -} - -size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count) -{ - byte len = 0; - WOLFSSL_ENTER("wolfSSL_get_peer_finished"); - - if (!ssl || !buf || count < TLS_FINISHED_SZ) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - if (ssl->options.side == WOLFSSL_CLIENT_END) { - len = ssl->serverFinished_len; - XMEMCPY(buf, ssl->serverFinished, len); - } - else { - len = ssl->clientFinished_len; - XMEMCPY(buf, ssl->clientFinished, len); - } - - return len; -} -#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(OPENSSL_ALL) -long wolfSSL_get_verify_result(const WOLFSSL *ssl) -{ - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - return ssl->peerVerifyRet; -} -#endif - -#ifdef OPENSSL_EXTRA - -#ifndef NO_WOLFSSL_STUB -/* shows the number of accepts attempted by CTX in it's lifetime */ -long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_accept"); - (void)ctx; - return 0; -} -#endif - -#ifndef NO_WOLFSSL_STUB -/* shows the number of connects attempted CTX in it's lifetime */ -long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_connect"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -/* shows the number of accepts completed by CTX in it's lifetime */ -long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_accept_good"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -/* shows the number of connects completed by CTX in it's lifetime */ -long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_connect_good"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -/* shows the number of renegotiation accepts attempted by CTX */ -long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_accept_renegotiate"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -/* shows the number of renegotiation accepts attempted by CTX */ -long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_connect_renegotiate"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_hits"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_cb_hits"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_cache_full"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_misses"); - (void)ctx; - return 0; -} -#endif - - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx) -{ - WOLFSSL_STUB("wolfSSL_CTX_sess_timeouts"); - (void)ctx; - return 0; -} -#endif - - -/* Return the total number of sessions */ -long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) -{ - word32 total = 0; - - WOLFSSL_ENTER("wolfSSL_CTX_sess_number"); - (void)ctx; - -#if defined(WOLFSSL_SESSION_STATS) && !defined(NO_SESSION_CACHE) - if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting session stats"); - } -#else - WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats"); -#endif - - return (long)total; -} - - -#ifndef NO_CERTS -long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) -{ - byte* chain = NULL; - int derSz; - const byte* der; - int ret; - DerBuffer *derBuffer = NULL; - - WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert"); - - if (ctx == NULL || x509 == NULL) { - WOLFSSL_MSG("Bad Argument"); - return WOLFSSL_FAILURE; - } - - der = wolfSSL_X509_get_der(x509, &derSz); - if (der == NULL || derSz <= 0) { - WOLFSSL_MSG("Error getting X509 DER"); - return WOLFSSL_FAILURE; - } - - if (ctx->certificate == NULL) { - WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format"); - - /* Process buffer makes first certificate the leaf. */ - ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, - NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx)); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret); - return WOLFSSL_FAILURE; - } - } - else { - long chainSz = 0; - int idx = 0; - - /* TODO: Do this elsewhere. */ - ret = AllocDer(&derBuffer, derSz, CERT_TYPE, ctx->heap); - if (ret != 0) { - WOLFSSL_MSG("Memory Error"); - return WOLFSSL_FAILURE; - } - XMEMCPY(derBuffer->buffer, der, derSz); - ret = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA, - GET_VERIFY_SETTING_CTX(ctx)); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret); - return WOLFSSL_FAILURE; - } - - /* adding cert to existing chain */ - if (ctx->certChain != NULL && ctx->certChain->length > 0) { - chainSz += ctx->certChain->length; - } - chainSz += OPAQUE24_LEN + derSz; - - chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_DER); - if (chain == NULL) { - WOLFSSL_MSG("Memory Error"); - return WOLFSSL_FAILURE; - } - - if (ctx->certChain != NULL && ctx->certChain->length > 0) { - XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length); - idx = ctx->certChain->length; - } - c32to24(derSz, chain + idx); - idx += OPAQUE24_LEN; - XMEMCPY(chain + idx, der, derSz); - idx += derSz; -#ifdef WOLFSSL_TLS13 - ctx->certChainCnt++; -#endif - - FreeDer(&ctx->certChain); - ret = AllocDer(&ctx->certChain, idx, CERT_TYPE, ctx->heap); - if (ret == 0) { - XMEMCPY(ctx->certChain->buffer, chain, idx); - } - } - - /* on success WOLFSSL_X509 memory is responsibility of ctx */ - wolfSSL_X509_free(x509); - if (chain != NULL) - XFREE(chain, ctx->heap, DYNAMIC_TYPE_DER); - - return WOLFSSL_SUCCESS; -} - - -long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg) -{ - if (ctx == NULL || ctx->cm == NULL) { - return WOLFSSL_FAILURE; - } - - ctx->cm->ocspIOCtx = arg; - return WOLFSSL_SUCCESS; -} - -#endif /* !NO_CERTS */ - -int wolfSSL_get_read_ahead(const WOLFSSL* ssl) -{ - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - return ssl->readAhead; -} - - -int wolfSSL_set_read_ahead(WOLFSSL* ssl, int v) -{ - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - ssl->readAhead = (byte)v; - - return WOLFSSL_SUCCESS; -} - - -int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) -{ - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } - - return ctx->readAhead; -} - - -int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v) -{ - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } - - ctx->readAhead = (byte)v; - - return WOLFSSL_SUCCESS; -} - - -long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx, - void* arg) -{ - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } - - ctx->userPRFArg = arg; - return WOLFSSL_SUCCESS; -} - -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -int wolfSSL_sk_num(const WOLFSSL_STACK* sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_num"); - if (sk == NULL) - return 0; - return (int)sk->num; -} - -void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_value"); - - for (; sk != NULL && i > 0; i--) - sk = sk->next; - if (sk == NULL) - return NULL; - - switch (sk->type) { - case STACK_TYPE_X509: - return (void*)sk->data.x509; - case STACK_TYPE_GEN_NAME: - return (void*)sk->data.gn; - case STACK_TYPE_BIO: - return (void*)sk->data.bio; - case STACK_TYPE_OBJ: - return (void*)sk->data.obj; - case STACK_TYPE_STRING: - return (void*)sk->data.string; - case STACK_TYPE_CIPHER: - return (void*)&sk->data.cipher; - case STACK_TYPE_ACCESS_DESCRIPTION: - return (void*)sk->data.access; - case STACK_TYPE_X509_EXT: - return (void*)sk->data.ext; - case STACK_TYPE_X509_REQ_ATTR: - return (void*)sk->data.generic; - case STACK_TYPE_NULL: - return (void*)sk->data.generic; - case STACK_TYPE_X509_NAME: - return (void*)sk->data.name; - case STACK_TYPE_X509_NAME_ENTRY: - return (void*)sk->data.name_entry; - case STACK_TYPE_CONF_VALUE: - #ifdef OPENSSL_EXTRA - return (void*)sk->data.conf; - #else - return NULL; - #endif - case STACK_TYPE_X509_INFO: - return (void*)sk->data.info; - case STACK_TYPE_BY_DIR_entry: - return (void*)sk->data.dir_entry; - case STACK_TYPE_BY_DIR_hash: - return (void*)sk->data.dir_hash; - case STACK_TYPE_X509_OBJ: - return (void*)sk->data.x509_obj; - case STACK_TYPE_DIST_POINT: - return (void*)sk->data.dp; - case STACK_TYPE_X509_CRL: - return (void*)sk->data.crl; - default: - return (void*)sk->data.generic; - } -} - -/* copies over data of "in" to "out" */ -static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out) -{ - if (in == NULL || out == NULL) - return; - - *out = *in; -} - -WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) -{ - - WOLFSSL_STACK* ret = NULL; - WOLFSSL_STACK* last = NULL; - - WOLFSSL_ENTER("wolfSSL_sk_dup"); - - while (sk) { - WOLFSSL_STACK* cur = wolfSSL_sk_new_node(sk->heap); - - if (!cur) { - WOLFSSL_MSG("wolfSSL_sk_new_node error"); - goto error; - } - - if (!ret) { - /* Set first node */ - ret = cur; - } - - if (last) { - last->next = cur; - } - - XMEMCPY(cur, sk, sizeof(WOLFSSL_STACK)); - - /* We will allocate new memory for this */ - XMEMSET(&cur->data, 0, sizeof(cur->data)); - cur->next = NULL; - - switch (sk->type) { - case STACK_TYPE_X509: - if (!sk->data.x509) - break; - cur->data.x509 = wolfSSL_X509_dup(sk->data.x509); - if (!cur->data.x509) { - WOLFSSL_MSG("wolfSSL_X509_dup error"); - goto error; - } - break; - case STACK_TYPE_CIPHER: - wolfSSL_CIPHER_copy(&sk->data.cipher, &cur->data.cipher); - break; - case STACK_TYPE_GEN_NAME: - if (!sk->data.gn) - break; - cur->data.gn = wolfSSL_GENERAL_NAME_dup(sk->data.gn); - if (!cur->data.gn) { - WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error"); - goto error; - } - break; - case STACK_TYPE_OBJ: - if (!sk->data.obj) - break; - cur->data.obj = wolfSSL_ASN1_OBJECT_dup(sk->data.obj); - if (!cur->data.obj) { - WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup error"); - goto error; - } - break; - case STACK_TYPE_BIO: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - WOLFSSL_MSG("Unsupported stack type"); - goto error; - } - - sk = sk->next; - last = cur; - } - return ret; - -error: - if (ret) { - wolfSSL_sk_GENERAL_NAME_free(ret); - } - return NULL; -} - - -WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk) -{ - - WOLFSSL_STACK* ret = NULL; - WOLFSSL_STACK** prev = &ret; - - WOLFSSL_ENTER("wolfSSL_shallow_sk_dup"); - - for (; sk != NULL; sk = sk->next) { - WOLFSSL_STACK* cur = wolfSSL_sk_new_node(sk->heap); - - if (!cur) { - WOLFSSL_MSG("wolfSSL_sk_new_node error"); - goto error; - } - - XMEMCPY(cur, sk, sizeof(WOLFSSL_STACK)); - cur->next = NULL; - - *prev = cur; - prev = &cur->next; - } - return ret; - -error: - if (ret) { - wolfSSL_sk_free(ret); - } - return NULL; -} - -/* Free the just the stack structure */ -void wolfSSL_sk_free(WOLFSSL_STACK* sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_free"); - - while (sk != NULL) { - WOLFSSL_STACK* next = sk->next; - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); - sk = next; - } -} - -/* Frees each node in the stack and frees the stack. - */ -void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, - void (*f) (void*)) -{ - WOLFSSL_ENTER("wolfSSL_sk_GENERIC_pop_free"); - wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); -} - -/* return 1 on success 0 on fail */ -int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic) -{ - WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push"); - - return wolfSSL_sk_push(sk, generic); -} -void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk) -{ - wolfSSL_sk_free(sk); -} - -/* Pop off data from the stack. Checks that the type matches the stack type. - * - * @param [in, out] sk Stack of objects. - * @param [in] type Type of stack. - * @return Object on success. - * @return NULL when stack is NULL or no nodes left in stack. - */ -void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type) -{ - WOLFSSL_STACK* node; - void* data = NULL; - - /* Check we have a stack passed in of the right type. */ - if ((sk != NULL) && (sk->type == type)) { - /* Get the next node to become the new first node. */ - node = sk->next; - /* Get the ASN.1 OBJECT_ID object in the first node. */ - data = sk->data.generic; - - /* Check whether there is a next node. */ - if (node != NULL) { - /* Move content out of next node into current node. */ - sk->data.obj = node->data.obj; - sk->next = node->next; - /* Dispose of node. */ - XFREE(node, NULL, DYNAMIC_TYPE_ASN1); - } - else { - /* No more nodes - clear out data. */ - sk->data.obj = NULL; - } - - /* Decrement count as long as we thought we had nodes. */ - if (sk->num > 0) { - sk->num -= 1; - } - } - - return data; -} - -/* Free all nodes in a stack including the pushed objects */ -void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, - wolfSSL_sk_freefunc func) -{ - WOLFSSL_ENTER("wolfSSL_sk_pop_free"); - - if (sk == NULL) { - /* pop_free can be called with NULL, do not print bad argument */ - return; - } - #if defined(WOLFSSL_QT) - /* In Qt v15.5, it calls OPENSSL_sk_free(xxx, OPENSSL_sk_free). - * By using OPENSSL_sk_free for free causes access violation. - * Therefore, switching free func to wolfSSL_ACCESS_DESCRIPTION_free - * is needed even the func isn't NULL. - */ - if (sk->type == STACK_TYPE_ACCESS_DESCRIPTION) { - func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free; - } - #endif - if (func == NULL) { - switch(sk->type) { - case STACK_TYPE_ACCESS_DESCRIPTION: - #if defined(OPENSSL_ALL) - func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free; - #endif - break; - case STACK_TYPE_X509: - func = (wolfSSL_sk_freefunc)wolfSSL_X509_free; - break; - case STACK_TYPE_X509_OBJ: - #ifdef OPENSSL_ALL - func = (wolfSSL_sk_freefunc)wolfSSL_X509_OBJECT_free; - #endif - break; - case STACK_TYPE_OBJ: - func = (wolfSSL_sk_freefunc)wolfSSL_ASN1_OBJECT_free; - break; - case STACK_TYPE_DIST_POINT: - #ifdef OPENSSL_EXTRA - func = (wolfSSL_sk_freefunc)wolfSSL_DIST_POINT_free; - #endif - break; - case STACK_TYPE_GEN_NAME: - func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free; - break; - case STACK_TYPE_STRING: - #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - func = (wolfSSL_sk_freefunc)wolfSSL_WOLFSSL_STRING_free; - #endif - break; - case STACK_TYPE_X509_NAME: - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_free; - #endif - break; - case STACK_TYPE_X509_NAME_ENTRY: - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_ENTRY_free; - #endif - break; - case STACK_TYPE_X509_EXT: - #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free; - #endif - break; - case STACK_TYPE_X509_REQ_ATTR: - #if defined(OPENSSL_ALL) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ)) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free; - #endif - break; - case STACK_TYPE_CONF_VALUE: - #if defined(OPENSSL_ALL) - func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free; - #endif - break; - case STACK_TYPE_X509_INFO: - #if defined(OPENSSL_ALL) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_INFO_free; - #endif - break; - case STACK_TYPE_BIO: -#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) - func = (wolfSSL_sk_freefunc)wolfSSL_BIO_vfree; -#endif - break; - case STACK_TYPE_BY_DIR_entry: -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_entry_free; -#endif - break; - case STACK_TYPE_BY_DIR_hash: -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free; -#endif - break; - case STACK_TYPE_X509_CRL: -#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) - func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free; -#endif - break; - case STACK_TYPE_CIPHER: - case STACK_TYPE_NULL: - default: - break; - } - } - - while (sk != NULL) { - WOLFSSL_STACK* next = sk->next; - - if (func != NULL) { - if (sk->type != STACK_TYPE_CIPHER) - func(sk->data.generic); - } - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); - sk = next; - } -} - -/* Creates a new stack of the requested type. - * - * @param [in] type Type of stack. - * @return Empty stack on success. - * @return NULL when dynamic memory allocation fails. - */ -WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type) -{ - WOLFSSL_STACK* sk; - - /* Allocate a new stack - first node. */ - sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_OPENSSL); - if (sk == NULL) { - WOLFSSL_MSG("WOLFSSL_STACK memory error"); - } - else { - /* Clear node and set type. */ - XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); - sk->type = type; - } - - return sk; -} - -/* Creates and returns a new null stack. */ -WOLFSSL_STACK* wolfSSL_sk_new_null(void) -{ - WOLFSSL_ENTER("wolfSSL_sk_new_null"); - - return wolfssl_sk_new_type(STACK_TYPE_NULL); -} - -int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk) -{ - if (sk == NULL) - return 0; - return (int)sk->num; -} - -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ - defined(HAVE_EXT_CACHE)) -/* stunnel 4.28 needs - * - * Callback that is called if a session tries to resume but could not find - * the session to resume it. - */ -void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, - WOLFSSL_SESSION*(*f)(WOLFSSL*, const unsigned char*, int, int*)) -{ - if (ctx == NULL) - return; - -#ifdef HAVE_EXT_CACHE - ctx->get_sess_cb = f; -#else - (void)f; -#endif -} - -void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx, - int (*f)(WOLFSSL*, WOLFSSL_SESSION*)) -{ - if (ctx == NULL) - return; - -#ifdef HAVE_EXT_CACHE - ctx->new_sess_cb = f; -#else - (void)f; -#endif -} - -void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*, - WOLFSSL_SESSION*)) -{ - if (ctx == NULL) - return; - -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - ctx->rem_sess_cb = f; -#else - (void)f; -#endif -} - - -/* - * - * Note: It is expected that the importing and exporting function have been - * built with the same settings. For example if session tickets was - * enabled with the wolfSSL library exporting a session then it is - * expected to be turned on with the wolfSSL library importing the session. - */ -int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) -{ - int size = 0; -#ifdef HAVE_EXT_CACHE - int idx = 0; -#ifdef SESSION_CERTS - int i; -#endif - - WOLFSSL_ENTER("wolfSSL_i2d_SSL_SESSION"); - - sess = ClientSessionToSession(sess); - if (sess == NULL) { - return BAD_FUNC_ARG; - } - - /* side | bornOn | timeout | sessionID len | sessionID | masterSecret | - * haveEMS */ - size += OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN + - sess->sessionIDSz + SECRET_LEN + OPAQUE8_LEN; - /* altSessionID */ - size += OPAQUE8_LEN + (sess->haveAltSessionID ? ID_LEN : 0); -#ifdef SESSION_CERTS - /* Peer chain */ - size += OPAQUE8_LEN; - for (i = 0; i < sess->chain.count; i++) - size += OPAQUE16_LEN + sess->chain.certs[i].length; -#endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - /* Protocol version */ - size += OPAQUE16_LEN; -#endif -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - /* cipher suite */ - size += OPAQUE16_LEN; -#endif -#ifndef NO_CLIENT_CACHE - /* ServerID len | ServerID */ - size += OPAQUE16_LEN + sess->idLen; -#endif -#ifdef WOLFSSL_SESSION_ID_CTX - /* session context ID len | session context ID */ - size += OPAQUE8_LEN + sess->sessionCtxSz; -#endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - /* peerVerifyRet */ - size += OPAQUE8_LEN; -#endif -#ifdef WOLFSSL_TLS13 - /* namedGroup */ - size += OPAQUE16_LEN; -#endif -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_32BIT_MILLI_TIME - /* ticketSeen | ticketAdd */ - size += OPAQUE32_LEN + OPAQUE32_LEN; -#else - /* ticketSeen Hi 32 bits | ticketSeen Lo 32 bits | ticketAdd */ - size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE32_LEN; -#endif - /* ticketNonce */ - size += OPAQUE8_LEN + sess->ticketNonce.len; -#endif -#ifdef WOLFSSL_EARLY_DATA - size += OPAQUE32_LEN; -#endif -#endif -#ifdef HAVE_SESSION_TICKET - /* ticket len | ticket */ - size += OPAQUE16_LEN + sess->ticketLen; -#endif - - if (p != NULL) { - unsigned char *data; - - if (*p == NULL) - *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL); - if (*p == NULL) - return 0; - data = *p; - - data[idx++] = sess->side; - c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN; - c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN; - data[idx++] = sess->sessionIDSz; - XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz); - idx += sess->sessionIDSz; - XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN; - data[idx++] = (byte)sess->haveEMS; - data[idx++] = sess->haveAltSessionID ? ID_LEN : 0; - if (sess->haveAltSessionID) { - XMEMCPY(data + idx, sess->altSessionID, ID_LEN); - idx += ID_LEN; - } -#ifdef SESSION_CERTS - data[idx++] = (byte)sess->chain.count; - for (i = 0; i < sess->chain.count; i++) { - c16toa((word16)sess->chain.certs[i].length, data + idx); - idx += OPAQUE16_LEN; - XMEMCPY(data + idx, sess->chain.certs[i].buffer, - sess->chain.certs[i].length); - idx += sess->chain.certs[i].length; - } -#endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - data[idx++] = sess->version.major; - data[idx++] = sess->version.minor; -#endif -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - data[idx++] = sess->cipherSuite0; - data[idx++] = sess->cipherSuite; -#endif -#ifndef NO_CLIENT_CACHE - c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN; - XMEMCPY(data + idx, sess->serverID, sess->idLen); - idx += sess->idLen; -#endif -#ifdef WOLFSSL_SESSION_ID_CTX - data[idx++] = sess->sessionCtxSz; - XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz); - idx += sess->sessionCtxSz; -#endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - data[idx++] = sess->peerVerifyRet; -#endif -#ifdef WOLFSSL_TLS13 - c16toa(sess->namedGroup, data + idx); - idx += OPAQUE16_LEN; -#endif -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_32BIT_MILLI_TIME - c32toa(sess->ticketSeen, data + idx); - idx += OPAQUE32_LEN; -#else - c32toa((word32)(sess->ticketSeen >> 32), data + idx); - idx += OPAQUE32_LEN; - c32toa((word32)sess->ticketSeen, data + idx); - idx += OPAQUE32_LEN; -#endif - c32toa(sess->ticketAdd, data + idx); - idx += OPAQUE32_LEN; - data[idx++] = sess->ticketNonce.len; - XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len); - idx += sess->ticketNonce.len; -#endif -#ifdef WOLFSSL_EARLY_DATA - c32toa(sess->maxEarlyDataSz, data + idx); - idx += OPAQUE32_LEN; -#endif -#endif -#ifdef HAVE_SESSION_TICKET - c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN; - XMEMCPY(data + idx, sess->ticket, sess->ticketLen); - idx += sess->ticketLen; -#endif - } -#endif - - (void)sess; - (void)p; -#ifdef HAVE_EXT_CACHE - (void)idx; -#endif - - return size; -} - - -/* TODO: no function to free new session. - * - * Note: It is expected that the importing and exporting function have been - * built with the same settings. For example if session tickets was - * enabled with the wolfSSL library exporting a session then it is - * expected to be turned on with the wolfSSL library importing the session. - */ -WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, - const unsigned char** p, long i) -{ - WOLFSSL_SESSION* s = NULL; - int ret = 0; -#if defined(HAVE_EXT_CACHE) - int idx = 0; - byte* data; -#ifdef SESSION_CERTS - int j; - word16 length; -#endif -#endif /* HAVE_EXT_CACHE */ - - (void)p; - (void)i; - (void)ret; - (void)sess; - -#ifdef HAVE_EXT_CACHE - if (p == NULL || *p == NULL) - return NULL; - - s = wolfSSL_SESSION_new(); - if (s == NULL) - return NULL; - - idx = 0; - data = (byte*)*p; - - /* side | bornOn | timeout | sessionID len */ - if (i < OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->side = data[idx++]; - ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN; - ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN; - s->sessionIDSz = data[idx++]; - - /* sessionID | secret | haveEMS | haveAltSessionID */ - if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->sessionID, data + idx, s->sessionIDSz); - idx += s->sessionIDSz; - XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN; - s->haveEMS = data[idx++]; - if (data[idx] != ID_LEN && data[idx] != 0) { - ret = BUFFER_ERROR; - goto end; - } - s->haveAltSessionID = data[idx++] == ID_LEN; - - /* altSessionID */ - if (s->haveAltSessionID) { - if (i - idx < ID_LEN) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->altSessionID, data + idx, ID_LEN); idx += ID_LEN; - } - -#ifdef SESSION_CERTS - /* Certificate chain */ - if (i - idx == 0) { - ret = BUFFER_ERROR; - goto end; - } - s->chain.count = data[idx++]; - for (j = 0; j < s->chain.count; j++) { - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - ato16(data + idx, &length); idx += OPAQUE16_LEN; - s->chain.certs[j].length = length; - if (i - idx < length) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->chain.certs[j].buffer, data + idx, length); - idx += length; - } -#endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - /* Protocol Version */ - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->version.major = data[idx++]; - s->version.minor = data[idx++]; -#endif -#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - /* Cipher suite */ - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->cipherSuite0 = data[idx++]; - s->cipherSuite = data[idx++]; -#endif -#ifndef NO_CLIENT_CACHE - /* ServerID len */ - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN; - - /* ServerID */ - if (i - idx < s->idLen) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen; -#endif -#ifdef WOLFSSL_SESSION_ID_CTX - /* byte for length of session context ID */ - if (i - idx < OPAQUE8_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->sessionCtxSz = data[idx++]; - - /* app session context ID */ - if (i - idx < s->sessionCtxSz) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz; -#endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - /* byte for peerVerifyRet */ - if (i - idx < OPAQUE8_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->peerVerifyRet = data[idx++]; -#endif -#ifdef WOLFSSL_TLS13 - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - ato16(data + idx, &s->namedGroup); - idx += OPAQUE16_LEN; -#endif -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifdef WOLFSSL_TLS13 - if (i - idx < (OPAQUE32_LEN * 2)) { - ret = BUFFER_ERROR; - goto end; - } -#ifdef WOLFSSL_32BIT_MILLI_TIME - ato32(data + idx, &s->ticketSeen); - idx += OPAQUE32_LEN; -#else - { - word32 seenHi, seenLo; - - ato32(data + idx, &seenHi); - idx += OPAQUE32_LEN; - ato32(data + idx, &seenLo); - idx += OPAQUE32_LEN; - s->ticketSeen = ((sword64)seenHi << 32) + seenLo; - } -#endif - ato32(data + idx, &s->ticketAdd); - idx += OPAQUE32_LEN; - if (i - idx < OPAQUE8_LEN) { - ret = BUFFER_ERROR; - goto end; - } - s->ticketNonce.len = data[idx++]; - - if (i - idx < s->ticketNonce.len) { - ret = BUFFER_ERROR; - goto end; - } -#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = SessionTicketNoncePopulate(s, data + idx, s->ticketNonce.len); - if (ret != 0) - goto end; -#else - if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len); -#endif /* defined(WOLFSSL_TICKET_NONCE_MALLOC) && FIPS_VERSION_GE(5,3) */ - - idx += s->ticketNonce.len; -#endif -#ifdef WOLFSSL_EARLY_DATA - if (i - idx < OPAQUE32_LEN) { - ret = BUFFER_ERROR; - goto end; - } - ato32(data + idx, &s->maxEarlyDataSz); - idx += OPAQUE32_LEN; -#endif -#endif -#ifdef HAVE_SESSION_TICKET - /* ticket len */ - if (i - idx < OPAQUE16_LEN) { - ret = BUFFER_ERROR; - goto end; - } - ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN; - - /* Dispose of ol dynamic ticket and ensure space for new ticket. */ - if (s->ticketLenAlloc > 0) { - XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); - } - if (s->ticketLen <= SESSION_TICKET_LEN) - s->ticket = s->staticTicket; - else { - s->ticket = (byte*)XMALLOC(s->ticketLen, NULL, - DYNAMIC_TYPE_SESSION_TICK); - if (s->ticket == NULL) { - ret = MEMORY_ERROR; - goto end; - } - s->ticketLenAlloc = (word16)s->ticketLen; - } - - /* ticket */ - if (i - idx < s->ticketLen) { - ret = BUFFER_ERROR; - goto end; - } - XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen; -#endif - (void)idx; - - if (sess != NULL) { - *sess = s; - } - - s->isSetup = 1; - - *p += idx; - -end: - if (ret != 0 && (sess == NULL || *sess != s)) { - wolfSSL_FreeSession(NULL, s); - s = NULL; - } -#endif /* HAVE_EXT_CACHE */ - return s; -} - -/* Check if there is a session ticket associated with this WOLFSSL_SESSION. - * - * sess - pointer to WOLFSSL_SESSION struct - * - * Returns 1 if has session ticket, otherwise 0 */ -int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket"); -#ifdef HAVE_SESSION_TICKET - sess = ClientSessionToSession(sess); - if (sess) { - if ((sess->ticketLen > 0) && (sess->ticket != NULL)) { - return WOLFSSL_SUCCESS; - } - } -#else - (void)sess; -#endif - return WOLFSSL_FAILURE; -} - -unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( - const WOLFSSL_SESSION* sess) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint"); - sess = ClientSessionToSession(sess); - if (sess) { - return sess->timeout; - } - return 0; -} - -long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess) -{ - long timeout = 0; - WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout"); - sess = ClientSessionToSession(sess); - if (sess) - timeout = sess->timeout; - return timeout; -} - -long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t) -{ - word32 tmptime; - - ses = ClientSessionToSession(ses); - if (ses == NULL || t < 0) { - return BAD_FUNC_ARG; - } - - tmptime = t & 0xFFFFFFFF; - ses->timeout = tmptime; - - return WOLFSSL_SUCCESS; -} - -long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess) -{ - long bornOn = 0; - WOLFSSL_ENTER("wolfSSL_SESSION_get_time"); - sess = ClientSessionToSession(sess); - if (sess) - bornOn = sess->bornOn; - return bornOn; -} - -long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t) -{ - - ses = ClientSessionToSession(ses); - if (ses == NULL || t < 0) { - return 0; - } - ses->bornOn = (word32)t; - return t; -} - -#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */ - -#ifdef OPENSSL_EXTRA - -#if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM) -int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) -{ - int ret = WOLFSSL_FATAL_ERROR; - - WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file"); - if (ssl != NULL && fname != NULL) - { - #ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ - #else - byte staticBuffer[FILE_BUFFER_SIZE]; - #endif - byte* myBuffer = staticBuffer; - int dynamic = 0; - XFILE file; - long sz = 0; - WOLFSSL_CTX* ctx = ssl->ctx; - WOLFSSL_X509* peer_cert = &ssl->peerCert; - DerBuffer* fileDer = NULL; - - file = XFOPEN(fname, "rb"); - if (file == XBADFILE) - return WOLFSSL_BAD_FILE; - - if (XFSEEK(file, 0, XSEEK_END) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; - } - sz = XFTELL(file); - if (XFSEEK(file, 0, XSEEK_SET) != 0) { - XFCLOSE(file); - return WOLFSSL_BAD_FILE; - } - - if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) { - WOLFSSL_MSG("cmp_peer_cert_to_file size error"); - XFCLOSE(file); - return WOLFSSL_BAD_FILE; - } - - if (sz > (long)sizeof(staticBuffer)) { - WOLFSSL_MSG("Getting dynamic buffer"); - myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); - dynamic = 1; - } - - if ((myBuffer != NULL) && - (sz > 0) && - (XFREAD(myBuffer, 1, sz, file) == (size_t)sz) && - (PemToDer(myBuffer, (long)sz, CERT_TYPE, - &fileDer, ctx->heap, NULL, NULL) == 0) && - (fileDer->length != 0) && - (fileDer->length == peer_cert->derCert->length) && - (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer, - fileDer->length) == 0)) - { - ret = 0; - } - - FreeDer(&fileDer); - - if (dynamic) - XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); - - XFCLOSE(file); - } - - return ret; -} -#endif -#endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -const WOLFSSL_ObjectInfo wolfssl_object_info[] = { -#ifndef NO_CERTS - /* oidCertExtType */ - { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints", - "X509v3 Basic Constraints"}, - { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName", - "X509v3 Subject Alternative Name"}, - { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, "crlDistributionPoints", - "X509v3 CRL Distribution Points"}, - { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess", - "Authority Information Access"}, - { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType, - "authorityKeyIdentifier", "X509v3 Authority Key Identifier"}, - { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType, - "subjectKeyIdentifier", "X509v3 Subject Key Identifier"}, - { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage", - "X509v3 Key Usage"}, - { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType, - "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"}, - { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType, - "extendedKeyUsage", "X509v3 Extended Key Usage"}, - { NID_name_constraints, NAME_CONS_OID, oidCertExtType, - "nameConstraints", "X509v3 Name Constraints"}, - { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, - "certificatePolicies", "X509v3 Certificate Policies"}, - - /* oidCertAuthInfoType */ - { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP", - "OCSP"}, - { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType, - "caIssuers", "CA Issuers"}, - - /* oidCertPolicyType */ - { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy", - "X509v3 Any Policy"}, - - /* oidCertAltNameType */ - { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""}, - - /* oidCertKeyUseType */ - { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, - "anyExtendedKeyUsage", "Any Extended Key Usage"}, - { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType, - "serverAuth", "TLS Web Server Authentication"}, - { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType, - "clientAuth", "TLS Web Client Authentication"}, - { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType, - "OCSPSigning", "OCSP Signing"}, - - /* oidCertNameType */ - { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"}, -#if !defined(WOLFSSL_CERT_REQ) - { NID_surname, NID_surname, oidCertNameType, "SN", "surname"}, -#endif - { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber", - "serialNumber"}, - { NID_userId, NID_userId, oidCertNameType, "UID", "userid"}, - { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"}, - { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"}, - { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST", - "stateOrProvinceName"}, - { NID_streetAddress, NID_streetAddress, oidCertNameType, "street", - "streetAddress"}, - { NID_organizationName, NID_organizationName, oidCertNameType, "O", - "organizationName"}, - { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType, - "OU", "organizationalUnitName"}, - { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress", - "emailAddress"}, - { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC", - "domainComponent"}, - { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink", - "favouriteDrink"}, - { NID_businessCategory, NID_businessCategory, oidCertNameType, "businessCategory", - "businessCategory"}, - { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType, "jurisdictionC", - "jurisdictionCountryName"}, - { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName, - oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"}, - { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", "postalCode"}, - { NID_userId, NID_userId, oidCertNameType, "UID", "userId"}, - -#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL) - { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, - oidCsrAttrType, "challengePassword", "challengePassword"}, - { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, - oidCsrAttrType, "contentType", "contentType" }, - { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, - oidCsrAttrType, "unstructuredName", "unstructuredName" }, - { NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, - { NID_surname, SURNAME_OID, - oidCsrAttrType, "surname", "surname" }, - { NID_givenName, GIVEN_NAME_OID, - oidCsrAttrType, "givenName", "givenName" }, - { NID_initials, INITIALS_OID, - oidCsrAttrType, "initials", "initials" }, - { NID_dnQualifier, DNQUALIFIER_OID, - oidCsrAttrType, "dnQualifer", "dnQualifier" }, -#endif -#endif -#ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ - /* oidHashType */ - #ifdef WOLFSSL_MD2 - { NID_md2, MD2h, oidHashType, "MD2", "md2"}, - #endif - #ifdef WOLFSSL_MD5 - { NID_md5, MD5h, oidHashType, "MD5", "md5"}, - #endif - #ifndef NO_SHA - { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"}, - #endif - #ifdef WOLFSSL_SHA224 - { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"}, - #endif - #ifndef NO_SHA256 - { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"}, - #endif - #ifdef WOLFSSL_SHA384 - { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"}, - #endif - #ifdef WOLFSSL_SHA512 - { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, - #endif - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, - #endif - #ifndef WOLFSSL_NOSHA3_256 - { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, - #endif - #ifndef WOLFSSL_NOSHA3_384 - { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, - #endif - #ifndef WOLFSSL_NOSHA3_512 - { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, - #endif - #endif /* WOLFSSL_SHA3 */ - #ifdef WOLFSSL_SM3 - { NID_sm3, SM3h, oidHashType, "SM3", "sm3"}, - #endif - /* oidSigType */ - #ifndef NO_DSA - #ifndef NO_SHA - { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"}, - { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256", - "dsa_with_SHA256"}, - #endif - #endif /* NO_DSA */ - #ifndef NO_RSA - #ifdef WOLFSSL_MD2 - { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2", - "md2WithRSAEncryption"}, - #endif - #ifndef NO_MD5 - { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5", - "md5WithRSAEncryption"}, - #endif - #ifndef NO_SHA - { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1", - "sha1WithRSAEncryption"}, - #endif - #ifdef WOLFSSL_SHA224 - { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224", - "sha224WithRSAEncryption"}, - #endif - #ifndef NO_SHA256 - { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256", - "sha256WithRSAEncryption"}, - #endif - #ifdef WOLFSSL_SHA384 - { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384", - "sha384WithRSAEncryption"}, - #endif - #ifdef WOLFSSL_SHA512 - { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512", - "sha512WithRSAEncryption"}, - #endif - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224", - "sha3-224WithRSAEncryption"}, - #endif - #ifndef WOLFSSL_NOSHA3_256 - { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256", - "sha3-256WithRSAEncryption"}, - #endif - #ifndef WOLFSSL_NOSHA3_384 - { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384", - "sha3-384WithRSAEncryption"}, - #endif - #ifndef WOLFSSL_NOSHA3_512 - { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512", - "sha3-512WithRSAEncryption"}, - #endif - #endif - #ifdef WC_RSA_PSS - { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" }, - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - #ifndef NO_SHA - { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", "shaWithECDSA"}, - #endif - #ifdef WOLFSSL_SHA224 - { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType, "ecdsa-with-SHA224","sha224WithECDSA"}, - #endif - #ifndef NO_SHA256 - { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType, "ecdsa-with-SHA256","sha256WithECDSA"}, - #endif - #ifdef WOLFSSL_SHA384 - { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType, "ecdsa-with-SHA384","sha384WithECDSA"}, - #endif - #ifdef WOLFSSL_SHA512 - { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType, "ecdsa-with-SHA512","sha512WithECDSA"}, - #endif - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType, "id-ecdsa-with-SHA3-224", - "ecdsa_with_SHA3-224"}, - #endif - #ifndef WOLFSSL_NOSHA3_256 - { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType, "id-ecdsa-with-SHA3-256", - "ecdsa_with_SHA3-256"}, - #endif - #ifndef WOLFSSL_NOSHA3_384 - { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType, "id-ecdsa-with-SHA3-384", - "ecdsa_with_SHA3-384"}, - #endif - #ifndef WOLFSSL_NOSHA3_512 - { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType, "id-ecdsa-with-SHA3-512", - "ecdsa_with_SHA3-512"}, - #endif - #endif - #endif /* HAVE_ECC */ - - /* oidKeyType */ - #ifndef NO_DSA - { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"}, - #endif /* NO_DSA */ - #ifndef NO_RSA - { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", "rsaEncryption"}, - #ifdef WC_RSA_PSS - { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"}, - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey", - "id-ecPublicKey"}, - #endif /* HAVE_ECC */ - #ifndef NO_DH - { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", "dhKeyAgreement"}, - #endif - #ifdef HAVE_ED448 - { NID_ED448, ED448k, oidKeyType, "ED448", "ED448"}, - #endif - #ifdef HAVE_ED25519 - { NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"}, - #endif - #ifdef HAVE_PQC - #ifdef HAVE_FALCON - { CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1", - "Falcon Level 1"}, - { CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5", - "Falcon Level 5"}, - #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM - { CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType, - "Dilithium Level 2", "Dilithium Level 2"}, - { CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType, - "Dilithium Level 3", "Dilithium Level 3"}, - { CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType, - "Dilithium Level 5", "Dilithium Level 5"}, - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ - - /* oidCurveType */ - #ifdef HAVE_ECC - { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", "prime192v1"}, - { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", "prime192v2"}, - { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", "prime192v3"}, - - { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", "prime239v1"}, - { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", "prime239v2"}, - { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", "prime239v3"}, - - { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", "prime256v1"}, - - { NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", "secp112r1"}, - { NID_secp112r2, ECC_SECP112R2_OID, oidCurveType, "secp112r2", "secp112r2"}, - - { NID_secp128r1, ECC_SECP128R1_OID, oidCurveType, "secp128r1", "secp128r1"}, - { NID_secp128r2, ECC_SECP128R2_OID, oidCurveType, "secp128r2", "secp128r2"}, - - { NID_secp160r1, ECC_SECP160R1_OID, oidCurveType, "secp160r1", "secp160r1"}, - { NID_secp160r2, ECC_SECP160R2_OID, oidCurveType, "secp160r2", "secp160r2"}, - - { NID_secp224r1, ECC_SECP224R1_OID, oidCurveType, "secp224r1", "secp224r1"}, - { NID_secp384r1, ECC_SECP384R1_OID, oidCurveType, "secp384r1", "secp384r1"}, - { NID_secp521r1, ECC_SECP521R1_OID, oidCurveType, "secp521r1", "secp521r1"}, - - { NID_secp160k1, ECC_SECP160K1_OID, oidCurveType, "secp160k1", "secp160k1"}, - { NID_secp192k1, ECC_SECP192K1_OID, oidCurveType, "secp192k1", "secp192k1"}, - { NID_secp224k1, ECC_SECP224K1_OID, oidCurveType, "secp224k1", "secp224k1"}, - { NID_secp256k1, ECC_SECP256K1_OID, oidCurveType, "secp256k1", "secp256k1"}, - - { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID, oidCurveType, "brainpoolP160r1", "brainpoolP160r1"}, - { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID, oidCurveType, "brainpoolP192r1", "brainpoolP192r1"}, - { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID, oidCurveType, "brainpoolP224r1", "brainpoolP224r1"}, - { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID, oidCurveType, "brainpoolP256r1", "brainpoolP256r1"}, - { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID, oidCurveType, "brainpoolP320r1", "brainpoolP320r1"}, - { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID, oidCurveType, "brainpoolP384r1", "brainpoolP384r1"}, - { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID, oidCurveType, "brainpoolP512r1", "brainpoolP512r1"}, - - #ifdef WOLFSSL_SM2 - { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"}, - #endif - #endif /* HAVE_ECC */ - - /* oidBlkType */ - #ifdef WOLFSSL_AES_128 - { AES128CBCb, AES128CBCb, oidBlkType, "AES-128-CBC", "aes-128-cbc"}, - #endif - #ifdef WOLFSSL_AES_192 - { AES192CBCb, AES192CBCb, oidBlkType, "AES-192-CBC", "aes-192-cbc"}, - #endif - #ifdef WOLFSSL_AES_256 - { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"}, - #endif - #ifndef NO_DES3 - { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"}, - { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"}, - #endif /* !NO_DES3 */ - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType, "ChaCha20-Poly1305", "chacha20-poly1305"}, - #endif - - /* oidOcspType */ - #ifdef HAVE_OCSP - { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "basicOCSPResponse", - "Basic OCSP Response"}, - { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", - "OCSP Nonce"}, - #endif /* HAVE_OCSP */ - - #ifndef NO_PWDBASED - /* oidKdfType */ - { PBKDF2_OID, PBKDF2_OID, oidKdfType, "PBKDFv2", "PBKDF2"}, - - /* oidPBEType */ - { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType, - "PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4"}, - { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE-SHA1-DES", - "pbeWithSHA1AndDES-CBC"}, - { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE-SHA1-3DES", - "pbeWithSHA1And3-KeyTripleDES-CBC"}, - #endif - - /* oidKeyWrapType */ - #ifdef WOLFSSL_AES_128 - { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap", "aes128-wrap"}, - #endif - #ifdef WOLFSSL_AES_192 - { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap", "aes192-wrap"}, - #endif - #ifdef WOLFSSL_AES_256 - { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap", "aes256-wrap"}, - #endif - - #ifndef NO_PKCS7 - #ifndef NO_DH - /* oidCmsKeyAgreeType */ - #ifndef NO_SHA - { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme, - oidCmsKeyAgreeType, "dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme"}, - #endif - #ifdef WOLFSSL_SHA224 - { dhSinglePass_stdDH_sha224kdf_scheme, - dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType, - "dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme"}, - #endif - #ifndef NO_SHA256 - { dhSinglePass_stdDH_sha256kdf_scheme, - dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType, - "dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme"}, - #endif - #ifdef WOLFSSL_SHA384 - { dhSinglePass_stdDH_sha384kdf_scheme, - dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType, - "dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme"}, - #endif - #ifdef WOLFSSL_SHA512 - { dhSinglePass_stdDH_sha512kdf_scheme, - dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType, - "dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme"}, - #endif - #endif - #endif - #if defined(WOLFSSL_APACHE_HTTPD) - /* "1.3.6.1.5.5.7.8.7" */ - { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType, - WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV }, - - /* "1.3.6.1.4.1.311.20.2.3" */ - { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN, - WOLFSSL_LN_MS_UPN }, - - /* "1.3.6.1.5.5.7.1.24" */ - { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType, - WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE }, - #endif -#endif /* OPENSSL_EXTRA */ -}; - -#define WOLFSSL_OBJECT_INFO_SZ \ - (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info)) -const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ; -#endif - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Free the dynamically allocated data. - * - * p Pointer to dynamically allocated memory. - */ -void wolfSSL_OPENSSL_free(void* p) -{ - WOLFSSL_MSG("wolfSSL_OPENSSL_free"); - - XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); -} -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#ifdef OPENSSL_EXTRA - -void *wolfSSL_OPENSSL_malloc(size_t a) -{ - return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); -} - -int wolfSSL_OPENSSL_hexchar2int(unsigned char c) -{ - /* 'char' is unsigned on some platforms. */ - return (int)(signed char)HexCharToByte((char)c); -} - -unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len) -{ - unsigned char* targetBuf; - int srcDigitHigh = 0; - int srcDigitLow = 0; - size_t srcLen; - size_t srcIdx = 0; - long targetIdx = 0; - - srcLen = XSTRLEN(str); - targetBuf = (unsigned char*)XMALLOC(srcLen / 2, NULL, DYNAMIC_TYPE_OPENSSL); - if (targetBuf == NULL) { - return NULL; - } - - while (srcIdx < srcLen) { - if (str[srcIdx] == ':') { - srcIdx++; - continue; - } - - srcDigitHigh = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]); - srcDigitLow = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]); - if (srcDigitHigh < 0 || srcDigitLow < 0) { - WOLFSSL_MSG("Invalid hex character."); - XFREE(targetBuf, NULL, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - - targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) | srcDigitLow); - } - - if (len != NULL) - *len = targetIdx; - - return targetBuf; -} - -int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) -{ - (void)opts; - (void)settings; - return wolfSSL_library_init(); -} - -int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS* settings) -{ - (void)opts; - (void)settings; - return wolfSSL_library_init(); -} - -#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) - -int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, - unsigned char* passwd, int passwdSz, byte **cipherInfo, - int maxDerSz) -{ - int ret, paddingSz; - word32 idx, cipherInfoSz; -#ifdef WOLFSSL_SMALL_STACK - EncryptedInfo* info = NULL; -#else - EncryptedInfo info[1]; -#endif - - WOLFSSL_ENTER("EncryptDerKey"); - - if (der == NULL || derSz == NULL || cipher == NULL || - passwd == NULL || cipherInfo == NULL) - return BAD_FUNC_ARG; - -#ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_ENCRYPTEDINFO); - if (info == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } -#endif - - XMEMSET(info, 0, sizeof(EncryptedInfo)); - - /* set the cipher name on info */ - XSTRNCPY(info->name, cipher, NAME_SZ-1); - info->name[NAME_SZ-1] = '\0'; /* null term */ - - ret = wc_EncryptedInfoGet(info, info->name); - if (ret != 0) { - WOLFSSL_MSG("unsupported cipher"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - return WOLFSSL_FAILURE; - } - - /* Generate a random salt */ - if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("generate iv failed"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); -#endif - return WOLFSSL_FAILURE; - } - - /* add the padding before encryption */ - paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz); - if (paddingSz == 0) - paddingSz = info->ivSz; - if (maxDerSz < *derSz + paddingSz) { - WOLFSSL_MSG("not enough DER buffer allocated"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); -#endif - return WOLFSSL_FAILURE; - } - XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz); - (*derSz) += paddingSz; - - /* encrypt buffer */ - if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) { - WOLFSSL_MSG("encrypt key failed"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); -#endif - return WOLFSSL_FAILURE; - } - - /* create cipher info : 'cipher_name,Salt(hex)' */ - cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2); - *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL, - DYNAMIC_TYPE_STRING); - if (*cipherInfo == NULL) { - WOLFSSL_MSG("malloc failed"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); -#endif - return WOLFSSL_FAILURE; - } - XSTRLCPY((char*)*cipherInfo, info->name, cipherInfoSz); - XSTRLCAT((char*)*cipherInfo, ",", cipherInfoSz); - - idx = (word32)XSTRLEN((char*)*cipherInfo); - cipherInfoSz -= idx; - ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); -#endif - if (ret != 0) { - WOLFSSL_MSG("Base16_Encode failed"); - XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING); - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ - -#if !defined(NO_BIO) -static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf, - int* derSz) -{ - byte* buf = NULL; - int sz = 0; - - (void)heap; - - if (key == NULL) { - WOLFSSL_MSG("Bad parameters"); - return WOLFSSL_FAILURE; - } - - switch (key->type) { -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: - if ((sz = wolfSSL_RSA_To_Der(key->rsa, &buf, 1, heap)) - < 0) { - WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); - break; - } - break; -#endif /* WOLFSSL_KEY_GEN && !NO_RSA */ -#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ - defined(WOLFSSL_CERT_GEN)) - case EVP_PKEY_DSA: - if (key->dsa == NULL) { - WOLFSSL_MSG("key->dsa is null"); - break; - } - sz = MAX_DSA_PUBKEY_SZ; - buf = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - WOLFSSL_MSG("malloc failed"); - break; - } - /* Key to DER */ - sz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, buf, sz); - if (sz < 0) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - break; - } - break; -#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) - case EVP_PKEY_EC: - { - if (key->ecc == NULL) { - WOLFSSL_MSG("key->ecc is null"); - break; - } - if ((sz = wolfssl_ec_key_to_pubkey_der(key->ecc, &buf, heap)) <= - 0) { - WOLFSSL_MSG("wolfssl_ec_key_to_pubkey_der failed"); - break; - } - break; - } -#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ -#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: - WOLFSSL_MSG("Writing DH PUBKEY not supported!"); - break; -#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ - default: - WOLFSSL_MSG("Unknown Key type!"); - break; - } - - if (buf == NULL || sz <= 0) { - if (buf != NULL) - XFREE(buf, heap, DYNAMIC_TYPE_DER); - return WOLFSSL_FAILURE; - } - - *derBuf = buf; - *derSz = sz; - return WOLFSSL_SUCCESS; -} -#endif - -#ifndef NO_BIO -static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) -{ - int ret; - int derSz = 0; - byte* derBuf = NULL; - - ret = pem_write_pubkey(key, bio->heap, &derBuf, &derSz); - if (ret == WOLFSSL_SUCCESS) { - ret = der_write_to_bio_as_pem(derBuf, derSz, bio, PUBLICKEY_TYPE); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); - } - - return ret; -} - -/* Takes a public key and writes it out to a WOLFSSL_BIO - * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE - */ -int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY"); - - if ((bio == NULL) || (key == NULL)) { - ret = WOLFSSL_FAILURE; - } - else { - ret = pem_write_bio_pubkey(bio, key); - } - - return ret; -} - -/* Takes a private key and writes it out to a WOLFSSL_BIO - * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE - */ -int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, - const WOLFSSL_EVP_CIPHER* cipher, - unsigned char* passwd, int len, - wc_pem_password_cb* cb, void* arg) -{ - byte* keyDer; - int type; - - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); - - if (bio == NULL || key == NULL) { - WOLFSSL_MSG("Bad Function Arguments"); - return WOLFSSL_FAILURE; - } - - keyDer = (byte*)key->pkey.ptr; - - switch (key->type) { -#ifndef NO_RSA - case EVP_PKEY_RSA: - type = PRIVATEKEY_TYPE; - break; -#endif - -#ifndef NO_DSA - case EVP_PKEY_DSA: - type = DSA_PRIVATEKEY_TYPE; - break; -#endif - -#ifdef HAVE_ECC - case EVP_PKEY_EC: - type = ECC_PRIVATEKEY_TYPE; - break; -#endif - -#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: - type = DH_PRIVATEKEY_TYPE; - break; -#endif - - default: - WOLFSSL_MSG("Unknown Key type!"); - type = PRIVATEKEY_TYPE; - } - - return der_write_to_bio_as_pem(keyDer, key->pkey_sz, bio, type); -} -#endif /* !NO_BIO */ - -/* Colon separated list of + algorithms. - * Replaces list in context. - */ -int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, const char* list) -{ - WOLFSSL_MSG("wolfSSL_CTX_set1_sigalg_list"); - - if (ctx == NULL || list == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - if (AllocateCtxSuites(ctx) != 0) - return WOLFSSL_FAILURE; - - return SetSuitesHashSigAlgo(ctx->suites, list); -} - -/* Colon separated list of + algorithms. - * Replaces list in SSL. - */ -int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list) -{ - WOLFSSL_MSG("wolfSSL_set1_sigalg_list"); - - if (ssl == NULL || list == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - if (AllocateSuites(ssl) != 0) - return WOLFSSL_FAILURE; - - return SetSuitesHashSigAlgo(ssl->suites, list); -} - -static int HashToNid(byte hashAlgo, int* nid) -{ - int ret = WOLFSSL_SUCCESS; - - /* Cast for compiler to check everything is implemented */ - switch ((enum wc_MACAlgorithm)hashAlgo) { - case no_mac: - case rmd_mac: - *nid = NID_undef; - break; - case md5_mac: - *nid = NID_md5; - break; - case sha_mac: - *nid = NID_sha1; - break; - case sha224_mac: - *nid = NID_sha224; - break; - case sha256_mac: - *nid = NID_sha256; - break; - case sha384_mac: - *nid = NID_sha384; - break; - case sha512_mac: - *nid = NID_sha512; - break; - case blake2b_mac: - *nid = NID_blake2b512; - break; - case sm3_mac: - *nid = NID_sm3; - break; - default: - ret = WOLFSSL_FAILURE; - break; - } - - return ret; -} - -static int SaToNid(byte sa, int* nid) -{ - int ret = WOLFSSL_SUCCESS; - /* Cast for compiler to check everything is implemented */ - switch ((enum SignatureAlgorithm)sa) { - case anonymous_sa_algo: - *nid = NID_undef; - break; - case rsa_sa_algo: - *nid = NID_rsaEncryption; - break; - case dsa_sa_algo: - *nid = NID_dsa; - break; - case ecc_dsa_sa_algo: - *nid = NID_X9_62_id_ecPublicKey; - break; - case rsa_pss_sa_algo: - *nid = NID_rsassaPss; - break; - case ed25519_sa_algo: -#ifdef HAVE_ED25519 - *nid = NID_ED25519; -#else - ret = WOLFSSL_FAILURE; -#endif - break; - case rsa_pss_pss_algo: - *nid = NID_rsassaPss; - break; - case ed448_sa_algo: -#ifdef HAVE_ED448 - *nid = NID_ED448; -#else - ret = WOLFSSL_FAILURE; -#endif - break; - case falcon_level1_sa_algo: - *nid = CTC_FALCON_LEVEL1; - break; - case falcon_level5_sa_algo: - *nid = CTC_FALCON_LEVEL5; - break; - case dilithium_level2_sa_algo: - *nid = CTC_DILITHIUM_LEVEL2; - break; - case dilithium_level3_sa_algo: - *nid = CTC_DILITHIUM_LEVEL3; - break; - case dilithium_level5_sa_algo: - *nid = CTC_DILITHIUM_LEVEL5; - break; - case sm2_sa_algo: - *nid = NID_sm2; - break; - case invalid_sa_algo: - default: - ret = WOLFSSL_FAILURE; - break; - } - return ret; -} - -/* This API returns the hash selected. */ -int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid) -{ - WOLFSSL_MSG("wolfSSL_get_signature_nid"); - - if (ssl == NULL || nid == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - return HashToNid(ssl->options.hashAlgo, nid); -} - -/* This API returns the signature selected. */ -int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid) -{ - WOLFSSL_MSG("wolfSSL_get_signature_type_nid"); - - if (ssl == NULL || nid == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - return SaToNid(ssl->options.sigAlgo, nid); -} - -int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid) -{ - WOLFSSL_MSG("wolfSSL_get_peer_signature_nid"); - - if (ssl == NULL || nid == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - return HashToNid(ssl->options.peerHashAlgo, nid); -} - -int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid) -{ - WOLFSSL_MSG("wolfSSL_get_peer_signature_type_nid"); - - if (ssl == NULL || nid == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - - return SaToNid(ssl->options.peerSigAlgo, nid); -} - -#ifdef HAVE_ECC - -#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) -static int populate_groups(int* groups, int max_count, const char *list) -{ - const char *end; - int count = 0; - const WOLF_EC_NIST_NAME* nist_name; - - if (!groups || !list) { - return -1; - } - - for (end = list; ; list = ++end) { - int len; - - if (count > max_count) { - WOLFSSL_MSG("Too many curves in list"); - return -1; - } - while (*end != ':' && *end != '\0') end++; - len = (int)(end - list); /* end points to char after end - * of curve name so no need for -1 */ - if ((len < kNistCurves_MIN_NAME_LEN) || - (len > kNistCurves_MAX_NAME_LEN)) { - WOLFSSL_MSG("Unrecognized curve name in list"); - return -1; - } - for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { - if (len == nist_name->name_len && - XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) { - break; - } - } - if (!nist_name->name) { - WOLFSSL_MSG("Unrecognized curve name in list"); - return -1; - } - groups[count++] = nist_name->nid; - if (*end == '\0') break; - } - - return count; -} - -int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list) -{ - int groups[WOLFSSL_MAX_GROUP_COUNT]; - int count = 0; - - if (!ctx || !list) { - return WOLFSSL_FAILURE; - } - - if ((count = populate_groups(groups, - WOLFSSL_MAX_GROUP_COUNT, list)) == -1) { - return WOLFSSL_FAILURE; - } - - return wolfSSL_CTX_set1_groups(ctx, groups, count); -} - -int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list) -{ - int groups[WOLFSSL_MAX_GROUP_COUNT]; - int count = 0; - - if (!ssl || !list) { - return WOLFSSL_FAILURE; - } - - if ((count = populate_groups(groups, - WOLFSSL_MAX_GROUP_COUNT, list)) == -1) { - return WOLFSSL_FAILURE; - } - - return wolfSSL_set1_groups(ssl, groups, count); -} -#endif /* WOLFSSL_TLS13 */ - -#endif /* HAVE_ECC */ - -#ifndef NO_BIO -WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** key, - wc_pem_password_cb* cb, - void* pass) -{ - WOLFSSL_EVP_PKEY* pkey = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); - - if (bio == NULL) - return pkey; - - if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat, &der) - >= 0) { - const unsigned char* ptr = der->buffer; - int type = -1; - - if (keyFormat) { - /* keyFormat is Key_Sum enum */ - if (keyFormat == RSAk) - type = EVP_PKEY_RSA; - else if (keyFormat == ECDSAk) - type = EVP_PKEY_EC; - else if (keyFormat == DSAk) - type = EVP_PKEY_DSA; - else if (keyFormat == DHk) - type = EVP_PKEY_DH; - } - else { - /* Default to RSA if format is not set */ - type = EVP_PKEY_RSA; - } - - /* handle case where reuse is attempted */ - if (key != NULL && *key != NULL) - pkey = *key; - - wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length); - if (pkey == NULL) { - WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); - } - } - - FreeDer(&der); - - if (key != NULL && pkey != NULL) - *key = pkey; - - WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0); - - return pkey; -} - -WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY **key, - wc_pem_password_cb *cb, - void *pass) -{ - WOLFSSL_EVP_PKEY* pkey = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY"); - - if (bio == NULL) - return pkey; - - if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der) - >= 0) { - const unsigned char* ptr = der->buffer; - - /* handle case where reuse is attempted */ - if (key != NULL && *key != NULL) - pkey = *key; - - wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length); - if (pkey == NULL) { - WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); - } - } - - FreeDer(&der); - - if (key != NULL && pkey != NULL) - *key = pkey; - - WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0); - - return pkey; -} -#endif /* !NO_BIO */ - -#if !defined(NO_FILESYSTEM) -WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **key, - wc_pem_password_cb *cb, void *pass) -{ - WOLFSSL_EVP_PKEY* pkey = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_PUBKEY"); - - if ((pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der) - >= 0) && (der != NULL)) { - const unsigned char* ptr = der->buffer; - - /* handle case where reuse is attempted */ - if ((key != NULL) && (*key != NULL)) { - pkey = *key; - } - - if ((wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) || - (pkey == NULL)) { - WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); - pkey = NULL; - } - } - - FreeDer(&der); - - if ((key != NULL) && (pkey != NULL)) { - *key = pkey; - } - - WOLFSSL_LEAVE("wolfSSL_PEM_read_PUBKEY", 0); - - return pkey; -} -#endif /* NO_FILESYSTEM */ -#endif /* OPENSSL_EXTRA */ - -#ifdef WOLFSSL_ALT_CERT_CHAINS -int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl) -{ - int isUsing = 0; - if (ssl) - isUsing = ssl->options.usingAltCertChain; - return isUsing; -} -#endif /* WOLFSSL_ALT_CERT_CHAINS */ - - -#ifdef SESSION_CERTS - -#ifdef WOLFSSL_ALT_CERT_CHAINS -/* Get peer's alternate certificate chain */ -WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_peer_alt_chain"); - if (ssl) - return &ssl->session->altChain; - - return 0; -} -#endif /* WOLFSSL_ALT_CERT_CHAINS */ - - -/* Get peer's certificate chain */ -WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_peer_chain"); - if (ssl) - return &ssl->session->chain; - - return 0; -} - - -/* Get peer's certificate chain total count */ -int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain) -{ - WOLFSSL_ENTER("wolfSSL_get_chain_count"); - if (chain) - return chain->count; - - return 0; -} - - -/* Get peer's ASN.1 DER certificate at index (idx) length in bytes */ -int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx) -{ - WOLFSSL_ENTER("wolfSSL_get_chain_length"); - if (chain) - return chain->certs[idx].length; - - return 0; -} - - -/* Get peer's ASN.1 DER certificate at index (idx) */ -byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx) -{ - WOLFSSL_ENTER("wolfSSL_get_chain_cert"); - if (chain) - return chain->certs[idx].buffer; - - return 0; -} - - -/* Get peer's wolfSSL X509 certificate at index (idx) */ -WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) -{ - int ret = 0; - WOLFSSL_X509* x509 = NULL; -#ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; -#else - DecodedCert cert[1]; -#endif - - WOLFSSL_ENTER("wolfSSL_get_chain_X509"); - if (chain != NULL) { - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_DCERT); - if (cert != NULL) - #endif - { - InitDecodedCert(cert, chain->certs[idx].buffer, - chain->certs[idx].length, NULL); - - if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) { - WOLFSSL_MSG("Failed to parse cert"); - } - else { - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, - DYNAMIC_TYPE_X509); - if (x509 == NULL) { - WOLFSSL_MSG("Failed alloc X509"); - } - else { - InitX509(x509, 1, NULL); - - if ((ret = CopyDecodedToX509(x509, cert)) != 0) { - WOLFSSL_MSG("Failed to copy decoded"); - wolfSSL_X509_free(x509); - x509 = NULL; - } - } - } - - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); - #endif - } - } - (void)ret; - - return x509; -} - - -/* Get peer's PEM certificate at index (idx), output to buffer if inLen big - enough else return error (-1). If buffer is NULL only calculate - outLen. Output length is in *outLen WOLFSSL_SUCCESS on ok */ -int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, - unsigned char* buf, int inLen, int* outLen) -{ -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - const char* header = NULL; - const char* footer = NULL; - int headerLen; - int footerLen; - int i; - int err; - word32 szNeeded = 0; - - WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem"); - if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain)) - return BAD_FUNC_ARG; - - err = wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer); - if (err != 0) - return err; - - headerLen = (int)XSTRLEN(header); - footerLen = (int)XSTRLEN(footer); - - /* Null output buffer return size needed in outLen */ - if(!buf) { - if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length, - NULL, &szNeeded) != LENGTH_ONLY_E) - return WOLFSSL_FAILURE; - *outLen = szNeeded + headerLen + footerLen; - return LENGTH_ONLY_E; - } - - /* don't even try if inLen too short */ - if (inLen < headerLen + footerLen + chain->certs[idx].length) - return BAD_FUNC_ARG; - - /* header */ - if (XMEMCPY(buf, header, headerLen) == NULL) - return WOLFSSL_FATAL_ERROR; - - i = headerLen; - - /* body */ - *outLen = inLen; /* input to Base64_Encode */ - if ( (err = Base64_Encode(chain->certs[idx].buffer, - chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) - return err; - i += *outLen; - - /* footer */ - if ( (i + footerLen) > inLen) - return BAD_FUNC_ARG; - if (XMEMCPY(buf + i, footer, footerLen) == NULL) - return WOLFSSL_FATAL_ERROR; - *outLen += headerLen + footerLen; - - return WOLFSSL_SUCCESS; -#else - (void)chain; - (void)idx; - (void)buf; - (void)inLen; - (void)outLen; - return WOLFSSL_FAILURE; -#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ -} - - -/* get session ID */ -WOLFSSL_ABI -const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session) -{ - WOLFSSL_ENTER("wolfSSL_get_sessionID"); - session = ClientSessionToSession(session); - if (session) - return session->sessionID; - - return NULL; -} - - -#endif /* SESSION_CERTS */ - -#ifdef HAVE_FUZZER -void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx) -{ - if (ssl) { - ssl->fuzzerCb = cbf; - ssl->fuzzerCtx = fCtx; - } -} -#endif - -#ifndef NO_CERTS -#ifdef HAVE_PK_CALLBACKS - -#ifdef HAVE_ECC -void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb) -{ - if (ctx) - ctx->EccKeyGenCb = cb; -} -void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccKeyGenCtx = ctx; -} -void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccKeyGenCtx; - - return NULL; -} -void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) -{ - if (ctx) - ctx->EccSignCtx = userCtx; -} -void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) -{ - if (ctx) - return ctx->EccSignCtx; - - return NULL; -} - -WOLFSSL_ABI -void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) -{ - if (ctx) - ctx->EccSignCb = cb; -} -void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccSignCtx = ctx; -} -void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccSignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb) -{ - if (ctx) - ctx->EccVerifyCb = cb; -} -void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccVerifyCtx = ctx; -} -void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccVerifyCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb) -{ - if (ctx) - ctx->EccSharedSecretCb = cb; -} -void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccSharedSecretCtx = ctx; -} -void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccSharedSecretCtx; - - return NULL; -} -#endif /* HAVE_ECC */ - -#ifdef HAVE_ED25519 -void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb) -{ - if (ctx) - ctx->Ed25519SignCb = cb; -} -void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed25519SignCtx = ctx; -} -void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed25519SignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb) -{ - if (ctx) - ctx->Ed25519VerifyCb = cb; -} -void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed25519VerifyCtx = ctx; -} -void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed25519VerifyCtx; - - return NULL; -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE25519 -void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, - CallbackX25519KeyGen cb) -{ - if (ctx) - ctx->X25519KeyGenCb = cb; -} -void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X25519KeyGenCtx = ctx; -} -void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X25519KeyGenCtx; - - return NULL; -} - -void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, - CallbackX25519SharedSecret cb) -{ - if (ctx) - ctx->X25519SharedSecretCb = cb; -} -void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X25519SharedSecretCtx = ctx; -} -void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X25519SharedSecretCtx; - - return NULL; -} -#endif /* HAVE_CURVE25519 */ - -#ifdef HAVE_ED448 -void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb) -{ - if (ctx) - ctx->Ed448SignCb = cb; -} -void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed448SignCtx = ctx; -} -void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed448SignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb) -{ - if (ctx) - ctx->Ed448VerifyCb = cb; -} -void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed448VerifyCtx = ctx; -} -void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed448VerifyCtx; - - return NULL; -} -#endif /* HAVE_ED448 */ - -#ifdef HAVE_CURVE448 -void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx, - CallbackX448KeyGen cb) -{ - if (ctx) - ctx->X448KeyGenCb = cb; -} -void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X448KeyGenCtx = ctx; -} -void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X448KeyGenCtx; - - return NULL; -} - -void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx, - CallbackX448SharedSecret cb) -{ - if (ctx) - ctx->X448SharedSecretCb = cb; -} -void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X448SharedSecretCtx = ctx; -} -void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X448SharedSecretCtx; - - return NULL; -} -#endif /* HAVE_CURVE448 */ - -#ifndef NO_RSA -void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb) -{ - if (ctx) - ctx->RsaSignCb = cb; -} -void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) -{ - if (ctx) - ctx->RsaSignCheckCb = cb; -} -void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaSignCtx = ctx; -} -void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaSignCtx; - - return NULL; -} - - -void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) -{ - if (ctx) - ctx->RsaVerifyCb = cb; -} -void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaVerifyCtx = ctx; -} -void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaVerifyCtx; - - return NULL; -} - -#ifdef WC_RSA_PSS -void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb) -{ - if (ctx) - ctx->RsaPssSignCb = cb; -} -void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) -{ - if (ctx) - ctx->RsaPssSignCheckCb = cb; -} -void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaPssSignCtx = ctx; -} -void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaPssSignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) -{ - if (ctx) - ctx->RsaPssVerifyCb = cb; -} -void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaPssVerifyCtx = ctx; -} -void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaPssVerifyCtx; - - return NULL; -} -#endif /* WC_RSA_PSS */ - -void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb) -{ - if (ctx) - ctx->RsaEncCb = cb; -} -void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaEncCtx = ctx; -} -void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaEncCtx; - - return NULL; -} - -void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb) -{ - if (ctx) - ctx->RsaDecCb = cb; -} -void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaDecCtx = ctx; -} -void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaDecCtx; - - return NULL; -} -#endif /* NO_RSA */ - -/* callback for premaster secret generation */ -void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, CallbackGenPreMaster cb) -{ - if (ctx) - ctx->GenPreMasterCb = cb; -} -/* Set premaster secret generation callback context */ -void wolfSSL_SetGenPreMasterCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->GenPreMasterCtx = ctx; -} -/* Get premaster secret generation callback context */ -void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->GenPreMasterCtx; - - return NULL; -} - -/* callback for master secret generation */ -void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, CallbackGenMasterSecret cb) -{ - if (ctx) - ctx->GenMasterCb = cb; -} -/* Set master secret generation callback context */ -void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->GenMasterCtx = ctx; -} -/* Get master secret generation callback context */ -void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->GenMasterCtx; - - return NULL; -} - -/* callback for session key generation */ -void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) -{ - if (ctx) - ctx->GenSessionKeyCb = cb; -} -/* Set session key generation callback context */ -void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->GenSessionKeyCtx = ctx; -} -/* Get session key generation callback context */ -void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->GenSessionKeyCtx; - - return NULL; -} - -/* callback for setting encryption keys */ -void wolfSSL_CTX_SetEncryptKeysCb(WOLFSSL_CTX* ctx, CallbackEncryptKeys cb) -{ - if (ctx) - ctx->EncryptKeysCb = cb; -} -/* Set encryption keys callback context */ -void wolfSSL_SetEncryptKeysCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EncryptKeysCtx = ctx; -} -/* Get encryption keys callback context */ -void* wolfSSL_GetEncryptKeysCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EncryptKeysCtx; - - return NULL; -} - -/* callback for Tls finished */ -/* the callback can be used to build TLS Finished message if enabled */ -void wolfSSL_CTX_SetTlsFinishedCb(WOLFSSL_CTX* ctx, CallbackTlsFinished cb) -{ - if (ctx) - ctx->TlsFinishedCb = cb; -} -/* Set Tls finished callback context */ -void wolfSSL_SetTlsFinishedCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->TlsFinishedCtx = ctx; -} -/* Get Tls finished callback context */ -void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->TlsFinishedCtx; - - return NULL; -} -#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) -/* callback for verify data */ -void wolfSSL_CTX_SetVerifyMacCb(WOLFSSL_CTX* ctx, CallbackVerifyMac cb) -{ - if (ctx) - ctx->VerifyMacCb = cb; -} - -/* Set set keys callback context */ -void wolfSSL_SetVerifyMacCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->VerifyMacCtx = ctx; -} -/* Get set keys callback context */ -void* wolfSSL_GetVerifyMacCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->VerifyMacCtx; - - return NULL; -} -#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ - -void wolfSSL_CTX_SetHKDFExpandLabelCb(WOLFSSL_CTX* ctx, - CallbackHKDFExpandLabel cb) -{ - if (ctx) - ctx->HKDFExpandLabelCb = cb; -} -#ifdef WOLFSSL_PUBLIC_ASN -void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, - CallbackProcessPeerCert cb) -{ - if (ctx) - ctx->ProcessPeerCertCb = cb; -} -#endif /* WOLFSSL_PUBLIC_ASN */ -void wolfSSL_CTX_SetProcessServerSigKexCb(WOLFSSL_CTX* ctx, - CallbackProcessServerSigKex cb) -{ - if (ctx) - ctx->ProcessServerSigKexCb = cb; -} -void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, - CallbackPerformTlsRecordProcessing cb) -{ - if (ctx) - ctx->PerformTlsRecordProcessingCb = cb; -} -#endif /* HAVE_PK_CALLBACKS */ -#endif /* NO_CERTS */ - -#if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH) -void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx, - CallbackDhGenerateKeyPair cb) { - if (ctx) - ctx->DhGenerateKeyPairCb = cb; -} -void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb) -{ - if (ctx) - ctx->DhAgreeCb = cb; -} -void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->DhAgreeCtx = ctx; -} -void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->DhAgreeCtx; - - return NULL; -} -#endif /* HAVE_PK_CALLBACKS && !NO_DH */ - -#if defined(HAVE_PK_CALLBACKS) && defined(HAVE_HKDF) - -void wolfSSL_CTX_SetHKDFExtractCb(WOLFSSL_CTX* ctx, CallbackHKDFExtract cb) -{ - if (ctx) - ctx->HkdfExtractCb = cb; -} - -void wolfSSL_SetHKDFExtractCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->HkdfExtractCtx = ctx; -} - -void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->HkdfExtractCtx; - - return NULL; -} -#endif /* HAVE_PK_CALLBACKS && HAVE_HKDF */ - -#ifdef WOLFSSL_HAVE_WOLFSCEP - /* Used by autoconf to see if wolfSCEP is available */ - void wolfSSL_wolfSCEP(void) {} -#endif - - -#ifdef WOLFSSL_HAVE_CERT_SERVICE - /* Used by autoconf to see if cert service is available */ - void wolfSSL_cert_service(void) {} -#endif - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) -#ifndef NO_CERTS - -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) -#if !defined(NO_FILESYSTEM) - WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, - WOLFSSL_EVP_PKEY **key, wc_pem_password_cb *cb, void *pass) - { - WOLFSSL_EVP_PKEY* pkey = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey"); - - if (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, &keyFormat, - &der) >= 0) { - const unsigned char* ptr = der->buffer; - int type = -1; - - if (keyFormat) { - /* keyFormat is Key_Sum enum */ - if (keyFormat == RSAk) - type = EVP_PKEY_RSA; - else if (keyFormat == ECDSAk) - type = EVP_PKEY_EC; - else if (keyFormat == DSAk) - type = EVP_PKEY_DSA; - else if (keyFormat == DHk) - type = EVP_PKEY_DH; - } - else { - /* Default to RSA if format is not set */ - type = EVP_PKEY_RSA; - } - - /* handle case where reuse is attempted */ - if (key != NULL && *key != NULL) - pkey = *key; - - wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length); - if (pkey == NULL) { - WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); - } - } - - FreeDer(&der); - - if (key != NULL && pkey != NULL) - *key = pkey; - - WOLFSSL_LEAVE("wolfSSL_PEM_read_PrivateKey", 0); - - return pkey; - } -#endif -#endif - -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - - #define PEM_BEGIN "-----BEGIN " - #define PEM_BEGIN_SZ 11 - #define PEM_END "-----END " - #define PEM_END_SZ 9 - #define PEM_HDR_FIN "-----" - #define PEM_HDR_FIN_SZ 5 - #define PEM_HDR_FIN_EOL_NEWLINE "-----\n" - #define PEM_HDR_FIN_EOL_NULL_TERM "-----\0" - #define PEM_HDR_FIN_EOL_SZ 6 - -#ifndef NO_BIO - - int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, - unsigned char **data, long *len) - { - int ret = WOLFSSL_SUCCESS; - char pem[256]; - int pemLen; - char* p; - char* nameStr = NULL; - int nameLen = 0; - char* headerStr = NULL; - int headerFound = 0; - unsigned char* der = NULL; - word32 derLen = 0; - - if (bio == NULL || name == NULL || header == NULL || data == NULL || - len == NULL) { - return WOLFSSL_FAILURE; - } - - /* Find header line. */ - pem[sizeof(pem) - 1] = '\0'; - while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { - if (XSTRNCMP(pem, PEM_BEGIN, PEM_BEGIN_SZ) == 0) - break; - } - if (pemLen <= 0) - ret = WOLFSSL_FAILURE; - /* Have a header line. */ - if (ret == WOLFSSL_SUCCESS) { - while (pem[pemLen - 1] == '\r' || pem[pemLen - 1] == '\n') - pemLen--; - pem[pemLen] = '\0'; - if (XSTRNCMP(pem + pemLen - PEM_HDR_FIN_SZ, PEM_HDR_FIN, - PEM_HDR_FIN_SZ) != 0) { - ret = WOLFSSL_FAILURE; - } - } - - /* Get out name. */ - if (ret == WOLFSSL_SUCCESS) { - nameLen = pemLen - PEM_BEGIN_SZ - PEM_HDR_FIN_SZ; - nameStr = (char*)XMALLOC(nameLen + 1, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (nameStr == NULL) - ret = WOLFSSL_FAILURE; - } - if (ret == WOLFSSL_SUCCESS) { - int headerLen; - - XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen); - nameStr[nameLen] = '\0'; - - /* Get header of PEM - encryption header. */ - headerLen = 0; - while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { - while (pemLen > 0 && (pem[pemLen - 1] == '\r' || - pem[pemLen - 1] == '\n')) { - pemLen--; - } - pem[pemLen++] = '\n'; - pem[pemLen] = '\0'; - - /* Header separator is a blank line. */ - if (pem[0] == '\n') { - headerFound = 1; - break; - } - - /* Didn't find a blank line - no header. */ - if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) { - der = (unsigned char*)headerStr; - derLen = headerLen; - /* Empty header - empty string. */ - headerStr = (char*)XMALLOC(1, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (headerStr == NULL) - ret = WOLFSSL_FAILURE; - else - headerStr[0] = '\0'; - break; - } - - p = (char*)XREALLOC(headerStr, headerLen + pemLen + 1, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (p == NULL) { - ret = WOLFSSL_FAILURE; - break; - } - - headerStr = p; - XMEMCPY(headerStr + headerLen, pem, pemLen + 1); - headerLen += pemLen; - } - if (pemLen <= 0) - ret = WOLFSSL_FAILURE; - } - - /* Get body of PEM - if there was a header */ - if (ret == WOLFSSL_SUCCESS && headerFound) { - derLen = 0; - while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { - while (pemLen > 0 && (pem[pemLen - 1] == '\r' || - pem[pemLen - 1] == '\n')) { - pemLen--; - } - pem[pemLen++] = '\n'; - pem[pemLen] = '\0'; - - if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) - break; - - p = (char*)XREALLOC(der, derLen + pemLen + 1, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (p == NULL) { - ret = WOLFSSL_FAILURE; - break; - } - - der = (unsigned char*)p; - XMEMCPY(der + derLen, pem, pemLen + 1); - derLen += pemLen; - } - if (pemLen <= 0) - ret = WOLFSSL_FAILURE; - } - - /* Check trailer. */ - if (ret == WOLFSSL_SUCCESS) { - if (XSTRNCMP(pem + PEM_END_SZ, nameStr, nameLen) != 0) - ret = WOLFSSL_FAILURE; - } - if (ret == WOLFSSL_SUCCESS) { - if (XSTRNCMP(pem + PEM_END_SZ + nameLen, - PEM_HDR_FIN_EOL_NEWLINE, - PEM_HDR_FIN_EOL_SZ) != 0 && - XSTRNCMP(pem + PEM_END_SZ + nameLen, - PEM_HDR_FIN_EOL_NULL_TERM, - PEM_HDR_FIN_EOL_SZ) != 0) { - ret = WOLFSSL_FAILURE; - } - } - - /* Base64 decode body. */ - if (ret == WOLFSSL_SUCCESS) { - if (Base64_Decode(der, derLen, der, &derLen) != 0) - ret = WOLFSSL_FAILURE; - } - - if (ret == WOLFSSL_SUCCESS) { - *name = nameStr; - *header = headerStr; - *data = der; - *len = derLen; - nameStr = NULL; - headerStr = NULL; - der = NULL; - } - - if (nameStr != NULL) - XFREE(nameStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (headerStr != NULL) - XFREE(headerStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der != NULL) - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; - } - - int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, - const char *header, const unsigned char *data, - long len) - { - int err = 0; - int outSz = 0; - int nameLen; - int headerLen; - byte* pem = NULL; - word32 pemLen; - word32 derLen = (word32)len; - - if (bio == NULL || name == NULL || header == NULL || data == NULL) - return 0; - - nameLen = (int)XSTRLEN(name); - headerLen = (int)XSTRLEN(header); - - pemLen = (derLen + 2) / 3 * 4; - pemLen += (pemLen + 63) / 64; - - pem = (byte*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - err = pem == NULL; - if (!err) - err = Base64_Encode(data, derLen, pem, &pemLen) != 0; - - if (!err) { - err = wolfSSL_BIO_write(bio, PEM_BEGIN, PEM_BEGIN_SZ) != - (int)PEM_BEGIN_SZ; - } - if (!err) - err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; - if (!err) { - err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE, - PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ; - } - if (!err && headerLen > 0) { - err = wolfSSL_BIO_write(bio, header, headerLen) != headerLen; - /* Blank line after a header and before body. */ - if (!err) - err = wolfSSL_BIO_write(bio, "\n", 1) != 1; - headerLen++; - } - if (!err) - err = wolfSSL_BIO_write(bio, pem, pemLen) != (int)pemLen; - if (!err) - err = wolfSSL_BIO_write(bio, PEM_END, PEM_END_SZ) != - (int)PEM_END_SZ; - if (!err) - err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; - if (!err) { - err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE, - PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ; - } - - if (!err) { - outSz = PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ + headerLen + - pemLen + PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; - } - - if (pem != NULL) - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return outSz; - } - -#if !defined(NO_FILESYSTEM) - int wolfSSL_PEM_read(XFILE fp, char **name, char **header, - unsigned char **data, long *len) - { - int ret; - WOLFSSL_BIO* bio; - - if (name == NULL || header == NULL || data == NULL || len == NULL) - return WOLFSSL_FAILURE; - - bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); - if (bio == NULL) - return 0; - - ret = wolfSSL_PEM_read_bio(bio, name, header, data, len); - - if (bio != NULL) - wolfSSL_BIO_free(bio); - - return ret; - } - - int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, - const unsigned char *data, long len) - { - int ret; - WOLFSSL_BIO* bio; - - if (name == NULL || header == NULL || data == NULL) - return 0; - - bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); - if (bio == NULL) - return 0; - - ret = wolfSSL_PEM_write_bio(bio, name, header, data, len); - - if (bio != NULL) - wolfSSL_BIO_free(bio); - - return ret; - } -#endif -#endif /* !NO_BIO */ - - int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header, - EncryptedInfo* cipher) - { - if (header == NULL || cipher == NULL) - return WOLFSSL_FAILURE; - - XMEMSET(cipher, 0, sizeof(*cipher)); - - if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0) - return WOLFSSL_FAILURE; - - return WOLFSSL_SUCCESS; - } - - int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, - long* len, wc_pem_password_cb* callback, - void* ctx) - { - int ret = WOLFSSL_SUCCESS; - char password[NAME_SZ]; - int passwordSz; - - if (cipher == NULL || data == NULL || len == NULL || callback == NULL) - return WOLFSSL_FAILURE; - - passwordSz = callback(password, sizeof(password), PEM_PASS_READ, ctx); - if (passwordSz < 0) - ret = WOLFSSL_FAILURE; - - if (ret == WOLFSSL_SUCCESS) { - if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password, - passwordSz, WC_MD5) != 0) { - ret = WOLFSSL_FAILURE; - } - } - - if (passwordSz > 0) - XMEMSET(password, 0, passwordSz); - - return ret; - } - -#ifndef NO_BIO - /* - * bp : bio to read X509 from - * x : x509 to write to - * cb : password call back for reading PEM - * u : password - * _AUX is for working with a trusted X509 certificate - */ - WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, - WOLFSSL_X509 **x, wc_pem_password_cb *cb, - void *u) - { - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); - - /* AUX info is; trusted/rejected uses, friendly name, private key id, - * and potentially a stack of "other" info. wolfSSL does not store - * friendly name or private key id yet in WOLFSSL_X509 for human - * readability and does not support extra trusted/rejected uses for - * root CA. */ - return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); - } -#endif /* !NO_BIO */ - - -#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ -#endif /* !NO_CERTS */ - - /* NID variables are dependent on compatibility header files currently - * - * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL - * on fail - */ - - WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id) - { - return wolfSSL_OBJ_nid2obj_ex(id, NULL); - } - - - WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, - WOLFSSL_ASN1_OBJECT* arg_obj) - { - word32 oidSz = 0; - int nid = 0; - const byte* oid; - word32 type = 0; - WOLFSSL_ASN1_OBJECT* obj = arg_obj; - byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */ - word32 objSz = 0; - const char* sName = NULL; - int i; - -#ifdef WOLFSSL_DEBUG_OPENSSL - WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj"); -#endif - - for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { - if (wolfssl_object_info[i].nid == id) { - nid = id; - id = wolfssl_object_info[i].id; - sName = wolfssl_object_info[i].sName; - type = wolfssl_object_info[i].type; - break; - } - } - if (i == (int)WOLFSSL_OBJECT_INFO_SZ) { - WOLFSSL_MSG("NID not in table"); - #ifdef WOLFSSL_QT - sName = NULL; - type = id; - #else - return NULL; - #endif - } - - #ifdef HAVE_ECC - if (type == 0 && wc_ecc_get_oid(id, &oid, &oidSz) > 0) { - type = oidCurveType; - } - #endif /* HAVE_ECC */ - - if (sName != NULL) { - if (XSTRLEN(sName) > WOLFSSL_MAX_SNAME - 1) { - WOLFSSL_MSG("Attempted short name is too large"); - return NULL; - } - } - - oid = OidFromId(id, type, &oidSz); - - /* set object ID to buffer */ - if (obj == NULL){ - obj = wolfSSL_ASN1_OBJECT_new(); - if (obj == NULL) { - WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); - return NULL; - } - } - obj->nid = nid; - obj->type = id; - obj->grp = type; - - obj->sName[0] = '\0'; - if (sName != NULL) { - XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName)); - } - - objBuf[0] = ASN_OBJECT_ID; objSz++; - objSz += SetLength(oidSz, objBuf + 1); - if (oidSz) { - XMEMCPY(objBuf + objSz, oid, oidSz); - objSz += oidSz; - } - - if (obj->objSz == 0 || objSz != obj->objSz) { - obj->objSz = objSz; - if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || - (obj->obj == NULL)) { - if (obj->obj != NULL) - XFREE((byte*)obj->obj, NULL, DYNAMIC_TYPE_ASN1); - obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); - if (obj->obj == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); - return NULL; - } - obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; - } - else { - obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; - } - } - XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); - - (void)type; - - return obj; - } - - static const char* oid_translate_num_to_str(const char* oid) - { - const struct oid_dict { - const char* num; - const char* desc; - } oid_dict[] = { - { "2.5.29.37.0", "Any Extended Key Usage" }, - { "1.3.6.1.5.5.7.3.1", "TLS Web Server Authentication" }, - { "1.3.6.1.5.5.7.3.2", "TLS Web Client Authentication" }, - { "1.3.6.1.5.5.7.3.3", "Code Signing" }, - { "1.3.6.1.5.5.7.3.4", "E-mail Protection" }, - { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, - { "1.3.6.1.5.5.7.3.9", "OCSP Signing" }, - { NULL, NULL } - }; - const struct oid_dict* idx; - - for (idx = oid_dict; idx->num != NULL; idx++) { - if (!XSTRCMP(oid, idx->num)) { - return idx->desc; - } - } - return NULL; - } - - static int wolfssl_obj2txt_numeric(char *buf, int bufLen, - const WOLFSSL_ASN1_OBJECT *a) - { - int bufSz; - int length; - word32 idx = 0; - byte tag; - - if (GetASNTag(a->obj, &idx, &tag, a->objSz) != 0) { - return WOLFSSL_FAILURE; - } - - if (tag != ASN_OBJECT_ID) { - WOLFSSL_MSG("Bad ASN1 Object"); - return WOLFSSL_FAILURE; - } - - if (GetLength((const byte*)a->obj, &idx, &length, - a->objSz) < 0 || length < 0) { - return ASN_PARSE_E; - } - - if (bufLen < MAX_OID_STRING_SZ) { - bufSz = bufLen - 1; - } - else { - bufSz = MAX_OID_STRING_SZ; - } - - if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx, - (word32)length)) <= 0) { - WOLFSSL_MSG("Error decoding OID"); - return WOLFSSL_FAILURE; - } - - buf[bufSz] = '\0'; - - return bufSz; - } - - /* If no_name is one then use numerical form, otherwise short name. - * - * Returns the buffer size on success, WOLFSSL_FAILURE on error - */ - int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, const WOLFSSL_ASN1_OBJECT *a, - int no_name) - { - int bufSz; - const char* desc; - const char* name; - - WOLFSSL_ENTER("wolfSSL_OBJ_obj2txt"); - - if (buf == NULL || bufLen <= 1 || a == NULL) { - WOLFSSL_MSG("Bad input argument"); - return WOLFSSL_FAILURE; - } - - if (no_name == 1) { - return wolfssl_obj2txt_numeric(buf, bufLen, a); - } - - /* return long name unless using x509small, then return short name */ -#if defined(OPENSSL_EXTRA_X509_SMALL) && !defined(OPENSSL_EXTRA) - name = a->sName; -#else - name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a)); -#endif - - if (name == NULL) { - WOLFSSL_MSG("Name not found"); - bufSz = 0; - } - else if (XSTRLEN(name) + 1 < (word32)bufLen - 1) { - bufSz = (int)XSTRLEN(name); - } - else { - bufSz = bufLen - 1; - } - if (bufSz) { - XMEMCPY(buf, name, bufSz); - } - else if (a->type == GEN_DNS || a->type == GEN_EMAIL || - a->type == GEN_URI) { - bufSz = (int)XSTRLEN((const char*)a->obj); - XMEMCPY(buf, a->obj, min(bufSz, bufLen)); - } - else if ((bufSz = wolfssl_obj2txt_numeric(buf, bufLen, a)) > 0) { - if ((desc = oid_translate_num_to_str(buf))) { - bufSz = (int)XSTRLEN(desc); - bufSz = min(bufSz, bufLen - 1); - XMEMCPY(buf, desc, bufSz); - } - } - else { - bufSz = 0; - } - - buf[bufSz] = '\0'; - - return bufSz; - } -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS_SMALL) - /* Returns the long name that corresponds with an ASN1_OBJECT nid value. - * n : NID value of ASN1_OBJECT to search */ - const char* wolfSSL_OBJ_nid2ln(int n) - { - const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; - size_t i; - WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { - if (obj_info->nid == n) { - return obj_info->lName; - } - } - WOLFSSL_MSG("NID not found in table"); - return NULL; - } -#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, - WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY, WOLFSSL_WPAS_SMALL */ - -#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ - defined(WOLFSSL_HAPROXY) - char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) - { - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate"); - if (!ctx || !x || !x->derCert) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - FreeDer(&ctx->certificate); /* Make sure previous is free'd */ - ret = AllocDer(&ctx->certificate, x->derCert->length, CERT_TYPE, - ctx->heap); - if (ret != 0) - return WOLFSSL_FAILURE; - - XMEMCPY(ctx->certificate->buffer, x->derCert->buffer, - x->derCert->length); -#ifdef KEEP_OUR_CERT - if (ctx->ourCert != NULL && ctx->ownOurCert) { - wolfSSL_X509_free(ctx->ourCert); - } - #ifndef WOLFSSL_X509_STORE_CERTS - ctx->ourCert = x; - if (wolfSSL_X509_up_ref(x) != 1) { - return WOLFSSL_FAILURE; - } - #else - ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, - x->derCert->length, ctx->heap); - if(ctx->ourCert == NULL){ - return WOLFSSL_FAILURE; - } - #endif - - /* We own the cert because either we up its reference counter - * or we create our own copy of the cert object. */ - ctx->ownOurCert = 1; -#endif - - /* Update the available options with public keys. */ - switch (x->pubKeyOID) { - #ifndef NO_RSA - #ifdef WC_RSA_PSS - case RSAPSSk: - #endif - case RSAk: - ctx->haveRSA = 1; - break; - #endif - #ifdef HAVE_ED25519 - case ED25519k: - #endif - #ifdef HAVE_ED448 - case ED448k: - #endif - case ECDSAk: - ctx->haveECC = 1; - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) - ctx->pkCurveOID = x->pkCurveOID; - #endif - break; - } - - return WOLFSSL_SUCCESS; - } - - static int PushCertToDerBuffer(DerBuffer** inOutDer, int weOwn, - byte* cert, word32 certSz, void* heap) - { - int ret; - DerBuffer* inChain = NULL; - DerBuffer* der = NULL; - word32 len = 0; - if (inOutDer == NULL) - return BAD_FUNC_ARG; - inChain = *inOutDer; - if (inChain != NULL) - len = inChain->length; - ret = AllocDer(&der, len + CERT_HEADER_SZ + certSz, CERT_TYPE, - heap); - if (ret != 0) { - WOLFSSL_MSG("AllocDer error"); - return ret; - } - if (inChain != NULL) - XMEMCPY(der->buffer, inChain->buffer, len); - c32to24(certSz, der->buffer + len); - XMEMCPY(der->buffer + len + CERT_HEADER_SZ, cert, certSz); - if (weOwn) - FreeDer(inOutDer); - *inOutDer = der; - return WOLFSSL_SUCCESS; - } - - /** - * wolfSSL_CTX_add1_chain_cert makes a copy of the cert so we free it - * on success - */ - int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_CTX_add0_chain_cert"); - if (wolfSSL_CTX_add1_chain_cert(ctx, x509) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - wolfSSL_X509_free(x509); - return WOLFSSL_SUCCESS; - } - - int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) - { - int ret; - WOLFSSL_ENTER("wolfSSL_CTX_add1_chain_cert"); - if (ctx == NULL || x509 == NULL || x509->derCert == NULL) { - return WOLFSSL_FAILURE; - } - - if (ctx->certificate == NULL) - ret = (int)wolfSSL_CTX_use_certificate(ctx, x509); - else { - if (wolfSSL_X509_up_ref(x509) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_up_ref error"); - return WOLFSSL_FAILURE; - } - ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer, - x509->derCert->length, WOLFSSL_FILETYPE_ASN1); - if (ret == WOLFSSL_SUCCESS) { - /* push to ctx->certChain */ - ret = PushCertToDerBuffer(&ctx->certChain, 1, - x509->derCert->buffer, x509->derCert->length, ctx->heap); - } - /* Store cert to free it later */ - if (ret == WOLFSSL_SUCCESS && ctx->x509Chain == NULL) { - ctx->x509Chain = wolfSSL_sk_X509_new_null(); - if (ctx->x509Chain == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_new_null error"); - ret = WOLFSSL_FAILURE; - } - } - if (ret == WOLFSSL_SUCCESS && - wolfSSL_sk_X509_push(ctx->x509Chain, x509) - != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_sk_X509_push error"); - ret = WOLFSSL_FAILURE; - } - if (ret != WOLFSSL_SUCCESS) - wolfSSL_X509_free(x509); /* Decrease ref counter */ - } - - return (ret == WOLFSSL_SUCCESS) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - } - -#ifdef KEEP_OUR_CERT - int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) - { - int ret; - - WOLFSSL_ENTER("wolfSSL_add0_chain_cert"); - - if (ssl == NULL || ssl->ctx == NULL || x509 == NULL || - x509->derCert == NULL) - return WOLFSSL_FAILURE; - - if (ssl->buffers.certificate == NULL) { - ret = wolfSSL_use_certificate(ssl, x509); - /* Store cert to free it later */ - if (ret == WOLFSSL_SUCCESS) { - if (ssl->buffers.weOwnCert) - wolfSSL_X509_free(ssl->ourCert); - ssl->ourCert = x509; - ssl->buffers.weOwnCert = 1; - } - } - else { - ret = PushCertToDerBuffer(&ssl->buffers.certChain, - ssl->buffers.weOwnCertChain, x509->derCert->buffer, - x509->derCert->length, ssl->heap); - if (ret == WOLFSSL_SUCCESS) { - ssl->buffers.weOwnCertChain = 1; - /* Store cert to free it later */ - if (ssl->ourCertChain == NULL) { - ssl->ourCertChain = wolfSSL_sk_X509_new_null(); - if (ssl->ourCertChain == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_new_null error"); - return WOLFSSL_FAILURE; - } - } - if (wolfSSL_sk_X509_push(ssl->ourCertChain, x509) - != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_sk_X509_push error"); - return WOLFSSL_FAILURE; - } - } - } - return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - } - - int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) - { - int ret; - - WOLFSSL_ENTER("wolfSSL_add1_chain_cert"); - if (ssl == NULL || ssl->ctx == NULL || x509 == NULL || - x509->derCert == NULL) - return WOLFSSL_FAILURE; - - if (wolfSSL_X509_up_ref(x509) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_up_ref error"); - return WOLFSSL_FAILURE; - } - ret = wolfSSL_add0_chain_cert(ssl, x509); - /* Decrease ref counter on error */ - if (ret != WOLFSSL_SUCCESS) - wolfSSL_X509_free(x509); - return ret; - } -#endif - - /* Return the corresponding short name for the nid . - * or NULL if short name can't be found. - */ - const char * wolfSSL_OBJ_nid2sn(int n) { - const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; - size_t i; - WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); - - if (n == NID_md5) { - /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in - * wolfssl_object_info. As a result, the loop below will incorrectly - * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL - * NID, but other functions rely on this table and modifying it to - * conform with OpenSSL's NIDs isn't trivial. */ - return "MD5"; - } - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { - if (obj_info->nid == n) { - return obj_info->sName; - } - } - WOLFSSL_MSG_EX("SN not found (nid:%d)",n); - return NULL; - } - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - int wolfSSL_OBJ_sn2nid(const char *sn) { - WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid"); - if (sn == NULL) - return NID_undef; - return wc_OBJ_sn2nid(sn); - } -#endif - - size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o) - { - size_t ret = 0; - int err = 0; - word32 idx = 0; - int len = 0; - - WOLFSSL_ENTER("wolfSSL_OBJ_length"); - - if (o == NULL || o->obj == NULL) { - WOLFSSL_MSG("Bad argument."); - err = 1; - } - - if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) { - WOLFSSL_MSG("Error parsing ASN.1 header."); - err = 1; - } - if (err == 0) { - ret = len; - } - - WOLFSSL_LEAVE("wolfSSL_OBJ_length", (int)ret); - - return ret; - } - - const unsigned char* wolfSSL_OBJ_get0_data(const WOLFSSL_ASN1_OBJECT* o) - { - const unsigned char* ret = NULL; - int err = 0; - word32 idx = 0; - int len = 0; - - WOLFSSL_ENTER("wolfSSL_OBJ_get0_data"); - - if (o == NULL || o->obj == NULL) { - WOLFSSL_MSG("Bad argument."); - err = 1; - } - - if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) { - WOLFSSL_MSG("Error parsing ASN.1 header."); - err = 1; - } - if (err == 0) { - ret = o->obj + idx; - } - - return ret; - } - - - /* Gets the NID value that corresponds with the ASN1 object. - * - * o ASN1 object to get NID of - * - * Return NID on success and a negative value on failure - */ - int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) - { - word32 oid = 0; - word32 idx = 0; - int ret; - -#ifdef WOLFSSL_DEBUG_OPENSSL - WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); -#endif - - if (o == NULL) { - return -1; - } - - #ifdef WOLFSSL_QT - if (o->grp == oidCertExtType) { - /* If nid is an unknown extension, return NID_undef */ - if (wolfSSL_OBJ_nid2sn(o->nid) == NULL) - return NID_undef; - } - #endif - - if (o->nid > 0) - return o->nid; - if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { - if (ret == ASN_OBJECT_ID_E) { - /* Put ASN object tag in front and try again */ - int len = SetObjectId(o->objSz, NULL) + o->objSz; - byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { - WOLFSSL_MSG("malloc error"); - return -1; - } - idx = SetObjectId(o->objSz, buf); - XMEMCPY(buf + idx, o->obj, o->objSz); - idx = 0; - ret = GetObjectId(buf, &idx, &oid, o->grp, len); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ret < 0) { - WOLFSSL_MSG("Issue getting OID of object"); - return -1; - } - } - else { - WOLFSSL_MSG("Issue getting OID of object"); - return -1; - } - } - - return oid2nid(oid, o->grp); - } - - /* Return the corresponding NID for the long name - * or NID_undef if NID can't be found. - */ - int wolfSSL_OBJ_ln2nid(const char *ln) - { - const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; - size_t lnlen; - WOLFSSL_ENTER("wolfSSL_OBJ_ln2nid"); - if (ln && (lnlen = XSTRLEN(ln)) > 0) { - /* Accept input like "/commonName=" */ - if (ln[0] == '/') { - ln++; - lnlen--; - } - if (lnlen) { - size_t i; - - if (ln[lnlen-1] == '=') { - lnlen--; - } - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { - if (lnlen == XSTRLEN(obj_info->lName) && - XSTRNCMP(ln, obj_info->lName, lnlen) == 0) { - return obj_info->nid; - } - } - } - } - return NID_undef; - } - - /* compares two objects, return 0 if equal */ - int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, - const WOLFSSL_ASN1_OBJECT* b) - { - WOLFSSL_ENTER("wolfSSL_OBJ_cmp"); - - if (a && b && a->obj && b->obj) { - if (a->objSz == b->objSz) { - return XMEMCMP(a->obj, b->obj, a->objSz); - } - else if (a->type == EXT_KEY_USAGE_OID || - b->type == EXT_KEY_USAGE_OID) { - /* Special case for EXT_KEY_USAGE_OID so that - * cmp will be treated as a substring search */ - /* Used in libest to check for id-kp-cmcRA in - * EXT_KEY_USAGE extension */ - unsigned int idx; - const byte* s; /* shorter */ - unsigned int sLen; - const byte* l; /* longer */ - unsigned int lLen; - if (a->objSz > b->objSz) { - s = b->obj; sLen = b->objSz; - l = a->obj; lLen = a->objSz; - } - else { - s = a->obj; sLen = a->objSz; - l = b->obj; lLen = b->objSz; - } - for (idx = 0; idx <= lLen - sLen; idx++) { - if (XMEMCMP(l + idx, s, sLen) == 0) { - /* Found substring */ - return 0; - } - } - } - } - - return WOLFSSL_FATAL_ERROR; - } -#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, - WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY) - /* Gets the NID value that is related to the OID string passed in. Example - * string would be "2.5.29.14" for subject key ID. - * - * returns NID value on success and NID_undef on error - */ - int wolfSSL_OBJ_txt2nid(const char* s) - { - unsigned int i; - #ifdef WOLFSSL_CERT_EXT - int ret; - unsigned int sum = 0; - unsigned int outSz = MAX_OID_SZ; - unsigned char out[MAX_OID_SZ]; - #endif - - WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); - - if (s == NULL) { - return NID_undef; - } - - #ifdef WOLFSSL_CERT_EXT - ret = EncodePolicyOID(out, &outSz, s, NULL); - if (ret == 0) { - /* sum OID */ - for (i = 0; i < outSz; i++) { - sum += out[i]; - } - } - #endif /* WOLFSSL_CERT_EXT */ - - /* get the group that the OID's sum is in - * @TODO possible conflict with multiples */ - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { - int len; - #ifdef WOLFSSL_CERT_EXT - if (ret == 0) { - if (wolfssl_object_info[i].id == (int)sum) { - return wolfssl_object_info[i].nid; - } - } - #endif - - /* try as a short name */ - len = (int)XSTRLEN(s); - if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len && - XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { - return wolfssl_object_info[i].nid; - } - - /* try as a long name */ - if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len && - XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { - return wolfssl_object_info[i].nid; - } - } - - return NID_undef; - } -#endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ - defined(WOLFSSL_HAPROXY) - - /* Creates new ASN1_OBJECT from short name, long name, or text - * representation of oid. If no_name is 0, then short name, long name, and - * numerical value of oid are interpreted. If no_name is 1, then only the - * numerical value of the oid is interpreted. - * - * Returns pointer to ASN1_OBJECT on success, or NULL on error. - */ -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name) - { - int i, ret; - int nid = NID_undef; - unsigned int outSz = MAX_OID_SZ; - unsigned char out[MAX_OID_SZ]; - WOLFSSL_ASN1_OBJECT* obj; - - WOLFSSL_ENTER("wolfSSL_OBJ_txt2obj"); - - if (s == NULL) - return NULL; - - /* If s is numerical value, try to sum oid */ - ret = EncodePolicyOID(out, &outSz, s, NULL); - if (ret == 0 && outSz > 0) { - /* If numerical encode succeeded then just - * create object from that because sums are - * not unique and can cause confusion. */ - obj = wolfSSL_ASN1_OBJECT_new(); - if (obj == NULL) { - WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); - return NULL; - } - obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; - obj->obj = (byte*)XMALLOC(1 + MAX_LENGTH_SZ + outSz, NULL, - DYNAMIC_TYPE_ASN1); - if (obj->obj == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); - return NULL; - } - obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; - i = SetObjectId(outSz, (byte*)obj->obj); - XMEMCPY((byte*)obj->obj + i, out, outSz); - obj->objSz = i + outSz; - return obj; - } - - /* TODO: update short names in wolfssl_object_info and check OID sums - are correct */ - for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { - /* Short name, long name, and numerical value are interpreted */ - if (no_name == 0 && - ((XSTRCMP(s, wolfssl_object_info[i].sName) == 0) || - (XSTRCMP(s, wolfssl_object_info[i].lName) == 0))) - { - nid = wolfssl_object_info[i].nid; - } - } - - if (nid != NID_undef) - return wolfSSL_OBJ_nid2obj(nid); - - return NULL; - } -#endif - - /* compatibility function. Its intended use is to remove OID's from an - * internal table that have been added with OBJ_create. wolfSSL manages its - * own internal OID values and does not currently support OBJ_create. */ - void wolfSSL_OBJ_cleanup(void) - { - WOLFSSL_ENTER("wolfSSL_OBJ_cleanup"); - } - - #ifndef NO_WOLFSSL_STUB - int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln) - { - (void)oid; - (void)sn; - (void)ln; - WOLFSSL_STUB("wolfSSL_OBJ_create"); - return WOLFSSL_FAILURE; - } - #endif - - void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) - { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - WOLFSSL_ENTER("wolfSSL_set_verify_depth"); - ssl->options.verifyDepth = (byte)depth; - #endif - } - -#endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || - HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ - -#ifdef OPENSSL_EXTRA - -/* wolfSSL uses negative values for error states. This function returns an - * unsigned type so the value returned is the absolute value of the error. - */ -unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) -{ - WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); - - (void)line; - (void)file; -#ifdef WOLFSSL_HAVE_ERROR_QUEUE - { - int ret; - - if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) { - WOLFSSL_MSG("Issue peeking at error node in queue"); - return 0; - } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) - if (ret == -ASN_NO_PEM_HEADER) - return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; - #endif - #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (ret == ASN1_R_HEADER_TOO_LONG) { - return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; - } - #endif - return (unsigned long)ret; - } -#else - return (unsigned long)(0 - NOT_COMPILED_IN); -#endif -} - - -#ifndef NO_CERTS -int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); - - if (ctx == NULL || pkey == NULL) { - return WOLFSSL_FAILURE; - } - - switch (pkey->type) { -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: - WOLFSSL_MSG("populating RSA key"); - if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; - break; -#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */ -#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ - defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) - case EVP_PKEY_DSA: - break; -#endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */ -#ifdef HAVE_ECC - case EVP_PKEY_EC: - WOLFSSL_MSG("populating ECC key"); - if (ECC_populate_EVP_PKEY(pkey, pkey->ecc) - != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; - break; -#endif - default: - return WOLFSSL_FAILURE; - } - - if (pkey->pkey.ptr != NULL) { - /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */ - return wolfSSL_CTX_use_PrivateKey_buffer(ctx, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, SSL_FILETYPE_ASN1); - } - - WOLFSSL_MSG("wolfSSL private key not set"); - return BAD_FUNC_ARG; -} -#endif /* !NO_CERTS */ - -#endif /* OPENSSL_EXTRA */ - -#if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ - defined(WOLFSSL_WPAS_SMALL) -CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL; - -static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr, - WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func) -{ - CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC( - sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL); - if (new_ctx == NULL) - return -1; - new_ctx->ctx_l = ctx_l; - new_ctx->ctx_ptr = ctx_ptr; - new_ctx->new_func = new_func; - new_ctx->free_func = free_func; - new_ctx->dup_func = dup_func; - new_ctx->next = NULL; - /* Push to end of list */ - while (*dst != NULL) - dst = &(*dst)->next; - *dst = new_ctx; - return 0; -} - -void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx) -{ - while (cb_ctx != NULL) { - CRYPTO_EX_cb_ctx* next = cb_ctx->next; - XFREE(cb_ctx, NULL, DYNAMIC_TYPE_OPENSSL); - cb_ctx = next; - } -} - -void crypto_ex_cb_setup_new_data(void *new_obj, CRYPTO_EX_cb_ctx* cb_ctx, - WOLFSSL_CRYPTO_EX_DATA* ex_data) -{ - int idx = 0; - for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { - if (cb_ctx->new_func != NULL) - cb_ctx->new_func(new_obj, NULL, ex_data, idx, cb_ctx->ctx_l, - cb_ctx->ctx_ptr); - } -} - -int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in, - WOLFSSL_CRYPTO_EX_DATA *out, CRYPTO_EX_cb_ctx* cb_ctx) -{ - int idx = 0; - for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { - if (cb_ctx->dup_func != NULL) { - void* ptr = wolfSSL_CRYPTO_get_ex_data(in, idx); - if (!cb_ctx->dup_func(out, in, - &ptr, idx, - cb_ctx->ctx_l, cb_ctx->ctx_ptr)) { - return WOLFSSL_FAILURE; - } - wolfSSL_CRYPTO_set_ex_data(out, idx, ptr); - } - } - return WOLFSSL_SUCCESS; -} - -void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx, - WOLFSSL_CRYPTO_EX_DATA* ex_data) -{ - int idx = 0; - for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { - if (cb_ctx->free_func != NULL) - cb_ctx->free_func(obj, NULL, ex_data, idx, cb_ctx->ctx_l, - cb_ctx->ctx_ptr); - } -} - -/** - * get_ex_new_index is a helper function for the following - * xx_get_ex_new_index functions: - * - wolfSSL_CRYPTO_get_ex_new_index - * - wolfSSL_CTX_get_ex_new_index - * - wolfSSL_get_ex_new_index - * Issues a unique index number for the specified class-index. - * Returns an index number greater or equal to zero on success, - * -1 on failure. - */ -int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, - WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func) -{ - /* index counter for each class index*/ - static int ctx_idx = 0; - static int ssl_idx = 0; - static int ssl_session_idx = 0; - static int x509_idx = 0; - - int idx = -1; - - switch(class_index) { - case WOLF_CRYPTO_EX_INDEX_SSL: - WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, - dup_func, free_func); - idx = ssl_idx++; - break; - case WOLF_CRYPTO_EX_INDEX_SSL_CTX: - WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, - dup_func, free_func); - idx = ctx_idx++; - break; - case WOLF_CRYPTO_EX_INDEX_X509: - WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, - dup_func, free_func); - idx = x509_idx++; - break; - case WOLF_CRYPTO_EX_INDEX_SSL_SESSION: - if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr, - new_func, dup_func, free_func) != 0) - return -1; - idx = ssl_session_idx++; - break; - - /* following class indexes are not supoprted */ - case WOLF_CRYPTO_EX_INDEX_X509_STORE: - case WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX: - case WOLF_CRYPTO_EX_INDEX_DH: - case WOLF_CRYPTO_EX_INDEX_DSA: - case WOLF_CRYPTO_EX_INDEX_EC_KEY: - case WOLF_CRYPTO_EX_INDEX_RSA: - case WOLF_CRYPTO_EX_INDEX_ENGINE: - case WOLF_CRYPTO_EX_INDEX_UI: - case WOLF_CRYPTO_EX_INDEX_BIO: - case WOLF_CRYPTO_EX_INDEX_APP: - case WOLF_CRYPTO_EX_INDEX_UI_METHOD: - case WOLF_CRYPTO_EX_INDEX_DRBG: - default: - break; - } - if (idx >= MAX_EX_DATA) - return -1; - return idx; -} -#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ - -#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) -void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); -#ifdef HAVE_EX_DATA - if(ctx != NULL) { - return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); - } -#else - (void)ctx; - (void)idx; -#endif - return NULL; -} - -int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, - WOLFSSL_CRYPTO_EX_new* new_func, - WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func) -{ - - WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index"); - - return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, idx, arg, - new_func, dup_func, free_func); -} - -/* Return the index that can be used for the WOLFSSL structure to store - * application data. - * - */ -int wolfSSL_get_ex_new_index(long argValue, void* arg, - WOLFSSL_CRYPTO_EX_new* cb1, WOLFSSL_CRYPTO_EX_dup* cb2, - WOLFSSL_CRYPTO_EX_free* cb3) -{ - WOLFSSL_ENTER("wolfSSL_get_ex_new_index"); - - return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg, - cb1, cb2, cb3); -} - - -int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data"); - #ifdef HAVE_EX_DATA - if (ctx != NULL) - { - return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data); - } - #else - (void)ctx; - (void)idx; - (void)data; - #endif - return WOLFSSL_FAILURE; -} - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -int wolfSSL_CTX_set_ex_data_with_cleanup( - WOLFSSL_CTX* ctx, - int idx, - void* data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup"); - if (ctx != NULL) - { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, - cleanup_routine); - } - return WOLFSSL_FAILURE; -} -#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - -/* Returns char* to app data stored in ex[0]. - * - * ssl WOLFSSL structure to get app data from - */ -void* wolfSSL_get_app_data(const WOLFSSL *ssl) -{ - /* checkout exdata stuff... */ - WOLFSSL_ENTER("wolfSSL_get_app_data"); - - return wolfSSL_get_ex_data(ssl, 0); -} - - -/* Set ex array 0 to have app data - * - * ssl WOLFSSL struct to set app data in - * arg data to be stored - * - * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { - WOLFSSL_ENTER("wolfSSL_set_app_data"); - - return wolfSSL_set_ex_data(ssl, 0, arg); -} - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) - -int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) -{ - WOLFSSL_ENTER("wolfSSL_set_ex_data"); -#ifdef HAVE_EX_DATA - if (ssl != NULL) - { - return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data); - } -#else - WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); - (void)ssl; - (void)idx; - (void)data; -#endif - return WOLFSSL_FAILURE; -} - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -int wolfSSL_set_ex_data_with_cleanup( - WOLFSSL* ssl, - int idx, - void* data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine) -{ - WOLFSSL_ENTER("wolfSSL_set_ex_data_with_cleanup"); - if (ssl != NULL) - { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, data, - cleanup_routine); - } - return WOLFSSL_FAILURE; -} -#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) -{ - WOLFSSL_ENTER("wolfSSL_get_ex_data"); -#ifdef HAVE_EX_DATA - if (ssl != NULL) { - return wolfSSL_CRYPTO_get_ex_data(&ssl->ex_data, idx); - } -#else - WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); - (void)ssl; - (void)idx; -#endif - return 0; -} - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ - -#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) - -#if defined(OPENSSL_EXTRA) && !defined(NO_DH) -/* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */ -long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) -{ - int pSz, gSz; - byte *p, *g; - int ret=0; - - WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh"); - - if(!ctx || !dh) - return BAD_FUNC_ARG; - - /* Get needed size for p and g */ - pSz = wolfSSL_BN_bn2bin(dh->p, NULL); - gSz = wolfSSL_BN_bn2bin(dh->g, NULL); - - if(pSz <= 0 || gSz <= 0) - return WOLFSSL_FATAL_ERROR; - - p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if(!p) - return MEMORY_E; - - g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if(!g) { - XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - return MEMORY_E; - } - - pSz = wolfSSL_BN_bn2bin(dh->p, p); - gSz = wolfSSL_BN_bn2bin(dh->g, g); - - if(pSz >= 0 && gSz >= 0) /* Conversion successful */ - ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); - - XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - - return pSz > 0 && gSz > 0 ? ret : WOLFSSL_FATAL_ERROR; -} -#endif /* OPENSSL_EXTRA && !NO_DH */ - - -/* returns the enum value associated with handshake state - * - * ssl the WOLFSSL structure to get state of - */ -int wolfSSL_get_state(const WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_state"); - - if (ssl == NULL) { - WOLFSSL_MSG("Null argument passed in"); - return WOLFSSL_FAILURE; - } - - return ssl->options.handShakeState; -} -#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ - -#ifdef OPENSSL_EXTRA -void wolfSSL_certs_clear(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_certs_clear"); - - if (ssl == NULL) - return; - - /* ctx still owns certificate, certChain, key, dh, and cm */ - if (ssl->buffers.weOwnCert) - FreeDer(&ssl->buffers.certificate); - ssl->buffers.certificate = NULL; - if (ssl->buffers.weOwnCertChain) - FreeDer(&ssl->buffers.certChain); - ssl->buffers.certChain = NULL; -#ifdef WOLFSSL_TLS13 - ssl->buffers.certChainCnt = 0; -#endif - if (ssl->buffers.weOwnKey) - FreeDer(&ssl->buffers.key); - ssl->buffers.key = NULL; - ssl->buffers.keyType = 0; - ssl->buffers.keyId = 0; - ssl->buffers.keyLabel = 0; - ssl->buffers.keySz = 0; - ssl->buffers.keyDevId = 0; -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (ssl->buffers.weOwnAltKey) - FreeDer(&ssl->buffers.altKey); - ssl->buffers.altKey = NULL; -#endif /* WOLFSSL_DUAL_ALG_CERTS */ -} -#endif - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) - -long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) -{ - WOLFSSL_ENTER("wolfSSL_ctrl"); - if (ssl == NULL) - return BAD_FUNC_ARG; - - switch (cmd) { - #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - #ifdef HAVE_SNI - case SSL_CTRL_SET_TLSEXT_HOSTNAME: - WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME."); - if (pt == NULL) { - WOLFSSL_MSG("Passed in NULL Host Name."); - break; - } - return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt); - #endif /* HAVE_SNI */ - #endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */ - default: - WOLFSSL_MSG("Case not implemented."); - } - (void)opt; - (void)pt; - return WOLFSSL_FAILURE; -} - -long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) -{ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - long ctrl_opt; -#endif - long ret = WOLFSSL_SUCCESS; - - WOLFSSL_ENTER("wolfSSL_CTX_ctrl"); - if (ctx == NULL) - return WOLFSSL_FAILURE; - - switch (cmd) { - case SSL_CTRL_CHAIN: -#ifdef SESSION_CERTS - { - /* - * We don't care about opt here because a copy of the certificate is - * stored anyway so increasing the reference counter is not necessary. - * Just check to make sure that it is set to one of the correct values. - */ - WOLF_STACK_OF(WOLFSSL_X509)* sk = (WOLF_STACK_OF(WOLFSSL_X509)*) pt; - WOLFSSL_X509* x509; - int i; - if (opt != 0 && opt != 1) { - ret = WOLFSSL_FAILURE; - break; - } - /* Clear certificate chain */ - FreeDer(&ctx->certChain); - if (sk) { - for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { - x509 = wolfSSL_sk_X509_value(sk, i); - /* Prevent wolfSSL_CTX_add_extra_chain_cert from freeing cert */ - if (wolfSSL_X509_up_ref(x509) != 1) { - WOLFSSL_MSG("Error increasing reference count"); - continue; - } - if (wolfSSL_CTX_add_extra_chain_cert(ctx, x509) != - WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error adding certificate to context"); - /* Decrease reference count on failure */ - wolfSSL_X509_free(x509); - } - } - } - /* Free previous chain */ - wolfSSL_sk_X509_pop_free(ctx->x509Chain, NULL); - ctx->x509Chain = sk; - if (sk && opt == 1) { - /* up all refs when opt == 1 */ - for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { - x509 = wolfSSL_sk_X509_value(sk, i); - if (wolfSSL_X509_up_ref(x509) != 1) { - WOLFSSL_MSG("Error increasing reference count"); - continue; - } - } - } - } -#else - WOLFSSL_MSG("Session certificates not compiled in"); - ret = WOLFSSL_FAILURE; -#endif - break; - -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - case SSL_CTRL_OPTIONS: - WOLFSSL_MSG("Entering Case: SSL_CTRL_OPTIONS."); - ctrl_opt = wolfSSL_CTX_set_options(ctx, opt); - - #ifdef WOLFSSL_QT - /* Set whether to use client or server cipher preference */ - if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) - == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { - WOLFSSL_MSG("Using Server's Cipher Preference."); - ctx->useClientOrder = FALSE; - } else { - WOLFSSL_MSG("Using Client's Cipher Preference."); - ctx->useClientOrder = TRUE; - } - #endif /* WOLFSSL_QT */ - - return ctrl_opt; -#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ - case SSL_CTRL_EXTRA_CHAIN_CERT: - WOLFSSL_MSG("Entering Case: SSL_CTRL_EXTRA_CHAIN_CERT."); - if (pt == NULL) { - WOLFSSL_MSG("Passed in x509 pointer NULL."); - ret = WOLFSSL_FAILURE; - break; - } - return wolfSSL_CTX_add_extra_chain_cert(ctx, (WOLFSSL_X509*)pt); - -#ifndef NO_DH - case SSL_CTRL_SET_TMP_DH: - WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_DH."); - if (pt == NULL) { - WOLFSSL_MSG("Passed in DH pointer NULL."); - ret = WOLFSSL_FAILURE; - break; - } - return wolfSSL_CTX_set_tmp_dh(ctx, (WOLFSSL_DH*)pt); -#endif - -#ifdef HAVE_ECC - case SSL_CTRL_SET_TMP_ECDH: - WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_ECDH."); - if (pt == NULL) { - WOLFSSL_MSG("Passed in ECDH pointer NULL."); - ret = WOLFSSL_FAILURE; - break; - } - return wolfSSL_SSL_CTX_set_tmp_ecdh(ctx, (WOLFSSL_EC_KEY*)pt); -#endif - case SSL_CTRL_MODE: - wolfSSL_CTX_set_mode(ctx,opt); - break; - case SSL_CTRL_SET_MIN_PROTO_VERSION: - WOLFSSL_MSG("set min proto version"); - return wolfSSL_CTX_set_min_proto_version(ctx, (int)opt); - case SSL_CTRL_SET_MAX_PROTO_VERSION: - WOLFSSL_MSG("set max proto version"); - return wolfSSL_CTX_set_max_proto_version(ctx, (int)opt); - case SSL_CTRL_GET_MIN_PROTO_VERSION: - WOLFSSL_MSG("get min proto version"); - return wolfSSL_CTX_get_min_proto_version(ctx); - case SSL_CTRL_GET_MAX_PROTO_VERSION: - WOLFSSL_MSG("get max proto version"); - return wolfSSL_CTX_get_max_proto_version(ctx); - default: - WOLFSSL_MSG("CTX_ctrl cmd not implemented"); - ret = WOLFSSL_FAILURE; - break; - } - - (void)ctx; - (void)cmd; - (void)opt; - (void)pt; - WOLFSSL_LEAVE("wolfSSL_CTX_ctrl", (int)ret); - return ret; -} - -#ifndef WOLFSSL_NO_STUB -long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)) -{ - (void) ctx; - (void) cmd; - (void) fp; - WOLFSSL_STUB("wolfSSL_CTX_callback_ctrl"); - return WOLFSSL_FAILURE; - -} -#endif /* WOLFSSL_NO_STUB */ - -#ifndef NO_WOLFSSL_STUB -long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx) -{ - return wolfSSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0L, NULL); -} -#endif - -/* Returns the verifyCallback from the ssl structure if successful. -Returns NULL otherwise. */ -VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_verify_callback"); - if (ssl) { - return ssl->verifyCallback; - } - return NULL; -} - -/* Adds the ASN1 certificate to the user ctx. -Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ -int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, - const unsigned char *der) -{ - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); - if (der != NULL && ctx != NULL) { - if (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { - return WOLFSSL_SUCCESS; - } - - } - return WOLFSSL_FAILURE; -} - - -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) -/* Adds the rsa private key to the user ctx. -Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ -int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) -{ - int ret; - int derSize; - unsigned char *maxDerBuf; - unsigned char* key = NULL; - - WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); - - if (ctx == NULL || rsa == NULL) { - WOLFSSL_MSG("one or more inputs were NULL"); - return BAD_FUNC_ARG; - } - maxDerBuf = (unsigned char*)XMALLOC(4096, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (maxDerBuf == NULL) { - WOLFSSL_MSG("Malloc failure"); - return MEMORY_E; - } - key = maxDerBuf; - /* convert RSA struct to der encoded buffer and get the size */ - if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) { - WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure"); - XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf, - derSize, SSL_FILETYPE_ASN1); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure"); - XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} -#endif /* WOLFSSL_KEY_GEN && !NO_RSA */ - - -#ifndef NO_BIO -/* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. -Returns pointer to private EVP_PKEY struct upon success, NULL if there -is a failure.*/ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** out) -{ - unsigned char* mem = NULL; - int memSz = 0; - WOLFSSL_EVP_PKEY* key = NULL; - unsigned char* extraBioMem = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio"); - - if (bio == NULL) { - return NULL; - } - (void)out; - - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_get_len() failure"); - return NULL; - } - - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - WOLFSSL_MSG("Malloc failure"); - return NULL; - } - - if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { - int extraBioMemSz; - int derLength; - - /* Determines key type and returns the new private EVP_PKEY object */ - if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { - WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - - /* Write extra data back into bio object if necessary. */ - derLength = key->pkey_sz; - extraBioMemSz = (memSz - derLength); - if (extraBioMemSz > 0) { - int i; - int j = 0; - - extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (extraBioMem == NULL) { - WOLFSSL_MSG("Malloc failure"); - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - - for (i = derLength; i < memSz; i++) { - *(extraBioMem + j) = *(mem + i); - j++; - } - - wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); - if (wolfSSL_BIO_get_len(bio) <= 0) { - WOLFSSL_MSG("Failed to write memory to bio"); - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - } - - if (out != NULL) { - *out = key; - } - } - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return key; -} -#endif /* !NO_BIO */ - -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ - - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL) - -/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. - * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL - * on fail */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, - unsigned char** in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); - return d2iGenericKey(out, (const unsigned char**)in, inSz, 1); -} - -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/ - - -/* stunnel compatibility functions*/ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) -void wolfSSL_ERR_remove_thread_state(void* pid) -{ - (void) pid; - return; -} - -#ifndef NO_FILESYSTEM -/***TBD ***/ -void wolfSSL_print_all_errors_fp(XFILE fp) -{ - (void)fp; -} -#endif /* !NO_FILESYSTEM */ - -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || - HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH */ - - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(HAVE_EX_DATA) - -#if defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) -static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, - void* data, byte get, void** getRet, int* setRet) -{ - int row; - int i; - int error = 0; - SessionRow* sessRow = NULL; - const byte* id; - byte foundCache = 0; - - if (getRet != NULL) - *getRet = NULL; - if (setRet != NULL) - *setRet = WOLFSSL_FAILURE; - - id = session->sessionID; - if (session->haveAltSessionID) - id = session->altSessionID; - - row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS); - if (error != 0) { - WOLFSSL_MSG("Hash session failed"); - return; - } - - sessRow = &SessionCache[row]; - if (get) - error = SESSION_ROW_RD_LOCK(sessRow); - else - error = SESSION_ROW_WR_LOCK(sessRow); - if (error != 0) { - WOLFSSL_MSG("Session row lock failed"); - return; - } - - for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { - WOLFSSL_SESSION* cacheSession; -#ifdef SESSION_CACHE_DYNAMIC_MEM - cacheSession = sessRow->Sessions[i]; -#else - cacheSession = &sessRow->Sessions[i]; -#endif - if (cacheSession && - XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0 - && session->side == cacheSession->side - #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) - && (IsAtLeastTLSv1_3(session->version) == - IsAtLeastTLSv1_3(cacheSession->version)) - #endif - ) { - if (get) { - if (getRet) { - *getRet = wolfSSL_CRYPTO_get_ex_data( - &cacheSession->ex_data, idx); - } - } - else { - if (setRet) { - *setRet = wolfSSL_CRYPTO_set_ex_data( - &cacheSession->ex_data, idx, data); - } - } - foundCache = 1; - break; - } - } - SESSION_ROW_UNLOCK(sessRow); - /* If we don't have a session in cache then clear the ex_data and - * own it */ - if (!foundCache) { - XMEMSET(&session->ex_data, 0, sizeof(WOLFSSL_CRYPTO_EX_DATA)); - session->ownExData = 1; - if (!get) { - *setRet = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, - data); - } - } - -} -#endif - -int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) -{ - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); -#ifdef HAVE_EX_DATA - session = ClientSessionToSession(session); - if (session != NULL) { -#ifndef NO_SESSION_CACHE - if (!session->ownExData) { - /* Need to update in cache */ - SESSION_ex_data_cache_update(session, idx, data, 0, NULL, &ret); - } - else -#endif - { - ret = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, data); - } - } -#else - (void)session; - (void)idx; - (void)data; -#endif - return ret; -} - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -int wolfSSL_SESSION_set_ex_data_with_cleanup( - WOLFSSL_SESSION* session, - int idx, - void* data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup"); - session = ClientSessionToSession(session); - if(session != NULL) { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx, - data, cleanup_routine); - } - return WOLFSSL_FAILURE; -} -#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) -{ - void* ret = NULL; - WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data"); -#ifdef HAVE_EX_DATA - session = ClientSessionToSession(session); - if (session != NULL) { -#ifndef NO_SESSION_CACHE - if (!session->ownExData) { - /* Need to retrieve the data from the session cache */ - SESSION_ex_data_cache_update((WOLFSSL_SESSION*)session, idx, NULL, - 1, &ret, NULL); - } - else -#endif - { - ret = wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx); - } - } -#else - (void)session; - (void)idx; -#endif - return ret; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */ - -/* Note: This is a huge section of API's - through - * wolfSSL_X509_OBJECT_get0_X509_CRL */ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) -#ifdef HAVE_EX_DATA -int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, - WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index"); - return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l, - ctx_ptr, new_func, dup_func, free_func); -} -#endif - -#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \ - !defined(WOLFSSL_STATIC_MEMORY) -static wolfSSL_OSSL_Malloc_cb ossl_malloc = NULL; -static wolfSSL_OSSL_Free_cb ossl_free = NULL; -static wolfSSL_OSSL_Realloc_cb ossl_realloc = NULL; - -static void* OSSL_Malloc(size_t size) -{ - if (ossl_malloc != NULL) - return ossl_malloc(size, NULL, 0); - else - return NULL; -} - -static void OSSL_Free(void *ptr) -{ - if (ossl_free != NULL) - ossl_free(ptr, NULL, 0); -} - -static void* OSSL_Realloc(void *ptr, size_t size) -{ - if (ossl_realloc != NULL) - return ossl_realloc(ptr, size, NULL, 0); - else - return NULL; -} -#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_DEBUG_MEMORY && - * !WOLFSSL_STATIC_MEMORY */ - -int wolfSSL_CRYPTO_set_mem_functions( - wolfSSL_OSSL_Malloc_cb m, - wolfSSL_OSSL_Realloc_cb r, - wolfSSL_OSSL_Free_cb f) -{ -#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) -#ifdef WOLFSSL_DEBUG_MEMORY - WOLFSSL_MSG("mem functions will receive function name instead of " - "file name"); - if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)m, (wolfSSL_Free_cb)f, - (wolfSSL_Realloc_cb)r) == 0) - return WOLFSSL_SUCCESS; -#else - WOLFSSL_MSG("wolfSSL was compiled without WOLFSSL_DEBUG_MEMORY mem " - "functions will receive a NULL file name and 0 for the " - "line number."); - if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)OSSL_Malloc, - (wolfSSL_Free_cb)OSSL_Free, (wolfSSL_Realloc_cb)OSSL_Realloc) == 0) { - ossl_malloc = m; - ossl_free = f; - ossl_realloc = r; - return WOLFSSL_SUCCESS; - } -#endif - else - return WOLFSSL_FAILURE; -#else - (void)m; - (void)r; - (void)f; - WOLFSSL_MSG("wolfSSL allocator callback functions not compiled in"); - return WOLFSSL_FAILURE; + /* oidCertNameType */ + { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"}, +#if !defined(WOLFSSL_CERT_REQ) + { NID_surname, NID_surname, oidCertNameType, "SN", "surname"}, #endif -} - -int wolfSSL_ERR_load_ERR_strings(void) -{ - return WOLFSSL_SUCCESS; -} - -void wolfSSL_ERR_load_crypto_strings(void) -{ - WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings"); - /* Do nothing */ - return; -} + { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber", + "serialNumber"}, + { NID_userId, NID_userId, oidCertNameType, "UID", "userid"}, + { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"}, + { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"}, + { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST", + "stateOrProvinceName"}, + { NID_streetAddress, NID_streetAddress, oidCertNameType, "street", + "streetAddress"}, + { NID_organizationName, NID_organizationName, oidCertNameType, "O", + "organizationName"}, + { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType, + "OU", "organizationalUnitName"}, + { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress", + "emailAddress"}, + { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC", + "domainComponent"}, + { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink", + "favouriteDrink"}, + { NID_businessCategory, NID_businessCategory, oidCertNameType, + "businessCategory", "businessCategory"}, + { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType, + "jurisdictionC", "jurisdictionCountryName"}, + { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName, + oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"}, + { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", + "postalCode"}, + { NID_userId, NID_userId, oidCertNameType, "UID", "userId"}, -int wolfSSL_FIPS_mode(void) -{ -#ifdef HAVE_FIPS - return 1; -#else - return 0; +#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL) + { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, + oidCsrAttrType, "challengePassword", "challengePassword"}, + { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, + oidCsrAttrType, "contentType", "contentType" }, + { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, + oidCsrAttrType, "unstructuredName", "unstructuredName" }, + { NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, + { NID_surname, SURNAME_OID, + oidCsrAttrType, "surname", "surname" }, + { NID_givenName, GIVEN_NAME_OID, + oidCsrAttrType, "givenName", "givenName" }, + { NID_initials, INITIALS_OID, + oidCsrAttrType, "initials", "initials" }, + { NID_dnQualifier, DNQUALIFIER_OID, + oidCsrAttrType, "dnQualifer", "dnQualifier" }, #endif -} - -int wolfSSL_FIPS_mode_set(int r) -{ -#ifdef HAVE_FIPS - if (r == 0) { - WOLFSSL_MSG("Cannot disable FIPS at runtime."); - return WOLFSSL_FAILURE; - } - return WOLFSSL_SUCCESS; -#else - if (r == 0) { - return WOLFSSL_SUCCESS; - } - WOLFSSL_MSG("Cannot enable FIPS. This isn't the wolfSSL FIPS code."); - return WOLFSSL_FAILURE; #endif -} - -int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) -{ - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits"); - - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - (void)alg_bits; - if (c!= NULL) - ret = c->bits; - #else - if (c != NULL && c->ssl != NULL) { - ret = 8 * c->ssl->specs.key_size; - if (alg_bits != NULL) { - *alg_bits = ret; - } - } +#ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ + /* oidHashType */ + #ifdef WOLFSSL_MD2 + { NID_md2, MD2h, oidHashType, "MD2", "md2"}, + #endif + #ifdef WOLFSSL_MD5 + { NID_md5, MD5h, oidHashType, "MD5", "md5"}, + #endif + #ifndef NO_SHA + { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"}, + #endif + #ifdef WOLFSSL_SHA224 + { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"}, #endif - return ret; -} - -/* returns value less than 0 on fail to match - * On a successful match the priority level found is returned - */ -int wolfSSL_sk_SSL_CIPHER_find( - WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind) -{ - WOLFSSL_STACK* next; - int i, sz; + #ifndef NO_SHA256 + { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"}, + #endif + #ifdef WOLFSSL_SHA384 + { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"}, + #endif + #ifdef WOLFSSL_SHA512 + { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, + #endif + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, + #endif + #endif /* WOLFSSL_SHA3 */ + #ifdef WOLFSSL_SM3 + { NID_sm3, SM3h, oidHashType, "SM3", "sm3"}, + #endif + /* oidSigType */ + #ifndef NO_DSA + #ifndef NO_SHA + { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"}, + { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256", + "dsa_with_SHA256"}, + #endif + #endif /* NO_DSA */ + #ifndef NO_RSA + #ifdef WOLFSSL_MD2 + { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2", + "md2WithRSAEncryption"}, + #endif + #ifndef NO_MD5 + { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5", + "md5WithRSAEncryption"}, + #endif + #ifndef NO_SHA + { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1", + "sha1WithRSAEncryption"}, + #endif + #ifdef WOLFSSL_SHA224 + { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224", + "sha224WithRSAEncryption"}, + #endif + #ifndef NO_SHA256 + { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256", + "sha256WithRSAEncryption"}, + #endif + #ifdef WOLFSSL_SHA384 + { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384", + "sha384WithRSAEncryption"}, + #endif + #ifdef WOLFSSL_SHA512 + { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512", + "sha512WithRSAEncryption"}, + #endif + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224", + "sha3-224WithRSAEncryption"}, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256", + "sha3-256WithRSAEncryption"}, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384", + "sha3-384WithRSAEncryption"}, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512", + "sha3-512WithRSAEncryption"}, + #endif + #endif + #ifdef WC_RSA_PSS + { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" }, + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + #ifndef NO_SHA + { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", + "shaWithECDSA"}, + #endif + #ifdef WOLFSSL_SHA224 + { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType, + "ecdsa-with-SHA224","sha224WithECDSA"}, + #endif + #ifndef NO_SHA256 + { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType, + "ecdsa-with-SHA256","sha256WithECDSA"}, + #endif + #ifdef WOLFSSL_SHA384 + { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType, + "ecdsa-with-SHA384","sha384WithECDSA"}, + #endif + #ifdef WOLFSSL_SHA512 + { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType, + "ecdsa-with-SHA512","sha512WithECDSA"}, + #endif + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType, + "id-ecdsa-with-SHA3-224", "ecdsa_with_SHA3-224"}, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType, + "id-ecdsa-with-SHA3-256", "ecdsa_with_SHA3-256"}, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType, + "id-ecdsa-with-SHA3-384", "ecdsa_with_SHA3-384"}, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType, + "id-ecdsa-with-SHA3-512", "ecdsa_with_SHA3-512"}, + #endif + #endif + #endif /* HAVE_ECC */ - if (sk == NULL || toFind == NULL) { - return WOLFSSL_FATAL_ERROR; - } + /* oidKeyType */ + #ifndef NO_DSA + { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"}, + #endif /* NO_DSA */ + #ifndef NO_RSA + { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", + "rsaEncryption"}, + #ifdef WC_RSA_PSS + { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"}, + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey", + "id-ecPublicKey"}, + #endif /* HAVE_ECC */ + #ifndef NO_DH + { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", + "dhKeyAgreement"}, + #endif + #ifdef HAVE_ED448 + { NID_ED448, ED448k, oidKeyType, "ED448", "ED448"}, + #endif + #ifdef HAVE_ED25519 + { NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"}, + #endif + #ifdef HAVE_FALCON + { CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1", + "Falcon Level 1"}, + { CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5", + "Falcon Level 5"}, + #endif /* HAVE_FALCON */ + #ifdef HAVE_DILITHIUM + { CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType, + "Dilithium Level 2", "Dilithium Level 2"}, + { CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType, + "Dilithium Level 3", "Dilithium Level 3"}, + { CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType, + "Dilithium Level 5", "Dilithium Level 5"}, + #endif /* HAVE_DILITHIUM */ - sz = wolfSSL_sk_SSL_CIPHER_num(sk); - next = sk; - for (i = 0; i < sz && next != NULL; i++) { - if (next->data.cipher.cipherSuite0 == toFind->cipherSuite0 && - next->data.cipher.cipherSuite == toFind->cipherSuite) { - return sz - i; /* reverse because stack pushed highest on first */ - } - next = next->next; - } - return WOLFSSL_FATAL_ERROR; -} + /* oidCurveType */ + #ifdef HAVE_ECC + { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", + "prime192v1"}, + { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", + "prime192v2"}, + { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", + "prime192v3"}, + + { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", + "prime239v1"}, + { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", + "prime239v2"}, + { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", + "prime239v3"}, + + { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", + "prime256v1"}, + + { NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", + "secp112r1"}, + { NID_secp112r2, ECC_SECP112R2_OID, oidCurveType, "secp112r2", + "secp112r2"}, + + { NID_secp128r1, ECC_SECP128R1_OID, oidCurveType, "secp128r1", + "secp128r1"}, + { NID_secp128r2, ECC_SECP128R2_OID, oidCurveType, "secp128r2", + "secp128r2"}, + + { NID_secp160r1, ECC_SECP160R1_OID, oidCurveType, "secp160r1", + "secp160r1"}, + { NID_secp160r2, ECC_SECP160R2_OID, oidCurveType, "secp160r2", + "secp160r2"}, + + { NID_secp224r1, ECC_SECP224R1_OID, oidCurveType, "secp224r1", + "secp224r1"}, + { NID_secp384r1, ECC_SECP384R1_OID, oidCurveType, "secp384r1", + "secp384r1"}, + { NID_secp521r1, ECC_SECP521R1_OID, oidCurveType, "secp521r1", + "secp521r1"}, + + { NID_secp160k1, ECC_SECP160K1_OID, oidCurveType, "secp160k1", + "secp160k1"}, + { NID_secp192k1, ECC_SECP192K1_OID, oidCurveType, "secp192k1", + "secp192k1"}, + { NID_secp224k1, ECC_SECP224K1_OID, oidCurveType, "secp224k1", + "secp224k1"}, + { NID_secp256k1, ECC_SECP256K1_OID, oidCurveType, "secp256k1", + "secp256k1"}, + + { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID, oidCurveType, + "brainpoolP160r1", "brainpoolP160r1"}, + { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID, oidCurveType, + "brainpoolP192r1", "brainpoolP192r1"}, + { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID, oidCurveType, + "brainpoolP224r1", "brainpoolP224r1"}, + { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID, oidCurveType, + "brainpoolP256r1", "brainpoolP256r1"}, + { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID, oidCurveType, + "brainpoolP320r1", "brainpoolP320r1"}, + { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID, oidCurveType, + "brainpoolP384r1", "brainpoolP384r1"}, + { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID, oidCurveType, + "brainpoolP512r1", "brainpoolP512r1"}, -/* free's all nodes in the stack and there data */ -void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_free"); - wolfSSL_sk_free(sk); -} + #ifdef WOLFSSL_SM2 + { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"}, + #endif + #endif /* HAVE_ECC */ -#ifdef HAVE_SNI -int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) -{ - int ret; - WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name"); - ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, - host_name, (word16)XSTRLEN(host_name)); - WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret); - return ret; -} + /* oidBlkType */ + #ifdef WOLFSSL_AES_128 + { AES128CBCb, AES128CBCb, oidBlkType, "AES-128-CBC", "aes-128-cbc"}, + #endif + #ifdef WOLFSSL_AES_192 + { AES192CBCb, AES192CBCb, oidBlkType, "AES-192-CBC", "aes-192-cbc"}, + #endif + #ifdef WOLFSSL_AES_256 + { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"}, + #endif + #ifndef NO_DES3 + { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"}, + { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"}, + #endif /* !NO_DES3 */ + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType, + "ChaCha20-Poly1305", "chacha20-poly1305"}, + #endif + /* oidOcspType */ + #ifdef HAVE_OCSP + { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, + "basicOCSPResponse", "Basic OCSP Response"}, + { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", "OCSP Nonce"}, + #endif /* HAVE_OCSP */ -#ifndef NO_WOLFSSL_SERVER -const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) -{ - void * serverName = NULL; - if (ssl == NULL) - return NULL; - TLSX_SNI_GetRequest(ssl->extensions, type, &serverName); - return (const char *)serverName; -} -#endif /* NO_WOLFSSL_SERVER */ -#endif /* HAVE_SNI */ + #ifndef NO_PWDBASED + /* oidKdfType */ + { PBKDF2_OID, PBKDF2_OID, oidKdfType, "PBKDFv2", "PBKDF2"}, -WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) -{ - int ret; - /* This method requires some explanation. Its sibling is - * int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) - * which re-inits the WOLFSSL* with all settings in the new CTX. - * That one is the right one to use *before* a handshake is started. - * - * This method was added by OpenSSL to be used *during* the handshake, e.g. - * when a server inspects the SNI in a ClientHello callback and - * decides which set of certificates to use. - * - * Since, at the time the SNI callback is run, some decisions on - * Extensions or the ServerHello might already have been taken, this - * method is very restricted in what it does: - * - changing the server certificate(s) - * - changing the server id for session handling - * and everything else in WOLFSSL* needs to remain untouched. - */ - WOLFSSL_ENTER("wolfSSL_set_SSL_CTX"); - if (ssl == NULL || ctx == NULL) - return NULL; - if (ssl->ctx == ctx) - return ssl->ctx; + /* oidPBEType */ + { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType, + "PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4"}, + { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE-SHA1-DES", + "pbeWithSHA1AndDES-CBC"}, + { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE-SHA1-3DES", + "pbeWithSHA1And3-KeyTripleDES-CBC"}, + #endif - wolfSSL_RefInc(&ctx->ref, &ret); -#ifdef WOLFSSL_REFCNT_ERROR_RETURN - if (ret != 0) { - /* can only fail on serious stuff, like mutex not working - * or ctx refcount out of whack. */ - return NULL; - } -#else - (void)ret; -#endif - if (ssl->ctx != NULL) - wolfSSL_CTX_free(ssl->ctx); - ssl->ctx = ctx; + /* oidKeyWrapType */ + #ifdef WOLFSSL_AES_128 + { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap", + "aes128-wrap"}, + #endif + #ifdef WOLFSSL_AES_192 + { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap", + "aes192-wrap"}, + #endif + #ifdef WOLFSSL_AES_256 + { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap", + "aes256-wrap"}, + #endif -#ifndef NO_CERTS - /* ctx owns certificate, certChain and key */ - ssl->buffers.certificate = ctx->certificate; - ssl->buffers.certChain = ctx->certChain; -#ifdef WOLFSSL_TLS13 - ssl->buffers.certChainCnt = ctx->certChainCnt; -#endif - ssl->buffers.key = ctx->privateKey; - ssl->buffers.keyType = ctx->privateKeyType; - ssl->buffers.keyId = ctx->privateKeyId; - ssl->buffers.keyLabel = ctx->privateKeyLabel; - ssl->buffers.keySz = ctx->privateKeySz; - ssl->buffers.keyDevId = ctx->privateKeyDevId; - /* flags indicating what certs/keys are available */ - ssl->options.haveRSA = ctx->haveRSA; - ssl->options.haveDH = ctx->haveDH; - ssl->options.haveECDSAsig = ctx->haveECDSAsig; - ssl->options.haveECC = ctx->haveECC; - ssl->options.haveStaticECC = ctx->haveStaticECC; - ssl->options.haveFalconSig = ctx->haveFalconSig; - ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; -#ifdef WOLFSSL_DUAL_ALG_CERTS - ssl->buffers.altKey = ctx->altPrivateKey; - ssl->buffers.altKeySz = ctx->altPrivateKeySz; - ssl->buffers.altKeyType = ctx->altPrivateKeyType; -#endif /* WOLFSSL_DUAL_ALG_CERTS */ -#endif + #ifndef NO_PKCS7 + #ifndef NO_DH + /* oidCmsKeyAgreeType */ + #ifndef NO_SHA + { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme, + oidCmsKeyAgreeType, "dhSinglePass-stdDH-sha1kdf-scheme", + "dhSinglePass-stdDH-sha1kdf-scheme"}, + #endif + #ifdef WOLFSSL_SHA224 + { dhSinglePass_stdDH_sha224kdf_scheme, + dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType, + "dhSinglePass-stdDH-sha224kdf-scheme", + "dhSinglePass-stdDH-sha224kdf-scheme"}, + #endif + #ifndef NO_SHA256 + { dhSinglePass_stdDH_sha256kdf_scheme, + dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType, + "dhSinglePass-stdDH-sha256kdf-scheme", + "dhSinglePass-stdDH-sha256kdf-scheme"}, + #endif + #ifdef WOLFSSL_SHA384 + { dhSinglePass_stdDH_sha384kdf_scheme, + dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType, + "dhSinglePass-stdDH-sha384kdf-scheme", + "dhSinglePass-stdDH-sha384kdf-scheme"}, + #endif + #ifdef WOLFSSL_SHA512 + { dhSinglePass_stdDH_sha512kdf_scheme, + dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType, + "dhSinglePass-stdDH-sha512kdf-scheme", + "dhSinglePass-stdDH-sha512kdf-scheme"}, + #endif + #endif + #endif + #if defined(WOLFSSL_APACHE_HTTPD) + /* "1.3.6.1.5.5.7.8.7" */ + { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType, + WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV }, -#ifdef WOLFSSL_SESSION_ID_CTX - /* copy over application session context ID */ - ssl->sessionCtxSz = ctx->sessionCtxSz; - XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); -#endif + /* "1.3.6.1.4.1.311.20.2.3" */ + { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN, + WOLFSSL_LN_MS_UPN }, - return ssl->ctx; -} + /* "1.3.6.1.5.5.7.1.24" */ + { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType, + WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE }, + #endif +#endif /* OPENSSL_EXTRA */ +}; +#define WOLFSSL_OBJECT_INFO_SZ \ + (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info)) +const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ; +#endif -VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Free the dynamically allocated data. + * + * p Pointer to dynamically allocated memory. + */ +void wolfSSL_OPENSSL_free(void* p) { - WOLFSSL_ENTER("wolfSSL_CTX_get_verify_callback"); - if(ctx) - return ctx->verifyCallback; - return NULL; -} + WOLFSSL_MSG("wolfSSL_OPENSSL_free"); + XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#ifdef HAVE_SNI +#ifdef OPENSSL_EXTRA -void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) +void *wolfSSL_OPENSSL_malloc(size_t a) { - WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); - if (ctx) - ctx->sniRecvCb = cb; + return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); } -int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, - CallbackSniRecv cb) +int wolfSSL_OPENSSL_hexchar2int(unsigned char c) { - WOLFSSL_ENTER("wolfSSL_CTX_set_tlsext_servername_callback"); - if (ctx) { - ctx->sniRecvCb = cb; - return WOLFSSL_SUCCESS; - } - return WOLFSSL_FAILURE; + /* 'char' is unsigned on some platforms. */ + return (int)(signed char)HexCharToByte((char)c); } -int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) +unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len) { - WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg"); - if (ctx) { - ctx->sniRecvCbArg = arg; - return WOLFSSL_SUCCESS; + unsigned char* targetBuf; + int srcDigitHigh = 0; + int srcDigitLow = 0; + size_t srcLen; + size_t srcIdx = 0; + long targetIdx = 0; + + srcLen = XSTRLEN(str); + targetBuf = (unsigned char*)XMALLOC(srcLen / 2, NULL, DYNAMIC_TYPE_OPENSSL); + if (targetBuf == NULL) { + return NULL; } - return WOLFSSL_FAILURE; -} -#endif /* HAVE_SNI */ + while (srcIdx < srcLen) { + if (str[srcIdx] == ':') { + srcIdx++; + continue; + } + srcDigitHigh = wolfSSL_OPENSSL_hexchar2int((unsigned char)str[srcIdx++]); + srcDigitLow = wolfSSL_OPENSSL_hexchar2int((unsigned char)str[srcIdx++]); + if (srcDigitHigh < 0 || srcDigitLow < 0) { + WOLFSSL_MSG("Invalid hex character."); + XFREE(targetBuf, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } -#ifndef NO_BIO -void wolfSSL_ERR_load_BIO_strings(void) { - WOLFSSL_ENTER("wolfSSL_ERR_load_BIO_strings"); - /* do nothing */ -} -#endif + targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) | + srcDigitLow ); + } -#ifndef NO_WOLFSSL_STUB -/* Set THREADID callback, return 1 on success, 0 on error */ -int wolfSSL_THREADID_set_callback( - void(*threadid_func)(WOLFSSL_CRYPTO_THREADID*)) -{ - WOLFSSL_ENTER("wolfSSL_THREADID_set_callback"); - WOLFSSL_STUB("CRYPTO_THREADID_set_callback"); - (void)threadid_func; - return 1; -} -#endif + if (len != NULL) + *len = targetIdx; -#ifndef NO_WOLFSSL_STUB -void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) -{ - WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric"); - WOLFSSL_STUB("CRYPTO_THREADID_set_numeric"); - (void)id; - (void)val; - return; + return targetBuf; } -#endif -#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || - * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH || - * HAVE_SBLIM_SFCB)) */ - - -#if defined(OPENSSL_EXTRA) - -int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size) +int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) { - if (!a || !b) - return 0; - return ConstantCompare((const byte*)a, (const byte*)b, (int)size); + (void)opts; + (void)settings; + return wolfSSL_library_init(); } -unsigned long wolfSSL_ERR_peek_last_error(void) +int wolfSSL_OPENSSL_init_crypto(word64 opts, + const OPENSSL_INIT_SETTINGS* settings) { - WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); - -#ifdef WOLFSSL_HAVE_ERROR_QUEUE - { - int ret; - - if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) { - WOLFSSL_MSG("Issue peeking at error node in queue"); - return 0; - } - if (ret == -ASN_NO_PEM_HEADER) - return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; - #if defined(WOLFSSL_PYTHON) - if (ret == ASN1_R_HEADER_TOO_LONG) - return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; - #endif - return (unsigned long)ret; - } -#else - return (unsigned long)(0 - NOT_COMPILED_IN); -#endif + (void)opts; + (void)settings; + return wolfSSL_library_init(); } -#endif /* OPENSSL_EXTRA */ - -int wolfSSL_version(WOLFSSL* ssl) +/* Colon separated list of + algorithms. + * Replaces list in context. + */ +int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, const char* list) { - WOLFSSL_ENTER("wolfSSL_version"); - if (ssl->version.major == SSLv3_MAJOR) { - switch (ssl->version.minor) { - case SSLv3_MINOR : - return SSL3_VERSION; - case TLSv1_MINOR : - return TLS1_VERSION; - case TLSv1_1_MINOR : - return TLS1_1_VERSION; - case TLSv1_2_MINOR : - return TLS1_2_VERSION; - case TLSv1_3_MINOR : - return TLS1_3_VERSION; - default: - return WOLFSSL_FAILURE; - } - } - else if (ssl->version.major == DTLS_MAJOR) { - switch (ssl->version.minor) { - case DTLS_MINOR : - return DTLS1_VERSION; - case DTLSv1_2_MINOR : - return DTLS1_2_VERSION; - case DTLSv1_3_MINOR: - return DTLS1_3_VERSION; - default: - return WOLFSSL_FAILURE; - } + WOLFSSL_MSG("wolfSSL_CTX_set1_sigalg_list"); + + if (ctx == NULL || list == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; } - return WOLFSSL_FAILURE; -} -WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); - return ssl->ctx; -} + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; -#if defined(OPENSSL_ALL) || \ - defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + return SetSuitesHashSigAlgo(ctx->suites, list); +} -const byte* wolfSSL_SESSION_get_id(const WOLFSSL_SESSION* sess, - unsigned int* idLen) +/* Colon separated list of + algorithms. + * Replaces list in SSL. + */ +int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list) { - WOLFSSL_ENTER("wolfSSL_SESSION_get_id"); - sess = ClientSessionToSession(sess); - if (sess == NULL || idLen == NULL) { - WOLFSSL_MSG("Bad func args. Please provide idLen"); - return NULL; - } -#ifdef HAVE_SESSION_TICKET - if (sess->haveAltSessionID) { - *idLen = ID_LEN; - return sess->altSessionID; + WOLFSSL_MSG("wolfSSL_set1_sigalg_list"); + + if (ssl == NULL || list == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; } -#endif - *idLen = sess->sessionIDSz; - return sess->sessionID; -} -#if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \ - !defined(NO_FILESYSTEM) + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; -#ifndef NO_BIO + return SetSuitesHashSigAlgo(ssl->suites, list); +} -#if defined(SESSION_CERTS) || \ - (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) -/* returns a pointer to the protocol used by the session */ -static const char* wolfSSL_SESSION_get_protocol(const WOLFSSL_SESSION* in) +static int HashToNid(byte hashAlgo, int* nid) { - in = ClientSessionToSession(in); - return wolfSSL_internal_get_version((ProtocolVersion*)&in->version); + int ret = WOLFSSL_SUCCESS; + + /* Cast for compiler to check everything is implemented */ + switch ((enum wc_MACAlgorithm)hashAlgo) { + case no_mac: + case rmd_mac: + *nid = NID_undef; + break; + case md5_mac: + *nid = NID_md5; + break; + case sha_mac: + *nid = NID_sha1; + break; + case sha224_mac: + *nid = NID_sha224; + break; + case sha256_mac: + *nid = NID_sha256; + break; + case sha384_mac: + *nid = NID_sha384; + break; + case sha512_mac: + *nid = NID_sha512; + break; + case blake2b_mac: + *nid = NID_blake2b512; + break; + case sm3_mac: + *nid = NID_sm3; + break; + default: + ret = WOLFSSL_FAILURE; + break; + } + + return ret; } -#endif -/* returns true (non 0) if the session has EMS (extended master secret) */ -static int wolfSSL_SESSION_haveEMS(const WOLFSSL_SESSION* in) +static int SaToNid(byte sa, int* nid) { - in = ClientSessionToSession(in); - if (in == NULL) - return 0; - return in->haveEMS; + int ret = WOLFSSL_SUCCESS; + /* Cast for compiler to check everything is implemented */ + switch ((enum SignatureAlgorithm)sa) { + case anonymous_sa_algo: + *nid = NID_undef; + break; + case rsa_sa_algo: + *nid = NID_rsaEncryption; + break; + case dsa_sa_algo: + *nid = NID_dsa; + break; + case ecc_dsa_sa_algo: + *nid = NID_X9_62_id_ecPublicKey; + break; + case rsa_pss_sa_algo: + *nid = NID_rsassaPss; + break; + case ed25519_sa_algo: +#ifdef HAVE_ED25519 + *nid = NID_ED25519; +#else + ret = WOLFSSL_FAILURE; +#endif + break; + case rsa_pss_pss_algo: + *nid = NID_rsassaPss; + break; + case ed448_sa_algo: +#ifdef HAVE_ED448 + *nid = NID_ED448; +#else + ret = WOLFSSL_FAILURE; +#endif + break; + case falcon_level1_sa_algo: + *nid = CTC_FALCON_LEVEL1; + break; + case falcon_level5_sa_algo: + *nid = CTC_FALCON_LEVEL5; + break; + case dilithium_level2_sa_algo: + *nid = CTC_DILITHIUM_LEVEL2; + break; + case dilithium_level3_sa_algo: + *nid = CTC_DILITHIUM_LEVEL3; + break; + case dilithium_level5_sa_algo: + *nid = CTC_DILITHIUM_LEVEL5; + break; + case sm2_sa_algo: + *nid = NID_sm2; + break; + case invalid_sa_algo: + default: + ret = WOLFSSL_FAILURE; + break; + } + return ret; } -#if defined(HAVE_SESSION_TICKET) -/* prints out the ticket to bio passed in - * return WOLFSSL_SUCCESS on success - */ -static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio, - const WOLFSSL_SESSION* in, const char* tab) +/* This API returns the hash selected. */ +int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid) { - unsigned short i, j, z, sz; - short tag = 0; - byte* pt; - + WOLFSSL_MSG("wolfSSL_get_signature_nid"); - in = ClientSessionToSession(in); - if (in == NULL || bio == NULL) { - return BAD_FUNC_ARG; + if (ssl == NULL || nid == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; } - sz = in->ticketLen; - pt = in->ticket; + return HashToNid(ssl->options.hashAlgo, nid); +} - if (wolfSSL_BIO_printf(bio, "%s\n", (sz == 0)? " NONE": "") <= 0) - return WOLFSSL_FAILURE; +/* This API returns the signature selected. */ +int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid) +{ + WOLFSSL_MSG("wolfSSL_get_signature_type_nid"); - for (i = 0; i < sz;) { - char asc[16]; - XMEMSET(asc, 0, sizeof(asc)); + if (ssl == NULL || nid == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; + } - if (sz - i < 16) { - if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0) - return WOLFSSL_FAILURE; - } - else { - if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag) <= 0) - return WOLFSSL_FAILURE; - } - for (j = 0; i < sz && j < 8; j++,i++) { - asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; - if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0) - return WOLFSSL_FAILURE; - } + return SaToNid(ssl->options.sigAlgo, nid); +} - if (i < sz) { - asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; - if (wolfSSL_BIO_printf(bio, "-%02X", pt[i]) <= 0) - return WOLFSSL_FAILURE; - j++; - i++; - } +int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid) +{ + WOLFSSL_MSG("wolfSSL_get_peer_signature_nid"); - for (; i < sz && j < 16; j++,i++) { - asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; - if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0) - return WOLFSSL_FAILURE; - } + if (ssl == NULL || nid == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; + } - /* pad out spacing */ - for (z = j; z < 17; z++) { - if (wolfSSL_BIO_printf(bio, " ") <= 0) - return WOLFSSL_FAILURE; - } + return HashToNid(ssl->options.peerHashAlgo, nid); +} - for (z = 0; z < j; z++) { - if (wolfSSL_BIO_printf(bio, "%c", asc[z]) <= 0) - return WOLFSSL_FAILURE; - } - if (wolfSSL_BIO_printf(bio, "\n") <= 0) - return WOLFSSL_FAILURE; +int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid) +{ + WOLFSSL_MSG("wolfSSL_get_peer_signature_type_nid"); - tag += 16; + if (ssl == NULL || nid == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; } - return WOLFSSL_SUCCESS; + + return SaToNid(ssl->options.peerSigAlgo, nid); } -#endif /* HAVE_SESSION_TICKET */ +#ifdef HAVE_ECC -/* prints out the session information in human readable form - * return WOLFSSL_SUCCESS on success - */ -int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *session) +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) +int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list) { - const unsigned char* pt; - unsigned char buf[SECRET_LEN]; - unsigned int sz = 0, i; - int ret; - - session = ClientSessionToSession(session); - if (session == NULL) { + if (!ctx || !list) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_printf(bp, "%s\n", "SSL-Session:") <= 0) - return WOLFSSL_FAILURE; + return set_curves_list(NULL, ctx, list, 0); +} -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - if (wolfSSL_BIO_printf(bp, " Protocol : %s\n", - wolfSSL_SESSION_get_protocol(session)) <= 0) +int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list) +{ + if (!ssl || !list) { return WOLFSSL_FAILURE; -#endif + } - if (wolfSSL_BIO_printf(bp, " Cipher : %s\n", - wolfSSL_SESSION_CIPHER_get_name(session)) <= 0) - return WOLFSSL_FAILURE; + return set_curves_list(ssl, NULL, list, 0); +} +#endif /* WOLFSSL_TLS13 */ - pt = wolfSSL_SESSION_get_id(session, &sz); - if (wolfSSL_BIO_printf(bp, " Session-ID: ") <= 0) - return WOLFSSL_FAILURE; +#endif /* HAVE_ECC */ - for (i = 0; i < sz; i++) { - if (wolfSSL_BIO_printf(bp, "%02X", pt[i]) <= 0) - return WOLFSSL_FAILURE; - } - if (wolfSSL_BIO_printf(bp, "\n") <= 0) - return WOLFSSL_FAILURE; +#endif /* OPENSSL_EXTRA */ - if (wolfSSL_BIO_printf(bp, " Session-ID-ctx: \n") <= 0) - return WOLFSSL_FAILURE; +#ifdef WOLFSSL_ALT_CERT_CHAINS +int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl) +{ + int isUsing = 0; + if (ssl) + isUsing = ssl->options.usingAltCertChain; + return isUsing; +} +#endif /* WOLFSSL_ALT_CERT_CHAINS */ - ret = wolfSSL_SESSION_get_master_key(session, buf, sizeof(buf)); - if (wolfSSL_BIO_printf(bp, " Master-Key: ") <= 0) - return WOLFSSL_FAILURE; - if (ret > 0) { - sz = (unsigned int)ret; - for (i = 0; i < sz; i++) { - if (wolfSSL_BIO_printf(bp, "%02X", buf[i]) <= 0) - return WOLFSSL_FAILURE; - } - } - if (wolfSSL_BIO_printf(bp, "\n") <= 0) - return WOLFSSL_FAILURE; +#ifdef SESSION_CERTS + +#ifdef WOLFSSL_ALT_CERT_CHAINS +/* Get peer's alternate certificate chain */ +WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_peer_alt_chain"); + if (ssl) + return &ssl->session->altChain; - /* @TODO PSK identity hint and SRP */ + return 0; +} +#endif /* WOLFSSL_ALT_CERT_CHAINS */ - if (wolfSSL_BIO_printf(bp, " TLS session ticket:") <= 0) - return WOLFSSL_FAILURE; -#ifdef HAVE_SESSION_TICKET - if (wolfSSL_SESSION_print_ticket(bp, session, " ") != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; -#endif +/* Get peer's certificate chain */ +WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_peer_chain"); + if (ssl) + return &ssl->session->chain; -#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ - defined(HAVE_EXT_CACHE)) - if (wolfSSL_BIO_printf(bp, " Start Time: %ld\n", - wolfSSL_SESSION_get_time(session)) <= 0) - return WOLFSSL_FAILURE; + return 0; +} - if (wolfSSL_BIO_printf(bp, " Timeout : %ld (sec)\n", - wolfSSL_SESSION_get_timeout(session)) <= 0) - return WOLFSSL_FAILURE; -#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */ - /* @TODO verify return code print */ +/* Get peer's certificate chain total count */ +int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain) +{ + WOLFSSL_ENTER("wolfSSL_get_chain_count"); + if (chain) + return chain->count; + + return 0; +} + - if (wolfSSL_BIO_printf(bp, " Extended master secret: %s\n", - (wolfSSL_SESSION_haveEMS(session) == 0)? "no" : "yes") <= 0) - return WOLFSSL_FAILURE; +/* Get peer's ASN.1 DER certificate at index (idx) length in bytes */ +int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx) +{ + WOLFSSL_ENTER("wolfSSL_get_chain_length"); + if (chain) + return chain->certs[idx].length; - return WOLFSSL_SUCCESS; + return 0; } -#endif /* !NO_BIO */ -#endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */ - -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +/* Get peer's ASN.1 DER certificate at index (idx) */ +byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx) +{ + WOLFSSL_ENTER("wolfSSL_get_chain_cert"); + if (chain) + return chain->certs[idx].buffer; -/* TODO: Doesn't currently track SSL_VERIFY_CLIENT_ONCE */ -int wolfSSL_get_verify_mode(const WOLFSSL* ssl) { - int mode = 0; - WOLFSSL_ENTER("wolfSSL_get_verify_mode"); + return 0; +} - if (!ssl) { - return WOLFSSL_FAILURE; - } - if (ssl->options.verifyNone) { - mode = WOLFSSL_VERIFY_NONE; - } - else { - if (ssl->options.verifyPeer) { - mode |= WOLFSSL_VERIFY_PEER; - } - if (ssl->options.failNoCert) { - mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT; - } - if (ssl->options.failNoCertxPSK) { - mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK; - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ssl->options.verifyPostHandshake) { - mode |= WOLFSSL_VERIFY_POST_HANDSHAKE; - } +/* Get peer's wolfSSL X509 certificate at index (idx) */ +WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) +{ + int ret = 0; + WOLFSSL_X509* x509 = NULL; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; +#else + DecodedCert cert[1]; #endif - } - WOLFSSL_LEAVE("wolfSSL_get_verify_mode", mode); - return mode; -} + WOLFSSL_ENTER("wolfSSL_get_chain_X509"); + if (chain != NULL && idx < MAX_CHAIN_DEPTH) { + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); + if (cert != NULL) + #endif + { + InitDecodedCert(cert, chain->certs[idx].buffer, + chain->certs[idx].length, NULL); -int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx) -{ - int mode = 0; - WOLFSSL_ENTER("wolfSSL_CTX_get_verify_mode"); + if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) { + WOLFSSL_MSG("Failed to parse cert"); + } + else { + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); + if (x509 == NULL) { + WOLFSSL_MSG("Failed alloc X509"); + } + else { + InitX509(x509, 1, NULL); - if (!ctx) { - return WOLFSSL_FAILURE; - } + if ((ret = CopyDecodedToX509(x509, cert)) != 0) { + WOLFSSL_MSG("Failed to copy decoded"); + wolfSSL_X509_free(x509); + x509 = NULL; + } + } + } - if (ctx->verifyNone) { - mode = WOLFSSL_VERIFY_NONE; - } - else { - if (ctx->verifyPeer) { - mode |= WOLFSSL_VERIFY_PEER; - } - if (ctx->failNoCert) { - mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT; - } - if (ctx->failNoCertxPSK) { - mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK; - } -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ctx->verifyPostHandshake) { - mode |= WOLFSSL_VERIFY_POST_HANDSHAKE; + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif } -#endif } + (void)ret; - WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode); - return mode; + return x509; } -#endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519) -/* return 1 if success, 0 if error - * output keys are little endian format - */ -int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, - unsigned char *pub, unsigned int *pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ - int ret = WOLFSSL_FAILURE; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG *tmpRNG = NULL; -#else - WC_RNG tmpRNG[1]; -#endif - WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); +/* Get peer's PEM certificate at index (idx), output to buffer if inLen big + enough else return error (-1). If buffer is NULL only calculate + outLen. Output length is in *outLen WOLFSSL_SUCCESS on ok */ +int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, + unsigned char* buf, int inLen, int* outLen) +{ +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + const char* header = NULL; + const char* footer = NULL; + int headerLen; + int footerLen; + int i; + int err; + word32 szNeeded = 0; + + WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem"); + if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain)) + return BAD_FUNC_ARG; - if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE || - pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } + err = wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer); + if (err != 0) + return err; -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return WOLFSSL_FAILURE; -#endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; + headerLen = (int)XSTRLEN(header); + footerLen = (int)XSTRLEN(footer); + + /* Null output buffer return size needed in outLen */ + if(!buf) { + if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length, + NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WOLFSSL_FAILURE; + *outLen = szNeeded + headerLen + footerLen; + return LENGTH_ONLY_E; } - if (rng) { - curve25519_key key; - - if (wc_curve25519_init(&key) != MP_OKAY) - WOLFSSL_MSG("wc_curve25519_init failed"); - else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY) - WOLFSSL_MSG("wc_curve25519_make_key failed"); - /* export key pair */ - else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub, - pubSz, EC25519_LITTLE_ENDIAN) - != MP_OKAY) - WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed"); - else - ret = WOLFSSL_SUCCESS; + /* don't even try if inLen too short */ + if (inLen < headerLen + footerLen + chain->certs[idx].length) + return BAD_FUNC_ARG; - wc_curve25519_free(&key); - } + /* header */ + if (XMEMCPY(buf, header, headerLen) == NULL) + return WOLFSSL_FATAL_ERROR; - if (initTmpRng) - wc_FreeRng(tmpRNG); + i = headerLen; -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); -#endif + /* body */ + *outLen = inLen; /* input to Base64_Encode */ + if ( (err = Base64_Encode(chain->certs[idx].buffer, + chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) + return err; + i += *outLen; - return ret; -#endif /* WOLFSSL_KEY_GEN */ -} + /* footer */ + if ( (i + footerLen) > inLen) + return BAD_FUNC_ARG; + if (XMEMCPY(buf + i, footer, footerLen) == NULL) + return WOLFSSL_FATAL_ERROR; + *outLen += headerLen + footerLen; -/* return 1 if success, 0 if error - * input and output keys are little endian format - */ -int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, - const unsigned char *priv, unsigned int privSz, - const unsigned char *pub, unsigned int pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) shared; - (void) sharedSz; - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; + return WOLFSSL_SUCCESS; +#else + (void)chain; + (void)idx; + (void)buf; + (void)inLen; + (void)outLen; return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ - int ret = WOLFSSL_FAILURE; - curve25519_key privkey, pubkey; - - WOLFSSL_ENTER("wolfSSL_EC25519_shared_key"); +#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ +} - if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE || - priv == NULL || privSz < CURVE25519_KEYSIZE || - pub == NULL || pubSz < CURVE25519_KEYSIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +#endif /* SESSION_CERTS */ - /* import private key */ - if (wc_curve25519_init(&privkey) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_init privkey failed"); - return ret; - } - if (wc_curve25519_import_private_ex(priv, privSz, &privkey, - EC25519_LITTLE_ENDIAN) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_import_private_ex failed"); - wc_curve25519_free(&privkey); - return ret; +#ifdef HAVE_FUZZER +void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx) +{ + if (ssl) { + ssl->fuzzerCb = cbf; + ssl->fuzzerCtx = fCtx; } +} +#endif - /* import public key */ - if (wc_curve25519_init(&pubkey) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_init pubkey failed"); - wc_curve25519_free(&privkey); - return ret; - } - if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey, - EC25519_LITTLE_ENDIAN) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_import_public_ex failed"); - wc_curve25519_free(&privkey); - wc_curve25519_free(&pubkey); - return ret; - } +#ifndef NO_CERTS +#ifdef HAVE_PK_CALLBACKS - if (wc_curve25519_shared_secret_ex(&privkey, &pubkey, - shared, sharedSz, - EC25519_LITTLE_ENDIAN) != MP_OKAY) - WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); - else - ret = WOLFSSL_SUCCESS; +#ifdef HAVE_ECC +void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb) +{ + if (ctx) + ctx->EccKeyGenCb = cb; +} +void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->EccKeyGenCtx = ctx; +} +void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->EccKeyGenCtx; - wc_curve25519_free(&privkey); - wc_curve25519_free(&pubkey); + return NULL; +} +void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) +{ + if (ctx) + ctx->EccSignCtx = userCtx; +} +void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) +{ + if (ctx) + return ctx->EccSignCtx; - return ret; -#endif /* WOLFSSL_KEY_GEN */ + return NULL; } -#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */ -#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) -/* return 1 if success, 0 if error - * output keys are little endian format - */ -int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, - unsigned char *pub, unsigned int *pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#elif !defined(HAVE_ED25519_KEY_EXPORT) - WOLFSSL_MSG("No ED25519 key export built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ - int ret = WOLFSSL_FAILURE; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG *tmpRNG = NULL; -#else - WC_RNG tmpRNG[1]; -#endif +WOLFSSL_ABI +void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) +{ + if (ctx) + ctx->EccSignCb = cb; +} +void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->EccSignCtx = ctx; +} +void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->EccSignCtx; - WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); + return NULL; +} - if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE || - pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb) +{ + if (ctx) + ctx->EccVerifyCb = cb; +} +void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->EccVerifyCtx = ctx; +} +void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->EccVerifyCtx; -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return WOLFSSL_FATAL_ERROR; -#endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + return NULL; +} - if (rng) { - ed25519_key key; - - if (wc_ed25519_init(&key) != MP_OKAY) - WOLFSSL_MSG("wc_ed25519_init failed"); - else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY) - WOLFSSL_MSG("wc_ed25519_make_key failed"); - /* export private key */ - else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY) - WOLFSSL_MSG("wc_ed25519_export_key failed"); - else - ret = WOLFSSL_SUCCESS; +void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, + CallbackEccSharedSecret cb) +{ + if (ctx) + ctx->EccSharedSecretCb = cb; +} +void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->EccSharedSecretCtx = ctx; +} +void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->EccSharedSecretCtx; - wc_ed25519_free(&key); - } + return NULL; +} +#endif /* HAVE_ECC */ - if (initTmpRng) - wc_FreeRng(tmpRNG); +#ifdef HAVE_ED25519 +void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb) +{ + if (ctx) + ctx->Ed25519SignCb = cb; +} +void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->Ed25519SignCtx = ctx; +} +void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->Ed25519SignCtx; -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); -#endif + return NULL; +} - return ret; -#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */ +void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb) +{ + if (ctx) + ctx->Ed25519VerifyCb = cb; +} +void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->Ed25519VerifyCtx = ctx; } +void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->Ed25519VerifyCtx; -/* return 1 if success, 0 if error - * input and output keys are little endian format - * priv is a buffer containing private and public part of key - */ -int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, - const unsigned char *priv, unsigned int privSz, - unsigned char *sig, unsigned int *sigSz) -{ -#if !defined(HAVE_ED25519_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT) -#if !defined(HAVE_ED25519_SIGN) - WOLFSSL_MSG("No ED25519 sign built in"); -#elif !defined(WOLFSSL_KEY_GEN) - WOLFSSL_MSG("No Key Gen built in"); -#elif !defined(HAVE_ED25519_KEY_IMPORT) - WOLFSSL_MSG("No ED25519 Key import built in"); -#endif - (void) msg; - (void) msgSz; - (void) priv; - (void) privSz; - (void) sig; - (void) sigSz; - return WOLFSSL_FAILURE; -#else /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ - ed25519_key key; - int ret = WOLFSSL_FAILURE; + return NULL; +} +#endif /* HAVE_ED25519 */ - WOLFSSL_ENTER("wolfSSL_ED25519_sign"); +#ifdef HAVE_CURVE25519 +void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, + CallbackX25519KeyGen cb) +{ + if (ctx) + ctx->X25519KeyGenCb = cb; +} +void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->X25519KeyGenCtx = ctx; +} +void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->X25519KeyGenCtx; - if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE || - msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } + return NULL; +} - /* import key */ - if (wc_ed25519_init(&key) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_init failed"); - return ret; - } - if (wc_ed25519_import_private_key(priv, privSz/2, - priv+(privSz/2), ED25519_PUB_KEY_SIZE, - &key) != MP_OKAY){ - WOLFSSL_MSG("wc_ed25519_import_private failed"); - wc_ed25519_free(&key); - return ret; - } +void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX25519SharedSecret cb) +{ + if (ctx) + ctx->X25519SharedSecretCb = cb; +} +void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->X25519SharedSecretCtx = ctx; +} +void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->X25519SharedSecretCtx; - if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY) - WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); - else - ret = WOLFSSL_SUCCESS; + return NULL; +} +#endif /* HAVE_CURVE25519 */ - wc_ed25519_free(&key); +#ifdef HAVE_ED448 +void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb) +{ + if (ctx) + ctx->Ed448SignCb = cb; +} +void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->Ed448SignCtx = ctx; +} +void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->Ed448SignCtx; - return ret; -#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ + return NULL; } -/* return 1 if success, 0 if error - * input and output keys are little endian format - * pub is a buffer containing public part of key - */ -int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, - const unsigned char *pub, unsigned int pubSz, - const unsigned char *sig, unsigned int sigSz) -{ -#if !defined(HAVE_ED25519_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT) -#if !defined(HAVE_ED25519_VERIFY) - WOLFSSL_MSG("No ED25519 verify built in"); -#elif !defined(WOLFSSL_KEY_GEN) - WOLFSSL_MSG("No Key Gen built in"); -#elif !defined(HAVE_ED25519_KEY_IMPORT) - WOLFSSL_MSG("No ED25519 Key import built in"); -#endif - (void) msg; - (void) msgSz; - (void) pub; - (void) pubSz; - (void) sig; - (void) sigSz; - return WOLFSSL_FAILURE; -#else /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ - ed25519_key key; - int ret = WOLFSSL_FAILURE, check = 0; +void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb) +{ + if (ctx) + ctx->Ed448VerifyCb = cb; +} +void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->Ed448VerifyCtx = ctx; +} +void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->Ed448VerifyCtx; - WOLFSSL_ENTER("wolfSSL_ED25519_verify"); + return NULL; +} +#endif /* HAVE_ED448 */ - if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE || - msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +#ifdef HAVE_CURVE448 +void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx, + CallbackX448KeyGen cb) +{ + if (ctx) + ctx->X448KeyGenCb = cb; +} +void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->X448KeyGenCtx = ctx; +} +void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->X448KeyGenCtx; - /* import key */ - if (wc_ed25519_init(&key) != MP_OKAY) { - WOLFSSL_MSG("wc_curve25519_init failed"); - return ret; - } - if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){ - WOLFSSL_MSG("wc_ed25519_import_public failed"); - wc_ed25519_free(&key); - return ret; - } + return NULL; +} - if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz, - &check, &key)) != MP_OKAY) { - WOLFSSL_MSG("wc_ed25519_verify_msg failed"); - } - else if (!check) - WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)"); - else - ret = WOLFSSL_SUCCESS; +void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX448SharedSecret cb) +{ + if (ctx) + ctx->X448SharedSecretCb = cb; +} +void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->X448SharedSecretCtx = ctx; +} +void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->X448SharedSecretCtx; - wc_ed25519_free(&key); + return NULL; +} +#endif /* HAVE_CURVE448 */ - return ret; -#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */ +#ifndef NO_RSA +void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb) +{ + if (ctx) + ctx->RsaSignCb = cb; +} +void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) +{ + if (ctx) + ctx->RsaSignCheckCb = cb; +} +void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaSignCtx = ctx; } +void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaSignCtx; -#endif /* OPENSSL_EXTRA && HAVE_ED25519 */ - -#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448) -/* return 1 if success, 0 if error - * output keys are little endian format - */ -int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz, - unsigned char *pub, unsigned int *pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ - int ret = WOLFSSL_FAILURE; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG *tmpRNG = NULL; -#else - WC_RNG tmpRNG[1]; -#endif - - WOLFSSL_ENTER("wolfSSL_EC448_generate_key"); - - if (priv == NULL || privSz == NULL || *privSz < CURVE448_KEY_SIZE || - pub == NULL || pubSz == NULL || *pubSz < CURVE448_KEY_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } - -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return WOLFSSL_FAILURE; -#endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + return NULL; +} - if (rng) { - curve448_key key; - - if (wc_curve448_init(&key) != MP_OKAY) - WOLFSSL_MSG("wc_curve448_init failed"); - else if (wc_curve448_make_key(rng, CURVE448_KEY_SIZE, &key)!=MP_OKAY) - WOLFSSL_MSG("wc_curve448_make_key failed"); - /* export key pair */ - else if (wc_curve448_export_key_raw_ex(&key, priv, privSz, pub, pubSz, - EC448_LITTLE_ENDIAN) - != MP_OKAY) - WOLFSSL_MSG("wc_curve448_export_key_raw_ex failed"); - else - ret = WOLFSSL_SUCCESS; - wc_curve448_free(&key); - } +void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) +{ + if (ctx) + ctx->RsaVerifyCb = cb; +} +void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaVerifyCtx = ctx; +} +void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaVerifyCtx; - if (initTmpRng) - wc_FreeRng(tmpRNG); + return NULL; +} -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); -#endif +#ifdef WC_RSA_PSS +void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb) +{ + if (ctx) + ctx->RsaPssSignCb = cb; +} +void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, + CallbackRsaPssVerify cb) +{ + if (ctx) + ctx->RsaPssSignCheckCb = cb; +} +void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaPssSignCtx = ctx; +} +void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaPssSignCtx; - return ret; -#endif /* WOLFSSL_KEY_GEN */ + return NULL; } -/* return 1 if success, 0 if error - * input and output keys are little endian format - */ -int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz, - const unsigned char *priv, unsigned int privSz, - const unsigned char *pub, unsigned int pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) shared; - (void) sharedSz; - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN */ - int ret = WOLFSSL_FAILURE; - curve448_key privkey, pubkey; +void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) +{ + if (ctx) + ctx->RsaPssVerifyCb = cb; +} +void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaPssVerifyCtx = ctx; +} +void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaPssVerifyCtx; - WOLFSSL_ENTER("wolfSSL_EC448_shared_key"); + return NULL; +} +#endif /* WC_RSA_PSS */ - if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE448_KEY_SIZE || - priv == NULL || privSz < CURVE448_KEY_SIZE || - pub == NULL || pubSz < CURVE448_KEY_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb) +{ + if (ctx) + ctx->RsaEncCb = cb; +} +void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaEncCtx = ctx; +} +void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaEncCtx; - /* import private key */ - if (wc_curve448_init(&privkey) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_init privkey failed"); - return ret; - } - if (wc_curve448_import_private_ex(priv, privSz, &privkey, - EC448_LITTLE_ENDIAN) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_import_private_ex failed"); - wc_curve448_free(&privkey); - return ret; - } + return NULL; +} - /* import public key */ - if (wc_curve448_init(&pubkey) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_init pubkey failed"); - wc_curve448_free(&privkey); - return ret; - } - if (wc_curve448_import_public_ex(pub, pubSz, &pubkey, - EC448_LITTLE_ENDIAN) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_import_public_ex failed"); - wc_curve448_free(&privkey); - wc_curve448_free(&pubkey); - return ret; - } +void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb) +{ + if (ctx) + ctx->RsaDecCb = cb; +} +void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->RsaDecCtx = ctx; +} +void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->RsaDecCtx; - if (wc_curve448_shared_secret_ex(&privkey, &pubkey, shared, sharedSz, - EC448_LITTLE_ENDIAN) != MP_OKAY) - WOLFSSL_MSG("wc_curve448_shared_secret_ex failed"); - else - ret = WOLFSSL_SUCCESS; + return NULL; +} +#endif /* NO_RSA */ - wc_curve448_free(&privkey); - wc_curve448_free(&pubkey); +/* callback for premaster secret generation */ +void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, CallbackGenPreMaster cb) +{ + if (ctx) + ctx->GenPreMasterCb = cb; +} +/* Set premaster secret generation callback context */ +void wolfSSL_SetGenPreMasterCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->GenPreMasterCtx = ctx; +} +/* Get premaster secret generation callback context */ +void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->GenPreMasterCtx; - return ret; -#endif /* WOLFSSL_KEY_GEN */ + return NULL; } -#endif /* OPENSSL_EXTRA && HAVE_CURVE448 */ -#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448) -/* return 1 if success, 0 if error - * output keys are little endian format - */ -int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz, - unsigned char *pub, unsigned int *pubSz) -{ -#ifndef WOLFSSL_KEY_GEN - WOLFSSL_MSG("No Key Gen built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#elif !defined(HAVE_ED448_KEY_EXPORT) - WOLFSSL_MSG("No ED448 key export built in"); - (void) priv; - (void) privSz; - (void) pub; - (void) pubSz; - return WOLFSSL_FAILURE; -#else /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ - int ret = WOLFSSL_FAILURE; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG *tmpRNG = NULL; -#else - WC_RNG tmpRNG[1]; -#endif +/* callback for master secret generation */ +void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, + CallbackGenMasterSecret cb) +{ + if (ctx) + ctx->GenMasterCb = cb; +} +/* Set master secret generation callback context */ +void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->GenMasterCtx = ctx; +} +/* Get master secret generation callback context */ +void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->GenMasterCtx; - WOLFSSL_ENTER("wolfSSL_ED448_generate_key"); + return NULL; +} - if (priv == NULL || privSz == NULL || *privSz < ED448_PRV_KEY_SIZE || - pub == NULL || pubSz == NULL || *pubSz < ED448_PUB_KEY_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +/* callback for session key generation */ +void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) +{ + if (ctx) + ctx->GenSessionKeyCb = cb; +} +/* Set session key generation callback context */ +void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->GenSessionKeyCtx = ctx; +} +/* Get session key generation callback context */ +void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->GenSessionKeyCtx; -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return WOLFSSL_FATAL_ERROR; -#endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + return NULL; +} - if (rng) { - ed448_key key; - - if (wc_ed448_init(&key) != MP_OKAY) - WOLFSSL_MSG("wc_ed448_init failed"); - else if (wc_ed448_make_key(rng, ED448_KEY_SIZE, &key) != MP_OKAY) - WOLFSSL_MSG("wc_ed448_make_key failed"); - /* export private key */ - else if (wc_ed448_export_key(&key, priv, privSz, pub, pubSz) != MP_OKAY) - WOLFSSL_MSG("wc_ed448_export_key failed"); - else - ret = WOLFSSL_SUCCESS; +/* callback for setting encryption keys */ +void wolfSSL_CTX_SetEncryptKeysCb(WOLFSSL_CTX* ctx, CallbackEncryptKeys cb) +{ + if (ctx) + ctx->EncryptKeysCb = cb; +} +/* Set encryption keys callback context */ +void wolfSSL_SetEncryptKeysCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->EncryptKeysCtx = ctx; +} +/* Get encryption keys callback context */ +void* wolfSSL_GetEncryptKeysCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->EncryptKeysCtx; - wc_ed448_free(&key); - } + return NULL; +} - if (initTmpRng) - wc_FreeRng(tmpRNG); +/* callback for Tls finished */ +/* the callback can be used to build TLS Finished message if enabled */ +void wolfSSL_CTX_SetTlsFinishedCb(WOLFSSL_CTX* ctx, CallbackTlsFinished cb) +{ + if (ctx) + ctx->TlsFinishedCb = cb; +} +/* Set Tls finished callback context */ +void wolfSSL_SetTlsFinishedCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->TlsFinishedCtx = ctx; +} +/* Get Tls finished callback context */ +void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->TlsFinishedCtx; -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); -#endif + return NULL; +} +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) +/* callback for verify data */ +void wolfSSL_CTX_SetVerifyMacCb(WOLFSSL_CTX* ctx, CallbackVerifyMac cb) +{ + if (ctx) + ctx->VerifyMacCb = cb; +} - return ret; -#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */ +/* Set set keys callback context */ +void wolfSSL_SetVerifyMacCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->VerifyMacCtx = ctx; } +/* Get set keys callback context */ +void* wolfSSL_GetVerifyMacCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->VerifyMacCtx; -/* return 1 if success, 0 if error - * input and output keys are little endian format - * priv is a buffer containing private and public part of key - */ -int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, - const unsigned char *priv, unsigned int privSz, - unsigned char *sig, unsigned int *sigSz) -{ -#if !defined(HAVE_ED448_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT) -#if !defined(HAVE_ED448_SIGN) - WOLFSSL_MSG("No ED448 sign built in"); -#elif !defined(WOLFSSL_KEY_GEN) - WOLFSSL_MSG("No Key Gen built in"); -#elif !defined(HAVE_ED448_KEY_IMPORT) - WOLFSSL_MSG("No ED448 Key import built in"); -#endif - (void) msg; - (void) msgSz; - (void) priv; - (void) privSz; - (void) sig; - (void) sigSz; - return WOLFSSL_FAILURE; -#else /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ - ed448_key key; - int ret = WOLFSSL_FAILURE; + return NULL; +} +#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ - WOLFSSL_ENTER("wolfSSL_ED448_sign"); +void wolfSSL_CTX_SetHKDFExpandLabelCb(WOLFSSL_CTX* ctx, + CallbackHKDFExpandLabel cb) +{ + if (ctx) + ctx->HKDFExpandLabelCb = cb; +} +#ifdef WOLFSSL_PUBLIC_ASN +void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, + CallbackProcessPeerCert cb) +{ + if (ctx) + ctx->ProcessPeerCertCb = cb; +} +#endif /* WOLFSSL_PUBLIC_ASN */ +void wolfSSL_CTX_SetProcessServerSigKexCb(WOLFSSL_CTX* ctx, + CallbackProcessServerSigKex cb) +{ + if (ctx) + ctx->ProcessServerSigKexCb = cb; +} +void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, + CallbackPerformTlsRecordProcessing cb) +{ + if (ctx) + ctx->PerformTlsRecordProcessingCb = cb; +} +#endif /* HAVE_PK_CALLBACKS */ +#endif /* NO_CERTS */ - if (priv == NULL || privSz != ED448_PRV_KEY_SIZE || msg == NULL || - sig == NULL || *sigSz < ED448_SIG_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +#if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH) +void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx, + CallbackDhGenerateKeyPair cb) { + if (ctx) + ctx->DhGenerateKeyPairCb = cb; +} +void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb) +{ + if (ctx) + ctx->DhAgreeCb = cb; +} +void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->DhAgreeCtx = ctx; +} +void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->DhAgreeCtx; - /* import key */ - if (wc_ed448_init(&key) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_init failed"); - return ret; - } - if (wc_ed448_import_private_key(priv, privSz/2, priv+(privSz/2), - ED448_PUB_KEY_SIZE, &key) != MP_OKAY){ - WOLFSSL_MSG("wc_ed448_import_private failed"); - wc_ed448_free(&key); - return ret; - } + return NULL; +} +#endif /* HAVE_PK_CALLBACKS && !NO_DH */ - if (wc_ed448_sign_msg(msg, msgSz, sig, sigSz, &key, NULL, 0) != MP_OKAY) - WOLFSSL_MSG("wc_curve448_shared_secret_ex failed"); - else - ret = WOLFSSL_SUCCESS; +#if defined(HAVE_PK_CALLBACKS) && defined(HAVE_HKDF) - wc_ed448_free(&key); +void wolfSSL_CTX_SetHKDFExtractCb(WOLFSSL_CTX* ctx, CallbackHKDFExtract cb) +{ + if (ctx) + ctx->HkdfExtractCb = cb; +} - return ret; -#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ +void wolfSSL_SetHKDFExtractCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->HkdfExtractCtx = ctx; } -/* return 1 if success, 0 if error - * input and output keys are little endian format - * pub is a buffer containing public part of key - */ -int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz, - const unsigned char *pub, unsigned int pubSz, - const unsigned char *sig, unsigned int sigSz) -{ -#if !defined(HAVE_ED448_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT) -#if !defined(HAVE_ED448_VERIFY) - WOLFSSL_MSG("No ED448 verify built in"); -#elif !defined(WOLFSSL_KEY_GEN) - WOLFSSL_MSG("No Key Gen built in"); -#elif !defined(HAVE_ED448_KEY_IMPORT) - WOLFSSL_MSG("No ED448 Key import built in"); -#endif - (void) msg; - (void) msgSz; - (void) pub; - (void) pubSz; - (void) sig; - (void) sigSz; - return WOLFSSL_FAILURE; -#else /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */ - ed448_key key; - int ret = WOLFSSL_FAILURE, check = 0; +void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->HkdfExtractCtx; - WOLFSSL_ENTER("wolfSSL_ED448_verify"); + return NULL; +} +#endif /* HAVE_PK_CALLBACKS && HAVE_HKDF */ - if (pub == NULL || pubSz != ED448_PUB_KEY_SIZE || msg == NULL || - sig == NULL || sigSz != ED448_SIG_SIZE) { - WOLFSSL_MSG("Bad arguments"); - return WOLFSSL_FAILURE; - } +#ifdef WOLFSSL_HAVE_WOLFSCEP + /* Used by autoconf to see if wolfSCEP is available */ + void wolfSSL_wolfSCEP(void) {} +#endif - /* import key */ - if (wc_ed448_init(&key) != MP_OKAY) { - WOLFSSL_MSG("wc_curve448_init failed"); - return ret; - } - if (wc_ed448_import_public(pub, pubSz, &key) != MP_OKAY){ - WOLFSSL_MSG("wc_ed448_import_public failed"); - wc_ed448_free(&key); - return ret; - } - if ((ret = wc_ed448_verify_msg((byte*)sig, sigSz, msg, msgSz, &check, - &key, NULL, 0)) != MP_OKAY) { - WOLFSSL_MSG("wc_ed448_verify_msg failed"); - } - else if (!check) - WOLFSSL_MSG("wc_ed448_verify_msg failed (signature invalid)"); - else - ret = WOLFSSL_SUCCESS; +#ifdef WOLFSSL_HAVE_CERT_SERVICE + /* Used by autoconf to see if cert service is available */ + void wolfSSL_cert_service(void) {} +#endif - wc_ed448_free(&key); +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) - return ret; -#endif /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN */ -} + /* NID variables are dependent on compatibility header files currently + * + * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL + * on fail + */ -#endif /* OPENSSL_EXTRA && HAVE_ED448 */ + WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id) + { + return wolfSSL_OBJ_nid2obj_ex(id, NULL); + } -#ifdef WOLFSSL_JNI -int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr) -{ - WOLFSSL_ENTER("wolfSSL_set_jobject"); - if (ssl != NULL) + WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, + WOLFSSL_ASN1_OBJECT* arg_obj) { - ssl->jObjectRef = objPtr; - return WOLFSSL_SUCCESS; - } - return WOLFSSL_FAILURE; -} + word32 oidSz = 0; + int nid = 0; + const byte* oid; + word32 type = 0; + WOLFSSL_ASN1_OBJECT* obj = arg_obj; + byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */ + word32 objSz = 0; + const char* sName = NULL; + int i; -void* wolfSSL_get_jobject(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_jobject"); - if (ssl != NULL) - return ssl->jObjectRef; - return NULL; -} +#ifdef WOLFSSL_DEBUG_OPENSSL + WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj"); +#endif -#endif /* WOLFSSL_JNI */ + for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { + if (wolfssl_object_info[i].nid == id) { + nid = id; + id = wolfssl_object_info[i].id; + sName = wolfssl_object_info[i].sName; + type = wolfssl_object_info[i].type; + break; + } + } + if (i == (int)WOLFSSL_OBJECT_INFO_SZ) { + WOLFSSL_MSG("NID not in table"); + #ifdef WOLFSSL_QT + sName = NULL; + type = (word32)id; + #else + return NULL; + #endif + } + + #ifdef HAVE_ECC + if (type == 0 && wc_ecc_get_oid((word32)id, &oid, &oidSz) > 0) { + type = oidCurveType; + } + #endif /* HAVE_ECC */ + if (sName != NULL) { + if (XSTRLEN(sName) > WOLFSSL_MAX_SNAME - 1) { + WOLFSSL_MSG("Attempted short name is too large"); + return NULL; + } + } -#ifdef WOLFSSL_ASYNC_CRYPT -int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents, - WOLF_EVENT_FLAG flags, int* eventCount) -{ - if (ctx == NULL) { - return BAD_FUNC_ARG; - } + oid = OidFromId((word32)id, type, &oidSz); - return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL, - events, maxEvents, flags, eventCount); -} + /* set object ID to buffer */ + if (obj == NULL){ + obj = wolfSSL_ASN1_OBJECT_new(); + if (obj == NULL) { + WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); + return NULL; + } + } + obj->nid = nid; + obj->type = id; + obj->grp = (int)type; -int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags) -{ - int ret, eventCount = 0; - WOLF_EVENT* events[1]; + obj->sName[0] = '\0'; + if (sName != NULL) { + XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName)); + } - if (ssl == NULL) { - return BAD_FUNC_ARG; - } + objBuf[0] = ASN_OBJECT_ID; objSz++; + objSz += SetLength(oidSz, objBuf + 1); + if (oidSz) { + XMEMCPY(objBuf + objSz, oid, oidSz); + objSz += oidSz; + } - ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, ssl, - events, sizeof(events)/sizeof(events[0]), flags, &eventCount); - if (ret == 0) { - ret = eventCount; + if (obj->objSz == 0 || objSz != obj->objSz) { + obj->objSz = objSz; + if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || + (obj->obj == NULL)) { + if (obj->obj != NULL) + XFREE((byte*)obj->obj, NULL, DYNAMIC_TYPE_ASN1); + obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) { + wolfSSL_ASN1_OBJECT_free(obj); + return NULL; + } + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; + } + else { + obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + } + } + XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); + + (void)type; + + return obj; } - return ret; -} -#endif /* WOLFSSL_ASYNC_CRYPT */ + static const char* oid_translate_num_to_str(const char* oid) + { + const struct oid_dict { + const char* num; + const char* desc; + } oid_dict[] = { + { "2.5.29.37.0", "Any Extended Key Usage" }, + { "1.3.6.1.5.5.7.3.1", "TLS Web Server Authentication" }, + { "1.3.6.1.5.5.7.3.2", "TLS Web Client Authentication" }, + { "1.3.6.1.5.5.7.3.3", "Code Signing" }, + { "1.3.6.1.5.5.7.3.4", "E-mail Protection" }, + { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, + { "1.3.6.1.5.5.7.3.9", "OCSP Signing" }, + { NULL, NULL } + }; + const struct oid_dict* idx; -#ifdef OPENSSL_EXTRA + for (idx = oid_dict; idx->num != NULL; idx++) { + if (!XSTRCMP(oid, idx->num)) { + return idx->desc; + } + } + return NULL; + } -static int peek_ignore_err(int err) -{ - switch(err) { - case -WANT_READ: - case -WANT_WRITE: - case -ZERO_RETURN: - case -WOLFSSL_ERROR_ZERO_RETURN: - case -SOCKET_PEER_CLOSED_E: - case -SOCKET_ERROR_E: - return 1; - default: - return 0; - } -} + static int wolfssl_obj2txt_numeric(char *buf, int bufLen, + const WOLFSSL_ASN1_OBJECT *a) + { + int bufSz; + int length; + word32 idx = 0; + byte tag; -unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags) -{ - unsigned long err; + if (GetASNTag(a->obj, &idx, &tag, a->objSz) != 0) { + return WOLFSSL_FAILURE; + } - WOLFSSL_ENTER("wolfSSL_ERR_peek_error_line_data"); - err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err); + if (tag != ASN_OBJECT_ID) { + WOLFSSL_MSG("Bad ASN1 Object"); + return WOLFSSL_FAILURE; + } - if (err == -ASN_NO_PEM_HEADER) - return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; -#ifdef OPENSSL_ALL - /* PARSE_ERROR is returned if an HTTP request is detected. */ - else if (err == -SSL_R_HTTP_REQUEST) - return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST; -#endif -#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - else if (err == ASN1_R_HEADER_TOO_LONG) - return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; -#endif - return err; -} -#endif + if (GetLength((const byte*)a->obj, &idx, &length, + a->objSz) < 0 || length < 0) { + return ASN_PARSE_E; + } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + if (bufLen < MAX_OID_STRING_SZ) { + bufSz = bufLen - 1; + } + else { + bufSz = MAX_OID_STRING_SZ; + } -#if !defined(WOLFSSL_USER_IO) -/* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 - * example input would be "127.0.0.1" and the returned value would be 7F000001 - */ -WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa) -{ - int ipaSz = WOLFSSL_IP4_ADDR_LEN; - char buf[WOLFSSL_IP6_ADDR_LEN + 1]; /* plus 1 for terminator */ - int af = WOLFSSL_IP4; - WOLFSSL_ASN1_STRING *ret = NULL; + if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx, + (word32)length)) <= 0) { + WOLFSSL_MSG("Error decoding OID"); + return WOLFSSL_FAILURE; + } - if (ipa == NULL) - return NULL; + buf[bufSz] = '\0'; - if (XSTRSTR(ipa, ":") != NULL) { - af = WOLFSSL_IP6; - ipaSz = WOLFSSL_IP6_ADDR_LEN; + return bufSz; } - buf[WOLFSSL_IP6_ADDR_LEN] = '\0'; - if (XINET_PTON(af, ipa, (void*)buf) != 1) { - WOLFSSL_MSG("Error parsing IP address"); - return NULL; - } + /* If no_name is one then use numerical form, otherwise short name. + * + * Returns the buffer size on success, WOLFSSL_FAILURE on error + */ + int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, const WOLFSSL_ASN1_OBJECT *a, + int no_name) + { + int bufSz; + const char* desc; + const char* name; - ret = wolfSSL_ASN1_STRING_new(); - if (ret != NULL) { - if (wolfSSL_ASN1_STRING_set(ret, buf, ipaSz) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error setting the string"); - wolfSSL_ASN1_STRING_free(ret); - ret = NULL; + WOLFSSL_ENTER("wolfSSL_OBJ_obj2txt"); + + if (buf == NULL || bufLen <= 1 || a == NULL) { + WOLFSSL_MSG("Bad input argument"); + return WOLFSSL_FAILURE; } - } - return ret; -} -#endif /* !WOLFSSL_USER_IO */ + if (no_name == 1) { + return wolfssl_obj2txt_numeric(buf, bufLen, a); + } -/* Is the specified cipher suite a fake one used an an extension proxy? */ -static WC_INLINE int SCSV_Check(byte suite0, byte suite) -{ - (void)suite0; - (void)suite; -#ifdef HAVE_RENEGOTIATION_INDICATION - if (suite0 == CIPHER_BYTE && suite == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) - return 1; + /* return long name unless using x509small, then return short name */ +#if defined(OPENSSL_EXTRA_X509_SMALL) && !defined(OPENSSL_EXTRA) + name = a->sName; +#else + name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a)); #endif - return 0; -} -static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0, - byte suite) -{ - const CipherSuiteInfo* cipher_names = GetCipherNames(); - int cipherSz = GetCipherNamesSize(); - int i; - for (i = 0; i < cipherSz; i++) - if (cipher_names[i].cipherSuite0 == suite0 && - cipher_names[i].cipherSuite == suite) - break; - if (i == cipherSz) - return 1; - /* Check min version */ - if (cipher_names[i].minor < ssl->options.minDowngrade) { - if (ssl->options.minDowngrade <= TLSv1_2_MINOR && - cipher_names[i].minor >= TLSv1_MINOR) - /* 1.0 ciphersuites are in general available in 1.1 and - * 1.1 ciphersuites are in general available in 1.2 */ - return 0; - return 1; - } - /* Check max version */ - switch (cipher_names[i].minor) { - case SSLv3_MINOR : - return ssl->options.mask & WOLFSSL_OP_NO_SSLv3; - case TLSv1_MINOR : - return ssl->options.mask & WOLFSSL_OP_NO_TLSv1; - case TLSv1_1_MINOR : - return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1; - case TLSv1_2_MINOR : - return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2; - case TLSv1_3_MINOR : - return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3; - default: - WOLFSSL_MSG("Unrecognized minor version"); - return 1; - } -} + if (name == NULL) { + WOLFSSL_MSG("Name not found"); + bufSz = 0; + } + else if (XSTRLEN(name) + 1 < (word32)bufLen - 1) { + bufSz = (int)XSTRLEN(name); + } + else { + bufSz = bufLen - 1; + } + if (bufSz) { + XMEMCPY(buf, name, bufSz); + } + else if (a->type == GEN_DNS || a->type == GEN_EMAIL || + a->type == GEN_URI) { + bufSz = (int)XSTRLEN((const char*)a->obj); + XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen)); + } + else if ((bufSz = wolfssl_obj2txt_numeric(buf, bufLen, a)) > 0) { + if ((desc = oid_translate_num_to_str(buf))) { + bufSz = (int)XSTRLEN(desc); + bufSz = (int)min((word32)bufSz,(word32) bufLen - 1); + XMEMCPY(buf, desc, bufSz); + } + } + else { + bufSz = 0; + } -/* returns a pointer to internal cipher suite list. Should not be free'd by - * caller. - */ -WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) -{ - WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; - const Suites* suites; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - const CipherSuiteInfo* cipher_names = GetCipherNames(); - int cipherSz = GetCipherNamesSize(); -#endif + buf[bufSz] = '\0'; - WOLFSSL_ENTER("wolfSSL_get_ciphers_compat"); - if (ssl == NULL) + return bufSz; + } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS_SMALL) + /* Returns the long name that corresponds with an ASN1_OBJECT nid value. + * n : NID value of ASN1_OBJECT to search */ + const char* wolfSSL_OBJ_nid2ln(int n) + { + const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; + size_t i; + WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { + if (obj_info->nid == n) { + return obj_info->lName; + } + } + WOLFSSL_MSG("NID not found in table"); return NULL; + } +#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, + WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY, WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) + /* Return the corresponding short name for the nid . + * or NULL if short name can't be found. + */ + const char * wolfSSL_OBJ_nid2sn(int n) { + const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; + size_t i; + WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); - suites = WOLFSSL_SUITES(ssl); - if (suites == NULL) + if (n == NID_md5) { + /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in + * wolfssl_object_info. As a result, the loop below will incorrectly + * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL + * NID, but other functions rely on this table and modifying it to + * conform with OpenSSL's NIDs isn't trivial. */ + return "MD5"; + } + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { + if (obj_info->nid == n) { + return obj_info->sName; + } + } + WOLFSSL_MSG_EX("SN not found (nid:%d)",n); return NULL; + } - /* check if stack needs populated */ - if (ssl->suitesStack == NULL) { - int i; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - int j; - - /* higher priority of cipher suite will be on top of stack */ - for (i = suites->suiteSz - 2; i >=0; i-=2) { -#else - for (i = 0; i < suites->suiteSz; i+=2) { +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + int wolfSSL_OBJ_sn2nid(const char *sn) { + WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid"); + if (sn == NULL) + return NID_undef; + return wc_OBJ_sn2nid(sn); + } #endif - WOLFSSL_STACK* add; - /* A couple of suites are placeholders for special options, - * skip those. */ - if (SCSV_Check(suites->suites[i], suites->suites[i+1]) - || sslCipherMinMaxCheck(ssl, suites->suites[i], - suites->suites[i+1])) { - continue; - } + size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o) + { + size_t ret = 0; + int err = 0; + word32 idx = 0; + int len = 0; - add = wolfSSL_sk_new_node(ssl->heap); - if (add != NULL) { - add->type = STACK_TYPE_CIPHER; - add->data.cipher.cipherSuite0 = suites->suites[i]; - add->data.cipher.cipherSuite = suites->suites[i+1]; - add->data.cipher.ssl = ssl; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - for (j = 0; j < cipherSz; j++) { - if (cipher_names[j].cipherSuite0 == - add->data.cipher.cipherSuite0 && - cipher_names[j].cipherSuite == - add->data.cipher.cipherSuite) { - add->data.cipher.offset = j; - break; - } - } -#endif - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - /* in_stack is checked in wolfSSL_CIPHER_description */ - add->data.cipher.in_stack = 1; - #endif + WOLFSSL_ENTER("wolfSSL_OBJ_length"); - add->next = ret; - if (ret != NULL) { - add->num = ret->num + 1; - } - else { - add->num = 1; - } - ret = add; - } + if (o == NULL || o->obj == NULL) { + WOLFSSL_MSG("Bad argument."); + err = 1; } - ((WOLFSSL*)ssl)->suitesStack = ret; - } - return ssl->suitesStack; -} -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) -long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) -{ - WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout"); + if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) { + WOLFSSL_MSG("Error parsing ASN.1 header."); + err = 1; + } + if (err == 0) { + ret = (size_t)len; + } - if (ctx == NULL) - return 0; + WOLFSSL_LEAVE("wolfSSL_OBJ_length", (int)ret); - return ctx->timeout; -} + return ret; + } + const unsigned char* wolfSSL_OBJ_get0_data(const WOLFSSL_ASN1_OBJECT* o) + { + const unsigned char* ret = NULL; + int err = 0; + word32 idx = 0; + int len = 0; -/* returns the time in seconds of the current timeout */ -long wolfSSL_get_timeout(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_timeout"); + WOLFSSL_ENTER("wolfSSL_OBJ_get0_data"); - if (ssl == NULL) - return 0; - return ssl->timeout; -} -#endif + if (o == NULL || o->obj == NULL) { + WOLFSSL_MSG("Bad argument."); + err = 1; + } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) { + WOLFSSL_MSG("Error parsing ASN.1 header."); + err = 1; + } + if (err == 0) { + ret = o->obj + idx; + } -#ifdef HAVE_ECC -int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh) -{ - WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_tmp_ecdh"); + return ret; + } - if (ctx == NULL || ecdh == NULL) - return BAD_FUNC_ARG; - ctx->ecdhCurveOID = ecdh->group->curve_oid; + /* Gets the NID value that corresponds with the ASN1 object. + * + * o ASN1 object to get NID of + * + * Return NID on success and a negative value on failure + */ + int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) + { + word32 oid = 0; + word32 idx = 0; + int ret; - return WOLFSSL_SUCCESS; -} -#endif -#ifndef NO_SESSION_CACHE -int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s) -{ -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - int rem_called = FALSE; +#ifdef WOLFSSL_DEBUG_OPENSSL + WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); #endif - WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session"); + if (o == NULL) { + return -1; + } - s = ClientSessionToSession(s); - if (ctx == NULL || s == NULL) - return BAD_FUNC_ARG; + #ifdef WOLFSSL_QT + if (o->grp == oidCertExtType) { + /* If nid is an unknown extension, return NID_undef */ + if (wolfSSL_OBJ_nid2sn(o->nid) == NULL) + return NID_undef; + } + #endif -#ifdef HAVE_EXT_CACHE - if (!ctx->internalCacheOff) -#endif - { - const byte* id; - WOLFSSL_SESSION *sess = NULL; - word32 row = 0; - int ret; + if (o->nid > 0) + return o->nid; + if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { + if (ret == WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) { + /* Put ASN object tag in front and try again */ + int len = SetObjectId(o->objSz, NULL) + o->objSz; + byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!buf) { + WOLFSSL_MSG("malloc error"); + return -1; + } + idx = SetObjectId(o->objSz, buf); + XMEMCPY(buf + idx, o->obj, o->objSz); + idx = 0; + ret = GetObjectId(buf, &idx, &oid, o->grp, len); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ret < 0) { + WOLFSSL_MSG("Issue getting OID of object"); + return -1; + } + } + else { + WOLFSSL_MSG("Issue getting OID of object"); + return -1; + } + } - id = s->sessionID; - if (s->haveAltSessionID) - id = s->altSessionID; + return oid2nid(oid, o->grp); + } - ret = TlsSessionCacheGetAndWrLock(id, &sess, &row, ctx->method->side); - if (ret == 0 && sess != NULL) { -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - if (sess->rem_sess_cb != NULL) { - rem_called = TRUE; + /* Return the corresponding NID for the long name + * or NID_undef if NID can't be found. + */ + int wolfSSL_OBJ_ln2nid(const char *ln) + { + const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; + size_t lnlen; + WOLFSSL_ENTER("wolfSSL_OBJ_ln2nid"); + if (ln && (lnlen = XSTRLEN(ln)) > 0) { + /* Accept input like "/commonName=" */ + if (ln[0] == '/') { + ln++; + lnlen--; } -#endif - /* Call this before changing ownExData so that calls to ex_data - * don't try to access the SessionCache again. */ - EvictSessionFromCache(sess); -#ifdef HAVE_EX_DATA - if (sess->ownExData) { - /* Most recent version of ex data is in cache. Copy it - * over so the user can free it. */ - XMEMCPY(&s->ex_data, &sess->ex_data, - sizeof(WOLFSSL_CRYPTO_EX_DATA)); - s->ownExData = 1; - sess->ownExData = 0; + if (lnlen) { + size_t i; + + if (ln[lnlen-1] == '=') { + lnlen--; + } + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { + if (lnlen == XSTRLEN(obj_info->lName) && + XSTRNCMP(ln, obj_info->lName, lnlen) == 0) { + return obj_info->nid; + } + } } -#endif -#ifdef SESSION_CACHE_DYNAMIC_MEM - { - /* Find and clear entry. Row is locked so we are good to go. */ - int idx; - for (idx = 0; idx < SESSIONS_PER_ROW; idx++) { - if (sess == SessionCache[row].Sessions[idx]) { - XFREE(sess, sess->heap, DYNAMIC_TYPE_SESSION); - SessionCache[row].Sessions[idx] = NULL; - break; + } + return NID_undef; + } + + /* compares two objects, return 0 if equal */ + int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, + const WOLFSSL_ASN1_OBJECT* b) + { + WOLFSSL_ENTER("wolfSSL_OBJ_cmp"); + + if (a && b && a->obj && b->obj) { + if (a->objSz == b->objSz) { + return XMEMCMP(a->obj, b->obj, a->objSz); + } + else if (a->type == EXT_KEY_USAGE_OID || + b->type == EXT_KEY_USAGE_OID) { + /* Special case for EXT_KEY_USAGE_OID so that + * cmp will be treated as a substring search */ + /* Used in libest to check for id-kp-cmcRA in + * EXT_KEY_USAGE extension */ + unsigned int idx; + const byte* s; /* shorter */ + unsigned int sLen; + const byte* l; /* longer */ + unsigned int lLen; + if (a->objSz > b->objSz) { + s = b->obj; sLen = b->objSz; + l = a->obj; lLen = a->objSz; + } + else { + s = a->obj; sLen = a->objSz; + l = b->obj; lLen = b->objSz; + } + for (idx = 0; idx <= lLen - sLen; idx++) { + if (XMEMCMP(l + idx, s, sLen) == 0) { + /* Found substring */ + return 0; } } } -#endif - TlsSessionCacheUnlockRow(row); } - } -#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) - if (ctx->rem_sess_cb != NULL && !rem_called) { - ctx->rem_sess_cb(ctx, s); + return WOLFSSL_FATAL_ERROR; } -#endif - - /* s cannot be resumed at this point */ - s->timeout = 0; - - return 0; -} -#endif /* !NO_SESSION_CACHE */ -#ifndef NO_BIO -BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) -{ - WOLFSSL_ENTER("wolfSSL_SSL_get_rbio"); - /* Nginx sets the buffer size if the read BIO is different to write BIO. - * The setting buffer size doesn't do anything so return NULL for both. - */ - if (s == NULL) - return NULL; - - return s->biord; -} -BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) -{ - WOLFSSL_ENTER("wolfSSL_SSL_get_wbio"); - (void)s; - /* Nginx sets the buffer size if the read BIO is different to write BIO. - * The setting buffer size doesn't do anything so return NULL for both. +#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, + WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY) + /* Gets the NID value that is related to the OID string passed in. Example + * string would be "2.5.29.14" for subject key ID. + * + * returns NID value on success and NID_undef on error */ - if (s == NULL) - return NULL; - - return s->biowr; -} -#endif /* !NO_BIO */ - -int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s) -{ - WOLFSSL_ENTER("wolfSSL_SSL_do_handshake_internal"); - if (s == NULL) - return WOLFSSL_FAILURE; - - if (s->options.side == WOLFSSL_CLIENT_END) { - #ifndef NO_WOLFSSL_CLIENT - return wolfSSL_connect(s); - #else - WOLFSSL_MSG("Client not compiled in"); - return WOLFSSL_FAILURE; + int wolfSSL_OBJ_txt2nid(const char* s) + { + unsigned int i; + #ifdef WOLFSSL_CERT_EXT + int ret; + unsigned int sum = 0; + unsigned int outSz = MAX_OID_SZ; + unsigned char out[MAX_OID_SZ]; #endif - } - -#ifndef NO_WOLFSSL_SERVER - return wolfSSL_accept(s); -#else - WOLFSSL_MSG("Server not compiled in"); - return WOLFSSL_FAILURE; -#endif -} - -int wolfSSL_SSL_do_handshake(WOLFSSL *s) -{ - WOLFSSL_ENTER("wolfSSL_SSL_do_handshake"); -#ifdef WOLFSSL_QUIC - if (WOLFSSL_IS_QUIC(s)) { - return wolfSSL_quic_do_handshake(s); - } -#endif - return wolfSSL_SSL_do_handshake_internal(s); -} - -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -int wolfSSL_SSL_in_init(const WOLFSSL *ssl) -#else -int wolfSSL_SSL_in_init(WOLFSSL *ssl) -#endif -{ - WOLFSSL_ENTER("wolfSSL_SSL_in_init"); - return !wolfSSL_is_init_finished(ssl); -} + WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); -int wolfSSL_SSL_in_before(const WOLFSSL *ssl) -{ - WOLFSSL_ENTER("wolfSSL_SSL_in_before"); + if (s == NULL) { + return NID_undef; + } - if (ssl == NULL) - return WOLFSSL_FAILURE; + #ifdef WOLFSSL_CERT_EXT + ret = EncodePolicyOID(out, &outSz, s, NULL); + if (ret == 0) { + /* sum OID */ + for (i = 0; i < outSz; i++) { + sum += out[i]; + } + } + #endif /* WOLFSSL_CERT_EXT */ - return ssl->options.handShakeState == NULL_STATE; -} + /* get the group that the OID's sum is in + * @TODO possible conflict with multiples */ + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { + int len; + #ifdef WOLFSSL_CERT_EXT + if (ret == 0) { + if (wolfssl_object_info[i].id == (int)sum) { + return wolfssl_object_info[i].nid; + } + } + #endif -int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_SSL_in_connect_init"); + /* try as a short name */ + len = (int)XSTRLEN(s); + if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len && + XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { + return wolfssl_object_info[i].nid; + } - if (ssl == NULL) - return WOLFSSL_FAILURE; + /* try as a long name */ + if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len && + XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { + return wolfssl_object_info[i].nid; + } + } - if (ssl->options.side == WOLFSSL_CLIENT_END) { - return ssl->options.connectState > CONNECT_BEGIN && - ssl->options.connectState < SECOND_REPLY_DONE; + return NID_undef; } +#endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) - return ssl->options.acceptState > ACCEPT_BEGIN && - ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE; -} - -#ifndef NO_SESSION_CACHE - -WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl) -{ - WOLFSSL_ENTER("wolfSSL_SSL_get0_session"); - - return ssl->session; -} - -#endif /* NO_SESSION_CACHE */ + /* Creates new ASN1_OBJECT from short name, long name, or text + * representation of oid. If no_name is 0, then short name, long name, and + * numerical value of oid are interpreted. If no_name is 1, then only the + * numerical value of the oid is interpreted. + * + * Returns pointer to ASN1_OBJECT on success, or NULL on error. + */ +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name) + { + int i, ret; + int nid = NID_undef; + unsigned int outSz = MAX_OID_SZ; + unsigned char out[MAX_OID_SZ]; + WOLFSSL_ASN1_OBJECT* obj; -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) -/* Expected return values from implementations of OpenSSL ticket key callback. - */ -#define TICKET_KEY_CB_RET_FAILURE (-1) -#define TICKET_KEY_CB_RET_NOT_FOUND 0 -#define TICKET_KEY_CB_RET_OK 1 -#define TICKET_KEY_CB_RET_RENEW 2 + WOLFSSL_ENTER("wolfSSL_OBJ_txt2obj"); -/* Implementation of session ticket encryption/decryption using OpenSSL - * callback to initialize the cipher and HMAC. - * - * ssl The SSL/TLS object. - * keyName The key name - used to identify the key to be used. - * iv The IV to use. - * mac The MAC of the encrypted data. - * enc Encrypt ticket. - * encTicket The ticket data. - * encTicketLen The length of the ticket data. - * encLen The encrypted/decrypted ticket length - output length. - * ctx Ignored. Application specific data. - * returns WOLFSSL_TICKET_RET_OK to indicate success, - * WOLFSSL_TICKET_RET_CREATE if a new ticket is required and - * WOLFSSL_TICKET_RET_FATAL on error. - */ -static int wolfSSL_TicketKeyCb(WOLFSSL* ssl, - unsigned char keyName[WOLFSSL_TICKET_NAME_SZ], - unsigned char iv[WOLFSSL_TICKET_IV_SZ], - unsigned char mac[WOLFSSL_TICKET_MAC_SZ], - int enc, unsigned char* encTicket, - int encTicketLen, int* encLen, void* ctx) -{ - byte digest[WC_MAX_DIGEST_SIZE]; -#ifdef WOLFSSL_SMALL_STACK - WOLFSSL_EVP_CIPHER_CTX *evpCtx; -#else - WOLFSSL_EVP_CIPHER_CTX evpCtx[1]; -#endif - WOLFSSL_HMAC_CTX hmacCtx; - unsigned int mdSz = 0; - int len = 0; - int ret = WOLFSSL_TICKET_RET_FATAL; - int res; - int totalSz = 0; + if (s == NULL) + return NULL; - (void)ctx; + /* If s is numerical value, try to sum oid */ + ret = EncodePolicyOID(out, &outSz, s, NULL); + if (ret == 0 && outSz > 0) { + /* If numerical encode succeeded then just + * create object from that because sums are + * not unique and can cause confusion. */ + obj = wolfSSL_ASN1_OBJECT_new(); + if (obj == NULL) { + WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); + return NULL; + } + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; + obj->obj = (byte*)XMALLOC(1 + MAX_LENGTH_SZ + outSz, NULL, + DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) { + wolfSSL_ASN1_OBJECT_free(obj); + return NULL; + } + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; + i = SetObjectId((int)outSz, (byte*)obj->obj); + XMEMCPY((byte*)obj->obj + i, out, outSz); + obj->objSz = i + outSz; + return obj; + } - WOLFSSL_ENTER("wolfSSL_TicketKeyCb"); + /* TODO: update short names in wolfssl_object_info and check OID sums + are correct */ + for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { + /* Short name, long name, and numerical value are interpreted */ + if (no_name == 0 && + ((XSTRCMP(s, wolfssl_object_info[i].sName) == 0) || + (XSTRCMP(s, wolfssl_object_info[i].lName) == 0))) + { + nid = wolfssl_object_info[i].nid; + } + } - if (ssl == NULL || ssl->ctx == NULL || ssl->ctx->ticketEncWrapCb == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_TICKET_RET_FATAL; - } + if (nid != NID_undef) + return wolfSSL_OBJ_nid2obj(nid); -#ifdef WOLFSSL_SMALL_STACK - evpCtx = (WOLFSSL_EVP_CIPHER_CTX *)XMALLOC(sizeof(*evpCtx), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (evpCtx == NULL) { - WOLFSSL_MSG("out of memory"); - return WOLFSSL_TICKET_RET_FATAL; + return NULL; } #endif - /* Initialize the cipher and HMAC. */ - wolfSSL_EVP_CIPHER_CTX_init(evpCtx); - if (wolfSSL_HMAC_CTX_Init(&hmacCtx) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init error"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(evpCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif - return WOLFSSL_TICKET_RET_FATAL; - } - res = ssl->ctx->ticketEncWrapCb(ssl, keyName, - iv, evpCtx, &hmacCtx, enc); - if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) { - WOLFSSL_MSG("Ticket callback error"); - ret = WOLFSSL_TICKET_RET_FATAL; - goto end; - } - - if (wolfSSL_HMAC_size(&hmacCtx) > WOLFSSL_TICKET_MAC_SZ) { - WOLFSSL_MSG("Ticket cipher MAC size error"); - goto end; + /* compatibility function. Its intended use is to remove OID's from an + * internal table that have been added with OBJ_create. wolfSSL manages its + * own internal OID values and does not currently support OBJ_create. */ + void wolfSSL_OBJ_cleanup(void) + { + WOLFSSL_ENTER("wolfSSL_OBJ_cleanup"); } - if (enc) + #ifndef NO_WOLFSSL_STUB + int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln) { - /* Encrypt in place. */ - if (!wolfSSL_EVP_CipherUpdate(evpCtx, encTicket, &len, - encTicket, encTicketLen)) - goto end; - totalSz = len; - if (totalSz > *encLen) - goto end; - if (!wolfSSL_EVP_EncryptFinal(evpCtx, &encTicket[len], &len)) - goto end; - /* Total length of encrypted data. */ - totalSz += len; - if (totalSz > *encLen) - goto end; - - /* HMAC the encrypted data into the parameter 'mac'. */ - if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, totalSz)) - goto end; - if (!wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz)) - goto end; + (void)oid; + (void)sn; + (void)ln; + WOLFSSL_STUB("wolfSSL_OBJ_create"); + return WOLFSSL_FAILURE; } - else - { - /* HMAC the encrypted data and compare it to the passed in data. */ - if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen)) - goto end; - if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz)) - goto end; - if (XMEMCMP(mac, digest, mdSz) != 0) - goto end; + #endif - /* Decrypt the ticket data in place. */ - if (!wolfSSL_EVP_CipherUpdate(evpCtx, encTicket, &len, - encTicket, encTicketLen)) - goto end; - totalSz = len; - if (totalSz > encTicketLen) - goto end; - if (!wolfSSL_EVP_DecryptFinal(evpCtx, &encTicket[len], &len)) - goto end; - /* Total length of decrypted data. */ - totalSz += len; - if (totalSz > encTicketLen) - goto end; + void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) + { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_ENTER("wolfSSL_set_verify_depth"); + ssl->options.verifyDepth = (byte)depth; + #endif } - *encLen = totalSz; - - if (res == TICKET_KEY_CB_RET_RENEW && !IsAtLeastTLSv1_3(ssl->version) - && !enc) - ret = WOLFSSL_TICKET_RET_CREATE; - else - ret = WOLFSSL_TICKET_RET_OK; -end: - - (void)wc_HmacFree(&hmacCtx.hmac); - (void)wolfSSL_EVP_CIPHER_CTX_cleanup(evpCtx); -#ifdef WOLFSSL_SMALL_STACK - XFREE(evpCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif +#endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || + HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ - return ret; -} +#ifdef OPENSSL_EXTRA -/* Set the callback to use when encrypting/decrypting tickets. - * - * ctx The SSL/TLS context object. - * cb The OpenSSL session ticket callback. - * returns WOLFSSL_SUCCESS to indicate success. +/* wolfSSL uses negative values for error states. This function returns an + * unsigned type so the value returned is the absolute value of the error. */ -int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, ticketCompatCb cb) +unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) { + WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); - /* Set the ticket encryption callback to be a wrapper around OpenSSL - * callback. - */ - ctx->ticketEncCb = wolfSSL_TicketKeyCb; - ctx->ticketEncWrapCb = cb; - - return WOLFSSL_SUCCESS; -} - -#endif /* HAVE_SESSION_TICKET */ - -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || - OPENSSL_EXTRA || HAVE_LIGHTY */ + (void)line; + (void)file; +#ifdef WOLFSSL_HAVE_ERROR_QUEUE + { + int ret; -#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ - !defined(NO_WOLFSSL_SERVER) -/* Serialize the session ticket encryption keys. - * - * @param [in] ctx SSL/TLS context object. - * @param [in] keys Buffer to hold session ticket keys. - * @param [in] keylen Length of buffer. - * @return WOLFSSL_SUCCESS on success. - * @return WOLFSSL_FAILURE when ctx is NULL, keys is NULL or keylen is not the - * correct length. - */ -long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx, - unsigned char *keys, int keylen) -{ - if (ctx == NULL || keys == NULL) { - return WOLFSSL_FAILURE; - } - if (keylen != WOLFSSL_TICKET_KEYS_SZ) { - return WOLFSSL_FAILURE; + if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) { + WOLFSSL_MSG("Issue peeking at error node in queue"); + return 0; + } + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) + if (ret == -ASN_NO_PEM_HEADER) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + #endif + #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) + if (ret == ASN1_R_HEADER_TOO_LONG) { + return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; + } + #endif + return (unsigned long)ret; } - - XMEMCPY(keys, ctx->ticketKeyCtx.name, WOLFSSL_TICKET_NAME_SZ); - keys += WOLFSSL_TICKET_NAME_SZ; - XMEMCPY(keys, ctx->ticketKeyCtx.key[0], WOLFSSL_TICKET_KEY_SZ); - keys += WOLFSSL_TICKET_KEY_SZ; - XMEMCPY(keys, ctx->ticketKeyCtx.key[1], WOLFSSL_TICKET_KEY_SZ); - keys += WOLFSSL_TICKET_KEY_SZ; - c32toa(ctx->ticketKeyCtx.expirary[0], keys); - keys += OPAQUE32_LEN; - c32toa(ctx->ticketKeyCtx.expirary[1], keys); - - return WOLFSSL_SUCCESS; +#else + return (unsigned long)(0 - NOT_COMPILED_IN); +#endif } -/* Deserialize the session ticket encryption keys. - * - * @param [in] ctx SSL/TLS context object. - * @param [in] keys Session ticket keys. - * @param [in] keylen Length of data. - * @return WOLFSSL_SUCCESS on success. - * @return WOLFSSL_FAILURE when ctx is NULL, keys is NULL or keylen is not the - * correct length. - */ -long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx, - unsigned char *keys, int keylen) -{ - if (ctx == NULL || keys == NULL) { - return WOLFSSL_FAILURE; - } - if (keylen != WOLFSSL_TICKET_KEYS_SZ) { - return WOLFSSL_FAILURE; - } +#endif /* OPENSSL_EXTRA */ - XMEMCPY(ctx->ticketKeyCtx.name, keys, WOLFSSL_TICKET_NAME_SZ); - keys += WOLFSSL_TICKET_NAME_SZ; - XMEMCPY(ctx->ticketKeyCtx.key[0], keys, WOLFSSL_TICKET_KEY_SZ); - keys += WOLFSSL_TICKET_KEY_SZ; - XMEMCPY(ctx->ticketKeyCtx.key[1], keys, WOLFSSL_TICKET_KEY_SZ); - keys += WOLFSSL_TICKET_KEY_SZ; - ato32(keys, &ctx->ticketKeyCtx.expirary[0]); - keys += OPAQUE32_LEN; - ato32(keys, &ctx->ticketKeyCtx.expirary[1]); +#if defined(HAVE_EX_DATA) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ + defined(WOLFSSL_WPAS_SMALL) +CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL; - return WOLFSSL_SUCCESS; +static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr, + WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func) +{ + CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC( + sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL); + if (new_ctx == NULL) + return -1; + new_ctx->ctx_l = ctx_l; + new_ctx->ctx_ptr = ctx_ptr; + new_ctx->new_func = new_func; + new_ctx->free_func = free_func; + new_ctx->dup_func = dup_func; + new_ctx->next = NULL; + /* Push to end of list */ + while (*dst != NULL) + dst = &(*dst)->next; + *dst = new_ctx; + return 0; } -#endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) -#ifdef HAVE_OCSP -/* Not an OpenSSL API. */ -int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response) +void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx) { - *response = ssl->ocspResp; - return ssl->ocspRespSz; + while (cb_ctx != NULL) { + CRYPTO_EX_cb_ctx* next = cb_ctx->next; + XFREE(cb_ctx, NULL, DYNAMIC_TYPE_OPENSSL); + cb_ctx = next; + } } -/* Not an OpenSSL API. */ -char* wolfSSL_get_ocsp_url(WOLFSSL* ssl) +void crypto_ex_cb_setup_new_data(void *new_obj, CRYPTO_EX_cb_ctx* cb_ctx, + WOLFSSL_CRYPTO_EX_DATA* ex_data) { - return ssl->url; + int idx = 0; + for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { + if (cb_ctx->new_func != NULL) + cb_ctx->new_func(new_obj, NULL, ex_data, idx, cb_ctx->ctx_l, + cb_ctx->ctx_ptr); + } } -/* Not an OpenSSL API. */ -int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) +int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in, + WOLFSSL_CRYPTO_EX_DATA *out, CRYPTO_EX_cb_ctx* cb_ctx) { - if (ssl == NULL) - return WOLFSSL_FAILURE; - - ssl->url = url; + int idx = 0; + for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { + if (cb_ctx->dup_func != NULL) { + void* ptr = wolfSSL_CRYPTO_get_ex_data(in, idx); + if (!cb_ctx->dup_func(out, in, + &ptr, idx, + cb_ctx->ctx_l, cb_ctx->ctx_ptr)) { + return WOLFSSL_FAILURE; + } + wolfSSL_CRYPTO_set_ex_data(out, idx, ptr); + } + } return WOLFSSL_SUCCESS; } -#endif /* OCSP */ -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) -int wolfSSL_get_ocsp_producedDate( - WOLFSSL *ssl, - byte *producedDate, - size_t producedDate_space, - int *producedDateFormat) +void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx, + WOLFSSL_CRYPTO_EX_DATA* ex_data) { - if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && - (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) - return BAD_FUNC_ARG; - - if ((producedDate == NULL) || (producedDateFormat == NULL)) - return BAD_FUNC_ARG; - - if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space) - return BUFFER_E; - - XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, producedDate_space); - *producedDateFormat = ssl->ocspProducedDateFormat; - - return 0; + int idx = 0; + for (; cb_ctx != NULL; idx++, cb_ctx = cb_ctx->next) { + if (cb_ctx->free_func != NULL) + cb_ctx->free_func(obj, NULL, ex_data, idx, cb_ctx->ctx_l, + cb_ctx->ctx_ptr); + } } -int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { - int idx = 0; +/** + * get_ex_new_index is a helper function for the following + * xx_get_ex_new_index functions: + * - wolfSSL_CRYPTO_get_ex_new_index + * - wolfSSL_CTX_get_ex_new_index + * - wolfSSL_get_ex_new_index + * Issues a unique index number for the specified class-index. + * Returns an index number greater or equal to zero on success, + * -1 on failure. + */ +int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, + WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func) +{ + /* index counter for each class index*/ + static int ctx_idx = 0; + static int ssl_idx = 0; + static int ssl_session_idx = 0; + static int x509_idx = 0; - if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && - (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) - return BAD_FUNC_ARG; + int idx = -1; - if (produced_tm == NULL) - return BAD_FUNC_ARG; + switch(class_index) { + case WOLF_CRYPTO_EX_INDEX_SSL: + WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, + dup_func, free_func); + idx = ssl_idx++; + break; + case WOLF_CRYPTO_EX_INDEX_SSL_CTX: + WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, + dup_func, free_func); + idx = ctx_idx++; + break; + case WOLF_CRYPTO_EX_INDEX_X509: + WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(ctx_l, ctx_ptr, new_func, + dup_func, free_func); + idx = x509_idx++; + break; + case WOLF_CRYPTO_EX_INDEX_SSL_SESSION: + if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr, + new_func, dup_func, free_func) != 0) + return -1; + idx = ssl_session_idx++; + break; - if (ExtractDate(ssl->ocspProducedDate, - (unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx)) - return 0; - else - return ASN_PARSE_E; + /* following class indexes are not supoprted */ + case WOLF_CRYPTO_EX_INDEX_X509_STORE: + case WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX: + case WOLF_CRYPTO_EX_INDEX_DH: + case WOLF_CRYPTO_EX_INDEX_DSA: + case WOLF_CRYPTO_EX_INDEX_EC_KEY: + case WOLF_CRYPTO_EX_INDEX_RSA: + case WOLF_CRYPTO_EX_INDEX_ENGINE: + case WOLF_CRYPTO_EX_INDEX_UI: + case WOLF_CRYPTO_EX_INDEX_BIO: + case WOLF_CRYPTO_EX_INDEX_APP: + case WOLF_CRYPTO_EX_INDEX_UI_METHOD: + case WOLF_CRYPTO_EX_INDEX_DRBG: + default: + break; + } + if (idx >= MAX_EX_DATA) + return -1; + return idx; } -#endif +#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ +#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) +void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); +#ifdef HAVE_EX_DATA + if(ctx != NULL) { + return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); + } +#else + (void)ctx; + (void)idx; +#endif + return NULL; +} -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) -int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain) +int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func) { - word32 idx; - word32 length; - WOLFSSL_STACK* node; - WOLFSSL_STACK* last = NULL; - if (ctx == NULL || chain == NULL) { - chain = NULL; - return WOLFSSL_FAILURE; - } - if (ctx->x509Chain != NULL) { - *chain = ctx->x509Chain; - return WOLFSSL_SUCCESS; - } + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index"); - /* If there are no chains then success! */ - *chain = NULL; - if (ctx->certChain == NULL || ctx->certChain->length == 0) { - return WOLFSSL_SUCCESS; - } + return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, idx, arg, + new_func, dup_func, free_func); +} - /* Create a new stack of WOLFSSL_X509 object from chain buffer. */ - for (idx = 0; idx < ctx->certChain->length; ) { - node = wolfSSL_sk_X509_new_null(); - if (node == NULL) - return WOLFSSL_FAILURE; - node->next = NULL; +/* Return the index that can be used for the WOLFSSL structure to store + * application data. + * + */ +int wolfSSL_get_ex_new_index(long argValue, void* arg, + WOLFSSL_CRYPTO_EX_new* cb1, WOLFSSL_CRYPTO_EX_dup* cb2, + WOLFSSL_CRYPTO_EX_free* cb3) +{ + WOLFSSL_ENTER("wolfSSL_get_ex_new_index"); - /* 3 byte length | X509 DER data */ - ato24(ctx->certChain->buffer + idx, &length); - idx += 3; + return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg, + cb1, cb2, cb3); +} - /* Create a new X509 from DER encoded data. */ - node->data.x509 = wolfSSL_X509_d2i_ex(NULL, - ctx->certChain->buffer + idx, length, ctx->heap); - if (node->data.x509 == NULL) { - XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); - /* Return as much of the chain as we created. */ - ctx->x509Chain = *chain; - return WOLFSSL_FAILURE; - } - idx += length; - /* Add object to the end of the stack. */ - if (last == NULL) { - node->num = 1; - *chain = node; - } - else { - (*chain)->num++; - last->next = node; - } +int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data"); + #ifdef HAVE_EX_DATA + if (ctx != NULL) + { + return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data); + } + #else + (void)ctx; + (void)idx; + (void)data; + #endif + return WOLFSSL_FAILURE; +} - last = node; +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +int wolfSSL_CTX_set_ex_data_with_cleanup( + WOLFSSL_CTX* ctx, + int idx, + void* data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup"); + if (ctx != NULL) + { + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, + cleanup_routine); } + return WOLFSSL_FAILURE; +} +#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - ctx->x509Chain = *chain; +#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */ - return WOLFSSL_SUCCESS; -} +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb) +/* Returns char* to app data stored in ex[0]. + * + * ssl WOLFSSL structure to get app data from + */ +void* wolfSSL_get_app_data(const WOLFSSL *ssl) { - if (ctx == NULL || ctx->cm == NULL || cb == NULL) - return WOLFSSL_FAILURE; + /* checkout exdata stuff... */ + WOLFSSL_ENTER("wolfSSL_get_app_data"); -#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) - if (ctx->cm->ocsp_stapling == NULL) - return WOLFSSL_FAILURE; + return wolfSSL_get_ex_data(ssl, 0); +} - *cb = ctx->cm->ocsp_stapling->statusCb; -#else - (void)cb; - *cb = NULL; -#endif - return WOLFSSL_SUCCESS; +/* Set ex array 0 to have app data + * + * ssl WOLFSSL struct to set app data in + * arg data to be stored + * + * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { + WOLFSSL_ENTER("wolfSSL_set_app_data"); + return wolfSSL_set_ex_data(ssl, 0, arg); } -int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb) -{ - if (ctx == NULL || ctx->cm == NULL) - return WOLFSSL_FAILURE; - -#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) - /* Ensure stapling is on for callback to be used. */ - wolfSSL_CTX_EnableOCSPStapling(ctx); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - if (ctx->cm->ocsp_stapling == NULL) - return WOLFSSL_FAILURE; +#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) - ctx->cm->ocsp_stapling->statusCb = cb; +int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) +{ + WOLFSSL_ENTER("wolfSSL_set_ex_data"); +#ifdef HAVE_EX_DATA + if (ssl != NULL) + { + return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data); + } #else - (void)cb; + WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); + (void)ssl; + (void)idx; + (void)data; #endif - - return WOLFSSL_SUCCESS; + return WOLFSSL_FAILURE; } -int wolfSSL_CTX_get0_chain_certs(WOLFSSL_CTX *ctx, - WOLF_STACK_OF(WOLFSSL_X509) **sk) +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +int wolfSSL_set_ex_data_with_cleanup( + WOLFSSL* ssl, + int idx, + void* data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine) { - WOLFSSL_ENTER("wolfSSL_CTX_get0_chain_certs"); - if (ctx == NULL || sk == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_set_ex_data_with_cleanup"); + if (ssl != NULL) + { + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, data, + cleanup_routine); } - - /* This function should return ctx->x509Chain if it is populated, otherwise - it should be populated from ctx->certChain. This matches the behavior of - wolfSSL_CTX_get_extra_chain_certs, so it is used directly. */ - return wolfSSL_CTX_get_extra_chain_certs(ctx, sk); + return WOLFSSL_FAILURE; } +#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ -#ifdef KEEP_OUR_CERT -int wolfSSL_get0_chain_certs(WOLFSSL *ssl, - WOLF_STACK_OF(WOLFSSL_X509) **sk) +void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) { - WOLFSSL_ENTER("wolfSSL_get0_chain_certs"); - if (ssl == NULL || sk == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_get_ex_data"); +#ifdef HAVE_EX_DATA + if (ssl != NULL) { + return wolfSSL_CRYPTO_get_ex_data(&ssl->ex_data, idx); } - *sk = ssl->ourCertChain; - return WOLFSSL_SUCCESS; -} +#else + WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); + (void)ssl; + (void)idx; #endif + return 0; +} -WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) -{ - WOLF_STACK_OF(WOLFSSL_STRING)* ret = wolfSSL_sk_new_node(NULL); - - if (ret) { - ret->type = STACK_TYPE_STRING; - } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ - return ret; -} +#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) -void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s) +/* returns the enum value associated with handshake state + * + * ssl the WOLFSSL structure to get state of + */ +int wolfSSL_get_state(const WOLFSSL* ssl) { - WOLFSSL_ENTER("wolfSSL_WOLFSSL_STRING_free"); + WOLFSSL_ENTER("wolfSSL_get_state"); + + if (ssl == NULL) { + WOLFSSL_MSG("Null argument passed in"); + return WOLFSSL_FAILURE; + } - if (s != NULL) - XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + return ssl->options.handShakeState; } +#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ -void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk) +#ifdef OPENSSL_EXTRA +void wolfSSL_certs_clear(WOLFSSL* ssl) { - WOLFSSL_STACK* tmp; - WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_STRING_free"); + WOLFSSL_ENTER("wolfSSL_certs_clear"); - if (sk == NULL) + if (ssl == NULL) return; - /* parse through stack freeing each node */ - while (sk) { - tmp = sk->next; - XFREE(sk->data.string, NULL, DYNAMIC_TYPE_OPENSSL); - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); - sk = tmp; + /* ctx still owns certificate, certChain, key, dh, and cm */ + if (ssl->buffers.weOwnCert) + FreeDer(&ssl->buffers.certificate); + ssl->buffers.certificate = NULL; + if (ssl->buffers.weOwnCertChain) + FreeDer(&ssl->buffers.certChain); + ssl->buffers.certChain = NULL; +#ifdef WOLFSSL_TLS13 + ssl->buffers.certChainCnt = 0; +#endif + if (ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif } + ssl->buffers.key = NULL; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.keyMask = NULL; +#endif + ssl->buffers.keyType = 0; + ssl->buffers.keyId = 0; + ssl->buffers.keyLabel = 0; + ssl->buffers.keySz = 0; + ssl->buffers.keyDevId = 0; +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (ssl->buffers.weOwnAltKey) { + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + } + ssl->buffers.altKey = NULL; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.altKeyMask = NULL; +#endif +#endif /* WOLFSSL_DUAL_ALG_CERTS */ } +#endif -WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, - int idx) -{ - for (; idx > 0 && strings != NULL; idx--) - strings = strings->next; - if (strings == NULL) - return NULL; - return strings->data.string; -} - -int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) -{ - if (strings) - return (int)strings->num; - return 0; -} - -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_QUIC) -#ifdef HAVE_ALPN -void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, - unsigned int *len) +long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) { - word16 nameLen; + WOLFSSL_ENTER("wolfSSL_ctrl"); + if (ssl == NULL) + return BAD_FUNC_ARG; - if (ssl != NULL && data != NULL && len != NULL) { - TLSX_ALPN_GetRequest(ssl->extensions, (void **)data, &nameLen); - *len = nameLen; + switch (cmd) { + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || \ + defined(OPENSSL_ALL) + #ifdef HAVE_SNI + case SSL_CTRL_SET_TLSEXT_HOSTNAME: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in NULL Host Name."); + break; + } + return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt); + #endif /* HAVE_SNI */ + #endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */ + default: + WOLFSSL_MSG("Case not implemented."); } + (void)opt; + (void)pt; + return WOLFSSL_FAILURE; } -int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen, - const unsigned char *in, unsigned int inLen, - const unsigned char *clientNames, - unsigned int clientLen) -{ - unsigned int i, j; - byte lenIn, lenClient; - - if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL) - return OPENSSL_NPN_UNSUPPORTED; - - for (i = 0; i < inLen; i += lenIn) { - lenIn = in[i++]; - for (j = 0; j < clientLen; j += lenClient) { - lenClient = clientNames[j++]; - - if (lenIn != lenClient) - continue; +long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) +{ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + long ctrl_opt; +#endif + long ret = WOLFSSL_SUCCESS; - if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) { - *out = (unsigned char *)(in + i); - *outLen = lenIn; - return OPENSSL_NPN_NEGOTIATED; + WOLFSSL_ENTER("wolfSSL_CTX_ctrl"); + if (ctx == NULL) + return WOLFSSL_FAILURE; + + switch (cmd) { + case SSL_CTRL_CHAIN: +#ifdef SESSION_CERTS + { + /* + * We don't care about opt here because a copy of the certificate is + * stored anyway so increasing the reference counter is not necessary. + * Just check to make sure that it is set to one of the correct values. + */ + WOLF_STACK_OF(WOLFSSL_X509)* sk = (WOLF_STACK_OF(WOLFSSL_X509)*) pt; + WOLFSSL_X509* x509; + int i; + if (opt != 0 && opt != 1) { + ret = WOLFSSL_FAILURE; + break; + } + /* Clear certificate chain */ + FreeDer(&ctx->certChain); + if (sk) { + for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { + x509 = wolfSSL_sk_X509_value(sk, i); + /* Prevent wolfSSL_CTX_add_extra_chain_cert from freeing cert */ + if (wolfSSL_X509_up_ref(x509) != 1) { + WOLFSSL_MSG("Error increasing reference count"); + continue; + } + if (wolfSSL_CTX_add_extra_chain_cert(ctx, x509) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error adding certificate to context"); + /* Decrease reference count on failure */ + wolfSSL_X509_free(x509); + } + } + } + /* Free previous chain */ + wolfSSL_sk_X509_pop_free(ctx->x509Chain, NULL); + ctx->x509Chain = sk; + if (sk && opt == 1) { + /* up all refs when opt == 1 */ + for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { + x509 = wolfSSL_sk_X509_value(sk, i); + if (wolfSSL_X509_up_ref(x509) != 1) { + WOLFSSL_MSG("Error increasing reference count"); + continue; + } } } } +#else + WOLFSSL_MSG("Session certificates not compiled in"); + ret = WOLFSSL_FAILURE; +#endif + break; - *out = (unsigned char *)clientNames + 1; - *outLen = clientNames[0]; - return OPENSSL_NPN_NO_OVERLAP; -} +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + case SSL_CTRL_OPTIONS: + WOLFSSL_MSG("Entering Case: SSL_CTRL_OPTIONS."); + ctrl_opt = wolfSSL_CTX_set_options(ctx, opt); -void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl, - int (*cb) (WOLFSSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) -{ - if (ssl != NULL) { - ssl->alpnSelect = cb; - ssl->alpnSelectArg = arg; - } -} + #ifdef WOLFSSL_QT + /* Set whether to use client or server cipher preference */ + if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) + == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("Using Server's Cipher Preference."); + ctx->useClientOrder = FALSE; + } else { + WOLFSSL_MSG("Using Client's Cipher Preference."); + ctx->useClientOrder = TRUE; + } + #endif /* WOLFSSL_QT */ -void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, - int (*cb) (WOLFSSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) -{ - if (ctx != NULL) { - ctx->alpnSelect = cb; - ctx->alpnSelectArg = arg; + return ctrl_opt; +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ + case SSL_CTRL_EXTRA_CHAIN_CERT: + WOLFSSL_MSG("Entering Case: SSL_CTRL_EXTRA_CHAIN_CERT."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in x509 pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_CTX_add_extra_chain_cert(ctx, (WOLFSSL_X509*)pt); + +#ifndef NO_DH + case SSL_CTRL_SET_TMP_DH: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_DH."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in DH pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_CTX_set_tmp_dh(ctx, (WOLFSSL_DH*)pt); +#endif + +#ifdef HAVE_ECC + case SSL_CTRL_SET_TMP_ECDH: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_ECDH."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in ECDH pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_SSL_CTX_set_tmp_ecdh(ctx, (WOLFSSL_EC_KEY*)pt); +#endif + case SSL_CTRL_MODE: + wolfSSL_CTX_set_mode(ctx,opt); + break; + case SSL_CTRL_SET_MIN_PROTO_VERSION: + WOLFSSL_MSG("set min proto version"); + return wolfSSL_CTX_set_min_proto_version(ctx, (int)opt); + case SSL_CTRL_SET_MAX_PROTO_VERSION: + WOLFSSL_MSG("set max proto version"); + return wolfSSL_CTX_set_max_proto_version(ctx, (int)opt); + case SSL_CTRL_GET_MIN_PROTO_VERSION: + WOLFSSL_MSG("get min proto version"); + return wolfSSL_CTX_get_min_proto_version(ctx); + case SSL_CTRL_GET_MAX_PROTO_VERSION: + WOLFSSL_MSG("get max proto version"); + return wolfSSL_CTX_get_max_proto_version(ctx); + default: + WOLFSSL_MSG("CTX_ctrl cmd not implemented"); + ret = WOLFSSL_FAILURE; + break; } -} -void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, - int (*cb) (WOLFSSL *ssl, - const unsigned char - **out, - unsigned int *outlen, - void *arg), void *arg) -{ - (void)s; - (void)cb; - (void)arg; - WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb"); + (void)ctx; + (void)cmd; + (void)opt; + (void)pt; + WOLFSSL_LEAVE("wolfSSL_CTX_ctrl", (int)ret); + return ret; } -void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, - int (*cb) (WOLFSSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)) { - (void)s; - (void)cb; - (void)arg; - WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb"); + (void) ctx; + (void) cmd; + (void) fp; + WOLFSSL_STUB("wolfSSL_CTX_callback_ctrl"); + return WOLFSSL_FAILURE; + } +#endif /* NO_WOLFSSL_STUB */ -void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, - unsigned *len) +#ifndef NO_WOLFSSL_STUB +long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx) { - (void)s; - (void)data; - (void)len; - WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated"); + return wolfSSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0L, NULL); } -#endif /* HAVE_ALPN */ - -#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ +#endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) -int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id) +/* Returns the verifyCallback from the ssl structure if successful. +Returns NULL otherwise. */ +VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) { - if (curve_id >= WOLFSSL_FFDHE_START) { - /* DH parameters are never disabled. */ - return 0; - } - if (curve_id > WOLFSSL_ECC_MAX_AVAIL) { - WOLFSSL_MSG("Curve id out of supported range"); - /* Disabled if not in valid range. */ - return 1; - } - if (curve_id >= 32) { - /* 0 is for invalid and 1-14 aren't used otherwise. */ - return (ssl->disabledCurves & (1U << (curve_id - 32))) != 0; + WOLFSSL_ENTER("wolfSSL_get_verify_callback"); + if (ssl) { + return ssl->verifyCallback; } - return (ssl->disabledCurves & (1U << curve_id)) != 0; + return NULL; } -#if (defined(HAVE_ECC) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) -static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names) +#ifndef NO_BIO +/* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. +Returns pointer to private EVP_PKEY struct upon success, NULL if there +is a failure.*/ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) { - int idx, start = 0, len, i, ret = WOLFSSL_FAILURE; - word16 curve; - word32 disabled; - char name[MAX_CURVE_NAME_SZ]; - byte groups_len = 0; -#ifdef WOLFSSL_SMALL_STACK - void *heap = ssl? ssl->heap : ctx ? ctx->heap : NULL; - int *groups; -#else - int groups[WOLFSSL_MAX_GROUP_COUNT]; -#endif + unsigned char* mem = NULL; + int memSz = 0; + WOLFSSL_EVP_PKEY* key = NULL; + unsigned char* extraBioMem = NULL; -#ifdef WOLFSSL_SMALL_STACK - groups = (int*)XMALLOC(sizeof(int)*WOLFSSL_MAX_GROUP_COUNT, - heap, DYNAMIC_TYPE_TMP_BUFFER); - if (groups == NULL) { - ret = MEMORY_E; - goto leave; + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio"); + + if (bio == NULL) { + return NULL; } -#endif + (void)out; - for (idx = 1; names[idx-1] != '\0'; idx++) { - if (names[idx] != ':' && names[idx] != '\0') - continue; + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_get_len() failure"); + return NULL; + } - len = idx - start; - if (len > MAX_CURVE_NAME_SZ - 1) - goto leave; + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } - XMEMCPY(name, names + start, len); - name[len++] = 0; + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { + int extraBioMemSz; + int derLength; - /* Use XSTRNCMP to avoid valgrind error. */ - if ((XSTRNCMP(name, "prime256v1", len) == 0) || - (XSTRNCMP(name, "secp256r1", len) == 0) || - (XSTRNCMP(name, "P-256", len) == 0)) - { - curve = WOLFSSL_ECC_SECP256R1; - } - else if ((XSTRNCMP(name, "secp384r1", len) == 0) || - (XSTRNCMP(name, "P-384", len) == 0)) - { - curve = WOLFSSL_ECC_SECP384R1; - } - else if ((XSTRNCMP(name, "secp521r1", len) == 0) || - (XSTRNCMP(name, "P-521", len) == 0)) - { - curve = WOLFSSL_ECC_SECP521R1; - } - #ifdef WOLFSSL_SM2 - else if ((XSTRNCMP(name, "sm2p256v1", len) == 0) || - (XSTRNCMP(name, "SM2", len) == 0)) - { - curve = WOLFSSL_ECC_SM2P256V1; - } - #endif - #ifdef HAVE_CURVE25519 - else if (XSTRNCMP(name, "X25519", len) == 0) - { - curve = WOLFSSL_ECC_X25519; - } - #endif - #ifdef HAVE_CURVE448 - else if (XSTRNCMP(name, "X448", len) == 0) - { - curve = WOLFSSL_ECC_X448; + /* Determines key type and returns the new private EVP_PKEY object */ + if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == + NULL) { + WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; } - #endif - else { - #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - int nret; - const ecc_set_type *eccSet; - nret = wc_ecc_get_curve_idx_from_name(name); - if (nret < 0) { - WOLFSSL_MSG("Could not find name in set"); - goto leave; + /* Write extra data back into bio object if necessary. */ + derLength = key->pkey_sz; + extraBioMemSz = (memSz - derLength); + if (extraBioMemSz > 0) { + int i; + int j = 0; + + extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (extraBioMem == NULL) { + WOLFSSL_MSG("Malloc failure"); + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; } - eccSet = wc_ecc_get_curve_params(ret); - if (eccSet == NULL) { - WOLFSSL_MSG("NULL set returned"); - goto leave; + for (i = derLength; i < memSz; i++) { + *(extraBioMem + j) = *(mem + i); + j++; } - curve = GetCurveByOID(eccSet->oidSum); - #else - WOLFSSL_MSG("API not present to search farther using name"); - goto leave; - #endif + wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); + if (wolfSSL_BIO_get_len(bio) <= 0) { + WOLFSSL_MSG("Failed to write memory to bio"); + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); } - if (curve >= WOLFSSL_ECC_MAX_AVAIL) { - WOLFSSL_MSG("curve value is not supported"); - goto leave; + if (out != NULL) { + *out = key; } + } + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif /* !NO_BIO */ - for (i = 0; i < groups_len; ++i) { - if (groups[i] == curve) { - /* silently drop duplicates */ - break; - } - } - if (i >= groups_len) { - if (groups_len >= WOLFSSL_MAX_GROUP_COUNT) { - WOLFSSL_MSG_EX("setting %d or more supported " - "curves is not permitted", groups_len); - goto leave; - } - groups[groups_len++] = (int)curve; - } +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ - start = idx + 1; - } - /* Disable all curves so that only the ones the user wants are enabled. */ - disabled = 0xFFFFFFFFUL; - for (i = 0; i < groups_len; ++i) { - /* Switch the bit to off and therefore is enabled. */ - curve = (word16)groups[i]; - if (curve >= 32) { - /* 0 is for invalid and 1-14 aren't used otherwise. */ - disabled &= ~(1U << (curve - 32)); - } - else { - disabled &= ~(1U << curve); - } - #ifdef HAVE_SUPPORTED_CURVES - #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_OLD_SET_CURVES_LIST) - /* using the wolfSSL API to set the groups, this will populate - * (ssl|ctx)->groups and reset any TLSX_SUPPORTED_GROUPS. - * The order in (ssl|ctx)->groups will then be respected - * when TLSX_KEY_SHARE needs to be established */ - if ((ssl && wolfSSL_set_groups(ssl, groups, groups_len) - != WOLFSSL_SUCCESS) - || (ctx && wolfSSL_CTX_set_groups(ctx, groups, groups_len) - != WOLFSSL_SUCCESS)) { - WOLFSSL_MSG("Unable to set supported curve"); - goto leave; - } - #elif !defined(NO_WOLFSSL_CLIENT) - /* set the supported curve so client TLS extension contains only the - * desired curves */ - if ((ssl && wolfSSL_UseSupportedCurve(ssl, curve) != WOLFSSL_SUCCESS) - || (ctx && wolfSSL_CTX_UseSupportedCurve(ctx, curve) - != WOLFSSL_SUCCESS)) { - WOLFSSL_MSG("Unable to set supported curve"); - goto leave; - } - #endif - #endif /* HAVE_SUPPORTED_CURVES */ - } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL) - if (ssl) - ssl->disabledCurves = disabled; +/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. + * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL + * on fail */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, + unsigned char** in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); + return d2iGenericKey(out, (const unsigned char**)in, inSz, 1); +} + +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || + * WOLFSSL_WPAS_SMALL*/ + + +/* stunnel compatibility functions*/ +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH))) +void wolfSSL_ERR_remove_thread_state(void* pid) +{ + (void) pid; + return; +} + +#ifndef NO_FILESYSTEM +/***TBD ***/ +void wolfSSL_print_all_errors_fp(XFILE fp) +{ + (void)fp; +} +#endif /* !NO_FILESYSTEM */ + +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || + HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH */ + +/* Note: This is a huge section of API's - through + * wolfSSL_X509_OBJECT_get0_X509_CRL */ +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) + +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \ + !defined(WOLFSSL_STATIC_MEMORY) +static wolfSSL_OSSL_Malloc_cb ossl_malloc = NULL; +static wolfSSL_OSSL_Free_cb ossl_free = NULL; +static wolfSSL_OSSL_Realloc_cb ossl_realloc = NULL; + +static void* OSSL_Malloc(size_t size) +{ + if (ossl_malloc != NULL) + return ossl_malloc(size, NULL, 0); else - ctx->disabledCurves = disabled; - ret = WOLFSSL_SUCCESS; + return NULL; +} -leave: -#ifdef WOLFSSL_SMALL_STACK - if (groups) - XFREE((void*)groups, heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif - return ret; +static void OSSL_Free(void *ptr) +{ + if (ossl_free != NULL) + ossl_free(ptr, NULL, 0); } -int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) +static void* OSSL_Realloc(void *ptr, size_t size) { - if (ctx == NULL || names == NULL) { - WOLFSSL_MSG("ctx or names was NULL"); - return WOLFSSL_FAILURE; - } - return set_curves_list(NULL, ctx, names); + if (ossl_realloc != NULL) + return ossl_realloc(ptr, size, NULL, 0); + else + return NULL; } +#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_DEBUG_MEMORY && + * !WOLFSSL_STATIC_MEMORY */ -int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) +int wolfSSL_CRYPTO_set_mem_functions( + wolfSSL_OSSL_Malloc_cb m, + wolfSSL_OSSL_Realloc_cb r, + wolfSSL_OSSL_Free_cb f) { - if (ssl == NULL || names == NULL) { - WOLFSSL_MSG("ssl or names was NULL"); - return WOLFSSL_FAILURE; +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) +#ifdef WOLFSSL_DEBUG_MEMORY + WOLFSSL_MSG("mem functions will receive function name instead of " + "file name"); + if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)m, (wolfSSL_Free_cb)f, + (wolfSSL_Realloc_cb)r) == 0) + return WOLFSSL_SUCCESS; +#else + WOLFSSL_MSG("wolfSSL was compiled without WOLFSSL_DEBUG_MEMORY mem " + "functions will receive a NULL file name and 0 for the " + "line number."); + if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)OSSL_Malloc, + (wolfSSL_Free_cb)OSSL_Free, (wolfSSL_Realloc_cb)OSSL_Realloc) == 0) { + ossl_malloc = m; + ossl_free = f; + ossl_realloc = r; + return WOLFSSL_SUCCESS; } - return set_curves_list(ssl, NULL, names); +#endif + else + return WOLFSSL_FAILURE; +#else + (void)m; + (void)r; + (void)f; + WOLFSSL_MSG("wolfSSL allocator callback functions not compiled in"); + return WOLFSSL_FAILURE; +#endif } -#endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */ -#endif /* OPENSSL_EXTRA || HAVE_CURL */ -#ifdef OPENSSL_EXTRA -/* Sets a callback for when sending and receiving protocol messages. - * This callback is copied to all WOLFSSL objects created from the ctx. - * - * ctx WOLFSSL_CTX structure to set callback in - * cb callback to use - * - * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE with error case - */ -int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) +int wolfSSL_ERR_load_ERR_strings(void) { - WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback"); - if (ctx == NULL) { - WOLFSSL_MSG("Null ctx passed in"); - return WOLFSSL_FAILURE; - } - - ctx->protoMsgCb = cb; return WOLFSSL_SUCCESS; } - -/* Sets a callback for when sending and receiving protocol messages. - * - * ssl WOLFSSL structure to set callback in - * cb callback to use - * - * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE with error case - */ -int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) +void wolfSSL_ERR_load_crypto_strings(void) { - WOLFSSL_ENTER("wolfSSL_set_msg_callback"); - - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } - - if (cb != NULL) { - ssl->toInfoOn = 1; - } - - ssl->protoMsgCb = cb; - return WOLFSSL_SUCCESS; + WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings"); + /* Do nothing */ + return; } +int wolfSSL_FIPS_mode(void) +{ +#ifdef HAVE_FIPS + return 1; +#else + return 0; +#endif +} -/* set the user argument to pass to the msg callback when called - * return WOLFSSL_SUCCESS on success */ -int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) +int wolfSSL_FIPS_mode_set(int r) { - WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback_arg"); - if (ctx == NULL) { - WOLFSSL_MSG("Null WOLFSSL_CTX passed in"); +#ifdef HAVE_FIPS + if (r == 0) { + WOLFSSL_MSG("Cannot disable FIPS at runtime."); return WOLFSSL_FAILURE; } - - ctx->protoMsgCtx = arg; return WOLFSSL_SUCCESS; +#else + if (r == 0) { + return WOLFSSL_SUCCESS; + } + WOLFSSL_MSG("Cannot enable FIPS. This isn't the wolfSSL FIPS code."); + return WOLFSSL_FAILURE; +#endif } - -int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) +int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { - WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg"); - if (ssl == NULL) - return WOLFSSL_FAILURE; + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits"); - ssl->protoMsgCtx = arg; - return WOLFSSL_SUCCESS; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + (void)alg_bits; + if (c!= NULL) + ret = c->bits; + #else + if (c != NULL && c->ssl != NULL) { + ret = 8 * c->ssl->specs.key_size; + if (alg_bits != NULL) { + *alg_bits = ret; + } + } + #endif + return ret; } -void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line) +/* returns value less than 0 on fail to match + * On a successful match the priority level found is returned + */ +int wolfSSL_sk_SSL_CIPHER_find( + WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind) { - void *ret; - (void)file; - (void)line; + WOLFSSL_STACK* next; + int i, sz; - if (data == NULL || siz >= INT_MAX) - return NULL; + if (sk == NULL || toFind == NULL) { + return WOLFSSL_FATAL_ERROR; + } - ret = OPENSSL_malloc(siz); - if (ret == NULL) { - return NULL; + sz = wolfSSL_sk_SSL_CIPHER_num(sk); + next = sk; + for (i = 0; i < sz && next != NULL; i++) { + if (next->data.cipher.cipherSuite0 == toFind->cipherSuite0 && + next->data.cipher.cipherSuite == toFind->cipherSuite) { + return sz - i; /* reverse because stack pushed highest on first */ + } + next = next->next; } - return XMEMCPY(ret, data, siz); + return WOLFSSL_FATAL_ERROR; } -void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len) +/* free's all nodes in the stack and there data */ +void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) { - if (ptr) - ForceZero(ptr, (word32)len); + WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_free"); + wolfSSL_sk_free(sk); } -int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, - unsigned int p_len) +#ifdef HAVE_SNI +int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) { - WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos"); - if (ctx == NULL) - return BAD_FUNC_ARG; - if (ctx->alpn_cli_protos != NULL) { - XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); - } - - ctx->alpn_cli_protos = (const unsigned char*)XMALLOC(p_len, - ctx->heap, DYNAMIC_TYPE_OPENSSL); - if (ctx->alpn_cli_protos == NULL) { -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 1; -#else - return WOLFSSL_FAILURE; -#endif - } - XMEMCPY((void*)ctx->alpn_cli_protos, p, p_len); - ctx->alpn_cli_protos_len = p_len; - -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 0; -#else - return WOLFSSL_SUCCESS; -#endif + int ret; + WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name"); + ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, + host_name, (word16)XSTRLEN(host_name)); + WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret); + return ret; } - -#ifdef HAVE_ALPN -#ifndef NO_BIO -/* Sets the ALPN extension protos - * - * example format is - * unsigned char p[] = { - * 8, 'h', 't', 't', 'p', '/', '1', '.', '1' - * }; - * - * returns WOLFSSL_SUCCESS on success */ -int wolfSSL_set_alpn_protos(WOLFSSL* ssl, - const unsigned char* p, unsigned int p_len) +/* May be called by server to get the requested accepted name and by the client + * to get the requested name. */ +const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) { - WOLFSSL_BIO* bio; - char* pt = NULL; - - unsigned int sz; - unsigned int idx = 0; - int alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; - WOLFSSL_ENTER("wolfSSL_set_alpn_protos"); - - if (ssl == NULL || p_len <= 1) { -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 1; -#else - return WOLFSSL_FAILURE; -#endif - } - - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - if (bio == NULL) { -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 1; -#else - return WOLFSSL_FAILURE; -#endif - } - - /* convert into comma separated list */ - while (idx < p_len - 1) { - unsigned int i; + void * serverName = NULL; + if (ssl == NULL) + return NULL; + TLSX_SNI_GetRequest(ssl->extensions, type, &serverName, + !wolfSSL_is_server(ssl)); + return (const char *)serverName; +} +#endif /* HAVE_SNI */ - sz = p[idx++]; - if (idx + sz > p_len) { - WOLFSSL_MSG("Bad list format"); - wolfSSL_BIO_free(bio); - #if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 1; - #else - return WOLFSSL_FAILURE; - #endif - } - if (sz > 0) { - for (i = 0; i < sz; i++) { - wolfSSL_BIO_write(bio, &p[idx++], 1); - } - if (idx < p_len - 1) - wolfSSL_BIO_write(bio, ",", 1); - } - } - wolfSSL_BIO_write(bio, "\0", 1); +WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) +{ + int ret; + /* This method requires some explanation. Its sibling is + * int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) + * which re-inits the WOLFSSL* with all settings in the new CTX. + * That one is the right one to use *before* a handshake is started. + * + * This method was added by OpenSSL to be used *during* the handshake, e.g. + * when a server inspects the SNI in a ClientHello callback and + * decides which set of certificates to use. + * + * Since, at the time the SNI callback is run, some decisions on + * Extensions or the ServerHello might already have been taken, this + * method is very restricted in what it does: + * - changing the server certificate(s) + * - changing the server id for session handling + * and everything else in WOLFSSL* needs to remain untouched. + */ + WOLFSSL_ENTER("wolfSSL_set_SSL_CTX"); + if (ssl == NULL || ctx == NULL) + return NULL; + if (ssl->ctx == ctx) + return ssl->ctx; - /* clears out all current ALPN extensions set */ - TLSX_Remove(&ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL, ssl->heap); + if (ctx->suites == NULL) { + /* suites */ + if (AllocateCtxSuites(ctx) != 0) + return NULL; + InitSSL_CTX_Suites(ctx); + } - if ((sz = wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) { - wolfSSL_UseALPN(ssl, pt, sz, (byte) alpn_opt); + wolfSSL_RefInc(&ctx->ref, &ret); +#ifdef WOLFSSL_REFCNT_ERROR_RETURN + if (ret != 0) { + /* can only fail on serious stuff, like mutex not working + * or ctx refcount out of whack. */ + return NULL; } - wolfSSL_BIO_free(bio); -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - /* 0 on success in OpenSSL, non-0 on failure in OpenSSL - * the function reverses the return value convention. - */ - return 0; #else - return WOLFSSL_SUCCESS; + (void)ret; #endif -} -#endif /* !NO_BIO */ -#endif /* HAVE_ALPN */ -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) + if (ssl->ctx != NULL) + wolfSSL_CTX_free(ssl->ctx); + ssl->ctx = ctx; -#ifndef NO_BIO -#define WOLFSSL_BIO_INCLUDED -#include "src/bio.c" +#ifndef NO_CERTS + /* ctx owns certificate, certChain and key */ + ssl->buffers.certificate = ctx->certificate; + ssl->buffers.certChain = ctx->certChain; +#ifdef WOLFSSL_TLS13 + ssl->buffers.certChainCnt = ctx->certChainCnt; +#endif +#ifndef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.key = ctx->privateKey; +#else + if (ctx->privateKey != NULL) { + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + /* Blind the private key for the SSL with new random mask. */ + wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + if (ret != 0) { + return ret; + } + } +#endif + ssl->buffers.keyType = ctx->privateKeyType; + ssl->buffers.keyId = ctx->privateKeyId; + ssl->buffers.keyLabel = ctx->privateKeyLabel; + ssl->buffers.keySz = ctx->privateKeySz; + ssl->buffers.keyDevId = ctx->privateKeyDevId; + /* flags indicating what certs/keys are available */ + ssl->options.haveRSA = ctx->haveRSA; + ssl->options.haveDH = ctx->haveDH; + ssl->options.haveECDSAsig = ctx->haveECDSAsig; + ssl->options.haveECC = ctx->haveECC; + ssl->options.haveStaticECC = ctx->haveStaticECC; + ssl->options.haveFalconSig = ctx->haveFalconSig; + ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; +#ifdef WOLFSSL_DUAL_ALG_CERTS +#ifndef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.altKey = ctx->altPrivateKey; +#else + if (ctx->altPrivateKey != NULL) { + AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ctx->altPrivateKey->length, ctx->altPrivateKey->type, + ctx->altPrivateKey->heap); + /* Blind the private key for the SSL with new random mask. */ + wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, + &ssl->buffers.altKeyMask); + if (ret != 0) { + return ret; + } + } +#endif + ssl->buffers.altKeySz = ctx->altPrivateKeySz; + ssl->buffers.altKeyType = ctx->altPrivateKeyType; +#endif /* WOLFSSL_DUAL_ALG_CERTS */ #endif -word32 nid2oid(int nid, int grp) -{ - /* get OID type */ - switch (grp) { - /* oidHashType */ - case oidHashType: - switch (nid) { - #ifdef WOLFSSL_MD2 - case NID_md2: - return MD2h; - #endif - #ifndef NO_MD5 - case NID_md5: - return MD5h; - #endif - #ifndef NO_SHA - case NID_sha1: - return SHAh; - #endif - case NID_sha224: - return SHA224h; - #ifndef NO_SHA256 - case NID_sha256: - return SHA256h; - #endif - #ifdef WOLFSSL_SHA384 - case NID_sha384: - return SHA384h; - #endif - #ifdef WOLFSSL_SHA512 - case NID_sha512: - return SHA512h; - #endif - #ifndef WOLFSSL_NOSHA3_224 - case NID_sha3_224: - return SHA3_224h; - #endif - #ifndef WOLFSSL_NOSHA3_256 - case NID_sha3_256: - return SHA3_256h; - #endif - #ifndef WOLFSSL_NOSHA3_384 - case NID_sha3_384: - return SHA3_384h; - #endif - #ifndef WOLFSSL_NOSHA3_512 - case NID_sha3_512: - return SHA3_512h; - #endif - } - break; - - /* oidSigType */ - case oidSigType: - switch (nid) { - #ifndef NO_DSA - case NID_dsaWithSHA1: - return CTC_SHAwDSA; - case NID_dsa_with_SHA256: - return CTC_SHA256wDSA; - #endif /* NO_DSA */ - #ifndef NO_RSA - case NID_md2WithRSAEncryption: - return CTC_MD2wRSA; - case NID_md5WithRSAEncryption: - return CTC_MD5wRSA; - case NID_sha1WithRSAEncryption: - return CTC_SHAwRSA; - case NID_sha224WithRSAEncryption: - return CTC_SHA224wRSA; - case NID_sha256WithRSAEncryption: - return CTC_SHA256wRSA; - case NID_sha384WithRSAEncryption: - return CTC_SHA384wRSA; - case NID_sha512WithRSAEncryption: - return CTC_SHA512wRSA; - #ifdef WOLFSSL_SHA3 - case NID_RSA_SHA3_224: - return CTC_SHA3_224wRSA; - case NID_RSA_SHA3_256: - return CTC_SHA3_256wRSA; - case NID_RSA_SHA3_384: - return CTC_SHA3_384wRSA; - case NID_RSA_SHA3_512: - return CTC_SHA3_512wRSA; - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - case NID_ecdsa_with_SHA1: - return CTC_SHAwECDSA; - case NID_ecdsa_with_SHA224: - return CTC_SHA224wECDSA; - case NID_ecdsa_with_SHA256: - return CTC_SHA256wECDSA; - case NID_ecdsa_with_SHA384: - return CTC_SHA384wECDSA; - case NID_ecdsa_with_SHA512: - return CTC_SHA512wECDSA; - #ifdef WOLFSSL_SHA3 - case NID_ecdsa_with_SHA3_224: - return CTC_SHA3_224wECDSA; - case NID_ecdsa_with_SHA3_256: - return CTC_SHA3_256wECDSA; - case NID_ecdsa_with_SHA3_384: - return CTC_SHA3_384wECDSA; - case NID_ecdsa_with_SHA3_512: - return CTC_SHA3_512wECDSA; - #endif - #endif /* HAVE_ECC */ - } - break; - - /* oidKeyType */ - case oidKeyType: - switch (nid) { - #ifndef NO_DSA - case NID_dsa: - return DSAk; - #endif /* NO_DSA */ - #ifndef NO_RSA - case NID_rsaEncryption: - return RSAk; - #endif /* NO_RSA */ - #ifdef HAVE_ECC - case NID_X9_62_id_ecPublicKey: - return ECDSAk; - #endif /* HAVE_ECC */ - } - break; - - - #ifdef HAVE_ECC - case oidCurveType: - switch (nid) { - case NID_X9_62_prime192v1: - return ECC_SECP192R1_OID; - case NID_X9_62_prime192v2: - return ECC_PRIME192V2_OID; - case NID_X9_62_prime192v3: - return ECC_PRIME192V3_OID; - case NID_X9_62_prime239v1: - return ECC_PRIME239V1_OID; - case NID_X9_62_prime239v2: - return ECC_PRIME239V2_OID; - case NID_X9_62_prime239v3: - return ECC_PRIME239V3_OID; - case NID_X9_62_prime256v1: - return ECC_SECP256R1_OID; - case NID_secp112r1: - return ECC_SECP112R1_OID; - case NID_secp112r2: - return ECC_SECP112R2_OID; - case NID_secp128r1: - return ECC_SECP128R1_OID; - case NID_secp128r2: - return ECC_SECP128R2_OID; - case NID_secp160r1: - return ECC_SECP160R1_OID; - case NID_secp160r2: - return ECC_SECP160R2_OID; - case NID_secp224r1: - return ECC_SECP224R1_OID; - case NID_secp384r1: - return ECC_SECP384R1_OID; - case NID_secp521r1: - return ECC_SECP521R1_OID; - case NID_secp160k1: - return ECC_SECP160K1_OID; - case NID_secp192k1: - return ECC_SECP192K1_OID; - case NID_secp224k1: - return ECC_SECP224K1_OID; - case NID_secp256k1: - return ECC_SECP256K1_OID; - case NID_brainpoolP160r1: - return ECC_BRAINPOOLP160R1_OID; - case NID_brainpoolP192r1: - return ECC_BRAINPOOLP192R1_OID; - case NID_brainpoolP224r1: - return ECC_BRAINPOOLP224R1_OID; - case NID_brainpoolP256r1: - return ECC_BRAINPOOLP256R1_OID; - case NID_brainpoolP320r1: - return ECC_BRAINPOOLP320R1_OID; - case NID_brainpoolP384r1: - return ECC_BRAINPOOLP384R1_OID; - case NID_brainpoolP512r1: - return ECC_BRAINPOOLP512R1_OID; - } - break; - #endif /* HAVE_ECC */ - - /* oidBlkType */ - case oidBlkType: - switch (nid) { - #ifdef WOLFSSL_AES_128 - case AES128CBCb: - return AES128CBCb; - #endif - #ifdef WOLFSSL_AES_192 - case AES192CBCb: - return AES192CBCb; - #endif - #ifdef WOLFSSL_AES_256 - case AES256CBCb: - return AES256CBCb; - #endif - #ifndef NO_DES3 - case NID_des: - return DESb; - case NID_des3: - return DES3b; - #endif - } - break; +#ifdef WOLFSSL_SESSION_ID_CTX + /* copy over application session context ID */ + ssl->sessionCtxSz = ctx->sessionCtxSz; + XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); +#endif - #ifdef HAVE_OCSP - case oidOcspType: - switch (nid) { - case NID_id_pkix_OCSP_basic: - return OCSP_BASIC_OID; - case OCSP_NONCE_OID: - return OCSP_NONCE_OID; - } - break; - #endif /* HAVE_OCSP */ + return ssl->ctx; +} - /* oidCertExtType */ - case oidCertExtType: - switch (nid) { - case NID_basic_constraints: - return BASIC_CA_OID; - case NID_subject_alt_name: - return ALT_NAMES_OID; - case NID_crl_distribution_points: - return CRL_DIST_OID; - case NID_info_access: - return AUTH_INFO_OID; - case NID_authority_key_identifier: - return AUTH_KEY_OID; - case NID_subject_key_identifier: - return SUBJ_KEY_OID; - case NID_inhibit_any_policy: - return INHIBIT_ANY_OID; - case NID_key_usage: - return KEY_USAGE_OID; - case NID_name_constraints: - return NAME_CONS_OID; - case NID_certificate_policies: - return CERT_POLICY_OID; - case NID_ext_key_usage: - return EXT_KEY_USAGE_OID; - } - break; - /* oidCertAuthInfoType */ - case oidCertAuthInfoType: - switch (nid) { - case NID_ad_OCSP: - return AIA_OCSP_OID; - case NID_ad_ca_issuers: - return AIA_CA_ISSUER_OID; - } - break; +VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_verify_callback"); + if(ctx) + return ctx->verifyCallback; + return NULL; +} - /* oidCertPolicyType */ - case oidCertPolicyType: - switch (nid) { - case NID_any_policy: - return CP_ANY_OID; - } - break; +#ifdef HAVE_SNI +/* this is a compatibility function, consider using + * wolfSSL_CTX_set_servername_callback */ +int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, + CallbackSniRecv cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_tlsext_servername_callback"); + if (ctx) { + ctx->sniRecvCb = cb; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} - /* oidCertAltNameType */ - case oidCertAltNameType: - switch (nid) { - case NID_hw_name_oid: - return HW_NAME_OID; - } - break; +#endif /* HAVE_SNI */ - /* oidCertKeyUseType */ - case oidCertKeyUseType: - switch (nid) { - case NID_anyExtendedKeyUsage: - return EKU_ANY_OID; - case EKU_SERVER_AUTH_OID: - return EKU_SERVER_AUTH_OID; - case EKU_CLIENT_AUTH_OID: - return EKU_CLIENT_AUTH_OID; - case EKU_OCSP_SIGN_OID: - return EKU_OCSP_SIGN_OID; - } - break; +#ifndef NO_BIO +void wolfSSL_ERR_load_BIO_strings(void) { + WOLFSSL_ENTER("wolfSSL_ERR_load_BIO_strings"); + /* do nothing */ +} +#endif - /* oidKdfType */ - case oidKdfType: - switch (nid) { - case PBKDF2_OID: - return PBKDF2_OID; - } - break; +#ifndef NO_WOLFSSL_STUB +/* Set THREADID callback, return 1 on success, 0 on error */ +int wolfSSL_THREADID_set_callback( + void(*threadid_func)(WOLFSSL_CRYPTO_THREADID*)) +{ + WOLFSSL_ENTER("wolfSSL_THREADID_set_callback"); + WOLFSSL_STUB("CRYPTO_THREADID_set_callback"); + (void)threadid_func; + return 1; +} +#endif - /* oidPBEType */ - case oidPBEType: - switch (nid) { - case PBE_SHA1_RC4_128: - return PBE_SHA1_RC4_128; - case PBE_SHA1_DES: - return PBE_SHA1_DES; - case PBE_SHA1_DES3: - return PBE_SHA1_DES3; - } - break; +#ifndef NO_WOLFSSL_STUB +void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) +{ + WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric"); + WOLFSSL_STUB("CRYPTO_THREADID_set_numeric"); + (void)id; + (void)val; + return; +} +#endif - /* oidKeyWrapType */ - case oidKeyWrapType: - switch (nid) { - #ifdef WOLFSSL_AES_128 - case AES128_WRAP: - return AES128_WRAP; - #endif - #ifdef WOLFSSL_AES_192 - case AES192_WRAP: - return AES192_WRAP; - #endif - #ifdef WOLFSSL_AES_256 - case AES256_WRAP: - return AES256_WRAP; - #endif - } - break; +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || + * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH || + * HAVE_SBLIM_SFCB)) */ - /* oidCmsKeyAgreeType */ - case oidCmsKeyAgreeType: - switch (nid) { - #ifndef NO_SHA - case dhSinglePass_stdDH_sha1kdf_scheme: - return dhSinglePass_stdDH_sha1kdf_scheme; - #endif - #ifdef WOLFSSL_SHA224 - case dhSinglePass_stdDH_sha224kdf_scheme: - return dhSinglePass_stdDH_sha224kdf_scheme; - #endif - #ifndef NO_SHA256 - case dhSinglePass_stdDH_sha256kdf_scheme: - return dhSinglePass_stdDH_sha256kdf_scheme; - #endif - #ifdef WOLFSSL_SHA384 - case dhSinglePass_stdDH_sha384kdf_scheme: - return dhSinglePass_stdDH_sha384kdf_scheme; - #endif - #ifdef WOLFSSL_SHA512 - case dhSinglePass_stdDH_sha512kdf_scheme: - return dhSinglePass_stdDH_sha512kdf_scheme; - #endif - } - break; +#ifdef HAVE_SNI - /* oidCmsKeyAgreeType */ - #ifdef WOLFSSL_CERT_REQ - case oidCsrAttrType: - switch (nid) { - case NID_pkcs9_contentType: - return PKCS9_CONTENT_TYPE_OID; - case NID_pkcs9_challengePassword: - return CHALLENGE_PASSWORD_OID; - case NID_serialNumber: - return SERIAL_NUMBER_OID; - case NID_userId: - return USER_ID_OID; - case NID_surname: - return SURNAME_OID; - } - break; - #endif +void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); + if (ctx) + ctx->sniRecvCb = cb; +} - default: - WOLFSSL_MSG("NID not in table"); - /* MSVC warns without the cast */ - return (word32)-1; + +int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg"); + if (ctx) { + ctx->sniRecvCbArg = arg; + return WOLFSSL_SUCCESS; } + return WOLFSSL_FAILURE; +} - /* MSVC warns without the cast */ - return (word32)-1; +#endif /* HAVE_SNI */ + +#if defined(OPENSSL_EXTRA) + +int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size) +{ + if (!a || !b) + return 0; + return ConstantCompare((const byte*)a, (const byte*)b, (int)size); } -int oid2nid(word32 oid, int grp) +unsigned long wolfSSL_ERR_peek_last_error(void) { - size_t i; - /* get OID type */ - switch (grp) { - /* oidHashType */ - case oidHashType: - switch (oid) { - #ifdef WOLFSSL_MD2 - case MD2h: - return NID_md2; - #endif - #ifndef NO_MD5 - case MD5h: - return NID_md5; - #endif - #ifndef NO_SHA - case SHAh: - return NID_sha1; - #endif - case SHA224h: - return NID_sha224; - #ifndef NO_SHA256 - case SHA256h: - return NID_sha256; - #endif - #ifdef WOLFSSL_SHA384 - case SHA384h: - return NID_sha384; - #endif - #ifdef WOLFSSL_SHA512 - case SHA512h: - return NID_sha512; - #endif - } - break; + WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); - /* oidSigType */ - case oidSigType: - switch (oid) { - #ifndef NO_DSA - case CTC_SHAwDSA: - return NID_dsaWithSHA1; - case CTC_SHA256wDSA: - return NID_dsa_with_SHA256; - #endif /* NO_DSA */ - #ifndef NO_RSA - case CTC_MD2wRSA: - return NID_md2WithRSAEncryption; - case CTC_MD5wRSA: - return NID_md5WithRSAEncryption; - case CTC_SHAwRSA: - return NID_sha1WithRSAEncryption; - case CTC_SHA224wRSA: - return NID_sha224WithRSAEncryption; - case CTC_SHA256wRSA: - return NID_sha256WithRSAEncryption; - case CTC_SHA384wRSA: - return NID_sha384WithRSAEncryption; - case CTC_SHA512wRSA: - return NID_sha512WithRSAEncryption; - #ifdef WOLFSSL_SHA3 - case CTC_SHA3_224wRSA: - return NID_RSA_SHA3_224; - case CTC_SHA3_256wRSA: - return NID_RSA_SHA3_256; - case CTC_SHA3_384wRSA: - return NID_RSA_SHA3_384; - case CTC_SHA3_512wRSA: - return NID_RSA_SHA3_512; - #endif - #ifdef WC_RSA_PSS - case CTC_RSASSAPSS: - return NID_rsassaPss; - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - case CTC_SHAwECDSA: - return NID_ecdsa_with_SHA1; - case CTC_SHA224wECDSA: - return NID_ecdsa_with_SHA224; - case CTC_SHA256wECDSA: - return NID_ecdsa_with_SHA256; - case CTC_SHA384wECDSA: - return NID_ecdsa_with_SHA384; - case CTC_SHA512wECDSA: - return NID_ecdsa_with_SHA512; - #ifdef WOLFSSL_SHA3 - case CTC_SHA3_224wECDSA: - return NID_ecdsa_with_SHA3_224; - case CTC_SHA3_256wECDSA: - return NID_ecdsa_with_SHA3_256; - case CTC_SHA3_384wECDSA: - return NID_ecdsa_with_SHA3_384; - case CTC_SHA3_512wECDSA: - return NID_ecdsa_with_SHA3_512; - #endif - #endif /* HAVE_ECC */ - } - break; +#ifdef WOLFSSL_HAVE_ERROR_QUEUE + { + int ret; - /* oidKeyType */ - case oidKeyType: - switch (oid) { - #ifndef NO_DSA - case DSAk: - return NID_dsa; - #endif /* NO_DSA */ - #ifndef NO_RSA - case RSAk: - return NID_rsaEncryption; - #ifdef WC_RSA_PSS - case RSAPSSk: - return NID_rsassaPss; - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - return NID_X9_62_id_ecPublicKey; - #endif /* HAVE_ECC */ - } - break; + if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) { + WOLFSSL_MSG("Issue peeking at error node in queue"); + return 0; + } + if (ret == -ASN_NO_PEM_HEADER) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + #if defined(WOLFSSL_PYTHON) + if (ret == ASN1_R_HEADER_TOO_LONG) + return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; + #endif + return (unsigned long)ret; + } +#else + return (unsigned long)(0 - NOT_COMPILED_IN); +#endif +} +#endif /* OPENSSL_EXTRA */ - #ifdef HAVE_ECC - case oidCurveType: - switch (oid) { - case ECC_SECP192R1_OID: - return NID_X9_62_prime192v1; - case ECC_PRIME192V2_OID: - return NID_X9_62_prime192v2; - case ECC_PRIME192V3_OID: - return NID_X9_62_prime192v3; - case ECC_PRIME239V1_OID: - return NID_X9_62_prime239v1; - case ECC_PRIME239V2_OID: - return NID_X9_62_prime239v2; - case ECC_PRIME239V3_OID: - return NID_X9_62_prime239v3; - case ECC_SECP256R1_OID: - return NID_X9_62_prime256v1; - case ECC_SECP112R1_OID: - return NID_secp112r1; - case ECC_SECP112R2_OID: - return NID_secp112r2; - case ECC_SECP128R1_OID: - return NID_secp128r1; - case ECC_SECP128R2_OID: - return NID_secp128r2; - case ECC_SECP160R1_OID: - return NID_secp160r1; - case ECC_SECP160R2_OID: - return NID_secp160r2; - case ECC_SECP224R1_OID: - return NID_secp224r1; - case ECC_SECP384R1_OID: - return NID_secp384r1; - case ECC_SECP521R1_OID: - return NID_secp521r1; - case ECC_SECP160K1_OID: - return NID_secp160k1; - case ECC_SECP192K1_OID: - return NID_secp192k1; - case ECC_SECP224K1_OID: - return NID_secp224k1; - case ECC_SECP256K1_OID: - return NID_secp256k1; - case ECC_BRAINPOOLP160R1_OID: - return NID_brainpoolP160r1; - case ECC_BRAINPOOLP192R1_OID: - return NID_brainpoolP192r1; - case ECC_BRAINPOOLP224R1_OID: - return NID_brainpoolP224r1; - case ECC_BRAINPOOLP256R1_OID: - return NID_brainpoolP256r1; - case ECC_BRAINPOOLP320R1_OID: - return NID_brainpoolP320r1; - case ECC_BRAINPOOLP384R1_OID: - return NID_brainpoolP384r1; - case ECC_BRAINPOOLP512R1_OID: - return NID_brainpoolP512r1; - } - break; - #endif /* HAVE_ECC */ +int wolfSSL_version(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_version"); + if (ssl->version.major == SSLv3_MAJOR) { + switch (ssl->version.minor) { + case SSLv3_MINOR : + return SSL3_VERSION; + case TLSv1_MINOR : + return TLS1_VERSION; + case TLSv1_1_MINOR : + return TLS1_1_VERSION; + case TLSv1_2_MINOR : + return TLS1_2_VERSION; + case TLSv1_3_MINOR : + return TLS1_3_VERSION; + default: + return WOLFSSL_FAILURE; + } + } + else if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + return DTLS1_VERSION; + case DTLSv1_2_MINOR : + return DTLS1_2_VERSION; + case DTLSv1_3_MINOR: + return DTLS1_3_VERSION; + default: + return WOLFSSL_FAILURE; + } + } + return WOLFSSL_FAILURE; +} - /* oidBlkType */ - case oidBlkType: - switch (oid) { - #ifdef WOLFSSL_AES_128 - case AES128CBCb: - return AES128CBCb; - #endif - #ifdef WOLFSSL_AES_192 - case AES192CBCb: - return AES192CBCb; - #endif - #ifdef WOLFSSL_AES_256 - case AES256CBCb: - return AES256CBCb; - #endif - #ifndef NO_DES3 - case DESb: - return NID_des; - case DES3b: - return NID_des3; - #endif - } - break; +WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); + return ssl->ctx; +} - #ifdef HAVE_OCSP - case oidOcspType: - switch (oid) { - case OCSP_BASIC_OID: - return NID_id_pkix_OCSP_basic; - case OCSP_NONCE_OID: - return OCSP_NONCE_OID; - } - break; - #endif /* HAVE_OCSP */ +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) - /* oidCertExtType */ - case oidCertExtType: - switch (oid) { - case BASIC_CA_OID: - return NID_basic_constraints; - case ALT_NAMES_OID: - return NID_subject_alt_name; - case CRL_DIST_OID: - return NID_crl_distribution_points; - case AUTH_INFO_OID: - return NID_info_access; - case AUTH_KEY_OID: - return NID_authority_key_identifier; - case SUBJ_KEY_OID: - return NID_subject_key_identifier; - case INHIBIT_ANY_OID: - return NID_inhibit_any_policy; - case KEY_USAGE_OID: - return NID_key_usage; - case NAME_CONS_OID: - return NID_name_constraints; - case CERT_POLICY_OID: - return NID_certificate_policies; - case EXT_KEY_USAGE_OID: - return NID_ext_key_usage; - } - break; +/* TODO: Doesn't currently track SSL_VERIFY_CLIENT_ONCE */ +int wolfSSL_get_verify_mode(const WOLFSSL* ssl) { + int mode = 0; + WOLFSSL_ENTER("wolfSSL_get_verify_mode"); - /* oidCertAuthInfoType */ - case oidCertAuthInfoType: - switch (oid) { - case AIA_OCSP_OID: - return NID_ad_OCSP; - case AIA_CA_ISSUER_OID: - return NID_ad_ca_issuers; - } - break; + if (!ssl) { + return WOLFSSL_FAILURE; + } - /* oidCertPolicyType */ - case oidCertPolicyType: - switch (oid) { - case CP_ANY_OID: - return NID_any_policy; - } - break; + if (ssl->options.verifyNone) { + mode = WOLFSSL_VERIFY_NONE; + } + else { + if (ssl->options.verifyPeer) { + mode |= WOLFSSL_VERIFY_PEER; + } + if (ssl->options.failNoCert) { + mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT; + } + if (ssl->options.failNoCertxPSK) { + mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK; + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (ssl->options.verifyPostHandshake) { + mode |= WOLFSSL_VERIFY_POST_HANDSHAKE; + } +#endif + } - /* oidCertAltNameType */ - case oidCertAltNameType: - switch (oid) { - case HW_NAME_OID: - return NID_hw_name_oid; - } - break; + WOLFSSL_LEAVE("wolfSSL_get_verify_mode", mode); + return mode; +} - /* oidCertKeyUseType */ - case oidCertKeyUseType: - switch (oid) { - case EKU_ANY_OID: - return NID_anyExtendedKeyUsage; - case EKU_SERVER_AUTH_OID: - return EKU_SERVER_AUTH_OID; - case EKU_CLIENT_AUTH_OID: - return EKU_CLIENT_AUTH_OID; - case EKU_OCSP_SIGN_OID: - return EKU_OCSP_SIGN_OID; - } - break; +int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx) +{ + int mode = 0; + WOLFSSL_ENTER("wolfSSL_CTX_get_verify_mode"); - /* oidKdfType */ - case oidKdfType: - switch (oid) { - case PBKDF2_OID: - return PBKDF2_OID; - } - break; + if (!ctx) { + return WOLFSSL_FAILURE; + } - /* oidPBEType */ - case oidPBEType: - switch (oid) { - case PBE_SHA1_RC4_128: - return PBE_SHA1_RC4_128; - case PBE_SHA1_DES: - return PBE_SHA1_DES; - case PBE_SHA1_DES3: - return PBE_SHA1_DES3; - } - break; + if (ctx->verifyNone) { + mode = WOLFSSL_VERIFY_NONE; + } + else { + if (ctx->verifyPeer) { + mode |= WOLFSSL_VERIFY_PEER; + } + if (ctx->failNoCert) { + mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT; + } + if (ctx->failNoCertxPSK) { + mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK; + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (ctx->verifyPostHandshake) { + mode |= WOLFSSL_VERIFY_POST_HANDSHAKE; + } +#endif + } - /* oidKeyWrapType */ - case oidKeyWrapType: - switch (oid) { - #ifdef WOLFSSL_AES_128 - case AES128_WRAP: - return AES128_WRAP; - #endif - #ifdef WOLFSSL_AES_192 - case AES192_WRAP: - return AES192_WRAP; - #endif - #ifdef WOLFSSL_AES_256 - case AES256_WRAP: - return AES256_WRAP; - #endif - } - break; + WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode); + return mode; +} - /* oidCmsKeyAgreeType */ - case oidCmsKeyAgreeType: - switch (oid) { - #ifndef NO_SHA - case dhSinglePass_stdDH_sha1kdf_scheme: - return dhSinglePass_stdDH_sha1kdf_scheme; - #endif - #ifdef WOLFSSL_SHA224 - case dhSinglePass_stdDH_sha224kdf_scheme: - return dhSinglePass_stdDH_sha224kdf_scheme; - #endif - #ifndef NO_SHA256 - case dhSinglePass_stdDH_sha256kdf_scheme: - return dhSinglePass_stdDH_sha256kdf_scheme; - #endif - #ifdef WOLFSSL_SHA384 - case dhSinglePass_stdDH_sha384kdf_scheme: - return dhSinglePass_stdDH_sha384kdf_scheme; - #endif - #ifdef WOLFSSL_SHA512 - case dhSinglePass_stdDH_sha512kdf_scheme: - return dhSinglePass_stdDH_sha512kdf_scheme; - #endif - } - break; +#endif + +#ifdef WOLFSSL_JNI + +int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr) +{ + WOLFSSL_ENTER("wolfSSL_set_jobject"); + if (ssl != NULL) + { + ssl->jObjectRef = objPtr; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} + +void* wolfSSL_get_jobject(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_jobject"); + if (ssl != NULL) + return ssl->jObjectRef; + return NULL; +} + +#endif /* WOLFSSL_JNI */ + + +#ifdef WOLFSSL_ASYNC_CRYPT +int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents, + WOLF_EVENT_FLAG flags, int* eventCount) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } -#ifdef WOLFSSL_CERT_REQ - case oidCsrAttrType: - switch (oid) { - case PKCS9_CONTENT_TYPE_OID: - return NID_pkcs9_contentType; - case CHALLENGE_PASSWORD_OID: - return NID_pkcs9_challengePassword; - case SERIAL_NUMBER_OID: - return NID_serialNumber; - case USER_ID_OID: - return NID_userId; - } - break; -#endif + return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL, + events, maxEvents, flags, eventCount); +} - default: - WOLFSSL_MSG("OID not in table"); +int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags) +{ + int ret, eventCount = 0; + WOLF_EVENT* events[1]; + + if (ssl == NULL) { + return BAD_FUNC_ARG; } - /* If not found in above switch then try the table */ - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { - if (wolfssl_object_info[i].id == (int)oid) { - return wolfssl_object_info[i].nid; - } + + ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, ssl, + events, sizeof(events)/sizeof(events[0]), flags, &eventCount); + if (ret == 0) { + ret = eventCount; } - return -1; + return ret; } +#endif /* WOLFSSL_ASYNC_CRYPT */ -/* frees all nodes in the current threads error queue - * - * id thread id. ERR_remove_state is depreciated and id is ignored. The - * current threads queue will be free'd. - */ -void wolfSSL_ERR_remove_state(unsigned long id) +#ifdef OPENSSL_EXTRA + +static int peek_ignore_err(int err) { - WOLFSSL_ENTER("wolfSSL_ERR_remove_state"); - (void)id; - if (wc_ERR_remove_state() != 0) { - WOLFSSL_MSG("Error with removing the state"); - } + switch(err) { + case -WC_NO_ERR_TRACE(WANT_READ): + case -WC_NO_ERR_TRACE(WANT_WRITE): + case -WC_NO_ERR_TRACE(ZERO_RETURN): + case -WOLFSSL_ERROR_ZERO_RETURN: + case -WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E): + case -WC_NO_ERR_TRACE(SOCKET_ERROR_E): + return 1; + default: + return 0; + } } -#endif /* OPENSSL_EXTRA */ +unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags) +{ + unsigned long err; + + WOLFSSL_ENTER("wolfSSL_ERR_peek_error_line_data"); + err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err); + if (err == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; #ifdef OPENSSL_ALL + /* PARSE_ERROR is returned if an HTTP request is detected. */ + else if (err == -WC_NO_ERR_TRACE(PARSE_ERROR)) + return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST; +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) + else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) + return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; +#endif + return err; +} +#endif -#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY* pkey, - const WOLFSSL_EVP_CIPHER* enc, - char* passwd, int passwdSz, - wc_pem_password_cb* cb, void* ctx) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +#if !defined(WOLFSSL_USER_IO) +/* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 + * example input would be "127.0.0.1" and the returned value would be 7F000001 + */ +WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa) { - int ret = 0; - char password[NAME_SZ]; - byte* key = NULL; - word32 keySz; - byte* pem = NULL; - int pemSz = 0; - int type = PKCS8_PRIVATEKEY_TYPE; - const byte* curveOid; - word32 oidSz; - - if (bio == NULL || pkey == NULL) - return -1; + int ipaSz = WOLFSSL_IP4_ADDR_LEN; + char buf[WOLFSSL_IP6_ADDR_LEN + 1]; /* plus 1 for terminator */ + int af = WOLFSSL_IP4; + WOLFSSL_ASN1_STRING *ret = NULL; - keySz = pkey->pkey_sz + 128; - key = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (key == NULL) - ret = MEMORY_E; + if (ipa == NULL) + return NULL; - if (ret == 0 && enc != NULL && passwd == NULL) { - passwdSz = cb(password, sizeof(password), 1, ctx); - if (passwdSz < 0) - ret = WOLFSSL_FAILURE; - passwd = password; + if (XSTRSTR(ipa, ":") != NULL) { + af = WOLFSSL_IP6; + ipaSz = WOLFSSL_IP6_ADDR_LEN; } - if (ret == 0 && enc != NULL) { - WC_RNG rng; - ret = wc_InitRng(&rng); - if (ret == 0) { - int encAlgId = 0; - #ifndef NO_DES3 - if (enc == EVP_DES_CBC) - encAlgId = DESb; - else if (enc == EVP_DES_EDE3_CBC) - encAlgId = DES3b; - else - #endif - #if !defined(NO_AES) && defined(HAVE_AES_CBC) - #ifdef WOLFSSL_AES_256 - if (enc == EVP_AES_256_CBC) - encAlgId = AES256CBCb; - else - #endif - #endif - ret = -1; - if (ret == 0) { - ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, key, - &keySz, passwd, passwdSz, PKCS5, PBES2, - encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, - &rng, NULL); - if (ret > 0) { - keySz = ret; - ret = 0; - } - } - wc_FreeRng(&rng); - } - type = PKCS8_ENC_PRIVATEKEY_TYPE; + buf[WOLFSSL_IP6_ADDR_LEN] = '\0'; + if (XINET_PTON(af, ipa, (void*)buf) != 1) { + WOLFSSL_MSG("Error parsing IP address"); + return NULL; } - if (ret == 0 && enc == NULL) { - int algId; - type = PKCS8_PRIVATEKEY_TYPE; - #ifdef HAVE_ECC - if (pkey->type == EVP_PKEY_EC) { - algId = ECDSAk; - ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, - &oidSz); - } - else - #endif - { - algId = RSAk; - curveOid = NULL; - oidSz = 0; - } - #ifdef HAVE_ECC - if (ret >= 0) - #endif - { - ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr, - pkey->pkey_sz, algId, curveOid, oidSz); - keySz = ret; + ret = wolfSSL_ASN1_STRING_new(); + if (ret != NULL) { + if (wolfSSL_ASN1_STRING_set(ret, buf, ipaSz) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error setting the string"); + wolfSSL_ASN1_STRING_free(ret); + ret = NULL; } } - if (password == passwd) - XMEMSET(password, 0, passwdSz); + return ret; +} +#endif /* !WOLFSSL_USER_IO */ - if (ret >= 0) { - pemSz = 2 * keySz + 2 * 64; - pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) - ret = MEMORY_E; +/* Is the specified cipher suite a fake one used an an extension proxy? */ +static WC_INLINE int SCSV_Check(byte suite0, byte suite) +{ + (void)suite0; + (void)suite; +#ifdef HAVE_RENEGOTIATION_INDICATION + if (suite0 == CIPHER_BYTE && suite == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + return 1; +#endif + return 0; +} + +static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0, + byte suite) +{ + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); + int i; + for (i = 0; i < cipherSz; i++) + if (cipher_names[i].cipherSuite0 == suite0 && + cipher_names[i].cipherSuite == suite) + break; + if (i == cipherSz) + return 1; + /* Check min version */ + if (cipher_names[i].minor < ssl->options.minDowngrade) { + if (ssl->options.minDowngrade <= TLSv1_2_MINOR && + cipher_names[i].minor >= TLSv1_MINOR) + /* 1.0 ciphersuites are in general available in 1.1 and + * 1.1 ciphersuites are in general available in 1.2 */ + return 0; + return 1; + } + /* Check max version */ + switch (cipher_names[i].minor) { + case SSLv3_MINOR : + return ssl->options.mask & WOLFSSL_OP_NO_SSLv3; + case TLSv1_MINOR : + return ssl->options.mask & WOLFSSL_OP_NO_TLSv1; + case TLSv1_1_MINOR : + return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1; + case TLSv1_2_MINOR : + return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2; + case TLSv1_3_MINOR : + return ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3; + default: + WOLFSSL_MSG("Unrecognized minor version"); + return 1; } +} + +/* returns a pointer to internal cipher suite list. Should not be free'd by + * caller. + */ +WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) +{ + WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; + const Suites* suites; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); +#endif - if (ret >= 0) - ret = wc_DerToPemEx(key, keySz, pem, pemSz, NULL, type); + WOLFSSL_ENTER("wolfSSL_get_ciphers_compat"); + if (ssl == NULL) + return NULL; - if (key != NULL) - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + suites = WOLFSSL_SUITES(ssl); + if (suites == NULL) + return NULL; - if (ret >= 0) { - if (wolfSSL_BIO_write(bio, pem, ret) != ret) - ret = -1; + /* check if stack needs populated */ + if (ssl->suitesStack == NULL) { + int i; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int j; + + /* higher priority of cipher suite will be on top of stack */ + for (i = suites->suiteSz - 2; i >=0; i-=2) { +#else + for (i = 0; i < suites->suiteSz; i+=2) { +#endif + WOLFSSL_STACK* add; + + /* A couple of suites are placeholders for special options, + * skip those. */ + if (SCSV_Check(suites->suites[i], suites->suites[i+1]) + || sslCipherMinMaxCheck(ssl, suites->suites[i], + suites->suites[i+1])) { + continue; + } + + add = wolfSSL_sk_new_node(ssl->heap); + if (add != NULL) { + add->type = STACK_TYPE_CIPHER; + add->data.cipher.cipherSuite0 = suites->suites[i]; + add->data.cipher.cipherSuite = suites->suites[i+1]; + add->data.cipher.ssl = ssl; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + for (j = 0; j < cipherSz; j++) { + if (cipher_names[j].cipherSuite0 == + add->data.cipher.cipherSuite0 && + cipher_names[j].cipherSuite == + add->data.cipher.cipherSuite) { + add->data.cipher.offset = (unsigned long)j; + break; + } + } +#endif + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* in_stack is checked in wolfSSL_CIPHER_description */ + add->data.cipher.in_stack = 1; + #endif + + add->next = ret; + if (ret != NULL) { + add->num = ret->num + 1; + } + else { + add->num = 1; + } + ret = add; + } + } + ((WOLFSSL*)ssl)->suitesStack = ret; } - - if (pem != NULL) - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return ret < 0 ? 0 : ret; - + return ssl->suitesStack; } +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -int wolfSSL_PEM_write_PKCS8PrivateKey(XFILE f, WOLFSSL_EVP_PKEY* pkey, - const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, - wc_pem_password_cb* cb, void* ctx) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) +long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) { - int ret = WOLFSSL_SUCCESS; - BIO *b; + WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout"); - WOLFSSL_ENTER("wolfSSL_PEM_write_PKCS8PrivateKey"); + if (ctx == NULL) + return 0; - b = wolfSSL_BIO_new_fp(f, BIO_NOCLOSE); - if (b == NULL) { - ret = WOLFSSL_FAILURE; - } - if (ret == WOLFSSL_SUCCESS) { - ret = wolfSSL_PEM_write_bio_PKCS8PrivateKey(b, pkey, enc, passwd, - passwdSz, cb, ctx); - } + return ctx->timeout; +} - wolfSSL_BIO_free(b); - return ret; +/* returns the time in seconds of the current timeout */ +long wolfSSL_get_timeout(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_timeout"); + + if (ssl == NULL) + return 0; + return ssl->timeout; } -#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ +#endif -static int bio_get_data(WOLFSSL_BIO* bio, byte** data) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + +#ifdef HAVE_ECC +int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh) { - int ret = 0; - byte* mem = NULL; + WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_tmp_ecdh"); - ret = wolfSSL_BIO_get_len(bio); - if (ret > 0) { - mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (mem == NULL) { - WOLFSSL_MSG("Memory error"); - ret = MEMORY_E; - } - if (ret >= 0) { - if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { - XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - ret = MEMORY_E; - mem = NULL; - } - } - } + if (ctx == NULL || ecdh == NULL) + return BAD_FUNC_ARG; - *data = mem; + ctx->ecdhCurveOID = (word32)ecdh->group->curve_oid; - return ret; + return WOLFSSL_SUCCESS; } - -/* DER data is PKCS#8 encrypted. */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** pkey, - wc_pem_password_cb* cb, - void* ctx) +#endif +#ifndef NO_BIO +BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) { - int ret; - byte* der; - int len; - byte* p; - word32 algId; - WOLFSSL_EVP_PKEY* key; - - if ((len = bio_get_data(bio, &der)) < 0) + WOLFSSL_ENTER("wolfSSL_SSL_get_rbio"); + /* Nginx sets the buffer size if the read BIO is different to write BIO. + * The setting buffer size doesn't do anything so return NULL for both. + */ + if (s == NULL) return NULL; - if (cb != NULL) { - char password[NAME_SZ]; - int passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); - if (passwordSz < 0) { - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wolfSSL_d2i_PKCS8PrivateKey_bio password", password, - passwordSz); - #endif - - ret = ToTraditionalEnc(der, len, password, passwordSz, &algId); - if (ret < 0) { - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - - ForceZero(password, passwordSz); - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(password, passwordSz); - #endif - } - - p = der; - key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len); - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return key; + return s->biord; } - -#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ - -/* Detect which type of key it is before decoding. */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, - const unsigned char** pp, - long length) +BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) { - int ret; - WOLFSSL_EVP_PKEY* key = NULL; - const byte* der = *pp; - word32 idx = 0; - int len = 0; - int cnt = 0; - word32 algId; - word32 keyLen = (word32)length; - - /* Take off PKCS#8 wrapper if found. */ - if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) { - der += idx; - keyLen = len; - } - idx = 0; - len = 0; - - /* Use the number of elements in the outer sequence to determine key type. + WOLFSSL_ENTER("wolfSSL_SSL_get_wbio"); + (void)s; + /* Nginx sets the buffer size if the read BIO is different to write BIO. + * The setting buffer size doesn't do anything so return NULL for both. */ - ret = GetSequence(der, &idx, &len, keyLen); - if (ret >= 0) { - word32 end = idx + len; - while (ret >= 0 && idx < end) { - /* Skip type */ - idx++; - /* Get length and skip over - keeping count */ - len = 0; - ret = GetLength(der, &idx, &len, keyLen); - if (ret >= 0) { - if (idx + len > end) - ret = ASN_PARSE_E; - else { - idx += len; - cnt++; - } - } - } - } - - if (ret >= 0) { - int type; - /* ECC includes version, private[, curve][, public key] */ - if (cnt >= 2 && cnt <= 4) - type = EVP_PKEY_EC; - else - type = EVP_PKEY_RSA; - - key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); - *pp = der; - } + if (s == NULL) + return NULL; - return key; + return s->biowr; } -#endif /* OPENSSL_ALL */ +#endif /* !NO_BIO */ -#ifdef WOLFSSL_STATIC_EPHEMERAL -int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) +int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s) { - int ret; - word32 idx = 0; - DerBuffer* der = NULL; - - if (ssl == NULL || ssl->ctx == NULL || keyPtr == NULL) { - return BAD_FUNC_ARG; - } - -#ifndef SINGLE_THREADED - if (!ssl->ctx->staticKELockInit) { - return BUFFER_E; /* no keys set */ - } - ret = wc_LockMutex(&ssl->ctx->staticKELock); - if (ret != 0) { - return ret; - } -#endif + WOLFSSL_ENTER("wolfSSL_SSL_do_handshake_internal"); + if (s == NULL) + return WOLFSSL_FAILURE; - ret = BUFFER_E; /* set default error */ - switch (keyAlgo) { - #ifndef NO_DH - case WC_PK_TYPE_DH: - if (ssl != NULL) - der = ssl->staticKE.dhKey; - if (der == NULL) - der = ssl->ctx->staticKE.dhKey; - if (der != NULL) { - DhKey* key = (DhKey*)keyPtr; - WOLFSSL_MSG("Using static DH key"); - ret = wc_DhKeyDecode(der->buffer, &idx, key, der->length); - } - break; - #endif - #ifdef HAVE_ECC - case WC_PK_TYPE_ECDH: - if (ssl != NULL) - der = ssl->staticKE.ecKey; - if (der == NULL) - der = ssl->ctx->staticKE.ecKey; - if (der != NULL) { - ecc_key* key = (ecc_key*)keyPtr; - WOLFSSL_MSG("Using static ECDH key"); - ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length); - } - break; - #endif - #ifdef HAVE_CURVE25519 - case WC_PK_TYPE_CURVE25519: - if (ssl != NULL) - der = ssl->staticKE.x25519Key; - if (der == NULL) - der = ssl->ctx->staticKE.x25519Key; - if (der != NULL) { - curve25519_key* key = (curve25519_key*)keyPtr; - WOLFSSL_MSG("Using static X25519 key"); - ret = wc_Curve25519PrivateKeyDecode(der->buffer, &idx, key, - der->length); - } - break; - #endif - #ifdef HAVE_CURVE448 - case WC_PK_TYPE_CURVE448: - if (ssl != NULL) - der = ssl->staticKE.x448Key; - if (der == NULL) - der = ssl->ctx->staticKE.x448Key; - if (der != NULL) { - curve448_key* key = (curve448_key*)keyPtr; - WOLFSSL_MSG("Using static X448 key"); - ret = wc_Curve448PrivateKeyDecode(der->buffer, &idx, key, - der->length); - } - break; + if (s->options.side == WOLFSSL_CLIENT_END) { + #ifndef NO_WOLFSSL_CLIENT + return wolfSSL_connect(s); + #else + WOLFSSL_MSG("Client not compiled in"); + return WOLFSSL_FAILURE; #endif - default: - /* not supported */ - ret = NOT_COMPILED_IN; - break; } -#ifndef SINGLE_THREADED - wc_UnLockMutex(&ssl->ctx->staticKELock); +#ifndef NO_WOLFSSL_SERVER + return wolfSSL_accept(s); +#else + WOLFSSL_MSG("Server not compiled in"); + return WOLFSSL_FAILURE; #endif - return ret; } -static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx, - StaticKeyExchangeInfo_t* staticKE, int keyAlgo, const char* key, - unsigned int keySz, int format, void* heap) +int wolfSSL_SSL_do_handshake(WOLFSSL *s) { - int ret = 0; - DerBuffer* der = NULL; - byte* keyBuf = NULL; -#ifndef NO_FILESYSTEM - const char* keyFile = NULL; + WOLFSSL_ENTER("wolfSSL_SSL_do_handshake"); +#ifdef WOLFSSL_QUIC + if (WOLFSSL_IS_QUIC(s)) { + return wolfSSL_quic_do_handshake(s); + } #endif + return wolfSSL_SSL_do_handshake_internal(s); +} - /* allow empty key to free buffer */ - if (staticKE == NULL || (key == NULL && keySz > 0)) { - return BAD_FUNC_ARG; +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L +int wolfSSL_SSL_in_init(const WOLFSSL *ssl) +#else +int wolfSSL_SSL_in_init(WOLFSSL *ssl) +#endif +{ + WOLFSSL_ENTER("wolfSSL_SSL_in_init"); + + return !wolfSSL_is_init_finished(ssl); +} + +int wolfSSL_SSL_in_before(const WOLFSSL *ssl) +{ + WOLFSSL_ENTER("wolfSSL_SSL_in_before"); + + if (ssl == NULL) + return WOLFSSL_FAILURE; + + return ssl->options.handShakeState == NULL_STATE; +} + +int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_SSL_in_connect_init"); + + if (ssl == NULL) + return WOLFSSL_FAILURE; + + if (ssl->options.side == WOLFSSL_CLIENT_END) { + return ssl->options.connectState > CONNECT_BEGIN && + ssl->options.connectState < SECOND_REPLY_DONE; } - WOLFSSL_ENTER("SetStaticEphemeralKey"); + return ssl->options.acceptState > ACCEPT_BEGIN && + ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE; +} - /* if just free'ing key then skip loading */ - if (key != NULL) { - #ifndef NO_FILESYSTEM - /* load file from filesystem */ - if (key != NULL && keySz == 0) { - size_t keyBufSz = 0; - keyFile = (const char*)key; - ret = wc_FileLoad(keyFile, &keyBuf, &keyBufSz, heap); - if (ret != 0) { - return ret; - } - keySz = (unsigned int)keyBufSz; - } - else - #endif - { - /* use as key buffer directly */ - keyBuf = (byte*)key; - } +#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) +/* Expected return values from implementations of OpenSSL ticket key callback. + */ +#define TICKET_KEY_CB_RET_FAILURE (-1) +#define TICKET_KEY_CB_RET_NOT_FOUND 0 +#define TICKET_KEY_CB_RET_OK 1 +#define TICKET_KEY_CB_RET_RENEW 2 - if (format == WOLFSSL_FILETYPE_PEM) { - #ifdef WOLFSSL_PEM_TO_DER - int keyFormat = 0; - ret = PemToDer(keyBuf, keySz, PRIVATEKEY_TYPE, &der, - heap, NULL, &keyFormat); - /* auto detect key type */ - if (ret == 0 && keyAlgo == WC_PK_TYPE_NONE) { - if (keyFormat == ECDSAk) - keyAlgo = WC_PK_TYPE_ECDH; - else if (keyFormat == X25519k) - keyAlgo = WC_PK_TYPE_CURVE25519; - else - keyAlgo = WC_PK_TYPE_DH; - } - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - /* Detect PK type (if required) */ - #ifdef HAVE_ECC - if (keyAlgo == WC_PK_TYPE_NONE) { - word32 idx = 0; - ecc_key eccKey; - ret = wc_ecc_init_ex(&eccKey, heap, INVALID_DEVID); - if (ret == 0) { - ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &eccKey, keySz); - if (ret == 0) - keyAlgo = WC_PK_TYPE_ECDH; - wc_ecc_free(&eccKey); - } - } - #endif - #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) - if (keyAlgo == WC_PK_TYPE_NONE) { - word32 idx = 0; - DhKey dhKey; - ret = wc_InitDhKey_ex(&dhKey, heap, INVALID_DEVID); - if (ret == 0) { - ret = wc_DhKeyDecode(keyBuf, &idx, &dhKey, keySz); - if (ret == 0) - keyAlgo = WC_PK_TYPE_DH; - wc_FreeDhKey(&dhKey); - } - } - #endif - #ifdef HAVE_CURVE25519 - if (keyAlgo == WC_PK_TYPE_NONE) { - word32 idx = 0; - curve25519_key x25519Key; - ret = wc_curve25519_init_ex(&x25519Key, heap, INVALID_DEVID); - if (ret == 0) { - ret = wc_Curve25519PrivateKeyDecode(keyBuf, &idx, &x25519Key, - keySz); - if (ret == 0) - keyAlgo = WC_PK_TYPE_CURVE25519; - wc_curve25519_free(&x25519Key); - } - } - #endif - #ifdef HAVE_CURVE448 - if (keyAlgo == WC_PK_TYPE_NONE) { - word32 idx = 0; - curve448_key x448Key; - ret = wc_curve448_init(&x448Key); - if (ret == 0) { - ret = wc_Curve448PrivateKeyDecode(keyBuf, &idx, &x448Key, - keySz); - if (ret == 0) - keyAlgo = WC_PK_TYPE_CURVE448; - wc_curve448_free(&x448Key); - } - } - #endif +/* Implementation of session ticket encryption/decryption using OpenSSL + * callback to initialize the cipher and HMAC. + * + * ssl The SSL/TLS object. + * keyName The key name - used to identify the key to be used. + * iv The IV to use. + * mac The MAC of the encrypted data. + * enc Encrypt ticket. + * encTicket The ticket data. + * encTicketLen The length of the ticket data. + * encLen The encrypted/decrypted ticket length - output length. + * ctx Ignored. Application specific data. + * returns WOLFSSL_TICKET_RET_OK to indicate success, + * WOLFSSL_TICKET_RET_CREATE if a new ticket is required and + * WOLFSSL_TICKET_RET_FATAL on error. + */ +static int wolfSSL_TicketKeyCb(WOLFSSL* ssl, + unsigned char keyName[WOLFSSL_TICKET_NAME_SZ], + unsigned char iv[WOLFSSL_TICKET_IV_SZ], + unsigned char mac[WOLFSSL_TICKET_MAC_SZ], + int enc, unsigned char* encTicket, + int encTicketLen, int* encLen, void* ctx) +{ + byte digest[WC_MAX_DIGEST_SIZE]; +#ifdef WOLFSSL_SMALL_STACK + WOLFSSL_EVP_CIPHER_CTX *evpCtx; +#else + WOLFSSL_EVP_CIPHER_CTX evpCtx[1]; +#endif + WOLFSSL_HMAC_CTX hmacCtx; + unsigned int mdSz = 0; + int len = 0; + int ret = WOLFSSL_TICKET_RET_FATAL; + int res; + int totalSz = 0; - if (keyAlgo != WC_PK_TYPE_NONE) { - ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap); - if (ret == 0) { - XMEMCPY(der->buffer, keyBuf, keySz); - } - } - } + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_TicketKeyCb"); + + if (ssl == NULL || ssl->ctx == NULL || ssl->ctx->ticketEncWrapCb == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_TICKET_RET_FATAL; + } + +#ifdef WOLFSSL_SMALL_STACK + evpCtx = (WOLFSSL_EVP_CIPHER_CTX *)XMALLOC(sizeof(*evpCtx), ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (evpCtx == NULL) { + WOLFSSL_MSG("out of memory"); + return WOLFSSL_TICKET_RET_FATAL; + } +#endif + + /* Initialize the cipher and HMAC. */ + wolfSSL_EVP_CIPHER_CTX_init(evpCtx); + if (wolfSSL_HMAC_CTX_Init(&hmacCtx) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init error"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(evpCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return WOLFSSL_TICKET_RET_FATAL; + } + res = ssl->ctx->ticketEncWrapCb(ssl, keyName, + iv, evpCtx, &hmacCtx, enc); + if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) { + WOLFSSL_MSG("Ticket callback error"); + ret = WOLFSSL_TICKET_RET_FATAL; + goto end; } -#ifndef NO_FILESYSTEM - /* done with keyFile buffer */ - if (keyFile && keyBuf) { - XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (wolfSSL_HMAC_size(&hmacCtx) > WOLFSSL_TICKET_MAC_SZ) { + WOLFSSL_MSG("Ticket cipher MAC size error"); + goto end; + } + + if (enc) + { + /* Encrypt in place. */ + if (!wolfSSL_EVP_CipherUpdate(evpCtx, encTicket, &len, + encTicket, encTicketLen)) + goto end; + totalSz = len; + if (totalSz > *encLen) + goto end; + if (!wolfSSL_EVP_EncryptFinal(evpCtx, &encTicket[len], &len)) + goto end; + /* Total length of encrypted data. */ + totalSz += len; + if (totalSz > *encLen) + goto end; + + /* HMAC the encrypted data into the parameter 'mac'. */ + if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, totalSz)) + goto end; + if (!wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz)) + goto end; } -#endif + else + { + /* HMAC the encrypted data and compare it to the passed in data. */ + if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen)) + goto end; + if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz)) + goto end; + if (XMEMCMP(mac, digest, mdSz) != 0) + goto end; -#ifndef SINGLE_THREADED - if (ret == 0 && !ctx->staticKELockInit) { - ret = wc_InitMutex(&ctx->staticKELock); - if (ret == 0) { - ctx->staticKELockInit = 1; - } + /* Decrypt the ticket data in place. */ + if (!wolfSSL_EVP_CipherUpdate(evpCtx, encTicket, &len, + encTicket, encTicketLen)) + goto end; + totalSz = len; + if (totalSz > encTicketLen) + goto end; + if (!wolfSSL_EVP_DecryptFinal(evpCtx, &encTicket[len], &len)) + goto end; + /* Total length of decrypted data. */ + totalSz += len; + if (totalSz > encTicketLen) + goto end; } + *encLen = totalSz; + + if (res == TICKET_KEY_CB_RET_RENEW && !IsAtLeastTLSv1_3(ssl->version) + && !enc) + ret = WOLFSSL_TICKET_RET_CREATE; + else + ret = WOLFSSL_TICKET_RET_OK; +end: + + (void)wc_HmacFree(&hmacCtx.hmac); + (void)wolfSSL_EVP_CIPHER_CTX_cleanup(evpCtx); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(evpCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret == 0 - #ifndef SINGLE_THREADED - && (ret = wc_LockMutex(&ctx->staticKELock)) == 0 - #endif - ) { - switch (keyAlgo) { - #ifndef NO_DH - case WC_PK_TYPE_DH: - FreeDer(&staticKE->dhKey); - staticKE->dhKey = der; der = NULL; - break; - #endif - #ifdef HAVE_ECC - case WC_PK_TYPE_ECDH: - FreeDer(&staticKE->ecKey); - staticKE->ecKey = der; der = NULL; - break; - #endif - #ifdef HAVE_CURVE25519 - case WC_PK_TYPE_CURVE25519: - FreeDer(&staticKE->x25519Key); - staticKE->x25519Key = der; der = NULL; - break; - #endif - #ifdef HAVE_CURVE448 - case WC_PK_TYPE_CURVE448: - FreeDer(&staticKE->x448Key); - staticKE->x448Key = der; der = NULL; - break; - #endif - default: - /* not supported */ - ret = NOT_COMPILED_IN; - break; - } - #ifndef SINGLE_THREADED - wc_UnLockMutex(&ctx->staticKELock); - #endif + return ret; +} + +/* Set the callback to use when encrypting/decrypting tickets. + * + * ctx The SSL/TLS context object. + * cb The OpenSSL session ticket callback. + * returns WOLFSSL_SUCCESS to indicate success. + */ +int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, ticketCompatCb cb) +{ + + /* Set the ticket encryption callback to be a wrapper around OpenSSL + * callback. + */ + ctx->ticketEncCb = wolfSSL_TicketKeyCb; + ctx->ticketEncWrapCb = cb; + + return WOLFSSL_SUCCESS; +} + +#endif /* HAVE_SESSION_TICKET */ + +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY */ + +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + !defined(NO_WOLFSSL_SERVER) +/* Serialize the session ticket encryption keys. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] keys Buffer to hold session ticket keys. + * @param [in] keylen Length of buffer. + * @return WOLFSSL_SUCCESS on success. + * @return WOLFSSL_FAILURE when ctx is NULL, keys is NULL or keylen is not the + * correct length. + */ +long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx, + unsigned char *keys, int keylen) +{ + if (ctx == NULL || keys == NULL) { + return WOLFSSL_FAILURE; + } + if (keylen != WOLFSSL_TICKET_KEYS_SZ) { + return WOLFSSL_FAILURE; } - if (ret != 0) { - FreeDer(&der); + XMEMCPY(keys, ctx->ticketKeyCtx.name, WOLFSSL_TICKET_NAME_SZ); + keys += WOLFSSL_TICKET_NAME_SZ; + XMEMCPY(keys, ctx->ticketKeyCtx.key[0], WOLFSSL_TICKET_KEY_SZ); + keys += WOLFSSL_TICKET_KEY_SZ; + XMEMCPY(keys, ctx->ticketKeyCtx.key[1], WOLFSSL_TICKET_KEY_SZ); + keys += WOLFSSL_TICKET_KEY_SZ; + c32toa(ctx->ticketKeyCtx.expirary[0], keys); + keys += OPAQUE32_LEN; + c32toa(ctx->ticketKeyCtx.expirary[1], keys); + + return WOLFSSL_SUCCESS; +} + +/* Deserialize the session ticket encryption keys. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] keys Session ticket keys. + * @param [in] keylen Length of data. + * @return WOLFSSL_SUCCESS on success. + * @return WOLFSSL_FAILURE when ctx is NULL, keys is NULL or keylen is not the + * correct length. + */ +long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx, + const void *keys_vp, int keylen) +{ + const byte* keys = (const byte*)keys_vp; + if (ctx == NULL || keys == NULL) { + return WOLFSSL_FAILURE; + } + if (keylen != WOLFSSL_TICKET_KEYS_SZ) { + return WOLFSSL_FAILURE; } - (void)ctx; /* not used for single threaded */ + XMEMCPY(ctx->ticketKeyCtx.name, keys, WOLFSSL_TICKET_NAME_SZ); + keys += WOLFSSL_TICKET_NAME_SZ; + XMEMCPY(ctx->ticketKeyCtx.key[0], keys, WOLFSSL_TICKET_KEY_SZ); + keys += WOLFSSL_TICKET_KEY_SZ; + XMEMCPY(ctx->ticketKeyCtx.key[1], keys, WOLFSSL_TICKET_KEY_SZ); + keys += WOLFSSL_TICKET_KEY_SZ; + ato32(keys, &ctx->ticketKeyCtx.expirary[0]); + keys += OPAQUE32_LEN; + ato32(keys, &ctx->ticketKeyCtx.expirary[1]); - WOLFSSL_LEAVE("SetStaticEphemeralKey", ret); + return WOLFSSL_SUCCESS; +} +#endif - return ret; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef HAVE_OCSP +/* Not an OpenSSL API. */ +int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response) +{ + *response = ssl->ocspResp; + return ssl->ocspRespSz; } -int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, - const char* key, unsigned int keySz, int format) +/* Not an OpenSSL API. */ +char* wolfSSL_get_ocsp_url(WOLFSSL* ssl) { - if (ctx == NULL) { - return BAD_FUNC_ARG; - } - return SetStaticEphemeralKey(ctx, &ctx->staticKE, keyAlgo, - key, keySz, format, ctx->heap); + return ssl->url; } -int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, - const char* key, unsigned int keySz, int format) + +/* Not an OpenSSL API. */ +int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) { - if (ssl == NULL || ssl->ctx == NULL) { + if (ssl == NULL) + return WOLFSSL_FAILURE; + + ssl->url = url; + return WOLFSSL_SUCCESS; +} +#endif /* OCSP */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) +int wolfSSL_get_ocsp_producedDate( + WOLFSSL *ssl, + byte *producedDate, + size_t producedDate_space, + int *producedDateFormat) +{ + if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && + (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) return BAD_FUNC_ARG; - } - return SetStaticEphemeralKey(ssl->ctx, &ssl->staticKE, keyAlgo, - key, keySz, format, ssl->heap); + + if ((producedDate == NULL) || (producedDateFormat == NULL)) + return BAD_FUNC_ARG; + + if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space) + return BUFFER_E; + + XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, + producedDate_space); + *producedDateFormat = ssl->ocspProducedDateFormat; + + return 0; +} + +int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { + int idx = 0; + + if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && + (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) + return BAD_FUNC_ARG; + + if (produced_tm == NULL) + return BAD_FUNC_ARG; + + if (ExtractDate(ssl->ocspProducedDate, + (unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx)) + return 0; + else + return ASN_PARSE_E; } +#endif -static int GetStaticEphemeralKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - int keyAlgo, const unsigned char** key, unsigned int* keySz) -{ - int ret = 0; - DerBuffer* der = NULL; - if (key) *key = NULL; - if (keySz) *keySz = 0; +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(X509)** chain) +{ + word32 idx; + word32 length; + WOLFSSL_STACK* node; + WOLFSSL_STACK* last = NULL; -#ifndef SINGLE_THREADED - if (ctx->staticKELockInit && - (ret = wc_LockMutex(&ctx->staticKELock)) != 0) { - return ret; + if (ctx == NULL || chain == NULL) { + chain = NULL; + return WOLFSSL_FAILURE; } -#endif - - switch (keyAlgo) { - #ifndef NO_DH - case WC_PK_TYPE_DH: - if (ssl != NULL) - der = ssl->staticKE.dhKey; - if (der == NULL) - der = ctx->staticKE.dhKey; - break; - #endif - #ifdef HAVE_ECC - case WC_PK_TYPE_ECDH: - if (ssl != NULL) - der = ssl->staticKE.ecKey; - if (der == NULL) - der = ctx->staticKE.ecKey; - break; - #endif - #ifdef HAVE_CURVE25519 - case WC_PK_TYPE_CURVE25519: - if (ssl != NULL) - der = ssl->staticKE.x25519Key; - if (der == NULL) - der = ctx->staticKE.x25519Key; - break; - #endif - #ifdef HAVE_CURVE448 - case WC_PK_TYPE_CURVE448: - if (ssl != NULL) - der = ssl->staticKE.x448Key; - if (der == NULL) - der = ctx->staticKE.x448Key; - break; - #endif - default: - /* not supported */ - ret = NOT_COMPILED_IN; - break; + if (ctx->x509Chain != NULL) { + *chain = ctx->x509Chain; + return WOLFSSL_SUCCESS; } - if (der) { - if (key) - *key = der->buffer; - if (keySz) - *keySz = der->length; + /* If there are no chains then success! */ + *chain = NULL; + if (ctx->certChain == NULL || ctx->certChain->length == 0) { + return WOLFSSL_SUCCESS; } -#ifndef SINGLE_THREADED - wc_UnLockMutex(&ctx->staticKELock); -#endif + /* Create a new stack of WOLFSSL_X509 object from chain buffer. */ + for (idx = 0; idx < ctx->certChain->length; ) { + node = wolfSSL_sk_X509_new_null(); + if (node == NULL) + return WOLFSSL_FAILURE; + node->next = NULL; - return ret; -} + /* 3 byte length | X509 DER data */ + ato24(ctx->certChain->buffer + idx, &length); + idx += 3; -/* returns pointer to currently loaded static ephemeral as ASN.1 */ -/* this can be converted to PEM using wc_DerToPem */ -int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, - const unsigned char** key, unsigned int* keySz) -{ - if (ctx == NULL) { - return BAD_FUNC_ARG; + /* Create a new X509 from DER encoded data. */ + node->data.x509 = wolfSSL_X509_d2i_ex(NULL, + ctx->certChain->buffer + idx, (int)length, ctx->heap); + if (node->data.x509 == NULL) { + XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); + /* Return as much of the chain as we created. */ + ctx->x509Chain = *chain; + return WOLFSSL_FAILURE; + } + idx += length; + + /* Add object to the end of the stack. */ + if (last == NULL) { + node->num = 1; + *chain = node; + } + else { + (*chain)->num++; + last->next = node; + } + + last = node; } - return GetStaticEphemeralKey(ctx, NULL, keyAlgo, key, keySz); + ctx->x509Chain = *chain; + + return WOLFSSL_SUCCESS; } -int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, - const unsigned char** key, unsigned int* keySz) + +int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb) { - if (ssl == NULL || ssl->ctx == NULL) { - return BAD_FUNC_ARG; - } + if (ctx == NULL || ctx->cm == NULL || cb == NULL) + return WOLFSSL_FAILURE; - return GetStaticEphemeralKey(ssl->ctx, ssl, keyAlgo, key, keySz); -} +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + if (ctx->cm->ocsp_stapling == NULL) + return WOLFSSL_FAILURE; -#endif /* WOLFSSL_STATIC_EPHEMERAL */ + *cb = ctx->cm->ocsp_stapling->statusCb; +#else + (void)cb; + *cb = NULL; +#endif -#if defined(OPENSSL_EXTRA) -/* wolfSSL_THREADID_current is provided as a compat API with - * CRYPTO_THREADID_current to register current thread id into given id object. - * However, CRYPTO_THREADID_current API has been deprecated and no longer - * exists in the OpenSSL 1.0.0 or later.This API only works as a stub - * like as existing wolfSSL_THREADID_set_numeric. - */ -void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id) -{ - (void)id; - return; -} -/* wolfSSL_THREADID_hash is provided as a compatible API with - * CRYPTO_THREADID_hash which returns a hash value calculated from the - * specified thread id. However, CRYPTO_THREADID_hash API has been - * deprecated and no longer exists in the OpenSSL 1.0.0 or later. - * This API only works as a stub to returns 0. This behavior is - * equivalent to the latest OpenSSL CRYPTO_THREADID_hash. - */ -unsigned long wolfSSL_THREADID_hash(const WOLFSSL_CRYPTO_THREADID* id) -{ - (void)id; - return 0UL; -} -/* wolfSSL_CTX_set_ecdh_auto is provided as compatible API with - * SSL_CTX_set_ecdh_auto to enable auto ecdh curve selection functionality. - * Since this functionality is enabled by default in wolfSSL, - * this API exists as a stub. - */ -int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff) -{ - (void)ctx; - (void)onoff; return WOLFSSL_SUCCESS; -} -/** - * set security level (wolfSSL doesn't support security level) - * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure - * @param level security level - */ -void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_security_level"); - (void)ctx; - (void)level; } -/** - * get security level (wolfSSL doesn't support security level) - * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure - * @return always 0(level 0) - */ -int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx) + +int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb) { - WOLFSSL_ENTER("wolfSSL_CTX_get_security_level"); - (void)ctx; - return 0; -} + if (ctx == NULL || ctx->cm == NULL) + return WOLFSSL_FAILURE; +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + /* Ensure stapling is on for callback to be used. */ + wolfSSL_CTX_EnableOCSPStapling(ctx); -/** - * Determine whether a WOLFSSL_SESSION object can be used for resumption - * @param s a pointer to WOLFSSL_SESSION structure - * @return return 1 if session is resumable, otherwise 0. - */ -int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s) -{ - s = ClientSessionToSession(s); - if (s == NULL) - return 0; + if (ctx->cm->ocsp_stapling == NULL) + return WOLFSSL_FAILURE; -#ifdef HAVE_SESSION_TICKET - if (s->ticketLen > 0) - return 1; + ctx->cm->ocsp_stapling->statusCb = cb; +#else + (void)cb; #endif - if (s->sessionIDSz > 0) - return 1; - - return 0; + return WOLFSSL_SUCCESS; } -#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) -/* - * This API accepts a user callback which puts key-log records into - * a KEY LOGFILE. The callback is stored into a CTX and propagated to - * each SSL object on its creation timing. - */ -void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx, wolfSSL_CTX_keylog_cb_func cb) +int wolfSSL_CTX_get0_chain_certs(WOLFSSL_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509) **sk) { - WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback"); - /* stores the callback into WOLFSSL_CTX */ - if (ctx != NULL) { - ctx->keyLogCb = cb; + WOLFSSL_ENTER("wolfSSL_CTX_get0_chain_certs"); + if (ctx == NULL || sk == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } + + /* This function should return ctx->x509Chain if it is populated, otherwise + it should be populated from ctx->certChain. This matches the behavior of + wolfSSL_CTX_get_extra_chain_certs, so it is used directly. */ + return wolfSSL_CTX_get_extra_chain_certs(ctx, sk); } -wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( - const WOLFSSL_CTX* ctx) + +#ifdef KEEP_OUR_CERT +int wolfSSL_get0_chain_certs(WOLFSSL *ssl, + WOLF_STACK_OF(WOLFSSL_X509) **sk) { - WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback"); - if (ctx != NULL) - return ctx->keyLogCb; - else - return NULL; + WOLFSSL_ENTER("wolfSSL_get0_chain_certs"); + if (ssl == NULL || sk == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + *sk = ssl->ourCertChain; + return WOLFSSL_SUCCESS; } -#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ +#endif -#endif /* OPENSSL_EXTRA */ +WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) +{ + WOLF_STACK_OF(WOLFSSL_STRING)* ret = wolfSSL_sk_new_node(NULL); -#ifndef NO_CERT -#define WOLFSSL_X509_INCLUDED -#include "src/x509.c" -#endif + if (ret) { + ret->type = STACK_TYPE_STRING; + } -/******************************************************************************* - * START OF standard C library wrapping APIs - ******************************************************************************/ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) -#ifndef NO_WOLFSSL_STUB -int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), - void *(*r) (void *, size_t, const char *, - int), void (*f) (void *)) + return ret; +} + +void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s) { - (void) m; - (void) r; - (void) f; - WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions"); - WOLFSSL_STUB("CRYPTO_set_mem_ex_functions"); + WOLFSSL_ENTER("wolfSSL_WOLFSSL_STRING_free"); - return WOLFSSL_FAILURE; + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); } -#endif -#endif -#if defined(OPENSSL_EXTRA) +void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk) +{ + WOLFSSL_STACK* tmp; + WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_STRING_free"); -/** - * free allocated memory resource - * @param str a pointer to resource to be freed - * @param file dummy argument - * @param line dummy argument - */ -void wolfSSL_CRYPTO_free(void *str, const char *file, int line) + if (sk == NULL) + return; + + /* parse through stack freeing each node */ + while (sk) { + tmp = sk->next; + XFREE(sk->data.string, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + sk = tmp; + } +} + +WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value( + WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx) { - (void)file; - (void)line; - XFREE(str, 0, DYNAMIC_TYPE_TMP_BUFFER); + for (; idx > 0 && strings != NULL; idx--) + strings = strings->next; + if (strings == NULL) + return NULL; + return strings->data.string; } -/** - * allocate memory with size of num - * @param num size of memory allocation to be malloced - * @param file dummy argument - * @param line dummy argument - * @return a pointer to allocated memory on succssesful, otherwise NULL - */ -void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line) + +int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) { - (void)file; - (void)line; - return XMALLOC(num, 0, DYNAMIC_TYPE_TMP_BUFFER); + if (strings) + return (int)strings->num; + return 0; } -#endif +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ -/******************************************************************************* - * END OF standard C library wrapping APIs - ******************************************************************************/ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_QUIC) +#ifdef HAVE_ALPN +void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, + unsigned int *len) +{ + word16 nameLen; -/******************************************************************************* - * START OF EX_DATA APIs - ******************************************************************************/ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) -void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ - WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); + if (ssl != NULL && data != NULL && len != NULL) { + TLSX_ALPN_GetRequest(ssl->extensions, (void **)data, &nameLen); + *len = nameLen; + } } -#endif -#ifdef HAVE_EX_DATA -void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx) +int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen, + const unsigned char *in, unsigned int inLen, + const unsigned char *clientNames, + unsigned int clientLen) { - WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); -#ifdef MAX_EX_DATA - if(ex_data && idx < MAX_EX_DATA && idx >= 0) { - return ex_data->ex_data[idx]; + unsigned int i, j; + byte lenIn, lenClient; + + if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL) + return OPENSSL_NPN_UNSUPPORTED; + + for (i = 0; i < inLen; i += lenIn) { + lenIn = in[i++]; + for (j = 0; j < clientLen; j += lenClient) { + lenClient = clientNames[j++]; + + if (lenIn != lenClient) + continue; + + if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) { + *out = (unsigned char *)(in + i); + *outLen = lenIn; + return OPENSSL_NPN_NEGOTIATED; + } + } } -#else - (void)ex_data; - (void)idx; -#endif - return NULL; + + *out = (unsigned char *)clientNames + 1; + *outLen = clientNames[0]; + return OPENSSL_NPN_NO_OVERLAP; } -int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data) +void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg) { - WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data"); -#ifdef MAX_EX_DATA - if (ex_data && idx < MAX_EX_DATA && idx >= 0) { -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS - if (ex_data->ex_data_cleanup_routines[idx]) { - if (ex_data->ex_data[idx]) - ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]); - ex_data->ex_data_cleanup_routines[idx] = NULL; - } -#endif - ex_data->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + if (ssl != NULL) { + ssl->alpnSelect = cb; + ssl->alpnSelectArg = arg; } -#else - (void)ex_data; - (void)idx; - (void)data; -#endif - return WOLFSSL_FAILURE; } -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -int wolfSSL_CRYPTO_set_ex_data_with_cleanup( - WOLFSSL_CRYPTO_EX_DATA* ex_data, - int idx, - void *data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine) +void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg) { - WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data_with_cleanup"); - if (ex_data && idx < MAX_EX_DATA && idx >= 0) { - if (ex_data->ex_data_cleanup_routines[idx] && ex_data->ex_data[idx]) - ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]); - ex_data->ex_data[idx] = data; - ex_data->ex_data_cleanup_routines[idx] = cleanup_routine; - return WOLFSSL_SUCCESS; + if (ctx != NULL) { + ctx->alpnSelect = cb; + ctx->alpnSelectArg = arg; } - return WOLFSSL_FAILURE; } -#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ -/** - * Issues unique index for the class specified by class_index. - * Other parameter except class_index are ignored. - * Currently, following class_index are accepted: - * - WOLF_CRYPTO_EX_INDEX_SSL - * - WOLF_CRYPTO_EX_INDEX_SSL_CTX - * - WOLF_CRYPTO_EX_INDEX_X509 - * @param class_index index one of CRYPTO_EX_INDEX_xxx - * @param argp parameters to be saved - * @param argl parameters to be saved - * @param new_func a pointer to WOLFSSL_CRYPTO_EX_new - * @param dup_func a pointer to WOLFSSL_CRYPTO_EX_dup - * @param free_func a pointer to WOLFSSL_CRYPTO_EX_free - * @return index value grater or equal to zero on success, -1 on failure. - */ -int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - WOLFSSL_CRYPTO_EX_new* new_func, - WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func) +void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char + **out, + unsigned int *outlen, + void *arg), void *arg) { - WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_new_index"); - - return wolfssl_get_ex_new_index(class_index, argl, argp, new_func, - dup_func, free_func); + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb"); } -#endif /* HAVE_EX_DATA */ - -/******************************************************************************* - * END OF EX_DATA APIs - ******************************************************************************/ - -/******************************************************************************* - * START OF BUF_MEM API - ******************************************************************************/ - -#if defined(OPENSSL_EXTRA) -/* Begin functions for openssl/buffer.h */ -WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void) -{ - WOLFSSL_BUF_MEM* buf; - buf = (WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), NULL, - DYNAMIC_TYPE_OPENSSL); - if (buf) { - XMEMSET(buf, 0, sizeof(WOLFSSL_BUF_MEM)); - } - return buf; +void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg) +{ + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb"); } -/* non-compat API returns length of buffer on success */ -int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len, - char zeroFill) +void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, + const unsigned char **data, unsigned *len) { + (void)s; + (void)data; + (void)len; + WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated"); +} +#endif /* HAVE_ALPN */ - int len_int = (int)len; - int mx; - char* tmp; +#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ - /* verify provided arguments */ - if (buf == NULL || len_int < 0) { - return 0; /* BAD_FUNC_ARG; */ - } +#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) +int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id) +{ + int ret = 0; - /* check to see if fits in existing length */ - if (buf->length > len) { - buf->length = len; - return len_int; - } + WOLFSSL_ENTER("wolfSSL_curve_is_disabled"); + WOLFSSL_MSG_EX("wolfSSL_curve_is_disabled checking for %d", curve_id); - /* check to see if fits in max buffer */ - if (buf->max >= len) { - if (buf->data != NULL && zeroFill) { - XMEMSET(&buf->data[buf->length], 0, len - buf->length); + /* (curve_id >= WOLFSSL_FFDHE_START) - DH parameters are never disabled. */ + if (curve_id < WOLFSSL_FFDHE_START) { + if (curve_id > WOLFSSL_ECC_MAX_AVAIL) { + WOLFSSL_MSG("Curve id out of supported range"); + /* Disabled if not in valid range. */ + ret = 1; + } + else if (curve_id >= 32) { + /* 0 is for invalid and 1-14 aren't used otherwise. */ + ret = (ssl->disabledCurves & (1U << (curve_id - 32))) != 0; + } + else { + ret = (ssl->disabledCurves & (1U << curve_id)) != 0; } - buf->length = len; - return len_int; } - /* expand size, to handle growth */ - mx = (len_int + 3) / 3 * 4; + WOLFSSL_LEAVE("wolfSSL_curve_is_disabled", ret); + return ret; +} - /* use realloc */ - tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); - if (tmp == NULL) { - return 0; /* ERR_R_MALLOC_FAILURE; */ - } - buf->data = tmp; +#if (defined(HAVE_ECC) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) +#define CURVE_NAME(c) XSTR_SIZEOF((c)), (c) - buf->max = mx; - if (zeroFill) - XMEMSET(&buf->data[buf->length], 0, len - buf->length); - buf->length = len; +const WOLF_EC_NIST_NAME kNistCurves[] = { +#ifdef HAVE_ECC + {CURVE_NAME("P-160"), NID_secp160r1, WOLFSSL_ECC_SECP160R1}, + {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2}, + {CURVE_NAME("P-192"), NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1}, + {CURVE_NAME("P-224"), NID_secp224r1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("P-256"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("P-384"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("P-521"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, + {CURVE_NAME("K-160"), NID_secp160k1, WOLFSSL_ECC_SECP160K1}, + {CURVE_NAME("K-192"), NID_secp192k1, WOLFSSL_ECC_SECP192K1}, + {CURVE_NAME("K-224"), NID_secp224k1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("K-256"), NID_secp256k1, WOLFSSL_ECC_SECP256K1}, + {CURVE_NAME("B-256"), NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, + {CURVE_NAME("B-384"), NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1}, + {CURVE_NAME("B-512"), NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1}, +#endif +#ifdef HAVE_CURVE25519 + {CURVE_NAME("X25519"), NID_X25519, WOLFSSL_ECC_X25519}, +#endif +#ifdef HAVE_CURVE448 + {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448}, +#endif +#ifdef WOLFSSL_HAVE_KYBER + {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1}, +#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) + {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1}, +#endif +#endif +#ifdef WOLFSSL_SM2 + {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, +#endif +#ifdef HAVE_ECC + /* Alternative curve names */ + {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp256r1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp384r1"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("secp521r1"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, +#endif +#ifdef WOLFSSL_SM2 + {CURVE_NAME("sm2p256v1"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, +#endif + {0, NULL, 0, 0}, +}; - return len_int; +int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, + byte curves_only) +{ + int idx, start = 0, len, i, ret = WOLFSSL_FAILURE; + word16 curve; + word32 disabled; + char name[MAX_CURVE_NAME_SZ]; + byte groups_len = 0; +#ifdef WOLFSSL_SMALL_STACK + void *heap = ssl? ssl->heap : ctx ? ctx->heap : NULL; + int *groups; +#else + int groups[WOLFSSL_MAX_GROUP_COUNT]; +#endif + const WOLF_EC_NIST_NAME* nist_name; -} +#ifdef WOLFSSL_SMALL_STACK + groups = (int*)XMALLOC(sizeof(int)*WOLFSSL_MAX_GROUP_COUNT, + heap, DYNAMIC_TYPE_TMP_BUFFER); + if (groups == NULL) { + ret = MEMORY_E; + goto leave; + } +#endif -/* returns length of buffer on success */ -int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len) -{ - return wolfSSL_BUF_MEM_grow_ex(buf, len, 1); -} + for (idx = 1; names[idx-1] != '\0'; idx++) { + if (names[idx] != ':' && names[idx] != '\0') + continue; -/* non-compat API returns length of buffer on success */ -int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len) -{ - char* tmp; - int mx; + len = idx - start; + if (len > MAX_CURVE_NAME_SZ - 1) + goto leave; - /* verify provided arguments */ - if (buf == NULL || len == 0 || (int)len <= 0) { - return 0; /* BAD_FUNC_ARG; */ - } + XMEMCPY(name, names + start, len); + name[len] = 0; + curve = WOLFSSL_NAMED_GROUP_INVALID; - if (len == buf->length) - return (int)len; + for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { + if (len == nist_name->name_len && + XSTRNCMP(name, nist_name->name, len) == 0) { + curve = nist_name->curve; + break; + } + } - if (len > buf->length) - return wolfSSL_BUF_MEM_grow_ex(buf, len, 0); + if (curve == WOLFSSL_NAMED_GROUP_INVALID) { + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(HAVE_ECC) + int nret; + const ecc_set_type *eccSet; - /* expand size, to handle growth */ - mx = ((int)len + 3) / 3 * 4; + nret = wc_ecc_get_curve_idx_from_name(name); + if (nret < 0) { + WOLFSSL_MSG("Could not find name in set"); + goto leave; + } - /* We want to shrink the internal buffer */ - tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); - if (tmp == NULL) - return 0; + eccSet = wc_ecc_get_curve_params(ret); + if (eccSet == NULL) { + WOLFSSL_MSG("NULL set returned"); + goto leave; + } - buf->data = tmp; - buf->length = len; - buf->max = mx; + curve = GetCurveByOID(eccSet->oidSum); + #else + WOLFSSL_MSG("API not present to search farther using name"); + goto leave; + #endif + } - return (int)len; -} + if ((curves_only && curve >= WOLFSSL_ECC_MAX_AVAIL) || + curve == WOLFSSL_NAMED_GROUP_INVALID) { + WOLFSSL_MSG("curve value is not supported"); + goto leave; + } -void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf) -{ - if (buf) { - if (buf->data) { - XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL); - buf->data = NULL; + for (i = 0; i < groups_len; ++i) { + if (groups[i] == curve) { + /* silently drop duplicates */ + break; + } + } + if (i >= groups_len) { + if (groups_len >= WOLFSSL_MAX_GROUP_COUNT) { + WOLFSSL_MSG_EX("setting %d or more supported " + "curves is not permitted", groups_len); + goto leave; + } + groups[groups_len++] = (int)curve; } - buf->max = 0; - buf->length = 0; - XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); - } -} -/* End Functions for openssl/buffer.h */ -#endif /* OPENSSL_EXTRA */ + start = idx + 1; + } -/******************************************************************************* - * END OF BUF_MEM API - ******************************************************************************/ + /* Disable all curves so that only the ones the user wants are enabled. */ + disabled = 0xFFFFFFFFUL; + for (i = 0; i < groups_len; ++i) { + /* Switch the bit to off and therefore is enabled. */ + curve = (word16)groups[i]; + if (curve >= 64) { + WC_DO_NOTHING; + } + else if (curve >= 32) { + /* 0 is for invalid and 1-14 aren't used otherwise. */ + disabled &= ~(1U << (curve - 32)); + } + else { + disabled &= ~(1U << curve); + } + #ifdef HAVE_SUPPORTED_CURVES + #if !defined(WOLFSSL_OLD_SET_CURVES_LIST) + /* using the wolfSSL API to set the groups, this will populate + * (ssl|ctx)->groups and reset any TLSX_SUPPORTED_GROUPS. + * The order in (ssl|ctx)->groups will then be respected + * when TLSX_KEY_SHARE needs to be established */ + if ((ssl && wolfSSL_set_groups(ssl, groups, groups_len) + != WOLFSSL_SUCCESS) + || (ctx && wolfSSL_CTX_set_groups(ctx, groups, groups_len) + != WOLFSSL_SUCCESS)) { + WOLFSSL_MSG("Unable to set supported curve"); + goto leave; + } + #elif !defined(NO_WOLFSSL_CLIENT) + /* set the supported curve so client TLS extension contains only the + * desired curves */ + if ((ssl && wolfSSL_UseSupportedCurve(ssl, curve) != WOLFSSL_SUCCESS) + || (ctx && wolfSSL_CTX_UseSupportedCurve(ctx, curve) + != WOLFSSL_SUCCESS)) { + WOLFSSL_MSG("Unable to set supported curve"); + goto leave; + } + #endif + #endif /* HAVE_SUPPORTED_CURVES */ + } -#define WOLFSSL_CONF_INCLUDED -#include + if (ssl) + ssl->disabledCurves = disabled; + else + ctx->disabledCurves = disabled; + ret = WOLFSSL_SUCCESS; -/******************************************************************************* - * START OF RAND API - ******************************************************************************/ +leave: +#ifdef WOLFSSL_SMALL_STACK + if (groups) + XFREE((void*)groups, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; +} -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) -static int wolfSSL_RAND_InitMutex(void) +int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) { -#ifndef WOLFSSL_MUTEX_INITIALIZER - if (gRandMethodsInit == 0) { - if (wc_InitMutex(&gRandMethodMutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); - return BAD_MUTEX_E; - } - gRandMethodsInit = 1; + WOLFSSL_ENTER("wolfSSL_CTX_set1_curves_list"); + if (ctx == NULL || names == NULL) { + WOLFSSL_MSG("ctx or names was NULL"); + return WOLFSSL_FAILURE; + } + return set_curves_list(NULL, ctx, names, 1); +} + +int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) +{ + WOLFSSL_ENTER("wolfSSL_set1_curves_list"); + if (ssl == NULL || names == NULL) { + WOLFSSL_MSG("ssl or names was NULL"); + return WOLFSSL_FAILURE; } -#endif - return 0; + return set_curves_list(ssl, NULL, names, 1); } -#endif +#endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */ +#endif /* OPENSSL_EXTRA || HAVE_CURL */ #ifdef OPENSSL_EXTRA +/* Sets a callback for when sending and receiving protocol messages. + * This callback is copied to all WOLFSSL objects created from the ctx. + * + * ctx WOLFSSL_CTX structure to set callback in + * cb callback to use + * + * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE with error case + */ +int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback"); + if (ctx == NULL) { + WOLFSSL_MSG("Null ctx passed in"); + return WOLFSSL_FAILURE; + } -/* Checks if the global RNG has been created. If not then one is created. + ctx->protoMsgCb = cb; + return WOLFSSL_SUCCESS; +} + + +/* Sets a callback for when sending and receiving protocol messages. * - * Returns WOLFSSL_SUCCESS when no error is encountered. + * ssl WOLFSSL structure to set callback in + * cb callback to use + * + * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE with error case */ -int wolfSSL_RAND_Init(void) +int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) { - int ret = WOLFSSL_FAILURE; -#ifdef HAVE_GLOBAL_RNG - if (wc_LockMutex(&globalRNGMutex) == 0) { - if (initGlobalRNG == 0) { - ret = wc_InitRng(&globalRNG); - if (ret == 0) { - initGlobalRNG = 1; - ret = WOLFSSL_SUCCESS; - } - } - else { - /* GlobalRNG is already initialized */ - ret = WOLFSSL_SUCCESS; - } + WOLFSSL_ENTER("wolfSSL_set_msg_callback"); - wc_UnLockMutex(&globalRNGMutex); + if (ssl == NULL) { + return WOLFSSL_FAILURE; } -#endif - return ret; + + if (cb != NULL) { + ssl->toInfoOn = 1; + } + + ssl->protoMsgCb = cb; + return WOLFSSL_SUCCESS; } -/* WOLFSSL_SUCCESS on ok */ -int wolfSSL_RAND_seed(const void* seed, int len) +/* set the user argument to pass to the msg callback when called + * return WOLFSSL_SUCCESS on success */ +int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) { -#ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->seed) { - int ret = gRandMethods->seed(seed, len); - wc_UnLockMutex(&gRandMethodMutex); - return ret; - } - wc_UnLockMutex(&gRandMethodMutex); + WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback_arg"); + if (ctx == NULL) { + WOLFSSL_MSG("Null WOLFSSL_CTX passed in"); + return WOLFSSL_FAILURE; } -#else - (void)seed; - (void)len; -#endif - /* Make sure global shared RNG (globalRNG) is initialized */ - return wolfSSL_RAND_Init(); + ctx->protoMsgCtx = arg; + return WOLFSSL_SUCCESS; } -/* Returns the path for reading seed data from. - * Uses the env variable $RANDFILE first if set, if not then used $HOME/.rnd - * - * Note uses stdlib by default unless XGETENV macro is overwritten - * - * fname buffer to hold path - * len length of fname buffer - * - * Returns a pointer to fname on success and NULL on failure - */ -const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) +int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) { -#if !defined(NO_FILESYSTEM) && defined(XGETENV) - char* rt; + WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg"); + if (ssl == NULL) + return WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_RAND_file_name"); + ssl->protoMsgCtx = arg; + return WOLFSSL_SUCCESS; +} - if (fname == NULL) { - return NULL; - } +void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, + int line) +{ + void *ret; + (void)file; + (void)line; - XMEMSET(fname, 0, len); + if (data == NULL || siz >= INT_MAX) + return NULL; - if ((rt = XGETENV("RANDFILE")) != NULL) { - if (len > XSTRLEN(rt)) { - XMEMCPY(fname, rt, XSTRLEN(rt)); - } - else { - WOLFSSL_MSG("RANDFILE too large for buffer"); - rt = NULL; - } + ret = OPENSSL_malloc(siz); + if (ret == NULL) { + return NULL; } + return XMEMCPY(ret, data, siz); +} - /* $RANDFILE was not set or is too large, check $HOME */ - if (rt == NULL) { - const char ap[] = "/.rnd"; +void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len) +{ + if (ptr) + ForceZero(ptr, (word32)len); +} - WOLFSSL_MSG("Environment variable RANDFILE not set"); - if ((rt = XGETENV("HOME")) == NULL) { - WOLFSSL_MSG("Environment variable HOME not set"); - return NULL; - } +int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, + unsigned int p_len) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos"); + if (ctx == NULL) + return BAD_FUNC_ARG; + if (ctx->alpn_cli_protos != NULL) { + XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); + } - if (len > XSTRLEN(rt) + XSTRLEN(ap)) { - fname[0] = '\0'; - XSTRNCAT(fname, rt, len); - XSTRNCAT(fname, ap, len - XSTRLEN(rt)); - return fname; - } - else { - WOLFSSL_MSG("HOME too large for buffer"); - return NULL; - } + ctx->alpn_cli_protos = (const unsigned char*)XMALLOC(p_len, + ctx->heap, DYNAMIC_TYPE_OPENSSL); + if (ctx->alpn_cli_protos == NULL) { +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 1; +#else + return WOLFSSL_FAILURE; +#endif } + XMEMCPY((void*)ctx->alpn_cli_protos, p, p_len); + ctx->alpn_cli_protos_len = p_len; - return fname; +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 0; #else - WOLFSSL_ENTER("wolfSSL_RAND_file_name"); - WOLFSSL_MSG("RAND_file_name requires filesystem and getenv support, " - "not compiled in"); - (void)fname; - (void)len; - return NULL; + return WOLFSSL_SUCCESS; #endif } -/* Writes 1024 bytes from the RNG to the given file name. +#ifdef HAVE_ALPN +#ifndef NO_BIO +/* Sets the ALPN extension protos * - * fname name of file to write to + * example format is + * unsigned char p[] = { + * 8, 'h', 't', 't', 'p', '/', '1', '.', '1' + * }; * - * Returns the number of bytes written - */ -int wolfSSL_RAND_write_file(const char* fname) + * returns WOLFSSL_SUCCESS on success */ +int wolfSSL_set_alpn_protos(WOLFSSL* ssl, + const unsigned char* p, unsigned int p_len) { - int bytes = 0; + WOLFSSL_BIO* bio; + char* pt = NULL; - WOLFSSL_ENTER("wolfSSL_RAND_write_file"); + unsigned int sz; + unsigned int idx = 0; + int alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; + WOLFSSL_ENTER("wolfSSL_set_alpn_protos"); - if (fname == NULL) { + if (ssl == NULL || p_len <= 1) { +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 1; +#else return WOLFSSL_FAILURE; +#endif } -#ifndef NO_FILESYSTEM - { - #ifndef WOLFSSL_SMALL_STACK - unsigned char buf[1024]; + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + if (bio == NULL) { +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 1; +#else + return WOLFSSL_FAILURE; +#endif + } + + /* convert into comma separated list */ + while (idx < p_len - 1) { + unsigned int i; + + sz = p[idx++]; + if (idx + sz > p_len) { + WOLFSSL_MSG("Bad list format"); + wolfSSL_BIO_free(bio); + #if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 1; #else - unsigned char* buf = (unsigned char *)XMALLOC(1024, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - WOLFSSL_MSG("malloc failed"); return WOLFSSL_FAILURE; - } #endif - bytes = 1024; /* default size of buf */ - - if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("No RNG to use"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return 0; } - - if (wc_RNG_GenerateBlock(&globalRNG, buf, bytes) != 0) { - WOLFSSL_MSG("Error generating random buffer"); - bytes = 0; + if (sz > 0) { + for (i = 0; i < sz; i++) { + wolfSSL_BIO_write(bio, &p[idx++], 1); + } + if (idx < p_len - 1) + wolfSSL_BIO_write(bio, ",", 1); } - else { - XFILE f; + } + wolfSSL_BIO_write(bio, "\0", 1); - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wolfSSL_RAND_write_file buf", buf, bytes); - #endif + /* clears out all current ALPN extensions set */ + TLSX_Remove(&ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL, ssl->heap); - f = XFOPEN(fname, "wb"); - if (f == XBADFILE) { - WOLFSSL_MSG("Error opening the file"); - bytes = 0; - } - else { - size_t bytes_written = XFWRITE(buf, 1, bytes, f); - bytes = (int)bytes_written; - XFCLOSE(f); - } - } - ForceZero(buf, bytes); - #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #elif defined(WOLFSSL_CHECK_MEM_ZERO) - wc_MemZero_Check(buf, sizeof(buf)); - #endif + if ((sz = (unsigned int)wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) { + wolfSSL_UseALPN(ssl, pt, sz, (byte) alpn_opt); } + wolfSSL_BIO_free(bio); +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* 0 on success in OpenSSL, non-0 on failure in OpenSSL + * the function reverses the return value convention. + */ + return 0; +#else + return WOLFSSL_SUCCESS; #endif - - return bytes; } +#endif /* !NO_BIO */ +#endif /* HAVE_ALPN */ +#endif /* OPENSSL_EXTRA */ -#ifndef FREERTOS_TCP +#if defined(OPENSSL_EXTRA) -/* These constant values are protocol values made by egd */ -#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \ - defined(HAVE_HASHDRBG) && !defined(NETOS) && defined(HAVE_SYS_UN_H) - #define WOLFSSL_EGD_NBLOCK 0x01 - #include +#ifndef NO_BIO +#define WOLFSSL_BIO_INCLUDED +#include "src/bio.c" #endif -/* This collects entropy from the path nm and seeds the global PRNG with it. - * - * nm is the file path to the egd server - * - * Returns the number of bytes read. - */ -int wolfSSL_RAND_egd(const char* nm) +word32 nid2oid(int nid, int grp) { -#ifdef WOLFSSL_EGD_NBLOCK - struct sockaddr_un rem; - int fd; - int ret = WOLFSSL_SUCCESS; - word32 bytes = 0; - word32 idx = 0; -#ifndef WOLFSSL_SMALL_STACK - unsigned char buf[256]; -#else - unsigned char* buf; - buf = (unsigned char*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - WOLFSSL_MSG("Not enough memory"); - return WOLFSSL_FATAL_ERROR; - } -#endif + /* get OID type */ + switch (grp) { + /* oidHashType */ + case oidHashType: + switch (nid) { + #ifdef WOLFSSL_MD2 + case NID_md2: + return MD2h; + #endif + #ifndef NO_MD5 + case NID_md5: + return MD5h; + #endif + #ifndef NO_SHA + case NID_sha1: + return SHAh; + #endif + case NID_sha224: + return SHA224h; + #ifndef NO_SHA256 + case NID_sha256: + return SHA256h; + #endif + #ifdef WOLFSSL_SHA384 + case NID_sha384: + return SHA384h; + #endif + #ifdef WOLFSSL_SHA512 + case NID_sha512: + return SHA512h; + #endif + #ifndef WOLFSSL_NOSHA3_224 + case NID_sha3_224: + return SHA3_224h; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case NID_sha3_256: + return SHA3_256h; + #endif + #ifndef WOLFSSL_NOSHA3_384 + case NID_sha3_384: + return SHA3_384h; + #endif + #ifndef WOLFSSL_NOSHA3_512 + case NID_sha3_512: + return SHA3_512h; + #endif + } + break; + + /* oidSigType */ + case oidSigType: + switch (nid) { + #ifndef NO_DSA + case NID_dsaWithSHA1: + return CTC_SHAwDSA; + case NID_dsa_with_SHA256: + return CTC_SHA256wDSA; + #endif /* NO_DSA */ + #ifndef NO_RSA + case NID_md2WithRSAEncryption: + return CTC_MD2wRSA; + case NID_md5WithRSAEncryption: + return CTC_MD5wRSA; + case NID_sha1WithRSAEncryption: + return CTC_SHAwRSA; + case NID_sha224WithRSAEncryption: + return CTC_SHA224wRSA; + case NID_sha256WithRSAEncryption: + return CTC_SHA256wRSA; + case NID_sha384WithRSAEncryption: + return CTC_SHA384wRSA; + case NID_sha512WithRSAEncryption: + return CTC_SHA512wRSA; + #ifdef WOLFSSL_SHA3 + case NID_RSA_SHA3_224: + return CTC_SHA3_224wRSA; + case NID_RSA_SHA3_256: + return CTC_SHA3_256wRSA; + case NID_RSA_SHA3_384: + return CTC_SHA3_384wRSA; + case NID_RSA_SHA3_512: + return CTC_SHA3_512wRSA; + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + case NID_ecdsa_with_SHA1: + return CTC_SHAwECDSA; + case NID_ecdsa_with_SHA224: + return CTC_SHA224wECDSA; + case NID_ecdsa_with_SHA256: + return CTC_SHA256wECDSA; + case NID_ecdsa_with_SHA384: + return CTC_SHA384wECDSA; + case NID_ecdsa_with_SHA512: + return CTC_SHA512wECDSA; + #ifdef WOLFSSL_SHA3 + case NID_ecdsa_with_SHA3_224: + return CTC_SHA3_224wECDSA; + case NID_ecdsa_with_SHA3_256: + return CTC_SHA3_256wECDSA; + case NID_ecdsa_with_SHA3_384: + return CTC_SHA3_384wECDSA; + case NID_ecdsa_with_SHA3_512: + return CTC_SHA3_512wECDSA; + #endif + #endif /* HAVE_ECC */ + } + break; + + /* oidKeyType */ + case oidKeyType: + switch (nid) { + #ifndef NO_DSA + case NID_dsa: + return DSAk; + #endif /* NO_DSA */ + #ifndef NO_RSA + case NID_rsaEncryption: + return RSAk; + #endif /* NO_RSA */ + #ifdef HAVE_ECC + case NID_X9_62_id_ecPublicKey: + return ECDSAk; + #endif /* HAVE_ECC */ + } + break; + + + #ifdef HAVE_ECC + case oidCurveType: + switch (nid) { + case NID_X9_62_prime192v1: + return ECC_SECP192R1_OID; + case NID_X9_62_prime192v2: + return ECC_PRIME192V2_OID; + case NID_X9_62_prime192v3: + return ECC_PRIME192V3_OID; + case NID_X9_62_prime239v1: + return ECC_PRIME239V1_OID; + case NID_X9_62_prime239v2: + return ECC_PRIME239V2_OID; + case NID_X9_62_prime239v3: + return ECC_PRIME239V3_OID; + case NID_X9_62_prime256v1: + return ECC_SECP256R1_OID; + case NID_secp112r1: + return ECC_SECP112R1_OID; + case NID_secp112r2: + return ECC_SECP112R2_OID; + case NID_secp128r1: + return ECC_SECP128R1_OID; + case NID_secp128r2: + return ECC_SECP128R2_OID; + case NID_secp160r1: + return ECC_SECP160R1_OID; + case NID_secp160r2: + return ECC_SECP160R2_OID; + case NID_secp224r1: + return ECC_SECP224R1_OID; + case NID_secp384r1: + return ECC_SECP384R1_OID; + case NID_secp521r1: + return ECC_SECP521R1_OID; + case NID_secp160k1: + return ECC_SECP160K1_OID; + case NID_secp192k1: + return ECC_SECP192K1_OID; + case NID_secp224k1: + return ECC_SECP224K1_OID; + case NID_secp256k1: + return ECC_SECP256K1_OID; + case NID_brainpoolP160r1: + return ECC_BRAINPOOLP160R1_OID; + case NID_brainpoolP192r1: + return ECC_BRAINPOOLP192R1_OID; + case NID_brainpoolP224r1: + return ECC_BRAINPOOLP224R1_OID; + case NID_brainpoolP256r1: + return ECC_BRAINPOOLP256R1_OID; + case NID_brainpoolP320r1: + return ECC_BRAINPOOLP320R1_OID; + case NID_brainpoolP384r1: + return ECC_BRAINPOOLP384R1_OID; + case NID_brainpoolP512r1: + return ECC_BRAINPOOLP512R1_OID; + } + break; + #endif /* HAVE_ECC */ - XMEMSET(&rem, 0, sizeof(struct sockaddr_un)); - if (nm == NULL) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return WOLFSSL_FATAL_ERROR; - } + /* oidBlkType */ + case oidBlkType: + switch (nid) { + #ifdef WOLFSSL_AES_128 + case AES128CBCb: + return AES128CBCb; + #endif + #ifdef WOLFSSL_AES_192 + case AES192CBCb: + return AES192CBCb; + #endif + #ifdef WOLFSSL_AES_256 + case AES256CBCb: + return AES256CBCb; + #endif + #ifndef NO_DES3 + case NID_des: + return DESb; + case NID_des3: + return DES3b; + #endif + } + break; - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) { - WOLFSSL_MSG("Error creating socket"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return WOLFSSL_FATAL_ERROR; - } - rem.sun_family = AF_UNIX; - XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1); - rem.sun_path[sizeof(rem.sun_path)-1] = '\0'; + #ifdef HAVE_OCSP + case oidOcspType: + switch (nid) { + case NID_id_pkix_OCSP_basic: + return OCSP_BASIC_OID; + case OCSP_NONCE_OID: + return OCSP_NONCE_OID; + } + break; + #endif /* HAVE_OCSP */ - /* connect to egd server */ - if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) == -1) { - WOLFSSL_MSG("error connecting to egd server"); - ret = WOLFSSL_FATAL_ERROR; - } + /* oidCertExtType */ + case oidCertExtType: + switch (nid) { + case NID_basic_constraints: + return BASIC_CA_OID; + case NID_subject_alt_name: + return ALT_NAMES_OID; + case NID_crl_distribution_points: + return CRL_DIST_OID; + case NID_info_access: + return AUTH_INFO_OID; + case NID_authority_key_identifier: + return AUTH_KEY_OID; + case NID_subject_key_identifier: + return SUBJ_KEY_OID; + case NID_inhibit_any_policy: + return INHIBIT_ANY_OID; + case NID_key_usage: + return KEY_USAGE_OID; + case NID_name_constraints: + return NAME_CONS_OID; + case NID_certificate_policies: + return CERT_POLICY_OID; + case NID_ext_key_usage: + return EXT_KEY_USAGE_OID; + } + break; -#ifdef WOLFSSL_CHECK_MEM_ZERO - if (ret == WOLFSSL_SUCCESS) { - wc_MemZero_Add("wolfSSL_RAND_egd buf", buf, 256); - } -#endif - while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) { - buf[idx] = WOLFSSL_EGD_NBLOCK; - buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */ - ret = (int)write(fd, buf + idx, 2); - if (ret != 2) { - if (errno == EAGAIN) { - ret = WOLFSSL_SUCCESS; - continue; + /* oidCertAuthInfoType */ + case oidCertAuthInfoType: + switch (nid) { + case NID_ad_OCSP: + return AIA_OCSP_OID; + case NID_ad_ca_issuers: + return AIA_CA_ISSUER_OID; } - WOLFSSL_MSG("error requesting entropy from egd server"); - ret = WOLFSSL_FATAL_ERROR; break; - } - /* attempting to read */ - buf[idx] = 0; - ret = (int)read(fd, buf + idx, 256 - bytes); - if (ret == 0) { - WOLFSSL_MSG("error reading entropy from egd server"); - ret = WOLFSSL_FATAL_ERROR; + /* oidCertPolicyType */ + case oidCertPolicyType: + switch (nid) { + case NID_any_policy: + return CP_ANY_OID; + } break; - } - if (ret > 0 && buf[idx] > 0) { - bytes += buf[idx]; /* egd stores amount sent in first byte */ - if (bytes + idx > 255 || buf[idx] > ret) { - WOLFSSL_MSG("Buffer error"); - ret = WOLFSSL_FATAL_ERROR; - break; + + /* oidCertAltNameType */ + case oidCertAltNameType: + switch (nid) { + case NID_hw_name_oid: + return HW_NAME_OID; } - XMEMMOVE(buf + idx, buf + idx + 1, buf[idx]); - idx = bytes; - ret = WOLFSSL_SUCCESS; - if (bytes >= 255) { - break; + break; + + /* oidCertKeyUseType */ + case oidCertKeyUseType: + switch (nid) { + case NID_anyExtendedKeyUsage: + return EKU_ANY_OID; + case EKU_SERVER_AUTH_OID: + return EKU_SERVER_AUTH_OID; + case EKU_CLIENT_AUTH_OID: + return EKU_CLIENT_AUTH_OID; + case EKU_OCSP_SIGN_OID: + return EKU_OCSP_SIGN_OID; } - } - else { - if (errno == EAGAIN || errno == EINTR) { - WOLFSSL_MSG("EGD would read"); - ret = WOLFSSL_SUCCESS; /* try again */ + break; + + /* oidKdfType */ + case oidKdfType: + switch (nid) { + case PBKDF2_OID: + return PBKDF2_OID; } - else if (buf[idx] == 0) { - /* if egd returned 0 then there is no more entropy to be had. - Do not try more reads. */ - ret = WOLFSSL_SUCCESS; - break; + break; + + /* oidPBEType */ + case oidPBEType: + switch (nid) { + case PBE_SHA1_RC4_128: + return PBE_SHA1_RC4_128; + case PBE_SHA1_DES: + return PBE_SHA1_DES; + case PBE_SHA1_DES3: + return PBE_SHA1_DES3; } - else { - WOLFSSL_MSG("Error with read"); - ret = WOLFSSL_FATAL_ERROR; + break; + + /* oidKeyWrapType */ + case oidKeyWrapType: + switch (nid) { + #ifdef WOLFSSL_AES_128 + case AES128_WRAP: + return AES128_WRAP; + #endif + #ifdef WOLFSSL_AES_192 + case AES192_WRAP: + return AES192_WRAP; + #endif + #ifdef WOLFSSL_AES_256 + case AES256_WRAP: + return AES256_WRAP; + #endif } - } - } + break; - if (bytes > 0 && ret == WOLFSSL_SUCCESS) { - /* call to check global RNG is created */ - if (wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error with initializing global RNG structure"); - ret = WOLFSSL_FATAL_ERROR; - } - else if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes) - != 0) { - WOLFSSL_MSG("Error with reseeding DRBG structure"); - ret = WOLFSSL_FATAL_ERROR; - } - #ifdef SHOW_SECRETS - else { /* print out entropy found only when no error occurred */ - word32 i; - printf("EGD Entropy = "); - for (i = 0; i < bytes; i++) { - printf("%02X", buf[i]); + /* oidCmsKeyAgreeType */ + case oidCmsKeyAgreeType: + switch (nid) { + #ifndef NO_SHA + case dhSinglePass_stdDH_sha1kdf_scheme: + return dhSinglePass_stdDH_sha1kdf_scheme; + #endif + #ifdef WOLFSSL_SHA224 + case dhSinglePass_stdDH_sha224kdf_scheme: + return dhSinglePass_stdDH_sha224kdf_scheme; + #endif + #ifndef NO_SHA256 + case dhSinglePass_stdDH_sha256kdf_scheme: + return dhSinglePass_stdDH_sha256kdf_scheme; + #endif + #ifdef WOLFSSL_SHA384 + case dhSinglePass_stdDH_sha384kdf_scheme: + return dhSinglePass_stdDH_sha384kdf_scheme; + #endif + #ifdef WOLFSSL_SHA512 + case dhSinglePass_stdDH_sha512kdf_scheme: + return dhSinglePass_stdDH_sha512kdf_scheme; + #endif } - printf("\n"); - } - #endif - } + break; - ForceZero(buf, bytes); -#ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#elif defined(WOLFSSL_CHECK_MEM_ZERO) - wc_MemZero_Check(buf, 256); -#endif - close(fd); + /* oidCmsKeyAgreeType */ + #ifdef WOLFSSL_CERT_REQ + case oidCsrAttrType: + switch (nid) { + case NID_pkcs9_contentType: + return PKCS9_CONTENT_TYPE_OID; + case NID_pkcs9_challengePassword: + return CHALLENGE_PASSWORD_OID; + case NID_serialNumber: + return SERIAL_NUMBER_OID; + case NID_userId: + return USER_ID_OID; + case NID_surname: + return SURNAME_OID; + } + break; + #endif - if (ret == WOLFSSL_SUCCESS) { - return bytes; - } - else { - return ret; + default: + WOLFSSL_MSG("NID not in table"); + /* MSVC warns without the cast */ + return (word32)-1; } -#else - WOLFSSL_MSG("Type of socket needed is not available"); - WOLFSSL_MSG("\tor using mode where DRBG API is not available"); - (void)nm; - return WOLFSSL_FATAL_ERROR; -#endif /* WOLFSSL_EGD_NBLOCK */ + /* MSVC warns without the cast */ + return (word32)-1; } -#endif /* !FREERTOS_TCP */ - -void wolfSSL_RAND_Cleanup(void) +int oid2nid(word32 oid, int grp) { -#ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->cleanup) - gRandMethods->cleanup(); - wc_UnLockMutex(&gRandMethodMutex); - } + size_t i; + /* get OID type */ + switch (grp) { + /* oidHashType */ + case oidHashType: + switch (oid) { + #ifdef WOLFSSL_MD2 + case MD2h: + return NID_md2; + #endif + #ifndef NO_MD5 + case MD5h: + return NID_md5; + #endif + #ifndef NO_SHA + case SHAh: + return NID_sha1; + #endif + case SHA224h: + return NID_sha224; + #ifndef NO_SHA256 + case SHA256h: + return NID_sha256; + #endif + #ifdef WOLFSSL_SHA384 + case SHA384h: + return NID_sha384; + #endif + #ifdef WOLFSSL_SHA512 + case SHA512h: + return NID_sha512; + #endif + } + break; - #ifndef WOLFSSL_MUTEX_INITIALIZER - if (wc_FreeMutex(&gRandMethodMutex) == 0) - gRandMethodsInit = 0; - #endif -#endif -#ifdef HAVE_GLOBAL_RNG - if (wc_LockMutex(&globalRNGMutex) == 0) { - if (initGlobalRNG) { - wc_FreeRng(&globalRNG); - initGlobalRNG = 0; - } - wc_UnLockMutex(&globalRNGMutex); - } -#endif -} + /* oidSigType */ + case oidSigType: + switch (oid) { + #ifndef NO_DSA + case CTC_SHAwDSA: + return NID_dsaWithSHA1; + case CTC_SHA256wDSA: + return NID_dsa_with_SHA256; + #endif /* NO_DSA */ + #ifndef NO_RSA + case CTC_MD2wRSA: + return NID_md2WithRSAEncryption; + case CTC_MD5wRSA: + return NID_md5WithRSAEncryption; + case CTC_SHAwRSA: + return NID_sha1WithRSAEncryption; + case CTC_SHA224wRSA: + return NID_sha224WithRSAEncryption; + case CTC_SHA256wRSA: + return NID_sha256WithRSAEncryption; + case CTC_SHA384wRSA: + return NID_sha384WithRSAEncryption; + case CTC_SHA512wRSA: + return NID_sha512WithRSAEncryption; + #ifdef WOLFSSL_SHA3 + case CTC_SHA3_224wRSA: + return NID_RSA_SHA3_224; + case CTC_SHA3_256wRSA: + return NID_RSA_SHA3_256; + case CTC_SHA3_384wRSA: + return NID_RSA_SHA3_384; + case CTC_SHA3_512wRSA: + return NID_RSA_SHA3_512; + #endif + #ifdef WC_RSA_PSS + case CTC_RSASSAPSS: + return NID_rsassaPss; + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + case CTC_SHAwECDSA: + return NID_ecdsa_with_SHA1; + case CTC_SHA224wECDSA: + return NID_ecdsa_with_SHA224; + case CTC_SHA256wECDSA: + return NID_ecdsa_with_SHA256; + case CTC_SHA384wECDSA: + return NID_ecdsa_with_SHA384; + case CTC_SHA512wECDSA: + return NID_ecdsa_with_SHA512; + #ifdef WOLFSSL_SHA3 + case CTC_SHA3_224wECDSA: + return NID_ecdsa_with_SHA3_224; + case CTC_SHA3_256wECDSA: + return NID_ecdsa_with_SHA3_256; + case CTC_SHA3_384wECDSA: + return NID_ecdsa_with_SHA3_384; + case CTC_SHA3_512wECDSA: + return NID_ecdsa_with_SHA3_512; + #endif + #endif /* HAVE_ECC */ + } + break; + + /* oidKeyType */ + case oidKeyType: + switch (oid) { + #ifndef NO_DSA + case DSAk: + return NID_dsa; + #endif /* NO_DSA */ + #ifndef NO_RSA + case RSAk: + return NID_rsaEncryption; + #ifdef WC_RSA_PSS + case RSAPSSk: + return NID_rsassaPss; + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + return NID_X9_62_id_ecPublicKey; + #endif /* HAVE_ECC */ + } + break; + + + #ifdef HAVE_ECC + case oidCurveType: + switch (oid) { + case ECC_SECP192R1_OID: + return NID_X9_62_prime192v1; + case ECC_PRIME192V2_OID: + return NID_X9_62_prime192v2; + case ECC_PRIME192V3_OID: + return NID_X9_62_prime192v3; + case ECC_PRIME239V1_OID: + return NID_X9_62_prime239v1; + case ECC_PRIME239V2_OID: + return NID_X9_62_prime239v2; + case ECC_PRIME239V3_OID: + return NID_X9_62_prime239v3; + case ECC_SECP256R1_OID: + return NID_X9_62_prime256v1; + case ECC_SECP112R1_OID: + return NID_secp112r1; + case ECC_SECP112R2_OID: + return NID_secp112r2; + case ECC_SECP128R1_OID: + return NID_secp128r1; + case ECC_SECP128R2_OID: + return NID_secp128r2; + case ECC_SECP160R1_OID: + return NID_secp160r1; + case ECC_SECP160R2_OID: + return NID_secp160r2; + case ECC_SECP224R1_OID: + return NID_secp224r1; + case ECC_SECP384R1_OID: + return NID_secp384r1; + case ECC_SECP521R1_OID: + return NID_secp521r1; + case ECC_SECP160K1_OID: + return NID_secp160k1; + case ECC_SECP192K1_OID: + return NID_secp192k1; + case ECC_SECP224K1_OID: + return NID_secp224k1; + case ECC_SECP256K1_OID: + return NID_secp256k1; + case ECC_BRAINPOOLP160R1_OID: + return NID_brainpoolP160r1; + case ECC_BRAINPOOLP192R1_OID: + return NID_brainpoolP192r1; + case ECC_BRAINPOOLP224R1_OID: + return NID_brainpoolP224r1; + case ECC_BRAINPOOLP256R1_OID: + return NID_brainpoolP256r1; + case ECC_BRAINPOOLP320R1_OID: + return NID_brainpoolP320r1; + case ECC_BRAINPOOLP384R1_OID: + return NID_brainpoolP384r1; + case ECC_BRAINPOOLP512R1_OID: + return NID_brainpoolP512r1; + } + break; + #endif /* HAVE_ECC */ -/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ -int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) -{ - int ret; - int hash; - byte secret[DRBG_SEED_LEN]; /* secret length arbitrarily chosen */ + /* oidBlkType */ + case oidBlkType: + switch (oid) { + #ifdef WOLFSSL_AES_128 + case AES128CBCb: + return AES128CBCb; + #endif + #ifdef WOLFSSL_AES_192 + case AES192CBCb: + return AES192CBCb; + #endif + #ifdef WOLFSSL_AES_256 + case AES256CBCb: + return AES256CBCb; + #endif + #ifndef NO_DES3 + case DESb: + return NID_des; + case DES3b: + return NID_des3; + #endif + } + break; -#ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->pseudorand) { - ret = gRandMethods->pseudorand(buf, num); - wc_UnLockMutex(&gRandMethodMutex); - return ret; - } - wc_UnLockMutex(&gRandMethodMutex); - } -#endif + #ifdef HAVE_OCSP + case oidOcspType: + switch (oid) { + case OCSP_BASIC_OID: + return NID_id_pkix_OCSP_basic; + case OCSP_NONCE_OID: + return OCSP_NONCE_OID; + } + break; + #endif /* HAVE_OCSP */ -#ifdef WOLFSSL_HAVE_PRF - #ifndef NO_SHA256 - hash = WC_SHA256; - #elif defined(WOLFSSL_SHA384) - hash = WC_SHA384; - #elif !defined(NO_SHA) - hash = WC_SHA; - #elif !defined(NO_MD5) - hash = WC_MD5; - #endif + /* oidCertExtType */ + case oidCertExtType: + switch (oid) { + case BASIC_CA_OID: + return NID_basic_constraints; + case ALT_NAMES_OID: + return NID_subject_alt_name; + case CRL_DIST_OID: + return NID_crl_distribution_points; + case AUTH_INFO_OID: + return NID_info_access; + case AUTH_KEY_OID: + return NID_authority_key_identifier; + case SUBJ_KEY_OID: + return NID_subject_key_identifier; + case INHIBIT_ANY_OID: + return NID_inhibit_any_policy; + case KEY_USAGE_OID: + return NID_key_usage; + case NAME_CONS_OID: + return NID_name_constraints; + case CERT_POLICY_OID: + return NID_certificate_policies; + case EXT_KEY_USAGE_OID: + return NID_ext_key_usage; + } + break; - /* get secret value from source of entropy */ - ret = wolfSSL_RAND_bytes(secret, DRBG_SEED_LEN); + /* oidCertAuthInfoType */ + case oidCertAuthInfoType: + switch (oid) { + case AIA_OCSP_OID: + return NID_ad_OCSP; + case AIA_CA_ISSUER_OID: + return NID_ad_ca_issuers; + } + break; - /* uses input buffer to seed for pseudo random number generation, each - * thread will potentially have different results this way */ - if (ret == WOLFSSL_SUCCESS) { - PRIVATE_KEY_UNLOCK(); - ret = wc_PRF(buf, num, secret, DRBG_SEED_LEN, (const byte*)buf, num, - hash, NULL, INVALID_DEVID); - PRIVATE_KEY_LOCK(); - ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } -#else - /* fall back to just doing wolfSSL_RAND_bytes if PRF not avialbale */ - ret = wolfSSL_RAND_bytes(buf, num); - (void)hash; - (void)secret; -#endif - return ret; -} + /* oidCertPolicyType */ + case oidCertPolicyType: + switch (oid) { + case CP_ANY_OID: + return NID_any_policy; + } + break; -/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ -int wolfSSL_RAND_bytes(unsigned char* buf, int num) -{ - int ret = 0; - WC_RNG* rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRNG = NULL; -#else - WC_RNG tmpRNG[1]; -#endif - int initTmpRng = 0; -#ifdef HAVE_GLOBAL_RNG - int used_global = 0; -#endif + /* oidCertAltNameType */ + case oidCertAltNameType: + switch (oid) { + case HW_NAME_OID: + return NID_hw_name_oid; + } + break; - WOLFSSL_ENTER("wolfSSL_RAND_bytes"); - /* sanity check */ - if (buf == NULL || num < 0) - /* return code compliant with OpenSSL */ - return 0; + /* oidCertKeyUseType */ + case oidCertKeyUseType: + switch (oid) { + case EKU_ANY_OID: + return NID_anyExtendedKeyUsage; + case EKU_SERVER_AUTH_OID: + return EKU_SERVER_AUTH_OID; + case EKU_CLIENT_AUTH_OID: + return EKU_CLIENT_AUTH_OID; + case EKU_OCSP_SIGN_OID: + return EKU_OCSP_SIGN_OID; + } + break; - /* if a RAND callback has been set try and use it */ -#ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->bytes) { - ret = gRandMethods->bytes(buf, num); - wc_UnLockMutex(&gRandMethodMutex); - return ret; - } - wc_UnLockMutex(&gRandMethodMutex); - } -#endif -#ifdef HAVE_GLOBAL_RNG - if (initGlobalRNG) { - if (wc_LockMutex(&globalRNGMutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rng"); - return ret; - } + /* oidKdfType */ + case oidKdfType: + switch (oid) { + case PBKDF2_OID: + return PBKDF2_OID; + } + break; - rng = &globalRNG; - used_global = 1; - } - else -#endif - { - #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return ret; - #endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - } - if (rng) { - /* handles size greater than RNG_MAX_BLOCK_LEN */ - int blockCount = num / RNG_MAX_BLOCK_LEN; + /* oidPBEType */ + case oidPBEType: + switch (oid) { + case PBE_SHA1_RC4_128: + return PBE_SHA1_RC4_128; + case PBE_SHA1_DES: + return PBE_SHA1_DES; + case PBE_SHA1_DES3: + return PBE_SHA1_DES3; + } + break; - while (blockCount--) { - ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN); - if (ret != 0) { - WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); - break; + /* oidKeyWrapType */ + case oidKeyWrapType: + switch (oid) { + #ifdef WOLFSSL_AES_128 + case AES128_WRAP: + return AES128_WRAP; + #endif + #ifdef WOLFSSL_AES_192 + case AES192_WRAP: + return AES192_WRAP; + #endif + #ifdef WOLFSSL_AES_256 + case AES256_WRAP: + return AES256_WRAP; + #endif + } + break; + + /* oidCmsKeyAgreeType */ + case oidCmsKeyAgreeType: + switch (oid) { + #ifndef NO_SHA + case dhSinglePass_stdDH_sha1kdf_scheme: + return dhSinglePass_stdDH_sha1kdf_scheme; + #endif + #ifdef WOLFSSL_SHA224 + case dhSinglePass_stdDH_sha224kdf_scheme: + return dhSinglePass_stdDH_sha224kdf_scheme; + #endif + #ifndef NO_SHA256 + case dhSinglePass_stdDH_sha256kdf_scheme: + return dhSinglePass_stdDH_sha256kdf_scheme; + #endif + #ifdef WOLFSSL_SHA384 + case dhSinglePass_stdDH_sha384kdf_scheme: + return dhSinglePass_stdDH_sha384kdf_scheme; + #endif + #ifdef WOLFSSL_SHA512 + case dhSinglePass_stdDH_sha512kdf_scheme: + return dhSinglePass_stdDH_sha512kdf_scheme; + #endif } - num -= RNG_MAX_BLOCK_LEN; - buf += RNG_MAX_BLOCK_LEN; - } + break; - if (ret == 0 && num) - ret = wc_RNG_GenerateBlock(rng, buf, num); +#ifdef WOLFSSL_CERT_REQ + case oidCsrAttrType: + switch (oid) { + case PKCS9_CONTENT_TYPE_OID: + return NID_pkcs9_contentType; + case CHALLENGE_PASSWORD_OID: + return NID_pkcs9_challengePassword; + case SERIAL_NUMBER_OID: + return NID_serialNumber; + case USER_ID_OID: + return NID_userId; + } + break; +#endif - if (ret != 0) - WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); - else - ret = WOLFSSL_SUCCESS; + default: + WOLFSSL_MSG("OID not in table"); + } + /* If not found in above switch then try the table */ + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { + if (wolfssl_object_info[i].id == (int)oid) { + return wolfssl_object_info[i].nid; + } } -#ifdef HAVE_GLOBAL_RNG - if (used_global == 1) - wc_UnLockMutex(&globalRNGMutex); -#endif - if (initTmpRng) - wc_FreeRng(tmpRNG); -#ifdef WOLFSSL_SMALL_STACK - if (tmpRNG) - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); -#endif - - return ret; + return -1; } - -int wolfSSL_RAND_poll(void) +/* frees all nodes in the current threads error queue + * + * id thread id. ERR_remove_state is depreciated and id is ignored. The + * current threads queue will be free'd. + */ +void wolfSSL_ERR_remove_state(unsigned long id) { - byte entropy[16]; - int ret = 0; - word32 entropy_sz = 16; - - WOLFSSL_ENTER("wolfSSL_RAND_poll"); - if (initGlobalRNG == 0){ - WOLFSSL_MSG("Global RNG no Init"); - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_ERR_remove_state"); + (void)id; + if (wc_ERR_remove_state() != 0) { + WOLFSSL_MSG("Error with removing the state"); } - ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); - if (ret != 0){ - WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); - ret = WOLFSSL_FAILURE; - }else - ret = WOLFSSL_SUCCESS; - - return ret; } - /* If a valid struct is provided with function pointers, will override - RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL - pointer is passed in, it will cancel any previous function overrides. +#endif /* OPENSSL_EXTRA */ - Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ - int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) - { - #ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - gRandMethods = methods; - wc_UnLockMutex(&gRandMethodMutex); - return WOLFSSL_SUCCESS; - } - #else - (void)methods; - #endif - return WOLFSSL_FAILURE; - } +#ifdef OPENSSL_ALL - /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ - int wolfSSL_RAND_status(void) - { - int ret = WOLFSSL_SUCCESS; - #ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->status) - ret = gRandMethods->status(); - wc_UnLockMutex(&gRandMethodMutex); - } - else { - ret = WOLFSSL_FAILURE; - } - #else - /* wolfCrypt provides enough seed internally, so return success */ - #endif - return ret; - } +#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - void wolfSSL_RAND_add(const void* add, int len, double entropy) - { - #ifndef WOLFSSL_NO_OPENSSL_RAND_CB - if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { - if (gRandMethods && gRandMethods->add) { - /* callback has return code, but RAND_add does not */ - (void)gRandMethods->add(add, len, entropy); +static int bio_get_data(WOLFSSL_BIO* bio, byte** data) +{ + int ret = 0; + byte* mem = NULL; + + ret = wolfSSL_BIO_get_len(bio); + if (ret > 0) { + mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (mem == NULL) { + WOLFSSL_MSG("Memory error"); + ret = MEMORY_E; + } + if (ret >= 0) { + if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { + XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + ret = MEMORY_E; + mem = NULL; } - wc_UnLockMutex(&gRandMethodMutex); } - #else - /* wolfSSL seeds/adds internally, use explicit RNG if you want - to take control */ - (void)add; - (void)len; - (void)entropy; - #endif } -#endif /* OPENSSL_EXTRA */ - -/******************************************************************************* - * END OF RAND API - ******************************************************************************/ - -/******************************************************************************* - * START OF EVP_CIPHER API - ******************************************************************************/ - -#ifdef OPENSSL_EXTRA - - /* store for external read of iv, WOLFSSL_SUCCESS on success */ - int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_StoreExternalIV"); + *data = mem; - if (ctx == NULL) { - WOLFSSL_MSG("Bad function argument"); - return WOLFSSL_FATAL_ERROR; - } + return ret; +} - switch (ctx->cipherType) { -#ifndef NO_AES -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); - break; -#endif -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); - break; -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : - WOLFSSL_MSG("AES CCM"); - XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); - break; -#endif /* HAVE_AESCCM */ -#ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : - WOLFSSL_MSG("AES ECB"); - break; -#endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); - break; -#endif /* WOLFSSL_AES_COUNTER */ -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - break; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - break; -#endif /* WOLFSSL_AES_OFB */ -#ifdef WOLFSSL_AES_XTS - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - break; -#endif /* WOLFSSL_AES_XTS */ -#endif /* NO_AES */ +/* DER data is PKCS#8 encrypted. */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, + wc_pem_password_cb* cb, + void* ctx) +{ + int ret; + byte* der; + int len; + byte* p; + word32 algId; + WOLFSSL_EVP_PKEY* key; -#ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : - WOLFSSL_MSG("ARIA GCM"); - XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE); - break; -#endif /* HAVE_ARIA */ + if ((len = bio_get_data(bio, &der)) < 0) + return NULL; -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); - break; + if (cb != NULL) { + char password[NAME_SZ]; + int passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); + if (passwordSz < 0) { + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wolfSSL_d2i_PKCS8PrivateKey_bio password", password, + passwordSz); + #endif - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES EDE3 CBC"); - XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); - break; -#endif -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - WOLFSSL_MSG("DES ECB"); - break; - case DES_EDE3_ECB_TYPE : - WOLFSSL_MSG("DES3 ECB"); - break; -#endif - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - break; + ret = ToTraditionalEnc(der, (word32)len, password, passwordSz, &algId); + if (ret < 0) { + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: - break; -#endif + ForceZero(password, (word32)passwordSz); + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(password, passwordSz); + #endif + } -#ifdef HAVE_CHACHA - case CHACHA20_TYPE: - break; -#endif + p = der; + key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len); + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return key; +} -#ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: - break; -#endif -#ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: - WOLFSSL_MSG("SM4 CBC"); - XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); - break; -#endif -#ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: - WOLFSSL_MSG("SM4 CTR"); - XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); - break; -#endif -#ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: - WOLFSSL_MSG("SM4 GCM"); - XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); - break; -#endif -#ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: - WOLFSSL_MSG("SM4 CCM"); - XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); - break; -#endif +#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL"); - break; +/* Detect which type of key it is before decoding. */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, + const unsigned char** pp, + long length) +{ + int ret; + WOLFSSL_EVP_PKEY* key = NULL; + const byte* der = *pp; + word32 idx = 0; + int len = 0; + int cnt = 0; + word32 algId; + word32 keyLen = (word32)length; - default: { - WOLFSSL_MSG("bad type"); - return WOLFSSL_FATAL_ERROR; + /* Take off PKCS#8 wrapper if found. */ + if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) { + der += idx; + keyLen = (word32)len; + } + idx = 0; + len = 0; + + /* Use the number of elements in the outer sequence to determine key type. + */ + ret = GetSequence(der, &idx, &len, keyLen); + if (ret >= 0) { + word32 end = idx + len; + while (ret >= 0 && idx < end) { + /* Skip type */ + idx++; + /* Get length and skip over - keeping count */ + len = 0; + ret = GetLength(der, &idx, &len, keyLen); + if (ret >= 0) { + if (idx + len > end) + ret = ASN_PARSE_E; + else { + idx += len; + cnt++; + } } } - return WOLFSSL_SUCCESS; } - /* set internal IV from external, WOLFSSL_SUCCESS on success */ - int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) - { + if (ret >= 0) { + int type; + /* ECC includes version, private[, curve][, public key] */ + if (cnt >= 2 && cnt <= 4) + type = EVP_PKEY_EC; + else + type = EVP_PKEY_RSA; - WOLFSSL_ENTER("wolfSSL_SetInternalIV"); + key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); + *pp = der; + } - if (ctx == NULL) { - WOLFSSL_MSG("Bad function argument"); - return WOLFSSL_FATAL_ERROR; - } + return key; +} +#endif /* OPENSSL_ALL */ - switch (ctx->cipherType) { +#ifdef WOLFSSL_STATIC_EPHEMERAL +int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) +{ + int ret; + word32 idx = 0; + DerBuffer* der = NULL; -#ifndef NO_AES -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); - break; -#endif -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); - break; -#endif -#ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : - WOLFSSL_MSG("AES ECB"); - break; + if (ssl == NULL || ssl->ctx == NULL || keyPtr == NULL) { + return BAD_FUNC_ARG; + } + +#ifndef SINGLE_THREADED + if (!ssl->ctx->staticKELockInit) { + return BUFFER_E; /* no keys set */ + } + ret = wc_LockMutex(&ssl->ctx->staticKELock); + if (ret != 0) { + return ret; + } #endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); - break; + + ret = BUFFER_E; /* set default error */ + switch (keyAlgo) { + #ifndef NO_DH + case WC_PK_TYPE_DH: + if (ssl != NULL) + der = ssl->staticKE.dhKey; + if (der == NULL) + der = ssl->ctx->staticKE.dhKey; + if (der != NULL) { + DhKey* key = (DhKey*)keyPtr; + WOLFSSL_MSG("Using static DH key"); + ret = wc_DhKeyDecode(der->buffer, &idx, key, der->length); + } + break; + #endif + #ifdef HAVE_ECC + case WC_PK_TYPE_ECDH: + if (ssl != NULL) + der = ssl->staticKE.ecKey; + if (der == NULL) + der = ssl->ctx->staticKE.ecKey; + if (der != NULL) { + ecc_key* key = (ecc_key*)keyPtr; + WOLFSSL_MSG("Using static ECDH key"); + ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, + der->length); + } + break; + #endif + #ifdef HAVE_CURVE25519 + case WC_PK_TYPE_CURVE25519: + if (ssl != NULL) + der = ssl->staticKE.x25519Key; + if (der == NULL) + der = ssl->ctx->staticKE.x25519Key; + if (der != NULL) { + curve25519_key* key = (curve25519_key*)keyPtr; + WOLFSSL_MSG("Using static X25519 key"); + ret = wc_Curve25519PrivateKeyDecode(der->buffer, &idx, key, + der->length); + } + break; + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + if (ssl != NULL) + der = ssl->staticKE.x448Key; + if (der == NULL) + der = ssl->ctx->staticKE.x448Key; + if (der != NULL) { + curve448_key* key = (curve448_key*)keyPtr; + WOLFSSL_MSG("Using static X448 key"); + ret = wc_Curve448PrivateKeyDecode(der->buffer, &idx, key, + der->length); + } + break; + #endif + default: + /* not supported */ + ret = NOT_COMPILED_IN; + break; + } + +#ifndef SINGLE_THREADED + wc_UnLockMutex(&ssl->ctx->staticKELock); #endif + return ret; +} -#endif /* NO_AES */ +static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx, + StaticKeyExchangeInfo_t* staticKE, int keyAlgo, const char* key, + unsigned int keySz, int format, void* heap) +{ + int ret = 0; + DerBuffer* der = NULL; + byte* keyBuf = NULL; +#ifndef NO_FILESYSTEM + const char* keyFile = NULL; +#endif -#ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : - WOLFSSL_MSG("ARIA GCM"); - XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE); - break; -#endif /* HAVE_ARIA */ + /* allow empty key to free buffer */ + if (staticKE == NULL || (key == NULL && keySz > 0)) { + return BAD_FUNC_ARG; + } -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); - break; + WOLFSSL_ENTER("SetStaticEphemeralKey"); - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES EDE3 CBC"); - XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE); - break; -#endif -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - WOLFSSL_MSG("DES ECB"); - break; - case DES_EDE3_ECB_TYPE : - WOLFSSL_MSG("DES3 ECB"); - break; -#endif + /* if just free'ing key then skip loading */ + if (key != NULL) { + #ifndef NO_FILESYSTEM + /* load file from filesystem */ + if (key != NULL && keySz == 0) { + size_t keyBufSz = 0; + keyFile = (const char*)key; + ret = wc_FileLoad(keyFile, &keyBuf, &keyBufSz, heap); + if (ret != 0) { + return ret; + } + keySz = (unsigned int)keyBufSz; + } + else + #endif + { + /* use as key buffer directly */ + keyBuf = (byte*)key; + } - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - break; + if (format == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + int keyFormat = 0; + ret = PemToDer(keyBuf, keySz, PRIVATEKEY_TYPE, &der, + heap, NULL, &keyFormat); + /* auto detect key type */ + if (ret == 0 && keyAlgo == WC_PK_TYPE_NONE) { + if (keyFormat == ECDSAk) + keyAlgo = WC_PK_TYPE_ECDH; + else if (keyFormat == X25519k) + keyAlgo = WC_PK_TYPE_CURVE25519; + else + keyAlgo = WC_PK_TYPE_DH; + } + #else + ret = NOT_COMPILED_IN; + #endif + } + else { + /* Detect PK type (if required) */ + #ifdef HAVE_ECC + if (keyAlgo == WC_PK_TYPE_NONE) { + word32 idx = 0; + ecc_key eccKey; + ret = wc_ecc_init_ex(&eccKey, heap, INVALID_DEVID); + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &eccKey, keySz); + if (ret == 0) + keyAlgo = WC_PK_TYPE_ECDH; + wc_ecc_free(&eccKey); + } + } + #endif + #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) + if (keyAlgo == WC_PK_TYPE_NONE) { + word32 idx = 0; + DhKey dhKey; + ret = wc_InitDhKey_ex(&dhKey, heap, INVALID_DEVID); + if (ret == 0) { + ret = wc_DhKeyDecode(keyBuf, &idx, &dhKey, keySz); + if (ret == 0) + keyAlgo = WC_PK_TYPE_DH; + wc_FreeDhKey(&dhKey); + } + } + #endif + #ifdef HAVE_CURVE25519 + if (keyAlgo == WC_PK_TYPE_NONE) { + word32 idx = 0; + curve25519_key x25519Key; + ret = wc_curve25519_init_ex(&x25519Key, heap, INVALID_DEVID); + if (ret == 0) { + ret = wc_Curve25519PrivateKeyDecode(keyBuf, &idx, + &x25519Key, keySz); + if (ret == 0) + keyAlgo = WC_PK_TYPE_CURVE25519; + wc_curve25519_free(&x25519Key); + } + } + #endif + #ifdef HAVE_CURVE448 + if (keyAlgo == WC_PK_TYPE_NONE) { + word32 idx = 0; + curve448_key x448Key; + ret = wc_curve448_init(&x448Key); + if (ret == 0) { + ret = wc_Curve448PrivateKeyDecode(keyBuf, &idx, &x448Key, + keySz); + if (ret == 0) + keyAlgo = WC_PK_TYPE_CURVE448; + wc_curve448_free(&x448Key); + } + } + #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: - break; -#endif + if (keyAlgo != WC_PK_TYPE_NONE) { + ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap); + if (ret == 0) { + XMEMCPY(der->buffer, keyBuf, keySz); + } + } + } + } -#ifdef HAVE_CHACHA - case CHACHA20_TYPE: - break; +#ifndef NO_FILESYSTEM + /* done with keyFile buffer */ + if (keyFile && keyBuf) { + XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); + } #endif -#ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: - break; +#ifndef SINGLE_THREADED + if (ret == 0 && !ctx->staticKELockInit) { + ret = wc_InitMutex(&ctx->staticKELock); + if (ret == 0) { + ctx->staticKELockInit = 1; + } + } #endif -#ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: - WOLFSSL_MSG("SM4 CBC"); - XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + if (ret == 0 + #ifndef SINGLE_THREADED + && (ret = wc_LockMutex(&ctx->staticKELock)) == 0 + #endif + ) { + switch (keyAlgo) { + #ifndef NO_DH + case WC_PK_TYPE_DH: + FreeDer(&staticKE->dhKey); + staticKE->dhKey = der; der = NULL; break; -#endif -#ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: - WOLFSSL_MSG("SM4 CTR"); - XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + #endif + #ifdef HAVE_ECC + case WC_PK_TYPE_ECDH: + FreeDer(&staticKE->ecKey); + staticKE->ecKey = der; der = NULL; break; -#endif -#ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: - WOLFSSL_MSG("SM4 GCM"); - XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + #endif + #ifdef HAVE_CURVE25519 + case WC_PK_TYPE_CURVE25519: + FreeDer(&staticKE->x25519Key); + staticKE->x25519Key = der; der = NULL; break; -#endif -#ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: - WOLFSSL_MSG("SM4 CCM"); - XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + FreeDer(&staticKE->x448Key); + staticKE->x448Key = der; der = NULL; break; -#endif - - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL"); + #endif + default: + /* not supported */ + ret = NOT_COMPILED_IN; break; - - default: { - WOLFSSL_MSG("bad type"); - return WOLFSSL_FATAL_ERROR; - } } - return WOLFSSL_SUCCESS; - } - -#ifndef NO_DES3 - -void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, - unsigned char* iv, int len) -{ - (void)len; - WOLFSSL_MSG("wolfSSL_3des_iv"); - - if (ctx == NULL || iv == NULL) { - WOLFSSL_MSG("Bad function argument"); - return; + #ifndef SINGLE_THREADED + wc_UnLockMutex(&ctx->staticKELock); + #endif } - if (doset) - wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */ - else - XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); -} - -#endif /* NO_DES3 */ - + if (ret != 0) { + FreeDer(&der); + } -#ifndef NO_AES + (void)ctx; /* not used for single threaded */ -void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, - unsigned char* iv, int len) -{ - (void)len; + WOLFSSL_LEAVE("SetStaticEphemeralKey", ret); - WOLFSSL_MSG("wolfSSL_aes_ctr_iv"); + return ret; +} - if (ctx == NULL || iv == NULL) { - WOLFSSL_MSG("Bad function argument"); - return; +int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, + const char* key, unsigned int keySz, int format) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; } - - if (doset) - (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ - else - XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); + return SetStaticEphemeralKey(ctx, &ctx->staticKE, keyAlgo, + key, keySz, format, ctx->heap); +} +int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, + const char* key, unsigned int keySz, int format) +{ + if (ssl == NULL || ssl->ctx == NULL) { + return BAD_FUNC_ARG; + } + return SetStaticEphemeralKey(ssl->ctx, &ssl->staticKE, keyAlgo, + key, keySz, format, ssl->heap); } -#endif /* NO_AES */ +static int GetStaticEphemeralKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + int keyAlgo, const unsigned char** key, unsigned int* keySz) +{ + int ret = 0; + DerBuffer* der = NULL; -#endif /* OPENSSL_EXTRA */ + if (key) *key = NULL; + if (keySz) *keySz = 0; -/******************************************************************************* - * END OF EVP_CIPHER API - ******************************************************************************/ +#ifndef SINGLE_THREADED + if (ctx->staticKELockInit && + (ret = wc_LockMutex(&ctx->staticKELock)) != 0) { + return ret; + } +#endif -#ifndef NO_CERTS + switch (keyAlgo) { + #ifndef NO_DH + case WC_PK_TYPE_DH: + if (ssl != NULL) + der = ssl->staticKE.dhKey; + if (der == NULL) + der = ctx->staticKE.dhKey; + break; + #endif + #ifdef HAVE_ECC + case WC_PK_TYPE_ECDH: + if (ssl != NULL) + der = ssl->staticKE.ecKey; + if (der == NULL) + der = ctx->staticKE.ecKey; + break; + #endif + #ifdef HAVE_CURVE25519 + case WC_PK_TYPE_CURVE25519: + if (ssl != NULL) + der = ssl->staticKE.x25519Key; + if (der == NULL) + der = ctx->staticKE.x25519Key; + break; + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + if (ssl != NULL) + der = ssl->staticKE.x448Key; + if (der == NULL) + der = ctx->staticKE.x448Key; + break; + #endif + default: + /* not supported */ + ret = NOT_COMPILED_IN; + break; + } -#define WOLFSSL_X509_STORE_INCLUDED -#include + if (der) { + if (key) + *key = der->buffer; + if (keySz) + *keySz = der->length; + } -/******************************************************************************* - * START OF PKCS7 APIs - ******************************************************************************/ -#ifdef HAVE_PKCS7 +#ifndef SINGLE_THREADED + wc_UnLockMutex(&ctx->staticKELock); +#endif -#ifdef OPENSSL_ALL -PKCS7* wolfSSL_PKCS7_new(void) -{ - WOLFSSL_PKCS7* pkcs7; - int ret = 0; + return ret; +} - pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(WOLFSSL_PKCS7), NULL, - DYNAMIC_TYPE_PKCS7); - if (pkcs7 != NULL) { - XMEMSET(pkcs7, 0, sizeof(WOLFSSL_PKCS7)); - ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID); +/* returns pointer to currently loaded static ephemeral as ASN.1 */ +/* this can be converted to PEM using wc_DerToPem */ +int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, + const unsigned char** key, unsigned int* keySz) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; } - if (ret != 0 && pkcs7 != NULL) { - XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7); - pkcs7 = NULL; + return GetStaticEphemeralKey(ctx, NULL, keyAlgo, key, keySz); +} +int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, + const unsigned char** key, unsigned int* keySz) +{ + if (ssl == NULL || ssl->ctx == NULL) { + return BAD_FUNC_ARG; } - return (PKCS7*)pkcs7; + return GetStaticEphemeralKey(ssl->ctx, ssl, keyAlgo, key, keySz); } -/****************************************************************************** -* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data -* -* RETURNS: -* returns pointer to the PKCS7 structure on success, otherwise returns NULL -*/ -PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void) -{ - byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02}; - PKCS7* pkcs7 = NULL; +#endif /* WOLFSSL_STATIC_EPHEMERAL */ - if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL) - return NULL; - pkcs7->contentOID = SIGNED_DATA; - if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) { - if (pkcs7) { - wolfSSL_PKCS7_free(pkcs7); - return NULL; - } - } - return pkcs7; +#if defined(OPENSSL_EXTRA) +/* wolfSSL_THREADID_current is provided as a compat API with + * CRYPTO_THREADID_current to register current thread id into given id object. + * However, CRYPTO_THREADID_current API has been deprecated and no longer + * exists in the OpenSSL 1.0.0 or later.This API only works as a stub + * like as existing wolfSSL_THREADID_set_numeric. + */ +void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id) +{ + (void)id; + return; } - -void wolfSSL_PKCS7_free(PKCS7* pkcs7) +/* wolfSSL_THREADID_hash is provided as a compatible API with + * CRYPTO_THREADID_hash which returns a hash value calculated from the + * specified thread id. However, CRYPTO_THREADID_hash API has been + * deprecated and no longer exists in the OpenSSL 1.0.0 or later. + * This API only works as a stub to returns 0. This behavior is + * equivalent to the latest OpenSSL CRYPTO_THREADID_hash. + */ +unsigned long wolfSSL_THREADID_hash(const WOLFSSL_CRYPTO_THREADID* id) { - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - - if (p7 != NULL) { - if (p7->data != NULL) - XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); - wc_PKCS7_Free(&p7->pkcs7); - if (p7->certs) - wolfSSL_sk_pop_free(p7->certs, NULL); - XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7); - } + (void)id; + return 0UL; +} +/* wolfSSL_set_ecdh_auto is provided as compatible API with + * SSL_set_ecdh_auto to enable auto ecdh curve selection functionality. + * Since this functionality is enabled by default in wolfSSL, + * this API exists as a stub. + */ +int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff) +{ + (void)ssl; + (void)onoff; + return WOLFSSL_SUCCESS; +} +/* wolfSSL_CTX_set_ecdh_auto is provided as compatible API with + * SSL_CTX_set_ecdh_auto to enable auto ecdh curve selection functionality. + * Since this functionality is enabled by default in wolfSSL, + * this API exists as a stub. + */ +int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff) +{ + (void)ctx; + (void)onoff; + return WOLFSSL_SUCCESS; } -void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7) +/* wolfSSL_CTX_set_dh_auto is provided as compatible API with + * SSL_CTX_set_dh_auto to enable auto dh selection functionality. + * Since this functionality is enabled by default in wolfSSL, + * this API exists as a stub. + */ +int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff) { - wolfSSL_PKCS7_free(p7); - return; + (void)ctx; + (void)onoff; + return WOLFSSL_SUCCESS; } /** - * Convert DER/ASN.1 encoded signedData structure to internal PKCS7 - * structure. Note, does not support detached content. - * - * p7 - pointer to set to address of newly created PKCS7 structure on return - * in - pointer to pointer of DER/ASN.1 data - * len - length of input data, bytes - * - * Returns newly allocated and populated PKCS7 structure or NULL on error. + * set security level (wolfSSL doesn't support security level) + * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure + * @param level security level */ -PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len) +void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level) { - return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0); + WOLFSSL_ENTER("wolfSSL_CTX_set_security_level"); + (void)ctx; + (void)level; } - -/* This internal function is only decoding and setting up the PKCS7 struct. It -* does not verify the PKCS7 signature. -* -* RETURNS: -* returns pointer to a PKCS7 structure on success, otherwise returns NULL -*/ -static PKCS7* wolfSSL_d2i_PKCS7_only(PKCS7** p7, const unsigned char** in, - int len, byte* content, word32 contentSz) +/** + * get security level (wolfSSL doesn't support security level) + * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure + * @return always 0(level 0) + */ +int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx) { - WOLFSSL_PKCS7* pkcs7 = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex"); + WOLFSSL_ENTER("wolfSSL_CTX_get_security_level"); + (void)ctx; + return 0; +} - if (in == NULL || *in == NULL || len < 0) - return NULL; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) +/* + * This API accepts a user callback which puts key-log records into + * a KEY LOGFILE. The callback is stored into a CTX and propagated to + * each SSL object on its creation timing. + */ +void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx, + wolfSSL_CTX_keylog_cb_func cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback"); + /* stores the callback into WOLFSSL_CTX */ + if (ctx != NULL) { + ctx->keyLogCb = cb; + } +} +wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( + const WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback"); + if (ctx != NULL) + return ctx->keyLogCb; + return NULL; +} +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ - if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) - return NULL; +#endif /* OPENSSL_EXTRA */ - pkcs7->len = len; - pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); - if (pkcs7->data == NULL) { - wolfSSL_PKCS7_free((PKCS7*)pkcs7); - return NULL; - } - XMEMCPY(pkcs7->data, *in, pkcs7->len); +#ifndef NO_CERTS +#define WOLFSSL_X509_INCLUDED +#include "src/x509.c" +#endif - if (content != NULL) { - pkcs7->pkcs7.content = content; - pkcs7->pkcs7.contentSz = contentSz; - } +/******************************************************************************* + * START OF standard C library wrapping APIs + ******************************************************************************/ +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH))) +#ifndef NO_WOLFSSL_STUB +int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, + int), void (*f) (void *)) +{ + (void) m; + (void) r; + (void) f; + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions"); + WOLFSSL_STUB("CRYPTO_set_mem_ex_functions"); - if (p7 != NULL) - *p7 = (PKCS7*)pkcs7; - *in += pkcs7->len; - return (PKCS7*)pkcs7; + return WOLFSSL_FAILURE; } +#endif +#endif +#if defined(OPENSSL_EXTRA) -/***************************************************************************** -* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len -* into a PKCS7 object. Optionally, accepts a byte buffer of content which -* is stored as the PKCS7 object's content, to support detached signatures. -* @param content The content which is signed, in case the signature is -* detached. Ignored if NULL. -* @param contentSz The size of the passed in content. -* -* RETURNS: -* returns pointer to a PKCS7 structure on success, otherwise returns NULL -*/ -PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len, - byte* content, word32 contentSz) +/** + * free allocated memory resource + * @param str a pointer to resource to be freed + * @param file dummy argument + * @param line dummy argument + */ +void wolfSSL_CRYPTO_free(void *str, const char *file, int line) { - WOLFSSL_PKCS7* pkcs7 = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex"); - - if (in == NULL || *in == NULL || len < 0) - return NULL; - - pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_d2i_PKCS7_only(p7, in, len, content, - contentSz); - if (pkcs7 != NULL) { - if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) - != 0) { - WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed"); - wolfSSL_PKCS7_free((PKCS7*)pkcs7); - if (p7 != NULL) { - *p7 = NULL; - } - return NULL; - } - } - - return (PKCS7*)pkcs7; + (void)file; + (void)line; + XFREE(str, 0, DYNAMIC_TYPE_TMP_BUFFER); } - - /** - * This API was added as a helper function for libest. It - * extracts a stack of certificates from the pkcs7 object. - * @param pkcs7 PKCS7 parameter object - * @return WOLFSSL_STACK_OF(WOLFSSL_X509)* + * allocate memory with size of num + * @param num size of memory allocation to be malloced + * @param file dummy argument + * @param line dummy argument + * @return a pointer to allocated memory on succssesful, otherwise NULL */ -WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) +void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line) { - int i; - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL; - - WOLFSSL_ENTER("wolfSSL_PKCS7_to_stack"); - - if (!p7) { - WOLFSSL_MSG("Bad parameter"); - return NULL; - } + (void)file; + (void)line; + return XMALLOC(num, 0, DYNAMIC_TYPE_TMP_BUFFER); +} - if (p7->certs) - return p7->certs; +#endif - for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) { - WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i], - p7->pkcs7.certSz[i], pkcs7->heap); - if (!ret) - ret = wolfSSL_sk_X509_new_null(); - if (x509) { - if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) { - wolfSSL_X509_free(x509); - WOLFSSL_MSG("wolfSSL_sk_X509_push error"); - goto error; - } - } - else { - WOLFSSL_MSG("wolfSSL_X509_d2i error"); - goto error; - } - } +/******************************************************************************* + * END OF standard C library wrapping APIs + ******************************************************************************/ - /* Save stack to free later */ - if (p7->certs) - wolfSSL_sk_pop_free(p7->certs, NULL); - p7->certs = ret; +/******************************************************************************* + * START OF EX_DATA APIs + ******************************************************************************/ +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH))) +void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ + WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); +} +#endif - return ret; -error: - if (ret) { - wolfSSL_sk_pop_free(ret, NULL); +#ifdef HAVE_EX_DATA +void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); +#ifdef MAX_EX_DATA + if(ex_data && idx < MAX_EX_DATA && idx >= 0) { + return ex_data->ex_data[idx]; } +#else + (void)ex_data; + (void)idx; +#endif return NULL; } -/** - * Return stack of signers contained in PKCS7 cert. - * Notes: - * - Currently only PKCS#7 messages with a single signer cert is supported. - * - Returned WOLFSSL_STACK must be freed by caller. - * - * pkcs7 - PKCS7 struct to retrieve signer certs from. - * certs - currently unused - * flags - flags to control function behavior. - * - * Return WOLFSSL_STACK of signers on success, NULL on error. - */ -WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, - int flags) +int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, + void *data) { - WOLFSSL_X509* x509 = NULL; - WOLFSSL_STACK* signers = NULL; - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - - if (p7 == NULL) - return NULL; - - /* Only PKCS#7 messages with a single cert that is the verifying certificate - * is supported. - */ - if (flags & PKCS7_NOINTERN) { - WOLFSSL_MSG("PKCS7_NOINTERN flag not supported"); - return NULL; - } - - signers = wolfSSL_sk_X509_new_null(); - if (signers == NULL) - return NULL; - - if (wolfSSL_d2i_X509(&x509, (const byte**)&p7->pkcs7.singleCert, - p7->pkcs7.singleCertSz) == NULL) { - wolfSSL_sk_X509_pop_free(signers, NULL); - return NULL; + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data"); +#ifdef MAX_EX_DATA + if (ex_data && idx < MAX_EX_DATA && idx >= 0) { +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS + if (ex_data->ex_data_cleanup_routines[idx]) { + if (ex_data->ex_data[idx]) + ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]); + ex_data->ex_data_cleanup_routines[idx] = NULL; + } +#endif + ex_data->ex_data[idx] = data; + return WOLFSSL_SUCCESS; } +#else + (void)ex_data; + (void)idx; + (void)data; +#endif + return WOLFSSL_FAILURE; +} - if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) { - wolfSSL_sk_X509_pop_free(signers, NULL); - return NULL; +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +int wolfSSL_CRYPTO_set_ex_data_with_cleanup( + WOLFSSL_CRYPTO_EX_DATA* ex_data, + int idx, + void *data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine) +{ + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data_with_cleanup"); + if (ex_data && idx < MAX_EX_DATA && idx >= 0) { + if (ex_data->ex_data_cleanup_routines[idx] && ex_data->ex_data[idx]) + ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]); + ex_data->ex_data[idx] = data; + ex_data->ex_data_cleanup_routines[idx] = cleanup_routine; + return WOLFSSL_SUCCESS; } - - (void)certs; - - return signers; + return WOLFSSL_FAILURE; } +#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ -#ifndef NO_BIO - -PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) +/** + * Issues unique index for the class specified by class_index. + * Other parameter except class_index are ignored. + * Currently, following class_index are accepted: + * - WOLF_CRYPTO_EX_INDEX_SSL + * - WOLF_CRYPTO_EX_INDEX_SSL_CTX + * - WOLF_CRYPTO_EX_INDEX_X509 + * @param class_index index one of CRYPTO_EX_INDEX_xxx + * @param argp parameters to be saved + * @param argl parameters to be saved + * @param new_func a pointer to WOLFSSL_CRYPTO_EX_new + * @param dup_func a pointer to WOLFSSL_CRYPTO_EX_dup + * @param free_func a pointer to WOLFSSL_CRYPTO_EX_free + * @return index value grater or equal to zero on success, -1 on failure. + */ +int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func) { - WOLFSSL_PKCS7* pkcs7; - int ret; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_bio"); + WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_new_index"); - if (bio == NULL) - return NULL; + return wolfssl_get_ex_new_index(class_index, argl, argp, new_func, + dup_func, free_func); +} +#endif /* HAVE_EX_DATA */ - if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) - return NULL; +/******************************************************************************* + * END OF EX_DATA APIs + ******************************************************************************/ - pkcs7->len = wolfSSL_BIO_get_len(bio); - pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); - if (pkcs7->data == NULL) { - wolfSSL_PKCS7_free((PKCS7*)pkcs7); - return NULL; - } +/******************************************************************************* + * START OF BUF_MEM API + ******************************************************************************/ - if ((ret = wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len)) <= 0) { - wolfSSL_PKCS7_free((PKCS7*)pkcs7); - return NULL; - } - /* pkcs7->len may change if using b64 for example */ - pkcs7->len = ret; +#if defined(OPENSSL_EXTRA) - if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) - != 0) { - WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed"); - wolfSSL_PKCS7_free((PKCS7*)pkcs7); - return NULL; +/* Begin functions for openssl/buffer.h */ +WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void) +{ + WOLFSSL_BUF_MEM* buf; + buf = (WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), NULL, + DYNAMIC_TYPE_OPENSSL); + if (buf) { + XMEMSET(buf, 0, sizeof(WOLFSSL_BUF_MEM)); } - - if (p7 != NULL) - *p7 = (PKCS7*)pkcs7; - return (PKCS7*)pkcs7; + return buf; } -int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) +/* non-compat API returns length of buffer on success */ +int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len, + char zeroFill) { - byte* output = NULL; - int localBuf = 0; - int len; - WC_RNG rng; - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_i2d_PKCS7"); - if (!out || !p7) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } + int len_int = (int)len; + int mx; + char* tmp; - if (!p7->rng) { - if (wc_InitRng(&rng) != 0) { - WOLFSSL_MSG("wc_InitRng error"); - return WOLFSSL_FAILURE; - } - p7->rng = &rng; /* cppcheck-suppress autoVariables - */ + /* verify provided arguments */ + if (buf == NULL || len_int < 0) { + return 0; /* BAD_FUNC_ARG; */ } - if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) { - WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); - goto cleanup; + /* check to see if fits in existing length */ + if (buf->length > len) { + buf->length = len; + return len_int; } - if (*out == NULL) { - output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!output) { - WOLFSSL_MSG("malloc error"); - goto cleanup; + /* check to see if fits in max buffer */ + if (buf->max >= len) { + if (buf->data != NULL && zeroFill) { + XMEMSET(&buf->data[buf->length], 0, len - buf->length); } - localBuf = 1; - } - else { - output = *out; - } - - if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) { - WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); - goto cleanup; + buf->length = len; + return len_int; } - ret = len; -cleanup: - if (p7->rng == &rng) { - wc_FreeRng(&rng); - p7->rng = NULL; - } - if (ret == WOLFSSL_FAILURE && localBuf && output) - XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != WOLFSSL_FAILURE) - *out = output; - return ret; -} - -int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) -{ - byte* output = NULL; - int len; - int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); + /* expand size, to handle growth */ + mx = (len_int + 3) / 3 * 4; - if (!bio || !p7) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; + /* use realloc */ + tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp == NULL) { + return 0; /* ERR_R_MALLOC_FAILURE; */ } + buf->data = tmp; - if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) { - WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error"); - goto cleanup; - } + buf->max = (size_t)mx; + if (zeroFill) + XMEMSET(&buf->data[buf->length], 0, len - buf->length); + buf->length = len; - if (wolfSSL_BIO_write(bio, output, len) <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_write error"); - goto cleanup; - } + return len_int; - ret = WOLFSSL_SUCCESS; -cleanup: - if (output) - XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } -/** - * Creates and returns a PKCS7 signedData structure. - * - * Inner content type is set to DATA to match OpenSSL behavior. - * - * signer - certificate to sign bundle with - * pkey - private key matching signer - * certs - optional additional set of certificates to include - * in - input data to be signed - * flags - optional set of flags to control sign behavior - * - * PKCS7_BINARY - Do not translate input data to MIME canonical - * format (\r\n line endings), thus preventing corruption of - * binary content. - * PKCS7_TEXT - Prepend MIME headers for text/plain to content. - * PKCS7_DETACHED - Set signature detached, omit content from output bundle. - * PKCS7_STREAM - initialize PKCS7 struct for signing, do not read data. - * - * Flags not currently supported: - * PKCS7_NOCERTS - Do not include the signer cert in the output bundle. - * PKCS7_PARTIAL - Allow for PKCS7_sign() to be only partially set up, - * then signers etc to be added separately before - * calling PKCS7_final(). - * - * Returns valid PKCS7 structure pointer, or NULL if an error occurred. - */ -PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey, - WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags) +/* returns length of buffer on success */ +int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len) { - int err = 0; - WOLFSSL_PKCS7* p7 = NULL; - WOLFSSL_STACK* cert = certs; + return wolfSSL_BUF_MEM_grow_ex(buf, len, 1); +} - WOLFSSL_ENTER("wolfSSL_PKCS7_sign"); +/* non-compat API returns length of buffer on success */ +int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len) +{ + char* tmp; + int mx; - if (flags & PKCS7_NOCERTS) { - WOLFSSL_MSG("PKCS7_NOCERTS flag not yet supported"); - err = 1; + /* verify provided arguments */ + if (buf == NULL || len == 0 || (int)len <= 0) { + return 0; /* BAD_FUNC_ARG; */ } - if (flags & PKCS7_PARTIAL) { - WOLFSSL_MSG("PKCS7_PARTIAL flag not yet supported"); - err = 1; - } + if (len == buf->length) + return (int)len; - if ((err == 0) && (signer == NULL || signer->derCert == NULL || - signer->derCert->length == 0)) { - WOLFSSL_MSG("Bad function arg, signer is NULL or incomplete"); - err = 1; - } + if (len > buf->length) + return wolfSSL_BUF_MEM_grow_ex(buf, len, 0); - if ((err == 0) && (pkey == NULL || pkey->pkey.ptr == NULL || - pkey->pkey_sz <= 0)) { - WOLFSSL_MSG("Bad function arg, pkey is NULL or incomplete"); - err = 1; - } + /* expand size, to handle growth */ + mx = ((int)len + 3) / 3 * 4; - if ((err == 0) && (in == NULL) && !(flags & PKCS7_STREAM)) { - WOLFSSL_MSG("input data required unless PKCS7_STREAM used"); - err = 1; - } + /* We want to shrink the internal buffer */ + tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp == NULL) + return 0; - if ((err == 0) && ((p7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)) { - WOLFSSL_MSG("Error allocating new WOLFSSL_PKCS7"); - err = 1; - } + buf->data = tmp; + buf->length = len; + buf->max = (size_t)mx; - /* load signer certificate */ - if (err == 0) { - if (wc_PKCS7_InitWithCert(&p7->pkcs7, signer->derCert->buffer, - signer->derCert->length) != 0) { - WOLFSSL_MSG("Failed to load signer certificate"); - err = 1; - } - } + return (int)len; +} - /* set signer private key, data types, defaults */ - if (err == 0) { - p7->pkcs7.privateKey = (byte*)pkey->pkey.ptr; - p7->pkcs7.privateKeySz = pkey->pkey_sz; - p7->pkcs7.contentOID = DATA; /* inner content default is DATA */ - p7->pkcs7.hashOID = SHA256h; /* default to SHA-256 hash type */ - p7->type = SIGNED_DATA; /* PKCS7_final switches on type */ +void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf) +{ + if (buf) { + XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL); + buf->data = NULL; + buf->max = 0; + buf->length = 0; + XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); } +} +/* End Functions for openssl/buffer.h */ - /* add additional chain certs if provided */ - while (cert && (err == 0)) { - if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) { - if (wc_PKCS7_AddCertificate(&p7->pkcs7, - cert->data.x509->derCert->buffer, - cert->data.x509->derCert->length) != 0) { - WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate"); - err = 1; - } - } - cert = cert->next; - } +#endif /* OPENSSL_EXTRA */ - if ((err == 0) && (flags & PKCS7_DETACHED)) { - if (wc_PKCS7_SetDetached(&p7->pkcs7, 1) != 0) { - WOLFSSL_MSG("Failed to set signature detached"); - err = 1; - } - } +/******************************************************************************* + * END OF BUF_MEM API + ******************************************************************************/ - if ((err == 0) && (flags & PKCS7_STREAM)) { - /* if streaming, return before finalizing */ - return (PKCS7*)p7; - } +#define WOLFSSL_CONF_INCLUDED +#include - if ((err == 0) && (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1)) { - WOLFSSL_MSG("Error calling wolfSSL_PKCS7_final"); - err = 1; - } +/******************************************************************************* + * START OF RAND API + ******************************************************************************/ - if ((err != 0) && (p7 != NULL)) { - wolfSSL_PKCS7_free((PKCS7*)p7); - p7 = NULL; +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) +static int wolfSSL_RAND_InitMutex(void) +{ +#ifndef WOLFSSL_MUTEX_INITIALIZER + if (gRandMethodsInit == 0) { + if (wc_InitMutex(&gRandMethodMutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + return BAD_MUTEX_E; + } + gRandMethodsInit = 1; } - - return (PKCS7*)p7; +#endif + return 0; } - -#ifdef HAVE_SMIME - -#ifndef MAX_MIME_LINE_LEN - #define MAX_MIME_LINE_LEN 1024 #endif -/** - * Copy input BIO to output BIO, but convert all line endings to CRLF (\r\n), - * used by PKCS7_final(). - * - * in - input WOLFSSL_BIO to be converted - * out - output WOLFSSL_BIO to hold copy of in, with line endings adjusted +#ifdef OPENSSL_EXTRA + +/* Checks if the global RNG has been created. If not then one is created. * - * Return 0 on success, negative on error + * Returns WOLFSSL_SUCCESS when no error is encountered. */ -static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) +int wolfSSL_RAND_Init(void) { - int ret = 0; - int lineLen = 0; - word32 canonLineLen = 0; - char* canonLine = NULL; -#ifdef WOLFSSL_SMALL_STACK - char* line = NULL; -#else - char line[MAX_MIME_LINE_LEN]; -#endif - - if (in == NULL || out == NULL) { - return BAD_FUNC_ARG; - } - -#ifdef WOLFSSL_SMALL_STACK - line = (char*)XMALLOC(MAX_MIME_LINE_LEN, in->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (line == NULL) { - return MEMORY_E; - } -#endif - XMEMSET(line, 0, MAX_MIME_LINE_LEN); - - while ((lineLen = wolfSSL_BIO_gets(in, line, MAX_MIME_LINE_LEN)) > 0) { - - if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') { - canonLineLen = (word32)lineLen; - if ((canonLine = wc_MIME_single_canonicalize( - line, &canonLineLen)) == NULL) { - ret = -1; - break; - } - - /* remove trailing null */ - if (canonLineLen >= 1 && canonLine[canonLineLen-1] == '\0') { - canonLineLen--; - } - - if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) { - ret = -1; - break; + int ret = WOLFSSL_FAILURE; +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG == 0) { + ret = wc_InitRng(&globalRNG); + if (ret == 0) { + initGlobalRNG = 1; + ret = WOLFSSL_SUCCESS; } - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); - canonLine = NULL; } else { - /* no line ending in current line, write direct to out */ - if (wolfSSL_BIO_write(out, line, lineLen) < 0) { - ret = -1; - break; - } + /* GlobalRNG is already initialized */ + ret = WOLFSSL_SUCCESS; } - } - if (canonLine != NULL) { - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); + wc_UnLockMutex(&globalRNGMutex); } -#ifdef WOLFSSL_SMALL_STACK - XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - return ret; } -#endif /* HAVE_SMIME */ -/* Used by both PKCS7_final() and PKCS7_verify() */ -static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; +/* WOLFSSL_SUCCESS on ok */ +int wolfSSL_RAND_seed(const void* seed, int len) +{ +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->seed) { + int ret = gRandMethods->seed(seed, len); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); + } +#else + (void)seed; + (void)len; +#endif -/** - * Finalize PKCS7 structure, currently supports signedData only. - * - * Does not generate final bundle (ie: signedData), but finalizes - * the PKCS7 structure in preparation for a output function to be called next. + /* Make sure global shared RNG (globalRNG) is initialized */ + return wolfSSL_RAND_Init(); +} + + +/* Returns the path for reading seed data from. + * Uses the env variable $RANDFILE first if set, if not then used $HOME/.rnd * - * pkcs7 - initialized PKCS7 structure, populated with signer, etc - * in - input data - * flags - flags to control PKCS7 behavior. Other flags except those noted - * below are ignored: + * Note uses stdlib by default unless XGETENV macro is overwritten * - * PKCS7_BINARY - Do not translate input data to MIME canonical - * format (\r\n line endings), thus preventing corruption of - * binary content. - * PKCS7_TEXT - Prepend MIME headers for text/plain to content. + * fname buffer to hold path + * len length of fname buffer * - * Returns 1 on success, 0 on error + * Returns a pointer to fname on success and NULL on failure */ -int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags) +const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) { - int ret = 1; - int memSz = 0; - unsigned char* mem = NULL; - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - WOLFSSL_BIO* data = NULL; +#if !defined(NO_FILESYSTEM) && defined(XGETENV) + char* rt; - WOLFSSL_ENTER("wolfSSL_PKCS7_final"); + WOLFSSL_ENTER("wolfSSL_RAND_file_name"); - if (p7 == NULL || in == NULL) { - WOLFSSL_MSG("Bad input args to PKCS7_final"); - ret = 0; + if (fname == NULL) { + return NULL; } - if (ret == 1) { - if ((data = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())) == NULL) { - WOLFSSL_MSG("Error in wolfSSL_BIO_new"); - ret = 0; - } - } + XMEMSET(fname, 0, len); - /* prepend Content-Type header if PKCS7_TEXT */ - if ((ret == 1) && (flags & PKCS7_TEXT)) { - if (wolfSSL_BIO_write(data, contTypeText, - (int)XSTR_SIZEOF(contTypeText)) < 0) { - WOLFSSL_MSG("Error prepending Content-Type header"); - ret = 0; + if ((rt = XGETENV("RANDFILE")) != NULL) { + if (len > XSTRLEN(rt)) { + XMEMCPY(fname, rt, XSTRLEN(rt)); + } + else { + WOLFSSL_MSG("RANDFILE too large for buffer"); + rt = NULL; } } - /* convert line endings to CRLF if !PKCS7_BINARY */ - if (ret == 1) { - if (flags & PKCS7_BINARY) { - - /* no CRLF conversion, direct copy content */ - if ((memSz = wolfSSL_BIO_get_len(in)) <= 0) { - ret = 0; - } - if (ret == 1) { - mem = (unsigned char*)XMALLOC(memSz, in->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - WOLFSSL_MSG("Failed to allocate memory for input data"); - ret = 0; - } - } + /* $RANDFILE was not set or is too large, check $HOME */ + if (rt == NULL) { + const char ap[] = "/.rnd"; - if (ret == 1) { - if (wolfSSL_BIO_read(in, mem, memSz) != memSz) { - WOLFSSL_MSG("Error reading from input BIO"); - ret = 0; - } - else if (wolfSSL_BIO_write(data, mem, memSz) < 0) { - ret = 0; - } - } + WOLFSSL_MSG("Environment variable RANDFILE not set"); - if (mem != NULL) { - XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - } - else { - #ifdef HAVE_SMIME - /* convert content line endings to CRLF */ - if (wolfSSL_BIO_to_MIME_crlf(in, data) != 0) { - WOLFSSL_MSG("Error converting line endings to CRLF"); - ret = 0; - } - else { - p7->pkcs7.contentCRLF = 1; + if ((rt = XGETENV("HOME")) == NULL) { + #ifdef XALTHOMEVARNAME + if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) { + WOLFSSL_MSG("Environment variable HOME and " XALTHOMEVARNAME + " not set"); + return NULL; } - #else - WOLFSSL_MSG("Without PKCS7_BINARY requires wolfSSL to be built " - "with HAVE_SMIME"); - ret = 0; - #endif + #else + WOLFSSL_MSG("Environment variable HOME not set"); + return NULL; + #endif } - } - - if ((ret == 1) && ((memSz = wolfSSL_BIO_get_mem_data(data, &mem)) < 0)) { - WOLFSSL_MSG("Error in wolfSSL_BIO_get_mem_data"); - ret = 0; - } - if (ret == 1) { - if (p7->data != NULL) { - XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); - } - p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7); - if (p7->data == NULL) { - ret = 0; + if (len > XSTRLEN(rt) + XSTRLEN(ap)) { + fname[0] = '\0'; + XSTRNCAT(fname, rt, len); + XSTRNCAT(fname, ap, len - XSTRLEN(rt)); + return fname; } else { - XMEMCPY(p7->data, mem, memSz); - p7->len = memSz; + WOLFSSL_MSG("Path too large for buffer"); + return NULL; } } - if (ret == 1) { - p7->pkcs7.content = p7->data; - p7->pkcs7.contentSz = p7->len; - } - - if (data != NULL) { - wolfSSL_BIO_free(data); - } - - return ret; + return fname; +#else + WOLFSSL_ENTER("wolfSSL_RAND_file_name"); + WOLFSSL_MSG("RAND_file_name requires filesystem and getenv support, " + "not compiled in"); + (void)fname; + (void)len; + return NULL; +#endif } -int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, - WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags) -{ - int i, ret = 0; - unsigned char* mem = NULL; - int memSz = 0; - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - int contTypeLen; - WOLFSSL_X509* signer = NULL; - WOLFSSL_STACK* signers = NULL; - - WOLFSSL_ENTER("wolfSSL_PKCS7_verify"); - - if (pkcs7 == NULL) - return WOLFSSL_FAILURE; - - if (in != NULL) { - if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0) - return WOLFSSL_FAILURE; - - p7->pkcs7.content = mem; - p7->pkcs7.contentSz = memSz; - } - - /* certs is the list of certificates to find the cert with issuer/serial. */ - (void)certs; - /* store is the certificate store to use to verify signer certificate - * associated with the signers. - */ - (void)store; - - ret = wc_PKCS7_VerifySignedData(&p7->pkcs7, p7->data, p7->len); - if (ret != 0) - return WOLFSSL_FAILURE; - - if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) { - /* Verify signer certificates */ - if (store == NULL || store->cm == NULL) { - WOLFSSL_MSG("No store or store certs, but PKCS7_NOVERIFY not set"); - return WOLFSSL_FAILURE; - } - - signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags); - if (signers == NULL) { - WOLFSSL_MSG("No signers found to verify"); - return WOLFSSL_FAILURE; - } - for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) { - signer = wolfSSL_sk_X509_value(signers, i); - - if (wolfSSL_CertManagerVerifyBuffer(store->cm, - signer->derCert->buffer, - signer->derCert->length, - WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Failed to verify signer certificate"); - wolfSSL_sk_X509_pop_free(signers, NULL); - return WOLFSSL_FAILURE; - } - } - wolfSSL_sk_X509_pop_free(signers, NULL); - } - - if (flags & PKCS7_TEXT) { - /* strip MIME header for text/plain, otherwise error */ - contTypeLen = XSTR_SIZEOF(contTypeText); - if ((p7->pkcs7.contentSz < (word32)contTypeLen) || - (XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) { - WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT"); - return WOLFSSL_FAILURE; - } - p7->pkcs7.content += contTypeLen; - p7->pkcs7.contentSz -= contTypeLen; - } - - if (out != NULL) { - wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); - } - - WOLFSSL_LEAVE("wolfSSL_PKCS7_verify", WOLFSSL_SUCCESS); - - return WOLFSSL_SUCCESS; -} -/** - * This API was added as a helper function for libest. It - * encodes a stack of certificates to pkcs7 format. - * @param pkcs7 PKCS7 parameter object - * @param certs WOLFSSL_STACK_OF(WOLFSSL_X509)* - * @param out Output bio - * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure +/* Writes 1024 bytes from the RNG to the given file name. + * + * fname name of file to write to + * + * Returns the number of bytes written */ -int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, - WOLFSSL_BIO* out) +int wolfSSL_RAND_write_file(const char* fname) { - int ret; - WOLFSSL_PKCS7* p7; - WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs"); - - if (!pkcs7 || !certs || !out) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - p7 = (WOLFSSL_PKCS7*)pkcs7; + int bytes = 0; - /* take ownership of certs */ - p7->certs = certs; - /* TODO: takes ownership even on failure below but not on above failure. */ + WOLFSSL_ENTER("wolfSSL_RAND_write_file"); - if (pkcs7->certList) { - WOLFSSL_MSG("wolfSSL_PKCS7_encode_certs called multiple times on same " - "struct"); + if (fname == NULL) { return WOLFSSL_FAILURE; } - if (certs) { - /* Save some of the values */ - int hashOID = pkcs7->hashOID; - byte version = pkcs7->version; - - if (!certs->data.x509 || !certs->data.x509->derCert) { - WOLFSSL_MSG("Missing cert"); +#ifndef NO_FILESYSTEM + { + #ifndef WOLFSSL_SMALL_STACK + unsigned char buf[1024]; + #else + unsigned char* buf = (unsigned char *)XMALLOC(1024, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + WOLFSSL_MSG("malloc failed"); return WOLFSSL_FAILURE; } + #endif + bytes = 1024; /* default size of buf */ - if (wc_PKCS7_InitWithCert(pkcs7, certs->data.x509->derCert->buffer, - certs->data.x509->derCert->length) != 0) { - WOLFSSL_MSG("wc_PKCS7_InitWithCert error"); - return WOLFSSL_FAILURE; + if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No RNG to use"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return 0; } - certs = certs->next; - - pkcs7->hashOID = hashOID; - pkcs7->version = version; - } - /* Add the certs to the PKCS7 struct */ - while (certs) { - if (!certs->data.x509 || !certs->data.x509->derCert) { - WOLFSSL_MSG("Missing cert"); - return WOLFSSL_FAILURE; - } - if (wc_PKCS7_AddCertificate(pkcs7, certs->data.x509->derCert->buffer, - certs->data.x509->derCert->length) != 0) { - WOLFSSL_MSG("wc_PKCS7_AddCertificate error"); - return WOLFSSL_FAILURE; + if (wc_RNG_GenerateBlock(&globalRNG, buf, (word32)bytes) != 0) { + WOLFSSL_MSG("Error generating random buffer"); + bytes = 0; } - certs = certs->next; - } + else { + XFILE f; - if (wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID) != 0) { - WOLFSSL_MSG("wc_PKCS7_SetSignerIdentifierType error"); - return WOLFSSL_FAILURE; - } + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wolfSSL_RAND_write_file buf", buf, bytes); + #endif - ret = wolfSSL_i2d_PKCS7_bio(out, pkcs7); + f = XFOPEN(fname, "wb"); + if (f == XBADFILE) { + WOLFSSL_MSG("Error opening the file"); + bytes = 0; + } + else { + size_t bytes_written = XFWRITE(buf, 1, (size_t)bytes, f); + bytes = (int)bytes_written; + XFCLOSE(f); + } + } + ForceZero(buf, (word32)bytes); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #elif defined(WOLFSSL_CHECK_MEM_ZERO) + wc_MemZero_Check(buf, sizeof(buf)); + #endif + } +#endif - return ret; + return bytes; } -/****************************************************************************** -* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO -* -* RETURNS: -* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE -*/ -int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7) -{ -#ifdef WOLFSSL_SMALL_STACK - byte* outputHead; - byte* outputFoot; -#else - byte outputHead[2048]; - byte outputFoot[2048]; -#endif - word32 outputHeadSz = 2048; - word32 outputFootSz = 2048; - word32 outputSz = 0; - byte* output = NULL; - byte* pem = NULL; - int pemSz = -1; - enum wc_HashType hashType; - byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = -1; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7"); - - if (bio == NULL || p7 == NULL) - return WOLFSSL_FAILURE; - -#ifdef WOLFSSL_SMALL_STACK - outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (outputHead == NULL) - return MEMORY_E; - - outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (outputFoot == NULL) - goto error; +#ifndef FREERTOS_TCP +/* These constant values are protocol values made by egd */ +#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && \ + !defined(HAVE_FIPS) && defined(HAVE_HASHDRBG) && !defined(NETOS) && \ + defined(HAVE_SYS_UN_H) + #define WOLFSSL_EGD_NBLOCK 0x01 + #include #endif - XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE); - XMEMSET(outputHead, 0, outputHeadSz); - XMEMSET(outputFoot, 0, outputFootSz); - - hashType = wc_OidGetHash(p7->hashOID); - hashSz = wc_HashGetDigestSize(hashType); - if (hashSz > WC_MAX_DIGEST_SIZE) - goto error; - - /* only SIGNED_DATA is supported */ - switch (p7->contentOID) { - case SIGNED_DATA: - break; - default: - WOLFSSL_MSG("Unknown PKCS#7 Type"); - goto error; - }; - - if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz, - outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0) - goto error; - - outputSz = outputHeadSz + p7->contentSz + outputFootSz; - output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - - if (!output) - goto error; - - XMEMSET(output, 0, outputSz); - outputSz = 0; - XMEMCPY(&output[outputSz], outputHead, outputHeadSz); - outputSz += outputHeadSz; - XMEMCPY(&output[outputSz], p7->content, p7->contentSz); - outputSz += p7->contentSz; - XMEMCPY(&output[outputSz], outputFoot, outputFootSz); - outputSz += outputFootSz; - - /* get PEM size */ - pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE); - if (pemSz < 0) - goto error; - - pemSz++; /* for '\0'*/ - - /* create PEM buffer and convert from DER to PEM*/ - if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER)) - == NULL) - goto error; - - XMEMSET(pem, 0, pemSz); - - if (wc_DerToPemEx(output, outputSz, pem, pemSz, NULL, CERT_TYPE) < 0) { - goto error; +/* This collects entropy from the path nm and seeds the global PRNG with it. + * + * nm is the file path to the egd server + * + * Returns the number of bytes read. + */ +int wolfSSL_RAND_egd(const char* nm) +{ +#ifdef WOLFSSL_EGD_NBLOCK + struct sockaddr_un rem; + int fd; + int ret = WOLFSSL_SUCCESS; + word32 bytes = 0; + word32 idx = 0; +#ifndef WOLFSSL_SMALL_STACK + unsigned char buf[256]; +#else + unsigned char* buf; + buf = (unsigned char*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + WOLFSSL_MSG("Not enough memory"); + return WOLFSSL_FATAL_ERROR; } - if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) { - XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef WOLFSSL_SMALL_STACK - XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - return WOLFSSL_SUCCESS; - } -error: -#ifdef WOLFSSL_SMALL_STACK - if (outputHead) { - XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (outputFoot) { - XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } -#endif - if (output) { - XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (pem) { - XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(&rem, 0, sizeof(struct sockaddr_un)); + if (nm == NULL) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WOLFSSL_FATAL_ERROR; } - return WOLFSSL_FAILURE; -} -#ifdef HAVE_SMIME -/***************************************************************************** -* wolfSSL_SMIME_read_PKCS7 - Reads the given S/MIME message and parses it into -* a PKCS7 object. In case of a multipart message, stores the signed data in -* bcont. -* -* RETURNS: -* returns pointer to a PKCS7 structure on success, otherwise returns NULL -*/ -PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, - WOLFSSL_BIO** bcont) -{ - MimeHdr* allHdrs = NULL; - MimeHdr* curHdr = NULL; - MimeParam* curParam = NULL; - int inLen = 0; - byte* bcontMem = NULL; - int bcontMemSz = 0; - int sectionLen = 0; - int ret = -1; - char* section = NULL; - char* canonLine = NULL; - char* canonSection = NULL; - PKCS7* pkcs7 = NULL; - word32 outLen = 0; - word32 canonLineLen = 0; - byte* out = NULL; - byte* outHead = NULL; - - int canonPos = 0; - int lineLen = 0; - int remainLen = 0; - byte isEnd = 0; - size_t canonSize = 0; - size_t boundLen = 0; - char* boundary = NULL; - - static const char kContType[] = "Content-Type"; - static const char kCTE[] = "Content-Transfer-Encoding"; - static const char kMultSigned[] = "multipart/signed"; - static const char kAppPkcsSign[] = "application/pkcs7-signature"; - static const char kAppXPkcsSign[] = "application/x-pkcs7-signature"; - static const char kAppPkcs7Mime[] = "application/pkcs7-mime"; - static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime"; - - WOLFSSL_ENTER("wolfSSL_SMIME_read_PKCS7"); - - if (in == NULL || bcont == NULL) { - goto error; - } - inLen = wolfSSL_BIO_get_len(in); - if (inLen <= 0) { - goto error; - } - remainLen = wolfSSL_BIO_get_len(in); - if (remainLen <= 0) { - goto error; - } - - section = (char*)XMALLOC(remainLen+1, NULL, DYNAMIC_TYPE_PKCS7); - if (section == NULL) { - goto error; - } - lineLen = wolfSSL_BIO_gets(in, section, remainLen); - if (lineLen <= 0) { - goto error; - } - while (isEnd == 0 && remainLen > 0) { - sectionLen += lineLen; - remainLen -= lineLen; - lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], remainLen); - if (lineLen <= 0) { - goto error; - } - /* Line with just newline signals end of headers. */ - if ((lineLen==2 && !XSTRNCMP(§ion[sectionLen], - "\r\n", 2)) || - (lineLen==1 && (section[sectionLen] == '\r' || - section[sectionLen] == '\n'))) { - isEnd = 1; - } + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + WOLFSSL_MSG("Error creating socket"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WOLFSSL_FATAL_ERROR; } - section[sectionLen] = '\0'; - ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs); - if (ret < 0) { - WOLFSSL_MSG("Parsing MIME headers failed."); - goto error; - } - isEnd = 0; - section[0] = '\0'; - sectionLen = 0; - - curHdr = wc_MIME_find_header_name(kContType, allHdrs); - if (curHdr && !XSTRNCMP(curHdr->body, kMultSigned, - XSTR_SIZEOF(kMultSigned))) { - curParam = wc_MIME_find_param_attr("protocol", curHdr->params); - if (curParam && (!XSTRNCMP(curParam->value, kAppPkcsSign, - XSTR_SIZEOF(kAppPkcsSign)) || - !XSTRNCMP(curParam->value, kAppXPkcsSign, - XSTR_SIZEOF(kAppXPkcsSign)))) { - curParam = wc_MIME_find_param_attr("boundary", curHdr->params); - if (curParam == NULL) { - goto error; - } - - boundLen = XSTRLEN(curParam->value) + 2; - boundary = (char*)XMALLOC(boundLen+1, NULL, DYNAMIC_TYPE_PKCS7); - if (boundary == NULL) { - goto error; - } - XMEMSET(boundary, 0, (word32)(boundLen+1)); - boundary[0] = boundary[1] = '-'; - XSTRNCPY(&boundary[2], curParam->value, boundLen-2); - - /* Parse up to first boundary, ignore everything here. */ - lineLen = wolfSSL_BIO_gets(in, section, remainLen); - if (lineLen <= 0) { - goto error; - } - while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && - remainLen > 0) { - sectionLen += lineLen; - remainLen -= lineLen; - lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], - remainLen); - if (lineLen <= 0) { - goto error; - } - } - - section[0] = '\0'; - sectionLen = 0; - canonSize = remainLen + 1; - canonSection = (char*)XMALLOC(canonSize, NULL, - DYNAMIC_TYPE_PKCS7); - if (canonSection == NULL) { - goto error; - } - - lineLen = wolfSSL_BIO_gets(in, section, remainLen); - if (lineLen < 0) { - goto error; - } - while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && - remainLen > 0) { - canonLineLen = lineLen; - canonLine = wc_MIME_single_canonicalize(§ion[sectionLen], - &canonLineLen); - if (canonLine == NULL) { - goto error; - } - /* If line endings were added, the initial length may be - * exceeded. */ - if ((canonPos + canonLineLen) >= canonSize) { - canonSize = canonPos + canonLineLen; - canonSection = (char*)XREALLOC(canonSection, canonSize, - NULL, DYNAMIC_TYPE_PKCS7); - if (canonSection == NULL) { - goto error; - } - } - XMEMCPY(&canonSection[canonPos], canonLine, - (int)canonLineLen - 1); - canonPos += canonLineLen - 1; - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); - canonLine = NULL; - - sectionLen += lineLen; - remainLen -= lineLen; - - lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], - remainLen); - if (lineLen <= 0) { - goto error; - } - } - - if (canonPos > 0) { - canonPos--; - } + rem.sun_family = AF_UNIX; + XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1); + rem.sun_path[sizeof(rem.sun_path)-1] = '\0'; - /* Strip the final trailing newline. Support \r, \n or \r\n. */ - if (canonSection[canonPos] == '\n') { - if (canonPos > 0) { - canonPos--; - } - } + /* connect to egd server */ + if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) == -1) { + WOLFSSL_MSG("error connecting to egd server"); + ret = WOLFSSL_FATAL_ERROR; + } - if (canonSection[canonPos] == '\r') { - if (canonPos > 0) { - canonPos--; - } +#ifdef WOLFSSL_CHECK_MEM_ZERO + if (ret == WOLFSSL_SUCCESS) { + wc_MemZero_Add("wolfSSL_RAND_egd buf", buf, 256); + } +#endif + while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) { + buf[idx] = WOLFSSL_EGD_NBLOCK; + buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */ + ret = (int)write(fd, buf + idx, 2); + if (ret != 2) { + if (errno == EAGAIN) { + ret = WOLFSSL_SUCCESS; + continue; } + WOLFSSL_MSG("error requesting entropy from egd server"); + ret = WOLFSSL_FATAL_ERROR; + break; + } - canonSection[canonPos+1] = '\0'; - - *bcont = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - ret = wolfSSL_BIO_write(*bcont, canonSection, - canonPos + 1); - if (ret != (canonPos+1)) { - goto error; - } - if ((bcontMemSz = wolfSSL_BIO_get_mem_data(*bcont, &bcontMem)) - < 0) { - goto error; - } - XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); - canonSection = NULL; - - wc_MIME_free_hdrs(allHdrs); - allHdrs = NULL; - section[0] = '\0'; - sectionLen = 0; - lineLen = wolfSSL_BIO_gets(in, section, remainLen); - if (lineLen <= 0) { - goto error; + /* attempting to read */ + buf[idx] = 0; + ret = (int)read(fd, buf + idx, 256 - bytes); + if (ret == 0) { + WOLFSSL_MSG("error reading entropy from egd server"); + ret = WOLFSSL_FATAL_ERROR; + break; + } + if (ret > 0 && buf[idx] > 0) { + bytes += buf[idx]; /* egd stores amount sent in first byte */ + if (bytes + idx > 255 || buf[idx] > ret) { + WOLFSSL_MSG("Buffer error"); + ret = WOLFSSL_FATAL_ERROR; + break; } - while (isEnd == 0 && remainLen > 0) { - sectionLen += lineLen; - remainLen -= lineLen; - lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], - remainLen); - if (lineLen <= 0) { - goto error; - } - /* Line with just newline signals end of headers. */ - if ((lineLen==2 && !XSTRNCMP(§ion[sectionLen], - "\r\n", 2)) || - (lineLen==1 && (section[sectionLen] == '\r' || - section[sectionLen] == '\n'))) { - isEnd = 1; - } + XMEMMOVE(buf + idx, buf + idx + 1, buf[idx]); + idx = bytes; + ret = WOLFSSL_SUCCESS; + if (bytes >= 255) { + break; } - section[sectionLen] = '\0'; - ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs); - if (ret < 0) { - WOLFSSL_MSG("Parsing MIME headers failed."); - goto error; + } + else { + if (errno == EAGAIN || errno == EINTR) { + WOLFSSL_MSG("EGD would read"); + ret = WOLFSSL_SUCCESS; /* try again */ } - curHdr = wc_MIME_find_header_name(kContType, allHdrs); - if (curHdr == NULL || (XSTRNCMP(curHdr->body, kAppPkcsSign, - XSTR_SIZEOF(kAppPkcsSign)) && - XSTRNCMP(curHdr->body, kAppXPkcsSign, - XSTR_SIZEOF(kAppXPkcsSign)))) { - WOLFSSL_MSG("S/MIME headers not found inside " - "multipart message.\n"); - goto error; + else if (buf[idx] == 0) { + /* if egd returned 0 then there is no more entropy to be had. + Do not try more reads. */ + ret = WOLFSSL_SUCCESS; + break; } - - section[0] = '\0'; - sectionLen = 0; - lineLen = wolfSSL_BIO_gets(in, section, remainLen); - while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && - remainLen > 0) { - sectionLen += lineLen; - remainLen -= lineLen; - lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], - remainLen); - if (lineLen <= 0) { - goto error; - } + else { + WOLFSSL_MSG("Error with read"); + ret = WOLFSSL_FATAL_ERROR; } - - XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7); - boundary = NULL; } } - else if (curHdr && (!XSTRNCMP(curHdr->body, kAppPkcs7Mime, - XSTR_SIZEOF(kAppPkcs7Mime)) || - !XSTRNCMP(curHdr->body, kAppXPkcs7Mime, - XSTR_SIZEOF(kAppXPkcs7Mime)))) { - sectionLen = wolfSSL_BIO_get_len(in); - if (sectionLen <= 0) { - goto error; + + if (bytes > 0 && ret == WOLFSSL_SUCCESS) { + /* call to check global RNG is created */ + if (wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error with initializing global RNG structure"); + ret = WOLFSSL_FATAL_ERROR; } - ret = wolfSSL_BIO_read(in, section, sectionLen); - if (ret < 0 || ret != sectionLen) { - WOLFSSL_MSG("Error reading input BIO."); - goto error; + else if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes) + != 0) { + WOLFSSL_MSG("Error with reseeding DRBG structure"); + ret = WOLFSSL_FATAL_ERROR; } - } - else { - WOLFSSL_MSG("S/MIME headers not found."); - goto error; + #ifdef SHOW_SECRETS + else { /* print out entropy found only when no error occurred */ + word32 i; + printf("EGD Entropy = "); + for (i = 0; i < bytes; i++) { + printf("%02X", buf[i]); + } + printf("\n"); + } + #endif } - curHdr = wc_MIME_find_header_name(kCTE, allHdrs); - if (curHdr == NULL) { - WOLFSSL_MSG("Content-Transfer-Encoding header not found, " - "assuming base64 encoding."); - } - else if (XSTRNCMP(curHdr->body, "base64", XSTRLEN("base64"))) { - WOLFSSL_MSG("S/MIME encodings other than base64 are not " - "currently supported.\n"); - goto error; - } + ForceZero(buf, bytes); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#elif defined(WOLFSSL_CHECK_MEM_ZERO) + wc_MemZero_Check(buf, 256); +#endif + close(fd); - if (section == NULL || sectionLen <= 0) { - goto error; - } - outLen = ((sectionLen*3+3)/4)+1; - out = (byte*)XMALLOC(outLen*sizeof(byte), NULL, DYNAMIC_TYPE_PKCS7); - outHead = out; - if (outHead == NULL) { - goto error; - } - /* Strip trailing newlines. */ - while ((sectionLen > 0) && - (section[sectionLen-1] == '\r' || section[sectionLen-1] == '\n')) { - sectionLen--; + if (ret == WOLFSSL_SUCCESS) { + return (int)bytes; } - section[sectionLen] = '\0'; - ret = Base64_Decode((const byte*)section, sectionLen, out, &outLen); - if (ret < 0) { - WOLFSSL_MSG("Error base64 decoding S/MIME message."); - goto error; + else { + return ret; } - pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, outLen, - bcontMem, bcontMemSz); +#else + WOLFSSL_MSG("Type of socket needed is not available"); + WOLFSSL_MSG("\tor using mode where DRBG API is not available"); + (void)nm; - wc_MIME_free_hdrs(allHdrs); - XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); - XFREE(section, NULL, DYNAMIC_TYPE_PKCS7); + return WOLFSSL_FATAL_ERROR; +#endif /* WOLFSSL_EGD_NBLOCK */ +} - return pkcs7; +#endif /* !FREERTOS_TCP */ -error: - wc_MIME_free_hdrs(allHdrs); - XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7); - XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); - XFREE(section, NULL, DYNAMIC_TYPE_PKCS7); - if (canonSection != NULL) - XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); - if (canonLine != NULL) - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); - if (bcont) { - wolfSSL_BIO_free(*bcont); - *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */ +void wolfSSL_RAND_Cleanup(void) +{ +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->cleanup) + gRandMethods->cleanup(); + wc_UnLockMutex(&gRandMethodMutex); } - return NULL; -} - -/* Convert hash algo OID (from Hash_Sum in asn.h) to SMIME string equivalent. - * Returns hash algorithm string or "unknown" if not found */ -static const char* wolfSSL_SMIME_HashOIDToString(int hashOID) -{ - switch (hashOID) { - case MD5h: - return "md5"; - case SHAh: - return "sha1"; - case SHA224h: - return "sha-224"; - case SHA256h: - return "sha-256"; - case SHA384h: - return "sha-384"; - case SHA512h: - return "sha-512"; - case SHA3_224h: - return "sha3-224"; - case SHA3_384h: - return "sha3-384"; - case SHA3_512h: - return "sha3-512"; - default: - break; + #ifndef WOLFSSL_MUTEX_INITIALIZER + if (wc_FreeMutex(&gRandMethodMutex) == 0) + gRandMethodsInit = 0; + #endif +#endif +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG) { + wc_FreeRng(&globalRNG); + initGlobalRNG = 0; + } + wc_UnLockMutex(&globalRNGMutex); } - - return "unknown"; +#endif } -/* Convert PKCS#7 type (from PKCS7_TYPES in pkcs7.h) to SMIME string. - * RFC2633 only defines signed-data, enveloped-data, certs-only. - * Returns string on success, NULL on unknown type. */ -static const char* wolfSSL_SMIME_PKCS7TypeToString(int type) +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise + * WOLFSSL_FAILURE */ +int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) { - switch (type) { - case SIGNED_DATA: - return "signed-data"; - case ENVELOPED_DATA: - return "enveloped-data"; - default: - break; + int ret; + int hash; + byte secret[DRBG_SEED_LEN]; /* secret length arbitrarily chosen */ + +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->pseudorand) { + ret = gRandMethods->pseudorand(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); } +#endif - return NULL; -} +#ifdef WOLFSSL_HAVE_PRF + #ifndef NO_SHA256 + hash = WC_SHA256; + #elif defined(WOLFSSL_SHA384) + hash = WC_SHA384; + #elif !defined(NO_SHA) + hash = WC_SHA; + #elif !defined(NO_MD5) + hash = WC_MD5; + #endif -/** - * Convert PKCS7 structure to SMIME format, adding necessary headers. - * - * Handles generation of PKCS7 bundle (ie: signedData). PKCS7 structure - * should be set up beforehand with PKCS7_sign/final/etc. Output is always - * Base64 encoded. - * - * out - output BIO for SMIME formatted data to be placed - * pkcs7 - input PKCS7 structure, initialized and set up - * in - input content to be encoded into PKCS7 - * flags - flags to control behavior of PKCS7 generation - * - * Returns 1 on success, 0 or negative on failure - */ -int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in, - int flags) -{ - int i; - int ret = 1; - WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; - byte* p7out = NULL; - int len = 0; + /* get secret value from source of entropy */ + ret = wolfSSL_RAND_bytes(secret, DRBG_SEED_LEN); - char boundary[33]; /* 32 chars + \0 */ - byte* sigBase64 = NULL; - word32 sigBase64Len = 0; - const char* p7TypeString = NULL; + /* uses input buffer to seed for pseudo random number generation, each + * thread will potentially have different results this way */ + if (ret == WOLFSSL_SUCCESS) { + PRIVATE_KEY_UNLOCK(); + ret = wc_PRF(buf, num, secret, DRBG_SEED_LEN, (const byte*)buf, num, + hash, NULL, INVALID_DEVID); + PRIVATE_KEY_LOCK(); + ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; + } +#else + /* fall back to just doing wolfSSL_RAND_bytes if PRF not avialbale */ + ret = wolfSSL_RAND_bytes(buf, num); + (void)hash; + (void)secret; +#endif + return ret; +} - static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise + * WOLFSSL_FAILURE */ +int wolfSSL_RAND_bytes(unsigned char* buf, int num) +{ + int ret = 0; + WC_RNG* rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRNG = NULL; +#else + WC_RNG tmpRNG[1]; +#endif + int initTmpRng = 0; +#ifdef HAVE_GLOBAL_RNG + int used_global = 0; +#endif - if (out == NULL || p7 == NULL) { - WOLFSSL_MSG("Bad function arguments"); + WOLFSSL_ENTER("wolfSSL_RAND_bytes"); + /* sanity check */ + if (buf == NULL || num < 0) + /* return code compliant with OpenSSL */ return 0; - } - if (in != NULL && (p7->pkcs7.content == NULL || p7->pkcs7.contentSz == 0 || - p7->pkcs7.contentCRLF == 0)) { - /* store and adjust content line endings for CRLF if needed */ - if (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1) { - ret = 0; + /* if a RAND callback has been set try and use it */ +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->bytes) { + ret = gRandMethods->bytes(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; } + wc_UnLockMutex(&gRandMethodMutex); } - - if (ret > 0) { - /* Generate signedData bundle, DER in output (dynamic) */ - if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) { - WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7"); - ret = 0; +#endif +#ifdef HAVE_GLOBAL_RNG + if (initGlobalRNG) { + if (wc_LockMutex(&globalRNGMutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex rng"); + return ret; } - } - - /* Base64 encode signedData bundle */ - if (ret > 0) { - if (Base64_Encode(p7out, len, NULL, &sigBase64Len) != LENGTH_ONLY_E) { - ret = 0; + /* the above access to initGlobalRNG is racey -- recheck it now that we + * have the lock. + */ + if (initGlobalRNG) { + rng = &globalRNG; + used_global = 1; } else { - sigBase64 = (byte*)XMALLOC(sigBase64Len, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sigBase64 == NULL) { - ret = 0; - } + wc_UnLockMutex(&globalRNGMutex); } } - if (ret > 0) { - XMEMSET(sigBase64, 0, sigBase64Len); - if (Base64_Encode(p7out, len, sigBase64, &sigBase64Len) < 0) { - WOLFSSL_MSG("Error in Base64_Encode of signature"); - ret = 0; + if (used_global == 0) +#endif + { + #ifdef WOLFSSL_SMALL_STACK + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (tmpRNG == NULL) + return ret; + #endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; } } + if (rng) { + /* handles size greater than RNG_MAX_BLOCK_LEN */ + int blockCount = num / RNG_MAX_BLOCK_LEN; - /* build up SMIME message */ - if (ret > 0) { - if (flags & PKCS7_DETACHED) { - - /* generate random boundary */ - if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("No RNG to use"); - ret = 0; - } - - /* no need to generate random byte for null terminator (size-1) */ - if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary, - sizeof(boundary) - 1 ) != 0)) { - WOLFSSL_MSG("Error in wc_RNG_GenerateBlock"); - ret = 0; - } - - if (ret > 0) { - for (i = 0; i < (int)sizeof(boundary) - 1; i++) { - boundary[i] = - alphanum[boundary[i] % XSTR_SIZEOF(alphanum)]; - } - boundary[sizeof(boundary)-1] = 0; - } - - if (ret > 0) { - /* S/MIME header beginning */ - ret = wolfSSL_BIO_printf(out, - "MIME-Version: 1.0\n" - "Content-Type: multipart/signed; " - "protocol=\"application/x-pkcs7-signature\"; " - "micalg=\"%s\"; " - "boundary=\"----%s\"\n\n" - "This is an S/MIME signed message\n\n" - "------%s\n", - wolfSSL_SMIME_HashOIDToString(p7->pkcs7.hashOID), - boundary, boundary); - } - - if (ret > 0) { - /* S/MIME content */ - ret = wolfSSL_BIO_write(out, - p7->pkcs7.content, p7->pkcs7.contentSz); - } - - if (ret > 0) { - /* S/SMIME header end boundary */ - ret = wolfSSL_BIO_printf(out, - "\n------%s\n", boundary); - } - - if (ret > 0) { - /* Signature and header */ - ret = wolfSSL_BIO_printf(out, - "Content-Type: application/x-pkcs7-signature; " - "name=\"smime.p7s\"\n" - "Content-Transfer-Encoding: base64\n" - "Content-Disposition: attachment; " - "filename=\"smime.p7s\"\n\n" - "%.*s\n" /* Base64 encoded signature */ - "------%s--\n\n", - sigBase64Len, sigBase64, - boundary); - } - } - else { - p7TypeString = wolfSSL_SMIME_PKCS7TypeToString(p7->type); - if (p7TypeString == NULL) { - WOLFSSL_MSG("Unsupported PKCS7 SMIME type"); - ret = 0; - } - - if (ret > 0) { - /* not detached */ - ret = wolfSSL_BIO_printf(out, - "MIME-Version: 1.0\n" - "Content-Disposition: attachment; " - "filename=\"smime.p7m\"\n" - "Content-Type: application/x-pkcs7-mime; " - "smime-type=%s; name=\"smime.p7m\"\n" - "Content-Transfer-Encoding: base64\n\n" - "%.*s\n" /* signature */, - p7TypeString, sigBase64Len, sigBase64); + while (blockCount--) { + ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN); + if (ret != 0) { + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + break; } + num -= RNG_MAX_BLOCK_LEN; + buf += RNG_MAX_BLOCK_LEN; } - } - if (p7out != NULL) { - XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (sigBase64 != NULL) { - XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + if (ret == 0 && num) + ret = wc_RNG_GenerateBlock(rng, buf, (word32)num); - if (ret > 0) { - return WOLFSSL_SUCCESS; + if (ret != 0) + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + else + ret = WOLFSSL_SUCCESS; } - return WOLFSSL_FAILURE; -} - -#endif /* HAVE_SMIME */ -#endif /* !NO_BIO */ -#endif /* OPENSSL_ALL */ - -#endif /* HAVE_PKCS7 */ -/******************************************************************************* - * END OF PKCS7 APIs - ******************************************************************************/ - -/******************************************************************************* - * START OF PKCS12 APIs - ******************************************************************************/ -#ifdef OPENSSL_EXTRA - -/* no-op function. Was initially used for adding encryption algorithms available - * for PKCS12 */ -void wolfSSL_PKCS12_PBE_add(void) -{ - WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add"); -} +#ifdef HAVE_GLOBAL_RNG + if (used_global == 1) + wc_UnLockMutex(&globalRNGMutex); +#endif + if (initTmpRng) + wc_FreeRng(tmpRNG); +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); +#endif -#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, - WOLFSSL_X509_PKCS12 **pkcs12) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); - return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, - PKCS12_TYPE); + return ret; } -#endif /* !NO_FILESYSTEM */ - -#endif /* OPENSSL_EXTRA */ - -#if defined(HAVE_PKCS12) - -#ifdef OPENSSL_EXTRA -#if !defined(NO_ASN) && !defined(NO_PWDBASED) -#ifndef NO_BIO -WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) +int wolfSSL_RAND_poll(void) { - WC_PKCS12* localPkcs12 = NULL; - unsigned char* mem = NULL; - long memSz; - int ret = -1; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio"); + byte entropy[16]; + int ret = 0; + word32 entropy_sz = 16; - if (bio == NULL) { - WOLFSSL_MSG("Bad Function Argument bio is NULL"); - return NULL; + WOLFSSL_ENTER("wolfSSL_RAND_poll"); + if (initGlobalRNG == 0){ + WOLFSSL_MSG("Global RNG no Init"); + return WOLFSSL_FAILURE; } + ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); + if (ret != 0){ + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + ret = WOLFSSL_FAILURE; + }else + ret = WOLFSSL_SUCCESS; - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - return NULL; - } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - return NULL; - } + return ret; +} - if (mem != NULL) { - localPkcs12 = wc_PKCS12_new(); - if (localPkcs12 == NULL) { - WOLFSSL_MSG("Memory error"); + /* If a valid struct is provided with function pointers, will override + RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL + pointer is passed in, it will cancel any previous function overrides. + + Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ + int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) + { + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && + wc_LockMutex(&gRandMethodMutex) == 0) { + gRandMethods = methods; + wc_UnLockMutex(&gRandMethodMutex); + return WOLFSSL_SUCCESS; } + #else + (void)methods; + #endif + return WOLFSSL_FAILURE; } - if (mem != NULL && localPkcs12 != NULL) { - if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { - ret = wc_d2i_PKCS12(mem, (word32)memSz, localPkcs12); - if (ret < 0) { - WOLFSSL_MSG("Failed to get PKCS12 sequence"); - } + /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ + int wolfSSL_RAND_status(void) + { + int ret = WOLFSSL_SUCCESS; + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && + wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->status) + ret = gRandMethods->status(); + wc_UnLockMutex(&gRandMethodMutex); } else { - WOLFSSL_MSG("Failed to get data from bio struct"); + ret = WOLFSSL_FAILURE; } + #else + /* wolfCrypt provides enough seed internally, so return success */ + #endif + return ret; } - /* cleanup */ - if (mem != NULL) - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ret < 0 && localPkcs12 != NULL) { - wc_PKCS12_free(localPkcs12); - localPkcs12 = NULL; + void wolfSSL_RAND_add(const void* add, int len, double entropy) + { + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && + wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->add) { + /* callback has return code, but RAND_add does not */ + (void)gRandMethods->add(add, len, entropy); + } + wc_UnLockMutex(&gRandMethodMutex); + } + #else + /* wolfSSL seeds/adds internally, use explicit RNG if you want + to take control */ + (void)add; + (void)len; + (void)entropy; + #endif } - if (pkcs12 != NULL) - *pkcs12 = localPkcs12; - return localPkcs12; + +#ifndef NO_WOLFSSL_STUB +void wolfSSL_RAND_screen(void) +{ + WOLFSSL_STUB("RAND_screen"); } +#endif -/* Converts the PKCS12 to DER format and outputs it into bio. - * - * bio is the structure to hold output DER - * pkcs12 structure to create DER from - * - * return 1 for success or 0 if an error occurs - */ -int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) +int wolfSSL_RAND_load_file(const char* fname, long len) { - int ret = WOLFSSL_FAILURE; + (void)fname; + /* wolfCrypt provides enough entropy internally or will report error */ + if (len == -1) + return 1024; + else + return (int)len; +} - WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio"); +#endif /* OPENSSL_EXTRA */ - if ((bio != NULL) && (pkcs12 != NULL)) { - word32 certSz = 0; - byte *certDer = NULL; +/******************************************************************************* + * END OF RAND API + ******************************************************************************/ - certSz = wc_i2d_PKCS12(pkcs12, &certDer, NULL); - if ((certSz > 0) && (certDer != NULL)) { - if (wolfSSL_BIO_write(bio, certDer, certSz) == (int)certSz) { - ret = WOLFSSL_SUCCESS; - } - } +/******************************************************************************* + * START OF EVP_CIPHER API + ******************************************************************************/ + +#ifdef OPENSSL_EXTRA + + /* store for external read of iv, WOLFSSL_SUCCESS on success */ + int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) + { + WOLFSSL_ENTER("wolfSSL_StoreExternalIV"); - if (certDer != NULL) { - XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS); + if (ctx == NULL) { + WOLFSSL_MSG("Bad function argument"); + return WOLFSSL_FATAL_ERROR; } - } - return ret; -} -#endif /* !NO_BIO */ + switch (ctx->cipherType) { +#ifndef NO_AES +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + case AES_128_CBC_TYPE : + case AES_192_CBC_TYPE : + case AES_256_CBC_TYPE : + WOLFSSL_MSG("AES CBC"); + XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); + break; +#endif +#ifdef HAVE_AESGCM + case AES_128_GCM_TYPE : + case AES_192_GCM_TYPE : + case AES_256_GCM_TYPE : + WOLFSSL_MSG("AES GCM"); + XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); + break; +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AESCCM + case AES_128_CCM_TYPE : + case AES_192_CCM_TYPE : + case AES_256_CCM_TYPE : + WOLFSSL_MSG("AES CCM"); + XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); + break; +#endif /* HAVE_AESCCM */ +#ifdef HAVE_AES_ECB + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + break; +#endif +#ifdef WOLFSSL_AES_COUNTER + case AES_128_CTR_TYPE : + case AES_192_CTR_TYPE : + case AES_256_CTR_TYPE : + WOLFSSL_MSG("AES CTR"); + XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); + break; +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef WOLFSSL_AES_CFB +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + case AES_128_CFB1_TYPE: + case AES_192_CFB1_TYPE: + case AES_256_CFB1_TYPE: + WOLFSSL_MSG("AES CFB1"); + break; + case AES_128_CFB8_TYPE: + case AES_192_CFB8_TYPE: + case AES_256_CFB8_TYPE: + WOLFSSL_MSG("AES CFB8"); + break; +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + case AES_128_CFB128_TYPE: + case AES_192_CFB128_TYPE: + case AES_256_CFB128_TYPE: + WOLFSSL_MSG("AES CFB128"); + break; +#endif /* WOLFSSL_AES_CFB */ +#if defined(WOLFSSL_AES_OFB) + case AES_128_OFB_TYPE: + case AES_192_OFB_TYPE: + case AES_256_OFB_TYPE: + WOLFSSL_MSG("AES OFB"); + break; +#endif /* WOLFSSL_AES_OFB */ +#ifdef WOLFSSL_AES_XTS + case AES_128_XTS_TYPE: + case AES_256_XTS_TYPE: + WOLFSSL_MSG("AES XTS"); + break; +#endif /* WOLFSSL_AES_XTS */ +#endif /* NO_AES */ -/* Creates a new WC_PKCS12 structure - * - * pass password to use - * name friendlyName to use - * pkey private key to go into PKCS12 bundle - * cert certificate to go into PKCS12 bundle - * ca extra certificates that can be added to bundle. Can be NULL - * keyNID type of encryption to use on the key (-1 means no encryption) - * certNID type of encryption to use on the certificate - * itt number of iterations with encryption - * macItt number of iterations with mac creation - * keyType flag for signature and/or encryption key - * - * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail - */ -WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, - WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, int keyNID, - int certNID, int itt, int macItt, int keyType) -{ - WC_PKCS12* pkcs12; - WC_DerCertList* list = NULL; - word32 passSz; - byte* keyDer = NULL; - word32 keyDerSz; - byte* certDer; - int certDerSz; - - WOLFSSL_ENTER("wolfSSL_PKCS12_create"); - - if (pass == NULL || pkey == NULL || cert == NULL) { - WOLFSSL_LEAVE("wolfSSL_PKCS12_create", BAD_FUNC_ARG); - return NULL; - } - passSz = (word32)XSTRLEN(pass); +#ifdef HAVE_ARIA + case ARIA_128_GCM_TYPE : + case ARIA_192_GCM_TYPE : + case ARIA_256_GCM_TYPE : + WOLFSSL_MSG("ARIA GCM"); + XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE); + break; +#endif /* HAVE_ARIA */ - keyDer = (byte*)pkey->pkey.ptr; - keyDerSz = pkey->pkey_sz; +#ifndef NO_DES3 + case DES_CBC_TYPE : + WOLFSSL_MSG("DES CBC"); + XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); + break; - certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz); - if (certDer == NULL) { - return NULL; - } + case DES_EDE3_CBC_TYPE : + WOLFSSL_MSG("DES EDE3 CBC"); + XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); + break; +#endif +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); + break; + case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); + break; +#endif + case ARC4_TYPE : + WOLFSSL_MSG("ARC4"); + break; - if (ca != NULL) { - unsigned long numCerts = ca->num; - WOLFSSL_STACK* sk = ca; +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + case CHACHA20_POLY1305_TYPE: + break; +#endif - while (numCerts > 0 && sk != NULL) { - byte* curDer; - WC_DerCertList* cur; - int curDerSz = 0; +#ifdef HAVE_CHACHA + case CHACHA20_TYPE: + break; +#endif - cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL, - DYNAMIC_TYPE_PKCS); - if (cur == NULL) { - wc_FreeCertList(list, NULL); - return NULL; - } +#ifdef WOLFSSL_SM4_ECB + case SM4_ECB_TYPE: + break; +#endif +#ifdef WOLFSSL_SM4_CBC + case SM4_CBC_TYPE: + WOLFSSL_MSG("SM4 CBC"); + XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); + break; +#endif +#ifdef WOLFSSL_SM4_CTR + case SM4_CTR_TYPE: + WOLFSSL_MSG("SM4 CTR"); + XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); + break; +#endif +#ifdef WOLFSSL_SM4_GCM + case SM4_GCM_TYPE: + WOLFSSL_MSG("SM4 GCM"); + XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); + break; +#endif +#ifdef WOLFSSL_SM4_CCM + case SM4_CCM_TYPE: + WOLFSSL_MSG("SM4 CCM"); + XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); + break; +#endif - curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); - if (curDer == NULL || curDerSz < 0) { - XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); - wc_FreeCertList(list, NULL); - return NULL; - } + case NULL_CIPHER_TYPE : + WOLFSSL_MSG("NULL"); + break; - cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS); - if (cur->buffer == NULL) { - XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); - wc_FreeCertList(list, NULL); - return NULL; + default: { + WOLFSSL_MSG("bad type"); + return WOLFSSL_FATAL_ERROR; } - XMEMCPY(cur->buffer, curDer, curDerSz); - cur->bufferSz = curDerSz; - cur->next = list; - list = cur; - - sk = sk->next; - numCerts--; } + return WOLFSSL_SUCCESS; } - pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz, - certDer, certDerSz, list, keyNID, certNID, itt, macItt, - keyType, NULL); + /* set internal IV from external, WOLFSSL_SUCCESS on success */ + int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) + { - if (ca != NULL) { - wc_FreeCertList(list, NULL); - } + WOLFSSL_ENTER("wolfSSL_SetInternalIV"); - return pkcs12; -} + if (ctx == NULL) { + WOLFSSL_MSG("Bad function argument"); + return WOLFSSL_FATAL_ERROR; + } + switch (ctx->cipherType) { -/* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */ -int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, - WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, - WOLF_STACK_OF(WOLFSSL_X509)** ca) -{ - void* heap = NULL; - int ret; - byte* certData = NULL; - word32 certDataSz; - byte* pk = NULL; - word32 pkSz; - WC_DerCertList* certList = NULL; -#ifdef WOLFSSL_SMALL_STACK - DecodedCert *DeCert; -#else - DecodedCert DeCert[1]; +#ifndef NO_AES +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + case AES_128_CBC_TYPE : + case AES_192_CBC_TYPE : + case AES_256_CBC_TYPE : + WOLFSSL_MSG("AES CBC"); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + break; +#endif +#ifdef HAVE_AESGCM + case AES_128_GCM_TYPE : + case AES_192_GCM_TYPE : + case AES_256_GCM_TYPE : + WOLFSSL_MSG("AES GCM"); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + break; +#endif +#ifdef HAVE_AES_ECB + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + break; +#endif +#ifdef WOLFSSL_AES_COUNTER + case AES_128_CTR_TYPE : + case AES_192_CTR_TYPE : + case AES_256_CTR_TYPE : + WOLFSSL_MSG("AES CTR"); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + break; #endif - WOLFSSL_ENTER("wolfSSL_PKCS12_parse"); - - /* make sure we init return args */ - if (pkey) *pkey = NULL; - if (cert) *cert = NULL; - if (ca) *ca = NULL; - - if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) { - WOLFSSL_MSG("Bad argument value"); - return WOLFSSL_FAILURE; - } +#endif /* NO_AES */ - heap = wc_PKCS12_GetHeap(pkcs12); +#ifdef HAVE_ARIA + case ARIA_128_GCM_TYPE : + case ARIA_192_GCM_TYPE : + case ARIA_256_GCM_TYPE : + WOLFSSL_MSG("ARIA GCM"); + XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE); + break; +#endif /* HAVE_ARIA */ - if (ca == NULL) { - ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz, - NULL); - } - else { - ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz, - &certList); - } - if (ret < 0) { - WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret); - return WOLFSSL_FAILURE; - } +#ifndef NO_DES3 + case DES_CBC_TYPE : + WOLFSSL_MSG("DES CBC"); + XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); + break; -#ifdef WOLFSSL_SMALL_STACK - DeCert = (DecodedCert *)XMALLOC(sizeof(*DeCert), heap, - DYNAMIC_TYPE_DCERT); - if (DeCert == NULL) { - WOLFSSL_MSG("out of memory"); - return WOLFSSL_FAILURE; - } + case DES_EDE3_CBC_TYPE : + WOLFSSL_MSG("DES EDE3 CBC"); + XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE); + break; +#endif +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); + break; + case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); + break; #endif - /* Decode cert and place in X509 stack struct */ - if (certList != NULL) { - WC_DerCertList* current = certList; - - *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC( - sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509); - if (*ca == NULL) { - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } - /* Free up WC_DerCertList and move on */ - while (current != NULL) { - WC_DerCertList* next = current->next; - - XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); - XFREE(current, heap, DYNAMIC_TYPE_PKCS); - current = next; - } - ret = WOLFSSL_FAILURE; - goto out; - } - XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509))); - - /* add list of DER certs as X509's to stack */ - while (current != NULL) { - WC_DerCertList* toFree = current; - WOLFSSL_X509* x509; - - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, - DYNAMIC_TYPE_X509); - InitX509(x509, 1, heap); - InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); - if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { - WOLFSSL_MSG("Issue with parsing certificate"); - FreeDecodedCert(DeCert); - wolfSSL_X509_free(x509); - } - else { - if (CopyDecodedToX509(x509, DeCert) != 0) { - WOLFSSL_MSG("Failed to copy decoded cert"); - FreeDecodedCert(DeCert); - wolfSSL_X509_free(x509); - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } - /* Free up WC_DerCertList */ - while (current != NULL) { - WC_DerCertList* next = current->next; - - XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); - XFREE(current, heap, DYNAMIC_TYPE_PKCS); - current = next; - } - ret = WOLFSSL_FAILURE; - goto out; - } - FreeDecodedCert(DeCert); + case ARC4_TYPE : + WOLFSSL_MSG("ARC4"); + break; - if (wolfSSL_sk_X509_push(*ca, x509) != 1) { - WOLFSSL_MSG("Failed to push x509 onto stack"); - wolfSSL_X509_free(x509); - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + case CHACHA20_POLY1305_TYPE: + break; +#endif - /* Free up WC_DerCertList */ - while (current != NULL) { - WC_DerCertList* next = current->next; +#ifdef HAVE_CHACHA + case CHACHA20_TYPE: + break; +#endif - XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); - XFREE(current, heap, DYNAMIC_TYPE_PKCS); - current = next; - } - ret = WOLFSSL_FAILURE; - goto out; - } - } - current = current->next; - XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS); - XFREE(toFree, heap, DYNAMIC_TYPE_PKCS); - } - } +#ifdef WOLFSSL_SM4_ECB + case SM4_ECB_TYPE: + break; +#endif +#ifdef WOLFSSL_SM4_CBC + case SM4_CBC_TYPE: + WOLFSSL_MSG("SM4 CBC"); + XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + break; +#endif +#ifdef WOLFSSL_SM4_CTR + case SM4_CTR_TYPE: + WOLFSSL_MSG("SM4 CTR"); + XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + break; +#endif +#ifdef WOLFSSL_SM4_GCM + case SM4_GCM_TYPE: + WOLFSSL_MSG("SM4 GCM"); + XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + break; +#endif +#ifdef WOLFSSL_SM4_CCM + case SM4_CCM_TYPE: + WOLFSSL_MSG("SM4 CCM"); + XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); + break; +#endif + case NULL_CIPHER_TYPE : + WOLFSSL_MSG("NULL"); + break; - /* Decode cert and place in X509 struct */ - if (certData != NULL) { - *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, - DYNAMIC_TYPE_X509); - if (*cert == NULL) { - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (ca != NULL) { - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - } - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - ret = WOLFSSL_FAILURE; - goto out; - } - InitX509(*cert, 1, heap); - InitDecodedCert(DeCert, certData, certDataSz, heap); - if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { - WOLFSSL_MSG("Issue with parsing certificate"); - } - if (CopyDecodedToX509(*cert, DeCert) != 0) { - WOLFSSL_MSG("Failed to copy decoded cert"); - FreeDecodedCert(DeCert); - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (ca != NULL) { - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + default: { + WOLFSSL_MSG("bad type"); + return WOLFSSL_FATAL_ERROR; } - wolfSSL_X509_free(*cert); *cert = NULL; - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - ret = WOLFSSL_FAILURE; - goto out; } - FreeDecodedCert(DeCert); - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + return WOLFSSL_SUCCESS; } +#ifndef NO_DES3 - /* get key type */ - ret = BAD_STATE_E; - if (pk != NULL) { /* decode key if present */ - *pkey = wolfSSL_EVP_PKEY_new_ex(heap); - if (*pkey == NULL) { - wolfSSL_X509_free(*cert); *cert = NULL; - if (ca != NULL) { - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - } - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - ret = WOLFSSL_FAILURE; - goto out; - } - - #ifndef NO_RSA - { - const unsigned char* pt = pk; - if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) != - NULL) { - ret = 0; - } - } - #endif /* NO_RSA */ +void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len) +{ + (void)len; - #ifdef HAVE_ECC - if (ret != 0) { /* if is in fail state check if ECC key */ - const unsigned char* pt = pk; - if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) != - NULL) { - ret = 0; - } - } - #endif /* HAVE_ECC */ - if (pk != NULL) - XFREE(pk, heap, DYNAMIC_TYPE_PKCS); - if (ret != 0) { /* if is in fail state and no PKEY then fail */ - wolfSSL_X509_free(*cert); *cert = NULL; - if (ca != NULL) { - wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - } - wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; - WOLFSSL_MSG("Bad PKCS12 key format"); - ret = WOLFSSL_FAILURE; - goto out; - } + WOLFSSL_MSG("wolfSSL_3des_iv"); - if (pkey != NULL && *pkey != NULL) { - (*pkey)->save_type = 0; - } + if (ctx == NULL || iv == NULL) { + WOLFSSL_MSG("Bad function argument"); + return; } - (void)ret; - (void)ca; - - ret = WOLFSSL_SUCCESS; + if (doset) + wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */ + else + XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); +} -out: +#endif /* NO_DES3 */ -#ifdef WOLFSSL_SMALL_STACK - XFREE(DeCert, heap, DYNAMIC_TYPE_DCERT); -#endif - return ret; -} +#ifndef NO_AES -int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw, - int pswLen) +void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len) { - WOLFSSL_ENTER("wolfSSL_PKCS12_verify_mac"); + (void)len; - if (!pkcs12) { - return WOLFSSL_FAILURE; + WOLFSSL_MSG("wolfSSL_aes_ctr_iv"); + + if (ctx == NULL || iv == NULL) { + WOLFSSL_MSG("Bad function argument"); + return; } - return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, pswLen) == 0 ? - WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + if (doset) + (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ + else + XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); } -#endif /* !NO_ASN && !NO_PWDBASED */ +#endif /* NO_AES */ #endif /* OPENSSL_EXTRA */ -#endif /* HAVE_PKCS12 */ /******************************************************************************* - * END OF PKCS12 APIs + * END OF EVP_CIPHER API ******************************************************************************/ +#ifndef NO_CERTS + +#define WOLFSSL_X509_STORE_INCLUDED +#include + +#define WOLFSSL_SSL_P7P12_INCLUDED +#include + #endif /* !NO_CERTS */ @@ -36794,7 +24696,7 @@ int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags) if (ctx != NULL) { XMEMSET(ctx, 0, sizeof(WOLFSSL_DRBG_CTX)); ctx->type = type; - ctx->xflags = flags; + ctx->xflags = (int)flags; ctx->status = DRBG_STATUS_UNINITIALISED; ret = WOLFSSL_SUCCESS; } diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index eecf46748c..74e1381254 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -1,6 +1,6 @@ /* ssl_asn1.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -247,6 +247,11 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf) len = 0; } + if (len < 0) { + len = 0; /* wolfSSL_i2d_ASN1_INTEGER can return a value less than 0 + * on error */ + } + return len; } @@ -974,7 +979,8 @@ static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont) nLen = 1; for (i = 0; i < len; i++) { /* Check if character is a hexadecimal character. */ - if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) == ASN_INPUT_E) + if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) == + WC_NO_ERR_TRACE(ASN_INPUT_E)) { /* Found end of hexadecimal characters, return count. */ len = i; @@ -2996,9 +3002,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) { WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); - if (asn1Time != NULL) { - XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data)); - } + XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL); } #ifndef NO_BIO @@ -3509,14 +3513,17 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, if (ret != NULL) { /* Set the ASN.1 type and length of string. */ ret->type = V_ASN1_GENERALIZEDTIME; - ret->length = ASN_GENERALIZED_TIME_SIZE; if (t->type == V_ASN1_GENERALIZEDTIME) { + ret->length = ASN_GENERALIZED_TIME_SIZE; + /* Just copy as data already appropriately formatted. */ XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); } else { /* Convert UTC TIME to GENERALIZED TIME. */ + ret->length = t->length + 2; /* Add two extra year digits */ + if (t->data[0] >= '5') { /* >= 50 is 1900s. */ ret->data[0] = '1'; ret->data[1] = '9'; @@ -3526,7 +3533,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, ret->data[0] = '2'; ret->data[1] = '0'; } /* Append rest of the data as it is the same. */ - XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE); + XMEMCPY(&ret->data[2], t->data, t->length); } /* Check for pointer to return result through. */ @@ -3538,6 +3545,32 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, return ret; } +WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) +{ + WOLFSSL_ASN1_TIME* ret = s; + + WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_set"); + + if (ret == NULL) { + ret = wolfSSL_ASN1_TIME_new(); + if (ret == NULL) + return NULL; + } + + ret->length = GetFormattedTime(&t, ret->data, sizeof(ret->data)); + if (ret->length + 1 != ASN_UTC_TIME_SIZE) { + /* Either snprintf error or t can't be represented in UTC format */ + if (ret != s) + wolfSSL_ASN1_TIME_free(ret); + ret = NULL; + } + else { + ret->type = V_ASN1_UTCTIME; + } + + return ret; +} + #endif /* OPENSSL_EXTRA */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) diff --git a/src/ssl_bn.c b/src/ssl_bn.c index cbb4a92fac..d4ecee4f22 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1,6 +1,6 @@ /* ssl_bn.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,7 +25,7 @@ #include - #include +#include #ifndef WC_NO_RNG #include #endif diff --git a/src/ssl_certman.c b/src/ssl_certman.c index e074996afc..d520f24708 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -1,6 +1,6 @@ /* ssl_certman.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -141,14 +141,12 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap) #ifdef HAVE_ECC cm->minEccKeySz = MIN_ECCKEY_SZ; #endif - #ifdef HAVE_PQC #ifdef HAVE_FALCON cm->minFalconKeySz = MIN_FALCONKEY_SZ; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ; #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ /* Set heap hint to use in certificate manager operations. */ cm->heap = heap; @@ -611,8 +609,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc) } #endif /* NO_WOLFSSL_CM_VERIFY */ -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb) { @@ -622,7 +619,7 @@ void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, } } -#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */ +#endif /* WC_ASN_UNKNOWN_EXT_CB */ #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* Verify the certificate. @@ -692,15 +689,14 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff, /* Create a decoded certificate with DER buffer. */ InitDecodedCert(cert, buff, (word32)sz, cm->heap); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (cm->unknownExtCallback != NULL) wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); #endif /* Parse DER into decoded certificate fields and verify signature * against a known CA. */ - ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm); + ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm, NULL); } #ifdef HAVE_CRL @@ -1386,9 +1382,7 @@ int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname) ret = FWRITE_ERROR; } } - if (mem != NULL) { - XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); /* Unlock CA table. */ wc_UnLockMutex(&cm->caLock); @@ -1819,7 +1813,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, InitDecodedCert(cert, der, (word32)sz, NULL); /* Parse certificate and perform CRL checks. */ - ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm); + ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm, NULL); if (ret != 0) { WOLFSSL_MSG("ParseCert failed"); } @@ -2291,7 +2285,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, InitDecodedCert(cert, der, (word32)sz, NULL); /* Parse certificate and perform CRL checks. */ - ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm); + ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL); if (ret != 0) { WOLFSSL_MSG("ParseCert failed"); } diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index 3c73b88f51..296e74a14f 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -1,6 +1,6 @@ /* ssl_crypto.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1966,7 +1966,7 @@ int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx) * @return NULL on failure. */ unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, - int key_len, const unsigned char* data, int len, unsigned char* md, + int key_len, const unsigned char* data, size_t len, unsigned char* md, unsigned int* md_len) { unsigned char* ret = NULL; @@ -2000,7 +2000,7 @@ unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, #endif if (rc == 0) { /* Get the HMAC output length. */ - hmacLen = wolfssl_mac_len((unsigned char)type); + hmacLen = (int)wolfssl_mac_len((unsigned char)type); /* 0 indicates the digest is not supported. */ if (hmacLen == 0) { rc = BAD_FUNC_ARG; @@ -2009,16 +2009,16 @@ unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, /* Initialize the wolfSSL HMAC object. */ if ((rc == 0) && (wc_HmacInit(hmac, heap, INVALID_DEVID) == 0)) { /* Set the key into the wolfSSL HMAC object. */ - rc = wc_HmacSetKey(hmac, type, (const byte*)key, key_len); + rc = wc_HmacSetKey(hmac, type, (const byte*)key, (word32)key_len); if (rc == 0) { /* Update the wolfSSL HMAC object with data. */ - rc = wc_HmacUpdate(hmac, data, len); + rc = wc_HmacUpdate(hmac, data, (word32)len); } /* Finalize the wolfSSL HMAC object. */ if ((rc == 0) && (wc_HmacFinal(hmac, md) == 0)) { /* Return the length of the HMAC output if required. */ if (md_len != NULL) { - *md_len = hmacLen; + *md_len = (unsigned int)hmacLen; } /* Set the buffer to return. */ ret = md; @@ -2269,7 +2269,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len) len32 = (word32)blockSize; /* Return size if required. */ if (len != NULL) { - *len = blockSize; + *len = (size_t)blockSize; } } } diff --git a/src/ssl_load.c b/src/ssl_load.c new file mode 100644 index 0000000000..da4279e39e --- /dev/null +++ b/src/ssl_load.c @@ -0,0 +1,5844 @@ +/* ssl_load.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +/* + * WOLFSSL_SYS_CA_CERTS + * Enables ability to load system CA certs from the OS via + * wolfSSL_CTX_load_system_CA_certs. + */ + +#ifdef WOLFSSL_SYS_CA_CERTS + +#ifdef _WIN32 + #include + #include + + /* mingw gcc does not support pragma comment, and the + * linking with crypt32 is handled in configure.ac */ + #if !defined(__MINGW32__) && !defined(__MINGW64__) + #pragma comment(lib, "crypt32") + #endif +#endif + +#if defined(__APPLE__) && defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) +#include +#endif + +#endif /* WOLFSSL_SYS_CA_CERTS */ + +#if !defined(WOLFSSL_SSL_LOAD_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_load.c does not need to be compiled separately from ssl.c + #endif +#else + +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* PSK field of context when it exists. */ + #define CTX_HAVE_PSK(ctx) (ctx)->havePSK + /* PSK field of ssl when it exists. */ + #define SSL_HAVE_PSK(ssl) (ssl)->options.havePSK +#else + /* Have PSK value when no field. */ + #define CTX_HAVE_PSK(ctx) 0 + /* Have PSK value when no field. */ + #define SSL_HAVE_PSK(ssl) 0 +#endif +#ifdef NO_RSA + /* Boolean for RSA available. */ + #define WOLFSSL_HAVE_RSA 0 +#else + /* Boolean for RSA available. */ + #define WOLFSSL_HAVE_RSA 1 +#endif +#ifndef NO_CERTS + /* Private key size from ssl. */ + #define SSL_KEY_SZ(ssl) (ssl)->buffers.keySz +#else + /* Private key size not available. */ + #define SSL_KEY_SZ(ssl) 0 +#endif +#ifdef HAVE_ANON + /* Anonymous ciphersuite allowed field in context. */ + #define CTX_USE_ANON(ctx) (ctx)->useAnon +#else + /* Anonymous ciphersuite allowed field not in context. */ + #define CTX_USE_ANON(ctx) 0 +#endif + +#ifdef HAVE_PK_CALLBACKS + #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl) \ + wolfSSL_CTX_IsPrivatePkSet(((ssl) == NULL) ? (ctx) : (ssl)->ctx) +#else + #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl) 0 +#endif + +/* Get the heap from the context or the ssl depending on which is available. */ +#define WOLFSSL_HEAP(ctx, ssl) \ + (((ctx) != NULL) ? (ctx)->heap : (((ssl) != NULL) ? (ssl)->heap : NULL)) + + +#ifndef NO_CERTS + +/* Get DER encoding from data in a buffer as a DerBuffer. + * + * @param [in] buff Buffer containing data. + * @param [in] len Length of data in buffer. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @param [in] type Type of data: + * CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE, + * PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE. + * @param [in, out] info Info for encryption. + * @param [in] heap Dynamic memory allocation hint. + * @param [out] der Holds DER encoded data. + * @param [out] algId Algorithm identifier for private keys. + * @return 0 on success. + * @return NOT_COMPILED_IN when format is PEM and PEM not supported. + * @return ASN_PARSE_E when format is ASN.1 and invalid DER encoding. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, + int type, EncryptedInfo* info, void* heap, DerBuffer** der, int* algId) +{ + int ret; + + info->consumed = 0; + + /* Data in buffer has PEM format - extract DER data. */ + if (format == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + ret = PemToDer(buff, len, type, der, heap, info, algId); + if (ret != 0) { + FreeDer(der); + } + #else + ret = NOT_COMPILED_IN; + #endif + } + /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */ + else { + /* Get length of SEQ including header. */ + if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) { + ret = 0; + } + else { + ret = ASN_PARSE_E; + } + + if (info->consumed > (int)len) { + ret = ASN_PARSE_E; + } + if (ret == 0) { + ret = AllocCopyDer(der, buff, (word32)info->consumed, type, heap); + } + } + + return ret; +} + +/* Process a user's certificate. + * + * Puts the 3-byte length before certificate data as required for TLS. + * CA certificates are added to the certificate manager. + * + * @param [in] cm Certificate manager. + * @param [in, out] pDer DER encoded data. + * @param [in] type Type of data. Valid values: + * CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE. + * @param [in] verify How to verify certificate. + * @param [out] chainBuffer Buffer to hold chain of certificates. + * @param [in, out] pIdx On in, current index into chainBuffer. + * On out, index after certificate added. + * @param [in] bufferSz Size of buffer in bytes. + * @return 0 on success. + * @return BUFFER_E if chain buffer not big enough to hold certificate. + */ +static int ProcessUserCert(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, + int type, int verify, byte* chainBuffer, word32* pIdx, word32 bufferSz) +{ + int ret = 0; + word32 idx = *pIdx; + DerBuffer* der = *pDer; + + /* Check there is space for certificate in chainBuffer. */ + if ((ret == 0) && ((idx + der->length + CERT_HEADER_SZ) > bufferSz)) { + WOLFSSL_MSG(" Cert Chain bigger than buffer. " + "Consider increasing MAX_CHAIN_DEPTH"); + ret = BUFFER_E; + } + if (ret == 0) { + /* 3-byte length. */ + c32to24(der->length, &chainBuffer[idx]); + idx += CERT_HEADER_SZ; + /* Add complete DER encoded certificate. */ + XMEMCPY(&chainBuffer[idx], der->buffer, der->length); + idx += der->length; + + if (type == CA_TYPE) { + /* Add CA to certificate manager */ + ret = AddCA(cm, pDer, WOLFSSL_USER_CA, verify); + if (ret == 1) { + ret = 0; + } + } + } + + /* Update the index into chainBuffer. */ + *pIdx = idx; + return ret; +} + +/* Store the certificate chain buffer aganst WOLFSSL_CTX or WOLFSSL object. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] chainBuffer Buffer containing chain of certificates. + * @param [in] len Length, in bytes, of data in buffer. + * @param [in] cnt Number of certificates in chain. + * @param [in] type Type of data. Valid values: + * CERT_TYPE, CA_TYPE or CHAIN_CERT_TYPE. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const byte* chainBuffer, word32 len, int cnt, int type, void* heap) +{ + int ret = 0; + + (void)cnt; + + /* Store in SSL object if available. */ + if (ssl != NULL) { + /* Dispose of old chain if not reference to context's. */ + if (ssl->buffers.weOwnCertChain) { + FreeDer(&ssl->buffers.certChain); + } + /* Allocate and copy the buffer into SSL object. */ + ret = AllocCopyDer(&ssl->buffers.certChain, chainBuffer, len, type, + heap); + ssl->buffers.weOwnCertChain = (ret == 0); + #ifdef WOLFSSL_TLS13 + /* Update count of certificates in chain. */ + ssl->buffers.certChainCnt = cnt; + #endif + } + /* Store in SSL context object if available. */ + else if (ctx != NULL) { + /* Dispose of old chain and allocate and copy in new chain. */ + FreeDer(&ctx->certChain); + /* Allocate and copy the buffer into SSL context object. */ + ret = AllocCopyDer(&ctx->certChain, chainBuffer, len, type, heap); + #ifdef WOLFSSL_TLS13 + /* Update count of certificates in chain. */ + ctx->certChainCnt = cnt; + #endif + } + + return ret; +} + +/* Process user cert chain to pass during the TLS handshake. + * + * If not a certificate type then data is ignored. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] buff Buffer holding certificates. + * @param [in] sz Length of data in buffer. + * @param [in] format Format of the certificate: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 + * @param [in] type Type of certificate: + * CA_TYPE, CERT_TYPE or CHAIN_CERT_TYPE + * @param [out] used Number of bytes from buff used. + * @param [in, out] info Encryption information. + * @param [in] verify How to verify certificate. + * @return 0 on success. + * @return BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const unsigned char* buff, long sz, int format, int type, long* used, + EncryptedInfo* info, int verify) +{ + int ret = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); + + WOLFSSL_ENTER("ProcessUserChain"); + + /* Check we haven't consumed all the data. */ + if (info->consumed >= sz) { + WOLFSSL_MSG("Already consumed data"); + } + else { + #ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; + #endif + StaticBuffer chain; + long consumed = info->consumed; + word32 idx = 0; + int gotOne = 0; + int cnt = 0; + /* Calculate max possible size, including max headers */ + long maxSz = (sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH); + + /* Setup buffer to hold chain. */ + #ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&chain); + #else + static_buffer_init(&chain, stackBuffer, FILE_BUFFER_SIZE); + #endif + /* Make buffer big enough to support maximum size. */ + ret = static_buffer_set_size(&chain, (word32)maxSz, heap, + DYNAMIC_TYPE_FILE); + + WOLFSSL_MSG("Processing Cert Chain"); + /* Keep parsing certificates will data available. */ + while ((ret == 0) && (consumed < sz)) { + DerBuffer* part = NULL; + + /* Get a certificate as DER. */ + ret = DataToDerBuffer(buff + consumed, (word32)(sz - consumed), + format, type, info, heap, &part, NULL); + if (ret == 0) { + /* Process the user certificate. */ + ret = ProcessUserCert(ctx->cm, &part, type, verify, + chain.buffer, &idx, (word32)maxSz); + } + /* PEM may have trailing data that can be ignored. */ + if ((ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) && gotOne) { + WOLFSSL_MSG("We got one good cert, so stuff at end ok"); + ret = 0; + break; + } + /* Certificate data handled. */ + FreeDer(&part); + + if (ret == 0) { + /* Update consumed length. */ + consumed += info->consumed; + WOLFSSL_MSG(" Consumed another Cert in Chain"); + /* Update whether we got a user certificate. */ + gotOne |= (type != CA_TYPE); + /* Update count of certificates added to chain. */ + cnt++; + } + } + if (used != NULL) { + /* Return the total consumed length. */ + *used = consumed; + } + + /* Check whether there is data in the chain buffer. */ + if ((ret == 0) && (idx > 0)) { + /* Put the chain buffer against the SSL or SSL context object. */ + ret = ProcessUserChainRetain(ctx, ssl, chain.buffer, idx, cnt, type, + heap); + } + + /* Dispose of chain buffer. */ + static_buffer_free(&chain, heap, DYNAMIC_TYPE_FILE); + } + + WOLFSSL_LEAVE("ProcessUserChain", ret); + return ret; +} + +#ifndef NO_RSA +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) +/* See if DER data is an RSA private key. + * + * Checks size meets minimum RSA key size. + * This implementation uses less dynamic memory. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an RSA key and format unknown. + * @return RSA_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, int devId, byte* keyType, int* keySize) +{ + int ret; + word32 idx; + int keySz = 0; + + (void)devId; + + /* Validate we have an RSA private key and get key size. */ + idx = 0; + ret = wc_RsaPrivateKeyValidate(der->buffer, &idx, &keySz, der->length); +#ifdef WOLF_PRIVATE_KEY_ID + /* If that didn't work then maybe a public key if device ID or callback. */ + if ((ret != 0) && ((devId != INVALID_DEVID) || + WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) { + word32 nSz; + + /* Decode as an RSA public key. */ + idx = 0; + ret = wc_RsaPublicKeyDecode_ex(der->buffer, &idx, der->length, NULL, + &nSz, NULL, NULL); + if (ret == 0) { + keySz = (int)nSz; + } + } +#endif + if (ret == 0) { + /* Get the minimum RSA key size from SSL or SSL context object. */ + int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz; + + /* Format, type and size are known. */ + *keyFormat = RSAk; + *keyType = rsa_sa_algo; + *keySize = keySz; + + /* Check that the size of the RSA key is enough. */ + if (keySz < minRsaSz) { + WOLFSSL_MSG("Private Key size too small"); + ret = RSA_KEY_SIZE_E; + } + /* No static ECC key possible. */ + if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) { + ssl->options.haveStaticECC = 0; + } + } + /* Not an RSA key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not an RSA key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + return ret; +} +#else +/* See if DER data is an RSA private key. + * + * Checks size meets minimum RSA key size. + * This implementation uses more dynamic memory but supports older FIPS. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an RSA key and format unknown. + * @return RSA_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType, + int* keySize) +{ + int ret; + word32 idx; + /* make sure RSA key can be used */ +#ifdef WOLFSSL_SMALL_STACK + RsaKey* key; +#else + RsaKey key[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate an RSA key to parse into so we can get size. */ + key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) + return MEMORY_E; +#endif + + /* Initialize the RSA key. */ + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret == 0) { + /* Check we have an RSA private key. */ + idx = 0; + ret = wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length); + #ifdef WOLF_PRIVATE_KEY_ID + /* If that didn't work then maybe a public key if device ID or callback. + */ + if ((ret != 0) && ((devId != INVALID_DEVID) || + WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) { + /* If that didn't work then maybe a public key if device ID or + * callback. */ + idx = 0; + ret = wc_RsaPublicKeyDecode(der->buffer, &idx, key, der->length); + } + #endif + if (ret == 0) { + /* Get the minimum RSA key size from SSL or SSL context object. */ + int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz; + int keySz = wc_RsaEncryptSize((RsaKey*)key); + + /* Format is known. */ + *keyFormat = RSAk; + *keyType = rsa_sa_algo; + *keySize = keySz; + + /* Check that the size of the RSA key is enough. */ + if (keySz < minRsaSz) { + WOLFSSL_MSG("Private Key size too small"); + ret = RSA_KEY_SIZE_E; + } + /* No static ECC key possible. */ + if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) { + ssl->options.haveStaticECC = 0; + } + } + /* Not an RSA key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not an RSA key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_FreeRsaKey(key); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_RSA); +#endif + + return ret; +} +#endif +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +/* See if DER data is an ECC private key. + * + * Checks size meets minimum ECC key size. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an ECC key and format unknown. + * @return ECC_KEY_SIZE_E when ECC key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType, + int* keySize) +{ + int ret = 0; + word32 idx; + /* make sure ECC key can be used */ +#ifdef WOLFSSL_SMALL_STACK + ecc_key* key; +#else + ecc_key key[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate an ECC key to parse into. */ + key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC); + if (key == NULL) + return MEMORY_E; +#endif + + /* Initialize ECC key. */ + if (wc_ecc_init_ex(key, heap, devId) == 0) { + /* Decode as an ECC private key. */ + idx = 0; + ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length); + #ifdef WOLF_PRIVATE_KEY_ID + /* If that didn't work then maybe a public key if device ID or callback. + */ + if ((ret != 0) && ((devId != INVALID_DEVID) || + WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) { + /* Decode as an ECC public key. */ + idx = 0; + ret = wc_EccPublicKeyDecode(der->buffer, &idx, key, der->length); + } + #endif + #ifdef WOLFSSL_SM2 + if (*keyFormat == SM2k) { + ret = wc_ecc_set_curve(key, WOLFSSL_SM2_KEY_BITS / 8, + ECC_SM2P256V1); + } + #endif + if (ret == 0) { + /* Get the minimum ECC key size from SSL or SSL context object. */ + int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; + int keySz = wc_ecc_size(key); + + /* Format is known. */ + *keyFormat = ECDSAk; + #ifdef WOLFSSL_SM2 + if (key->dp->id == ECC_SM2P256V1) { + *keyType = sm2_sa_algo; + } + else + #endif + { + *keyType = ecc_dsa_sa_algo; + } + *keySize = keySz; + + /* Check that the size of the ECC key is enough. */ + if (keySz < minKeySz) { + WOLFSSL_MSG("ECC private key too small"); + ret = ECC_KEY_SIZE_E; + } + /* Static ECC key possible. */ + if (ssl) { + ssl->options.haveStaticECC = 1; + } + else { + ctx->haveStaticECC = 1; + } + } + /* Not an ECC key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not an ECC key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_ecc_free(key); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_ECC); +#endif + return ret; +} +#endif /* HAVE_ECC */ + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) +/* See if DER data is an Ed25519 private key. + * + * Checks size meets minimum ECC key size. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an Ed25519 key and format unknown. + * @return ECC_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType, + int* keySize) +{ + int ret; + word32 idx; + /* make sure Ed25519 key can be used */ +#ifdef WOLFSSL_SMALL_STACK + ed25519_key* key; +#else + ed25519_key key[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate an Ed25519 key to parse into. */ + key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, + DYNAMIC_TYPE_ED25519); + if (key == NULL) + return MEMORY_E; +#endif + + /* Initialize Ed25519 key. */ + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret == 0) { + /* Decode as an Ed25519 private key. */ + idx = 0; + ret = wc_Ed25519PrivateKeyDecode(der->buffer, &idx, key, der->length); + #ifdef WOLF_PRIVATE_KEY_ID + /* If that didn't work then maybe a public key if device ID or callback. + */ + if ((ret != 0) && ((devId != INVALID_DEVID) || + WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) { + /* Decode as an Ed25519 public key. */ + idx = 0; + ret = wc_Ed25519PublicKeyDecode(der->buffer, &idx, key, + der->length); + } + #endif + if (ret == 0) { + /* Get the minimum ECC key size from SSL or SSL context object. */ + int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; + + /* Format is known. */ + *keyFormat = ED25519k; + *keyType = ed25519_sa_algo; + *keySize = ED25519_KEY_SIZE; + + /* Check that the size of the ECC key is enough. */ + if (ED25519_KEY_SIZE < minKeySz) { + WOLFSSL_MSG("ED25519 private key too small"); + ret = ECC_KEY_SIZE_E; + } + if (ssl != NULL) { +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED25519_CLIENT_AUTH) + /* Ed25519 requires caching enabled for tracking message + * hash used in EdDSA_Update for signing */ + ssl->options.cacheMessages = 1; +#endif + } + } + /* Not an Ed25519 key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not an Ed25519 key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_ed25519_free(key); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_ED25519); +#endif + return ret; +} +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) +/* See if DER data is an Ed448 private key. + * + * Checks size meets minimum ECC key size. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an Ed448 key and format unknown. + * @return ECC_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType, + int* keySize) +{ + int ret; + word32 idx; + /* make sure Ed448 key can be used */ +#ifdef WOLFSSL_SMALL_STACK + ed448_key* key = NULL; +#else + ed448_key key[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate an Ed448 key to parse into. */ + key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448); + if (key == NULL) + return MEMORY_E; +#endif + + /* Initialize Ed448 key. */ + ret = wc_ed448_init_ex(key, heap, devId); + if (ret == 0) { + /* Decode as an Ed448 private key. */ + idx = 0; + ret = wc_Ed448PrivateKeyDecode(der->buffer, &idx, key, der->length); + #ifdef WOLF_PRIVATE_KEY_ID + /* If that didn't work then maybe a public key if device ID or callback. + */ + if ((ret != 0) && ((devId != INVALID_DEVID) || + WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) { + /* Decode as an Ed448 public key. */ + idx = 0; + ret = wc_Ed448PublicKeyDecode(der->buffer, &idx, key, der->length); + } + #endif + if (ret == 0) { + /* Get the minimum ECC key size from SSL or SSL context object. */ + int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz; + + /* Format is known. */ + *keyFormat = ED448k; + *keyType = ed448_sa_algo; + *keySize = ED448_KEY_SIZE; + + /* Check that the size of the ECC key is enough. */ + if (ED448_KEY_SIZE < minKeySz) { + WOLFSSL_MSG("ED448 private key too small"); + ret = ECC_KEY_SIZE_E; + } + if (ssl != NULL) { + /* Ed448 requires caching enabled for tracking message + * hash used in EdDSA_Update for signing */ + ssl->options.cacheMessages = 1; + } + } + /* Not an Ed448 key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not an Ed448 key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_ed448_free(key); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_ED448); +#endif + return ret; +} +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ + +#if defined(HAVE_FALCON) +/* See if DER data is an Falcon private key. + * + * Checks size meets minimum Falcon key size. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not an Falcon key and format unknown. + * @return FALCON_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize) +{ + int ret; + falcon_key* key; + + /* Allocate a Falcon key to parse into. */ + key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, DYNAMIC_TYPE_FALCON); + if (key == NULL) { + return MEMORY_E; + } + + /* Initialize Falcon key. */ + ret = wc_falcon_init(key); + if (ret == 0) { + /* Set up key to parse the format specified. */ + if ((*keyFormat == FALCON_LEVEL1k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL1_KEY_SIZE) || + (der->length == FALCON_LEVEL1_PRV_KEY_SIZE)))) { + ret = wc_falcon_set_level(key, 1); + } + else if ((*keyFormat == FALCON_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL5_KEY_SIZE) || + (der->length == FALCON_LEVEL5_PRV_KEY_SIZE)))) { + ret = wc_falcon_set_level(key, 5); + } + else { + wc_falcon_free(key); + ret = ALGO_ID_E; + } + } + + if (ret == 0) { + /* Decode as a Falcon private key. */ + ret = wc_falcon_import_private_only(der->buffer, der->length, key); + if (ret == 0) { + /* Get the minimum Falcon key size from SSL or SSL context object. + */ + int minKeySz = ssl ? ssl->options.minFalconKeySz : + ctx->minFalconKeySz; + + /* Format is known. */ + if (*keyFormat == FALCON_LEVEL1k) { + *keyType = falcon_level1_sa_algo; + *keySize = FALCON_LEVEL1_KEY_SIZE; + } + else { + *keyType = falcon_level5_sa_algo; + *keySize = FALCON_LEVEL5_KEY_SIZE; + } + + /* Check that the size of the Falcon key is enough. */ + if (*keySize < minKeySz) { + WOLFSSL_MSG("Falcon private key too small"); + ret = FALCON_KEY_SIZE_E; + } + } + /* Not a Falcon key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not a Falcon key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_falcon_free(key); + } + else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Falcon key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_FALCON); + return ret; +} +#endif + +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) +/* See if DER data is an Dilithium private key. + * + * Checks size meets minimum Falcon key size. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device identifier. + * @param [out] keyType Type of key. + * @param [out] keySize Size of key. + * @return 0 on success or not a Dilithium key and format unknown. + * @return DILITHIUM_KEY_SIZE_E when key size doesn't meet minimum required. + */ +static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize) +{ + int ret; + word32 idx; + dilithium_key* key; + + /* Allocate a Dilithium key to parse into. */ + key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, + DYNAMIC_TYPE_DILITHIUM); + if (key == NULL) { + return MEMORY_E; + } + + /* Initialize Dilithium key. */ + ret = wc_dilithium_init(key); + if (ret == 0) { + /* Set up key to parse the format specified. */ + if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) { + ret = wc_dilithium_set_level(key, 2); + } + else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) { + ret = wc_dilithium_set_level(key, 3); + } + else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) { + ret = wc_dilithium_set_level(key, 5); + } + else { + wc_dilithium_free(key); + ret = ALGO_ID_E; + } + } + + if (ret == 0) { + /* Decode as a Dilithium private key. */ + idx = 0; + ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); + if (ret == 0) { + /* Get the minimum Dilithium key size from SSL or SSL context + * object. */ + int minKeySz = ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz; + + /* Format is known. */ + if (*keyFormat == DILITHIUM_LEVEL2k) { + *keyType = dilithium_level2_sa_algo; + *keySize = DILITHIUM_LEVEL2_KEY_SIZE; + } + else if (*keyFormat == DILITHIUM_LEVEL3k) { + *keyType = dilithium_level3_sa_algo; + *keySize = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (*keyFormat == DILITHIUM_LEVEL5k) { + *keyType = dilithium_level5_sa_algo; + *keySize = DILITHIUM_LEVEL5_KEY_SIZE; + } + + /* Check that the size of the Dilithium key is enough. */ + if (*keySize < minKeySz) { + WOLFSSL_MSG("Dilithium private key too small"); + ret = DILITHIUM_KEY_SIZE_E; + } + } + /* Not a Dilithium key but check whether we know what it is. */ + else if (*keyFormat == 0) { + WOLFSSL_MSG("Not a Dilithium key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Free dynamically allocated data in key. */ + wc_dilithium_free(key); + } + else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Dilithium key"); + /* Format unknown so keep trying. */ + ret = 0; + } + + /* Dispose of allocated key. */ + XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +} +#endif /* HAVE_DILITHIUM */ + +/* Try to decode DER data is a known private key. + * + * Checks size meets minimum for key type. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in, out] keyFormat On in, expected format. 0 means unknown. + * @param [in] heap Dynamic memory allocation hint. + * @param [out] type Type of key: + * PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE. + * @return 0 on success. + * @return BAD_FUNC_ARG when der or keyFormat is NULL. + * @return BAD_FUNC_ARG when ctx and ssl are NULL. + * @return WOLFSSL_BAD_FILE when unable to identify the key format. + */ +static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int* keyFormat, void* heap, int type) +{ + int ret = 0; + int devId = wolfSSL_CTX_GetDevId(ctx, ssl); + byte* keyType = NULL; + int* keySz = NULL; + + (void)heap; + (void)devId; + (void)type; + + /* Validate parameters. */ + if ((der == NULL) || (keyFormat == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Must have an SSL context or SSL object to use. */ + if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Determine where to put key type and size in SSL or context object. */ + #ifdef WOLFSSL_DUAL_ALG_CERTS + if (type == ALT_PRIVATEKEY_TYPE) { + if (ssl != NULL) { + keyType = &ssl->buffers.altKeyType; + keySz = &ssl->buffers.altKeySz; + } + else { + keyType = &ctx->altPrivateKeyType; + keySz = &ctx->altPrivateKeySz; + } + } + else + #endif + /* Type is PRIVATEKEY_TYPE. */ + if (ssl != NULL) { + keyType = &ssl->buffers.keyType; + keySz = &ssl->buffers.keySz; + } + else { + keyType = &ctx->privateKeyType; + keySz = &ctx->privateKeySz; + } + } + +#ifndef NO_RSA + /* Try RSA if key format is RSA or yet unknown. */ + if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == RSAk))) { +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, devId, + keyType, keySz); +#else + ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, heap, devId, + keyType, keySz); +#endif + } +#endif +#ifdef HAVE_ECC + /* Try ECC if key format is ECDSA or SM2, or yet unknown. */ + if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == ECDSAk) + #ifdef WOLFSSL_SM2 + || (*keyFormat == SM2k) + #endif + )) { + ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keyFormat, heap, devId, + keyType, keySz); + } +#endif /* HAVE_ECC */ +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) + /* Try Ed25519 if key format is Ed25519 or yet unknown. */ + if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED25519k))) { + ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keyFormat, heap, + devId, keyType, keySz); + } +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + /* Try Ed448 if key format is Ed448 or yet unknown. */ + if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED448k))) { + ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keyFormat, heap, devId, + keyType, keySz); + } +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ +#if defined(HAVE_FALCON) + /* Try Falcon if key format is Falcon level 1k or 5k or yet unknown. */ + if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) || + (*keyFormat == FALCON_LEVEL5k))) { + ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keyFormat, heap, + keyType, keySz); + } +#endif /* HAVE_FALCON */ +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) + /* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown. + */ + if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == DILITHIUM_LEVEL2k) || + (*keyFormat == DILITHIUM_LEVEL3k) || + (*keyFormat == DILITHIUM_LEVEL5k))) { + ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap, + keyType, keySz); + } +#endif /* HAVE_DILITHIUM */ + + /* Check we know the format. */ + if ((ret == 0) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a supported key type"); + /* Not supported key format. */ + ret = WOLFSSL_BAD_FILE; + } + + return ret; +} + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) +/* Decrypt PKCS#8 private key. + * + * @param [in] info Encryption information. + * @param [in] der DER encoded data. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der, + void* heap) +{ + int ret = 0; + word32 algId; + int passwordSz = NAME_SZ; +#ifndef WOLFSSL_SMALL_STACK + char password[NAME_SZ]; +#else + char* password; +#endif + + (void)heap; +#ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for password. */ + password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING); + if (password == NULL) { + ret = MEMORY_E; + } +#endif + + if (ret == 0) { + /* Get password. */ + ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ, + info->passwd_userdata); + } + if (ret >= 0) { + /* Returned value is password size. */ + passwordSz = ret; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("ProcessBuffer password", password, passwordSz); + #endif + + /* Decrypt PKCS#8 private key inline and get algorithm id. */ + ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz, + &algId); + } + if (ret >= 0) { + /* Zero out encrypted data not overwritten. */ + ForceZero(der->buffer + ret, der->length - ret); + /* Set decrypted data length. */ + der->length = (word32)ret; + } + +#ifdef WOLFSSL_SMALL_STACK + if (password != NULL) +#endif + { + /* Ensure password is zeroized. */ + ForceZero(password, (word32)passwordSz); + } +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of password memory. */ + XFREE(password, heap, DYNAMIC_TYPE_STRING); +#elif defined(WOLFSSL_CHECK_MEM_ZERO) + wc_MemZero_Check(password, NAME_SZ); +#endif + return ret; +} +#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ + +/* Put the DER into the SSL or SSL context object. + * + * Precondition: ctx or ssl is not NULL. + * Precondition: Must be a private key type. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @return 0 on success. + */ +static int ProcessBufferPrivKeyHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer** der, int type) +{ + int ret = 0; + + (void)type; + +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (type == ALT_PRIVATEKEY_TYPE) { + /* Put in alternate private key fields of objects. */ + if (ssl != NULL) { + /* Dispose of previous key if not context's. */ + if (ssl->buffers.weOwnAltKey) { + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + } + ssl->buffers.altKeyId = 0; + ssl->buffers.altKeyLabel = 0; + ssl->buffers.altKeyDevId = INVALID_DEVID; + /* Store key by reference and own it. */ + ssl->buffers.altKey = *der; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length); + #endif + ssl->buffers.weOwnAltKey = 1; + } + else if (ctx != NULL) { + /* Dispose of previous key. */ + FreeDer(&ctx->altPrivateKey); + ctx->altPrivateKeyId = 0; + ctx->altPrivateKeyLabel = 0; + ctx->altPrivateKeyDevId = INVALID_DEVID; + /* Store key by reference. */ + ctx->altPrivateKey = *der; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length); + #endif + } + } + else +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + if (ssl != NULL) { + /* Dispose of previous key if not context's. */ + if (ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif + } + ssl->buffers.keyId = 0; + ssl->buffers.keyLabel = 0; + ssl->buffers.keyDevId = INVALID_DEVID; + /* Store key by reference and own it. */ + ssl->buffers.key = *der; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length); + #endif + ssl->buffers.weOwnKey = 1; + } + else if (ctx != NULL) { + /* Dispose of previous key. */ + FreeDer(&ctx->privateKey); + ctx->privateKeyId = 0; + ctx->privateKeyLabel = 0; + ctx->privateKeyDevId = INVALID_DEVID; + /* Store key by reference. */ + ctx->privateKey = *der; + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length); + #endif + } + + return ret; +} + +/* Decode private key. + * + * Precondition: ctx or ssl is not NULL. + * Precondition: Must be a private key type. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoding. + * @param [in] format Original format of data. + * @param [in] info Encryption information. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of data: + * PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE. + * @param [in] algId Algorithm id of key. + * @return 0 on success. + * @return WOLFSSL_BAD_FILE when not able to decode. + */ +static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int format, EncryptedInfo* info, void* heap, int type, + int algId) +{ + int ret; + + (void)info; + (void)format; + + /* Put the data into the SSL or SSL context object. */ + ret = ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type); + if (ret == 0) { + /* Try to decode the DER data. */ + ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type); + } + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) + /* If private key type PKCS8 header wasn't already removed (algId == 0). */ + if (((ret != 0) || (algId == 0)) && (format != WOLFSSL_FILETYPE_PEM) && + (info->passwd_cb != NULL) && (algId == 0)) { + /* Try to decrypt DER data as a PKCS#8 private key. */ + ret = ProcessBufferPrivPkcs8Dec(info, der, heap); + if (ret >= 0) { + /* Try to decode decrypted data. */ + ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type); + } + } +#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ + +#ifdef WOLFSSL_BLIND_PRIVATE_KEY +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (type == ALT_PRIVATEKEY_TYPE) { + if (ssl != NULL) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, + &ssl->buffers.altKeyMask); + } + else { + ret = wolfssl_priv_der_blind(NULL, ctx->altPrivateKey, + &ctx->altPrivateKeyMask); + } + } + else +#endif + if (ssl != NULL) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + } + else { + ret = wolfssl_priv_der_blind(NULL, ctx->privateKey, + &ctx->privateKeyMask); + } +#endif + + /* Check if we were able to determine algorithm id. */ + if ((ret == 0) && (algId == 0)) { + #ifdef OPENSSL_EXTRA + /* Decryption password is probably wrong. */ + if (info->passwd_cb) { + EVPerr(0, EVP_R_BAD_DECRYPT); + } + #endif + WOLFSSL_ERROR(WOLFSSL_BAD_FILE); + /* Unable to decode DER data. */ + ret = WOLFSSL_BAD_FILE; + } + + return ret; +} + +/* Use the key OID to determine have options. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] keyOID OID for public/private key. + */ +static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + int keyOID) +{ + /* Set which private key algorithm available based on key OID. */ + switch (keyOID) { + case ECDSAk: + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case SM2k: + #endif + #ifdef HAVE_ED25519 + case ED25519k: + #endif + #ifdef HAVE_ED448 + case ED448k: + #endif + if (ssl != NULL) { + ssl->options.haveECC = 1; + } + else { + ctx->haveECC = 1; + } + break; + #ifndef NO_RSA + case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + if (ssl != NULL) { + ssl->options.haveRSA = 1; + } + else { + ctx->haveRSA = 1; + } + break; + #endif + #ifdef HAVE_FALCON + case FALCON_LEVEL1k: + case FALCON_LEVEL5k: + if (ssl != NULL) { + ssl->options.haveFalconSig = 1; + } + else { + ctx->haveFalconSig = 1; + } + break; + #endif /* HAVE_FALCON */ + #ifdef HAVE_DILITHIUM + case DILITHIUM_LEVEL2k: + case DILITHIUM_LEVEL3k: + case DILITHIUM_LEVEL5k: + if (ssl != NULL) { + ssl->options.haveDilithiumSig = 1; + } + else { + ctx->haveDilithiumSig = 1; + } + break; + #endif /* HAVE_DILITHIUM */ + default: + WOLFSSL_MSG("Cert key not supported"); + break; + } +} + +/* Set which private key algorithm we have against SSL or SSL context object. + * + * Precondition: ctx or ssl is not NULL. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] cert Decode certificate. + */ +static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DecodedCert* cert) +{ + if (ssl != NULL) { + /* Reset signatures we have in SSL. */ + ssl->options.haveECDSAsig = 0; + ssl->options.haveFalconSig = 0; + ssl->options.haveDilithiumSig = 0; + } + + /* Set which signature we have based on the type in the cert. */ + switch (cert->signatureOID) { + case CTC_SHAwECDSA: + case CTC_SHA256wECDSA: + case CTC_SHA384wECDSA: + case CTC_SHA512wECDSA: + #ifdef HAVE_ED25519 + case CTC_ED25519: + #endif + #ifdef HAVE_ED448 + case CTC_ED448: + #endif + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case CTC_SM3wSM2: + #endif + WOLFSSL_MSG("ECDSA/ED25519/ED448 cert signature"); + if (ssl) { + ssl->options.haveECDSAsig = 1; + } + else if (ctx) { + ctx->haveECDSAsig = 1; + } + break; + #ifdef HAVE_FALCON + case CTC_FALCON_LEVEL1: + case CTC_FALCON_LEVEL5: + WOLFSSL_MSG("Falcon cert signature"); + if (ssl) { + ssl->options.haveFalconSig = 1; + } + else if (ctx) { + ctx->haveFalconSig = 1; + } + break; + #endif + #ifdef HAVE_DILITHIUM + case CTC_DILITHIUM_LEVEL2: + case CTC_DILITHIUM_LEVEL3: + case CTC_DILITHIUM_LEVEL5: + WOLFSSL_MSG("Dilithium cert signature"); + if (ssl) { + ssl->options.haveDilithiumSig = 1; + } + else if (ctx) { + ctx->haveDilithiumSig = 1; + } + break; + #endif + default: + WOLFSSL_MSG("Cert signature not supported"); + break; + } + +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) + /* Set the private key curve OID. */ + if (ssl != NULL) { + ssl->pkCurveOID = cert->pkCurveOID; + } + else if (ctx) { + ctx->pkCurveOID = cert->pkCurveOID; + } + #endif +#ifndef WC_STRICT_SIG + wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID); +#else + /* Set whether ECC is available based on signature available. */ + if (ssl != NULL) { + ssl->options.haveECC = ssl->options.haveECDSAsig; + } + else if (ctx) { + ctx->haveECC = ctx->haveECDSAsig; + } +#endif /* !WC_STRICT_SIG */ +#endif +} + +/* Check key size is valid. + * + * Precondition: ctx or ssl is not NULL. + * + * @param [in] min Minimum key size. + * @param [in] max Maximum key size. + * @param [in] keySz Key size. + * @param [in] err Error value to return when key size is invalid. + * @return 0 on success. + * @return err when verifying and min is less than 0 or key size is invalid. + */ +#define CHECK_KEY_SZ(min, max, keySz, err) \ + (((min) < 0) || ((keySz) < (min)) || ((keySz) > (max))) ? (err) : 0 + +/* Check public key in certificate. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] cert Certificate object. + * @return 0 on success. + * @return Non-zero when an error occurred. + */ +static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DecodedCert* cert, int checkKeySz) +{ + int ret = 0; + byte keyType = 0; + int keySz = 0; +#ifndef NO_RSA + word32 idx; +#endif + + /* Get key size and check unless not verifying. */ + switch (cert->keyOID) { +#ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + case RSAk: + keyType = rsa_sa_algo; + /* Determine RSA key size by parsing public key */ + idx = 0; + ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx, + cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL); + if ((ret == 0) && checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz : + ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E); + } + break; +#endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + keyType = ecc_dsa_sa_algo; + /* Determine ECC key size based on curve */ + #ifdef WOLFSSL_CUSTOM_CURVES + if ((cert->pkCurveOID == 0) && (cert->pkCurveSize != 0)) { + keySz = cert->pkCurveSize; + } + else + #endif + { + keySz = wc_ecc_get_curve_size_from_id(wc_ecc_get_oid( + cert->pkCurveOID, NULL, NULL)); + } + + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz, + ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ECC */ + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case SM2k: + keyType = sm2_sa_algo; + /* Determine ECC key size based on curve */ + keySz = WOLFSSL_SM2_KEY_BITS / 8; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz, + ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED25519 + case ED25519k: + keyType = ed25519_sa_algo; + /* ED25519 is fixed key size */ + keySz = ED25519_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + case ED448k: + keyType = ed448_sa_algo; + /* ED448 is fixed key size */ + keySz = ED448_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED448 */ + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + keyType = falcon_level1_sa_algo; + /* Falcon is fixed key size */ + keySz = FALCON_LEVEL1_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz : + ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz, + FALCON_KEY_SIZE_E); + } + break; + case FALCON_LEVEL5k: + keyType = falcon_level5_sa_algo; + /* Falcon is fixed key size */ + keySz = FALCON_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz : + ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz, + FALCON_KEY_SIZE_E); + } + break; + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) + case DILITHIUM_LEVEL2k: + keyType = dilithium_level2_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL2_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case DILITHIUM_LEVEL3k: + keyType = dilithium_level3_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL3_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case DILITHIUM_LEVEL5k: + keyType = dilithium_level5_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + #endif /* HAVE_DILITHIUM */ + + default: + WOLFSSL_MSG("No key size check done on public key in certificate"); + break; + } + + /* Store the type and key size as there may not be a private key set. */ + if (ssl != NULL) { + ssl->buffers.keyType = keyType; + ssl->buffers.keySz = keySz; + } + else { + ctx->privateKeyType = keyType; + ctx->privateKeySz = keySz; + } + + return ret; +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DecodedCert* cert, int checkKeySz) +{ + int ret = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); + byte keyType = 0; + int keySz = 0; +#ifndef NO_RSA + word32 idx; +#endif + + /* Check alternative key size of cert. */ + switch (cert->sapkiOID) { + /* No OID set. */ + case 0: + if (cert->sapkiLen != 0) { + /* Have the alternative key data but no OID. */ + ret = NOT_COMPILED_IN; + } + break; + +#ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + case RSAk: + keyType = rsa_sa_algo; + /* Determine RSA key size by parsing public key */ + idx = 0; + ret = wc_RsaPublicKeyDecode_ex(cert->sapkiDer, &idx, + cert->sapkiLen, NULL, (word32*)&keySz, NULL, NULL); + if ((ret == 0) && checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz : + ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E); + } + break; +#endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + { + #ifdef WOLFSSL_SMALL_STACK + ecc_key* temp_key = NULL; + #else + ecc_key temp_key[1]; + #endif + keyType = ecc_dsa_sa_algo; + + #ifdef WOLFSSL_SMALL_STACK + temp_key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, + DYNAMIC_TYPE_ECC); + if (temp_key == NULL) { + ret = MEMORY_E; + } + #endif + + /* Determine ECC key size. We have to decode the sapki for + * that. */ + if (ret == 0) { + ret = wc_ecc_init_ex(temp_key, heap, INVALID_DEVID); + if (ret == 0) { + idx = 0; + ret = wc_EccPublicKeyDecode(cert->sapkiDer, &idx, temp_key, + cert->sapkiLen); + if (ret == 0) { + keySz = wc_ecc_size(temp_key); + } + wc_ecc_free(temp_key); + } + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(temp_key, heap, DYNAMIC_TYPE_ECC); + #endif + + if ((ret == 0) && checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz, + ECC_KEY_SIZE_E); + } + break; + } + #endif /* HAVE_ECC */ + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case SM2k: + keyType = sm2_sa_algo; + /* Determine ECC key size based on curve */ + keySz = WOLFSSL_SM2_KEY_BITS / 8; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz, + ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED25519 + case ED25519k: + keyType = ed25519_sa_algo; + /* ED25519 is fixed key size */ + keySz = ED25519_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + case ED448k: + keyType = ed448_sa_algo; + /* ED448 is fixed key size */ + keySz = ED448_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz : + ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E); + } + break; + #endif /* HAVE_ED448 */ + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + keyType = falcon_level1_sa_algo; + /* Falcon is fixed key size */ + keySz = FALCON_LEVEL1_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz : + ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz, + FALCON_KEY_SIZE_E); + } + break; + case FALCON_LEVEL5k: + keyType = falcon_level5_sa_algo; + /* Falcon is fixed key size */ + keySz = FALCON_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz : + ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz, + FALCON_KEY_SIZE_E); + } + break; + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) + case DILITHIUM_LEVEL2k: + keyType = dilithium_level2_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL2_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case DILITHIUM_LEVEL3k: + keyType = dilithium_level3_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL3_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case DILITHIUM_LEVEL5k: + keyType = dilithium_level5_sa_algo; + /* Dilithium is fixed key size */ + keySz = DILITHIUM_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + #endif /* HAVE_DILITHIUM */ + + default: + /* In this case, there was an OID that we didn't recognize. + * This is an error. Use not compiled in because likely the + * given algorithm was not enabled. */ + ret = NOT_COMPILED_IN; + WOLFSSL_MSG("No alt key size check done on certificate"); + break; + } + + if (ssl != NULL) { + ssl->buffers.altKeyType = (byte)keyType; + ssl->buffers.altKeySz = keySz; + } + else if (ctx != NULL) { + ctx->altPrivateKeyType = (byte)keyType; + ctx->altPrivateKeySz = keySz; + } + + return ret; +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + +/* Parse the certificate and pull out information for TLS handshake. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoded X509 certificate. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return WOLFSSL_BAD_FILE when decoding certificate fails. + */ +static int ProcessBufferCert(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der) +{ + int ret = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); +#if defined(HAVE_RPK) + RpkState* rpkState = ssl ? &ssl->options.rpkState : &ctx->rpkState; +#endif +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert; +#else + DecodedCert cert[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for certificate to be decoded into. */ + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) +#endif + { + /* Get device id from SSL context or SSL object. */ + int devId = wolfSSL_CTX_GetDevId(ctx, ssl); + + WOLFSSL_MSG("Checking cert signature type"); + /* Initialize certificate object. */ + InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId); + + /* Decode up to and including public key. */ + if (DecodeToKey(cert, 0) < 0) { + WOLFSSL_MSG("Decode to key failed"); + ret = WOLFSSL_BAD_FILE; + } + if (ret == 0) { + int checkKeySz = 1; + + #if defined(HAVE_RPK) + /* Store whether the crtificate is a raw public key. */ + rpkState->isRPKLoaded = cert->isRPK; + #endif /* HAVE_RPK */ + + /* Set which private key algorithm we have. */ + ProcessBufferCertSetHave(ctx, ssl, cert); + + /* Don't check if verification is disabled for SSL. */ + if ((ssl != NULL) && ssl->options.verifyNone) { + checkKeySz = 0; + } + /* Don't check if no SSL object verification is disabled for SSL + * context. */ + else if ((ssl == NULL) && ctx->verifyNone) { + checkKeySz = 0; + } + + /* Check public key size. */ + ret = ProcessBufferCertPublicKey(ctx, ssl, cert, checkKeySz); + #ifdef WOLFSSL_DUAL_ALG_CERTS + if (ret == 0) { + ret = ProcessBufferCertAltPublicKey(ctx, ssl, cert, checkKeySz); + } + #endif + } + } + + /* Dispose of dynamic memory in certificate object. */ + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of certificate object. */ + XFREE(cert, heap, DYNAMIC_TYPE_DCERT); +#endif + return ret; +} + +/* Handle storing the DER encoding of the certificate. + * + * Do not free der outside of this function. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] der DER encoded certificate. + * @param [in] type Type of data: + * CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE. + * @param [in] verify What verification to do. + * @return 0 on success. + * @return BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL. + * @return WOLFSSL_BAD_CERTTYPE when data type is not supported. + */ +static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + DerBuffer* der, int type, int verify) +{ + int ret = 0; + + /* CA certificate to verify with. */ + if (type == CA_TYPE) { + /* verify CA unless user set to no verify */ + ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify); + if (ret == 1) { + ret = 0; + } + } +#ifdef WOLFSSL_TRUST_PEER_CERT + /* Trusted certificate to verify peer with. */ + else if (type == TRUSTED_PEER_TYPE) { + WOLFSSL_CERT_MANAGER* cm; + + /* Get certificate manager to add certificate to. */ + if (ctx != NULL) { + cm = ctx->cm; + } + else { + SSL_CM_WARNING(ssl); + cm = SSL_CM(ssl); + } + /* Add certificate as a trusted peer. */ + ret = AddTrustedPeer(cm, &der, verify); + if (ret != 1) { + WOLFSSL_MSG("Error adding trusted peer"); + } + } +#endif /* WOLFSSL_TRUST_PEER_CERT */ + /* Leaf certificate - our certificate. */ + else if (type == CERT_TYPE) { + if (ssl != NULL) { + /* Free previous certificate if we own it. */ + if (ssl->buffers.weOwnCert) { + FreeDer(&ssl->buffers.certificate); + #ifdef KEEP_OUR_CERT + /* Dispose of X509 version of certificate. */ + wolfSSL_X509_free(ssl->ourCert); + ssl->ourCert = NULL; + #endif + } + /* Store certificate as ours. */ + ssl->buffers.certificate = der; + #ifdef KEEP_OUR_CERT + ssl->keepCert = 1; /* hold cert for ssl lifetime */ + #endif + /* We have to free the certificate buffer. */ + ssl->buffers.weOwnCert = 1; + /* ourCert is created on demand. */ + } + else if (ctx != NULL) { + /* Free previous certificate. */ + FreeDer(&ctx->certificate); /* Make sure previous is free'd */ + #ifdef KEEP_OUR_CERT + /* Dispose of X509 version of certificate if we own it. */ + if (ctx->ownOurCert) { + wolfSSL_X509_free(ctx->ourCert); + } + ctx->ourCert = NULL; + #endif + /* Store certificate as ours. */ + ctx->certificate = der; + /* ourCert is created on demand. */ + } + } + else { + /* Dispose of DER buffer. */ + FreeDer(&der); + /* Not a certificate type supported. */ + ret = WOLFSSL_BAD_CERTTYPE; + } + + return ret; +} + +/* Process certificate based on type. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] buff Buffer holding original data. + * @param [in] sz Size of data in buffer. + * @param [in] der DER encoding of certificate. + * @param [in] format Format of data. + * @param [in] type Type of data: + * CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE. + * @param [in] verify What verification to do. + * @return 0 on success. + * @return WOLFSSL_FATAL_ERROR on failure. + */ +static int ProcessBufferCertTypes(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const unsigned char* buff, long sz, DerBuffer* der, int format, int type, + int verify) +{ + int ret; + + (void)buff; + (void)sz; + (void)format; + + ret = ProcessBufferCertHandleDer(ctx, ssl, der, type, verify); + if ((ret == 0) && (type == CERT_TYPE)) { + /* Process leaf certificate. */ + ret = ProcessBufferCert(ctx, ssl, der); + } +#if !defined(NO_WOLFSSL_CM_VERIFY) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) + /* Hand bad CA or user certificate to callback. */ + if ((ret < 0) && ((type == CA_TYPE) || (type == CERT_TYPE))) { + /* Check for verification callback that may override error. */ + if ((ctx != NULL) && (ctx->cm != NULL) && + (ctx->cm->verifyCallback != NULL)) { + /* Verify and use callback. */ + ret = CM_VerifyBuffer_ex(ctx->cm, buff, sz, format, ret); + /* Convert error. */ + if (ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } + if (ret == 1) { + ret = 0; + } + } + } +#endif /* NO_WOLFSSL_CM_VERIFY */ + + return ret; +} + +/* Reset the cipher suites based on updated private key or certificate. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] type Type of certificate. + * @return 0 on success. + * @return WOLFSSL_FATAL_ERROR when allocation fails. + */ +static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type) +{ + int ret = 0; + + /* Reset suites of SSL object. */ + if (ssl != NULL) { + if (ssl->options.side == WOLFSSL_SERVER_END) { + /* Allocate memory for suites. */ + if (AllocateSuites(ssl) != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* Determine cipher suites based on what we have. */ + InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, + WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH, + ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, + ssl->options.haveStaticECC, ssl->options.haveFalconSig, + ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE, + ssl->options.side); + } + } + } + /* Reset suites of SSL context object. */ + else if ((type == CERT_TYPE) && (ctx->method->side == WOLFSSL_SERVER_END)) { + /* Allocate memory for suites. */ + if (AllocateCtxSuites(ctx) != 0) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* Determine cipher suites based on what we have. */ + InitSuites(ctx->suites, ctx->method->version, ctx->privateKeySz, + WOLFSSL_HAVE_RSA, CTX_HAVE_PSK(ctx), ctx->haveDH, + ctx->haveECDSAsig, ctx->haveECC, TRUE, ctx->haveStaticECC, + ctx->haveFalconSig, ctx->haveDilithiumSig, CTX_USE_ANON(ctx), + TRUE, ctx->method->side); + } + } + + return ret; +} + +#ifndef WOLFSSL_DUAL_ALG_CERTS + /* Determine whether the type is for a private key. */ + #define IS_PRIVKEY_TYPE(type) ((type) == PRIVATEKEY_TYPE) +#else + /* Determine whether the type is for a private key. */ + #define IS_PRIVKEY_TYPE(type) (((type) == PRIVATEKEY_TYPE) || \ + ((type) == ALT_PRIVATEKEY_TYPE)) +#endif + +/* Process a buffer of data. + * + * Data type is a private key or a certificate. + * The format can be ASN.1 (DER) or PEM. + * + * @param [in, out] ctx SSL context object. + * @param [in] buff Buffer holding data. + * @param [in] sz Size of data in buffer. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @param [in] type Type of data: + * CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE, + * PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE. + * @param [in, out] ssl SSL object. + * @param [out] used Number of bytes consumed. + * @param [in[ userChain Whether this certificate is for user's chain. + * @param [in] verify How to verify certificate. + * @return 1 on success. + * @return Less than 1 on failure. + */ +int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, + int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify) +{ + DerBuffer* der = NULL; + int ret = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); +#ifdef WOLFSSL_SMALL_STACK + EncryptedInfo* info = NULL; +#else + EncryptedInfo info[1]; +#endif + int algId = 0; + + WOLFSSL_ENTER("ProcessBuffer"); + + /* Check data format is supported. */ + if ((format != WOLFSSL_FILETYPE_ASN1) && (format != WOLFSSL_FILETYPE_PEM)) { + ret = WOLFSSL_BAD_FILETYPE; + } + /* Need an object to store certificate into. */ + if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) { + ret = BAD_FUNC_ARG; + } + /* CA certificates go into the SSL context object. */ + if ((ret == 0) && (ctx == NULL) && (type == CA_TYPE)) { + ret = BAD_FUNC_ARG; + } + /* This API does not handle CHAIN_CERT_TYPE */ + if ((ret == 0) && (type == CHAIN_CERT_TYPE)) { + ret = BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + /* Allocate memory for encryption information. */ + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap, + DYNAMIC_TYPE_ENCRYPTEDINFO); + if (info == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + /* Initialize encryption information. */ + XMEMSET(info, 0, sizeof(EncryptedInfo)); + #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) + if (ctx != NULL) { + info->passwd_cb = ctx->passwd_cb; + info->passwd_userdata = ctx->passwd_userdata; + } + #endif + + /* Get the DER data for a private key or certificate. */ + ret = DataToDerBuffer(buff, (word32)sz, format, type, info, heap, &der, + &algId); + if (used != NULL) { + /* Update to amount used/consumed. */ + *used = info->consumed; + } + #ifdef WOLFSSL_SMALL_STACK + if (ret != 0) { + /* Info no longer needed as loading failed. */ + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); + } + #endif + } + + if ((ret == 0) && IS_PRIVKEY_TYPE(type)) { + /* Process the private key. */ + ret = ProcessBufferPrivateKey(ctx, ssl, der, format, info, heap, type, + algId); + #ifdef WOLFSSL_SMALL_STACK + /* Info no longer needed - keep max memory usage down. */ + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); + #endif + } + else if (ret == 0) { + /* Processing a cerificate. */ + if (userChain) { + /* Take original buffer and add to user chain to send in TLS + * handshake. */ + ret = ProcessUserChain(ctx, ssl, buff, sz, format, type, used, info, + verify); + /* Additional chain is optional */ + if (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) { + unsigned long pemErr = 0; + CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr); + ret = 0; + } + } + + #ifdef WOLFSSL_SMALL_STACK + /* Info no longer needed - keep max memory usage down. */ + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); + #endif + + if (ret == 0) { + /* Process the different types of certificates. */ + ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type, + verify); + } + else { + FreeDer(&der); + } + } + + /* Reset suites if this is a private key or user certificate. */ + if ((ret == 0) && ((type == PRIVATEKEY_TYPE) || (type == CERT_TYPE))) { + ret = ProcessBufferResetSuites(ctx, ssl, type); + } + + /* Convert return code. */ + if (ret == 0) { + ret = 1; + } + else if (ret == WOLFSSL_FATAL_ERROR) { + ret = 0; + } + WOLFSSL_LEAVE("ProcessBuffer", ret); + return ret; +} + +#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL) +/* Try to parse data as a PEM CRL. + * + * @param [in] ctx SSL context object. + * @param [in] buff Buffer containing potential CRL in PEM format. + * @param [in] sz Amount of data in buffer remaining. + * @param [out] consumed Number of bytes in buffer was the CRL. + * @return 0 on success. + */ +static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff, + long sz, long* consumed) +{ + int ret; + DerBuffer* der = NULL; + EncryptedInfo info; + + WOLFSSL_MSG("Trying a CRL"); + ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, NULL); + if (ret == 0) { + WOLFSSL_MSG(" Processed a CRL"); + wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, der->length, + WOLFSSL_FILETYPE_ASN1); + FreeDer(&der); + *consumed = info.consumed; + } + + return ret; +} +#endif + +/* Process all chain certificates (and CRLs) in the PEM data. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] buff Buffer containing PEM data. + * @param [in] sz Size of data in buffer. + * @param [in] type Type of data. + * @param [in] verify How to verify certificate. + * @return 1 on success. + * @return 0 on failure. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const unsigned char* buff, long sz, int type, int verify) +{ + int ret = 0; + long used = 0; + int gotOne = 0; + + WOLFSSL_MSG("Processing CA PEM file"); + /* Keep processing file while no errors and data to parse. */ + while ((ret >= 0) && (used < sz)) { + long consumed = 0; + + /* Process the buffer. */ + ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM, + type, ssl, &consumed, 0, verify); + /* Memory allocation failure is fatal. */ + if (ret == WC_NO_ERR_TRACE(MEMORY_E)) { + gotOne = 0; + } + /* Other error parsing. */ + else if (ret < 0) { +#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL) + /* Try parsing a CRL. */ + if (ProcessChainBufferCRL(ctx, buff + used, sz - used, + &consumed) == 0) { + ret = 0; + } + else +#endif + /* Check whether we made progress. */ + if (consumed > 0) { + WOLFSSL_ERROR(ret); + WOLFSSL_MSG("CA Parse failed, with progress in file."); + WOLFSSL_MSG("Search for other certs in file"); + /* Check if we have more data to parse to recover. */ + if (used + consumed < sz) { + ret = 0; + } + } + else { + /* No progress in parsing being made - stop here. */ + WOLFSSL_MSG("CA Parse failed, no progress in file."); + WOLFSSL_MSG("Do not continue search for other certs in file"); + } + } + else { + /* Got a certificate out. */ + WOLFSSL_MSG(" Processed a CA"); + gotOne = 1; + } + /* Update used count. */ + used += consumed; + } + + /* May have other unparsable data but did we get a certificate? */ + if (gotOne) { + WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK"); + ret = 1; + } + return ret; +} + + +/* Get verify settings for AddCA from SSL context. */ +#define GET_VERIFY_SETTING_CTX(ctx) \ + ((ctx) && (ctx)->verifyNone ? NO_VERIFY : VERIFY) +/* Get verify settings for AddCA from SSL. */ +#define GET_VERIFY_SETTING_SSL(ssl) \ + ((ssl)->options.verifyNone ? NO_VERIFY : VERIFY) + +#ifndef NO_FILESYSTEM + +/* Process data from a file as private keys, CRL or certificates. + * + * @param [in, out] ctx SSL context object. + * @param [in] fname Name of file to read. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @param [in] type Type of data: + * CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE, + * PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE. + * @param [in, out] ssl SSL object. + * @param [in] userChain Whether file contains chain of certificates. + * @param [in, out] crl CRL object to load data into. + * @param [in] verify How to verify certificates. + * @return 1 on success. + * @return WOLFSSL_BAD_FILE when reading the file fails. + * @return WOLFSSL_BAD_CERTTYPE when unable to detect certificate type. + */ +int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, + WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify) +{ + int ret = 0; +#ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; +#endif + StaticBuffer content; + long sz = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); + + (void)crl; + (void)heap; + +#ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&content); +#else + static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); +#endif + + /* Read file into static buffer. */ + ret = wolfssl_read_file_static(fname, &content, heap, DYNAMIC_TYPE_FILE, + &sz); + if ((ret == 0) && (type == DETECT_CERT_TYPE) && + (format != WOLFSSL_FILETYPE_PEM)) { + WOLFSSL_MSG("Cannot detect certificate type when not PEM"); + ret = WOLFSSL_BAD_CERTTYPE; + } + /* Try to detect type by parsing cert header and footer. */ + if ((ret == 0) && (type == DETECT_CERT_TYPE)) { +#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) + const char* header = NULL; + const char* footer = NULL; + + /* Look for CA header and footer - same as CERT_TYPE. */ + if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { + type = CA_TYPE; + } +#ifdef HAVE_CRL + /* Look for CRL header and footer. */ + else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { + type = CRL_TYPE; + } +#endif + /* Look for cert header and footer - same as CA_TYPE. */ + else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content.buffer, header, (word32)sz) != + NULL)) { + type = CERT_TYPE; + } + else +#endif + { + /* Not a header that we support. */ + WOLFSSL_MSG("Failed to detect certificate type"); + ret = WOLFSSL_BAD_CERTTYPE; + } + } + if (ret == 0) { + /* When CA or trusted peer and PEM - process as a chain buffer. */ + if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) && + (format == WOLFSSL_FILETYPE_PEM)) { + ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type, + verify); + } +#ifdef HAVE_CRL + else if (type == CRL_TYPE) { + /* Load the CRL. */ + ret = BufferLoadCRL(crl, content.buffer, sz, format, verify); + } +#endif +#ifdef WOLFSSL_DUAL_ALG_CERTS + else if (type == PRIVATEKEY_TYPE) { + /* When support for dual algorithm certificates is enabled, the + * private key file may contain both the primary and the + * alternative private key. Hence, we have to parse both of them. + */ + long consumed = 0; + + ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, + &consumed, userChain, verify); + if ((ret == 1) && (consumed < sz)) { + ret = ProcessBuffer(ctx, content.buffer + consumed, + sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, + verify); + } + } +#endif + else { + /* Load all other certificate types. */ + ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, + NULL, userChain, verify); + } + } + + /* Dispose of dynamically allocated data. */ + static_buffer_free(&content, heap, DYNAMIC_TYPE_FILE); + return ret; +} + +#ifndef NO_WOLFSSL_DIR +/* Load file when filename is in the path. + * + * @param [in, out] ctx SSL context object. + * @param [in] name Name of file. + * @param [in] verify How to verify a certificate. + * @param [in] flags Flags representing options for loading. + * @param [in, out] failCount Number of files that failed to load. + * @param [in, out] successCount Number of files successfully loaded. + * @return 1 on success. + * @return Not 1 when loading PEM certificate failed. + */ +static int wolfssl_ctx_load_path_file(WOLFSSL_CTX* ctx, const char* name, + int verify, int flags, int* failCount, int* successCount) +{ + int ret; + + /* Attempt to load file as a CA. */ + ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL, + verify); + if (ret != 1) { + /* When ignoring errors or loading PEM only and no PEM. don't fail. */ + if ((flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) || + ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) && + (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)))) { + unsigned long err = 0; + CLEAR_ASN_NO_PEM_HEADER_ERROR(err); + #if defined(WOLFSSL_QT) + ret = 1; + #endif + } + else { + WOLFSSL_ERROR(ret); + WOLFSSL_MSG("Load CA file failed, continuing"); + /* Add to fail count. */ + (*failCount)++; + } + } + else { + #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) + /* Try loading as a trusted peer certificate. */ + ret = wolfSSL_CTX_trust_peer_cert(ctx, name, WOLFSSL_FILETYPE_PEM); + if (ret != 1) { + WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. " + "Ignoring this error."); + } + #endif + /* Add to success count. */ + (*successCount)++; + } + + return ret; +} + +/* Load PEM formatted CA files from a path. + * + * @param [in, out] ctx SSL context object. + * @param [in] path Path to directory to read. + * @param [in] flags Flags representing options for loading. + * @param [in] verify How to verify a certificate. + * @param [in] successCount Number of files successfully loaded. + * @return 1 on success. + * @return 0 on failure. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path, + word32 flags, int verify, int successCount) +{ + int ret = 1; + char* name = NULL; + int fileRet; + int failCount = 0; +#ifdef WOLFSSL_SMALL_STACK + ReadDirCtx* readCtx; +#else + ReadDirCtx readCtx[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for directory reading context. */ + readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, + DYNAMIC_TYPE_DIRCTX); + if (readCtx == NULL) { + ret = MEMORY_E; + } +#endif + + if (ret == 1) { + /* Get name of first file in path. */ + fileRet = wc_ReadDirFirst(readCtx, path, &name); + /* While getting filename doesn't fail and name returned, process file. + */ + while ((fileRet == 0) && (name != NULL)) { + WOLFSSL_MSG(name); + /* Load file. */ + ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags, + &failCount, &successCount); + /* Get next filenmae. */ + fileRet = wc_ReadDirNext(readCtx, path, &name); + } + /* Cleanup directory reading context. */ + wc_ReadDirClose(readCtx); + + /* When not WOLFSSL_QT, ret is always overwritten. */ + (void)ret; + + /* Return real directory read failure error codes. */ + if (fileRet != WC_READDIR_NOFILE) { + ret = fileRet; + #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH) + /* Ignore bad path error when flag set. */ + if ((ret == WC_NO_ERR_TRACE(BAD_PATH_ERROR)) && + (flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) { + /* QSslSocket always loads certs in system folder + * when it is initialized. + * Compliant with OpenSSL when flag set. + */ + ret = 1; + } + else { + /* qssl socket wants to know errors. */ + WOLFSSL_ERROR(ret); + } + #endif + } + /* Report failure if no files successfully loaded or there were + * failures. */ + else if ((successCount == 0) || (failCount > 0)) { + /* Use existing error code if exists. */ + #if defined(WOLFSSL_QT) + /* Compliant with OpenSSL when flag set. */ + if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) + #endif + { + /* Return 0 when no files loaded. */ + ret = 0; + } + } + else { + /* We loaded something so it is a success. */ + ret = 1; + } + + #ifdef WOLFSSL_SMALL_STACK + /* Dispose of dynamically allocated memory. */ + XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX); + #endif + } + + return ret; +} +#endif + +/* Load a file and/or files in path + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @param [in] flags Flags representing options for loading. + * @return 1 on success. + * @return 0 on failure. + * @return NOT_COMPILED_IN when directory reading not supported and path is + * not NULL. + * @return Other negative on error. + */ +int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, + const char* path, word32 flags) +{ + int ret = 1; +#ifndef NO_WOLFSSL_DIR + int successCount = 0; +#endif + int verify = WOLFSSL_VERIFY_DEFAULT; + + WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex"); + + /* Validate parameters. */ + if ((ctx == NULL) || ((file == NULL) && (path == NULL))) { + ret = 0; + } + + if (ret == 1) { + /* Get setting on how to verify certificates. */ + verify = GET_VERIFY_SETTING_CTX(ctx); + /* Overwrite setting when flag set. */ + if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) { + verify = VERIFY_SKIP_DATE; + } + + if (file != NULL) { + /* Load the PEM formatted CA file. */ + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, + NULL, verify); + #ifndef NO_WOLFSSL_DIR + if (ret == 1) { + /* Include success in overall count. */ + successCount++; + } + #endif + #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) + /* Load CA as a trusted peer certificate. */ + ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM); + if (ret != 1) { + WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error"); + } + #endif + } + } + + if ((ret == 1) && (path != NULL)) { +#ifndef NO_WOLFSSL_DIR + /* Load CA files form path. */ + ret = wolfssl_ctx_load_path(ctx, path, flags, verify, successCount); +#else + /* Loading a path not supported. */ + ret = NOT_COMPILED_IN; + (void)flags; +#endif + } + + return ret; +} + +/* Load a file and/or files in path + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, + const char* path) +{ + /* Load using default flags/options. */ + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + + /* Return 1 on success or 0 on failure. */ + return WS_RETURN_CODE(ret, 0); +} + +/* Load a file and/or files in path, with OpenSSL-compatible semantics. + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file, + const char* path) +{ + /* We want to keep trying to load more CA certs even if one cert in the + * directory is bad and can't be used (e.g. if one is expired), and we + * want to return success if any were successfully loaded (mimicking + * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use + * WOLFSSL_LOAD_FLAG_IGNORE_ERR. OpenSSL (as of v3.3.2) actually + * returns success even if no certs are loaded (e.g. because the + * supplied "path" doesn't exist or access is prohibited), and only + * returns failure if the "file" is non-null and fails to load. + * + * Note that if a file is supplied and can't be successfully loaded, the + * overall call fails and the path is never even evaluated. This is + * consistent with OpenSSL behavior. + */ + + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR); + + /* Return 1 on success or 0 on failure. */ + return WS_RETURN_CODE(ret, 0); +} + +#ifdef WOLFSSL_SYS_CA_CERTS + +#ifdef USE_WINDOWS_API + +/* Load CA certificate from Windows store. + * + * Assumes loaded is 0. + * + * @param [in, out] ctx SSL context object. + * @param [out] loaded Whether CA certificates were loaded. + * @return 1 on success. + * @return 0 on failure. + */ +static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded) +{ + int ret = 1; + word32 i; + HANDLE handle = NULL; + PCCERT_CONTEXT certCtx = NULL; + LPCSTR storeNames[2] = {"ROOT", "CA"}; + HCRYPTPROV_LEGACY hProv = (HCRYPTPROV_LEGACY)NULL; + + if ((ctx == NULL) || (loaded == NULL)) { + ret = 0; + } + + for (i = 0; (ret == 1) && (i < sizeof(storeNames)/sizeof(*storeNames)); + ++i) { + handle = CertOpenSystemStoreA(hProv, storeNames[i]); + if (handle != NULL) { + while ((certCtx = CertEnumCertificatesInStore(handle, certCtx)) + != NULL) { + if (certCtx->dwCertEncodingType == X509_ASN_ENCODING) { + if (ProcessBuffer(ctx, certCtx->pbCertEncoded, + certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1, + CA_TYPE, NULL, NULL, 0, + GET_VERIFY_SETTING_CTX(ctx)) == 1) { + /* + * Set "loaded" as long as we've loaded one CA + * cert. + */ + *loaded = 1; + } + } + } + } + else { + WOLFSSL_MSG_EX("Failed to open cert store %s.", storeNames[i]); + } + + if (handle != NULL && !CertCloseStore(handle, 0)) { + WOLFSSL_MSG_EX("Failed to close cert store %s.", storeNames[i]); + ret = 0; + } + } + + return ret; +} + +#elif defined(__APPLE__) + +#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \ + && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) +/* Manually obtains certificates from the system trust store and loads them + * directly into wolfSSL "the old way". + * + * As of MacOS 14.0 we are still able to use this method to access system + * certificates. Accessibility of this API is indicated by the presence of the + * Security/SecTrustSettings.h header. In the likely event that Apple removes + * access to this API on Macs, this function should be removed and the + * DoAppleNativeCertValidation() routine should be used for all devices. + * + * Assumes loaded is 0. + * + * @param [in, out] ctx SSL context object. + * @param [out] loaded Whether CA certificates were loaded. + * @return 1 on success. + * @return 0 on failure. + */ +static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded) +{ + int ret = 1; + word32 i; + const unsigned int trustDomains[] = { + kSecTrustSettingsDomainUser, + kSecTrustSettingsDomainAdmin, + kSecTrustSettingsDomainSystem + }; + CFArrayRef certs; + OSStatus stat; + CFIndex numCerts; + CFDataRef der; + CFIndex j; + + if ((ctx == NULL) || (loaded == NULL)) { + ret = 0; + } + + for (i = 0; (ret == 1) && (i < sizeof(trustDomains)/sizeof(*trustDomains)); + ++i) { + stat = SecTrustSettingsCopyCertificates( + (SecTrustSettingsDomain)trustDomains[i], &certs); + if (stat == errSecSuccess) { + numCerts = CFArrayGetCount(certs); + for (j = 0; j < numCerts; ++j) { + der = SecCertificateCopyData((SecCertificateRef) + CFArrayGetValueAtIndex(certs, j)); + if (der != NULL) { + if (ProcessBuffer(ctx, CFDataGetBytePtr(der), + CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1, + CA_TYPE, NULL, NULL, 0, + GET_VERIFY_SETTING_CTX(ctx)) == 1) { + /* + * Set "loaded" as long as we've loaded one CA + * cert. + */ + *loaded = 1; + } + + CFRelease(der); + } + } + + CFRelease(certs); + } + else if (stat == errSecNoTrustSettings) { + WOLFSSL_MSG_EX("No trust settings for domain %d, moving to next " + "domain.", trustDomains[i]); + } + else { + WOLFSSL_MSG_EX("SecTrustSettingsCopyCertificates failed with" + " status %d.", stat); + ret = 0; + break; + } + } + + return ret; +} +#endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */ + +#else + +/* Potential system CA certs directories on Linux/Unix distros. */ +static const char* systemCaDirs[] = { +#if defined(__ANDROID__) || defined(ANDROID) + "/system/etc/security/cacerts" /* Android */ +#else + "/etc/ssl/certs", /* Debian, Ubuntu, Gentoo, others */ + "/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */ + "/etc/pki/tls/certs" /* Older RHEL */ +#endif +}; + +/* Get CA directory list. + * + * @param [out] num Number of CA directories. + * @return CA directory list. + * @return NULL when num is NULL. + */ +const char** wolfSSL_get_system_CA_dirs(word32* num) +{ + const char** ret; + + /* Validate parameters. */ + if (num == NULL) { + ret = NULL; + } + else { + ret = systemCaDirs; + *num = sizeof(systemCaDirs)/sizeof(*systemCaDirs); + } + + return ret; +} + +/* Load CA certificate from default system directories. + * + * Assumes loaded is 0. + * + * @param [in, out] ctx SSL context object. + * @param [out] loaded Whether CA certificates were loaded. + * @return 1 on success. + * @return 0 on failure. + */ +static int LoadSystemCaCertsNix(WOLFSSL_CTX* ctx, byte* loaded) { + int ret = 1; + word32 i; + + if ((ctx == NULL) || (loaded == NULL)) { + ret = 0; + } + + for (i = 0; (ret == 1) && (i < sizeof(systemCaDirs)/sizeof(*systemCaDirs)); + ++i) { + WOLFSSL_MSG_EX("Attempting to load system CA certs from %s.", + systemCaDirs[i]); + /* + * We want to keep trying to load more CA certs even if one cert in + * the directory is bad and can't be used (e.g. if one is expired), + * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR. + */ + if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, systemCaDirs[i], + WOLFSSL_LOAD_FLAG_IGNORE_ERR) != 1) { + WOLFSSL_MSG_EX("Failed to load CA certs from %s, trying " + "next possible location.", systemCaDirs[i]); + } + else { + WOLFSSL_MSG_EX("Loaded CA certs from %s.", + systemCaDirs[i]); + *loaded = 1; + /* Stop searching after we've loaded one directory. */ + break; + } + } + + return ret; +} + +#endif + +/* Load CA certificates from system defined locations. + * + * @param [in, out] ctx SSL context object. + * @return 1 on success. + * @return 0 on failure. + * @return WOLFSSL_BAD_PATH when no error but no certificates loaded. + */ +int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx) +{ + int ret; + byte loaded = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_load_system_CA_certs"); + +#ifdef USE_WINDOWS_API + + ret = LoadSystemCaCertsWindows(ctx, &loaded); + +#elif defined(__APPLE__) + +#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \ + && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) + /* As of MacOS 14.0 we are still able to access system certificates and + * load them manually into wolfSSL "the old way". Accessibility of this API + * is indicated by the presence of the Security/SecTrustSettings.h header */ + ret = LoadSystemCaCertsMac(ctx, &loaded); +#elif defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) + /* For other Apple devices, Apple has removed the ability to obtain + * certificates from the trust store, so we can't use wolfSSL's built-in + * certificate validation mechanisms anymore. We instead must call into the + * Security Framework APIs to authenticate peer certificates when received. + * (see src/internal.c:DoAppleNativeCertValidation()). + * Thus, there is no CA "loading" required, but to keep behavior consistent + * with the current API (not using system CA certs unless this function has + * been called), we simply set a flag indicating that the new apple trust + * verification routine should be used later */ + ctx->doAppleNativeCertValidationFlag = 1; + ret = 1; + loaded = 1; + +#if FIPS_VERSION_GE(2,0) /* Gate back to cert 3389 FIPS modules */ +#warning "Cryptographic operations may occur outside the FIPS module boundary" \ + "Please review FIPS claims for cryptography on this Apple device" +#endif /* FIPS_VERSION_GE(2,0) */ + +#else +/* HAVE_SECURITY_SECXXX_H macros are set by autotools or CMake when searching + * system for the required SDK headers. If building with user_settings.h, you + * will need to manually define WOLFSSL_APPLE_NATIVE_CERT_VALIDATION + * and ensure the appropriate Security.framework headers and libraries are + * visible to your compiler */ +#error "WOLFSSL_SYS_CA_CERTS on Apple devices requires Security.framework" \ + " header files to be detected, or a manual override with" \ + " WOLFSSL_APPLE_NATIVE_CERT_VALIDATION" +#endif + +#else + + ret = LoadSystemCaCertsNix(ctx, &loaded); + +#endif + + /* If we didn't fail but didn't load then we error out. */ + if ((ret == 1) && (!loaded)) { + ret = WOLFSSL_BAD_PATH; + } + + WOLFSSL_LEAVE("wolfSSL_CTX_load_system_CA_certs", ret); + + return ret; +} + +#endif /* WOLFSSL_SYS_CA_CERTS */ + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Load a trusted peer certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 when ctx or file is NULL. + */ +int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert"); + + /* Validate parameters. */ + if ((ctx == NULL) || (file == NULL)) { + ret = 0; + } + else { + ret = ProcessFile(ctx, file, format, TRUSTED_PEER_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + } + + return ret; +} + +/* Load a trusted peer certificate into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 when ssl or file is NULL. + */ +int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_trust_peer_cert"); + + /* Validate parameters. */ + if ((ssl == NULL) || (file == NULL)) { + ret = 0; + } + else { + ret = ProcessFile(NULL, file, format, TRUSTED_PEER_TYPE, ssl, 0, NULL, + GET_VERIFY_SETTING_SSL(ssl)); + } + + return ret; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + +#ifdef WOLFSSL_DER_LOAD + +/* Load a CA certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations"); + + /* Validate parameters. */ + if ((ctx == NULL) || (file == NULL)) { + ret = 0; + } + else { + ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + } + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#endif /* WOLFSSL_DER_LOAD */ + + +/* Load a user certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of user certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file"); + + ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + + +/* Load a private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); + + ret = ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +/* Load an alternative private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file"); + + ret = ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + + +/* Load a PEM certificate chain into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of PEM certificate chain file. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) +{ + int ret; + + /* process up to MAX_CHAIN_DEPTH plus subject cert */ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); + + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +/* Load certificate chain into SSL context. + * + * Processes up to MAX_CHAIN_DEPTH plus subject cert. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, + const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); + + ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#endif /* NO_FILESYSTEM */ + +#ifdef OPENSSL_EXTRA + +/* Load a private key into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] pkey EVP private key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_PrivateKey"); + + /* Validate parameters. */ + if ((ssl == NULL) || (pkey == NULL)) { + ret = 0; + } + else { + /* Get DER encoded key data from EVP private key. */ + ret = wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1); + } + + return ret; +} + +/* Load a DER encoded private key in a buffer into SSL. + * + * @param [in] pri Indicates type of private key. Ignored. + * @param [in, out] ssl SSL object. + * @param [in] der Buffer holding DER encoded private key. + * @param [in] derSz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der, + long derSz) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1"); + + (void)pri; + + /* Validate parameters. */ + if ((ssl == NULL) || (der == NULL)) { + ret = 0; + } + else { + ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, + WOLFSSL_FILETYPE_ASN1); + } + + return ret; +} + +/* Load a DER encoded private key in a buffer into SSL context. + * + * @param [in] pri Indicates type of private key. Ignored. + * @param [in, out] ctx SSL context object. + * @param [in] der Buffer holding DER encoded private key. + * @param [in] derSz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, + unsigned char* der, long derSz) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1"); + + (void)pri; + + /* Validate parameters. */ + if ((ctx == NULL) || (der == NULL)) { + ret = 0; + } + else { + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1); + } + + return ret; +} + + +#ifndef NO_RSA +/* Load a DER encoded RSA private key in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] der Buffer holding DER encoded RSA private key. + * @param [in] derSz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1"); + + /* Validate parameters. */ + if ((ssl == NULL) || (der == NULL)) { + ret = 0; + } + else { + ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, + WOLFSSL_FILETYPE_ASN1); + } + + return ret; +} +#endif + +/* Load a certificate into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate"); + + /* Validate parameters. */ + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { + ret = 0; + } + else { + long idx = 0; + + /* Get DER encoded certificate data from X509 object. */ + ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, + WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0, + GET_VERIFY_SETTING_SSL(ssl)); + } + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#endif /* OPENSSL_EXTRA */ + +/* Load a DER encoded certificate in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] der Buffer holding DER encoded certificate. + * @param [in] derSz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, + int derSz) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1"); + + /* Validate parameters. */ + if ((ssl == NULL) || (der == NULL)) { + ret = 0; + } + else { + long idx = 0; + + ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, + ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)); + } + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#ifndef NO_FILESYSTEM + +/* Load a certificate from a file into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +WOLFSSL_ABI +int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate_file"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL, + GET_VERIFY_SETTING_SSL(ssl)); + /* Return 1 on success or 0 on failure. */ + ret = WS_RC(ret); + } + + return ret; +} + + +/* Load a private key from a file into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +WOLFSSL_ABI +int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL, + GET_VERIFY_SETTING_SSL(ssl)); + /* Return 1 on success or 0 on failure. */ + ret = WS_RC(ret); + } + + return ret; +} + + +/* Load a PEM encoded certificate chain from a file into SSL. + * + * Process up to MAX_CHAIN_DEPTH plus subject cert. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of file. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +WOLFSSL_ABI +int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl, + 1, NULL, GET_VERIFY_SETTING_SSL(ssl)); + /* Return 1 on success or 0 on failure. */ + ret = WS_RC(ret); + } + + return ret; +} + +/* Load a certificate chain from a file into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file, + int format) +{ + int ret; + + /* process up to MAX_CHAIN_DEPTH plus subject cert */ + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, NULL, + GET_VERIFY_SETTING_SSL(ssl)); + /* Return 1 on success or 0 on failure. */ + ret = WS_RC(ret); + } + + return ret; +} + +#endif /* !NO_FILESYSTEM */ + +#ifdef OPENSSL_EXTRA + +#ifndef NO_FILESYSTEM +/* Load an RSA private key from a file into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file, + int format) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey_file"); + + return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format); +} + +/* Load an RSA private key from a file into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format) +{ + WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file"); + + return wolfSSL_use_PrivateKey_file(ssl, file, format); +} +#endif /* NO_FILESYSTEM */ + +#endif /* OPENSSL_EXTRA */ + +/* Load a buffer of certificate/s into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding certificate or private key. + * @param [in] sz Length of data in buffer in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @param [in] userChain Whether file contains chain of certificates. + * @param [in] flags Flags representing options for loading. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in, + long sz, int format, int userChain, word32 flags) +{ + int ret; + int verify; + + WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex"); + + /* Get setting on how to verify certificates. */ + verify = GET_VERIFY_SETTING_CTX(ctx); + /* Overwrite setting when flag set. */ + if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) { + verify = VERIFY_SKIP_DATE; + } + + /* When PEM, treat as certificate chain of CA certificates. */ + if (format == WOLFSSL_FILETYPE_PEM) { + ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify); + } + /* When DER, load the CA certificate. */ + else { + ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL, + userChain, verify); + } +#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) + if (ret == 1) { + /* Load certificate/s as trusted peer certificate. */ + ret = wolfSSL_CTX_trust_peer_buffer(ctx, in, sz, format); + } +#endif + + WOLFSSL_LEAVE("wolfSSL_CTX_load_verify_buffer_ex", ret); + return ret; +} + +/* Load a buffer of certificate/s into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding certificate or private key. + * @param [in] sz Length of data in buffer in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, + long sz, int format) +{ + return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); +} + +/* Load a buffer of certificate chain into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding certificate chain. + * @param [in] sz Length of data in buffer in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format) +{ + return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); +} + + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Load a buffer of certificate/s into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding certificate/s. + * @param [in] sz Length of data in buffer in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ctx or in is NULL, or sz is less than zero. + */ +int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, + long sz, int format) +{ + int ret; + int verify; + + WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer"); + + /* Validate parameters. */ + if ((ctx == NULL) || (in == NULL) || (sz < 0)) { + ret = BAD_FUNC_ARG; + } + else { + #if WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY + verify = VERIFY_SKIP_DATE; + #else + verify = GET_VERIFY_SETTING_CTX(ctx); + #endif + + /* When PEM, treat as certificate chain of trusted peer certificates. */ + if (format == WOLFSSL_FILETYPE_PEM) { + ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE, + verify); + } + /* When DER, load the trusted peer certificate. */ + else { + ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL, + NULL, 0, verify); + } + } + + return ret; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + +/* Load a certificate in a buffer into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding certificate. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer"); + ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0, + GET_VERIFY_SETTING_CTX(ctx)); + WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret); + + return ret; +} + +/* Load a private key in a buffer into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding private key. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, + long sz, int format) +{ + int ret; + long consumed = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer"); + + ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed, + 0, GET_VERIFY_SETTING_CTX(ctx)); +#ifdef WOLFSSL_DUAL_ALG_CERTS + if ((ret == 1) && (consumed < sz)) { + /* When support for dual algorithm certificates is enabled, the + * buffer may contain both the primary and the alternative + * private key. Hence, we have to parse both of them. + */ + ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format, + ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + } +#endif + + (void)consumed; + + WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_buffer", ret); + return ret; +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer"); + ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL, + NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret); + + return ret; +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + +#ifdef WOLF_PRIVATE_KEY_ID +/* Load the id of a private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] id Buffer holding id. + * @param [in] sz Size of data in bytes. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id, + long sz, int devId) +{ + int ret = 1; + + /* Dispose of old private key and allocate and copy in id. */ + FreeDer(&ctx->privateKey); + if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE, + ctx->heap) != 0) { + ret = 0; + } + if (ret == 1) { + /* Private key is an id. */ + ctx->privateKeyId = 1; + ctx->privateKeyLabel = 0; + /* Set private key device id to be one passed in or for SSL context. */ + if (devId != INVALID_DEVID) { + ctx->privateKeyDevId = devId; + } + else { + ctx->privateKeyDevId = ctx->devId; + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + /* Set the ID for the alternative key, too. User can still override that + * afterwards. */ + ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); + #endif + } + + return ret; +} + +/* Load the id of a private key into SSL context and set key size. + * + * @param [in, out] ctx SSL context object. + * @param [in] id Buffer holding id. + * @param [in] sz Size of data in bytes. + * @param [in] devId Device identifier. + * @param [in] keySz Size of key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, + long sz, int devId, long keySz) +{ + int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId); + if (ret == 1) { + /* Set the key size which normally is calculated during decoding. */ + ctx->privateKeySz = (int)keySz; + } + + return ret; +} + +/* Load the label name of a private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] label Buffer holding label. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, + int devId) +{ + int ret = 1; + word32 sz = (word32)XSTRLEN(label) + 1; + + /* Dispose of old private key and allocate and copy in label. */ + FreeDer(&ctx->privateKey); + if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz, + PRIVATEKEY_TYPE, ctx->heap) != 0) { + ret = 0; + } + if (ret == 1) { + /* Private key is a label. */ + ctx->privateKeyId = 0; + ctx->privateKeyLabel = 1; + /* Set private key device id to be one passed in or for SSL context. */ + if (devId != INVALID_DEVID) { + ctx->privateKeyDevId = devId; + } + else { + ctx->privateKeyDevId = ctx->devId; + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + /* Set the ID for the alternative key, too. User can still override that + * afterwards. */ + ret = wolfSSL_CTX_use_AltPrivateKey_Label(ctx, label, devId); + #endif + } + + return ret; +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id, + long sz, int devId) +{ + int ret = 1; + + if ((ctx == NULL) || (id == NULL)) { + ret = 0; + } + + if (ret == 1) { + FreeDer(&ctx->altPrivateKey); + if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE, + ctx->heap) != 0) { + ret = 0; + } + } + if (ret == 1) { + XMEMCPY(ctx->altPrivateKey->buffer, id, sz); + ctx->altPrivateKeyId = 1; + if (devId != INVALID_DEVID) { + ctx->altPrivateKeyDevId = devId; + } + else { + ctx->altPrivateKeyDevId = ctx->devId; + } + } + + return ret; +} + +int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, + long sz, int devId, long keySz) +{ + int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); + if (ret == 1) { + ctx->altPrivateKeySz = (word32)keySz; + } + + return ret; +} + +int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, + int devId) +{ + int ret = 1; + word32 sz; + + if ((ctx == NULL) || (label == NULL)) { + ret = 0; + } + + if (ret == 1) { + sz = (word32)XSTRLEN(label) + 1; + FreeDer(&ctx->altPrivateKey); + if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE, + ctx->heap) != 0) { + ret = 0; + } + } + if (ret == 1) { + XMEMCPY(ctx->altPrivateKey->buffer, label, sz); + ctx->altPrivateKeyLabel = 1; + if (devId != INVALID_DEVID) { + ctx->altPrivateKeyDevId = devId; + } + else { + ctx->altPrivateKeyDevId = ctx->devId; + } + } + + return ret; +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ +#endif /* WOLF_PRIVATE_KEY_ID */ + +/* Load a certificate chain in a buffer into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding DER encoded certificate chain. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format"); + return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1, + GET_VERIFY_SETTING_CTX(ctx)); +} + +/* Load a PEM encoded certificate chain in a buffer into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] in Buffer holding DER encoded certificate chain. + * @param [in] sz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz) +{ + return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz, + WOLFSSL_FILETYPE_PEM); +} + +/* Load a user certificate in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] in Buffer holding user certificate. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate_buffer"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0, + GET_VERIFY_SETTING_SSL(ssl)); + } + + return ret; +} + +/* Load a private key in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] in Buffer holding private key. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz, int format) +{ + int ret; + long consumed = 0; + + WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl, + &consumed, 0, GET_VERIFY_SETTING_SSL(ssl)); + #ifdef WOLFSSL_DUAL_ALG_CERTS + if ((ret == 1) && (consumed < sz)) { + /* When support for dual algorithm certificates is enabled, the + * buffer may contain both the primary and the alternative + * private key. Hence, we have to parse both of them. + */ + ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format, + ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); + } + #endif + } + + return ret; +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer"); + ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl, + NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); + WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret); + + return ret; +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + +#ifdef WOLF_PRIVATE_KEY_ID +/* Load the id of a private key into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] id Buffer holding id. + * @param [in] sz Size of data in bytes. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, + long sz, int devId) +{ + int ret = 1; + + /* Dispose of old private key if owned and allocate and copy in id. */ + if (ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif + } + if (AllocCopyDer(&ssl->buffers.key, id, (word32)sz, PRIVATEKEY_TYPE, + ssl->heap) != 0) { + ret = 0; + } + if (ret == 1) { + /* Buffer now ours. */ + ssl->buffers.weOwnKey = 1; + /* Private key is an id. */ + ssl->buffers.keyId = 1; + ssl->buffers.keyLabel = 0; + /* Set private key device id to be one passed in or for SSL. */ + if (devId != INVALID_DEVID) { + ssl->buffers.keyDevId = devId; + } + else { + ssl->buffers.keyDevId = ssl->devId; + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + /* Set the ID for the alternative key, too. User can still override that + * afterwards. */ + ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId); + #endif + } + + return ret; +} + +/* Load the id of a private key into SSL and set key size. + * + * @param [in, out] ssl SSL object. + * @param [in] id Buffer holding id. + * @param [in] sz Size of data in bytes. + * @param [in] devId Device identifier. + * @param [in] keySz Size of key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id, + long sz, int devId, long keySz) +{ + int ret = wolfSSL_use_PrivateKey_Id(ssl, id, sz, devId); + if (ret == 1) { + /* Set the key size which normally is calculated during decoding. */ + ssl->buffers.keySz = (int)keySz; + } + + return ret; +} + +/* Load the label name of a private key into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] label Buffer holding label. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId) +{ + int ret = 1; + word32 sz = (word32)XSTRLEN(label) + 1; + + /* Dispose of old private key if owned and allocate and copy in label. */ + if (ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif + } + if (AllocCopyDer(&ssl->buffers.key, (const byte*)label, (word32)sz, + PRIVATEKEY_TYPE, ssl->heap) != 0) { + ret = 0; + } + if (ret == 1) { + /* Buffer now ours. */ + ssl->buffers.weOwnKey = 1; + /* Private key is a label. */ + ssl->buffers.keyId = 0; + ssl->buffers.keyLabel = 1; + /* Set private key device id to be one passed in or for SSL. */ + if (devId != INVALID_DEVID) { + ssl->buffers.keyDevId = devId; + } + else { + ssl->buffers.keyDevId = ssl->devId; + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + /* Set the label for the alternative key, too. User can still override + * that afterwards. */ + ret = wolfSSL_use_AltPrivateKey_Label(ssl, label, devId); + #endif + } + + return ret; +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, long sz, + int devId) +{ + int ret = 1; + + if ((ssl == NULL) || (id == NULL)) { + ret = 0; + } + + if (ret == 1) { + if (ssl->buffers.weOwnAltKey) { + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + } + if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE, + ssl->heap) == 0) { + ret = 0; + } + } + if (ret == 1) { + XMEMCPY(ssl->buffers.altKey->buffer, id, sz); + ssl->buffers.weOwnAltKey = 1; + ssl->buffers.altKeyId = 1; + if (devId != INVALID_DEVID) { + ssl->buffers.altKeyDevId = devId; + } + else { + ssl->buffers.altKeyDevId = ssl->devId; + } + } + + return ret; +} + +int wolfSSL_use_AltPrivateKey_id(WOLFSSL* ssl, const unsigned char* id, long sz, + int devId, long keySz) +{ + int ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId); + if (ret == 1) { + ssl->buffers.altKeySz = (word32)keySz; + } + + return ret; +} + +int wolfSSL_use_AltPrivateKey_Label(WOLFSSL* ssl, const char* label, int devId) +{ + int ret = 1; + word32 sz; + + if ((ssl == NULL) || (label == NULL)) { + ret = 0; + } + + if (ret == 1) { + sz = (word32)XSTRLEN(label) + 1; + if (ssl->buffers.weOwnAltKey) { + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + } + if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE, + ssl->heap) == 0) { + ret = 0; + } + } + if (ret == 1) { + XMEMCPY(ssl->buffers.altKey->buffer, label, sz); + ssl->buffers.weOwnAltKey = 1; + ssl->buffers.altKeyLabel = 1; + if (devId != INVALID_DEVID) { + ssl->buffers.altKeyDevId = devId; + } + else { + ssl->buffers.altKeyDevId = ssl->devId; + } + } + + return ret; +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ +#endif /* WOLF_PRIVATE_KEY_ID */ + +/* Load a certificate chain in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] in Buffer holding DER encoded certificate chain. + * @param [in] sz Size of data in bytes. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, + const unsigned char* in, long sz, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1, + GET_VERIFY_SETTING_SSL(ssl)); + } + + return ret; +} + +/* Load a PEM encoded certificate chain in a buffer into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] in Buffer holding DER encoded certificate chain. + * @param [in] sz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return Negative on error. + */ +int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz) +{ + return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz, + WOLFSSL_FILETYPE_PEM); +} + +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) +/* Add certificate to chain. + * + * @param [in, out] chain Buffer holding encoded certificate for TLS. + * @param [in] weOwn Indicates we need to free chain if repleced. + * @param [in] cert Buffer holding DER encoded certificate. + * @param [in] certSz Size of DER encoded certificate in bytes. + * @param [in] heap Dynamic memory allocation hint. + * @return 1 on success. + * @return 0 on failure. + */ +static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert, + word32 certSz, void* heap) +{ + int res = 1; + int ret; + DerBuffer* oldChain = *chain; + DerBuffer* newChain = NULL; + word32 len = 0; + + if (oldChain != NULL) { + /* Get length of previous chain. */ + len = oldChain->length; + } + /* Allocate DER buffer bug enough to hold old and new certificates. */ + ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, heap); + if (ret != 0) { + WOLFSSL_MSG("AllocDer error"); + res = 0; + } + + if (res == 1) { + if (oldChain != NULL) { + /* Place old chain in new buffer. */ + XMEMCPY(newChain->buffer, oldChain->buffer, len); + } + /* Append length and DER encoded certificate. */ + c32to24(certSz, newChain->buffer + len); + XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz); + + /* Dispose of old chain if we own it. */ + if (weOwn) { + FreeDer(chain); + } + /* Replace chain. */ + *chain = newChain; + } + + return res; +} +#endif + +#ifdef OPENSSL_EXTRA + +/* Add a certificate to end of chain sent in TLS handshake. + * + * @param [in, out] ctx SSL context. + * @param [in] der Buffer holding DER encoded certificate. + * @param [in] derSz Size of data in buffer. + * @return 1 on success. + * @return 0 on failure. + */ +static int wolfssl_ctx_add_to_chain(WOLFSSL_CTX* ctx, const byte* der, + int derSz) +{ + int res = 1; + int ret; + DerBuffer* derBuffer = NULL; + + /* Create a DER buffer from DER encoding. */ + ret = AllocCopyDer(&derBuffer, der, (word32)derSz, CERT_TYPE, ctx->heap); + if (ret != 0) { + WOLFSSL_MSG("Memory Error"); + res = 0; + } + if (res == 1) { + /* Add a user CA certificate to the certificate manager. */ + res = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA, + GET_VERIFY_SETTING_CTX(ctx)); + if (res != 1) { + res = 0; + } + } + + if (res == 1) { + /* Add chain to DER buffer. */ + res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, ctx->heap); + #ifdef WOLFSSL_TLS13 + /* Update count of certificates. */ + ctx->certChainCnt++; + #endif + } + + return res; +} + +/* Add a certificate to chain sent in TLS handshake. + * + * @param [in, out] ctx SSL context. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) +{ + int ret = 1; + int derSz = 0; + const byte* der = NULL; + + WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert"); + + /* Validate parameters. */ + if ((ctx == NULL) || (x509 == NULL)) { + WOLFSSL_MSG("Bad Argument"); + ret = 0; + } + + if (ret == 1) { + /* Get the DER encoding of the certificate from the X509 object. */ + der = wolfSSL_X509_get_der(x509, &derSz); + /* Validate buffer. */ + if ((der == NULL) || (derSz <= 0)) { + WOLFSSL_MSG("Error getting X509 DER"); + ret = 0; + } + } + + if ((ret == 1) && (ctx->certificate == NULL)) { + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format"); + + /* Process buffer makes first certificate the leaf. */ + ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, + NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx)); + if (ret != 1) { + ret = 0; + } + } + else if (ret == 1) { + /* Add certificate to existing chain. */ + ret = wolfssl_ctx_add_to_chain(ctx, der, derSz); + } + + if (ret == 1) { + /* On success WOLFSSL_X509 memory is responsibility of SSL context. */ + wolfSSL_X509_free(x509); + } + + WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret); + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) +/* Load a certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) +{ + int res = 1; + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate"); + + /* Validate parameters. */ + if ((ctx == NULL) || (x == NULL) || (x->derCert == NULL)) { + WOLFSSL_MSG("Bad parameter"); + res = 0; + } + + if (res == 1) { + /* Replace certificate buffer with one holding the new certificate. */ + FreeDer(&ctx->certificate); + ret = AllocCopyDer(&ctx->certificate, x->derCert->buffer, + x->derCert->length, CERT_TYPE, ctx->heap); + if (ret != 0) { + res = 0; + } + } + +#ifdef KEEP_OUR_CERT + if (res == 1) { + /* Dispose of our certificate if it is ours. */ + if ((ctx->ourCert != NULL) && ctx->ownOurCert) { + wolfSSL_X509_free(ctx->ourCert); + } + #ifndef WOLFSSL_X509_STORE_CERTS + /* Keep a reference to the new certificate. */ + ctx->ourCert = x; + if (wolfSSL_X509_up_ref(x) != 1) { + res = 0; + } + #else + /* Keep a copy of the new certificate. */ + ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, + x->derCert->length, ctx->heap); + if (ctx->ourCert == NULL) { + res = 0; + } + #endif + /* Now own our certificate. */ + ctx->ownOurCert = 1; + } +#endif + + if (res == 1) { + /* Set have options based on public key OID. */ + wolfssl_set_have_from_key_oid(ctx, NULL, x->pubKeyOID); + } + + return res; +} + +/* Add the certificate to the chain in the SSL context and own the X509 object. + * + * @param [in, out] ctx SSL context object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_add0_chain_cert"); + + /* Add certificate to chain and copy or up reference it. */ + ret = wolfSSL_CTX_add1_chain_cert(ctx, x509); + if (ret == 1) { + /* Down reference or free original now as we own certificate. */ + wolfSSL_X509_free(x509); + } + + return ret; +} + +/* Add the certificate to the chain in the SSL context. + * + * X509 object copied or up referenced. + * + * @param [in, out] ctx SSL context object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_add1_chain_cert"); + + /* Validate parameters. */ + if ((ctx == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { + ret = 0; + } + + /* Check if we already have set a certificate. */ + if ((ret == 1) && (ctx->certificate == NULL)) { + /* Use the certificate. */ + ret = wolfSSL_CTX_use_certificate(ctx, x509); + } + /* Increate reference count as we will store it. */ + else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) { + /* Load the DER encoding. */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer, + x509->derCert->length, WOLFSSL_FILETYPE_ASN1); + if (ret == 1) { + /* Add DER encoding to chain. */ + ret = wolfssl_add_to_chain(&ctx->certChain, 1, + x509->derCert->buffer, x509->derCert->length, ctx->heap); + } + /* Store cert in stack to free it later. */ + if ((ret == 1) && (ctx->x509Chain == NULL)) { + /* Create a stack for certificates. */ + ctx->x509Chain = wolfSSL_sk_X509_new_null(); + if (ctx->x509Chain == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_new_null error"); + ret = 0; + } + } + if (ret == 1) { + /* Push the X509 object onto stack. */ + ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509); + } + + if (ret != 1) { + /* Decrease reference count on error as we didn't store it. */ + wolfSSL_X509_free(x509); + } + } + + return WS_RC(ret); +} + +#ifdef KEEP_OUR_CERT +/* Add the certificate to the chain in the SSL and own the X509 object. + * + * @param [in, out] ssl SSL object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_add0_chain_cert"); + + /* Validate parameters. */ + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { + ret = 0; + } + + /* Check if we already have set a certificate. */ + if ((ret == 1) && (ssl->buffers.certificate == NULL)) { + /* Use the certificate. */ + ret = wolfSSL_use_certificate(ssl, x509); + if (ret == 1) { + /* Dispose of old certificate if we own it. */ + if (ssl->buffers.weOwnCert) { + wolfSSL_X509_free(ssl->ourCert); + } + /* Store cert to free it later. */ + ssl->ourCert = x509; + ssl->buffers.weOwnCert = 1; + } + } + else if (ret == 1) { + /* Add DER encoding to chain. */ + ret = wolfssl_add_to_chain(&ssl->buffers.certChain, + ssl->buffers.weOwnCertChain, x509->derCert->buffer, + x509->derCert->length, ssl->heap); + if (ret == 1) { + /* We now own cert chain. */ + ssl->buffers.weOwnCertChain = 1; + /* Create a stack to put certificate into. */ + if (ssl->ourCertChain == NULL) { + ssl->ourCertChain = wolfSSL_sk_X509_new_null(); + if (ssl->ourCertChain == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_new_null error"); + ret = 0; + } + } + } + if (ret == 1) { + /* Push X509 object onto stack to be freed. */ + ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509); + if (ret != 1) { + /* Free it now on error. */ + wolfSSL_X509_free(x509); + } + } + } + return WS_RC(ret); +} + +/* Add the certificate to the chain in the SSL. + * + * X509 object is up referenced. + * + * @param [in, out] ssl SSL object. + * @param [in] x509 X509 certificate object. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_add1_chain_cert"); + + /* Validate parameters. */ + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { + ret = 0; + } + + /* Increase reference count on X509 object before adding. */ + if ((ret == 1) && ((ret == wolfSSL_X509_up_ref(x509)) == 1)) { + /* Add this to the chain. */ + if ((ret = wolfSSL_add0_chain_cert(ssl, x509)) != 1) { + /* Decrease reference count on error as not stored. */ + wolfSSL_X509_free(x509); + } + } + + return ret; +} +#endif /* KEEP_OUR_CERT */ +#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, + WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */ + +#ifdef OPENSSL_EXTRA + +/* Load a private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] pkey EVP private key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); + + /* Validate parameters. */ + if ((ctx == NULL) || (pkey == NULL) || (pkey->pkey.ptr == NULL)) { + ret = 0; + } + + if (ret == 1) { + switch (pkey->type) { + #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + case EVP_PKEY_RSA: + WOLFSSL_MSG("populating RSA key"); + ret = PopulateRSAEvpPkeyDer(pkey); + break; + #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */ + #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) + case EVP_PKEY_DSA: + break; + #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && + * !NO_DSA */ + #ifdef HAVE_ECC + case EVP_PKEY_EC: + WOLFSSL_MSG("populating ECC key"); + ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc); + break; + #endif + default: + ret = 0; + } + } + + if (ret == 1) { + /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, + SSL_FILETYPE_ASN1); + } + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) +/* Load a DER encoded certificate in a buffer into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] der Buffer holding DER encoded certificate. + * @param [in] derSz Size of data in bytes. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, + const unsigned char *der) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); + + /* Validate parameters. */ + if ((ctx == NULL) || (der == NULL)) { + ret = 0; + } + /* Load DER encoded cerificate into SSL context. */ + if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1) != 1)) { + ret = 0; + } + + return ret; +} + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) +/* Load an RSA private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] rsa RSA private key. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ctx or rsa is NULL. + * @return MEMORY_E when dynamic memory allocation fails. + */ +int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) +{ + int ret = 1; + int derSize; + unsigned char* der = NULL; + unsigned char* p; + + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); + + /* Validate parameters. */ + if ((ctx == NULL) || (rsa == NULL)) { + WOLFSSL_MSG("one or more inputs were NULL"); + ret = BAD_FUNC_ARG; + } + + /* Get DER encoding size. */ + if ((ret == 1) && ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, NULL)) <= 0)) { + ret = 0; + } + + if (ret == 1) { + /* Allocate memory to hold DER encoding.. */ + der = (unsigned char*)XMALLOC(derSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("Malloc failure"); + ret = MEMORY_E; + } + } + + if (ret == 1) { + /* Pointer passed in is modified.. */ + p = der; + /* Encode the RSA key as DER into buffer and get size. */ + if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &p)) <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure"); + ret = 0; + } + } + + if (ret == 1) { + /* Load DER encoded cerificate into SSL context. */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize, + SSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure"); + ret = 0; + } + } + + /* Dispos of dynamically allocated data. */ + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif /* WOLFSSL_KEY_GEN && !NO_RSA */ + +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ + +#endif /* !NO_CERTS */ + +#ifdef OPENSSL_EXTRA + +/* Use the default paths to look for CA certificate. + * + * This is an OpenSSL compatibility layer function, but it doesn't mirror + * the exact functionality of its OpenSSL counterpart. We don't support the + * notion of an "OpenSSL directory". This function will attempt to load the + * environment variables SSL_CERT_DIR and SSL_CERT_FILE, if either are + * found, they will be loaded. Otherwise, it will act as a wrapper around + * our native wolfSSL_CTX_load_system_CA_certs function. This function does + * conform to OpenSSL's return value conventions. + * + * @param [in] ctx SSL context object. + * @return 1 on success. + * @return 0 on failure. + * @return WOLFSSL_FATAL_ERROR when using a filesystem is not supported. + */ +int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) +{ + int ret; +#ifdef XGETENV + char* certDir = NULL; + char* certFile = NULL; + word32 flags = 0; +#elif !defined(WOLFSSL_SYS_CA_CERTS) + (void)ctx; +#endif + + WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); + +#ifdef XGETENV + certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); + flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; + + if ((certDir != NULL) || (certFile != NULL)) { + if (certDir != NULL) { + /* We want to keep trying to load more CA certs even if one cert in + * the directory is bad and can't be used (e.g. if one is + * expired), so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR. + */ + flags |= WOLFSSL_LOAD_FLAG_IGNORE_ERR; + } + + /* Load CA certificates from environment variable locations. */ + ret = wolfSSL_CTX_load_verify_locations_ex(ctx, certFile, certDir, + flags); + if (ret != 1) { + WOLFSSL_MSG_EX("Failed to load CA certs from SSL_CERT_FILE: %s" + " SSL_CERT_DIR: %s. Error: %d", certFile, + certDir, ret); + ret = 0; + } + } + else +#endif + + { + #ifdef NO_FILESYSTEM + WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported" + " with NO_FILESYSTEM enabled"); + ret = WOLFSSL_FATAL_ERROR; + #elif defined(WOLFSSL_SYS_CA_CERTS) + /* Load the system CA certificates. */ + ret = wolfSSL_CTX_load_system_CA_certs(ctx); + if (ret == WOLFSSL_BAD_PATH) { + /* OpenSSL doesn't treat the lack of a system CA cert directory as a + * failure. We do the same here. + */ + ret = 1; + } + #else + /* OpenSSL's implementation of this API does not require loading the + system CA cert directory. Allow skipping this without erroring out. */ + ret = 1; + #endif + } + +#ifdef XGETENV + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +#ifndef NO_DH + +/* Set the temporary DH parameters against the SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] p Buffer holding prime. + * @param [in] pSz Length of prime in bytes. + * @param [in] g Buffer holding generator. + * @param [in] gSz Length of generator in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + */ +static int wolfssl_set_tmp_dh(WOLFSSL* ssl, unsigned char* p, int pSz, + unsigned char* g, int gSz) +{ + int ret = 1; + + /* Check the size of the prime meets the requirements of the SSL. */ + if (((word16)pSz < ssl->options.minDhKeySz) || + ((word16)pSz > ssl->options.maxDhKeySz)) { + ret = DH_KEY_SIZE_E; + } + /* Only able to set DH parameters on server. */ + if ((ret == 1) && (ssl->options.side == WOLFSSL_CLIENT_END)) { + ret = SIDE_ERROR; + } + + if (ret == 1) { + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + /* New DH parameters not tested for validity. */ + ssl->options.dhKeyTested = 0; + /* New DH parameters must be tested for validity before use. */ + ssl->options.dhDoKeyTest = 1; + #endif + + /* Dispose of old DH parameters if we own it. */ + if (ssl->buffers.weOwnDH) { + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + } + + /* Assign the buffers and lengths to SSL. */ + ssl->buffers.serverDH_P.buffer = p; + ssl->buffers.serverDH_G.buffer = g; + ssl->buffers.serverDH_P.length = (unsigned int)pSz; + ssl->buffers.serverDH_G.length = (unsigned int)gSz; + /* We own the buffers. */ + ssl->buffers.weOwnDH = 1; + /* We have a DH parameters to use. */ + ssl->options.haveDH = 1; + } + + /* Allocate space for cipher suites. */ + if ((ret == 1) && (AllocateSuites(ssl) != 0)) { + ssl->buffers.serverDH_P.buffer = NULL; + ssl->buffers.serverDH_G.buffer = NULL; + ret = 0; + } + if (ret == 1) { + /* Reset the cipher suites based on having a DH parameters now. */ + InitSuites(ssl->suites, ssl->version, SSL_KEY_SZ(ssl), + WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH, + ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, + ssl->options.haveStaticECC, ssl->options.haveFalconSig, + ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE, + ssl->options.side); + } + + return ret; +} + +/* Set the temporary DH parameters against the SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] p Buffer holding prime. + * @param [in] pSz Length of prime in bytes. + * @param [in] g Buffer holding generator. + * @param [in] gSz Length of generator in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + * @return MEMORY_E when dynamic memory allocation fails. + */ +int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, + const unsigned char* g, int gSz) +{ + int ret = 1; + byte* pAlloc = NULL; + byte* gAlloc = NULL; + + WOLFSSL_ENTER("wolfSSL_SetTmpDH"); + + /* Validate parameters. */ + if ((ssl == NULL) || (p == NULL) || (g == NULL)) { + ret = 0; + } + + if (ret == 1) { + /* Allocate buffers for p and g to be assigned into SSL. */ + pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((pAlloc == NULL) || (gAlloc == NULL)) { + /* Memory will be freed below in the (ret != 1) block */ + ret = MEMORY_E; + } + } + if (ret == 1) { + /* Copy p and g into allocated buffers. */ + XMEMCPY(pAlloc, p, pSz); + XMEMCPY(gAlloc, g, gSz); + /* Set the buffers into SSL. */ + ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz); + } + + if (ret != 1 && ssl != NULL) { + /* Free the allocated buffers if not assigned into SSL. */ + XFREE(pAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(gAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + + WOLFSSL_LEAVE("wolfSSL_SetTmpDH", ret); + return ret; +} + +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) +/* Check the DH parameters is valid. + * + * @param [in] p Buffer holding prime. + * @param [in] pSz Length of prime in bytes. + * @param [in] g Buffer holding generator. + * @param [in] gSz Length of generator in bytes. + * @return 1 on success. + * @return DH_CHECK_PUB_E when p is not a prime. + * @return BAD_FUNC_ARG when p or g is NULL, or pSz or gSz is 0. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g, + int gSz) +{ + WC_RNG rng; + int ret = 0; +#ifndef WOLFSSL_SMALL_STACK + DhKey checkKey[1]; +#else + DhKey *checkKey; +#endif + +#ifdef WOLFSSL_SMALL_STACK + checkKey = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); + if (checkKey == NULL) { + ret = MEMORY_E; + } +#endif + /* Initialize a new random number generator. */ + if ((ret == 0) && ((ret = wc_InitRng(&rng)) == 0)) { + /* Initialize a DH object. */ + if ((ret = wc_InitDhKey(checkKey)) == 0) { + /* Check DH parameters. */ + ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, gSz, NULL, 0, 0, &rng); + /* Dispose of DH object. */ + wc_FreeDhKey(checkKey); + } + /* Dispose of random number generator. */ + wc_FreeRng(&rng); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of dynamically allocated data. */ + XFREE(checkKey, NULL, DYNAMIC_TYPE_DH); +#endif + /* Convert wolfCrypt return code to 1 on success and ret on failure. */ + return WC_TO_WS_RC(ret); +} +#endif + +/* Set the temporary DH parameters against the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] p Buffer holding prime. + * @param [in] pSz Length of prime in bytes. + * @param [in] g Buffer holding generator. + * @param [in] gSz Length of generator in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + * @return BAD_FUNC_ARG when ctx, p or g is NULL. + * @return DH_CHECK_PUB_E when p is not a prime. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int wolfssl_ctx_set_tmp_dh(WOLFSSL_CTX* ctx, unsigned char* p, int pSz, + unsigned char* g, int gSz) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH"); + + /* Check the size of the prime meets the requirements of the SSL context. */ + if (((word16)pSz < ctx->minDhKeySz) || ((word16)pSz > ctx->maxDhKeySz)) { + ret = DH_KEY_SIZE_E; + } + +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + if (ret == 1) { + /* Test DH parameters for validity. */ + ret = wolfssl_check_dh_key(p, pSz, g, gSz); + /* Record as whether tested based on result of validity test. */ + ctx->dhKeyTested = (ret == 1); + } +#endif + + if (ret == 1) { + /* Dispose of old DH parameters. */ + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + /* Assign the buffers and lengths to SSL context. */ + ctx->serverDH_P.buffer = p; + ctx->serverDH_G.buffer = g; + ctx->serverDH_P.length = (unsigned int)pSz; + ctx->serverDH_G.length = (unsigned int)gSz; + /* We have a DH parameters to use. */ + ctx->haveDH = 1; + } + + WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0); + return ret; +} + +/* Set the temporary DH parameters against the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] p Buffer holding prime. + * @param [in] pSz Length of prime in bytes. + * @param [in] g Buffer holding generator. + * @param [in] gSz Length of generator in bytes. + * @return 1 on success. + * @return 0 on failure. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + * @return BAD_FUNC_ARG when ctx, p or g is NULL. + * @return DH_CHECK_PUB_E when p is not a prime. + */ +int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, + const unsigned char* g, int gSz) +{ + int ret = 1; + byte* pAlloc = NULL; + byte* gAlloc = NULL; + + /* Validate parameters. */ + if ((ctx == NULL) || (p == NULL) || (g == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 1) { + /* Allocate buffers for p and g to be assigned into SSL context. */ + pAlloc = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((pAlloc == NULL) || (gAlloc == NULL)) { + ret = MEMORY_E; + } + } + + if (ret == 1) { + /* Copy p and g into allocated buffers. */ + XMEMCPY(pAlloc, p, pSz); + XMEMCPY(gAlloc, g, gSz); + /* Set the buffers into SSL context. */ + ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz); + } + + if ((ret != 1) && (ctx != NULL)) { + /* Free the allocated buffers if not assigned into SSL context. */ + XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + return ret; +} + +#ifdef OPENSSL_EXTRA +/* Set the temporary DH parameters against the SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] dh DH object. + * @return 1 on success. + * @return 0 on failure. + * @return WOLFSSL_FATAL_ERROR on failure. + * @return BAD_FUNC_ARG when ssl or dh is NULL. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + */ +long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) +{ + int ret = 1; + byte* p = NULL; + byte* g = NULL; + int pSz = 0; + int gSz = 0; + + WOLFSSL_ENTER("wolfSSL_set_tmp_dh"); + + /* Validate parameters. */ + if ((ssl == NULL) || (dh == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 1) { + /* Get sizes of p and g. */ + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + /* Validate p and g size. */ + if ((pSz <= 0) || (gSz <= 0)) { + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 1) { + /* Allocate buffers for p and g to be assigned into SSL. */ + p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((p == NULL) || (g == NULL)) { + ret = MEMORY_E; + } + } + if (ret == 1) { + /* Encode p and g and get sizes. */ + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + /* Check encoding worked. */ + if ((pSz <= 0) || (gSz <= 0)) { + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Set the buffers into SSL. */ + ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz); + } + + if ((ret != 1) && (ssl != NULL)) { + /* Free the allocated buffers if not assigned into SSL. */ + XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + return ret; +} + +/* Set the temporary DH parameters object against the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] dh DH object. + * @return 1 on success. + * @return 0 on failure. + * @return DH_KEY_SIZE_E when the prime is too short or long. + * @return SIDE_ERROR when the SSL is for a client. + * @return BAD_FUNC_ARG when ctx, p or g is NULL. + * @return DH_CHECK_PUB_E when p is not a prime. + */ +long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) +{ + int ret = 1; + int pSz = 0; + int gSz = 0; + byte* p = NULL; + byte* g = NULL; + + WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh"); + + /* Validate parameters. */ + if ((ctx == NULL) || (dh == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 1) { + /* Get sizes of p and g. */ + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + /* Validate p and g size. */ + if ((pSz <= 0) || (gSz <= 0)) { + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 1) { + /* Allocate buffers for p and g to be assigned into SSL. */ + p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((p == NULL) || (g == NULL)) { + ret = MEMORY_E; + } + } + + if (ret == 1) { + /* Encode p and g and get sizes. */ + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + /* Check encoding worked. */ + if ((pSz < 0) && (gSz < 0)) { + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Set the buffers into SSL context. */ + ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz); + } + + if ((ret != 1) && (ctx != NULL)) { + /* Free the allocated buffers if not assigned into SSL. */ + XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +#ifndef NO_CERTS + +/* Set the temporary DH parameters against the SSL context or SSL. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] buf Buffer holding encoded DH parameters. + * @param [in] sz Size of encoded DH parameters. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + * @return BAD_FUNC_ARG when ctx and ssl NULL or buf is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const unsigned char* buf, long sz, int format) +{ + DerBuffer* der = NULL; + int res = 1; + int ret; + /* p and g size to allocate set to maximum valid size. */ + word32 pSz = MAX_DH_SIZE; + word32 gSz = MAX_DH_SIZE; + byte* p = NULL; + byte* g = NULL; + void* heap = WOLFSSL_HEAP(ctx, ssl); + + /* Validate parameters. */ + if (((ctx == NULL) && (ssl == NULL)) || (buf == NULL)) { + res = BAD_FUNC_ARG; + } + /* Check format is supported. */ + if ((res == 1) && (format != WOLFSSL_FILETYPE_ASN1)) { + if (format != WOLFSSL_FILETYPE_PEM) { + res = WOLFSSL_BAD_FILETYPE; + } + #ifndef WOLFSSL_PEM_TO_DER + else { + res = NOT_COMPILED_IN; + } + #endif + } + + /* PemToDer allocates its own DER buffer. */ + if ((res == 1) && (format != WOLFSSL_FILETYPE_PEM)) { + /* Create an empty DER buffer. */ + ret = AllocDer(&der, 0, DH_PARAM_TYPE, heap); + if (ret == 0) { + /* Assign encoded DH parameters to DER buffer. */ + der->buffer = (byte*)buf; + der->length = (word32)sz; + } + else { + res = ret; + } + } + + if (res == 1) { + /* Allocate enough memory to p and g to support valid use cases. */ + p = (byte*)XMALLOC(pSz, heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC(gSz, heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((p == NULL) || (g == NULL)) { + res = MEMORY_E; + } + } + +#ifdef WOLFSSL_PEM_TO_DER + if ((res == 1) && (format == WOLFSSL_FILETYPE_PEM)) { + /* Convert from PEM to DER. */ + /* Try converting DH parameters from PEM to DER. */ + ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, heap, NULL, NULL); + if (ret < 0) { + /* Otherwise, try converting X9.43 format DH parameters. */ + ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, heap, NULL, NULL); + } + #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + if (ret < 0) { + /* Otherwise, try converting DSA parameters. */ + ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, heap, NULL, NULL); + } + #endif /* WOLFSSL_WPAS && !NO_DSA */ + if (ret < 0) { + /* Return error from conversion. */ + res = ret; + } + } +#endif /* WOLFSSL_PEM_TO_DER */ + + if (res == 1) { + /* Get the p and g from the DER encoded parameters. */ + if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0) { + res = WOLFSSL_BAD_FILETYPE; + } + else if (ssl != NULL) { + /* Set p and g into SSL. */ + res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, gSz); + } + else { + /* Set p and g into SSL context. */ + res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, gSz); + } + } + + /* Dispose of the DER buffer. */ + FreeDer(&der); + if (res != 1) { + /* Free the allocated buffers if not assigned into SSL or context. */ + XFREE(p, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + return res; +} + + +/* Set the temporary DH parameters against the SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] buf Buffer holding encoded DH parameters. + * @param [in] sz Size of encoded DH parameters. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl or buf is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz, + int format) +{ + return ws_ctx_ssl_set_tmp_dh(NULL, ssl, buf, sz, format); +} + + +/* Set the temporary DH parameters against the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] buf Buffer holding encoded DH parameters. + * @param [in] sz Size of encoded DH parameters. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or buf is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf, + long sz, int format) +{ + return ws_ctx_ssl_set_tmp_dh(ctx, NULL, buf, sz, format); +} + +#ifndef NO_FILESYSTEM + +/* Set the temporary DH parameters file against the SSL context or SSL. + * + * @param [in, out] ctx SSL context object. + * @param [in, out] ssl SSL object. + * @param [in] fname Name of file to load. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx and ssl NULL or fname is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +static int ws_ctx_ssl_set_tmp_dh_file(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + const char* fname, int format) +{ + int res = 1; + int ret; +#ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; +#endif + StaticBuffer dhFile; + long sz = 0; + void* heap = WOLFSSL_HEAP(ctx, ssl); + + /* Setup buffer to hold file contents. */ +#ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&dhFile); +#else + static_buffer_init(&dhFile, stackBuffer, FILE_BUFFER_SIZE); +#endif + + /* Validate parameters. */ + if (((ctx == NULL) && (ssl == NULL)) || (fname == NULL)) { + res = BAD_FUNC_ARG; + } + + if (res == 1) { + /* Read file into static buffer. */ + ret = wolfssl_read_file_static(fname, &dhFile, heap, DYNAMIC_TYPE_FILE, + &sz); + if (ret != 0) { + res = ret; + } + } + if (res == 1) { + if (ssl != NULL) { + /* Set encoded DH parameters into SSL. */ + res = wolfSSL_SetTmpDH_buffer(ssl, dhFile.buffer, sz, format); + } + else { + /* Set encoded DH parameters into SSL context. */ + res = wolfSSL_CTX_SetTmpDH_buffer(ctx, dhFile.buffer, sz, format); + } + } + + /* Dispose of any dynamically allocated data. */ + static_buffer_free(&dhFile, heap, DYNAMIC_TYPE_FILE); + return res; +} + +/* Set the temporary DH parameters file against the SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] fname Name of file to load. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl or fname is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format) +{ + return ws_ctx_ssl_set_tmp_dh_file(NULL, ssl, fname, format); +} + + +/* Set the temporary DH parameters file against the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] fname Name of file to load. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or fname is NULL. + * @return NOT_COMPLED_IN when format is PEM but PEM is not supported. + * @return WOLFSSL_BAD_FILETYPE if format is not supported. + */ +int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) +{ + return ws_ctx_ssl_set_tmp_dh_file(ctx, NULL, fname, format); +} + +#endif /* NO_FILESYSTEM */ + +#endif /* NO_CERTS */ + +#endif /* !NO_DH */ + +#endif /* !WOLFSSL_SSL_LOAD_INCLUDED */ + diff --git a/src/ssl_misc.c b/src/ssl_misc.c index 9bc42ddd9b..38fa511467 100644 --- a/src/ssl_misc.c +++ b/src/ssl_misc.c @@ -1,6 +1,6 @@ /* ssl_misc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,6 +24,8 @@ #endif #include +#include +#include #if !defined(WOLFSSL_SSL_MISC_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -54,7 +56,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data) char* p; /* Allocate buffer to hold a chunk of data. */ - mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { WOLFSSL_ERROR_MSG("Memory allocation error"); ret = MEMORY_E; @@ -86,8 +88,8 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data) } else { /* No space left for more data to be read - add a chunk. */ - p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, bio->heap, - DYNAMIC_TYPE_OPENSSL); + p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { sz = MEMORY_E; break; @@ -103,7 +105,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data) } if ((sz < 0) || (ret == 0)) { /* Dispose of memory on error or no data read. */ - XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER); mem = NULL; /* Return error. */ ret = sz; @@ -129,14 +131,14 @@ static int wolfssl_read_bio_len(WOLFSSL_BIO* bio, int sz, char** data) char* mem; /* Allocate buffer to hold data. */ - mem = (char*)XMALLOC((size_t)sz, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = (char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { WOLFSSL_ERROR_MSG("Memory allocation error"); ret = MEMORY_E; } else if ((ret = wolfSSL_BIO_read(bio, mem, sz)) != sz) { /* Pending data not read. */ - XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER); mem = NULL; ret = MEMORY_E; } @@ -206,9 +208,7 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz, #endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */ #if (defined(OPENSSL_EXTRA) || defined(PERSIST_CERT_CACHE) || \ - (!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)))) && !defined(WOLFCRYPT_ONLY) && \ - !defined(NO_FILESYSTEM) + !defined(NO_CERTS)) && !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) /* Read all the data from a file. * * @param [in] fp File pointer to read with. @@ -299,5 +299,204 @@ static int wolfssl_read_file(XFILE fp, char** data, int* dataSz) } #endif /* (OPENSSL_EXTRA || PERSIST_CERT_CACHE) && !WOLFCRYPT_ONLY && * !NO_FILESYSTEM */ + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) + +#ifdef WOLFSSL_SMALL_STACK + +/* Buffer and size with no stack buffer. */ +typedef struct { + /* Dynamically allocated buffer. */ + byte* buffer; + /* Size of buffer in bytes. */ + word32 sz; +} StaticBuffer; + +/* Initialize static buffer. + * + * @param [in, out] sb Static buffer. + */ +static void static_buffer_init(StaticBuffer* sb) +{ + sb->buffer = NULL; + sb->sz = 0; +} + +/* Set the size of the buffer. + * + * Can only set size once. + * + * @param [in] sb Static buffer. + * @param [in] len Length required. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of dynamic memory. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap, + int type) +{ + int ret = 0; + + (void)heap; + (void)type; + + sb->buffer = (byte*)XMALLOC(len, heap, type); + if (sb->buffer == NULL) { + ret = MEMORY_E; + } + else { + sb->sz = len; + } + + return ret; +} + +/* Dispose of dynamically allocated buffer. + * + * @param [in] sb Static buffer. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of dynamic memory. + */ +static void static_buffer_free(StaticBuffer* sb, void* heap, int type) +{ + (void)heap; + (void)type; + XFREE(sb->buffer, heap, type); +} + +#else + +/* Buffer and size with stack buffer set and option to dynamically allocate. */ +typedef struct { + /* Stack or heap buffer. */ + byte* buffer; + /* Size of buffer in bytes. */ + word32 sz; + /* Indicates whether the buffer was dynamically allocated. */ + int dyn; +} StaticBuffer; + +/* Initialize static buffer. + * + * @param [in, out] sb Static buffer. + * @param [in] stackBuffer Buffer allocated on the stack. + * @param [in] len Length of stack buffer. + */ +static void static_buffer_init(StaticBuffer* sb, byte* stackBuffer, word32 len) +{ + sb->buffer = stackBuffer; + sb->sz = len; + sb->dyn = 0; +} + +/* Set the size of the buffer. + * + * Pre: Buffer on the stack set with its size. + * Can only set size once. + * + * @param [in] sb Static buffer. + * @param [in] len Length required. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of dynamic memory. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap, + int type) +{ + int ret = 0; + + (void)heap; + (void)type; + + if (len > sb->sz) { + byte* buff = (byte*)XMALLOC(len, heap, type); + if (buff == NULL) { + ret = MEMORY_E; + } + else { + sb->buffer = buff; + sb->sz = len; + sb->dyn = 1; + } + } + + return ret; +} + +/* Dispose of dynamically allocated buffer. + * + * @param [in] sb Static buffer. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of dynamic memory. + */ +static void static_buffer_free(StaticBuffer* sb, void* heap, int type) +{ + (void)heap; + (void)type; + + if (sb->dyn) { + XFREE(sb->buffer, heap, type); + } +} + +#endif /* WOLFSSL_SMALL_STACK */ + +#ifndef NO_FILESYSTEM + +/* Read all the data from a file into content. + * + * @param [in] fname File pointer to read with. + * @param [in, out] content Read data in an allocated buffer. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] type Type of dynamic memory. + * @param [out] size Amount of data read in bytes. + * @return 0 on success. + * @return WOLFSSL_BAD_FILE when reading fails. + * @return MEMORY_E when memory allocation fails. + */ +static int wolfssl_read_file_static(const char* fname, StaticBuffer* content, + void* heap, int type, long* size) +{ + int ret = 0; + XFILE file = XBADFILE; + long sz = 0; + + /* Check filename is usable. */ + if (fname == NULL) { + ret = WOLFSSL_BAD_FILE; + } + /* Open file for reading. */ + if ((ret == 0) && ((file = XFOPEN(fname, "rb")) == XBADFILE)) { + ret = WOLFSSL_BAD_FILE; + } + if (ret == 0) { + /* Get length of file. */ + ret = wolfssl_file_len(file, &sz); + } + if (ret == 0) { + /* Set the buffer to be big enough to hold all data. */ + ret = static_buffer_set_size(content, (word32)sz, heap, type); + } + /* Read data from file. */ + if ((ret == 0) && ((size_t)XFREAD(content->buffer, 1, (size_t)sz, file) != + (size_t)sz)) { + ret = WOLFSSL_BAD_FILE; + } + + /* Close file if opened. */ + if (file != XBADFILE) { + XFCLOSE(file); + } + /* Return size read. */ + *size = sz; + return ret; +} + +#endif /* !NO_FILESYSTEM */ + +#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ + #endif /* !WOLFSSL_SSL_MISC_INCLUDED */ diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c new file mode 100644 index 0000000000..a60a356a8e --- /dev/null +++ b/src/ssl_p7p12.c @@ -0,0 +1,2081 @@ +/* ssl_p7p12.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#if defined(OPENSSL_EXTRA) && (defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) + #include +#endif +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + #include +#endif + +#if !defined(WOLFSSL_SSL_P7P12_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_p7p12.c does not need to be compiled separately from ssl.c + #endif +#else + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) + +/******************************************************************************* + * START OF PKCS7 APIs + ******************************************************************************/ +#ifdef HAVE_PKCS7 + +#ifdef OPENSSL_ALL +PKCS7* wolfSSL_PKCS7_new(void) +{ + WOLFSSL_PKCS7* pkcs7; + int ret = 0; + + pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(WOLFSSL_PKCS7), NULL, + DYNAMIC_TYPE_PKCS7); + if (pkcs7 != NULL) { + XMEMSET(pkcs7, 0, sizeof(WOLFSSL_PKCS7)); + ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID); + } + + if (ret != 0 && pkcs7 != NULL) { + XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7); + pkcs7 = NULL; + } + + return (PKCS7*)pkcs7; +} + +/****************************************************************************** +* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data +* +* RETURNS: +* returns pointer to the PKCS7 structure on success, otherwise returns NULL +*/ +PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void) +{ + byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02}; + PKCS7* pkcs7 = NULL; + + if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL) + return NULL; + pkcs7->contentOID = SIGNED_DATA; + if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) { + if (pkcs7) { + wolfSSL_PKCS7_free(pkcs7); + return NULL; + } + } + return pkcs7; +} + +void wolfSSL_PKCS7_free(PKCS7* pkcs7) +{ + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + + if (p7 != NULL) { + XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); + wc_PKCS7_Free(&p7->pkcs7); + if (p7->certs) + wolfSSL_sk_pop_free(p7->certs, NULL); + XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7); + } +} + +void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7) +{ + wolfSSL_PKCS7_free(p7); + return; +} + +/** + * Convert DER/ASN.1 encoded signedData structure to internal PKCS7 + * structure. Note, does not support detached content. + * + * p7 - pointer to set to address of newly created PKCS7 structure on return + * in - pointer to pointer of DER/ASN.1 data + * len - length of input data, bytes + * + * Returns newly allocated and populated PKCS7 structure or NULL on error. + */ +PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len) +{ + return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0); +} + +/* This internal function is only decoding and setting up the PKCS7 struct. It +* does not verify the PKCS7 signature. +* +* RETURNS: +* returns pointer to a PKCS7 structure on success, otherwise returns NULL +*/ +static PKCS7* wolfSSL_d2i_PKCS7_only(PKCS7** p7, const unsigned char** in, + int len, byte* content, word32 contentSz) +{ + WOLFSSL_PKCS7* pkcs7 = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex"); + + if (in == NULL || *in == NULL || len < 0) + return NULL; + + if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) + return NULL; + + pkcs7->len = len; + pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); + if (pkcs7->data == NULL) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + XMEMCPY(pkcs7->data, *in, pkcs7->len); + + if (content != NULL) { + pkcs7->pkcs7.content = content; + pkcs7->pkcs7.contentSz = contentSz; + } + + if (p7 != NULL) + *p7 = (PKCS7*)pkcs7; + *in += pkcs7->len; + return (PKCS7*)pkcs7; +} + + +/***************************************************************************** +* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len +* into a PKCS7 object. Optionally, accepts a byte buffer of content which +* is stored as the PKCS7 object's content, to support detached signatures. +* @param content The content which is signed, in case the signature is +* detached. Ignored if NULL. +* @param contentSz The size of the passed in content. +* +* RETURNS: +* returns pointer to a PKCS7 structure on success, otherwise returns NULL +*/ +PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len, + byte* content, word32 contentSz) +{ + WOLFSSL_PKCS7* pkcs7 = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex"); + + if (in == NULL || *in == NULL || len < 0) + return NULL; + + pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_d2i_PKCS7_only(p7, in, len, content, + contentSz); + if (pkcs7 != NULL) { + if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) + != 0) { + WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed"); + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + if (p7 != NULL) { + *p7 = NULL; + } + return NULL; + } + } + + return (PKCS7*)pkcs7; +} + + +/** + * This API was added as a helper function for libest. It + * extracts a stack of certificates from the pkcs7 object. + * @param pkcs7 PKCS7 parameter object + * @return WOLFSSL_STACK_OF(WOLFSSL_X509)* + */ +WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) +{ + int i; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_PKCS7_to_stack"); + + if (!p7) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + if (p7->certs) + return p7->certs; + + for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) { + WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i], + p7->pkcs7.certSz[i], pkcs7->heap); + if (!ret) + ret = wolfSSL_sk_X509_new_null(); + if (x509) { + if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) { + wolfSSL_X509_free(x509); + WOLFSSL_MSG("wolfSSL_sk_X509_push error"); + goto error; + } + } + else { + WOLFSSL_MSG("wolfSSL_X509_d2i error"); + goto error; + } + } + + /* Save stack to free later */ + if (p7->certs) + wolfSSL_sk_pop_free(p7->certs, NULL); + p7->certs = ret; + + return ret; +error: + if (ret) { + wolfSSL_sk_pop_free(ret, NULL); + } + return NULL; +} + +/** + * Return stack of signers contained in PKCS7 cert. + * Notes: + * - Currently only PKCS#7 messages with a single signer cert is supported. + * - Returned WOLFSSL_STACK must be freed by caller. + * + * pkcs7 - PKCS7 struct to retrieve signer certs from. + * certs - currently unused + * flags - flags to control function behavior. + * + * Return WOLFSSL_STACK of signers on success, NULL on error. + */ +WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, + int flags) +{ + WOLFSSL_X509* x509 = NULL; + WOLFSSL_STACK* signers = NULL; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + + if (p7 == NULL) + return NULL; + + /* Only PKCS#7 messages with a single cert that is the verifying certificate + * is supported. + */ + if (flags & PKCS7_NOINTERN) { + WOLFSSL_MSG("PKCS7_NOINTERN flag not supported"); + return NULL; + } + + signers = wolfSSL_sk_X509_new_null(); + if (signers == NULL) + return NULL; + + if (wolfSSL_d2i_X509(&x509, (const byte**)&p7->pkcs7.singleCert, + p7->pkcs7.singleCertSz) == NULL) { + wolfSSL_sk_X509_pop_free(signers, NULL); + return NULL; + } + + if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) { + wolfSSL_sk_X509_pop_free(signers, NULL); + return NULL; + } + + (void)certs; + + return signers; +} + +#ifndef NO_BIO + +PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) +{ + WOLFSSL_PKCS7* pkcs7; + int ret; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_bio"); + + if (bio == NULL) + return NULL; + + if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) + return NULL; + + pkcs7->len = wolfSSL_BIO_get_len(bio); + pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); + if (pkcs7->data == NULL) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + + if ((ret = wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len)) <= 0) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + /* pkcs7->len may change if using b64 for example */ + pkcs7->len = ret; + + if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) + != 0) { + WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed"); + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + + if (p7 != NULL) + *p7 = (PKCS7*)pkcs7; + return (PKCS7*)pkcs7; +} + +int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) +{ + byte* output = NULL; + int localBuf = 0; + int len; + WC_RNG rng; + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_i2d_PKCS7"); + + if (!out || !p7) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (!p7->rng) { + if (wc_InitRng(&rng) != 0) { + WOLFSSL_MSG("wc_InitRng error"); + return WOLFSSL_FAILURE; + } + p7->rng = &rng; /* cppcheck-suppress autoVariables + */ + } + + if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) { + WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); + goto cleanup; + } + + if (*out == NULL) { + output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!output) { + WOLFSSL_MSG("malloc error"); + goto cleanup; + } + localBuf = 1; + } + else { + output = *out; + } + + if ((len = wc_PKCS7_EncodeSignedData(p7, output, (word32)len)) < 0) { + WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); + goto cleanup; + } + + ret = len; +cleanup: + if (p7->rng == &rng) { + wc_FreeRng(&rng); + p7->rng = NULL; + } + if (ret == WOLFSSL_FAILURE && localBuf && output) + XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ret != WOLFSSL_FAILURE) + *out = output; + return ret; +} + +int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) +{ + byte* output = NULL; + int len; + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); + + if (!bio || !p7) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error"); + goto cleanup; + } + + if (wolfSSL_BIO_write(bio, output, len) <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + goto cleanup; + } + + ret = WOLFSSL_SUCCESS; +cleanup: + XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +/** + * Creates and returns a PKCS7 signedData structure. + * + * Inner content type is set to DATA to match OpenSSL behavior. + * + * signer - certificate to sign bundle with + * pkey - private key matching signer + * certs - optional additional set of certificates to include + * in - input data to be signed + * flags - optional set of flags to control sign behavior + * + * PKCS7_BINARY - Do not translate input data to MIME canonical + * format (\r\n line endings), thus preventing corruption of + * binary content. + * PKCS7_TEXT - Prepend MIME headers for text/plain to content. + * PKCS7_DETACHED - Set signature detached, omit content from output bundle. + * PKCS7_STREAM - initialize PKCS7 struct for signing, do not read data. + * + * Flags not currently supported: + * PKCS7_NOCERTS - Do not include the signer cert in the output bundle. + * PKCS7_PARTIAL - Allow for PKCS7_sign() to be only partially set up, + * then signers etc to be added separately before + * calling PKCS7_final(). + * + * Returns valid PKCS7 structure pointer, or NULL if an error occurred. + */ +PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags) +{ + int err = 0; + WOLFSSL_PKCS7* p7 = NULL; + WOLFSSL_STACK* cert = certs; + + WOLFSSL_ENTER("wolfSSL_PKCS7_sign"); + + if (flags & PKCS7_NOCERTS) { + WOLFSSL_MSG("PKCS7_NOCERTS flag not yet supported"); + err = 1; + } + + if (flags & PKCS7_PARTIAL) { + WOLFSSL_MSG("PKCS7_PARTIAL flag not yet supported"); + err = 1; + } + + if ((err == 0) && (signer == NULL || signer->derCert == NULL || + signer->derCert->length == 0)) { + WOLFSSL_MSG("Bad function arg, signer is NULL or incomplete"); + err = 1; + } + + if ((err == 0) && (pkey == NULL || pkey->pkey.ptr == NULL || + pkey->pkey_sz <= 0)) { + WOLFSSL_MSG("Bad function arg, pkey is NULL or incomplete"); + err = 1; + } + + if ((err == 0) && (in == NULL) && !(flags & PKCS7_STREAM)) { + WOLFSSL_MSG("input data required unless PKCS7_STREAM used"); + err = 1; + } + + if ((err == 0) && ((p7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)) { + WOLFSSL_MSG("Error allocating new WOLFSSL_PKCS7"); + err = 1; + } + + /* load signer certificate */ + if (err == 0) { + if (wc_PKCS7_InitWithCert(&p7->pkcs7, signer->derCert->buffer, + signer->derCert->length) != 0) { + WOLFSSL_MSG("Failed to load signer certificate"); + err = 1; + } + } + + /* set signer private key, data types, defaults */ + if (err == 0) { + p7->pkcs7.privateKey = (byte*)pkey->pkey.ptr; + p7->pkcs7.privateKeySz = (word32)pkey->pkey_sz; + p7->pkcs7.contentOID = DATA; /* inner content default is DATA */ + p7->pkcs7.hashOID = SHA256h; /* default to SHA-256 hash type */ + p7->type = SIGNED_DATA; /* PKCS7_final switches on type */ + } + + /* add additional chain certs if provided */ + while (cert && (err == 0)) { + if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) { + if (wc_PKCS7_AddCertificate(&p7->pkcs7, + cert->data.x509->derCert->buffer, + cert->data.x509->derCert->length) != 0) { + WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate"); + err = 1; + } + } + cert = cert->next; + } + + if ((err == 0) && (flags & PKCS7_DETACHED)) { + if (wc_PKCS7_SetDetached(&p7->pkcs7, 1) != 0) { + WOLFSSL_MSG("Failed to set signature detached"); + err = 1; + } + } + + if ((err == 0) && (flags & PKCS7_STREAM)) { + /* if streaming, return before finalizing */ + return (PKCS7*)p7; + } + + if ((err == 0) && (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1)) { + WOLFSSL_MSG("Error calling wolfSSL_PKCS7_final"); + err = 1; + } + + if ((err != 0) && (p7 != NULL)) { + wolfSSL_PKCS7_free((PKCS7*)p7); + p7 = NULL; + } + + return (PKCS7*)p7; +} + +#ifdef HAVE_SMIME + +#ifndef MAX_MIME_LINE_LEN + #define MAX_MIME_LINE_LEN 1024 +#endif + +/** + * Copy input BIO to output BIO, but convert all line endings to CRLF (\r\n), + * used by PKCS7_final(). + * + * in - input WOLFSSL_BIO to be converted + * out - output WOLFSSL_BIO to hold copy of in, with line endings adjusted + * + * Return 0 on success, negative on error + */ +static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) +{ + int ret = 0; + int lineLen = 0; + word32 canonLineLen = 0; + char* canonLine = NULL; +#ifdef WOLFSSL_SMALL_STACK + char* line = NULL; +#else + char line[MAX_MIME_LINE_LEN]; +#endif + + if (in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + line = (char*)XMALLOC(MAX_MIME_LINE_LEN, in->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (line == NULL) { + return MEMORY_E; + } +#endif + XMEMSET(line, 0, MAX_MIME_LINE_LEN); + + while ((lineLen = wolfSSL_BIO_gets(in, line, MAX_MIME_LINE_LEN)) > 0) { + + if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') { + canonLineLen = (word32)lineLen; + if ((canonLine = wc_MIME_single_canonicalize( + line, &canonLineLen)) == NULL) { + ret = -1; + break; + } + + /* remove trailing null */ + if (canonLineLen >= 1 && canonLine[canonLineLen-1] == '\0') { + canonLineLen--; + } + + if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) { + ret = -1; + break; + } + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); + canonLine = NULL; + } + else { + /* no line ending in current line, write direct to out */ + if (wolfSSL_BIO_write(out, line, lineLen) < 0) { + ret = -1; + break; + } + } + } + + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); +#ifdef WOLFSSL_SMALL_STACK + XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* HAVE_SMIME */ + +/* Used by both PKCS7_final() and PKCS7_verify() */ +static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; + +/** + * Finalize PKCS7 structure, currently supports signedData only. + * + * Does not generate final bundle (ie: signedData), but finalizes + * the PKCS7 structure in preparation for a output function to be called next. + * + * pkcs7 - initialized PKCS7 structure, populated with signer, etc + * in - input data + * flags - flags to control PKCS7 behavior. Other flags except those noted + * below are ignored: + * + * PKCS7_BINARY - Do not translate input data to MIME canonical + * format (\r\n line endings), thus preventing corruption of + * binary content. + * PKCS7_TEXT - Prepend MIME headers for text/plain to content. + * + * Returns 1 on success, 0 on error + */ +int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags) +{ + int ret = 1; + int memSz = 0; + unsigned char* mem = NULL; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + WOLFSSL_BIO* data = NULL; + + WOLFSSL_ENTER("wolfSSL_PKCS7_final"); + + if (p7 == NULL || in == NULL) { + WOLFSSL_MSG("Bad input args to PKCS7_final"); + ret = 0; + } + + if (ret == 1) { + if ((data = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())) == NULL) { + WOLFSSL_MSG("Error in wolfSSL_BIO_new"); + ret = 0; + } + } + + /* prepend Content-Type header if PKCS7_TEXT */ + if ((ret == 1) && (flags & PKCS7_TEXT)) { + if (wolfSSL_BIO_write(data, contTypeText, + (int)XSTR_SIZEOF(contTypeText)) < 0) { + WOLFSSL_MSG("Error prepending Content-Type header"); + ret = 0; + } + } + + /* convert line endings to CRLF if !PKCS7_BINARY */ + if (ret == 1) { + if (flags & PKCS7_BINARY) { + + /* no CRLF conversion, direct copy content */ + if ((memSz = wolfSSL_BIO_get_len(in)) <= 0) { + ret = 0; + } + if (ret == 1) { + mem = (unsigned char*)XMALLOC(memSz, in->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Failed to allocate memory for input data"); + ret = 0; + } + } + + if (ret == 1) { + if (wolfSSL_BIO_read(in, mem, memSz) != memSz) { + WOLFSSL_MSG("Error reading from input BIO"); + ret = 0; + } + else if (wolfSSL_BIO_write(data, mem, memSz) < 0) { + ret = 0; + } + } + + XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + else { + #ifdef HAVE_SMIME + /* convert content line endings to CRLF */ + if (wolfSSL_BIO_to_MIME_crlf(in, data) != 0) { + WOLFSSL_MSG("Error converting line endings to CRLF"); + ret = 0; + } + else { + p7->pkcs7.contentCRLF = 1; + } + #else + WOLFSSL_MSG("Without PKCS7_BINARY requires wolfSSL to be built " + "with HAVE_SMIME"); + ret = 0; + #endif + } + } + + if ((ret == 1) && ((memSz = wolfSSL_BIO_get_mem_data(data, &mem)) < 0)) { + WOLFSSL_MSG("Error in wolfSSL_BIO_get_mem_data"); + ret = 0; + } + + if (ret == 1) { + XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); + p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7); + if (p7->data == NULL) { + ret = 0; + } + else { + XMEMCPY(p7->data, mem, memSz); + p7->len = memSz; + } + } + + if (ret == 1) { + p7->pkcs7.content = p7->data; + p7->pkcs7.contentSz = (word32)p7->len; + } + + if (data != NULL) { + wolfSSL_BIO_free(data); + } + + return ret; +} + +int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, + WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags) +{ + int i, ret = 0; + unsigned char* mem = NULL; + int memSz = 0; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + int contTypeLen; + WOLFSSL_X509* signer = NULL; + WOLFSSL_STACK* signers = NULL; + + WOLFSSL_ENTER("wolfSSL_PKCS7_verify"); + + if (pkcs7 == NULL) + return WOLFSSL_FAILURE; + + if (in != NULL) { + if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0) + return WOLFSSL_FAILURE; + + p7->pkcs7.content = mem; + p7->pkcs7.contentSz = (word32)memSz; + } + + /* certs is the list of certificates to find the cert with issuer/serial. */ + (void)certs; + /* store is the certificate store to use to verify signer certificate + * associated with the signers. + */ + (void)store; + + ret = wc_PKCS7_VerifySignedData(&p7->pkcs7, p7->data, p7->len); + if (ret != 0) + return WOLFSSL_FAILURE; + + if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) { + /* Verify signer certificates */ + if (store == NULL || store->cm == NULL) { + WOLFSSL_MSG("No store or store certs, but PKCS7_NOVERIFY not set"); + return WOLFSSL_FAILURE; + } + + signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags); + if (signers == NULL) { + WOLFSSL_MSG("No signers found to verify"); + return WOLFSSL_FAILURE; + } + for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) { + signer = wolfSSL_sk_X509_value(signers, i); + + if (wolfSSL_CertManagerVerifyBuffer(store->cm, + signer->derCert->buffer, + signer->derCert->length, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to verify signer certificate"); + wolfSSL_sk_X509_pop_free(signers, NULL); + return WOLFSSL_FAILURE; + } + } + wolfSSL_sk_X509_pop_free(signers, NULL); + } + + if (flags & PKCS7_TEXT) { + /* strip MIME header for text/plain, otherwise error */ + contTypeLen = XSTR_SIZEOF(contTypeText); + if ((p7->pkcs7.contentSz < (word32)contTypeLen) || + (XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) { + WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT"); + return WOLFSSL_FAILURE; + } + p7->pkcs7.content += contTypeLen; + p7->pkcs7.contentSz -= contTypeLen; + } + + if (out != NULL) { + wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); + } + + WOLFSSL_LEAVE("wolfSSL_PKCS7_verify", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} + +/** + * This API was added as a helper function for libest. It + * encodes a stack of certificates to pkcs7 format. + * @param pkcs7 PKCS7 parameter object + * @param certs WOLFSSL_STACK_OF(WOLFSSL_X509)* + * @param out Output bio + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, + WOLFSSL_BIO* out) +{ + int ret; + WOLFSSL_PKCS7* p7; + WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs"); + + if (!pkcs7 || !certs || !out) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + p7 = (WOLFSSL_PKCS7*)pkcs7; + + /* take ownership of certs */ + p7->certs = certs; + /* TODO: takes ownership even on failure below but not on above failure. */ + + if (pkcs7->certList) { + WOLFSSL_MSG("wolfSSL_PKCS7_encode_certs called multiple times on same " + "struct"); + return WOLFSSL_FAILURE; + } + + if (certs) { + /* Save some of the values */ + int hashOID = pkcs7->hashOID; + byte version = pkcs7->version; + + if (!certs->data.x509 || !certs->data.x509->derCert) { + WOLFSSL_MSG("Missing cert"); + return WOLFSSL_FAILURE; + } + + if (wc_PKCS7_InitWithCert(pkcs7, certs->data.x509->derCert->buffer, + certs->data.x509->derCert->length) != 0) { + WOLFSSL_MSG("wc_PKCS7_InitWithCert error"); + return WOLFSSL_FAILURE; + } + certs = certs->next; + + pkcs7->hashOID = hashOID; + pkcs7->version = version; + } + + /* Add the certs to the PKCS7 struct */ + while (certs) { + if (!certs->data.x509 || !certs->data.x509->derCert) { + WOLFSSL_MSG("Missing cert"); + return WOLFSSL_FAILURE; + } + if (wc_PKCS7_AddCertificate(pkcs7, certs->data.x509->derCert->buffer, + certs->data.x509->derCert->length) != 0) { + WOLFSSL_MSG("wc_PKCS7_AddCertificate error"); + return WOLFSSL_FAILURE; + } + certs = certs->next; + } + + if (wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID) != 0) { + WOLFSSL_MSG("wc_PKCS7_SetSignerIdentifierType error"); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_i2d_PKCS7_bio(out, pkcs7); + + return ret; +} + +/****************************************************************************** +* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO +* +* RETURNS: +* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE +*/ +int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7) +{ +#ifdef WOLFSSL_SMALL_STACK + byte* outputHead; + byte* outputFoot; +#else + byte outputHead[2048]; + byte outputFoot[2048]; +#endif + word32 outputHeadSz = 2048; + word32 outputFootSz = 2048; + word32 outputSz = 0; + byte* output = NULL; + byte* pem = NULL; + int pemSz = -1; + enum wc_HashType hashType; + byte hashBuf[WC_MAX_DIGEST_SIZE]; + word32 hashSz = -1; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7"); + + if (bio == NULL || p7 == NULL) + return WOLFSSL_FAILURE; + +#ifdef WOLFSSL_SMALL_STACK + outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (outputHead == NULL) + return MEMORY_E; + + outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (outputFoot == NULL) + goto error; + +#endif + + XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE); + XMEMSET(outputHead, 0, outputHeadSz); + XMEMSET(outputFoot, 0, outputFootSz); + + hashType = wc_OidGetHash(p7->hashOID); + hashSz = (word32)wc_HashGetDigestSize(hashType); + if (hashSz > WC_MAX_DIGEST_SIZE) + goto error; + + /* only SIGNED_DATA is supported */ + switch (p7->contentOID) { + case SIGNED_DATA: + break; + default: + WOLFSSL_MSG("Unknown PKCS#7 Type"); + goto error; + }; + + if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz, + outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0) + goto error; + + outputSz = outputHeadSz + p7->contentSz + outputFootSz; + output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (!output) + goto error; + + XMEMSET(output, 0, outputSz); + outputSz = 0; + XMEMCPY(&output[outputSz], outputHead, outputHeadSz); + outputSz += outputHeadSz; + XMEMCPY(&output[outputSz], p7->content, p7->contentSz); + outputSz += p7->contentSz; + XMEMCPY(&output[outputSz], outputFoot, outputFootSz); + outputSz += outputFootSz; + + /* get PEM size */ + pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE); + if (pemSz < 0) + goto error; + + pemSz++; /* for '\0'*/ + + /* create PEM buffer and convert from DER to PEM*/ + if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER)) + == NULL) + goto error; + + XMEMSET(pem, 0, pemSz); + + if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL, CERT_TYPE) < 0) { + goto error; + } + if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) { + XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_SMALL_STACK + XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return WOLFSSL_SUCCESS; + } + +error: +#ifdef WOLFSSL_SMALL_STACK + XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; +} + +#ifdef HAVE_SMIME +/***************************************************************************** +* wolfSSL_SMIME_read_PKCS7 - Reads the given S/MIME message and parses it into +* a PKCS7 object. In case of a multipart message, stores the signed data in +* bcont. +* +* RETURNS: +* returns pointer to a PKCS7 structure on success, otherwise returns NULL +*/ +PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, + WOLFSSL_BIO** bcont) +{ + MimeHdr* allHdrs = NULL; + MimeHdr* curHdr = NULL; + MimeParam* curParam = NULL; + int inLen = 0; + byte* bcontMem = NULL; + int bcontMemSz = 0; + int sectionLen = 0; + int ret = -1; + char* section = NULL; + char* canonLine = NULL; + char* canonSection = NULL; + PKCS7* pkcs7 = NULL; + word32 outLen = 0; + word32 canonLineLen = 0; + byte* out = NULL; + byte* outHead = NULL; + + int canonPos = 0; + int lineLen = 0; + int remainLen = 0; + byte isEnd = 0; + size_t canonSize = 0; + size_t boundLen = 0; + char* boundary = NULL; + + static const char kContType[] = "Content-Type"; + static const char kCTE[] = "Content-Transfer-Encoding"; + static const char kMultSigned[] = "multipart/signed"; + static const char kAppPkcsSign[] = "application/pkcs7-signature"; + static const char kAppXPkcsSign[] = "application/x-pkcs7-signature"; + static const char kAppPkcs7Mime[] = "application/pkcs7-mime"; + static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime"; + + WOLFSSL_ENTER("wolfSSL_SMIME_read_PKCS7"); + + if (in == NULL || bcont == NULL) { + goto error; + } + inLen = wolfSSL_BIO_get_len(in); + if (inLen <= 0) { + goto error; + } + remainLen = wolfSSL_BIO_get_len(in); + if (remainLen <= 0) { + goto error; + } + + section = (char*)XMALLOC(remainLen+1, NULL, DYNAMIC_TYPE_PKCS7); + if (section == NULL) { + goto error; + } + lineLen = wolfSSL_BIO_gets(in, section, remainLen); + if (lineLen <= 0) { + goto error; + } + while (isEnd == 0 && remainLen > 0) { + sectionLen += lineLen; + remainLen -= lineLen; + lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], remainLen); + if (lineLen <= 0) { + goto error; + } + /* Line with just newline signals end of headers. */ + if ((lineLen==2 && !XSTRNCMP(§ion[sectionLen], + "\r\n", 2)) || + (lineLen==1 && (section[sectionLen] == '\r' || + section[sectionLen] == '\n'))) { + isEnd = 1; + } + } + section[sectionLen] = '\0'; + ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs); + if (ret < 0) { + WOLFSSL_MSG("Parsing MIME headers failed."); + goto error; + } + isEnd = 0; + section[0] = '\0'; + sectionLen = 0; + + curHdr = wc_MIME_find_header_name(kContType, allHdrs); + if (curHdr && !XSTRNCMP(curHdr->body, kMultSigned, + XSTR_SIZEOF(kMultSigned))) { + curParam = wc_MIME_find_param_attr("protocol", curHdr->params); + if (curParam && (!XSTRNCMP(curParam->value, kAppPkcsSign, + XSTR_SIZEOF(kAppPkcsSign)) || + !XSTRNCMP(curParam->value, kAppXPkcsSign, + XSTR_SIZEOF(kAppXPkcsSign)))) { + curParam = wc_MIME_find_param_attr("boundary", curHdr->params); + if (curParam == NULL) { + goto error; + } + + boundLen = XSTRLEN(curParam->value) + 2; + boundary = (char*)XMALLOC(boundLen+1, NULL, DYNAMIC_TYPE_PKCS7); + if (boundary == NULL) { + goto error; + } + XMEMSET(boundary, 0, (word32)(boundLen+1)); + boundary[0] = boundary[1] = '-'; + XSTRNCPY(&boundary[2], curParam->value, boundLen-2); + + /* Parse up to first boundary, ignore everything here. */ + lineLen = wolfSSL_BIO_gets(in, section, remainLen); + if (lineLen <= 0) { + goto error; + } + while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && + remainLen > 0) { + sectionLen += lineLen; + remainLen -= lineLen; + lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], + remainLen); + if (lineLen <= 0) { + goto error; + } + } + + section[0] = '\0'; + sectionLen = 0; + canonSize = (size_t)remainLen + 1; + canonSection = (char*)XMALLOC(canonSize, NULL, + DYNAMIC_TYPE_PKCS7); + if (canonSection == NULL) { + goto error; + } + + lineLen = wolfSSL_BIO_gets(in, section, remainLen); + if (lineLen < 0) { + goto error; + } + while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && + remainLen > 0) { + canonLineLen = (word32)lineLen; + canonLine = wc_MIME_single_canonicalize(§ion[sectionLen], + &canonLineLen); + if (canonLine == NULL) { + goto error; + } + /* If line endings were added, the initial length may be + * exceeded. */ + if ((canonPos + canonLineLen) >= canonSize) { + canonSize = canonPos + canonLineLen; + canonSection = (char*)XREALLOC(canonSection, canonSize, + NULL, DYNAMIC_TYPE_PKCS7); + if (canonSection == NULL) { + goto error; + } + } + XMEMCPY(&canonSection[canonPos], canonLine, + (int)canonLineLen - 1); + canonPos += canonLineLen - 1; + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); + canonLine = NULL; + + sectionLen += lineLen; + remainLen -= lineLen; + + lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], + remainLen); + if (lineLen <= 0) { + goto error; + } + } + + if (canonPos > 0) { + canonPos--; + } + + /* Strip the final trailing newline. Support \r, \n or \r\n. */ + if (canonSection[canonPos] == '\n') { + if (canonPos > 0) { + canonPos--; + } + } + + if (canonSection[canonPos] == '\r') { + if (canonPos > 0) { + canonPos--; + } + } + + canonSection[canonPos+1] = '\0'; + + *bcont = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ret = wolfSSL_BIO_write(*bcont, canonSection, + canonPos + 1); + if (ret != (canonPos+1)) { + goto error; + } + if ((bcontMemSz = wolfSSL_BIO_get_mem_data(*bcont, &bcontMem)) + < 0) { + goto error; + } + XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); + canonSection = NULL; + + wc_MIME_free_hdrs(allHdrs); + allHdrs = NULL; + section[0] = '\0'; + sectionLen = 0; + lineLen = wolfSSL_BIO_gets(in, section, remainLen); + if (lineLen <= 0) { + goto error; + } + while (isEnd == 0 && remainLen > 0) { + sectionLen += lineLen; + remainLen -= lineLen; + lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], + remainLen); + if (lineLen <= 0) { + goto error; + } + /* Line with just newline signals end of headers. */ + if ((lineLen==2 && !XSTRNCMP(§ion[sectionLen], + "\r\n", 2)) || + (lineLen==1 && (section[sectionLen] == '\r' || + section[sectionLen] == '\n'))) { + isEnd = 1; + } + } + section[sectionLen] = '\0'; + ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs); + if (ret < 0) { + WOLFSSL_MSG("Parsing MIME headers failed."); + goto error; + } + curHdr = wc_MIME_find_header_name(kContType, allHdrs); + if (curHdr == NULL || (XSTRNCMP(curHdr->body, kAppPkcsSign, + XSTR_SIZEOF(kAppPkcsSign)) && + XSTRNCMP(curHdr->body, kAppXPkcsSign, + XSTR_SIZEOF(kAppXPkcsSign)))) { + WOLFSSL_MSG("S/MIME headers not found inside " + "multipart message.\n"); + goto error; + } + + section[0] = '\0'; + sectionLen = 0; + lineLen = wolfSSL_BIO_gets(in, section, remainLen); + while (XSTRNCMP(§ion[sectionLen], boundary, boundLen) && + remainLen > 0) { + sectionLen += lineLen; + remainLen -= lineLen; + lineLen = wolfSSL_BIO_gets(in, §ion[sectionLen], + remainLen); + if (lineLen <= 0) { + goto error; + } + } + + XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7); + boundary = NULL; + } + } + else if (curHdr && (!XSTRNCMP(curHdr->body, kAppPkcs7Mime, + XSTR_SIZEOF(kAppPkcs7Mime)) || + !XSTRNCMP(curHdr->body, kAppXPkcs7Mime, + XSTR_SIZEOF(kAppXPkcs7Mime)))) { + sectionLen = wolfSSL_BIO_get_len(in); + if (sectionLen <= 0) { + goto error; + } + ret = wolfSSL_BIO_read(in, section, sectionLen); + if (ret < 0 || ret != sectionLen) { + WOLFSSL_MSG("Error reading input BIO."); + goto error; + } + } + else { + WOLFSSL_MSG("S/MIME headers not found."); + goto error; + } + + curHdr = wc_MIME_find_header_name(kCTE, allHdrs); + if (curHdr == NULL) { + WOLFSSL_MSG("Content-Transfer-Encoding header not found, " + "assuming base64 encoding."); + } + else if (XSTRNCMP(curHdr->body, "base64", XSTRLEN("base64"))) { + WOLFSSL_MSG("S/MIME encodings other than base64 are not " + "currently supported.\n"); + goto error; + } + + if (section == NULL || sectionLen <= 0) { + goto error; + } + outLen = (word32)((sectionLen*3+3)/4)+1; + out = (byte*)XMALLOC(outLen*sizeof(byte), NULL, DYNAMIC_TYPE_PKCS7); + outHead = out; + if (outHead == NULL) { + goto error; + } + /* Strip trailing newlines. */ + while ((sectionLen > 0) && + (section[sectionLen-1] == '\r' || section[sectionLen-1] == '\n')) { + sectionLen--; + } + section[sectionLen] = '\0'; + ret = Base64_Decode((const byte*)section, (word32)sectionLen, out, &outLen); + if (ret < 0) { + WOLFSSL_MSG("Error base64 decoding S/MIME message."); + goto error; + } + pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, (int)outLen, + bcontMem, (word32)bcontMemSz); + + wc_MIME_free_hdrs(allHdrs); + XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(section, NULL, DYNAMIC_TYPE_PKCS7); + + return pkcs7; + +error: + wc_MIME_free_hdrs(allHdrs); + XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(section, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); + if (bcont) { + wolfSSL_BIO_free(*bcont); + *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */ + } + + return NULL; +} + +/* Convert hash algo OID (from Hash_Sum in asn.h) to SMIME string equivalent. + * Returns hash algorithm string or "unknown" if not found */ +static const char* wolfSSL_SMIME_HashOIDToString(int hashOID) +{ + switch (hashOID) { + case MD5h: + return "md5"; + case SHAh: + return "sha1"; + case SHA224h: + return "sha-224"; + case SHA256h: + return "sha-256"; + case SHA384h: + return "sha-384"; + case SHA512h: + return "sha-512"; + case SHA3_224h: + return "sha3-224"; + case SHA3_384h: + return "sha3-384"; + case SHA3_512h: + return "sha3-512"; + default: + break; + } + + return "unknown"; +} + +/* Convert PKCS#7 type (from PKCS7_TYPES in pkcs7.h) to SMIME string. + * RFC2633 only defines signed-data, enveloped-data, certs-only. + * Returns string on success, NULL on unknown type. */ +static const char* wolfSSL_SMIME_PKCS7TypeToString(int type) +{ + switch (type) { + case SIGNED_DATA: + return "signed-data"; + case ENVELOPED_DATA: + return "enveloped-data"; + default: + break; + } + + return NULL; +} + +/** + * Convert PKCS7 structure to SMIME format, adding necessary headers. + * + * Handles generation of PKCS7 bundle (ie: signedData). PKCS7 structure + * should be set up beforehand with PKCS7_sign/final/etc. Output is always + * Base64 encoded. + * + * out - output BIO for SMIME formatted data to be placed + * pkcs7 - input PKCS7 structure, initialized and set up + * in - input content to be encoded into PKCS7 + * flags - flags to control behavior of PKCS7 generation + * + * Returns 1 on success, 0 or negative on failure + */ +int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in, + int flags) +{ + int i; + int ret = 1; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + byte* p7out = NULL; + int len = 0; + + char boundary[33]; /* 32 chars + \0 */ + byte* sigBase64 = NULL; + word32 sigBase64Len = 0; + const char* p7TypeString = NULL; + + static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + if (out == NULL || p7 == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return 0; + } + + if (in != NULL && (p7->pkcs7.content == NULL || p7->pkcs7.contentSz == 0 || + p7->pkcs7.contentCRLF == 0)) { + /* store and adjust content line endings for CRLF if needed */ + if (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1) { + ret = 0; + } + } + + if (ret > 0) { + /* Generate signedData bundle, DER in output (dynamic) */ + if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7"); + ret = 0; + } + } + + /* Base64 encode signedData bundle */ + if (ret > 0) { + if (Base64_Encode(p7out, (word32)len, NULL, &sigBase64Len) != + WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + ret = 0; + } + else { + sigBase64 = (byte*)XMALLOC(sigBase64Len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (sigBase64 == NULL) { + ret = 0; + } + } + } + + if (ret > 0) { + XMEMSET(sigBase64, 0, sigBase64Len); + if (Base64_Encode(p7out, (word32)len, sigBase64, &sigBase64Len) < 0) { + WOLFSSL_MSG("Error in Base64_Encode of signature"); + ret = 0; + } + } + + /* build up SMIME message */ + if (ret > 0) { + if (flags & PKCS7_DETACHED) { + + /* generate random boundary */ + if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No RNG to use"); + ret = 0; + } + + /* no need to generate random byte for null terminator (size-1) */ + if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary, + sizeof(boundary) - 1 ) != 0)) { + WOLFSSL_MSG("Error in wc_RNG_GenerateBlock"); + ret = 0; + } + + if (ret > 0) { + for (i = 0; i < (int)sizeof(boundary) - 1; i++) { + boundary[i] = + alphanum[boundary[i] % XSTR_SIZEOF(alphanum)]; + } + boundary[sizeof(boundary)-1] = 0; + } + + if (ret > 0) { + /* S/MIME header beginning */ + ret = wolfSSL_BIO_printf(out, + "MIME-Version: 1.0\n" + "Content-Type: multipart/signed; " + "protocol=\"application/x-pkcs7-signature\"; " + "micalg=\"%s\"; " + "boundary=\"----%s\"\n\n" + "This is an S/MIME signed message\n\n" + "------%s\n", + wolfSSL_SMIME_HashOIDToString(p7->pkcs7.hashOID), + boundary, boundary); + } + + if (ret > 0) { + /* S/MIME content */ + ret = wolfSSL_BIO_write(out, + p7->pkcs7.content, p7->pkcs7.contentSz); + } + + if (ret > 0) { + /* S/SMIME header end boundary */ + ret = wolfSSL_BIO_printf(out, + "\n------%s\n", boundary); + } + + if (ret > 0) { + /* Signature and header */ + ret = wolfSSL_BIO_printf(out, + "Content-Type: application/x-pkcs7-signature; " + "name=\"smime.p7s\"\n" + "Content-Transfer-Encoding: base64\n" + "Content-Disposition: attachment; " + "filename=\"smime.p7s\"\n\n" + "%.*s\n" /* Base64 encoded signature */ + "------%s--\n\n", + sigBase64Len, sigBase64, + boundary); + } + } + else { + p7TypeString = wolfSSL_SMIME_PKCS7TypeToString(p7->type); + if (p7TypeString == NULL) { + WOLFSSL_MSG("Unsupported PKCS7 SMIME type"); + ret = 0; + } + + if (ret > 0) { + /* not detached */ + ret = wolfSSL_BIO_printf(out, + "MIME-Version: 1.0\n" + "Content-Disposition: attachment; " + "filename=\"smime.p7m\"\n" + "Content-Type: application/x-pkcs7-mime; " + "smime-type=%s; name=\"smime.p7m\"\n" + "Content-Transfer-Encoding: base64\n\n" + "%.*s\n" /* signature */, + p7TypeString, sigBase64Len, sigBase64); + } + } + } + + XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret > 0) { + return WOLFSSL_SUCCESS; + } + + return WOLFSSL_FAILURE; +} + +#endif /* HAVE_SMIME */ +#endif /* !NO_BIO */ +#endif /* OPENSSL_ALL */ + +#endif /* HAVE_PKCS7 */ +/******************************************************************************* + * END OF PKCS7 APIs + ******************************************************************************/ + +/******************************************************************************* + * START OF PKCS12 APIs + ******************************************************************************/ +#ifdef OPENSSL_EXTRA + +/* no-op function. Was initially used for adding encryption algorithms available + * for PKCS12 */ +void wolfSSL_PKCS12_PBE_add(void) +{ + WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add"); +} + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12 **pkcs12) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); + return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, + PKCS12_TYPE); +} +#endif /* !NO_FILESYSTEM */ + +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_PKCS12) + +#ifdef OPENSSL_EXTRA + +#if !defined(NO_ASN) && !defined(NO_PWDBASED) + +#ifndef NO_BIO +WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) +{ + WC_PKCS12* localPkcs12 = NULL; + unsigned char* mem = NULL; + long memSz; + int ret = -1; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio"); + + if (bio == NULL) { + WOLFSSL_MSG("Bad Function Argument bio is NULL"); + return NULL; + } + + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + return NULL; + } + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + return NULL; + } + + if (mem != NULL) { + localPkcs12 = wc_PKCS12_new_ex(bio->heap); + if (localPkcs12 == NULL) { + WOLFSSL_MSG("Memory error"); + } + } + + if (mem != NULL && localPkcs12 != NULL) { + if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { + ret = wc_d2i_PKCS12(mem, (word32)memSz, localPkcs12); + if (ret < 0) { + WOLFSSL_MSG("Failed to get PKCS12 sequence"); + } + } + else { + WOLFSSL_MSG("Failed to get data from bio struct"); + } + } + + /* cleanup */ + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ret < 0 && localPkcs12 != NULL) { + wc_PKCS12_free(localPkcs12); + localPkcs12 = NULL; + } + if (pkcs12 != NULL) + *pkcs12 = localPkcs12; + + return localPkcs12; +} + +/* Converts the PKCS12 to DER format and outputs it into bio. + * + * bio is the structure to hold output DER + * pkcs12 structure to create DER from + * + * return 1 for success or 0 if an error occurs + */ +int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) +{ + int ret = WOLFSSL_FAILURE; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio"); + + if ((bio != NULL) && (pkcs12 != NULL)) { + word32 certSz = 0; + byte *certDer = NULL; + + certSz = (word32)wc_i2d_PKCS12(pkcs12, &certDer, NULL); + if ((certSz > 0) && (certDer != NULL)) { + if (wolfSSL_BIO_write(bio, certDer, (int)certSz) == (int)certSz) { + ret = WOLFSSL_SUCCESS; + } + } + + XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS); + } + + return ret; +} +#endif /* !NO_BIO */ + +/* Creates a new WC_PKCS12 structure + * + * pass password to use + * name friendlyName to use + * pkey private key to go into PKCS12 bundle + * cert certificate to go into PKCS12 bundle + * ca extra certificates that can be added to bundle. Can be NULL + * keyNID type of encryption to use on the key (-1 means no encryption) + * certNID type of encryption to use on the certificate + * itt number of iterations with encryption + * macItt number of iterations with mac creation + * keyType flag for signature and/or encryption key + * + * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail + */ +WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, int keyNID, + int certNID, int itt, int macItt, int keyType) +{ + WC_PKCS12* pkcs12; + WC_DerCertList* list = NULL; + word32 passSz; + byte* keyDer = NULL; + word32 keyDerSz; + byte* certDer; + int certDerSz; + + WOLFSSL_ENTER("wolfSSL_PKCS12_create"); + + if (pass == NULL || pkey == NULL || cert == NULL) { + WOLFSSL_LEAVE("wolfSSL_PKCS12_create", BAD_FUNC_ARG); + return NULL; + } + passSz = (word32)XSTRLEN(pass); + + keyDer = (byte*)pkey->pkey.ptr; + keyDerSz = (word32)pkey->pkey_sz; + + certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz); + if (certDer == NULL) { + return NULL; + } + + if (ca != NULL) { + unsigned long numCerts = ca->num; + WOLFSSL_STACK* sk = ca; + + while (numCerts > 0 && sk != NULL) { + byte* curDer; + WC_DerCertList* cur; + int curDerSz = 0; + + cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL, + DYNAMIC_TYPE_PKCS); + if (cur == NULL) { + wc_FreeCertList(list, NULL); + return NULL; + } + + curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); + if (curDer == NULL || curDerSz < 0) { + XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); + wc_FreeCertList(list, NULL); + return NULL; + } + + cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS); + if (cur->buffer == NULL) { + XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); + wc_FreeCertList(list, NULL); + return NULL; + } + XMEMCPY(cur->buffer, curDer, curDerSz); + cur->bufferSz = (word32)curDerSz; + cur->next = list; + list = cur; + + sk = sk->next; + numCerts--; + } + } + + pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz, + certDer, (word32)certDerSz, list, keyNID, certNID, itt, macItt, + keyType, NULL); + + if (ca != NULL) { + wc_FreeCertList(list, NULL); + } + + return pkcs12; +} + + +/* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */ +int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, + WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, + WOLF_STACK_OF(WOLFSSL_X509)** ca) +{ + void* heap = NULL; + int ret; + byte* certData = NULL; + word32 certDataSz; + byte* pk = NULL; + word32 pkSz; + WC_DerCertList* certList = NULL; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert *DeCert; +#else + DecodedCert DeCert[1]; +#endif + + WOLFSSL_ENTER("wolfSSL_PKCS12_parse"); + + /* make sure we init return args */ + if (pkey) *pkey = NULL; + if (cert) *cert = NULL; + if (ca) *ca = NULL; + + if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) { + WOLFSSL_MSG("Bad argument value"); + return WOLFSSL_FAILURE; + } + + heap = wc_PKCS12_GetHeap(pkcs12); + + if (ca == NULL) { + ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz, + NULL); + } + else { + ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz, + &certList); + } + if (ret < 0) { + WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret); + return WOLFSSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + DeCert = (DecodedCert *)XMALLOC(sizeof(*DeCert), heap, + DYNAMIC_TYPE_DCERT); + if (DeCert == NULL) { + WOLFSSL_MSG("out of memory"); + return WOLFSSL_FAILURE; + } +#endif + + /* Decode cert and place in X509 stack struct */ + if (certList != NULL) { + WC_DerCertList* current = certList; + + *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC( + sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509); + if (*ca == NULL) { + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + /* Free up WC_DerCertList and move on */ + while (current != NULL) { + WC_DerCertList* next = current->next; + + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); + current = next; + } + ret = WOLFSSL_FAILURE; + goto out; + } + XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509))); + + /* add list of DER certs as X509's to stack */ + while (current != NULL) { + WC_DerCertList* toFree = current; + WOLFSSL_X509* x509; + + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, + DYNAMIC_TYPE_X509); + InitX509(x509, 1, heap); + InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); + if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { + WOLFSSL_MSG("Issue with parsing certificate"); + FreeDecodedCert(DeCert); + wolfSSL_X509_free(x509); + } + else { + if (CopyDecodedToX509(x509, DeCert) != 0) { + WOLFSSL_MSG("Failed to copy decoded cert"); + FreeDecodedCert(DeCert); + wolfSSL_X509_free(x509); + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + /* Free up WC_DerCertList */ + while (current != NULL) { + WC_DerCertList* next = current->next; + + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); + current = next; + } + ret = WOLFSSL_FAILURE; + goto out; + } + FreeDecodedCert(DeCert); + + if (wolfSSL_sk_X509_push(*ca, x509) != 1) { + WOLFSSL_MSG("Failed to push x509 onto stack"); + wolfSSL_X509_free(x509); + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + + /* Free up WC_DerCertList */ + while (current != NULL) { + WC_DerCertList* next = current->next; + + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); + current = next; + } + ret = WOLFSSL_FAILURE; + goto out; + } + } + current = current->next; + XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(toFree, heap, DYNAMIC_TYPE_PKCS); + } + } + + + /* Decode cert and place in X509 struct */ + if (certData != NULL) { + *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, + DYNAMIC_TYPE_X509); + if (*cert == NULL) { + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (ca != NULL) { + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + } + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + ret = WOLFSSL_FAILURE; + goto out; + } + InitX509(*cert, 1, heap); + InitDecodedCert(DeCert, certData, certDataSz, heap); + if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { + WOLFSSL_MSG("Issue with parsing certificate"); + } + if (CopyDecodedToX509(*cert, DeCert) != 0) { + WOLFSSL_MSG("Failed to copy decoded cert"); + FreeDecodedCert(DeCert); + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (ca != NULL) { + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + } + wolfSSL_X509_free(*cert); *cert = NULL; + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + ret = WOLFSSL_FAILURE; + goto out; + } + FreeDecodedCert(DeCert); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); + } + + + /* get key type */ + ret = BAD_STATE_E; + if (pk != NULL) { /* decode key if present */ + *pkey = wolfSSL_EVP_PKEY_new_ex(heap); + if (*pkey == NULL) { + wolfSSL_X509_free(*cert); *cert = NULL; + if (ca != NULL) { + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + ret = WOLFSSL_FAILURE; + goto out; + } + + #ifndef NO_RSA + { + const unsigned char* pt = pk; + if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) != + NULL) { + ret = 0; + } + } + #endif /* NO_RSA */ + + #ifdef HAVE_ECC + if (ret != 0) { /* if is in fail state check if ECC key */ + const unsigned char* pt = pk; + if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) != + NULL) { + ret = 0; + } + } + #endif /* HAVE_ECC */ + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); + if (ret != 0) { /* if is in fail state and no PKEY then fail */ + wolfSSL_X509_free(*cert); *cert = NULL; + if (ca != NULL) { + wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; + } + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + WOLFSSL_MSG("Bad PKCS12 key format"); + ret = WOLFSSL_FAILURE; + goto out; + } + + if (pkey != NULL && *pkey != NULL) { + (*pkey)->save_type = 0; + } + } + + (void)ret; + (void)ca; + + ret = WOLFSSL_SUCCESS; + +out: + +#ifdef WOLFSSL_SMALL_STACK + XFREE(DeCert, heap, DYNAMIC_TYPE_DCERT); +#endif + + return ret; +} + +int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw, + int pswLen) +{ + WOLFSSL_ENTER("wolfSSL_PKCS12_verify_mac"); + + if (!pkcs12) { + return WOLFSSL_FAILURE; + } + + return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, (word32)pswLen) == 0 ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + +#endif /* !NO_ASN && !NO_PWDBASED */ + +#endif /* OPENSSL_EXTRA */ + +#endif /* HAVE_PKCS12 */ +/******************************************************************************* + * END OF PKCS12 APIs + ******************************************************************************/ + +#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ + +#endif /* !WOLFSSL_SSL_P7P12_INCLUDED */ diff --git a/src/ssl_sess.c b/src/ssl_sess.c new file mode 100644 index 0000000000..62caa7a1cd --- /dev/null +++ b/src/ssl_sess.c @@ -0,0 +1,4558 @@ +/* ssl_sess.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#if !defined(WOLFSSL_SSL_SESS_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_sess.c does not need to be compiled separately from ssl.c + #endif +#else + +#ifndef NO_SESSION_CACHE + + /* basic config gives a cache with 33 sessions, adequate for clients and + embedded servers + + TITAN_SESSION_CACHE allows just over 2 million sessions, for servers + with titanic amounts of memory with long session ID timeouts and high + levels of traffic. + + ENABLE_SESSION_CACHE_ROW_LOCK: Allows row level locking for increased + performance with large session caches + + HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load, + allows over 13,000 new sessions per minute or over 200 new sessions per + second + + BIG_SESSION_CACHE yields 20,027 sessions + + MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that + aren't under heavy load, basically allows 200 new sessions per minute + + SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients + or systems where the default of is too much RAM. + SessionCache takes about 2K, ClientCache takes about 3Kbytes + + MICRO_SESSION_CACHE only stores 1 session, good for embedded clients + or systems where memory is at a premium. + SessionCache takes about 400 bytes, ClientCache takes 576 bytes + + default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined) + SessionCache takes about 13K bytes, ClientCache takes 17K bytes + */ + #if defined(TITAN_SESSION_CACHE) + #define SESSIONS_PER_ROW 31 + #define SESSION_ROWS 64937 + #ifndef ENABLE_SESSION_CACHE_ROW_LOCK + #define ENABLE_SESSION_CACHE_ROW_LOCK + #endif + #elif defined(HUGE_SESSION_CACHE) + #define SESSIONS_PER_ROW 11 + #define SESSION_ROWS 5981 + #elif defined(BIG_SESSION_CACHE) + #define SESSIONS_PER_ROW 7 + #define SESSION_ROWS 2861 + #elif defined(MEDIUM_SESSION_CACHE) + #define SESSIONS_PER_ROW 5 + #define SESSION_ROWS 211 + #elif defined(SMALL_SESSION_CACHE) + #define SESSIONS_PER_ROW 2 + #define SESSION_ROWS 3 + #elif defined(MICRO_SESSION_CACHE) + #define SESSIONS_PER_ROW 1 + #define SESSION_ROWS 1 + #else + #define SESSIONS_PER_ROW 3 + #define SESSION_ROWS 11 + #endif + #define INVALID_SESSION_ROW (-1) + + #ifdef NO_SESSION_CACHE_ROW_LOCK + #undef ENABLE_SESSION_CACHE_ROW_LOCK + #endif + + typedef struct SessionRow { + int nextIdx; /* where to place next one */ + int totalCount; /* sessions ever on this row */ +#ifdef SESSION_CACHE_DYNAMIC_MEM + WOLFSSL_SESSION* Sessions[SESSIONS_PER_ROW]; + void* heap; +#else + WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW]; +#endif + + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + /* not included in import/export */ + wolfSSL_RwLock row_lock; + int lock_valid; + #endif + } SessionRow; + #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2)) + + static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS]; + + #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) + static WOLFSSL_GLOBAL word32 PeakSessions; + #endif + + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&(row)->row_lock) + #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); + #else + static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ + static WOLFSSL_GLOBAL int session_lock_valid = 0; + #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) + #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); + #endif + + #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE) + #error ClientCache is required when not using NO_SESSION_CACHE_REF + #endif + + #ifndef NO_CLIENT_CACHE + + #ifndef CLIENT_SESSIONS_MULTIPLIER + #ifdef NO_SESSION_CACHE_REF + #define CLIENT_SESSIONS_MULTIPLIER 1 + #else + /* ClientSession objects are lightweight (compared to + * WOLFSSL_SESSION) so to decrease chance that user will reuse + * the wrong session, increase the ClientCache size. This will + * make the entire ClientCache about the size of one + * WOLFSSL_SESSION object. */ + #define CLIENT_SESSIONS_MULTIPLIER 8 + #endif + #endif + #define CLIENT_SESSIONS_PER_ROW \ + (SESSIONS_PER_ROW * CLIENT_SESSIONS_MULTIPLIER) + #define CLIENT_SESSION_ROWS (SESSION_ROWS * CLIENT_SESSIONS_MULTIPLIER) + + #if CLIENT_SESSIONS_PER_ROW > 65535 + #error CLIENT_SESSIONS_PER_ROW too big + #endif + #if CLIENT_SESSION_ROWS > 65535 + #error CLIENT_SESSION_ROWS too big + #endif + + struct ClientSession { + word16 serverRow; /* SessionCache Row id */ + word16 serverIdx; /* SessionCache Idx (column) */ + word32 sessionIDHash; + }; + #ifndef WOLFSSL_CLIENT_SESSION_DEFINED + typedef struct ClientSession ClientSession; + #define WOLFSSL_CLIENT_SESSION_DEFINED + #endif + + typedef struct ClientRow { + int nextIdx; /* where to place next one */ + int totalCount; /* sessions ever on this row */ + ClientSession Clients[CLIENT_SESSIONS_PER_ROW]; + } ClientRow; + + static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS]; + /* Client Cache */ + /* uses session mutex */ + + /* ClientCache mutex */ + static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex); + #ifndef WOLFSSL_MUTEX_INITIALIZER + static WOLFSSL_GLOBAL int clisession_mutex_valid = 0; + #endif + #endif /* !NO_CLIENT_CACHE */ + + void EvictSessionFromCache(WOLFSSL_SESSION* session) + { +#ifdef HAVE_EX_DATA + int save_ownExData = session->ownExData; + session->ownExData = 1; /* Make sure ex_data access doesn't lead back + * into the cache. */ +#endif +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + if (session->rem_sess_cb != NULL) { + session->rem_sess_cb(NULL, session); + session->rem_sess_cb = NULL; + } +#endif + ForceZero(session->masterSecret, SECRET_LEN); + XMEMSET(session->sessionID, 0, ID_LEN); + session->sessionIDSz = 0; +#ifdef HAVE_SESSION_TICKET + if (session->ticketLenAlloc > 0) { + XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); + session->ticket = session->staticTicket; + session->ticketLen = 0; + session->ticketLenAlloc = 0; + } +#endif +#ifdef HAVE_EX_DATA + session->ownExData = save_ownExData; +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if ((session->ticketNonce.data != NULL) && + (session->ticketNonce.data != session->ticketNonce.dataStatic)) + { + XFREE(session->ticketNonce.data, NULL, DYNAMIC_TYPE_SESSION_TICK); + session->ticketNonce.data = NULL; + } +#endif + } + +WOLFSSL_ABI +WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_session"); + if (ssl) { +#ifdef NO_SESSION_CACHE_REF + return ssl->session; +#else + if (ssl->options.side == WOLFSSL_CLIENT_END) { + /* On the client side we want to return a persistent reference for + * backwards compatibility. */ +#ifndef NO_CLIENT_CACHE + if (ssl->clientSession) { + return (WOLFSSL_SESSION*)ssl->clientSession; + } + else { + /* Try to add a ClientCache entry to associate with the current + * session. Ignore any session cache options. */ + int err; + const byte* id = ssl->session->sessionID; + byte idSz = ssl->session->sessionIDSz; + if (ssl->session->haveAltSessionID) { + id = ssl->session->altSessionID; + idSz = ID_LEN; + } + err = AddSessionToCache(ssl->ctx, ssl->session, id, idSz, + NULL, ssl->session->side, + #ifdef HAVE_SESSION_TICKET + ssl->session->ticketLen > 0, + #else + 0, + #endif + &ssl->clientSession); + if (err == 0) { + return (WOLFSSL_SESSION*)ssl->clientSession; + } + } +#endif + } + else { + return ssl->session; + } +#endif + } + + return NULL; +} + +/* The get1 version requires caller to call SSL_SESSION_free */ +WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) +{ + WOLFSSL_SESSION* sess = NULL; + WOLFSSL_ENTER("wolfSSL_get1_session"); + if (ssl != NULL) { + sess = ssl->session; + if (sess != NULL) { + /* increase reference count if allocated session */ + if (sess->type == WOLFSSL_SESSION_TYPE_HEAP) { + if (wolfSSL_SESSION_up_ref(sess) != WOLFSSL_SUCCESS) + sess = NULL; + } + } + } + return sess; +} + +/* session is a private struct, return if it is setup or not */ +WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session) +{ + if (session != NULL) + return session->isSetup; + return 0; +} + +/* + * Sets the session object to use when establishing a TLS/SSL session using + * the ssl object. Therefore, this function must be called before + * wolfSSL_connect. The session object to use can be obtained in a previous + * TLS/SSL connection using wolfSSL_get_session. + * + * This function rejects the session if it has been expired when this function + * is called. Note that this expiration check is wolfSSL specific and differs + * from OpenSSL return code behavior. + * + * By default, wolfSSL_set_session returns WOLFSSL_SUCCESS on successfully + * setting the session, WOLFSSL_FAILURE on failure due to the session cache + * being disabled, or the session has expired. + * + * To match OpenSSL return code behavior when session is expired, define + * OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL. This behavior will return + * WOLFSSL_SUCCESS even when the session is expired and rejected. + */ +WOLFSSL_ABI +int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session) +{ + WOLFSSL_ENTER("wolfSSL_set_session"); + if (session) + return wolfSSL_SetSession(ssl, session); + + return WOLFSSL_FAILURE; +} + + +#ifndef NO_CLIENT_CACHE + +/* Associate client session with serverID, find existing or store for saving + if newSession flag on, don't reuse existing session + WOLFSSL_SUCCESS on ok */ +int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession) +{ + WOLFSSL_SESSION* session = NULL; + byte idHash[SERVER_ID_LEN]; + + WOLFSSL_ENTER("wolfSSL_SetServerID"); + + if (ssl == NULL || id == NULL || len <= 0) + return BAD_FUNC_ARG; + + if (len > SERVER_ID_LEN) { +#if defined(NO_SHA) && !defined(NO_SHA256) + if (wc_Sha256Hash(id, len, idHash) != 0) + return WOLFSSL_FAILURE; +#else + if (wc_ShaHash(id, (word32)len, idHash) != 0) + return WOLFSSL_FAILURE; +#endif + id = idHash; + len = SERVER_ID_LEN; + } + + if (newSession == 0) { + session = wolfSSL_GetSessionClient(ssl, id, len); + if (session) { + if (wolfSSL_SetSession(ssl, session) != WOLFSSL_SUCCESS) { + #ifdef HAVE_EXT_CACHE + wolfSSL_FreeSession(ssl->ctx, session); + #endif + WOLFSSL_MSG("wolfSSL_SetSession failed"); + session = NULL; + } + } + } + + if (session == NULL) { + WOLFSSL_MSG("Valid ServerID not cached already"); + + ssl->session->idLen = (word16)len; + XMEMCPY(ssl->session->serverID, id, len); + } +#ifdef HAVE_EXT_CACHE + else { + wolfSSL_FreeSession(ssl->ctx, session); + } +#endif + + return WOLFSSL_SUCCESS; +} + +#endif /* !NO_CLIENT_CACHE */ + +/* TODO: Add SESSION_CACHE_DYNAMIC_MEM support for PERSIST_SESSION_CACHE. + * Need a count of current sessions to get an accurate memsize (totalCount is + * not decremented when sessions are removed). + * Need to determine ideal layout for mem/filesave. + * Also need mem/filesave checking to ensure not restoring non DYNAMIC_MEM + * cache. + */ +#if defined(PERSIST_SESSION_CACHE) && !defined(SESSION_CACHE_DYNAMIC_MEM) + +/* for persistence, if changes to layout need to increment and modify + save_session_cache() and restore_session_cache and memory versions too */ +#define WOLFSSL_CACHE_VERSION 2 + +/* Session Cache Header information */ +typedef struct { + int version; /* cache layout version id */ + int rows; /* session rows */ + int columns; /* session columns */ + int sessionSz; /* sizeof WOLFSSL_SESSION */ +} cache_header_t; + +/* current persistence layout is: + + 1) cache_header_t + 2) SessionCache + 3) ClientCache + + update WOLFSSL_CACHE_VERSION if change layout for the following + PERSISTENT_SESSION_CACHE functions +*/ + +/* get how big the the session cache save buffer needs to be */ +int wolfSSL_get_session_cache_memsize(void) +{ + int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t)); +#ifndef NO_CLIENT_CACHE + sz += (int)(sizeof(ClientCache)); +#endif + return sz; +} + + +/* Persist session cache to memory */ +int wolfSSL_memsave_session_cache(void* mem, int sz) +{ + int i; + cache_header_t cache_header; + SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); + + WOLFSSL_ENTER("wolfSSL_memsave_session_cache"); + + if (sz < wolfSSL_get_session_cache_memsize()) { + WOLFSSL_MSG("Memory buffer too small"); + return BUFFER_E; + } + + cache_header.version = WOLFSSL_CACHE_VERSION; + cache_header.rows = SESSION_ROWS; + cache_header.columns = SESSIONS_PER_ROW; + cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION); + XMEMCPY(mem, &cache_header, sizeof(cache_header)); + +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_RD_LOCK(row) != 0) { + WOLFSSL_MSG("Session cache mutex lock failed"); + return BAD_MUTEX_E; + } +#endif + for (i = 0; i < cache_header.rows; ++i) { + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { + WOLFSSL_MSG("Session row cache mutex lock failed"); + return BAD_MUTEX_E; + } + #endif + + XMEMCPY(row++, &SessionCache[i], SIZEOF_SESSION_ROW); + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[i]); + #endif + } +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(row); +#endif + +#ifndef NO_CLIENT_CACHE + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + return BAD_MUTEX_E; + } + XMEMCPY(row, ClientCache, sizeof(ClientCache)); + wc_UnLockMutex(&clisession_mutex); +#endif + + WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} + + +/* Restore the persistent session cache from memory */ +int wolfSSL_memrestore_session_cache(const void* mem, int sz) +{ + int i; + cache_header_t cache_header; + SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); + + WOLFSSL_ENTER("wolfSSL_memrestore_session_cache"); + + if (sz < wolfSSL_get_session_cache_memsize()) { + WOLFSSL_MSG("Memory buffer too small"); + return BUFFER_E; + } + + XMEMCPY(&cache_header, mem, sizeof(cache_header)); + if (cache_header.version != WOLFSSL_CACHE_VERSION || + cache_header.rows != SESSION_ROWS || + cache_header.columns != SESSIONS_PER_ROW || + cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) { + + WOLFSSL_MSG("Session cache header match failed"); + return CACHE_MATCH_ERROR; + } + +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { + WOLFSSL_MSG("Session cache mutex lock failed"); + return BAD_MUTEX_E; + } +#endif + for (i = 0; i < cache_header.rows; ++i) { + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { + WOLFSSL_MSG("Session row cache mutex lock failed"); + return BAD_MUTEX_E; + } + #endif + + XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW); + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[i]); + #endif + } +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[0]); +#endif + +#ifndef NO_CLIENT_CACHE + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + return BAD_MUTEX_E; + } + XMEMCPY(ClientCache, row, sizeof(ClientCache)); + wc_UnLockMutex(&clisession_mutex); +#endif + + WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} + +#if !defined(NO_FILESYSTEM) + +/* Persist session cache to file */ +/* doesn't use memsave because of additional memory use */ +int wolfSSL_save_session_cache(const char *fname) +{ + XFILE file; + int ret; + int rc = WOLFSSL_SUCCESS; + int i; + cache_header_t cache_header; + + WOLFSSL_ENTER("wolfSSL_save_session_cache"); + + file = XFOPEN(fname, "w+b"); + if (file == XBADFILE) { + WOLFSSL_MSG("Couldn't open session cache save file"); + return WOLFSSL_BAD_FILE; + } + cache_header.version = WOLFSSL_CACHE_VERSION; + cache_header.rows = SESSION_ROWS; + cache_header.columns = SESSIONS_PER_ROW; + cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION); + + /* cache header */ + ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file); + if (ret != 1) { + WOLFSSL_MSG("Session cache header file write failed"); + XFCLOSE(file); + return FWRITE_ERROR; + } + +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_RD_LOCK(&SessionCache[0]) != 0) { + WOLFSSL_MSG("Session cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } +#endif + /* session cache */ + for (i = 0; i < cache_header.rows; ++i) { + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { + WOLFSSL_MSG("Session row cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } + #endif + + ret = (int)XFWRITE(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[i]); + #endif + if (ret != 1) { + WOLFSSL_MSG("Session cache member file write failed"); + rc = FWRITE_ERROR; + break; + } + } +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[0]); +#endif + +#ifndef NO_CLIENT_CACHE + /* client cache */ + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } + ret = (int)XFWRITE(ClientCache, sizeof(ClientCache), 1, file); + if (ret != 1) { + WOLFSSL_MSG("Client cache member file write failed"); + rc = FWRITE_ERROR; + } + wc_UnLockMutex(&clisession_mutex); +#endif /* !NO_CLIENT_CACHE */ + + XFCLOSE(file); + WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc); + + return rc; +} + + +/* Restore the persistent session cache from file */ +/* doesn't use memstore because of additional memory use */ +int wolfSSL_restore_session_cache(const char *fname) +{ + XFILE file; + int rc = WOLFSSL_SUCCESS; + int ret; + int i; + cache_header_t cache_header; + + WOLFSSL_ENTER("wolfSSL_restore_session_cache"); + + file = XFOPEN(fname, "rb"); + if (file == XBADFILE) { + WOLFSSL_MSG("Couldn't open session cache save file"); + return WOLFSSL_BAD_FILE; + } + /* cache header */ + ret = (int)XFREAD(&cache_header, sizeof(cache_header), 1, file); + if (ret != 1) { + WOLFSSL_MSG("Session cache header file read failed"); + XFCLOSE(file); + return FREAD_ERROR; + } + if (cache_header.version != WOLFSSL_CACHE_VERSION || + cache_header.rows != SESSION_ROWS || + cache_header.columns != SESSIONS_PER_ROW || + cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) { + + WOLFSSL_MSG("Session cache header match failed"); + XFCLOSE(file); + return CACHE_MATCH_ERROR; + } + +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { + WOLFSSL_MSG("Session cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } +#endif + /* session cache */ + for (i = 0; i < cache_header.rows; ++i) { + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { + WOLFSSL_MSG("Session row cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } + #endif + + ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[i]); + #endif + if (ret != 1) { + WOLFSSL_MSG("Session cache member file read failed"); + XMEMSET(SessionCache, 0, sizeof SessionCache); + rc = FREAD_ERROR; + break; + } + } +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[0]); +#endif + +#ifndef NO_CLIENT_CACHE + /* client cache */ + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + XFCLOSE(file); + return BAD_MUTEX_E; + } + ret = (int)XFREAD(ClientCache, sizeof(ClientCache), 1, file); + if (ret != 1) { + WOLFSSL_MSG("Client cache member file read failed"); + XMEMSET(ClientCache, 0, sizeof ClientCache); + rc = FREAD_ERROR; + } + wc_UnLockMutex(&clisession_mutex); +#endif /* !NO_CLIENT_CACHE */ + + XFCLOSE(file); + WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc); + + return rc; +} + +#endif /* !NO_FILESYSTEM */ +#endif /* PERSIST_SESSION_CACHE && !SESSION_CACHE_DYNAMIC_MEM */ + + +/* on by default if built in but allow user to turn off */ +WOLFSSL_ABI +long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_session_cache_mode"); + + if (ctx == NULL) + return WOLFSSL_FAILURE; + + if (mode == WOLFSSL_SESS_CACHE_OFF) { + ctx->sessionCacheOff = 1; +#ifdef HAVE_EXT_CACHE + ctx->internalCacheOff = 1; + ctx->internalCacheLookupOff = 1; +#endif + } + + if ((mode & WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR) != 0) + ctx->sessionCacheFlushOff = 1; + +#ifdef HAVE_EXT_CACHE + /* WOLFSSL_SESS_CACHE_NO_INTERNAL activates both if's */ + if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) + ctx->internalCacheOff = 1; + if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP) != 0) + ctx->internalCacheLookupOff = 1; +#endif + + return WOLFSSL_SUCCESS; +} + +#ifdef OPENSSL_EXTRA +#ifdef HAVE_MAX_FRAGMENT +/* return the max fragment size set when handshake was negotiated */ +unsigned char wolfSSL_SESSION_get_max_fragment_length(WOLFSSL_SESSION* session) +{ + session = ClientSessionToSession(session); + if (session == NULL) { + return 0; + } + + return session->mfl; +} +#endif + + +/* Get the session cache mode for CTX + * + * ctx WOLFSSL_CTX struct to get cache mode from + * + * Returns a bit mask that has the session cache mode */ +long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) +{ + long m = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_get_session_cache_mode"); + + if (ctx == NULL) { + return m; + } + + if (ctx->sessionCacheOff != 1) { + m |= WOLFSSL_SESS_CACHE_SERVER; + } + + if (ctx->sessionCacheFlushOff == 1) { + m |= WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR; + } + +#ifdef HAVE_EXT_CACHE + if (ctx->internalCacheOff == 1) { + m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE; + } + if (ctx->internalCacheLookupOff == 1) { + m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP; + } +#endif + + return m; +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !NO_SESSION_CACHE */ + +#ifndef NO_SESSION_CACHE + +WOLFSSL_ABI +void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm) +{ + /* static table now, no flushing needed */ + (void)ctx; + (void)tm; +} + +void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm) +{ + int i, j; + byte id[ID_LEN]; + + (void)ctx; + XMEMSET(id, 0, ID_LEN); + WOLFSSL_ENTER("wolfSSL_flush_sessions"); + for (i = 0; i < SESSION_ROWS; ++i) { + if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { + WOLFSSL_MSG("Session cache mutex lock failed"); + return; + } + for (j = 0; j < SESSIONS_PER_ROW; j++) { +#ifdef SESSION_CACHE_DYNAMIC_MEM + WOLFSSL_SESSION* s = SessionCache[i].Sessions[j]; +#else + WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j]; +#endif + if ( +#ifdef SESSION_CACHE_DYNAMIC_MEM + s != NULL && +#endif + XMEMCMP(s->sessionID, id, ID_LEN) != 0 && + s->bornOn + s->timeout < (word32)tm + ) + { + EvictSessionFromCache(s); +#ifdef SESSION_CACHE_DYNAMIC_MEM + XFREE(s, s->heap, DYNAMIC_TYPE_SESSION); + SessionCache[i].Sessions[j] = NULL; +#endif + } + } + SESSION_ROW_UNLOCK(&SessionCache[i]); + } +} + + +/* set ssl session timeout in seconds */ +WOLFSSL_ABI +int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + if (to == 0) + to = WOLFSSL_SESSION_TIMEOUT; + ssl->timeout = to; + + return WOLFSSL_SUCCESS; +} + + +/** + * Sets ctx session timeout in seconds. + * The timeout value set here should be reflected in the + * "session ticket lifetime hint" if this API works in the openssl compat-layer. + * Therefore wolfSSL_CTX_set_TicketHint is called internally. + * Arguments: + * - ctx WOLFSSL_CTX object which the timeout is set to + * - to timeout value in second + * Returns: + * WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure. + * When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value + * on success, BAD_FUNC_ARG on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) +{ + #if defined(WOLFSSL_ERROR_CODE_OPENSSL) + word32 prev_timeout = 0; + #endif + + int ret = WOLFSSL_SUCCESS; + (void)ret; + + if (ctx == NULL) + ret = BAD_FUNC_ARG; + + if (ret == WOLFSSL_SUCCESS) { + #if defined(WOLFSSL_ERROR_CODE_OPENSSL) + prev_timeout = ctx->timeout; + #endif + if (to == 0) { + ctx->timeout = WOLFSSL_SESSION_TIMEOUT; + } + else { + ctx->timeout = to; + } + } +#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) + if (ret == WOLFSSL_SUCCESS) { + if (to == 0) { + ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT); + } + else { + ret = wolfSSL_CTX_set_TicketHint(ctx, (int)to); + } + } +#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ + +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + if (ret == WOLFSSL_SUCCESS) { + return (int)prev_timeout; + } + else { + return ret; + } +#else + return ret; +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ +} + + +#ifndef NO_CLIENT_CACHE + +/* Get Session from Client cache based on id/len, return NULL on failure */ +WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len) +{ + WOLFSSL_SESSION* ret = NULL; + word32 row; + int idx; + int count; + int error = 0; + ClientSession* clSess; + + WOLFSSL_ENTER("wolfSSL_GetSessionClient"); + + if (ssl->ctx->sessionCacheOff) { + WOLFSSL_MSG("Session Cache off"); + return NULL; + } + + if (ssl->options.side == WOLFSSL_SERVER_END) + return NULL; + + len = (int)min(SERVER_ID_LEN, (word32)len); + + /* Do not access ssl->ctx->get_sess_cb from here. It is using a different + * set of ID's */ + + row = HashObject(id, (word32)len, &error) % CLIENT_SESSION_ROWS; + if (error != 0) { + WOLFSSL_MSG("Hash session failed"); + return NULL; + } + + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + return NULL; + } + + /* start from most recently used */ + count = (int)min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW); + idx = ClientCache[row].nextIdx - 1; + if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) { + /* if back to front, the previous was end */ + idx = CLIENT_SESSIONS_PER_ROW - 1; + } + clSess = ClientCache[row].Clients; + + for (; count > 0; --count) { + WOLFSSL_SESSION* current; + SessionRow* sessRow; + + if (clSess[idx].serverRow >= SESSION_ROWS) { + WOLFSSL_MSG("Client cache serverRow invalid"); + break; + } + + /* lock row */ + sessRow = &SessionCache[clSess[idx].serverRow]; + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { + WOLFSSL_MSG("Session cache row lock failure"); + break; + } + +#ifdef SESSION_CACHE_DYNAMIC_MEM + current = sessRow->Sessions[clSess[idx].serverIdx]; +#else + current = &sessRow->Sessions[clSess[idx].serverIdx]; +#endif + if (current && XMEMCMP(current->serverID, id, len) == 0) { + WOLFSSL_MSG("Found a serverid match for client"); + if (LowResTimer() < (current->bornOn + current->timeout)) { + WOLFSSL_MSG("Session valid"); + ret = current; + SESSION_ROW_UNLOCK(sessRow); + break; + } else { + WOLFSSL_MSG("Session timed out"); /* could have more for id */ + } + } else { + WOLFSSL_MSG("ServerID not a match from client table"); + } + SESSION_ROW_UNLOCK(sessRow); + + idx = idx > 0 ? idx - 1 : CLIENT_SESSIONS_PER_ROW - 1; + } + + wc_UnLockMutex(&clisession_mutex); + + return ret; +} + +#endif /* !NO_CLIENT_CACHE */ + +static int SslSessionCacheOff(const WOLFSSL* ssl, + const WOLFSSL_SESSION* session) +{ + (void)session; + return ssl->options.sessionCacheOff + #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET) + && session->ticketLen == 0 + #endif + ; +} + +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) +/** + * SessionTicketNoncePrealloc() - prealloc a buffer for ticket nonces + * @output: [in] pointer to WOLFSSL_SESSION object that will soon be a + * destination of a session duplication + * @buf: [out] address of the preallocated buf + * @len: [out] len of the preallocated buf + * + * prealloc a buffer that will likely suffice to contain a ticket nonce. It's + * used when copying session under lock, when syscalls need to be avoided. If + * output already has a dynamic buffer, it's reused. + */ +static int SessionTicketNoncePrealloc(byte** buf, byte* len, void *heap) +{ + (void)heap; + + *buf = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_NONCE_LEN, heap, + DYNAMIC_TYPE_SESSION_TICK); + if (*buf == NULL) { + WOLFSSL_MSG("Failed to preallocate ticket nonce buffer"); + *len = 0; + return 1; + } + + *len = PREALLOC_SESSION_TICKET_NONCE_LEN; + return 0; +} +#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */ + +static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, + WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf, + byte* ticketNonceLen, byte* preallocUsed); + +void TlsSessionCacheUnlockRow(word32 row) +{ + SessionRow* sessRow; + + sessRow = &SessionCache[row]; + (void)sessRow; + SESSION_ROW_UNLOCK(sessRow); +} + +/* Don't use this function directly. Use TlsSessionCacheGetAndRdLock and + * TlsSessionCacheGetAndWrLock to fully utilize compiler const support. */ +static int TlsSessionCacheGetAndLock(const byte *id, + const WOLFSSL_SESSION **sess, word32 *lockedRow, byte readOnly, byte side) +{ + SessionRow *sessRow; + const WOLFSSL_SESSION *s; + word32 row; + int count; + int error; + int idx; + + *sess = NULL; + row = HashObject(id, ID_LEN, &error) % SESSION_ROWS; + if (error != 0) + return error; + sessRow = &SessionCache[row]; + if (readOnly) + error = SESSION_ROW_RD_LOCK(sessRow); + else + error = SESSION_ROW_WR_LOCK(sessRow); + if (error != 0) + return FATAL_ERROR; + + /* start from most recently used */ + count = (int)min((word32)sessRow->totalCount, SESSIONS_PER_ROW); + idx = sessRow->nextIdx - 1; + if (idx < 0 || idx >= SESSIONS_PER_ROW) { + idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */ + } + for (; count > 0; --count) { +#ifdef SESSION_CACHE_DYNAMIC_MEM + s = sessRow->Sessions[idx]; +#else + s = &sessRow->Sessions[idx]; +#endif + if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) { + *sess = s; + break; + } + idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1; + } + if (*sess == NULL) { + SESSION_ROW_UNLOCK(sessRow); + } + else { + *lockedRow = row; + } + + return 0; +} + +static int CheckSessionMatch(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess) +{ + if (ssl == NULL || sess == NULL) + return 0; +#ifdef OPENSSL_EXTRA + if (ssl->sessionCtxSz > 0 && (ssl->sessionCtxSz != sess->sessionCtxSz || + XMEMCMP(ssl->sessionCtx, sess->sessionCtx, sess->sessionCtxSz) != 0)) + return 0; +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + if (IsAtLeastTLSv1_3(ssl->version) != IsAtLeastTLSv1_3(sess->version)) + return 0; +#endif + return 1; +} + +int TlsSessionCacheGetAndRdLock(const byte *id, const WOLFSSL_SESSION **sess, + word32 *lockedRow, byte side) +{ + return TlsSessionCacheGetAndLock(id, sess, lockedRow, 1, side); +} + +int TlsSessionCacheGetAndWrLock(const byte *id, WOLFSSL_SESSION **sess, + word32 *lockedRow, byte side) +{ + return TlsSessionCacheGetAndLock(id, (const WOLFSSL_SESSION**)sess, + lockedRow, 0, side); +} + +int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) +{ + const WOLFSSL_SESSION* sess = NULL; + const byte* id = NULL; + word32 row; + int error = 0; +#ifdef HAVE_SESSION_TICKET +#ifndef WOLFSSL_SMALL_STACK + byte tmpTicket[PREALLOC_SESSION_TICKET_LEN]; +#else + byte* tmpTicket = NULL; +#endif +#ifdef WOLFSSL_TLS13 + byte *preallocNonce = NULL; + byte preallocNonceLen = 0; + byte preallocNonceUsed = 0; +#endif /* WOLFSSL_TLS13 */ + byte tmpBufSet = 0; +#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + WOLFSSL_X509* peer = NULL; +#endif + byte bogusID[ID_LEN]; + byte bogusIDSz = 0; + + WOLFSSL_ENTER("wolfSSL_GetSessionFromCache"); + + if (output == NULL) { + WOLFSSL_MSG("NULL output"); + return WOLFSSL_FAILURE; + } + + if (SslSessionCacheOff(ssl, ssl->session)) + return WOLFSSL_FAILURE; + + if (ssl->options.haveSessionId == 0 && !ssl->session->haveAltSessionID) + return WOLFSSL_FAILURE; + +#ifdef HAVE_SESSION_TICKET + if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1) + return WOLFSSL_FAILURE; +#endif + + XMEMSET(bogusID, 0, sizeof(bogusID)); + if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL + && !ssl->session->haveAltSessionID) + id = ssl->arrays->sessionID; + else if (ssl->session->haveAltSessionID) { + id = ssl->session->altSessionID; + /* We want to restore the bogus ID for TLS compatibility */ + if (output == ssl->session) { + XMEMCPY(bogusID, ssl->session->sessionID, ID_LEN); + bogusIDSz = ssl->session->sessionIDSz; + } + } + else + id = ssl->session->sessionID; + + +#ifdef HAVE_EXT_CACHE + if (ssl->ctx->get_sess_cb != NULL) { + int copy = 0; + int found = 0; + WOLFSSL_SESSION* extSess; + /* Attempt to retrieve the session from the external cache. */ + WOLFSSL_MSG("Calling external session cache"); + extSess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, ©); + if ((extSess != NULL) + && CheckSessionMatch(ssl, extSess) + ) { + WOLFSSL_MSG("Session found in external cache"); + found = 1; + + error = wolfSSL_DupSession(extSess, output, 0); +#ifdef HAVE_EX_DATA + extSess->ownExData = 1; + output->ownExData = 0; +#endif + /* We want to restore the bogus ID for TLS compatibility */ + if (ssl->session->haveAltSessionID && + output == ssl->session) { + XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN); + ssl->session->sessionIDSz = bogusIDSz; + } + } + /* If copy not set then free immediately */ + if (extSess != NULL && !copy) + wolfSSL_FreeSession(ssl->ctx, extSess); + if (found) + return error; + WOLFSSL_MSG("Session not found in external cache"); + } + + if (ssl->options.internalCacheLookupOff) { + WOLFSSL_MSG("Internal cache lookup turned off"); + return WOLFSSL_FAILURE; + } +#endif + +#ifdef HAVE_SESSION_TICKET + if (output->ticket == NULL || + output->ticketLenAlloc < PREALLOC_SESSION_TICKET_LEN) { +#ifdef WOLFSSL_SMALL_STACK + tmpTicket = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_LEN, output->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpTicket == NULL) { + WOLFSSL_MSG("tmpTicket malloc failed"); + return WOLFSSL_FAILURE; + } +#endif + if (output->ticketLenAlloc) + XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK); + output->ticket = tmpTicket; /* cppcheck-suppress autoVariables + */ + output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN; + output->ticketLen = 0; + tmpBufSet = 1; + } +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (output->peer != NULL) { + wolfSSL_X509_free(output->peer); + output->peer = NULL; + } +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (output->ticketNonce.data != output->ticketNonce.dataStatic) { + XFREE(output->ticketNonce.data, output->heap, + DYNAMIC_TYPE_SESSION_TICK); + output->ticketNonce.data = output->ticketNonce.dataStatic; + output->ticketNonce.len = 0; + } + error = SessionTicketNoncePrealloc(&preallocNonce, &preallocNonceLen, + output->heap); + if (error != 0) { + if (tmpBufSet) { + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + } +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_TLS13 && HAVE_SESSION_TICKET*/ + + /* init to avoid clang static analyzer false positive */ + row = 0; + error = TlsSessionCacheGetAndRdLock(id, &sess, &row, + (byte)ssl->options.side); + error = (error == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + if (error != WOLFSSL_SUCCESS || sess == NULL) { + WOLFSSL_MSG("Get Session from cache failed"); + error = WOLFSSL_FAILURE; +#ifdef HAVE_SESSION_TICKET + if (tmpBufSet) { + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + } +#ifdef WOLFSSL_TLS13 + XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); + preallocNonce = NULL; +#endif /* WOLFSSL_TLS13 */ +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); + tmpTicket = NULL; +#endif +#endif + } + else { + if (!CheckSessionMatch(ssl, sess)) { + WOLFSSL_MSG("Invalid session: can't be used in this context"); + TlsSessionCacheUnlockRow(row); + error = WOLFSSL_FAILURE; + } + else if (LowResTimer() >= (sess->bornOn + sess->timeout)) { + WOLFSSL_SESSION* wrSess = NULL; + WOLFSSL_MSG("Invalid session: timed out"); + sess = NULL; + TlsSessionCacheUnlockRow(row); + /* Attempt to get a write lock */ + error = TlsSessionCacheGetAndWrLock(id, &wrSess, &row, + (byte)ssl->options.side); + if (error == 0 && wrSess != NULL) { + EvictSessionFromCache(wrSess); + TlsSessionCacheUnlockRow(row); + } + error = WOLFSSL_FAILURE; + } + } + + /* mollify confused cppcheck nullPointer warning. */ + if (sess == NULL) + error = WOLFSSL_FAILURE; + + if (error == WOLFSSL_SUCCESS) { +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) + error = wolfSSL_DupSessionEx(sess, output, 1, + preallocNonce, &preallocNonceLen, &preallocNonceUsed); +#else + error = wolfSSL_DupSession(sess, output, 1); +#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */ +#ifdef HAVE_EX_DATA + output->ownExData = !sess->ownExData; /* Session may own ex_data */ +#endif + TlsSessionCacheUnlockRow(row); + } + + /* We want to restore the bogus ID for TLS compatibility */ + if (ssl->session->haveAltSessionID && + output == ssl->session) { + XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN); + ssl->session->sessionIDSz = bogusIDSz; + } + +#ifdef HAVE_SESSION_TICKET + if (tmpBufSet) { + if (error == WOLFSSL_SUCCESS) { + if (output->ticketLen > SESSION_TICKET_LEN) { + output->ticket = (byte*)XMALLOC(output->ticketLen, output->heap, + DYNAMIC_TYPE_SESSION_TICK); + if (output->ticket == NULL) { + error = WOLFSSL_FAILURE; + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + output->ticketLen = 0; + } + } + else { + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + } + } + else { + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + output->ticketLen = 0; + } + if (error == WOLFSSL_SUCCESS) { + XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */ + } + } +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (error == WOLFSSL_SUCCESS && preallocNonceUsed) { + if (preallocNonceLen < PREALLOC_SESSION_TICKET_NONCE_LEN) { + /* buffer bigger than needed */ +#ifndef XREALLOC + output->ticketNonce.data = (byte*)XMALLOC(preallocNonceLen, + output->heap, DYNAMIC_TYPE_SESSION_TICK); + if (output->ticketNonce.data != NULL) + XMEMCPY(output->ticketNonce.data, preallocNonce, + preallocNonceLen); + XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); + preallocNonce = NULL; +#else + output->ticketNonce.data = (byte*)XREALLOC(preallocNonce, + preallocNonceLen, output->heap, DYNAMIC_TYPE_SESSION_TICK); + if (output->ticketNonce.data != NULL) { + /* don't free the reallocated pointer */ + preallocNonce = NULL; + } +#endif /* !XREALLOC */ + if (output->ticketNonce.data == NULL) { + output->ticketNonce.data = output->ticketNonce.dataStatic; + output->ticketNonce.len = 0; + error = WOLFSSL_FAILURE; + /* preallocNonce will be free'd after the if */ + } + } + else { + output->ticketNonce.data = preallocNonce; + output->ticketNonce.len = preallocNonceLen; + preallocNonce = NULL; + } + } + XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ + +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (peer != NULL) { + wolfSSL_X509_free(peer); + } +#endif + + return error; +} + +WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret, + byte restoreSessionCerts) +{ + WOLFSSL_SESSION* ret = NULL; + + (void)restoreSessionCerts; /* Kept for compatibility */ + + if (wolfSSL_GetSessionFromCache(ssl, ssl->session) == WOLFSSL_SUCCESS) { + ret = ssl->session; + } + else { + WOLFSSL_MSG("wolfSSL_GetSessionFromCache did not return a session"); + } + + if (ret != NULL && masterSecret != NULL) + XMEMCPY(masterSecret, ret->masterSecret, SECRET_LEN); + + return ret; +} + +int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) +{ + SessionRow* sessRow = NULL; + int ret = WOLFSSL_SUCCESS; + + session = ClientSessionToSession(session); + + if (ssl == NULL || session == NULL || !session->isSetup) { + WOLFSSL_MSG("ssl or session NULL or not set up"); + return WOLFSSL_FAILURE; + } + + /* We need to lock the session as the first step if its in the cache */ + if (session->type == WOLFSSL_SESSION_TYPE_CACHE) { + if (session->cacheRow < SESSION_ROWS) { + sessRow = &SessionCache[session->cacheRow]; + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { + WOLFSSL_MSG("Session row lock failed"); + return WOLFSSL_FAILURE; + } + } + } + + if (ret == WOLFSSL_SUCCESS && ssl->options.side != WOLFSSL_NEITHER_END && + (byte)ssl->options.side != session->side) { + WOLFSSL_MSG("Setting session for wrong role"); + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS) { + if (ssl->session == session) { + WOLFSSL_MSG("ssl->session and session same"); + } + else if (session->type != WOLFSSL_SESSION_TYPE_CACHE) { + if (wolfSSL_SESSION_up_ref(session) == WOLFSSL_SUCCESS) { + wolfSSL_FreeSession(ssl->ctx, ssl->session); + ssl->session = session; + } + else + ret = WOLFSSL_FAILURE; + } + else { + ret = wolfSSL_DupSession(session, ssl->session, 0); + if (ret != WOLFSSL_SUCCESS) + WOLFSSL_MSG("Session duplicate failed"); + } + } + + /* Let's copy over the altSessionID for local cache purposes */ + if (ret == WOLFSSL_SUCCESS && session->haveAltSessionID && + ssl->session != session) { + ssl->session->haveAltSessionID = 1; + XMEMCPY(ssl->session->altSessionID, session->altSessionID, ID_LEN); + } + + if (sessRow != NULL) { + SESSION_ROW_UNLOCK(sessRow); + sessRow = NULL; + } + + /* Note: the `session` variable cannot be used below, since the row is + * un-locked */ + + if (ret != WOLFSSL_SUCCESS) + return ret; + +#ifdef WOLFSSL_SESSION_ID_CTX + /* check for application context id */ + if (ssl->sessionCtxSz > 0) { + if (XMEMCMP(ssl->sessionCtx, ssl->session->sessionCtx, + ssl->sessionCtxSz)) { + /* context id did not match! */ + WOLFSSL_MSG("Session context did not match"); + return WOLFSSL_FAILURE; + } + } +#endif /* WOLFSSL_SESSION_ID_CTX */ + + if (LowResTimer() >= (ssl->session->bornOn + ssl->session->timeout)) { +#if !defined(OPENSSL_EXTRA) || !defined(WOLFSSL_ERROR_CODE_OPENSSL) + return WOLFSSL_FAILURE; /* session timed out */ +#else /* defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) */ + WOLFSSL_MSG("Session is expired but return success for " + "OpenSSL compatibility"); +#endif + } + ssl->options.resuming = 1; + ssl->options.haveEMS = ssl->session->haveEMS; + +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + ssl->version = ssl->session->version; + if (IsAtLeastTLSv1_3(ssl->version)) + ssl->options.tls1_3 = 1; +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + ssl->options.cipherSuite0 = ssl->session->cipherSuite0; + ssl->options.cipherSuite = ssl->session->cipherSuite; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + ssl->peerVerifyRet = (unsigned long)ssl->session->peerVerifyRet; +#endif + + return WOLFSSL_SUCCESS; +} + + +#ifdef WOLFSSL_SESSION_STATS +static int get_locked_session_stats(word32* active, word32* total, + word32* peak); +#endif + +#ifndef NO_CLIENT_CACHE +ClientSession* AddSessionToClientCache(int side, int row, int idx, + byte* serverID, word16 idLen, const byte* sessionID, word16 useTicket) +{ + int error = -1; + word32 clientRow = 0, clientIdx = 0; + ClientSession* ret = NULL; + + (void)useTicket; + if (side == WOLFSSL_CLIENT_END + && row != INVALID_SESSION_ROW + && (idLen +#ifdef HAVE_SESSION_TICKET + || useTicket == 1 +#endif + || serverID != NULL + )) { + + WOLFSSL_MSG("Trying to add client cache entry"); + + if (idLen) { + clientRow = HashObject(serverID, + idLen, &error) % CLIENT_SESSION_ROWS; + } + else if (serverID != NULL) { + clientRow = HashObject(sessionID, + ID_LEN, &error) % CLIENT_SESSION_ROWS; + } + else { + error = -1; + } + if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) { + clientIdx = (word32)ClientCache[clientRow].nextIdx; + if (clientIdx < CLIENT_SESSIONS_PER_ROW) { + ClientCache[clientRow].Clients[clientIdx].serverRow = + (word16)row; + ClientCache[clientRow].Clients[clientIdx].serverIdx = + (word16)idx; + if (sessionID != NULL) { + word32 sessionIDHash = HashObject(sessionID, ID_LEN, + &error); + if (error == 0) { + ClientCache[clientRow].Clients[clientIdx].sessionIDHash + = sessionIDHash; + } + } + } + else { + error = -1; + ClientCache[clientRow].nextIdx = 0; /* reset index as safety */ + WOLFSSL_MSG("Invalid client cache index! " + "Possible corrupted memory"); + } + if (error == 0) { + WOLFSSL_MSG("Adding client cache entry"); + + ret = &ClientCache[clientRow].Clients[clientIdx]; + + if (ClientCache[clientRow].totalCount < CLIENT_SESSIONS_PER_ROW) + ClientCache[clientRow].totalCount++; + ClientCache[clientRow].nextIdx++; + ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW; + } + + wc_UnLockMutex(&clisession_mutex); + } + else { + WOLFSSL_MSG("Hash session or lock failed"); + } + } + else { + WOLFSSL_MSG("Skipping client cache"); + } + + return ret; +} +#endif /* !NO_CLIENT_CACHE */ + +/** + * For backwards compatibility, this API needs to be used in *ALL* functions + * that access the WOLFSSL_SESSION members directly. + * + * This API checks if the passed in session is actually a ClientSession object + * and returns the matching session cache object. Otherwise just return the + * input. ClientSession objects only occur in the ClientCache. They are not + * allocated anywhere else. + */ +WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) +{ + WOLFSSL_ENTER("ClientSessionToSession"); +#ifdef NO_SESSION_CACHE_REF + return (WOLFSSL_SESSION*)session; +#else +#ifndef NO_CLIENT_CACHE + if (session == NULL) + return NULL; + /* Check if session points into ClientCache */ + if ((byte*)session >= (byte*)ClientCache && + /* Cast to byte* to make pointer arithmetic work per byte */ + (byte*)session < ((byte*)ClientCache) + sizeof(ClientCache)) { + ClientSession* clientSession = (ClientSession*)session; + SessionRow* sessRow = NULL; + WOLFSSL_SESSION* cacheSession = NULL; + word32 sessionIDHash = 0; + int error = 0; + session = NULL; /* Default to NULL for failure case */ + if (wc_LockMutex(&clisession_mutex) != 0) { + WOLFSSL_MSG("Client cache mutex lock failed"); + return NULL; + } + if (clientSession->serverRow >= SESSION_ROWS || + clientSession->serverIdx >= SESSIONS_PER_ROW) { + WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); + error = -1; + } + /* Prevent memory access before clientSession->serverRow and + * clientSession->serverIdx are sanitized. */ + XFENCE(); + if (error == 0) { + /* Lock row */ + sessRow = &SessionCache[clientSession->serverRow]; + error = SESSION_ROW_RD_LOCK(sessRow); + if (error != 0) { + WOLFSSL_MSG("Session cache row lock failure"); + sessRow = NULL; + } + } + if (error == 0) { +#ifdef SESSION_CACHE_DYNAMIC_MEM + cacheSession = sessRow->Sessions[clientSession->serverIdx]; +#else + cacheSession = &sessRow->Sessions[clientSession->serverIdx]; +#endif + if (cacheSession && cacheSession->sessionIDSz == 0) { + cacheSession = NULL; + WOLFSSL_MSG("Session cache entry not set"); + error = -1; + } + } + if (error == 0) { + /* Calculate the hash of the session ID */ + sessionIDHash = HashObject(cacheSession->sessionID, ID_LEN, + &error); + } + if (error == 0) { + /* Check the session ID hash matches */ + error = clientSession->sessionIDHash != sessionIDHash; + if (error != 0) + WOLFSSL_MSG("session ID hashes don't match"); + } + if (error == 0) { + /* Hashes match */ + session = cacheSession; + WOLFSSL_MSG("Found session cache matching client session object"); + } + if (sessRow != NULL) { + SESSION_ROW_UNLOCK(sessRow); + } + wc_UnLockMutex(&clisession_mutex); + return (WOLFSSL_SESSION*)session; + } + else { + /* Plain WOLFSSL_SESSION object */ + return (WOLFSSL_SESSION*)session; + } +#else + return (WOLFSSL_SESSION*)session; +#endif +#endif +} + +int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, + const byte* id, byte idSz, int* sessionIndex, int side, + word16 useTicket, ClientSession** clientCacheEntry) +{ + WOLFSSL_SESSION* cacheSession = NULL; + SessionRow* sessRow = NULL; + word32 idx = 0; +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + WOLFSSL_X509* cachePeer = NULL; + WOLFSSL_X509* addPeer = NULL; +#endif +#ifdef HAVE_SESSION_TICKET + byte* cacheTicBuff = NULL; + byte ticBuffUsed = 0; + byte* ticBuff = NULL; + int ticLen = 0; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + byte *preallocNonce = NULL; + byte preallocNonceLen = 0; + byte preallocNonceUsed = 0; + byte *toFree = NULL; +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC */ +#endif /* HAVE_SESSION_TICKET */ + int ret = 0; + int row; + int i; + int overwrite = 0; + (void)ctx; + (void)sessionIndex; + (void)useTicket; + (void)clientCacheEntry; + + WOLFSSL_ENTER("AddSessionToCache"); + + if (idSz == 0) { + WOLFSSL_MSG("AddSessionToCache idSz == 0"); + return BAD_FUNC_ARG; + } + + addSession = ClientSessionToSession(addSession); + if (addSession == NULL) { + WOLFSSL_MSG("AddSessionToCache is NULL"); + return MEMORY_E; + } + +#ifdef HAVE_SESSION_TICKET + ticLen = addSession->ticketLen; + /* Alloc Memory here to avoid syscalls during lock */ + if (ticLen > SESSION_TICKET_LEN) { + ticBuff = (byte*)XMALLOC(ticLen, NULL, + DYNAMIC_TYPE_SESSION_TICK); + if (ticBuff == NULL) { + return MEMORY_E; + } + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (addSession->ticketNonce.data != addSession->ticketNonce.dataStatic) { + /* use the AddSession->heap even if the buffer maybe saved in + * CachedSession objects. CachedSession heap and AddSession heap should + * be the same */ + preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len, + addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + if (preallocNonce == NULL) { + XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + return MEMORY_E; + } + preallocNonceLen = addSession->ticketNonce.len; + } +#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */ +#endif /* HAVE_SESSION_TICKET */ + + /* Find a position for the new session in cache and use that */ + /* Use the session object in the cache for external cache if required */ + row = (int)(HashObject(id, ID_LEN, &ret) % SESSION_ROWS); + if (ret != 0) { + WOLFSSL_MSG("Hash session failed"); + #ifdef HAVE_SESSION_TICKET + XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + #endif + #endif + return ret; + } + + sessRow = &SessionCache[row]; + if (SESSION_ROW_WR_LOCK(sessRow) != 0) { + #ifdef HAVE_SESSION_TICKET + XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + #endif + #endif + WOLFSSL_MSG("Session row lock failed"); + return BAD_MUTEX_E; + } + + for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { +#ifdef SESSION_CACHE_DYNAMIC_MEM + cacheSession = sessRow->Sessions[i]; +#else + cacheSession = &sessRow->Sessions[i]; +#endif + if (cacheSession && XMEMCMP(id, + cacheSession->sessionID, ID_LEN) == 0 && + cacheSession->side == side) { + WOLFSSL_MSG("Session already exists. Overwriting."); + overwrite = 1; + idx = (word32)i; + break; + } + } + + if (!overwrite) + idx = (word32)sessRow->nextIdx; +#ifdef SESSION_INDEX + if (sessionIndex != NULL) + *sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx; +#endif + +#ifdef SESSION_CACHE_DYNAMIC_MEM + cacheSession = sessRow->Sessions[idx]; + if (cacheSession == NULL) { + cacheSession = (WOLFSSL_SESSION*) XMALLOC(sizeof(WOLFSSL_SESSION), + sessRow->heap, DYNAMIC_TYPE_SESSION); + if (cacheSession == NULL) { + #ifdef HAVE_SESSION_TICKET + XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + #endif + #endif + SESSION_ROW_UNLOCK(sessRow); + return MEMORY_E; + } + XMEMSET(cacheSession, 0, sizeof(WOLFSSL_SESSION)); + sessRow->Sessions[idx] = cacheSession; + } +#else + cacheSession = &sessRow->Sessions[idx]; +#endif + +#ifdef HAVE_EX_DATA + if (overwrite) { + /* Figure out who owns the ex_data */ + if (cacheSession->ownExData) { + /* Prioritize cacheSession copy */ + XMEMCPY(&addSession->ex_data, &cacheSession->ex_data, + sizeof(WOLFSSL_CRYPTO_EX_DATA)); + } + /* else will be copied in wolfSSL_DupSession call */ + } + else if (cacheSession->ownExData) { + crypto_ex_cb_free_data(cacheSession, crypto_ex_cb_ctx_session, + &cacheSession->ex_data); + cacheSession->ownExData = 0; + } +#endif + + if (!overwrite) + EvictSessionFromCache(cacheSession); + + cacheSession->type = WOLFSSL_SESSION_TYPE_CACHE; + cacheSession->cacheRow = row; + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + /* Save the peer field to free after unlocking the row */ + if (cacheSession->peer != NULL) + cachePeer = cacheSession->peer; + cacheSession->peer = NULL; +#endif +#ifdef HAVE_SESSION_TICKET + /* If we can reuse the existing buffer in cacheSession then we won't touch + * ticBuff at all making it a very cheap malloc/free. The page on a modern + * OS will most likely not even be allocated to the process. */ + if (ticBuff != NULL && cacheSession->ticketLenAlloc < ticLen) { + /* Save pointer only if separately allocated */ + if (cacheSession->ticket != cacheSession->staticTicket) + cacheTicBuff = cacheSession->ticket; + ticBuffUsed = 1; + cacheSession->ticket = ticBuff; + cacheSession->ticketLenAlloc = (word16) ticLen; + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + /* cache entry never used */ + if (cacheSession->ticketNonce.data == NULL) + cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic; + + if (cacheSession->ticketNonce.data != + cacheSession->ticketNonce.dataStatic) { + toFree = cacheSession->ticketNonce.data; + cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic; + cacheSession->ticketNonce.len = 0; + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#endif +#ifdef SESSION_CERTS + if (overwrite && + addSession->chain.count == 0 && + cacheSession->chain.count > 0) { + /* Copy in the certs from the session */ + addSession->chain.count = cacheSession->chain.count; + XMEMCPY(addSession->chain.certs, cacheSession->chain.certs, + sizeof(x509_buffer) * cacheSession->chain.count); + } +#endif /* SESSION_CERTS */ +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + /* Don't copy the peer cert into cache */ + addPeer = addSession->peer; + addSession->peer = NULL; +#endif + cacheSession->heap = NULL; + /* Copy data into the cache object */ +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce, + &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE; +#else + ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE; +#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC + && FIPS_VERSION_GE(5,3)*/ +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + addSession->peer = addPeer; +#endif + + if (ret == 0) { + if (!overwrite) { + /* Increment the totalCount and the nextIdx */ + if (sessRow->totalCount < SESSIONS_PER_ROW) + sessRow->totalCount++; + sessRow->nextIdx = (sessRow->nextIdx + 1) % SESSIONS_PER_ROW; + } + if (id != addSession->sessionID) { + /* ssl->session->sessionID may contain the bogus ID or we want the + * ID from the arrays object */ + XMEMCPY(cacheSession->sessionID, id, ID_LEN); + cacheSession->sessionIDSz = ID_LEN; + } +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + if (ctx->rem_sess_cb != NULL) + cacheSession->rem_sess_cb = ctx->rem_sess_cb; +#endif +#ifdef HAVE_EX_DATA + /* The session in cache now owns the ex_data */ + addSession->ownExData = 0; + cacheSession->ownExData = 1; +#endif +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (preallocNonce != NULL && preallocNonceUsed) { + cacheSession->ticketNonce.data = preallocNonce; + cacheSession->ticketNonce.len = preallocNonceLen; + preallocNonce = NULL; + preallocNonceLen = 0; + } +#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC + * && FIPS_VERSION_GE(5,3)*/ + } +#ifdef HAVE_SESSION_TICKET + else if (ticBuffUsed) { + /* Error occurred. Need to clean up the ticket buffer. */ + cacheSession->ticket = cacheSession->staticTicket; + cacheSession->ticketLenAlloc = 0; + cacheSession->ticketLen = 0; + } +#endif + SESSION_ROW_UNLOCK(sessRow); + cacheSession = NULL; /* Can't access after unlocked */ + +#ifndef NO_CLIENT_CACHE + if (ret == 0 && clientCacheEntry != NULL) { + ClientSession* clientCache = AddSessionToClientCache(side, row, (int)idx, + addSession->serverID, addSession->idLen, id, useTicket); + if (clientCache != NULL) + *clientCacheEntry = clientCache; + } +#endif + +#ifdef HAVE_SESSION_TICKET + if (ticBuff != NULL && !ticBuffUsed) + XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); + XFREE(cacheTicBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(toFree, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (cachePeer != NULL) { + wolfSSL_X509_free(cachePeer); + cachePeer = NULL; /* Make sure not use after this point */ + } +#endif + + return ret; +} + +void AddSession(WOLFSSL* ssl) +{ + int error = 0; + const byte* id = NULL; + byte idSz = 0; + WOLFSSL_SESSION* session = ssl->session; + + (void)error; + + WOLFSSL_ENTER("AddSession"); + + if (SslSessionCacheOff(ssl, session)) { + WOLFSSL_MSG("Cache off"); + return; + } + + if (session->haveAltSessionID) { + id = session->altSessionID; + idSz = ID_LEN; + } + else { + id = session->sessionID; + idSz = session->sessionIDSz; + } + + /* Do this only for the client because if the server doesn't have an ID at + * this point, it won't on resumption. */ + if (idSz == 0 && ssl->options.side == WOLFSSL_CLIENT_END) { + WC_RNG* rng = NULL; + if (ssl->rng != NULL) + rng = ssl->rng; +#if defined(HAVE_GLOBAL_RNG) && defined(OPENSSL_EXTRA) + else if (initGlobalRNG == 1 || wolfSSL_RAND_Init() == WOLFSSL_SUCCESS) { + rng = &globalRNG; + } +#endif + if (wc_RNG_GenerateBlock(rng, ssl->session->altSessionID, + ID_LEN) != 0) + return; + ssl->session->haveAltSessionID = 1; + id = ssl->session->altSessionID; + idSz = ID_LEN; + } + +#ifdef HAVE_EXT_CACHE + if (!ssl->options.internalCacheOff) +#endif + { + /* Try to add the session to internal cache or external cache + if a new_sess_cb is set. Its ok if we don't succeed. */ + (void)AddSessionToCache(ssl->ctx, session, id, idSz, +#ifdef SESSION_INDEX + &ssl->sessionIndex, +#else + NULL, +#endif + ssl->options.side, +#ifdef HAVE_SESSION_TICKET + ssl->options.useTicket, +#else + 0, +#endif +#ifdef NO_SESSION_CACHE_REF + NULL +#else + (ssl->options.side == WOLFSSL_CLIENT_END) ? + &ssl->clientSession : NULL +#endif + ); + } + +#ifdef HAVE_EXT_CACHE + if (error == 0 && ssl->ctx->new_sess_cb != NULL) { + int cbRet = 0; + wolfSSL_SESSION_up_ref(session); + cbRet = ssl->ctx->new_sess_cb(ssl, session); + if (cbRet == 0) + wolfSSL_FreeSession(ssl->ctx, session); + } +#endif + +#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) + if (error == 0) { + word32 active = 0; + + error = get_locked_session_stats(&active, NULL, NULL); + if (error == WOLFSSL_SUCCESS) { + error = 0; /* back to this function ok */ + + if (PeakSessions < active) { + PeakSessions = active; + } + } + } +#endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */ + (void)error; +} + + +#ifdef SESSION_INDEX + +int wolfSSL_GetSessionIndex(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_GetSessionIndex"); + WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex); + return ssl->sessionIndex; +} + + +int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session) +{ + int row, col, result = WOLFSSL_FAILURE; + SessionRow* sessRow; + WOLFSSL_SESSION* cacheSession; + + WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex"); + + session = ClientSessionToSession(session); + + row = idx >> SESSIDX_ROW_SHIFT; + col = idx & SESSIDX_IDX_MASK; + + if (session == NULL || + row < 0 || row >= SESSION_ROWS || col >= SESSIONS_PER_ROW) { + return WOLFSSL_FAILURE; + } + + sessRow = &SessionCache[row]; + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { + return BAD_MUTEX_E; + } + +#ifdef SESSION_CACHE_DYNAMIC_MEM + cacheSession = sessRow->Sessions[col]; +#else + cacheSession = &sessRow->Sessions[col]; +#endif + if (cacheSession) { + XMEMCPY(session, cacheSession, sizeof(WOLFSSL_SESSION)); + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FAILURE; + } + + SESSION_ROW_UNLOCK(sessRow); + + WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result); + return result; +} + +#endif /* SESSION_INDEX */ + +#if defined(SESSION_CERTS) + +WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session) +{ + WOLFSSL_X509_CHAIN* chain = NULL; + + WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain"); + + session = ClientSessionToSession(session); + + if (session) + chain = &session->chain; + + WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0); + return chain; +} + + +#ifdef OPENSSL_EXTRA +/* gets the peer certificate associated with the session passed in + * returns null on failure, the caller should not free the returned pointer */ +WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain"); + + session = ClientSessionToSession(session); + if (session) { + int count; + + count = wolfSSL_get_chain_count(&session->chain); + if (count < 1 || count >= MAX_CHAIN_DEPTH) { + WOLFSSL_MSG("bad count found"); + return NULL; + } + + if (session->peer == NULL) { + session->peer = wolfSSL_get_chain_X509(&session->chain, 0); + } + return session->peer; + } + WOLFSSL_MSG("No session passed in"); + + return NULL; +} +#endif /* OPENSSL_EXTRA */ +#endif /* SESSION_INDEX && SESSION_CERTS */ + + +#ifdef WOLFSSL_SESSION_STATS + +static int get_locked_session_stats(word32* active, word32* total, word32* peak) +{ + int result = WOLFSSL_SUCCESS; + int i; + int count; + int idx; + word32 now = 0; + word32 seen = 0; + word32 ticks = LowResTimer(); + + WOLFSSL_ENTER("get_locked_session_stats"); + +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_RD_LOCK(&SessionCache[0]); +#endif + for (i = 0; i < SESSION_ROWS; i++) { + SessionRow* row = &SessionCache[i]; + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + if (SESSION_ROW_RD_LOCK(row) != 0) { + WOLFSSL_MSG("Session row cache mutex lock failed"); + return BAD_MUTEX_E; + } + #endif + + seen += row->totalCount; + + if (active == NULL) { + SESSION_ROW_UNLOCK(row); + continue; + } + + count = min((word32)row->totalCount, SESSIONS_PER_ROW); + idx = row->nextIdx - 1; + if (idx < 0 || idx >= SESSIONS_PER_ROW) { + idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */ + } + + for (; count > 0; --count) { + /* if not expired then good */ +#ifdef SESSION_CACHE_DYNAMIC_MEM + if (row->Sessions[idx] && + ticks < (row->Sessions[idx]->bornOn + + row->Sessions[idx]->timeout) ) +#else + if (ticks < (row->Sessions[idx].bornOn + + row->Sessions[idx].timeout) ) +#endif + { + now++; + } + + idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1; + } + + #ifdef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(row); + #endif + } +#ifndef ENABLE_SESSION_CACHE_ROW_LOCK + SESSION_ROW_UNLOCK(&SessionCache[0]); +#endif + + if (active) { + *active = now; + } + if (total) { + *total = seen; + } + +#ifdef WOLFSSL_PEAK_SESSIONS + if (peak) { + *peak = PeakSessions; + } +#else + (void)peak; +#endif + + WOLFSSL_LEAVE("get_locked_session_stats", result); + + return result; +} + + +/* return WOLFSSL_SUCCESS on ok */ +int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak, + word32* maxSessions) +{ + int result = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_get_session_stats"); + + if (maxSessions) { + *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS; + + if (active == NULL && total == NULL && peak == NULL) + return result; /* we're done */ + } + + /* user must provide at least one query value */ + if (active == NULL && total == NULL && peak == NULL) { + return BAD_FUNC_ARG; + } + + result = get_locked_session_stats(active, total, peak); + + WOLFSSL_LEAVE("wolfSSL_get_session_stats", result); + + return result; +} + +#endif /* WOLFSSL_SESSION_STATS */ + + + #ifdef PRINT_SESSION_STATS + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_PrintSessionStats(void) + { + word32 totalSessionsSeen = 0; + word32 totalSessionsNow = 0; + word32 peak = 0; + word32 maxSessions = 0; + int i; + int ret; + double E; /* expected freq */ + double chiSquare = 0; + + ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen, + &peak, &maxSessions); + if (ret != WOLFSSL_SUCCESS) + return ret; + printf("Total Sessions Seen = %u\n", totalSessionsSeen); + printf("Total Sessions Now = %u\n", totalSessionsNow); +#ifdef WOLFSSL_PEAK_SESSIONS + printf("Peak Sessions = %u\n", peak); +#endif + printf("Max Sessions = %u\n", maxSessions); + + E = (double)totalSessionsSeen / SESSION_ROWS; + + for (i = 0; i < SESSION_ROWS; i++) { + double diff = SessionCache[i].totalCount - E; + diff *= diff; /* square */ + diff /= E; /* normalize */ + + chiSquare += diff; + } + printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare, + SESSION_ROWS - 1); + #if (SESSION_ROWS == 11) + printf(" .05 p value = 18.3, chi-square should be less\n"); + #elif (SESSION_ROWS == 211) + printf(".05 p value = 244.8, chi-square should be less\n"); + #elif (SESSION_ROWS == 5981) + printf(".05 p value = 6161.0, chi-square should be less\n"); + #elif (SESSION_ROWS == 3) + printf(".05 p value = 6.0, chi-square should be less\n"); + #elif (SESSION_ROWS == 2861) + printf(".05 p value = 2985.5, chi-square should be less\n"); + #endif + printf("\n"); + + return ret; + } + + #endif /* SESSION_STATS */ + +#else /* NO_SESSION_CACHE */ + +WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) +{ + return (WOLFSSL_SESSION*)session; +} + +/* No session cache version */ +WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret, + byte restoreSessionCerts) +{ + (void)ssl; + (void)masterSecret; + (void)restoreSessionCerts; + + return NULL; +} + +#endif /* NO_SESSION_CACHE */ + +#ifdef OPENSSL_EXTRA + + /* returns previous set cache size which stays constant */ + long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) + { + /* cache size fixed at compile time in wolfSSL */ + (void)ctx; + (void)sz; + WOLFSSL_MSG("session cache is set at compile time"); + #ifndef NO_SESSION_CACHE + return (long)(SESSIONS_PER_ROW * SESSION_ROWS); + #else + return 0; + #endif + } + + + long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) + { + (void)ctx; + #ifndef NO_SESSION_CACHE + return (long)(SESSIONS_PER_ROW * SESSION_ROWS); + #else + return 0; + #endif + } + +#endif + +#ifndef NO_SESSION_CACHE +int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) +{ + int error = 0; + const byte* id = NULL; + byte idSz = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_add_session"); + + session = ClientSessionToSession(session); + if (session == NULL) + return WOLFSSL_FAILURE; + + /* Session cache is global */ + (void)ctx; + + if (session->haveAltSessionID) { + id = session->altSessionID; + idSz = ID_LEN; + } + else { + id = session->sessionID; + idSz = session->sessionIDSz; + } + + error = AddSessionToCache(ctx, session, id, idSz, + NULL, session->side, +#ifdef HAVE_SESSION_TICKET + session->ticketLen > 0, +#else + 0, +#endif + NULL); + + return error == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} +#endif + +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) +/* stunnel 4.28 needs + * + * Callback that is called if a session tries to resume but could not find + * the session to resume it. + */ +void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, + WOLFSSL_SESSION*(*f)(WOLFSSL*, const unsigned char*, int, int*)) +{ + if (ctx == NULL) + return; + +#ifdef HAVE_EXT_CACHE + ctx->get_sess_cb = f; +#else + (void)f; +#endif +} + +void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx, + int (*f)(WOLFSSL*, WOLFSSL_SESSION*)) +{ + if (ctx == NULL) + return; + +#ifdef HAVE_EXT_CACHE + ctx->new_sess_cb = f; +#else + (void)f; +#endif +} + +void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*, + WOLFSSL_SESSION*)) +{ + if (ctx == NULL) + return; + +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + ctx->rem_sess_cb = f; +#else + (void)f; +#endif +} + + +/* + * + * Note: It is expected that the importing and exporting function have been + * built with the same settings. For example if session tickets was + * enabled with the wolfSSL library exporting a session then it is + * expected to be turned on with the wolfSSL library importing the + * session. + */ +int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) +{ + int size = 0; +#ifdef HAVE_EXT_CACHE + int idx = 0; +#ifdef SESSION_CERTS + int i; +#endif + + WOLFSSL_ENTER("wolfSSL_i2d_SSL_SESSION"); + + sess = ClientSessionToSession(sess); + if (sess == NULL) { + return BAD_FUNC_ARG; + } + + /* side | bornOn | timeout | sessionID len | sessionID | masterSecret | + * haveEMS */ + size += OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN + + sess->sessionIDSz + SECRET_LEN + OPAQUE8_LEN; + /* altSessionID */ + size += OPAQUE8_LEN + (sess->haveAltSessionID ? ID_LEN : 0); +#ifdef SESSION_CERTS + /* Peer chain */ + size += OPAQUE8_LEN; + for (i = 0; i < sess->chain.count; i++) + size += OPAQUE16_LEN + sess->chain.certs[i].length; +#endif +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + /* Protocol version */ + size += OPAQUE16_LEN; +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + /* cipher suite */ + size += OPAQUE16_LEN; +#endif +#ifndef NO_CLIENT_CACHE + /* ServerID len | ServerID */ + size += OPAQUE16_LEN + sess->idLen; +#endif +#ifdef WOLFSSL_SESSION_ID_CTX + /* session context ID len | session context ID */ + size += OPAQUE8_LEN + sess->sessionCtxSz; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + /* peerVerifyRet */ + size += OPAQUE8_LEN; +#endif +#ifdef WOLFSSL_TLS13 + /* namedGroup */ + size += OPAQUE16_LEN; +#endif +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_32BIT_MILLI_TIME + /* ticketSeen | ticketAdd */ + size += OPAQUE32_LEN + OPAQUE32_LEN; +#else + /* ticketSeen Hi 32 bits | ticketSeen Lo 32 bits | ticketAdd */ + size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE32_LEN; +#endif + /* ticketNonce */ + size += OPAQUE8_LEN + sess->ticketNonce.len; +#endif +#ifdef WOLFSSL_EARLY_DATA + size += OPAQUE32_LEN; +#endif +#endif +#ifdef HAVE_SESSION_TICKET + /* ticket len | ticket */ + size += OPAQUE16_LEN + sess->ticketLen; +#endif + + if (p != NULL) { + unsigned char *data; + + if (*p == NULL) + *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL); + if (*p == NULL) + return 0; + data = *p; + + data[idx++] = sess->side; + c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN; + c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN; + data[idx++] = sess->sessionIDSz; + XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz); + idx += sess->sessionIDSz; + XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN; + data[idx++] = (byte)sess->haveEMS; + data[idx++] = sess->haveAltSessionID ? ID_LEN : 0; + if (sess->haveAltSessionID) { + XMEMCPY(data + idx, sess->altSessionID, ID_LEN); + idx += ID_LEN; + } +#ifdef SESSION_CERTS + data[idx++] = (byte)sess->chain.count; + for (i = 0; i < sess->chain.count; i++) { + c16toa((word16)sess->chain.certs[i].length, data + idx); + idx += OPAQUE16_LEN; + XMEMCPY(data + idx, sess->chain.certs[i].buffer, + sess->chain.certs[i].length); + idx += sess->chain.certs[i].length; + } +#endif +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + data[idx++] = sess->version.major; + data[idx++] = sess->version.minor; +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + data[idx++] = sess->cipherSuite0; + data[idx++] = sess->cipherSuite; +#endif +#ifndef NO_CLIENT_CACHE + c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN; + XMEMCPY(data + idx, sess->serverID, sess->idLen); + idx += sess->idLen; +#endif +#ifdef WOLFSSL_SESSION_ID_CTX + data[idx++] = sess->sessionCtxSz; + XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz); + idx += sess->sessionCtxSz; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + data[idx++] = sess->peerVerifyRet; +#endif +#ifdef WOLFSSL_TLS13 + c16toa(sess->namedGroup, data + idx); + idx += OPAQUE16_LEN; +#endif +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_32BIT_MILLI_TIME + c32toa(sess->ticketSeen, data + idx); + idx += OPAQUE32_LEN; +#else + c32toa((word32)(sess->ticketSeen >> 32), data + idx); + idx += OPAQUE32_LEN; + c32toa((word32)sess->ticketSeen, data + idx); + idx += OPAQUE32_LEN; +#endif + c32toa(sess->ticketAdd, data + idx); + idx += OPAQUE32_LEN; + data[idx++] = sess->ticketNonce.len; + XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len); + idx += sess->ticketNonce.len; +#endif +#ifdef WOLFSSL_EARLY_DATA + c32toa(sess->maxEarlyDataSz, data + idx); + idx += OPAQUE32_LEN; +#endif +#endif +#ifdef HAVE_SESSION_TICKET + c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN; + XMEMCPY(data + idx, sess->ticket, sess->ticketLen); + idx += sess->ticketLen; +#endif + } +#endif + + (void)sess; + (void)p; +#ifdef HAVE_EXT_CACHE + (void)idx; +#endif + + return size; +} + + +/* TODO: no function to free new session. + * + * Note: It is expected that the importing and exporting function have been + * built with the same settings. For example if session tickets was + * enabled with the wolfSSL library exporting a session then it is + * expected to be turned on with the wolfSSL library importing the + * session. + */ +WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + const unsigned char** p, long i) +{ + WOLFSSL_SESSION* s = NULL; + int ret = 0; +#if defined(HAVE_EXT_CACHE) + int idx = 0; + byte* data; +#ifdef SESSION_CERTS + int j; + word16 length; +#endif +#endif /* HAVE_EXT_CACHE */ + + (void)p; + (void)i; + (void)ret; + (void)sess; + +#ifdef HAVE_EXT_CACHE + if (p == NULL || *p == NULL) + return NULL; + + s = wolfSSL_SESSION_new(); + if (s == NULL) + return NULL; + + idx = 0; + data = (byte*)*p; + + /* side | bornOn | timeout | sessionID len */ + if (i < OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->side = data[idx++]; + ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN; + ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN; + s->sessionIDSz = data[idx++]; + + /* sessionID | secret | haveEMS | haveAltSessionID */ + if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->sessionID, data + idx, s->sessionIDSz); + idx += s->sessionIDSz; + XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN; + s->haveEMS = data[idx++]; + if (data[idx] != ID_LEN && data[idx] != 0) { + ret = BUFFER_ERROR; + goto end; + } + s->haveAltSessionID = data[idx++] == ID_LEN; + + /* altSessionID */ + if (s->haveAltSessionID) { + if (i - idx < ID_LEN) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->altSessionID, data + idx, ID_LEN); idx += ID_LEN; + } + +#ifdef SESSION_CERTS + /* Certificate chain */ + if (i - idx == 0) { + ret = BUFFER_ERROR; + goto end; + } + s->chain.count = data[idx++]; + for (j = 0; j < s->chain.count; j++) { + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato16(data + idx, &length); idx += OPAQUE16_LEN; + s->chain.certs[j].length = length; + if (i - idx < length) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->chain.certs[j].buffer, data + idx, length); + idx += length; + } +#endif +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + /* Protocol Version */ + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->version.major = data[idx++]; + s->version.minor = data[idx++]; +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + /* Cipher suite */ + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->cipherSuite0 = data[idx++]; + s->cipherSuite = data[idx++]; +#endif +#ifndef NO_CLIENT_CACHE + /* ServerID len */ + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN; + + /* ServerID */ + if (i - idx < s->idLen) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen; +#endif +#ifdef WOLFSSL_SESSION_ID_CTX + /* byte for length of session context ID */ + if (i - idx < OPAQUE8_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->sessionCtxSz = data[idx++]; + + /* app session context ID */ + if (i - idx < s->sessionCtxSz) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + /* byte for peerVerifyRet */ + if (i - idx < OPAQUE8_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->peerVerifyRet = data[idx++]; +#endif +#ifdef WOLFSSL_TLS13 + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato16(data + idx, &s->namedGroup); + idx += OPAQUE16_LEN; +#endif +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#ifdef WOLFSSL_TLS13 + if (i - idx < (OPAQUE32_LEN * 2)) { + ret = BUFFER_ERROR; + goto end; + } +#ifdef WOLFSSL_32BIT_MILLI_TIME + ato32(data + idx, &s->ticketSeen); + idx += OPAQUE32_LEN; +#else + { + word32 seenHi, seenLo; + + ato32(data + idx, &seenHi); + idx += OPAQUE32_LEN; + ato32(data + idx, &seenLo); + idx += OPAQUE32_LEN; + s->ticketSeen = ((sword64)seenHi << 32) + seenLo; + } +#endif + ato32(data + idx, &s->ticketAdd); + idx += OPAQUE32_LEN; + if (i - idx < OPAQUE8_LEN) { + ret = BUFFER_ERROR; + goto end; + } + s->ticketNonce.len = data[idx++]; + + if (i - idx < s->ticketNonce.len) { + ret = BUFFER_ERROR; + goto end; + } +#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = SessionTicketNoncePopulate(s, data + idx, s->ticketNonce.len); + if (ret != 0) + goto end; +#else + if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len); +#endif /* defined(WOLFSSL_TICKET_NONCE_MALLOC) && FIPS_VERSION_GE(5,3) */ + + idx += s->ticketNonce.len; +#endif +#ifdef WOLFSSL_EARLY_DATA + if (i - idx < OPAQUE32_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato32(data + idx, &s->maxEarlyDataSz); + idx += OPAQUE32_LEN; +#endif +#endif +#ifdef HAVE_SESSION_TICKET + /* ticket len */ + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN; + + /* Dispose of ol dynamic ticket and ensure space for new ticket. */ + if (s->ticketLenAlloc > 0) { + XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); + } + if (s->ticketLen <= SESSION_TICKET_LEN) + s->ticket = s->staticTicket; + else { + s->ticket = (byte*)XMALLOC(s->ticketLen, NULL, + DYNAMIC_TYPE_SESSION_TICK); + if (s->ticket == NULL) { + ret = MEMORY_ERROR; + goto end; + } + s->ticketLenAlloc = (word16)s->ticketLen; + } + + /* ticket */ + if (i - idx < s->ticketLen) { + ret = BUFFER_ERROR; + goto end; + } + XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen; +#endif + (void)idx; + + if (sess != NULL) { + *sess = s; + } + + s->isSetup = 1; + + *p += idx; + +end: + if (ret != 0 && (sess == NULL || *sess != s)) { + wolfSSL_FreeSession(NULL, s); + s = NULL; + } +#endif /* HAVE_EXT_CACHE */ + return s; +} + +/* Check if there is a session ticket associated with this WOLFSSL_SESSION. + * + * sess - pointer to WOLFSSL_SESSION struct + * + * Returns 1 if has session ticket, otherwise 0 */ +int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket"); +#ifdef HAVE_SESSION_TICKET + sess = ClientSessionToSession(sess); + if (sess) { + if ((sess->ticketLen > 0) && (sess->ticket != NULL)) { + return WOLFSSL_SUCCESS; + } + } +#else + (void)sess; +#endif + return WOLFSSL_FAILURE; +} + +unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( + const WOLFSSL_SESSION* sess) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint"); + sess = ClientSessionToSession(sess); + if (sess) { + return sess->timeout; + } + return 0; +} + +long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess) +{ + long timeout = 0; + WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout"); + sess = ClientSessionToSession(sess); + if (sess) + timeout = sess->timeout; + return timeout; +} + +long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t) +{ + word32 tmptime; + + ses = ClientSessionToSession(ses); + if (ses == NULL || t < 0) { + return BAD_FUNC_ARG; + } + + tmptime = t & 0xFFFFFFFF; + ses->timeout = tmptime; + + return WOLFSSL_SUCCESS; +} + +long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess) +{ + long bornOn = 0; + WOLFSSL_ENTER("wolfSSL_SESSION_get_time"); + sess = ClientSessionToSession(sess); + if (sess) + bornOn = sess->bornOn; + return bornOn; +} + +long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t) +{ + + ses = ClientSessionToSession(ses); + if (ses == NULL || t < 0) { + return 0; + } + ses->bornOn = (word32)t; + return t; +} + +#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_EX_DATA) + +#if defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) +static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, + void* data, byte get, void** getRet, int* setRet) +{ + int row; + int i; + int error = 0; + SessionRow* sessRow = NULL; + const byte* id; + byte foundCache = 0; + + if (getRet != NULL) + *getRet = NULL; + if (setRet != NULL) + *setRet = WOLFSSL_FAILURE; + + id = session->sessionID; + if (session->haveAltSessionID) + id = session->altSessionID; + + row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS); + if (error != 0) { + WOLFSSL_MSG("Hash session failed"); + return; + } + + sessRow = &SessionCache[row]; + if (get) + error = SESSION_ROW_RD_LOCK(sessRow); + else + error = SESSION_ROW_WR_LOCK(sessRow); + if (error != 0) { + WOLFSSL_MSG("Session row lock failed"); + return; + } + + for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { + WOLFSSL_SESSION* cacheSession; +#ifdef SESSION_CACHE_DYNAMIC_MEM + cacheSession = sessRow->Sessions[i]; +#else + cacheSession = &sessRow->Sessions[i]; +#endif + if (cacheSession && + XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0 + && session->side == cacheSession->side + #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + && (IsAtLeastTLSv1_3(session->version) == + IsAtLeastTLSv1_3(cacheSession->version)) + #endif + ) { + if (get) { + if (getRet) { + *getRet = wolfSSL_CRYPTO_get_ex_data( + &cacheSession->ex_data, idx); + } + } + else { + if (setRet) { + *setRet = wolfSSL_CRYPTO_set_ex_data( + &cacheSession->ex_data, idx, data); + } + } + foundCache = 1; + break; + } + } + SESSION_ROW_UNLOCK(sessRow); + /* If we don't have a session in cache then clear the ex_data and + * own it */ + if (!foundCache) { + XMEMSET(&session->ex_data, 0, sizeof(WOLFSSL_CRYPTO_EX_DATA)); + session->ownExData = 1; + if (!get) { + *setRet = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, + data); + } + } + +} +#endif + +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + +#ifndef NO_SESSION_CACHE +int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s) +{ +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + int rem_called = FALSE; +#endif + + WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session"); + + s = ClientSessionToSession(s); + if (ctx == NULL || s == NULL) + return BAD_FUNC_ARG; + +#ifdef HAVE_EXT_CACHE + if (!ctx->internalCacheOff) +#endif + { + const byte* id; + WOLFSSL_SESSION *sess = NULL; + word32 row = 0; + int ret; + + id = s->sessionID; + if (s->haveAltSessionID) + id = s->altSessionID; + + ret = TlsSessionCacheGetAndWrLock(id, &sess, &row, ctx->method->side); + if (ret == 0 && sess != NULL) { +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + if (sess->rem_sess_cb != NULL) { + rem_called = TRUE; + } +#endif + /* Call this before changing ownExData so that calls to ex_data + * don't try to access the SessionCache again. */ + EvictSessionFromCache(sess); +#ifdef HAVE_EX_DATA + if (sess->ownExData) { + /* Most recent version of ex data is in cache. Copy it + * over so the user can free it. */ + XMEMCPY(&s->ex_data, &sess->ex_data, + sizeof(WOLFSSL_CRYPTO_EX_DATA)); + s->ownExData = 1; + sess->ownExData = 0; + } +#endif +#ifdef SESSION_CACHE_DYNAMIC_MEM + { + /* Find and clear entry. Row is locked so we are good to go. */ + int idx; + for (idx = 0; idx < SESSIONS_PER_ROW; idx++) { + if (sess == SessionCache[row].Sessions[idx]) { + XFREE(sess, sess->heap, DYNAMIC_TYPE_SESSION); + SessionCache[row].Sessions[idx] = NULL; + break; + } + } + } +#endif + TlsSessionCacheUnlockRow(row); + } + } + +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + if (ctx->rem_sess_cb != NULL && !rem_called) { + ctx->rem_sess_cb(ctx, s); + } +#endif + + /* s cannot be resumed at this point */ + s->timeout = 0; + + return 0; +} + +WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl) +{ + WOLFSSL_ENTER("wolfSSL_SSL_get0_session"); + + return ssl->session; +} + +#endif /* NO_SESSION_CACHE */ + +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY */ + +#ifdef WOLFSSL_SESSION_EXPORT +/* Used to import a serialized TLS session. + * WARNING: buf contains sensitive information about the state and is best to be + * encrypted before storing if stored. + * + * @param ssl WOLFSSL structure to import the session into + * @param buf serialized session + * @param sz size of buffer 'buf' + * @return the number of bytes read from buffer 'buf' + */ +int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz) +{ + if (ssl == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS); +} + + +/* Used to export a serialized TLS session. + * WARNING: buf contains sensitive information about the state and is best to be + * encrypted before storing if stored. + * + * @param ssl WOLFSSL structure to export the session from + * @param buf output of serialized session + * @param sz size in bytes set in 'buf' + * @return the number of bytes written into buffer 'buf' + */ +int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz) +{ + if (ssl == NULL || sz == NULL) { + return BAD_FUNC_ARG; + } + return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS); +} + +#ifdef WOLFSSL_DTLS +int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz) +{ + WOLFSSL_ENTER("wolfSSL_session_import"); + + if (ssl == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + /* sanity checks on buffer and protocol are done in internal function */ + return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS); +} + + +/* Sets the function to call for serializing the session. This function is + * called right after the handshake is completed. */ +int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func) +{ + + WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export"); + + /* purposefully allow func to be NULL */ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + + ctx->dtls_export = func; + + return WOLFSSL_SUCCESS; +} + +/* Sets the function in WOLFSSL struct to call for serializing the session. This + * function is called right after the handshake is completed. */ +int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func) +{ + + WOLFSSL_ENTER("wolfSSL_dtls_set_export"); + + /* purposefully allow func to be NULL */ + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + ssl->dtls_export = func; + + return WOLFSSL_SUCCESS; +} + + +/* This function allows for directly serializing a session rather than using + * callbacks. It has less overhead by removing a temporary buffer and gives + * control over when the session gets serialized. When using callbacks the + * session is always serialized immediately after the handshake is finished. + * + * buf is the argument to contain the serialized session + * sz is the size of the buffer passed in + * ssl is the WOLFSSL struct to serialize + * returns the size of serialized session on success, 0 on no action, and + * negative value on error */ +int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz) +{ + WOLFSSL_ENTER("wolfSSL_dtls_export"); + + if (ssl == NULL || sz == NULL) { + return BAD_FUNC_ARG; + } + + if (buf == NULL) { + *sz = MAX_EXPORT_BUFFER; + return 0; + } + + /* if not DTLS do nothing */ + if (!ssl->options.dtls) { + WOLFSSL_MSG("Currently only DTLS export is supported"); + return 0; + } + + /* copy over keys, options, and dtls state struct */ + return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS); +} + + +/* This function is similar to wolfSSL_dtls_export but only exports the portion + * of the WOLFSSL structure related to the state of the connection, i.e. peer + * sequence number, epoch, AEAD state etc. + * + * buf is the argument to contain the serialized state, if null then set "sz" to + * buffer size required + * sz is the size of the buffer passed in + * ssl is the WOLFSSL struct to serialize + * returns the size of serialized session on success, 0 on no action, and + * negative value on error */ +int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf, + unsigned int* sz) +{ + WOLFSSL_ENTER("wolfSSL_dtls_export_state_only"); + + if (ssl == NULL || sz == NULL) { + return BAD_FUNC_ARG; + } + + if (buf == NULL) { + *sz = MAX_EXPORT_STATE_BUFFER; + return 0; + } + + /* if not DTLS do nothing */ + if (!ssl->options.dtls) { + WOLFSSL_MSG("Currently only DTLS export state is supported"); + return 0; + } + + /* copy over keys, options, and dtls state struct */ + return wolfSSL_dtls_export_state_internal(ssl, buf, *sz); +} + + +/* returns 0 on success */ +int wolfSSL_send_session(WOLFSSL* ssl) +{ + int ret; + byte* buf; + word32 bufSz = MAX_EXPORT_BUFFER; + + WOLFSSL_ENTER("wolfSSL_send_session"); + + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + return MEMORY_E; + } + + /* if not DTLS do nothing */ + if (!ssl->options.dtls) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Currently only DTLS export is supported"); + return 0; + } + + /* copy over keys, options, and dtls state struct */ + ret = wolfSSL_session_export_internal(ssl, buf, &bufSz, + WOLFSSL_EXPORT_DTLS); + if (ret < 0) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + /* if no error ret has size of buffer */ + ret = ssl->dtls_export(ssl, buf, ret, NULL); + if (ret != WOLFSSL_SUCCESS) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return 0; +} +#endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_SESSION_EXPORT */ + +#ifdef OPENSSL_EXTRA + +/* Copies the master secret over to out buffer. If outSz is 0 returns the size + * of master secret. + * + * ses : a session from completed TLS/SSL handshake + * out : buffer to hold copy of master secret + * outSz : size of out buffer + * returns : number of bytes copied into out buffer on success + * less then or equal to 0 is considered a failure case + */ +int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, + unsigned char* out, int outSz) +{ + int size; + + ses = ClientSessionToSession(ses); + + if (outSz == 0) { + return SECRET_LEN; + } + + if (ses == NULL || out == NULL || outSz < 0) { + return 0; + } + + if (outSz > SECRET_LEN) { + size = SECRET_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ses->masterSecret, size); + return size; +} + + +int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses) +{ + (void)ses; + return SECRET_LEN; +} + +#ifdef WOLFSSL_EARLY_DATA +unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session) +{ + return session->maxEarlyDataSz; +} +#endif /* WOLFSSL_EARLY_DATA */ + +#endif /* OPENSSL_EXTRA */ + +void SetupSession(WOLFSSL* ssl) +{ + WOLFSSL_SESSION* session = ssl->session; + + WOLFSSL_ENTER("SetupSession"); + + if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) { + /* Make sure the session ID is available when the user calls any + * get_session API */ + if (!session->haveAltSessionID) { + XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN); + session->sessionIDSz = ssl->arrays->sessionIDSz; + } + else { + XMEMCPY(session->sessionID, session->altSessionID, ID_LEN); + session->sessionIDSz = ID_LEN; + } + } + session->side = (byte)ssl->options.side; + if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) + XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); + session->haveEMS = ssl->options.haveEMS; +#ifdef WOLFSSL_SESSION_ID_CTX + /* If using compatibility layer then check for and copy over session context + * id. */ + if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) { + XMEMCPY(ssl->session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz); + session->sessionCtxSz = ssl->sessionCtxSz; + } +#endif + session->timeout = ssl->timeout; +#ifndef NO_ASN_TIME + session->bornOn = LowResTimer(); +#endif +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + session->version = ssl->version; +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + session->cipherSuite0 = ssl->options.cipherSuite0; + session->cipherSuite = ssl->options.cipherSuite; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + session->peerVerifyRet = (byte)ssl->peerVerifyRet; +#endif + session->isSetup = 1; +} + +#ifdef WOLFSSL_SESSION_ID_CTX + /* Storing app session context id, this value is inherited by WOLFSSL + * objects created from WOLFSSL_CTX. Any session that is imported with a + * different session context id will be rejected. + * + * ctx structure to set context in + * sid_ctx value of context to set + * sid_ctx_len length of sid_ctx buffer + * + * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing + */ + int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, + const unsigned char* sid_ctx, + unsigned int sid_ctx_len) + { + WOLFSSL_ENTER("wolfSSL_CTX_set_session_id_context"); + + /* No application specific context needed for wolfSSL */ + if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) { + return WOLFSSL_FAILURE; + } + XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len); + ctx->sessionCtxSz = (byte)sid_ctx_len; + + return WOLFSSL_SUCCESS; + } + + + + /* Storing app session context id. Any session that is imported with a + * different session context id will be rejected. + * + * ssl structure to set context in + * id value of context to set + * len length of sid_ctx buffer + * + * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing + */ + int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, + unsigned int len) + { + WOLFSSL_ENTER("wolfSSL_set_session_id_context"); + + if (len > ID_LEN || ssl == NULL || id == NULL) { + return WOLFSSL_FAILURE; + } + XMEMCPY(ssl->sessionCtx, id, len); + ssl->sessionCtxSz = (byte)len; + + return WOLFSSL_SUCCESS; + } +#endif + +/* return a new malloc'd session with default settings on success */ +WOLFSSL_SESSION* wolfSSL_NewSession(void* heap) +{ + WOLFSSL_SESSION* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_NewSession"); + + ret = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), heap, + DYNAMIC_TYPE_SESSION); + if (ret != NULL) { + int err; + XMEMSET(ret, 0, sizeof(WOLFSSL_SESSION)); + wolfSSL_RefInit(&ret->ref, &err); + #ifdef WOLFSSL_REFCNT_ERROR_RETURN + if (err != 0) { + WOLFSSL_MSG("Error setting up session reference mutex"); + XFREE(ret, ret->heap, DYNAMIC_TYPE_SESSION); + return NULL; + } + #else + (void)err; + #endif +#ifndef NO_SESSION_CACHE + ret->cacheRow = INVALID_SESSION_ROW; /* not in cache */ +#endif + ret->type = WOLFSSL_SESSION_TYPE_HEAP; + ret->heap = heap; +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("SESSION master secret", ret->masterSecret, SECRET_LEN); + wc_MemZero_Add("SESSION id", ret->sessionID, ID_LEN); +#endif + #ifdef HAVE_SESSION_TICKET + ret->ticket = ret->staticTicket; + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret->ticketNonce.data = ret->ticketNonce.dataStatic; + #endif + #endif +#ifdef HAVE_EX_DATA + ret->ownExData = 1; + if (crypto_ex_cb_ctx_session != NULL) { + crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session, + &ret->ex_data); + } +#endif + } + return ret; +} + + +WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap) +{ + return wolfSSL_NewSession(heap); +} + +WOLFSSL_SESSION* wolfSSL_SESSION_new(void) +{ + return wolfSSL_SESSION_new_ex(NULL); +} + +/* add one to session reference count + * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ +int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) +{ + int ret; + + session = ClientSessionToSession(session); + + if (session == NULL || session->type != WOLFSSL_SESSION_TYPE_HEAP) + return WOLFSSL_FAILURE; + + wolfSSL_RefInc(&session->ref, &ret); +#ifdef WOLFSSL_REFCNT_ERROR_RETURN + if (ret != 0) { + WOLFSSL_MSG("Failed to lock session mutex"); + return WOLFSSL_FAILURE; + } +#else + (void)ret; +#endif + + return WOLFSSL_SUCCESS; +} + +/** + * Deep copy the contents from input to output. + * @param input The source of the copy. + * @param output The destination of the copy. + * @param avoidSysCalls If true, then system calls will be avoided or an error + * will be returned if it is not possible to proceed + * without a system call. This is useful for fetching + * sessions from cache. When a cache row is locked, we + * don't want to block other threads with long running + * system calls. + * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the + * ticketNonce will happen in this pre allocated buffer + * @param ticketNonceLen @ticketNonceBuf len as input, used length on output + * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet + * @return WOLFSSL_SUCCESS on success + * WOLFSSL_FAILURE on failure + */ +static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, + WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf, + byte* ticketNonceLen, byte* preallocUsed) +{ +#ifdef HAVE_SESSION_TICKET + int ticLenAlloc = 0; + byte *ticBuff = NULL; +#endif + const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + + sizeof(input->heap); + int ret = WOLFSSL_SUCCESS; + + (void)avoidSysCalls; + (void)ticketNonceBuf; + (void)ticketNonceLen; + (void)preallocUsed; + + input = ClientSessionToSession(input); + output = ClientSessionToSession(output); + + if (input == NULL || output == NULL || input == output) { + WOLFSSL_MSG("input or output are null or same"); + return WOLFSSL_FAILURE; + } + +#ifdef HAVE_SESSION_TICKET + if (output->ticket != output->staticTicket) { + ticBuff = output->ticket; + ticLenAlloc = output->ticketLenAlloc; + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + /* free the data, it would be better to reuse the buffer but this + * maintain the code simpler. A smart allocator should reuse the free'd + * buffer in the next malloc without much performance penalties. */ + if (output->ticketNonce.data != output->ticketNonce.dataStatic) { + + /* Callers that avoid syscall should never calls this with + * output->tickeNonce.data being a dynamic buffer.*/ + if (avoidSysCalls) { + WOLFSSL_MSG("can't avoid syscalls with dynamic TicketNonce buffer"); + return WOLFSSL_FAILURE; + } + + XFREE(output->ticketNonce.data, + output->heap, DYNAMIC_TYPE_SESSION_TICK); + output->ticketNonce.data = output->ticketNonce.dataStatic; + output->ticketNonce.len = 0; + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#endif /* HAVE_SESSION_TICKET */ + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (output->peer != NULL) { + if (avoidSysCalls) { + WOLFSSL_MSG("Can't free cert when avoiding syscalls"); + return WOLFSSL_FAILURE; + } + wolfSSL_X509_free(output->peer); + output->peer = NULL; + } +#endif + + XMEMCPY((byte*)output + copyOffset, (byte*)input + copyOffset, + sizeof(WOLFSSL_SESSION) - copyOffset); + +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + /* fix pointer to static after the copy */ + output->ticketNonce.data = output->ticketNonce.dataStatic; +#endif + /* Set sane values for copy */ +#ifndef NO_SESSION_CACHE + if (output->type != WOLFSSL_SESSION_TYPE_CACHE) + output->cacheRow = INVALID_SESSION_ROW; +#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (input->peer != NULL && input->peer->dynamicMemory) { + if (wolfSSL_X509_up_ref(input->peer) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Can't increase peer cert ref count"); + output->peer = NULL; + } + } + else if (!avoidSysCalls) + output->peer = wolfSSL_X509_dup(input->peer); + else + /* output->peer is not that important to copy */ + output->peer = NULL; +#endif +#ifdef HAVE_SESSION_TICKET + if (input->ticketLen > SESSION_TICKET_LEN) { + /* Need dynamic buffer */ + if (ticBuff == NULL || ticLenAlloc < input->ticketLen) { + /* allocate new one */ + byte* tmp; + if (avoidSysCalls) { + WOLFSSL_MSG("Failed to allocate memory for ticket when avoiding" + " syscalls"); + output->ticket = ticBuff; + output->ticketLenAlloc = (word16) ticLenAlloc; + output->ticketLen = 0; + ret = WOLFSSL_FAILURE; + } + else { +#ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC(input->ticketLen, + output->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); + ticBuff = NULL; +#else + tmp = (byte*)XREALLOC(ticBuff, input->ticketLen, + output->heap, DYNAMIC_TYPE_SESSION_TICK); +#endif /* WOLFSSL_NO_REALLOC */ + if (tmp == NULL) { + WOLFSSL_MSG("Failed to allocate memory for ticket"); +#ifndef WOLFSSL_NO_REALLOC + XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); + ticBuff = NULL; +#endif /* WOLFSSL_NO_REALLOC */ + output->ticket = NULL; + output->ticketLen = 0; + output->ticketLenAlloc = 0; + ret = WOLFSSL_FAILURE; + } + else { + ticBuff = tmp; + ticLenAlloc = input->ticketLen; + } + } + } + if (ticBuff != NULL && ret == WOLFSSL_SUCCESS) { + XMEMCPY(ticBuff, input->ticket, input->ticketLen); + output->ticket = ticBuff; + output->ticketLenAlloc = (word16) ticLenAlloc; + } + } + else { + /* Default ticket to non dynamic */ + if (avoidSysCalls) { + /* Try to use ticBuf if available. Caller can later move it to + * the static buffer. */ + if (ticBuff != NULL) { + if (ticLenAlloc >= input->ticketLen) { + output->ticket = ticBuff; + output->ticketLenAlloc = ticLenAlloc; + } + else { + WOLFSSL_MSG("ticket dynamic buffer too small but we are " + "avoiding system calls"); + ret = WOLFSSL_FAILURE; + output->ticket = ticBuff; + output->ticketLenAlloc = (word16) ticLenAlloc; + output->ticketLen = 0; + } + } + else { + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + } + } + else { + XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); + output->ticket = output->staticTicket; + output->ticketLenAlloc = 0; + } + if (input->ticketLenAlloc > 0 && ret == WOLFSSL_SUCCESS) { + /* Shouldn't happen as session should have placed this in + * the static buffer */ + XMEMCPY(output->ticket, input->ticket, + input->ticketLen); + } + } + ticBuff = NULL; + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (preallocUsed != NULL) + *preallocUsed = 0; + + if (input->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ && + ret == WOLFSSL_SUCCESS) { + /* TicketNonce does not fit in the static buffer */ + if (!avoidSysCalls) { + output->ticketNonce.data = (byte*)XMALLOC(input->ticketNonce.len, + output->heap, DYNAMIC_TYPE_SESSION_TICK); + + if (output->ticketNonce.data == NULL) { + WOLFSSL_MSG("Failed to allocate space for ticket nonce"); + output->ticketNonce.data = output->ticketNonce.dataStatic; + output->ticketNonce.len = 0; + ret = WOLFSSL_FAILURE; + } + else { + output->ticketNonce.len = input->ticketNonce.len; + XMEMCPY(output->ticketNonce.data, input->ticketNonce.data, + input->ticketNonce.len); + ret = WOLFSSL_SUCCESS; + } + } + /* we can't do syscalls. Use prealloc buffers if provided from the + * caller. */ + else if (ticketNonceBuf != NULL && + *ticketNonceLen >= input->ticketNonce.len) { + XMEMCPY(ticketNonceBuf, input->ticketNonce.data, + input->ticketNonce.len); + *ticketNonceLen = input->ticketNonce.len; + if (preallocUsed != NULL) + *preallocUsed = 1; + ret = WOLFSSL_SUCCESS; + } + else { + WOLFSSL_MSG("TicketNonce bigger than static buffer, and we can't " + "do syscalls"); + ret = WOLFSSL_FAILURE; + } + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ + +#endif /* HAVE_SESSION_TICKET */ + +#ifdef HAVE_EX_DATA + if (input->type != WOLFSSL_SESSION_TYPE_CACHE && + output->type != WOLFSSL_SESSION_TYPE_CACHE) { + /* Not called with cache as that passes ownership of ex_data */ + ret = crypto_ex_cb_dup_data(&input->ex_data, &output->ex_data, + crypto_ex_cb_ctx_session); + } +#endif + + return ret; +} + +/** + * Deep copy the contents from input to output. + * @param input The source of the copy. + * @param output The destination of the copy. + * @param avoidSysCalls If true, then system calls will be avoided or an error + * will be returned if it is not possible to proceed + * without a system call. This is useful for fetching + * sessions from cache. When a cache row is locked, we + * don't want to block other threads with long running + * system calls. + * @return WOLFSSL_SUCCESS on success + * WOLFSSL_FAILURE on failure + */ +int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output, + int avoidSysCalls) +{ + return wolfSSL_DupSessionEx(input, output, avoidSysCalls, NULL, NULL, NULL); +} + +WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session) +{ + WOLFSSL_SESSION* copy; + + WOLFSSL_ENTER("wolfSSL_SESSION_dup"); + + session = ClientSessionToSession(session); + if (session == NULL) + return NULL; + +#ifdef HAVE_SESSION_TICKET + if (session->ticketLenAlloc > 0 && !session->ticket) { + WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null"); + return NULL; + } +#endif + + copy = wolfSSL_NewSession(session->heap); + if (copy != NULL && + wolfSSL_DupSession(session, copy, 0) != WOLFSSL_SUCCESS) { + wolfSSL_FreeSession(NULL, copy); + copy = NULL; + } + return copy; +} + +void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) +{ + session = ClientSessionToSession(session); + if (session == NULL) + return; + + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_FreeSession"); + + if (session->ref.count > 0) { + int ret; + int isZero; + wolfSSL_RefDec(&session->ref, &isZero, &ret); + (void)ret; + if (!isZero) { + return; + } + wolfSSL_RefFree(&session->ref); + } + + WOLFSSL_MSG("wolfSSL_FreeSession full free"); + +#ifdef HAVE_EX_DATA + if (session->ownExData) { + crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session, + &session->ex_data); + } +#endif + +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS + wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data); +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (session->peer) { + wolfSSL_X509_free(session->peer); + session->peer = NULL; + } +#endif + +#ifdef HAVE_SESSION_TICKET + if (session->ticketLenAlloc > 0) { + XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK); + session->ticket = session->staticTicket; + session->ticketLen = 0; + session->ticketLenAlloc = 0; + } +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + if (session->ticketNonce.data != session->ticketNonce.dataStatic) { + XFREE(session->ticketNonce.data, session->heap, + DYNAMIC_TYPE_SESSION_TICK); + session->ticketNonce.data = session->ticketNonce.dataStatic; + session->ticketNonce.len = 0; + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#endif + +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS + wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data); +#endif + + /* Make sure masterSecret is zeroed. */ + ForceZero(session->masterSecret, SECRET_LEN); + /* Session ID is sensitive information too. */ + ForceZero(session->sessionID, ID_LEN); + + if (session->type == WOLFSSL_SESSION_TYPE_HEAP) { + XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); + } +} + +/* DO NOT use this API internally. Use wolfSSL_FreeSession directly instead + * and pass in the ctx parameter if possible (like from ssl->ctx). */ +void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) +{ + session = ClientSessionToSession(session); + wolfSSL_FreeSession(NULL, session); +} + +#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) + +/** +* set cipher to WOLFSSL_SESSION from WOLFSSL_CIPHER +* @param session a pointer to WOLFSSL_SESSION structure +* @param cipher a function pointer to WOLFSSL_CIPHER +* @return WOLFSSL_SUCCESS on success, otherwise WOLFSSL_FAILURE +*/ +int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, + const WOLFSSL_CIPHER* cipher) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_set_cipher"); + + session = ClientSessionToSession(session); + /* sanity check */ + if (session == NULL || cipher == NULL) { + WOLFSSL_MSG("bad argument"); + return WOLFSSL_FAILURE; + } + session->cipherSuite0 = cipher->cipherSuite0; + session->cipherSuite = cipher->cipherSuite; + + WOLFSSL_LEAVE("wolfSSL_SESSION_set_cipher", WOLFSSL_SUCCESS); + return WOLFSSL_SUCCESS; +} +#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */ + +const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session) +{ + session = ClientSessionToSession(session); + if (session == NULL) { + return NULL; + } + +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) + return GetCipherNameIana(session->cipherSuite0, session->cipherSuite); + #else + return GetCipherNameInternal(session->cipherSuite0, + session->cipherSuite); + #endif +#else + return NULL; +#endif +} + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) +const unsigned char *wolfSSL_SESSION_get0_id_context( + const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length) +{ + return wolfSSL_SESSION_get_id((WOLFSSL_SESSION *)sess, sid_ctx_length); +} +int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, + const unsigned char *sid, unsigned int sid_len) +{ + if (s == NULL) { + return WOLFSSL_FAILURE; + } + if (sid_len > ID_LEN) { + return WOLFSSL_FAILURE; + } + s->sessionIDSz = sid_len; + if (sid != s->sessionID) { + XMEMCPY(s->sessionID, sid, sid_len); + } + return WOLFSSL_SUCCESS; +} + +int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, + const unsigned char *sid_ctx, unsigned int sid_ctx_len) +{ + if (s == NULL) { + return WOLFSSL_FAILURE; + } + if (sid_ctx_len > ID_LEN) { + return WOLFSSL_FAILURE; + } + s->sessionCtxSz = sid_ctx_len; + if (sid_ctx != s->sessionCtx) { + XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len); + } + + return WOLFSSL_SUCCESS; +} + +#endif + +#ifdef OPENSSL_EXTRA + +/* Return the total number of sessions */ +long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) +{ + word32 total = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_sess_number"); + (void)ctx; + +#if defined(WOLFSSL_SESSION_STATS) && !defined(NO_SESSION_CACHE) + if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting session stats"); + } +#else + WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats"); +#endif + + return (long)total; +} + +#endif + +#ifdef SESSION_CERTS + +/* get session ID */ +WOLFSSL_ABI +const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session) +{ + WOLFSSL_ENTER("wolfSSL_get_sessionID"); + session = ClientSessionToSession(session); + if (session) + return session->sessionID; + + return NULL; +} + +#endif + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_EX_DATA) + +int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) +{ + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); +#ifdef HAVE_EX_DATA + session = ClientSessionToSession(session); + if (session != NULL) { +#ifndef NO_SESSION_CACHE + if (!session->ownExData) { + /* Need to update in cache */ + SESSION_ex_data_cache_update(session, idx, data, 0, NULL, &ret); + } + else +#endif + { + ret = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, data); + } + } +#else + (void)session; + (void)idx; + (void)data; +#endif + return ret; +} + +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +int wolfSSL_SESSION_set_ex_data_with_cleanup( + WOLFSSL_SESSION* session, + int idx, + void* data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup"); + session = ClientSessionToSession(session); + if(session != NULL) { + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx, + data, cleanup_routine); + } + return WOLFSSL_FAILURE; +} +#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ + +void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) +{ + void* ret = NULL; + WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data"); +#ifdef HAVE_EX_DATA + session = ClientSessionToSession(session); + if (session != NULL) { +#ifndef NO_SESSION_CACHE + if (!session->ownExData) { + /* Need to retrieve the data from the session cache */ + SESSION_ex_data_cache_update((WOLFSSL_SESSION*)session, idx, NULL, + 1, &ret, NULL); + } + else +#endif + { + ret = wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx); + } + } +#else + (void)session; + (void)idx; +#endif + return ret; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */ + +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) +#ifdef HAVE_EX_DATA +int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, + WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index"); + return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l, + ctx_ptr, new_func, dup_func, free_func); +} +#endif +#endif + + +#if defined(OPENSSL_ALL) || \ + defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +const byte* wolfSSL_SESSION_get_id(const WOLFSSL_SESSION* sess, + unsigned int* idLen) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_id"); + sess = ClientSessionToSession(sess); + if (sess == NULL || idLen == NULL) { + WOLFSSL_MSG("Bad func args. Please provide idLen"); + return NULL; + } +#ifdef HAVE_SESSION_TICKET + if (sess->haveAltSessionID) { + *idLen = ID_LEN; + return sess->altSessionID; + } +#endif + *idLen = sess->sessionIDSz; + return sess->sessionID; +} + +#if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \ + !defined(NO_FILESYSTEM) + +#ifndef NO_BIO + +#if defined(SESSION_CERTS) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) +static const char* wolfSSL_internal_get_version(const ProtocolVersion* version); + +/* returns a pointer to the protocol used by the session */ +static const char* wolfSSL_SESSION_get_protocol(const WOLFSSL_SESSION* in) +{ + in = ClientSessionToSession(in); + return wolfSSL_internal_get_version((ProtocolVersion*)&in->version); +} +#endif + +/* returns true (non 0) if the session has EMS (extended master secret) */ +static int wolfSSL_SESSION_haveEMS(const WOLFSSL_SESSION* in) +{ + in = ClientSessionToSession(in); + if (in == NULL) + return 0; + return in->haveEMS; +} + +#if defined(HAVE_SESSION_TICKET) +/* prints out the ticket to bio passed in + * return WOLFSSL_SUCCESS on success + */ +static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio, + const WOLFSSL_SESSION* in, const char* tab) +{ + unsigned short i, j, z, sz; + short tag = 0; + byte* pt; + + + in = ClientSessionToSession(in); + if (in == NULL || bio == NULL) { + return BAD_FUNC_ARG; + } + + sz = in->ticketLen; + pt = in->ticket; + + if (wolfSSL_BIO_printf(bio, "%s\n", (sz == 0)? " NONE": "") <= 0) + return WOLFSSL_FAILURE; + + for (i = 0; i < sz;) { + char asc[16]; + XMEMSET(asc, 0, sizeof(asc)); + + if (sz - i < 16) { + if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0) + return WOLFSSL_FAILURE; + } + else { + if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag) <= 0) + return WOLFSSL_FAILURE; + } + for (j = 0; i < sz && j < 8; j++,i++) { + asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; + if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0) + return WOLFSSL_FAILURE; + } + + if (i < sz) { + asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; + if (wolfSSL_BIO_printf(bio, "-%02X", pt[i]) <= 0) + return WOLFSSL_FAILURE; + j++; + i++; + } + + for (; i < sz && j < 16; j++,i++) { + asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.'; + if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0) + return WOLFSSL_FAILURE; + } + + /* pad out spacing */ + for (z = j; z < 17; z++) { + if (wolfSSL_BIO_printf(bio, " ") <= 0) + return WOLFSSL_FAILURE; + } + + for (z = 0; z < j; z++) { + if (wolfSSL_BIO_printf(bio, "%c", asc[z]) <= 0) + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_printf(bio, "\n") <= 0) + return WOLFSSL_FAILURE; + + tag += 16; + } + return WOLFSSL_SUCCESS; +} +#endif /* HAVE_SESSION_TICKET */ + + +/* prints out the session information in human readable form + * return WOLFSSL_SUCCESS on success + */ +int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *session) +{ + const unsigned char* pt; + unsigned char buf[SECRET_LEN]; + unsigned int sz = 0, i; + int ret; + + session = ClientSessionToSession(session); + if (session == NULL) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_printf(bp, "%s\n", "SSL-Session:") <= 0) + return WOLFSSL_FAILURE; + +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + if (wolfSSL_BIO_printf(bp, " Protocol : %s\n", + wolfSSL_SESSION_get_protocol(session)) <= 0) + return WOLFSSL_FAILURE; +#endif + + if (wolfSSL_BIO_printf(bp, " Cipher : %s\n", + wolfSSL_SESSION_CIPHER_get_name(session)) <= 0) + return WOLFSSL_FAILURE; + + pt = wolfSSL_SESSION_get_id(session, &sz); + if (wolfSSL_BIO_printf(bp, " Session-ID: ") <= 0) + return WOLFSSL_FAILURE; + + for (i = 0; i < sz; i++) { + if (wolfSSL_BIO_printf(bp, "%02X", pt[i]) <= 0) + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_printf(bp, "\n") <= 0) + return WOLFSSL_FAILURE; + + if (wolfSSL_BIO_printf(bp, " Session-ID-ctx: \n") <= 0) + return WOLFSSL_FAILURE; + + ret = wolfSSL_SESSION_get_master_key(session, buf, sizeof(buf)); + if (wolfSSL_BIO_printf(bp, " Master-Key: ") <= 0) + return WOLFSSL_FAILURE; + + if (ret > 0) { + sz = (unsigned int)ret; + for (i = 0; i < sz; i++) { + if (wolfSSL_BIO_printf(bp, "%02X", buf[i]) <= 0) + return WOLFSSL_FAILURE; + } + } + if (wolfSSL_BIO_printf(bp, "\n") <= 0) + return WOLFSSL_FAILURE; + + /* @TODO PSK identity hint and SRP */ + + if (wolfSSL_BIO_printf(bp, " TLS session ticket:") <= 0) + return WOLFSSL_FAILURE; + +#ifdef HAVE_SESSION_TICKET + if (wolfSSL_SESSION_print_ticket(bp, session, " ") != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; +#endif + +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) + if (wolfSSL_BIO_printf(bp, " Start Time: %ld\n", + wolfSSL_SESSION_get_time(session)) <= 0) + return WOLFSSL_FAILURE; + + if (wolfSSL_BIO_printf(bp, " Timeout : %ld (sec)\n", + wolfSSL_SESSION_get_timeout(session)) <= 0) + return WOLFSSL_FAILURE; +#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */ + + /* @TODO verify return code print */ + + if (wolfSSL_BIO_printf(bp, " Extended master secret: %s\n", + (wolfSSL_SESSION_haveEMS(session) == 0)? "no" : "yes") <= 0) + return WOLFSSL_FAILURE; + + return WOLFSSL_SUCCESS; +} + +#endif /* !NO_BIO */ +#endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */ + +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || + * WOLFSSL_HAPROXY */ + +#ifdef OPENSSL_EXTRA +/** + * Determine whether a WOLFSSL_SESSION object can be used for resumption + * @param s a pointer to WOLFSSL_SESSION structure + * @return return 1 if session is resumable, otherwise 0. + */ +int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s) +{ + s = ClientSessionToSession(s); + if (s == NULL) + return 0; + +#ifdef HAVE_SESSION_TICKET + if (s->ticketLen > 0) + return 1; +#endif + + if (s->sessionIDSz > 0) + return 1; + + return 0; +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !WOLFSSL_SSL_SESS_INCLUDED */ + diff --git a/src/tls.c b/src/tls.c index ca5159d3f8..a2f3705cf0 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,7 +48,7 @@ #ifdef HAVE_CURVE448 #include #endif -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER #include #ifdef WOLFSSL_WC_KYBER #include @@ -212,7 +212,8 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) ret = ssl->ctx->TlsFinishedCb(ssl, side, handshake_hash, hashSz, (byte*)hashes, ctx); } - if (!ssl->ctx->TlsFinishedCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->TlsFinishedCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif { PRIVATE_KEY_UNLOCK(); @@ -300,6 +301,98 @@ ProtocolVersion MakeTLSv1_3(void) } #endif +#if defined(HAVE_SUPPORTED_CURVES) +/* Sets the key exchange groups in rank order on a context. + * + * ctx SSL/TLS context object. + * groups Array of groups. + * count Number of groups in array. + * returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or + * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success. + */ +int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count) +{ + int ret, i; + + WOLFSSL_ENTER("wolfSSL_CTX_set_groups"); + if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT) + return BAD_FUNC_ARG; + if (!IsTLS_ex(ctx->method->version)) + return BAD_FUNC_ARG; + + #ifdef WOLFSSL_TLS13 + ctx->numGroups = 0; + #endif + #if !defined(NO_TLS) + TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); + #endif /* !NO_TLS */ + for (i = 0; i < count; i++) { + /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups + * are valid */ + if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i])) + != WOLFSSL_SUCCESS) { + #if !defined(NO_TLS) + TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); + #endif /* !NO_TLS */ + return ret; + } + #ifdef WOLFSSL_TLS13 + ctx->group[i] = (word16)groups[i]; + #endif + } + #ifdef WOLFSSL_TLS13 + ctx->numGroups = (byte)count; + #endif + + return WOLFSSL_SUCCESS; +} + +/* Sets the key exchange groups in rank order. + * + * ssl SSL/TLS object. + * groups Array of groups. + * count Number of groups in array. + * returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or + * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success. + */ +int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count) +{ + int ret, i; + + WOLFSSL_ENTER("wolfSSL_set_groups"); + if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT) + return BAD_FUNC_ARG; + if (!IsTLS_ex(ssl->version)) + return BAD_FUNC_ARG; + + #ifdef WOLFSSL_TLS13 + ssl->numGroups = 0; + #endif + #if !defined(NO_TLS) + TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); + #endif /* !NO_TLS */ + for (i = 0; i < count; i++) { + /* Call to wolfSSL_UseSupportedCurve also checks if input groups + * are valid */ + if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i])) + != WOLFSSL_SUCCESS) { + #if !defined(NO_TLS) + TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); + #endif /* !NO_TLS */ + return ret; + } + #ifdef WOLFSSL_TLS13 + ssl->group[i] = (word16)groups[i]; + #endif + } + #ifdef WOLFSSL_TLS13 + ssl->numGroups = (byte)count; + #endif + + return WOLFSSL_SUCCESS; +} +#endif /* HAVE_SUPPORTED_CURVES */ + #ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_EXTENDED_MASTER @@ -396,9 +489,10 @@ int DeriveTlsKeys(WOLFSSL* ssl) void* ctx = wolfSSL_GetGenSessionKeyCtx(ssl); ret = ssl->ctx->GenSessionKeyCb(ssl, ctx); } - if (!ssl->ctx->GenSessionKeyCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->GenSessionKeyCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif - ret = _DeriveTlsKeys(key_dig, key_dig_len, + ret = _DeriveTlsKeys(key_dig, (word32)key_dig_len, ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->serverRandom, ssl->arrays->clientRandom, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, @@ -576,7 +670,8 @@ int MakeTlsMasterSecret(WOLFSSL* ssl) void* ctx = wolfSSL_GetGenMasterSecretCtx(ssl); ret = ssl->ctx->GenMasterCb(ssl, ctx); } - if (!ssl->ctx->GenMasterCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->GenMasterCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif { ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, @@ -586,47 +681,13 @@ int MakeTlsMasterSecret(WOLFSSL* ssl) ssl->specs.mac_algorithm, ssl->heap, ssl->devId); } } +#ifdef HAVE_SECRET_CALLBACK + if (ret == 0 && ssl->tlsSecretCb != NULL) { + ret = ssl->tlsSecretCb(ssl, ssl->arrays->masterSecret, + SECRET_LEN, ssl->tlsSecretCtx); + } +#endif /* HAVE_SECRET_CALLBACK */ if (ret == 0) { - #ifdef SHOW_SECRETS - /* Wireshark Pre-Master-Secret Format: - * CLIENT_RANDOM - */ - const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM"; - int i, pmsPos = 0; - char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1]; - - XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ", - CLIENT_RANDOM_LABEL); - pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1; - for (i = 0; i < RAN_LEN; i++) { - XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", - ssl->arrays->clientRandom[i]); - pmsPos += 2; - } - XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " "); - pmsPos += 1; - for (i = 0; i < SECRET_LEN; i++) { - XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", - ssl->arrays->masterSecret[i]); - pmsPos += 2; - } - XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n"); - pmsPos += 1; - - /* print master secret */ - puts(pmsBuf); - - #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) - { - FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a"); - if (f != XBADFILE) { - XFWRITE(pmsBuf, 1, pmsPos, f); - XFCLOSE(f); - } - } - #endif - #endif /* SHOW_SECRETS */ - ret = DeriveTlsKeys(ssl); } @@ -724,7 +785,7 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, */ static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hmac->macType) { #ifndef NO_SHA @@ -758,6 +819,7 @@ static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) #endif /* WOLFSSL_SM3 */ default: + ret = BAD_FUNC_ARG; break; } @@ -772,7 +834,7 @@ static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) */ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hmac->macType) { #ifndef NO_SHA @@ -806,6 +868,7 @@ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) #endif /* WOLFSSL_SM3 */ default: + ret = BAD_FUNC_ARG; break; } @@ -820,7 +883,7 @@ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) */ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); wc_HashAlg hash; enum wc_HashType hashType = (enum wc_HashType)hmac->macType; int digestSz = wc_HashGetDigestSize(hashType); @@ -829,12 +892,16 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) if ((digestSz >= 0) && (blockSz >= 0)) { ret = wc_HashInit(&hash, hashType); } + else { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad, - blockSz); + (word32)blockSz); if (ret == 0) ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->innerHash, - digestSz); + (word32)digestSz); if (ret == 0) ret = wc_HashFinal(&hash, hashType, mac); wc_HashFree(&hash, hashType); @@ -942,7 +1009,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); c32toa(realLen << 3, lenBytes + sizeof(word32)); - ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); + ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, (word32)blockSz); if (ret != 0) return ret; @@ -961,7 +1028,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, safeBlocks = 0; XMEMSET(digest, 0, macLen); - k = safeBlocks * blockSz; + k = (unsigned int)(safeBlocks * blockSz); for (i = safeBlocks; i < blocks; i++) { unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; unsigned char isEocBlock = ctMaskEq(i, eocBlock); @@ -989,7 +1056,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, hashBlock[j] = b; } - ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); + ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); /* cppcheck-suppress uninitvar */ if (ret != 0) return ret; ret = Hmac_HashFinalRaw(hmac, hashBlock); @@ -1099,9 +1166,9 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, maxSz &= ~(0 - (maxSz >> 31)); /* Calculate #blocks processed in HMAC for max and real data. */ - blocks = maxSz >> blockBits; + blocks = (int)(maxSz >> blockBits); blocks += ((maxSz + padSz) % blockSz) < padSz; - msgBlocks = realSz >> blockBits; + msgBlocks = (int)(realSz >> blockBits); /* #Extra blocks to process. */ blocks -= msgBlocks + ((((realSz + padSz) % blockSz) < padSz) ? 1 : 0); /* Calculate whole blocks. */ @@ -1110,8 +1177,8 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); if (ret == 0) { /* Fill the rest of the block with any available data. */ - word32 currSz = ctMaskLT(msgSz, blockSz) & msgSz; - currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; + word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; + currSz |= ctMaskGTE((int)msgSz, blockSz) & blockSz; currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; currSz &= ~(0 - (currSz >> 31)); ret = wc_HmacUpdate(hmac, in, currSz); @@ -2349,12 +2416,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, #ifndef NO_WOLFSSL_SERVER /** Tells the SNI requested by the client. */ -word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) +word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data, + byte ignoreStatus) { TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); - if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { + if (sni && (ignoreStatus || sni->status != WOLFSSL_SNI_NO_MATCH)) { switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: if (data) { @@ -2614,8 +2682,7 @@ static void TLSX_TCA_Free(TCA* tca, void* heap) (void)heap; if (tca) { - if (tca->id) - XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX); + XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX); XFREE(tca, heap, DYNAMIC_TYPE_TLSX); } } @@ -2929,6 +2996,9 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, const byte* input, word16 length, WOLFSSL_ERROR_VERBOSE(UNKNOWN_MAX_FRAG_LEN_E); return UNKNOWN_MAX_FRAG_LEN_E; } + if (ssl->session != NULL) { + ssl->session->mfl = *input; + } #ifndef NO_WOLFSSL_SERVER if (isRequest) { @@ -3329,7 +3399,8 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); /* Let's not error out the connection if we can't verify our * cert */ - if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E) + if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) || + ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) ret = 0; return ret; } @@ -3507,10 +3578,20 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +static void TLSX_CSR2_FreePendingSigners(Signer *s, void* heap) +{ + Signer* next; + while(s) { + next = s->next; + FreeSigner(s, heap); + s = next; + } +} static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap) { CertificateStatusRequestItemV2* next; + TLSX_CSR2_FreePendingSigners(csr2->pendingSigners, heap); for (; csr2; csr2 = next) { next = csr2->next; @@ -3781,6 +3862,83 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } +static CertificateStatusRequestItemV2* TLSX_CSR2_GetMulti(TLSX *extensions) +{ + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); + CertificateStatusRequestItemV2* csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; + + for (; csr2; csr2 = csr2->next) { + if (csr2->status_type == WOLFSSL_CSR2_OCSP_MULTI) + return csr2; + } + return NULL; +} + +int TLSX_CSR2_IsMulti(TLSX *extensions) +{ + return TLSX_CSR2_GetMulti(extensions) != NULL; +} + +int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s) +{ + CertificateStatusRequestItemV2* csr2; + + csr2 = TLSX_CSR2_GetMulti(extensions); + if (!csr2) + return -1; + + s->next = csr2->pendingSigners; + csr2->pendingSigners = s; + return 0; +} + +Signer* TLSX_CSR2_GetPendingSigners(TLSX *extensions) +{ + CertificateStatusRequestItemV2* csr2; + + csr2 = TLSX_CSR2_GetMulti(extensions); + if (!csr2) + return NULL; + + return csr2->pendingSigners; +} + +int TLSX_CSR2_ClearPendingCA(WOLFSSL *ssl) +{ + CertificateStatusRequestItemV2* csr2; + + csr2 = TLSX_CSR2_GetMulti(ssl->extensions); + if (csr2 == NULL) + return 0; + + TLSX_CSR2_FreePendingSigners(csr2->pendingSigners, SSL_CM(ssl)->heap); + csr2->pendingSigners = NULL; + return 0; +} + +int TLSX_CSR2_MergePendingCA(WOLFSSL* ssl) +{ + CertificateStatusRequestItemV2* csr2; + Signer *s, *next; + int r = 0; + + csr2 = TLSX_CSR2_GetMulti(ssl->extensions); + if (csr2 == NULL) + return 0; + + s = csr2->pendingSigners; + while (s != NULL) { + next = s->next; + r = AddSigner(SSL_CM(ssl), s); + if (r != 0) + FreeSigner(s, SSL_CM(ssl)->heap); + s = next; + } + csr2->pendingSigners = NULL; + return r; +} + int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, void* heap) { @@ -3862,10 +4020,10 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: - if (SSL_CM(ssl)->ocspEnabled) { - csr2->request.ocsp[0].ssl = ssl; + if (SSL_CM(ssl)->ocspEnabled && csr2->requests >= 1) { + csr2->request.ocsp[csr2->requests-1].ssl = ssl; return CheckOcspRequest(SSL_CM(ssl)->ocsp, - &csr2->request.ocsp[0], NULL, NULL); + &csr2->request.ocsp[csr2->requests-1], NULL, NULL); } else { WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); @@ -3963,7 +4121,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #ifdef HAVE_SUPPORTED_CURVES #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \ - && !defined(HAVE_FFDHE) && !defined(HAVE_PQC) + && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_KYBER) #error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \ Use --enable-ecc and/or --enable-liboqs in the configure script or \ define HAVE_ECC. Alternatively use FFDHE for DH cipher suites. @@ -4031,7 +4189,7 @@ static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap) static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name, void* heap) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); while (list) { if (list->name == name) { @@ -4052,7 +4210,7 @@ static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name, static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); while (list) { if (list->format == format) { @@ -4339,7 +4497,7 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); /* If it is BAD_FUNC_ARG then it is a group we do not support, but * that is fine. */ - if (ret != WOLFSSL_SUCCESS && ret != BAD_FUNC_ARG) { + if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { return ret; } } @@ -4709,6 +4867,7 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second, int ephmSuite = 0; word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ int key = 0; /* validate key */ + int foundCurve = 0; /* Found at least one supported curve */ (void)oid; @@ -4870,6 +5029,8 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second, default: continue; /* unsupported curve */ } + foundCurve = 1; + #ifdef HAVE_ECC /* Set default Oid */ if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) { @@ -5014,6 +5175,10 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second, } } + /* Check we found at least one supported curve */ + if (!foundCurve) + return 0; + *ecdhCurveOID = ssl->ecdhCurveOID; /* Choose the default if it is at the required strength. */ #ifdef HAVE_ECC @@ -5237,7 +5402,7 @@ static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { - int ret = SECURE_RENEGOTIATION_E; + int ret = WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E); if (length >= OPAQUE8_LEN) { if (isRequest) { @@ -5247,7 +5412,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, if (ret == WOLFSSL_SUCCESS) ret = 0; } - if (ret != 0 && ret != SECURE_RENEGOTIATION_E) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E)) { } else if (ssl->secure_renegotiation == NULL) { } @@ -5317,6 +5482,12 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, } #endif } + else { + ret = SECURE_RENEGOTIATION_E; + } + } + else { + ret = SECURE_RENEGOTIATION_E; } if (ret != 0) { @@ -5510,7 +5681,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, WOLFSSL_MSG("Process client ticket rejected, not using"); ssl->options.rejectTicket = 1; ret = 0; /* not fatal */ - } else if (ret == VERSION_ERROR) { + } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); ssl->options.rejectTicket = 1; ret = 0; /* not fatal */ @@ -5803,16 +5974,14 @@ static TlsxSrtp* TLSX_UseSRTP_New(word16 ids, void* heap) static void TLSX_UseSRTP_Free(TlsxSrtp *srtp, void* heap) { - if (srtp != NULL) { - XFREE(srtp, heap, DYNAMIC_TYPE_TLSX); - } + XFREE(srtp, heap, DYNAMIC_TYPE_TLSX); (void)heap; } static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); word16 profile_len = 0; word16 profile_value = 0; word16 offset = 0; @@ -6120,8 +6289,12 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { tls13minor = (byte)DTLSv1_3_MINOR; + #ifndef WOLFSSL_NO_TLS12 tls12minor = (byte)DTLSv1_2_MINOR; + #endif + #ifndef NO_OLD_TLS tls11minor = (byte)DTLS_MINOR; + #endif isDtls = 1; } #endif /* WOLFSSL_DTLS13 */ @@ -6418,8 +6591,7 @@ static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap) { (void)heap; - if (cookie != NULL) - XFREE(cookie, heap, DYNAMIC_TYPE_TLSX); + XFREE(cookie, heap, DYNAMIC_TYPE_TLSX); } /* Get the size of the encoded Cookie extension. @@ -6572,8 +6744,7 @@ int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, word16 len, byte* mac, if (mac != NULL) XMEMCPY(cookie->data + len, mac, macSz); - if (extension->data != NULL) - XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); extension->data = (void*)cookie; extension->resp = (byte)resp; @@ -6731,14 +6902,14 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input, InitDecodedCert(cert, input + idx, extLen, ssl->heap); didInit = TRUE; idx += extLen; - ret = GetName(cert, SUBJECT, extLen); + ret = GetName(cert, ASN_SUBJECT, extLen); } if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL) ret = MEMORY_ERROR; if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); + CopyDecodedName(name, cert, ASN_SUBJECT); if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) == WOLFSSL_FAILURE) ret = MEMORY_ERROR; @@ -7181,7 +7352,7 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) kse->pubKey, &kse->pubKeyLen /* public */ ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -7216,21 +7387,15 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) * The DhKey will be setup again in TLSX_KeyShare_ProcessDh */ if (dhKey != NULL) wc_FreeDhKey(dhKey); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH); + kse->key = NULL; if (ret != 0) { /* Cleanup on error, otherwise data owned by key share entry */ - if (kse->privKey != NULL) { - XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->privKey = NULL; - } - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->privKey = NULL; + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; } #else (void)ssl; @@ -7312,16 +7477,12 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Data owned by key share entry otherwise. */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (key != NULL) wc_curve25519_free(key); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7400,16 +7561,12 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Data owned by key share entry otherwise. */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (key != NULL) wc_curve448_free(key); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7494,7 +7651,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13GenEccKeyPair(ssl, kse); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; } #endif @@ -7511,7 +7668,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) if (ret == 0) { #ifdef WOLFSSL_ASYNC_CRYPT /* Detect when private key generation is done */ - if (ssl->error == WC_PENDING_E && + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) && eccKey->type == ECC_PRIVATEKEY) { ret = 0; /* ECC Key Generation is done */ } @@ -7526,7 +7683,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) } } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif } @@ -7563,16 +7720,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Cleanup on error, otherwise data owned by key share entry */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (eccKey != NULL) wc_ecc_free(eccKey); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7585,7 +7738,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) return ret; } -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER static int kyber_id2type(int id, int *type) { int ret = 0; @@ -7689,7 +7842,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) findEccPqc(&ecc_group, &oqs_group, kse->group); ret = kyber_id2type(oqs_group, &type); - if (ret == NOT_COMPILED_IN) { + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { WOLFSSL_MSG("Invalid Kyber algorithm specified."); ret = BAD_FUNC_ARG; } @@ -7781,14 +7934,12 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) wc_KyberKey_Free(kem); TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - if (pubKey != NULL) - XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (privKey != NULL) - XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); return ret; } -#endif /* HAVE_PQC */ +#endif /* WOLFSSL_HAVE_KYBER */ /* Generate a secret/key using the key share entry. * @@ -7805,7 +7956,7 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) ret = TLSX_KeyShare_GenX25519Key(ssl, kse); else if (kse->group == WOLFSSL_ECC_X448) ret = TLSX_KeyShare_GenX448Key(ssl, kse); -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group)) ret = TLSX_KeyShare_GenPqcKey(ssl, kse); #endif @@ -7843,15 +7994,13 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) wc_curve448_free((curve448_key*)current->key); #endif } -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) { if (current->key != NULL) { ForceZero((byte*)current->key, current->keyLen); } - if (current->pubKey != NULL) { - XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); - current->pubKey = NULL; - } + XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + current->pubKey = NULL; if (current->privKey != NULL) { ForceZero(current->privKey, current->privKeyLen); XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -8050,7 +8199,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) NULL, 0 ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -8070,18 +8219,12 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) /* done with key share, release resources */ if (dhKey) wc_FreeDhKey(dhKey); - if (keyShareEntry->key) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); - keyShareEntry->key = NULL; - } - if (keyShareEntry->privKey != NULL) { - XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->privKey = NULL; - } - if (keyShareEntry->pubKey != NULL) { - XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - keyShareEntry->pubKey = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); + keyShareEntry->key = NULL; + XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->privKey = NULL; + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->pubKey = NULL; XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = NULL; #else @@ -8159,10 +8302,8 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, wc_curve25519_free(peerX25519Key); XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); wc_curve25519_free((curve25519_key*)keyShareEntry->key); - if (keyShareEntry->key != NULL) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->key = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; #else (void)ssl; (void)keyShareEntry; @@ -8239,10 +8380,8 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) wc_curve448_free(peerX448Key); XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX); wc_curve448_free((curve448_key*)keyShareEntry->key); - if (keyShareEntry->key != NULL) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->key = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; #else (void)ssl; (void)keyShareEntry; @@ -8322,7 +8461,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13GenSharedSecret(ssl, keyShareEntry); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; } ret = 0; @@ -8364,7 +8503,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->options.side ); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif } @@ -8398,7 +8537,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return ret; } -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER /* Process the Kyber key share extension on the client side. * * ssl The SSL/TLS object. @@ -8529,7 +8668,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { - ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng); + ret = wc_ecc_set_rng((ecc_key *)keyShareEntry->key, ssl->rng); if (ret != 0) { WOLFSSL_MSG("Failure to set the ECC private key RNG."); } @@ -8538,8 +8677,8 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (ret == 0) { PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey, - sharedSecret, &outlen); + ret = wc_ecc_shared_secret((ecc_key *)keyShareEntry->key, + &eccpubkey, sharedSecret, &outlen); PRIVATE_KEY_LOCK(); if (outlen != sharedSecretLen - ssSz) { WOLFSSL_MSG("ECC shared secret derivation error."); @@ -8559,15 +8698,13 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->arrays->preMasterSz = (word32) sharedSecretLen; } - if (sharedSecret != NULL) { - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - } + XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); wc_ecc_free(&eccpubkey); wc_KyberKey_Free(kem); return ret; } -#endif /* HAVE_PQC */ +#endif /* WOLFSSL_HAVE_KYBER */ /* Process the key share extension on the client side. * @@ -8593,7 +8730,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry); else if (keyShareEntry->group == WOLFSSL_ECC_X448) ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry); -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group)) ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry); #endif @@ -8644,7 +8781,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input, if (keLen > length - offset) return BUFFER_ERROR; -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER if (WOLFSSL_NAMED_GROUP_IS_PQC(group) && ssl->options.side == WOLFSSL_SERVER_END) { /* For KEMs, the public key is not stored. Casting away const because @@ -8823,7 +8960,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* Not in list sent if there isn't a private key. */ if (keyShareEntry == NULL || (keyShareEntry->key == NULL - #if !defined(NO_DH) || defined(HAVE_PQC) + #if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) && keyShareEntry->privKey == NULL #endif )) { @@ -8845,7 +8982,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, #ifdef WOLFSSL_ASYNC_CRYPT /* only perform find and clear TLSX if not returning from async */ - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* Check the selected group was supported by ClientHello extensions. */ @@ -8915,7 +9052,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, return 0; } -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER static int server_generate_pqc_ciphertext(WOLFSSL* ssl, KeyShareEntry* keyShareEntry, byte* data, word16 len) { @@ -9017,14 +9154,14 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { - ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng); + ret = wc_ecc_set_rng((ecc_key *)ecc_kse->key, ssl->rng); } #endif if (ret == 0) { outlen = ecc_kse->keyLen; PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey, + ret = wc_ecc_shared_secret((ecc_key *)ecc_kse->key, &eccpubkey, sharedSecret, &outlen); PRIVATE_KEY_LOCK(); @@ -9048,9 +9185,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, } if (ret == 0) { - if (keyShareEntry->ke != NULL) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = sharedSecret; keyShareEntry->keLen = outlen + ssSz; @@ -9068,15 +9203,13 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - if (sharedSecret != NULL) - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - if (ciphertext != NULL) - XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); wc_ecc_free(&eccpubkey); wc_KyberKey_Free(kem); return ret; } -#endif /* HAVE_PQC */ +#endif /* WOLFSSL_HAVE_KYBER */ /* Use the data to create a new key share object in the extensions. * @@ -9125,7 +9258,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, } -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER if (WOLFSSL_NAMED_GROUP_IS_PQC(group) && ssl->options.side == WOLFSSL_SERVER_END) { ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data, @@ -9136,9 +9269,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, else #endif if (data != NULL) { - if (keyShareEntry->ke != NULL) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = data; keyShareEntry->keLen = len; } @@ -9292,16 +9423,19 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif #endif - #ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_P256_KYBER_LEVEL1: #endif #ifdef WOLFSSL_KYBER768 case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_P384_KYBER_LEVEL3: #endif #ifdef WOLFSSL_KYBER1024 case WOLFSSL_KYBER_LEVEL5: + case WOLFSSL_P521_KYBER_LEVEL5: #endif break; #elif defined(HAVE_LIBOQS) @@ -9316,7 +9450,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) int id; findEccPqc(NULL, &namedGroup, namedGroup); ret = kyber_id2type(namedGroup, &id); - if (ret == NOT_COMPILED_IN) { + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { return 0; } @@ -9329,7 +9463,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) case WOLFSSL_KYBER_LEVEL1: break; #endif - #endif /* HAVE_PQC */ +#endif default: return 0; } @@ -9378,12 +9512,15 @@ static const word16 preferredGroup[] = { #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 WOLFSSL_KYBER_LEVEL1, + WOLFSSL_P256_KYBER_LEVEL1, #endif #ifdef WOLFSSL_KYBER768 WOLFSSL_KYBER_LEVEL3, + WOLFSSL_P384_KYBER_LEVEL3, #endif #ifdef WOLFSSL_KYBER1024 WOLFSSL_KYBER_LEVEL5, + WOLFSSL_P521_KYBER_LEVEL5, #endif #elif defined(HAVE_LIBOQS) /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ @@ -9487,7 +9624,7 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) kse = (KeyShareEntry*)extension->data; /* We should not be computing keys if we are only going to advertise * our choice here. */ - if (kse != NULL && kse->lastRet == WC_PENDING_E) { + if (kse != NULL && kse->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; } @@ -9659,16 +9796,20 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, if (extension && extension->resp == 1) { /* Outside of the async case this path should not be taken. */ - int ret = INCOMPLETE_DATA; + int ret = WC_NO_ERR_TRACE(INCOMPLETE_DATA); #ifdef WOLFSSL_ASYNC_CRYPT /* in async case make sure key generation is finalized */ KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data; - if (serverKSE && serverKSE->lastRet == WC_PENDING_E) { + if (serverKSE && serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) *searched = 1; ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE); } + else #endif + { + ret = INCOMPLETE_DATA; + } return ret; } @@ -9697,7 +9838,7 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) { /* Check max value supported. */ if (clientKSE->group > WOLFSSL_ECC_MAX) { -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) #endif continue; @@ -9743,7 +9884,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) serverKSE = (KeyShareEntry*)extension->data; if (serverKSE != NULL) { /* in async case make sure key generation is finalized */ - if (serverKSE->lastRet == WC_PENDING_E) + if (serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) return TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE); else if (serverKSE->lastRet == 0) return 0; @@ -9762,7 +9903,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) return ret; if (clientKSE->key == NULL) { -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) { /* Going to need the public key (AKA ciphertext). */ serverKSE->pubKey = clientKSE->pubKey; @@ -9855,7 +9996,7 @@ int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, NULL); /* Check for error */ - if (ret != WC_NO_PENDING_E && ret < 0) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E) && ret < 0) { return ret; } #endif @@ -11670,7 +11811,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset) /* get size then write */ ret = GetEchConfigsEx(ech->echConfig, NULL, &configsLen); - if (ret != LENGTH_ONLY_E) + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; ret = GetEchConfigsEx(ech->echConfig, writeBuf, &configsLen); @@ -11807,7 +11948,7 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech) /* get the size of the raw configs */ ret = GetEchConfigsEx(ech->echConfig, NULL, &size); - if (ret != LENGTH_ONLY_E) + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; } else if (ech->type == ECH_TYPE_INNER) @@ -11890,7 +12031,7 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, if (ret == 0) ret = GetEchConfig(echConfig, NULL, &rawConfigLen); - if (ret == LENGTH_ONLY_E) + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) ret = 0; /* create info */ @@ -11920,8 +12061,7 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, ech->hpke = NULL; } - if (info != NULL) - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -12077,13 +12217,11 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, /* free the ech struct and the dynamic buffer it uses */ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap) { - if (ech->innerClientHello != NULL) - XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); if (ech->ephemeralKey != NULL) wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, ech->hpke->heap); - if (ech->hpke != NULL) - XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; @@ -12132,7 +12270,7 @@ int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen) /* seal the payload */ ret = wc_HpkeSealBase(ech->hpke, ech->ephemeralKey, receiverPubkey, - info, infoLen, aadCopy, aadLen, ech->innerClientHello, + info, (word32)infoLen, aadCopy, aadLen, ech->innerClientHello, ech->innerClientHelloLen - ech->hpke->Nt, ech->outerClientPayload); @@ -12986,22 +13124,31 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #endif #endif -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, + ssl->heap); #endif #ifdef WOLFSSL_KYBER768 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, + ssl->heap); #endif #ifdef WOLFSSL_KYBER768 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, + ssl->heap); #endif #elif defined(HAVE_LIBOQS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); @@ -13023,7 +13170,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #elif defined(HAVE_PQM4) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); #endif /* HAVE_LIBOQS */ -#endif /* HAVE_PQC */ +#endif /* WOLFSSL_HAVE_KYBER */ (void)ssl; (void)extensions; @@ -13242,7 +13389,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ret = SetCipherSpecs(ssl); if (ret != 0) return ret; - now = TimeNowInMilliseconds(); + now = (word64)TimeNowInMilliseconds(); if (now == 0) return GETTIME_ERROR; #ifdef WOLFSSL_32BIT_MILLI_TIME @@ -13373,7 +13520,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ssl->arrays->psk_keySz == 0 || #endif (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { #ifndef OPENSSL_EXTRA ret = PSK_KEY_ERROR; #endif @@ -14296,6 +14443,143 @@ int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, word16 length, return ret; } #endif +/* Jump Table to check minimum size values for client case in TLSX_Parse */ +#ifndef NO_WOLFSSL_SERVER +static word16 TLSX_GetMinSize_Client(word16* type) +{ + switch (*type) { + case TLSXT_SERVER_NAME: + return WOLFSSL_SNI_MIN_SIZE_CLIENT; + case TLSXT_EARLY_DATA: + return WOLFSSL_EDI_MIN_SIZE_CLIENT; + case TLSXT_MAX_FRAGMENT_LENGTH: + return WOLFSSL_MFL_MIN_SIZE_CLIENT; + case TLSXT_TRUSTED_CA_KEYS: + return WOLFSSL_TCA_MIN_SIZE_CLIENT; + case TLSXT_TRUNCATED_HMAC: + return WOLFSSL_THM_MIN_SIZE_CLIENT; + case TLSXT_STATUS_REQUEST: + return WOLFSSL_CSR_MIN_SIZE_CLIENT; + case TLSXT_SUPPORTED_GROUPS: + return WOLFSSL_EC_MIN_SIZE_CLIENT; + case TLSXT_EC_POINT_FORMATS: + return WOLFSSL_PF_MIN_SIZE_CLIENT; + case TLSXT_SIGNATURE_ALGORITHMS: + return WOLFSSL_SA_MIN_SIZE_CLIENT; + case TLSXT_USE_SRTP: + return WOLFSSL_SRTP_MIN_SIZE_CLIENT; + case TLSXT_APPLICATION_LAYER_PROTOCOL: + return WOLFSSL_ALPN_MIN_SIZE_CLIENT; + case TLSXT_STATUS_REQUEST_V2: + return WOLFSSL_CSR2_MIN_SIZE_CLIENT; + case TLSXT_CLIENT_CERTIFICATE: + return WOLFSSL_CCT_MIN_SIZE_CLIENT; + case TLSXT_SERVER_CERTIFICATE: + return WOLFSSL_SCT_MIN_SIZE_CLIENT; + case TLSXT_ENCRYPT_THEN_MAC: + return WOLFSSL_ETM_MIN_SIZE_CLIENT; + case TLSXT_SESSION_TICKET: + return WOLFSSL_STK_MIN_SIZE_CLIENT; + case TLSXT_PRE_SHARED_KEY: + return WOLFSSL_PSK_MIN_SIZE_CLIENT; + case TLSXT_COOKIE: + return WOLFSSL_CKE_MIN_SIZE_CLIENT; + case TLSXT_PSK_KEY_EXCHANGE_MODES: + return WOLFSSL_PKM_MIN_SIZE_CLIENT; + case TLSXT_CERTIFICATE_AUTHORITIES: + return WOLFSSL_CAN_MIN_SIZE_CLIENT; + case TLSXT_POST_HANDSHAKE_AUTH: + return WOLFSSL_PHA_MIN_SIZE_CLIENT; + case TLSXT_SIGNATURE_ALGORITHMS_CERT: + return WOLFSSL_SA_MIN_SIZE_CLIENT; + case TLSXT_KEY_SHARE: + return WOLFSSL_KS_MIN_SIZE_CLIENT; + case TLSXT_CONNECTION_ID: + return WOLFSSL_CID_MIN_SIZE_CLIENT; + case TLSXT_RENEGOTIATION_INFO: + return WOLFSSL_SCR_MIN_SIZE_CLIENT; + case TLSXT_KEY_QUIC_TP_PARAMS_DRAFT: + return WOLFSSL_QTP_MIN_SIZE_CLIENT; + case TLSXT_ECH: + return WOLFSSL_ECH_MIN_SIZE_CLIENT; + default: + return 0; + } +} + #define TLSX_GET_MIN_SIZE_CLIENT TLSX_GetMinSize_Client +#else + #define TLSX_GET_MIN_SIZE_CLIENT(...) 0 +#endif + + +#ifndef NO_WOLFSSL_CLIENT +/* Jump Table to check minimum size values for server case in TLSX_Parse */ +static word16 TLSX_GetMinSize_Server(const word16 *type) +{ + switch (*type) { + case TLSXT_SERVER_NAME: + return WOLFSSL_SNI_MIN_SIZE_SERVER; + case TLSXT_EARLY_DATA: + return WOLFSSL_EDI_MIN_SIZE_SERVER; + case TLSXT_MAX_FRAGMENT_LENGTH: + return WOLFSSL_MFL_MIN_SIZE_SERVER; + case TLSXT_TRUSTED_CA_KEYS: + return WOLFSSL_TCA_MIN_SIZE_SERVER; + case TLSXT_TRUNCATED_HMAC: + return WOLFSSL_THM_MIN_SIZE_SERVER; + case TLSXT_STATUS_REQUEST: + return WOLFSSL_CSR_MIN_SIZE_SERVER; + case TLSXT_SUPPORTED_GROUPS: + return WOLFSSL_EC_MIN_SIZE_SERVER; + case TLSXT_EC_POINT_FORMATS: + return WOLFSSL_PF_MIN_SIZE_SERVER; + case TLSXT_SIGNATURE_ALGORITHMS: + return WOLFSSL_SA_MIN_SIZE_SERVER; + case TLSXT_USE_SRTP: + return WOLFSSL_SRTP_MIN_SIZE_SERVER; + case TLSXT_APPLICATION_LAYER_PROTOCOL: + return WOLFSSL_ALPN_MIN_SIZE_SERVER; + case TLSXT_STATUS_REQUEST_V2: + return WOLFSSL_CSR2_MIN_SIZE_SERVER; + case TLSXT_CLIENT_CERTIFICATE: + return WOLFSSL_CCT_MIN_SIZE_SERVER; + case TLSXT_SERVER_CERTIFICATE: + return WOLFSSL_SCT_MIN_SIZE_SERVER; + case TLSXT_ENCRYPT_THEN_MAC: + return WOLFSSL_ETM_MIN_SIZE_SERVER; + case TLSXT_SESSION_TICKET: + return WOLFSSL_STK_MIN_SIZE_SERVER; + case TLSXT_PRE_SHARED_KEY: + return WOLFSSL_PSK_MIN_SIZE_SERVER; + case TLSXT_COOKIE: + return WOLFSSL_CKE_MIN_SIZE_SERVER; + case TLSXT_PSK_KEY_EXCHANGE_MODES: + return WOLFSSL_PKM_MIN_SIZE_SERVER; + case TLSXT_CERTIFICATE_AUTHORITIES: + return WOLFSSL_CAN_MIN_SIZE_SERVER; + case TLSXT_POST_HANDSHAKE_AUTH: + return WOLFSSL_PHA_MIN_SIZE_SERVER; + case TLSXT_SIGNATURE_ALGORITHMS_CERT: + return WOLFSSL_SA_MIN_SIZE_SERVER; + case TLSXT_KEY_SHARE: + return WOLFSSL_KS_MIN_SIZE_SERVER; + case TLSXT_CONNECTION_ID: + return WOLFSSL_CID_MIN_SIZE_SERVER; + case TLSXT_RENEGOTIATION_INFO: + return WOLFSSL_SCR_MIN_SIZE_SERVER; + case TLSXT_KEY_QUIC_TP_PARAMS_DRAFT: + return WOLFSSL_QTP_MIN_SIZE_SERVER; + case TLSXT_ECH: + return WOLFSSL_ECH_MIN_SIZE_SERVER; + default: + return 0; + } +} + #define TLSX_GET_MIN_SIZE_SERVER TLSX_GetMinSize_Server +#else + #define TLSX_GET_MIN_SIZE_SERVER(...) 0 +#endif + /** Parses a buffer of TLS extensions. */ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, @@ -14359,6 +14643,29 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (length - offset < size) return BUFFER_ERROR; + /* Check minimum size required for TLSX, even if disabled */ + switch (msgType) { + #ifndef NO_WOLFSSL_SERVER + case client_hello: + if (size < TLSX_GET_MIN_SIZE_CLIENT(&type)){ + WOLFSSL_MSG("Minimum TLSX Size Requirement not Satisfied"); + return BUFFER_ERROR; + } + break; + #endif + #ifndef NO_WOLFSSL_CLIENT + case server_hello: + case hello_retry_request: + if (size < TLSX_GET_MIN_SIZE_SERVER(&type)){ + WOLFSSL_MSG("Minimum TLSX Size Requirement not Satisfied"); + return BUFFER_ERROR; + } + break; + #endif + default: + break; + } + switch (type) { #ifdef HAVE_SNI case TLSX_SERVER_NAME: @@ -14916,7 +15223,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, } #ifdef HAVE_EXTENDED_MASTER - if (IsAtLeastTLSv1_3(ssl->version) && msgType == hello_retry_request) { + if (IsAtLeastTLSv1_3(ssl->version) && + (msgType == hello_retry_request || msgType == hello_verify_request)) { /* Don't change EMS status until server_hello received. * Second ClientHello must have same extensions. */ @@ -14924,6 +15232,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, else if (!isRequest && ssl->options.haveEMS && !pendingEMS) ssl->options.haveEMS = 0; #endif +#if defined(WOLFSSL_TLS13) && !defined(NO_PSK) + if (IsAtLeastTLSv1_3(ssl->version) && msgType == server_hello && + IS_OFF(seenType, TLSX_ToSemaphore(TLSX_KEY_SHARE))) { + ssl->options.noPskDheKe = 1; + } +#endif if (ret == 0) ret = SNI_VERIFY_PARSE(ssl, isRequest); diff --git a/src/tls13.c b/src/tls13.c index 81518edacb..55c9fabe53 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1,6 +1,6 @@ /* tls13.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -189,7 +189,7 @@ static const byte #ifndef NO_CERTS #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - defined(HAVE_ED448) || defined(HAVE_PQC) + defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash); @@ -205,7 +205,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, const byte* info, word32 infoLen, int digest) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #if defined(HAVE_PK_CALLBACKS) if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) { @@ -216,7 +216,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, WOLFSSL_CLIENT_END /* ignored */); } - if (ret != NOT_COMPILED_IN) + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) return ret; #endif (void)ssl; @@ -257,7 +257,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, info, infoLen, digest, side); } - if (ret != NOT_COMPILED_IN) + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) return ret; #endif @@ -308,14 +308,14 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, const byte* protocol; word32 protocolLen; int digestAlg = -1; - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hashAlgo) { #ifndef NO_WOLFSSL_SHA256 case sha256_mac: ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_Sha256Update(&digest.sha256, msg, msgLen); + ret = wc_Sha256Update(&digest.sha256, msg, (word32)msgLen); if (ret == 0) ret = wc_Sha256Final(&digest.sha256, hash); wc_Sha256Free(&digest.sha256); @@ -328,7 +328,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, case sha384_mac: ret = wc_InitSha384_ex(&digest.sha384, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_Sha384Update(&digest.sha384, msg, msgLen); + ret = wc_Sha384Update(&digest.sha384, msg, (word32)msgLen); if (ret == 0) ret = wc_Sha384Final(&digest.sha384, hash); wc_Sha384Free(&digest.sha384); @@ -341,7 +341,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, case sha512_mac: ret = wc_InitSha512_ex(&digest.sha512, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_Sha512Update(&digest.sha512, msg, msgLen); + ret = wc_Sha512Update(&digest.sha512, msg, (word32)msgLen); if (ret == 0) ret = wc_Sha512Final(&digest.sha512, hash); wc_Sha512Free(&digest.sha512); @@ -354,7 +354,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, case sm3_mac: ret = wc_InitSm3(&digest.sm3, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_Sm3Update(&digest.sm3, msg, msgLen); + ret = wc_Sm3Update(&digest.sm3, msg, (word32)msgLen); if (ret == 0) ret = wc_Sm3Final(&digest.sm3, hash); wc_Sm3Free(&digest.sm3); @@ -364,6 +364,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, break; #endif default: + ret = BAD_FUNC_ARG; digestAlg = -1; break; } @@ -392,9 +393,9 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, return VERSION_ERROR; } if (outputLen == -1) - outputLen = hashSz; + outputLen = (int)hashSz; - ret = Tls13HKDFExpandLabel(ssl, output, outputLen, secret, hashSz, + ret = Tls13HKDFExpandLabel(ssl, output, (word32)outputLen, secret, hashSz, protocol, protocolLen, label, labelLen, hash, hashSz, digestAlg); return ret; @@ -481,7 +482,7 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen, #endif /* WOLFSSL_DTLS13 */ if (outputLen == -1) { - outputLen = hashSz; + outputLen = (int)hashSz; } if (includeMsgs) { hashOutSz = hashSz; @@ -496,7 +497,7 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen, } PRIVATE_KEY_UNLOCK(); - ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz, + ret = Tls13HKDFExpandKeyLabel(ssl, output, (word32)outputLen, secret, hashSz, protocol, protocolLen, label, labelLen, hash, hashOutSz, digestAlg, side); PRIVATE_KEY_LOCK(); @@ -973,7 +974,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, { int ret; enum wc_HashType hashType = WC_HASH_TYPE_NONE; - int hashLen = 0; + word32 hashLen = 0; byte hashOut[WC_MAX_DIGEST_SIZE]; const byte* emptyHash = NULL; byte firstExpand[WC_MAX_DIGEST_SIZE]; @@ -1124,7 +1125,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, void *cb_ctx = ssl->HkdfExtractCtx; CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb; if (cb != NULL) { - ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx); + ret = cb(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest, cb_ctx); } else #endif @@ -1137,7 +1138,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, { #if !defined(HAVE_FIPS) || \ (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) - ret = wc_Tls13_HKDF_Extract_ex(prk, salt, saltLen, ikm, ikmLen, digest, + ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest, ssl->heap, ssl->devId); #else ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest); @@ -1161,13 +1162,13 @@ int DeriveEarlySecret(WOLFSSL* ssl) } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13DeriveEarlySecret(ssl); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; #endif PRIVATE_KEY_UNLOCK(); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0, - ssl->arrays->psk_key, ssl->arrays->psk_keySz, + ssl->arrays->psk_key, (int)ssl->arrays->psk_keySz, mac2hash(ssl->specs.mac_algorithm)); #else ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0, @@ -1197,7 +1198,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl) } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13DeriveHandshakeSecret(ssl); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; #endif @@ -1210,7 +1211,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl) PRIVATE_KEY_UNLOCK(); ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret, key, ssl->specs.hash_size, - ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, + ssl->arrays->preMasterSecret, (int)ssl->arrays->preMasterSz, mac2hash(ssl->specs.mac_algorithm)); PRIVATE_KEY_LOCK(); @@ -1232,7 +1233,7 @@ int DeriveMasterSecret(WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13DeriveMasterSecret(ssl); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; #endif @@ -1355,7 +1356,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, #endif int hashType = WC_SHA256; int hashSz = WC_SHA256_DIGEST_SIZE; - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (ssl == NULL || key == NULL || hash == NULL) { return BAD_FUNC_ARG; @@ -1392,6 +1393,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, break; #endif /* WOLFSSL_SM3 */ default: + ret = BAD_FUNC_ARG; break; } if (ret != 0) @@ -1416,7 +1418,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, if (ret == 0) { ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size); if (ret == 0) - ret = wc_HmacUpdate(verifyHmac, hash, hashSz); + ret = wc_HmacUpdate(verifyHmac, hash, (word32)hashSz); if (ret == 0) ret = wc_HmacFinal(verifyHmac, hash); wc_HmacFree(verifyHmac); @@ -1432,7 +1434,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, #endif if (pHashSz) - *pHashSz = hashSz; + *pHashSz = (word32)hashSz; return ret; } @@ -1466,7 +1468,7 @@ static const byte writeIVLabel[WRITE_IV_LABEL_SZ+1] = "iv"; */ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) { - int ret = BAD_FUNC_ARG; /* Assume failure */ + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Assume failure */ int i = 0; #ifdef WOLFSSL_SMALL_STACK byte* key_dig; @@ -1477,10 +1479,10 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13DeriveKeys(ssl, secret, side); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; } - ret = BAD_FUNC_ARG; /* Assume failure */ + ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Assume failure */ #endif #ifdef WOLFSSL_SMALL_STACK @@ -1553,6 +1555,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) break; default: + ret = BAD_FUNC_ARG; break; } @@ -1633,7 +1636,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) #endif /* WOLFSSL_DTLS13 */ end: - ForceZero(key_dig, i); + ForceZero(key_dig, (word32)i); #ifdef WOLFSSL_SMALL_STACK XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST); #elif defined(WOLFSSL_CHECK_MEM_ZERO) @@ -2571,13 +2574,13 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, (void)nonceSz; #ifdef WOLFSSL_ASYNC_CRYPT - if (ssl->error == WC_PENDING_E) { + if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->error = 0; /* clear async */ } #endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13AesEncrypt(ssl, output, input, dataSz); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { if (ret > 0) { ret = 0; /* tsip_Tls13AesEncrypt returns output size */ } @@ -2650,7 +2653,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, output + dataSz, macSz, aad, aadSz); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif { @@ -2692,7 +2695,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, output + dataSz, macSz, aad, aadSz); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif { #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ @@ -2754,7 +2757,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, ssl->encrypt.state = CIPHER_STATE_END; #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* if async is not okay, then block */ if (!asyncOkay) { ret = wc_AsyncWait(ret, asyncDev, event_flags); @@ -2956,7 +2959,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13AesDecrypt(ssl, output, input, sz); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { #ifndef WOLFSSL_EARLY_DATA if (ret < 0) { ret = VERIFY_MAC_ERROR; @@ -2969,9 +2972,9 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* check for still pending */ - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; ssl->error = 0; /* clear async */ @@ -3052,7 +3055,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, (byte *)(input + dataSz), macSz, aad, aadSz); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif { @@ -3061,7 +3064,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, input + dataSz, macSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } @@ -3091,14 +3094,14 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, (byte *)(input + dataSz), macSz, aad, aadSz); } - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif { ret = wc_AesCcmDecrypt(ssl->decrypt.aes, output, input, dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz, macSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); } @@ -3148,7 +3151,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, #ifdef WOLFSSL_ASYNC_CRYPT /* If pending, leave now */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -3246,7 +3249,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args = (BuildMsg13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_buildmsg; @@ -3260,7 +3263,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* Reset state */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E)) #endif { ret = 0; @@ -3273,7 +3276,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->headerSz = Dtls13GetRlHeaderLength(ssl, 1); #endif /* WOLFSSL_DTLS13 */ - args->sz = args->headerSz + inSz; + args->sz = args->headerSz + (word32)inSz; args->idx = args->headerSz; #ifdef WOLFSSL_ASYNC_CRYPT @@ -3303,7 +3306,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->sz += ssl->specs.aead_mac_size; if (sizeOnly) - return args->sz; + return (int)args->sz; if (args->sz > (word32)outSz) { WOLFSSL_MSG("Oops, want to write past output buffer size"); @@ -3328,8 +3331,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* TLS v1.3 can do in place encryption. */ if (input != output + args->idx) - XMEMCPY(output + args->idx, input, inSz); - args->idx += inSz; + XMEMCPY(output + args->idx, input, (size_t)inSz); + args->idx += (word32)inSz; ssl->options.buildMsgState = BUILD_MSG_HASH; } @@ -3338,7 +3341,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, case BUILD_MSG_HASH: { if (hashOutput) { - ret = HashOutput(ssl, output, args->headerSz + inSz, 0); + ret = HashOutput(ssl, output, (int)args->headerSz + inSz, 0); if (ret != 0) goto exit_buildmsg; } @@ -3357,8 +3360,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* QUIC does not use encryption of the TLS Record Layer. * Return the original length + added headers * and restore it in the record header. */ - AddTls13RecordHeader(output, inSz, type, ssl); - ret = args->headerSz + inSz; + AddTls13RecordHeader(output, (word32)inSz, (byte)type, ssl); + ret = (int)args->headerSz + inSz; goto exit_buildmsg; } #endif @@ -3368,7 +3371,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, byte* mac = output + args->idx; output += args->headerSz; - ret = ssl->ctx->MacEncryptCb(ssl, mac, output, inSz, type, 0, + ret = ssl->ctx->MacEncryptCb(ssl, mac, output, (unsigned int)inSz, (byte)type, 0, output, output, args->size, ssl->MacEncryptCtx); } else @@ -3380,7 +3383,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, (word16)args->headerSz, asyncOkay); if (ret != 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { /* Zeroize plaintext. */ @@ -3406,7 +3409,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, WOLFSSL_LEAVE("BuildTls13Message", ret); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -3416,7 +3419,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* return sz on success */ if (ret == 0) { - ret = args->sz; + ret = (int)args->sz; } else { WOLFSSL_ERROR_VERBOSE(ret); @@ -3954,7 +3957,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) } if (ssl->arrays->psk_keySz == 0 || (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != USE_HW_PSK)) { + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -4023,7 +4026,7 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) idx - Dtls13GetRlHeaderLength(ssl, 0)); else #endif /* WOLFSSL_DTLS13 */ - ret = HashOutput(ssl, output, idx, 0); + ret = HashOutput(ssl, output, (int)idx, 0); if (ret != 0) return ret; @@ -4171,7 +4174,7 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) /* hash the body */ if (ret == 0) { ret = HashRaw(ssl, ech->innerClientHello, - ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt); + (int)(ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt)); } /* swap hsHashes back */ @@ -4316,7 +4319,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) args = (Sch13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) return ret; @@ -4423,7 +4426,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; - args->preXLength = args->length; + args->preXLength = (int)args->length; /* get size for inner */ ret = TLSX_GetRequestSize(ssl, client_hello, &args->length); @@ -4434,16 +4437,16 @@ int SendTls13ClientHello(WOLFSSL* ssl) args->ech->type = 0; /* set innerClientHelloLen to ClientHelloInner + padding + tag */ args->ech->paddingLen = 31 - ((args->length - 1) % 32); - args->ech->innerClientHelloLen = args->length + - args->ech->paddingLen + args->ech->hpke->Nt; + args->ech->innerClientHelloLen = (word16)(args->length + + args->ech->paddingLen + args->ech->hpke->Nt); /* set the length back to before we computed ClientHelloInner size */ - args->length = args->preXLength; + args->length = (word32)args->preXLength; } #endif { #ifdef WOLFSSL_DTLS_CH_FRAG - int maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + word16 maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); word16 lenWithoutExts = args->length; #endif @@ -4474,7 +4477,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) } /* Total message size. */ - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + args->sendSz = (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ); #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) @@ -4514,7 +4517,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) XMEMCPY(args->output + args->idx, ssl->arrays->clientRandom, RAN_LEN); #if defined(HAVE_ECH) - args->clientRandomOffset = args->idx; + args->clientRandomOffset = (int)args->idx; #endif args->idx += RAN_LEN; @@ -4623,7 +4626,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ssl->options.useEch == 1) { ret = TLSX_FinalizeEch(args->ech, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, - args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)); + (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ))); if (ret != 0) return ret; @@ -4657,7 +4660,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) /* compute the outer hash */ if (ret == 0) - ret = HashOutput(ssl, args->output, args->idx, 0); + ret = HashOutput(ssl, args->output, (int)args->idx, 0); } } if (ret != 0) @@ -4684,7 +4687,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) } #endif /* WOLFSSL_DTLS13 */ - ssl->buffers.outputBuffer.length += args->sendSz; + ssl->buffers.outputBuffer.length += (word32)args->sendSz; /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -4821,7 +4824,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) - ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize, + ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); #else @@ -4835,10 +4838,10 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, PRIVATE_KEY_UNLOCK(); ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation, ECH_ACCEPT_CONFIRMATION_SZ, - expandLabelPrk, digestSize, + expandLabelPrk, (word32)digestSize, tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, - transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END); + transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END); PRIVATE_KEY_LOCK(); } if (ret == 0) { @@ -4959,7 +4962,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) - ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize, + ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); #else @@ -4975,10 +4978,10 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, ret = Tls13HKDFExpandKeyLabel(ssl, output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, ECH_ACCEPT_CONFIRMATION_SZ, - expandLabelPrk, digestSize, + expandLabelPrk, (word32)digestSize, tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, - transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END); + transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END); PRIVATE_KEY_LOCK(); } @@ -5059,10 +5062,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args = (Dsh13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) { - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_server_hello = 0; } @@ -5173,7 +5176,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Server random - keep for debugging. */ XMEMCPY(ssl->arrays->serverRandom, input + args->idx, RAN_LEN); #if defined(HAVE_ECH) - args->serverRandomOffset = args->idx; + args->serverRandomOffset = (int)args->idx; #endif args->idx += RAN_LEN; @@ -5289,6 +5292,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } ssl->version.minor = args->pv.minor; + ssl->options.tls1_3 = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { @@ -5322,14 +5326,15 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* restore message type */ *extMsgType = args->extMsgType; - if (args->totalExtSz > 0) { - /* Parse and handle extensions. */ + /* Parse and handle extensions, unless lower than TLS1.3. In that case, + * extensions will be parsed in DoServerHello. */ + if (args->totalExtSz > 0 && IsAtLeastTLSv1_3(ssl->version)) { ret = TLSX_Parse(ssl, input + args->idx, args->totalExtSz, *extMsgType, NULL); if (ret != 0) { #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_server_hello = 0; } @@ -5342,7 +5347,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->msgsReceived.got_hello_retry_request = 1; ssl->msgsReceived.got_server_hello = 0; } + } + if (args->totalExtSz > 0) { args->idx += args->totalExtSz; } @@ -5351,7 +5358,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, DtlsCIDOnExtensionsParsed(ssl); #endif /* WOLFSSL_DTLS_CID */ - *inOutIdx = args->idx; + if (IsAtLeastTLSv1_3(ssl->version)) { + *inOutIdx = args->idx; + } ssl->options.serverState = SERVER_HELLO_COMPLETE; @@ -5390,9 +5399,12 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } /* Force client hello version 1.2 to work for static RSA. */ - ssl->chVersion.minor = TLSv1_2_MINOR; + if (ssl->options.dtls) + ssl->chVersion.minor = DTLSv1_2_MINOR; + else + ssl->chVersion.minor = TLSv1_2_MINOR; /* Complete TLS v1.2 processing of ServerHello. */ - ret = CompleteServerHello(ssl); + ret = DoServerHello(ssl, input, inOutIdx, helloSz); #else WOLFSSL_MSG("Client using higher version, fatal error"); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); @@ -5461,7 +5473,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if defined(HAVE_ECH) /* check for acceptConfirmation and HashInput with 8 0 bytes */ if (ssl->options.useEch == 1) { - ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, helloSz); + ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, (int)helloSz); if (ret != 0) return ret; } @@ -5728,7 +5740,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, #endif ) { if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo, - peerSuites.hashSigAlgoSz) != 0) { + peerSuites.hashSigAlgoSz, 0) != 0) { WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } @@ -5851,7 +5863,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key, } if (*found) { if (*psk_keySz > MAX_PSK_KEY_LEN && - *((int*)psk_keySz) != USE_HW_PSK) { + *((int*)psk_keySz) != WC_NO_ERR_TRACE(USE_HW_PSK)) { WOLFSSL_MSG("Key len too long in FindPsk()"); ret = PSK_KEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -6005,7 +6017,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, } #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif @@ -6056,7 +6068,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, return ret; /* Hash data up to binders for deriving binders in PSK extension. */ - ret = HashInput(ssl, input, inputSz); + ret = HashInput(ssl, input, (int)inputSz); if (ret < 0) return ret; @@ -6072,7 +6084,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, if (ret != 0) return ret; - ret = HashInput(ssl, input, inputSz); + ret = HashInput(ssl, input, (int)inputSz); if (ret < 0) return ret; @@ -6168,7 +6180,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (usingPSK) *usingPSK = 0; /* Hash data up to binders for deriving binders in PSK extension. */ - ret = HashInput(ssl, input, helloSz); + ret = HashInput(ssl, input, (int)helloSz); return ret; } @@ -6205,7 +6217,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (ret != 0) { #ifdef HAVE_SESSION_TICKET #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif CleanupClientTickets((PreSharedKey*)ext->data); #endif @@ -6235,7 +6247,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, else { /* No suitable PSK found, Hash the complete ClientHello, * as caller expect it after we return */ - ret = HashInput(ssl, input, helloSz); + ret = HashInput(ssl, input, (int)helloSz); } if (ret != 0) return ret; @@ -6688,7 +6700,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args = (Dch13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) { goto exit_dch; @@ -6814,7 +6826,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, realMinor = ssl->version.minor; ssl->version.minor = args->pv.minor; - ret = HashInput(ssl, input + args->begin, helloSz); + ret = HashInput(ssl, input + args->begin, (int)helloSz); ssl->version.minor = realMinor; if (ret == 0) { ret = DoClientHello(ssl, input, inOutIdx, helloSz); @@ -7052,7 +7064,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (!args->usingPSK) { if ((ret = MatchSuite(ssl, args->clSuites)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif WOLFSSL_MSG("Unsupported cipher suite, ClientHello 1.3"); goto exit_dch; @@ -7069,7 +7081,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) ERROR_OUT(INVALID_PARAMETER, exit_dch); ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) ret = 0; /* for hello_retry return 0 */ } if (ret != 0) @@ -7091,7 +7103,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, TLSX* extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); if (extension != NULL && extension->resp == 1) { KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data; - if (serverKSE != NULL && serverKSE->lastRet == WC_PENDING_E) { + if (serverKSE != NULL && + serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = TLSX_KeyShare_GenKey(ssl, serverKSE); if (ret != 0) goto exit_dch; @@ -7224,7 +7237,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LEAVE("DoTls13ClientHello", ret); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ssl->msgsReceived.got_client_hello = 0; return ret; } @@ -7302,7 +7315,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) ret = TLSX_GetResponseSize(ssl, extMsgType, &length); if (ret != 0) return ret; - sendSz = idx + length; + sendSz = (int)(idx + length); /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -7541,7 +7554,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) if (ret != 0) return ret; - sendSz = idx + length; + sendSz = (int)(idx + length); /* Encryption always on. */ sendSz += MAX_MSG_EXTRA; @@ -7629,10 +7642,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, word32 reqSz; word16 hashSigAlgoSz = 0; SignatureAlgorithms* sa; - int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM; -#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - haveSig |= SIG_SM2; -#endif WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_ENTER("SendTls13CertificateRequest"); @@ -7643,12 +7652,12 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, return SIDE_ERROR; /* Get the length of the hashSigAlgo buffer */ - InitSuitesHashSigAlgo_ex2(NULL, haveSig, 1, ssl->buffers.keySz, + InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, ssl->buffers.keySz, &hashSigAlgoSz); sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo_ex2(sa->hashSigAlgo, haveSig, 1, ssl->buffers.keySz, + InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, ssl->buffers.keySz, &hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { @@ -7667,7 +7676,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, if (ret != 0) return ret; - sendSz = i + reqSz; + sendSz = (int)(i + reqSz); /* Always encrypted and make room for padding. */ sendSz += MAX_MSG_EXTRA; @@ -7742,7 +7751,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, #ifndef NO_CERTS #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - defined(HAVE_ED448) || defined(HAVE_PQC) + defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) /* Encode the signature algorithm into buffer. * * hashalgo The hash algorithm. @@ -7787,8 +7796,7 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) output[1] = hashAlgo; break; #endif -#ifdef HAVE_PQC - #ifdef HAVE_FALCON +#ifdef HAVE_FALCON case falcon_level1_sa_algo: output[0] = FALCON_LEVEL1_SA_MAJOR; output[1] = FALCON_LEVEL1_SA_MINOR; @@ -7797,8 +7805,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) output[0] = FALCON_LEVEL5_SA_MAJOR; output[1] = FALCON_LEVEL5_SA_MINOR; break; - #endif - #ifdef HAVE_DILITHIUM +#endif +#ifdef HAVE_DILITHIUM case dilithium_level2_sa_algo: output[0] = DILITHIUM_LEVEL2_SA_MAJOR; output[1] = DILITHIUM_LEVEL2_SA_MINOR; @@ -7811,7 +7819,6 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) output[0] = DILITHIUM_LEVEL5_SA_MAJOR; output[1] = DILITHIUM_LEVEL5_SA_MINOR; break; - #endif #endif default: break; @@ -7955,7 +7962,7 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, else ret = INVALID_PARAMETER; break; -#ifdef HAVE_PQC +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) case PQC_SA_MAJOR: #if defined(HAVE_FALCON) if (input[1] == FALCON_LEVEL1_SA_MINOR) { @@ -8198,7 +8205,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, { Digest digest; int hashSz = 0; - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); byte* hash; (void)sigAlgo; @@ -8211,7 +8218,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, case sha256_mac: ret = wc_InitSha256(&digest.sha256); if (ret == 0) { - ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz); + ret = wc_Sha256Update(&digest.sha256, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha256Final(&digest.sha256, hash); wc_Sha256Free(&digest.sha256); @@ -8223,7 +8230,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, case sha384_mac: ret = wc_InitSha384(&digest.sha384); if (ret == 0) { - ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz); + ret = wc_Sha384Update(&digest.sha384, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha384Final(&digest.sha384, hash); wc_Sha384Free(&digest.sha384); @@ -8235,7 +8242,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, case sha512_mac: ret = wc_InitSha512(&digest.sha512); if (ret == 0) { - ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz); + ret = wc_Sha512Update(&digest.sha512, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha512Final(&digest.sha512, hash); wc_Sha512Free(&digest.sha512); @@ -8243,6 +8250,10 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, hashSz = WC_SHA512_DIGEST_SIZE; break; #endif + default: + ret = BAD_FUNC_ARG; + break; + } if (ret != 0) @@ -8264,7 +8275,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) { Digest digest; int hashSz = 0; - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Digest the signature data. */ switch (hashAlgo) { @@ -8272,7 +8283,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) case sha256_mac: ret = wc_InitSha256(&digest.sha256); if (ret == 0) { - ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz); + ret = wc_Sha256Update(&digest.sha256, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha256Final(&digest.sha256, sigData); wc_Sha256Free(&digest.sha256); @@ -8284,7 +8295,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) case sha384_mac: ret = wc_InitSha384(&digest.sha384); if (ret == 0) { - ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz); + ret = wc_Sha384Update(&digest.sha384, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha384Final(&digest.sha384, sigData); wc_Sha384Free(&digest.sha384); @@ -8296,7 +8307,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) case sha512_mac: ret = wc_InitSha512(&digest.sha512); if (ret == 0) { - ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz); + ret = wc_Sha512Update(&digest.sha512, sigData, (word32)sigDataSz); if (ret == 0) ret = wc_Sha512Final(&digest.sha512, sigData); wc_Sha512Free(&digest.sha512); @@ -8305,6 +8316,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) break; #endif default: + ret = BAD_FUNC_ARG; break; } @@ -8350,7 +8362,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, sigAlgo, hashAlgo); if (ret < 0) return ret; - sigSz = ret; + sigSz = (word32)ret; ret = wc_RsaPSS_CheckPadding(sigData, sigSz, decSig, decSigSz, hashType); @@ -8500,7 +8512,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) else { if (!ssl->buffers.certificate) { WOLFSSL_MSG("Send Cert missing certificate buffer"); - return BUFFER_ERROR; + return NO_CERT_ERROR; } /* Certificate Data */ certSz = ssl->buffers.certificate->length; @@ -8548,7 +8560,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); - maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); while (length > 0 && ret == 0) { byte* output = NULL; @@ -8733,7 +8745,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) } #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - defined(HAVE_ED448) || defined(HAVE_PQC)) && \ + defined(HAVE_ED448) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM)) && \ (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) typedef struct Scv13Args { byte* output; /* not allocated */ @@ -8803,11 +8816,15 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND); WOLFSSL_ENTER("SendTls13CertificateVerify"); +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); +#endif + ssl->options.buildingMsg = 1; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13SendCertVerify(ssl); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { goto exit_scv; } ret = 0; @@ -8833,7 +8850,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) args = (Scv13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_scv; @@ -8855,6 +8872,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) case TLS_ASYNC_BEGIN: { if (ssl->options.sendVerify == SEND_BLANK_CERT) { + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind(ssl->buffers.key, + ssl->buffers.keyMask); + #endif return 0; /* sent blank cert, can't verify */ } @@ -8877,9 +8898,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) case TLS_ASYNC_BUILD: { - int rem = ssl->buffers.outputBuffer.bufferSize + int rem = (int)(ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length - - RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ; + - RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ); /* idx is used to track verify pointer offset to output */ args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; @@ -8897,7 +8918,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->buffers.key == NULL) { #ifdef HAVE_PK_CALLBACKS if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - args->length = (word16)GetPrivateKeySigSize(ssl); + args->sigLen = (word16)GetPrivateKeySigSize(ssl); else #endif ERROR_OUT(NO_PRIVATE_KEY, exit_scv); @@ -8915,10 +8936,16 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) /* If we own it, free key before overriding it. */ if (ssl->buffers.weOwnKey) { FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif } /* Swap keys */ - ssl->buffers.key = ssl->buffers.altKey; + ssl->buffers.key = ssl->buffers.altKey; + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + ssl->buffers.keyMask = ssl->buffers.altKeyMask; + #endif ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -8959,8 +8986,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) else if (ssl->hsType == DYNAMIC_TYPE_ED448) args->sigAlgo = ed448_sa_algo; #endif - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) + #if defined(HAVE_FALCON) else if (ssl->hsType == DYNAMIC_TYPE_FALCON) { falcon_key* fkey = (falcon_key*)ssl->hsKey; byte level = 0; @@ -8977,8 +9003,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) ERROR_OUT(ALGO_ID_E, exit_scv); } } - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { dilithium_key* fkey = (dilithium_key*)ssl->hsKey; byte level = 0; @@ -8998,8 +9024,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) ERROR_OUT(ALGO_ID_E, exit_scv); } } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + #endif /* HAVE_DILITHIUM */ else { ERROR_OUT(ALGO_ID_E, exit_scv); } @@ -9059,7 +9084,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if ((ssl->hsType == DYNAMIC_TYPE_RSA) && (args->sigLen > MAX_SIG_DATA_SZ)) { /* We store the RSA signature in the sigData buffer - * temporarly, hence its size must be fitting. */ + * temporarily, hence its size must be fitting. */ sigLen = args->sigLen; } args->sigData = (byte*)XMALLOC(sigLen, ssl->heap, @@ -9077,7 +9102,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->hsAltType == DYNAMIC_TYPE_RSA && args->altSigLen > MAX_SIG_DATA_SZ) { /* We store the RSA signature in the sigData buffer - * temporarly, hence its size must be fitting. */ + * temporarily, hence its size must be fitting. */ sigLen = args->altSigLen; } args->altSigData = (byte*)XMALLOC(sigLen, ssl->heap, @@ -9115,7 +9140,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) args->sigDataSz, args->sigAlgo, ssl->options.hashAlgo); if (ret < 0) goto exit_scv; - rsaSigBuf->length = ret; + rsaSigBuf->length = (unsigned int)ret; ret = 0; } #endif /* !NO_RSA */ @@ -9155,18 +9180,16 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (ssl->hsType == DYNAMIC_TYPE_FALCON) { args->sigLen = FALCON_MAX_SIG_SIZE; } - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { args->sigLen = DILITHIUM_MAX_SIG_SIZE; } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + #endif /* HAVE_DILITHIUM */ #ifdef WOLFSSL_DUAL_ALG_CERTS if (ssl->sigSpec != NULL && @@ -9272,24 +9295,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) args->length = (word16)args->sigLen; } #endif - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (ssl->hsType == DYNAMIC_TYPE_FALCON) { ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz, sigOut, &args->sigLen, (falcon_key*)ssl->hsKey, ssl->rng); args->length = (word16)args->sigLen; } - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz, sigOut, &args->sigLen, (dilithium_key*)ssl->hsKey, ssl->rng); args->length = (word16)args->sigLen; } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + #endif /* HAVE_DILITHIUM */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { ret = RsaSign(ssl, rsaSigBuf->buffer, (word32)rsaSigBuf->length, @@ -9347,8 +9368,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } } #endif /* !NO_RSA */ - #if defined(HAVE_PQC) - #if defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) { ret = wc_falcon_sign_msg(args->altSigData, args->altSigDataSz, sigOut, @@ -9356,8 +9376,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) (falcon_key*)ssl->hsAltKey, ssl->rng); } - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) { ret = wc_dilithium_sign_msg(args->altSigData, args->altSigDataSz, sigOut, @@ -9365,8 +9385,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) (dilithium_key*)ssl->hsAltKey, ssl->rng); } - #endif /* HAVE_DILITHIUM */ - #endif /* HAVE_PQC */ + #endif /* HAVE_DILITHIUM */ /* Check for error */ if (ret != 0) { @@ -9543,13 +9562,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } /* switch(ssl->options.asyncState) */ exit_scv: +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + if (ret == 0) { + ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, + &ssl->buffers.keyMask); + } + else { + wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); + } +#endif WOLFSSL_LEAVE("SendTls13CertificateVerify", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND); #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -9663,6 +9691,7 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs) } #ifdef WOLFSSL_DUAL_ALG_CERTS +#ifndef NO_RSA /* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a * RSA public key. Convert it into a usable public key. */ static int decodeRsaKey(WOLFSSL* ssl) @@ -9686,7 +9715,9 @@ static int decodeRsaKey(WOLFSSL* ssl) return 0; } +#endif /* !NO_RSA */ +#ifdef HAVE_ECC /* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a * ECC public key. Convert it into a usable public key. */ static int decodeEccKey(WOLFSSL* ssl) @@ -9710,7 +9741,9 @@ static int decodeEccKey(WOLFSSL* ssl) return 0; } +#endif /* HAVE_ECC */ +#ifdef HAVE_DILITHIUM /* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a * dilithium public key. Convert it into a usable public key. */ static int decodeDilithiumKey(WOLFSSL* ssl, int level) @@ -9739,7 +9772,9 @@ static int decodeDilithiumKey(WOLFSSL* ssl, int level) return 0; } +#endif /* HAVE_DILITHIUM */ +#ifdef HAVE_FALCON /* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a * falcon public key. Convert it into a usable public key. */ static int decodeFalconKey(WOLFSSL* ssl, int level) @@ -9767,6 +9802,7 @@ static int decodeFalconKey(WOLFSSL* ssl, int level) return 0; } +#endif /* HAVE_FALCON */ #endif /* WOLFSSL_DUAL_ALG_CERTS */ /* handle processing TLS v1.3 certificate_verify (15) */ @@ -9801,7 +9837,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13CertificateVerify(ssl, input, inOutIdx, totalSz); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { goto exit_dcv; } ret = 0; @@ -9818,7 +9854,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, args = (Dcv13Args*)ssl->async->args; ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) goto exit_dcv; @@ -9919,12 +9955,17 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, sa = args->altSigAlgo; switch(sa) { + #ifndef NO_RSA case rsa_pss_sa_algo: ret = decodeRsaKey(ssl); break; + #endif + #ifdef HAVE_ECC case ecc_dsa_sa_algo: ret = decodeEccKey(ssl); break; + #endif + #ifdef HAVE_DILITHIUM case dilithium_level2_sa_algo: ret = decodeDilithiumKey(ssl, 2); break; @@ -9934,12 +9975,15 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, case dilithium_level5_sa_algo: ret = decodeDilithiumKey(ssl, 5); break; + #endif + #ifdef HAVE_FALCON case falcon_level1_sa_algo: ret = decodeFalconKey(ssl, 1); break; case falcon_level5_sa_algo: ret = decodeFalconKey(ssl, 5); break; + #endif default: ERROR_OUT(PEER_KEY_ERROR, exit_dcv); } @@ -9950,17 +9994,22 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, if (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) { /* Now swap in the alternative by removing the native. * sa contains the alternative signature type. */ + #ifndef NO_RSA if (ssl->peerRsaKeyPresent && sa != rsa_pss_sa_algo) { FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey); ssl->peerRsaKeyPresent = 0; } + #endif + #ifdef HAVE_ECC else if (ssl->peerEccDsaKeyPresent && sa != ecc_dsa_sa_algo) { FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); ssl->peerEccDsaKeyPresent = 0; } + #endif + #ifdef HAVE_DILITHIUM else if (ssl->peerDilithiumKeyPresent && sa != dilithium_level2_sa_algo && sa != dilithium_level3_sa_algo && @@ -9969,6 +10018,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerDilithiumKey); ssl->peerDilithiumKeyPresent = 0; } + #endif + #ifdef HAVE_FALCON else if (ssl->peerFalconKeyPresent && sa != falcon_level1_sa_algo && sa != falcon_level5_sa_algo) { @@ -9976,6 +10027,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; } + #endif else { ERROR_OUT(PEER_KEY_ERROR, exit_dcv); } @@ -10014,7 +10066,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, ssl->peerEccDsaKeyPresent; } #endif - #ifdef HAVE_PQC + #ifdef HAVE_FALCON if (ssl->options.peerSigAlgo == falcon_level1_sa_algo) { WOLFSSL_MSG("Peer sent Falcon Level 1 sig"); validSigAlgo = (ssl->peerFalconKey != NULL) && @@ -10025,6 +10077,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, validSigAlgo = (ssl->peerFalconKey != NULL) && ssl->peerFalconKeyPresent; } + #endif + #ifdef HAVE_DILITHIUM if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) { WOLFSSL_MSG("Peer sent Dilithium Level 2 sig"); validSigAlgo = (ssl->peerDilithiumKey != NULL) && @@ -10065,10 +10119,13 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, * with their size as 16-bit integeter prior in memory. Hence, * we can decode both lengths here now. */ word32 tmpIdx = args->idx; - ato32(input + tmpIdx, &args->sigSz); + word16 tmpSz = 0; + ato16(input + tmpIdx, &tmpSz); + args->sigSz = tmpSz; tmpIdx += OPAQUE16_LEN + args->sigSz; - ato32(input + tmpIdx, &args->altSignatureSz); + ato16(input + tmpIdx, &tmpSz); + args->altSignatureSz = tmpSz; if (args->sz != (args->sigSz + args->altSignatureSz + OPAQUE16_LEN + OPAQUE16_LEN)) { @@ -10198,7 +10255,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, #endif ); if (ret >= 0) { - args->sendSz = ret; + args->sendSz = (word32)ret; ret = 0; } } @@ -10286,7 +10343,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, } } #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (((ssl->options.peerSigAlgo == falcon_level1_sa_algo) || (ssl->options.peerSigAlgo == falcon_level5_sa_algo)) && (ssl->peerFalconKeyPresent)) { @@ -10306,8 +10363,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, ssl->peerFalconKeyPresent = 0; } } - #endif /* HAVE_PQC && HAVE_FALCON */ - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) if (((ssl->options.peerSigAlgo == dilithium_level2_sa_algo) || (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) || (ssl->options.peerSigAlgo == dilithium_level5_sa_algo)) && @@ -10328,7 +10385,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, ssl->peerDilithiumKeyPresent = 0; } } - #endif /* HAVE_PQC && HAVE_DILITHIUM */ + #endif /* HAVE_DILITHIUM */ /* Check for error */ if (ret != 0) { @@ -10388,7 +10445,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, } } #endif /* HAVE_ECC */ - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if (((args->altSigAlgo == falcon_level1_sa_algo) || (args->altSigAlgo == falcon_level5_sa_algo)) && (ssl->peerFalconKeyPresent)) { @@ -10408,8 +10465,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, ssl->peerFalconKeyPresent = 0; } } - #endif /* HAVE_PQC && HAVE_FALCON */ - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) if (((args->altSigAlgo == dilithium_level2_sa_algo) || (args->altSigAlgo == dilithium_level3_sa_algo) || (args->altSigAlgo == dilithium_level5_sa_algo)) && @@ -10430,7 +10487,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, ssl->peerDilithiumKeyPresent = 0; } } - #endif /* HAVE_PQC && HAVE_DILITHIUM */ + #endif /* HAVE_DILITHIUM */ /* Check for error */ if (ret != 0) { @@ -10528,7 +10585,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, #ifdef WOLFSSL_ASYNC_CRYPT /* Handle async operation */ - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Mark message as not received so it can process again */ ssl->msgsReceived.got_certificate_verify = 0; @@ -10539,7 +10596,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, if (ret != 0) { WOLFSSL_ERROR_VERBOSE(ret); - if (ret != INVALID_PARAMETER) { + if (ret != WC_NO_ERR_TRACE(INVALID_PARAMETER)) { SendAlert(ssl, alert_fatal, decrypt_error); } } @@ -10613,11 +10670,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_FINISHED_COMPLETE; return ret; } - if (ret == VERIFY_FINISHED_ERROR) { + if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) { SendAlert(ssl, alert_fatal, decrypt_error); return ret; } - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { /* other errors */ return ret; } @@ -10785,12 +10842,12 @@ static int SendTls13Finished(WOLFSSL* ssl) input = output + Dtls13GetRlHeaderLength(ssl, 1); #endif /* WOLFSSL_DTLS13 */ - AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); + AddTls13HandShakeHeader(input, (word32)finishedSz, 0, finishedSz, finished, ssl); #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ssl->options.side == WOLFSSL_CLIENT_END) { ret = tsip_Tls13SendFinished(ssl, output, outputSz, input, 1); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return ret; } ret = 0; @@ -11217,7 +11274,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl) WOLFSSL_ENTER("SendTls13EndOfEarlyData"); length = 0; - sendSz = idx + length + MAX_MSG_EXTRA; + sendSz = (int)(idx + length + MAX_MSG_EXTRA); ssl->options.buildingMsg = 1; /* Check buffers are big enough and grow if needed. */ @@ -11627,7 +11684,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) } else #ifdef WOLFSSL_ASYNC_CRYPT - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { ssl->session->ticketNonce.data[0]++; @@ -11673,7 +11730,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) /* Nonce */ length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ; - sendSz = idx + length + MAX_MSG_EXTRA; + sendSz = (int)(idx + length + MAX_MSG_EXTRA); /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -12307,7 +12364,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* sanity check msg received */ if ((ret = SanityCheckTls13MsgReceived(ssl, type)) != 0) { WOLFSSL_MSG("Sanity Check on handshake message type received failed"); - if (ret == VERSION_ERROR) + if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); else SendAlert(ssl, alert_fatal, unexpected_message); @@ -12415,7 +12472,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif ) { #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - if (ret != WC_PENDING_E && ret != OCSP_WANT_READ) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) && + ret != WC_NO_ERR_TRACE(OCSP_WANT_READ)) #endif { ssl->options.cacheMessages = 0; @@ -12472,7 +12530,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - defined(HAVE_ED448) || defined(HAVE_PQC) + defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) case certificate_verify: WOLFSSL_MSG("processing certificate verify"); ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size); @@ -12504,7 +12562,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO) /* if async, offset index so this msg will be processed again */ /* NOTE: check this now before other calls can overwrite ret */ - if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) { + if ((ret == WC_NO_ERR_TRACE(WC_PENDING_E) || + ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) && *inOutIdx > 0) { /* DTLS always stores a message in a buffer when async is enable, so we * don't need to adjust for the extra bytes here (*inOutIdx is always * == 0) */ @@ -12512,13 +12571,15 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, } /* make sure async error is cleared */ - if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { + if (ret == 0 && + (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) || + ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) { ssl->error = 0; } #endif if (ret == 0 && type != client_hello && type != session_ticket && type != key_update) { - ret = HashInput(ssl, input + inIdx, size); + ret = HashInput(ssl, input + inIdx, (int)size); } alertType = TranslateErrorToAlert(ret); @@ -12531,7 +12592,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, tmp = SendAlert(ssl, alert_fatal, alertType); /* propagate socket error instead of tls error to be sure the error is * not ignored by DTLS code */ - if (tmp == SOCKET_ERROR_E) + if (tmp == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) ret = SOCKET_ERROR_E; } @@ -12628,7 +12689,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) { ret = ssl->error; - if (ret != WC_PENDING_E) + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) ret = POST_HAND_AUTH_ERROR; } } @@ -12773,7 +12834,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->arrays->pendingMsgSz - HANDSHAKE_HEADER_SZ, ssl->arrays->pendingMsgSz); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* setup to process fragment again */ ssl->arrays->pendingMsgOffset -= inputLength; *inOutIdx -= inputLength + ssl->keys.padSz; @@ -13025,6 +13086,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) case HELLO_AGAIN_REPLY: /* Get the response/s from the server. */ while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { +#ifdef WOLFSSL_DTLS13 + if (!IsAtLeastTLSv1_3(ssl->version)) { + #ifndef WOLFSSL_NO_TLS12 + if (ssl->options.downgrade) + return wolfSSL_connect(ssl); + #endif + } +#endif /* WOLFSSL_DTLS13 */ if ((ssl->error = ProcessReply(ssl)) < 0) { WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; @@ -13106,8 +13175,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) case FIRST_REPLY_THIRD: #if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \ defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - defined(HAVE_PQC))) && (!defined(NO_WOLFSSL_SERVER) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) + defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) if (!ssl->options.resuming && ssl->options.sendVerify) { ssl->error = SendTls13CertificateVerify(ssl); if (ssl->error != 0) { @@ -13318,14 +13387,14 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, NULL); - if (ret != WC_NO_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) { /* Check for error */ if (ret < 0) return ret; } #endif -#ifdef HAVE_PQC +#if defined(WOLFSSL_HAVE_KYBER) if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) { if (ssl->ctx != NULL && ssl->ctx->method != NULL && @@ -13334,10 +13403,11 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) } if (ssl->options.side == WOLFSSL_SERVER_END) { - /* If I am the server of a KEM connection, do not do keygen because I'm - * going to encapsulate with the client's public key. Note that I might - * be the client and ssl->option.side has not been properly set yet. In - * that case the KeyGen operation will be deferred to connection time. */ + /* If I am the server of a KEM connection, do not do keygen because + * I'm going to encapsulate with the client's public key. Note that + * I might be the client and ssl->option.side has not been properly + * set yet. In that case the KeyGen operation will be deferred to + * connection time. */ return WOLFSSL_SUCCESS; } } @@ -13687,86 +13757,6 @@ int wolfSSL_preferred_group(WOLFSSL* ssl) } #endif -#if defined(HAVE_SUPPORTED_CURVES) -/* Sets the key exchange groups in rank order on a context. - * - * ctx SSL/TLS context object. - * groups Array of groups. - * count Number of groups in array. - * returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or - * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success. - */ -int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count) -{ - int ret, i; - - WOLFSSL_ENTER("wolfSSL_CTX_set_groups"); - if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT) - return BAD_FUNC_ARG; - if (!IsAtLeastTLSv1_3(ctx->method->version)) - return BAD_FUNC_ARG; - - ctx->numGroups = 0; - #if !defined(NO_TLS) - TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); - #endif /* !NO_TLS */ - for (i = 0; i < count; i++) { - /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups - * are valid */ - if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i])) - != WOLFSSL_SUCCESS) { - #if !defined(NO_TLS) - TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); - #endif /* !NO_TLS */ - return ret; - } - ctx->group[i] = (word16)groups[i]; - } - ctx->numGroups = (byte)count; - - return WOLFSSL_SUCCESS; -} - -/* Sets the key exchange groups in rank order. - * - * ssl SSL/TLS object. - * groups Array of groups. - * count Number of groups in array. - * returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or - * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success. - */ -int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count) -{ - int ret, i; - - WOLFSSL_ENTER("wolfSSL_set_groups"); - if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT) - return BAD_FUNC_ARG; - if (!IsAtLeastTLSv1_3(ssl->version)) - return BAD_FUNC_ARG; - - ssl->numGroups = 0; - #if !defined(NO_TLS) - TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); - #endif /* !NO_TLS */ - for (i = 0; i < count; i++) { - /* Call to wolfSSL_UseSupportedCurve also checks if input groups - * are valid */ - if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i])) - != WOLFSSL_SUCCESS) { - #if !defined(NO_TLS) - TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); - #endif /* !NO_TLS */ - return ret; - } - ssl->group[i] = (word16)groups[i]; - } - ssl->numGroups = (byte)count; - - return WOLFSSL_SUCCESS; -} -#endif /* HAVE_SUPPORTED_CURVES */ - #ifndef NO_PSK /* Set the PSK callback, that is passed the cipher suite, for a client to use * against context object. @@ -14328,7 +14318,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) case TLS13_CERT_SENT : #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \ - defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_PQC)) + defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM)) if (!ssl->options.resuming && ssl->options.sendVerify) { if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -14612,7 +14603,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) return SIDE_ERROR; if (ssl->options.handShakeState == NULL_STATE) { - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) ssl->earlyData = expecting_early_data; ret = wolfSSL_connect_TLSv13(ssl); if (ret != WOLFSSL_SUCCESS) @@ -14676,7 +14667,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) return SIDE_ERROR; if (ssl->options.handShakeState == NULL_STATE) { - if (ssl->error != WC_PENDING_E) + if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) ssl->earlyData = expecting_early_data; /* this used to be: ret = wolfSSL_accept_TLSv13(ssl); * However, wolfSSL_accept_TLSv13() expects a certificate to @@ -14772,6 +14763,7 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret, if (clientRandomSz <= 0) { printf("Error getting server random %d\n", clientRandomSz); + return BAD_FUNC_ARG; } #if 0 diff --git a/src/wolfio.c b/src/wolfio.c index c7962f47f7..d6a285a913 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1,6 +1,6 @@ /* wolfio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,11 @@ #include #include +#ifdef NUCLEUS_PLUS_2_3 +/* Holds last Nucleus networking error number */ +int Nucleus_Net_Errno; +#endif + #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) #ifndef USE_WINDOWS_API #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) @@ -131,63 +136,65 @@ Possible IO enable options: #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) -/* Translates return codes returned from - * send() and recv() if need be. - */ -static WC_INLINE int TranslateReturnCode(int old, int sd) +static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd) { (void)sd; -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - if (old == 0) { - errno = SOCKET_EWOULDBLOCK; - return -1; /* convert to BSD style wouldblock as error */ - } - - if (old < 0) { - errno = RTCS_geterror(sd); - if (errno == RTCSERR_TCP_CONN_CLOSING) - return 0; /* convert to BSD style closing */ - if (errno == RTCSERR_TCP_CONN_RLSD) - errno = SOCKET_ECONNRESET; - if (errno == RTCSERR_TCP_TIMED_OUT) - errno = SOCKET_EAGAIN; - } -#endif - - return old; -} - -static WC_INLINE int wolfSSL_LastError(int err) -{ - (void)err; /* Suppress unused arg */ + if (err > 0) + return 0; #ifdef USE_WINDOWS_API return WSAGetLastError(); #elif defined(EBSNET) return xn_getlasterror(); -#elif defined(WOLFSSL_LINUXKM) - return err; /* Return provided error value */ +#elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET) + return -err; /* Return provided error value with corrected sign. */ #elif defined(FUSION_RTOS) #include return FCL_GET_ERRNO; +#elif defined(NUCLEUS_PLUS_2_3) + return Nucleus_Net_Errno; +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + if ((err == 0) || (err == -SOCKET_EWOULDBLOCK)) { + return SOCKET_EWOULDBLOCK; /* convert to BSD style wouldblock */ + } else { + err = RTCS_geterror(sd); + if ((err == RTCSERR_TCP_CONN_CLOSING) || + (err == RTCSERR_TCP_CONN_RLSD)) + { + err = SOCKET_ECONNRESET; + } + return err; + } +#elif defined(WOLFSSL_EMNET) + /* Get the real socket error */ + IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old)); + return err; #else return errno; #endif } -static int TranslateIoError(int err) +/* Translates return codes returned from + * send(), recv(), and other network I/O calls. + */ +static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) { #ifdef _WIN32 size_t errstr_offset; char errstr[WOLFSSL_STRERROR_BUFFER_SIZE]; #endif /* _WIN32 */ - +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) if (err > 0) return err; +#else + if (err >= 0) + return err; +#endif + + err = wolfSSL_LastError(err, sd); - err = wolfSSL_LastError(err); #if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN if ((err == SOCKET_EWOULDBLOCK) || (err == SOCKET_EAGAIN)) #else @@ -195,8 +202,26 @@ static int TranslateIoError(int err) #endif { WOLFSSL_MSG("\tWould block"); - return WOLFSSL_CBIO_ERR_WANT_READ; + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_GENERAL; + } + +#ifdef SOCKET_ETIMEDOUT + else if (err == SOCKET_ETIMEDOUT) { + WOLFSSL_MSG("\tTimed out"); + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_TIMEOUT; } +#endif + else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; @@ -276,7 +301,8 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) return WOLFSSL_CBIO_ERR_CONN_CLOSE; } #ifdef USE_WOLFSSL_IO - recvd = TranslateIoError(recvd); + recvd = TranslateIoReturnCode(recvd, ssl->biord->num.fd, + SOCKET_RECEIVING); #endif return recvd; } @@ -321,7 +347,8 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) if (sent <= 0) { if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) { #ifdef USE_WOLFSSL_IO - sent = TranslateIoError(sent); + sent = TranslateIoReturnCode(sent, ssl->biowr->num.fd, + SOCKET_SENDING); #endif return sent; } @@ -365,7 +392,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags); if (recvd < 0) { WOLFSSL_MSG("Embed Receive error"); - return TranslateIoError(recvd); } else if (recvd == 0) { WOLFSSL_MSG("Embed receive connection closed"); @@ -395,7 +421,6 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = wolfIO_Send(sd, buf, sz, ssl->wflags); if (sent < 0) { WOLFSSL_MSG("Embed Send error"); - return TranslateIoError(sent); } return sent; @@ -406,6 +431,110 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) #include +#if defined(NUCLEUS_PLUS_2_3) +STATIC INT32 nucyassl_recv(INT sd, CHAR *buf, UINT16 sz, INT16 flags) +{ + int recvd; + + /* Read data from socket */ + recvd = NU_Recv(sd, buf, sz, flags); + if (recvd < 0) { + if (recvd == NU_NOT_CONNECTED) { + recvd = 0; + } else { + Nucleus_Net_Errno = recvd; + recvd = WOLFSSL_FATAL_ERROR; + } + } else { + Nucleus_Net_Errno = 0; + } + + return (recvd); +} + + +STATIC int nucyassl_send(INT sd, CHAR *buf, UINT16 sz, INT16 flags) +{ + int sent; + + /* Write data to socket */ + sent = NU_Send(sd, buf, sz, flags); + + if (sent < 0) { + Nucleus_Net_Errno = sent; + sent = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return sent; +} + +#define SELECT_FUNCTION nucyassl_select + +int nucyassl_select(INT sd, UINT32 timeout) +{ + FD_SET readfs; + STATUS status; + + /* Init fs data for socket */ + NU_FD_Init(&readfs); + NU_FD_Set(sd, &readfs); + + /* Wait for data to arrive */ + status = NU_Select((sd + 1), &readfs, NU_NULL, NU_NULL, + (timeout * NU_TICKS_PER_SECOND)); + + if (status < 0) { + Nucleus_Net_Errno = status; + status = WOLFSSL_FATAL_ERROR; + } + + return status; +} + +#define sockaddr_storage addr_struct +#define sockaddr addr_struct + +STATIC INT32 nucyassl_recvfrom(INT sd, CHAR *buf, UINT16 sz, INT16 flags, + SOCKADDR *peer, XSOCKLENT *peersz) +{ + int recvd; + + memset(peer, 0, sizeof(struct addr_struct)); + + recvd = NU_Recv_From(sd, buf, sz, flags, (struct addr_struct *) peer, + (INT16*) peersz); + if (recvd < 0) { + Nucleus_Net_Errno = recvd; + recvd = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return recvd; + +} + +STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags, + const SOCKADDR *peer, INT16 peersz) +{ + int sent; + + sent = NU_Send_To(sd, buf, sz, flags, (const struct addr_struct *) peer, + peersz); + + if (sent < 0) { + Nucleus_Net_Errno = sent; + sent = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return sent; +} +#endif /* NUCLEUS_PLUS_2_3 */ + #ifndef DTLS_SENDTO_FUNCTION #define DTLS_SENDTO_FUNCTION sendto #endif @@ -558,7 +687,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) start = LowResTimer(); } else { - dtls_timeout -= LowResTimer() - start; + dtls_timeout -= (int) (LowResTimer() - start); start = LowResTimer(); if (dtls_timeout < 0 || dtls_timeout > DTLS_TIMEOUT_MAX) return WOLFSSL_CBIO_ERR_TIMEOUT; @@ -608,7 +737,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } #endif /* !NO_ASN_TIME */ - recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, (SOCKADDR*)peer, peer != NULL ? &peerSz : NULL); /* From the RECV(2) man page @@ -630,11 +759,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz; } - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; @@ -716,14 +844,13 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) #endif } - sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, sz, ssl->wflags, + sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, ssl->wflags, (const SOCKADDR*)peer, peerSz); - sent = TranslateReturnCode(sent, sd); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); if (sent < 0) { WOLFSSL_MSG("Embed Send To error"); - return TranslateIoError(sent); } return sent; @@ -743,18 +870,16 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_ENTER("EmbedReceiveFromMcast"); - recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, NULL, NULL); + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, NULL, NULL); - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; } - return recvd; } return recvd; @@ -787,7 +912,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) if (sz > WC_SHA256_DIGEST_SIZE) sz = WC_SHA256_DIGEST_SIZE; - XMEMCPY(buf, digest, sz); + XMEMCPY(buf, digest, (size_t)sz); return sz; } @@ -981,8 +1106,8 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags) { int recvd; - recvd = (int)RECV_FUNCTION(sd, buf, sz, rdFlags); - recvd = TranslateReturnCode(recvd, (int)sd); + recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); return recvd; } @@ -991,12 +1116,42 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) { int sent; - sent = (int)SEND_FUNCTION(sd, buf, sz, wrFlags); - sent = TranslateReturnCode(sent, (int)sd); + sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); + + return sent; +} + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) + +int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags) +{ + int recvd; + socklen_t addr_len = (socklen_t)sizeof(*addr); + + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, + addr ? &addr->sa : NULL, + addr ? &addr_len : 0); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); + + return recvd; +} + +int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags) +{ + int sent; + socklen_t addr_len = addr ? wolfSSL_BIO_ADDR_size(addr) : 0; + + sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, + addr ? &addr->sa : NULL, + addr_len); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); return sent; } +#endif /* WOLFSSL_HAVE_BIO_ADDR && WOLFSSL_DTLS && OPENSSL_EXTRA */ + #endif /* USE_WOLFSSL_IO */ @@ -1083,9 +1238,9 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) } #endif /* HAVE_IO_TIMEOUT */ -static int wolfIO_Word16ToString(char* d, word16 number) +static word32 wolfIO_Word16ToString(char* d, word16 number) { - int i = 0; + word32 i = 0; word16 order = 10000; word16 digit; @@ -1100,7 +1255,7 @@ static int wolfIO_Word16ToString(char* d, word16 number) if (i > 0 || digit != 0) d[i++] = (char)digit + '0'; if (digit != 0) - number %= digit * order; + number = (word16) (number % (digit * order)); order = (order > 1) ? order / 10 : 0; } @@ -1115,7 +1270,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #ifdef HAVE_SOCKADDR int ret = 0; SOCKADDR_S addr; - int sockaddr_len; + socklen_t sockaddr_len; #if defined(HAVE_GETADDRINFO) /* use getaddrinfo */ ADDRINFO hints; @@ -1179,7 +1334,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) } sockaddr_len = answer->ai_addrlen; - XMEMCPY(&addr, answer->ai_addr, sockaddr_len); + XMEMCPY(&addr, answer->ai_addr, (size_t)sockaddr_len); freeaddrinfo(answer); #elif defined(WOLFSSL_USE_POPEN_HOST) && !defined(WOLFSSL_IPV6) { @@ -1308,7 +1463,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #ifdef HAVE_IO_TIMEOUT if ((ret != 0) && (to_sec > 0)) { #ifdef USE_WINDOWS_API - if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret) == WSAEWOULDBLOCK)) + if ((ret == SOCKET_ERROR) && + (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK)) #else if (errno == EINPROGRESS) #endif @@ -1342,7 +1498,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) #ifdef HAVE_SOCKADDR int ret = 0; SOCKADDR_S addr; - int sockaddr_len = sizeof(SOCKADDR_IN); + socklen_t sockaddr_len = sizeof(SOCKADDR_IN); SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr; if (sockfd == NULL || port < 1) { @@ -1473,7 +1629,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath, for (j = 0; j < i; j++) { if (port[j] < '0' || port[j] > '9') return -1; - bigPort = (bigPort * 10) + (port[j] - '0'); + bigPort = (bigPort * 10) + (word32)(port[j] - '0'); } if (outPort) *outPort = (word16)bigPort; @@ -1528,7 +1684,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, return MEMORY_E; } - newRecvBuf = (byte*)XMALLOC(newRecvSz, heap, dynType); + newRecvBuf = (byte*)XMALLOC((size_t)newRecvSz, heap, dynType); if (newRecvBuf == NULL) { WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf malloc failed"); return MEMORY_E; @@ -1536,7 +1692,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, /* if buffer already exists, then we are growing it */ if (*recvBuf) { - XMEMCPY(&newRecvBuf[pos], *recvBuf, *recvBufSz); + XMEMCPY(&newRecvBuf[pos], *recvBuf, (size_t) *recvBufSz); XFREE(*recvBuf, heap, dynType); pos += *recvBufSz; *recvBuf = NULL; @@ -1545,7 +1701,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, /* copy the remainder of the httpBuf into the respBuf */ if (len != 0) { if (pos + len <= newRecvSz) { - XMEMCPY(&newRecvBuf[pos], start, len); + XMEMCPY(&newRecvBuf[pos], start, (size_t)len); pos += len; } else { @@ -1607,6 +1763,11 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, /* read data if no \r\n or first time */ if ((start == NULL) || (end == NULL)) { + if (httpBufSz < len + 1) { + return BUFFER_ERROR; /* can't happen, but Coverity thinks it + * can. + */ + } result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0); if (result > 0) { len += result; @@ -1614,9 +1775,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, start[len] = 0; } else { - result = TranslateReturnCode(result, sfd); - result = wolfSSL_LastError(result); - if (result == SOCKET_EWOULDBLOCK || result == SOCKET_EAGAIN) { + if (result == WOLFSSL_CBIO_ERR_WANT_READ) { return OCSP_WANT_READ; } @@ -1629,7 +1788,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, /* handle incomplete rx */ if (end == NULL) { if (len != 0) - XMEMMOVE(httpBuf, start, len); + XMEMMOVE(httpBuf, start, (size_t)len); start = end = NULL; } /* when start is "\r\n" */ @@ -1755,7 +1914,7 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName, return wolfIO_HttpBuildRequest_ex(reqType, domainName, path, pathLen, reqSz, contentType, "", buf, bufSize); } - int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName, +int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName, const char *path, int pathLen, int reqSz, const char *contentType, const char *exHdrs, byte *buf, int bufSize) { @@ -1797,7 +1956,7 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName, maxLen = reqTypeLen + blankStrLen + - pathLen + + (word32)pathLen + http11StrLen + hostStrLen + domainNameLen + @@ -1808,46 +1967,46 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName, singleCrLfStrLen + exHdrsLen + doubleCrLfStrLen + - 1 /* null term */; + (word32)1 /* null term */; if (maxLen > (word32)bufSize) return 0; - XSTRNCPY((char*)buf, reqType, bufSize); - buf += reqTypeLen; bufSize -= reqTypeLen; - XSTRNCPY((char*)buf, blankStr, bufSize); - buf += blankStrLen; bufSize -= blankStrLen; - XSTRNCPY((char*)buf, path, bufSize); - buf += pathLen; bufSize -= pathLen; - XSTRNCPY((char*)buf, http11Str, bufSize); - buf += http11StrLen; bufSize -= http11StrLen; + XSTRNCPY((char*)buf, reqType, (size_t)bufSize); + buf += reqTypeLen; bufSize -= (int)reqTypeLen; + XSTRNCPY((char*)buf, blankStr, (size_t)bufSize); + buf += blankStrLen; bufSize -= (int)blankStrLen; + XSTRNCPY((char*)buf, path, (size_t)bufSize); + buf += pathLen; bufSize -= (int)pathLen; + XSTRNCPY((char*)buf, http11Str, (size_t)bufSize); + buf += http11StrLen; bufSize -= (int)http11StrLen; if (domainNameLen > 0) { - XSTRNCPY((char*)buf, hostStr, bufSize); - buf += hostStrLen; bufSize -= hostStrLen; - XSTRNCPY((char*)buf, domainName, bufSize); - buf += domainNameLen; bufSize -= domainNameLen; + XSTRNCPY((char*)buf, hostStr, (size_t)bufSize); + buf += hostStrLen; bufSize -= (int)hostStrLen; + XSTRNCPY((char*)buf, domainName, (size_t)bufSize); + buf += domainNameLen; bufSize -= (int)domainNameLen; } if (reqSz > 0 && reqSzStrLen > 0) { - XSTRNCPY((char*)buf, contentLenStr, bufSize); - buf += contentLenStrLen; bufSize -= contentLenStrLen; - XSTRNCPY((char*)buf, reqSzStr, bufSize); - buf += reqSzStrLen; bufSize -= reqSzStrLen; + XSTRNCPY((char*)buf, contentLenStr, (size_t)bufSize); + buf += contentLenStrLen; bufSize -= (int)contentLenStrLen; + XSTRNCPY((char*)buf, reqSzStr, (size_t)bufSize); + buf += reqSzStrLen; bufSize -= (int)reqSzStrLen; } if (contentTypeLen > 0) { - XSTRNCPY((char*)buf, contentTypeStr, bufSize); - buf += contentTypeStrLen; bufSize -= contentTypeStrLen; - XSTRNCPY((char*)buf, contentType, bufSize); - buf += contentTypeLen; bufSize -= contentTypeLen; + XSTRNCPY((char*)buf, contentTypeStr, (size_t)bufSize); + buf += contentTypeStrLen; bufSize -= (int)contentTypeStrLen; + XSTRNCPY((char*)buf, contentType, (size_t)bufSize); + buf += contentTypeLen; bufSize -= (int)contentTypeLen; } if (exHdrsLen > 0) { - XSTRNCPY((char *)buf, singleCrLfStr, bufSize); + XSTRNCPY((char *)buf, singleCrLfStr, (size_t)bufSize); buf += singleCrLfStrLen; - bufSize -= singleCrLfStrLen; - XSTRNCPY((char *)buf, exHdrs, bufSize); + bufSize -= (int)singleCrLfStrLen; + XSTRNCPY((char *)buf, exHdrs, (size_t)bufSize); buf += exHdrsLen; - bufSize -= exHdrsLen; + bufSize -= (int)exHdrsLen; } - XSTRNCPY((char*)buf, doubleCrLfStr, bufSize); + XSTRNCPY((char*)buf, doubleCrLfStr, (size_t)bufSize); buf += doubleCrLfStrLen; #ifdef WOLFIO_DEBUG @@ -1924,7 +2083,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, /* Note, the library uses the EmbedOcspRespFree() callback to * free this buffer. */ int httpBufSz = HTTP_SCRATCH_BUFFER_SIZE; - byte* httpBuf = (byte*)XMALLOC(httpBufSz, ctx, DYNAMIC_TYPE_OCSP); + byte* httpBuf = (byte*)XMALLOC((size_t)httpBufSz, ctx, DYNAMIC_TYPE_OCSP); if (httpBuf == NULL) { WOLFSSL_MSG("Unable to create OCSP response buffer"); @@ -1966,8 +2125,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, /* in default callback ctx is heap hint */ void EmbedOcspRespFree(void* ctx, byte *resp) { - if (resp) - XFREE(resp, ctx, DYNAMIC_TYPE_OCSP); + XFREE(resp, ctx, DYNAMIC_TYPE_OCSP); (void)ctx; } @@ -2031,7 +2189,7 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz) } else { int httpBufSz = HTTP_SCRATCH_BUFFER_SIZE; - byte* httpBuf = (byte*)XMALLOC(httpBufSz, crl->heap, + byte* httpBuf = (byte*)XMALLOC((size_t)httpBufSz, crl->heap, DYNAMIC_TYPE_CRL); if (httpBuf == NULL) { WOLFSSL_MSG("Unable to create CRL response buffer"); diff --git a/src/x509.c b/src/x509.c index f39df7743f..2e443a023a 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1,6 +1,6 @@ /* x509.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -177,19 +177,19 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) goto out; } - if (GetLength(input, &idx, &length, sz) < 0) { + if (GetLength(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: invalid length"); goto out; } } - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); goto out; } while (idx < (word32)sz) { - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); FreeDecodedCert(cert); return WOLFSSL_FAILURE; @@ -643,7 +643,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, wolfSSL_ASN1_OBJECT_free(obj); goto err; } - wolfSSL_ASN1_STRING_set(str, p, (word32)len); + wolfSSL_ASN1_STRING_set(str, p, (int)len); /* Wrap string in a WOLFSSL_ASN1_TYPE. */ type = wolfSSL_ASN1_TYPE_new(); @@ -839,7 +839,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } - if (GetLength(input, &idx, &length, sz) < 0) { + if (GetLength(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: invalid length"); wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); @@ -850,7 +850,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } } - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); @@ -863,7 +863,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) while (idx < (word32)sz) { oid = 0; - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); @@ -874,7 +874,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } tmpIdx = idx; - ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz); + ret = GetObjectId(input, &idx, &oid, oidCertExtType, (word32)sz); if (ret < 0) { WOLFSSL_MSG("\tfail: OBJECT ID"); wolfSSL_X509_EXTENSION_free(ext); @@ -895,11 +895,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } /* extCount == loc. Now get the extension. */ /* Check if extension has been set */ - isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, nid); + isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)nid); - if (wolfSSL_OBJ_nid2ln(nid) != NULL) { + if (wolfSSL_OBJ_nid2ln((int)nid) != NULL) { /* This is NOT an unknown OID. */ - ext->obj = wolfSSL_OBJ_nid2obj(nid); + ext->obj = wolfSSL_OBJ_nid2obj((int)nid); if (ext->obj == NULL) { WOLFSSL_MSG("\tfail: Invalid OBJECT"); wolfSSL_X509_EXTENSION_free(ext); @@ -912,7 +912,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } if (ext->obj) { - ext->obj->nid = nid; + ext->obj->nid = (int)nid; } switch (oid) { @@ -929,7 +929,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) #endif return NULL; } - a->length = x509->pathLength; + a->length = (int)x509->pathLength; /* Save ASN1_INTEGER in x509 extension */ ext->obj->pathlen = a; @@ -972,7 +972,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } obj->obj = (byte*)x509->authInfoCaIssuer; - obj->objSz = x509->authInfoCaIssuerSz; + obj->objSz = (unsigned int)x509->authInfoCaIssuerSz; obj->grp = oidCertAuthInfoType; obj->nid = NID_ad_ca_issuers; @@ -1007,7 +1007,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } obj->obj = x509->authInfo; - obj->objSz = x509->authInfoSz; + obj->objSz = (unsigned int)x509->authInfoSz; obj->grp = oidCertAuthInfoType; obj->nid = NID_ad_OCSP; @@ -1067,7 +1067,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) case CERT_POLICY_OID: if (!isSet) break; + #ifdef WOLFSSL_SEP ext->crit = x509->certPolicyCrit; + #endif break; case KEY_USAGE_OID: @@ -1132,7 +1134,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) * parsed oid for access in later function calls */ /* Get OID from input */ - if (GetASNObjectId(input, &idx, &length, sz) != 0) { + if (GetASNObjectId(input, &idx, &length, (word32)sz) != 0) { WOLFSSL_MSG("Failed to Get ASN Object Id"); wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); @@ -1171,7 +1173,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } } - ext->obj->objSz = objSz; + ext->obj->objSz = (unsigned int)objSz; if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || (ext->obj->obj == NULL)) { ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj, @@ -1215,7 +1217,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) tmpIdx++; - if (GetLength(input, &tmpIdx, &length, sz) <= 0) { + if (GetLength(input, &tmpIdx, &length, (word32)sz) <= 0) { WOLFSSL_MSG("Error: Invalid Input Length."); wolfSSL_ASN1_OBJECT_free(ext->obj); wolfSSL_X509_EXTENSION_free(ext); @@ -1283,7 +1285,7 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, WOLFSSL_MSG("malloc error"); return WOLFSSL_FAILURE; } - *len = str->length; + *len = (word32)str->length; XMEMCPY(*buf, str->data, str->length); } @@ -1418,12 +1420,17 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo x509->isCa = (byte)ext->obj->ca; x509->basicConstCrit = (byte)ext->crit; if (ext->obj->pathlen) - x509->pathLength = ext->obj->pathlen->length; + x509->pathLength = (word32)ext->obj->pathlen->length; x509->basicConstSet = 1; } break; default: #ifdef WOLFSSL_CUSTOM_OID + { + char *oid = NULL; + byte *val = NULL; + int err = 0; + if ((ext->obj == NULL) || (ext->value.length == 0)) { WOLFSSL_MSG("Extension has insufficient information."); return WOLFSSL_FAILURE; @@ -1436,12 +1443,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } /* This is a viable custom extension. */ - char *oid = XMALLOC(MAX_OID_STRING_SZ, x509->heap, - DYNAMIC_TYPE_X509_EXT); - byte *val = XMALLOC(ext->value.length, x509->heap, - DYNAMIC_TYPE_X509_EXT); - int err = 0; - + oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap, + DYNAMIC_TYPE_X509_EXT); + val = (byte*)XMALLOC(ext->value.length, x509->heap, + DYNAMIC_TYPE_X509_EXT); if ((oid == NULL) || (val == NULL)) { WOLFSSL_MSG("Memory allocation failure.\n"); err = 1; @@ -1466,12 +1471,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo x509->custom_exts[x509->customExtCount].val = val; x509->custom_exts[x509->customExtCount].valSz = ext->value.length; x509->customExtCount++; + break; + } #else WOLFSSL_MSG("Unsupported extension to add"); return WOLFSSL_FAILURE; #endif /* WOLFSSL_CUSTOM_OID */ - break; - } + } /* switch (nid) */ return WOLFSSL_SUCCESS; } @@ -1545,7 +1551,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, WOLFSSL_MSG("Memory error"); return rc; } - valLen = XSNPRINTF(val, len, "%*s%s", indent, "", + valLen = XSNPRINTF(val, (size_t)len, "%*s%s", indent, "", str->strData); if ((valLen < 0) || (valLen >= len) || ((tmpLen + valLen) >= tmpSz)) { @@ -2108,13 +2114,13 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) goto out; } - if (GetLength(input, &idx, &length, sz) < 0) { + if (GetLength(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: invalid length"); goto out; } } - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); goto out; } @@ -2122,13 +2128,13 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) while (idx < (word32)sz) { oid = 0; - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); goto out; } tmpIdx = idx; - ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz); + ret = GetObjectId(input, &idx, &oid, oidCertExtType, (word32)sz); if (ret < 0) { WOLFSSL_MSG("\tfail: OBJECT ID"); goto out; @@ -2138,7 +2144,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) if (extCount >= loc) { /* extCount >= loc. Now check if extension has been set */ - isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, foundNID); + isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)foundNID); if (isSet && ((word32)nid == foundNID)) { found = 1; @@ -2218,7 +2224,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, wolfSSL_BASIC_CONSTRAINTS_free(bc); return NULL; } - a->length = x509->pathLength; + a->length = (int)x509->pathLength; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_APACHE_HTTPD) @@ -2395,7 +2401,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->type = AUTH_INFO_OID; obj->grp = oidCertExtType; obj->obj = x509->authInfo; - obj->objSz = x509->authInfoSz; + obj->objSz = (unsigned int)x509->authInfoSz; } else { WOLFSSL_MSG("No Auth Info set"); @@ -2504,7 +2510,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No Cert Policy set"); } - #elif defined(WOLFSSL_SEP) + #endif /* WOLFSSL_CERT_EXT */ + #ifdef WOLFSSL_SEP if (x509->certPolicySet) { if (c != NULL) { *c = x509->certPolicyCrit; @@ -2520,8 +2527,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No Cert Policy set"); } - #else - WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT"); #endif break; } @@ -2684,7 +2689,7 @@ int wolfSSL_X509_add_altname_ex(WOLFSSL_X509* x509, const char* name, newAltName->next = x509->altNames; newAltName->type = type; - newAltName->len = nameSz; + newAltName->len = (int)nameSz; newAltName->name = nameCopy; x509->altNames = newAltName; @@ -3296,7 +3301,7 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) return NULL; } - copySz = min(sz, name->sz); + copySz = (int)min((word32)sz, (word32)name->sz); WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); if (!name->sz) return in; @@ -3362,7 +3367,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name, ((unsigned long)digest[1] << 8) | ((unsigned long)digest[0])); } - else if (rc == HASH_TYPE_E) { + else if (rc == WC_NO_ERR_TRACE(HASH_TYPE_E)) { WOLFSSL_ERROR_MSG("Hash function not compiled in"); } else { @@ -3500,7 +3505,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Memory error"); return NULL; } - if ((strLen = XSNPRINTF(str, strSz, "%s=%s, ", sn, buf)) + if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s, ", sn, buf)) >= strSz) { WOLFSSL_MSG("buffer overrun"); @@ -3518,7 +3523,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Memory error"); return NULL; } - if ((strLen = XSNPRINTF(str, strSz, "%s=%s", sn, buf)) >= strSz) { + if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, buf)) >= strSz) { WOLFSSL_MSG("buffer overrun"); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); return NULL; @@ -3550,7 +3555,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) } } - XMEMCPY(in, tmpBuf, totalLen); + XMEMCPY(in, tmpBuf, totalLen); /* cppcheck-suppress uninitvar */ in[totalLen] = '\0'; return in; @@ -3608,11 +3613,11 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509, return NULL; #endif - InitDecodedCert(cert, (byte*)in, len, heap); + InitDecodedCert(cert, (byte*)in, (word32)len, heap); #ifdef WOLFSSL_CERT_REQ cert->isCSR = (byte)req; #endif - if (ParseCertRelative(cert, type, 0, NULL) == 0) { + if (ParseCertRelative(cert, type, 0, NULL, NULL) == 0) { newX509 = wolfSSL_X509_new_ex(heap); if (newX509 != NULL) { if (CopyDecodedToX509(newX509, cert) != 0) { @@ -3711,7 +3716,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) } ret = cert->altNamesNext->name; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* return the IP address as a string */ if (cert->altNamesNext->type == ASN_IP_TYPE) { ret = cert->altNamesNext->ipString; @@ -3732,7 +3737,7 @@ int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, if (buf != NULL) XMEMCPY(buf, x509->sig.buffer, x509->sig.length); - *bufSz = x509->sig.length; + *bufSz = (int)x509->sig.length; return WOLFSSL_SUCCESS; } @@ -3780,7 +3785,7 @@ int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, der = wolfSSL_X509_get_der(x509, &derSz); if (der != NULL) { - InitDecodedCert(cert, der, derSz, NULL); + InitDecodedCert(cert, der, (word32)derSz, NULL); ret = wc_GetPubX509(cert, 0, &badDate); if (ret >= 0) { word32 idx = cert->srcIdx; @@ -3938,12 +3943,12 @@ const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz) return NULL; } - if (GetSequence(der, &idx, &len, sz) < 0) { + if (GetSequence(der, &idx, &len, (word32)sz) < 0) { return NULL; } tbs = der + idx; tmpIdx = idx; - if (GetSequence(der, &idx, &len, sz) < 0) { + if (GetSequence(der, &idx, &len, (word32)sz) < 0) { return NULL; } *outSz = len + (idx - tmpIdx); @@ -5119,7 +5124,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuffer != NULL) { - int ret = (int)XFREAD(fileBuffer, 1, sz, file); + int ret = (int)XFREAD(fileBuffer, 1, (size_t)sz, file); if (ret == sz) { newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); } @@ -5189,7 +5194,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) dynamic = 1; } - ret = (int)XFREAD(fileBuffer, 1, sz, file); + ret = (int)XFREAD(fileBuffer, 1, (size_t)sz, file); if (ret != sz) { XFCLOSE(file); if (dynamic) @@ -5254,7 +5259,7 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer( #endif { InitDecodedCert(cert, der->buffer, der->length, NULL); - ret = ParseCertRelative(cert, type, 0, NULL); + ret = ParseCertRelative(cert, type, 0, NULL, NULL); if (ret == 0) { x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); @@ -5451,7 +5456,7 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, /* buf is not NULL from above */ if (text != NULL) { - textSz = min(textSz + 1, len); /* + 1 to account for null char */ + textSz = (int)min((word32)textSz + 1, (word32)len); /* + 1 to account for null char */ if (textSz > 0) { XMEMCPY(buf, text, textSz - 1); buf[textSz - 1] = '\0'; @@ -5495,7 +5500,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) return NULL; } XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length); - key->pkey_sz = x509->pubKey.length; + key->pkey_sz = (int)x509->pubKey.length; #ifdef HAVE_ECC key->pkey_curve = (int)x509->pkCurveOID; @@ -5668,9 +5673,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) case NID_key_usage: crit = x509->keyUsageCrit; break; case NID_crl_distribution_points: crit= x509->CRLdistCrit; break; case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break; - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - case NID_certificate_policies: crit = x509->certPolicyCrit; break; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #ifdef WOLFSSL_SEP + case NID_certificate_policies: crit = x509->certPolicyCrit; break; + #endif /* WOLFSSL_SEP */ } } @@ -5735,8 +5740,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (x509 != NULL) { if (x509->authKeyIdSet) { - copySz = min(dstLen != NULL ? *dstLen : 0, - (int)x509->authKeyIdSz); + copySz = (int)min(dstLen != NULL ? (word32)*dstLen : 0, + x509->authKeyIdSz); id = x509->authKeyId; } @@ -5762,8 +5767,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (x509 != NULL) { if (x509->subjKeyIdSet) { - copySz = min(dstLen != NULL ? *dstLen : 0, - (int)x509->subjKeyIdSz); + copySz = (int)min(dstLen != NULL ? (word32) *dstLen : 0, + x509->subjKeyIdSz); id = x509->subjKeyId; } @@ -5873,7 +5878,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, break; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME else if (entry->type == ASN_IP_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s", entry->ipString); @@ -6386,9 +6391,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } } - if (buf != NULL) { - XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -6568,9 +6571,7 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, return WOLFSSL_FAILURE; } - if (sig != NULL) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -7040,7 +7041,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, for (i = 0; i < length; ++i) { char hex_digits[4]; -#ifdef XSNPRINTF if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ', (unsigned int)sigalg->algorithm->obj[idx+i]) >= (int)sizeof(hex_digits)) @@ -7048,10 +7048,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } -#else - XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ', - (unsigned int)sigalg->algorithm->obj[idx+i]); -#endif if (wolfSSL_BIO_puts(bp, hex_digits) <= 0) return WOLFSSL_FAILURE; } @@ -7079,7 +7075,7 @@ void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) const char* wolfSSL_X509_verify_cert_error_string(long err) { - return wolfSSL_ERR_reason_error_string(err); + return wolfSSL_ERR_reason_error_string((unsigned long)err); } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -7191,8 +7187,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, while (ret == WOLFSSL_SUCCESS); end: - if (pem != NULL) - XFREE(pem, 0, DYNAMIC_TYPE_PEM); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); XFCLOSE(fp); return WS_RETURN_CODE(ret, (int)WOLFSSL_FAILURE); #else @@ -7526,11 +7521,16 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { int ret = 0; WOLFSSL_X509 *x = NULL; + byte certIsCSR = 0; if ((cert == NULL) || (der == NULL) || (derSz <= 0)) { return BAD_FUNC_ARG; } +#ifdef WOLFSSL_CERT_REQ + certIsCSR = cert->isCSR; +#endif + x = wolfSSL_X509_new(); if (x == NULL) { ret = MEMORY_E; @@ -7543,11 +7543,11 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { /* Remove the altsigval extension. */ XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT); x->altSigValDer = NULL; - x->altSigValDer = 0; + x->altSigValLen = 0; /* Remove sigOID so it won't be encoded. */ x->sigOID = 0; /* We now have a PreTBS. Encode it. */ - ret = wolfssl_x509_make_der(x, 0, der, &derSz, 0); + ret = wolfssl_x509_make_der(x, certIsCSR, der, &derSz, 0); if (ret == WOLFSSL_SUCCESS) { ret = derSz; } @@ -7683,11 +7683,11 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r #ifdef WOLFSSL_CERT_REQ if (req) - ret = CheckCSRSignaturePubKey(der, derSz, x509->heap, + ret = CheckCSRSignaturePubKey(der, (word32)derSz, x509->heap, (unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, type); else #endif - ret = CheckCertSignaturePubKey(der, derSz, x509->heap, + ret = CheckCertSignaturePubKey(der, (word32)derSz, x509->heap, (unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, type); if (ret == 0) { return WOLFSSL_SUCCESS; @@ -7739,7 +7739,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuffer != NULL) { - if ((long)XFREAD(fileBuffer, 1, sz, file) != sz) { + if ((long)XFREAD(fileBuffer, 1, (size_t)sz, file) != sz) { WOLFSSL_MSG("File read failed"); goto err_exit; } @@ -7761,7 +7761,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) if ((newx509 = wc_PKCS12_new()) == NULL) { goto err_exit; } - if (wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) { + if (wc_d2i_PKCS12(fileBuffer, (word32)sz, (WC_PKCS12*)newx509) < 0) { goto err_exit; } } @@ -7788,8 +7788,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) } #endif _exit: - if (fileBuffer != NULL) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); return newx509; } @@ -7964,9 +7963,7 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, } } - if (der != NULL) { - XFREE(der, 0, DYNAMIC_TYPE_DER); - } + XFREE(der, 0, DYNAMIC_TYPE_DER); return crl; } @@ -8217,7 +8214,8 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, { WOLFSSL_ENTER("wolfSSL_X509_CRL_get_signature"); - if (crl == NULL || crl->crlList == NULL || bufSz == NULL) + if (crl == NULL || crl->crlList == NULL || + crl->crlList->signature == NULL || bufSz == NULL) return BAD_FUNC_ARG; if (buf != NULL) @@ -8326,9 +8324,7 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, return WOLFSSL_FAILURE; } - if (sig != NULL) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -8408,7 +8404,7 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, } tmp[0] = '\0'; } - if (XSNPRINTF(val, valSz, ":%02X", crl->crlList->extAuthKeyId[i]) + if (XSNPRINTF(val, (size_t)valSz, ":%02X", crl->crlList->extAuthKeyId[i]) >= valSz) { WOLFSSL_MSG("buffer overrun"); @@ -8704,8 +8700,7 @@ WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void) void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param) { - if (param != NULL) - XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); } @@ -8749,6 +8744,41 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, return ret; } +/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or + * auth_level. + */ +static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = { + { + "ssl_client", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + }, + { + "ssl_server", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + } +}; + +const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name) +{ + const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], + *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; + while (param < param_end) { + if (XSTRCMP(name, param->name) == 0) + return param; + ++param; + } + return NULL; +} /* inherits properties of param "to" to param "from" * @@ -8759,7 +8789,7 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, * WOLFSSL_VPARAM_LOCKED don't copy any values * WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed */ -static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, +int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from) { int ret = WOLFSSL_FAILURE; @@ -8794,7 +8824,7 @@ static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, if (isOverWrite || (from->hostName[0] != 0 && (to->hostName[0] == 0 || isDefault))) { if (!(ret = wolfSSL_X509_VERIFY_PARAM_set1_host(to, from->hostName, - (int)XSTRLEN(from->hostName)))) + (unsigned int)XSTRLEN(from->hostName)))) return ret; to->hostFlags = from->hostFlags; } @@ -8950,14 +8980,13 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, if (iplen == 4) { /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */ buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } - XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - buf[15] = '\0'; + (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + buf[15] = '\0'; /* null terminate */ } else if (iplen == 16) { /* ipv6 normal address scheme @@ -8986,47 +9015,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, * to re-construct IP address in ascii. */ buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } p = buf; for (i = 0; i < 16; i += 2) { - val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; - if (val == 0){ - if (!write_zero) { + val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; + if (val == 0){ + if (!write_zero) { *p = ':'; - } - p++; - *p = '\0'; - write_zero = 1; - } - else { - if (i != 0) - *p++ = ':'; - XSPRINTF(p, "%x", val); - } - /* sanity check */ - if (XSTRLEN(buf) > max_ipv6_len) { - WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - buf = NULL; - break; - } - /* move the pointer to the last */ - /* XSTRLEN includes NULL because of XSPRINTF use */ - p = buf + (XSTRLEN(buf)); + } + p++; + *p = '\0'; + write_zero = 1; + } + else { + if (i != 0) { + *p++ = ':'; + } + (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val); + } + /* sanity check */ + if (XSTRLEN(buf) > max_ipv6_len) { + WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + break; + } + /* move the pointer to the last */ + /* XSTRLEN includes NULL because of XSPRINTF use */ + p = buf + (XSTRLEN(buf)); } /* termination */ - if(i == 16 && buf) { + if (i == 16 && buf) { p--; if ((*p) == ':') { - /* when the last character is :, the following segments are zero - * Therefore, adding : and null termination - */ - p++; - *p++ = ':'; + /* when the last character is :, the following segments are zero + * Therefore, adding : and null termination */ + p++; + *p++ = ':'; *p = '\0'; } } @@ -9037,7 +9065,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, } if (buf) { - /* set address to ip asc */ + /* set address to ip asc */ ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -9196,7 +9224,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) wolfSSL_ASN1_INTEGER_free(a); return NULL; } - a->dataMax = x509->serialSz + 2; + a->dataMax = (unsigned int)x509->serialSz + 2; a->isDynamic = 1; } else { /* Use array instead of dynamic memory */ @@ -9537,6 +9565,17 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */ +#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED) + +int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) +{ + if (x509_PubKey == NULL) + return WOLFSSL_FATAL_ERROR; + return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); +} + +#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */ + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -9722,15 +9761,14 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( if (ret > 0) { /* strip off sequence, this gets added on certificate creation */ - ret = GetSequence(der, &idx, &length, ret); + ret = GetSequence(der, &idx, &length, (word32)ret); } if (ret > 0) { XMEMCPY(out, der + idx, length); } - if (der != NULL) - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); return length; } @@ -9765,7 +9803,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( #ifdef WOLFSSL_CERT_EXT if (req->subjKeyIdSz != 0) { XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz); - cert->skidSz = req->subjKeyIdSz; + cert->skidSz = (int)req->subjKeyIdSz; } if (req->keyUsageSet) cert->keyUsage = req->keyUsage; @@ -9847,7 +9885,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } out[0] = (byte) t->type; - sz = SetLength(t->length, out + 1) + 1; /* gen tag */ + sz = (int)SetLength((word32)t->length, out + 1) + 1; /* gen tag */ for (i = 0; i < t->length; i++) { out[sz + i] = t->data[i]; } @@ -10172,13 +10210,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( #ifndef NO_DSA DsaKey* dsa = NULL; #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) falcon_key* falcon = NULL; #endif - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) dilithium_key* dilithium = NULL; #endif - #if defined(HAVE_PQC) && defined(HAVE_SPHINCS) + #if defined(HAVE_SPHINCS) sphincs_key* sphincs = NULL; #endif WC_RNG rng; @@ -10307,7 +10345,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( key = (void*)dsa; } #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if ((x509->pubKeyOID == FALCON_LEVEL1k) || (x509->pubKeyOID == FALCON_LEVEL5k)) { falcon = (falcon_key*)XMALLOC(sizeof(falcon_key), NULL, @@ -10346,7 +10384,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( key = (void*)falcon; } #endif - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) || (x509->pubKeyOID == DILITHIUM_LEVEL3k) || (x509->pubKeyOID == DILITHIUM_LEVEL5k)) { @@ -10390,7 +10428,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( key = (void*)dilithium; } #endif - #if defined(HAVE_PQC) && defined(HAVE_SPHINCS) + #if defined(HAVE_SPHINCS) if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) || (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) || (x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) || @@ -10549,14 +10587,14 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); } #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) if ((x509->pubKeyOID == FALCON_LEVEL1k) || (x509->pubKeyOID == FALCON_LEVEL5k)) { wc_falcon_free(falcon); XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON); } #endif - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) || (x509->pubKeyOID == DILITHIUM_LEVEL3k) || (x509->pubKeyOID == DILITHIUM_LEVEL5k)) { @@ -10564,7 +10602,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); } #endif - #if defined(HAVE_PQC) && defined(HAVE_SPHINCS) + #if defined(HAVE_SPHINCS) if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) || (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) || (x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) || @@ -10626,7 +10664,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( ret = wc_InitRng(&rng); if (ret != 0) return ret; - ret = wc_SignCert_ex(certBodySz, sigType, der, derSz, type, key, &rng); + ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key, &rng); wc_FreeRng(&rng); if (ret < 0) { WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret); @@ -10640,20 +10678,20 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( int len = 0; /* Read top level sequence */ - if (GetSequence(der, &idx, &len, derSz) < 0) { + if (GetSequence(der, &idx, &len, (word32)derSz) < 0) { WOLFSSL_MSG("GetSequence error"); return WOLFSSL_FATAL_ERROR; } /* Move idx to signature */ idx += certBodySz; /* Read signature algo sequence */ - if (GetSequence(der, &idx, &len, derSz) < 0) { + if (GetSequence(der, &idx, &len, (word32)derSz) < 0) { WOLFSSL_MSG("GetSequence error"); return WOLFSSL_FATAL_ERROR; } idx += len; /* Read signature bit string */ - if (CheckBitString(der, &idx, &len, derSz, 0, NULL) != 0) { + if (CheckBitString(der, &idx, &len, (word32)derSz, 0, NULL) != 0) { WOLFSSL_MSG("CheckBitString error"); return WOLFSSL_FATAL_ERROR; } @@ -10672,7 +10710,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( return WOLFSSL_FATAL_ERROR; } XMEMCPY(x509->sig.buffer, der + idx, len); - x509->sig.length = len; + x509->sig.length = (unsigned int)len; } /* Put in the new certificate encoding into the x509 object. */ @@ -10683,10 +10721,10 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( type = CERTREQ_TYPE; } #endif - if (AllocDer(&x509->derCert, derSz, type, NULL) != 0) + if (AllocDer(&x509->derCert, (word32)derSz, type, NULL) != 0) return WOLFSSL_FATAL_ERROR; XMEMCPY(x509->derCert->buffer, der, derSz); - x509->derCert->length = derSz; + x509->derCert->length = (word32)derSz; return ret; } @@ -10732,8 +10770,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } out: - if (der) - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -11010,7 +11047,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } /* header */ - idx = SetSequence(totalBytes, temp); + idx = (int)SetSequence((word32)totalBytes, temp); if (totalBytes + idx > ASN_NAME_MAX) { #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -11038,7 +11075,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } output = *out; - idx = SetSequence(totalBytes, output); + idx = (int)SetSequence((word32)totalBytes, output); totalBytes += idx; for (i = 0; i < MAX_NAME_ENTRIES; i++) { if (names[i].used) { @@ -11093,7 +11130,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) InitDecodedCert(cert, *in, (word32)length, NULL); /* Parse the X509 subject name */ - if (GetName(cert, SUBJECT, (int)length) != 0) { + if (GetName(cert, ASN_SUBJECT, (int)length) != 0) { WOLFSSL_MSG("WOLFSSL_X509_NAME parse error"); goto cleanup; } @@ -11159,7 +11196,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) _x = (x->name && *x->name) ? x->name : x->staticName; _y = (y->name && *y->name) ? y->name : y->staticName; - return XSTRNCMP(_x, _y, x->sz); /* y sz is the same */ + return XSTRNCASECMP(_x, _y, x->sz); /* y sz is the same */ } #ifndef NO_BIO @@ -11262,6 +11299,27 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) return loadX509orX509REQFromPemBio(bp, x, cb, u, CERT_TYPE); } + /* + * bp : bio to read X509 from + * x : x509 to write to + * cb : password call back for reading PEM + * u : password + * _AUX is for working with a trusted X509 certificate + */ + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, wc_pem_password_cb *cb, + void *u) + { + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + + /* AUX info is; trusted/rejected uses, friendly name, private key id, + * and potentially a stack of "other" info. wolfSSL does not store + * friendly name or private key id yet in WOLFSSL_X509 for human + * readability and does not support extra trusted/rejected uses for + * root CA. */ + return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); + } + #ifdef WOLFSSL_CERT_REQ WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) @@ -11335,15 +11393,13 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { goto err; } - derSz = der->length; + derSz = (int)der->length; if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) { goto err; } err: - if(pem != NULL) { - XFREE(pem, 0, DYNAMIC_TYPE_PEM); - } + XFREE(pem, 0, DYNAMIC_TYPE_PEM); if(der != NULL) { FreeDer(&der); } @@ -11408,7 +11464,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) if (pem == NULL) return NULL; - if ((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz) + if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz) goto err_exit; switch (type) { @@ -11421,7 +11477,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) case CRL_TYPE: if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) goto err_exit; - derSz = der->length; + derSz = (int)der->length; newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x, (const unsigned char *)der->buffer, derSz); if (newx509 == NULL) @@ -11440,8 +11496,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) return newx509; err_exit: - if (pem != NULL) - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); if (der != NULL) FreeDer(&der); @@ -11657,8 +11712,9 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) "-----BEGIN X509 CRL-----")) { /* We have a crl */ WOLFSSL_MSG("Parsing crl"); - if((PemToDer((const unsigned char*) header, footerEnd - header, - CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { + if((PemToDer((const unsigned char*) header, + (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL, + NULL)) < 0) { WOLFSSL_MSG("PemToDer error"); goto err; } @@ -11705,8 +11761,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) #endif return WOLFSSL_SUCCESS; err: - if (pem) - XFREE(pem, 0, DYNAMIC_TYPE_PEM); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); #ifdef HAVE_CRL if (der) FreeDer(&der); @@ -12072,7 +12127,6 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( static int RebuildFullName(WOLFSSL_X509_NAME* name) { int totalLen = 0, i, idx, entryCount = 0; - char* fullName; if (name == NULL) return BAD_FUNC_ARG; @@ -12092,23 +12146,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( } } - fullName = (char*)XMALLOC(totalLen + 1, name->heap, DYNAMIC_TYPE_X509); - if (fullName == NULL) - return MEMORY_E; + if (name->dynamicName) { + XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); + name->name = name->staticName; + name->dynamicName = 0; + } + + if (totalLen >= ASN_NAME_MAX) { + name->name = (char*)XMALLOC(totalLen + 1, name->heap, + DYNAMIC_TYPE_X509); + if (name->name == NULL) + return MEMORY_E; + name->dynamicName = 1; + } idx = 0; - entryCount = AddAllEntry(name, fullName, totalLen, &idx); - if (entryCount < 0) { - XFREE(fullName, name->heap, DYNAMIC_TYPE_X509); + entryCount = AddAllEntry(name, name->name, totalLen, &idx); + if (entryCount < 0) return entryCount; - } - if (name->dynamicName) { - XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); - } - fullName[idx] = '\0'; - name->name = fullName; - name->dynamicName = 1; + name->name[idx] = '\0'; name->sz = idx + 1; /* size includes null terminator */ name->entrySz = entryCount; @@ -12385,7 +12442,7 @@ int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) } /* get PEM size */ - pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERTREQ_TYPE); + pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERTREQ_TYPE); if (pemSz < 0) { return WOLFSSL_FAILURE; } @@ -12395,7 +12452,7 @@ int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) if (pem == NULL) { return WOLFSSL_FAILURE; } - if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) { + if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) { XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } @@ -12435,7 +12492,7 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) } /* get PEM size */ - pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE); + pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERT_TYPE); if (pemSz < 0) { return WOLFSSL_FAILURE; } @@ -12445,7 +12502,7 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) if (pem == NULL) { return WOLFSSL_FAILURE; } - if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { + if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } @@ -12483,7 +12540,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) } /* get PEM size */ - pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE); + pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERT_TYPE); if (pemSz < 0) { goto error; } @@ -12493,7 +12550,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) if (pem == NULL) { goto error; } - if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { + if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { goto error; } @@ -12505,8 +12562,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) return WOLFSSL_SUCCESS; error: - if (pem) - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } #endif /* WOLFSSL_CERT_GEN */ @@ -12808,6 +12864,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) { WOLFSSL_MSG("Memory error"); wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free); + wolfSSL_X509_NAME_free(name); return NULL; } } @@ -12929,6 +12986,14 @@ static int get_dn_attr_by_nid(int n, const char** buf) str = "UID"; len = 3; break; + case NID_serialNumber: + str = "serialNumber"; + len = 12; + break; + case NID_title: + str = "title"; + len = 5; + break; default: WOLFSSL_MSG("Attribute type not found"); str = NULL; @@ -12993,7 +13058,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz, } out[outIdx] = '\0'; - return outIdx; + return (int)outIdx; } /* @@ -13008,6 +13073,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz, * RFC22523 currently implemented. * XN_FLAG_DN_REV - print name reversed. Automatically done by * XN_FLAG_RFC2253. + * XN_FLAG_SPC_EQ - spaces before and after '=' character * * Returns WOLFSSL_SUCCESS (1) on success, WOLFSSL_FAILURE (0) on failure. */ @@ -13015,6 +13081,8 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, int indent, unsigned long flags) { int i, count = 0, nameStrSz = 0, escapeSz = 0; + int eqSpace = 0; + char eqStr[4]; char* tmp = NULL; char* nameStr = NULL; const char *buf = NULL; @@ -13027,6 +13095,15 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, if ((name == NULL) || (name->sz == 0) || (bio == NULL)) return WOLFSSL_FAILURE; + XMEMSET(eqStr, 0, sizeof(eqStr)); + if (flags & XN_FLAG_SPC_EQ) { + eqSpace = 2; + XSTRNCPY(eqStr, " = ", 4); + } + else { + XSTRNCPY(eqStr, "=", 4); + } + for (i = 0; i < indent; i++) { if (wolfSSL_BIO_write(bio, " ", 1) != 1) return WOLFSSL_FAILURE; @@ -13071,14 +13148,15 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, if (len == 0 || buf == NULL) return WOLFSSL_FAILURE; - tmpSz = nameStrSz + len + 4; /* + 4 for '=', comma space and '\0'*/ + /* + 4 for '=', comma space and '\0'*/ + tmpSz = nameStrSz + len + 4 + eqSpace; tmp = (char*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return WOLFSSL_FAILURE; } if (i < count - 1) { - if (XSNPRINTF(tmp, tmpSz, "%s=%s, ", buf, nameStr) + if (XSNPRINTF(tmp, (size_t)tmpSz, "%s%s%s, ", buf, eqStr, nameStr) >= tmpSz) { WOLFSSL_MSG("buffer overrun"); @@ -13086,17 +13164,17 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, return WOLFSSL_FAILURE; } - tmpSz = len + nameStrSz + 3; /* 3 for '=', comma space */ + tmpSz = len + nameStrSz + 3 + eqSpace; /* 3 for '=', comma space */ } else { - if (XSNPRINTF(tmp, tmpSz, "%s=%s", buf, nameStr) + if (XSNPRINTF(tmp, (size_t)tmpSz, "%s%s%s", buf, eqStr, nameStr) >= tmpSz) { WOLFSSL_MSG("buffer overrun"); XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } - tmpSz = len + nameStrSz + 1; /* 1 for '=' */ + tmpSz = len + nameStrSz + 1 + eqSpace; /* 1 for '=' */ if (bio->type != WOLFSSL_BIO_FILE && bio->type != WOLFSSL_BIO_MEMORY) ++tmpSz; /* include the terminating null when not writing to a * file. @@ -13300,6 +13378,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername) { int ret; + size_t i; #ifdef WOLFSSL_SMALL_STACK DecodedCert *dCert; #else @@ -13317,11 +13396,15 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_WILDCARDS) { + if (flags & WOLFSSL_NO_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) { + if (flags & WOLFSSL_NO_PARTIAL_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; + } + if (flags & WOLFSSL_MULTI_LABEL_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } @@ -13336,11 +13419,27 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, #endif InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL); - ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL); + ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL); if (ret != 0) { goto out; } + /* Replicate openssl behavior for checklen */ + if (chklen == 0) { + chklen = (size_t)(XSTRLEN(chk)); + } + else { + for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) { + if (chk[i] == '\0') { + ret = -1; + goto out; + } + } + } + if (chklen > 1 && (chk[chklen - 1] == '\0')) { + chklen--; + } + ret = CheckHostName(dCert, (char *)chk, chklen); out: @@ -13391,7 +13490,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, if (ret == WOLFSSL_SUCCESS) { InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL); - ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL); + ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL); if (ret != 0) { ret = WOLFSSL_FAILURE; } @@ -13408,8 +13507,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, } #ifdef WOLFSSL_SMALL_STACK - if (dCert != NULL) - XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); #endif return ret; @@ -13530,7 +13628,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, /* Use existing CA retrieval APIs that use DecodedCert. */ InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap); - if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0 + if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0 && !cert->selfSigned) { #ifndef NO_SKID if (cert->extAuthKeyIdSet) @@ -13693,7 +13791,7 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) if (x == NULL) return 0; - return oid2nid(x->sigOID, oidSigType); + return oid2nid((word32)x->sigOID, oidSigType); } #endif /* OPENSSL_EXTRA */ @@ -13877,6 +13975,16 @@ int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) return WOLFSSL_SUCCESS; } +int wolfSSL_X509_set1_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME *t) +{ + return wolfSSL_X509_set_notAfter(x509, t); +} + +int wolfSSL_X509_set1_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME *t) +{ + return wolfSSL_X509_set_notBefore(x509, t); +} + int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s) { WOLFSSL_ENTER("wolfSSL_X509_set_serialNumber"); @@ -13925,7 +14033,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) if (p == NULL) return WOLFSSL_FAILURE; - if ((derSz = wc_RsaKeyToPublicDer(rsa, p, derSz)) <= 0) { + if ((derSz = wc_RsaKeyToPublicDer(rsa, p, (word32)derSz)) <= 0) { XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); return WOLFSSL_FAILURE; } @@ -13949,7 +14057,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) if (p == NULL) return WOLFSSL_FAILURE; - if ((derSz = wc_DsaKeyToPublicDer(dsa, p, derSz)) <= 0) { + if ((derSz = wc_DsaKeyToPublicDer(dsa, p, (word32)derSz)) <= 0) { XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); return WOLFSSL_FAILURE; } @@ -13974,7 +14082,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) if (p == NULL) return WOLFSSL_FAILURE; - if ((derSz = wc_EccPublicKeyToDer(ecc, p, derSz, 1)) <= 0) { + if ((derSz = wc_EccPublicKeyToDer(ecc, p, (word32)derSz, 1)) <= 0) { XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); return WOLFSSL_FAILURE; } @@ -13986,7 +14094,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) return WOLFSSL_FAILURE; } cert->pubKey.buffer = p; - cert->pubKey.length = derSz; + cert->pubKey.length = (unsigned int)derSz; return WOLFSSL_SUCCESS; } @@ -14191,7 +14299,7 @@ static int regenX509REQDerBuffer(WOLFSSL_X509* x509) if (wolfssl_x509_make_der(x509, 1, der, &derSz, 0) == WOLFSSL_SUCCESS) { FreeDer(&x509->derCert); - if (AllocDer(&x509->derCert, derSz, CERT_TYPE, x509->heap) == 0) { + if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE, x509->heap) == 0) { XMEMCPY(x509->derCert->buffer, der, derSz); ret = WOLFSSL_SUCCESS; } @@ -14374,11 +14482,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; } } - ret = wolfSSL_sk_push(req->reqAttributes, attr); - if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) { - /* CIPHER type makes a copy */ + if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) + ret = wolfSSL_sk_push(req->reqAttributes, attr); + else + ret = WOLFSSL_FAILURE; + if (ret != WOLFSSL_SUCCESS) wolfSSL_X509_ATTRIBUTE_free(attr); - } } return ret; @@ -14530,7 +14639,7 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr) } #endif -#endif /* !NO_CERT */ +#endif /* !NO_CERTS */ #endif /* !WOLFCRYPT_ONLY */ diff --git a/src/x509_str.c b/src/x509_str.c index a38f93b205..705cb32dc0 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1,6 +1,6 @@ /* x509_str.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,27 +40,57 @@ * START OF X509_STORE_CTX APIs ******************************************************************************/ -#ifdef OPENSSL_EXTRA - -WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) +/* This API is necessary outside of OPENSSL_EXTRA because it is used in + * SetupStoreCtxCallback */ +WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) { WOLFSSL_X509_STORE_CTX* ctx; - WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new"); + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new_ex"); - ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), NULL, + ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), heap, DYNAMIC_TYPE_X509_CTX); if (ctx != NULL) { - ctx->param = NULL; + XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX)); + ctx->heap = heap; +#ifdef OPENSSL_EXTRA if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != WOLFSSL_SUCCESS) { - XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); + XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); ctx = NULL; } +#endif } return ctx; } +/* This API is necessary outside of OPENSSL_EXTRA because it is used in + * SetupStoreCtxCallback */ +/* free's extra data */ +void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_free"); + if (ctx != NULL) { +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS + wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data); +#endif + +#ifdef OPENSSL_EXTRA + XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; +#endif + + XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX); + } +} + +#ifdef OPENSSL_EXTRA + +WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new"); + return wolfSSL_X509_STORE_CTX_new_ex(NULL); +} int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, @@ -134,11 +164,12 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, if (ctx->param == NULL) { ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), - NULL, DYNAMIC_TYPE_OPENSSL); + ctx->heap, DYNAMIC_TYPE_OPENSSL); if (ctx->param == NULL){ WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed"); return WOLFSSL_FAILURE; } + XMEMSET(ctx->param, 0, sizeof(*ctx->param)); } return WOLFSSL_SUCCESS; @@ -146,25 +177,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, return WOLFSSL_FAILURE; } - -/* free's extra data */ -void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_free"); - if (ctx != NULL) { -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS - wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data); -#endif - - if (ctx->param != NULL) { - XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; - } - - XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); - } -} - /* Its recommended to use a full free -> init cycle of all the objects * because wolfSSL_X509_STORE_CTX_init may modify the store too which doesn't * get reset here. */ @@ -172,10 +184,8 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) { if (ctx != NULL) { - if (ctx->param != NULL) { - XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; - } + XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL); } @@ -194,24 +204,27 @@ void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STAC int GetX509Error(int e) { switch (e) { - case ASN_BEFORE_DATE_E: + case WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E): return WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID; - case ASN_AFTER_DATE_E: + case WC_NO_ERR_TRACE(ASN_AFTER_DATE_E): return WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED; - case ASN_NO_SIGNER_E: /* get issuer error if no CA found locally */ + case WC_NO_ERR_TRACE(ASN_NO_SIGNER_E): + /* get issuer error if no CA found locally */ return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; - case ASN_SELF_SIGNED_E: + case WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E): return WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - case ASN_PATHLEN_INV_E: - case ASN_PATHLEN_SIZE_E: + case WC_NO_ERR_TRACE(ASN_PATHLEN_INV_E): + case WC_NO_ERR_TRACE(ASN_PATHLEN_SIZE_E): return WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED; - case ASN_SIG_OID_E: - case ASN_SIG_CONFIRM_E: - case ASN_SIG_HASH_E: - case ASN_SIG_KEY_E: + case WC_NO_ERR_TRACE(ASN_SIG_OID_E): + case WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E): + case WC_NO_ERR_TRACE(ASN_SIG_HASH_E): + case WC_NO_ERR_TRACE(ASN_SIG_KEY_E): return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE; - case CRL_CERT_REVOKED: + case WC_NO_ERR_TRACE(CRL_CERT_REVOKED): return WOLFSSL_X509_V_ERR_CERT_REVOKED; + case WC_NO_ERR_TRACE(CRL_MISSING): + return X509_V_ERR_UNABLE_TO_GET_CRL; case 0: case 1: return 0; @@ -254,7 +267,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) SetupStoreCtxError(ctx, ret); #ifndef NO_ASN_TIME - if (ret != ASN_BEFORE_DATE_E && ret != ASN_AFTER_DATE_E) { + if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && + ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or ASN_BEFORE_DATE_E if there are no additional errors found in the cert. Therefore, check if the cert is expired or not yet valid @@ -263,11 +277,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) byte *beforeDate = ctx->current_cert->notBefore.data; if (XVALIDATE_DATE(afterDate, - (byte)ctx->current_cert->notAfter.type, AFTER) < 1) { + (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) { ret = ASN_AFTER_DATE_E; } else if (XVALIDATE_DATE(beforeDate, - (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) { + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) { ret = ASN_BEFORE_DATE_E; } SetupStoreCtxError(ctx, ret); @@ -504,39 +518,19 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) /* if chain is null but sesChain is available then populate stack */ if (ctx->chain == NULL && ctx->sesChain != NULL) { int i; + int error = 0; WOLFSSL_X509_CHAIN* c = ctx->sesChain; - WOLFSSL_STACK* sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), - NULL, DYNAMIC_TYPE_X509); + WOLFSSL_STACK* sk = wolfSSL_sk_new_node(ctx->heap); - if (sk == NULL) { + if (sk == NULL) return NULL; - } - - XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); - - for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) { - WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); - - if (x509 == NULL) { - WOLFSSL_MSG("Unable to get x509 from chain"); - wolfSSL_sk_X509_pop_free(sk, NULL); - return NULL; - } - - if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Unable to load x509 into stack"); - wolfSSL_sk_X509_pop_free(sk, NULL); - wolfSSL_X509_free(x509); - return NULL; - } - } #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) /* add CA used to verify top of chain to the list */ if (c->count > 0) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); + WOLFSSL_X509* issuer = NULL; if (x509 != NULL) { - WOLFSSL_X509* issuer = NULL; if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509) == WOLFSSL_SUCCESS) { /* check that the certificate being looked up is not self @@ -545,24 +539,47 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) &x509->subject) != 0) { if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load CA x509 into stack"); - wolfSSL_sk_X509_pop_free(sk, NULL); - wolfSSL_X509_free(issuer); - return NULL; + error = 1; } } else { WOLFSSL_MSG("Certificate is self signed"); - if (issuer != NULL) - wolfSSL_X509_free(issuer); + wolfSSL_X509_free(issuer); } } else { - wolfSSL_X509_free(x509); WOLFSSL_MSG("Could not find CA for certificate"); } } + wolfSSL_X509_free(x509); + if (error) { + wolfSSL_sk_X509_pop_free(sk, NULL); + wolfSSL_X509_free(issuer); + return NULL; + } } #endif + + for (i = c->count - 1; i >= 0; i--) { + WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); + + if (x509 == NULL) { + WOLFSSL_MSG("Unable to get x509 from chain"); + error = 1; + break; + } + + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Unable to load x509 into stack"); + wolfSSL_X509_free(x509); + error = 1; + break; + } + } + if (error) { + wolfSSL_sk_X509_pop_free(sk, NULL); + return NULL; + } ctx->chain = sk; } #endif /* SESSION_CERTS */ @@ -611,6 +628,14 @@ int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx, } #endif +WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param( + WOLFSSL_X509_STORE_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + + return ctx->param; +} #endif /* OPENSSL_EXTRA */ @@ -822,10 +847,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - if (store->param != NULL) { - XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); - store->param = NULL; - } + XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); + store->param = NULL; if (store->lookup.dirs != NULL) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) @@ -935,14 +958,33 @@ int wolfSSL_X509_STORE_set_ex_data_with_cleanup( #ifdef OPENSSL_EXTRA #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, - WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) - { - WOLFSSL_ENTER("wolfSSL_X509_STORE_set_verify_cb"); - if (st != NULL) { - st->verify_cb = verify_cb; - } +void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_set_verify_cb"); + if (st != NULL) { + st->verify_cb = verify_cb; } +} + +void wolfSSL_X509_STORE_set_get_crl(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_get_crl_cb get_cb) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_set_get_crl"); + if (st != NULL) { + st->get_crl_cb = get_cb; + } +} + +#ifndef NO_WOLFSSL_STUB +void wolfSSL_X509_STORE_set_check_crl(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_check_crl_cb check_crl) +{ + (void)st; + (void)check_crl; + WOLFSSL_STUB("wolfSSL_X509_STORE_set_check_crl (not implemented)"); +} +#endif #endif /* WOLFSSL_QT || OPENSSL_ALL */ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, @@ -1328,6 +1370,17 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( } #endif /* OPENSSL_ALL */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( + const WOLFSSL_X509_STORE *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->param; +} +#endif + /******************************************************************************* * END OF X509_STORE APIs ******************************************************************************/ diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 64053ec9e4..0cfb388597 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -677,10 +677,8 @@ static void ssl_Free_SnifferWorker(SnifferWorker* worker) { wm_SemFree(&worker->sem); - if (worker->head) { - XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER); - worker->head = NULL; - } + XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER); + worker->head = NULL; } static int SnifferWorkerPacketAdd(SnifferWorker* worker, int lastRet, diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh new file mode 100755 index 0000000000..01f32faa80 --- /dev/null +++ b/support/gen-debug-trace-error-codes.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +awk ' +BEGIN { + print("/* automatically generated, do not edit */") > "wolfssl/debug-trace-error-codes.h"; + print("#ifndef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-trace-error-codes.h"; + print("#define WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-trace-error-codes.h"; + print("") >> "wolfssl/debug-trace-error-codes.h"; + + print("/* automatically generated, do not edit */") > "wolfssl/debug-untrace-error-codes.h"; + print("#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h"; + print("#undef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h"; +} +{ + if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)[,[:space:]]")) { + + # for mawkward compatibility -- gawk allows errcode_a as the 3rd arg to match(). + gsub("^[[:space:]]+", "", $0); + split($0, errcode_a, "[[:space:]=,]+"); + + if ((errcode_a[1] == "MIN_CODE_E") || + (errcode_a[1] == "WC_LAST_E") || + (errcode_a[1] == "MAX_CODE_E")) + { + next; + } + printf("#define %s WC_ERR_TRACE(%s)\n#define CONST_NUM_ERR_%s (%s)\n", errcode_a[1], errcode_a[1], errcode_a[1], errcode_a[2]) >> "wolfssl/debug-trace-error-codes.h"; + printf("#undef %s\n#undef CONST_NUM_ERR_%s\n", errcode_a[1], errcode_a[1]) >> "wolfssl/debug-untrace-error-codes.h"; + } +} +END { + print("") >> "wolfssl/debug-trace-error-codes.h"; + print("#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES_H */") >> "wolfssl/debug-trace-error-codes.h"; + + print("") >> "wolfssl/debug-untrace-error-codes.h"; + print("#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES_H */") >> "wolfssl/debug-untrace-error-codes.h"; +}' wolfssl/wolfcrypt/error-crypt.h wolfssl/error-ssl.h diff --git a/support/include.am b/support/include.am index 113eee022e..cb0d5ced81 100644 --- a/support/include.am +++ b/support/include.am @@ -2,7 +2,8 @@ # All paths should be given relative to the root # -EXTRA_DIST += support/wolfssl.pc +EXTRA_DIST += support/wolfssl.pc \ + support/gen-debug-trace-error-codes.sh pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = support/wolfssl.pc diff --git a/tests/api.c b/tests/api.c index cb309db433..39b9933c09 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,107 +36,17 @@ #include #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#ifndef FOURK_BUF - #define FOURK_BUF 4096 -#endif -#ifndef TWOK_BUF - #define TWOK_BUF 2048 -#endif -#ifndef ONEK_BUF - #define ONEK_BUF 1024 -#endif +#include +#include + #if defined(WOLFSSL_STATIC_MEMORY) #include - -#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ - defined(SESSION_CERTS) - #ifdef OPENSSL_EXTRA - #define TEST_TLS_STATIC_MEMSZ (400000) - #else - #define TEST_TLS_STATIC_MEMSZ (320000) - #endif - #else - #define TEST_TLS_STATIC_MEMSZ (80000) - #endif #endif - -#endif /* WOLFSSL_STATIC_MEMORY */ -#ifndef HEAP_HINT - #define HEAP_HINT NULL -#endif /* WOLFSSL_STAIC_MEMORY */ #ifdef WOLFSSL_ASNC_CRYPT #include #endif #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ - #ifndef ECC_ASN963_MAX_BUF_SZ - #define ECC_ASN963_MAX_BUF_SZ 133 - #endif - #ifndef ECC_PRIV_KEY_BUF - #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ - #endif - /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ - /* logic to choose right key ECC size */ - #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 - #define KEY14 14 - #else - #define KEY14 32 - #endif - #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 - #define KEY16 16 - #else - #define KEY16 32 - #endif - #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 - #define KEY20 20 - #else - #define KEY20 32 - #endif - #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 - #define KEY24 24 - #else - #define KEY24 32 - #endif - #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - #define KEY28 28 - #else - #define KEY28 32 - #endif - #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - #define KEY30 30 - #else - #define KEY30 32 - #endif - #define KEY32 32 - #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - #define KEY40 40 - #else - #define KEY40 32 - #endif - #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - #define KEY48 48 - #else - #define KEY48 32 - #endif - #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - #define KEY64 64 - #else - #define KEY64 32 - #endif - - #if !defined(HAVE_COMP_KEY) - #if !defined(NOCOMP) - #define NOCOMP 0 - #endif - #else - #if !defined(COMP) - #define COMP 1 - #endif - #endif - #if !defined(DER_SZ) - #define DER_SZ(ks) ((ks) * 2 + 1) - #endif #ifdef WOLFSSL_SM2 #include #endif @@ -144,14 +54,17 @@ #ifndef NO_ASN #include #endif -#include #include #include /* compatibility layer */ +#include + #include #include +#include + +/* for testing compatibility layer callbacks */ #include "examples/server/server.h" - /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include @@ -168,18 +81,12 @@ #ifdef WOLFSSL_SHA384 #include #endif - #ifdef WOLFSSL_SHA3 #include - #ifndef HEAP_HINT - #define HEAP_HINT NULL - #endif #endif - #ifdef WOLFSSL_SM3 #include #endif - #ifndef NO_AES #include #ifdef HAVE_AES_DECRYPT @@ -228,19 +135,14 @@ #include #endif -#include #ifndef NO_RSA #include - - #define FOURK_BUF 4096 - #define GEN_BUF 294 #endif #ifndef NO_SIG_WRAPPER #include #endif - #ifdef HAVE_AESCCM #include #endif @@ -249,7 +151,7 @@ #include #include #ifdef HAVE_LIBZ - #include + #include #endif #endif @@ -259,21 +161,6 @@ #ifndef NO_DSA #include - #ifndef ONEK_BUF - #define ONEK_BUF 1024 - #endif - #ifndef TWOK_BUF - #define TWOK_BUF 2048 - #endif - #ifndef FOURK_BUF - #define FOURK_BUF 4096 - #endif - #ifndef DSA_SIG_SIZE - #define DSA_SIG_SIZE 40 - #endif - #ifndef MAX_DSA_PARAM_SIZE - #define MAX_DSA_PARAM_SIZE 256 - #endif #endif #ifdef WOLFSSL_CMAC @@ -293,13 +180,22 @@ #include #endif +#ifdef WOLFSSL_HAVE_KYBER + #include +#ifdef WOLFSSL_WC_KYBER + #include +#endif +#endif +#ifdef HAVE_DILITHIUM + #include +#endif + #ifdef HAVE_PKCS12 #include #endif -#include - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ @@ -348,16 +244,22 @@ #ifdef HAVE_PKCS7 #include #endif +#ifdef HAVE_CURVE25519 + #include +#endif #ifdef HAVE_ED25519 #include #endif +#ifdef HAVE_CURVE448 + #include +#endif #ifdef HAVE_ED448 #include #endif #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ - && !defined(NO_SHA256) && !defined(RC_NO_RNG) +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(RC_NO_RNG) #include #endif @@ -370,7 +272,7 @@ /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence * number tracking */ -#include "wolfssl/internal.h" + #include "wolfssl/internal.h" #endif /* force enable test buffers */ @@ -382,8 +284,6 @@ #endif #include -#include "tests/utils.h" - /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -391,12 +291,144 @@ #define WOLFSSL_MISC_INCLUDED #include + + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + #define HAVE_IO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_TIRTOS) + #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) + #define HAVE_CERT_CHAIN_VALIDATION +#endif + #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ #define wc_ecc_key_get_priv(key) (&((key)->k)) #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV #endif +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else + #define TEST_TLS_STATIC_MEMSZ (320000) + #endif + #else + #define TEST_TLS_STATIC_MEMSZ (80000) + #endif +#endif + +#ifdef HAVE_ECC + #ifndef ECC_ASN963_MAX_BUF_SZ + #define ECC_ASN963_MAX_BUF_SZ 133 + #endif + #ifndef ECC_PRIV_KEY_BUF + #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ + #endif + /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ + /* logic to choose right key ECC size */ + #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 + #define KEY14 14 + #else + #define KEY14 32 + #endif + #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 + #define KEY16 16 + #else + #define KEY16 32 + #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #define KEY20 20 + #else + #define KEY20 32 + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #define KEY24 24 + #else + #define KEY24 32 + #endif + #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + #define KEY28 28 + #else + #define KEY28 32 + #endif + #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + #define KEY30 30 + #else + #define KEY30 32 + #endif + #define KEY32 32 + #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + #define KEY40 40 + #else + #define KEY40 32 + #endif + #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + #define KEY48 48 + #else + #define KEY48 32 + #endif + #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + #define KEY64 64 + #else + #define KEY64 32 + #endif + + #if !defined(HAVE_COMP_KEY) + #if !defined(NOCOMP) + #define NOCOMP 0 + #endif + #else + #if !defined(COMP) + #define COMP 1 + #endif + #endif + #if !defined(DER_SZ) + #define DER_SZ(ks) ((ks) * 2 + 1) + #endif +#endif /* HAVE_ECC */ + +#ifndef NO_DSA + #ifndef DSA_SIG_SIZE + #define DSA_SIG_SIZE 40 + #endif + #ifndef MAX_DSA_PARAM_SIZE + #define MAX_DSA_PARAM_SIZE 256 + #endif +#endif + +#ifndef NO_RSA + #define GEN_BUF 294 +#endif + +#ifndef ONEK_BUF + #define ONEK_BUF 1024 +#endif +#ifndef TWOK_BUF + #define TWOK_BUF 2048 +#endif +#ifndef FOURK_BUF + #define FOURK_BUF 4096 +#endif + +#ifndef HEAP_HINT + #define HEAP_HINT NULL +#endif + + + + typedef struct testVector { const char* input; const char* output; @@ -564,16 +596,6 @@ static int testDevId = WOLFSSL_CAAM_DEVID; static int testDevId = INVALID_DEVID; #endif -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) -#define HAVE_IO_TESTS_DEPENDENCIES -#endif - -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) -#define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES -#endif /*----------------------------------------------------------------------------* | BIO with fixed read/write size @@ -584,14 +606,14 @@ static int testDevId = INVALID_DEVID; static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data, int len) { - if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) { + if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) { len = 0; } else { if (bio->wrSz - bio->wrIdx < len) { len = bio->wrSz - bio->wrIdx; } - XMEMCPY((char*)bio->ptr + bio->wrIdx, data, len); + XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, len); bio->wrIdx += len; } @@ -600,14 +622,14 @@ static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data, static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len) { - if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) { + if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) { len = 0; } else { if (bio->wrSz - bio->rdIdx < len) { len = bio->wrSz - bio->rdIdx; } - XMEMCPY(data, (char*)bio->ptr + bio->rdIdx, len); + XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, len); bio->rdIdx += len; } @@ -666,6 +688,112 @@ static int test_wolfCrypt_Cleanup(void) return EXPECT_RESULT(); } + +#ifdef WOLFSSL_STATIC_MEMORY + #define TEST_LSM_STATIC_SIZE 440000 + /* Create new bucket list, using the default list, adding + * one dang large buffer size. */ + #define TEST_LSM_DEF_BUCKETS (WOLFMEM_DEF_BUCKETS+1) + #define TEST_LSM_BUCKETS WOLFMEM_BUCKETS,(LARGEST_MEM_BUCKET*2) + #define TEST_LSM_DIST WOLFMEM_DIST,1 +#endif + +static int test_wc_LoadStaticMemory_ex(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_STATIC_MEMORY + byte staticMemory[TEST_LSM_STATIC_SIZE]; + word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS }; + word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST }; + WOLFSSL_HEAP_HINT* heap; + + /* For this test, the size and dist lists will be the ones configured + * for the build, or default. The value of WOLFMEM_DEF_BUCKETS is 9, + * so these lists are 10 long. For most tests, the value of + * WOLFMEM_DEF_BUCKETS is used. There's a test case where one is added + * to that, to make sure the list size is larger than + * WOLFMEM_MAX_BUCKETS. */ + + /* Pass in zero everything. */ + ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, 0, NULL, NULL, NULL, 0, 0, 0), + BAD_FUNC_ARG); + + /* Set the heap pointer to NULL. */ + ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + BAD_FUNC_ARG); + + /* Set other pointer values to NULL one at a time. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, NULL, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + BAD_FUNC_ARG); + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, NULL, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + BAD_FUNC_ARG); + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + NULL, (word32)sizeof(staticMemory), + 0, 1), + BAD_FUNC_ARG); + + /* Set the size of the static buffer to 0. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, 0, + 0, 1), + BUFFER_E); + + /* Set the size of the static buffer to one less than minimum allowed. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, + (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) - 1, + 0, 1), + BUFFER_E); + + /* Set the size of the static buffer to exactly the minimum size. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, + (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); + + /* Use more buckets than able. Success case. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS*2, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); + + /* Success case. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); +#endif /* WOLFSSL_STATIC_MEMORY */ + return EXPECT_RESULT(); +} + + /*----------------------------------------------------------------------------* | Platform dependent function test *----------------------------------------------------------------------------*/ @@ -872,6 +1000,11 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile, RsaKey caKey; ecc_key altCaKey; word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -941,7 +1074,9 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile, altSigValSz), 0); /* Finally, generate the new certificate. */ - XMEMSET(outBuf, 0, outSz); + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + } ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng), 0); *out = outBuf; @@ -984,6 +1119,12 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, RsaKey serverKey; ecc_key altCaKey; word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&serverKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -1043,8 +1184,6 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, newCert.sigType = CTC_SHA256wRSA; newCert.isCA = 0; ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0); - ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5", - (const byte *)"This is NOT a critical extension", 32), 0); ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf, sapkiSz), 0); ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf, @@ -1065,7 +1204,9 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", altSigValBuf, altSigValSz), 0); /* Finally, generate the new certificate. */ - XMEMSET(outBuf, 0, outSz); + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + } ExpectIntGT(wc_MakeCert(&newCert, outBuf, outSz, &serverKey, NULL, &rng), 0); ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, outBuf, @@ -1108,21 +1249,6 @@ static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz, return EXPECT_RESULT(); } -static int extCount = 0; -static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit, - const unsigned char* der, word32 derSz) -{ - (void) oid; - (void) oidSz; - (void) crit; - (void) der; - (void) derSz; - extCount ++; - /* Accept all extensions. This is only a test. Normally we would be much more - * careful about critical extensions. */ - return 1; -} - static int test_dual_alg_support(void) { EXPECT_DECLS; @@ -1138,35 +1264,46 @@ static int test_dual_alg_support(void) int rootSz = 0; byte *server = NULL; int serverSz = 0; - WOLFSSL_CERT_MANAGER* cm = NULL; ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0); /* Base normal case. */ - rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, altPrivFile); + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, + altPrivFile); + } ExpectNotNull(root); ExpectIntGT(rootSz, 0); - serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, - altPrivFile, keyFile, root, rootSz); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, + altPrivFile, keyFile, root, rootSz); + } ExpectNotNull(server); ExpectIntGT(serverSz, 0); ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz, server, serverSz, serverKey, (word32)serverKeySz, 0), TEST_SUCCESS); XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + root = NULL; XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + server = NULL; /* Now we try a negative case. Note that we use wrongPrivFile to generate * the alternative signature and then set negative_test to true for the * call to do_dual_alg_tls13_connection(). Its expecting a failed connection * because the signature won't verify. The exception is if - * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verfication happens + * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verification happens * and this is no longer a negative test. */ - rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, wrongPrivFile); + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, + wrongPrivFile); + } ExpectNotNull(root); ExpectIntGT(rootSz, 0); - serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, - wrongPrivFile, keyFile, root, rootSz); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, + wrongPrivFile, keyFile, root, rootSz); + } ExpectNotNull(server); ExpectIntGT(serverSz, 0); #ifdef WOLFSSL_TRUST_PEER_CERT @@ -1179,19 +1316,6 @@ static int test_dual_alg_support(void) TEST_SUCCESS); #endif - /* Lets see if CertManager can find the new extensions */ - extCount = 0; - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - wolfSSL_CertManagerSetUnknownExtCallback(cm, myUnknownExtCallback); - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, root, rootSz, - SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server, serverSz, - SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - /* There is only 1 unknown extension (1.2.3.4.5). The other ones are known - * because they are for the dual alg extensions. */ - ExpectIntEQ(extCount, 1); - wolfSSL_CertManagerFree(cm); - XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1396,24 +1520,24 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) const byte cipherList[] = { - /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16, - /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39, - /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33, - /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34, - /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35, - /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F, - /* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01, - /* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02, - /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d, - /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae, - /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf, - /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c, - /* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0, - /* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1, - /* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c, - /* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05, - /* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04, - /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A, + /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x16, + /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x39, + /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x33, + /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0x00, 0x34, + /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x35, + /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x2F, + /* TLS_RSA_WITH_NULL_MD5 */ 0x00, 0x01, + /* TLS_RSA_WITH_NULL_SHA */ 0x00, 0x02, + /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0x00, 0x8d, + /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xae, + /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xaf, + /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0x00, 0x8c, + /* TLS_PSK_WITH_NULL_SHA256 */ 0x00, 0xb0, + /* TLS_PSK_WITH_NULL_SHA384 */ 0x00, 0xb1, + /* TLS_PSK_WITH_NULL_SHA */ 0x00, 0x2c, + /* SSL_RSA_WITH_RC4_128_SHA */ 0x00, 0x05, + /* SSL_RSA_WITH_RC4_128_MD5 */ 0x00, 0x04, + /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x0A, /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14, @@ -1581,6 +1705,39 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) } +static int test_wolfSSL_CTX_use_certificate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX* ctx = NULL; + X509* x509 = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_use_certificate(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(NULL, x509), 0); + /* Empty certificate */ + ExpectIntEQ(SSL_CTX_use_certificate(ctx, x509), 0); + + wolfSSL_X509_free(x509); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate_file(void) { EXPECT_DECLS; @@ -1623,6 +1780,16 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + /* Failure cases. */ + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, server_cert_der_2048), WOLFSSL_SUCCESS); @@ -1643,11 +1810,20 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx = NULL; - int ret; ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx, + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048, + 0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -1657,6 +1833,37 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) } /* END test_wolfSSL_CTX_use_certificate_buffer */ +static int test_wolfSSL_use_certificate_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_PrivateKey_file(void) { EXPECT_DECLS; @@ -1687,10 +1894,162 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void) wolfSSL_CTX_free(ctx); #endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* invalid context */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key file */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key type */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999), + WOLFSSL_FAILURE); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); +#else + /* success */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + /* invalid context */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG); + /* invalid key file */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key type */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999), + WOLFSSL_FAILURE); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); +#else + /* success */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif return EXPECT_RESULT(); } +static int test_wolfSSL_CTX_use_PrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + const unsigned char* p; + + (void)p; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE); + /* No data. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + +#if defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_RSA) + p = client_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, + sizeof_client_key_der_2048)); +#if defined(WOLFSSL_KEY_GEN) + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) +#ifndef NO_DSA + p = dsa_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, + sizeof_dsa_key_der_2048)); +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) + /* Not supported in ProcessBuffer. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_BAD_FILE); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ +#if !defined(NO_DH) && defined(OPENSSL_ALL) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + p = dh_ffdhe_statickey_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p, + sizeof_dh_ffdhe_statickey_der_2048)); + /* Not supported. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* USE_CERT_BUFFERS_2048 */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + p = ecc_clikey_der_256; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, + sizeof_ecc_clikey_der_256)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + (unsigned char*)"01234567012345670123456701234567", 32)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} /* test both file and buffer versions along with unloading trusted peer certs */ static int test_wolfSSL_CTX_trust_peer_cert(void) @@ -2335,7 +2694,9 @@ static int test_wolfSSL_CertManagerAPI(void) #endif ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1); - wolfSSL_CertManagerFree(cm); + if (EXPECT_SUCCESS()) { + wolfSSL_CertManagerFree(cm); + } wolfSSL_CertManagerFree(cm); cm = NULL; @@ -3557,6 +3918,7 @@ static int test_wolfSSL_CertManagerCRL(void) wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); wolfSSL_CertManagerFreeCRL(cm); +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); ExpectIntEQ(WOLFSSL_SUCCESS, @@ -3565,6 +3927,7 @@ static int test_wolfSSL_CertManagerCRL(void) sizeof_server_cert_der_2048), CRL_MISSING); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING); +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff), WOLFSSL_FILETYPE_ASN1), 1); @@ -3910,8 +4273,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) static int test_wolfSSL_CheckOCSPResponse(void) { EXPECT_DECLS; -#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \ - defined(OPENSSL_ALL) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + !defined(NO_RSA) && !defined(NO_SHA) const char* responseFile = "./certs/ocsp/test-response.der"; const char* responseMultiFile = "./certs/ocsp/test-multi-response.der"; const char* responseNoInternFile = @@ -4107,7 +4470,7 @@ static int test_wolfSSL_FPKI(void) if (f != XBADFILE) XFCLOSE(f); - wc_InitDecodedCert(&cert, buf, bytes, NULL); + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ; ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL, @@ -4142,7 +4505,7 @@ static int test_wolfSSL_OtherName(void) if (f != XBADFILE) XFCLOSE(f); - wc_InitDecodedCert(&cert, buf, bytes, NULL); + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); wc_FreeDecodedCert(&cert); #endif @@ -4150,6 +4513,7 @@ static int test_wolfSSL_OtherName(void) return EXPECT_RESULT(); } +#ifdef HAVE_CERT_CHAIN_VALIDATION static int test_wolfSSL_CertRsaPss(void) { EXPECT_DECLS; @@ -4187,7 +4551,7 @@ static int test_wolfSSL_CertRsaPss(void) XFCLOSE(f); f = XBADFILE; } - wc_InitDecodedCert(&cert, buf, bytes, NULL); + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); @@ -4197,7 +4561,7 @@ static int test_wolfSSL_CertRsaPss(void) ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); if (f != XBADFILE) XFCLOSE(f); - wc_InitDecodedCert(&cert, buf, bytes, NULL); + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); #endif @@ -4207,6 +4571,7 @@ static int test_wolfSSL_CertRsaPss(void) return EXPECT_RESULT(); } +#endif static int test_wolfSSL_CTX_load_verify_locations_ex(void) { @@ -4244,8 +4609,7 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void) static int test_wolfSSL_CTX_load_verify_buffer_ex(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; @@ -4260,11 +4624,13 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) #endif ExpectNotNull(ctx); +#if defined(USE_CERT_BUFFERS_2048) /* test good CA */ ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE)); +#endif /* load expired CA */ XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); @@ -4291,6 +4657,16 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); + /* Fail when ctx is NULL. */ + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), BAD_FUNC_ARG); + /* Load as modified cert - bad initial length. */ + ca_expired_cert[2] = 0x7f; + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), ASN_PARSE_E); + wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif @@ -4302,7 +4678,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { EXPECT_DECLS; #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \ + defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx = NULL; @@ -4312,9 +4688,10 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format( - ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der, - WOLFSSL_FILETYPE_ASN1)); + /* Public key 140 bytes??? */ + ExpectIntEQ(wolfSSL_CTX_load_verify_chain_buffer_format(ctx, + ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif @@ -4343,9 +4720,29 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, x509), 0); + } + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); X509_free(x509); x509 = NULL; @@ -4353,6 +4750,18 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, x509), 0); + } + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1); X509_free(x509); x509 = NULL; @@ -4369,6 +4778,69 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) return EXPECT_RESULT(); } +static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_CLIENT) && defined(USE_CERT_BUFFERS_2048) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* cert = "./certs/server-cert.pem"; + unsigned char* buf = NULL; + size_t len; + + ExpectIntEQ(load_file(cert, &buf, &len), 0); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + NULL, 0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + NULL, 0, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0), + ASN_NO_PEM_HEADER); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0), + ASN_NO_PEM_HEADER); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len), + BAD_FUNC_ARG); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, + (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER); + + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, + sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + if (buf != NULL) { + free(buf); + } +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) { EXPECT_DECLS; @@ -4376,18 +4848,17 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) const char* server_chain_der = "./certs/server-cert-chain.der"; const char* client_single_pem = "./certs/client-cert.pem"; - WOLFSSL_CTX* ctx; + WOLFSSL_CTX* ctx = NULL; (void)server_chain_der; (void)client_single_pem; (void)ctx; #ifndef NO_WOLFSSL_CLIENT - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - ExpectNotNull(ctx); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -4399,12 +4870,58 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) return EXPECT_RESULT(); } +static int test_wolfSSL_use_certificate_chain_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_CLIENT) + const char* server_chain_der = "./certs/server-cert-chain.der"; + const char* client_single_pem = "./certs/client-cert.pem"; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + (void)server_chain_der; + (void)client_single_pem; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, + server_chain_der, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der), + WOLFSSL_FAILURE); + + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem), + WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_SetTmpDH_file(void) { EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx = NULL; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif (void)ctx; @@ -4428,6 +4945,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + WOLFSSL_FILETYPE_PEM)); +#endif wolfSSL_CTX_free(ctx); #endif @@ -4455,11 +4976,17 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void) /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, NULL, + 0, WOLFSSL_FILETYPE_ASN1)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + /* invalid file format */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, -1)); + /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, @@ -4820,6 +5347,10 @@ static int test_wolfSSL_SetTmpDH_file(void) !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; + const char* dhX942ParamFile = "./certs/x942dh2048.pem"; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA @@ -4858,6 +5389,12 @@ static int test_wolfSSL_SetTmpDH_file(void) /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile, + WOLFSSL_FILETYPE_PEM)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + WOLFSSL_FILETYPE_PEM)); +#endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -4887,6 +5424,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void) /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); @@ -5002,6 +5541,90 @@ static int test_wolfSSL_SetMinVersion(void) #ifdef OPENSSL_EXTRA +static int test_EC25519(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) && defined(WOLFSSL_KEY_GEN) + byte priv[CURVE25519_KEYSIZE]; + unsigned int privSz = CURVE25519_KEYSIZE; + byte pub[CURVE25519_KEYSIZE]; + unsigned int pubSz = CURVE25519_KEYSIZE; + byte priv2[CURVE25519_KEYSIZE]; + unsigned int priv2Sz = CURVE25519_KEYSIZE; + byte pub2[CURVE25519_KEYSIZE]; + unsigned int pub2Sz = CURVE25519_KEYSIZE; + byte shared[CURVE25519_KEYSIZE]; + unsigned int sharedSz = CURVE25519_KEYSIZE; + byte shared2[CURVE25519_KEYSIZE]; + unsigned int shared2Sz = CURVE25519_KEYSIZE; + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length */ + privSz = 1; + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = CURVE25519_KEYSIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = CURVE25519_KEYSIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 1); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), + 1); + ExpectIntEQ(privSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubSz, CURVE25519_KEYSIZE); + + /* Bad parameter testing of shared key. */ + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, NULL, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, NULL, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + /* Bad length. */ + sharedSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + sharedSz = CURVE25519_KEYSIZE; + privSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + privSz = CURVE25519_KEYSIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + pubSz = CURVE25519_KEYSIZE; + + /* Good case of shared key. */ + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub2, pub2Sz), 1); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared2, &shared2Sz, priv2, priv2Sz, + pub, pubSz), 1); + ExpectIntEQ(sharedSz, CURVE25519_KEYSIZE); + ExpectIntEQ(shared2Sz, CURVE25519_KEYSIZE); + ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0); +#endif /* HAVE_CURVE25519 && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} + static int test_ED25519(void) { EXPECT_DECLS; @@ -5018,25 +5641,189 @@ static int test_ED25519(void) unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, pub, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = ED25519_PRV_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = ED25519_PUB_KEY_SIZE; + + /* Good case of generating key. */ ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), - WOLFSSL_SUCCESS); + 1); ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE); ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) + /* Bad parameter testing of signing. */ + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, priv, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, sig, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, priv, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + NULL), 0); + /* Bad length. */ + privSz = 1; ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, - &sigSz), WOLFSSL_SUCCESS); + &sigSz), 0); + privSz = ED25519_PRV_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + sigSz = ED25519_SIG_SIZE; + + /* Good case of signing. */ + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 1); ExpectIntEQ(sigSz, ED25519_SIG_SIZE); #ifdef HAVE_ED25519_VERIFY + /* Bad parameter testing of verification. */ + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, pub, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, pub, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, NULL, + sigSz), 0); + /* Bad length. */ + pubSz = 1; + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + pubSz = ED25519_PUB_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + sigSz = ED25519_SIG_SIZE; + + /* Good case of verification. */ + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 1); + /* Bad signature. */ + if (EXPECT_SUCCESS()) { + sig[1] ^= 0x80; + } ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, - sigSz), WOLFSSL_SUCCESS); + sigSz), 0); #endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */ return EXPECT_RESULT(); } +static int test_EC448(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) && defined(WOLFSSL_KEY_GEN) + byte priv[CURVE448_KEY_SIZE]; + unsigned int privSz = CURVE448_KEY_SIZE; + byte pub[CURVE448_KEY_SIZE]; + unsigned int pubSz = CURVE448_KEY_SIZE; + byte priv2[CURVE448_KEY_SIZE]; + unsigned int priv2Sz = CURVE448_KEY_SIZE; + byte pub2[CURVE448_KEY_SIZE]; + unsigned int pub2Sz = CURVE448_KEY_SIZE; + byte shared[CURVE448_KEY_SIZE]; + unsigned int sharedSz = CURVE448_KEY_SIZE; + byte shared2[CURVE448_KEY_SIZE]; + unsigned int shared2Sz = CURVE448_KEY_SIZE; + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = CURVE448_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = CURVE448_KEY_SIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 1); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), 1); + ExpectIntEQ(privSz, CURVE448_KEY_SIZE); + ExpectIntEQ(pubSz, CURVE448_KEY_SIZE); + + /* Bad parameter testing of shared key. */ + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, NULL, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, NULL, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + /* Bad length. */ + sharedSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + sharedSz = CURVE448_KEY_SIZE; + privSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + privSz = CURVE448_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + pubSz = CURVE448_KEY_SIZE; + + /* Good case of shared key. */ + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub2, pub2Sz), 1); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared2, &shared2Sz, priv2, priv2Sz, + pub, pubSz), 1); + ExpectIntEQ(sharedSz, CURVE448_KEY_SIZE); + ExpectIntEQ(shared2Sz, CURVE448_KEY_SIZE); + ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0); +#endif /* HAVE_CURVE448 && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} + static int test_ED448(void) { EXPECT_DECLS; @@ -5053,19 +5840,99 @@ static int test_ED448(void) unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ - ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), - WOLFSSL_SUCCESS); + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, pub, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = ED448_PRV_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = ED448_PUB_KEY_SIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 1); ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE); ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) + /* Bad parameter testing of signing. */ + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, priv, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, sig, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, priv, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + privSz = ED448_PRV_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + sigSz = ED448_SIG_SIZE; + + /* Good case of signing. */ ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, - &sigSz), WOLFSSL_SUCCESS); + &sigSz), 1); ExpectIntEQ(sigSz, ED448_SIG_SIZE); #ifdef HAVE_ED448_VERIFY + /* Bad parameter testing of verification. */ + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, pub, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, pub, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, NULL, + sigSz), 0); + /* Bad length. */ + pubSz = 1; + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + pubSz = ED448_PUB_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + sigSz = ED448_SIG_SIZE; + + /* Good case of verification. */ + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 1); + /* Bad signature. */ + if (EXPECT_SUCCESS()) { + sig[1] ^= 0x80; + } ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, - sigSz), WOLFSSL_SUCCESS); + sigSz), 0); #endif /* HAVE_ED448_VERIFY */ #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */ @@ -7014,8 +7881,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) !defined(WOLFSSL_NO_TLS12) static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) { - SOCKET_T sockfd = 0; - SOCKET_T clientfd = 0; + SOCKET_T sockfd; + SOCKET_T clientfd = -1; word16 port; callback_functions* cbf; @@ -7178,6 +8045,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); ssl = NULL; CloseSocket(clientfd); + clientfd = -1; count++; } @@ -7195,7 +8063,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) if (!sharedCtx) wolfSSL_CTX_free(ctx); - CloseSocket(clientfd); + if (clientfd >= 0) + CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); @@ -8345,8 +9214,7 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void) return EXPECT_RESULT(); } -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready( WOLFSSL_CTX* ctx) { @@ -8360,8 +9228,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready( static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; @@ -8380,14 +9247,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void) ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); -#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS && - * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ return EXPECT_RESULT(); } -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready( WOLFSSL_CTX* ctx) { @@ -8401,8 +9266,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready( static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; @@ -8425,14 +9289,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void) ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); -#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS && - * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ return EXPECT_RESULT(); } -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready( WOLFSSL_CTX* ctx) { @@ -8446,8 +9308,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready( static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \ - defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; @@ -8472,15 +9333,14 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void) ExpectIntEQ(server_cbf.return_code, TEST_FAIL); ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR); ExpectIntEQ(server_cbf.last_err, FATAL_ERROR); -#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS && - * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ return EXPECT_RESULT(); } #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \ - && !defined(NO_SHA256) && defined(HAVE_ECC) + !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256) static int test_wolfSSL_CTX_set_cipher_list_server_ctx_ready(WOLFSSL_CTX* ctx) { EXPECT_DECLS; @@ -8500,8 +9360,9 @@ static int test_wolfSSL_CTX_set_cipher_list(void) { EXPECT_DECLS; #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \ - && !defined(NO_SHA256) && defined(HAVE_ECC) + defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256) + + #if !defined(WOLFSSL_NO_TLS12) WOLFSSL_CTX* ctxClient = NULL; WOLFSSL* sslClient = NULL; test_ssl_cbf client_cbf; @@ -8523,7 +9384,8 @@ static int test_wolfSSL_CTX_set_cipher_list(void) /* check with cipher string that has '+' */ ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); - ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM")); + /* Use trailing : with nothing to test for ASAN */ + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM:")); ExpectNotNull((sslClient = wolfSSL_new(ctxClient))); /* check for the existence of an ECDHE ECDSA cipher suite */ @@ -8551,6 +9413,8 @@ static int test_wolfSSL_CTX_set_cipher_list(void) wolfSSL_free(sslClient); wolfSSL_CTX_free(ctxClient); + + #endif /* !WOLFSSL_NO_TLS12 */ #endif return EXPECT_RESULT(); } @@ -10799,8 +11663,8 @@ static int test_wolfSSL_UseMaxFragment(void) #endif WOLFSSL *ssl = NULL; #ifdef OPENSSL_EXTRA - int (*UseMaxFragment)(SSL *s, uint8_t mode); - int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode); + int (*UseMaxFragment)(SSL *s, unsigned char mode); + int (*CTX_UseMaxFragment)(SSL_CTX *c, unsigned char mode); #else int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode); int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode); @@ -10863,6 +11727,34 @@ static int test_wolfSSL_UseMaxFragment(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); + +#if defined(OPENSSL_EXTRA) && defined(HAVE_MAX_FRAGMENT) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + /* check negotiated max fragment size */ + { + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c, WOLFSSL_MFL_2_8), + WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); +#ifndef NO_SESSION_CACHE + ExpectIntEQ(SSL_SESSION_get_max_fragment_length( + wolfSSL_get_session(ssl_c)), WOLFSSL_MFL_2_8); +#endif + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return EXPECT_RESULT(); @@ -11930,6 +12822,16 @@ static int test_wolfSSL_PKCS12(void) ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + /* modify case and compare subject from certificate in ca to expected. + * The first bit of the name is: + * /C=US/ST=Washington + * So we'll change subject->name[1] to 'c' (lower case) */ + if (subject != NULL) { + subject->name[1] = 'c'; + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + } + EVP_PKEY_free(pkey); pkey = NULL; X509_free(x509); @@ -12169,7 +13071,7 @@ static int test_wolfSSL_PKCS8(void) XFILE f = XBADFILE; int bytes = 0; WOLFSSL_CTX* ctx = NULL; -#if defined(HAVE_ECC) && !defined(NO_CODING) +#if defined(HAVE_ECC) && !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) int ret; ecc_key key; word32 x = 0; @@ -12329,13 +13231,13 @@ static int test_wolfSSL_PKCS8(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#ifndef NO_CODING +#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) /* decrypt PKCS8 PEM to key in DER format */ ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); ret = wc_ecc_init(&key); if (ret == 0) { - ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes); + ret = wc_EccPrivateKeyDecode(der, &x, &key, (word32)bytes); wc_ecc_free(&key); } ExpectIntEQ(ret, 0); @@ -19025,10 +19927,10 @@ static int test_wc_Arc4SetKey(void) const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; int keyLen = 8; - ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, keyLen), 0); + ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0); /* Test bad args. */ - ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, keyLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , keyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , (word32)keyLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0 ), BAD_FUNC_ARG); #endif return EXPECT_RESULT(); @@ -19060,17 +19962,17 @@ static int test_wc_Arc4Process(void) ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, keyLen), 0); - ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, keyLen), 0); + ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0); - ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, keyLen), 0); - ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, keyLen), 0); + ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0); ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0); /* Bad args. */ - ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, keyLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, keyLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, keyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), BAD_FUNC_ARG); wc_Arc4Free(&enc); wc_Arc4Free(&dec); @@ -19210,14 +20112,14 @@ static int test_wc_RsaPublicKeyDecode(void) f = XBADFILE; } idx = 0; - ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL, + ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL, NULL), 0); ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); if (f != XBADFILE) XFCLOSE(f); idx = 0; - ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL, + ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL, NULL), 0); #endif @@ -19258,6 +20160,104 @@ static int test_wc_RsaPublicKeyDecodeRaw(void) } /* END test_wc_RsaPublicKeyDecodeRaw */ +/* + * Testing wc_RsaPrivateKeyDecodeRaw() + */ +static int test_wc_RsaPrivateKeyDecodeRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + RsaKey key; + const byte n = 33; + const byte e = 3; + const byte d = 7; + const byte u = 2; + const byte p = 3; + const byte q = 11; + const byte dp = 1; + const byte dq = 7; + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), NULL, 0, + NULL, 0, &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + NULL, 0, &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), NULL, 0, + &dq, sizeof(dq), &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0, + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, 0, &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, 0, &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, 0, &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, 0, &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, 0, + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, 0, + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), BAD_FUNC_ARG); +#endif + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPrivateKeyDecodeRaw */ + + #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps @@ -19514,17 +20514,17 @@ static int test_wc_RsaPSS_Verify(void) WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); /* Bad cases */ - ExpectIntEQ(wc_RsaPSS_Verify(NULL, sz, pt, outLen, + ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); - ExpectIntEQ(wc_RsaPSS_Verify(pSignature, sz, NULL, outLen, + ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); /* Good case */ - ExpectIntGT(wc_RsaPSS_Verify(pSignature, sz, pt, outLen, + ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); DoExpectIntEQ(wc_FreeRsaKey(&key), 0); @@ -19561,25 +20561,25 @@ static int test_wc_RsaPSS_VerifyCheck(void) ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); - ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0); - ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz), + ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0); + ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz), 0); ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); /* Bad cases */ - ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen, digest, + ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); - ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen, digest, + ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); /* Good case */ - ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen, digest, + ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); ExpectIntEQ(wc_FreeRsaKey(&key), 0); @@ -19614,25 +20614,25 @@ static int test_wc_RsaPSS_VerifyCheckInline(void) ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); - ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0); - ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz), + ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0); + ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz), 0); ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); /* Bad Cases */ - ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt, digest, + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG); - ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), BAD_FUNC_ARG); /* Good case */ - ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, + ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); DoExpectIntEQ(wc_FreeRsaKey(&key), 0); @@ -19826,7 +20826,7 @@ static int test_wc_RsaPublicEncryptDecrypt(void) ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); /* Encrypt. */ - ExpectIntGT(cipherLenResult = wc_RsaPublicEncrypt(in, inLen, cipher, + ExpectIntGT(cipherLenResult = (word32)wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng), 0); /* Pass bad args - tested in another testing function.*/ @@ -21519,7 +22519,7 @@ static int test_wc_AesEaxEncryptAuth(void) ciphertext, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), 0); @@ -21528,42 +22528,42 @@ static int test_wc_AesEaxEncryptAuth(void) ciphertext, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), NULL, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, NULL, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), NULL, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), - NULL, len, + NULL, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, NULL, sizeof(aad)), BAD_FUNC_ARG); @@ -21578,11 +22578,11 @@ static int test_wc_AesEaxEncryptAuth(void) exp_ret = BAD_FUNC_ARG; } - ExpectIntEQ(wc_AesEaxEncryptAuth(key, i, + ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i, ciphertext, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), exp_ret); } @@ -21594,7 +22594,7 @@ static int test_wc_AesEaxEncryptAuth(void) ciphertext, msg, sizeof(msg), iv, sizeof(iv), - authtag, len, + authtag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); @@ -21632,7 +22632,7 @@ static int test_wc_AesEaxDecryptAuth(void) plaintext, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), AES_EAX_AUTH_E); @@ -21641,42 +22641,42 @@ static int test_wc_AesEaxDecryptAuth(void) plaintext, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), NULL, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, NULL, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), NULL, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), - NULL, len, + NULL, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, NULL, sizeof(aad)), BAD_FUNC_ARG); @@ -21691,11 +22691,11 @@ static int test_wc_AesEaxDecryptAuth(void) exp_ret = BAD_FUNC_ARG; } - ExpectIntEQ(wc_AesEaxDecryptAuth(key, i, + ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i, plaintext, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), exp_ret); } @@ -21707,7 +22707,7 @@ static int test_wc_AesEaxDecryptAuth(void) plaintext, ct, sizeof(ct), iv, sizeof(iv), - tag, len, + tag, (word32)len, aad, sizeof(aad)), BAD_FUNC_ARG); @@ -21993,14 +22993,14 @@ static int test_wc_DsaKeyToPublicDer(void) ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0); ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); - ExpectIntGE(sz = wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0); + ExpectIntGE(sz = (word32)wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0); wc_FreeDsaKey(&key); idx = 0; ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0); /* Test without the SubjectPublicKeyInfo header */ - ExpectIntGE(sz = wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0); + ExpectIntGE(sz = (word32)wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0); wc_FreeDsaKey(&key); idx = 0; ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0); @@ -22283,9 +23283,9 @@ static int test_wc_ed25519_make_key(void) ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, pubkey_sz), + ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz), ECC_PRIV_KEY_E); - ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, pubkey_sz), + ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz), ECC_PRIV_KEY_E); ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); @@ -22469,7 +23469,9 @@ static int test_wc_ed25519_import_private_key(void) ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); #ifdef HAVE_ED25519_KEY_EXPORT + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0); + PRIVATE_KEY_LOCK(); ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, &key, 1), 0); ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); @@ -22536,6 +23538,7 @@ static int test_wc_ed25519_export(void) pubKey, sizeof(pubKey), &key, 1), 0); #endif + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0); ExpectIntEQ(pubSz, ED25519_KEY_SIZE); ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0); @@ -22554,6 +23557,7 @@ static int test_wc_ed25519_export(void) BAD_FUNC_ARG); ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed25519_free(&key); @@ -22661,6 +23665,7 @@ static int test_wc_ed25519_exportKey(void) pubKey, sizeof(pubKey), &key, 1), 0); #endif + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0); /* Test bad args. */ ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz), @@ -22681,6 +23686,7 @@ static int test_wc_ed25519_exportKey(void) BAD_FUNC_ARG); ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); /* Cross check output. */ ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0); @@ -22719,7 +23725,11 @@ static int test_wc_Ed25519PublicKeyToDer(void) ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); - ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1), 0); + /* length only */ + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed25519_free(&key); @@ -23414,7 +24424,9 @@ static int test_wc_ed448_import_private_key(void) ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); #ifdef HAVE_ED448_KEY_EXPORT + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0); + PRIVATE_KEY_LOCK(); ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, &key, 1), 0); ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); @@ -23470,6 +24482,7 @@ static int test_wc_ed448_export(void) ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG); ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0); ExpectIntEQ(privSz, ED448_KEY_SIZE); ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0); @@ -23479,6 +24492,7 @@ static int test_wc_ed448_export(void) ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz), BAD_FUNC_ARG); ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed448_free(&key); @@ -23548,6 +24562,7 @@ static int test_wc_ed448_exportKey(void) ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0); /* Test bad args. */ ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz), @@ -23567,6 +24582,7 @@ static int test_wc_ed448_exportKey(void) BAD_FUNC_ARG); ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); /* Cross check output. */ ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0); @@ -23606,8 +24622,11 @@ static int test_wc_Ed448PublicKeyToDer(void) ExpectIntEQ(wc_ed448_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); - - ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1), 0); + /* length only */ + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed448_free(&key); @@ -24354,6 +25373,7 @@ static int test_wc_ecc_export_x963_ex(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -24394,6 +25414,7 @@ static int test_wc_ecc_export_x963_ex(void) ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), ECC_BAD_ARG_E); #endif + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -24429,10 +25450,15 @@ static int test_wc_ecc_import_x963(void) ExpectIntEQ(wc_ecc_init(&pubKey), 0); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); +#if FIPS_VERSION3_GE(6,0,0) + ret = wc_ecc_make_key(&rng, KEY32, &key); +#else ret = wc_ecc_make_key(&rng, KEY24, &key); +#endif #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif + ExpectIntEQ(ret, 0); PRIVATE_KEY_UNLOCK(); @@ -24480,6 +25506,7 @@ static int test_wc_ecc_import_private_key(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(privKey, 0, privKeySz); XMEMSET(x963Key, 0, x963KeySz); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_ecc_init(&keyImp), 0); @@ -24502,6 +25529,7 @@ static int test_wc_ecc_import_private_key(void) x963KeySz, NULL), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz, &keyImp), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&keyImp); @@ -24532,6 +25560,7 @@ static int test_wc_ecc_export_private_only(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_ecc_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); @@ -24546,6 +25575,7 @@ static int test_wc_ecc_export_private_only(void) ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG); ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -25130,15 +26160,20 @@ static int test_wc_ecc_shared_secret_ssh(void) WC_RNG rng; int ret; int keySz = KEY32; +#if FIPS_VERSION3_GE(6,0,0) + int key2Sz = KEY28; +#else int key2Sz = KEY24; +#endif byte secret[KEY32]; - word32 secretLen = keySz; + word32 secretLen = (word32)keySz; /* Init stack variables. */ XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&key2, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(secret, 0, secretLen); + PRIVATE_KEY_UNLOCK(); /* Make keys */ ExpectIntEQ(wc_ecc_init(&key), 0); @@ -25178,6 +26213,7 @@ static int test_wc_ecc_shared_secret_ssh(void) key.type = ECC_PUBLICKEY; ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen), ECC_BAD_ARG_E); + PRIVATE_KEY_LOCK(); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -25429,9 +26465,17 @@ static int test_wc_ecc_sig_size_calc(void) #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif +#if FIPS_VERSION3_GE(6,0,0) + ExpectIntEQ(ret, BAD_FUNC_ARG); +#else ExpectIntEQ(ret, 0); +#endif +#if FIPS_VERSION3_LT(6,0,0) sz = key.dp->size; ExpectIntGT(wc_ecc_sig_size_calc(sz), 0); +#else + (void) sz; +#endif DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ecc_free(&key); @@ -25627,8 +26671,10 @@ static int test_wc_ecc_sm2_create_digest(void) hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG); /* Bad hash type. */ + /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */ ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), -1, hash, 0, key), BAD_FUNC_ARG); + /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */ /* Bad hash size. */ ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), hashType, hash, 0, key), BUFFER_E); @@ -26095,6 +27141,7 @@ static int test_wc_EccPrivateKeyToDer(void) XMEMSET(&eccKey, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); + PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ecc_init(&eccKey), 0); @@ -26111,7 +27158,7 @@ static int test_wc_EccPrivateKeyToDer(void) ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), LENGTH_ONLY_E); ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), BAD_FUNC_ARG); /* Good Case */ - ExpectIntGT(outLen = wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0); + ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0); wc_ecc_free(&eccKey); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26135,6 +27182,7 @@ static int test_wc_EccPrivateKeyToDer(void) EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */ } #endif + PRIVATE_KEY_LOCK(); #endif return EXPECT_RESULT(); } /* End test_wc_EccPrivateKeyToDer*/ @@ -26204,9 +27252,10 @@ static int test_wc_Ed25519KeyToDer(void) /* Bad Cases */ ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BUFFER_E); /* Good Cases */ /* length only */ + ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0); ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0); ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0); @@ -26242,10 +27291,10 @@ static int test_wc_Ed25519PrivateKeyToDer(void) ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0), - BAD_FUNC_ARG); + BUFFER_E); /* Good Cases */ /* length only */ - ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen), 0); + ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0); ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26278,10 +27327,10 @@ static int test_wc_Ed448KeyToDer(void) /* Bad Cases */ ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BUFFER_E); /* Good Cases */ /* length only */ - ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, inLen), 0); + ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0); ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26316,10 +27365,10 @@ static int test_wc_Ed448PrivateKeyToDer(void) ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0), - BAD_FUNC_ARG); + BUFFER_E); /* Good cases */ /* length only */ - ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen), 0); + ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0); ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26329,299 +27378,10832 @@ static int test_wc_Ed448PrivateKeyToDer(void) } /* End test_wc_Ed448PrivateKeyToDer*/ /* - * Testing wc_SetSubjectBuffer + * Testing wc_Curve448PrivateKeyToDer */ -static int test_wc_SetSubjectBuffer(void) +static int test_wc_Curve448PrivateKeyToDer(void) { EXPECT_DECLS; -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - Cert cert; - XFILE file = XBADFILE; - byte* der = NULL; - word32 derSz; +#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + curve448_key curve448PrivKey; + WC_RNG rng; + word32 inLen; - derSz = FOURK_BUF; - ExpectNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - ExpectTrue((file = XFOPEN("./certs/ca-cert.der", "rb")) != XBADFILE); - ExpectTrue((derSz = (word32)XFREAD(der, 1, FOURK_BUF, file)) > 0); - if (file != XBADFILE) - XFCLOSE(file); + XMEMSET(&curve448PrivKey, 0, sizeof(curve448PrivKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_InitCert(&cert), 0); - ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, derSz), 0); - ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, derSz), BAD_FUNC_ARG); + ExpectIntEQ(wc_curve448_init(&curve448PrivKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &curve448PrivKey), + 0); + inLen = (word32)sizeof(output); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + /* Bad Cases */ + ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0), + BUFFER_E); + /* Good cases */ + /* length only */ + ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0); + ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0); + + /* Bad Cases */ + ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0), + BUFFER_E); + ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1), + BUFFER_E); + /* Good cases */ + /* length only */ + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&curve448PrivKey); #endif return EXPECT_RESULT(); -} /* End test_wc_SetSubjectBuffer*/ +} /* End wc_Curve448PrivateKeyToDer*/ -/* - * Testing wc_SetSubjectKeyIdFromPublicKey_ex - */ -static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void) +static int test_wc_kyber_make_key_kats(void) { EXPECT_DECLS; -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - WC_RNG rng; - Cert cert; -#if !defined(NO_RSA) && defined(HAVE_RSA) - RsaKey rsaKey; - int bits = 2048; -#endif -#if defined(HAVE_ECC) - ecc_key eccKey; - int ret; -#endif -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - ed25519_key ed25519Key; +#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ + defined(WOLFSSL_ML_KEM) + KyberKey* key; +#ifndef WOLFSSL_NO_KYBER512 + static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = { + 0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42, + 0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2, + 0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E, + 0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC, + 0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42, + 0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2, + 0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E, + 0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC + }; + static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { + 0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6, + 0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C, + 0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31, + 0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59, + 0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1, + 0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34, + 0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3, + 0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6, + 0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21, + 0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7, + 0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A, + 0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79, + 0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83, + 0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D, + 0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55, + 0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A, + 0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A, + 0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3, + 0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2, + 0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0, + 0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46, + 0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61, + 0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3, + 0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31, + 0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00, + 0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4, + 0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA, + 0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2, + 0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32, + 0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19, + 0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2, + 0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74, + 0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B, + 0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10, + 0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A, + 0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF, + 0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58, + 0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9, + 0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98, + 0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29, + 0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C, + 0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35, + 0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA, + 0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C, + 0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26, + 0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0, + 0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9, + 0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8, + 0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30, + 0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05, + 0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E, + 0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01, + 0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33, + 0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E, + 0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C, + 0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB, + 0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26, + 0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87, + 0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA, + 0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78, + 0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96, + 0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99, + 0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03, + 0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0, + 0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E, + 0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC, + 0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A, + 0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7, + 0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8, + 0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61, + 0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85, + 0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90, + 0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C, + 0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8, + 0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3, + 0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B, + 0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02, + 0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48, + 0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29, + 0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03, + 0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A, + 0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13, + 0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB, + 0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD, + 0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22, + 0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67, + 0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C, + 0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35, + 0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74, + 0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11, + 0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65, + 0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84, + 0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57, + 0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5, + 0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89, + 0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91, + 0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58, + 0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF, + 0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F, + 0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36 + }; + static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { + 0x37, 0xEC, 0x47, 0x7E, 0x21, 0x7B, 0xFB, 0x40, + 0x38, 0x4C, 0x85, 0x0E, 0x51, 0xC1, 0x83, 0x71, + 0x58, 0xBD, 0xBC, 0x23, 0xA3, 0x18, 0x32, 0xBC, + 0x25, 0xC9, 0x1B, 0x31, 0x21, 0x44, 0x4A, 0xD4, + 0x53, 0x37, 0x33, 0xBA, 0xFF, 0x07, 0xCA, 0x81, + 0x7B, 0x64, 0xB2, 0xCA, 0x42, 0x99, 0xAA, 0x26, + 0x45, 0x4C, 0xBA, 0xFB, 0x35, 0xB6, 0xAB, 0xE1, + 0x18, 0x5C, 0xB4, 0x7C, 0x4C, 0xD6, 0x1A, 0xF9, + 0x83, 0x83, 0xC4, 0x81, 0x4B, 0x20, 0xAB, 0x87, + 0x54, 0xFC, 0x51, 0x4F, 0x23, 0x07, 0x41, 0x14, + 0xC3, 0xE5, 0xA8, 0x10, 0xA4, 0x53, 0xB8, 0x55, + 0xAA, 0x7F, 0x13, 0x10, 0xC7, 0x4B, 0x0B, 0x01, + 0xE5, 0xAA, 0xB2, 0xE8, 0x71, 0x73, 0x8F, 0xAC, + 0x27, 0x86, 0xC7, 0xA0, 0x5D, 0x6B, 0x3B, 0x32, + 0xA0, 0x50, 0xD0, 0xFB, 0x22, 0x39, 0x56, 0xC9, + 0x5C, 0xA0, 0xC2, 0xC1, 0xD5, 0x41, 0x54, 0xA7, + 0x7B, 0xD3, 0x37, 0x37, 0xA4, 0x9A, 0x00, 0x65, + 0xD1, 0x42, 0x4A, 0x2A, 0xBA, 0xFD, 0x52, 0xAA, + 0x93, 0x4C, 0x98, 0x04, 0x93, 0x92, 0x08, 0xF0, + 0x5C, 0xCF, 0x8B, 0x8B, 0x80, 0x86, 0x31, 0x6E, + 0x09, 0x43, 0xA0, 0x87, 0x10, 0x50, 0x0C, 0x91, + 0x8A, 0x2B, 0x21, 0x8D, 0x37, 0xB8, 0x5A, 0xE2, + 0x80, 0x22, 0xCB, 0x01, 0x34, 0xFB, 0x49, 0xF5, + 0xC4, 0x5D, 0x98, 0xD3, 0xC0, 0x4B, 0x75, 0x5A, + 0x60, 0x88, 0x04, 0x22, 0x66, 0x8E, 0x2B, 0x30, + 0x1B, 0x18, 0xD5, 0x19, 0x4D, 0xE9, 0x91, 0xB2, + 0x65, 0xBF, 0x94, 0x69, 0x7E, 0x6A, 0x4B, 0x81, + 0x50, 0xC8, 0xB8, 0x52, 0x03, 0x39, 0x15, 0x63, + 0x5E, 0x30, 0x66, 0x5B, 0xDA, 0x21, 0x91, 0xDA, + 0xA5, 0x05, 0xD4, 0x33, 0x44, 0xFD, 0x29, 0xC9, + 0xFC, 0xC1, 0xC5, 0x07, 0x69, 0x1D, 0x47, 0x5B, + 0x61, 0x7C, 0x94, 0x8F, 0xCC, 0x84, 0xB1, 0xB0, + 0x8A, 0x1C, 0x63, 0x8C, 0x3E, 0x13, 0x58, 0x0C, + 0xE3, 0x59, 0x78, 0x9A, 0x98, 0x60, 0xE5, 0x46, + 0x9C, 0xC7, 0x54, 0xB0, 0x8E, 0xE3, 0x3F, 0x09, + 0x21, 0xBD, 0xEF, 0x15, 0xA9, 0x06, 0x96, 0x9F, + 0x2D, 0xC5, 0x7A, 0x25, 0xE8, 0x0C, 0xE4, 0xC4, + 0x5F, 0x11, 0xE0, 0x4A, 0x51, 0x9A, 0xB0, 0x8B, + 0x9B, 0x92, 0x7C, 0x3A, 0x13, 0xA0, 0x81, 0xCF, + 0xFA, 0x11, 0x0F, 0xAC, 0xCC, 0x5E, 0x8D, 0xC2, + 0x94, 0x95, 0x97, 0x8B, 0x55, 0x53, 0x10, 0x4D, + 0x47, 0x3A, 0x17, 0x59, 0x18, 0xAD, 0x5B, 0x54, + 0x87, 0xBB, 0xA6, 0x97, 0x12, 0xAE, 0x93, 0xF6, + 0x15, 0xC6, 0x0A, 0x8D, 0x38, 0x7B, 0xCE, 0x3F, + 0x65, 0x1E, 0x56, 0x88, 0x0A, 0x52, 0x2B, 0x2D, + 0xB8, 0x63, 0x51, 0xCA, 0xB6, 0x5D, 0x13, 0xB4, + 0x69, 0x3D, 0xB0, 0xB2, 0xC8, 0x09, 0x36, 0xFA, + 0xD1, 0xCE, 0x67, 0x92, 0x5E, 0x6B, 0xB7, 0xC1, + 0x10, 0xC4, 0x3E, 0x83, 0x24, 0x7D, 0x22, 0x60, + 0x8D, 0x8C, 0x10, 0x23, 0x43, 0x1C, 0xB6, 0x92, + 0x90, 0xA4, 0xF8, 0xA9, 0x59, 0x3B, 0xF1, 0x24, + 0x1D, 0x73, 0x7C, 0x0C, 0xD1, 0x6D, 0x75, 0xEB, + 0x50, 0xC6, 0x84, 0x2C, 0xE0, 0xA2, 0x1D, 0xCE, + 0x49, 0x40, 0x36, 0x82, 0x4C, 0xE6, 0x32, 0x52, + 0xE9, 0x32, 0x5F, 0x05, 0xB7, 0x34, 0x45, 0x2B, + 0x12, 0x91, 0x32, 0xB1, 0x96, 0x08, 0x4A, 0x37, + 0x88, 0xBB, 0xB1, 0xF2, 0x0A, 0x37, 0xD2, 0xC2, + 0xB3, 0xF9, 0x0E, 0x0D, 0xD7, 0xA2, 0x74, 0xC9, + 0xB1, 0xA9, 0xF0, 0x2E, 0xC7, 0xE7, 0x21, 0xF4, + 0xA4, 0x3D, 0x40, 0x9A, 0x25, 0xFB, 0xC9, 0x9A, + 0x44, 0xD4, 0x76, 0x31, 0x07, 0xC7, 0x87, 0x62, + 0x09, 0x41, 0x76, 0x1E, 0xD4, 0x8C, 0x93, 0x29, + 0x24, 0xBA, 0x62, 0x09, 0x86, 0xCF, 0x27, 0x7A, + 0x23, 0x47, 0x1C, 0x7B, 0x13, 0x33, 0x3D, 0x93, + 0x6C, 0x0D, 0xD4, 0x9E, 0x0F, 0xF3, 0x4C, 0xA3, + 0xAB, 0x82, 0x34, 0xC4, 0x2A, 0xEB, 0xE4, 0x59, + 0xC6, 0x12, 0x05, 0x2B, 0x97, 0x16, 0xE9, 0x6B, + 0x20, 0xBE, 0xC7, 0x18, 0x12, 0x60, 0x40, 0xA9, + 0x09, 0x1F, 0x6B, 0xA9, 0x44, 0x5F, 0x45, 0x80, + 0x6A, 0xEB, 0x6E, 0x38, 0x16, 0x71, 0x0F, 0x7C, + 0xBF, 0xED, 0x11, 0x01, 0x46, 0x12, 0x84, 0xDD, + 0x96, 0x2B, 0x7B, 0x12, 0x04, 0x7C, 0x0A, 0x0A, + 0x90, 0x6A, 0x05, 0x89, 0xB4, 0xA9, 0xA4, 0x26, + 0x46, 0x9B, 0xDA, 0x39, 0x46, 0x09, 0x1A, 0x37, + 0x5B, 0x19, 0x52, 0xA9, 0x1C, 0x23, 0x1C, 0x0F, + 0xE6, 0xB5, 0x7F, 0x7C, 0xC9, 0x7E, 0xFE, 0xD0, + 0xBC, 0x10, 0x01, 0x36, 0x78, 0x23, 0xBE, 0x18, + 0x86, 0x30, 0x8B, 0x3A, 0x21, 0x45, 0x2B, 0x7E, + 0x45, 0x50, 0x66, 0x71, 0x9C, 0xCC, 0xEA, 0xF6, + 0xA7, 0x26, 0xFC, 0x22, 0xBC, 0x83, 0x99, 0xF5, + 0x4B, 0xBF, 0xCA, 0xF7, 0xCA, 0x63, 0xBA, 0x73, + 0x17, 0x3C, 0x7A, 0xA8, 0x61, 0x9A, 0x3F, 0x48, + 0x5C, 0x3E, 0x33, 0x04, 0x21, 0x00, 0x67, 0x66, + 0x74, 0x6F, 0x4E, 0xF6, 0x65, 0x3E, 0x44, 0x0E, + 0x5C, 0xDC, 0x59, 0x53, 0x40, 0x18, 0xC3, 0x52, + 0xC0, 0x23, 0x58, 0x4C, 0xBB, 0x37, 0x4E, 0xB7, + 0xA9, 0xB7, 0x83, 0x68, 0x32, 0xBE, 0x53, 0xAF, + 0x27, 0x2A, 0x06, 0x97, 0x55, 0xCE, 0x2F, 0xF2, + 0x9C, 0xD8, 0xB3, 0x94, 0xC5, 0x24, 0x22, 0xB3, + 0x47, 0x0E, 0x27, 0x41, 0x5F, 0x41, 0xB3, 0x97, + 0x53, 0x59, 0x59, 0xF1, 0x60, 0x00, 0x3B, 0x45, + 0x2C, 0xF4, 0x96, 0x97, 0xB7, 0xA5, 0x36, 0x89, + 0x85, 0x2B, 0xBE, 0x6C, 0xCF, 0xDF, 0xB4, 0x0B, + 0x48, 0xE9, 0x32, 0x8D, 0xE1, 0x15, 0x22, 0xD0, + 0xA4, 0x31, 0xB1, 0x15, 0xA5, 0xC0, 0xC2, 0xF4, + 0x30, 0x7D, 0x98, 0x62, 0xC0, 0xDD, 0x1B, 0x40, + 0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6, + 0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C, + 0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31, + 0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59, + 0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1, + 0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34, + 0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3, + 0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6, + 0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21, + 0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7, + 0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A, + 0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79, + 0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83, + 0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D, + 0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55, + 0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A, + 0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A, + 0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3, + 0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2, + 0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0, + 0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46, + 0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61, + 0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3, + 0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31, + 0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00, + 0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4, + 0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA, + 0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2, + 0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32, + 0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19, + 0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2, + 0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74, + 0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B, + 0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10, + 0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A, + 0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF, + 0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58, + 0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9, + 0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98, + 0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29, + 0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C, + 0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35, + 0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA, + 0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C, + 0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26, + 0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0, + 0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9, + 0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8, + 0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30, + 0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05, + 0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E, + 0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01, + 0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33, + 0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E, + 0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C, + 0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB, + 0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26, + 0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87, + 0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA, + 0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78, + 0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96, + 0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99, + 0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03, + 0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0, + 0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E, + 0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC, + 0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A, + 0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7, + 0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8, + 0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61, + 0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85, + 0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90, + 0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C, + 0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8, + 0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3, + 0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B, + 0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02, + 0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48, + 0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29, + 0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03, + 0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A, + 0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13, + 0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB, + 0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD, + 0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22, + 0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67, + 0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C, + 0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35, + 0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74, + 0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11, + 0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65, + 0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84, + 0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57, + 0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5, + 0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89, + 0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91, + 0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58, + 0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF, + 0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F, + 0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36, + 0xC0, 0xEC, 0xC8, 0xDD, 0xAE, 0x8B, 0x59, 0x4A, + 0x14, 0x03, 0x78, 0x68, 0xBE, 0xC0, 0xB2, 0x23, + 0x00, 0xDE, 0xFD, 0xFA, 0xA1, 0xD9, 0x73, 0xAC, + 0x5C, 0xEC, 0x84, 0xAE, 0x43, 0x86, 0xB8, 0xFB, + 0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42, + 0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2, + 0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E, + 0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC + }; #endif -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - ed448_key ed448Key; +#ifndef WOLFSSL_NO_KYBER768 + static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = { + 0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6, + 0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33, + 0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7, + 0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC, + 0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6, + 0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33, + 0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7, + 0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC + }; + static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { + 0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32, + 0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2, + 0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A, + 0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8, + 0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7, + 0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE, + 0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49, + 0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76, + 0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95, + 0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58, + 0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79, + 0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8, + 0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14, + 0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C, + 0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5, + 0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA, + 0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9, + 0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0, + 0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B, + 0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF, + 0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD, + 0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18, + 0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3, + 0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23, + 0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4, + 0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9, + 0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E, + 0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A, + 0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE, + 0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07, + 0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4, + 0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B, + 0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A, + 0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88, + 0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E, + 0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D, + 0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB, + 0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B, + 0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F, + 0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40, + 0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA, + 0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72, + 0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2, + 0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34, + 0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB, + 0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78, + 0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA, + 0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E, + 0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0, + 0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF, + 0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C, + 0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C, + 0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69, + 0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B, + 0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C, + 0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2, + 0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38, + 0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02, + 0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4, + 0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79, + 0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06, + 0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06, + 0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93, + 0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2, + 0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF, + 0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB, + 0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4, + 0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A, + 0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42, + 0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9, + 0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25, + 0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B, + 0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59, + 0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13, + 0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36, + 0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95, + 0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16, + 0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E, + 0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6, + 0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8, + 0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D, + 0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB, + 0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D, + 0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2, + 0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5, + 0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC, + 0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E, + 0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24, + 0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95, + 0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F, + 0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89, + 0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49, + 0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67, + 0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64, + 0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02, + 0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD, + 0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5, + 0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40, + 0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3, + 0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19, + 0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4, + 0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94, + 0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4, + 0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B, + 0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15, + 0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A, + 0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0, + 0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6, + 0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81, + 0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2, + 0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F, + 0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32, + 0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7, + 0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F, + 0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62, + 0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE, + 0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72, + 0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A, + 0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12, + 0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD, + 0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17, + 0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE, + 0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36, + 0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68, + 0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0, + 0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23, + 0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8, + 0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC, + 0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B, + 0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57, + 0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79, + 0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60, + 0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45, + 0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90, + 0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F, + 0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61, + 0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97, + 0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0, + 0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5, + 0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1, + 0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A, + 0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B, + 0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E, + 0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E, + 0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04, + 0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D, + 0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11, + 0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD + }; + static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { + 0x19, 0xD7, 0x4A, 0xD5, 0x47, 0x2A, 0x8B, 0x2B, + 0xAA, 0xD2, 0xA5, 0x67, 0x02, 0xC9, 0xB3, 0xB5, + 0x51, 0x0E, 0xF3, 0x92, 0x48, 0x58, 0x06, 0x1D, + 0x57, 0xF9, 0x0D, 0xD9, 0xA1, 0xA0, 0x1F, 0xEC, + 0x2F, 0x57, 0xC5, 0x1A, 0x88, 0x88, 0x05, 0x34, + 0x1B, 0x61, 0x7C, 0x51, 0x55, 0x39, 0x59, 0x77, + 0x50, 0x83, 0x5C, 0x3E, 0xD7, 0xA0, 0x33, 0xB0, + 0x39, 0xD7, 0x24, 0x91, 0x33, 0x2C, 0x5D, 0xF4, + 0xA6, 0x9B, 0x6D, 0xF2, 0x61, 0x71, 0x87, 0x7A, + 0xD1, 0xE5, 0x0A, 0xC5, 0x01, 0x00, 0xBE, 0x47, + 0x28, 0x78, 0x66, 0x85, 0xDA, 0x7A, 0x73, 0x9E, + 0x84, 0x3F, 0xF0, 0xD4, 0x59, 0x22, 0xD7, 0x28, + 0x1E, 0x21, 0x0D, 0x5E, 0x82, 0xB9, 0x44, 0x65, + 0x2F, 0x48, 0x62, 0xCF, 0xB3, 0xD9, 0x02, 0xDE, + 0x60, 0xAF, 0xD0, 0xA1, 0x64, 0x47, 0x1B, 0x26, + 0x14, 0x4A, 0x1D, 0x7A, 0x38, 0x09, 0x65, 0x03, + 0x09, 0x59, 0x11, 0x76, 0x2E, 0xBA, 0x79, 0x62, + 0xC4, 0x51, 0x1D, 0x05, 0xA1, 0x28, 0xF2, 0x78, + 0x1E, 0xCB, 0x3D, 0x1F, 0x5B, 0xB1, 0x24, 0x42, + 0x37, 0x61, 0x1A, 0xBA, 0xB9, 0x24, 0x99, 0x1F, + 0x8A, 0x27, 0x32, 0xE2, 0x70, 0x32, 0x35, 0x79, + 0x20, 0xF1, 0x97, 0xC7, 0x69, 0x2D, 0x60, 0xA9, + 0x44, 0x44, 0x72, 0x25, 0x8C, 0xB4, 0x57, 0xC1, + 0xB7, 0x1B, 0x77, 0x99, 0x54, 0x69, 0xF3, 0xA9, + 0x62, 0xF3, 0xAB, 0xA6, 0x69, 0x96, 0x14, 0xFC, + 0xCC, 0xEA, 0x74, 0x1E, 0x21, 0xC6, 0x00, 0xC4, + 0x35, 0x7B, 0xBF, 0xAB, 0x45, 0x29, 0x27, 0xC3, + 0xD4, 0x41, 0xBF, 0x8E, 0xD7, 0x31, 0x52, 0xF7, + 0x5C, 0x08, 0xF5, 0x40, 0xE1, 0x86, 0xAC, 0xCA, + 0x33, 0x26, 0xF4, 0x22, 0xC8, 0x4B, 0x98, 0x8D, + 0x77, 0xE6, 0x1A, 0xE6, 0x18, 0x59, 0xCF, 0x85, + 0x41, 0xF8, 0x92, 0x09, 0xE4, 0x98, 0x30, 0x40, + 0xC5, 0x61, 0x76, 0x54, 0x80, 0x88, 0x52, 0xB6, + 0x49, 0xB8, 0x99, 0xA3, 0x99, 0xAE, 0xC2, 0xC8, + 0xBB, 0xA8, 0xA5, 0x42, 0xF3, 0x45, 0xAB, 0xF2, + 0x81, 0x3F, 0x65, 0xE9, 0xA7, 0x91, 0xD3, 0x2C, + 0xC2, 0xD7, 0x60, 0x26, 0xFB, 0x8D, 0x0C, 0x94, + 0xB6, 0x57, 0x48, 0x9A, 0xBB, 0x48, 0x7D, 0xA4, + 0xA2, 0xC0, 0xE3, 0x86, 0x8D, 0x3C, 0xF4, 0x7F, + 0x1C, 0xBB, 0x2F, 0xA7, 0x9C, 0x53, 0xCF, 0xF6, + 0x26, 0x47, 0x77, 0xC0, 0x9B, 0x17, 0x7C, 0x91, + 0x31, 0x54, 0x84, 0xD2, 0xB3, 0x0B, 0x0C, 0xA2, + 0x1F, 0x55, 0xAD, 0xD2, 0x3C, 0x57, 0xE1, 0x91, + 0x1C, 0x3F, 0x08, 0x6B, 0xCA, 0xD2, 0x17, 0x98, + 0x48, 0x6E, 0xB4, 0x7B, 0x7C, 0x58, 0x57, 0x73, + 0x81, 0xC0, 0x9F, 0x52, 0x52, 0x58, 0x2D, 0x1B, + 0x27, 0xA7, 0xD5, 0xB8, 0xE0, 0x60, 0xCE, 0x78, + 0x20, 0x9C, 0xC8, 0x2B, 0xAE, 0x4D, 0xA6, 0x06, + 0x80, 0x0C, 0x8D, 0xB1, 0x26, 0x8F, 0x7A, 0xD2, + 0xB7, 0x93, 0xA4, 0x4F, 0x34, 0x61, 0x2C, 0xCE, + 0xA3, 0x1C, 0xE7, 0xD7, 0x96, 0xA6, 0x5A, 0x26, + 0x91, 0xD6, 0x15, 0x00, 0x62, 0x5F, 0x83, 0xE7, + 0xBE, 0x57, 0x07, 0x7E, 0xE9, 0xC1, 0xB8, 0xC1, + 0xCA, 0xA1, 0x37, 0xCC, 0x4B, 0x65, 0x73, 0x30, + 0x8C, 0x19, 0x66, 0x8B, 0x24, 0xB0, 0x1E, 0x96, + 0x69, 0x03, 0xAB, 0xBC, 0xB7, 0x9B, 0x67, 0xBE, + 0x0A, 0x3E, 0x3E, 0x05, 0x8A, 0xAD, 0xA1, 0x89, + 0xB9, 0xEA, 0x80, 0x35, 0x9A, 0xC2, 0x6F, 0x4C, + 0x5C, 0x53, 0x73, 0x5F, 0xE4, 0xFC, 0x35, 0x24, + 0x73, 0x37, 0x76, 0x0C, 0xCA, 0x35, 0x29, 0xB8, + 0xD2, 0x66, 0xBB, 0x6C, 0x48, 0x01, 0x06, 0x54, + 0xCD, 0xBC, 0x5A, 0x3E, 0x97, 0x57, 0x52, 0x46, + 0x75, 0xAB, 0xC4, 0x13, 0x13, 0x0C, 0xC2, 0x70, + 0x1F, 0x28, 0x93, 0x3E, 0xAB, 0xB8, 0x39, 0x2B, + 0x0D, 0x6D, 0x05, 0x9C, 0xFC, 0x3A, 0x30, 0x32, + 0x6C, 0x4F, 0xCC, 0x81, 0x0B, 0x37, 0xA4, 0x74, + 0x8C, 0x1C, 0x53, 0x92, 0x8A, 0x49, 0x13, 0xE4, + 0x8B, 0x18, 0x66, 0x97, 0x16, 0x2C, 0x33, 0xFF, + 0xFB, 0x06, 0xDD, 0x51, 0x61, 0xC8, 0x63, 0x9D, + 0xB1, 0x95, 0xC6, 0xCA, 0x64, 0x82, 0x9B, 0x2B, + 0x3A, 0x2E, 0x4C, 0x96, 0x83, 0xB6, 0x6D, 0xF7, + 0xFB, 0x19, 0x09, 0x90, 0x4E, 0x00, 0x02, 0x0D, + 0xBA, 0x13, 0x4E, 0x02, 0xA1, 0x68, 0xD7, 0x6A, + 0xC0, 0x76, 0xBB, 0x77, 0xD4, 0xDC, 0x84, 0x96, + 0xB4, 0xBB, 0xE7, 0xB4, 0x69, 0x0B, 0xA2, 0x9B, + 0x62, 0xA9, 0x1A, 0xBE, 0x72, 0xBE, 0xF3, 0x23, + 0xA4, 0x4C, 0x89, 0x03, 0xE4, 0x82, 0xB6, 0x0D, + 0x99, 0xBA, 0x61, 0xD1, 0xBB, 0xCF, 0x9C, 0xB9, + 0x67, 0x35, 0x34, 0xC1, 0xD6, 0x47, 0x66, 0x23, + 0x74, 0xEE, 0x2C, 0x7C, 0x5F, 0x00, 0x81, 0xBA, + 0xD1, 0x49, 0xF4, 0x42, 0x06, 0x71, 0x76, 0x84, + 0xD9, 0x74, 0x6B, 0x20, 0x48, 0x63, 0x3A, 0xF7, + 0xA6, 0x8C, 0x68, 0x65, 0xFB, 0x59, 0x03, 0x58, + 0xD8, 0xCF, 0x82, 0x14, 0x58, 0x36, 0x9B, 0x0C, + 0x31, 0xEB, 0x59, 0x7C, 0xF5, 0xBE, 0x78, 0xEB, + 0x48, 0x0E, 0xA0, 0x4E, 0x35, 0xFA, 0xCC, 0x38, + 0x03, 0x72, 0xC8, 0xC0, 0xA0, 0x4D, 0xE2, 0x76, + 0xB1, 0xA7, 0x21, 0x21, 0xE5, 0x96, 0xCB, 0xB2, + 0x5E, 0xF7, 0x53, 0x6A, 0xD3, 0x80, 0x41, 0x84, + 0xA8, 0x7B, 0xDF, 0xB5, 0xA7, 0x69, 0x16, 0x0B, + 0xFB, 0xB0, 0xCA, 0x3C, 0x36, 0x07, 0x90, 0xE5, + 0x56, 0x2B, 0xB7, 0x8E, 0xFE, 0x00, 0x69, 0xC7, + 0x74, 0x83, 0xAD, 0x35, 0xCA, 0xC2, 0x37, 0xC6, + 0x1D, 0xE7, 0x8A, 0x7D, 0xB4, 0x6F, 0xC9, 0x17, + 0x12, 0x4C, 0xA1, 0x75, 0x10, 0xDB, 0x7D, 0xA2, + 0x18, 0x89, 0x0F, 0x44, 0x8E, 0xF6, 0x31, 0x86, + 0x13, 0xA1, 0xC9, 0x7C, 0x92, 0x8E, 0x2B, 0x7B, + 0x6A, 0x54, 0x61, 0x7B, 0xCC, 0xB6, 0xCD, 0xF2, + 0x78, 0xAE, 0x54, 0x2B, 0x56, 0xAD, 0x7B, 0xB5, + 0xEC, 0xD8, 0xC4, 0x6A, 0x66, 0xC4, 0xFA, 0x09, + 0x50, 0xCE, 0x41, 0x35, 0x2C, 0xB8, 0x57, 0x11, + 0x89, 0x04, 0x58, 0xF2, 0x99, 0xBF, 0x40, 0xBA, + 0x6F, 0xF2, 0xC0, 0x71, 0x38, 0x62, 0x26, 0x8B, + 0x5F, 0x08, 0xE4, 0x98, 0x45, 0xB0, 0x94, 0x43, + 0x99, 0x7A, 0xB2, 0x9A, 0x62, 0x07, 0x3C, 0x0D, + 0x98, 0x18, 0xC0, 0x20, 0x16, 0x7D, 0x47, 0x49, + 0x23, 0x1C, 0x05, 0x9E, 0x6F, 0x48, 0x3F, 0x97, + 0x68, 0x17, 0xC9, 0x0C, 0x20, 0xA9, 0xC9, 0x37, + 0x07, 0x9C, 0x2D, 0x4B, 0xE3, 0x0D, 0xA9, 0x74, + 0xA9, 0x7E, 0x4B, 0xC5, 0x3E, 0xD9, 0x6A, 0x55, + 0x16, 0x9F, 0x4A, 0x23, 0xA3, 0xEA, 0x24, 0xBD, + 0x8E, 0x01, 0xB8, 0xFA, 0xEB, 0x95, 0xD4, 0xE5, + 0x3F, 0xFF, 0xEC, 0xB6, 0x08, 0x02, 0xC3, 0x88, + 0xA4, 0x0F, 0x46, 0x60, 0x54, 0x0B, 0x1B, 0x1F, + 0x81, 0x76, 0xC9, 0x81, 0x1B, 0xB2, 0x6A, 0x68, + 0x3C, 0xA7, 0x89, 0x56, 0x4A, 0x29, 0x40, 0xFC, + 0xEB, 0x2C, 0xE6, 0xA9, 0x2A, 0x1E, 0xE4, 0x5E, + 0xE4, 0xC3, 0x18, 0x57, 0xC9, 0xB9, 0xB8, 0xB5, + 0x6A, 0x79, 0xD9, 0x5A, 0x46, 0xCB, 0x39, 0x3A, + 0x31, 0xA2, 0x73, 0x7B, 0xAF, 0xEA, 0x6C, 0x81, + 0x06, 0x6A, 0x67, 0x2B, 0x34, 0xC1, 0x0A, 0xA9, + 0x89, 0x57, 0xC9, 0x17, 0x66, 0xB7, 0x30, 0x03, + 0x6A, 0x56, 0xD9, 0x40, 0xAA, 0x4E, 0xBC, 0xB7, + 0x58, 0xB0, 0x83, 0x51, 0xE2, 0xC4, 0xFD, 0x19, + 0x45, 0x3B, 0xF3, 0xA6, 0x29, 0x2A, 0x99, 0x3D, + 0x67, 0xC7, 0xEC, 0xC7, 0x2F, 0x42, 0xF7, 0x82, + 0xE9, 0xEB, 0xAA, 0x1A, 0x8B, 0x3B, 0x0F, 0x56, + 0x7A, 0xB3, 0x94, 0x21, 0xF6, 0xA6, 0x7A, 0x6B, + 0x84, 0x10, 0xFD, 0x94, 0xA7, 0x21, 0xD3, 0x65, + 0xF1, 0x63, 0x9E, 0x9D, 0xDA, 0xBF, 0xD0, 0xA6, + 0xCE, 0x1A, 0x46, 0x05, 0xBD, 0x2B, 0x1C, 0x9B, + 0x97, 0x7B, 0xD1, 0xEA, 0x32, 0x86, 0x73, 0x68, + 0xD6, 0xE6, 0x39, 0xD0, 0x19, 0xAC, 0x10, 0x18, + 0x53, 0xBC, 0x15, 0x3C, 0x86, 0xF8, 0x52, 0x80, + 0xFC, 0x76, 0x3B, 0xA2, 0x4F, 0xB5, 0x7A, 0x29, + 0x6C, 0xB1, 0x2D, 0x32, 0xE0, 0x8A, 0xB3, 0x2C, + 0x55, 0x1D, 0x5A, 0x45, 0xA4, 0xA2, 0x8F, 0x9A, + 0xDC, 0x28, 0xF7, 0xA2, 0x90, 0x0E, 0x25, 0xA4, + 0x0B, 0x51, 0x90, 0xB2, 0x2A, 0xB1, 0x9D, 0xFB, + 0x24, 0x6F, 0x42, 0xB2, 0x4F, 0x97, 0xCC, 0xA9, + 0xB0, 0x9B, 0xEA, 0xD2, 0x46, 0xE1, 0x73, 0x4F, + 0x44, 0x66, 0x77, 0xB3, 0x8B, 0x75, 0x22, 0xB7, + 0x80, 0x72, 0x7C, 0x11, 0x74, 0x40, 0xC9, 0xF1, + 0xA0, 0x24, 0x52, 0x0C, 0x14, 0x1A, 0x69, 0xCD, + 0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32, + 0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2, + 0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A, + 0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8, + 0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7, + 0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE, + 0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49, + 0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76, + 0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95, + 0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58, + 0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79, + 0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8, + 0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14, + 0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C, + 0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5, + 0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA, + 0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9, + 0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0, + 0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B, + 0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF, + 0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD, + 0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18, + 0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3, + 0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23, + 0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4, + 0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9, + 0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E, + 0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A, + 0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE, + 0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07, + 0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4, + 0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B, + 0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A, + 0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88, + 0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E, + 0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D, + 0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB, + 0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B, + 0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F, + 0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40, + 0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA, + 0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72, + 0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2, + 0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34, + 0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB, + 0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78, + 0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA, + 0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E, + 0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0, + 0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF, + 0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C, + 0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C, + 0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69, + 0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B, + 0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C, + 0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2, + 0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38, + 0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02, + 0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4, + 0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79, + 0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06, + 0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06, + 0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93, + 0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2, + 0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF, + 0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB, + 0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4, + 0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A, + 0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42, + 0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9, + 0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25, + 0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B, + 0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59, + 0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13, + 0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36, + 0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95, + 0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16, + 0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E, + 0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6, + 0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8, + 0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D, + 0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB, + 0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D, + 0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2, + 0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5, + 0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC, + 0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E, + 0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24, + 0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95, + 0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F, + 0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89, + 0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49, + 0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67, + 0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64, + 0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02, + 0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD, + 0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5, + 0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40, + 0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3, + 0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19, + 0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4, + 0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94, + 0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4, + 0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B, + 0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15, + 0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A, + 0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0, + 0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6, + 0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81, + 0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2, + 0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F, + 0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32, + 0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7, + 0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F, + 0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62, + 0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE, + 0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72, + 0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A, + 0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12, + 0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD, + 0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17, + 0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE, + 0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36, + 0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68, + 0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0, + 0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23, + 0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8, + 0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC, + 0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B, + 0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57, + 0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79, + 0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60, + 0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45, + 0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90, + 0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F, + 0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61, + 0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97, + 0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0, + 0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5, + 0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1, + 0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A, + 0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B, + 0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E, + 0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E, + 0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04, + 0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D, + 0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11, + 0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD, + 0xEC, 0xE9, 0xE2, 0x46, 0xAA, 0xD1, 0x10, 0x21, + 0xA6, 0x7B, 0x20, 0xEB, 0x8F, 0x77, 0x65, 0xAC, + 0x28, 0x23, 0xA9, 0xD1, 0x8C, 0x93, 0xEC, 0x28, + 0x2D, 0x6D, 0xBC, 0x53, 0xCD, 0x6D, 0xF5, 0x75, + 0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6, + 0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33, + 0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7, + 0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC + }; #endif - -#ifndef HAVE_FIPS - ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); -#else - ExpectIntEQ(wc_InitRng(&rng), 0); +#ifndef WOLFSSL_NO_KYBER1024 + static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = { + 0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED, + 0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA, + 0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C, + 0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C, + 0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED, + 0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA, + 0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C, + 0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C + }; + static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { + 0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4, + 0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60, + 0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B, + 0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90, + 0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C, + 0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22, + 0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4, + 0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C, + 0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C, + 0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45, + 0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA, + 0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27, + 0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80, + 0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F, + 0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14, + 0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5, + 0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB, + 0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83, + 0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86, + 0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03, + 0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB, + 0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73, + 0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B, + 0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33, + 0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52, + 0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0, + 0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A, + 0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14, + 0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3, + 0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92, + 0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC, + 0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0, + 0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8, + 0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A, + 0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A, + 0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C, + 0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38, + 0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07, + 0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C, + 0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7, + 0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59, + 0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51, + 0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03, + 0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74, + 0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E, + 0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA, + 0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54, + 0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F, + 0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72, + 0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA, + 0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30, + 0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20, + 0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53, + 0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85, + 0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63, + 0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3, + 0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14, + 0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97, + 0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B, + 0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28, + 0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C, + 0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23, + 0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36, + 0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B, + 0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87, + 0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78, + 0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69, + 0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A, + 0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7, + 0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA, + 0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02, + 0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5, + 0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A, + 0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5, + 0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C, + 0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6, + 0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44, + 0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07, + 0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0, + 0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C, + 0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19, + 0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1, + 0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62, + 0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99, + 0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89, + 0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B, + 0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E, + 0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22, + 0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7, + 0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9, + 0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20, + 0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97, + 0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F, + 0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A, + 0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB, + 0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53, + 0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29, + 0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03, + 0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8, + 0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9, + 0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E, + 0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A, + 0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0, + 0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82, + 0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13, + 0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0, + 0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD, + 0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15, + 0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A, + 0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38, + 0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92, + 0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7, + 0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C, + 0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68, + 0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73, + 0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92, + 0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A, + 0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06, + 0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95, + 0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69, + 0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76, + 0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB, + 0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4, + 0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7, + 0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60, + 0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56, + 0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55, + 0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE, + 0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC, + 0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3, + 0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F, + 0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF, + 0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72, + 0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19, + 0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75, + 0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96, + 0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0, + 0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F, + 0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2, + 0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1, + 0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B, + 0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04, + 0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70, + 0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B, + 0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5, + 0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56, + 0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71, + 0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94, + 0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56, + 0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F, + 0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93, + 0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF, + 0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31, + 0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25, + 0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F, + 0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F, + 0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6, + 0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80, + 0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98, + 0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68, + 0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11, + 0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F, + 0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54, + 0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9, + 0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B, + 0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33, + 0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00, + 0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D, + 0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA, + 0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC, + 0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1, + 0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C, + 0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD, + 0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F, + 0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2, + 0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3, + 0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70, + 0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB, + 0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6, + 0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93, + 0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9, + 0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC, + 0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21, + 0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08, + 0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2, + 0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37, + 0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0, + 0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72, + 0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35, + 0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4, + 0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7, + 0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87, + 0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52, + 0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83, + 0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F, + 0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B + }; + static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { + 0x8A, 0xD0, 0xB5, 0xF0, 0x9A, 0x25, 0xAA, 0x93, + 0x5D, 0xD9, 0xDA, 0x34, 0xAB, 0x82, 0xCA, 0x75, + 0xA1, 0x2D, 0x66, 0xE9, 0x9C, 0xF4, 0x8B, 0xCA, + 0x45, 0xB9, 0xB2, 0xDB, 0x44, 0x1B, 0xC2, 0x97, + 0x1B, 0xDC, 0x99, 0x22, 0xB5, 0xF8, 0xBC, 0x3C, + 0x06, 0x78, 0x54, 0x67, 0x59, 0x07, 0x3C, 0xB8, + 0x8E, 0x26, 0xBA, 0xD1, 0xB1, 0xB3, 0xA4, 0x64, + 0x6A, 0x65, 0x29, 0xC6, 0x32, 0xEA, 0xA3, 0x47, + 0x73, 0x4A, 0x3B, 0xE5, 0x83, 0xD4, 0x71, 0x78, + 0x09, 0x4C, 0x4A, 0x67, 0x0C, 0xBC, 0x41, 0xEC, + 0x06, 0x89, 0x76, 0x56, 0x68, 0x54, 0x2E, 0x6F, + 0x15, 0xA7, 0xD5, 0x86, 0xC9, 0xE2, 0x6A, 0x6A, + 0x03, 0xC7, 0x14, 0x69, 0xC2, 0xC5, 0x3F, 0x7B, + 0x14, 0x1B, 0x23, 0x2D, 0x86, 0x21, 0x6A, 0x25, + 0xC7, 0xA8, 0xF3, 0x68, 0x52, 0x85, 0x8C, 0x07, + 0xA9, 0x52, 0x4E, 0xE1, 0x7B, 0xA6, 0x34, 0x0A, + 0xA2, 0xA2, 0x15, 0xC1, 0xEA, 0x85, 0x21, 0x67, + 0xB6, 0x89, 0x1C, 0xC1, 0x66, 0xC2, 0xFA, 0x13, + 0xA0, 0x27, 0x0A, 0x22, 0x98, 0x34, 0x13, 0xE0, + 0xAC, 0xC4, 0x44, 0xBF, 0x40, 0xE2, 0x8C, 0x45, + 0xE1, 0x4E, 0x07, 0x40, 0x4F, 0x62, 0x99, 0x63, + 0x69, 0x59, 0x7F, 0x10, 0xFC, 0xC1, 0x80, 0xEC, + 0xAC, 0xAD, 0x1A, 0x67, 0x19, 0xAB, 0x9F, 0x1B, + 0x44, 0x7A, 0xE1, 0x9A, 0x2C, 0xB0, 0x2A, 0x7D, + 0x04, 0x20, 0x61, 0x72, 0x16, 0x8C, 0x4F, 0x0A, + 0x99, 0xBA, 0xFA, 0x93, 0x2D, 0x66, 0x49, 0xE8, + 0x94, 0xA8, 0xF0, 0x57, 0x7B, 0x81, 0xC6, 0x64, + 0x83, 0xC5, 0xB5, 0xCF, 0x60, 0xAE, 0x75, 0xA4, + 0x44, 0x52, 0x6A, 0x9B, 0x36, 0x74, 0x32, 0x5F, + 0xBA, 0x38, 0xF5, 0x32, 0x96, 0x42, 0x1A, 0x78, + 0x50, 0x11, 0xC1, 0xDD, 0xB3, 0xA6, 0x99, 0x77, + 0x45, 0xDB, 0x83, 0xCD, 0x58, 0x3C, 0x0C, 0x41, + 0x77, 0xC7, 0x97, 0xD4, 0x0A, 0x4F, 0x69, 0x9F, + 0x1F, 0x40, 0xC5, 0x41, 0x3A, 0xC4, 0xE4, 0x23, + 0x73, 0x49, 0x2B, 0x6A, 0x2C, 0x6A, 0x40, 0x6D, + 0x43, 0x7F, 0x42, 0x57, 0x0B, 0x5E, 0x94, 0x9E, + 0xF4, 0x35, 0x0D, 0xEA, 0x79, 0x0C, 0xFE, 0xB7, + 0x2D, 0x12, 0x87, 0x51, 0x7F, 0xE3, 0x27, 0x3D, + 0x3C, 0xA6, 0x5A, 0x13, 0xCA, 0x6E, 0x23, 0xC5, + 0x7B, 0xF0, 0x7D, 0xA0, 0x4B, 0x85, 0x1C, 0xF3, + 0xAF, 0xA1, 0x8B, 0xAF, 0x5E, 0xF0, 0x20, 0x79, + 0x28, 0x57, 0xA9, 0xE7, 0x21, 0xF0, 0x1B, 0x9F, + 0xEA, 0x7B, 0x61, 0x2E, 0x4C, 0x6E, 0x29, 0x07, + 0x93, 0x66, 0xB0, 0x22, 0x86, 0x88, 0xBE, 0x2A, + 0x06, 0x7F, 0xBE, 0x92, 0x84, 0x2D, 0xD2, 0x80, + 0xB3, 0xC7, 0x4D, 0xFA, 0xB7, 0x61, 0xE6, 0x13, + 0xA8, 0x60, 0x4C, 0x47, 0x6E, 0x15, 0x46, 0x66, + 0x85, 0xC6, 0x95, 0xAC, 0x35, 0x79, 0x1A, 0x91, + 0x59, 0x94, 0x2F, 0x60, 0x17, 0x0C, 0xA2, 0x14, + 0xC7, 0xC0, 0x9B, 0x1A, 0x4B, 0x1B, 0xCC, 0x4F, + 0x4C, 0xC6, 0x0D, 0xF0, 0x1A, 0x10, 0x19, 0x15, + 0xA9, 0xA2, 0xBC, 0x55, 0x31, 0x19, 0x66, 0x50, + 0x32, 0xDC, 0xD9, 0x47, 0x6F, 0xBA, 0x7B, 0xB0, + 0x71, 0x57, 0xD3, 0x3C, 0x9C, 0x8E, 0xFA, 0x6B, + 0xD0, 0xAC, 0x38, 0xC1, 0xAC, 0x26, 0x5F, 0xB5, + 0x18, 0x57, 0xD0, 0x15, 0x17, 0x61, 0x53, 0x26, + 0xCA, 0x0E, 0x08, 0x65, 0x0B, 0xA6, 0xFA, 0x40, + 0x83, 0x2C, 0x7B, 0x4C, 0x41, 0xB6, 0x44, 0x71, + 0x60, 0x22, 0xB6, 0x52, 0xB1, 0x92, 0x7D, 0x55, + 0xC9, 0xB3, 0x7F, 0xE2, 0x5F, 0x1A, 0xB6, 0x7A, + 0x9A, 0x03, 0xC7, 0x00, 0x8C, 0x84, 0xB0, 0x7C, + 0x49, 0x26, 0xB6, 0x38, 0x1E, 0x40, 0xCF, 0xD4, + 0x41, 0x04, 0x12, 0x35, 0x18, 0x74, 0x16, 0xCE, + 0xC3, 0x66, 0xCA, 0x6F, 0xB7, 0x6F, 0xA0, 0xAB, + 0x6E, 0x32, 0x8A, 0x26, 0x41, 0xFC, 0x47, 0xDC, + 0xD7, 0x6E, 0x91, 0xCA, 0x94, 0x31, 0xE1, 0x9B, + 0xFF, 0x02, 0xCE, 0x62, 0x28, 0xC2, 0x33, 0x63, + 0x82, 0xF8, 0xA1, 0x0E, 0x9E, 0xE2, 0xC8, 0xF1, + 0x75, 0x93, 0x90, 0xA2, 0x00, 0x24, 0xA1, 0x5B, + 0x3B, 0x09, 0x0C, 0x13, 0x90, 0xCA, 0x03, 0x43, + 0x79, 0x72, 0x84, 0x24, 0x6B, 0xD8, 0x94, 0x35, + 0x07, 0xB7, 0xA6, 0xB7, 0x1F, 0xC3, 0x3A, 0x03, + 0xB7, 0xA8, 0x83, 0x66, 0xE4, 0xAF, 0xED, 0x51, + 0x57, 0x39, 0xE5, 0xC6, 0x9F, 0x8A, 0x26, 0x6E, + 0x4A, 0x1F, 0x53, 0xD7, 0x39, 0x30, 0xE9, 0x87, + 0x55, 0x69, 0x31, 0x2B, 0x27, 0x03, 0x7E, 0x5C, + 0x7F, 0x85, 0x21, 0x00, 0xC2, 0xBA, 0x36, 0x48, + 0xB1, 0xB9, 0xC1, 0xB1, 0x49, 0xF6, 0x25, 0x0E, + 0x0A, 0x6B, 0x06, 0x52, 0x13, 0x13, 0x4F, 0x30, + 0x25, 0x69, 0x75, 0x5B, 0x8C, 0x5C, 0x4F, 0xFC, + 0x68, 0x0B, 0xF7, 0x81, 0x18, 0x45, 0x34, 0x00, + 0x35, 0xF1, 0x70, 0xB0, 0x68, 0xBA, 0x67, 0xA4, + 0xC3, 0xB0, 0x16, 0x6D, 0x03, 0xCC, 0x82, 0x61, + 0x84, 0x01, 0x90, 0xA2, 0x0F, 0x9A, 0x3B, 0x1E, + 0xF4, 0x65, 0xC2, 0xF2, 0x18, 0x2D, 0xA8, 0xDA, + 0x8D, 0x3B, 0x3C, 0x8C, 0xB1, 0x29, 0x15, 0xF7, + 0xD9, 0x3E, 0x04, 0xD8, 0x84, 0x0C, 0x35, 0x67, + 0x25, 0x5A, 0x7B, 0xD6, 0xD4, 0x33, 0xCF, 0x10, + 0x68, 0xD8, 0x84, 0x52, 0xCF, 0xC1, 0x1F, 0x99, + 0x1B, 0x7C, 0xE3, 0x79, 0x27, 0xD6, 0xCA, 0xAE, + 0x88, 0x10, 0x74, 0x2F, 0x42, 0x14, 0x8B, 0x89, + 0x6E, 0xC4, 0xEB, 0xB5, 0x34, 0x03, 0x86, 0x31, + 0x5B, 0x2C, 0x1E, 0x2B, 0x43, 0x91, 0x5C, 0x04, + 0x54, 0x9C, 0xC8, 0xC1, 0x9A, 0xB4, 0x0E, 0x3B, + 0x7C, 0x31, 0x1B, 0x42, 0x61, 0x10, 0xA9, 0xBB, + 0xB1, 0x8D, 0x3B, 0x99, 0x2A, 0x42, 0xC0, 0x18, + 0x92, 0x90, 0xBE, 0x67, 0x3A, 0x39, 0x7C, 0x40, + 0x90, 0x44, 0x3B, 0x88, 0xC5, 0xD5, 0xC5, 0x65, + 0xA1, 0x0F, 0xEA, 0x05, 0x60, 0x3D, 0x36, 0x24, + 0x4A, 0x4A, 0xA8, 0xE9, 0x25, 0x5C, 0xF1, 0x84, + 0xAE, 0x69, 0x53, 0x5A, 0x83, 0x99, 0xC1, 0xC6, + 0xF7, 0x6C, 0xF2, 0x34, 0x2A, 0xDF, 0xEA, 0x6A, + 0x44, 0x7B, 0xB4, 0x50, 0x1B, 0x9A, 0x6C, 0x44, + 0x59, 0x3E, 0xB0, 0x43, 0xE7, 0xA5, 0x50, 0x2F, + 0x58, 0x6C, 0xF3, 0x40, 0x7D, 0xEB, 0x7A, 0x0F, + 0xC3, 0x2B, 0x3F, 0x46, 0xF1, 0x24, 0x5C, 0x55, + 0x96, 0xE0, 0xF1, 0xBE, 0xD9, 0x37, 0x20, 0x7C, + 0x45, 0x09, 0xE1, 0xD8, 0x98, 0x5B, 0xE7, 0x45, + 0xFD, 0x69, 0xBF, 0x44, 0x80, 0x92, 0x43, 0x30, + 0x28, 0xBE, 0x25, 0x95, 0x90, 0x33, 0x11, 0x47, + 0x95, 0x86, 0xA3, 0x4B, 0x2D, 0x49, 0x10, 0x74, + 0x10, 0xBC, 0x4B, 0xD2, 0x96, 0x53, 0x17, 0xFC, + 0x76, 0x35, 0x2B, 0x63, 0x8D, 0xF3, 0xB3, 0xA3, + 0x15, 0x32, 0x50, 0x26, 0x80, 0x9E, 0x3B, 0xC4, + 0x60, 0x8C, 0x0B, 0x2C, 0xB8, 0x4D, 0xF0, 0xC9, + 0x5B, 0xC0, 0x52, 0x70, 0x7F, 0xC1, 0xA3, 0x77, + 0xB2, 0xB4, 0x65, 0xEB, 0x7A, 0x5D, 0x64, 0x4A, + 0xB4, 0x27, 0x8D, 0xDC, 0xE5, 0xB6, 0x1E, 0x2B, + 0xB3, 0xA7, 0x10, 0x52, 0x55, 0x5C, 0xB3, 0xBA, + 0xC6, 0x93, 0xEF, 0x02, 0x5F, 0xF0, 0x03, 0x53, + 0xFB, 0x76, 0x94, 0x5B, 0x8A, 0xA3, 0xE9, 0x95, + 0x0F, 0x92, 0x73, 0x81, 0x87, 0x91, 0xCC, 0xAD, + 0x56, 0x88, 0x46, 0x58, 0x14, 0x2A, 0x2B, 0x4D, + 0xF3, 0xC5, 0x7E, 0xCA, 0x13, 0xAD, 0x44, 0xB4, + 0x9B, 0x63, 0x46, 0xC6, 0x3E, 0xE8, 0x90, 0x78, + 0x58, 0x9E, 0x9E, 0xB9, 0xA9, 0x80, 0x4A, 0x03, + 0xBF, 0x7A, 0x27, 0x6F, 0x86, 0xB9, 0x67, 0x6C, + 0x58, 0xD3, 0xE7, 0x1D, 0x2C, 0x87, 0x70, 0x80, + 0x4A, 0x61, 0x59, 0x21, 0x78, 0xB4, 0x49, 0xC7, + 0x95, 0x5B, 0xBE, 0x8C, 0xF4, 0x2F, 0x31, 0x67, + 0x25, 0xE3, 0xB1, 0x6D, 0x55, 0xB5, 0x27, 0xCF, + 0xB2, 0x32, 0x68, 0x1B, 0x21, 0xB2, 0xCB, 0x2F, + 0x30, 0xAC, 0x76, 0x01, 0x5B, 0xB5, 0x41, 0x6A, + 0x04, 0x11, 0xC1, 0x74, 0x58, 0x92, 0x41, 0x2E, + 0x68, 0x3A, 0x98, 0xD7, 0x36, 0xED, 0x1A, 0x4C, + 0xD9, 0x80, 0x61, 0x7D, 0x08, 0x21, 0xC2, 0xAB, + 0x02, 0x82, 0x07, 0x0A, 0x61, 0x1A, 0x11, 0xD1, + 0x97, 0x01, 0xFB, 0xD5, 0x5A, 0x21, 0x27, 0xB3, + 0x24, 0xE6, 0x90, 0x1D, 0x84, 0x98, 0x6C, 0x04, + 0x64, 0xDE, 0x71, 0x20, 0xAF, 0x45, 0x10, 0xAF, + 0x59, 0x1D, 0xD9, 0xBB, 0x79, 0x47, 0x9C, 0x5F, + 0xA8, 0x87, 0x14, 0xC6, 0xA9, 0x97, 0x14, 0xF7, + 0x6A, 0x1E, 0x40, 0x2C, 0x8F, 0x38, 0x4A, 0x4E, + 0xE6, 0xBC, 0xD4, 0x15, 0x00, 0x72, 0x4C, 0xC1, + 0x79, 0x3A, 0xBF, 0xD8, 0xD3, 0xC2, 0xF3, 0x20, + 0x39, 0x71, 0x34, 0xB0, 0x0F, 0x76, 0x2D, 0xBA, + 0x85, 0xA2, 0x3A, 0xF1, 0x55, 0xE6, 0xCC, 0x03, + 0x73, 0x80, 0xC1, 0xDD, 0x64, 0xA9, 0x73, 0xDB, + 0x35, 0xB7, 0x44, 0x70, 0x44, 0x8B, 0x24, 0x21, + 0x20, 0x62, 0x76, 0x47, 0x87, 0xE5, 0xA9, 0x3A, + 0x48, 0x80, 0x71, 0x71, 0xA7, 0x71, 0x5C, 0xFC, + 0x89, 0xBC, 0xBC, 0x9E, 0x14, 0x18, 0x86, 0xF8, + 0x07, 0xA1, 0xF9, 0xD6, 0x84, 0xC8, 0x42, 0x6F, + 0x01, 0x22, 0x88, 0x7D, 0x9C, 0x4C, 0x27, 0xEA, + 0x69, 0xCC, 0x15, 0x1B, 0x4D, 0x49, 0xB5, 0x1E, + 0x5A, 0x4E, 0xAA, 0xA5, 0xAD, 0x06, 0xAB, 0xA8, + 0x6D, 0xF9, 0x42, 0xE9, 0x86, 0xA5, 0xD5, 0x79, + 0x20, 0x80, 0xFC, 0x48, 0x03, 0x96, 0xB3, 0x94, + 0x86, 0x68, 0xFB, 0x38, 0x2C, 0xC8, 0xFC, 0x15, + 0x47, 0x48, 0xCB, 0x30, 0xB7, 0x64, 0x1F, 0x02, + 0x70, 0xC8, 0x34, 0x38, 0xB4, 0xFC, 0x3D, 0x19, + 0x01, 0x26, 0x58, 0x80, 0x40, 0x51, 0x77, 0xBC, + 0x7F, 0x44, 0x78, 0x82, 0x51, 0xAB, 0xC4, 0x74, + 0x27, 0x35, 0x31, 0x21, 0x2A, 0x66, 0x27, 0x9E, + 0x70, 0x33, 0x7A, 0x23, 0x09, 0xFD, 0xF4, 0x9E, + 0x05, 0x9B, 0xBD, 0xAF, 0x49, 0x73, 0xA5, 0x37, + 0x7A, 0x4D, 0x51, 0x7B, 0xA7, 0x55, 0x70, 0x2C, + 0x37, 0xCC, 0x35, 0x56, 0x85, 0x40, 0x4C, 0x95, + 0x2F, 0xB6, 0x7E, 0x04, 0x19, 0xC7, 0x8D, 0x15, + 0x84, 0xD0, 0x94, 0x92, 0x54, 0xD0, 0x49, 0x52, + 0xF7, 0x24, 0x3B, 0xF1, 0x40, 0x28, 0x03, 0xC9, + 0xFC, 0x73, 0x73, 0x25, 0x88, 0x13, 0x78, 0xCA, + 0x77, 0xEE, 0xF5, 0xC4, 0x15, 0xFB, 0x03, 0x7D, + 0x68, 0x9A, 0x58, 0x54, 0xA1, 0xD2, 0x4B, 0x65, + 0x27, 0xA5, 0x9B, 0x9B, 0x16, 0x95, 0x93, 0x84, + 0x35, 0x8C, 0x42, 0x3C, 0x79, 0x64, 0x5C, 0xCF, + 0x31, 0x33, 0xE2, 0x1B, 0x4B, 0x64, 0x95, 0x7B, + 0x14, 0xF6, 0x3F, 0x2A, 0xA2, 0x63, 0x57, 0xB1, + 0xC2, 0x62, 0xF2, 0xA9, 0x0F, 0x7C, 0xCC, 0x2A, + 0x15, 0x93, 0x69, 0x99, 0xB0, 0xA1, 0xB4, 0x98, + 0xAB, 0x3B, 0x32, 0x43, 0x30, 0x32, 0xC9, 0xCA, + 0x23, 0x08, 0x1C, 0x55, 0xD3, 0x1C, 0xAD, 0x36, + 0xE9, 0x0C, 0x1C, 0xE0, 0xB5, 0xFC, 0x24, 0x7C, + 0xE8, 0xC8, 0x43, 0xF2, 0x88, 0x35, 0x24, 0xB6, + 0x64, 0xFA, 0xC1, 0xB2, 0x0B, 0xE6, 0x02, 0xA1, + 0x0A, 0xAF, 0x65, 0x73, 0x86, 0x80, 0xBB, 0x10, + 0x25, 0x44, 0x26, 0xF9, 0xCB, 0x09, 0xA1, 0x95, + 0x4D, 0xB7, 0x65, 0x56, 0x22, 0x30, 0x8F, 0xAE, + 0xF5, 0x05, 0xAC, 0xB4, 0x97, 0x55, 0x4A, 0x8F, + 0xCF, 0xA9, 0x6A, 0x85, 0x25, 0x5A, 0xD8, 0x46, + 0x54, 0x20, 0x13, 0xB8, 0x41, 0x59, 0x51, 0xBD, + 0xD4, 0x5C, 0x01, 0x93, 0x1E, 0xBE, 0x58, 0x3E, + 0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4, + 0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60, + 0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B, + 0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90, + 0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C, + 0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22, + 0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4, + 0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C, + 0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C, + 0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45, + 0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA, + 0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27, + 0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80, + 0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F, + 0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14, + 0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5, + 0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB, + 0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83, + 0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86, + 0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03, + 0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB, + 0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73, + 0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B, + 0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33, + 0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52, + 0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0, + 0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A, + 0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14, + 0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3, + 0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92, + 0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC, + 0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0, + 0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8, + 0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A, + 0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A, + 0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C, + 0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38, + 0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07, + 0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C, + 0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7, + 0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59, + 0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51, + 0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03, + 0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74, + 0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E, + 0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA, + 0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54, + 0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F, + 0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72, + 0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA, + 0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30, + 0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20, + 0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53, + 0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85, + 0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63, + 0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3, + 0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14, + 0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97, + 0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B, + 0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28, + 0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C, + 0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23, + 0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36, + 0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B, + 0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87, + 0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78, + 0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69, + 0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A, + 0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7, + 0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA, + 0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02, + 0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5, + 0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A, + 0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5, + 0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C, + 0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6, + 0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44, + 0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07, + 0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0, + 0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C, + 0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19, + 0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1, + 0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62, + 0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99, + 0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89, + 0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B, + 0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E, + 0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22, + 0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7, + 0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9, + 0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20, + 0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97, + 0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F, + 0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A, + 0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB, + 0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53, + 0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29, + 0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03, + 0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8, + 0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9, + 0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E, + 0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A, + 0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0, + 0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82, + 0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13, + 0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0, + 0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD, + 0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15, + 0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A, + 0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38, + 0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92, + 0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7, + 0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C, + 0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68, + 0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73, + 0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92, + 0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A, + 0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06, + 0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95, + 0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69, + 0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76, + 0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB, + 0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4, + 0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7, + 0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60, + 0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56, + 0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55, + 0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE, + 0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC, + 0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3, + 0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F, + 0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF, + 0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72, + 0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19, + 0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75, + 0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96, + 0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0, + 0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F, + 0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2, + 0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1, + 0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B, + 0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04, + 0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70, + 0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B, + 0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5, + 0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56, + 0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71, + 0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94, + 0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56, + 0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F, + 0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93, + 0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF, + 0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31, + 0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25, + 0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F, + 0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F, + 0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6, + 0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80, + 0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98, + 0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68, + 0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11, + 0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F, + 0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54, + 0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9, + 0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B, + 0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33, + 0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00, + 0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D, + 0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA, + 0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC, + 0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1, + 0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C, + 0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD, + 0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F, + 0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2, + 0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3, + 0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70, + 0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB, + 0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6, + 0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93, + 0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9, + 0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC, + 0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21, + 0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08, + 0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2, + 0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37, + 0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0, + 0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72, + 0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35, + 0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4, + 0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7, + 0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87, + 0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52, + 0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83, + 0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F, + 0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B, + 0xE6, 0xE8, 0x32, 0xF2, 0x49, 0x8C, 0xA5, 0xA3, + 0x43, 0x1F, 0x40, 0xD3, 0x18, 0x7B, 0x1E, 0xD9, + 0x65, 0xFD, 0xD6, 0x69, 0x3B, 0x37, 0xF6, 0xEB, + 0x40, 0x8A, 0x99, 0x97, 0x7A, 0xE4, 0x96, 0x44, + 0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED, + 0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA, + 0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C, + 0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C + }; #endif + static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE]; + static byte privKey[KYBER_MAX_PRIVATE_KEY_SIZE]; - ExpectIntEQ(wc_InitCert(&cert), 0); + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(KyberKey)); + } -#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) - /* RSA */ - XMEMSET(&rsaKey, 0, sizeof(RsaKey)); - ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); - ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), +#ifndef WOLFSSL_NO_KYBER512 + ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)), 0); - DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, + KYBER512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, + KYBER512_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_512, KYBER512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_512, KYBER512_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER768 + ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)), + 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, + KYBER768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, + KYBER768_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_768, KYBER768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_768, KYBER768_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER1024 + ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, + KYBER1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, + KYBER1024_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_1024, KYBER1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_1024, KYBER1024_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_kyber_encapsulate_kats(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ + defined(WOLFSSL_ML_KEM) + KyberKey* key; +#ifndef WOLFSSL_NO_KYBER512 + static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { + 0xA5, 0x40, 0x97, 0x18, 0xCB, 0x72, 0xF2, 0x43, + 0x8A, 0x35, 0x55, 0xA3, 0xC8, 0xF1, 0x8F, 0x26, + 0x71, 0xA1, 0xF8, 0x14, 0x03, 0xDF, 0x7B, 0x5A, + 0x46, 0x59, 0xA5, 0x1F, 0x50, 0x82, 0x7B, 0xA6, + 0x57, 0x7A, 0xA7, 0x08, 0x00, 0xD7, 0x8D, 0x8B, + 0xC5, 0xAA, 0x86, 0xB8, 0x9E, 0x08, 0xB5, 0x8F, + 0x34, 0x80, 0xA8, 0x9E, 0x10, 0x4D, 0xC6, 0x92, + 0x2E, 0xDB, 0xC1, 0x2D, 0x06, 0xF8, 0x91, 0x02, + 0x7C, 0x65, 0x4E, 0x99, 0x4A, 0x22, 0xF9, 0x1A, + 0x2A, 0xF6, 0x34, 0x04, 0xCA, 0x98, 0xD7, 0xB6, + 0x7E, 0xEA, 0x25, 0x91, 0x1B, 0x24, 0xC7, 0x0D, + 0xEB, 0x81, 0x46, 0xA0, 0x82, 0x1F, 0x34, 0xA3, + 0x02, 0x55, 0x1F, 0x2D, 0x51, 0x0C, 0x05, 0x88, + 0xC8, 0xBC, 0xA7, 0x4E, 0xB4, 0xDC, 0x0C, 0xFA, + 0x46, 0x03, 0xC1, 0xC5, 0xA3, 0xC5, 0x53, 0x70, + 0x61, 0x78, 0x90, 0x68, 0x68, 0x2C, 0x4C, 0xC3, + 0x14, 0x3F, 0xBA, 0x9B, 0xB5, 0x54, 0x2F, 0x97, + 0x78, 0xBD, 0xF2, 0x3B, 0x36, 0x52, 0xF2, 0xA7, + 0x52, 0x47, 0x56, 0xFA, 0x73, 0x90, 0x9D, 0xDA, + 0xC7, 0xE5, 0x32, 0x52, 0x26, 0x59, 0x21, 0x8C, + 0xBA, 0x25, 0xF3, 0x3B, 0x6B, 0x04, 0x58, 0xCB, + 0x03, 0xDA, 0x79, 0x35, 0xBA, 0x59, 0x11, 0x19, + 0x55, 0x31, 0x2B, 0x15, 0xCC, 0xE2, 0xC0, 0xF7, + 0x34, 0x66, 0xA8, 0x00, 0x62, 0x83, 0xA2, 0xAA, + 0x7C, 0xBB, 0x61, 0x02, 0x2A, 0xBB, 0xC2, 0xD1, + 0x9F, 0x29, 0x20, 0xBC, 0x30, 0x24, 0x72, 0xDC, + 0x97, 0xC4, 0xA1, 0x78, 0x8C, 0x9B, 0xD3, 0xBB, + 0xED, 0xC9, 0x12, 0x2B, 0x82, 0x7B, 0x27, 0x9C, + 0x07, 0x4C, 0x80, 0x44, 0x31, 0x41, 0x11, 0x9F, + 0x4B, 0x16, 0x29, 0xF6, 0x2F, 0x10, 0xD4, 0xCE, + 0x2B, 0xE3, 0xBB, 0x34, 0x38, 0x16, 0xCA, 0xD1, + 0x6A, 0x1C, 0x87, 0x58, 0x2F, 0x2B, 0x70, 0xE2, + 0x66, 0x35, 0xB0, 0x8B, 0xB3, 0x90, 0xC1, 0x33, + 0x98, 0xFC, 0xCD, 0xA7, 0xE9, 0xBB, 0x3D, 0x9B, + 0x0B, 0x78, 0x03, 0x75, 0x0C, 0x95, 0x5C, 0x57, + 0xA0, 0x28, 0xA5, 0xD2, 0x6C, 0x27, 0x03, 0x16, + 0xBB, 0x2B, 0x81, 0x5C, 0x3B, 0x97, 0x2B, 0xA6, + 0x78, 0x2D, 0xAB, 0x02, 0xF3, 0x06, 0x82, 0x1E, + 0x61, 0x28, 0x5B, 0xB0, 0x72, 0xBF, 0x79, 0x78, + 0x1C, 0xAB, 0xC3, 0x86, 0x14, 0x2A, 0x50, 0xC7, + 0xAA, 0xAE, 0x66, 0xA9, 0x47, 0x58, 0x5B, 0xB0, + 0xD8, 0x28, 0x8D, 0xBC, 0xAF, 0x4B, 0x3B, 0x85, + 0xBB, 0x79, 0x26, 0x98, 0x7B, 0xAF, 0x76, 0x43, + 0xAA, 0xB5, 0xFB, 0x02, 0x21, 0x05, 0x80, 0xA0, + 0x26, 0x43, 0x52, 0xE6, 0x9C, 0x60, 0x98, 0x98, + 0x9C, 0xFB, 0x87, 0x48, 0x33, 0x95, 0x96, 0x0A, + 0x3A, 0x4F, 0x31, 0xBE, 0xFD, 0xA8, 0x0B, 0x5F, + 0x28, 0x6E, 0xCF, 0xDA, 0xA5, 0x55, 0xD4, 0x39, + 0x0A, 0xF6, 0xB5, 0x5D, 0x31, 0x39, 0x20, 0x92, + 0x90, 0x93, 0x44, 0x9C, 0xD6, 0x72, 0x9D, 0x00, + 0x21, 0x8E, 0x2D, 0x86, 0x57, 0x0A, 0xDC, 0x0C, + 0x4F, 0x65, 0x45, 0xFF, 0xB5, 0x63, 0x2E, 0xFB, + 0x3A, 0xAE, 0x26, 0x25, 0xA6, 0x98, 0x26, 0x70, + 0xFA, 0xCE, 0x8D, 0x16, 0x12, 0x6F, 0xA6, 0x07, + 0xE6, 0xD0, 0xA1, 0xFF, 0x61, 0x6A, 0x46, 0xEC, + 0xA6, 0x42, 0xCC, 0x6A, 0xAC, 0x55, 0x4D, 0xBB, + 0xC4, 0x3D, 0xFC, 0xF5, 0x7F, 0x36, 0x4C, 0x19, + 0x0C, 0xEA, 0x57, 0x76, 0xC1, 0xCE, 0xB5, 0x8B, + 0x70, 0x07, 0x50, 0x5F, 0xD7, 0x9C, 0x5F, 0x00, + 0x5A, 0x4B, 0xA2, 0x18, 0xCF, 0x06, 0x93, 0xB0, + 0x58, 0xB5, 0x10, 0xA4, 0xCA, 0x20, 0x43, 0x24, + 0x60, 0x2F, 0x59, 0xBB, 0x8F, 0x22, 0x81, 0xC4, + 0xD7, 0xB0, 0xBC, 0x86, 0x25, 0xE7, 0x88, 0x16, + 0x50, 0xF5, 0x7C, 0x89, 0xE3, 0x2C, 0xF4, 0x80, + 0x91, 0x44, 0x77, 0x5C, 0x90, 0x73, 0xB6, 0x73, + 0xE3, 0x94, 0x12, 0xA2, 0x7C, 0x91, 0x43, 0x21, + 0xCC, 0xB6, 0xA7, 0xCF, 0x7C, 0x37, 0xC5, 0xBC, + 0xBE, 0x7C, 0xA5, 0x1B, 0xE0, 0xC9, 0x28, 0x46, + 0x6A, 0x45, 0x8E, 0xB7, 0x78, 0xD6, 0x46, 0x6A, + 0x89, 0x2A, 0x0A, 0xCB, 0xC0, 0x96, 0x38, 0x78, + 0x4A, 0x27, 0x73, 0x9C, 0x97, 0x0C, 0xA5, 0x8B, + 0xC2, 0x59, 0x5A, 0xD6, 0xBF, 0xA4, 0xE5, 0x2E, + 0xB4, 0x38, 0xAC, 0x97, 0xC4, 0x16, 0x23, 0x80, + 0x22, 0x48, 0xE1, 0x10, 0xB0, 0x74, 0x83, 0x8F, + 0x31, 0xA6, 0xE7, 0x50, 0x37, 0x37, 0x70, 0x4E, + 0x7A, 0xE4, 0xAD, 0x91, 0x29, 0x95, 0x72, 0xA8, + 0xC1, 0x36, 0x03, 0x50, 0x0F, 0x36, 0x09, 0xB6, + 0x25, 0xB4, 0xE2, 0x4C, 0xAE, 0x33, 0x2B, 0x0D, + 0x7A, 0x5B, 0xB4, 0x7A, 0x03, 0x85, 0x12, 0xA0, + 0x81, 0xBC, 0x27, 0xCD, 0xF0, 0xF2, 0x92, 0x3C, + 0xD3, 0x47, 0x9F, 0x53, 0x07, 0x02, 0x0B, 0x77, + 0xF1, 0x49, 0x58, 0x45, 0x64, 0x06, 0x0E, 0x50, + 0x83, 0xCE, 0xD5, 0x53, 0x12, 0xB6, 0xA6, 0xA4, + 0x65, 0xA8, 0x2B, 0x45, 0x77, 0xD6, 0x3A, 0x4B, + 0x49, 0xC8, 0x0B, 0x07, 0xA9, 0x36, 0x7E, 0x39, + 0x77, 0x8A, 0xF7, 0x6F, 0xA8, 0xEC, 0x2C, 0xF5, + 0x28, 0x72, 0x28, 0x56, 0xCE, 0x78, 0x13, 0x40, + 0x1A, 0x83, 0x83, 0xBD, 0xB7, 0x15, 0x1B, 0x9B, + 0x6D, 0x2D, 0xD6, 0xBF, 0xF5, 0x54, 0x01, 0xD2, + 0x8A, 0xC6, 0x12, 0x81, 0x8C, 0x88, 0xC9, 0x28, + 0x73, 0x47, 0xB0, 0x98, 0xA9, 0x66, 0xEB, 0x9C, + 0x0A, 0x2D, 0xB7, 0x1F, 0x0A, 0x75, 0x55, 0x5E, + 0x17, 0x57, 0xD3, 0xAC, 0x4E, 0x3D, 0x80, 0x2C, + 0x8D, 0xC6, 0xA2, 0x61, 0x52, 0x12, 0x55, 0x18, + 0x6A, 0xBB, 0x98, 0xC2, 0x48, 0x03, 0x01, 0xB8, + 0xC6, 0xB3, 0x12, 0x28, 0xB5, 0x44, 0x61, 0xBC, + 0x44, 0xEA, 0x3C, 0x2C, 0xF9, 0x4B, 0x86, 0xC7, + 0xA5, 0xB8, 0x2C, 0x55, 0x16, 0x7A, 0x76, 0x06, + 0xCA, 0x9D, 0xC8, 0x25, 0x3B, 0x76, 0x04, 0xE4, + 0x4A, 0x07, 0xF3, 0xED, 0x55, 0xCD, 0x5B, 0x5E + }; + static const byte seed_512[KYBER_ENC_RAND_SZ] = { + 0x10, 0x9A, 0x24, 0x8F, 0xE8, 0x05, 0x2F, 0x84, + 0x27, 0x1F, 0xF5, 0x7B, 0xAC, 0x15, 0x6B, 0x1B, + 0xA6, 0xA5, 0x09, 0xCD, 0xCD, 0xBC, 0xC9, 0x6C, + 0xCD, 0xB1, 0xCC, 0xB8, 0x5C, 0xA4, 0x93, 0x15 + }; + static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { + 0x59, 0x7A, 0x06, 0xDE, 0xB8, 0x81, 0x72, 0xBA, + 0x8D, 0x7C, 0xDE, 0x8D, 0x82, 0xCA, 0xA2, 0x34, + 0xB8, 0x11, 0x2A, 0xF8, 0xA7, 0x2F, 0x1A, 0xB4, + 0xCE, 0xA1, 0xEF, 0xCB, 0x2D, 0x86, 0x8D, 0x53, + 0xD2, 0x12, 0xE3, 0x03, 0xB7, 0x0E, 0x7E, 0x52, + 0x1A, 0xB0, 0xF4, 0xB5, 0xDB, 0x4F, 0x51, 0x15, + 0x92, 0x48, 0xBF, 0xB2, 0x75, 0x36, 0x1B, 0xEF, + 0x88, 0x37, 0x52, 0xC7, 0x8B, 0x8D, 0x47, 0x12, + 0x27, 0x53, 0x85, 0x53, 0x6A, 0x4B, 0x0A, 0x96, + 0xE3, 0xC2, 0x3E, 0xA6, 0xC1, 0x7E, 0xA9, 0x2B, + 0x60, 0x26, 0x16, 0xE5, 0x82, 0x1E, 0x57, 0x53, + 0xA4, 0x73, 0x6C, 0x40, 0x39, 0xC2, 0x0C, 0x92, + 0x3C, 0xCE, 0xCB, 0x57, 0x98, 0x05, 0x58, 0x7C, + 0x0C, 0xE7, 0x22, 0x18, 0xBB, 0x1A, 0xB1, 0x24, + 0x52, 0xF8, 0xE1, 0x54, 0xCB, 0x86, 0x43, 0x32, + 0x81, 0x42, 0xF9, 0xB3, 0x40, 0xA6, 0x41, 0xC6, + 0xF2, 0x95, 0xE5, 0xEC, 0xF2, 0xE0, 0x48, 0xBC, + 0x7F, 0xC7, 0x9B, 0xC5, 0xB9, 0x42, 0x77, 0xC8, + 0x68, 0xD8, 0xE5, 0x36, 0xB5, 0x04, 0x25, 0x80, + 0x9D, 0xCF, 0xA0, 0x24, 0xA3, 0x90, 0x5C, 0xBA, + 0x55, 0x0A, 0xD3, 0xBB, 0x52, 0xB4, 0x59, 0xAC, + 0x38, 0xFA, 0xBC, 0x9B, 0xC0, 0x0E, 0xBA, 0x03, + 0xEC, 0x09, 0x06, 0x72, 0x5B, 0x4F, 0xE4, 0xE9, + 0x76, 0xF1, 0x74, 0x32, 0x00, 0x47, 0xB3, 0x1D, + 0x15, 0x89, 0x13, 0x65, 0xBA, 0x48, 0x23, 0x88, + 0xF0, 0xFB, 0x97, 0x3B, 0x85, 0x22, 0x4F, 0xB0, + 0x0B, 0xA8, 0x65, 0xAF, 0xAB, 0x3C, 0x9A, 0x1B, + 0x7D, 0x48, 0x9F, 0x7B, 0x98, 0x2D, 0x0B, 0xD4, + 0x70, 0xEF, 0x94, 0x8E, 0xCB, 0x5B, 0x39, 0x20, + 0xAF, 0x89, 0x03, 0x59, 0x60, 0x12, 0x3B, 0x1F, + 0x86, 0x30, 0xD7, 0x63, 0x68, 0x1B, 0xFD, 0x67, + 0x15, 0x67, 0xEF, 0xBB, 0x1E, 0x62, 0x76, 0xAA, + 0x4F, 0xB2, 0xDF, 0xA9, 0xC3, 0x94, 0x8D, 0xB7, + 0xF0, 0x83, 0xF2, 0x83, 0x83, 0xB7, 0x7B, 0xC5, + 0x14, 0xAF, 0x9D, 0x68, 0xD2, 0x2E, 0x24, 0x87, + 0xC2, 0x01, 0x63, 0xC0, 0x2B, 0x0B, 0xBF, 0x23, + 0xBB, 0xCE, 0x06, 0x50, 0xF8, 0x4F, 0xF8, 0xCE, + 0x02, 0xC7, 0x4E, 0x9E, 0x11, 0xD6, 0xF3, 0x0E, + 0xC5, 0xFA, 0x8A, 0x01, 0x2A, 0xDC, 0x3B, 0x89, + 0x62, 0x7C, 0x7D, 0xE8, 0x55, 0xC1, 0xFB, 0xBE, + 0xB5, 0xDC, 0xDE, 0x84, 0xD0, 0x5E, 0x36, 0xC5, + 0x56, 0x6E, 0x55, 0x51, 0xB5, 0x87, 0x50, 0xA4, + 0x11, 0x64, 0x26, 0x39, 0xB2, 0x78, 0x64, 0xF7, + 0xE0, 0x05, 0x97, 0x8F, 0xFE, 0x25, 0x6B, 0x75, + 0x7D, 0x13, 0xDA, 0x66, 0x3F, 0xC3, 0xBB, 0x07, + 0x94, 0xA2, 0x7C, 0xF7, 0x58, 0x5D, 0x12, 0xF2, + 0x2D, 0x95, 0x3B, 0x28, 0x54, 0x59, 0xFD, 0xC9, + 0xBC, 0xDF, 0xCD, 0xCC, 0xB7, 0xBF, 0x3E, 0x4E, + 0x36, 0x2D, 0x28, 0x91, 0xD5, 0x83, 0x85, 0x5F, + 0x5D, 0x94, 0x87, 0xE6, 0xFB, 0x21, 0x7E, 0x2E, + 0x45, 0xEE, 0x0B, 0xD9, 0xAF, 0xC2, 0x89, 0xF4, + 0xD5, 0x64, 0x58, 0x12, 0x09, 0xA3, 0xAC, 0xA3, + 0x17, 0x95, 0xA1, 0x24, 0xBD, 0x1B, 0xBA, 0xEA, + 0x84, 0x67, 0x55, 0xC8, 0xEA, 0x78, 0x10, 0xEA, + 0xA7, 0x30, 0x60, 0xE8, 0x6F, 0xB5, 0xFD, 0xF3, + 0xFB, 0xE7, 0x2F, 0x80, 0x6B, 0xB1, 0xBF, 0xBF, + 0xBA, 0xC0, 0xC7, 0xB1, 0x6B, 0xFE, 0x74, 0x25, + 0x02, 0x77, 0xEC, 0xF5, 0xF5, 0x41, 0x57, 0x1B, + 0x8A, 0x97, 0x50, 0x50, 0x91, 0x7F, 0xDF, 0x78, + 0x1F, 0xEA, 0x17, 0xB5, 0x85, 0xE3, 0xC6, 0xDB, + 0xFE, 0x77, 0xB1, 0xE4, 0x8A, 0x16, 0x50, 0x4C, + 0x3A, 0x38, 0x90, 0x11, 0x56, 0x10, 0x0C, 0xAF, + 0xEC, 0x2E, 0xD9, 0x39, 0xAE, 0x9A, 0x9E, 0xDF, + 0xC9, 0xC0, 0xF8, 0xC7, 0xF5, 0x5C, 0xC9, 0x3E, + 0x5D, 0xDD, 0x0B, 0x3D, 0xE1, 0xC6, 0xED, 0xAE, + 0x2B, 0x7E, 0xE3, 0x4C, 0x61, 0x01, 0xF0, 0x11, + 0xB5, 0x90, 0x4F, 0x69, 0x3D, 0x28, 0x63, 0x56, + 0xB5, 0x4C, 0x86, 0xCE, 0x8B, 0xCF, 0xEA, 0x9D, + 0xBF, 0xEC, 0x21, 0xC1, 0xEF, 0x0E, 0xCC, 0x91, + 0x05, 0x00, 0x5B, 0xAA, 0x37, 0x7D, 0x82, 0x9D, + 0xCA, 0x2C, 0xBF, 0x5E, 0xA5, 0xF3, 0x1B, 0x71, + 0xD4, 0x46, 0xB8, 0x33, 0xE0, 0x06, 0x19, 0x81, + 0x9D, 0x7F, 0xC6, 0x02, 0x40, 0x52, 0x49, 0x97, + 0x57, 0xA2, 0x76, 0x5F, 0x19, 0xCD, 0x2B, 0x36, + 0xC2, 0x48, 0x85, 0x99, 0xDC, 0x52, 0x47, 0x49, + 0x4F, 0xAB, 0xE8, 0x1E, 0xEB, 0xEF, 0xD3, 0xBE, + 0x75, 0xC4, 0x78, 0x0E, 0x43, 0xA5, 0x04, 0x18, + 0xC5, 0xDB, 0x2F, 0xF3, 0x59, 0xC5, 0xA6, 0xDE, + 0x28, 0x6E, 0xF5, 0x95, 0x1E, 0x27, 0x09, 0x48, + 0x6E, 0xDC, 0x9C, 0xC4, 0x9D, 0x07, 0x24, 0xEC, + 0xA3, 0xF2, 0xC0, 0xB7, 0x5F, 0x8A, 0x36, 0xCE, + 0x86, 0x23, 0x88, 0xF0, 0x0B, 0x3C, 0x59, 0x3D, + 0x1C, 0x8C, 0x6A, 0xC4, 0x5D, 0x73, 0xA7, 0x2F, + 0xF6, 0xB4, 0xF8, 0x05, 0xB1, 0x31, 0xED, 0x4E, + 0xAF, 0x56, 0x01, 0xD7, 0xB7, 0x3B, 0x0E, 0x37, + 0x24, 0xE7, 0x5D, 0x58, 0xDD, 0x50, 0xF5, 0x87, + 0x1C, 0x54, 0xA3, 0x7C, 0x14, 0x81, 0x33, 0x17, + 0x59, 0xF4, 0xBE, 0x86, 0xFB, 0x58, 0xA2, 0xEE, + 0x00, 0x31, 0x30, 0xF6, 0x6E, 0x18, 0x7C, 0x8B, + 0xA5, 0x01, 0x5B, 0xE7, 0x13, 0x29, 0x65, 0x89, + 0xAC, 0xAF, 0xBF, 0x65, 0x96, 0x89, 0x7E, 0x03, + 0xD4, 0x92, 0x0C, 0x91, 0xF2, 0x63, 0x33, 0xB7, + 0xBF, 0x17, 0x98, 0xAF, 0x81, 0x5C, 0x93, 0xD4, + 0xDF, 0x55, 0xBD, 0x47, 0xA0, 0x82, 0x49, 0xBF, + 0x11, 0x30, 0x63, 0xFB, 0xB3, 0x95, 0x03, 0xE9, + 0xB6, 0xD4, 0x3E, 0xAC, 0x7B, 0x0C, 0x30, 0x5A + }; + static const byte k_512[KYBER_SS_SZ] = { + 0x4D, 0xDD, 0x30, 0x4E, 0x27, 0x48, 0x99, 0xBD, + 0x82, 0x97, 0x18, 0x56, 0x82, 0x4B, 0x58, 0x71, + 0x30, 0x92, 0x79, 0x52, 0x06, 0x01, 0x21, 0x85, + 0x8F, 0x9A, 0xDE, 0xB9, 0x6A, 0xB7, 0xF5, 0x71 + }; #endif - -#if defined(HAVE_ECC) - /* ECC */ - XMEMSET(&eccKey, 0, sizeof(ecc_key)); - ExpectIntEQ(wc_ecc_init(&eccKey), 0); - ret = wc_ecc_make_key(&rng, KEY14, &eccKey); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#ifndef WOLFSSL_NO_KYBER768 + static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { + 0x14, 0x56, 0xA2, 0xEE, 0x8C, 0x35, 0x56, 0x05, + 0x4A, 0xBC, 0x79, 0xB4, 0x88, 0x2C, 0x31, 0x90, + 0xE5, 0xCA, 0x72, 0x6A, 0xB4, 0x02, 0xE5, 0xB0, + 0x97, 0x28, 0xC0, 0xF4, 0xF7, 0x9C, 0x9F, 0xC2, + 0xAD, 0xD8, 0x28, 0xAB, 0xE4, 0x32, 0xB1, 0x50, + 0x1B, 0x60, 0xF4, 0x6C, 0xCB, 0xC8, 0x6A, 0x33, + 0x78, 0xC3, 0x48, 0x95, 0x70, 0x8A, 0x13, 0x67, + 0x1B, 0x20, 0xB3, 0x89, 0x47, 0x9A, 0xAA, 0x01, + 0xC6, 0x9D, 0x6B, 0x3B, 0x7D, 0x07, 0xD1, 0xC3, + 0xAB, 0x54, 0xB9, 0x1C, 0x58, 0x0F, 0x5A, 0x33, + 0x6B, 0x30, 0x06, 0x9A, 0x4F, 0x13, 0x4F, 0xFD, + 0x37, 0x64, 0xCE, 0x73, 0xA0, 0x47, 0xE2, 0x84, + 0x47, 0x71, 0x74, 0x2B, 0xF4, 0x71, 0x0B, 0x97, + 0x2D, 0x4F, 0x65, 0x90, 0xA1, 0xC5, 0x3A, 0x97, + 0x53, 0x68, 0xC2, 0x71, 0xB6, 0x70, 0xF1, 0xA4, + 0x03, 0x64, 0x41, 0x05, 0x4A, 0x66, 0xE8, 0x81, + 0x59, 0x97, 0x51, 0x22, 0x88, 0x55, 0x2F, 0xD7, + 0x14, 0x9F, 0xFB, 0x70, 0x5A, 0xAE, 0x13, 0x3F, + 0x84, 0x14, 0x06, 0x0D, 0x00, 0x92, 0xFA, 0x8A, + 0x16, 0x27, 0xD7, 0x8A, 0xB2, 0xAB, 0xC6, 0x69, + 0x62, 0x88, 0xBA, 0xF5, 0xC6, 0x0E, 0xF3, 0x70, + 0x82, 0x7A, 0x7E, 0xFA, 0x72, 0xAE, 0x5C, 0x67, + 0x41, 0xA5, 0xDA, 0x04, 0x3D, 0x59, 0x40, 0xF1, + 0x21, 0x48, 0x53, 0x72, 0xA9, 0x8F, 0x47, 0x2D, + 0x60, 0xF0, 0x5F, 0x74, 0xD9, 0x5F, 0x01, 0xA1, + 0x99, 0x1E, 0x73, 0xA3, 0xE0, 0xA9, 0x53, 0x64, + 0x67, 0xA4, 0x73, 0x8A, 0xB4, 0xCF, 0x38, 0x5B, + 0xA7, 0x72, 0x82, 0x7E, 0xB8, 0xCC, 0x05, 0x8B, + 0x35, 0x72, 0xE4, 0x0B, 0x59, 0x84, 0x44, 0xC1, + 0x81, 0xC7, 0xF6, 0xD9, 0xB7, 0x60, 0xA7, 0xB9, + 0x07, 0x09, 0x2E, 0x9C, 0x33, 0x51, 0xEA, 0x23, + 0x4E, 0x44, 0x49, 0xBD, 0x9B, 0x61, 0xA1, 0x34, + 0x65, 0x4E, 0x2D, 0xA1, 0x91, 0xFF, 0x07, 0x93, + 0x96, 0x15, 0x69, 0xD3, 0x59, 0x44, 0x48, 0xBB, + 0xC2, 0x58, 0x69, 0x99, 0xA6, 0x67, 0x1E, 0xFC, + 0xA9, 0x57, 0xF3, 0xA6, 0x69, 0x9A, 0x4A, 0x1B, + 0x2F, 0x47, 0x07, 0xAB, 0xA0, 0xB2, 0xDB, 0x20, + 0x11, 0x4F, 0xE6, 0x8A, 0x4E, 0x28, 0x15, 0xAF, + 0x3A, 0xAC, 0x4B, 0x8C, 0x6B, 0xE5, 0x64, 0x8C, + 0x50, 0xCC, 0x35, 0xC2, 0x7C, 0x57, 0x28, 0x80, + 0x28, 0xD3, 0x61, 0x70, 0x8D, 0x30, 0x2E, 0xEB, + 0xB8, 0x60, 0xBE, 0xE6, 0x91, 0xF6, 0x56, 0xA2, + 0x55, 0x0C, 0xB3, 0x21, 0xE9, 0x29, 0x3D, 0x75, + 0x16, 0xC5, 0x99, 0x81, 0x7B, 0x76, 0x6B, 0xA9, + 0x28, 0xB1, 0x08, 0x77, 0x9A, 0x1C, 0x87, 0x12, + 0xE7, 0x4C, 0x76, 0x84, 0x1A, 0xC5, 0x8B, 0x8C, + 0x51, 0x5B, 0xF4, 0x74, 0x9B, 0xF7, 0x15, 0x98, + 0x44, 0x45, 0xB2, 0xB5, 0x30, 0x63, 0x38, 0x40, + 0x01, 0xE5, 0x5F, 0x68, 0x86, 0x7B, 0x1A, 0xF4, + 0x6C, 0xA7, 0x0C, 0xA8, 0xEA, 0x74, 0x17, 0x2D, + 0xB8, 0x0B, 0x52, 0x18, 0xBD, 0xE4, 0xF0, 0x0A, + 0x0E, 0x65, 0x8D, 0xB5, 0xA1, 0x8D, 0x94, 0xE1, + 0x42, 0x7A, 0xF7, 0xAE, 0x35, 0x8C, 0xCE, 0xB2, + 0x38, 0x77, 0x2F, 0xCC, 0x83, 0xF1, 0x08, 0x28, + 0xA4, 0xA3, 0x67, 0xD4, 0x2C, 0x4C, 0xB6, 0x93, + 0x3F, 0xDD, 0x1C, 0x1C, 0x7B, 0x86, 0xAD, 0x8B, + 0x00, 0x96, 0x57, 0xA9, 0x62, 0x22, 0xD7, 0xBA, + 0x92, 0xF5, 0x27, 0xAF, 0x87, 0x79, 0x70, 0xA8, + 0x32, 0x47, 0xF4, 0x7A, 0x23, 0xFC, 0x22, 0x85, + 0x11, 0x8B, 0x57, 0x71, 0x77, 0x15, 0x20, 0x46, + 0x74, 0xDA, 0x9C, 0x94, 0xB6, 0x2B, 0xC7, 0x83, + 0x8C, 0xF8, 0x72, 0x00, 0x15, 0x6B, 0x26, 0xBA, + 0x46, 0x71, 0x15, 0x99, 0x31, 0xC4, 0x93, 0x22, + 0xD8, 0x06, 0x71, 0xA0, 0xF3, 0x32, 0xEA, 0xA2, + 0xBB, 0xF8, 0x93, 0xBE, 0x40, 0x8B, 0x9E, 0xAC, + 0x6A, 0x50, 0x54, 0x83, 0xAA, 0x90, 0x75, 0xBD, + 0x13, 0x68, 0xB5, 0x1F, 0x99, 0x21, 0x1F, 0x48, + 0x0A, 0x9C, 0x54, 0x2A, 0x75, 0xB5, 0xBE, 0x08, + 0xE4, 0x3A, 0xDA, 0xF3, 0x01, 0xDD, 0x72, 0x9A, + 0x85, 0x95, 0x40, 0x10, 0xE6, 0x48, 0x92, 0xA2, + 0xAA, 0x4F, 0x15, 0xC0, 0xBD, 0x70, 0xB3, 0xD8, + 0x56, 0x49, 0x4F, 0xF9, 0xBA, 0x0F, 0xE4, 0xCE, + 0x12, 0x99, 0x1C, 0xA0, 0x6B, 0x5E, 0x3D, 0x0B, + 0x2A, 0xF1, 0xF7, 0x97, 0xB7, 0xA2, 0xB7, 0x60, + 0x91, 0x0A, 0xE9, 0xF8, 0x33, 0xD0, 0xD4, 0x26, + 0x7A, 0x58, 0x05, 0x2C, 0x29, 0x90, 0xF1, 0x61, + 0xB8, 0x86, 0xE2, 0x51, 0x71, 0x1C, 0x09, 0xD0, + 0x85, 0xC3, 0xD9, 0x58, 0xB1, 0x44, 0x19, 0x2C, + 0x9C, 0xC3, 0x22, 0x4A, 0x46, 0x07, 0x15, 0xB6, + 0x78, 0x4E, 0xB0, 0xB2, 0x6F, 0x23, 0x71, 0x87, + 0x50, 0x7D, 0x85, 0xC5, 0x11, 0x0A, 0xCC, 0x71, + 0xCE, 0x47, 0x19, 0x8F, 0x25, 0x45, 0x53, 0x35, + 0x6D, 0xAB, 0x44, 0x8C, 0x38, 0xD2, 0x43, 0xA7, + 0xC0, 0x2B, 0xE4, 0x0C, 0x90, 0x8C, 0x82, 0x8D, + 0x05, 0xC0, 0x81, 0xDF, 0xAB, 0x8F, 0xC6, 0xB5, + 0xCF, 0xE7, 0xD5, 0x6E, 0x73, 0x17, 0x15, 0x7D, + 0xC0, 0x53, 0xB2, 0xB3, 0x48, 0x99, 0x86, 0xB0, + 0x81, 0x28, 0x88, 0x71, 0x81, 0x85, 0x85, 0xE0, + 0x99, 0x31, 0x09, 0x5E, 0x32, 0x74, 0xA0, 0x84, + 0x11, 0x5B, 0xE2, 0x76, 0x43, 0x82, 0x54, 0xA7, + 0x96, 0x27, 0x0A, 0x7B, 0x43, 0x06, 0xF0, 0x8B, + 0x98, 0xD9, 0xC2, 0xAA, 0xEC, 0xF7, 0x06, 0x5E, + 0x74, 0x44, 0x6B, 0x7C, 0x69, 0x6D, 0xBA, 0xAF, + 0x8B, 0x46, 0x25, 0xA1, 0x0B, 0x07, 0x82, 0x7B, + 0x4A, 0x8B, 0xAB, 0xAB, 0x09, 0xB6, 0x4A, 0xE1, + 0xC3, 0x75, 0xBB, 0x78, 0x54, 0x41, 0xF3, 0x19, + 0xFB, 0x9A, 0xC2, 0xF1, 0x4C, 0x95, 0xFF, 0xB2, + 0x52, 0xAB, 0xBB, 0x80, 0x9C, 0x69, 0x09, 0xCD, + 0x97, 0x70, 0x6E, 0x40, 0x69, 0x1C, 0xBA, 0x61, + 0xC9, 0x25, 0x2B, 0xD3, 0x8A, 0x04, 0x31, 0x1C, + 0xA5, 0xBB, 0x2C, 0xA7, 0x95, 0x78, 0x34, 0x75, + 0x05, 0xD0, 0x88, 0x88, 0x51, 0xE0, 0x82, 0x64, + 0x8B, 0xD0, 0x03, 0xBE, 0x97, 0xC0, 0xF8, 0xF6, + 0x67, 0x59, 0xEC, 0x96, 0xA9, 0x6A, 0x08, 0x1C, + 0x68, 0x22, 0xC4, 0x51, 0x05, 0x59, 0x53, 0x70, + 0x42, 0xFC, 0x15, 0xF0, 0x69, 0xA6, 0x49, 0xB7, + 0x4A, 0x10, 0x96, 0x1B, 0x35, 0x4A, 0x1F, 0x62, + 0x5B, 0x04, 0xE2, 0x5B, 0x29, 0x3C, 0xF6, 0x5F, + 0xB4, 0xF5, 0x3A, 0x80, 0xCC, 0x73, 0x3D, 0x7A, + 0x17, 0x57, 0x75, 0xBF, 0x8A, 0x9A, 0xBB, 0x92, + 0x01, 0x62, 0x0E, 0x83, 0xA7, 0xF3, 0xE7, 0x24, + 0xD1, 0x28, 0x7D, 0xBC, 0x44, 0xBD, 0xD5, 0xD8, + 0x5F, 0xC7, 0x15, 0x45, 0xA9, 0x27, 0xBE, 0xED, + 0xE5, 0x37, 0xA7, 0x76, 0x87, 0x35, 0xCC, 0x14, + 0x86, 0xC7, 0xC3, 0xF3, 0x11, 0x04, 0xDB, 0x67, + 0x34, 0x3F, 0x43, 0x5D, 0x2D, 0x45, 0x55, 0x4B, + 0xAA, 0xC9, 0xCD, 0xB5, 0x82, 0x2E, 0x84, 0x22, + 0xAE, 0x83, 0x21, 0xC7, 0x8A, 0xBE, 0x9F, 0x26, + 0x1F, 0xD4, 0x81, 0x0A, 0x79, 0xE3, 0x3E, 0x94, + 0xE6, 0x3B, 0x33, 0x41, 0x87, 0x2C, 0x92, 0x25, + 0x35, 0x21, 0x99, 0x7C, 0x08, 0x4F, 0xBC, 0x06, + 0x0B, 0x8B, 0x12, 0x5C, 0xCC, 0x88, 0xAC, 0x85, + 0xAC, 0x5F, 0xE3, 0x16, 0x8A, 0xCB, 0x05, 0x9B, + 0x3F, 0x11, 0x9C, 0x4E, 0x05, 0x0A, 0x20, 0x73, + 0x2F, 0x50, 0x1B, 0xB9, 0xB3, 0xE6, 0x87, 0xC8, + 0x46, 0xB5, 0xC2, 0x65, 0x3F, 0x88, 0x86, 0x37, + 0x3E, 0x10, 0x04, 0xA2, 0xAB, 0x8D, 0x1B, 0xB9, + 0x70, 0xA7, 0xE5, 0x71, 0xD8, 0xA4, 0x6E, 0xE8, + 0x1B, 0x78, 0x2F, 0x26, 0x94, 0x2D, 0xD3, 0x94, + 0xFD, 0xD9, 0xA5, 0xE4, 0xC5, 0x63, 0x1D, 0x98, + 0x55, 0x28, 0x60, 0x4B, 0x1C, 0xC9, 0x76, 0x27, + 0x5B, 0x6A, 0xC8, 0xA6, 0x7C, 0xEE, 0xC1, 0x0F, + 0xFA, 0xCB, 0xBA, 0x3D, 0x3B, 0xB1, 0x41, 0x32, + 0x1D, 0xFC, 0x3C, 0x92, 0x31, 0xFC, 0x96, 0xE4, + 0x48, 0xB9, 0xAB, 0x84, 0x70, 0x21, 0xE2, 0xC8, + 0xD9, 0x0C, 0x6B, 0xCA, 0xF2, 0xB1, 0x24, 0x07, + 0x83, 0xB6, 0x2C, 0x79, 0xDE, 0xDC, 0x07, 0x2A, + 0x57, 0x63, 0xE6, 0x60, 0xAF, 0x2C, 0x27, 0xC3, + 0xF0, 0xC3, 0xC0, 0x92, 0x07, 0xCA, 0xD9, 0x90, + 0xBB, 0x41, 0xA7, 0xBF, 0xCE, 0xC9, 0x9F, 0x51, + 0x59, 0x6A, 0x0E, 0x83, 0x77, 0x8F, 0x85, 0xC0, + 0x06, 0xAC, 0x6D, 0x1F, 0xE9, 0x81, 0xB4, 0xC4, + 0xBA, 0x1C, 0xB5, 0x75, 0xA7, 0xD0, 0x7A, 0xE2, + 0xD3, 0x1B, 0xA7, 0x60, 0x09, 0x5F, 0x74, 0xBC, + 0x16, 0x38, 0x41, 0xCF, 0x8F, 0xF7, 0x7F, 0x89, + 0x4A, 0xBC, 0x6D, 0x26, 0x1E, 0xD8, 0x7A, 0x45, + 0x30, 0x36, 0x3B, 0x94, 0x9C, 0x4A, 0xD2, 0x4E, + 0xFB, 0x3A, 0x56, 0x80, 0x94, 0x78, 0xDD, 0xA2 + }; + static const byte seed_768[KYBER_ENC_RAND_SZ] = { + 0x40, 0xBE, 0x9D, 0xCA, 0xC1, 0x6E, 0x9C, 0xA7, + 0x3D, 0x49, 0xD0, 0xC8, 0x3F, 0x9D, 0x3D, 0x89, + 0xBB, 0x71, 0x57, 0x4A, 0x42, 0x19, 0xA0, 0xF3, + 0x93, 0xDF, 0xEC, 0xE2, 0x98, 0x83, 0x94, 0xC4 + }; + static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { + 0x77, 0x8D, 0x6B, 0x03, 0x79, 0x1A, 0xCA, 0xF5, + 0x6C, 0xAA, 0xFC, 0xC7, 0x8C, 0xEE, 0x5C, 0xBC, + 0xA1, 0xDE, 0x87, 0x37, 0xE9, 0xC7, 0xFF, 0x4A, + 0xE5, 0xF3, 0x84, 0xD3, 0x44, 0xE0, 0x82, 0x23, + 0xC7, 0x4C, 0x82, 0x4C, 0xB5, 0x84, 0x85, 0x20, + 0x51, 0x7C, 0x7F, 0x0E, 0xA0, 0x64, 0x5E, 0xB6, + 0xF8, 0x89, 0x51, 0x7A, 0xE5, 0x21, 0x6B, 0x0C, + 0xF4, 0x1D, 0xDC, 0x3F, 0x0D, 0x1D, 0xF9, 0xBC, + 0x6E, 0x4D, 0xEC, 0xB2, 0x36, 0xA5, 0xEA, 0x8B, + 0x21, 0x4F, 0x64, 0x26, 0x6D, 0x3C, 0xDE, 0x08, + 0xE0, 0xCB, 0x00, 0xE5, 0xD9, 0x1F, 0x58, 0x67, + 0x06, 0xB1, 0xEE, 0x53, 0x3D, 0x20, 0x47, 0x6F, + 0x44, 0x23, 0xB7, 0x8F, 0x91, 0x6B, 0x17, 0x26, + 0xEE, 0xEA, 0x95, 0x9F, 0xFB, 0x9A, 0xC6, 0x34, + 0xD0, 0x4A, 0x94, 0xD0, 0x99, 0x23, 0xCB, 0x0D, + 0x4E, 0x73, 0x0C, 0xCA, 0x41, 0x44, 0xE7, 0xC4, + 0x88, 0x49, 0x21, 0x65, 0x2D, 0xA4, 0x92, 0x8C, + 0x68, 0xE6, 0x44, 0xF6, 0x73, 0xCF, 0xC5, 0x7D, + 0x3E, 0x87, 0xCF, 0x5B, 0xE5, 0x81, 0xA8, 0x9F, + 0x9C, 0xB8, 0xF0, 0xFC, 0xE2, 0x78, 0x2D, 0x68, + 0x1E, 0x5C, 0xE8, 0x8A, 0xF5, 0x84, 0x58, 0xC3, + 0xD6, 0x3D, 0x80, 0x75, 0x72, 0xDE, 0x5A, 0xA8, + 0xE1, 0xFA, 0xF2, 0xDC, 0xD1, 0x4E, 0xDB, 0x73, + 0x49, 0x56, 0x5B, 0x7D, 0x32, 0x71, 0xDD, 0xBE, + 0xB0, 0xB6, 0xCC, 0x7A, 0xFE, 0x08, 0x63, 0x57, + 0x84, 0x31, 0x11, 0x59, 0x73, 0x3C, 0x46, 0xE5, + 0xFD, 0xC5, 0xE0, 0xCD, 0x36, 0xCE, 0x56, 0x85, + 0xAC, 0xFB, 0x1A, 0xFE, 0x50, 0xAB, 0xB4, 0x6F, + 0x44, 0x75, 0x21, 0xE6, 0x0D, 0x9C, 0x8F, 0x0E, + 0x4C, 0xA2, 0x8C, 0x19, 0x0A, 0xBB, 0x40, 0xC3, + 0x65, 0xF4, 0x12, 0x47, 0x1E, 0x95, 0xA8, 0xEA, + 0x39, 0x6D, 0x4B, 0xD8, 0x07, 0x0E, 0xEB, 0x1F, + 0x02, 0xB0, 0x7C, 0x82, 0x53, 0x67, 0xAA, 0x1E, + 0xC0, 0xF1, 0x0C, 0x38, 0x62, 0x41, 0x6B, 0xB2, + 0x1A, 0xD6, 0xCA, 0x74, 0x8A, 0x86, 0xE9, 0x82, + 0x9E, 0xFC, 0x1A, 0x04, 0x99, 0x09, 0x3C, 0x85, + 0x17, 0x6D, 0x37, 0xF5, 0x74, 0xC7, 0x5C, 0xF5, + 0xED, 0xFA, 0x8D, 0x92, 0x0D, 0x32, 0x68, 0xCB, + 0x34, 0xC6, 0xA4, 0xBB, 0x00, 0x02, 0x86, 0x9B, + 0xC0, 0x5D, 0x7C, 0x8F, 0xCC, 0x06, 0x58, 0xD4, + 0xA0, 0x1E, 0xAC, 0xD7, 0x45, 0x57, 0xA3, 0x7D, + 0x98, 0xA7, 0x63, 0x07, 0x47, 0x52, 0xDF, 0xDD, + 0x64, 0x29, 0x88, 0x1C, 0xAF, 0xF5, 0x77, 0xD3, + 0xA0, 0x48, 0x03, 0x1B, 0xD5, 0x2C, 0x4E, 0x97, + 0x26, 0x39, 0x85, 0x90, 0xF9, 0x51, 0x9F, 0xD5, + 0x94, 0x05, 0xD6, 0xB3, 0xC3, 0x07, 0xAF, 0xCB, + 0x16, 0x8A, 0x98, 0x57, 0x85, 0xD9, 0x54, 0xA6, + 0xD1, 0xDC, 0x1E, 0xA9, 0x2E, 0x1E, 0xB6, 0xF9, + 0x46, 0xA4, 0xD9, 0x9D, 0xD6, 0xCA, 0x30, 0x7A, + 0xBF, 0xD8, 0x36, 0x2F, 0xAB, 0xA9, 0x8B, 0xB2, + 0x64, 0xC6, 0x9C, 0x5F, 0x55, 0x5D, 0x60, 0x88, + 0x3C, 0xC5, 0x60, 0x19, 0xFE, 0xB4, 0xE8, 0x00, + 0x0C, 0x48, 0xB7, 0xE6, 0x8C, 0xD6, 0x67, 0xF0, + 0x0B, 0x52, 0x50, 0xCE, 0xF2, 0x93, 0xA4, 0xA9, + 0xE7, 0x78, 0x72, 0x6E, 0x62, 0xF1, 0x20, 0x36, + 0x1E, 0x21, 0xAB, 0x31, 0x40, 0x46, 0x4C, 0xDC, + 0x6A, 0xBD, 0xE9, 0xEA, 0x05, 0x19, 0x8D, 0x8B, + 0x3B, 0xB6, 0x71, 0xB9, 0x11, 0x1A, 0x2F, 0x31, + 0x75, 0x82, 0x84, 0x7C, 0xA5, 0x01, 0x56, 0x64, + 0xF2, 0x2C, 0xDB, 0x08, 0xC1, 0x43, 0x18, 0x7B, + 0xDE, 0x21, 0x29, 0xB5, 0x4F, 0x34, 0x16, 0x02, + 0x95, 0xD7, 0x5F, 0xE9, 0xA4, 0x94, 0xFD, 0x7E, + 0x67, 0xAA, 0xA7, 0x6B, 0x57, 0xAA, 0xFF, 0xD8, + 0x9D, 0x01, 0xA7, 0x1D, 0xF5, 0xC8, 0x15, 0x86, + 0x20, 0x29, 0x8D, 0x58, 0x2B, 0xBE, 0xFA, 0x6D, + 0x09, 0xAC, 0x41, 0x2A, 0x99, 0xAA, 0x3B, 0xE9, + 0xC3, 0x83, 0x50, 0x49, 0x48, 0xC4, 0x3D, 0xD5, + 0xAF, 0x41, 0x27, 0xB1, 0x43, 0x58, 0x04, 0xF4, + 0x4B, 0xAF, 0xA1, 0x42, 0xBF, 0xC2, 0xA9, 0x5D, + 0x95, 0xFB, 0x2E, 0xF0, 0x64, 0x1A, 0xBE, 0x71, + 0x06, 0x4D, 0xE5, 0x1D, 0x6B, 0x9E, 0xC5, 0x08, + 0x57, 0xB8, 0xEE, 0xF7, 0xF4, 0x80, 0x36, 0x31, + 0x3D, 0x0E, 0x93, 0x67, 0x63, 0xB8, 0xF7, 0xBD, + 0xE6, 0x9B, 0x06, 0x4D, 0xD5, 0x76, 0x1D, 0x80, + 0xEA, 0x6F, 0x1A, 0x8B, 0x37, 0x56, 0x57, 0x53, + 0xC5, 0x79, 0xBB, 0xB8, 0x95, 0xEF, 0xB9, 0xFC, + 0xB3, 0xFC, 0x5F, 0xA3, 0x36, 0x2E, 0x37, 0x74, + 0xF0, 0xF7, 0x71, 0x40, 0xB9, 0x73, 0xCA, 0xE5, + 0x87, 0xBA, 0xD2, 0xF3, 0xB5, 0x66, 0xA9, 0xC2, + 0x5A, 0x96, 0x93, 0x47, 0xE5, 0xC5, 0x4F, 0x87, + 0xF1, 0x10, 0x5E, 0x9C, 0x07, 0x48, 0x67, 0xD9, + 0x40, 0x77, 0xCC, 0xAE, 0x3A, 0xBE, 0xA5, 0x45, + 0x20, 0xED, 0xB5, 0x1D, 0x9D, 0xAA, 0xBE, 0x78, + 0x48, 0xE7, 0x8F, 0xDF, 0x66, 0xE0, 0x7E, 0x2E, + 0x22, 0xB3, 0x02, 0x51, 0x93, 0x1E, 0x89, 0x0B, + 0xAF, 0x1F, 0x5E, 0x17, 0x7D, 0x4D, 0x9C, 0xEC, + 0x9E, 0x49, 0x69, 0x48, 0x1F, 0xD7, 0xC1, 0x33, + 0x5A, 0x0E, 0xD5, 0x87, 0x9F, 0x34, 0xEF, 0x4B, + 0xB4, 0xF6, 0x6C, 0x28, 0x80, 0x3C, 0xEA, 0x16, + 0x2B, 0xA4, 0x61, 0x50, 0x6D, 0x52, 0xEB, 0x3A, + 0xE1, 0x69, 0x51, 0x92, 0x2B, 0x06, 0x82, 0x51, + 0x86, 0xC3, 0xD4, 0xCE, 0x1B, 0x51, 0xF3, 0xC9, + 0x2F, 0x3C, 0x52, 0xF2, 0xD0, 0x4D, 0x1F, 0x13, + 0xB2, 0xB1, 0x7C, 0x9E, 0xEB, 0x88, 0x2C, 0xCE, + 0x0E, 0xB8, 0x8B, 0x7E, 0xA9, 0xA1, 0xCE, 0x4E, + 0x37, 0x41, 0x5C, 0xC8, 0x4C, 0x7B, 0xC4, 0x36, + 0xA4, 0x62, 0x83, 0x86, 0xCC, 0x77, 0xD9, 0xAF, + 0xD2, 0x07, 0x91, 0x1B, 0xD9, 0xBF, 0xD8, 0xA7, + 0xFA, 0x05, 0xC2, 0x75, 0xBE, 0x0C, 0x4C, 0x6A, + 0x8F, 0xC0, 0xA6, 0x1B, 0xDA, 0x1D, 0x67, 0xAE, + 0x33, 0xB5, 0x31, 0x0B, 0xE1, 0x29, 0x0D, 0xC7, + 0x1C, 0x14, 0x18, 0xEB, 0x57, 0x44, 0xBF, 0x28, + 0x42, 0xC1, 0x65, 0x21, 0x73, 0xA4, 0x9A, 0x69, + 0x2E, 0x71, 0xFE, 0x43, 0x25, 0x8A, 0x20, 0x5B, + 0x3C, 0xAA, 0xB9, 0x0C, 0x03, 0x04, 0xA5, 0x1E, + 0x77, 0xD0, 0x1B, 0x40, 0x4A, 0x01, 0xFA, 0xE2, + 0xF8, 0x3A, 0xB8, 0x0C, 0x5D, 0xBF, 0x6C, 0xF5, + 0x18, 0xC0, 0x01, 0xF4, 0x6A, 0x63, 0x3F, 0xA1, + 0x69, 0xB1, 0xBD, 0xB7, 0x7A, 0x9D, 0x0B, 0x1E, + 0x0C, 0x00, 0x78, 0x35, 0xC0, 0x9F, 0x6A, 0xBB, + 0xA9, 0x6F, 0x3F, 0x53, 0x56, 0x4D, 0xA5, 0x08, + 0xEE, 0x88, 0x61, 0xA4, 0x83, 0xA8, 0x17, 0x49, + 0xD4, 0xA4, 0x46, 0x72, 0xB1, 0xEF, 0x16, 0x05, + 0xF2, 0x9D, 0x16, 0x8B, 0x74, 0xB7, 0x36, 0xB4, + 0xF1, 0x35, 0x01, 0xD7, 0xAD, 0x12, 0x13, 0x11, + 0x8A, 0x78, 0x32, 0xE6, 0x66, 0xA5, 0x0B, 0xE8, + 0x01, 0x0D, 0x54, 0x32, 0x2A, 0x52, 0x6C, 0xF7, + 0xA4, 0xE5, 0x43, 0xA7, 0x9D, 0x0D, 0x98, 0xE0, + 0x04, 0xFB, 0xEC, 0x76, 0xEA, 0x3F, 0x7E, 0x88, + 0x7B, 0xDB, 0xAF, 0x50, 0xDA, 0xDF, 0xDD, 0xDF, + 0x3F, 0xFE, 0xCF, 0x6D, 0x3F, 0x77, 0xEA, 0x4B, + 0x9B, 0x16, 0xDC, 0x75, 0x4F, 0x4A, 0x68, 0xE5, + 0xEF, 0x32, 0xF6, 0xA1, 0x37, 0xE7, 0xC9, 0xE3, + 0xC3, 0xE8, 0xC2, 0xE2, 0x36, 0xC7, 0xEB, 0xC4, + 0x5D, 0x46, 0xEC, 0x16, 0x77, 0xA5, 0xA8, 0xBB, + 0x26, 0x68, 0x44, 0x3B, 0x0B, 0xE8, 0x69, 0x3D, + 0xC2, 0x57, 0xF1, 0x3D, 0x8B, 0x9A, 0x90, 0x10, + 0x0B, 0x92, 0xB4, 0xD1, 0x76, 0x1B, 0x81, 0x96, + 0x73, 0x83, 0x2C, 0x32, 0x02, 0x06, 0x71, 0xBF, + 0xB3, 0xD0, 0x22, 0x0A, 0x36, 0x3E, 0x4B, 0xED, + 0x6D, 0x64, 0x9D, 0x3F, 0x73, 0x68, 0xCF, 0xE0, + 0x81, 0xE1, 0x96, 0xA4, 0x3D, 0x47, 0x08, 0x79, + 0x8E, 0x31, 0xBB, 0x2A, 0x2F, 0x61, 0x82, 0x46, + 0x74, 0xAB, 0xA2, 0xFC, 0x9D, 0xCD, 0x05, 0xDB, + 0x84, 0xB8, 0x62, 0x7A, 0xE1, 0x14, 0x88, 0x88, + 0x6F, 0x92, 0x1B, 0xC7, 0x9A, 0xE1, 0xFD, 0x03 + }; + static const byte k_768[KYBER_SS_SZ] = { + 0x61, 0x6E, 0x0B, 0x75, 0x3A, 0x3B, 0x7F, 0x40, + 0xFE, 0xF9, 0xA3, 0x89, 0xF5, 0x8F, 0x16, 0xBF, + 0xBB, 0x04, 0x62, 0x29, 0x41, 0xD2, 0x46, 0x4B, + 0xDA, 0xE7, 0x67, 0x82, 0x0D, 0xFA, 0xC3, 0x8E + }; #endif - ExpectIntEQ(ret, 0); - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), - 0); - DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#ifndef WOLFSSL_NO_KYBER1024 + static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { + 0x27, 0x66, 0x9A, 0x66, 0x76, 0x67, 0xB8, 0xD5, + 0x46, 0x68, 0x58, 0x60, 0x22, 0x60, 0x11, 0x5B, + 0x62, 0x09, 0xBC, 0x2C, 0x45, 0xDF, 0x7A, 0x4E, + 0x64, 0x93, 0x2B, 0x75, 0xC7, 0x8B, 0x9F, 0x70, + 0x83, 0xF1, 0x31, 0xBC, 0xD4, 0xE2, 0x0E, 0xFF, + 0x8C, 0xCF, 0x69, 0x73, 0x6B, 0xDB, 0xC8, 0x84, + 0x06, 0xF9, 0xB6, 0x9A, 0xD3, 0xCE, 0x35, 0x6A, + 0x0F, 0x5E, 0x67, 0x6D, 0xD0, 0xA7, 0xC4, 0xAB, + 0xB1, 0xA1, 0xC9, 0xD6, 0x20, 0x21, 0xBB, 0x38, + 0x4A, 0x40, 0x14, 0xFB, 0x04, 0xCD, 0x2F, 0x82, + 0x18, 0x90, 0xD9, 0x04, 0x27, 0xC4, 0x9F, 0x4A, + 0x62, 0x8E, 0xCE, 0xC2, 0x73, 0x1F, 0xAC, 0x02, + 0x52, 0x37, 0x36, 0x0D, 0x58, 0x2C, 0xD0, 0x66, + 0x47, 0xB1, 0x10, 0x9A, 0xA6, 0xC2, 0xAC, 0x5D, + 0x43, 0x37, 0x58, 0xC1, 0xCA, 0xA5, 0x35, 0x55, + 0xFF, 0xF5, 0x77, 0xEB, 0xB5, 0x21, 0xFB, 0xE3, + 0x2D, 0x10, 0xF7, 0x90, 0x60, 0x4C, 0x53, 0xC2, + 0xF8, 0x2C, 0x17, 0xB0, 0x8E, 0xF3, 0x62, 0x56, + 0x74, 0x21, 0x48, 0x44, 0x90, 0x6D, 0xB3, 0xFB, + 0x95, 0x20, 0x03, 0x14, 0x22, 0xA1, 0x3B, 0xD7, + 0x61, 0x2D, 0x42, 0x01, 0xC2, 0x7D, 0x15, 0xB9, + 0xD1, 0x94, 0x83, 0x0C, 0xC3, 0x66, 0x9B, 0xB8, + 0xBA, 0x34, 0xC2, 0x52, 0x37, 0x64, 0x41, 0x39, + 0x71, 0xC4, 0x0D, 0x84, 0xAE, 0xE6, 0x56, 0x75, + 0xD5, 0x21, 0x53, 0x09, 0xDA, 0x83, 0x67, 0xF0, + 0x01, 0x49, 0x75, 0x46, 0xEC, 0xE0, 0x7C, 0xBF, + 0x00, 0x2D, 0x78, 0x1B, 0x83, 0x06, 0x82, 0x48, + 0x40, 0x80, 0xAD, 0x6F, 0x95, 0x58, 0xB3, 0x6B, + 0x6B, 0xF6, 0x10, 0x91, 0x71, 0x30, 0xB7, 0x41, + 0x9B, 0x39, 0xF8, 0x50, 0x29, 0x62, 0x12, 0x64, + 0xCF, 0x2C, 0x8A, 0xE4, 0xD8, 0x08, 0x38, 0x7B, + 0x20, 0xCC, 0x5A, 0xA0, 0xB9, 0x69, 0xC3, 0x9B, + 0xC8, 0x0E, 0x6C, 0xB9, 0xCA, 0x03, 0x51, 0xA3, + 0xF6, 0x0A, 0xCE, 0xAF, 0x12, 0xBD, 0x41, 0xFA, + 0x09, 0x96, 0xE3, 0x99, 0x06, 0xA9, 0xB6, 0x16, + 0x97, 0xB7, 0x47, 0xC2, 0x03, 0x1C, 0x76, 0x02, + 0x88, 0x36, 0x44, 0x57, 0x42, 0x5B, 0xBB, 0xB4, + 0x0F, 0x48, 0x98, 0xAD, 0x08, 0x58, 0x76, 0x60, + 0x8A, 0x77, 0xA5, 0xEB, 0x9D, 0x12, 0x4B, 0xC9, + 0x92, 0x26, 0x51, 0xB7, 0x63, 0x95, 0x88, 0x15, + 0x58, 0xCA, 0xD0, 0x6F, 0x3C, 0x4B, 0xCF, 0x08, + 0xE4, 0x5B, 0x67, 0xBA, 0x51, 0x60, 0x38, 0xA3, + 0x64, 0xB7, 0x74, 0x0E, 0x97, 0x40, 0xEE, 0x2B, + 0x93, 0xC5, 0xC6, 0x5F, 0x49, 0x02, 0x0A, 0xD4, + 0x2B, 0x3C, 0x0A, 0xEA, 0x5B, 0xF2, 0x42, 0xA4, + 0xF1, 0xB0, 0x89, 0xB5, 0xA3, 0x45, 0x8B, 0xE8, + 0xA3, 0x71, 0xCA, 0x1F, 0x29, 0x3C, 0x53, 0xF2, + 0x78, 0x0E, 0xCE, 0x28, 0x12, 0x93, 0xD9, 0x91, + 0xE6, 0xE5, 0x79, 0x04, 0x2B, 0xAB, 0xC1, 0x69, + 0x72, 0x4F, 0x10, 0x68, 0x1F, 0xD1, 0xC7, 0xD2, + 0xFB, 0x16, 0x48, 0xB0, 0xBF, 0x80, 0x81, 0x8A, + 0x7D, 0xD3, 0xB7, 0x09, 0x73, 0x4D, 0x38, 0x97, + 0x2E, 0x3E, 0x44, 0x87, 0x5A, 0xF0, 0x92, 0x7A, + 0x9A, 0xAD, 0xE8, 0x26, 0x13, 0xFC, 0xA0, 0x5E, + 0xE5, 0xB3, 0x21, 0x06, 0x47, 0xA5, 0x63, 0x2A, + 0xA1, 0x70, 0xD0, 0x9E, 0x70, 0xB5, 0x6A, 0x2F, + 0x04, 0x33, 0x7A, 0x33, 0x7E, 0xE9, 0x52, 0x38, + 0x3A, 0x1A, 0x8A, 0xEE, 0xA6, 0xCD, 0xB9, 0x0C, + 0xCD, 0x86, 0xA8, 0x18, 0xD1, 0xBB, 0x39, 0x46, + 0x5B, 0xA3, 0x13, 0xD2, 0x66, 0xBB, 0xB1, 0x05, + 0x81, 0xFA, 0x18, 0x7D, 0x92, 0x6A, 0xC3, 0xA8, + 0xB7, 0x49, 0xF6, 0x44, 0x45, 0xFA, 0xB5, 0x6C, + 0x99, 0x27, 0x55, 0x57, 0x93, 0xFB, 0x4A, 0xCF, + 0xB0, 0x39, 0xB1, 0xAA, 0x54, 0x3B, 0x1B, 0x87, + 0xAE, 0x6A, 0x49, 0xAB, 0x56, 0x29, 0x33, 0xC4, + 0xC9, 0x7B, 0xD7, 0x4C, 0x07, 0xBF, 0x29, 0x85, + 0x1A, 0x46, 0x98, 0x51, 0xA9, 0x82, 0x59, 0x55, + 0x96, 0xFE, 0x7A, 0xCA, 0xE0, 0xDB, 0x23, 0x53, + 0x30, 0x28, 0xAA, 0x34, 0x67, 0x6F, 0x7A, 0x9B, + 0x29, 0x26, 0x3E, 0x7A, 0xA2, 0x79, 0x00, 0x10, + 0x4B, 0x1B, 0xA1, 0xB5, 0x67, 0x47, 0x39, 0xB2, + 0xFC, 0x4E, 0xD8, 0xA3, 0x30, 0xBB, 0xA5, 0xA0, + 0xB6, 0x24, 0x7C, 0x63, 0xF1, 0x15, 0x3D, 0xA0, + 0x1D, 0xC8, 0xF6, 0x16, 0xF1, 0x04, 0x83, 0xA6, + 0x93, 0xA6, 0x34, 0xC1, 0xBA, 0x6A, 0xE1, 0xAB, + 0x2F, 0x16, 0x34, 0x00, 0xBB, 0x57, 0x71, 0xE7, + 0x01, 0x71, 0xFC, 0xB5, 0x41, 0x55, 0xAB, 0xFC, + 0xB2, 0x04, 0x4F, 0xCB, 0x30, 0xBA, 0xD6, 0x7F, + 0x74, 0x21, 0x83, 0x86, 0x18, 0x19, 0xED, 0xB1, + 0xAA, 0x6C, 0x77, 0x1F, 0xC8, 0xE1, 0x1A, 0x92, + 0xE0, 0x8B, 0x71, 0xF4, 0x0D, 0x03, 0x6C, 0x15, + 0xD2, 0x89, 0x6A, 0x20, 0x47, 0x25, 0xBA, 0x90, + 0xA0, 0x3B, 0x47, 0x8D, 0x98, 0xC4, 0x90, 0x84, + 0x38, 0x2F, 0x1D, 0x22, 0x3F, 0xE1, 0x29, 0x80, + 0xE9, 0x47, 0xA4, 0x15, 0xE5, 0x5F, 0xE6, 0x7B, + 0x85, 0xDA, 0x40, 0x44, 0x13, 0x42, 0x44, 0x5B, + 0x46, 0xC2, 0xFC, 0x42, 0x02, 0x0D, 0x04, 0x76, + 0x9A, 0x2A, 0x1C, 0x64, 0x64, 0x1F, 0x0C, 0x36, + 0x63, 0x6B, 0xA6, 0xC4, 0x65, 0x2B, 0x26, 0x7A, + 0x4B, 0x92, 0x19, 0xE3, 0x33, 0xA0, 0x68, 0x17, + 0xB5, 0x81, 0x7B, 0x6E, 0x6C, 0xC4, 0x85, 0xE3, + 0x52, 0x61, 0x41, 0x69, 0xAB, 0xC2, 0x0E, 0x18, + 0x91, 0xB7, 0xA0, 0x00, 0xC5, 0x2A, 0xF1, 0x5A, + 0x7B, 0x90, 0x4C, 0x97, 0x6C, 0x1B, 0xFD, 0x3A, + 0x23, 0x77, 0xEB, 0x76, 0xB5, 0x50, 0x33, 0xC7, + 0xC4, 0xC6, 0x9E, 0x71, 0x74, 0xAA, 0xF2, 0x77, + 0x15, 0x75, 0x63, 0x16, 0xCA, 0xCC, 0xCE, 0x63, + 0xA5, 0xA2, 0x24, 0x35, 0xC7, 0xD1, 0x02, 0x04, + 0x43, 0xAA, 0x71, 0x69, 0x3B, 0xF0, 0x62, 0x30, + 0x3D, 0x13, 0x33, 0x1F, 0x79, 0x54, 0x24, 0xC2, + 0x0D, 0x26, 0x6C, 0x1D, 0x90, 0x30, 0x5F, 0xC8, + 0xC2, 0x53, 0x66, 0x84, 0xA9, 0x3D, 0x50, 0x6D, + 0xE6, 0x32, 0x9B, 0x61, 0x62, 0x40, 0x59, 0x99, + 0xBD, 0x5C, 0xAA, 0x7D, 0xDB, 0x96, 0x13, 0xC8, + 0x23, 0x8C, 0xC6, 0xD3, 0x35, 0xA1, 0xEB, 0x40, + 0x82, 0xE7, 0x71, 0x0D, 0x07, 0x9F, 0x87, 0xA4, + 0xBF, 0xF6, 0x47, 0x8B, 0x5F, 0x0C, 0x58, 0x77, + 0x86, 0xAF, 0x42, 0x71, 0x92, 0xD9, 0xA3, 0x4A, + 0x4F, 0xA3, 0x3B, 0xF0, 0xD3, 0xCC, 0x58, 0xFB, + 0x46, 0x3B, 0x48, 0x38, 0xCA, 0x2C, 0x33, 0x7E, + 0x65, 0x39, 0x7D, 0xA1, 0x56, 0x90, 0xC5, 0x2A, + 0xC0, 0xE5, 0x46, 0x8B, 0xDC, 0x03, 0xDF, 0x5A, + 0x62, 0xF7, 0x02, 0x09, 0x34, 0xE2, 0x67, 0xE0, + 0xF7, 0xCF, 0x95, 0x59, 0x94, 0x35, 0xF9, 0x52, + 0xFA, 0xB7, 0x4C, 0xFE, 0xB4, 0x30, 0x8B, 0x17, + 0x3F, 0x12, 0xE0, 0x73, 0xF7, 0xF0, 0x40, 0xDB, + 0x4C, 0x63, 0xC1, 0xC4, 0x8A, 0x7B, 0x7A, 0x41, + 0xF4, 0x77, 0x9A, 0x6B, 0x57, 0xA9, 0x22, 0xC9, + 0x70, 0x77, 0x11, 0x80, 0x00, 0x84, 0x93, 0xD4, + 0xC7, 0x68, 0x05, 0x40, 0x0B, 0x7C, 0x66, 0x4D, + 0x0B, 0x92, 0xB2, 0x2C, 0x49, 0x55, 0x1B, 0x12, + 0x47, 0xE6, 0x2C, 0x85, 0xE1, 0xE5, 0x40, 0xC8, + 0x20, 0x93, 0x37, 0x10, 0x13, 0xC4, 0x67, 0x6C, + 0xEA, 0xD7, 0x7C, 0x5F, 0x30, 0x64, 0xA3, 0x73, + 0x49, 0xC7, 0x16, 0x5E, 0xB3, 0xAA, 0x7D, 0xEF, + 0x87, 0x31, 0xE9, 0xD6, 0x6A, 0x56, 0x36, 0x8F, + 0x19, 0x5C, 0x04, 0x5B, 0x2A, 0x50, 0xE5, 0x97, + 0x86, 0x16, 0x1A, 0x63, 0x0D, 0x28, 0x00, 0x89, + 0x80, 0x12, 0x98, 0xC1, 0x30, 0xE4, 0x48, 0x31, + 0x50, 0xCA, 0x91, 0x52, 0xC2, 0xA0, 0xF2, 0x47, + 0x75, 0x0C, 0x06, 0x22, 0x59, 0xB8, 0x4C, 0x28, + 0x23, 0x6C, 0x3F, 0xB5, 0x46, 0x25, 0xD5, 0xCD, + 0xBE, 0xCC, 0x68, 0xDB, 0xA2, 0x2F, 0xB1, 0x55, + 0x80, 0x55, 0xFB, 0x9B, 0x24, 0x35, 0x01, 0xC7, + 0x58, 0x51, 0xE7, 0x6A, 0xBE, 0x48, 0x47, 0xB9, + 0xB9, 0x72, 0xA7, 0x34, 0x11, 0xA6, 0xB4, 0x28, + 0x2B, 0xF5, 0x98, 0x3A, 0x82, 0xDA, 0x74, 0x13, + 0xE5, 0x4B, 0xA3, 0x5B, 0xAB, 0x37, 0xA9, 0xB3, + 0xC6, 0x28, 0x84, 0xB6, 0x43, 0xC1, 0x34, 0x16, + 0x5C, 0x98, 0x70, 0xC6, 0xBB, 0x39, 0x0F, 0x6B, + 0x7A, 0x1E, 0x57, 0x45, 0x15, 0x8F, 0xB2, 0x51, + 0xD6, 0x90, 0x94, 0x33, 0x55, 0x1F, 0xEB, 0xD3, + 0x0B, 0xA5, 0x75, 0xA1, 0xE2, 0xF1, 0x09, 0x58, + 0x49, 0x8D, 0x9F, 0x14, 0x7E, 0xD9, 0x53, 0x13, + 0x22, 0xA1, 0x60, 0x97, 0xF5, 0x5D, 0x81, 0x17, + 0x95, 0x45, 0x79, 0x12, 0x91, 0x2B, 0x1C, 0x65, + 0xF3, 0x80, 0x25, 0x42, 0x9B, 0x3E, 0x76, 0x4A, + 0x2E, 0x1A, 0xBC, 0x4E, 0x30, 0xC2, 0x88, 0x08, + 0x27, 0x42, 0x99, 0x55, 0x90, 0x98, 0x1C, 0x43, + 0xDB, 0xB3, 0x65, 0x96, 0x6B, 0xCB, 0x97, 0x20, + 0xB1, 0x78, 0xC5, 0xEB, 0x96, 0x3B, 0x82, 0x93, + 0x4C, 0x02, 0x81, 0x4B, 0x75, 0x25, 0x54, 0x6D, + 0xB7, 0xC9, 0x6D, 0x65, 0x82, 0x2E, 0x49, 0x42, + 0xE4, 0xA4, 0xAC, 0x13, 0xC9, 0x94, 0x90, 0xE7, + 0xAB, 0x4A, 0x70, 0x23, 0x71, 0xF2, 0x13, 0x16, + 0xA5, 0x79, 0x06, 0xB1, 0x92, 0x58, 0x42, 0x88, + 0x01, 0x19, 0x25, 0x67, 0xC2, 0x04, 0x5B, 0xF8, + 0x77, 0x5C, 0xF5, 0x8C, 0x5D, 0xB2, 0x8B, 0xA1, + 0xB0, 0x5E, 0x04, 0x2A, 0x18, 0x59, 0xE6, 0x42, + 0x86, 0xB5, 0xB1, 0x14, 0xF3, 0x9F, 0xCA, 0xCC, + 0x12, 0x7B, 0xE6, 0x3D, 0xFF, 0x59, 0x0B, 0xC1, + 0x84, 0xB8, 0x3B, 0x16, 0x8C, 0x30, 0x19, 0x98, + 0x90, 0x37, 0x41, 0x00, 0xE4, 0x0D, 0x2F, 0xC7, + 0x75, 0x2B, 0x14, 0x30, 0x35, 0x50, 0x22, 0xF3, + 0xD5, 0x89, 0x25, 0xD1, 0x99, 0x1B, 0xF3, 0xB9, + 0x8A, 0x90, 0x39, 0x5F, 0x85, 0x79, 0x64, 0x6C, + 0x84, 0x13, 0xBA, 0xB3, 0xC0, 0xC0, 0x70, 0x7A, + 0x23, 0x8A, 0x27, 0xD0, 0x9F, 0xA5, 0x7A, 0x32, + 0xFF, 0x85, 0x39, 0x2F, 0xD0, 0x8C, 0x2F, 0x22, + 0x86, 0xAB, 0xDB, 0x2B, 0x69, 0x36, 0xB9, 0xD3, + 0x50, 0x38, 0x02, 0xC6, 0xB5, 0x1E, 0x41, 0x5B, + 0x81, 0x67, 0x3C, 0xC7, 0x80, 0x54, 0xF1, 0xB2, + 0xC4, 0xBD, 0xFA, 0x73, 0x3E, 0x52, 0x64, 0xC5, + 0x5A, 0x7C, 0x4D, 0xA5, 0xB7, 0x39, 0x44, 0x40, + 0x24, 0x62, 0x03, 0x3D, 0x08, 0xAE, 0x62, 0x0B, + 0xD0, 0x56, 0x44, 0xB4, 0x77, 0xAB, 0x31, 0x5E, + 0x93, 0x6D, 0x3F, 0x25, 0xB5, 0xBA, 0x7A, 0xC1, + 0x9E, 0xB5, 0x59, 0xA5, 0xC1, 0x19, 0x5F, 0x56, + 0x8B, 0x31, 0x3C, 0x26, 0x75, 0x09, 0x2E, 0x6D, + 0xF5, 0x8F, 0xF3, 0x99, 0xC4, 0x2C, 0xAB, 0x63, + 0x63, 0xAA, 0x03, 0x36, 0x91, 0xCB, 0x8C, 0xE0, + 0x66, 0x99, 0xE7, 0x01, 0xF2, 0xB9, 0x25, 0x97, + 0xCB, 0x8F, 0xC2, 0x35, 0x16, 0xE9, 0xF4, 0x0C, + 0xE7, 0x5B, 0x7B, 0xC1, 0xE0, 0x52, 0x0A, 0x5A, + 0x38, 0x95, 0xEB, 0x7D, 0x8D, 0x47, 0x40, 0x09, + 0xA0, 0xCB, 0x0A, 0xDC, 0x2D, 0xF4, 0x76, 0xB5, + 0x16, 0x41, 0x12, 0xC3, 0xB6, 0x00, 0xB6, 0x77, + 0x6D, 0xAB, 0x49, 0xB2, 0x03, 0x81, 0xA4, 0x01, + 0x46, 0x91, 0x65, 0x2A, 0x3C, 0x31, 0x61, 0xAA, + 0xC6, 0x61, 0x6C, 0xFA, 0xA2, 0x65, 0x63, 0x8C, + 0x6C, 0x66, 0x5A, 0x84, 0x54, 0xF3, 0x67, 0x80, + 0xB7, 0x89, 0xCF, 0xA3, 0x5D, 0x2A, 0xF4, 0x9E, + 0x6D, 0x5F, 0x48, 0x2B, 0xFA, 0x3C, 0x86, 0x4B, + 0x0E, 0xF2, 0x9E, 0x18, 0xD2, 0xEF, 0xFF, 0x92, + 0xDB, 0x18, 0x76, 0xA2, 0x20, 0x76, 0xAB, 0x1A, + 0xAC, 0x0A, 0x73, 0x93, 0xED, 0x9E, 0x5A, 0x48 + }; + static const byte seed_1024[KYBER_ENC_RAND_SZ] = { + 0x03, 0x4F, 0xF1, 0x4A, 0x56, 0x24, 0x9C, 0x25, + 0x21, 0xD4, 0x27, 0x9E, 0xBA, 0x3D, 0x04, 0x93, + 0x1C, 0xC8, 0x92, 0xBB, 0xC4, 0x50, 0x02, 0xB5, + 0xB3, 0x3D, 0x9F, 0x01, 0x88, 0xAC, 0xBA, 0xF6 + }; + static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { + 0x8D, 0x4E, 0x2C, 0xB3, 0x9F, 0xFD, 0xE4, 0x31, + 0x1A, 0xEE, 0xDB, 0x23, 0x38, 0xBF, 0x58, 0xCE, + 0x11, 0xFA, 0xDA, 0xBD, 0xC9, 0x81, 0x3A, 0x32, + 0x19, 0x30, 0xF4, 0x67, 0x56, 0xDD, 0x13, 0xA8, + 0xE7, 0x91, 0x9F, 0xAC, 0x4F, 0x59, 0xCC, 0x9F, + 0x8B, 0x91, 0xC8, 0x33, 0xB3, 0xB3, 0xF9, 0x1A, + 0xDC, 0x6F, 0x9F, 0xBD, 0xBD, 0xE2, 0xF7, 0xDA, + 0xE8, 0x84, 0x1B, 0xE5, 0x23, 0x8B, 0x98, 0x50, + 0xA5, 0xEE, 0xBE, 0x67, 0x5D, 0xDE, 0xF4, 0x2A, + 0x93, 0x14, 0xF6, 0x90, 0x59, 0x5D, 0x51, 0x52, + 0x3E, 0x81, 0x17, 0xF2, 0x22, 0x66, 0x03, 0x4F, + 0x09, 0xB7, 0x7D, 0x99, 0x1E, 0xE5, 0x75, 0x80, + 0x2A, 0xFE, 0x44, 0x63, 0x74, 0xEB, 0x3D, 0x9E, + 0x1B, 0xEB, 0x8F, 0x25, 0x04, 0x9C, 0x6E, 0xFA, + 0x96, 0x32, 0x73, 0x66, 0xC0, 0x24, 0xCD, 0xFB, + 0xE8, 0xDC, 0x27, 0xEF, 0x56, 0x49, 0x2C, 0x90, + 0x40, 0x9E, 0x87, 0x13, 0x9C, 0x60, 0x88, 0x48, + 0x8E, 0x17, 0xB8, 0x2D, 0x15, 0x56, 0xC2, 0x51, + 0x31, 0xAC, 0xEE, 0x7D, 0xAF, 0xFE, 0x2D, 0x43, + 0x7C, 0xEC, 0x34, 0x41, 0xBB, 0xBB, 0xAB, 0x80, + 0xC4, 0xBF, 0x17, 0x7E, 0x65, 0x3A, 0xE0, 0x83, + 0x1C, 0x9B, 0x4C, 0xEB, 0x70, 0x50, 0x57, 0x27, + 0xD6, 0x3C, 0x4D, 0x47, 0x4F, 0xED, 0xC5, 0x20, + 0x19, 0xBE, 0x41, 0x1C, 0x9A, 0x43, 0xB8, 0x71, + 0x70, 0xF5, 0x89, 0x3F, 0x06, 0xEC, 0xD8, 0xD7, + 0x82, 0x06, 0x3D, 0xF8, 0x93, 0xA1, 0xB6, 0x82, + 0x24, 0x6D, 0x1C, 0x64, 0xF8, 0xF5, 0xA8, 0xC6, + 0xFC, 0xDF, 0x07, 0x92, 0x7F, 0x4D, 0x5B, 0x7A, + 0x39, 0x7F, 0xBC, 0xBD, 0x07, 0x50, 0x45, 0xDF, + 0x2C, 0x4A, 0x36, 0xF5, 0x30, 0x4C, 0x95, 0xF4, + 0x4A, 0xF9, 0x27, 0xAE, 0x91, 0x66, 0x42, 0x0B, + 0x39, 0x44, 0x87, 0x94, 0xF5, 0xB3, 0xC3, 0x52, + 0x27, 0xC3, 0xC9, 0xDF, 0x92, 0x56, 0x02, 0xA1, + 0xAC, 0x98, 0xF8, 0x51, 0xAA, 0xDB, 0x65, 0xC9, + 0x3F, 0xDD, 0x63, 0x27, 0xAE, 0xD8, 0xAE, 0x41, + 0x29, 0x72, 0x44, 0x36, 0xA3, 0x3A, 0xA0, 0x8A, + 0xA5, 0x66, 0x08, 0x85, 0x5F, 0xF8, 0x0A, 0xAA, + 0x42, 0xAC, 0xA4, 0x56, 0x2B, 0x2D, 0x78, 0xDB, + 0xBD, 0x2F, 0x91, 0xAE, 0xF2, 0x51, 0x56, 0x6B, + 0x8C, 0x6F, 0x98, 0x21, 0x37, 0x84, 0xC9, 0x9D, + 0xD7, 0xD7, 0x1F, 0x49, 0x55, 0x64, 0xC9, 0x08, + 0x50, 0x1E, 0x35, 0xE3, 0xBF, 0xBB, 0x67, 0x5C, + 0xCB, 0x66, 0x63, 0x52, 0x87, 0xCB, 0x64, 0x66, + 0xE6, 0xE3, 0x8E, 0xA8, 0xAB, 0x11, 0xCE, 0x7E, + 0xC6, 0x0B, 0xED, 0x86, 0x20, 0xB3, 0xDC, 0xD6, + 0x94, 0x3D, 0x12, 0x79, 0xA4, 0x1F, 0x93, 0xA8, + 0x7F, 0xA3, 0x59, 0xE5, 0x13, 0xC8, 0x1D, 0xE9, + 0x18, 0xDA, 0x88, 0x32, 0x2B, 0x1B, 0x08, 0x81, + 0x40, 0xE0, 0x74, 0xBE, 0x39, 0xBC, 0x17, 0xE3, + 0xC5, 0x1A, 0xB7, 0x19, 0xDF, 0x6E, 0x42, 0x6D, + 0x64, 0xFF, 0x94, 0xB8, 0x66, 0x2B, 0x9D, 0xD2, + 0x6A, 0x32, 0xA3, 0xC3, 0x68, 0x7B, 0xF9, 0x29, + 0x4C, 0x53, 0x7A, 0x22, 0x68, 0xF9, 0xDE, 0xD3, + 0x80, 0xCC, 0x8A, 0x0F, 0x11, 0x27, 0xEE, 0x5A, + 0x32, 0x2B, 0x4D, 0xF2, 0x4D, 0x87, 0xFB, 0xCE, + 0x76, 0xF5, 0x60, 0xB0, 0x37, 0xC6, 0x59, 0xB6, + 0xFB, 0x15, 0xC1, 0x56, 0x07, 0x1A, 0xED, 0xC2, + 0x6E, 0xF1, 0x11, 0x40, 0xDE, 0x88, 0xD0, 0x8D, + 0x46, 0x3E, 0xA0, 0xEA, 0xF0, 0x80, 0xA0, 0xB2, + 0xE6, 0x27, 0xD9, 0xFF, 0x1D, 0x56, 0xC5, 0x02, + 0x33, 0x55, 0x24, 0x26, 0x97, 0x27, 0xA0, 0x32, + 0xDA, 0xCD, 0x16, 0x54, 0x3A, 0xDA, 0x83, 0x42, + 0xCD, 0x6C, 0xB4, 0x0E, 0x72, 0x28, 0x59, 0x2C, + 0x35, 0x74, 0xD9, 0x82, 0xE0, 0xB9, 0x14, 0x5E, + 0xB8, 0x65, 0xDB, 0x2E, 0xE7, 0x81, 0x07, 0x26, + 0xA9, 0x16, 0xB8, 0x37, 0xCA, 0x4F, 0x14, 0xC2, + 0xCB, 0x9E, 0x95, 0x1B, 0xDE, 0x76, 0xBE, 0x16, + 0xB8, 0xB1, 0xCD, 0xC2, 0xEE, 0xCD, 0xC0, 0x69, + 0x49, 0xB8, 0xBE, 0xB1, 0x17, 0x86, 0xB8, 0xF2, + 0x5F, 0x4C, 0x9A, 0xFA, 0x55, 0x97, 0xCE, 0xB1, + 0xD8, 0x5F, 0xC9, 0xB9, 0xC9, 0x1D, 0xC6, 0x19, + 0x66, 0xF3, 0x96, 0x09, 0x1E, 0x54, 0xC9, 0x6C, + 0x97, 0xA4, 0x30, 0x0E, 0x99, 0xFD, 0x9F, 0x75, + 0x2C, 0x0B, 0xEF, 0x5D, 0x88, 0xCA, 0xFB, 0xDC, + 0xB3, 0x99, 0x3F, 0xCF, 0x6C, 0x7A, 0x8C, 0x55, + 0x19, 0xFC, 0xEC, 0xB6, 0xA7, 0x91, 0x17, 0xE9, + 0xB5, 0x21, 0x68, 0x01, 0x97, 0xD8, 0xA9, 0x1A, + 0xB7, 0x5F, 0x18, 0x14, 0xDB, 0xC5, 0x80, 0x75, + 0xEF, 0x4F, 0x07, 0x98, 0x7A, 0xBC, 0x56, 0xA7, + 0x5D, 0xA4, 0x41, 0x6E, 0xDB, 0x9D, 0x6F, 0x3D, + 0x77, 0x1A, 0xD3, 0x40, 0xD5, 0xCB, 0xCF, 0xC0, + 0xE5, 0x71, 0xFA, 0x70, 0xAA, 0xC1, 0xC7, 0xDB, + 0xBB, 0x5F, 0x5C, 0x5E, 0x1D, 0x8B, 0x10, 0x36, + 0xF5, 0xA6, 0xFC, 0xFD, 0x06, 0x25, 0xAB, 0x5B, + 0xBD, 0xA5, 0x71, 0x83, 0x9C, 0x58, 0x35, 0xDD, + 0x69, 0x79, 0x77, 0x8F, 0x59, 0xD3, 0x48, 0x68, + 0x4F, 0xA6, 0xCF, 0xC2, 0xA6, 0x25, 0x35, 0xB4, + 0x7F, 0xAD, 0x7F, 0x97, 0xB5, 0x21, 0x88, 0x72, + 0xD5, 0x2D, 0xCA, 0xCE, 0x9D, 0x3C, 0x1B, 0x11, + 0x62, 0x8D, 0x35, 0x2A, 0xD8, 0x21, 0x90, 0x0F, + 0x44, 0xE1, 0x4B, 0x64, 0x7F, 0x6B, 0xFA, 0x70, + 0xF6, 0x46, 0xB5, 0xC7, 0xAF, 0x53, 0x13, 0x17, + 0x7A, 0x10, 0x95, 0x49, 0x44, 0x22, 0x91, 0x53, + 0xA4, 0x49, 0xFC, 0xF8, 0x9A, 0x62, 0x63, 0xBD, + 0xBF, 0x85, 0x56, 0xE9, 0x81, 0xE5, 0xD6, 0x25, + 0x13, 0x40, 0xF9, 0xF4, 0x3C, 0x66, 0x92, 0x03, + 0x0F, 0xB9, 0x60, 0x5B, 0xB9, 0x9F, 0x33, 0xE9, + 0x6F, 0x06, 0xD1, 0xE4, 0xE6, 0xAB, 0xBE, 0x65, + 0xE1, 0x46, 0x96, 0xD5, 0x30, 0xF1, 0xB5, 0x25, + 0xFF, 0xF8, 0x7D, 0x54, 0xC1, 0xAC, 0x2F, 0x5E, + 0x96, 0x4D, 0x46, 0xEE, 0x37, 0xF4, 0x04, 0x5B, + 0x54, 0xE6, 0x09, 0x8F, 0x76, 0xB2, 0x8E, 0xAF, + 0x69, 0xE9, 0x98, 0x88, 0x8D, 0x25, 0xE0, 0x21, + 0xA5, 0x38, 0xFD, 0x19, 0x56, 0xA7, 0xFC, 0x30, + 0xAE, 0x83, 0xF8, 0xBA, 0x99, 0x47, 0xF8, 0x64, + 0xFD, 0x59, 0x73, 0x1A, 0x6F, 0xBB, 0x40, 0x2A, + 0xF2, 0x99, 0x0E, 0x1E, 0xD2, 0xD5, 0x6B, 0xF6, + 0x2A, 0xA6, 0xCE, 0xAE, 0x6F, 0x76, 0x9D, 0x2D, + 0x0C, 0x6C, 0x31, 0x3D, 0x7A, 0xAF, 0x97, 0x4E, + 0x69, 0xDC, 0x02, 0xCC, 0x43, 0x18, 0xB9, 0x45, + 0x7B, 0x8C, 0xC4, 0x06, 0x56, 0xAB, 0x7B, 0x61, + 0x34, 0xDE, 0x3F, 0x98, 0x01, 0xCE, 0x01, 0x96, + 0x99, 0xCE, 0x85, 0x5E, 0xBE, 0x9C, 0x6C, 0x02, + 0xFD, 0x08, 0x50, 0x6F, 0x00, 0x4A, 0x4E, 0xED, + 0x2C, 0xA1, 0x66, 0xC9, 0x54, 0xC7, 0xDB, 0x88, + 0x10, 0x70, 0x0C, 0xA6, 0x71, 0xEF, 0x37, 0x2A, + 0x29, 0x0B, 0x00, 0xE1, 0xBF, 0xBB, 0x97, 0xE3, + 0xE6, 0x74, 0xD3, 0xDC, 0xCC, 0x57, 0xCE, 0x59, + 0xF4, 0x65, 0xB1, 0x48, 0x8F, 0xF7, 0x6F, 0x62, + 0x39, 0x00, 0x8B, 0xE3, 0xE7, 0x61, 0xEF, 0x9C, + 0x11, 0x3D, 0xF0, 0x10, 0x7B, 0x8E, 0xEA, 0xE3, + 0xFE, 0xBA, 0x55, 0xB3, 0x5E, 0x4C, 0x1D, 0xA3, + 0xB6, 0xC8, 0x7A, 0x8D, 0x20, 0x11, 0x0E, 0x1C, + 0xD7, 0x71, 0xCC, 0xBC, 0x30, 0xDF, 0xF7, 0x61, + 0xE6, 0x03, 0xD4, 0x88, 0xE5, 0x5B, 0x85, 0x3A, + 0xAE, 0x7D, 0xAA, 0xDF, 0x2A, 0x00, 0x7B, 0x83, + 0x93, 0xDF, 0x08, 0xAF, 0x53, 0x4F, 0x9F, 0x53, + 0xA7, 0x37, 0x57, 0xBA, 0xBE, 0x21, 0xC8, 0x64, + 0x26, 0xCF, 0x05, 0x8E, 0xCA, 0x81, 0x7E, 0xF2, + 0x37, 0xBF, 0xC5, 0x8A, 0xC2, 0x98, 0xFB, 0xF2, + 0xA1, 0x48, 0x1C, 0x4D, 0x12, 0xDC, 0xF1, 0xB7, + 0x37, 0xFD, 0x63, 0x97, 0x69, 0xA2, 0x53, 0x1E, + 0xF9, 0x31, 0xA3, 0x62, 0xA4, 0x44, 0x56, 0xEE, + 0x2C, 0xA4, 0x85, 0x98, 0xB4, 0x62, 0x59, 0xFC, + 0xC9, 0x77, 0x07, 0x6C, 0x59, 0xFA, 0x4E, 0x29, + 0x54, 0xE9, 0x96, 0x7D, 0xA4, 0x5D, 0xA7, 0xCB, + 0xF7, 0x86, 0x33, 0xEC, 0x59, 0xC4, 0x63, 0xFE, + 0x48, 0xA8, 0x3B, 0x80, 0x1A, 0x54, 0xDB, 0x3F, + 0xEA, 0xB4, 0x45, 0xA3, 0x57, 0xE4, 0x18, 0xB0, + 0x65, 0x3F, 0x29, 0x40, 0xB2, 0xB7, 0x13, 0x81, + 0xB2, 0xDF, 0x9E, 0xCF, 0x81, 0x00, 0x84, 0x8E, + 0x29, 0x12, 0xF4, 0xBD, 0x50, 0x3A, 0xF0, 0x75, + 0xAA, 0xAF, 0x36, 0xC1, 0x36, 0xA4, 0x13, 0xC9, + 0x5B, 0xE2, 0xF2, 0x5A, 0x6D, 0x29, 0x19, 0x76, + 0xCD, 0x66, 0xA2, 0x76, 0x43, 0x53, 0x7E, 0x35, + 0xE1, 0xDF, 0x89, 0xB1, 0xE4, 0x94, 0xB3, 0x6B, + 0x08, 0xF3, 0xD0, 0x19, 0x6C, 0xD7, 0xE9, 0x0B, + 0xA5, 0xBB, 0x21, 0x00, 0x9F, 0x37, 0xA8, 0x43, + 0x19, 0x9E, 0x08, 0xDD, 0x95, 0xCA, 0x49, 0x48, + 0xC5, 0x33, 0xCB, 0x26, 0x3B, 0x5D, 0x40, 0x5A, + 0xF2, 0xFA, 0x11, 0x99, 0x81, 0xA8, 0x53, 0x6E, + 0xB7, 0x1C, 0x88, 0x22, 0x6C, 0x41, 0x53, 0x4C, + 0x26, 0x87, 0xBF, 0x1E, 0xED, 0x34, 0x75, 0xE8, + 0x48, 0x8B, 0xDE, 0x90, 0x9A, 0x93, 0xD4, 0xDB, + 0x55, 0xB6, 0xE8, 0x34, 0xB5, 0xE7, 0x86, 0x0A, + 0xA9, 0x8F, 0xD8, 0xBC, 0xB1, 0x3A, 0xB0, 0x77, + 0xB7, 0xBF, 0xD7, 0x5B, 0x35, 0xFA, 0x39, 0x3E, + 0x93, 0xE3, 0xBF, 0xB4, 0xB9, 0xBA, 0x1D, 0xAA, + 0x74, 0x65, 0xFD, 0x5B, 0x23, 0xA5, 0xB4, 0xCD, + 0x17, 0x16, 0xD4, 0xBD, 0xF7, 0xB8, 0xD5, 0x57, + 0x4B, 0x15, 0x6D, 0xB8, 0x7D, 0x8D, 0xE1, 0xE5, + 0x26, 0xC9, 0x7F, 0x8E, 0xB2, 0x87, 0xBD, 0x97, + 0xEE, 0xEE, 0xEF, 0x07, 0x4D, 0xBC, 0xB2, 0xC4, + 0xDB, 0x51, 0xA4, 0xEF, 0xF1, 0xFA, 0x7F, 0xFF, + 0x32, 0x8A, 0x57, 0x2D, 0x72, 0x70, 0x01, 0x71, + 0x08, 0xAC, 0xE2, 0xED, 0x25, 0x09, 0x3D, 0xA5, + 0x35, 0xC7, 0xA2, 0x6D, 0x3B, 0x91, 0x2A, 0xA5, + 0x7F, 0xB3, 0x22, 0xE5, 0x3B, 0xB2, 0x22, 0xE9, + 0x4E, 0x7C, 0xF6, 0x8C, 0xD8, 0xA2, 0x1A, 0xD7, + 0xC0, 0x6A, 0x4A, 0xF9, 0x78, 0xED, 0x1D, 0xEB, + 0x10, 0xE3, 0xF2, 0x41, 0x2A, 0xC6, 0x54, 0x3C, + 0x18, 0x20, 0x68, 0xEF, 0xFB, 0xD8, 0x7F, 0x31, + 0x76, 0x5F, 0x5A, 0xE6, 0x81, 0xEE, 0x8B, 0x2E, + 0x9A, 0xEB, 0x5B, 0xC9, 0x40, 0xA9, 0x4E, 0xC0, + 0xEE, 0xF5, 0xBE, 0xF7, 0x48, 0x74, 0x16, 0x9E, + 0xAB, 0xEC, 0xF1, 0x51, 0x25, 0x65, 0xC5, 0x1E, + 0xA5, 0x87, 0x21, 0xDD, 0x3A, 0xF1, 0x69, 0x03, + 0x65, 0xDB, 0x22, 0xE1, 0x87, 0x7F, 0x2A, 0x5C, + 0x01, 0x72, 0x3F, 0x69, 0xB7, 0x72, 0x52, 0x77, + 0xAE, 0x4E, 0x9E, 0xFA, 0xCD, 0x3A, 0xFA, 0x5A, + 0xDC, 0xAF, 0x38, 0x57, 0x77, 0xE7, 0xCE, 0x10, + 0xF9, 0x56, 0xB4, 0x64, 0x2C, 0x6F, 0xC1, 0xC9, + 0x78, 0x08, 0x99, 0x3E, 0xFD, 0x99, 0x4C, 0xA6, + 0x5C, 0x75, 0xF4, 0x59, 0xAC, 0x58, 0x72, 0xF8, + 0x24, 0x88, 0xC5, 0x7F, 0xB7, 0xAF, 0x9A, 0xB9, + 0x69, 0xD5, 0xE3, 0x69, 0xC1, 0x6D, 0x0B, 0x2B, + 0xF7, 0x80, 0x0B, 0x93, 0x8D, 0x67, 0x84, 0xC7, + 0xF6, 0x4D, 0x0C, 0x55, 0xCA, 0x77, 0x94, 0x65, + 0x49, 0x38, 0x94, 0x9E, 0x14, 0x21, 0x70, 0x55, + 0xD3, 0x41, 0x01, 0xF9, 0x41, 0x7D, 0x37, 0x0A, + 0x8A, 0xDD, 0x72, 0xFC, 0x0B, 0x57, 0x66, 0xEC, + 0x1D, 0x8A, 0xDD, 0xD7, 0x02, 0x33, 0x4A, 0x2A, + 0xC2, 0x77, 0x09, 0xC5, 0xAC, 0x5A, 0xE5, 0x60, + 0x1D, 0xBA, 0x95, 0x2B, 0xE2, 0x58, 0xD9, 0x33, + 0x6D, 0xF3, 0xE0, 0xF6, 0x58, 0x78, 0xA8, 0x58, + 0x61, 0x32, 0x58, 0xFB, 0x5E, 0x47, 0x94, 0x1B + }; + static const byte k_1024[KYBER_SS_SZ] = { + 0x46, 0xC2, 0x00, 0xF3, 0xF6, 0xEE, 0x8E, 0x11, + 0xD4, 0x76, 0x53, 0x80, 0x1E, 0x34, 0x82, 0x24, + 0x1C, 0xB7, 0x83, 0xB9, 0xD7, 0x94, 0xEB, 0x11, + 0x6A, 0x4B, 0xDA, 0x08, 0x5A, 0xEB, 0x6B, 0xB7 + }; #endif + static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE]; + static byte ss[KYBER_SS_SZ]; -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - /* ED25519 */ - XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); - ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); - ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, - &ed25519Key), 0); - wc_ed25519_free(&ed25519Key); + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(KyberKey)); + } + +#ifndef WOLFSSL_NO_KYBER512 + ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512, + sizeof(seed_512)), 0); + ExpectIntEQ(XMEMCMP(ct, c_512, KYBER512_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_512, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER768 + ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768, + sizeof(seed_768)), 0); + ExpectIntEQ(XMEMCMP(ct, c_768, KYBER768_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_768, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER1024 + ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(XMEMCMP(ct, c_1024, KYBER1024_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_1024, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_kyber_decapsulate_kats(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ + defined(WOLFSSL_ML_KEM) + KyberKey* key; +#ifndef WOLFSSL_NO_KYBER512 + static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { + 0x17, 0x43, 0x13, 0xEF, 0xA9, 0x35, 0x20, 0xE2, + 0x8A, 0x70, 0x76, 0xC8, 0x88, 0x09, 0x6E, 0x02, + 0xB0, 0xBD, 0xD8, 0x68, 0x30, 0x49, 0x7B, 0x61, + 0xFD, 0xEA, 0xB6, 0x20, 0x9C, 0x6C, 0xF7, 0x1C, + 0x62, 0x5C, 0x46, 0x80, 0x77, 0x5C, 0x34, 0x77, + 0x58, 0x1C, 0x42, 0x7A, 0x6F, 0xE1, 0xB0, 0x35, + 0x6E, 0xAB, 0x04, 0x8B, 0xCA, 0x43, 0x4F, 0x83, + 0xB5, 0x42, 0xC8, 0xB8, 0x60, 0x01, 0x06, 0x96, + 0xA5, 0x72, 0x99, 0xBB, 0x26, 0x22, 0x68, 0x89, + 0x1F, 0xFC, 0x72, 0x14, 0x2C, 0xA1, 0xA8, 0x66, + 0x18, 0x5C, 0xA8, 0x2D, 0x05, 0x40, 0x66, 0x95, + 0xBA, 0x57, 0xD4, 0xC9, 0x30, 0xF9, 0xC1, 0x7D, + 0x62, 0x23, 0x52, 0x3C, 0xF5, 0xA4, 0xF2, 0xA4, + 0x33, 0xA3, 0x64, 0x45, 0x9A, 0xC0, 0xAC, 0xDE, + 0x72, 0x54, 0x48, 0x13, 0x29, 0x28, 0x8B, 0x1B, + 0xE1, 0x87, 0xCC, 0x25, 0x21, 0x9F, 0x48, 0xC2, + 0x44, 0x3C, 0x53, 0x21, 0x99, 0x85, 0x93, 0x55, + 0x32, 0x0D, 0x04, 0xF0, 0xB8, 0x0D, 0xE9, 0x69, + 0xF1, 0x69, 0xA3, 0xD2, 0xBA, 0x34, 0x11, 0xB4, + 0xAD, 0xBC, 0x01, 0xB6, 0x62, 0x71, 0x82, 0x4C, + 0xD9, 0x54, 0x3C, 0x78, 0xBA, 0x48, 0x04, 0xAE, + 0x81, 0xF3, 0xAF, 0x00, 0x33, 0x6C, 0x5C, 0xC3, + 0x69, 0x83, 0x54, 0xC0, 0xE0, 0x18, 0x73, 0xA2, + 0xA1, 0x7D, 0x6A, 0x95, 0xA3, 0x12, 0x68, 0x9A, + 0x99, 0xDC, 0x89, 0x08, 0x41, 0x50, 0xA8, 0xD5, + 0x2B, 0xB3, 0x1C, 0x3F, 0xF3, 0xD4, 0x21, 0x5F, + 0xA3, 0xC4, 0x11, 0x1B, 0x40, 0x19, 0x92, 0x86, + 0x6E, 0x51, 0x3E, 0x51, 0x28, 0xA2, 0x0E, 0xD9, + 0x5F, 0xDE, 0xE6, 0x14, 0x85, 0xDC, 0x93, 0x7E, + 0x09, 0x9D, 0x76, 0xF7, 0x9B, 0x92, 0x73, 0x4D, + 0xC4, 0xCB, 0xB9, 0xA7, 0xA4, 0x13, 0xFE, 0xA6, + 0x28, 0x5B, 0xC0, 0xC2, 0x7C, 0x96, 0x1E, 0x47, + 0xD1, 0x98, 0x36, 0x44, 0xC4, 0xBF, 0x91, 0x3D, + 0x72, 0xF4, 0xB0, 0x30, 0xD3, 0x47, 0x38, 0x42, + 0x72, 0x63, 0xE8, 0x7A, 0xB4, 0xC0, 0xB7, 0xDF, + 0x0B, 0x72, 0xCA, 0x8A, 0xA0, 0xBA, 0xA6, 0x7B, + 0x07, 0x99, 0x39, 0xD5, 0x87, 0x80, 0x1D, 0x60, + 0xC8, 0x7A, 0x20, 0x40, 0x5E, 0x5C, 0x52, 0x60, + 0x3C, 0x07, 0x2F, 0xDB, 0x63, 0xE2, 0xE1, 0xC2, + 0xA9, 0x5C, 0xC2, 0x6F, 0x5A, 0xBE, 0xF6, 0x08, + 0x83, 0x33, 0x80, 0x08, 0x86, 0xD0, 0x93, 0xCA, + 0x01, 0xA7, 0x6F, 0x57, 0x00, 0x5E, 0x05, 0x35, + 0x69, 0x54, 0x2E, 0x0A, 0x07, 0x6B, 0x98, 0x73, + 0x6D, 0x4D, 0x39, 0xB0, 0x0F, 0xC1, 0x65, 0x3F, + 0xBC, 0x2D, 0x12, 0xEA, 0x32, 0xA9, 0x4B, 0x9B, + 0x92, 0xC6, 0x8B, 0xA4, 0xB6, 0x8A, 0x4E, 0x7B, + 0x37, 0x0A, 0x23, 0xB0, 0x3F, 0xE8, 0x22, 0x16, + 0x39, 0xB0, 0x12, 0x44, 0x80, 0x6C, 0x27, 0x06, + 0x7A, 0x58, 0x03, 0x1D, 0xB8, 0x0D, 0x2D, 0x03, + 0x66, 0x1A, 0x01, 0x7B, 0xB4, 0x6B, 0xB3, 0x71, + 0x1A, 0xCB, 0x56, 0x8A, 0x4F, 0xAB, 0xEB, 0xAF, + 0xC5, 0xFA, 0x06, 0xF7, 0xCA, 0x0E, 0x4D, 0x96, + 0x2E, 0x31, 0x70, 0xCB, 0x11, 0xC0, 0xA8, 0xD1, + 0x8A, 0x09, 0xCE, 0x27, 0xA6, 0xA9, 0x76, 0x3E, + 0x12, 0x38, 0x85, 0x45, 0x02, 0x24, 0xDE, 0x07, + 0xCC, 0x17, 0x54, 0x6C, 0x17, 0x95, 0x1F, 0xDE, + 0x47, 0x6E, 0x08, 0x35, 0x83, 0xEF, 0x10, 0xBF, + 0x76, 0xA9, 0x8A, 0xFF, 0xF9, 0xB1, 0x2D, 0xB5, + 0x40, 0x1C, 0xD3, 0x67, 0x34, 0x95, 0x39, 0x2D, + 0x74, 0x12, 0x91, 0xC3, 0xAA, 0x78, 0x42, 0x0C, + 0x8A, 0x7C, 0xB5, 0xFF, 0xE6, 0x50, 0x12, 0x99, + 0x7C, 0x4D, 0xA4, 0x32, 0x2E, 0xA9, 0x0B, 0x50, + 0x14, 0xB5, 0xB4, 0xD0, 0x18, 0x01, 0x00, 0x24, + 0x70, 0x47, 0x34, 0x1E, 0x4C, 0x24, 0xB9, 0x6B, + 0x8D, 0x7C, 0x00, 0x20, 0x52, 0x4B, 0x7C, 0x1D, + 0x66, 0xC3, 0xE0, 0x8C, 0xB2, 0x99, 0xEB, 0x4E, + 0xC6, 0xFA, 0x0E, 0xE8, 0xEA, 0x05, 0xFD, 0x43, + 0x0F, 0x57, 0x60, 0x5E, 0x89, 0x2B, 0x23, 0x2D, + 0x20, 0x47, 0xCA, 0x9B, 0x4E, 0xCA, 0xD9, 0xBD, + 0xD0, 0x9C, 0x99, 0x51, 0x19, 0x69, 0x16, 0x52, + 0x5D, 0x1E, 0xC9, 0x21, 0xB6, 0xE3, 0xCE, 0x0E, + 0xE6, 0x92, 0xEB, 0xA7, 0x28, 0xB4, 0xDB, 0x10, + 0xF3, 0x38, 0x1F, 0xBF, 0x58, 0x4A, 0xBB, 0x7B, + 0x6A, 0x92, 0x10, 0xC7, 0xC4, 0x24, 0xCE, 0x4A, + 0x36, 0x93, 0x70, 0xCB, 0x48, 0xD6, 0x08, 0x63, + 0x4A, 0xBA, 0x0B, 0xFF, 0x91, 0xC5, 0x62, 0x0A, + 0x11, 0x89, 0xD0, 0xCA, 0x97, 0x42, 0x1D, 0x42, + 0x34, 0x29, 0xFB, 0x66, 0x39, 0x52, 0xDC, 0x12, + 0x31, 0xB4, 0x36, 0x2B, 0x71, 0x62, 0xFE, 0x3A, + 0x42, 0x11, 0x1C, 0x91, 0xD7, 0x6A, 0x96, 0x4C, + 0xB4, 0x15, 0x41, 0x94, 0x20, 0x9E, 0xDB, 0xAA, + 0x1F, 0x48, 0x1B, 0xD1, 0x26, 0xC3, 0x25, 0xD1, + 0x56, 0x78, 0xE3, 0x9B, 0xCC, 0xE4, 0xC7, 0x04, + 0xEA, 0x48, 0x72, 0x46, 0x64, 0x8A, 0x6C, 0x6C, + 0x25, 0x40, 0xB5, 0xF6, 0x80, 0xA3, 0x5E, 0xE2, + 0x82, 0x42, 0x46, 0x45, 0x0A, 0x72, 0x93, 0xF2, + 0x1A, 0x90, 0xCF, 0xD1, 0x4E, 0xFA, 0xF7, 0x8F, + 0xA3, 0xD7, 0x32, 0x22, 0x51, 0xC6, 0x41, 0xA5, + 0x0E, 0x95, 0xBB, 0x5E, 0xC5, 0xCA, 0x0B, 0x60, + 0xE8, 0x9D, 0x7C, 0x18, 0xB7, 0xA4, 0x4A, 0x0F, + 0xAF, 0xB4, 0xBC, 0xAD, 0xE9, 0xB5, 0x88, 0xD1, + 0xB7, 0xFC, 0xF1, 0x2B, 0xA1, 0xE1, 0x08, 0x4D, + 0x56, 0xB1, 0x97, 0xEA, 0x90, 0xA7, 0x9A, 0x3D, + 0x83, 0x92, 0x7A, 0x23, 0x07, 0x60, 0x3B, 0xC2, + 0x11, 0xC0, 0x83, 0x0C, 0xB7, 0x06, 0x2C, 0x04, + 0x25, 0x48, 0x24, 0x57, 0x5B, 0x22, 0x6C, 0xAD, + 0x9A, 0x27, 0xC2, 0xA4, 0x55, 0x19, 0xAE, 0x39, + 0x54, 0x64, 0x67, 0x69, 0x04, 0x85, 0x49, 0x8A, + 0x32, 0x0A, 0xD5, 0x69, 0x93, 0xB1, 0x5A, 0x9D, + 0x22, 0xC6, 0x19, 0x14, 0x46, 0xCB, 0x40, 0xAA, + 0x75, 0x47, 0x40, 0x16, 0x81, 0xDC, 0xC7, 0xE3, + 0x65, 0x96, 0xB1, 0x0C, 0x07, 0xFA, 0x2A, 0x20, + 0xB4, 0x3C, 0x4B, 0x01, 0x24, 0x40, 0x1F, 0x8A, + 0x0E, 0x74, 0x48, 0x78, 0xC7, 0x29, 0x66, 0x23, + 0xC7, 0x39, 0x5B, 0x69, 0x94, 0xD1, 0x8C, 0x47, + 0x87, 0xA2, 0x89, 0xDB, 0xB0, 0x5C, 0xB1, 0x82, + 0x74, 0x51, 0xD8, 0x3F, 0x07, 0x29, 0x04, 0x53, + 0x75, 0x94, 0xF5, 0x15, 0xCA, 0x10, 0x17, 0x99, + 0x16, 0x20, 0xA3, 0x3E, 0x09, 0x6E, 0xE0, 0xDC, + 0x09, 0x1A, 0xE4, 0xCA, 0x96, 0x06, 0x03, 0xB1, + 0x01, 0xB5, 0xB4, 0xE2, 0x3E, 0x9A, 0x5B, 0x65, + 0xE1, 0xF6, 0xC2, 0xA8, 0xCC, 0x89, 0x34, 0x13, + 0x83, 0xB7, 0x06, 0x72, 0x5E, 0xD5, 0xB3, 0x48, + 0x57, 0x69, 0x18, 0x1B, 0x8F, 0x76, 0x43, 0x9C, + 0x05, 0x63, 0x6A, 0x0C, 0x34, 0x36, 0xFF, 0xBA, + 0x8B, 0x86, 0xA5, 0x30, 0x6F, 0xA1, 0x11, 0xF6, + 0xFC, 0x71, 0xEB, 0x77, 0x9B, 0x25, 0x70, 0x7C, + 0xFA, 0xE0, 0xA6, 0xDA, 0x7B, 0x0A, 0xD5, 0xD9, + 0x4B, 0x10, 0xF2, 0x1E, 0x4F, 0xCA, 0x92, 0x89, + 0x3B, 0x9F, 0xFE, 0x73, 0x21, 0x07, 0x63, 0x40, + 0x13, 0x77, 0x83, 0x7A, 0x10, 0xCA, 0x96, 0x25, + 0x34, 0x6C, 0x42, 0xAD, 0xC7, 0x05, 0xBD, 0x92, + 0xDB, 0x34, 0x26, 0xD9, 0x26, 0xCE, 0x4B, 0x5E, + 0xC2, 0x4A, 0x5C, 0xDF, 0x27, 0xCB, 0x91, 0xE5, + 0xA7, 0xE7, 0x16, 0x4D, 0x1B, 0xDC, 0x99, 0xD7, + 0x56, 0x79, 0xFB, 0xC9, 0x3A, 0x58, 0xF6, 0x47, + 0xDA, 0xC1, 0x08, 0x6C, 0xE9, 0x31, 0xBC, 0x08, + 0x92, 0x33, 0xE9, 0x48, 0x7E, 0x08, 0x67, 0xBC, + 0x58, 0x47, 0x2B, 0x01, 0xBF, 0x28, 0x95, 0xC3, + 0x23, 0xB6, 0x4D, 0xBE, 0x4A, 0x17, 0xA9, 0xE8, + 0x41, 0xB0, 0x53, 0xCA, 0xDB, 0x5C, 0x76, 0xD0, + 0x35, 0x72, 0x4C, 0x32, 0x1B, 0xBC, 0x13, 0x66, + 0x6F, 0x0A, 0x35, 0xDF, 0xDA, 0x07, 0x21, 0xE8, + 0x98, 0x76, 0x23, 0x25, 0x6A, 0x99, 0x4D, 0x95, + 0xFA, 0x1C, 0x05, 0xF5, 0x7C, 0x1E, 0x15, 0xA3, + 0x0C, 0x4A, 0x0C, 0x83, 0x18, 0xA0, 0xD8, 0x3C, + 0x41, 0x0C, 0x36, 0x28, 0x62, 0xE8, 0x17, 0xDD, + 0x6A, 0xBB, 0xAA, 0x4B, 0xBE, 0x75, 0xB7, 0x36, + 0xCC, 0xCB, 0xB4, 0xAF, 0x2A, 0x18, 0x84, 0x02, + 0xBD, 0x4C, 0xE5, 0x97, 0x93, 0x20, 0x08, 0x86, + 0x28, 0x65, 0x33, 0x25, 0x62, 0xF3, 0x24, 0xC7, + 0xA4, 0x24, 0x15, 0x1F, 0xB5, 0x9D, 0x0A, 0xE1, + 0x82, 0x1F, 0x28, 0x64, 0xC7, 0xE6, 0x98, 0x12, + 0x7A, 0xAD, 0x92, 0xC3, 0x3B, 0x31, 0x39, 0x88, + 0xC2, 0x9A, 0x09, 0xE2, 0x60, 0x44, 0x9B, 0xCA, + 0x7B, 0xEE, 0x36, 0x08, 0x62, 0x31, 0x4E, 0x47, + 0x51, 0x9E, 0xF3, 0x91, 0x8D, 0xDD, 0xE4, 0x03, + 0xE7, 0xB9, 0x2A, 0xC9, 0x90, 0x8F, 0x93, 0xC6, + 0x36, 0x9C, 0xC5, 0xC4, 0x7B, 0x8C, 0xB1, 0xDC, + 0x3A, 0x34, 0x79, 0xC7, 0x62, 0xF6, 0x2A, 0x18, + 0xFE, 0x05, 0xA9, 0xB0, 0x64, 0x5A, 0x53, 0x11, + 0xA0, 0x18, 0x28, 0x72, 0x3A, 0xEB, 0x51, 0xFA, + 0x50, 0x5E, 0x96, 0xB2, 0x9E, 0x3D, 0x2B, 0x6E, + 0x5B, 0x13, 0x27, 0xDE, 0x3A, 0x61, 0xAB, 0x0C, + 0x50, 0xBE, 0x01, 0x24, 0xB6, 0x4B, 0x33, 0x31, + 0x4B, 0x32, 0xD6, 0x12, 0x25, 0x10, 0xE4, 0x64, + 0x45, 0x85, 0x7A, 0xA0, 0xE2, 0xC4, 0xB0, 0xD2, + 0x56, 0x95, 0x56, 0x20, 0xA8, 0x68, 0x1D, 0x1E, + 0x55, 0x51, 0x26, 0xD0, 0x05, 0x09, 0xE3, 0x5B, + 0xF5, 0x96, 0x83, 0xDD, 0xAA, 0x40, 0xE8, 0x2C, + 0x51, 0x9B, 0x85, 0x58, 0x52, 0xC3, 0x66, 0xCB, + 0x54, 0x45, 0x2B, 0xF9, 0x10, 0xB0, 0x01, 0x69, + 0x23, 0x30, 0x34, 0x57, 0x08, 0x65, 0x3F, 0x51, + 0x18, 0x00, 0xB1, 0x0E, 0x00, 0x9D, 0x9F, 0x7D, + 0x10, 0xA5, 0x3B, 0x8B, 0x30, 0xBF, 0x13, 0xB0, + 0x6F, 0x25, 0x4E, 0xC8, 0xA6, 0xBA, 0x53, 0x97, + 0x00, 0xF6, 0x35, 0x8D, 0xE0, 0x46, 0x3A, 0x01, + 0x95, 0x40, 0xC9, 0x87, 0x3F, 0x3F, 0x46, 0x80, + 0xE2, 0x11, 0x3A, 0x7C, 0xCC, 0x55, 0xFF, 0x75, + 0x4D, 0x85, 0xAA, 0x67, 0xE9, 0xE5, 0x5F, 0x88, + 0x74, 0x24, 0xE0, 0xB2, 0x62, 0x56, 0x82, 0xA5, + 0xDD, 0xA2, 0x18, 0xF0, 0x3C, 0x3C, 0x10, 0xA2, + 0x46, 0xCD, 0xB0, 0xCC, 0x91, 0xD1, 0x9D, 0x8F, + 0x02, 0x4D, 0xB9, 0xB1, 0x41, 0x5F, 0x50, 0xAC, + 0xD8, 0xF6, 0x5D, 0xE2, 0x78, 0x7B, 0x91, 0x03, + 0xC5, 0x75, 0xB6, 0x87, 0x76, 0x55, 0x72, 0xCF, + 0xFA, 0x59, 0x02, 0x6C, 0x2B, 0xCE, 0xE7, 0x74, + 0x23, 0xBC, 0xAF, 0xD3, 0x05, 0x4B, 0xF8, 0xE2, + 0x71, 0x3F, 0xB8, 0x5B, 0x0B, 0xF6, 0xA4, 0x6E, + 0x71, 0x61, 0x52, 0xF5, 0xC9, 0xA3, 0x01, 0x1E, + 0xC9, 0x01, 0x14, 0xC7, 0x6B, 0x01, 0x51, 0x67, + 0x99, 0xBD, 0x59, 0x11, 0x41, 0x5B, 0x70, 0x45, + 0x44, 0x07, 0x7F, 0x18, 0x88, 0x06, 0x75, 0x5E, + 0xEC, 0x41, 0x31, 0xE5, 0x55, 0x56, 0xDB, 0x90, + 0x3F, 0x42, 0x84, 0xC1, 0xF9, 0x00, 0x86, 0xFF, + 0x43, 0x1B, 0x68, 0xF5, 0x1F, 0x62, 0x98, 0x12, + 0xF3, 0x20, 0xB5, 0x5F, 0x21, 0x9D, 0x72, 0xA1, + 0x92, 0x8F, 0x38, 0xC9, 0xA1, 0xEC, 0x82, 0x3B, + 0xA1, 0x98, 0xBA, 0x9A, 0xBB, 0xAC, 0xF6, 0x29, + 0x02, 0xB3, 0xCA, 0x0A, 0xFC, 0x95, 0xEA, 0x8A, + 0xC3, 0x03, 0xFB, 0x8B, 0xDD, 0x29, 0xBB, 0x9D, + 0x18, 0xA0, 0x3B, 0xA4, 0x4E, 0x58, 0xB1, 0xB0, + 0xB8, 0x5A, 0x2A, 0x16, 0x62, 0xE6, 0xA3, 0x1D, + 0xA7, 0x54, 0x55, 0x11, 0xA4, 0x78, 0xA1, 0x81, + 0x77, 0x88, 0x90, 0x61, 0xEF, 0x76, 0x63, 0x12, + 0x64, 0x23, 0x9A, 0xDE, 0xBD, 0x04, 0xA8, 0xC5, + 0x2B, 0x72, 0xE2, 0xB1, 0xF3, 0xA2, 0xDF, 0xBB, + 0xD8, 0xC0, 0x54, 0xE7, 0x0C, 0xC2, 0xA7, 0x42, + 0xE7, 0xB7, 0xD4, 0x17, 0xDF, 0xED, 0x31, 0x44, + 0x22, 0x18, 0x7D, 0xE1, 0xB2, 0x95, 0x44, 0x81, + 0x19, 0x57, 0x55, 0xEC, 0x04, 0xBB, 0x76, 0x71, + 0xC4, 0x33, 0x14, 0x46, 0xBB, 0xE8, 0x95, 0x25, + 0x14, 0x90, 0x53, 0x21, 0xA2, 0x17, 0x6E, 0x93, + 0x5B, 0x54, 0x20, 0xC0, 0xD5, 0xEA, 0x44, 0x65 + }; + static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { + 0x84, 0xA1, 0x88, 0xA0, 0x72, 0xE4, 0xD4, 0xF4, + 0x49, 0xA4, 0xBE, 0x17, 0x02, 0x74, 0xDD, 0x2A, + 0x5F, 0x3E, 0x35, 0x6E, 0x95, 0xB9, 0x6E, 0x40, + 0xAD, 0x3F, 0xF1, 0x45, 0x5E, 0x36, 0xC6, 0xA7, + 0x1E, 0x90, 0x9D, 0xD2, 0xC0, 0xDF, 0xF8, 0xAD, + 0x2C, 0x9F, 0x50, 0x3B, 0xAC, 0x90, 0x65, 0x71, + 0x62, 0x48, 0x08, 0x3B, 0xDA, 0x40, 0xCE, 0xCB, + 0x38, 0xE3, 0xB3, 0x05, 0x8B, 0xAF, 0x51, 0xA7, + 0x57, 0x23, 0x84, 0xFF, 0x84, 0x06, 0xA8, 0x13, + 0x6A, 0x4F, 0xC6, 0xD9, 0x12, 0xA5, 0x4B, 0x2E, + 0xB5, 0xB9, 0xD5, 0x98, 0xFB, 0x68, 0x9E, 0x72, + 0xED, 0x3D, 0xEF, 0xD2, 0xFF, 0x83, 0x55, 0xED, + 0x9E, 0x9C, 0xCA, 0x53, 0xE8, 0x2C, 0x08, 0x86, + 0xE0, 0x94, 0xC5, 0x92, 0xC3, 0x92, 0x31, 0x1F, + 0x04, 0xFE, 0xC6, 0x8F, 0x9A, 0x1C, 0x53, 0x1C, + 0xF3, 0x41, 0x90, 0x30, 0x89, 0x2B, 0x5B, 0xDC, + 0xAC, 0xEE, 0xF6, 0xA0, 0xE7, 0xF1, 0xBD, 0x44, + 0x90, 0x3F, 0x49, 0xDE, 0x8E, 0x37, 0xB0, 0x2B, + 0xA3, 0xFC, 0x51, 0x21, 0xD9, 0x9F, 0x8C, 0xC3, + 0x04, 0x0F, 0x66, 0x83, 0x2F, 0x77, 0x02, 0x1B, + 0x4C, 0xA3, 0x5F, 0x7A, 0x48, 0x25, 0x03, 0x89, + 0x36, 0x56, 0x4C, 0xA2, 0xE6, 0x73, 0xFF, 0x9C, + 0xC0, 0x51, 0x9C, 0x25, 0xF6, 0xA5, 0x2D, 0x87, + 0xED, 0xD9, 0x65, 0xB2, 0x46, 0x4A, 0xA3, 0x65, + 0xD2, 0xBF, 0x06, 0x8B, 0x72, 0xFC, 0x68, 0xB6, + 0x5E, 0x88, 0x51, 0x5E, 0x2C, 0x83, 0x2B, 0xBD, + 0xB2, 0x7D, 0x61, 0xBF, 0x51, 0x2B, 0x5F, 0xC2, + 0xD8, 0x59, 0x0F, 0xB3, 0x5F, 0x49, 0x50, 0x0C, + 0xAF, 0xE7, 0x0E, 0x7D, 0x07, 0x76, 0xB5, 0xC4, + 0xE4, 0x50, 0x3A, 0x71, 0x89, 0xAD, 0xBA, 0xFF, + 0x5D, 0x5B, 0x51, 0x5C, 0xC6, 0x8B, 0x2F, 0x81, + 0xD9, 0x93, 0xC6, 0xD7, 0xFA, 0x7D, 0x3D, 0x1D, + 0x90, 0xEB, 0xFF, 0x51, 0xDA, 0x3F, 0xBB, 0xB4, + 0x43, 0x0E, 0x5B, 0xBE, 0xDB, 0xCA, 0x8D, 0xA0, + 0x78, 0xDC, 0xE8, 0xEC, 0x81, 0x5B, 0x16, 0x8B, + 0xFC, 0x09, 0xAB, 0x4A, 0x20, 0x67, 0x88, 0x70, + 0xF4, 0x86, 0x8B, 0x1F, 0xAE, 0x28, 0xD2, 0x09, + 0xC7, 0x53, 0x68, 0xA7, 0x99, 0x31, 0x7D, 0xFA, + 0x08, 0xC2, 0xB6, 0x51, 0xFA, 0xC7, 0x2D, 0xCA, + 0x2A, 0x1B, 0x4C, 0xBB, 0x75, 0xE8, 0x73, 0xF1, + 0x5C, 0x51, 0xB6, 0xD0, 0xB5, 0xE6, 0xF5, 0xE6, + 0x0E, 0x2A, 0xF6, 0xC4, 0x0D, 0x2C, 0xAB, 0xCB, + 0xF3, 0x58, 0x8F, 0x44, 0xBC, 0xEA, 0x6D, 0x72, + 0xD3, 0x59, 0xF4, 0x0F, 0x9C, 0xF5, 0xE0, 0xEC, + 0x40, 0xA5, 0x21, 0x5E, 0x5A, 0xCE, 0xEA, 0xF0, + 0xDA, 0x00, 0xD9, 0x23, 0xD4, 0xCE, 0xFF, 0x5C, + 0x3A, 0x3A, 0xB1, 0xE4, 0x6C, 0x75, 0x4F, 0x4A, + 0xE0, 0x52, 0xC2, 0xBC, 0x49, 0xFD, 0xB4, 0x52, + 0x1A, 0xE4, 0x4D, 0xF6, 0x34, 0xD5, 0x6E, 0x43, + 0x3D, 0xAD, 0x3D, 0xF3, 0xC0, 0x71, 0x15, 0x40, + 0x6F, 0xF8, 0xBF, 0xD0, 0xD7, 0xC9, 0x3B, 0x49, + 0x41, 0xD0, 0xF0, 0x92, 0x13, 0xC1, 0x68, 0x1C, + 0xFD, 0x5C, 0x86, 0x63, 0xDF, 0x02, 0x04, 0x1A, + 0x3C, 0xBD, 0x16, 0x2F, 0x5C, 0x4D, 0x80, 0xCB, + 0x1D, 0xC7, 0xD4, 0xA5, 0x01, 0xAD, 0x06, 0xFE, + 0x96, 0xEB, 0x34, 0x8B, 0x6E, 0x33, 0x1C, 0x82, + 0x96, 0xFE, 0x90, 0x4E, 0xB9, 0x7C, 0x08, 0x74, + 0x56, 0x32, 0x8D, 0x70, 0x3B, 0x85, 0xBD, 0xAC, + 0x2F, 0xB4, 0x3C, 0x72, 0x8D, 0x0B, 0x05, 0xFC, + 0x54, 0xB8, 0xC1, 0x55, 0xC0, 0x10, 0xEF, 0x0D, + 0xB1, 0x4C, 0xC6, 0x68, 0xD1, 0xB1, 0xBC, 0x72, + 0x7A, 0xF8, 0x86, 0x40, 0x76, 0x73, 0x6B, 0x89, + 0x8B, 0xAB, 0xA1, 0xC8, 0x1D, 0xCA, 0x20, 0x53, + 0xF5, 0x85, 0x87, 0xD3, 0xC4, 0xE3, 0x3C, 0x69, + 0x4A, 0x26, 0x4B, 0xE2, 0x89, 0x7E, 0x7D, 0x2E, + 0xEF, 0xAD, 0xDA, 0x9F, 0xF8, 0x8D, 0x70, 0xBF, + 0x37, 0x31, 0xF1, 0x22, 0x8C, 0xB3, 0xE1, 0x31, + 0xEB, 0x0C, 0xB7, 0x6F, 0xDB, 0xD2, 0xCC, 0xB1, + 0xCB, 0xC1, 0x8D, 0x14, 0x50, 0xAC, 0x7A, 0x16, + 0x34, 0x9E, 0x71, 0x29, 0xCA, 0xB7, 0x20, 0xD5, + 0xCB, 0x70, 0xB5, 0x6E, 0x85, 0x5E, 0x83, 0x05, + 0xDC, 0xDA, 0x73, 0x0B, 0xBD, 0x0E, 0xA3, 0x3E, + 0xF0, 0x81, 0x5D, 0x02, 0x19, 0x0B, 0xB9, 0x8E, + 0x30, 0xF7, 0x3B, 0xF7, 0x78, 0x9C, 0xDD, 0x67, + 0x3C, 0x61, 0x3B, 0x0C, 0x57, 0xCB, 0x2E, 0xF3, + 0x2E, 0x67, 0x0A, 0x98, 0xD2, 0xD6, 0x30, 0x67, + 0x07, 0x73, 0xC5, 0x9D, 0x8A, 0x6A, 0x2C, 0xFC, + 0xFF, 0x1C, 0x7C, 0xA1, 0xBB, 0x55, 0xC1, 0x7A, + 0x32, 0xCB, 0x65, 0xA2, 0xEA, 0x19, 0xC7, 0xB8, + 0xE2, 0x95, 0xC6, 0x89, 0x8C, 0xF3, 0x2F, 0xEE, + 0x1D, 0xEB, 0x01, 0x47, 0x2B, 0xE7, 0x6C, 0x3A, + 0x78, 0xCB, 0x24, 0x2E, 0xDF, 0xE2, 0x1D, 0x96, + 0x1F, 0xCB, 0x85, 0xC3, 0xCF, 0x6C, 0xEE, 0x21, + 0x89, 0x86, 0xC1, 0xBD, 0x93, 0x2B, 0xF9, 0x7B, + 0xC6, 0xDE, 0xCA, 0xAB, 0xF8, 0xC6, 0x29, 0x40, + 0xC0, 0xA5, 0x8E, 0x87, 0xC6, 0xED, 0xDC, 0xD7, + 0x4B, 0x7F, 0x71, 0x5D, 0x8C, 0x22, 0x52, 0x05, + 0x46, 0x23, 0x9F, 0x3A, 0xAA, 0x10, 0xA4, 0x35, + 0x82, 0x01, 0x03, 0xB4, 0xE3, 0x29, 0x53, 0x11, + 0xD9, 0x92, 0xC9, 0xC8, 0x77, 0x1A, 0x3C, 0xE8, + 0x49, 0x86, 0x8F, 0x36, 0xF3, 0x12, 0x14, 0xF9, + 0x63, 0x9C, 0x02, 0x8F, 0x4A, 0x5F, 0x49, 0x45, + 0xF2, 0xBE, 0xC9, 0x58, 0x50, 0x77, 0xBF, 0x2F, + 0x63, 0x7D, 0x25, 0x49, 0xF8, 0x34, 0x8C, 0x00, + 0xEC, 0xBF, 0x19, 0xC4, 0x70, 0xDF, 0x25, 0x5E, + 0xFF, 0x62, 0x32, 0x81, 0x34, 0x29, 0xF8, 0x53 + }; + static const byte kprime_512[KYBER_SS_SZ] = { + 0x22, 0x4B, 0x9C, 0x05, 0x12, 0x13, 0xEF, 0x46, + 0x54, 0x92, 0x43, 0x79, 0x65, 0x32, 0x28, 0x29, + 0x73, 0xFA, 0x7C, 0xF9, 0x7E, 0x89, 0x13, 0xC3, + 0x39, 0xC1, 0x94, 0x0A, 0xC1, 0x7E, 0x05, 0xE0 + }; #endif - -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - /* ED448 */ - XMEMSET(&ed448Key, 0, sizeof(ed448_key)); - ExpectIntEQ(wc_ed448_init(&ed448Key), 0); - ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, - &ed448Key), 0); - wc_ed448_free(&ed448Key); +#ifndef WOLFSSL_NO_KYBER768 + static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { + 0x34, 0x56, 0x85, 0x9B, 0xF7, 0x07, 0xE6, 0x72, + 0xAC, 0x71, 0x2B, 0x7E, 0x70, 0xF5, 0x42, 0x75, + 0x74, 0x59, 0x75, 0x02, 0xB8, 0x1D, 0xE8, 0x93, + 0x1C, 0x92, 0xA9, 0xC0, 0xD2, 0x2A, 0x8E, 0x17, + 0x73, 0xCB, 0x87, 0x47, 0x22, 0x05, 0xA3, 0x1C, + 0x32, 0x20, 0x6B, 0xA4, 0xBC, 0xF4, 0x22, 0x59, + 0x53, 0x3C, 0xB3, 0xA1, 0x9C, 0x02, 0x00, 0x86, + 0x02, 0x44, 0xA6, 0xC3, 0xF6, 0x92, 0x18, 0x45, + 0xB0, 0xA0, 0x58, 0x50, 0x18, 0x7A, 0x43, 0x10, + 0xB3, 0xD5, 0x22, 0x3A, 0xAA, 0xA0, 0xC7, 0x9B, + 0x9B, 0xBC, 0xFC, 0xCB, 0x3F, 0x75, 0x12, 0x14, + 0xEB, 0x0C, 0xFA, 0xC1, 0xA2, 0x9E, 0xD8, 0x84, + 0x8A, 0x5A, 0x49, 0xBA, 0x84, 0xBA, 0x68, 0xE6, + 0xB6, 0xF5, 0x05, 0x7D, 0x49, 0x31, 0x05, 0xFF, + 0x38, 0xA9, 0xF4, 0x4B, 0x4E, 0x7F, 0x6C, 0xBE, + 0x7D, 0x21, 0x64, 0x08, 0xF7, 0xB4, 0x86, 0x05, + 0xB2, 0x70, 0xB2, 0x53, 0xB0, 0x01, 0xA5, 0x40, + 0x1C, 0x0C, 0x91, 0x27, 0xCC, 0x18, 0x5B, 0x1B, + 0x0C, 0xF9, 0x2B, 0x99, 0xFB, 0xA0, 0xD9, 0x5A, + 0x29, 0x5F, 0x87, 0x35, 0x15, 0x52, 0x0C, 0x86, + 0x32, 0x1B, 0x8C, 0x96, 0x6C, 0x83, 0x7A, 0xAB, + 0x34, 0xB2, 0xBF, 0xFA, 0xB2, 0xA2, 0xA4, 0x30, + 0x1B, 0x35, 0x6B, 0x26, 0xCD, 0xC4, 0x56, 0x38, + 0x02, 0x90, 0x1B, 0x47, 0x62, 0xF2, 0x84, 0x28, + 0x1A, 0x38, 0x2E, 0x5F, 0x76, 0x2B, 0xEF, 0x47, + 0xB5, 0x19, 0xA8, 0x1A, 0x10, 0x86, 0x57, 0xEB, + 0xE9, 0x62, 0xBE, 0x12, 0x0B, 0x5F, 0xB3, 0xB9, + 0xED, 0x33, 0x8C, 0xCF, 0x47, 0xB3, 0xA0, 0x39, + 0x52, 0xA1, 0x66, 0x33, 0xF6, 0xE6, 0xB5, 0x34, + 0xE6, 0xB6, 0x3D, 0x05, 0x70, 0x6E, 0xFA, 0x0F, + 0x94, 0xC0, 0x3A, 0x2B, 0x85, 0x6A, 0xE5, 0x51, + 0x42, 0x2F, 0x90, 0x11, 0xF2, 0x58, 0x9A, 0x41, + 0xB9, 0x6A, 0x2C, 0xD2, 0x13, 0xC6, 0x99, 0x9B, + 0x09, 0xE9, 0x1F, 0xF4, 0x23, 0xCB, 0x10, 0x6A, + 0x1A, 0x92, 0x0B, 0x84, 0xB8, 0x11, 0x46, 0x94, + 0x97, 0x15, 0x42, 0x23, 0x98, 0x7F, 0x00, 0x5C, + 0x72, 0xF8, 0xAF, 0x38, 0x8B, 0x09, 0x0C, 0x63, + 0x9F, 0x8C, 0x77, 0x4F, 0xC5, 0xA2, 0x94, 0xC7, + 0x4A, 0x21, 0x2C, 0x91, 0xA8, 0x6C, 0x32, 0x8A, + 0xEB, 0xEA, 0x55, 0x8A, 0xB4, 0x3F, 0x8B, 0x87, + 0x35, 0x34, 0xFA, 0x2E, 0xF9, 0xE6, 0x6C, 0xEF, + 0x3C, 0x52, 0xCD, 0x47, 0x1A, 0xB7, 0x83, 0x75, + 0xE7, 0x45, 0xB9, 0xD0, 0xAA, 0x65, 0xD2, 0x27, + 0x8B, 0x92, 0x75, 0xAE, 0x53, 0x48, 0xB1, 0x6C, + 0xF6, 0x2A, 0xC8, 0x06, 0x57, 0x34, 0xE4, 0xBD, + 0x77, 0xB8, 0x0C, 0xCF, 0x89, 0x76, 0x05, 0xEB, + 0x76, 0xF4, 0x85, 0xAF, 0x8A, 0x0B, 0x46, 0x65, + 0x57, 0xA8, 0x3C, 0x02, 0x92, 0xCC, 0xF9, 0x03, + 0xEE, 0x7A, 0xA5, 0x7C, 0x3B, 0x51, 0xAD, 0x66, + 0x01, 0x89, 0xB8, 0x61, 0x39, 0xE3, 0x80, 0x42, + 0x5B, 0x31, 0xA9, 0x26, 0x89, 0xDF, 0x24, 0x31, + 0xBF, 0xA7, 0xB6, 0x9E, 0xAB, 0x17, 0x27, 0x45, + 0x1B, 0x29, 0xDA, 0x8B, 0x8B, 0xF8, 0x51, 0xE1, + 0xBC, 0x2D, 0x3A, 0x63, 0x13, 0x4C, 0xA9, 0x66, + 0x3C, 0x57, 0xAE, 0xC6, 0x98, 0x5C, 0xEB, 0xD5, + 0x6D, 0xB0, 0x44, 0x7B, 0x13, 0x6B, 0x01, 0x7A, + 0x97, 0x47, 0x61, 0xC3, 0xC6, 0x7D, 0x33, 0x77, + 0x2F, 0x99, 0x64, 0xE5, 0x43, 0x4D, 0x64, 0x35, + 0x04, 0x33, 0x2A, 0x30, 0x27, 0x29, 0x4A, 0x07, + 0x8C, 0x59, 0x9C, 0xB2, 0x91, 0x63, 0x10, 0x9C, + 0xE3, 0xB5, 0x6C, 0xE6, 0x98, 0xB4, 0xD3, 0xF5, + 0x9E, 0x29, 0x56, 0xA1, 0xF0, 0x3A, 0x4B, 0x95, + 0x55, 0x93, 0xF2, 0xD2, 0x45, 0x7F, 0xFA, 0xAE, + 0x96, 0x24, 0xA0, 0x71, 0x10, 0x45, 0xB3, 0xF5, + 0x52, 0x92, 0xF2, 0x0C, 0xC9, 0xD0, 0xCD, 0x79, + 0x1A, 0x21, 0x59, 0x7B, 0x0F, 0x2C, 0xD9, 0x80, + 0xF3, 0x51, 0x0F, 0x0B, 0x02, 0x39, 0x02, 0x20, + 0x00, 0xD7, 0x35, 0x58, 0x6E, 0xE6, 0xA7, 0x3F, + 0x3A, 0x3D, 0xCB, 0xD6, 0xBD, 0x1A, 0x85, 0xC8, + 0x65, 0x12, 0xAB, 0xF3, 0xC5, 0x1C, 0xE0, 0x0A, + 0x03, 0x31, 0xF6, 0x53, 0x60, 0x46, 0x2C, 0x02, + 0x23, 0x29, 0x59, 0x7A, 0x81, 0xC3, 0xF9, 0x2F, + 0xC1, 0x79, 0x38, 0xC9, 0x13, 0x8F, 0x41, 0x11, + 0x38, 0x79, 0x79, 0xC2, 0x8F, 0x03, 0x34, 0xF9, + 0x01, 0x19, 0x22, 0x13, 0x74, 0xDA, 0xB0, 0x45, + 0x92, 0x9B, 0x49, 0xE4, 0x3A, 0x96, 0x46, 0xA2, + 0x43, 0xF4, 0x46, 0x4D, 0xAF, 0x81, 0x1A, 0xB0, + 0x06, 0x30, 0xC7, 0x59, 0x61, 0xBC, 0xD4, 0xAF, + 0x5D, 0x99, 0x11, 0x5A, 0x37, 0x49, 0x19, 0x1B, + 0xA8, 0xFD, 0x41, 0xCE, 0x0B, 0x3C, 0x89, 0xA6, + 0x95, 0xB4, 0xBB, 0x85, 0x06, 0x4F, 0xD3, 0xAF, + 0x95, 0xC9, 0xB4, 0xAE, 0xE0, 0x9A, 0xC7, 0xB0, + 0xCC, 0x69, 0xEC, 0xA3, 0x6A, 0x00, 0x4B, 0x6C, + 0xD6, 0x62, 0xA6, 0xD3, 0x27, 0x95, 0x05, 0x3E, + 0xF0, 0xA0, 0x3A, 0xDA, 0x3B, 0x98, 0xBF, 0xE3, + 0xB4, 0x6A, 0x79, 0x72, 0x3E, 0x3A, 0x45, 0xAB, + 0x3C, 0x31, 0x95, 0x06, 0x69, 0xAD, 0x77, 0x07, + 0x20, 0x62, 0xCC, 0x3B, 0x50, 0x4D, 0xF1, 0x33, + 0x4F, 0xD6, 0x90, 0x9E, 0xAC, 0x79, 0x15, 0xF1, + 0xD5, 0xAD, 0x16, 0x63, 0x9F, 0x5F, 0xB5, 0x64, + 0x41, 0x64, 0x54, 0x25, 0x91, 0x34, 0xD5, 0x65, + 0x88, 0x2C, 0xB3, 0x81, 0xCB, 0xA5, 0x8B, 0x76, + 0x88, 0x07, 0x67, 0xB5, 0x0A, 0xC1, 0xB8, 0x57, + 0x95, 0xD7, 0x26, 0x84, 0x33, 0xB3, 0x71, 0x23, + 0x0E, 0xD4, 0xC7, 0x2F, 0x99, 0xAB, 0x1A, 0xD1, + 0xE5, 0x95, 0xA4, 0x59, 0xCF, 0x0A, 0x23, 0x34, + 0xAA, 0x14, 0x63, 0xAD, 0xE4, 0xBD, 0xC9, 0x24, + 0x96, 0x05, 0x38, 0x18, 0x57, 0xBB, 0x98, 0x09, + 0x5B, 0x41, 0x13, 0x29, 0x46, 0xCA, 0x24, 0x57, + 0xDF, 0xAA, 0x91, 0x49, 0x58, 0x2A, 0xA1, 0x99, + 0x27, 0xB6, 0x36, 0x89, 0xE2, 0x92, 0x9A, 0xA4, + 0x10, 0x27, 0xBE, 0xF4, 0x92, 0x19, 0x70, 0xBA, + 0xD4, 0xA5, 0x54, 0x90, 0xD9, 0x1A, 0xBE, 0x25, + 0x1D, 0xEF, 0x45, 0x52, 0xCA, 0x88, 0x03, 0x41, + 0x06, 0xA0, 0x2C, 0xE4, 0xB0, 0x58, 0xF8, 0xB5, + 0x96, 0x24, 0xB6, 0x7E, 0x06, 0x3B, 0xF1, 0x78, + 0xB0, 0x15, 0xE4, 0x28, 0x1E, 0xB1, 0x14, 0xA2, + 0xBC, 0x24, 0x54, 0x94, 0x3A, 0x4B, 0x46, 0x47, + 0x12, 0x2C, 0x42, 0xCB, 0xEA, 0x4E, 0x94, 0x15, + 0x4F, 0xD3, 0xE4, 0xB7, 0x91, 0xF6, 0x29, 0x0B, + 0x78, 0x29, 0x94, 0x20, 0x68, 0x53, 0xD6, 0x70, + 0x00, 0xA6, 0x33, 0xF3, 0x20, 0xA8, 0xA3, 0x74, + 0xCA, 0x5D, 0x40, 0x38, 0xF9, 0xCA, 0x42, 0x44, + 0xDC, 0xB0, 0x2E, 0x9A, 0x84, 0xE1, 0xF7, 0xC8, + 0xA8, 0x21, 0x13, 0x2B, 0x32, 0xB9, 0xA8, 0x40, + 0x55, 0x7B, 0x34, 0x78, 0x06, 0x65, 0x30, 0x17, + 0x24, 0xBA, 0x26, 0x06, 0x68, 0x1D, 0x94, 0x5E, + 0x34, 0xD7, 0xCF, 0x94, 0x1B, 0x89, 0x63, 0xCA, + 0xA1, 0x00, 0x1A, 0x49, 0x1B, 0x8B, 0x2E, 0x43, + 0x57, 0x0E, 0x9A, 0xB9, 0x5C, 0x0A, 0x57, 0xC5, + 0x03, 0xF0, 0xAB, 0x96, 0x0B, 0x48, 0x56, 0xD0, + 0x25, 0x15, 0x74, 0x71, 0x0F, 0xE5, 0xCB, 0x47, + 0x42, 0x84, 0xFC, 0x10, 0x49, 0xAA, 0x2A, 0x7B, + 0x03, 0x69, 0x4A, 0x1C, 0x76, 0x3E, 0x99, 0xDA, + 0xC6, 0xAD, 0x0B, 0xA8, 0x03, 0x8B, 0x13, 0x8A, + 0x64, 0x43, 0x2E, 0x34, 0x91, 0x16, 0xA0, 0x31, + 0xE8, 0xC7, 0x92, 0x78, 0x17, 0x51, 0xBA, 0x47, + 0x3C, 0xBD, 0xF5, 0x57, 0x20, 0x00, 0x5A, 0xBD, + 0xAA, 0x13, 0xD5, 0x01, 0x82, 0xF0, 0xE6, 0x33, + 0x77, 0x6B, 0xB0, 0x67, 0x5C, 0x40, 0x47, 0x2B, + 0xAD, 0x1F, 0x96, 0x72, 0x76, 0x91, 0x83, 0xD0, + 0xCC, 0xC8, 0x10, 0xBC, 0x25, 0xA8, 0x57, 0x32, + 0x20, 0x56, 0x9F, 0x6A, 0xC4, 0xBA, 0xC2, 0x2A, + 0x13, 0x54, 0xD8, 0xB3, 0x6C, 0x05, 0x80, 0xD0, + 0xE5, 0x29, 0x9E, 0x62, 0x9C, 0x50, 0x6C, 0xC7, + 0x65, 0x55, 0x46, 0xFF, 0x27, 0x81, 0x0C, 0x97, + 0xB5, 0x1B, 0xA0, 0x56, 0xBB, 0xF8, 0x6E, 0xD9, + 0xCB, 0x7C, 0x0A, 0x53, 0x7F, 0x72, 0xD0, 0xCF, + 0x9A, 0xD2, 0xC2, 0x31, 0xE2, 0x9E, 0xBF, 0x55, + 0x3F, 0x61, 0x3C, 0xBB, 0x15, 0xB3, 0x72, 0x1A, + 0x20, 0x07, 0x7E, 0x50, 0x5F, 0xD3, 0x90, 0xCB, + 0x19, 0xF6, 0x48, 0x8A, 0x10, 0x7D, 0xEE, 0x1C, + 0xAC, 0x58, 0xAB, 0x70, 0x34, 0xBA, 0x69, 0x03, + 0x00, 0x21, 0x95, 0x95, 0xB3, 0x69, 0x5C, 0x12, + 0x34, 0xE8, 0xB5, 0x7E, 0x33, 0xC8, 0xD3, 0xA0, + 0x48, 0x45, 0x4A, 0x61, 0x6D, 0xF3, 0xC9, 0xB5, + 0x6A, 0x6F, 0xF2, 0x02, 0x6A, 0xF9, 0x97, 0x72, + 0x5F, 0xC9, 0x55, 0x79, 0x04, 0x3B, 0xAE, 0x93, + 0x99, 0xB6, 0x79, 0x0D, 0x63, 0x7B, 0x4F, 0xA8, + 0x20, 0xB0, 0xB2, 0xD2, 0xCA, 0xB6, 0x07, 0xBA, + 0xF6, 0xA3, 0x72, 0x73, 0x4C, 0x31, 0xEE, 0x00, + 0x26, 0xF3, 0xC0, 0x76, 0xD1, 0x4A, 0x8E, 0x3E, + 0xE6, 0x6A, 0xAD, 0x8B, 0xBB, 0xCC, 0xEB, 0x9D, + 0xC7, 0x0C, 0x7B, 0x6B, 0xB0, 0xBB, 0x76, 0xC2, + 0x00, 0xC2, 0x31, 0x60, 0x1C, 0xA0, 0x87, 0x3E, + 0xC8, 0x71, 0x0F, 0x4B, 0x18, 0xD5, 0x72, 0x90, + 0xB0, 0x33, 0x72, 0x7C, 0x60, 0x1E, 0xDB, 0x71, + 0xC2, 0xB0, 0xF0, 0xC2, 0x1D, 0x55, 0x3E, 0x0E, + 0x7A, 0x4F, 0x77, 0x71, 0x68, 0x39, 0xC7, 0xC8, + 0x44, 0x8A, 0xBB, 0x9F, 0x66, 0xA5, 0x4E, 0x8A, + 0x4B, 0x08, 0xA7, 0x9D, 0x9A, 0x39, 0x2C, 0xA1, + 0x27, 0x00, 0x31, 0x38, 0x8B, 0xAD, 0x56, 0x21, + 0x7E, 0x32, 0xAE, 0xF5, 0x54, 0x11, 0x97, 0x49, + 0x06, 0xA2, 0x45, 0xC0, 0x07, 0x12, 0xB3, 0xCB, + 0xB1, 0x17, 0x06, 0x85, 0x19, 0x3F, 0xE2, 0x5A, + 0xCD, 0x7A, 0xC1, 0x3D, 0x32, 0x07, 0x3F, 0x38, + 0x79, 0xA5, 0xD7, 0x83, 0x75, 0xF0, 0x05, 0x2C, + 0xF7, 0x91, 0x75, 0xBA, 0xB4, 0x6D, 0x22, 0x37, + 0x05, 0x97, 0xBD, 0x06, 0x78, 0x9E, 0xDD, 0x07, + 0x11, 0xCC, 0x42, 0x43, 0x50, 0x7A, 0x02, 0xB4, + 0xFA, 0xAD, 0xBB, 0x62, 0x25, 0x0C, 0xC9, 0x97, + 0xAE, 0x03, 0x27, 0xAE, 0xB0, 0x0D, 0xEB, 0x52, + 0x91, 0x92, 0xA6, 0x4B, 0x10, 0x96, 0xA8, 0x6B, + 0x19, 0x67, 0x4D, 0x0B, 0x0A, 0xF0, 0x5C, 0x4A, + 0xAE, 0x17, 0x8C, 0x2C, 0x9A, 0x64, 0x42, 0xE9, + 0x4E, 0xD0, 0xA5, 0x60, 0x33, 0xA1, 0x1E, 0xE4, + 0x26, 0x32, 0xC0, 0xB4, 0xAA, 0x51, 0xD4, 0x21, + 0x50, 0x79, 0x0F, 0x41, 0x06, 0x2B, 0x77, 0x25, + 0x3C, 0x25, 0xBA, 0x4D, 0xE5, 0x59, 0x76, 0x1F, + 0x0A, 0x90, 0x06, 0x83, 0x89, 0x72, 0x8B, 0xC9, + 0x77, 0xF7, 0x0C, 0xF7, 0xBC, 0xCF, 0xBD, 0x88, + 0x3D, 0xF1, 0x3C, 0x79, 0xF5, 0xF2, 0xC3, 0x43, + 0x12, 0xCB, 0x1D, 0x5A, 0x55, 0xD7, 0x8C, 0x1B, + 0x24, 0x20, 0x96, 0xA8, 0xC0, 0x59, 0x3C, 0xFB, + 0x27, 0x53, 0x46, 0x0B, 0xD3, 0x0A, 0xBA, 0x30, + 0x6C, 0x74, 0x17, 0x39, 0x95, 0x74, 0x83, 0x85, + 0xD0, 0x0B, 0x36, 0x70, 0xE6, 0x13, 0x24, 0xD8, + 0x7D, 0xE8, 0xA1, 0x44, 0x50, 0xDC, 0x49, 0x37, + 0x68, 0x77, 0x7F, 0xF0, 0xCE, 0x68, 0x10, 0x93, + 0x7A, 0x71, 0x12, 0x29, 0x56, 0x1A, 0x5E, 0xF2, + 0xBB, 0x69, 0x86, 0x10, 0x74, 0xE0, 0x0B, 0xD9, + 0x32, 0x66, 0xE4, 0xB8, 0x62, 0x69, 0xE1, 0x8E, + 0xEA, 0x2C, 0xAA, 0xCB, 0x60, 0xA1, 0x35, 0x86, + 0x36, 0xCD, 0x7A, 0x7C, 0xA6, 0xBB, 0x68, 0x21, + 0x30, 0x24, 0x17, 0x84, 0xB1, 0x01, 0xEA, 0x5B, + 0xFD, 0x6C, 0x3A, 0x07, 0x15, 0x86, 0x21, 0x61, + 0x47, 0x36, 0xF6, 0x99, 0x6D, 0x5A, 0x4E, 0x14, + 0x96, 0x3A, 0x12, 0xD8, 0x36, 0xE5, 0x33, 0xA0, + 0xC8, 0x91, 0x2D, 0xB7, 0xE1, 0x16, 0x85, 0xA4, + 0xA5, 0x3D, 0x82, 0x85, 0xF0, 0x87, 0x50, 0xDF, + 0xF6, 0x6D, 0xA2, 0x7C, 0x23, 0xB9, 0x75, 0x42, + 0xDE, 0xFB, 0x99, 0xE4, 0x70, 0xAC, 0xD5, 0xE6, + 0x47, 0xC9, 0x40, 0xCB, 0x57, 0x30, 0x1B, 0x43, + 0xCC, 0x3E, 0x68, 0xE6, 0x4E, 0x28, 0xB0, 0x67, + 0x70, 0x69, 0x5E, 0xF6, 0x09, 0x26, 0x5E, 0x06, + 0xC6, 0x0F, 0x22, 0xCB, 0x87, 0x58, 0x49, 0xE6, + 0x2B, 0xAB, 0x88, 0xCC, 0x10, 0xEC, 0xF6, 0x22, + 0xC3, 0x79, 0xCB, 0x54, 0xF1, 0x3D, 0x8B, 0x2B, + 0xAC, 0x90, 0x2B, 0x9A, 0xB0, 0x2B, 0xB3, 0x30, + 0xB4, 0x5A, 0xC8, 0xB7, 0x41, 0xC2, 0x64, 0x7A, + 0xC4, 0x5B, 0x5B, 0xF4, 0x8A, 0x6D, 0x3F, 0xE0, + 0x39, 0x98, 0x6C, 0xC9, 0x40, 0xC6, 0x0A, 0x94, + 0xE6, 0x6C, 0xF6, 0x44, 0x53, 0x10, 0x16, 0xA5, + 0x27, 0x24, 0x50, 0x82, 0x43, 0x14, 0xB5, 0x66, + 0x2A, 0x0A, 0x90, 0x9A, 0xBF, 0xB4, 0x6F, 0xD2, + 0x7B, 0xAE, 0xD3, 0xAB, 0xA8, 0x25, 0x93, 0x61, + 0x59, 0x68, 0x82, 0xB0, 0x8B, 0x2A, 0xC7, 0x23, + 0x39, 0x30, 0xFC, 0x37, 0x86, 0x73, 0x8E, 0xD2, + 0xF8, 0x1E, 0xE6, 0x38, 0xC4, 0x5C, 0x3B, 0x9C, + 0xFD, 0x19, 0x51, 0xDB, 0x5B, 0xCC, 0x14, 0x45, + 0xC2, 0xC1, 0x62, 0x5D, 0x57, 0xD5, 0x7B, 0x53, + 0x90, 0x4B, 0x6A, 0x1A, 0xB6, 0x81, 0x58, 0x07, + 0x55, 0xE8, 0x9F, 0xA7, 0x97, 0x75, 0xA6, 0x57, + 0xCD, 0x62, 0xB4, 0x42, 0x63, 0x04, 0xBC, 0x0C, + 0x71, 0x1E, 0x28, 0x07, 0xA2, 0xC9, 0xE8, 0x52, + 0xD4, 0xB4, 0x35, 0x9E, 0xE6, 0xB5, 0x3E, 0x46, + 0x75, 0xF5, 0x23, 0xC9, 0x07, 0x82, 0x57, 0x2D, + 0xC7, 0x36, 0x8F, 0xB4, 0x00, 0xC3, 0x28, 0xC7, + 0x0F, 0xC8, 0x46, 0xB5, 0xE9, 0x8A, 0x43, 0x30, + 0xBB, 0xB6, 0x27, 0xBD, 0xD7, 0x84, 0xB4, 0xDA, + 0xF0, 0xB1, 0xF6, 0x45, 0x94, 0x49, 0x42, 0xB4, + 0xC2, 0xB6, 0x22, 0x5C, 0x8B, 0x31, 0xE9, 0x89, + 0x54, 0x55, 0x22, 0xBA, 0x6F, 0x10, 0x39, 0x60, + 0x34, 0xCB, 0x1C, 0xA7, 0x45, 0x97, 0x78, 0x44, + 0xD5, 0x70, 0x89, 0x4C, 0x61, 0x1A, 0x56, 0x08, + 0xA7, 0x57, 0x41, 0x6D, 0x6D, 0xE5, 0x99, 0x63, + 0xC3, 0x27, 0x98, 0xC4, 0x93, 0xEF, 0xD2, 0x26, + 0x4C, 0x23, 0x19, 0x10, 0xE9, 0xA3, 0x00, 0x90, + 0xCA, 0x7B, 0x53, 0x84, 0xF2, 0x31, 0xB8, 0x9B, + 0xA6, 0x8A, 0x23, 0x81, 0x90, 0xEF, 0x1A, 0x2A, + 0x43, 0xCB, 0x01, 0x70, 0x34, 0x70, 0xA0, 0xF0, + 0x61, 0xA7, 0x07, 0x38, 0x94, 0x4B, 0xCD, 0x9B, + 0x70, 0x04, 0xF2, 0x47, 0x97, 0xAE, 0xCB, 0x88, + 0xB1, 0x09, 0x1C, 0xFE, 0xD0, 0x59, 0x0B, 0x04, + 0x15, 0x45, 0x3C, 0x39, 0xB6, 0xEC, 0x45, 0xB6, + 0x63, 0x05, 0xFA, 0xEA, 0x6B, 0x55, 0xA4, 0xB7, + 0x96, 0x75, 0x05, 0xFE, 0x38, 0x62, 0xA2, 0x67, + 0xAD, 0xBF, 0xE0, 0x5B, 0x91, 0x81, 0xA0, 0x65, + 0x01, 0x89, 0x33, 0x91, 0x65, 0x0E, 0xAA, 0xA4, + 0xA6, 0xD1, 0x68, 0x53, 0x34, 0x92, 0x76, 0xF9, + 0x8E, 0x0F, 0x44, 0xCD, 0x72, 0x66, 0x15, 0xC6, + 0x1C, 0x16, 0x71, 0x30, 0x94, 0xD8, 0xAB, 0x09, + 0x3C, 0xAC, 0x71, 0xF2, 0x80, 0x3E, 0x7D, 0x39, + 0x10, 0x9E, 0xF5, 0x00, 0x9C, 0x9C, 0x2C, 0xDA, + 0xF7, 0xB7, 0xA6, 0xB3, 0x7A, 0x33, 0xA4, 0x98, + 0x81, 0xF4, 0xBB, 0x5D, 0x72, 0x45, 0xA1, 0x4C, + 0x50, 0x42, 0x28, 0x0C, 0x76, 0xA8, 0x4E, 0x63, + 0xF4, 0x9D, 0x0D, 0x61, 0x9D, 0x46, 0xD7, 0x23, + 0xBA, 0xA7, 0x47, 0xA3, 0xBA, 0x90, 0xA6, 0xFB, + 0x63, 0x7A, 0x9A, 0x1D, 0xC0, 0x22, 0x68, 0xFD, + 0x5C, 0x04, 0x3D, 0x18, 0xCB, 0xA1, 0x52, 0x8A, + 0xC8, 0xE2, 0x25, 0xC1, 0xF9, 0x23, 0xD1, 0xCC, + 0x84, 0xF2, 0xE7, 0x8E, 0x25, 0xDC, 0x3C, 0xCE, + 0x93, 0x53, 0xC9, 0xDA, 0xC2, 0xAD, 0x72, 0x6A, + 0x79, 0xF6, 0x49, 0x40, 0x80, 0x1D, 0xD5, 0x70, + 0x1E, 0xFB, 0xDC, 0xB8, 0x0A, 0x98, 0xA2, 0x59, + 0x93, 0xCD, 0x7F, 0x80, 0x59, 0x13, 0x20, 0xB6, + 0x31, 0x72, 0x71, 0x86, 0x47, 0xB9, 0x76, 0xA9, + 0x8A, 0x77, 0x16, 0x86, 0xF0, 0x12, 0x0A, 0x05, + 0x3B, 0x0C, 0x44, 0x74, 0x60, 0x43, 0x05, 0x89, + 0x0F, 0xEC, 0xAF, 0x23, 0x47, 0x5D, 0xDC, 0xC1, + 0x1B, 0xC0, 0x8A, 0x9C, 0x5F, 0x59, 0x2A, 0xBB, + 0x1A, 0x15, 0x3D, 0xB1, 0xB8, 0x83, 0xC0, 0x50, + 0x7E, 0xB6, 0x8F, 0x78, 0xE0, 0xA1, 0x4D, 0xEB, + 0xBF, 0xEE, 0xC6, 0x21, 0xE1, 0x0A, 0x69, 0xB6, + 0xDA, 0xAF, 0xAA, 0x91, 0x6B, 0x53, 0x95, 0x33, + 0xE5, 0x08, 0x00, 0x7C, 0x41, 0x88, 0xCE, 0x05, + 0xC8, 0x62, 0xD1, 0x01, 0xD4, 0xDB, 0x1D, 0xF3, + 0xC4, 0x50, 0x2B, 0x8C, 0x8A, 0xE1, 0x45, 0x74, + 0x88, 0xA3, 0x6E, 0xAD, 0x26, 0x65, 0xBF, 0xAC, + 0xB3, 0x21, 0x76, 0x02, 0x81, 0xDB, 0x9C, 0xA7, + 0x2C, 0x76, 0x14, 0x36, 0x34, 0x04, 0xA0, 0xA8, + 0xEA, 0xBC, 0x05, 0x8A, 0x23, 0xA3, 0x46, 0x87, + 0x5F, 0xA9, 0x6B, 0xB1, 0x8A, 0xC2, 0xCC, 0xF0, + 0x93, 0xB8, 0xA8, 0x55, 0x67, 0x38, 0x11, 0xCE, + 0xD4, 0x7C, 0xBE, 0x1E, 0xE8, 0x1D, 0x2C, 0xF0, + 0x7E, 0x43, 0xFC, 0x48, 0x72, 0x09, 0x08, 0x53, + 0x74, 0x31, 0x08, 0x86, 0x5F, 0x02, 0xC5, 0x61, + 0x2A, 0xA8, 0x71, 0x66, 0x70, 0x7E, 0xE9, 0x0F, + 0xFD, 0x5B, 0x80, 0x21, 0xF0, 0xAA, 0x01, 0x6E, + 0x5D, 0xBC, 0xD9, 0x1F, 0x57, 0xB3, 0x56, 0x2D, + 0x3A, 0x2B, 0xCF, 0xA2, 0x0A, 0x4C, 0x03, 0x01, + 0x0B, 0x8A, 0xA1, 0x44, 0xE6, 0x48, 0x28, 0x04, + 0xB4, 0x74, 0xFE, 0xC1, 0xF5, 0xE1, 0x38, 0xBE, + 0x63, 0x2A, 0x3B, 0x9C, 0x82, 0x48, 0x3D, 0xC6, + 0x89, 0x0A, 0x13, 0xB1, 0xE8, 0xEE, 0x6A, 0xF7, + 0x14, 0xEC, 0x5E, 0xFA, 0xC3, 0xB1, 0x97, 0x6B, + 0x29, 0xDA, 0xDB, 0x60, 0x5B, 0x14, 0xD3, 0x73, + 0x2B, 0x5D, 0xE1, 0x18, 0x59, 0x65, 0x16, 0x85, + 0x81, 0x17, 0xE2, 0x63, 0x4C, 0x4E, 0xA0, 0xCC + }; + static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { + 0xDF, 0xA6, 0xB9, 0xD7, 0x2A, 0x63, 0xB4, 0x20, + 0xB8, 0x9D, 0xDE, 0x50, 0xF7, 0xE0, 0xD5, 0x6E, + 0xCF, 0x87, 0x6B, 0xFE, 0xF9, 0x91, 0xFC, 0xE9, + 0x1C, 0x8D, 0x28, 0x6F, 0xA6, 0xEA, 0xBA, 0xC1, + 0x73, 0x0F, 0xD8, 0x77, 0x41, 0xFE, 0x4A, 0xD7, + 0x17, 0xB2, 0x82, 0xA2, 0x1E, 0x23, 0x5A, 0x55, + 0xC3, 0x75, 0x7D, 0x88, 0xD4, 0xCE, 0x62, 0xF4, + 0x14, 0xEB, 0x77, 0xEB, 0x9D, 0x35, 0x7E, 0xE2, + 0x9D, 0x00, 0x08, 0x7B, 0xF8, 0x11, 0x0E, 0x5B, + 0xBB, 0xC7, 0xC9, 0x04, 0x19, 0x07, 0x2E, 0xAE, + 0x04, 0x4B, 0xF7, 0xE1, 0x83, 0xD4, 0x3A, 0x94, + 0xB2, 0x63, 0x2A, 0xA1, 0x46, 0x49, 0x61, 0x9B, + 0x70, 0x64, 0x95, 0x21, 0xBC, 0x19, 0x37, 0x09, + 0x42, 0xEF, 0x70, 0xF3, 0x6C, 0x34, 0xC8, 0xC2, + 0x35, 0x91, 0xEE, 0x0C, 0xA7, 0x1A, 0x12, 0xD2, + 0x79, 0xE0, 0xF5, 0x2D, 0x39, 0xED, 0x0F, 0x91, + 0x3F, 0x8C, 0x26, 0x26, 0x21, 0xFB, 0x24, 0x2E, + 0x68, 0x0D, 0xEB, 0x30, 0x7B, 0x07, 0x49, 0xC6, + 0xB3, 0x93, 0xA8, 0xEF, 0x66, 0xF8, 0xB0, 0x4A, + 0xAF, 0xA8, 0x77, 0xB9, 0x51, 0xAB, 0x93, 0xF5, + 0x98, 0xB4, 0xB2, 0xFA, 0xB0, 0x4F, 0x88, 0xAC, + 0x80, 0x39, 0x84, 0xFF, 0x37, 0xE3, 0xFE, 0x74, + 0xF3, 0xA6, 0x16, 0xD5, 0x31, 0x4E, 0xB3, 0xA8, + 0x26, 0xF8, 0x74, 0xF8, 0xEC, 0xD3, 0xA5, 0x64, + 0x7D, 0x04, 0x94, 0x2A, 0x57, 0xEF, 0xC0, 0x96, + 0x38, 0x47, 0x0D, 0xC0, 0xA9, 0xDF, 0x40, 0xB3, + 0x17, 0x57, 0x1D, 0x39, 0x84, 0xA7, 0x8C, 0xF7, + 0xD1, 0x17, 0x51, 0x09, 0x07, 0x22, 0xB3, 0x05, + 0x9E, 0x07, 0x59, 0x1C, 0xC4, 0xA2, 0xED, 0x9B, + 0xA0, 0xDC, 0xE9, 0x9B, 0xE9, 0xE5, 0xEE, 0x5D, + 0xB8, 0xD6, 0x98, 0xCD, 0xEB, 0x58, 0x14, 0x75, + 0x9B, 0xA9, 0x77, 0xC9, 0x00, 0x79, 0xCF, 0x2A, + 0xFD, 0xE4, 0x78, 0x06, 0x9C, 0x51, 0x3A, 0x60, + 0x09, 0x1A, 0x3A, 0x5D, 0x01, 0x11, 0xE2, 0x2D, + 0xE0, 0x6C, 0xB1, 0x45, 0xC1, 0x4E, 0x22, 0xA2, + 0x14, 0xCB, 0x27, 0x8C, 0x81, 0x52, 0xB0, 0x68, + 0x1B, 0xCA, 0xFF, 0x54, 0xD5, 0x52, 0xB5, 0x4A, + 0x67, 0x1C, 0x0D, 0xFE, 0xF7, 0x75, 0xE7, 0xC5, + 0x4F, 0xEF, 0xC4, 0x85, 0x38, 0x68, 0xC9, 0x55, + 0x97, 0x1A, 0xBD, 0xAC, 0x2A, 0x76, 0x29, 0x2C, + 0xCC, 0xD4, 0xFD, 0x1C, 0x70, 0x6B, 0x7D, 0x36, + 0x14, 0x15, 0x96, 0x73, 0xE9, 0xD7, 0xB2, 0x9A, + 0x2D, 0x3F, 0x63, 0x36, 0x31, 0x29, 0xE7, 0xA2, + 0x1E, 0x80, 0x3A, 0x46, 0x0F, 0x27, 0x14, 0xE3, + 0xE2, 0x59, 0x22, 0x78, 0x0A, 0xF3, 0x82, 0x57, + 0xCD, 0x14, 0x95, 0xAC, 0xD1, 0xE0, 0x19, 0x80, + 0x63, 0x8D, 0xF5, 0x8A, 0x15, 0x3D, 0xAB, 0x07, + 0xEF, 0xB5, 0xC7, 0xE7, 0x8A, 0xDA, 0xCF, 0x63, + 0x19, 0x56, 0xD6, 0x9C, 0xCD, 0xA0, 0x70, 0x45, + 0x95, 0x68, 0xBD, 0x9D, 0x11, 0xA2, 0x93, 0x4B, + 0xCF, 0x16, 0x43, 0xBC, 0x99, 0x46, 0x82, 0x38, + 0x91, 0x0B, 0x1F, 0x74, 0x2E, 0xBB, 0x3C, 0x03, + 0xD3, 0x9F, 0xD4, 0x5C, 0xFB, 0x85, 0xBA, 0x30, + 0x9E, 0x29, 0xDD, 0x9B, 0x5C, 0xD5, 0x60, 0x81, + 0x9E, 0xC7, 0x29, 0xFC, 0xAC, 0x8B, 0x9D, 0x72, + 0x5E, 0x3E, 0x8A, 0xBE, 0xDE, 0x4B, 0x52, 0x98, + 0xA8, 0x65, 0x8E, 0xE3, 0xF7, 0x81, 0xB0, 0xCE, + 0x68, 0x3C, 0xBB, 0x73, 0x35, 0xCD, 0x57, 0xEF, + 0xE2, 0x20, 0x4A, 0x8F, 0x19, 0x74, 0x46, 0xD7, + 0x31, 0x4C, 0xDB, 0xF4, 0xC5, 0xD0, 0x8C, 0xCC, + 0x41, 0xF8, 0x08, 0x57, 0xCC, 0x95, 0x71, 0xFB, + 0xFB, 0x90, 0x60, 0x60, 0xF7, 0xE1, 0x7C, 0x8C, + 0xEF, 0x0F, 0x27, 0x4A, 0xFF, 0x83, 0xE3, 0x93, + 0xB1, 0x5F, 0x2F, 0x95, 0x89, 0xA1, 0x3A, 0xF4, + 0xBC, 0x78, 0xE1, 0x6C, 0xDD, 0xE6, 0x23, 0x61, + 0xD6, 0x3B, 0x8D, 0xC9, 0x03, 0xB7, 0x0C, 0x01, + 0xA4, 0x34, 0x19, 0xCD, 0x20, 0x52, 0x15, 0x0B, + 0xD2, 0x87, 0x19, 0xF6, 0x1F, 0xF3, 0x1F, 0x4A, + 0x9B, 0xEC, 0x4D, 0xDB, 0xCE, 0xC1, 0xF8, 0xFB, + 0x2E, 0xFB, 0xF3, 0x7D, 0xFF, 0xFA, 0x4C, 0x7F, + 0xEC, 0xA8, 0xCE, 0x6D, 0x62, 0x6B, 0xFD, 0xA1, + 0x6E, 0xE7, 0x08, 0xD9, 0x20, 0x68, 0x14, 0xA2, + 0xEF, 0x98, 0x85, 0x25, 0x61, 0x5D, 0x4A, 0xC9, + 0xBE, 0x60, 0x8C, 0x4B, 0x03, 0xAB, 0xEE, 0x95, + 0xB3, 0x2A, 0x5D, 0xB7, 0x4A, 0x96, 0x11, 0x9A, + 0x7E, 0x15, 0x9A, 0xF9, 0x9C, 0xD9, 0x8E, 0x88, + 0xEA, 0xF0, 0x9F, 0x0D, 0x78, 0x0E, 0x7C, 0x7E, + 0x81, 0x4B, 0x8E, 0x88, 0xB4, 0xF4, 0xE1, 0x5F, + 0xA5, 0x49, 0x95, 0xD0, 0xEC, 0xBA, 0xD3, 0xEF, + 0x04, 0x6A, 0x49, 0x47, 0xF3, 0xE8, 0xB9, 0xE7, + 0x44, 0x24, 0x14, 0x89, 0xB8, 0x06, 0xFE, 0x94, + 0x01, 0xE7, 0x8B, 0xAF, 0xC8, 0xE8, 0x82, 0xE9, + 0xD6, 0xD0, 0x70, 0x0F, 0x72, 0x0C, 0x00, 0x24, + 0xE7, 0xDA, 0x49, 0x06, 0x1C, 0x5D, 0x18, 0xA6, + 0x20, 0x74, 0x04, 0x0A, 0xBC, 0x00, 0x03, 0x20, + 0x0E, 0xD4, 0x65, 0x23, 0x17, 0x97, 0x93, 0x0A, + 0x2E, 0x2A, 0xA5, 0x01, 0xF6, 0x48, 0x62, 0xDD, + 0xA1, 0x30, 0x14, 0xA9, 0x9F, 0x9D, 0x32, 0x70, + 0xAA, 0x90, 0x7E, 0xEB, 0x3F, 0xDB, 0xFF, 0x29, + 0x16, 0x00, 0xDF, 0x1F, 0x6B, 0x39, 0x68, 0x4B, + 0x11, 0xE3, 0x96, 0xB7, 0x0D, 0x86, 0xF9, 0x04, + 0x92, 0xE8, 0x2B, 0x09, 0xBA, 0x25, 0x60, 0x7B, + 0x0C, 0x28, 0x6F, 0xBC, 0x07, 0x01, 0x82, 0xAC, + 0x76, 0xFA, 0x7C, 0x85, 0x9A, 0xAF, 0xEA, 0x87, + 0x01, 0x6A, 0xED, 0x22, 0xC3, 0x60, 0x5A, 0x27, + 0x89, 0xA1, 0xD4, 0x39, 0xFD, 0x8D, 0x93, 0x33, + 0x42, 0xDA, 0xB7, 0x45, 0xA3, 0xE5, 0x50, 0xE7, + 0xD7, 0x7C, 0x01, 0xA6, 0x23, 0x4B, 0xDA, 0x7D, + 0x6B, 0xB1, 0x9D, 0x49, 0x5E, 0x65, 0x60, 0xFC, + 0xE8, 0x39, 0x6F, 0xC3, 0xC6, 0xE0, 0x88, 0xED, + 0x60, 0xF5, 0xF2, 0x77, 0x14, 0x16, 0xEA, 0x3B, + 0xE5, 0xBE, 0x47, 0x2B, 0x64, 0x04, 0x90, 0x6C, + 0x91, 0xE7, 0x1D, 0x9A, 0x86, 0x72, 0xF3, 0x90, + 0x08, 0x36, 0x55, 0xAB, 0x7D, 0x0E, 0xC6, 0xED, + 0xFE, 0x86, 0x78, 0x9C, 0xE2, 0x0B, 0xE2, 0xEA, + 0x90, 0xCA, 0x5C, 0xC3, 0x14, 0x16, 0xFB, 0x24, + 0xCB, 0xAF, 0x94, 0xDA, 0x14, 0x68, 0xFE, 0x69, + 0x6B, 0xCD, 0xF5, 0x24, 0x7C, 0xF1, 0x17, 0xCB, + 0xE9, 0x33, 0x40, 0x76, 0xCA, 0x68, 0x96, 0xB2, + 0xF6, 0xA0, 0x16, 0xB1, 0xF7, 0xC7, 0x37, 0x28, + 0x80, 0x78, 0x98, 0xD8, 0xB1, 0x99, 0x75, 0x6C, + 0x2B, 0x0A, 0xA2, 0x45, 0x7E, 0x1B, 0x4F, 0x77, + 0x54, 0xC4, 0x57, 0x6C, 0xE5, 0x64, 0x56, 0x14, + 0xEA, 0x15, 0xC1, 0xAE, 0x28, 0xB0, 0x94, 0xEB, + 0x21, 0x7C, 0x7A, 0x7A, 0x41, 0x23, 0x95, 0x76, + 0xCB, 0xDA, 0x38, 0x0E, 0xE6, 0x87, 0x83, 0x43, + 0x27, 0x30, 0xAD, 0x5E, 0xBE, 0x7F, 0x51, 0xD6, + 0xBE, 0x7F, 0xB0, 0x2A, 0xB3, 0x7B, 0xE0, 0xC9, + 0x6A, 0xAC, 0x9F, 0x3C, 0x79, 0x0A, 0x18, 0xD1, + 0x59, 0xE6, 0xBA, 0xBA, 0x71, 0xEC, 0x88, 0xC1, + 0x10, 0xFD, 0x84, 0xC3, 0x36, 0xDF, 0x63, 0x0F, + 0x27, 0x1C, 0xF7, 0x93, 0x28, 0xB6, 0xC8, 0x79, + 0xDF, 0x7C, 0xDE, 0x0F, 0x70, 0x71, 0x22, 0x20, + 0xB1, 0xFB, 0xB9, 0xAC, 0xB4, 0x82, 0x48, 0xD9, + 0x1F, 0x0E, 0x2B, 0x6E, 0x3B, 0xE4, 0x0C, 0x2B, + 0x22, 0x1E, 0x62, 0x6E, 0x7E, 0x33, 0x0D, 0x9D, + 0x83, 0xCC, 0x06, 0x68, 0xF7, 0x30, 0x85, 0x91, + 0xE1, 0x4C, 0x7D, 0x72, 0xB8, 0x41, 0xA6, 0xF0, + 0x5F, 0x3F, 0xDC, 0x13, 0x9E, 0xEC, 0xC1, 0x53, + 0x67, 0x65, 0x65, 0x0B, 0x55, 0xA9, 0xCE, 0xC6, + 0xBB, 0xF5, 0x4C, 0xCE, 0xC5, 0xC3, 0xAC, 0x9A, + 0x0E, 0x39, 0xF4, 0x8F, 0x23, 0x7B, 0xD4, 0xC6, + 0x60, 0xCB, 0x1A, 0x8D, 0x25, 0x0B, 0xB6, 0xC8, + 0xC0, 0x10, 0xFE, 0xC3, 0x4C, 0xC3, 0xD9, 0x15, + 0x99, 0x27, 0x1C, 0x75, 0x31, 0x33, 0x0F, 0x12, + 0xA3, 0xE4, 0x4F, 0xAF, 0xD9, 0x05, 0xD2, 0xC6 + }; + static const byte kprime_768[KYBER_SS_SZ] = { + 0xBD, 0x72, 0x56, 0xB2, 0x42, 0xF4, 0x04, 0x86, + 0x9D, 0x66, 0x2F, 0x80, 0xBF, 0x67, 0x7A, 0x16, + 0xC0, 0xC6, 0xFC, 0x15, 0x68, 0xCC, 0xA5, 0xB6, + 0x45, 0x82, 0xA0, 0x1A, 0x6A, 0x14, 0x2D, 0x71 + }; +#endif +#ifndef WOLFSSL_NO_KYBER1024 + static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { + 0x0F, 0xEA, 0x26, 0xC4, 0xA5, 0x44, 0xA5, 0x14, + 0x44, 0x4A, 0x97, 0x1B, 0x5C, 0x5A, 0x82, 0x58, + 0x27, 0xC0, 0x9D, 0x42, 0x46, 0x9E, 0x59, 0x34, + 0x4C, 0xF2, 0xAC, 0x06, 0xA2, 0x8D, 0x33, 0xE9, + 0xA0, 0x12, 0xCA, 0xA3, 0x71, 0x7B, 0x2C, 0x3B, + 0x29, 0x0A, 0x07, 0x15, 0x82, 0x11, 0x09, 0xC4, + 0xCC, 0xEA, 0xC4, 0x9F, 0x34, 0x1D, 0xAD, 0xD3, + 0x77, 0xD4, 0x2A, 0x37, 0x26, 0x19, 0x16, 0xAC, + 0x7B, 0xB9, 0xE4, 0x1C, 0x09, 0x6C, 0xA8, 0x18, + 0x1C, 0xF5, 0x83, 0x50, 0x57, 0x3F, 0x60, 0x56, + 0x84, 0xA1, 0xBC, 0xA5, 0x3D, 0x88, 0x25, 0x74, + 0x53, 0xC5, 0x35, 0x16, 0x5C, 0x4E, 0xD7, 0x2A, + 0x9F, 0xF0, 0x56, 0x45, 0x71, 0x29, 0x01, 0xF6, + 0x6C, 0x10, 0xD0, 0x4F, 0x5E, 0xB4, 0xA2, 0xEC, + 0x37, 0x72, 0xE9, 0x49, 0x8E, 0x9D, 0xC4, 0x4B, + 0xBD, 0xAB, 0x71, 0xBB, 0xDB, 0xBC, 0xFC, 0x85, + 0xB8, 0x01, 0x36, 0x30, 0x89, 0xEA, 0x60, 0xEF, + 0xE5, 0x86, 0xE1, 0xE2, 0x18, 0x0C, 0x38, 0xB2, + 0xE7, 0xB4, 0xA6, 0x3E, 0xD6, 0x07, 0x49, 0x0B, + 0xC5, 0xBA, 0x7A, 0x58, 0xAC, 0x3B, 0x1C, 0x0E, + 0x43, 0x96, 0x72, 0x00, 0xC7, 0x98, 0x02, 0x90, + 0xEB, 0xF4, 0x11, 0x82, 0x84, 0x39, 0xEE, 0x8C, + 0x8E, 0x61, 0x29, 0xB2, 0x58, 0xE1, 0x3D, 0x12, + 0x7C, 0xB1, 0x5A, 0x00, 0xCB, 0x7B, 0x46, 0x8D, + 0x40, 0x23, 0xB5, 0x09, 0x7B, 0x9B, 0x2E, 0x50, + 0x9B, 0x50, 0xE8, 0x90, 0xB6, 0x3B, 0x47, 0x07, + 0x48, 0x79, 0x61, 0xA2, 0x9E, 0x18, 0x65, 0x6D, + 0xD2, 0xD0, 0x9E, 0x6A, 0x3B, 0x88, 0x43, 0xE2, + 0x84, 0x3C, 0xB4, 0x85, 0x4F, 0x18, 0x11, 0x6E, + 0x71, 0x7D, 0xDB, 0x03, 0x55, 0xA7, 0x51, 0x35, + 0xB2, 0x02, 0x6A, 0x75, 0x2C, 0x8E, 0x7F, 0xF1, + 0x8E, 0x0F, 0x4A, 0x39, 0x1C, 0xA3, 0x7F, 0x5B, + 0x2B, 0xCC, 0x88, 0xC9, 0x99, 0xB4, 0xE4, 0x77, + 0x50, 0xC4, 0x65, 0x47, 0xEC, 0x07, 0x6A, 0xC2, + 0x15, 0x30, 0x72, 0x2C, 0xFA, 0xF9, 0x67, 0x99, + 0x61, 0xC9, 0x86, 0x88, 0xC3, 0x56, 0x2B, 0x17, + 0xCC, 0x80, 0x81, 0x46, 0xA1, 0x25, 0x72, 0xC9, + 0xB5, 0xFF, 0x15, 0x1A, 0xAB, 0x54, 0x41, 0x09, + 0x01, 0x84, 0x0E, 0x26, 0x42, 0x39, 0x87, 0xC5, + 0xE0, 0xD2, 0x8E, 0xF2, 0xEA, 0x53, 0xEA, 0xE5, + 0x95, 0x1E, 0x62, 0xAC, 0x7B, 0xD5, 0x18, 0xB9, + 0x83, 0x0A, 0x4D, 0xBC, 0xCE, 0x6A, 0x93, 0x65, + 0x91, 0xEA, 0x8E, 0xF2, 0x75, 0x07, 0x8A, 0x09, + 0x73, 0x85, 0x2A, 0x4D, 0x13, 0x04, 0x95, 0xD0, + 0x0B, 0x3F, 0x21, 0x85, 0x15, 0x99, 0x90, 0x1C, + 0xFD, 0xF9, 0x36, 0x83, 0x44, 0xC8, 0x10, 0x42, + 0x2F, 0xFE, 0xA0, 0x8A, 0xED, 0xCB, 0x1A, 0x7F, + 0xD3, 0x62, 0x5F, 0x26, 0xB0, 0x34, 0x81, 0x2F, + 0xA3, 0x07, 0xAB, 0x2C, 0x20, 0x94, 0x54, 0x65, + 0x54, 0x6D, 0x31, 0xA3, 0x41, 0xA4, 0x01, 0x3D, + 0x81, 0x89, 0xB4, 0xF5, 0x0F, 0xE8, 0x60, 0xA6, + 0x68, 0xDA, 0xC7, 0xB1, 0x03, 0x44, 0x1E, 0x96, + 0x1F, 0xCE, 0xB0, 0xC5, 0xB1, 0xF3, 0x4D, 0xF2, + 0xE5, 0x98, 0xC6, 0xD8, 0xCF, 0x60, 0xB8, 0x64, + 0x15, 0x0C, 0x70, 0x3D, 0x2B, 0xBE, 0xAC, 0x9B, + 0x00, 0x1A, 0xA2, 0x10, 0x81, 0x47, 0xAE, 0x6B, + 0x8A, 0xAE, 0x2C, 0x77, 0x91, 0xDB, 0xE9, 0x56, + 0xC1, 0xF9, 0xB2, 0x04, 0x7A, 0x15, 0x76, 0x09, + 0x43, 0x87, 0x06, 0x4C, 0x3A, 0x80, 0x1B, 0x0D, + 0x89, 0xC9, 0x96, 0xA5, 0xCF, 0xA3, 0xB0, 0x12, + 0xC1, 0x44, 0x38, 0xB9, 0xF3, 0x53, 0x0C, 0x0C, + 0x5F, 0xA9, 0x38, 0x9F, 0x10, 0xFB, 0x3E, 0xF1, + 0xE2, 0x01, 0x33, 0x38, 0x41, 0x5F, 0x7B, 0x1D, + 0xB4, 0x11, 0xAD, 0xF9, 0x1C, 0x73, 0xB6, 0x45, + 0x6B, 0x68, 0xAB, 0x7C, 0xFC, 0x7B, 0xC9, 0x29, + 0xE4, 0x4E, 0x58, 0xEB, 0x34, 0xCA, 0x10, 0xAE, + 0x31, 0xF0, 0x3B, 0x2C, 0x3B, 0xA6, 0xCC, 0xA2, + 0x7E, 0xB3, 0x5C, 0xB1, 0x37, 0x9A, 0x13, 0x0A, + 0xAC, 0x87, 0xE3, 0xB8, 0x75, 0xCF, 0xE2, 0x53, + 0xAF, 0x03, 0xC4, 0xBD, 0x78, 0x3F, 0x18, 0xC5, + 0xA2, 0xF8, 0x49, 0x2B, 0xBF, 0x7C, 0x56, 0x87, + 0x55, 0x98, 0xB1, 0xB6, 0x3F, 0xE6, 0xCB, 0x06, + 0x94, 0xD0, 0x48, 0x0C, 0xA1, 0xC8, 0xF8, 0x86, + 0x7C, 0x11, 0xB8, 0xBF, 0x33, 0xA3, 0x2C, 0x20, + 0xB7, 0x9F, 0x9C, 0xA4, 0x86, 0x85, 0x86, 0x10, + 0xB1, 0x97, 0x83, 0xBE, 0xF7, 0x84, 0xBF, 0x6B, + 0x0F, 0x85, 0x8C, 0x1A, 0x79, 0x11, 0x30, 0xDA, + 0x69, 0x57, 0xF2, 0x12, 0x23, 0x4E, 0xC9, 0x86, + 0x79, 0x81, 0x4B, 0xE8, 0x39, 0xBF, 0x11, 0x0B, + 0x45, 0xC1, 0xC8, 0x83, 0xEC, 0xDC, 0x3D, 0xB3, + 0xF8, 0x22, 0xA4, 0xF7, 0xC1, 0x25, 0x56, 0x6E, + 0xD1, 0x66, 0x35, 0x68, 0xC8, 0x41, 0x3C, 0xD0, + 0x1C, 0x22, 0x46, 0x7A, 0xD5, 0x20, 0x1A, 0x0A, + 0xDC, 0x76, 0x34, 0x35, 0xA2, 0xCB, 0x05, 0xCD, + 0xC4, 0x70, 0x72, 0xA9, 0x43, 0x70, 0xF5, 0xB4, + 0x34, 0xF7, 0x5C, 0x07, 0x8B, 0x41, 0x59, 0x93, + 0xE8, 0x54, 0xDD, 0xE1, 0x7B, 0xBF, 0x86, 0xC0, + 0xC6, 0xC9, 0xA3, 0x24, 0x85, 0x32, 0xD9, 0xC2, + 0x13, 0x9E, 0xF3, 0xC7, 0x5A, 0x9B, 0xC6, 0x93, + 0x78, 0x10, 0x60, 0xDC, 0xAE, 0x2F, 0xFA, 0x58, + 0xD9, 0xCC, 0x54, 0x8F, 0x19, 0xC1, 0xCE, 0x53, + 0x64, 0x88, 0x0C, 0x7F, 0xB5, 0x0C, 0xC7, 0xBE, + 0x40, 0x53, 0x12, 0xD6, 0xCC, 0x94, 0x03, 0x76, + 0x18, 0xF3, 0x88, 0xC4, 0x90, 0xAF, 0x8F, 0x61, + 0xB9, 0xB4, 0x04, 0x4C, 0xF7, 0x5A, 0x5C, 0xD7, + 0x1A, 0x15, 0x85, 0x3B, 0x5F, 0xD6, 0x22, 0x4C, + 0x6B, 0x95, 0x90, 0xE5, 0x85, 0x01, 0xD2, 0x81, + 0x42, 0x00, 0xC9, 0x19, 0xF2, 0x83, 0xCC, 0x2B, + 0x49, 0xAD, 0x8B, 0xFA, 0x5B, 0xAA, 0xA2, 0x97, + 0x7F, 0x03, 0x82, 0x3F, 0x60, 0x9E, 0xFB, 0x24, + 0x26, 0xF9, 0x36, 0xC3, 0x02, 0x87, 0x09, 0x7B, + 0xD6, 0xB7, 0xBD, 0xC6, 0x78, 0x62, 0x85, 0x88, + 0x83, 0xDB, 0x59, 0x54, 0x08, 0x04, 0x29, 0xB9, + 0xCD, 0x02, 0xCA, 0x96, 0xBC, 0x1C, 0xCB, 0xDB, + 0x51, 0x21, 0xDF, 0xF8, 0x05, 0xB0, 0x82, 0x4A, + 0xEE, 0x99, 0x9E, 0x2B, 0xBB, 0x2D, 0x82, 0x35, + 0x3E, 0x6D, 0x3A, 0x30, 0x07, 0x92, 0x78, 0x10, + 0x58, 0xC5, 0x6E, 0xF7, 0x09, 0x8A, 0xB3, 0x58, + 0x4E, 0xA0, 0x62, 0x1E, 0x20, 0x33, 0x7D, 0x3A, + 0x97, 0x5D, 0x93, 0xCF, 0x32, 0x58, 0x6D, 0x6A, + 0x71, 0xA2, 0xC4, 0xBB, 0xB2, 0x02, 0xB8, 0x53, + 0xFF, 0x09, 0xC4, 0x07, 0xB4, 0x3B, 0x1C, 0x19, + 0xB1, 0xC4, 0xCC, 0xB8, 0x21, 0x48, 0x2D, 0xDD, + 0x27, 0x37, 0x81, 0x77, 0xAA, 0x7F, 0x61, 0x78, + 0x49, 0x7C, 0x3F, 0xBA, 0x79, 0x71, 0x53, 0x84, + 0x8C, 0x5D, 0x0B, 0x1F, 0x40, 0xB5, 0x4E, 0x9D, + 0x51, 0x93, 0x90, 0x4A, 0x30, 0x3F, 0x72, 0x5F, + 0x0C, 0xCC, 0x66, 0xC6, 0xCC, 0xB1, 0x58, 0x85, + 0x06, 0x05, 0x34, 0x6D, 0xB4, 0x2B, 0x87, 0x7D, + 0xD9, 0xCE, 0xA5, 0xF6, 0x9C, 0x12, 0xB2, 0x21, + 0xC7, 0xEC, 0x51, 0x00, 0xF7, 0x65, 0x87, 0xB9, + 0x83, 0x4B, 0xC0, 0xC6, 0x41, 0x53, 0x8F, 0x83, + 0xE8, 0x5B, 0xB3, 0x09, 0x0D, 0xBA, 0xFB, 0xCB, + 0x0B, 0x71, 0x18, 0xFF, 0x7C, 0x97, 0xE9, 0x52, + 0x63, 0x15, 0x70, 0x41, 0xF8, 0xAC, 0x40, 0x52, + 0xD0, 0x40, 0x35, 0x00, 0xCC, 0x4F, 0x68, 0x94, + 0x55, 0x97, 0x4C, 0xEB, 0x5B, 0x07, 0x67, 0x90, + 0xA0, 0x50, 0xE0, 0xB3, 0xF6, 0x77, 0x2A, 0x77, + 0x67, 0x54, 0x1F, 0xF6, 0xB6, 0x7B, 0x2A, 0x1D, + 0x54, 0x07, 0x82, 0x06, 0x47, 0x68, 0x8F, 0x36, + 0x0A, 0x2B, 0x01, 0x47, 0x37, 0x67, 0x71, 0x29, + 0x09, 0xB2, 0x27, 0x65, 0x8B, 0xE6, 0x45, 0x78, + 0x48, 0xC4, 0x40, 0x75, 0x71, 0x68, 0x06, 0x18, + 0x88, 0x58, 0x9C, 0xB0, 0x5A, 0x99, 0x9E, 0x55, + 0x49, 0x67, 0x91, 0xB1, 0x1A, 0xF2, 0x06, 0x6B, + 0xB8, 0xCA, 0x74, 0x60, 0x51, 0xC4, 0x68, 0x0A, + 0x0B, 0xC0, 0x73, 0x82, 0x41, 0x2A, 0xB8, 0xB8, + 0xA3, 0x19, 0xDB, 0xC7, 0x94, 0xDD, 0xC6, 0x94, + 0xBF, 0xDB, 0x81, 0x3F, 0x80, 0xB5, 0x8B, 0x72, + 0x21, 0x8D, 0xD6, 0x4D, 0xFC, 0xDB, 0xA1, 0xAB, + 0x48, 0xA9, 0x4F, 0x7A, 0x8D, 0xCA, 0x92, 0x66, + 0xCD, 0x15, 0xA4, 0x2D, 0x9B, 0xA5, 0xFB, 0x67, + 0x67, 0xA9, 0x55, 0x52, 0x6C, 0x05, 0x0D, 0xE2, + 0x59, 0x8B, 0x11, 0x2A, 0x2B, 0x10, 0x3A, 0xA2, + 0xD1, 0xF0, 0x60, 0x6F, 0xE6, 0x8A, 0x55, 0x19, + 0x1E, 0xF5, 0x3B, 0x30, 0x2F, 0x7C, 0x19, 0x22, + 0xC3, 0x01, 0xCE, 0xEA, 0x98, 0x9A, 0x62, 0x13, + 0x40, 0x90, 0xA8, 0x60, 0x76, 0x77, 0x6F, 0xA4, + 0x46, 0x27, 0xB7, 0x31, 0x63, 0x86, 0x57, 0x6A, + 0x67, 0x81, 0x75, 0xB2, 0x18, 0xE6, 0xF4, 0x82, + 0xB5, 0x2B, 0xC6, 0x02, 0x7B, 0xBE, 0xB3, 0x46, + 0x98, 0xB9, 0x80, 0x2F, 0xD6, 0x76, 0x34, 0xC1, + 0xA9, 0x4D, 0xD4, 0xC5, 0xCD, 0x49, 0xEC, 0x6E, + 0x2D, 0x66, 0x5F, 0x72, 0x77, 0x81, 0xD1, 0xEC, + 0x10, 0xAA, 0xF6, 0x6A, 0xD8, 0x27, 0x9B, 0x9B, + 0xF2, 0x4C, 0x99, 0xE8, 0x75, 0xEC, 0x94, 0x35, + 0x2D, 0x96, 0x05, 0xFA, 0x30, 0xCB, 0x3D, 0x8B, + 0x26, 0x86, 0xB0, 0x39, 0x71, 0xA7, 0x60, 0xB3, + 0x05, 0x3B, 0x34, 0x34, 0x6D, 0x0D, 0x71, 0xB4, + 0x4D, 0x8B, 0x7D, 0x2E, 0xA6, 0x1A, 0x5C, 0x10, + 0xA9, 0x33, 0xD3, 0x8B, 0xA4, 0x83, 0x36, 0x71, + 0x11, 0x74, 0x54, 0x61, 0x47, 0xD4, 0x4B, 0x29, + 0x14, 0xF8, 0x56, 0x89, 0xD9, 0xC1, 0xBF, 0x00, + 0x37, 0xC7, 0xF7, 0x37, 0x7C, 0xD9, 0x30, 0xCF, + 0xF6, 0x0F, 0x84, 0xB0, 0xA2, 0x00, 0x5D, 0x3E, + 0xFE, 0x55, 0xC7, 0x31, 0x1B, 0x1B, 0x61, 0x32, + 0x76, 0x8B, 0x52, 0x90, 0xD8, 0x36, 0xB8, 0x2B, + 0xC4, 0x43, 0xC3, 0x2B, 0x4F, 0xEC, 0x96, 0x02, + 0x19, 0xDB, 0x21, 0x32, 0xF7, 0x99, 0x0A, 0xD6, + 0x84, 0xA3, 0x72, 0x9F, 0x3D, 0x1A, 0x2C, 0xEA, + 0x3A, 0x1F, 0xE4, 0xB1, 0x26, 0x75, 0xC4, 0x89, + 0xEF, 0x33, 0x19, 0x8F, 0x01, 0xA1, 0x06, 0x80, + 0x6E, 0xFC, 0xE8, 0x92, 0x1D, 0xC4, 0x6E, 0x97, + 0x1C, 0x0A, 0x0A, 0x56, 0x4A, 0xF9, 0xE5, 0x6C, + 0xA7, 0x27, 0xA7, 0x64, 0x1C, 0x56, 0x8C, 0x95, + 0xAA, 0x59, 0x56, 0x91, 0x0B, 0x28, 0x84, 0x29, + 0xF8, 0x0E, 0xE7, 0x22, 0x6E, 0x9D, 0xC4, 0x06, + 0x7E, 0x34, 0x94, 0x4F, 0x06, 0x92, 0x6D, 0x44, + 0xB2, 0xCF, 0x87, 0x64, 0xF7, 0x13, 0x59, 0x3B, + 0x44, 0x29, 0xF8, 0x2B, 0x8F, 0xCC, 0x60, 0x77, + 0x98, 0x91, 0x6B, 0x81, 0x5B, 0x90, 0x98, 0x33, + 0x0E, 0xC3, 0x34, 0x29, 0x0D, 0xB8, 0xC0, 0x4B, + 0x08, 0x3D, 0xF3, 0xCA, 0x10, 0xCE, 0x35, 0x75, + 0x07, 0x30, 0x28, 0xE9, 0x94, 0xA2, 0x5B, 0xE7, + 0x28, 0x78, 0x49, 0x2F, 0xE1, 0xB6, 0x96, 0xBA, + 0x5C, 0xB1, 0xA7, 0x73, 0x19, 0x3A, 0x3B, 0x28, + 0xA4, 0xF4, 0x40, 0xAE, 0x58, 0x2D, 0xC7, 0xC2, + 0x4F, 0xE7, 0x45, 0x1D, 0x66, 0x76, 0x23, 0x2B, + 0xB9, 0x61, 0xC5, 0x04, 0x0C, 0x9E, 0x52, 0x01, + 0xAA, 0xF3, 0xCD, 0x4D, 0xE4, 0x0A, 0xD5, 0xA9, + 0x57, 0x8A, 0xF5, 0x28, 0x10, 0xB5, 0x93, 0xE9, + 0x81, 0x5E, 0x23, 0xF6, 0x3F, 0x56, 0x40, 0x61, + 0xA4, 0x84, 0x07, 0x21, 0x3A, 0xA1, 0xB0, 0x90, + 0x8F, 0x4B, 0x17, 0x4F, 0x86, 0xD5, 0x73, 0xFA, + 0x04, 0x38, 0x64, 0x98, 0xBE, 0x68, 0x39, 0x8E, + 0x8D, 0x72, 0x0D, 0x27, 0x81, 0x11, 0xD8, 0xB1, + 0x73, 0x03, 0x60, 0x2A, 0x96, 0xE3, 0x5F, 0x56, + 0xFB, 0x25, 0x17, 0x3C, 0x4F, 0x4A, 0x03, 0xCA, + 0x2A, 0xC9, 0xBF, 0x79, 0xDC, 0xAB, 0x76, 0x4B, + 0xCE, 0x44, 0x10, 0x40, 0x1E, 0x10, 0x13, 0xE6, + 0x52, 0x8C, 0xCC, 0x51, 0x13, 0x35, 0x85, 0x77, + 0xDA, 0x83, 0x75, 0xE0, 0x23, 0x43, 0x10, 0x8C, + 0x29, 0x24, 0xD2, 0x55, 0x1E, 0x5C, 0xC5, 0xA1, + 0xB0, 0x4D, 0xEF, 0x88, 0x32, 0x4D, 0x85, 0x4F, + 0xC9, 0x2C, 0x4A, 0xDF, 0x7C, 0x23, 0x01, 0x33, + 0x7E, 0x45, 0x20, 0xBF, 0xC3, 0x65, 0x56, 0x6F, + 0x66, 0x09, 0x2E, 0x36, 0x7A, 0xE6, 0x06, 0x12, + 0x74, 0x46, 0x53, 0xC1, 0xEB, 0x47, 0xF0, 0x82, + 0x09, 0x51, 0xA2, 0xA1, 0x4C, 0x42, 0x59, 0x09, + 0x34, 0x0D, 0x87, 0x27, 0x18, 0x8E, 0xAA, 0x08, + 0xE4, 0x86, 0x78, 0x98, 0x48, 0x76, 0xD0, 0x00, + 0x8D, 0xAE, 0x99, 0x01, 0x5B, 0x36, 0x63, 0xFD, + 0xCB, 0x72, 0x57, 0x41, 0x53, 0x0B, 0xC3, 0x89, + 0x5B, 0x11, 0x62, 0x0C, 0xE3, 0xB4, 0x17, 0xA3, + 0x20, 0xE1, 0x88, 0x13, 0xB9, 0x9C, 0x23, 0x5A, + 0xC0, 0x6F, 0x55, 0x60, 0x0F, 0x98, 0x38, 0x82, + 0xBF, 0xF0, 0x02, 0x36, 0x10, 0x7B, 0x50, 0x42, + 0x54, 0x5B, 0x6B, 0x77, 0x58, 0x68, 0xAE, 0xFB, + 0x79, 0xB5, 0x95, 0x59, 0x69, 0x02, 0xC6, 0x9B, + 0x9E, 0xCA, 0x3D, 0x35, 0x8C, 0x61, 0xFE, 0xE0, + 0x36, 0xD2, 0x18, 0xAC, 0x43, 0xBA, 0x3F, 0x52, + 0xC0, 0x6A, 0x8F, 0x88, 0x1A, 0x7E, 0xD7, 0x03, + 0x86, 0x14, 0x2C, 0xBA, 0xC5, 0xCC, 0x04, 0xFC, + 0xC3, 0x1E, 0x16, 0x27, 0x76, 0x51, 0xCE, 0x2D, + 0xCC, 0x50, 0x14, 0xF6, 0xBA, 0x5A, 0x91, 0x5C, + 0x13, 0x38, 0x83, 0x4E, 0xF4, 0x74, 0xB6, 0x71, + 0x59, 0x13, 0xBC, 0x7A, 0x4E, 0x59, 0x3C, 0x68, + 0x87, 0x66, 0xAD, 0xD7, 0x06, 0x98, 0xB3, 0x7E, + 0x06, 0xE5, 0x39, 0x15, 0xF3, 0x85, 0x38, 0x8C, + 0x25, 0xC4, 0x26, 0x5E, 0x1C, 0xB4, 0x4F, 0xE3, + 0xD0, 0x19, 0xD1, 0x21, 0xAE, 0x4C, 0x32, 0x43, + 0x4F, 0x37, 0xB0, 0xA4, 0xCB, 0x69, 0xC7, 0xCC, + 0x95, 0x70, 0x73, 0x50, 0xC3, 0x49, 0x3D, 0x0F, + 0xB1, 0x1C, 0xD4, 0xD0, 0x9F, 0x29, 0xDC, 0x56, + 0xC0, 0x7B, 0xC8, 0xEB, 0x0B, 0xD0, 0x08, 0x2B, + 0x41, 0x44, 0x21, 0x45, 0x66, 0x3C, 0x21, 0xAB, + 0x43, 0x34, 0x67, 0xB9, 0x5E, 0xC2, 0x47, 0x84, + 0x23, 0xC1, 0x8B, 0xF2, 0xEC, 0x70, 0x3E, 0xFB, + 0xA2, 0x8C, 0xDA, 0xBD, 0x42, 0xB7, 0xB8, 0x33, + 0x15, 0x0D, 0x6D, 0xA2, 0x5E, 0xB0, 0x0A, 0x83, + 0x28, 0x90, 0x2E, 0x2D, 0x08, 0x9B, 0x55, 0xD6, + 0x9A, 0xAD, 0x9A, 0x94, 0xD8, 0x18, 0x26, 0x4C, + 0x54, 0xB0, 0x4D, 0x61, 0x4D, 0x14, 0x7A, 0x30, + 0xAB, 0xFC, 0x03, 0xD9, 0x92, 0x9D, 0x96, 0xBA, + 0x7F, 0x81, 0x86, 0x5D, 0xA3, 0x53, 0xC4, 0x54, + 0xBA, 0x7A, 0xA7, 0x88, 0x1A, 0xB9, 0x74, 0xC1, + 0xB8, 0xF0, 0x83, 0x1E, 0x79, 0xC4, 0x41, 0x86, + 0x64, 0xE9, 0x53, 0xA5, 0x4D, 0xE9, 0x32, 0x13, + 0x69, 0x72, 0x81, 0x34, 0x1D, 0x37, 0xF5, 0x08, + 0xE8, 0xCB, 0xAE, 0x3D, 0x81, 0x85, 0x05, 0x45, + 0x67, 0xDE, 0xFC, 0x8E, 0x3B, 0xBC, 0xAA, 0x42, + 0x47, 0x90, 0x7C, 0x48, 0x3B, 0x8F, 0x1B, 0x84, + 0xB3, 0x24, 0xC1, 0xA7, 0xCA, 0x84, 0x42, 0xDB, + 0x6B, 0x7B, 0x12, 0x8C, 0x83, 0x13, 0xBE, 0x1F, + 0xE2, 0x57, 0x91, 0x20, 0x9B, 0x86, 0x4A, 0x3E, + 0x1A, 0x61, 0x8D, 0x56, 0xD7, 0x10, 0xD6, 0xF3, + 0xBF, 0x55, 0x95, 0x10, 0x16, 0x7C, 0x46, 0x4C, + 0x6B, 0x9B, 0x8B, 0xC4, 0x90, 0xB8, 0xE0, 0x39, + 0x25, 0xD0, 0x3D, 0x0E, 0xEB, 0x5D, 0x78, 0x17, + 0x94, 0x28, 0xBB, 0x80, 0xD3, 0xFB, 0x14, 0x88, + 0x40, 0x70, 0x9C, 0x41, 0x14, 0x7A, 0x68, 0x6F, + 0xC9, 0xBC, 0xBD, 0xCD, 0xF7, 0xC7, 0xEA, 0x7C, + 0x30, 0xFB, 0x64, 0x0F, 0xF0, 0x5B, 0x75, 0x39, + 0xAB, 0xAB, 0x70, 0x89, 0x29, 0x08, 0xE9, 0x3C, + 0xC9, 0xC3, 0x47, 0xF8, 0xAC, 0x88, 0x9E, 0x56, + 0x46, 0x8A, 0x13, 0x5B, 0x99, 0x75, 0x47, 0x38, + 0xE1, 0x5F, 0x4E, 0x67, 0x7D, 0xF3, 0x75, 0xBF, + 0x1B, 0x43, 0x60, 0x6A, 0x2C, 0x47, 0x38, 0x0B, + 0x10, 0xA0, 0xC1, 0x4C, 0x28, 0x58, 0x3C, 0x83, + 0x31, 0x1A, 0x28, 0x54, 0xB2, 0xA9, 0x93, 0x1F, + 0xD6, 0x60, 0x86, 0xC1, 0x07, 0x49, 0xF3, 0x34, + 0x57, 0x7F, 0xD7, 0x0B, 0x51, 0xB9, 0x50, 0x60, + 0x07, 0x51, 0x99, 0x31, 0x9B, 0x3F, 0x7C, 0xB5, + 0xB2, 0x37, 0x30, 0x2C, 0x37, 0x0A, 0x23, 0x17, + 0x5E, 0x4E, 0x01, 0x3C, 0x56, 0x28, 0x1B, 0xAF, + 0xE2, 0xBE, 0x9F, 0x82, 0x5A, 0x30, 0x66, 0xAB, + 0x8B, 0xBA, 0x57, 0x93, 0xE2, 0x1E, 0x7A, 0x48, + 0x97, 0x8C, 0xF6, 0x0C, 0x09, 0x1B, 0x1F, 0x80, + 0xC0, 0xC2, 0x38, 0x14, 0xA3, 0x0F, 0x77, 0x60, + 0x60, 0x1A, 0xCE, 0xAB, 0xB1, 0x21, 0x52, 0x00, + 0x94, 0x0F, 0xFA, 0x15, 0x22, 0x72, 0x09, 0x6D, + 0x45, 0x8D, 0x00, 0xDD, 0x03, 0x9F, 0x23, 0x6B, + 0x27, 0x27, 0xB5, 0x88, 0xC6, 0x22, 0x04, 0xE7, + 0x9C, 0x45, 0x16, 0x81, 0xDF, 0xE4, 0x10, 0xEE, + 0xC4, 0x2B, 0x74, 0x94, 0x5A, 0xEC, 0x03, 0x13, + 0xA3, 0x91, 0x94, 0x2A, 0xE1, 0xB1, 0x22, 0x17, + 0x4D, 0xBE, 0x59, 0xAB, 0x1E, 0x39, 0x0C, 0xD6, + 0x49, 0x41, 0x43, 0x6C, 0x75, 0xA9, 0x32, 0x3C, + 0x69, 0xA6, 0x41, 0x88, 0x08, 0x70, 0xFB, 0xB2, + 0x80, 0xB3, 0xB3, 0x7B, 0x3B, 0xD9, 0x82, 0xB8, + 0x29, 0x55, 0x62, 0x0B, 0x07, 0x83, 0xB8, 0x2E, + 0x89, 0x61, 0xA4, 0x04, 0x3B, 0xC7, 0xF6, 0x6C, + 0x0E, 0xF2, 0x5A, 0x5E, 0xD1, 0x53, 0x26, 0xF8, + 0x81, 0x6E, 0x5E, 0xA4, 0x16, 0x7E, 0xE8, 0xBF, + 0x66, 0x66, 0x45, 0x1D, 0x31, 0x5B, 0x2C, 0x75, + 0x14, 0x41, 0x17, 0x2C, 0x27, 0x83, 0x00, 0x26, + 0x82, 0x61, 0xC7, 0x8C, 0x6F, 0x0C, 0x46, 0x56, + 0x27, 0x79, 0xB3, 0xA1, 0x19, 0x6F, 0x87, 0x83, + 0x5F, 0x79, 0xFC, 0xB7, 0xE0, 0xCB, 0xA1, 0x53, + 0x36, 0xCC, 0x83, 0xE1, 0x56, 0xC5, 0x02, 0x28, + 0x87, 0xA8, 0x09, 0x86, 0xB4, 0x9C, 0x1B, 0x57, + 0x65, 0x94, 0xA2, 0x31, 0x42, 0x62, 0x4A, 0xBF, + 0x52, 0x48, 0x22, 0x41, 0x8C, 0x61, 0x01, 0x90, + 0x52, 0x62, 0x80, 0x65, 0x72, 0x49, 0x4D, 0x37, + 0x53, 0xC0, 0x62, 0x81, 0xE7, 0xF1, 0x7E, 0x0D, + 0x79, 0x6C, 0xD7, 0x76, 0x7F, 0xDC, 0xE9, 0x01, + 0xFE, 0x17, 0x12, 0xA0, 0x0A, 0x3D, 0x36, 0xEB, + 0x42, 0x3E, 0x29, 0x86, 0x88, 0x46, 0x93, 0x2A, + 0x94, 0x31, 0xB8, 0xCA, 0x66, 0x0F, 0xC1, 0x97, + 0x5E, 0x23, 0xA7, 0x5B, 0x4A, 0x51, 0xDE, 0x10, + 0x69, 0xD3, 0xA5, 0x9F, 0x6E, 0xEB, 0x2A, 0x5C, + 0xE7, 0x2A, 0x89, 0x16, 0xB5, 0xE8, 0x63, 0x47, + 0x6E, 0x6A, 0xC5, 0x72, 0x92, 0x9F, 0x2C, 0x29, + 0xBC, 0x56, 0x27, 0xBA, 0x99, 0x41, 0x63, 0xCE, + 0xD3, 0x5A, 0xB7, 0x03, 0x1C, 0x00, 0x49, 0x07, + 0x24, 0x55, 0x5A, 0xCD, 0xE6, 0x13, 0xAE, 0xB4, + 0xC3, 0xE9, 0x99, 0x81, 0xC6, 0x2B, 0x5D, 0xC6, + 0xA9, 0xB3, 0x5B, 0xA7, 0x92, 0x20, 0x24, 0x36, + 0x89, 0xE0, 0x59, 0x49, 0x96, 0x85, 0x7C, 0x04, + 0x5D, 0x67, 0x19, 0x3D, 0x9E, 0x41, 0x1B, 0x4F, + 0xF3, 0x9D, 0x0F, 0x8C, 0x3C, 0x0A, 0x70, 0xAD, + 0xB7, 0x2A, 0x70, 0x21, 0xE3, 0x6D, 0x64, 0xFB, + 0x29, 0x4D, 0x93, 0x2B, 0x24, 0xE1, 0xA2, 0xBC, + 0x0B, 0xC4, 0x1C, 0x4A, 0xA3, 0xB5, 0xEC, 0x3C, + 0xF0, 0xE6, 0x72, 0xDE, 0x14, 0x0F, 0x48, 0x47, + 0x33, 0xFD, 0x82, 0xBF, 0x08, 0x29, 0x34, 0xB5, + 0x40, 0xA6, 0x35, 0xC4, 0x48, 0x98, 0xE8, 0xAB, + 0x8E, 0x06, 0x45, 0x70, 0x5A, 0xA5, 0x81, 0x71, + 0x8B, 0x41, 0x32, 0xC4, 0x27, 0x92, 0x7F, 0xAE, + 0x75, 0xBF, 0x96, 0x16, 0xA5, 0x42, 0x4C, 0x20, + 0x20, 0xEB, 0xC5, 0xCF, 0xC1, 0xBC, 0x0E, 0xD1, + 0x65, 0x3A, 0xE5, 0x00, 0x5A, 0x17, 0x54, 0x18, + 0x16, 0x20, 0xB7, 0xF0, 0x6D, 0x71, 0x63, 0x13, + 0x03, 0x3B, 0xB7, 0x2A, 0x40, 0x64, 0x7A, 0xDB, + 0x2E, 0x66, 0x73, 0x70, 0xF2, 0xC7, 0x4F, 0xDB, + 0x94, 0x42, 0x0D, 0xA4, 0x8D, 0xD1, 0x37, 0x9D, + 0xBA, 0x59, 0xAA, 0x22, 0xF8, 0x57, 0xE2, 0x31, + 0xC5, 0xC0, 0x83, 0x29, 0x00, 0x66, 0xC5, 0x48, + 0x76, 0x1B, 0xDF, 0x38, 0x5F, 0x2F, 0x85, 0x81, + 0x7B, 0x21, 0x20, 0x66, 0xD3, 0x9F, 0x03, 0xB7, + 0x7F, 0x8E, 0xF4, 0x12, 0x19, 0xE4, 0xBF, 0xB9, + 0xC1, 0x2E, 0x4F, 0xC9, 0x88, 0x00, 0x57, 0x1D, + 0x22, 0x3A, 0xA9, 0x2A, 0x32, 0xC7, 0xA3, 0xC2, + 0xA7, 0xCF, 0x9C, 0x99, 0x5A, 0xE0, 0xA7, 0xB5, + 0x93, 0x91, 0xFE, 0x9A, 0x4F, 0x0D, 0x63, 0x3B, + 0xFB, 0x79, 0x8C, 0x34, 0xB7, 0x2B, 0xBA, 0x6A, + 0x9F, 0x16, 0xC4, 0x13, 0x2E, 0x88, 0xB5, 0x70, + 0x75, 0x8B, 0xD5, 0x51, 0xC9, 0x1B, 0xD2, 0xAD, + 0xEB, 0x53, 0xA7, 0x2A, 0xC6, 0xAA, 0x03, 0x68, + 0x9D, 0xD6, 0x4B, 0x03, 0x57, 0x09, 0xA8, 0xAF, + 0x46, 0x85, 0x43, 0xCB, 0x17, 0x36, 0xDB, 0xC9, + 0xC7, 0x2B, 0x52, 0x9E, 0x70, 0x59, 0x6D, 0x18, + 0xB1, 0x9C, 0xA6, 0x8E, 0x61, 0x7A, 0x14, 0x7C, + 0x18, 0x9D, 0x28, 0x3A, 0x77, 0x68, 0x8C, 0xAF, + 0x94, 0xDA, 0x5A, 0x0E, 0x9B, 0x63, 0x18, 0x1A, + 0x40, 0xBB, 0xE7, 0xBD, 0x41, 0x68, 0xA2, 0x4D, + 0x27, 0x43, 0x19, 0xA9, 0x93, 0xBC, 0xEA, 0x8A, + 0xBF, 0x50, 0x5F, 0xE8, 0x62, 0x12, 0x96, 0x92, + 0xB5, 0xBD, 0xE8, 0x49, 0xF3, 0x6A, 0xC9, 0x2F, + 0x71, 0x71, 0xE5, 0x38, 0x59, 0x31, 0x36, 0x04, + 0xEA, 0xC1, 0x0B, 0xE2, 0x78, 0x6F, 0xF3, 0x85, + 0xB9, 0xC7, 0x18, 0x15, 0x48, 0x18, 0x77, 0x2F, + 0xA7, 0xB8, 0x99, 0xC0, 0x4E, 0xFD, 0x18, 0xA8, + 0x01, 0x9A, 0x79, 0xB6, 0xF6, 0x4D, 0x5B, 0x9A, + 0x2C, 0x55, 0xE7, 0x84, 0xCB, 0x47, 0xCA, 0x29, + 0x48, 0x56, 0x68, 0x9A, 0xA6, 0xA7, 0x0C, 0xC2, + 0x7B, 0x6C, 0x20, 0xD4, 0xD1, 0xC7, 0x29, 0xC4, + 0x09, 0xD0, 0xB9, 0x25, 0xC4, 0x0C, 0x30, 0xC0, + 0x77, 0x78, 0x15, 0x07, 0x77, 0x49, 0x48, 0x8B, + 0x8D, 0xF0, 0x39, 0x06, 0x95, 0xAB, 0xDB, 0x04, + 0x8C, 0x7C, 0xE1, 0x85, 0x36, 0x02, 0xA5, 0x4D, + 0x15, 0x3C, 0xF2, 0xA5, 0x16, 0x17, 0x84, 0x7B, + 0x11, 0xE6, 0x3C, 0x4C, 0x76, 0x19, 0x66, 0xD5, + 0xAD, 0x93, 0x35, 0x0D, 0xBA, 0xDA, 0x4A, 0x15, + 0xC1, 0x24, 0xBD, 0x80, 0x88, 0x71, 0x99, 0x3F, + 0xC7, 0x75, 0xB6, 0xE4, 0x10, 0xC3, 0x86, 0x59, + 0x0F, 0x73, 0x0A, 0x8E, 0xC9, 0x47, 0x5E, 0xEE, + 0x91, 0x50, 0x39, 0xE9, 0x1B, 0x6F, 0xE4, 0x25, + 0xB9, 0x06, 0x68, 0xC6, 0xAC, 0x52, 0x58, 0xB7, + 0xAF, 0x10, 0x3B, 0x9F, 0x5E, 0x23, 0x0B, 0x71, + 0x9B, 0xBB, 0x09, 0x87, 0x1D, 0xC1, 0x62, 0x15, + 0x17, 0xBA, 0x2A, 0x83, 0x9C, 0x96, 0xAA, 0xA6, + 0x44, 0x0A, 0x87, 0x5E, 0xAC, 0x90, 0xB2, 0x98, + 0xD6, 0x1B, 0xD3, 0xF3, 0xAC, 0x89, 0xB4, 0x05, + 0xDB, 0x39, 0x42, 0x32, 0x68, 0x6A, 0x2B, 0xE0, + 0xF3, 0xC7, 0x5F, 0x15, 0xE6, 0x4E, 0x61, 0xF0, + 0x70, 0x79, 0x1E, 0xB4, 0xBB, 0x97, 0xB7, 0x01, + 0x98, 0x25, 0xF1, 0x17, 0xC7, 0xD7, 0x3A, 0x12, + 0xFD, 0x3D, 0xCC, 0x22, 0xD5, 0x81, 0xB0, 0xE4, + 0x1B, 0x78, 0x63, 0x74, 0xA4, 0x61, 0xEA, 0x0D, + 0x88, 0xDA, 0xA8, 0x9B, 0x65, 0x9F, 0x0D, 0xC8, + 0x24, 0x43, 0x42, 0x35, 0x15, 0xB6, 0x33, 0xB0, + 0x05, 0xC9, 0x58, 0xEC, 0x26, 0x56, 0x1B, 0x6D, + 0xB8, 0x18, 0xF4, 0xB8, 0xCB, 0x2E, 0x28, 0x99, + 0x0E, 0x74, 0x84, 0x17, 0x58, 0x7F, 0xEC, 0x38, + 0xA1, 0x28, 0x4B, 0xBB, 0x4F, 0xF9, 0xE4, 0x78 + }; + static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { + 0x61, 0xFF, 0x1A, 0x8B, 0x61, 0x17, 0xEF, 0x11, + 0x83, 0x28, 0xE8, 0x8B, 0x32, 0x27, 0x99, 0x30, + 0x14, 0xDC, 0xD0, 0x75, 0xB8, 0xA1, 0xA7, 0xF9, + 0x80, 0x18, 0x93, 0xEE, 0xE6, 0x40, 0x5B, 0xB9, + 0x60, 0xB6, 0xB7, 0xF6, 0xA1, 0xA2, 0x75, 0x18, + 0xA3, 0x40, 0x91, 0x39, 0xA4, 0x8B, 0x85, 0x96, + 0x81, 0xCC, 0x75, 0x8F, 0x2B, 0xCC, 0x3E, 0xEF, + 0xB0, 0x43, 0x94, 0xA3, 0x75, 0xA5, 0xCD, 0x71, + 0x31, 0x64, 0x90, 0x93, 0x8A, 0xBF, 0xD1, 0x94, + 0xB2, 0x0B, 0xCD, 0x31, 0xB3, 0x98, 0x02, 0x61, + 0xC9, 0xED, 0x69, 0xBF, 0x9B, 0x1D, 0x7D, 0x76, + 0x59, 0xA8, 0x04, 0x0D, 0xB1, 0xE2, 0x5D, 0x2B, + 0xA6, 0xF7, 0x03, 0x48, 0x66, 0x24, 0xB7, 0x3C, + 0xAC, 0xDC, 0xA2, 0x7D, 0xB0, 0xF7, 0xE2, 0x40, + 0x8C, 0x94, 0x48, 0xE3, 0x88, 0x73, 0x28, 0x0F, + 0x5E, 0x99, 0x50, 0xD7, 0xCC, 0xE2, 0x52, 0xA6, + 0x47, 0x58, 0x0C, 0x19, 0x90, 0x4F, 0xAD, 0x62, + 0xAE, 0xC3, 0x00, 0xBC, 0x8E, 0x38, 0xF0, 0x59, + 0x48, 0xB6, 0x3B, 0xAD, 0x5C, 0xE7, 0xC9, 0x0E, + 0x40, 0xC4, 0xBC, 0x65, 0x11, 0x77, 0x61, 0xF5, + 0xF8, 0x86, 0x8F, 0x80, 0x25, 0xD6, 0xCE, 0xB2, + 0xC5, 0xDF, 0x60, 0xDE, 0x38, 0xC3, 0x23, 0x29, + 0x22, 0x08, 0x7E, 0xFC, 0xF2, 0xCD, 0x95, 0xDE, + 0x5E, 0x87, 0xB6, 0x88, 0x8B, 0x88, 0xC8, 0x6C, + 0xC7, 0x83, 0x15, 0x58, 0x5B, 0x2C, 0xC6, 0x88, + 0xA7, 0x1B, 0x47, 0x7B, 0xFA, 0x38, 0x8D, 0xC2, + 0x33, 0x4D, 0xFA, 0x8A, 0xA9, 0x55, 0x03, 0xD5, + 0x39, 0x7E, 0x2A, 0xE0, 0x35, 0x29, 0x03, 0xEA, + 0x6A, 0x0A, 0xE8, 0xB6, 0x49, 0xA9, 0x14, 0xB3, + 0x52, 0x5F, 0xE5, 0x8F, 0x56, 0x4B, 0xF1, 0x9C, + 0xC0, 0x9F, 0x54, 0xE1, 0x05, 0xD1, 0x9B, 0xD8, + 0x10, 0x54, 0xE5, 0x70, 0x01, 0xF7, 0x0B, 0xBD, + 0xD7, 0x71, 0x94, 0x49, 0x68, 0x7E, 0x9A, 0x53, + 0xB1, 0x6C, 0xA5, 0x36, 0x6A, 0x19, 0x10, 0x5A, + 0x8B, 0xA0, 0x85, 0x89, 0xAD, 0x08, 0xDF, 0x13, + 0x00, 0xEF, 0x4F, 0x92, 0x3B, 0xA9, 0xE7, 0x62, + 0xA8, 0x2F, 0xB0, 0x9B, 0x76, 0xE1, 0x25, 0xF2, + 0xF2, 0x74, 0xD6, 0x17, 0xBF, 0x30, 0xEA, 0xB4, + 0x65, 0xEC, 0xF2, 0x4D, 0x37, 0x07, 0xAD, 0x30, + 0x0D, 0x9A, 0xFC, 0x1C, 0xF1, 0xDC, 0x40, 0xEE, + 0x7D, 0x4E, 0xEA, 0x6D, 0x15, 0x0E, 0x6F, 0x0A, + 0x31, 0xDB, 0x9F, 0x8F, 0x92, 0xBA, 0x8E, 0xEE, + 0xB3, 0x5D, 0x74, 0x45, 0x58, 0x9B, 0x04, 0x6B, + 0xA7, 0x9E, 0xFE, 0x23, 0x11, 0x06, 0xCF, 0x0A, + 0x75, 0x71, 0x2A, 0xB3, 0x92, 0x72, 0x4C, 0x53, + 0xEF, 0xF9, 0xF5, 0x73, 0x3B, 0xEE, 0x0D, 0x6A, + 0x44, 0xD0, 0xB6, 0xF5, 0x15, 0xD0, 0xF5, 0xE4, + 0x0B, 0x1B, 0x1E, 0x17, 0xE6, 0x7A, 0xED, 0x3C, + 0x81, 0xD0, 0x0A, 0xC4, 0x68, 0xA2, 0x8F, 0x84, + 0x53, 0xD4, 0xB0, 0xDA, 0x80, 0x9E, 0x57, 0xD8, + 0x23, 0xF2, 0x8D, 0x61, 0xED, 0x0B, 0x59, 0xA0, + 0x8C, 0x62, 0x29, 0x72, 0xD9, 0x91, 0x79, 0xDA, + 0x86, 0x36, 0xC4, 0x5F, 0x1C, 0xE8, 0xF6, 0x25, + 0x2A, 0xC8, 0x6D, 0x91, 0xB5, 0xE9, 0x29, 0x97, + 0x01, 0x4E, 0x3F, 0x50, 0x89, 0xE6, 0x8B, 0xC5, + 0x2C, 0xED, 0x5D, 0xAE, 0x6D, 0x5B, 0x17, 0x5F, + 0xE2, 0xD6, 0x19, 0x28, 0x46, 0x50, 0x59, 0x72, + 0x4C, 0x83, 0x59, 0x02, 0xD7, 0x61, 0x2C, 0xDB, + 0x69, 0xCD, 0xAC, 0x66, 0x4F, 0xC1, 0xC9, 0xCB, + 0x11, 0x20, 0x3A, 0x8C, 0x7B, 0x71, 0x48, 0x6E, + 0x97, 0xB7, 0xD1, 0xBC, 0x6A, 0x98, 0xF4, 0x93, + 0xDC, 0xBE, 0xC8, 0xE6, 0x29, 0x55, 0x8E, 0xD3, + 0x61, 0x09, 0x12, 0x93, 0xD1, 0xB5, 0xD2, 0x09, + 0x6C, 0xEB, 0x9F, 0xC7, 0xAF, 0xEE, 0x71, 0xDB, + 0x7C, 0xCF, 0xE4, 0x82, 0xB6, 0x8A, 0x19, 0x64, + 0x29, 0xFF, 0x04, 0xD1, 0x59, 0x03, 0xE7, 0xA7, + 0x5C, 0x7B, 0xB5, 0xF6, 0x22, 0xC3, 0x69, 0x71, + 0x69, 0x45, 0x59, 0xFF, 0x07, 0xDF, 0xAA, 0x79, + 0xE4, 0x1C, 0x36, 0x2B, 0x22, 0x64, 0x3C, 0xD3, + 0x9B, 0xD9, 0xE1, 0xD3, 0xD6, 0xC2, 0xA3, 0x06, + 0xB5, 0xF1, 0x10, 0x2C, 0x26, 0x6E, 0xEE, 0x67, + 0xDC, 0xDA, 0xCF, 0x36, 0x69, 0x7A, 0x83, 0x6F, + 0x20, 0x38, 0x38, 0xEC, 0x11, 0x03, 0x08, 0xC9, + 0x0A, 0x3D, 0x01, 0x57, 0x0C, 0xB3, 0x66, 0x8A, + 0xBA, 0x50, 0x34, 0x0E, 0x40, 0xF5, 0x4C, 0xFA, + 0x6A, 0x9E, 0x88, 0x62, 0x53, 0x2F, 0x5F, 0x19, + 0x84, 0x8A, 0xA1, 0x1F, 0xD3, 0x4F, 0xC8, 0x6B, + 0x7F, 0xCB, 0x16, 0x37, 0xF4, 0xE5, 0xA1, 0xD0, + 0x3A, 0xFC, 0xE4, 0x41, 0x24, 0xE4, 0xE4, 0x60, + 0xB8, 0x4C, 0x63, 0x49, 0x6A, 0xDE, 0xD5, 0x58, + 0x01, 0xDF, 0x25, 0x17, 0xA9, 0x0A, 0xB0, 0x61, + 0xC8, 0xE6, 0x3A, 0xB6, 0xB1, 0x4B, 0xE1, 0x69, + 0x4D, 0x6F, 0x38, 0x9D, 0xD8, 0x5F, 0x56, 0x39, + 0xC5, 0x78, 0x3A, 0xFC, 0xA0, 0x14, 0x6E, 0x6A, + 0x1E, 0xB0, 0xC4, 0x05, 0x63, 0xC1, 0x37, 0x01, + 0x0D, 0xB6, 0x0B, 0xBC, 0x3D, 0x63, 0x74, 0xD6, + 0xF3, 0xA8, 0x92, 0xDE, 0xBC, 0x06, 0x47, 0x01, + 0xC6, 0x4B, 0xEC, 0xCB, 0x8E, 0x2C, 0x33, 0xB7, + 0x40, 0xCC, 0x7E, 0xD4, 0x9D, 0x10, 0x8A, 0x8C, + 0x46, 0x56, 0x81, 0x8D, 0xF5, 0xF7, 0xD9, 0x1E, + 0xAA, 0xA4, 0x46, 0xAC, 0x6C, 0xCD, 0xE3, 0x0C, + 0x6D, 0x3D, 0x1B, 0xF6, 0x6E, 0x4E, 0x3B, 0x7B, + 0x6B, 0x81, 0xE3, 0xCB, 0x17, 0x22, 0x7F, 0x80, + 0xDB, 0x00, 0x96, 0xE6, 0xBE, 0x7D, 0x85, 0x9C, + 0x09, 0x71, 0x37, 0x49, 0xFC, 0xA2, 0x15, 0x30, + 0xFE, 0x1A, 0x71, 0x6E, 0xBE, 0x32, 0x55, 0x04, + 0x31, 0x9B, 0xD0, 0xEA, 0x2A, 0x7D, 0x77, 0x13, + 0x60, 0x7C, 0xB6, 0x79, 0xB0, 0xA0, 0xB2, 0x26, + 0x8D, 0x49, 0x3B, 0x67, 0xC0, 0x48, 0x18, 0x72, + 0x17, 0x7F, 0xFD, 0x25, 0x93, 0xF3, 0xAC, 0xF6, + 0x91, 0xCE, 0xE9, 0x9A, 0x36, 0xEC, 0xA7, 0x22, + 0x57, 0x9E, 0xFA, 0xA5, 0x9A, 0xCC, 0x59, 0xEF, + 0x8C, 0xEA, 0x91, 0x08, 0xE6, 0x20, 0xB0, 0x60, + 0x56, 0xC1, 0x9D, 0x3C, 0x1E, 0xB9, 0x1E, 0x86, + 0x34, 0xDE, 0x49, 0x57, 0x70, 0x6D, 0xFA, 0x8F, + 0x9D, 0x0A, 0x9E, 0x0C, 0xD4, 0x09, 0x4F, 0x6B, + 0x95, 0xA8, 0x3F, 0x11, 0x8A, 0x51, 0x3E, 0xBF, + 0xE5, 0xE9, 0x9A, 0xEB, 0x88, 0xA2, 0x68, 0xE0, + 0x09, 0x7F, 0xCC, 0x3C, 0x7A, 0xE2, 0x50, 0xB6, + 0x81, 0x93, 0x3B, 0xBC, 0x2A, 0x8F, 0x53, 0x81, + 0xF9, 0x4D, 0x15, 0x64, 0x34, 0xA8, 0x7E, 0x9E, + 0xE3, 0x7E, 0x78, 0xC2, 0x7A, 0x0C, 0xDA, 0xEE, + 0xA9, 0x81, 0x4B, 0xCB, 0x43, 0xDF, 0x53, 0x8D, + 0xBE, 0x62, 0x8C, 0x80, 0x2C, 0x1A, 0x94, 0xE0, + 0xCD, 0xDC, 0xD0, 0xCD, 0x5A, 0x0F, 0x82, 0x20, + 0xDA, 0x97, 0xC2, 0x38, 0x39, 0x36, 0xA3, 0x39, + 0x19, 0xFC, 0xDC, 0x11, 0xD7, 0x0E, 0xD4, 0x43, + 0x7D, 0xD2, 0xD7, 0xC7, 0x3C, 0xD0, 0xC3, 0xBB, + 0x90, 0xCA, 0x70, 0x70, 0x22, 0x8F, 0xE8, 0xD6, + 0x4A, 0x1C, 0x9D, 0x56, 0xE6, 0xB3, 0x48, 0x30, + 0xEF, 0x30, 0x0B, 0x5A, 0xA6, 0xEC, 0x6C, 0x78, + 0xA5, 0x42, 0x5A, 0xE6, 0xF7, 0xAD, 0x0E, 0xFD, + 0xD5, 0x27, 0xCF, 0x0A, 0xF8, 0xE0, 0x9B, 0x56, + 0xE4, 0x95, 0xBE, 0x66, 0xF6, 0x65, 0xC6, 0x4B, + 0x0A, 0x42, 0xC5, 0xC4, 0xB2, 0x46, 0x80, 0x48, + 0x0A, 0xD2, 0xE5, 0xC1, 0x1D, 0x99, 0x1F, 0x7E, + 0x3D, 0xA7, 0x59, 0xAE, 0xC8, 0x02, 0xF1, 0x76, + 0xDD, 0xF1, 0x1E, 0xF7, 0x14, 0x69, 0xDC, 0x13, + 0xB3, 0xA3, 0xE0, 0x36, 0x99, 0x51, 0x98, 0x58, + 0xAC, 0x6F, 0xC6, 0x5C, 0x27, 0xFA, 0x4C, 0xEF, + 0xDA, 0x09, 0xC8, 0x2E, 0x8F, 0x95, 0x8E, 0x01, + 0x8D, 0xD5, 0x25, 0x5C, 0xA2, 0xF6, 0x28, 0xE0, + 0xDA, 0x73, 0x91, 0xAB, 0xED, 0x6D, 0x37, 0x70, + 0x55, 0x28, 0xAB, 0x22, 0xEC, 0x71, 0xDC, 0x88, + 0x36, 0xD7, 0xFD, 0x46, 0x45, 0x94, 0x47, 0x03, + 0xA5, 0x1C, 0xC7, 0x4D, 0x29, 0x70, 0x92, 0xFC, + 0xE1, 0x39, 0xE8, 0x97, 0x6F, 0x8B, 0xE9, 0xC5, + 0xF8, 0x63, 0x90, 0xB7, 0x4D, 0x40, 0x1A, 0x8C, + 0x81, 0x53, 0x11, 0x22, 0x01, 0x13, 0x3D, 0x0C, + 0x51, 0x7C, 0x6C, 0xE7, 0xA3, 0x8C, 0x08, 0x60, + 0x69, 0xCE, 0x39, 0x71, 0xF1, 0xAD, 0x28, 0xF3, + 0xE5, 0xD0, 0x1B, 0x56, 0xA4, 0x80, 0xB4, 0x17, + 0xA0, 0x16, 0xAE, 0xA4, 0x63, 0x94, 0xCD, 0xF7, + 0x64, 0x81, 0x29, 0x18, 0xD8, 0xAB, 0x05, 0x01, + 0xD5, 0xD1, 0x8C, 0xE1, 0x3F, 0xBD, 0x3D, 0xE9, + 0x1F, 0x50, 0x42, 0x15, 0xCC, 0xD0, 0xE2, 0xD1, + 0x7B, 0x7E, 0x96, 0x3C, 0x86, 0x7F, 0x6F, 0x13, + 0x21, 0x14, 0xE3, 0x64, 0x59, 0xFC, 0x5A, 0xF7, + 0xCE, 0xE9, 0x9B, 0x78, 0x96, 0x73, 0xE5, 0x24, + 0x13, 0x1F, 0x7D, 0xC7, 0x13, 0x60, 0x95, 0x1A, + 0x99, 0x7A, 0x9C, 0xE5, 0x0D, 0xD5, 0xFA, 0xFC, + 0x45, 0x21, 0x14, 0x44, 0x41, 0xC0, 0x6B, 0xB4, + 0x1C, 0x79, 0xE8, 0xED, 0x53, 0x28, 0x5D, 0x13, + 0x7D, 0x54, 0xF3, 0x25, 0xA6, 0xC2, 0xF2, 0xEF, + 0x74, 0xE3, 0x4C, 0x0F, 0x87, 0x7A, 0x61, 0x4C, + 0xE4, 0x5D, 0xC0, 0xAE, 0xDD, 0xF9, 0x5A, 0x0E, + 0x2E, 0x4E, 0xDA, 0xE2, 0x9A, 0xF4, 0x11, 0xC9, + 0xCC, 0x2A, 0xF9, 0x5C, 0x9E, 0xA9, 0xA9, 0x4A, + 0x79, 0x61, 0xC8, 0x24, 0x6E, 0x65, 0x4F, 0xA2, + 0x8F, 0x3D, 0x56, 0x8D, 0x5F, 0xEE, 0x93, 0x35, + 0x2C, 0x2E, 0x0D, 0x60, 0xCC, 0xAF, 0x5B, 0x00, + 0x09, 0x0A, 0xB6, 0xE7, 0xA5, 0x3A, 0xA0, 0x6A, + 0x8C, 0xD3, 0x73, 0x7E, 0xBF, 0x1B, 0x65, 0xD6, + 0x25, 0xBC, 0xF2, 0x20, 0xF7, 0x4D, 0xE2, 0x2D, + 0x98, 0x71, 0xEF, 0xC3, 0x76, 0xBF, 0x08, 0x2D, + 0x4B, 0x87, 0x2A, 0x30, 0x3C, 0x32, 0x42, 0x7A, + 0x0C, 0x98, 0xBE, 0xCF, 0x58, 0x95, 0x9C, 0x9F, + 0x9E, 0x2E, 0x88, 0x7D, 0xBC, 0x42, 0xAA, 0xB1, + 0x65, 0x6A, 0xD1, 0x56, 0x37, 0xA6, 0xA8, 0xF4, + 0xBF, 0x96, 0x34, 0x09, 0x54, 0x91, 0xF8, 0xC9, + 0x92, 0x42, 0x91, 0x38, 0x91, 0x43, 0x7E, 0x6C, + 0x5B, 0x50, 0xA2, 0x13, 0xDD, 0xE8, 0x0D, 0x21, + 0x96, 0xBE, 0x12, 0xC3, 0x93, 0x7F, 0xE3, 0x23, + 0x9B, 0xF6, 0x75, 0x9A, 0xBB, 0x8C, 0x1C, 0x94, + 0x66, 0xF4, 0x2F, 0xBD, 0x53, 0x89, 0x4A, 0xE5, + 0x2F, 0xB5, 0x33, 0x32, 0x14, 0x29, 0xFC, 0xE4, + 0xFE, 0xC1, 0xDB, 0x35, 0x2C, 0x49, 0x58, 0x3A, + 0x7D, 0x81, 0x7E, 0xAF, 0x62, 0x00, 0x08, 0x88, + 0xEC, 0xB0, 0xEB, 0xFF, 0xEF, 0x69, 0xFF, 0x8E, + 0x59, 0x0C, 0xFA, 0x25, 0xBE, 0xAB, 0x21, 0x60, + 0x5B, 0x63, 0x5A, 0xBC, 0x2C, 0xA2, 0x36, 0x80, + 0x78, 0x97, 0x25, 0xCF, 0x70, 0x0F, 0x55, 0x3C, + 0x88, 0x35, 0x2F, 0x31, 0x61, 0x61, 0x54, 0x87, + 0x3D, 0x18, 0xB6, 0xC6, 0xEB, 0x51, 0x9F, 0xC6, + 0x39, 0xB0, 0x70, 0xFD, 0x67, 0xF8, 0x6A, 0xAB, + 0x62, 0x34, 0x9D, 0xBF, 0xFA, 0x89, 0xF9, 0x30, + 0x51, 0xA7, 0xC7, 0xB7, 0xBD, 0x16, 0x1F, 0xCD, + 0x73, 0x67, 0x2C, 0xEE, 0xF5, 0x9A, 0x9B, 0xB7, + 0xF5, 0x71, 0xEA, 0xBE, 0x25, 0x70, 0xC5, 0xBF, + 0x31, 0xEC, 0xAA, 0x1F, 0x9C, 0xA7, 0xA9, 0xC6, + 0xD3, 0x1E, 0xA5, 0xFB, 0x7C, 0x97, 0x9C, 0xDD, + 0x26, 0x13, 0x89, 0x7E, 0x7D, 0x15, 0x03, 0xFB, + 0x0C, 0x19, 0xAD, 0xDC, 0xFB, 0x3A, 0x63, 0xE2, + 0x18, 0x5F, 0xC4, 0x10, 0x18, 0x38, 0xDA, 0x66, + 0xCC, 0xE2, 0xD3, 0xD9, 0xFF, 0xB4, 0x77, 0x46, + 0xC2, 0x00, 0x3E, 0xDD, 0x86, 0xC2, 0xF8, 0xC3 + }; + static const byte kprime_1024[KYBER_SS_SZ] = { + 0xC6, 0x1F, 0x73, 0xD2, 0xBF, 0xB1, 0x85, 0x94, + 0xE1, 0xBA, 0x5D, 0x3B, 0x58, 0xB4, 0xC9, 0x34, + 0x20, 0x6D, 0x3A, 0x6F, 0x8E, 0xC9, 0x13, 0x95, + 0xAB, 0x77, 0x79, 0xC6, 0x1F, 0xA1, 0xDD, 0x6F + }; #endif + static byte ss[KYBER_SS_SZ]; - wc_FreeRng(&rng); - DoExpectIntEQ(wc_FreeRng(&rng), 0); -#endif /* WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ - return EXPECT_RESULT(); -} /* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/ + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(KyberKey)); + } + +#ifndef WOLFSSL_NO_KYBER512 + ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_512, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER768 + ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_768, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif +#ifndef WOLFSSL_NO_KYBER1024 + ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_1024, KYBER_SS_SZ), 0); + wc_KyberKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) +static const byte ml_dsa_44_pub_key[] = { + 0xf1, 0xdf, 0x1e, 0xfc, 0x6b, 0x41, 0xe7, + 0x5e, 0xcb, 0xb5, 0xb5, 0xd2, 0x3c, 0xc8, + 0xd3, 0x99, 0x73, 0x36, 0x9a, 0x0b, 0x32, + 0x71, 0x7a, 0x9f, 0x6d, 0x66, 0x07, 0xb8, + 0x31, 0x5f, 0x25, 0xb6, 0x2e, 0xee, 0x4f, + 0x63, 0x13, 0x02, 0x45, 0x3c, 0xd1, 0x3d, + 0x79, 0x6b, 0x3c, 0xfe, 0xd9, 0x2f, 0x39, + 0xe8, 0x62, 0x60, 0xf0, 0x04, 0x83, 0x28, + 0xaa, 0xdc, 0x15, 0x90, 0xef, 0x55, 0x48, + 0xf9, 0xd2, 0xcd, 0x53, 0x87, 0x0e, 0x42, + 0xba, 0x16, 0x87, 0x7b, 0x32, 0xa8, 0xbf, + 0xed, 0x32, 0xa1, 0x19, 0x66, 0x44, 0xfe, + 0x57, 0xec, 0x26, 0xed, 0x9e, 0x73, 0xa0, + 0x87, 0xe8, 0x8a, 0x93, 0x3c, 0xec, 0x1d, + 0xa0, 0xcc, 0x2e, 0x0d, 0x37, 0x5b, 0xb1, + 0x74, 0x77, 0x18, 0x4b, 0xde, 0x4b, 0xc9, + 0xac, 0xf8, 0xda, 0x23, 0x7a, 0x2a, 0x39, + 0xfa, 0x96, 0x01, 0xff, 0xf0, 0xc7, 0xa7, + 0x34, 0xca, 0x9d, 0xe9, 0xda, 0x4d, 0x85, + 0x00, 0xc9, 0xe9, 0xcf, 0xb0, 0x3e, 0x21, + 0xe6, 0xae, 0x52, 0x67, 0x4f, 0xe3, 0x93, + 0x2f, 0x50, 0x47, 0xdd, 0x89, 0xa2, 0x48, + 0xf8, 0xfe, 0x93, 0xfe, 0xce, 0x68, 0x9c, + 0xe9, 0x4d, 0xdd, 0xbd, 0x9f, 0xeb, 0x14, + 0x8d, 0x38, 0x7a, 0xc6, 0xf2, 0x50, 0x00, + 0x91, 0x65, 0xd0, 0xd1, 0xeb, 0x51, 0xab, + 0x3a, 0x0e, 0x45, 0x5c, 0xbd, 0x65, 0xf5, + 0x78, 0xc6, 0xa0, 0xaa, 0xae, 0x50, 0xf2, + 0x19, 0x1f, 0x90, 0x1a, 0x9f, 0x34, 0xa0, + 0xa1, 0x95, 0x94, 0x86, 0x30, 0xc2, 0xb2, + 0x95, 0x82, 0x13, 0xf6, 0x73, 0xe2, 0x03, + 0xe3, 0x7c, 0x09, 0x8e, 0x5d, 0x07, 0xd6, + 0x33, 0x93, 0x8a, 0x1b, 0x67, 0xc9, 0xb1, + 0x76, 0x74, 0x1c, 0x22, 0x58, 0x05, 0x5a, + 0xa8, 0x83, 0x68, 0xce, 0x64, 0xfc, 0x52, + 0x7f, 0x35, 0x80, 0x6e, 0xdf, 0xf5, 0x2d, + 0xd2, 0xd1, 0x17, 0xdc, 0xce, 0x95, 0xe8, + 0xe6, 0x42, 0xb1, 0xb1, 0x61, 0xc1, 0x24, + 0x79, 0x1c, 0x51, 0xfc, 0x3c, 0xba, 0x40, + 0xf7, 0x70, 0x35, 0x22, 0x73, 0x31, 0x53, + 0x21, 0xea, 0x09, 0xf7, 0xaa, 0x07, 0xb8, + 0xfa, 0x0b, 0xa0, 0xa9, 0xb4, 0x8c, 0x83, + 0xbb, 0x25, 0xfe, 0x39, 0x29, 0xef, 0x34, + 0xd5, 0xe2, 0xc7, 0x9e, 0x87, 0xbd, 0x50, + 0x86, 0x71, 0x12, 0x3e, 0x8a, 0x78, 0xe2, + 0xb3, 0xe1, 0xfa, 0x5b, 0x73, 0x3b, 0x34, + 0x9f, 0x4e, 0x7d, 0xd5, 0x1b, 0xb9, 0x8e, + 0x43, 0x76, 0xef, 0x3e, 0x37, 0x70, 0x33, + 0x36, 0xd1, 0xa1, 0xba, 0x1b, 0xb1, 0x79, + 0xfb, 0x2c, 0xb1, 0x9b, 0xc3, 0x1b, 0x26, + 0x83, 0x89, 0x4d, 0x53, 0x40, 0xa5, 0xf9, + 0x8b, 0xe2, 0xec, 0x30, 0x1f, 0xf6, 0x16, + 0xd6, 0x55, 0xce, 0x0e, 0x1b, 0xed, 0xe0, + 0xeb, 0xc9, 0x7a, 0x2e, 0x1a, 0x85, 0x81, + 0xa4, 0xe2, 0xa8, 0xbe, 0x9f, 0xac, 0x0b, + 0x23, 0xb4, 0xbb, 0xc2, 0x0f, 0x66, 0x43, + 0x45, 0x93, 0x20, 0x37, 0x4d, 0x47, 0x23, + 0x7f, 0x4a, 0x5e, 0x8b, 0x19, 0xec, 0xd9, + 0x57, 0x69, 0xc4, 0x91, 0xb0, 0xcd, 0x25, + 0x2a, 0x7d, 0x52, 0xdb, 0x59, 0x18, 0x8b, + 0x96, 0xad, 0x75, 0x21, 0x81, 0x1a, 0x2c, + 0xb3, 0x26, 0x30, 0x78, 0x19, 0x2b, 0x22, + 0x74, 0x6e, 0x92, 0x57, 0xec, 0x3c, 0x75, + 0x8b, 0xd8, 0x4b, 0x7c, 0xd1, 0x72, 0x1b, + 0x1f, 0xed, 0xae, 0x15, 0x82, 0xd3, 0xf6, + 0xaf, 0x01, 0x31, 0xec, 0x1b, 0xca, 0xa5, + 0xf8, 0x78, 0x7f, 0x8a, 0x8a, 0x03, 0xbd, + 0x03, 0x0a, 0xc5, 0x4e, 0x15, 0xab, 0xa4, + 0x76, 0x56, 0x5b, 0xf8, 0x50, 0xa9, 0xee, + 0x61, 0xbd, 0x05, 0xe0, 0xdf, 0xc6, 0xbe, + 0x4a, 0xaf, 0xdb, 0x96, 0x0a, 0x7e, 0xcb, + 0x2e, 0xb0, 0x68, 0x4e, 0x2d, 0x88, 0x32, + 0x1e, 0xe1, 0xbc, 0x08, 0x15, 0x15, 0x71, + 0xe6, 0x77, 0x2b, 0xeb, 0x47, 0x81, 0xb7, + 0xe8, 0x82, 0x9f, 0x5f, 0x94, 0xd2, 0xac, + 0xa5, 0x89, 0x52, 0xe1, 0x3c, 0x59, 0xe0, + 0x06, 0xe6, 0x66, 0xe1, 0xf9, 0x9d, 0x32, + 0x42, 0x9d, 0x77, 0xfe, 0x6a, 0x12, 0x4a, + 0xa3, 0xd2, 0x49, 0xbb, 0x39, 0xad, 0x42, + 0xb7, 0x37, 0xfb, 0xde, 0x9d, 0xaf, 0x1b, + 0xd5, 0x5a, 0x3b, 0x06, 0xa6, 0x51, 0x7d, + 0x6a, 0x5c, 0x32, 0xdb, 0xde, 0x5d, 0x0d, + 0x20, 0x88, 0xee, 0x8b, 0xa8, 0x49, 0x5b, + 0x6c, 0x50, 0x72, 0xdb, 0x68, 0x44, 0x17, + 0x28, 0xd4, 0xbb, 0x43, 0x8e, 0x00, 0xa5, + 0xc8, 0x27, 0x00, 0xaa, 0x2b, 0xa4, 0xc2, + 0x16, 0xcd, 0x2d, 0x59, 0xdc, 0x1a, 0xa2, + 0x66, 0xe2, 0x96, 0x6b, 0xcc, 0x39, 0xc6, + 0xe9, 0x2b, 0x14, 0xa7, 0x7d, 0x67, 0x5d, + 0x54, 0xfc, 0x93, 0x73, 0x52, 0x47, 0xc7, + 0x24, 0x1e, 0x7e, 0xc9, 0x2d, 0x87, 0x60, + 0xd3, 0xd8, 0x76, 0xf0, 0x51, 0x04, 0xc7, + 0xcb, 0x68, 0x0f, 0xd8, 0x4b, 0x22, 0xb2, + 0x51, 0x87, 0xe9, 0x1e, 0x05, 0x3d, 0xe2, + 0x8a, 0x6b, 0xb8, 0x96, 0xd6, 0xe0, 0x6e, + 0x38, 0x74, 0x96, 0xad, 0x7e, 0x4f, 0x52, + 0x35, 0xcf, 0x4a, 0x50, 0xe7, 0x60, 0x2e, + 0x58, 0xcf, 0xdc, 0x7a, 0x9a, 0x21, 0x76, + 0x1d, 0x2c, 0xd1, 0x98, 0xab, 0xab, 0xed, + 0xf9, 0xec, 0xd5, 0x7b, 0x09, 0xad, 0x2e, + 0xad, 0x5a, 0xdc, 0xad, 0xd6, 0x46, 0xba, + 0x2d, 0x55, 0xf7, 0x0c, 0x9a, 0x23, 0x10, + 0x50, 0x3e, 0x4f, 0xe1, 0xeb, 0x58, 0x8a, + 0xc0, 0x17, 0x48, 0x41, 0x40, 0x65, 0x0b, + 0xfb, 0x43, 0x9e, 0xf0, 0x37, 0x4a, 0x89, + 0x4e, 0x71, 0xad, 0x44, 0x19, 0x13, 0xbb, + 0x4a, 0x63, 0x83, 0x9e, 0x6a, 0x49, 0x1b, + 0x28, 0xb0, 0x8e, 0x9c, 0x7b, 0xaf, 0xf9, + 0x57, 0x5d, 0x35, 0x16, 0x5c, 0xa7, 0x5e, + 0xd1, 0x0d, 0x83, 0xdc, 0x49, 0xdd, 0x40, + 0x58, 0x9c, 0x97, 0x91, 0xa6, 0xb0, 0x68, + 0xb0, 0xfa, 0x9e, 0xc0, 0x3f, 0x81, 0xc6, + 0xce, 0x58, 0xc5, 0x87, 0xc6, 0xf4, 0x06, + 0xec, 0x91, 0x57, 0x81, 0xce, 0x3a, 0xe8, + 0xf1, 0x29, 0x3f, 0x01, 0x93, 0xf0, 0x74, + 0x22, 0xea, 0x6b, 0x06, 0xd8, 0x65, 0xdb, + 0xd7, 0x41, 0xd9, 0x60, 0x23, 0xe7, 0x83, + 0xc8, 0x69, 0x6b, 0x90, 0xc5, 0xc7, 0xb9, + 0xd5, 0xba, 0x79, 0xc9, 0x4a, 0x87, 0x23, + 0x1c, 0x95, 0x78, 0xf3, 0x73, 0x10, 0xbe, + 0xb2, 0x0f, 0x32, 0xec, 0xff, 0x15, 0x51, + 0x4d, 0xb5, 0x48, 0x3c, 0xca, 0x4c, 0x5b, + 0x32, 0x29, 0x47, 0x21, 0xba, 0x2a, 0x5d, + 0xc9, 0x59, 0xfa, 0x8f, 0x33, 0x10, 0x83, + 0x40, 0x80, 0xf3, 0xce, 0xee, 0x6d, 0xcd, + 0x9c, 0xbb, 0x23, 0x0b, 0x45, 0xba, 0x7a, + 0x07, 0xdc, 0x4d, 0x57, 0x97, 0xb4, 0xa4, + 0xef, 0x94, 0xe8, 0x43, 0xfe, 0x18, 0x47, + 0x1a, 0xb0, 0xf6, 0xb6, 0x0b, 0x55, 0x05, + 0xbd, 0x67, 0x2d, 0x37, 0x27, 0x17, 0x13, + 0x65, 0x22, 0xf2, 0x7c, 0xf7, 0x47, 0xd2, + 0x85, 0x63, 0x98, 0x83, 0xd2, 0xc1, 0xbf, + 0x8f, 0x4c, 0xda, 0xbf, 0xa4, 0x10, 0x6b, + 0x4e, 0x6b, 0x78, 0x5e, 0x3f, 0x7a, 0xec, + 0x15, 0x84, 0xbe, 0x1a, 0x94, 0xa2, 0x2b, + 0xb5, 0x3e, 0x55, 0x86, 0x51, 0xec, 0x2e, + 0x62, 0xcb, 0xd6, 0x9f, 0xe5, 0xa4, 0xb8, + 0xc0, 0xaa, 0x4e, 0x6d, 0x8a, 0xb1, 0xd6, + 0xf7, 0x8d, 0x1c, 0x04, 0x32, 0x8b, 0x20, + 0xf5, 0x80, 0x33, 0xbd, 0xcc, 0x3e, 0x4c, + 0x16, 0x04, 0xab, 0xd8, 0x64, 0x6d, 0xf9, + 0xc9, 0x15, 0x7d, 0x4b, 0x00, 0x86, 0xb2, + 0x70, 0x1d, 0x20, 0xcb, 0x7a, 0xed, 0x7e, + 0x81, 0x7f, 0x41, 0x33, 0xb8, 0x7b, 0xc0, + 0xa3, 0xbd, 0x12, 0xd1, 0x67, 0x48, 0xa0, + 0xb9, 0xeb, 0xd5, 0x29, 0xab, 0x91, 0x9c, + 0xa2, 0x2f, 0x8e, 0x01, 0x1c, 0x88, 0xc1, + 0x3e, 0x34, 0x47, 0x36, 0x8a, 0x35, 0x6c, + 0x2f, 0xc1, 0x8a, 0xb6, 0xd0, 0xa5, 0x01, + 0x82, 0xee, 0x4f, 0x44, 0xb9, 0xcd, 0x16, + 0x9c, 0x3a, 0xf8, 0xe9, 0x2a, 0xd2, 0xb6, + 0x1d, 0xfd, 0x3c, 0x06, 0xdc, 0x42, 0xdd, + 0x2d, 0x60, 0x6a, 0x44, 0x21, 0xc3, 0x37, + 0x75, 0x79, 0xc5, 0x29, 0x5c, 0x7e, 0xf5, + 0x86, 0xbb, 0x56, 0x05, 0x21, 0x46, 0xaf, + 0x6d, 0x3a, 0xa2, 0x9e, 0x11, 0x6d, 0x9e, + 0x05, 0x74, 0x8a, 0xfe, 0x84, 0x88, 0x3e, + 0x76, 0xb4, 0xef, 0x2f, 0xeb, 0x52, 0xcd, + 0x97, 0x82, 0xba, 0x0c, 0xcc, 0xcb, 0x72, + 0x8d, 0x8d, 0xd2, 0x32, 0x7c, 0x41, 0x39, + 0xa6, 0x22, 0xb7, 0xdc, 0x3f, 0x39, 0x43, + 0xf5, 0xee, 0x0c, 0xfc, 0xbb, 0x2b, 0x43, + 0xe8, 0xce, 0xae, 0x0c, 0xd9, 0x15, 0x22, + 0x32, 0xbd, 0x69, 0xad, 0x76, 0xd9, 0xdf, + 0x81, 0xdf, 0x24, 0x76, 0x7b, 0x53, 0x0b, + 0xe6, 0xc7, 0x6c, 0x38, 0x2c, 0xbf, 0x28, + 0x95, 0x03, 0x18, 0xef, 0x98, 0x88, 0xc2, + 0x6b, 0x1a, 0xf5, 0xb4, 0xf9, 0x19, 0x76, + 0x25, 0x1d, 0xcf, 0x9b, 0xcd, 0x4c, 0x00, + 0x06, 0xde, 0x55, 0x58, 0x95, 0x9a, 0x06, + 0xfb, 0xf9, 0x88, 0x20, 0x85, 0x80, 0xe3, + 0x27, 0xdf, 0xc5, 0x20, 0x29, 0x7c, 0x58, + 0x02, 0x07, 0x2e, 0xd2, 0xeb, 0xdc, 0x68, + 0x58, 0x91, 0x08, 0x71, 0x16, 0xb3, 0x82, + 0x2f, 0x6c, 0x45, 0xcd, 0xbe, 0xe5, 0x0c, + 0x07, 0x77, 0x95, 0x3b, 0x2c, 0x59, 0x8e, + 0xba, 0x07, 0xa8, 0xa1, 0xc6, 0xe5, 0x6a, + 0x49, 0xb5, 0x85, 0xf2, 0x70, 0x05, 0x22, + 0xc4, 0x2f, 0x8d, 0xdd, 0x48, 0x8d, 0x87, + 0xfa, 0xb6, 0xf8, 0x59, 0xc8, 0xb1, 0x18, + 0x03, 0x5f, 0xce, 0x53, 0x28, 0x96, 0x15, + 0xd4, 0xb4, 0x10, 0x2c, 0xe2, 0x22, 0x9e, + 0x88, 0xe5, 0xcd, 0xda, 0xfc, 0xf9, 0x64, + 0xa4, 0x7b, 0xfb, 0xeb, 0xa8, 0x6a, 0xb6, + 0xf6, 0x17, 0x84, 0x26, 0x3d, 0xe4, 0x66, + 0x7e, 0x5c, 0x85, 0x01, 0xaf, 0xdc, 0xdb, + 0x48, 0x33, 0x4a, 0x20, 0x7c, 0x22, 0x1b, + 0xd5, 0xeb, 0x2d, +}; +static const byte ml_dsa_44_good_sig[] = { + 0xfc, 0x2d, 0xa0, 0x06, 0x85, 0xc2, 0xfc, + 0x92, 0x47, 0x77, 0x0b, 0x39, 0xbf, 0xe5, + 0xba, 0xd4, 0x44, 0xbf, 0xde, 0xce, 0x1f, + 0x04, 0xa2, 0x87, 0xed, 0x4a, 0xce, 0x0e, + 0xf3, 0x95, 0x61, 0x1e, 0x66, 0x4e, 0x9a, + 0x5d, 0x00, 0x31, 0x32, 0xf0, 0x90, 0x3d, + 0x7e, 0xf2, 0x9d, 0xe2, 0x93, 0xa1, 0xc8, + 0x64, 0x36, 0xf2, 0x59, 0xc7, 0x9e, 0xb6, + 0xb3, 0x6f, 0xe5, 0x80, 0x8d, 0x92, 0x77, + 0xd6, 0xb6, 0xe4, 0xc5, 0x5e, 0x79, 0x45, + 0x4b, 0xd0, 0xfe, 0x53, 0x55, 0xb6, 0x66, + 0x88, 0xfe, 0x95, 0x40, 0x07, 0xfd, 0xdb, + 0x40, 0x33, 0x39, 0x67, 0x03, 0x30, 0x8e, + 0x80, 0x4e, 0xa7, 0x0e, 0xe4, 0x05, 0x04, + 0xc5, 0x33, 0x72, 0x47, 0x5b, 0x85, 0x0f, + 0xe1, 0xeb, 0x98, 0x1a, 0x76, 0x79, 0x84, + 0xce, 0x26, 0x66, 0xe8, 0x92, 0xc9, 0x1f, + 0x40, 0x96, 0x72, 0xfe, 0x61, 0xae, 0xba, + 0x84, 0x70, 0xb7, 0x92, 0x2f, 0x7e, 0xc8, + 0xe8, 0xe4, 0x34, 0x73, 0xd4, 0x69, 0x57, + 0x3e, 0x28, 0x2b, 0x18, 0x0f, 0xef, 0xb1, + 0x06, 0xe2, 0xf8, 0x79, 0x70, 0x5a, 0x84, + 0x84, 0x6c, 0xb3, 0x57, 0x5b, 0x18, 0x42, + 0xdf, 0xd5, 0xdb, 0xf8, 0x35, 0x5f, 0x7b, + 0x23, 0x25, 0x2f, 0x0f, 0x17, 0x0b, 0x9a, + 0xb6, 0xe8, 0x31, 0x30, 0x6b, 0x90, 0x06, + 0x2c, 0xfd, 0xca, 0xaa, 0xa6, 0xc3, 0xdc, + 0x88, 0xa7, 0x31, 0x74, 0x67, 0xe2, 0x64, + 0x8f, 0x5c, 0xc4, 0xc0, 0x4d, 0x34, 0x15, + 0x0d, 0xd2, 0x23, 0x69, 0xfc, 0x6e, 0xbb, + 0x82, 0xca, 0xc4, 0xee, 0xf1, 0x14, 0xc1, + 0xd4, 0x5a, 0x71, 0x78, 0x9b, 0x40, 0x01, + 0xb9, 0xe4, 0x6e, 0x68, 0xf6, 0x13, 0xca, + 0xc1, 0xea, 0x70, 0x71, 0x3d, 0xc9, 0x1a, + 0x62, 0xb9, 0xa9, 0xe0, 0x1e, 0xe2, 0x34, + 0xf2, 0x9a, 0xf7, 0x23, 0xb3, 0xc1, 0xca, + 0x35, 0x0e, 0x5e, 0xa7, 0xd1, 0x3d, 0xea, + 0x51, 0xdc, 0xe2, 0x0e, 0xfc, 0x7d, 0x26, + 0x75, 0xec, 0x9a, 0x6e, 0x40, 0x1f, 0x60, + 0x06, 0xd7, 0x56, 0xf8, 0xa4, 0x2a, 0x82, + 0x9c, 0xef, 0x51, 0x4a, 0xe1, 0x01, 0x2b, + 0xb0, 0x8b, 0x34, 0x7b, 0xe1, 0x63, 0xa4, + 0xcc, 0x72, 0x81, 0xd9, 0xb4, 0x20, 0xcc, + 0x60, 0xe2, 0x15, 0x6d, 0xc7, 0x6c, 0x75, + 0x65, 0x4d, 0xb6, 0xc0, 0x36, 0x49, 0x87, + 0x06, 0x3e, 0xca, 0x1c, 0x32, 0x36, 0x2f, + 0xe3, 0xf6, 0x06, 0x0a, 0xb1, 0xd2, 0xfb, + 0xee, 0x4e, 0xd7, 0xce, 0x65, 0xcc, 0x89, + 0xf2, 0x77, 0x14, 0x27, 0x27, 0x84, 0x52, + 0x97, 0x1b, 0x89, 0x17, 0x31, 0x8d, 0xc4, + 0x0f, 0xc7, 0xc6, 0x45, 0x44, 0x9a, 0x97, + 0xd3, 0x88, 0x71, 0x73, 0x97, 0x64, 0xa6, + 0xe6, 0x3d, 0xf2, 0xd3, 0x7f, 0x7f, 0xfa, + 0x4f, 0xf4, 0xe9, 0x76, 0x8a, 0x2a, 0xfe, + 0x28, 0x8e, 0xa5, 0xb3, 0x46, 0x2b, 0xad, + 0x50, 0x5e, 0x12, 0xcd, 0xf8, 0x46, 0xe4, + 0x06, 0x12, 0xc2, 0xb8, 0xcd, 0x04, 0x76, + 0x07, 0x7c, 0xed, 0x2f, 0x0f, 0xd6, 0x97, + 0x31, 0xa4, 0x0c, 0x18, 0x85, 0x75, 0xd3, + 0x55, 0xfd, 0xe3, 0x1a, 0xbf, 0x43, 0xde, + 0x20, 0xa9, 0x19, 0xcd, 0x03, 0x01, 0xdf, + 0x04, 0x71, 0x09, 0x94, 0x99, 0x51, 0xb0, + 0x8e, 0x32, 0x80, 0xe6, 0x64, 0x4b, 0xdf, + 0xa5, 0xec, 0xfa, 0xce, 0xf6, 0xf3, 0xce, + 0x51, 0xe8, 0x6d, 0x03, 0x1e, 0x69, 0x59, + 0xef, 0x20, 0x98, 0x71, 0xe2, 0xc3, 0xec, + 0x19, 0x03, 0xa9, 0x2d, 0x12, 0x21, 0x79, + 0x7e, 0xb0, 0xcb, 0x76, 0x68, 0x2f, 0x11, + 0x01, 0x2b, 0x11, 0xef, 0xd6, 0xb7, 0x8b, + 0x5e, 0x31, 0x78, 0x7b, 0x2d, 0xe6, 0x4a, + 0xfb, 0xc1, 0xbb, 0x78, 0x92, 0x11, 0xcb, + 0x91, 0x97, 0x52, 0x1b, 0x8e, 0xfb, 0x59, + 0x02, 0x22, 0xbe, 0xf7, 0x33, 0xaa, 0x7b, + 0xfd, 0x93, 0xf7, 0xa8, 0x9b, 0xfc, 0x99, + 0x36, 0x22, 0x04, 0x1e, 0xdc, 0xa3, 0x2b, + 0xe6, 0xac, 0x2e, 0x4b, 0x38, 0x0a, 0x25, + 0xde, 0x3d, 0x8e, 0x0b, 0x95, 0x04, 0x48, + 0x3d, 0x66, 0x52, 0x99, 0x79, 0xe1, 0x8d, + 0xe0, 0xa7, 0xd5, 0x23, 0x0d, 0x45, 0x89, + 0x88, 0xa9, 0x59, 0x4e, 0xc7, 0x64, 0x39, + 0x93, 0xdd, 0xcb, 0xfe, 0x97, 0xe7, 0x7d, + 0xab, 0x61, 0x08, 0xf7, 0x7a, 0xff, 0x10, + 0x1d, 0x8d, 0x11, 0xa9, 0x97, 0xbd, 0x16, + 0xb5, 0x6c, 0x84, 0x71, 0x61, 0x72, 0x36, + 0x51, 0xe7, 0x43, 0x8b, 0x15, 0xb2, 0x48, + 0x6a, 0x14, 0x8a, 0xbe, 0x92, 0xa7, 0xfa, + 0xce, 0x02, 0x1a, 0x7f, 0xc5, 0xdb, 0x76, + 0x0a, 0x4c, 0xc7, 0x20, 0x2a, 0x34, 0xf4, + 0x92, 0x3b, 0x34, 0x69, 0x71, 0x3d, 0xe1, + 0xf2, 0x2f, 0x52, 0xe1, 0x48, 0xbe, 0x27, + 0x47, 0x1d, 0x55, 0x96, 0x6e, 0xa3, 0x39, + 0xc6, 0xd8, 0x12, 0xe0, 0xb2, 0x93, 0x56, + 0xef, 0x10, 0xf4, 0xa6, 0xf4, 0x5f, 0xa9, + 0xfd, 0x5d, 0x01, 0x87, 0xb8, 0xe5, 0x4f, + 0x86, 0x2c, 0xa5, 0x09, 0xfc, 0x29, 0x84, + 0x5b, 0x44, 0xf9, 0x8d, 0x9c, 0xbb, 0x19, + 0x97, 0x52, 0xbb, 0xac, 0x19, 0x57, 0x68, + 0x7d, 0x74, 0xb5, 0x4f, 0xda, 0x8a, 0x9c, + 0xcf, 0x5d, 0x7b, 0xd9, 0xf0, 0xb3, 0x11, + 0x76, 0x50, 0x03, 0x06, 0x44, 0xe7, 0x68, + 0x35, 0xe9, 0x14, 0x20, 0xbd, 0x0d, 0x90, + 0x96, 0x21, 0xa1, 0x17, 0x8f, 0xf7, 0x50, + 0x6c, 0xc0, 0x76, 0x3d, 0x34, 0x8d, 0xf2, + 0x75, 0xf0, 0xa2, 0x6c, 0x8a, 0xc1, 0x56, + 0x95, 0xb2, 0xd9, 0x87, 0xf2, 0xe4, 0x80, + 0x25, 0xc7, 0x97, 0xd2, 0xd2, 0xf8, 0x1c, + 0x7a, 0x48, 0x70, 0x99, 0x6b, 0xf2, 0x50, + 0x83, 0xf3, 0x10, 0xb1, 0x9b, 0x6d, 0x75, + 0x53, 0x86, 0x23, 0xc9, 0x60, 0x4d, 0x73, + 0xc7, 0x52, 0x90, 0x12, 0x6b, 0x92, 0x2d, + 0x35, 0xbc, 0x4d, 0x86, 0x67, 0xfe, 0x35, + 0x11, 0x6c, 0xbb, 0x9b, 0x76, 0xaf, 0x26, + 0xae, 0x50, 0x23, 0x76, 0x68, 0x16, 0x80, + 0xf0, 0xa4, 0xcc, 0x76, 0x6b, 0xf3, 0x99, + 0x04, 0x8b, 0x39, 0xf2, 0xa6, 0xa9, 0x72, + 0x6f, 0xbe, 0xa8, 0xdb, 0x53, 0xf3, 0x93, + 0x00, 0xac, 0x3e, 0x8f, 0xdd, 0x68, 0x9e, + 0x2f, 0xe3, 0x48, 0x0b, 0x11, 0xe2, 0x9a, + 0xfa, 0x98, 0x32, 0x40, 0x26, 0xf8, 0x83, + 0xc6, 0x00, 0x02, 0x7d, 0xb5, 0xd2, 0xd4, + 0xdd, 0xc6, 0x02, 0xec, 0xb3, 0x98, 0xd6, + 0x8e, 0xab, 0x75, 0x06, 0x37, 0x97, 0x4c, + 0x50, 0xc5, 0xe1, 0x43, 0x34, 0xd6, 0xbd, + 0xb6, 0xfc, 0xb7, 0x04, 0x0d, 0xd8, 0x35, + 0xb4, 0x3e, 0x0e, 0x43, 0x22, 0x83, 0xf5, + 0x5d, 0x2e, 0x0a, 0x8f, 0xa0, 0xec, 0x17, + 0xd9, 0xa1, 0x84, 0x98, 0x32, 0x5c, 0x99, + 0x66, 0x05, 0x70, 0x9a, 0xa4, 0x9b, 0xbe, + 0xd3, 0x3d, 0x2a, 0x13, 0xb1, 0x96, 0x37, + 0x4f, 0xe7, 0x6f, 0x6b, 0x5e, 0x80, 0xe4, + 0xb6, 0x98, 0x56, 0xed, 0xff, 0x5b, 0x21, + 0x5f, 0x79, 0x9a, 0x0f, 0x53, 0x69, 0x76, + 0xdb, 0xc0, 0x12, 0x9c, 0xed, 0xd4, 0x00, + 0x64, 0xca, 0xf4, 0xc3, 0x17, 0x49, 0xbb, + 0xef, 0xbc, 0x7b, 0x73, 0x24, 0x4f, 0x6e, + 0xcf, 0x25, 0x49, 0x30, 0x4f, 0x9a, 0xb7, + 0x2a, 0x2f, 0xc2, 0x69, 0x74, 0xe5, 0xa6, + 0xd7, 0x29, 0x4d, 0x80, 0xe6, 0xf6, 0x66, + 0x4b, 0xdf, 0xef, 0xfd, 0xb5, 0xaa, 0x53, + 0x75, 0x0e, 0xf5, 0x92, 0xb3, 0x30, 0x3d, + 0x5d, 0xa8, 0x49, 0x74, 0xa2, 0x13, 0xb3, + 0x99, 0x7e, 0xf9, 0x34, 0x08, 0xc2, 0xa6, + 0xc9, 0xd1, 0xb7, 0x65, 0xf4, 0xa9, 0xda, + 0x11, 0x07, 0x89, 0x08, 0x92, 0xdf, 0x1a, + 0x8d, 0xd7, 0x1e, 0xe9, 0xa3, 0x5c, 0x66, + 0x79, 0xa0, 0x2d, 0xd1, 0xd9, 0x65, 0xa2, + 0xd3, 0x47, 0xb1, 0xa1, 0xf4, 0xa1, 0x18, + 0x7f, 0xb0, 0xd1, 0x20, 0x05, 0x06, 0x6f, + 0xda, 0xe3, 0xef, 0xee, 0x47, 0xdf, 0x80, + 0x22, 0x14, 0x4b, 0xc2, 0xe4, 0xea, 0x02, + 0xe7, 0x06, 0xc8, 0x2d, 0x2d, 0xbd, 0xd2, + 0xef, 0xd3, 0x3b, 0xf0, 0xc8, 0xc1, 0x04, + 0x53, 0x81, 0x27, 0xb2, 0xf2, 0xf8, 0x5d, + 0xe1, 0x27, 0xd6, 0xd8, 0x2e, 0x0d, 0x43, + 0xf4, 0xf0, 0x7a, 0x8c, 0x78, 0x3f, 0x23, + 0x4d, 0x05, 0xf6, 0xc6, 0x9a, 0xc1, 0x19, + 0x58, 0x48, 0x02, 0x71, 0xc4, 0xf1, 0x16, + 0xc2, 0xbf, 0xc2, 0xf5, 0xa6, 0x70, 0x25, + 0x8b, 0x6c, 0x31, 0xa6, 0x2b, 0x6a, 0x1f, + 0x26, 0x4a, 0x6b, 0x05, 0x67, 0xa9, 0x5e, + 0xa6, 0xc7, 0x19, 0xf0, 0x6f, 0xc2, 0xa4, + 0x07, 0xe1, 0xf8, 0xb6, 0x70, 0x79, 0x85, + 0x97, 0x1f, 0xc2, 0x97, 0xf3, 0x57, 0x3d, + 0xd1, 0x70, 0xb1, 0xe8, 0x43, 0x11, 0xe6, + 0x2f, 0x8a, 0x12, 0x97, 0xe1, 0x1f, 0x86, + 0x33, 0xa1, 0x30, 0xb3, 0x8e, 0xd7, 0x43, + 0x99, 0x35, 0xd3, 0x48, 0x04, 0x29, 0xa3, + 0xf3, 0x2c, 0x0e, 0xda, 0x66, 0xc8, 0xa9, + 0xd3, 0x28, 0x7f, 0xf0, 0xaa, 0x53, 0xc8, + 0x4b, 0xa3, 0xde, 0xcc, 0x5f, 0xae, 0x9b, + 0x2f, 0x20, 0xf7, 0x9a, 0x41, 0xb7, 0xdb, + 0x7a, 0x92, 0xa1, 0x45, 0x2c, 0x49, 0xb7, + 0x2d, 0xe5, 0x6e, 0x84, 0xb1, 0xa4, 0x6e, + 0xea, 0xf9, 0xca, 0xc6, 0x0f, 0xd3, 0xdc, + 0xad, 0x79, 0xf4, 0x3b, 0xc0, 0x8c, 0x8c, + 0x6f, 0xdf, 0x2c, 0xbb, 0x2a, 0x9f, 0x74, + 0x2f, 0x31, 0x7b, 0x05, 0xc5, 0xc4, 0x22, + 0xfd, 0xfc, 0xdf, 0x95, 0x3b, 0x21, 0x41, + 0xab, 0x5b, 0xe9, 0x37, 0xdf, 0xd3, 0x4c, + 0x97, 0x73, 0xac, 0xbd, 0x82, 0x97, 0xd0, + 0x00, 0x55, 0x47, 0xa4, 0x67, 0x12, 0xcd, + 0xe3, 0x01, 0x31, 0xe6, 0x1c, 0x61, 0xf8, + 0xa4, 0xce, 0x23, 0xed, 0xeb, 0x8f, 0x57, + 0xbf, 0x97, 0x4b, 0x26, 0x75, 0xa0, 0x4b, + 0xf6, 0x7e, 0xda, 0x1c, 0x90, 0x8a, 0xc4, + 0xf4, 0x60, 0xfc, 0x65, 0x45, 0x8c, 0x1b, + 0x5c, 0x65, 0xc4, 0x5d, 0x99, 0x9a, 0xed, + 0x62, 0xd6, 0x74, 0x43, 0xac, 0x5e, 0x0c, + 0xfd, 0x7d, 0xf2, 0x4f, 0xc3, 0x02, 0xc8, + 0x24, 0xa7, 0x17, 0x49, 0xf9, 0xdd, 0xc9, + 0x64, 0x71, 0x08, 0xb9, 0xac, 0x47, 0x3d, + 0x6a, 0x4f, 0xdc, 0xa6, 0x56, 0x00, 0x01, + 0x53, 0x2d, 0xca, 0x32, 0x4e, 0x40, 0xec, + 0x14, 0x03, 0x69, 0x75, 0xfa, 0x93, 0x49, + 0x98, 0x04, 0x25, 0x29, 0xe5, 0x78, 0x6e, + 0x3e, 0x99, 0x58, 0x18, 0x48, 0xf3, 0x29, + 0x56, 0x8d, 0x23, 0xd1, 0x5d, 0xb2, 0x2a, + 0x74, 0xa7, 0x53, 0xc5, 0xc6, 0xc4, 0x12, + 0xfe, 0x65, 0x6c, 0xde, 0xc3, 0x6c, 0x18, + 0xde, 0xc3, 0x97, 0xaa, 0xed, 0x69, 0x3c, + 0x4d, 0xc9, 0xa9, 0x63, 0xa9, 0x4d, 0x91, + 0x63, 0xa3, 0x1c, 0x87, 0x36, 0x19, 0x4a, + 0xc5, 0xd1, 0xcb, 0xf4, 0x88, 0xfd, 0xa0, + 0x9b, 0x37, 0x9a, 0x7e, 0xcc, 0x09, 0xac, + 0x3b, 0xf0, 0xf5, 0xb5, 0x15, 0x72, 0x47, + 0xb0, 0x42, 0x0d, 0xed, 0x19, 0x42, 0x93, + 0x5a, 0x56, 0xbf, 0x2c, 0x4b, 0xec, 0xf4, + 0x13, 0x30, 0x0b, 0xdf, 0x0e, 0xc1, 0x22, + 0xa5, 0x6c, 0xf4, 0xcf, 0x09, 0x83, 0xe2, + 0xd0, 0x05, 0x62, 0x8d, 0xda, 0xea, 0x79, + 0xa9, 0x6c, 0xe1, 0x90, 0xc0, 0xe7, 0x6d, + 0x63, 0x8e, 0xe5, 0xe0, 0xa9, 0x67, 0x80, + 0xb7, 0x80, 0x43, 0xfc, 0xa1, 0x11, 0x6d, + 0xc9, 0x91, 0xa3, 0xcb, 0x1a, 0x6e, 0xf8, + 0x6e, 0xdb, 0xf0, 0x7d, 0xeb, 0x45, 0x6a, + 0xee, 0xd8, 0x3e, 0x6b, 0x9a, 0xc4, 0xcd, + 0x7b, 0x35, 0x19, 0x73, 0x14, 0x22, 0x47, + 0x86, 0x54, 0x34, 0xc9, 0x02, 0x49, 0xe6, + 0xb9, 0x45, 0xf7, 0x2c, 0xf7, 0xa4, 0x12, + 0xc4, 0x7a, 0x95, 0x41, 0x54, 0x8d, 0x51, + 0xc5, 0x1a, 0x19, 0x75, 0x0c, 0x11, 0x03, + 0xd0, 0x6f, 0x56, 0x04, 0xb2, 0x87, 0x21, + 0xdb, 0x47, 0xed, 0x9b, 0xe8, 0xec, 0xa3, + 0xe1, 0x74, 0x3e, 0x21, 0x50, 0xf2, 0x09, + 0x2c, 0x5e, 0x3d, 0xca, 0xa7, 0x31, 0x7c, + 0xbd, 0xe4, 0xf1, 0x15, 0x0d, 0xe6, 0x3d, + 0x4c, 0x8e, 0x36, 0x45, 0xf7, 0x08, 0x3d, + 0x56, 0x63, 0xb6, 0x99, 0x46, 0x34, 0x48, + 0xfa, 0xcf, 0x88, 0xe5, 0x43, 0xf7, 0x88, + 0xd5, 0x55, 0x13, 0xfe, 0x79, 0x02, 0x49, + 0x1e, 0x82, 0x45, 0x45, 0x29, 0x8e, 0x0a, + 0x7c, 0x77, 0x51, 0x1b, 0x8e, 0x75, 0xd5, + 0xd6, 0x61, 0xff, 0xa5, 0xfe, 0x59, 0x48, + 0xbf, 0xfc, 0xf2, 0xcd, 0x37, 0x09, 0x4c, + 0xb6, 0xfc, 0xb0, 0x20, 0x5f, 0x12, 0x7a, + 0x3f, 0x64, 0x96, 0xdb, 0xc8, 0xe8, 0xd0, + 0x11, 0x19, 0x47, 0x95, 0x2d, 0x3d, 0xbf, + 0x56, 0x9c, 0x23, 0x30, 0x07, 0x1f, 0x2c, + 0x04, 0x5c, 0x7e, 0x4e, 0x2e, 0xa6, 0x20, + 0x38, 0xa0, 0x88, 0x47, 0x8a, 0x3f, 0x8f, + 0x8a, 0xe7, 0x6d, 0x0a, 0xf1, 0x2d, 0xd6, + 0x10, 0x23, 0x01, 0x62, 0x71, 0x5a, 0xbb, + 0x51, 0x98, 0xa1, 0x27, 0x7d, 0xba, 0x5f, + 0xe4, 0xdc, 0xd6, 0xd7, 0x4c, 0x1a, 0xe0, + 0x4d, 0xe1, 0xee, 0x61, 0xb7, 0xc5, 0x50, + 0x92, 0x99, 0xc7, 0x7b, 0x18, 0xf9, 0x89, + 0x2b, 0x57, 0xf9, 0xe9, 0xac, 0x23, 0x6e, + 0xff, 0xbd, 0x5a, 0x93, 0xdf, 0x15, 0x74, + 0x92, 0x0b, 0x76, 0x84, 0x96, 0x94, 0x1b, + 0x8f, 0xe4, 0x6e, 0x2b, 0xd7, 0x47, 0xfd, + 0x24, 0x3b, 0xe4, 0xe4, 0x99, 0xf9, 0x0b, + 0xf9, 0x29, 0x25, 0x25, 0x6a, 0xc0, 0x1e, + 0xb8, 0x8c, 0xd6, 0xd0, 0x6e, 0x13, 0x86, + 0xa8, 0x7c, 0xc3, 0x31, 0x30, 0x2e, 0x9b, + 0x51, 0xc1, 0x21, 0xea, 0x15, 0x8e, 0xd8, + 0x06, 0xa2, 0xe9, 0x12, 0x9f, 0xcb, 0x6b, + 0x24, 0xef, 0x4e, 0x19, 0x6c, 0xa5, 0x98, + 0x47, 0x8b, 0x4d, 0xbe, 0x00, 0x0c, 0x04, + 0xe3, 0x4d, 0x84, 0x64, 0x36, 0x20, 0x9f, + 0xde, 0xe2, 0x55, 0x89, 0x3e, 0x40, 0xe1, + 0xe3, 0x63, 0x0a, 0xe7, 0x15, 0x4c, 0xcd, + 0x4b, 0x63, 0x6f, 0x70, 0xc2, 0x84, 0x30, + 0x5d, 0x22, 0xd0, 0xe4, 0x65, 0xfb, 0x8a, + 0x07, 0x1a, 0x54, 0xf5, 0x4b, 0x65, 0xad, + 0x64, 0x91, 0x6e, 0x23, 0x98, 0x31, 0x26, + 0x79, 0x70, 0x94, 0xff, 0xc0, 0x65, 0x70, + 0xb4, 0x9d, 0x74, 0x8e, 0x76, 0x6b, 0x9a, + 0x24, 0x28, 0x0d, 0x8a, 0x93, 0x87, 0x18, + 0x04, 0x10, 0xfd, 0x0b, 0xaf, 0xd3, 0x92, + 0xbb, 0xb5, 0x41, 0xd2, 0x87, 0xc7, 0x69, + 0x89, 0x0c, 0x52, 0xf8, 0x46, 0x70, 0x8e, + 0xf0, 0x99, 0x96, 0x57, 0x40, 0x9c, 0xef, + 0x9a, 0xc2, 0x63, 0x47, 0x13, 0x11, 0x68, + 0x40, 0xab, 0x36, 0x16, 0x53, 0xd6, 0x8f, + 0x58, 0x5a, 0xdd, 0x0c, 0xd7, 0x17, 0x6a, + 0x39, 0x34, 0xf1, 0xe7, 0x75, 0x3b, 0x41, + 0x7e, 0x5a, 0x70, 0xfe, 0x5b, 0x08, 0x30, + 0xf4, 0x7b, 0x1d, 0xd0, 0x70, 0xae, 0x18, + 0xad, 0xd4, 0xff, 0xbb, 0xa4, 0x31, 0xec, + 0x28, 0x72, 0x64, 0x9a, 0x24, 0x16, 0x30, + 0xe4, 0xc5, 0x3c, 0xb0, 0x3c, 0x81, 0x4f, + 0xb9, 0xfc, 0xe1, 0x3a, 0x05, 0x17, 0xb2, + 0x18, 0x4c, 0x98, 0x3b, 0xfc, 0x93, 0xf0, + 0x0d, 0xb6, 0x3c, 0x54, 0x7b, 0x10, 0xfd, + 0x7f, 0x63, 0xfe, 0xa5, 0xc6, 0xb5, 0x24, + 0xb4, 0xf2, 0x2f, 0xb2, 0x6f, 0x7f, 0xdb, + 0x01, 0xdb, 0xaf, 0x57, 0xdc, 0xdb, 0xf4, + 0xc8, 0x31, 0xb0, 0xdd, 0x05, 0x8b, 0x9b, + 0x6e, 0x7c, 0x5e, 0x5e, 0x31, 0x2c, 0x7f, + 0xbb, 0xa4, 0x26, 0x88, 0xe1, 0x55, 0x3d, + 0x8d, 0x36, 0x69, 0xb7, 0xc8, 0xcc, 0x05, + 0xfe, 0x6e, 0xcc, 0xcb, 0xfd, 0x81, 0x14, + 0x8b, 0xbc, 0x0c, 0xd4, 0x7e, 0xb4, 0x13, + 0xc0, 0xe2, 0x51, 0xf4, 0x07, 0xde, 0xc4, + 0x1c, 0xf0, 0xc8, 0x92, 0xd4, 0x38, 0xd7, + 0x1e, 0x57, 0xa7, 0x4b, 0xc7, 0xf8, 0xca, + 0xcc, 0x61, 0x86, 0x96, 0x50, 0x4e, 0x6a, + 0x71, 0xbd, 0x5f, 0xc6, 0x48, 0x8b, 0x6f, + 0xeb, 0x53, 0x50, 0xea, 0x35, 0x39, 0x79, + 0xcc, 0xee, 0xae, 0x81, 0x0f, 0xe2, 0xd2, + 0xbb, 0x81, 0x03, 0x8a, 0xeb, 0x98, 0xc2, + 0xad, 0xb7, 0xc0, 0x14, 0x68, 0xb9, 0x7e, + 0x8e, 0x30, 0x11, 0x43, 0x59, 0x8f, 0x04, + 0x2f, 0x7a, 0x99, 0x36, 0xd0, 0x75, 0x07, + 0x6b, 0x8e, 0xc2, 0x10, 0xac, 0xc6, 0x4d, + 0x30, 0x91, 0x9f, 0xde, 0x33, 0x0e, 0xe7, + 0xbc, 0xe5, 0x94, 0xbf, 0x80, 0xdb, 0xb7, + 0xe0, 0x8f, 0xb7, 0x74, 0xc3, 0x77, 0x18, + 0x76, 0x33, 0x34, 0xb8, 0xe4, 0x81, 0xa5, + 0xd9, 0xf7, 0x78, 0xba, 0xec, 0x62, 0x34, + 0xcb, 0x54, 0xbe, 0x90, 0xc1, 0x56, 0x59, + 0x22, 0x94, 0x5b, 0x1a, 0x8f, 0xc6, 0x8f, + 0xf2, 0x84, 0x1f, 0x61, 0x4e, 0xeb, 0x98, + 0x72, 0xdd, 0xde, 0xc9, 0xc6, 0xab, 0xd1, + 0xad, 0xd1, 0x02, 0x60, 0x82, 0x89, 0xba, + 0xf5, 0x1a, 0x6b, 0xde, 0x96, 0x19, 0x64, + 0x44, 0x0a, 0xd6, 0x27, 0x9f, 0x67, 0x96, + 0x44, 0xcc, 0x4b, 0xfd, 0x8f, 0x9e, 0xa1, + 0x1f, 0x06, 0xac, 0x2e, 0xcf, 0xdb, 0xc7, + 0x08, 0x5e, 0xe3, 0xa2, 0x59, 0xa2, 0x22, + 0xf1, 0x7a, 0xce, 0xf5, 0x30, 0x53, 0xc0, + 0xbb, 0x36, 0x13, 0x95, 0x69, 0xe2, 0x28, + 0x47, 0xad, 0xb1, 0x82, 0xfd, 0x14, 0xf6, + 0x6e, 0xed, 0x5b, 0xe0, 0xeb, 0x13, 0x5c, + 0xc6, 0x72, 0xd5, 0x2c, 0xd0, 0xae, 0xc3, + 0xad, 0xa9, 0x60, 0x2a, 0x68, 0x7b, 0x03, + 0x54, 0xc5, 0xd1, 0x71, 0xc4, 0x99, 0x48, + 0x75, 0x18, 0x1e, 0xda, 0x0a, 0x8b, 0xe1, + 0x2d, 0x67, 0x1f, 0xae, 0x91, 0xc0, 0x37, + 0x39, 0x8c, 0x7c, 0x9e, 0x42, 0xd3, 0x6e, + 0xaf, 0x7e, 0x8e, 0xa0, 0x01, 0x45, 0xc1, + 0xc6, 0xef, 0xc6, 0x2e, 0x87, 0x7b, 0x5a, + 0x60, 0xe0, 0xec, 0x3b, 0x76, 0x8e, 0xb3, + 0x0d, 0x57, 0x86, 0xa2, 0xc9, 0x1a, 0x1b, + 0x38, 0x6b, 0x75, 0x7a, 0x81, 0x8b, 0x97, + 0x99, 0xa1, 0xbb, 0xd8, 0xda, 0xdf, 0xea, + 0xef, 0xf0, 0xf9, 0x01, 0x08, 0x11, 0x18, + 0x26, 0x36, 0x4b, 0x52, 0x56, 0x68, 0x7b, + 0x98, 0xca, 0xd3, 0xd6, 0xef, 0xf6, 0x05, + 0x07, 0x09, 0x10, 0x1f, 0x21, 0x28, 0x32, + 0x39, 0x3a, 0x3c, 0x54, 0x77, 0x7b, 0x81, + 0x99, 0xa9, 0xb0, 0xb2, 0xce, 0xe5, 0xe7, + 0x1f, 0x23, 0x3f, 0x4e, 0x50, 0x5d, 0x71, + 0x7a, 0x7c, 0x91, 0xa7, 0xab, 0xae, 0xd0, + 0xd6, 0xe1, 0xe6, 0xf1, 0xf3, 0xfa, 0x00, + 0x00, 0x13, 0x24, 0x3a, 0x4e, +}; +#endif -/* - * Testing wc_SetAuthKeyIdFromPublicKey_ex - */ -static int test_wc_SetAuthKeyIdFromPublicKey_ex(void) +static int test_wc_dilithium(void) { EXPECT_DECLS; -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - WC_RNG rng; - Cert cert; -#if !defined(NO_RSA) && defined(HAVE_RSA) - RsaKey rsaKey; - int bits = 2048; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) + dilithium_key* key; + byte level; +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + WC_RNG rng; #endif -#if defined(HAVE_ECC) - ecc_key eccKey; - int ret; + byte* privKey = NULL; +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE; #endif -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - ed25519_key ed25519Key; + byte* pubKey = NULL; +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; #endif -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - ed448_key ed448Key; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + XMEMSET(&rng, 0, sizeof(WC_RNG)); #endif -#ifndef HAVE_FIPS - ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); -#else +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) ExpectIntEQ(wc_InitRng(&rng), 0); #endif - ExpectIntEQ(wc_InitCert(&cert), 0); + ExpectIntEQ(wc_dilithium_init(NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG); + wc_dilithium_free(NULL); -#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) - /* RSA */ - XMEMSET(&rsaKey, 0, sizeof(RsaKey)); - ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); - ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), 0); - DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + wc_dilithium_free(key); + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), + BAD_FUNC_ARG); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + BAD_FUNC_ARG); #endif -#if defined(HAVE_ECC) - /* ECC */ - XMEMSET(&eccKey, 0, sizeof(ecc_key)); - ExpectIntEQ(wc_ecc_init(&eccKey), 0); - ret = wc_ecc_make_key(&rng, KEY14, &eccKey); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(NULL), BAD_FUNC_ARG); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(NULL), BAD_FUNC_ARG); #endif - ExpectIntEQ(ret, 0); - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), 0); - DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(NULL), BAD_FUNC_ARG); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(NULL), BAD_FUNC_ARG); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), BAD_FUNC_ARG); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), BAD_FUNC_ARG); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), BAD_FUNC_ARG); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), BAD_FUNC_ARG); #endif -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - /* ED25519 */ - XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); - ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); - ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, - &ed25519Key), 0); - wc_ed25519_free(&ed25519Key); + ExpectIntEQ(wc_dilithium_set_level(NULL, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_set_level(key, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_set_level(key, 1), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_set_level(key, 4), BAD_FUNC_ARG); + + ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_get_level(key, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_get_level(NULL, &level), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_get_level(key, &level), BAD_FUNC_ARG); + +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_87); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL5_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL5_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), NOT_COMPILED_IN); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_65); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL3_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL3_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), NOT_COMPILED_IN); +#endif +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_44); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL2_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL2_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), NOT_COMPILED_IN); #endif -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - /* ED448 */ - XMEMSET(&ed448Key, 0, sizeof(ed448_key)); - ExpectIntEQ(wc_ed448_init(&ed448Key), 0); - ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key), - 0); - wc_ed448_free(&ed448Key); +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), + BAD_FUNC_ARG); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + BAD_FUNC_ARG); #endif - DoExpectIntEQ(wc_FreeRng(&rng), 0); -#endif /* defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/ + wc_dilithium_free(key); +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + wc_FreeRng(&rng); +#endif + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return EXPECT_RESULT(); -} /* End test_wc_SetAuthKeyIdFromPublicKey_ex*/ +} -/* - * Testing wc_PKCS7_New() - */ -static int test_wc_PKCS7_New(void) +static int test_wc_dilithium_make_key(void) { EXPECT_DECLS; -#if defined(HAVE_PKCS7) - PKCS7* pkcs7 = NULL; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* key; + WC_RNG rng; - ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId)); - wc_PKCS7_Free(pkcs7); -#endif - return EXPECT_RESULT(); -} /* END test-wc_PKCS7_New */ + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); -/* - * Testing wc_PKCS7_Init() - */ -static int test_wc_PKCS7_Init(void) -{ - EXPECT_DECLS; -#if defined(HAVE_PKCS7) - PKCS7* pkcs7 = NULL; - void* heap = NULL; + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); - ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); - /* Pass in bad args. */ - ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), BAD_STATE_E); - wc_PKCS7_Free(pkcs7); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); #endif - return EXPECT_RESULT(); -} /* END test-wc_PKCS7_Init */ + ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_make_key(key, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); -/* - * Testing wc_PKCS7_InitWithCert() - */ -static int test_wc_PKCS7_InitWithCert(void) + wc_dilithium_free(key); + wc_FreeRng(&rng); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_sign(void) { EXPECT_DECLS; -#if defined(HAVE_PKCS7) - PKCS7* pkcs7 = NULL; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + dilithium_key* key; + dilithium_key* importKey = NULL; + WC_RNG rng; + byte* privKey = NULL; + word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE; + word32 badKeyLen; + byte msg[32]; + byte* sig = NULL; + word32 sigLen = DILITHIUM_MAX_SIG_SIZE; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(importKey); + privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); -#ifndef NO_RSA - #if defined(USE_CERT_BUFFERS_2048) - unsigned char cert[sizeof(client_cert_der_2048)]; - int certSz = (int)sizeof(cert); + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + if (importKey != NULL) { + XMEMSET(importKey, 0, sizeof(*importKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0x55, sizeof(msg)); - XMEMSET(cert, 0, certSz); - XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048)); - #elif defined(USE_CERT_BUFFERS_1024) - unsigned char cert[sizeof(client_cert_der_1024)]; - int certSz = (int)sizeof(cert); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); - XMEMSET(cert, 0, certSz); - XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024); - #else - unsigned char cert[ONEK_BUF]; - XFILE fp = XBADFILE; - int certSz; +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif - ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != - XBADFILE); - ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, - fp), 0); - if (fp != XBADFILE) - XFCLOSE(fp); - #endif -#elif defined(HAVE_ECC) - #if defined(USE_CERT_BUFFERS_256) - unsigned char cert[sizeof(cliecc_cert_der_256)]; - int certSz = (int)sizeof(cert); +#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level2_key, + sizeof_bench_dilithium_level2_key, key), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level3_key, + sizeof_bench_dilithium_level3_key, key), 0); +#else + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level5_key, + sizeof_bench_dilithium_level5_key, key), 0); +#endif +#else + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); +#endif - XMEMSET(cert, 0, certSz); - XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256)); - #else - unsigned char cert[ONEK_BUF]; - XFILE fp = XBADFILE; - int certSz; + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); - ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != - XBADFILE); - ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), - fp), 0); - if (fp != XBADFILE) - XFCLOSE(fp); - #endif + ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL), + BAD_FUNC_ARG); + badKeyLen = 0; + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen), + BUFFER_E); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_KEY_SIZE); #else - #error PKCS7 requires ECC or RSA + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_KEY_SIZE); +#endif + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL2_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL3_KEY_SIZE); +#else + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL5_KEY_SIZE); #endif -#ifdef HAVE_ECC - { - /* bad test case from ZD 11011, malformed cert gives bad ECC key */ - static unsigned char certWithInvalidEccKey[] = { - 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, - 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30, - 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, - 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, + ExpectIntEQ(wc_dilithium_init(importKey), 0); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey), + BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey), + 0); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY + ExpectIntEQ(wc_dilithium_check_key(importKey), PUBLIC_KEY_E); +#endif + wc_dilithium_free(importKey); + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_verify(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN)) + dilithium_key* key; + dilithium_key* importKey = NULL; + WC_RNG rng; + byte* pubKey = NULL; + word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + word32 badKeyLen; + byte msg[32]; + byte* sig = NULL; + word32 sigLen = DILITHIUM_MAX_SIG_SIZE; + int res; +#ifndef WOLFSSL_NO_ML_DSA_44 + byte b; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(importKey); + pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + if (importKey != NULL) { + XMEMSET(importKey, 0, sizeof(*importKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0x55, sizeof(msg)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + +#if !defined(WOLFSSL_NO_ML_DSA_44) + ExpectIntEQ(wc_dilithium_import_public(ml_dsa_44_pub_key, + (word32)sizeof(ml_dsa_44_pub_key), key), 0); + if (sig != NULL) { + XMEMCPY(sig, ml_dsa_44_good_sig, sizeof(ml_dsa_44_good_sig)); + } + sigLen = (word32)sizeof(ml_dsa_44_good_sig); +#else +#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level3_pub_key, + sizeof_bench_dilithium_level3_pub_key, key), 0); +#else + ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level5_pub_key, + sizeof_bench_dilithium_level5_pub_key, key), 0); +#endif /* !WOLFSSL_NO_ML_DSA_65 */ +#else + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); +#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + + ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL), + BAD_FUNC_ARG); + badKeyLen = 0; + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen), + BUFFER_E); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#else + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#else + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif + + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key), + BUFFER_E); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL), + BAD_FUNC_ARG); + res = 0; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0); + ExpectIntEQ(res, 1); + + ExpectIntEQ(wc_dilithium_init(importKey), 0); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), + BAD_FUNC_ARG); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey), + 0); + ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY + ExpectIntEQ(wc_dilithium_check_key(importKey), BAD_FUNC_ARG); +#endif + wc_dilithium_free(importKey); + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (sig != NULL) { + if (sig[sigLen - 5] == 0) { + /* Unused hints meant to be 0. */ + sig[sigLen - 5] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, + key), SIG_VERIFY_E); + ExpectIntEQ(res, 0); + sig[sigLen - 5] = 0x00; + } + + /* Last count of hints must be less than PARAMS_ML_DSA_44_OMEGA == 80 */ + b = sig[sigLen - 1]; + sig[sigLen - 1] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + SIG_VERIFY_E); + ExpectIntEQ(res, 0); + sig[sigLen - 1] = b; + + if (sig[sigLen - 4] > 1) { + /* Index must be less than previous. */ + b = sig[sigLen - 84]; + sig[sigLen - 84] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, + key), SIG_VERIFY_E); + ExpectIntEQ(res, 0); + sig[sigLen - 84] = b; + } + + /* Mess up commit hash. */ + sig[0] ^= 0x80; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + 0); + ExpectIntEQ(res, 0); + sig[0] ^= 0x80; + + /* Mess up z. */ + sig[100] ^= 0x80; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + 0); + ExpectIntEQ(res, 0); + sig[100] ^= 0x80; + + /* Set all indeces to 0. */ + XMEMSET(sig + sigLen - 4, 0, 4); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + SIG_VERIFY_E); + ExpectIntEQ(res, 0); + } +#endif + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_check_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* checkKey; + WC_RNG rng; + byte* privCheckKey = NULL; + word32 privCheckKeyLen = DILITHIUM_MAX_KEY_SIZE; + byte* pubCheckKey = NULL; + word32 pubCheckKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + + checkKey = (dilithium_key*)XMALLOC(sizeof(*checkKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(checkKey); + privCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privCheckKey); + pubCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubCheckKey); + + if (checkKey != NULL) { + XMEMSET(checkKey, 0, sizeof(*checkKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_dilithium_check_key(NULL), BAD_FUNC_ARG); + + ExpectIntEQ(wc_dilithium_init(checkKey), 0); + + ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), BAD_FUNC_ARG); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0); + + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL, + NULL), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, + &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(NULL , privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL , + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + NULL , pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, NULL , &pubCheckKeyLen), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, NULL ), BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0); + + /* Modify hash. */ + if (pubCheckKey != NULL) { + pubCheckKey[0] ^= 0x80; + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(NULL , + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + 0 , pubCheckKey, pubCheckKeyLen, checkKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, NULL , pubCheckKeyLen, checkKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, 0 , checkKey), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0); + ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E); + pubCheckKey[0] ^= 0x80; + + /* Modify encoded t1. */ + pubCheckKey[48] ^= 0x80; + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0); + ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E); + pubCheckKey[48] ^= 0x80; + } + + wc_dilithium_free(checkKey); + wc_FreeRng(&rng); + + XFREE(pubCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(checkKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +static const unsigned char dilithium_public_der[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + 0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00, + 0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2, + 0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09, + 0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb, + 0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f, + 0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a, + 0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1, + 0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75, + 0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c, + 0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9, + 0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a, + 0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb, + 0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea, + 0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5, + 0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a, + 0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a, + 0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b, + 0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33, + 0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1, + 0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f, + 0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2, + 0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb, + 0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70, + 0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9, + 0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4, + 0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6, + 0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b, + 0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52, + 0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6, + 0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0, + 0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66, + 0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1, + 0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4, + 0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5, + 0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b, + 0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a, + 0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f, + 0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20, + 0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37, + 0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21, + 0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72, + 0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3, + 0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34, + 0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29, + 0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d, + 0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88, + 0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27, + 0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd, + 0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b, + 0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f, + 0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39, + 0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63, + 0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56, + 0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4, + 0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed, + 0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49, + 0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34, + 0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc, + 0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7, + 0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3, + 0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8, + 0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94, + 0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2, + 0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd, + 0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02, + 0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec, + 0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22, + 0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f, + 0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9, + 0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92, + 0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84, + 0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a, + 0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12, + 0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b, + 0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0, + 0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a, + 0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda, + 0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf, + 0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e, + 0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98, + 0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3, + 0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50, + 0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0, + 0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83, + 0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70, + 0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed, + 0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce, + 0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6, + 0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86, + 0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0, + 0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb, + 0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8, + 0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb, + 0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09, + 0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7, + 0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9, + 0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84, + 0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2, + 0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a, + 0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32, + 0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84, + 0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92, + 0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde, + 0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c, + 0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94, + 0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f, + 0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85, + 0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7, + 0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56, + 0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57, + 0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94, + 0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac, + 0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1, + 0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d, + 0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f, + 0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5, + 0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b, + 0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55, + 0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b, + 0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d, + 0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16, + 0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0, + 0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda, + 0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71, + 0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f, + 0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24, + 0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4, + 0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2, + 0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70, + 0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6, + 0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0, + 0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb, + 0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a, + 0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce, + 0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4, + 0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46, + 0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45, + 0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea, + 0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6, + 0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e, + 0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d, + 0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29, + 0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11, + 0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32, + 0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17, + 0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab, + 0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba, + 0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21, + 0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8, + 0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84, + 0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc, + 0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82, + 0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47, + 0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74, + 0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42, + 0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff, + 0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18, + 0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a, + 0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb, + 0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06, + 0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b, + 0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36, + 0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef, + 0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e, + 0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07 +#elif !defined(WOLFSSL_NO_ML_DSA_65) + 0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00, + 0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4, + 0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9, + 0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d, + 0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f, + 0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a, + 0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08, + 0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98, + 0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b, + 0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78, + 0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7, + 0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e, + 0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03, + 0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59, + 0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11, + 0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89, + 0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2, + 0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9, + 0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b, + 0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b, + 0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6, + 0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc, + 0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5, + 0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35, + 0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d, + 0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa, + 0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6, + 0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c, + 0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82, + 0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce, + 0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf, + 0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c, + 0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76, + 0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52, + 0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22, + 0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba, + 0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6, + 0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68, + 0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8, + 0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c, + 0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28, + 0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72, + 0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb, + 0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e, + 0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f, + 0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a, + 0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47, + 0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32, + 0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a, + 0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39, + 0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc, + 0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5, + 0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2, + 0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84, + 0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6, + 0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0, + 0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe, + 0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4, + 0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e, + 0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67, + 0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00, + 0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71, + 0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2, + 0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b, + 0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75, + 0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00, + 0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7, + 0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed, + 0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4, + 0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba, + 0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3, + 0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa, + 0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a, + 0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c, + 0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b, + 0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72, + 0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6, + 0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33, + 0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa, + 0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9, + 0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5, + 0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14, + 0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8, + 0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6, + 0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18, + 0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83, + 0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2, + 0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d, + 0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17, + 0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42, + 0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8, + 0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2, + 0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d, + 0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92, + 0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46, + 0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2, + 0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73, + 0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18, + 0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd, + 0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1, + 0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f, + 0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81, + 0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93, + 0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde, + 0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf, + 0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77, + 0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4, + 0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36, + 0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9, + 0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf, + 0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c, + 0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a, + 0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78, + 0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf, + 0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94, + 0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d, + 0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7, + 0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0, + 0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a, + 0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98, + 0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b, + 0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1, + 0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d, + 0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78, + 0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54, + 0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79, + 0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1, + 0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68, + 0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25, + 0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f, + 0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36, + 0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70, + 0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29, + 0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c, + 0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08, + 0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69, + 0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75, + 0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89, + 0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e, + 0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d, + 0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e, + 0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9, + 0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf, + 0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf, + 0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e, + 0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e, + 0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2, + 0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20, + 0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14, + 0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91, + 0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1, + 0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68, + 0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86, + 0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41, + 0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7, + 0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89, + 0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0, + 0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5, + 0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73, + 0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb, + 0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d, + 0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29, + 0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97, + 0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a, + 0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d, + 0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90, + 0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48, + 0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5, + 0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec, + 0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c, + 0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01, + 0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc, + 0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0, + 0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e, + 0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27, + 0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca, + 0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29, + 0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e, + 0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48, + 0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83, + 0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae, + 0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd, + 0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8, + 0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71, + 0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c, + 0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41, + 0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41, + 0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2, + 0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb, + 0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1, + 0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf, + 0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d, + 0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e, + 0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e, + 0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4, + 0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b, + 0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e, + 0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14, + 0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76, + 0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95, + 0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e, + 0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01, + 0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b, + 0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba, + 0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08, + 0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb, + 0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed, + 0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda, + 0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec, + 0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48, + 0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe, + 0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02, + 0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5, + 0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa, + 0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc, + 0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34, + 0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44, + 0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71, + 0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d, + 0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9, + 0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f, + 0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81, + 0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e, + 0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff, + 0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24, + 0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58, + 0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e, + 0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35, + 0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a, + 0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e, + 0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d, + 0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00, + 0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9, + 0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10, + 0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74, + 0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f, + 0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f, + 0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59, + 0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53, + 0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f, + 0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2, + 0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9, + 0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c, + 0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e, + 0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd +#else + 0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00, + 0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec, + 0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf, + 0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c, + 0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64, + 0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1, + 0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66, + 0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26, + 0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31, + 0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d, + 0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce, + 0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02, + 0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02, + 0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95, + 0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8, + 0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15, + 0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8, + 0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe, + 0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04, + 0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4, + 0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac, + 0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7, + 0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1, + 0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86, + 0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39, + 0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4, + 0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4, + 0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27, + 0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76, + 0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5, + 0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36, + 0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36, + 0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2, + 0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b, + 0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e, + 0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab, + 0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac, + 0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76, + 0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff, + 0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09, + 0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b, + 0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e, + 0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53, + 0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17, + 0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41, + 0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73, + 0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d, + 0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c, + 0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0, + 0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51, + 0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d, + 0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea, + 0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02, + 0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c, + 0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00, + 0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e, + 0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5, + 0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9, + 0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42, + 0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36, + 0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45, + 0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc, + 0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d, + 0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6, + 0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0, + 0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65, + 0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63, + 0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2, + 0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9, + 0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b, + 0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23, + 0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57, + 0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97, + 0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb, + 0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd, + 0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf, + 0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd, + 0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc, + 0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24, + 0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae, + 0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c, + 0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85, + 0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0, + 0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60, + 0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0, + 0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f, + 0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07, + 0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff, + 0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c, + 0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44, + 0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50, + 0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f, + 0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c, + 0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2, + 0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0, + 0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83, + 0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96, + 0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28, + 0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa, + 0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78, + 0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c, + 0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0, + 0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d, + 0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1, + 0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9, + 0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42, + 0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00, + 0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb, + 0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3, + 0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57, + 0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49, + 0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d, + 0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d, + 0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f, + 0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28, + 0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03, + 0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe, + 0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a, + 0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9, + 0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c, + 0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b, + 0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07, + 0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6, + 0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33, + 0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03, + 0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a, + 0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e, + 0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda, + 0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40, + 0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9, + 0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e, + 0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6, + 0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02, + 0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03, + 0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39, + 0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4, + 0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc, + 0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f, + 0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6, + 0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2, + 0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76, + 0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24, + 0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f, + 0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36, + 0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16, + 0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85, + 0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94, + 0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69, + 0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e, + 0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d, + 0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1, + 0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d, + 0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2, + 0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce, + 0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99, + 0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86, + 0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca, + 0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c, + 0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60, + 0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0, + 0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06, + 0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc, + 0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90, + 0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf, + 0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9, + 0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6, + 0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a, + 0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2, + 0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd, + 0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76, + 0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e, + 0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0, + 0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4, + 0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8, + 0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12, + 0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c, + 0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49, + 0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed, + 0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15, + 0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7, + 0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20, + 0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31, + 0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c, + 0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c, + 0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd, + 0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36, + 0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee, + 0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a, + 0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef, + 0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22, + 0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0, + 0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2, + 0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa, + 0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9, + 0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f, + 0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad, + 0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4, + 0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec, + 0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43, + 0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed, + 0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9, + 0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84, + 0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7, + 0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73, + 0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda, + 0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02, + 0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a, + 0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16, + 0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37, + 0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1, + 0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87, + 0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46, + 0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16, + 0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5, + 0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39, + 0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10, + 0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e, + 0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2, + 0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed, + 0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4, + 0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a, + 0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2, + 0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b, + 0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd, + 0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e, + 0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27, + 0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77, + 0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9, + 0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6, + 0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6, + 0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96, + 0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c, + 0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15, + 0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb, + 0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b, + 0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe, + 0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4, + 0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50, + 0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4, + 0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85, + 0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d, + 0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3, + 0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98, + 0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78, + 0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52, + 0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82, + 0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f, + 0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b, + 0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26, + 0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9, + 0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99, + 0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb, + 0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1, + 0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c, + 0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59, + 0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c, + 0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66, + 0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f, + 0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46, + 0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9, + 0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3, + 0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8, + 0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00, + 0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2, + 0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b, + 0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70, + 0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08, + 0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e, + 0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab, + 0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25, + 0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31, + 0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5, + 0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5, + 0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5, + 0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1, + 0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d, + 0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46, + 0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90, + 0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27, + 0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff, + 0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7, + 0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e, + 0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9, + 0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33, + 0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b, + 0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a, + 0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1, + 0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d, + 0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc, + 0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1, + 0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd, + 0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8, + 0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62, + 0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1, + 0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc, + 0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81, + 0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b, + 0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32, + 0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c, + 0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab, + 0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4, + 0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58, + 0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97, + 0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62, + 0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f, + 0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72, + 0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9, + 0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9, + 0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30, + 0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99, + 0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5, + 0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb, + 0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0, + 0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99, + 0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd, + 0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4, + 0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2, + 0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a, + 0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b, + 0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b, + 0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90, + 0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6, + 0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad, + 0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c, + 0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49 +#endif +}; +#endif + +static int test_wc_dilithium_public_der_decode(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + dilithium_key* key; + word32 idx = 0; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init(key), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key, + (word32)sizeof(dilithium_public_der)), 0); + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_der(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) +#define DILITHIUM_MAX_DER_SIZE 8192 + dilithium_key* key; + WC_RNG rng; + byte* der = NULL; + int len; + int pubLen; + int pubDerLen; + int privDerLen; + int keyDerLen; + word32 idx; + +#ifndef WOLFSSL_NO_ML_DSA_44 + pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 24; + privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 30; + keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 34; +#elif !defined(WOLFSSL_NO_ML_DSA_65) + pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 24; + privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 30; + keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 34; +#else + pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 24; + privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 30; + keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 34; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + der = (byte*)XMALLOC(DILITHIUM_MAX_DER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(der); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 1), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), + BAD_FUNC_ARG); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 1), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); + + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0 , + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0 , + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE, + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE, + 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0 , + 0), BUFFER_E ); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0 , + 0), pubLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE, + 0), pubLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0 , + 1), pubDerLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE, + 1), pubDerLen); + + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, + 0 ), BAD_FUNC_ARG); + ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, + 0 ), 0); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , + 0 ), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , + 0 ), BUFFER_E); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + DILITHIUM_MAX_DER_SIZE), privDerLen); + + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), + 0 ); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), + BUFFER_E ); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), + keyDerLen); + + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0 ), + BAD_FUNC_ARG); + + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0 ), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen), + BAD_FUNC_ARG); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0 ), + BAD_FUNC_ARG); + + ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE, 0), pubLen); + ExpectIntEQ(wc_dilithium_import_public(der, len, key), 0); + + ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE, 1), pubDerLen); + idx = 0; +{ + fprintf(stderr, "\n"); + for (int ii = 0; ii < pubDerLen; ii++) { + if ((ii % 8) == 0) fprintf(stderr, " "); + fprintf(stderr, "0x%02x,", der[ii]); + if ((ii % 8) == 7) fprintf(stderr, "\n"); + else fprintf(stderr, " "); + } +} + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); + + ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE), privDerLen); + idx = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); + + ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + keyDerLen); + idx = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); + + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_make_key_from_seed(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* key; +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte seed_44[] = { + 0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47, + 0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35, + 0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24, + 0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69 + }; + static const byte pk_44[] = { + 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, + 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, + 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, + 0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61, + 0xED, 0x7E, 0xA9, 0xED, 0x2D, 0xED, 0x5A, 0x71, + 0xDD, 0xAE, 0x4A, 0x06, 0xE0, 0x2A, 0x5A, 0xAF, + 0x99, 0x69, 0x89, 0xC6, 0xAF, 0xE3, 0x2A, 0xFE, + 0x3D, 0x6E, 0x0A, 0x46, 0x71, 0x48, 0xD7, 0x17, + 0x99, 0x20, 0x01, 0x78, 0xD5, 0x8B, 0x40, 0xCB, + 0x81, 0xA0, 0x33, 0x38, 0xAE, 0x2B, 0x83, 0x4A, + 0xFD, 0x5F, 0xE0, 0xB7, 0xEE, 0xA0, 0xC4, 0x3D, + 0xB6, 0xA4, 0xD5, 0x59, 0x4B, 0xDD, 0x87, 0x1A, + 0xFC, 0x03, 0x30, 0xA0, 0xB3, 0xAD, 0x75, 0x3C, + 0xD4, 0x47, 0x72, 0x59, 0xCE, 0xB7, 0x80, 0xFD, + 0x34, 0x35, 0x5E, 0x96, 0xC8, 0x42, 0xD9, 0xDD, + 0x6C, 0xF1, 0xAB, 0xEF, 0x48, 0xD1, 0xA8, 0x02, + 0x02, 0x0F, 0x5B, 0x71, 0x4D, 0x36, 0x1E, 0x0D, + 0xC2, 0x09, 0x46, 0x7B, 0xF9, 0xEA, 0x24, 0x8F, + 0x7C, 0xCF, 0xB8, 0x9C, 0xF7, 0x49, 0x15, 0x8E, + 0x16, 0x49, 0x7E, 0xC5, 0x54, 0xF5, 0x03, 0x1D, + 0x16, 0x12, 0x02, 0x72, 0x1B, 0x38, 0x2D, 0x58, + 0x53, 0x15, 0x5E, 0xB6, 0x72, 0xCC, 0xA1, 0x09, + 0xB0, 0x2F, 0x10, 0xFA, 0x21, 0x45, 0x46, 0x37, + 0xD4, 0xFA, 0x7F, 0xFB, 0xB0, 0xD9, 0x20, 0xE2, + 0xCB, 0x56, 0xB3, 0x1E, 0xDF, 0x82, 0x67, 0x25, + 0x09, 0xD1, 0x8F, 0xFF, 0xE0, 0x43, 0xBD, 0x37, + 0x2B, 0x73, 0x0E, 0x13, 0x08, 0xC9, 0x49, 0x88, + 0x69, 0x69, 0xD9, 0x8C, 0x86, 0xE4, 0x7E, 0x63, + 0x35, 0xC5, 0xE1, 0xD0, 0x14, 0x9A, 0x89, 0x27, + 0x28, 0x17, 0xB0, 0x5B, 0x7A, 0x8F, 0xDD, 0x72, + 0x8B, 0x0A, 0x0D, 0x49, 0x58, 0x59, 0x2F, 0x0D, + 0x8F, 0x3D, 0x16, 0xCE, 0x7B, 0x11, 0xC7, 0x06, + 0x5D, 0xD5, 0x6D, 0x7B, 0x96, 0xED, 0x1E, 0x1A, + 0xF4, 0x10, 0x85, 0xDA, 0xDE, 0x84, 0x2F, 0x2B, + 0xBA, 0xFB, 0xA2, 0x5F, 0x33, 0x7D, 0x7C, 0x18, + 0x6B, 0xDF, 0x43, 0x3C, 0xE9, 0xEB, 0xB4, 0xC5, + 0x8E, 0x52, 0xF5, 0x7E, 0x4C, 0x3E, 0x6A, 0x33, + 0x41, 0x4C, 0x14, 0x05, 0x8E, 0x2C, 0x19, 0x0E, + 0x86, 0x91, 0x66, 0xDE, 0xF6, 0x4B, 0x35, 0xC2, + 0xDF, 0x3D, 0x4C, 0x7B, 0xC5, 0x58, 0x5E, 0x86, + 0x89, 0x6A, 0xFC, 0x86, 0x48, 0x75, 0xD1, 0x18, + 0xD1, 0xCB, 0x41, 0xC0, 0xF6, 0xD8, 0x87, 0x79, + 0xD9, 0xA2, 0x56, 0x2E, 0x83, 0x26, 0x11, 0xC1, + 0x4B, 0x53, 0x37, 0x85, 0x62, 0xFF, 0x6A, 0x67, + 0xFD, 0x18, 0x79, 0xD7, 0x55, 0x9B, 0xF7, 0x64, + 0xA9, 0x21, 0xB6, 0x1B, 0xF6, 0x11, 0x85, 0xF8, + 0xC0, 0x68, 0xDE, 0x61, 0x0C, 0x61, 0x7E, 0x8E, + 0xED, 0x9E, 0x58, 0x84, 0x16, 0x1A, 0x28, 0xC5, + 0x41, 0x63, 0xB3, 0xF0, 0x82, 0xAA, 0xE8, 0x36, + 0x81, 0x5C, 0xD3, 0xB7, 0xFB, 0x92, 0xF4, 0x7A, + 0x1E, 0x85, 0xA2, 0xB7, 0x21, 0xD5, 0xFA, 0xC8, + 0xE8, 0x02, 0x43, 0x5B, 0x56, 0x42, 0x03, 0x17, + 0x67, 0xEE, 0x3E, 0x31, 0x23, 0x63, 0xC7, 0x33, + 0x95, 0xDE, 0x07, 0xF6, 0x11, 0x3A, 0x2C, 0x3F, + 0x7B, 0xBB, 0x2D, 0x5C, 0x23, 0xF9, 0x2F, 0x9C, + 0x51, 0x19, 0x9F, 0x35, 0xC3, 0x18, 0x9F, 0x83, + 0x6E, 0xA8, 0x03, 0xF1, 0x79, 0x1F, 0xB0, 0xC8, + 0x2F, 0xF4, 0x2E, 0x9A, 0x26, 0xF3, 0x44, 0x02, + 0x8F, 0x45, 0x8B, 0xB0, 0x25, 0x1D, 0xF2, 0xD4, + 0x55, 0xB7, 0x65, 0xEF, 0xDB, 0x3D, 0x8E, 0x92, + 0xC8, 0xA0, 0x63, 0x4C, 0x38, 0xA3, 0x54, 0xD3, + 0xC2, 0x5A, 0x2A, 0x6A, 0x15, 0x27, 0x2A, 0xE2, + 0xFC, 0x25, 0xB6, 0xC8, 0x68, 0xEB, 0xED, 0x2D, + 0x23, 0xE8, 0x6D, 0x5C, 0xDD, 0x3F, 0x18, 0xB4, + 0x6E, 0x79, 0x36, 0xC9, 0x1C, 0xB4, 0x92, 0x41, + 0xAD, 0x35, 0xD4, 0x15, 0xE4, 0x64, 0x1C, 0x51, + 0xCB, 0x0C, 0x41, 0xB7, 0xFD, 0xC1, 0x09, 0x3E, + 0xD2, 0x4D, 0x38, 0x88, 0x77, 0x1C, 0x71, 0x91, + 0x74, 0xD3, 0x28, 0xE0, 0xCE, 0x9A, 0x11, 0x8D, + 0xBF, 0x4D, 0x8D, 0xF0, 0x44, 0xF6, 0x79, 0xFC, + 0x4C, 0xAD, 0x17, 0x88, 0xC0, 0x8C, 0x0B, 0x7A, + 0x90, 0x01, 0x53, 0x6C, 0x6B, 0x44, 0xF6, 0xE5, + 0x2E, 0xEC, 0x44, 0x4F, 0xB8, 0x9B, 0x10, 0xBE, + 0xCF, 0x55, 0x55, 0x29, 0x83, 0xB8, 0xD0, 0x25, + 0x5B, 0xCE, 0x8F, 0xA5, 0xB7, 0x6C, 0xA7, 0x47, + 0x65, 0xA9, 0xE9, 0x9B, 0xA5, 0xBC, 0x28, 0x1D, + 0x9F, 0x1F, 0x5E, 0x97, 0x42, 0x10, 0x84, 0x92, + 0xFB, 0x38, 0x0B, 0x2E, 0xAC, 0x79, 0x0A, 0x7D, + 0x00, 0x2C, 0x35, 0xD0, 0x54, 0x0D, 0x28, 0xE7, + 0xAB, 0x06, 0x02, 0xDA, 0x89, 0xA3, 0x06, 0x8E, + 0x13, 0x9A, 0xA7, 0xCA, 0x48, 0x09, 0xB0, 0x48, + 0x37, 0x08, 0xA7, 0x7D, 0xDA, 0xEB, 0x58, 0x64, + 0x39, 0xB3, 0xF3, 0xB2, 0x4C, 0x00, 0x4B, 0xCB, + 0x94, 0x36, 0xD4, 0x7C, 0x73, 0x45, 0xC8, 0x93, + 0xE5, 0x2A, 0x11, 0xF0, 0xEF, 0x0C, 0xED, 0x5F, + 0x8B, 0x0C, 0x86, 0xAD, 0x3A, 0x01, 0x07, 0x1A, + 0xC0, 0x34, 0xE8, 0x74, 0x21, 0x27, 0x73, 0x56, + 0x93, 0x76, 0x5D, 0x80, 0x59, 0xB4, 0xA4, 0xDC, + 0x80, 0xE7, 0xCE, 0x70, 0x0E, 0x0F, 0xEC, 0x56, + 0x42, 0x6E, 0x9C, 0x76, 0x3D, 0xF6, 0xB4, 0x41, + 0xE2, 0x3E, 0xAC, 0x25, 0xE7, 0x86, 0xA7, 0xA7, + 0x0A, 0x0D, 0x5D, 0x04, 0x1F, 0x45, 0xD4, 0x5B, + 0x42, 0x38, 0x4C, 0x60, 0xE7, 0xB7, 0x0D, 0xC7, + 0x28, 0x4F, 0xA5, 0x4E, 0x0C, 0x1B, 0xC4, 0xDA, + 0x50, 0x1A, 0xA0, 0x93, 0xAE, 0x10, 0x9A, 0x1A, + 0xC8, 0xC6, 0x56, 0xFC, 0x0A, 0xEA, 0x89, 0x3A, + 0x28, 0x21, 0xE9, 0x52, 0x9D, 0xEB, 0x07, 0x68, + 0xC1, 0x57, 0x32, 0x25, 0x1F, 0x93, 0x5D, 0x35, + 0xB2, 0x4B, 0x58, 0x30, 0xAF, 0x51, 0xC6, 0x7D, + 0x47, 0xD1, 0xA2, 0xAD, 0xDE, 0x75, 0x48, 0x84, + 0x74, 0x19, 0x74, 0x18, 0xA0, 0x2C, 0xD8, 0xB2, + 0xFE, 0x44, 0x78, 0x95, 0x6A, 0xBF, 0x56, 0x4D, + 0x20, 0x79, 0xE7, 0xE2, 0xE3, 0x56, 0x69, 0xB3, + 0xFA, 0xE1, 0xEB, 0xE6, 0x11, 0xAC, 0x18, 0xB3, + 0x98, 0xC1, 0x04, 0x20, 0x96, 0x4B, 0xAD, 0xDE, + 0x5B, 0x18, 0xEB, 0x7B, 0xBC, 0x15, 0x11, 0x57, + 0x29, 0x10, 0xE5, 0x80, 0x78, 0x4A, 0xF0, 0x87, + 0xF6, 0xD1, 0x3C, 0x23, 0xC5, 0xF4, 0x2D, 0xD7, + 0xAB, 0xA4, 0xD7, 0xB8, 0x45, 0x8E, 0x04, 0x1B, + 0x78, 0x59, 0x9F, 0x81, 0xE6, 0x04, 0xDF, 0x70, + 0x2B, 0x14, 0x74, 0x16, 0x49, 0xDA, 0xF0, 0xE1, + 0xC8, 0x29, 0xCC, 0x87, 0x8C, 0x2F, 0xFB, 0x18, + 0x3B, 0x47, 0xFC, 0x79, 0x04, 0x84, 0xCB, 0x0A, + 0xD2, 0x64, 0xBF, 0x86, 0xEA, 0x01, 0xAC, 0xE0, + 0xBD, 0xEC, 0x3B, 0xE1, 0xA7, 0x6C, 0xDE, 0x1D, + 0x58, 0x76, 0xCC, 0x53, 0x9E, 0xF6, 0xC6, 0xD4, + 0x2C, 0x87, 0x92, 0xA2, 0x89, 0x27, 0x31, 0x33, + 0x01, 0xA5, 0xA2, 0xE8, 0x8F, 0x13, 0x19, 0x0F, + 0xFD, 0x73, 0xB9, 0x91, 0xBD, 0xB8, 0x80, 0x9A, + 0xA3, 0xB1, 0x21, 0x6C, 0x91, 0x13, 0x8A, 0xAE, + 0xC7, 0xCB, 0x67, 0x14, 0xD1, 0xC0, 0x28, 0x89, + 0x04, 0x8C, 0x9F, 0xDE, 0xA0, 0x9A, 0x99, 0xA8, + 0x61, 0xE6, 0x8F, 0x8E, 0x39, 0xEF, 0x6B, 0x5E, + 0x84, 0x5F, 0x5D, 0x24, 0x37, 0x73, 0x9D, 0x75, + 0xC4, 0xEF, 0xE2, 0xA1, 0xF2, 0xBC, 0x0D, 0xE1, + 0x0D, 0xEC, 0xFA, 0xEE, 0xC1, 0x63, 0xC8, 0x2E, + 0x7D, 0x85, 0x65, 0xC3, 0xF2, 0x0D, 0x8B, 0x73, + 0xF9, 0x3B, 0x0B, 0x3D, 0x49, 0x8B, 0xFB, 0x16, + 0x5B, 0x75, 0x48, 0x9B, 0x56, 0x0A, 0x83, 0x4C, + 0x0D, 0x13, 0xB2, 0xB4, 0x25, 0xC7, 0x2C, 0xCB, + 0xA7, 0x9E, 0xCA, 0x41, 0x44, 0x14, 0x9A, 0x03, + 0xD3, 0x01, 0x8C, 0xB0, 0xD5, 0xA9, 0x36, 0xA4, + 0x16, 0x21, 0x49, 0x0A, 0x99, 0xA1, 0x89, 0xA5, + 0x91, 0x10, 0xA2, 0x1B, 0x3F, 0x98, 0x1E, 0x1C, + 0x43, 0xAA, 0x9C, 0x16, 0x5A, 0xF0, 0x18, 0x64, + 0x0F, 0x6A, 0xE3, 0x97, 0x83, 0x31, 0x4E, 0x84, + 0xC9, 0xEA, 0xD8, 0x9F, 0xEA, 0x9E, 0xD6, 0xF2, + 0x0E, 0x15, 0xA5, 0x48, 0x15, 0x8B, 0x10, 0x1D, + 0x77, 0x78, 0x1B, 0x54, 0x03, 0xC1, 0x2C, 0xB1, + 0xC8, 0x22, 0x11, 0x9D, 0xB8, 0x82, 0x94, 0x26, + 0xA0, 0xED, 0x6C, 0xAD, 0xA8, 0x03, 0xC2, 0xED, + 0x02, 0x74, 0x3E, 0x54, 0xBD, 0x77, 0xA6, 0x0B, + 0x37, 0xFE, 0x04, 0xCD, 0x25, 0x10, 0x2D, 0x52, + 0xC2, 0xD4, 0x5B, 0x9B, 0xAE, 0xFE, 0x35, 0x73, + 0x16, 0x61, 0x84, 0x25, 0x1D, 0xBE, 0x95, 0x34, + 0xA4, 0xF6, 0xB9, 0xA4, 0xF9, 0xAA, 0x5D, 0x1E, + 0x49, 0xBB, 0x19, 0xD9, 0x64, 0xD7, 0x48, 0x1A, + 0x0A, 0x93, 0xC3, 0x69, 0x13, 0x12, 0x68, 0xBB, + 0x97, 0x97, 0xBD, 0x99, 0x69, 0xCE, 0xE6, 0xF5, + 0x84, 0x7B, 0xCC, 0xE4, 0x7D, 0xD3, 0xCD, 0x8A, + 0x7A, 0x4B, 0x98, 0xF4, 0x09, 0x9D, 0xEA, 0x5D, + 0x4E, 0x1F, 0xE1, 0x1E, 0x6C, 0x48, 0xD3, 0x5E, + 0x67, 0xD9, 0xFF, 0x64, 0x4D, 0xA7, 0x64, 0x7A, + 0x01, 0xB2, 0xE9, 0x63, 0x14, 0x10, 0xB7, 0x08, + 0x0C, 0xF9, 0x4D, 0x66, 0x48, 0x46, 0xE3, 0xC2, + 0x48, 0x6B, 0x47, 0xCE, 0x00, 0x98, 0x92, 0x83, + 0xF7, 0xE0, 0x1F, 0x96, 0xFA, 0x53, 0xD5, 0x49, + 0x1C, 0xC7, 0x89, 0xB4, 0xA5, 0x4B, 0x63, 0xBF, + 0xD2, 0x00, 0x79, 0xDD, 0xC1, 0x60, 0xAA, 0xF2, + 0x0F, 0x47, 0xB9, 0x4F, 0x8A, 0x66, 0x05, 0x3D, + 0x96, 0x36, 0x64, 0x48, 0x5F, 0x7E, 0x56, 0x2B, + 0xB3, 0x47, 0xE2, 0x76, 0x64, 0x21, 0x65, 0x34, + 0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04, + 0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17 + }; + static const byte sk_44[] = { + 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, + 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, + 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, + 0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61, + 0x73, 0x61, 0x49, 0x01, 0x0F, 0x94, 0x08, 0x30, + 0x26, 0x02, 0x12, 0x63, 0x64, 0x15, 0x7A, 0x4D, + 0xBA, 0xF5, 0x25, 0xA7, 0xAA, 0x0B, 0x7C, 0x3D, + 0xCE, 0x05, 0x91, 0x95, 0xEF, 0x17, 0x2F, 0xE2, + 0x5A, 0x03, 0x5E, 0x2E, 0x4D, 0xFA, 0xE7, 0x5F, + 0xCD, 0x61, 0x34, 0xFB, 0x3D, 0x3C, 0x5C, 0x60, + 0x1A, 0x6F, 0x09, 0xB5, 0x9D, 0xDD, 0x90, 0x53, + 0xF6, 0x89, 0x50, 0xC2, 0xE1, 0xED, 0x0A, 0x61, + 0x8F, 0xFA, 0xDC, 0x2D, 0xB2, 0x8B, 0xA1, 0x56, + 0xAC, 0x5E, 0x0E, 0xF1, 0x3B, 0x1E, 0x22, 0x9F, + 0xAA, 0x05, 0x96, 0xA3, 0x5E, 0x44, 0x86, 0xA8, + 0xBA, 0x15, 0xD1, 0x11, 0x7D, 0xAA, 0xD0, 0xAA, + 0x01, 0x27, 0x25, 0x04, 0x82, 0x89, 0xA4, 0x22, + 0x2E, 0xDB, 0x80, 0x45, 0xD2, 0x30, 0x45, 0x59, + 0x16, 0x64, 0xE2, 0x08, 0x86, 0x50, 0x00, 0x8E, + 0xCA, 0x08, 0x51, 0x5A, 0x06, 0x01, 0x54, 0x82, + 0x20, 0xC4, 0x92, 0x30, 0x02, 0x21, 0x4E, 0x0A, + 0x93, 0x89, 0x84, 0xB8, 0x70, 0x24, 0x40, 0x51, + 0x24, 0xB3, 0x44, 0xDB, 0x08, 0x40, 0x1B, 0x37, + 0x44, 0x21, 0x22, 0x8E, 0x8C, 0x16, 0x42, 0x10, + 0x22, 0x0E, 0xA1, 0xB2, 0x8D, 0x18, 0x49, 0x30, + 0xC1, 0x32, 0x69, 0x21, 0x03, 0x8E, 0x49, 0x44, + 0x08, 0xD3, 0x16, 0x89, 0x10, 0xA4, 0x25, 0x5C, + 0x22, 0x8A, 0xC0, 0xC8, 0x08, 0xC1, 0x04, 0x6A, + 0xD2, 0xA0, 0x50, 0x8A, 0x02, 0x52, 0x92, 0x16, + 0x44, 0x54, 0x30, 0x4A, 0x92, 0x32, 0x0C, 0x4C, + 0x44, 0x2D, 0x04, 0x15, 0x2A, 0x99, 0x24, 0x42, + 0x52, 0xA8, 0x30, 0x53, 0x24, 0x85, 0x9A, 0xB8, + 0x01, 0xE2, 0x08, 0x09, 0x23, 0x28, 0x08, 0xC4, + 0x98, 0x85, 0x0B, 0xB9, 0x40, 0x60, 0x26, 0x28, + 0x0A, 0x45, 0x12, 0x0C, 0x43, 0x84, 0x82, 0x16, + 0x89, 0xC4, 0x48, 0x28, 0x58, 0x18, 0x2A, 0x20, + 0x07, 0x02, 0xD3, 0x82, 0x45, 0x50, 0xB0, 0x50, + 0x64, 0x36, 0x91, 0x52, 0x02, 0x45, 0x5A, 0x42, + 0x26, 0x01, 0x28, 0x71, 0xD4, 0x86, 0x10, 0x19, + 0xC4, 0x68, 0xC4, 0x30, 0x66, 0xE0, 0x02, 0x49, + 0x18, 0x34, 0x05, 0x04, 0x02, 0x04, 0x90, 0x94, + 0x4C, 0x01, 0xA7, 0x80, 0x12, 0x97, 0x08, 0x19, + 0xC5, 0x41, 0x24, 0xC1, 0x61, 0x08, 0xB0, 0x0C, + 0x21, 0xC1, 0x49, 0x9B, 0x42, 0x51, 0x62, 0x18, + 0x22, 0x54, 0x06, 0x06, 0x93, 0x26, 0x70, 0x49, + 0x86, 0x91, 0x00, 0x28, 0x6C, 0x02, 0xC9, 0x60, + 0x13, 0xC3, 0x09, 0xCB, 0x14, 0x66, 0x09, 0x17, + 0x25, 0x1C, 0x16, 0x89, 0x01, 0xB6, 0x01, 0x60, + 0x86, 0x71, 0x58, 0x96, 0x04, 0x82, 0x38, 0x61, + 0x43, 0x40, 0x72, 0xCC, 0x46, 0x71, 0x81, 0x20, + 0x2C, 0x18, 0x20, 0x6E, 0x03, 0x91, 0x11, 0x9A, + 0x08, 0x89, 0x43, 0x06, 0x48, 0x64, 0x02, 0x6C, + 0x21, 0x33, 0x8D, 0x48, 0x16, 0x66, 0x9B, 0xA4, + 0x2D, 0x01, 0x10, 0x66, 0xDC, 0xB0, 0x25, 0x40, + 0xA0, 0x24, 0xA2, 0xB4, 0x44, 0xC8, 0x26, 0x61, + 0x0A, 0x10, 0x4E, 0xD0, 0x04, 0x11, 0x4A, 0x82, + 0x51, 0x03, 0x04, 0x6C, 0x18, 0x88, 0x6C, 0xE0, + 0x98, 0x41, 0x11, 0x29, 0x06, 0x62, 0x12, 0x8E, + 0xDA, 0x42, 0x91, 0x09, 0x48, 0x60, 0xD1, 0xB4, + 0x80, 0x10, 0x30, 0x30, 0x80, 0x38, 0x82, 0xD0, + 0x84, 0x0D, 0x08, 0x14, 0x92, 0x24, 0x41, 0x40, + 0x0C, 0x10, 0x89, 0xCC, 0x38, 0x8A, 0x13, 0xB6, + 0x89, 0x1A, 0xA7, 0x24, 0x5C, 0x10, 0x12, 0x1B, + 0x21, 0x50, 0x91, 0xB4, 0x29, 0x99, 0xB6, 0x51, + 0x04, 0xB1, 0x91, 0x59, 0xA6, 0x05, 0x19, 0x08, + 0x4A, 0x4A, 0x84, 0x6C, 0x1C, 0x49, 0x02, 0x44, + 0x20, 0x85, 0x14, 0xB1, 0x89, 0x09, 0x44, 0x2C, + 0x10, 0x02, 0x22, 0xE1, 0xB4, 0x25, 0x01, 0x21, + 0x71, 0x53, 0xC2, 0x85, 0x82, 0x88, 0x28, 0xC0, + 0x02, 0x52, 0x19, 0xC5, 0x51, 0x19, 0xA5, 0x09, + 0xC0, 0x82, 0x91, 0x21, 0x47, 0x0D, 0x1C, 0x30, + 0x69, 0xDC, 0xB8, 0x6C, 0x04, 0x41, 0x6A, 0x91, + 0x16, 0x40, 0xA0, 0xC8, 0x24, 0x1A, 0x10, 0x01, + 0x04, 0x39, 0x25, 0x80, 0x16, 0x02, 0x63, 0x36, + 0x71, 0x90, 0xB0, 0x8D, 0x44, 0x16, 0x8E, 0xDA, + 0x16, 0x2E, 0xCB, 0x44, 0x20, 0x54, 0x38, 0x06, + 0x54, 0xC4, 0x01, 0x51, 0x40, 0x86, 0x52, 0x44, + 0x0E, 0x82, 0x02, 0x32, 0x21, 0x38, 0x89, 0x19, + 0x04, 0x40, 0xD8, 0x12, 0x68, 0x21, 0x98, 0x11, + 0x03, 0x33, 0x8A, 0x18, 0x00, 0x45, 0xCB, 0x22, + 0x32, 0xC3, 0x04, 0x46, 0x09, 0x18, 0x51, 0x22, + 0x44, 0x89, 0x13, 0x16, 0x6E, 0xDA, 0x46, 0x45, + 0x09, 0x19, 0x41, 0x81, 0x10, 0x01, 0xDC, 0x18, + 0x8E, 0xC8, 0x44, 0x4C, 0x00, 0x17, 0x82, 0x9C, + 0xA6, 0x4D, 0xC8, 0x08, 0x10, 0x24, 0x42, 0x6D, + 0x91, 0x38, 0x89, 0x8C, 0x40, 0x6E, 0x00, 0x35, + 0x11, 0xD3, 0x24, 0x09, 0x1A, 0x01, 0x65, 0x88, + 0x48, 0x45, 0x09, 0x01, 0x71, 0x43, 0xB8, 0x80, + 0x11, 0x82, 0x2C, 0x84, 0xB8, 0x49, 0x58, 0x14, + 0x28, 0x92, 0x20, 0x32, 0x09, 0x12, 0x05, 0x20, + 0x81, 0x2D, 0x5B, 0x86, 0x11, 0x04, 0x90, 0x45, + 0x49, 0x80, 0x40, 0xD1, 0xC8, 0x24, 0x98, 0xC2, + 0x2C, 0x99, 0xA2, 0x30, 0x04, 0x98, 0x8C, 0x53, + 0x24, 0x02, 0x8A, 0x04, 0x01, 0x4C, 0x28, 0x71, + 0xC3, 0x86, 0x6C, 0x24, 0x49, 0x81, 0x04, 0x02, + 0x28, 0x62, 0x44, 0x32, 0x61, 0x20, 0x28, 0x01, + 0x04, 0x11, 0x0C, 0x09, 0x08, 0x90, 0x98, 0x84, + 0x63, 0xB2, 0x45, 0x63, 0x38, 0x2E, 0x04, 0xA4, + 0x0C, 0x18, 0x05, 0x4E, 0xCC, 0x86, 0x90, 0x43, + 0x40, 0x91, 0x54, 0x02, 0x21, 0x43, 0x28, 0x42, + 0x23, 0x94, 0x29, 0xC8, 0xA6, 0x91, 0x02, 0x09, + 0x80, 0xE3, 0x82, 0x00, 0xC1, 0x34, 0x08, 0xD1, + 0x34, 0x84, 0x12, 0x45, 0x8C, 0x02, 0xC6, 0x81, + 0x41, 0xC6, 0x6C, 0x1B, 0x12, 0x24, 0x04, 0x08, + 0x0D, 0x02, 0x00, 0x0C, 0x9C, 0xA2, 0x05, 0x49, + 0x34, 0x65, 0x00, 0x06, 0x89, 0x88, 0x34, 0x00, + 0xD8, 0x82, 0x29, 0x92, 0x12, 0x91, 0xE3, 0x36, + 0x86, 0xD1, 0x80, 0x71, 0x98, 0xB0, 0x50, 0x48, + 0xC6, 0x11, 0x14, 0x80, 0x0D, 0xA0, 0x12, 0x4D, + 0x9B, 0xB2, 0x40, 0x21, 0x41, 0x50, 0x4B, 0x36, + 0x05, 0x52, 0x10, 0x26, 0x19, 0xB2, 0x60, 0x92, + 0xA2, 0x24, 0xCB, 0x08, 0x00, 0x14, 0x22, 0x49, + 0x5A, 0xD0, 0x55, 0xBD, 0x2B, 0x45, 0xE4, 0x31, + 0x41, 0xA8, 0xC3, 0xA3, 0xAD, 0xBD, 0xB6, 0x37, + 0x92, 0x06, 0x95, 0x6B, 0x3D, 0xD8, 0xE5, 0x33, + 0x71, 0xB6, 0x62, 0xB7, 0x67, 0x6C, 0x77, 0x84, + 0x63, 0x2F, 0x41, 0x1D, 0xBA, 0x51, 0x27, 0xE1, + 0x24, 0x5D, 0xC2, 0x38, 0x71, 0x65, 0x9E, 0x8E, + 0xE4, 0xEB, 0xBB, 0x1D, 0x89, 0xEB, 0x18, 0xCA, + 0x0C, 0xA6, 0x86, 0xA3, 0x4D, 0x7C, 0x7A, 0x02, + 0xAC, 0xDD, 0x34, 0xCE, 0x05, 0x3B, 0x1B, 0x49, + 0xF4, 0x6D, 0x12, 0x33, 0xBC, 0x52, 0x70, 0x59, + 0xDF, 0xBC, 0x5D, 0x49, 0x42, 0x6A, 0xED, 0xC7, + 0xF1, 0x8C, 0xF5, 0x6D, 0x1F, 0xBC, 0xE4, 0xBD, + 0x45, 0x5D, 0x59, 0xF8, 0xCE, 0x9A, 0x39, 0xB5, + 0x96, 0x32, 0xFD, 0x93, 0x65, 0x8E, 0x92, 0xF1, + 0x8F, 0xB0, 0x99, 0xF3, 0x80, 0x0F, 0x66, 0x14, + 0xFE, 0xEB, 0x23, 0x17, 0x2D, 0x4C, 0x8F, 0x41, + 0x9A, 0x9B, 0xD1, 0x5B, 0x5B, 0xC0, 0x3D, 0xA6, + 0x0E, 0xF3, 0xE0, 0xA1, 0x04, 0xDC, 0x24, 0x18, + 0x9D, 0x90, 0xC6, 0x89, 0x5A, 0x7F, 0x10, 0x1E, + 0x4B, 0x21, 0xEC, 0x91, 0xD8, 0x5D, 0x65, 0xDB, + 0xCF, 0x90, 0x62, 0x85, 0xE9, 0x58, 0xA3, 0x47, + 0x92, 0x1C, 0xD0, 0x0C, 0xA3, 0xF3, 0x3E, 0x36, + 0xDB, 0x24, 0xA6, 0x98, 0xAB, 0xA7, 0x89, 0x2B, + 0x71, 0x6C, 0x4D, 0x00, 0xB0, 0xD5, 0xA0, 0xCA, + 0x1A, 0x76, 0x8E, 0x80, 0xB7, 0xAE, 0x83, 0x89, + 0x50, 0xF8, 0xA7, 0x52, 0x8B, 0x94, 0xD2, 0x2B, + 0x9F, 0x49, 0x92, 0x3D, 0x54, 0x0D, 0xB8, 0xD1, + 0x19, 0x49, 0xAC, 0x91, 0xAF, 0xDB, 0xE9, 0x24, + 0x4D, 0xD8, 0xE1, 0xD5, 0x16, 0x0E, 0xB1, 0x39, + 0x40, 0x7D, 0x5F, 0xF5, 0x92, 0xB4, 0xAF, 0xC3, + 0x76, 0x2B, 0xDB, 0x7D, 0x52, 0x97, 0x62, 0x9F, + 0xCF, 0x32, 0x19, 0x5F, 0xE6, 0x32, 0xFB, 0x8E, + 0x39, 0x24, 0xB4, 0xEB, 0xE9, 0x17, 0x9E, 0x47, + 0x69, 0x4D, 0x92, 0x82, 0x96, 0x88, 0x38, 0x11, + 0xCE, 0xD6, 0xBF, 0x18, 0xE3, 0x51, 0x40, 0x81, + 0x11, 0xA0, 0x74, 0xDA, 0x0D, 0x5E, 0xEC, 0xD8, + 0x5D, 0x33, 0x22, 0x1E, 0xB9, 0x5D, 0xBF, 0x79, + 0xB0, 0xA1, 0xEF, 0xD1, 0x2D, 0xA0, 0x5F, 0xA1, + 0xC7, 0x6E, 0xD5, 0x08, 0xB8, 0xD0, 0xC1, 0x95, + 0x51, 0x9B, 0x07, 0xC3, 0x4A, 0x0A, 0xB5, 0xA1, + 0x28, 0xFE, 0x95, 0x95, 0x0A, 0xCF, 0x83, 0xA8, + 0xEB, 0x8F, 0xFB, 0x18, 0xD5, 0xBD, 0x69, 0x50, + 0xF1, 0xDF, 0x06, 0xFA, 0x9A, 0x65, 0x47, 0xBB, + 0x56, 0xE9, 0xCB, 0x8F, 0x69, 0x5F, 0xE0, 0xAD, + 0x19, 0x3A, 0x70, 0xE5, 0x66, 0x42, 0xD7, 0x1C, + 0x0C, 0xB4, 0x03, 0x89, 0x7D, 0x47, 0x4D, 0x29, + 0x67, 0x8C, 0x41, 0x73, 0xAB, 0x7D, 0xFD, 0x69, + 0x15, 0xAD, 0xE3, 0xB7, 0xF8, 0x98, 0x3B, 0xCA, + 0x8F, 0x27, 0x37, 0x7B, 0x72, 0x2C, 0x5F, 0x23, + 0x73, 0x15, 0xE2, 0xB6, 0xBD, 0xDE, 0x84, 0xF8, + 0x7E, 0x22, 0xB9, 0xFD, 0xD3, 0x4D, 0x62, 0x80, + 0xBA, 0xC5, 0x57, 0x29, 0x30, 0x1B, 0x06, 0x4D, + 0x20, 0xB1, 0x53, 0x86, 0xCB, 0x6A, 0x4A, 0xE3, + 0xC1, 0xA9, 0x88, 0xCF, 0xEB, 0x15, 0x2F, 0xA8, + 0xA8, 0x6F, 0xFC, 0x2A, 0xA8, 0x0E, 0xD9, 0xFA, + 0xEA, 0xD7, 0x3B, 0xCE, 0xF8, 0x5B, 0xD8, 0x92, + 0x22, 0x6A, 0x1A, 0x8E, 0x5E, 0x91, 0x37, 0x2C, + 0x21, 0x05, 0xC4, 0xAC, 0xF7, 0x62, 0x83, 0xBA, + 0x55, 0xD5, 0x2C, 0xCE, 0xA1, 0x19, 0x93, 0x0E, + 0xDE, 0xB6, 0xB8, 0x78, 0x0F, 0xBF, 0x4C, 0xA4, + 0x66, 0xAD, 0x97, 0x2F, 0xEE, 0x34, 0xE9, 0xA2, + 0xB6, 0x1D, 0x3C, 0x60, 0xFB, 0xB8, 0x7F, 0xF8, + 0xFD, 0x34, 0x8C, 0xC5, 0xC7, 0x38, 0x72, 0x74, + 0x19, 0xA9, 0xCF, 0x54, 0x49, 0x5B, 0xBA, 0x70, + 0x12, 0xC1, 0x61, 0xDC, 0x32, 0x61, 0x49, 0x66, + 0xF3, 0x57, 0xAA, 0x0F, 0xE6, 0x44, 0x9E, 0x8A, + 0x19, 0x9C, 0x6B, 0x63, 0x2C, 0x14, 0x1E, 0xDD, + 0x00, 0x27, 0xE3, 0x95, 0xE3, 0xE7, 0xD9, 0xFF, + 0x30, 0x2D, 0x14, 0x19, 0x4F, 0x49, 0x20, 0x0B, + 0x58, 0x2A, 0x23, 0x1C, 0xE2, 0xAD, 0x6B, 0x9C, + 0x7B, 0xB6, 0x20, 0x63, 0x08, 0x24, 0x55, 0x04, + 0x58, 0x1F, 0x0E, 0xBE, 0x2A, 0x6F, 0x79, 0x90, + 0x9E, 0x15, 0x8F, 0x4B, 0xDB, 0xE2, 0xBE, 0xBC, + 0x28, 0xB1, 0xC8, 0xFE, 0x00, 0x6D, 0x71, 0xCC, + 0x91, 0x6A, 0xCC, 0xF8, 0x12, 0x8B, 0xEC, 0xF3, + 0x46, 0x53, 0xB1, 0x7F, 0xB3, 0x79, 0xF0, 0xC7, + 0xD7, 0xA5, 0xCF, 0x2C, 0xC3, 0x09, 0x66, 0x82, + 0x53, 0x43, 0xFD, 0xAC, 0xDE, 0xD5, 0x85, 0xB3, + 0x79, 0x74, 0x55, 0xE8, 0xF6, 0xE5, 0xFB, 0xF0, + 0x63, 0x0C, 0x36, 0x63, 0x65, 0x10, 0x43, 0xC9, + 0x60, 0x99, 0xD6, 0x0C, 0xB9, 0x66, 0x1C, 0xA9, + 0x97, 0x4D, 0xDB, 0xA8, 0x13, 0x9E, 0xAE, 0xCA, + 0x7A, 0x5F, 0xE3, 0x24, 0xA0, 0xEE, 0x8A, 0x9D, + 0x7F, 0x03, 0x53, 0x21, 0x6B, 0xAF, 0x3D, 0xF9, + 0x38, 0xF3, 0x7A, 0x1D, 0xDA, 0xE2, 0xEF, 0xBA, + 0x86, 0x21, 0x85, 0x1F, 0x36, 0x08, 0x0B, 0xDA, + 0x37, 0x5A, 0x0A, 0xD7, 0x55, 0x41, 0xD5, 0x84, + 0x1B, 0x36, 0xA2, 0x50, 0x65, 0xD7, 0xF3, 0xA3, + 0xEB, 0xE1, 0xDE, 0x0F, 0x85, 0xAA, 0xF6, 0x2F, + 0xAB, 0xBB, 0xC8, 0xF1, 0x2A, 0xD1, 0x0A, 0x9B, + 0xE4, 0x7B, 0xBC, 0x4D, 0x42, 0xD8, 0xA3, 0x4C, + 0x07, 0x6A, 0x60, 0x3E, 0xE2, 0xDA, 0xE7, 0x00, + 0xDF, 0x27, 0x94, 0xEF, 0x90, 0x99, 0x88, 0x2C, + 0xCF, 0xAA, 0xE1, 0x71, 0x2D, 0xFD, 0x00, 0x9C, + 0x55, 0xBF, 0xC4, 0x7A, 0x55, 0xE9, 0xE0, 0xB4, + 0x7F, 0x3D, 0xE9, 0xB0, 0x01, 0xA7, 0x27, 0x23, + 0x27, 0x58, 0x31, 0x0E, 0x8E, 0x80, 0xD8, 0xEB, + 0x64, 0xA0, 0xC3, 0xC9, 0xEA, 0x69, 0x9C, 0x74, + 0x5E, 0xAF, 0xD5, 0xEF, 0x5C, 0x4E, 0x40, 0x71, + 0xD6, 0x57, 0x77, 0xE2, 0xAF, 0x0E, 0x1D, 0xB8, + 0x5A, 0x91, 0x20, 0x4C, 0x33, 0x4D, 0xD8, 0x4F, + 0x98, 0xE0, 0x86, 0x1D, 0x02, 0xA0, 0xDA, 0x06, + 0x17, 0xC4, 0x5D, 0x2E, 0x49, 0x31, 0xE6, 0xE4, + 0xDC, 0x18, 0x23, 0x26, 0xF3, 0x61, 0xF5, 0x8D, + 0x26, 0x2C, 0x18, 0x4C, 0xDF, 0x71, 0x90, 0x24, + 0x96, 0xD3, 0xD4, 0x1A, 0x6F, 0x08, 0xAB, 0x29, + 0x7D, 0xFF, 0x4E, 0x27, 0x6D, 0x39, 0x83, 0x17, + 0x90, 0xA4, 0x07, 0x8A, 0xDE, 0x79, 0x53, 0xF6, + 0x99, 0x2E, 0xA6, 0x39, 0x47, 0xC3, 0xBE, 0x12, + 0xC7, 0xA5, 0x7E, 0xA2, 0x19, 0x57, 0x04, 0x45, + 0xBE, 0x44, 0x62, 0x92, 0xCA, 0x56, 0xE1, 0xF0, + 0x45, 0x3B, 0xA4, 0xF8, 0xF5, 0xCD, 0xC7, 0xD2, + 0xB2, 0x46, 0x57, 0x51, 0x0B, 0x06, 0xDA, 0x54, + 0x03, 0x9E, 0x52, 0xA2, 0x78, 0x69, 0x25, 0x2E, + 0x75, 0x83, 0x25, 0x3F, 0xA3, 0x62, 0x27, 0xB9, + 0xA6, 0x59, 0x7A, 0xB1, 0xB6, 0xE9, 0xC1, 0xDD, + 0x2F, 0x22, 0x2D, 0x3B, 0xA3, 0x22, 0xD6, 0x11, + 0x7B, 0x08, 0x27, 0x92, 0x83, 0x7A, 0x5D, 0x0D, + 0x6B, 0x9D, 0x5B, 0xEB, 0xE9, 0xC0, 0x88, 0xDE, + 0x44, 0x55, 0xBA, 0x69, 0xC1, 0x7A, 0x4D, 0xE6, + 0x35, 0x67, 0x6F, 0x99, 0x9B, 0x07, 0xD8, 0x04, + 0xAA, 0xEA, 0x7D, 0xFF, 0x8E, 0xB8, 0xAA, 0x4C, + 0x79, 0xE2, 0x88, 0xA8, 0x1D, 0xE8, 0xA6, 0x77, + 0xCA, 0x06, 0xC0, 0xDF, 0x0E, 0x2B, 0xCB, 0xFF, + 0x9F, 0x64, 0x67, 0x11, 0xF1, 0xB9, 0x38, 0x83, + 0x19, 0x05, 0x30, 0x9B, 0x01, 0x11, 0x55, 0x03, + 0xAD, 0x44, 0x7D, 0x3C, 0x07, 0xEF, 0x88, 0x19, + 0x92, 0xC0, 0xFE, 0xE1, 0xAB, 0xDB, 0x24, 0x18, + 0x17, 0xD0, 0x03, 0x5C, 0x91, 0xD4, 0xA6, 0x2A, + 0xF1, 0xE9, 0x72, 0x62, 0x58, 0x22, 0x7D, 0x55, + 0x15, 0xE2, 0xA1, 0x70, 0x14, 0x5E, 0x34, 0xB9, + 0x5A, 0xB7, 0x5D, 0x3F, 0xB8, 0xB5, 0x45, 0x44, + 0xD2, 0x50, 0xD1, 0xC6, 0x7E, 0xE7, 0x3D, 0xF4, + 0xD3, 0xEC, 0xFB, 0x97, 0x32, 0x11, 0x72, 0x51, + 0xB7, 0x4A, 0xC8, 0x38, 0x96, 0xFC, 0x6F, 0x69, + 0xC2, 0xD5, 0xD3, 0x28, 0xE9, 0x63, 0x14, 0x14, + 0xFE, 0xB1, 0xA4, 0x02, 0x80, 0x65, 0x73, 0xD3, + 0x57, 0x07, 0x95, 0x21, 0x40, 0x00, 0x77, 0xA7, + 0x6D, 0x44, 0x2B, 0x0D, 0x77, 0x07, 0x92, 0x64, + 0xD4, 0x3A, 0xE2, 0x7F, 0xF2, 0x1C, 0x14, 0x08, + 0x60, 0x74, 0x8F, 0xFC, 0x0B, 0xE8, 0xEC, 0xA9, + 0xB7, 0x97, 0xA7, 0x85, 0x8A, 0xEF, 0xD7, 0x7E, + 0xD5, 0x15, 0xF7, 0x45, 0x8D, 0x9C, 0xBF, 0x23, + 0xEB, 0x8C, 0x4D, 0xD2, 0x28, 0x7E, 0x0A, 0x61, + 0x2E, 0xBA, 0xBE, 0x89, 0x1D, 0x64, 0x45, 0x22, + 0x70, 0x9D, 0x48, 0xEB, 0x2F, 0x96, 0xF1, 0xA7, + 0xDE, 0xD3, 0x28, 0x4C, 0xC9, 0xFB, 0xF2, 0x9C, + 0x5B, 0xFC, 0xBE, 0xBE, 0xF4, 0x38, 0xC9, 0x43, + 0xC3, 0x66, 0x53, 0xA9, 0x06, 0xE5, 0x71, 0x16, + 0xA4, 0xBB, 0x3B, 0x50, 0x53, 0xCF, 0xF4, 0x1F, + 0xD6, 0x00, 0x07, 0x46, 0xFB, 0x97, 0x0B, 0xF9, + 0x3D, 0xF4, 0xC6, 0x60, 0xD0, 0x37, 0x70, 0xC0, + 0x2D, 0xD1, 0x9F, 0xA5, 0x78, 0xF3, 0x1F, 0x03, + 0x81, 0xB1, 0x93, 0xBA, 0xE5, 0x82, 0xE6, 0xD1, + 0x66, 0x93, 0x83, 0x5B, 0xB9, 0xAD, 0xD9, 0x01, + 0xA5, 0xB6, 0x5C, 0x69, 0x82, 0xD7, 0x2F, 0x35, + 0x35, 0x98, 0xEE, 0xE9, 0xA0, 0x74, 0xC1, 0x91, + 0x44, 0x0A, 0x04, 0xCD, 0x97, 0xBE, 0x6B, 0x60, + 0x90, 0x9A, 0x48, 0x7B, 0x83, 0xA2, 0x28, 0x97, + 0xB5, 0xBA, 0xB1, 0x4D, 0x35, 0x8B, 0x34, 0x0A, + 0xA1, 0xCB, 0xA5, 0xC2, 0xA4, 0x6A, 0x36, 0xB3, + 0x12, 0x46, 0x59, 0xDB, 0x63, 0xE5, 0xF9, 0xF1, + 0x7F, 0xAD, 0x42, 0xF4, 0x24, 0xF0, 0x02, 0x3D, + 0x1E, 0x6C, 0xD5, 0xB3, 0x06, 0x8F, 0x1F, 0x59, + 0x79, 0xCC, 0xF9, 0x5B, 0x4F, 0x8B, 0xD6, 0x03, + 0xC7, 0x53, 0xE6, 0xCE, 0xBB, 0xD8, 0x52, 0x89, + 0x70, 0x5D, 0x98, 0x86, 0xA5, 0x9E, 0x44, 0xA9, + 0xC8, 0x17, 0xA2, 0x6F, 0x43, 0x2D, 0x8D, 0xA7, + 0xDE, 0x3E, 0xFA, 0xE7, 0x98, 0x7B, 0xB5, 0xBE, + 0x7B, 0x10, 0xB8, 0xB8, 0xA5, 0x3D, 0x3E, 0xCD, + 0x94, 0x19, 0x5E, 0x06, 0x51, 0xB8, 0x58, 0x1E, + 0x0E, 0xCF, 0xFE, 0xE5, 0xED, 0x84, 0xB5, 0xF5, + 0x0F, 0x34, 0x32, 0xAC, 0x0A, 0x7F, 0x03, 0xF0, + 0xF8, 0xFC, 0x69, 0xA0, 0x26, 0x0D, 0x2E, 0xFA, + 0x62, 0x49, 0x5C, 0xC4, 0xE5, 0xF6, 0x8B, 0xC5, + 0x26, 0x21, 0x23, 0x3B, 0xBD, 0x9A, 0x23, 0x95, + 0x69, 0xA7, 0x48, 0x94, 0x30, 0x1E, 0xC3, 0x82, + 0xB6, 0x75, 0x30, 0xA6, 0xF3, 0x1E, 0xBB, 0xBC, + 0xF7, 0x21, 0x27, 0x12, 0x2C, 0x51, 0x50, 0x55, + 0x87, 0x0D, 0xF1, 0xCC, 0x6C, 0xFF, 0xEA, 0x7E, + 0x2C, 0xDA, 0x8B, 0x9B, 0x20, 0xF4, 0x75, 0xFB, + 0xC2, 0x3F, 0xBE, 0x09, 0xA6, 0xC9, 0x26, 0xE7, + 0xB5, 0xC7, 0xE6, 0xB9, 0x35, 0x8C, 0xAF, 0xFA, + 0xC0, 0x8D, 0x43, 0x33, 0x25, 0xBA, 0xAA, 0xDC, + 0xCF, 0xBC, 0xE4, 0xC4, 0xC6, 0x26, 0x4A, 0x0D, + 0x9D, 0xCC, 0x2A, 0xE0, 0x5B, 0x1E, 0xC9, 0x78, + 0xF8, 0xA2, 0xB5, 0x46, 0xE5, 0x49, 0xB8, 0x4C, + 0xC2, 0x22, 0x40, 0xCE, 0x97, 0x9A, 0x95, 0x40, + 0xF7, 0xD6, 0x52, 0x54, 0x3B, 0xBB, 0x42, 0xC5, + 0x6F, 0x00, 0x7F, 0x83, 0xDD, 0x88, 0x71, 0xF7, + 0xD4, 0x1B, 0x3D, 0x81, 0xC4, 0xB1, 0x49, 0x9B, + 0xF3, 0x68, 0x15, 0xC5, 0x15, 0x97, 0x0F, 0xC5, + 0x43, 0xDD, 0x07, 0xBE, 0x98, 0x43, 0x2C, 0xB3, + 0xEF, 0x08, 0xCA, 0xDC, 0x9C, 0x27, 0x58, 0xFE, + 0x49, 0xE9, 0x77, 0xD9, 0x1C, 0x62, 0xA4, 0xA2, + 0xF9, 0x78, 0xCC, 0xB3, 0x21, 0x06, 0x10, 0xDE, + 0x5A, 0x52, 0xA3, 0x67, 0xBD, 0x5E, 0xBC, 0x9B, + 0x4E, 0x40, 0x87, 0x93, 0xCF, 0x0E, 0x27, 0x0E, + 0xE3, 0x11, 0x4B, 0xB3, 0xE0, 0xCE, 0x24, 0xB6, + 0x0A, 0x53, 0x03, 0xF8, 0x01, 0x6A, 0x7E, 0xFE, + 0xC8, 0x66, 0x9F, 0x29, 0xF3, 0x45, 0x94, 0xD6, + 0x0E, 0x30, 0xB5, 0x61, 0xA9, 0xEC, 0x8F, 0x71, + 0xF7, 0x36, 0xD6, 0x43, 0x4B, 0x0C, 0xCD, 0x45, + 0xBB, 0xA4, 0xBD, 0xE9, 0xA9, 0xC3, 0xC1, 0x95, + 0x1E, 0xF9, 0x42, 0x07, 0x18, 0xEA, 0xF5, 0x0B, + 0x27, 0xB6, 0xDE, 0xEF, 0x67, 0x33, 0x83, 0x0D, + 0xD9, 0x5E, 0x3A, 0x93, 0xD2, 0xD0, 0xDB, 0xB9, + 0x98, 0xF0, 0x25, 0x21, 0xF3, 0xDF, 0x0B, 0x1E + }; +#endif /* !WOLFSSL_NO_ML_DSA_44 */ +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte seed_65[] = { + 0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F, + 0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7, + 0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE, + 0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B + }; + static const byte pk_65[] = { + 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, + 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, + 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, + 0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41, + 0x39, 0x5D, 0xF9, 0x20, 0x6C, 0x36, 0x0D, 0x4F, + 0x83, 0x43, 0xBE, 0x86, 0xEF, 0x6C, 0x43, 0xD0, + 0x3E, 0xD0, 0x63, 0x0A, 0x5B, 0x92, 0x8D, 0x31, + 0x19, 0x1D, 0xA9, 0x51, 0x61, 0x48, 0xE6, 0x26, + 0x50, 0x07, 0x54, 0x9B, 0xB0, 0xB7, 0x62, 0x54, + 0xDB, 0x80, 0x4E, 0x48, 0x7F, 0x48, 0xC5, 0x11, + 0x91, 0xFC, 0xA9, 0x26, 0x25, 0x08, 0xA5, 0x99, + 0xA0, 0x3C, 0xB9, 0x0C, 0xCF, 0x6C, 0xCD, 0x83, + 0x9A, 0x38, 0x6D, 0x22, 0xDE, 0x0A, 0xC3, 0x8F, + 0xF7, 0xD0, 0x57, 0x40, 0x53, 0xE9, 0xE9, 0x4E, + 0x73, 0xFA, 0x58, 0x40, 0x9F, 0x6D, 0x8A, 0xD3, + 0x6F, 0x86, 0x84, 0x4D, 0x18, 0xD7, 0x4C, 0x76, + 0x39, 0x57, 0x9E, 0xC0, 0xC7, 0xE4, 0xEE, 0x54, + 0xF4, 0xAD, 0x10, 0xC5, 0x69, 0x59, 0xE0, 0xBC, + 0x9B, 0xF4, 0x20, 0x8F, 0xBA, 0x0A, 0x94, 0x10, + 0x55, 0x07, 0x7E, 0xD1, 0xF9, 0x20, 0xCC, 0x2F, + 0xA9, 0xAE, 0x9D, 0xF5, 0xE4, 0x29, 0x40, 0x7E, + 0x44, 0xA4, 0xDF, 0xB2, 0xE9, 0x25, 0xE0, 0xBA, + 0x8D, 0x6C, 0x33, 0x88, 0x9C, 0xEE, 0x27, 0xDB, + 0xC7, 0x0A, 0x6E, 0x5A, 0x08, 0x92, 0x9B, 0x53, + 0xF8, 0xFD, 0xF9, 0x5B, 0xEB, 0x03, 0x8E, 0x45, + 0xCB, 0x91, 0x19, 0x4E, 0x6B, 0x1E, 0xA0, 0xA4, + 0xF0, 0x43, 0xC9, 0x8F, 0xDF, 0x93, 0x5E, 0x86, + 0xB0, 0x09, 0xD3, 0x47, 0x38, 0x7C, 0x8E, 0x78, + 0x85, 0x71, 0x3D, 0x07, 0x2E, 0x2E, 0x12, 0x6F, + 0x06, 0x97, 0x0E, 0x54, 0xAD, 0x71, 0x09, 0xEF, + 0xA5, 0x55, 0x0A, 0x39, 0x86, 0xE6, 0x17, 0x17, + 0x70, 0x9A, 0xA7, 0xA7, 0x1B, 0xCE, 0x78, 0x06, + 0x2C, 0x61, 0x1A, 0xB9, 0x48, 0x22, 0x41, 0x45, + 0x15, 0xEB, 0x10, 0x3C, 0x6E, 0x24, 0x37, 0xA4, + 0xB5, 0xE8, 0x82, 0x4D, 0x6D, 0xCC, 0x44, 0xC6, + 0xB0, 0x5D, 0xBE, 0x46, 0xDA, 0x5F, 0x00, 0x36, + 0x5B, 0xBD, 0x87, 0x65, 0x3A, 0x96, 0x21, 0x58, + 0x45, 0x65, 0xDB, 0xD8, 0x77, 0x76, 0x7B, 0x25, + 0xC3, 0x78, 0x6E, 0xD9, 0x14, 0xA7, 0x19, 0x69, + 0x4F, 0xBB, 0x1B, 0xDB, 0x37, 0xCE, 0xAF, 0x8C, + 0x88, 0x2E, 0x9E, 0x30, 0xF6, 0xAE, 0x43, 0xCC, + 0x59, 0x0F, 0x67, 0x8A, 0xCB, 0x4F, 0x08, 0x20, + 0x6D, 0x99, 0xD7, 0xA9, 0xDE, 0xE5, 0xE5, 0xB3, + 0xFF, 0xAA, 0x45, 0x3C, 0xF1, 0xE3, 0x02, 0x7D, + 0x2F, 0xEE, 0x69, 0x04, 0x81, 0x73, 0x01, 0x37, + 0x51, 0x68, 0xC8, 0x0B, 0x51, 0xFD, 0x05, 0xB4, + 0x05, 0xBB, 0xA1, 0xDB, 0x1D, 0xF6, 0x5F, 0x70, + 0xD3, 0x0A, 0x37, 0x4B, 0x9C, 0xC4, 0x45, 0x30, + 0x11, 0x36, 0xE2, 0x48, 0x9F, 0xC4, 0x2E, 0x4E, + 0x0C, 0x0C, 0xA1, 0x04, 0x41, 0x75, 0x95, 0xAA, + 0xED, 0xAC, 0xD4, 0xB2, 0xE7, 0x85, 0x7E, 0xE1, + 0xA6, 0xFE, 0x2A, 0x09, 0x19, 0x09, 0x3D, 0x7C, + 0x20, 0x1E, 0x98, 0x3D, 0x6E, 0x02, 0xC1, 0xCA, + 0xBB, 0x24, 0x82, 0x9F, 0x45, 0x1D, 0x26, 0x99, + 0xAE, 0x02, 0x82, 0xF9, 0x86, 0x3B, 0x67, 0x8C, + 0xBD, 0xFE, 0xF1, 0xD0, 0xB6, 0xB8, 0xAB, 0x00, + 0x0F, 0xEC, 0x30, 0xDC, 0x27, 0x58, 0xE2, 0x29, + 0x18, 0x05, 0x5A, 0x66, 0xA5, 0x88, 0x39, 0x8E, + 0x49, 0x5B, 0xB9, 0x52, 0x43, 0x84, 0xDC, 0xA9, + 0x50, 0x2B, 0x83, 0x3C, 0x84, 0x81, 0x37, 0x52, + 0x30, 0x79, 0xBD, 0x04, 0xB8, 0xDD, 0x47, 0xC1, + 0x02, 0x2E, 0xEC, 0x24, 0xD0, 0x56, 0x23, 0xE1, + 0x92, 0xD0, 0x65, 0x7F, 0xC7, 0xC2, 0xF7, 0x60, + 0x73, 0xB8, 0xAF, 0x0A, 0xF4, 0xEF, 0xFC, 0x1B, + 0xC2, 0xB9, 0x76, 0x87, 0x8A, 0xA6, 0xC2, 0x3F, + 0xD3, 0x9F, 0x1F, 0x2D, 0x94, 0xBC, 0x89, 0x4E, + 0x31, 0x8D, 0x28, 0xD0, 0x90, 0xB5, 0x5B, 0x60, + 0x30, 0xC6, 0x0B, 0x37, 0x63, 0x5D, 0xDC, 0xC6, + 0xE0, 0x1A, 0xBA, 0x6B, 0x23, 0xCD, 0x2E, 0x09, + 0x2D, 0x6A, 0x7E, 0x0C, 0xD9, 0x4F, 0xB1, 0xE2, + 0x89, 0x67, 0xE7, 0xB1, 0x54, 0x08, 0xB2, 0xFA, + 0x83, 0x43, 0x7C, 0x77, 0x06, 0xED, 0xE2, 0x29, + 0x53, 0xB7, 0x09, 0xC4, 0x1B, 0x81, 0x55, 0x12, + 0x41, 0x8E, 0x8B, 0x03, 0x36, 0xEE, 0x45, 0x70, + 0x57, 0xA8, 0x73, 0xEF, 0x70, 0x7B, 0x1F, 0x63, + 0xB0, 0xE8, 0x00, 0xBD, 0x1E, 0xE6, 0xA9, 0x93, + 0x9D, 0x03, 0x19, 0x22, 0xDF, 0xE1, 0x01, 0xF2, + 0xA9, 0x6B, 0x90, 0x5C, 0xD2, 0xC1, 0xAC, 0x9F, + 0xB2, 0x21, 0x1C, 0x2D, 0xC6, 0x80, 0x9A, 0xB5, + 0x1E, 0x46, 0x95, 0x6C, 0xCE, 0x47, 0x3E, 0x67, + 0xCD, 0xD6, 0xC9, 0xB9, 0x81, 0x74, 0x7F, 0x17, + 0xA3, 0xF7, 0x48, 0x99, 0xF3, 0x36, 0x84, 0xF3, + 0x16, 0x41, 0x55, 0x5F, 0xA7, 0xBF, 0x4B, 0x69, + 0x8D, 0xA3, 0x3D, 0x1E, 0xEA, 0xF5, 0x1E, 0xC6, + 0xB8, 0x1C, 0xD6, 0x89, 0x45, 0x68, 0xFA, 0xE7, + 0xCA, 0x86, 0xE4, 0xB1, 0xC9, 0x9C, 0xB2, 0xAB, + 0x89, 0x03, 0xE7, 0x19, 0x7B, 0xA9, 0xF2, 0x6B, + 0x4A, 0x43, 0x1D, 0x90, 0xAF, 0xA4, 0xE3, 0xBC, + 0xEF, 0xD4, 0x37, 0xC5, 0x55, 0x5C, 0x9E, 0x14, + 0xC6, 0x18, 0xDD, 0x45, 0x3F, 0x80, 0x49, 0x1C, + 0x93, 0xFF, 0xBD, 0xDD, 0x75, 0x54, 0x0B, 0xD1, + 0xA9, 0xF6, 0xBC, 0x89, 0x98, 0x7D, 0x6F, 0x03, + 0x7B, 0x06, 0xD5, 0x40, 0x7D, 0x85, 0x48, 0x2E, + 0x11, 0x3E, 0xF0, 0x47, 0x77, 0xD0, 0xBA, 0x03, + 0x33, 0x58, 0xC4, 0x8F, 0x76, 0xF8, 0x72, 0x47, + 0x04, 0x21, 0x5E, 0x85, 0x5A, 0x0F, 0x35, 0x77, + 0xFB, 0x96, 0x29, 0x81, 0x2D, 0x55, 0x6E, 0x53, + 0xC6, 0x13, 0x1E, 0xFA, 0x4D, 0xCE, 0xA9, 0x36, + 0x1D, 0x8F, 0xAB, 0xAC, 0x13, 0x19, 0x94, 0xFC, + 0x4B, 0xCD, 0x36, 0x4C, 0x6E, 0x21, 0xAE, 0xF1, + 0x13, 0xA4, 0xF7, 0x64, 0x8E, 0xE1, 0xAF, 0x50, + 0x6A, 0x63, 0x0E, 0xCA, 0x2F, 0xE9, 0x0C, 0x8A, + 0xE7, 0xF2, 0xE3, 0x68, 0x03, 0xE0, 0x40, 0x1C, + 0x64, 0xAB, 0xC3, 0xEC, 0xC0, 0x92, 0xE9, 0x57, + 0x3E, 0x66, 0x72, 0x36, 0x39, 0x22, 0x4E, 0xCD, + 0x13, 0x08, 0xBA, 0xF8, 0x2B, 0xA1, 0xF2, 0x69, + 0x44, 0x7E, 0x90, 0x5C, 0xC8, 0xEC, 0xB6, 0xBE, + 0x8C, 0x30, 0xE0, 0x69, 0xB7, 0x97, 0xA1, 0x1C, + 0x18, 0xE5, 0x54, 0x62, 0xC3, 0x29, 0x99, 0x21, + 0x16, 0xD9, 0x78, 0x1C, 0x4C, 0x9C, 0x88, 0x4C, + 0xA5, 0xE1, 0x11, 0x66, 0x5B, 0x6E, 0x71, 0xE7, + 0xE2, 0xE7, 0xE4, 0x02, 0xDD, 0x1A, 0x8D, 0x0C, + 0xF5, 0x32, 0xFD, 0x41, 0x28, 0x35, 0x75, 0xD0, + 0x0C, 0x5F, 0x06, 0x6A, 0x5A, 0x61, 0x49, 0x59, + 0xC1, 0x0C, 0xD4, 0x9E, 0xD6, 0x29, 0xE2, 0x37, + 0xDF, 0x2B, 0x3D, 0xE8, 0x98, 0xB9, 0xDF, 0x8E, + 0xA0, 0xC4, 0xE2, 0xFC, 0x45, 0x70, 0xE8, 0x1B, + 0xF4, 0xFA, 0xC5, 0xE6, 0xA7, 0xCF, 0x4F, 0xA2, + 0xDA, 0x3D, 0x90, 0x49, 0x24, 0x8F, 0x61, 0x54, + 0xD5, 0x50, 0x8E, 0xE8, 0x0C, 0x14, 0xAD, 0x6F, + 0x65, 0x88, 0x3A, 0xF6, 0x92, 0xDB, 0x35, 0x5D, + 0xFF, 0x21, 0x20, 0xAC, 0x01, 0x16, 0x0B, 0xEC, + 0x84, 0x15, 0x3B, 0xA9, 0x93, 0x92, 0x75, 0xB3, + 0x73, 0xF1, 0x23, 0x69, 0x94, 0x10, 0xF5, 0xFE, + 0x20, 0xA8, 0xAF, 0x05, 0x87, 0x49, 0x4E, 0x9C, + 0xEB, 0x21, 0x0A, 0xCF, 0x0B, 0xA1, 0x65, 0x38, + 0xA6, 0x18, 0x4D, 0xF7, 0xD8, 0xC1, 0x2C, 0x14, + 0x4C, 0xD9, 0x40, 0xC2, 0xF7, 0xBF, 0xE3, 0x07, + 0x79, 0x55, 0xAE, 0xB9, 0xB6, 0x50, 0x06, 0x92, + 0x94, 0x8C, 0x6A, 0x0E, 0x22, 0x14, 0xE2, 0xCC, + 0x65, 0xBA, 0x0C, 0x4D, 0xB6, 0x5C, 0x4A, 0xE9, + 0x0A, 0x08, 0x0C, 0xF9, 0x26, 0xA2, 0x51, 0x85, + 0x36, 0xE2, 0xC1, 0xF1, 0x0A, 0x66, 0x51, 0x66, + 0x7A, 0x98, 0x9B, 0x2C, 0x30, 0x1A, 0x0D, 0x49, + 0x3C, 0x1E, 0xEC, 0x63, 0x53, 0x5E, 0xD9, 0xDD, + 0x84, 0x69, 0xCD, 0x7E, 0x79, 0x58, 0x3D, 0x6E, + 0xD9, 0x98, 0x58, 0xD8, 0x0A, 0x48, 0xB5, 0x13, + 0x3F, 0x72, 0x4C, 0x11, 0x90, 0x15, 0x12, 0x74, + 0xFF, 0x5C, 0x0D, 0xC6, 0x20, 0x8C, 0xC1, 0x99, + 0xCA, 0x8E, 0xFC, 0xA2, 0xE8, 0xB8, 0xEE, 0xAA, + 0x27, 0xC2, 0x97, 0x8D, 0xFA, 0xBE, 0xE0, 0x43, + 0x99, 0xB6, 0x90, 0x60, 0x00, 0x7C, 0x33, 0xD4, + 0x87, 0x71, 0x7B, 0x56, 0x6C, 0xAA, 0xE0, 0xAC, + 0x9D, 0x7E, 0x7E, 0xA3, 0xCF, 0xBB, 0xB3, 0xA0, + 0x5F, 0xD4, 0xC4, 0x3A, 0xA7, 0xB9, 0x0C, 0xCE, + 0xF3, 0x05, 0x09, 0x91, 0xA7, 0xE9, 0x11, 0x55, + 0x32, 0x45, 0xA6, 0x08, 0x0E, 0x10, 0x37, 0x91, + 0xF3, 0xBF, 0xED, 0x64, 0x26, 0xEB, 0x39, 0xC2, + 0x57, 0xAE, 0x64, 0x79, 0x33, 0x7C, 0x51, 0xB2, + 0xC8, 0x85, 0xE0, 0xF9, 0x6D, 0x10, 0x52, 0x9F, + 0x72, 0xF4, 0xD1, 0x5B, 0x54, 0x5B, 0x93, 0x28, + 0x36, 0xA8, 0xCD, 0xB3, 0x30, 0x5B, 0x7A, 0xB0, + 0xB6, 0xF0, 0xD8, 0xA0, 0xBA, 0x24, 0x59, 0x5F, + 0x43, 0x02, 0x01, 0x57, 0x91, 0x7B, 0x94, 0x07, + 0x63, 0x23, 0x12, 0x94, 0xFB, 0x9F, 0xF2, 0xC1, + 0xD6, 0x80, 0x8F, 0x4E, 0xA7, 0x9E, 0x11, 0xD8, + 0xB3, 0x08, 0xB6, 0x3B, 0x3B, 0xF2, 0xEE, 0x14, + 0xA5, 0xDB, 0xB0, 0xBB, 0x17, 0xA5, 0x96, 0x3C, + 0x2F, 0xB9, 0xE7, 0x4A, 0xD7, 0x52, 0x34, 0x98, + 0xCB, 0x0C, 0xEB, 0x42, 0x5B, 0x2D, 0x2D, 0x2B, + 0x0D, 0x94, 0x66, 0xD3, 0xAD, 0x08, 0x0A, 0x28, + 0xF6, 0x0E, 0xDA, 0xD4, 0x54, 0xFD, 0xC6, 0x48, + 0x08, 0xA1, 0x8D, 0xB0, 0x30, 0xFD, 0x18, 0xB1, + 0x50, 0xB1, 0xFD, 0xE0, 0x6E, 0x33, 0x25, 0x0D, + 0x90, 0xB1, 0xC1, 0xE7, 0x88, 0x74, 0x87, 0x05, + 0xE7, 0xBE, 0xBD, 0xAA, 0x8C, 0x6D, 0xC2, 0x3D, + 0x6F, 0x95, 0x84, 0xFA, 0x03, 0x74, 0x85, 0xE1, + 0xED, 0xE5, 0xF4, 0xE8, 0x26, 0x4A, 0x0B, 0x20, + 0x87, 0xB6, 0xE1, 0x10, 0x75, 0x6D, 0x9F, 0x95, + 0x39, 0x4C, 0x0F, 0x50, 0x1B, 0xA8, 0x69, 0x82, + 0xBB, 0xE2, 0xD6, 0x11, 0xD7, 0xBE, 0xFB, 0x4F, + 0x60, 0xD3, 0x16, 0xC6, 0x04, 0x3A, 0x5A, 0xF5, + 0x78, 0x9B, 0x0B, 0x21, 0xA1, 0x00, 0x96, 0xCD, + 0x63, 0x78, 0x1D, 0x2D, 0x4F, 0x6E, 0x50, 0xEE, + 0x62, 0x2D, 0x88, 0x62, 0x01, 0xF6, 0xB4, 0x17, + 0x4F, 0x8C, 0xAD, 0xCB, 0x4B, 0xF9, 0xF6, 0x9D, + 0xC7, 0xD8, 0xCC, 0xBF, 0x96, 0x1B, 0x1B, 0x79, + 0xF3, 0x25, 0x85, 0x23, 0x10, 0x63, 0x30, 0x8D, + 0xA8, 0x3A, 0x4B, 0x92, 0x1B, 0x88, 0x53, 0x24, + 0x2D, 0x29, 0xA5, 0x2E, 0x7A, 0xD5, 0x58, 0xEB, + 0x1B, 0x1C, 0xE6, 0xB8, 0x94, 0x0C, 0x58, 0x96, + 0x5B, 0xA0, 0x2C, 0xBF, 0xE2, 0x99, 0xA0, 0x1F, + 0x0C, 0xCC, 0xBD, 0x83, 0x72, 0x56, 0xBB, 0x13, + 0x61, 0x5A, 0xC2, 0x04, 0x27, 0x29, 0x1F, 0xD4, + 0xE4, 0x3D, 0x8A, 0x87, 0xE3, 0x81, 0x91, 0x07, + 0xD3, 0x9B, 0xBC, 0xA9, 0xB3, 0xBA, 0xF5, 0x8B, + 0x6A, 0xAD, 0xDE, 0xB0, 0x54, 0x3E, 0xFE, 0xCC, + 0xD3, 0xCB, 0x2C, 0x69, 0xF0, 0x58, 0xD7, 0xEF, + 0xA9, 0xC0, 0x15, 0x9B, 0x5A, 0xDF, 0x71, 0x25, + 0x38, 0x44, 0xEC, 0xA9, 0x18, 0x47, 0x41, 0xCE, + 0x3D, 0x53, 0x10, 0x12, 0xC3, 0x1B, 0x59, 0x9A, + 0x93, 0xA1, 0xEA, 0xBE, 0x3E, 0xBA, 0x74, 0xF6, + 0x2D, 0x40, 0x9D, 0xCB, 0x9E, 0xA1, 0xA5, 0x85, + 0xFF, 0xDC, 0xC5, 0x60, 0x6F, 0x61, 0xE8, 0x17, + 0x6C, 0x36, 0x9F, 0x7A, 0x48, 0x47, 0xDD, 0xF1, + 0xF4, 0x43, 0x21, 0xCB, 0xB3, 0x55, 0x86, 0xD0, + 0xE9, 0x46, 0x7D, 0xB5, 0x3D, 0x90, 0x34, 0x1E, + 0xBB, 0x40, 0xD3, 0x2A, 0xEB, 0xE6, 0x4C, 0x46, + 0x42, 0xA2, 0x8A, 0xBF, 0x90, 0xE7, 0x4B, 0x6D, + 0x5C, 0x94, 0x97, 0xD2, 0xF0, 0x97, 0x74, 0x4C, + 0x76, 0x03, 0xAC, 0x3D, 0xDE, 0x15, 0x96, 0x0C, + 0xEF, 0x18, 0x9D, 0xBD, 0x1A, 0x20, 0x35, 0x7E, + 0x2A, 0x70, 0x9D, 0xEA, 0x2E, 0x11, 0xDF, 0xF3, + 0x2F, 0xFE, 0x23, 0xA9, 0xB6, 0xCF, 0xB7, 0xB9, + 0x3F, 0x4F, 0x30, 0x6B, 0x3B, 0x0D, 0x3B, 0xED, + 0xCD, 0x77, 0xD4, 0xBF, 0xEE, 0xDD, 0xB6, 0x56, + 0x24, 0xD4, 0x29, 0x83, 0xDE, 0xDB, 0xC1, 0xFB, + 0x6A, 0xCE, 0x7F, 0x47, 0xD2, 0xC5, 0xF1, 0x78, + 0x5C, 0x2C, 0x5A, 0x28, 0x3E, 0x05, 0x50, 0x2E, + 0xD9, 0xAE, 0x9B, 0x95, 0x64, 0xC7, 0xD2, 0x7B, + 0xCB, 0xC5, 0x91, 0x80, 0xEB, 0x79, 0xC7, 0xCC, + 0xA8, 0x06, 0xC8, 0xF9, 0xDF, 0x2A, 0x49, 0x4A, + 0xF8, 0xFE, 0xBA, 0xA5, 0x85, 0x67, 0x1B, 0xDA, + 0x51, 0x3B, 0xC2, 0x04, 0xA6, 0xA3, 0xFF, 0x99, + 0x21, 0xE8, 0x17, 0x91, 0x33, 0x9B, 0x83, 0x75, + 0x20, 0x5E, 0x95, 0xBE, 0x49, 0xDF, 0x53, 0xFC, + 0x05, 0xA2, 0x3C, 0xAA, 0x5A, 0x22, 0x15, 0xA5, + 0x56, 0xE0, 0x51, 0x30, 0x4E, 0x32, 0x14, 0xF2, + 0x9F, 0x03, 0x51, 0x8E, 0xDD, 0x8B, 0x39, 0x19, + 0x1E, 0x39, 0xC5, 0xA7, 0x1C, 0xC6, 0xA4, 0xE1, + 0x77, 0xCA, 0x8C, 0x9D, 0x27, 0xBC, 0xCC, 0x16, + 0xD6, 0xFC, 0x59, 0x10, 0x23, 0xFF, 0x64, 0x90, + 0x9C, 0x23, 0x5A, 0xFF, 0x7E, 0x27, 0x1B, 0xC7, + 0x7F, 0x21, 0x3B, 0x41, 0xDB, 0xBC, 0x96, 0x60, + 0x0B, 0x35, 0xA1, 0xF3, 0xF8, 0x51, 0x0A, 0x65, + 0xCF, 0xDF, 0x7A, 0xB8, 0x04, 0x56, 0x49, 0xD7, + 0xD3, 0xC5, 0x0B, 0x4A, 0x1F, 0x60, 0xE1, 0x86, + 0x36, 0x53, 0x8E, 0x6C, 0x3E, 0xAF, 0x5B, 0xC1, + 0xCA, 0xCB, 0x22, 0x1A, 0x07, 0xDA, 0x54, 0xEC, + 0xAA, 0x06, 0x72, 0x17, 0xCF, 0x80, 0xC4, 0x89, + 0x56, 0x24, 0x1B, 0xD4, 0xFF, 0x50, 0x6B, 0x51, + 0x55, 0x4D, 0x6E, 0x79, 0x7E, 0xEC, 0x61, 0xC6, + 0xE4, 0x21, 0xC8, 0x0E, 0x10, 0x3F, 0x8C, 0x85, + 0x3A, 0x27, 0xEA, 0x91, 0x07, 0xCB, 0x37, 0x18, + 0x14, 0xB5, 0x63, 0x6E, 0x00, 0xBC, 0x0F, 0x36, + 0xF9, 0x54, 0x75, 0xE7, 0x0B, 0xDC, 0xE7, 0xA0, + 0x59, 0xF0, 0x64, 0xFB, 0x73, 0x07, 0x0E, 0xFE, + 0x57, 0x7F, 0x0D, 0x12, 0xBC, 0xB0, 0xBF, 0xA2, + 0x3A, 0x18, 0x08, 0x7E, 0xD5, 0x6C, 0xF0, 0x6F, + 0xF8, 0x98, 0xFB, 0xA5, 0x10, 0x7B, 0x10, 0x5F, + 0x6B, 0xC8, 0x6D, 0xDE, 0x2F, 0x1F, 0xE0, 0xC8, + 0x19, 0xEE, 0xC2, 0x03, 0x39, 0x49, 0x70, 0x3E, + 0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34, + 0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18 + }; + static const byte sk_65[] = { + 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, + 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, + 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, + 0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41, + 0x52, 0x8D, 0xA0, 0xC7, 0xD2, 0x80, 0xDD, 0x49, + 0x0D, 0x5E, 0xB7, 0x65, 0xDB, 0x32, 0x33, 0x15, + 0x0F, 0x9E, 0xC8, 0xEB, 0xC9, 0x6E, 0xE8, 0xE8, + 0x5C, 0xBD, 0x18, 0x4F, 0xDC, 0xF8, 0xA8, 0xD9, + 0xC5, 0x33, 0x84, 0x79, 0x5A, 0x5E, 0xB7, 0x3C, + 0x6D, 0x82, 0xCA, 0xB9, 0xBA, 0x94, 0xB6, 0x46, + 0xAE, 0x3A, 0xD9, 0x19, 0x6C, 0xB4, 0xDA, 0xE2, + 0xF1, 0x4B, 0xB6, 0x43, 0xF0, 0x24, 0x08, 0xE5, + 0xF7, 0x9A, 0x41, 0xF1, 0x15, 0x9C, 0xA8, 0x08, + 0x79, 0x9F, 0xB8, 0x26, 0xD4, 0x08, 0x32, 0x47, + 0xC8, 0xF0, 0xD5, 0x31, 0xA1, 0xC1, 0x19, 0x04, + 0x02, 0x06, 0x2B, 0x4D, 0x46, 0xAE, 0x43, 0x6A, + 0x25, 0x82, 0x75, 0x41, 0x70, 0x36, 0x42, 0x48, + 0x78, 0x06, 0x36, 0x50, 0x23, 0x84, 0x68, 0x10, + 0x87, 0x08, 0x62, 0x00, 0x08, 0x34, 0x20, 0x73, + 0x32, 0x13, 0x36, 0x61, 0x87, 0x61, 0x43, 0x50, + 0x30, 0x02, 0x26, 0x07, 0x65, 0x45, 0x32, 0x00, + 0x25, 0x75, 0x01, 0x04, 0x88, 0x81, 0x58, 0x64, + 0x52, 0x40, 0x84, 0x22, 0x88, 0x42, 0x82, 0x56, + 0x47, 0x50, 0x05, 0x21, 0x88, 0x25, 0x32, 0x25, + 0x12, 0x85, 0x14, 0x52, 0x87, 0x77, 0x67, 0x18, + 0x46, 0x54, 0x63, 0x07, 0x88, 0x67, 0x37, 0x26, + 0x72, 0x62, 0x41, 0x02, 0x00, 0x01, 0x17, 0x84, + 0x33, 0x64, 0x32, 0x57, 0x06, 0x20, 0x05, 0x44, + 0x88, 0x57, 0x33, 0x45, 0x70, 0x55, 0x14, 0x43, + 0x12, 0x54, 0x04, 0x38, 0x37, 0x08, 0x42, 0x57, + 0x36, 0x05, 0x30, 0x03, 0x86, 0x53, 0x02, 0x53, + 0x75, 0x22, 0x62, 0x13, 0x38, 0x82, 0x48, 0x30, + 0x83, 0x83, 0x64, 0x83, 0x13, 0x74, 0x57, 0x32, + 0x46, 0x70, 0x06, 0x05, 0x82, 0x52, 0x73, 0x55, + 0x25, 0x77, 0x21, 0x78, 0x57, 0x83, 0x66, 0x20, + 0x38, 0x53, 0x21, 0x41, 0x77, 0x56, 0x77, 0x46, + 0x34, 0x42, 0x58, 0x31, 0x08, 0x06, 0x03, 0x62, + 0x20, 0x35, 0x11, 0x42, 0x35, 0x38, 0x63, 0x86, + 0x64, 0x13, 0x13, 0x75, 0x40, 0x01, 0x53, 0x74, + 0x41, 0x31, 0x56, 0x64, 0x38, 0x17, 0x14, 0x16, + 0x62, 0x33, 0x22, 0x12, 0x64, 0x40, 0x67, 0x11, + 0x62, 0x42, 0x25, 0x60, 0x38, 0x05, 0x83, 0x13, + 0x51, 0x00, 0x28, 0x36, 0x62, 0x56, 0x41, 0x43, + 0x58, 0x37, 0x51, 0x22, 0x70, 0x25, 0x82, 0x82, + 0x35, 0x24, 0x06, 0x83, 0x48, 0x58, 0x81, 0x78, + 0x07, 0x86, 0x23, 0x15, 0x75, 0x32, 0x46, 0x75, + 0x35, 0x40, 0x08, 0x43, 0x10, 0x66, 0x74, 0x05, + 0x13, 0x72, 0x74, 0x08, 0x83, 0x41, 0x81, 0x08, + 0x75, 0x87, 0x83, 0x28, 0x56, 0x66, 0x20, 0x01, + 0x18, 0x83, 0x57, 0x22, 0x14, 0x64, 0x18, 0x05, + 0x27, 0x75, 0x22, 0x84, 0x12, 0x38, 0x87, 0x52, + 0x32, 0x25, 0x28, 0x08, 0x14, 0x41, 0x81, 0x14, + 0x03, 0x24, 0x54, 0x23, 0x04, 0x81, 0x40, 0x36, + 0x38, 0x38, 0x64, 0x42, 0x46, 0x36, 0x68, 0x11, + 0x55, 0x00, 0x11, 0x25, 0x76, 0x16, 0x43, 0x07, + 0x23, 0x03, 0x34, 0x10, 0x46, 0x41, 0x14, 0x02, + 0x26, 0x10, 0x74, 0x38, 0x38, 0x72, 0x07, 0x87, + 0x54, 0x11, 0x12, 0x83, 0x75, 0x05, 0x82, 0x17, + 0x45, 0x20, 0x38, 0x41, 0x37, 0x20, 0x00, 0x08, + 0x32, 0x18, 0x16, 0x25, 0x58, 0x85, 0x16, 0x88, + 0x71, 0x82, 0x45, 0x60, 0x33, 0x11, 0x13, 0x42, + 0x43, 0x37, 0x68, 0x11, 0x16, 0x54, 0x04, 0x08, + 0x52, 0x78, 0x13, 0x56, 0x83, 0x52, 0x15, 0x24, + 0x03, 0x61, 0x78, 0x44, 0x13, 0x70, 0x67, 0x36, + 0x74, 0x86, 0x52, 0x50, 0x15, 0x41, 0x88, 0x74, + 0x53, 0x00, 0x05, 0x18, 0x65, 0x62, 0x14, 0x84, + 0x12, 0x32, 0x01, 0x88, 0x40, 0x42, 0x34, 0x05, + 0x32, 0x80, 0x72, 0x55, 0x20, 0x68, 0x16, 0x43, + 0x14, 0x15, 0x15, 0x38, 0x43, 0x85, 0x27, 0x60, + 0x70, 0x18, 0x27, 0x35, 0x53, 0x01, 0x28, 0x73, + 0x27, 0x84, 0x10, 0x53, 0x67, 0x10, 0x45, 0x40, + 0x81, 0x52, 0x86, 0x06, 0x11, 0x18, 0x04, 0x31, + 0x57, 0x25, 0x22, 0x44, 0x47, 0x81, 0x45, 0x44, + 0x55, 0x04, 0x72, 0x57, 0x06, 0x46, 0x76, 0x23, + 0x38, 0x85, 0x65, 0x30, 0x08, 0x48, 0x20, 0x13, + 0x22, 0x77, 0x44, 0x60, 0x43, 0x14, 0x15, 0x27, + 0x86, 0x22, 0x37, 0x37, 0x27, 0x04, 0x27, 0x50, + 0x74, 0x31, 0x10, 0x82, 0x00, 0x75, 0x80, 0x44, + 0x38, 0x10, 0x58, 0x40, 0x86, 0x60, 0x63, 0x13, + 0x65, 0x18, 0x33, 0x70, 0x57, 0x68, 0x05, 0x10, + 0x81, 0x03, 0x42, 0x05, 0x25, 0x65, 0x33, 0x57, + 0x38, 0x05, 0x65, 0x34, 0x46, 0x53, 0x68, 0x11, + 0x75, 0x10, 0x04, 0x54, 0x18, 0x47, 0x52, 0x24, + 0x63, 0x23, 0x74, 0x45, 0x11, 0x34, 0x68, 0x32, + 0x35, 0x38, 0x52, 0x85, 0x28, 0x08, 0x71, 0x78, + 0x37, 0x38, 0x27, 0x10, 0x80, 0x54, 0x26, 0x33, + 0x31, 0x82, 0x44, 0x88, 0x33, 0x24, 0x62, 0x86, + 0x32, 0x82, 0x73, 0x31, 0x28, 0x14, 0x73, 0x87, + 0x06, 0x35, 0x80, 0x36, 0x67, 0x02, 0x33, 0x75, + 0x27, 0x36, 0x38, 0x16, 0x35, 0x70, 0x52, 0x16, + 0x87, 0x58, 0x85, 0x17, 0x22, 0x13, 0x54, 0x85, + 0x07, 0x53, 0x31, 0x26, 0x78, 0x01, 0x85, 0x18, + 0x08, 0x68, 0x38, 0x52, 0x11, 0x73, 0x32, 0x25, + 0x58, 0x82, 0x70, 0x70, 0x36, 0x30, 0x50, 0x38, + 0x65, 0x12, 0x78, 0x31, 0x77, 0x72, 0x18, 0x41, + 0x05, 0x42, 0x32, 0x26, 0x26, 0x50, 0x52, 0x86, + 0x15, 0x76, 0x28, 0x66, 0x88, 0x03, 0x78, 0x28, + 0x70, 0x33, 0x36, 0x27, 0x16, 0x61, 0x43, 0x56, + 0x62, 0x81, 0x85, 0x75, 0x47, 0x60, 0x63, 0x38, + 0x66, 0x81, 0x51, 0x78, 0x03, 0x42, 0x60, 0x38, + 0x01, 0x24, 0x73, 0x63, 0x81, 0x12, 0x01, 0x27, + 0x63, 0x13, 0x11, 0x78, 0x36, 0x37, 0x15, 0x03, + 0x84, 0x58, 0x17, 0x25, 0x67, 0x87, 0x57, 0x83, + 0x71, 0x85, 0x37, 0x53, 0x86, 0x22, 0x33, 0x28, + 0x77, 0x30, 0x18, 0x15, 0x01, 0x37, 0x85, 0x40, + 0x15, 0x38, 0x51, 0x33, 0x17, 0x42, 0x64, 0x04, + 0x56, 0x27, 0x50, 0x45, 0x11, 0x27, 0x20, 0x17, + 0x76, 0x55, 0x33, 0x37, 0x58, 0x88, 0x88, 0x45, + 0x16, 0x55, 0x08, 0x53, 0x52, 0x48, 0x72, 0x85, + 0x30, 0x15, 0x23, 0x44, 0x22, 0x02, 0x43, 0x45, + 0x41, 0x10, 0x00, 0x52, 0x32, 0x73, 0x05, 0x75, + 0x72, 0x16, 0x08, 0x11, 0x51, 0x36, 0x20, 0x04, + 0x76, 0x48, 0x78, 0x56, 0x60, 0x88, 0x07, 0x47, + 0x70, 0x20, 0x46, 0x40, 0x43, 0x26, 0x04, 0x37, + 0x17, 0x51, 0x58, 0x46, 0x72, 0x44, 0x50, 0x23, + 0x67, 0x63, 0x60, 0x84, 0x30, 0x51, 0x52, 0x53, + 0x21, 0x74, 0x85, 0x45, 0x74, 0x43, 0x11, 0x72, + 0x52, 0x65, 0x76, 0x08, 0x78, 0x63, 0x14, 0x27, + 0x41, 0x34, 0x67, 0x07, 0x45, 0x15, 0x10, 0x83, + 0x24, 0x02, 0x80, 0x53, 0x07, 0x21, 0x58, 0x10, + 0x34, 0x20, 0x54, 0x12, 0x58, 0x44, 0x25, 0x53, + 0x33, 0x46, 0x02, 0x38, 0x60, 0x17, 0x70, 0x64, + 0x18, 0x52, 0x62, 0x26, 0x65, 0x61, 0x42, 0x31, + 0x22, 0x57, 0x34, 0x57, 0x02, 0x34, 0x62, 0x76, + 0x74, 0x38, 0x73, 0x21, 0x68, 0x71, 0x07, 0x21, + 0x61, 0x05, 0x20, 0x20, 0x86, 0x83, 0x30, 0x25, + 0x50, 0x50, 0x83, 0x30, 0x31, 0x56, 0x30, 0x31, + 0x76, 0x04, 0x54, 0x80, 0x75, 0x18, 0x82, 0x23, + 0x61, 0x87, 0x58, 0x25, 0x13, 0x63, 0x21, 0x51, + 0x48, 0x02, 0x67, 0x37, 0x12, 0x88, 0x70, 0x60, + 0x07, 0x36, 0x18, 0x15, 0x87, 0x74, 0x55, 0x60, + 0x00, 0x54, 0x37, 0x11, 0x01, 0x37, 0x14, 0x17, + 0x11, 0x72, 0x14, 0x55, 0x31, 0x75, 0x77, 0x48, + 0x10, 0x23, 0x83, 0x20, 0x00, 0x04, 0x32, 0x64, + 0x66, 0x61, 0x71, 0x31, 0x03, 0x15, 0x44, 0x32, + 0x57, 0x25, 0x64, 0x31, 0x28, 0x15, 0x33, 0x67, + 0x86, 0x87, 0x37, 0x03, 0x12, 0x78, 0x86, 0x13, + 0x47, 0x80, 0x61, 0x42, 0x50, 0x40, 0x23, 0x37, + 0x01, 0x01, 0x66, 0x24, 0x06, 0x57, 0x82, 0x02, + 0x22, 0x42, 0x41, 0x02, 0x26, 0x06, 0x41, 0x35, + 0x64, 0x16, 0x44, 0x42, 0x38, 0x30, 0x86, 0x88, + 0x47, 0x71, 0x62, 0x33, 0x24, 0x02, 0x12, 0x37, + 0x42, 0x33, 0x20, 0x81, 0x80, 0x53, 0x07, 0x65, + 0x71, 0x27, 0x13, 0x53, 0x15, 0x43, 0x76, 0x38, + 0x71, 0x30, 0x07, 0x87, 0x25, 0x63, 0x03, 0x33, + 0x70, 0x56, 0x18, 0x13, 0x83, 0x51, 0x44, 0x40, + 0x04, 0x80, 0x62, 0x24, 0x20, 0x64, 0x54, 0x40, + 0x20, 0x73, 0x61, 0x45, 0x01, 0x24, 0x47, 0x78, + 0x23, 0x34, 0x56, 0x10, 0x25, 0x32, 0x02, 0x70, + 0x08, 0x02, 0x23, 0x24, 0x80, 0x43, 0x04, 0x02, + 0x81, 0x11, 0x23, 0x82, 0x03, 0x61, 0x30, 0x33, + 0x15, 0x36, 0x25, 0x32, 0x14, 0x73, 0x22, 0x46, + 0x81, 0x25, 0x16, 0x13, 0x52, 0x58, 0x71, 0x61, + 0x67, 0x08, 0x38, 0x76, 0x71, 0x15, 0x88, 0x47, + 0x31, 0x25, 0x27, 0x18, 0x31, 0x50, 0x40, 0x71, + 0x06, 0x87, 0x37, 0x30, 0x85, 0x64, 0x62, 0x78, + 0x32, 0x74, 0x18, 0x83, 0x67, 0x40, 0x37, 0x44, + 0x56, 0x02, 0x72, 0x61, 0x27, 0x28, 0x38, 0x38, + 0x67, 0x17, 0x58, 0x04, 0x61, 0x28, 0x67, 0x37, + 0x46, 0x50, 0x38, 0x15, 0x45, 0x12, 0x71, 0x44, + 0x22, 0x02, 0x34, 0x83, 0x40, 0x70, 0x55, 0x75, + 0x54, 0x26, 0x88, 0x07, 0x25, 0x58, 0x73, 0x60, + 0x58, 0x61, 0x45, 0x63, 0x35, 0x05, 0x48, 0x63, + 0x48, 0x57, 0x03, 0x31, 0x28, 0x14, 0x05, 0x01, + 0x57, 0x34, 0x64, 0x50, 0x23, 0x86, 0x75, 0x85, + 0x18, 0x75, 0x56, 0x88, 0x08, 0x26, 0x01, 0x34, + 0x01, 0x57, 0x05, 0x28, 0x35, 0x48, 0x17, 0x57, + 0x71, 0x81, 0x41, 0x33, 0x77, 0x86, 0x07, 0x77, + 0x02, 0x25, 0x71, 0x74, 0x37, 0x31, 0x20, 0x14, + 0x32, 0x54, 0x20, 0x35, 0x54, 0x76, 0x83, 0x15, + 0x80, 0x73, 0x27, 0x23, 0x00, 0x58, 0x22, 0x84, + 0x64, 0x56, 0x14, 0x84, 0x38, 0x34, 0x16, 0x21, + 0x77, 0x07, 0x34, 0x81, 0x66, 0x87, 0x40, 0x11, + 0x62, 0x46, 0x45, 0x01, 0x20, 0x53, 0x21, 0x73, + 0x07, 0x76, 0x44, 0x15, 0x61, 0x50, 0x83, 0x48, + 0x58, 0x58, 0x45, 0x33, 0x25, 0x36, 0x07, 0x42, + 0x70, 0x24, 0x07, 0x41, 0x08, 0x35, 0x00, 0x78, + 0x41, 0x47, 0x02, 0x56, 0x07, 0x14, 0x68, 0x33, + 0x55, 0x77, 0x32, 0x40, 0x55, 0x24, 0x50, 0x26, + 0x47, 0x12, 0x65, 0x58, 0x43, 0x05, 0x52, 0x55, + 0x75, 0x50, 0x18, 0x46, 0x65, 0x48, 0x03, 0x32, + 0x85, 0x31, 0x16, 0x52, 0x71, 0x57, 0x87, 0x46, + 0x76, 0x14, 0x42, 0x81, 0x28, 0x74, 0x60, 0x34, + 0x35, 0x55, 0x52, 0x16, 0x58, 0x48, 0x61, 0x75, + 0x80, 0x88, 0x15, 0x32, 0x72, 0x26, 0x31, 0x03, + 0x05, 0x03, 0x16, 0x04, 0x07, 0x37, 0x37, 0x73, + 0x43, 0x81, 0x57, 0x31, 0x88, 0x04, 0x72, 0x76, + 0x01, 0x61, 0x81, 0x17, 0x37, 0x65, 0x44, 0x38, + 0x61, 0x23, 0x16, 0x26, 0x52, 0x45, 0x00, 0x73, + 0x83, 0x63, 0x64, 0x62, 0x26, 0x74, 0x60, 0x11, + 0x81, 0x08, 0x06, 0x30, 0x36, 0x05, 0x10, 0x48, + 0x47, 0x35, 0x10, 0x85, 0x30, 0x86, 0x71, 0x38, + 0x16, 0x37, 0x6F, 0x3B, 0x1C, 0x18, 0xB1, 0xE3, + 0xE8, 0xEE, 0x83, 0x3E, 0x8D, 0x38, 0x43, 0x9E, + 0x78, 0x1C, 0xA3, 0xB8, 0x94, 0x06, 0x54, 0xEF, + 0x44, 0x6C, 0x9A, 0xAC, 0xC3, 0xF1, 0xD3, 0x0E, + 0xE0, 0x10, 0x5B, 0x8F, 0x63, 0xEB, 0x89, 0x74, + 0x6E, 0xF4, 0xBE, 0xB5, 0x4C, 0xFC, 0xE8, 0x81, + 0x2C, 0xF9, 0x47, 0xCF, 0x54, 0x54, 0xFB, 0x1C, + 0xA5, 0x5F, 0x25, 0xA0, 0xFE, 0x57, 0xF5, 0xFC, + 0xFD, 0x73, 0xB0, 0xDA, 0x04, 0xB0, 0xBF, 0x28, + 0x92, 0x92, 0xAF, 0x39, 0x74, 0x72, 0x56, 0x69, + 0xC3, 0x00, 0x03, 0xE0, 0x50, 0x9F, 0xED, 0xC8, + 0x0F, 0x6C, 0x89, 0x4B, 0xB0, 0x47, 0xC2, 0xE2, + 0xAF, 0x48, 0x5C, 0xAD, 0x68, 0xC2, 0x1D, 0x80, + 0xEF, 0x33, 0xB0, 0xC4, 0xFD, 0xA6, 0x7B, 0x85, + 0x31, 0xA1, 0x58, 0x87, 0x67, 0x54, 0x71, 0x3F, + 0xF8, 0xA8, 0xA6, 0x8D, 0x9A, 0xBD, 0xC4, 0x81, + 0x6B, 0x24, 0xB4, 0xA3, 0x6A, 0x8A, 0x2B, 0xB1, + 0xFD, 0x1C, 0x2C, 0x25, 0xC3, 0x72, 0xC4, 0xB7, + 0x75, 0xF8, 0xCC, 0x17, 0x39, 0xCF, 0x2C, 0xE9, + 0xA4, 0x54, 0x58, 0xE4, 0x1A, 0xAE, 0xC6, 0x4A, + 0xEE, 0xDE, 0x75, 0x7C, 0xE7, 0x38, 0xBC, 0xDF, + 0x4D, 0xA0, 0xEE, 0x2B, 0xDD, 0x5F, 0x80, 0x5C, + 0xCF, 0xF7, 0x2A, 0x5F, 0x73, 0x8B, 0xAC, 0x12, + 0x34, 0x2E, 0xE3, 0xF1, 0x4C, 0xB7, 0x22, 0x68, + 0xC2, 0xD6, 0x36, 0x7D, 0xF1, 0x7F, 0x20, 0x46, + 0xA2, 0x4B, 0x47, 0x4B, 0x32, 0x58, 0xF7, 0xB0, + 0x88, 0x54, 0x6C, 0x99, 0x3B, 0x0D, 0xA1, 0xE2, + 0x92, 0x92, 0xEB, 0x72, 0x1E, 0xE7, 0xE5, 0xA1, + 0xF8, 0x6E, 0x14, 0xA5, 0x39, 0xB0, 0x63, 0x6F, + 0x78, 0x82, 0xA1, 0x9C, 0x8D, 0x79, 0x02, 0x85, + 0xA6, 0xDF, 0x7D, 0xEE, 0xCE, 0x17, 0x4D, 0x63, + 0xCF, 0xF3, 0xB2, 0xFF, 0x85, 0x68, 0x81, 0xCB, + 0x38, 0x6B, 0x1B, 0x38, 0xA2, 0xE0, 0xF2, 0x4C, + 0x31, 0xE0, 0x91, 0x93, 0xDD, 0xF3, 0x71, 0x47, + 0xF2, 0x69, 0xD9, 0x4C, 0xDE, 0xF9, 0x90, 0x61, + 0x34, 0x62, 0x07, 0x71, 0x79, 0xD0, 0xDD, 0x09, + 0x32, 0x64, 0x39, 0x49, 0x93, 0x1A, 0x02, 0xBA, + 0xFA, 0x80, 0x17, 0x6E, 0xDF, 0x97, 0xB6, 0xA2, + 0x31, 0x34, 0x71, 0xF0, 0xB1, 0x9B, 0x3B, 0x59, + 0xF4, 0x3B, 0xD2, 0x2A, 0x05, 0x49, 0x3E, 0xFB, + 0x0C, 0xF8, 0xB5, 0xD7, 0xB6, 0x25, 0x2B, 0x09, + 0x8B, 0x4B, 0xFA, 0x39, 0x5B, 0xF9, 0xA2, 0x09, + 0xE9, 0xBB, 0x46, 0x01, 0x30, 0x00, 0x90, 0x32, + 0x58, 0xA6, 0x9B, 0x67, 0xF5, 0x94, 0x11, 0xC8, + 0x35, 0x95, 0xFA, 0x6E, 0x67, 0x42, 0x8D, 0x96, + 0x6D, 0x20, 0xFC, 0xD3, 0x09, 0x61, 0x11, 0x86, + 0x77, 0xC0, 0x86, 0xA3, 0x54, 0xAE, 0x6D, 0x41, + 0xEE, 0x17, 0xDC, 0xA1, 0xB0, 0xB7, 0x50, 0x43, + 0xD6, 0xCE, 0x23, 0xBD, 0xB0, 0x1E, 0x02, 0xE5, + 0x9E, 0xCF, 0xC6, 0x2E, 0x8C, 0x39, 0x71, 0xB1, + 0x45, 0x02, 0x75, 0xBA, 0x7F, 0x60, 0xB0, 0x8B, + 0x1C, 0x33, 0xBA, 0x0C, 0xFF, 0x54, 0x63, 0xE3, + 0x47, 0x5B, 0x07, 0x77, 0x77, 0xC5, 0x72, 0x24, + 0x60, 0xFA, 0xDB, 0x0B, 0xF6, 0x41, 0x82, 0x69, + 0x3C, 0x68, 0x37, 0xF5, 0xFD, 0x45, 0x4A, 0x66, + 0x6C, 0xD7, 0x01, 0x10, 0x78, 0x4A, 0xED, 0x09, + 0xAE, 0x49, 0x0A, 0x60, 0xC7, 0x78, 0x56, 0x51, + 0x15, 0xE3, 0x4A, 0xB5, 0xAE, 0xAD, 0x09, 0xD1, + 0x71, 0xA8, 0xCA, 0x3C, 0x8A, 0xE6, 0xCA, 0x39, + 0x43, 0x60, 0x56, 0x83, 0x3C, 0x58, 0x04, 0xD4, + 0xB4, 0x62, 0xDD, 0x53, 0x05, 0xC8, 0x51, 0xAF, + 0x59, 0xF6, 0x4F, 0x04, 0xC3, 0x1E, 0x69, 0xFF, + 0x82, 0xBF, 0xD7, 0x89, 0xD2, 0x30, 0x9F, 0xF2, + 0xE6, 0x38, 0x05, 0x9C, 0xD5, 0x08, 0xB8, 0x25, + 0xF3, 0x3B, 0x99, 0x85, 0x4E, 0x40, 0xF8, 0x40, + 0xF2, 0x4B, 0x5C, 0x3A, 0xA8, 0x64, 0x41, 0x92, + 0xEA, 0xCA, 0x9A, 0x7B, 0xCF, 0xBA, 0x1F, 0xDE, + 0xE0, 0x9D, 0xCA, 0xAD, 0xB4, 0x0C, 0x90, 0xFF, + 0xE1, 0x6C, 0xEC, 0xDD, 0x32, 0x38, 0x2A, 0xF7, + 0x19, 0x20, 0x39, 0xCB, 0x29, 0x67, 0x2F, 0x70, + 0x71, 0x12, 0x10, 0xB6, 0xB8, 0x3E, 0x8D, 0xFD, + 0xB5, 0xFB, 0xBD, 0xBF, 0xA8, 0xCA, 0x19, 0xC4, + 0xC6, 0xAC, 0x37, 0x31, 0xFC, 0x33, 0xC2, 0x7F, + 0xA2, 0xA2, 0x6D, 0xEB, 0x15, 0x2E, 0xA1, 0x90, + 0xF8, 0x29, 0xC6, 0x34, 0xD1, 0x39, 0x30, 0x24, + 0x1C, 0xB9, 0x26, 0xAC, 0xDD, 0xE5, 0x24, 0x9C, + 0xDD, 0x35, 0x60, 0x7E, 0x38, 0x0C, 0xC1, 0x2A, + 0x7D, 0x1E, 0xA9, 0xBA, 0xA5, 0x58, 0x4C, 0xDD, + 0x26, 0x86, 0x09, 0xDC, 0xC3, 0xB0, 0x1F, 0xCD, + 0xC9, 0xAD, 0xCB, 0x4A, 0x7E, 0x51, 0x67, 0xE5, + 0xED, 0x5A, 0xD2, 0x21, 0xDB, 0x2E, 0xAB, 0xD9, + 0x0A, 0xEC, 0xAE, 0x71, 0xFA, 0x23, 0x7A, 0xEF, + 0x98, 0xDF, 0x53, 0x89, 0x93, 0xE8, 0x71, 0xD7, + 0x35, 0xDA, 0x6B, 0x88, 0x31, 0xAF, 0x67, 0xF2, + 0x97, 0x29, 0x1C, 0x39, 0x67, 0xEB, 0xAF, 0x60, + 0xD9, 0x53, 0xC4, 0x0F, 0x7A, 0x46, 0x4E, 0xF3, + 0x2F, 0x8E, 0xAE, 0xFA, 0x64, 0x2E, 0x37, 0xDE, + 0xA9, 0x74, 0x73, 0x5D, 0xDD, 0xBB, 0x83, 0x54, + 0x27, 0xB9, 0x7A, 0x63, 0x2B, 0x19, 0x8B, 0x26, + 0x22, 0x28, 0x84, 0xA0, 0x58, 0x00, 0x2D, 0x55, + 0xEA, 0x2A, 0x80, 0x0D, 0x6C, 0x97, 0x0E, 0x8B, + 0xF7, 0x67, 0xB2, 0x8B, 0x2D, 0xDE, 0x8F, 0x58, + 0xFE, 0x97, 0x81, 0xE7, 0xE2, 0x58, 0x8D, 0x7E, + 0x1B, 0xAB, 0xE5, 0x15, 0x9D, 0x54, 0xF4, 0x00, + 0x34, 0x1D, 0x12, 0x1B, 0x03, 0x23, 0x2B, 0x06, + 0x2E, 0x8C, 0xD0, 0x0A, 0xDC, 0x19, 0xA1, 0x69, + 0x1D, 0x72, 0x91, 0xB4, 0xED, 0x0E, 0x81, 0xF7, + 0x05, 0x99, 0x84, 0xFC, 0x74, 0x0F, 0x7D, 0xF8, + 0x9B, 0x3E, 0x7F, 0x63, 0x7C, 0x73, 0xEB, 0xF5, + 0x36, 0xB3, 0x24, 0x22, 0xAA, 0x33, 0x0C, 0x30, + 0x42, 0xC3, 0xE2, 0x04, 0x6B, 0x3F, 0x2A, 0x0D, + 0xAB, 0xE8, 0x5A, 0x9A, 0x09, 0xD7, 0xB6, 0xAA, + 0x9C, 0x3E, 0xD0, 0x9E, 0xB5, 0x9B, 0x52, 0x7B, + 0xAF, 0x2D, 0x6B, 0xE0, 0x40, 0x12, 0x34, 0xBE, + 0x49, 0xAB, 0xD2, 0xC8, 0xB5, 0x89, 0x1B, 0x79, + 0xEC, 0xAE, 0x88, 0x89, 0x3C, 0x05, 0xC7, 0x75, + 0xC5, 0x84, 0xF7, 0x10, 0x49, 0x48, 0x92, 0x69, + 0x9E, 0xD5, 0x56, 0xB2, 0x1E, 0x81, 0x18, 0x78, + 0xCB, 0x93, 0x5D, 0x70, 0x3A, 0xB2, 0x67, 0xD1, + 0xCC, 0x8F, 0x83, 0x03, 0xB9, 0x64, 0x46, 0x22, + 0x78, 0x0D, 0x55, 0x67, 0x22, 0x58, 0x0E, 0x22, + 0x6B, 0xBA, 0x01, 0xD4, 0x77, 0x05, 0xA7, 0xAC, + 0xB7, 0xE5, 0xFC, 0xE6, 0x11, 0xCC, 0x92, 0x5A, + 0x8C, 0xC0, 0x08, 0x24, 0xAF, 0xCC, 0x4D, 0xBD, + 0x79, 0xD3, 0x5C, 0x52, 0x2C, 0xFF, 0x1A, 0x48, + 0xBB, 0x91, 0x59, 0x6A, 0x80, 0x32, 0x8C, 0x75, + 0x7C, 0xD2, 0xC1, 0x94, 0x94, 0xA8, 0x55, 0x4B, + 0xF2, 0x96, 0xF7, 0x86, 0xF7, 0x53, 0x4F, 0x54, + 0x74, 0x05, 0x5C, 0xEF, 0x02, 0xA0, 0x8A, 0xD1, + 0x88, 0x72, 0xEB, 0x1B, 0x82, 0xF9, 0xFB, 0xDA, + 0xBC, 0xB9, 0x90, 0x98, 0xF2, 0x4B, 0x9A, 0xA6, + 0x89, 0xD5, 0xB3, 0xD8, 0x7B, 0x94, 0xE3, 0x1F, + 0x17, 0x4F, 0xEB, 0x24, 0x06, 0x2B, 0xAB, 0x5F, + 0x27, 0x9B, 0xCD, 0xCE, 0x50, 0x06, 0x40, 0xDD, + 0x7A, 0x8C, 0x67, 0xF0, 0x8E, 0x07, 0xB4, 0x1C, + 0x3C, 0x13, 0xB2, 0x07, 0x6A, 0x38, 0x59, 0x94, + 0x2C, 0xB1, 0x72, 0xA8, 0x77, 0x5B, 0x15, 0x8F, + 0x88, 0xC4, 0x5C, 0xDC, 0x92, 0xCA, 0xC0, 0xED, + 0x02, 0xFF, 0x1D, 0x57, 0x25, 0xBE, 0x67, 0x3E, + 0x4C, 0xE8, 0x95, 0x2A, 0x80, 0xB2, 0x5D, 0xBC, + 0xFA, 0x17, 0xA9, 0x35, 0x0A, 0x6B, 0x07, 0xC8, + 0x8F, 0x88, 0x8D, 0xBC, 0x97, 0x84, 0xE2, 0x07, + 0x57, 0x92, 0x99, 0x4B, 0xE8, 0xDD, 0xD7, 0xA4, + 0x58, 0xCB, 0x61, 0xCE, 0x16, 0xFC, 0x22, 0xCD, + 0x4B, 0x1A, 0x08, 0xC9, 0xAD, 0x3D, 0xB1, 0xF2, + 0xA9, 0x1B, 0x8E, 0xD0, 0xC7, 0xBC, 0xCE, 0xF9, + 0x0A, 0x7A, 0x4D, 0xBE, 0x82, 0x0A, 0xBD, 0x6C, + 0x42, 0x99, 0xBF, 0x86, 0x65, 0x53, 0xAA, 0x04, + 0x79, 0xD6, 0x6D, 0x7E, 0x0F, 0x40, 0xFA, 0xEE, + 0xCE, 0x38, 0x3B, 0x1C, 0x2F, 0xA4, 0x45, 0xA3, + 0x78, 0x2B, 0xA0, 0x29, 0xC5, 0xAA, 0xA9, 0x09, + 0x29, 0x51, 0xDC, 0x5B, 0xB5, 0x95, 0xE4, 0xCE, + 0xC8, 0x50, 0x71, 0x2D, 0xE9, 0x32, 0x12, 0xA0, + 0x7C, 0x88, 0x6B, 0xED, 0xE4, 0x38, 0xB7, 0x92, + 0xCA, 0xE4, 0xDC, 0xD4, 0x05, 0x3B, 0x2B, 0x84, + 0x95, 0x07, 0xFF, 0xF4, 0x79, 0xFF, 0x1E, 0x73, + 0x1B, 0x8E, 0xDF, 0xA3, 0x15, 0xBD, 0x56, 0xAC, + 0xDA, 0xAD, 0x73, 0x95, 0xC2, 0xD3, 0x72, 0xA8, + 0xF0, 0x8E, 0x6C, 0xE3, 0x7D, 0xBE, 0x4C, 0x87, + 0xFC, 0x0F, 0xA6, 0x3B, 0xED, 0xA4, 0x0F, 0x4F, + 0xF1, 0x5D, 0xF2, 0x56, 0x54, 0xD1, 0xCE, 0x6C, + 0xCA, 0x1C, 0xCB, 0xC2, 0x45, 0x7F, 0x90, 0x61, + 0x0E, 0x3D, 0xCE, 0xBB, 0x5E, 0x41, 0x38, 0x2B, + 0xD4, 0x41, 0x7C, 0x67, 0x7C, 0x71, 0x95, 0x34, + 0xD7, 0xED, 0x4D, 0xAC, 0x6E, 0xF1, 0x46, 0xEA, + 0x7D, 0xA4, 0x4C, 0x69, 0x0B, 0x9C, 0x2F, 0xAA, + 0xF1, 0x17, 0x90, 0x1B, 0xF4, 0x4C, 0x03, 0xBE, + 0x9D, 0x56, 0xCE, 0x0C, 0xCF, 0xE0, 0x87, 0x44, + 0xBE, 0x2C, 0x52, 0xD3, 0xBC, 0xAE, 0x02, 0x30, + 0xC7, 0x26, 0x06, 0x88, 0xA6, 0xAA, 0x9D, 0x50, + 0xF1, 0x94, 0x58, 0xC7, 0x60, 0xF3, 0xA0, 0x6F, + 0x53, 0x66, 0x53, 0xCD, 0x1D, 0xBE, 0xD1, 0xF2, + 0x39, 0xBA, 0x1F, 0xE8, 0x40, 0x84, 0xCD, 0x1C, + 0x8F, 0x3D, 0xB7, 0xD1, 0x51, 0x00, 0xDE, 0xB8, + 0x11, 0xD9, 0x66, 0xAD, 0xD5, 0xE9, 0x33, 0x09, + 0xE1, 0xA8, 0x00, 0x58, 0x65, 0xF1, 0xC1, 0x67, + 0xB4, 0x3A, 0xA7, 0x98, 0x90, 0x6A, 0xDB, 0x91, + 0xDB, 0x4A, 0x16, 0x35, 0xDC, 0x3D, 0x69, 0xEB, + 0x7B, 0xDE, 0xCC, 0x91, 0x1B, 0x8D, 0xE6, 0x46, + 0x61, 0x8E, 0x3F, 0x4C, 0x88, 0x81, 0x85, 0x4A, + 0x73, 0x08, 0x56, 0x52, 0xAE, 0xE6, 0x4A, 0x60, + 0x4A, 0x2E, 0x0C, 0x9A, 0x93, 0x76, 0x35, 0xC9, + 0x36, 0x28, 0x0C, 0x72, 0x19, 0xAD, 0x33, 0xCF, + 0x2B, 0xFB, 0xCE, 0x1A, 0x7D, 0xAC, 0xAA, 0x75, + 0x15, 0x76, 0x81, 0x52, 0x55, 0xCC, 0xB9, 0x39, + 0x07, 0xA3, 0x39, 0x12, 0x8D, 0x6F, 0x53, 0xAF, + 0xC7, 0x14, 0x7F, 0xC7, 0x96, 0x5A, 0x49, 0x3C, + 0x5C, 0xB0, 0x26, 0x47, 0xF4, 0x9D, 0xCA, 0x23, + 0xA6, 0x7D, 0xA6, 0x61, 0xC4, 0xA3, 0x26, 0x40, + 0x0F, 0xA7, 0x27, 0x09, 0xBC, 0x39, 0xFD, 0xA7, + 0x75, 0x38, 0x74, 0xD0, 0x9D, 0x29, 0x15, 0x97, + 0xDE, 0x25, 0x60, 0x4D, 0x19, 0x36, 0x04, 0xFB, + 0xA5, 0x2C, 0xB0, 0xC8, 0xB5, 0xFE, 0xE5, 0x94, + 0x7C, 0xE2, 0x1F, 0x84, 0xBB, 0xFB, 0x78, 0x9E, + 0xA5, 0x7C, 0x5D, 0x4A, 0xB2, 0x48, 0x6F, 0x6E, + 0x67, 0x95, 0x16, 0x5F, 0x01, 0x2A, 0xF8, 0x70, + 0x95, 0xCB, 0x06, 0x93, 0x26, 0x6E, 0x7A, 0x75, + 0xB5, 0xE5, 0x4E, 0x27, 0x1D, 0x8B, 0x30, 0xA6, + 0x67, 0x67, 0xD6, 0xE2, 0xD6, 0xD1, 0x99, 0xA4, + 0x55, 0x73, 0x19, 0x32, 0xF6, 0x0B, 0x6B, 0x4A, + 0xEE, 0x23, 0x33, 0x38, 0x30, 0x68, 0x6F, 0x8E, + 0x60, 0xA9, 0x60, 0x97, 0x3E, 0xEA, 0x5D, 0xE1, + 0x40, 0x6F, 0x0C, 0x76, 0x84, 0xCF, 0xAF, 0x86, + 0x8D, 0x36, 0xE5, 0x7D, 0xAE, 0x9A, 0x13, 0x70, + 0x22, 0x2A, 0x31, 0xFE, 0xC2, 0xFB, 0xE1, 0x58, + 0xA5, 0x4E, 0xEF, 0x10, 0x5B, 0x5E, 0xD4, 0x39, + 0xFC, 0xF9, 0x15, 0x64, 0x78, 0x43, 0x7D, 0x03, + 0x9F, 0x5B, 0xCB, 0x86, 0xD2, 0xEF, 0x28, 0xBD, + 0x14, 0xCB, 0x8A, 0x04, 0x1D, 0x59, 0x23, 0x53, + 0x4D, 0x13, 0xF9, 0x93, 0xFE, 0x19, 0x9C, 0xC3, + 0x3F, 0xD9, 0xC1, 0x12, 0x94, 0x84, 0x13, 0x95, + 0x8F, 0xD9, 0x10, 0xAB, 0x37, 0x69, 0x08, 0x04, + 0x4A, 0x97, 0x82, 0x28, 0x75, 0xBB, 0xC9, 0xF4, + 0x3F, 0x19, 0x6B, 0x00, 0x4C, 0x56, 0x16, 0x1F, + 0x50, 0x82, 0xD1, 0x45, 0xFF, 0x0C, 0x37, 0x28, + 0x04, 0xBB, 0x6C, 0x00, 0x97, 0x3A, 0x79, 0x2D, + 0x9A, 0xB9, 0xA5, 0x16, 0x52, 0x02, 0xA3, 0x86, + 0x81, 0xAA, 0x3A, 0x31, 0xE5, 0xB5, 0x44, 0x2D, + 0x34, 0xE2, 0x7A, 0xD8, 0xFE, 0xA1, 0x36, 0xC0, + 0x36, 0x65, 0x73, 0x12, 0x9F, 0x61, 0x3F, 0x59, + 0xC9, 0x68, 0xB6, 0x34, 0x41, 0x40, 0x25, 0xD6, + 0xE7, 0xAD, 0x25, 0x7D, 0xCB, 0xF1, 0x2A, 0xD8, + 0x53, 0x48, 0x9D, 0xBF, 0xB5, 0xD5, 0x61, 0x18, + 0x0E, 0x2A, 0x21, 0x3E, 0x61, 0x18, 0x07, 0x8E, + 0x6F, 0x9A, 0x96, 0xA8, 0x61, 0xFE, 0x8D, 0x66, + 0x1A, 0x21, 0x99, 0xD9, 0x60, 0x8B, 0xAC, 0x85, + 0x84, 0x3D, 0x41, 0xF9, 0x93, 0x35, 0x24, 0x32, + 0xFF, 0xC0, 0x8A, 0xFA, 0xBC, 0xA7, 0x85, 0x57, + 0x3C, 0x16, 0x83, 0xAE, 0x90, 0xDE, 0x40, 0x12, + 0xE4, 0x2B, 0xA2, 0x47, 0xA4, 0x92, 0x73, 0x54, + 0x6C, 0xA5, 0xB7, 0xEE, 0x62, 0xEA, 0x62, 0x37, + 0xD9, 0xD7, 0x73, 0x58, 0x43, 0xDB, 0x20, 0x60, + 0x8C, 0x4F, 0x87, 0x58, 0xB2, 0x2B, 0xC3, 0x40, + 0xB0, 0xC1, 0xB6, 0xB6, 0xA9, 0xCD, 0xCC, 0x05, + 0x4F, 0x38, 0x5F, 0x08, 0xB3, 0x3B, 0x08, 0x4D, + 0x78, 0x6B, 0x0D, 0x40, 0x46, 0xB9, 0x20, 0xDE, + 0x29, 0x6F, 0x23, 0x96, 0xDA, 0x02, 0xF5, 0x1C, + 0x1A, 0x1A, 0x36, 0xA3, 0x3A, 0xFA, 0x1D, 0x80, + 0x36, 0x3C, 0xF6, 0xB4, 0xDC, 0x2C, 0x88, 0x54, + 0xF7, 0x86, 0xC6, 0xF2, 0x15, 0xF8, 0x85, 0x33, + 0xFB, 0x21, 0x20, 0x59, 0xCE, 0x60, 0x4B, 0xE8, + 0xF1, 0xB7, 0x54, 0x17, 0x1E, 0x83, 0xCD, 0x82, + 0x39, 0x40, 0x14, 0x31, 0xEC, 0x89, 0xC8, 0xE2, + 0x6A, 0xAE, 0x3F, 0x49, 0x5B, 0x38, 0xE7, 0xCD, + 0xE2, 0xF6, 0xEF, 0x90, 0x51, 0x10, 0x83, 0x79, + 0x27, 0x80, 0x2F, 0x45, 0x78, 0x67, 0xAF, 0xF4, + 0x65, 0x95, 0x2D, 0xFE, 0x00, 0xF3, 0x2A, 0x60, + 0x00, 0xF7, 0x26, 0xFA, 0x3C, 0xAD, 0xA9, 0xAF, + 0xCA, 0xF6, 0x69, 0x48, 0x03, 0xBE, 0x18, 0x73, + 0x54, 0x06, 0x06, 0x3E, 0x4E, 0xAD, 0xFC, 0x8B, + 0xC3, 0x43, 0x24, 0x5D, 0xE9, 0xDE, 0x78, 0xDC, + 0xD0, 0xA7, 0x04, 0x77, 0xF0, 0x0D, 0xA3, 0x37, + 0x8C, 0x5F, 0x8B, 0xDF, 0xBE, 0x90, 0x1F, 0xA6, + 0xB3, 0x17, 0x9D, 0x68, 0x36, 0x45, 0x11, 0x60, + 0xFF, 0xF9, 0xBA, 0xDA, 0x80, 0xAA, 0x37, 0x57, + 0xDD, 0x34, 0x30, 0x42, 0x7A, 0x9C, 0x86, 0xB4, + 0x91, 0x30, 0xB8, 0xC0, 0xC4, 0x29, 0x15, 0x31, + 0xF3, 0x9A, 0xB0, 0xCD, 0xAC, 0x8C, 0x7C, 0x8C, + 0x4A, 0xDC, 0x76, 0xB6, 0x31, 0x30, 0xDE, 0x2D, + 0x81, 0x04, 0xC7, 0x48, 0x73, 0x69, 0x02, 0x40, + 0x30, 0x19, 0x66, 0x94, 0x21, 0x65, 0x13, 0x18, + 0xC2, 0x09, 0x14, 0x5F, 0xC4, 0x2F, 0xC4, 0xD6, + 0xA6, 0x05, 0x37, 0xAF, 0x72, 0x0C, 0x47, 0x02, + 0x29, 0x95, 0x08, 0x9D, 0xC9, 0x07, 0x31, 0x38, + 0xA9, 0xB5, 0xDA, 0x21, 0x76, 0x1D, 0x84, 0xD0, + 0x15, 0xAF, 0x2A, 0xA3, 0x69, 0x0A, 0xE9, 0x4F, + 0x75, 0x8A, 0x50, 0xA5, 0x11, 0xD4, 0x5F, 0xAF, + 0x70, 0x43, 0xCB, 0xD7, 0x03, 0x9E, 0xB0, 0xBD, + 0x19, 0x47, 0x94, 0x58, 0x22, 0x86, 0xC6, 0xE3, + 0x62, 0xD8, 0x63, 0x05, 0xD9, 0xE2, 0xE5, 0x4A, + 0x04, 0x54, 0x5A, 0x55, 0x25, 0xAD, 0x15, 0x5C, + 0x4B, 0x71, 0x25, 0xE1, 0x50, 0xE3, 0x62, 0x1B, + 0xD2, 0x43, 0x28, 0xD2, 0x84, 0xE4, 0xE2, 0x05, + 0xE3, 0x01, 0x4C, 0x8F, 0x38, 0x17, 0x49, 0xFD, + 0x3B, 0x52, 0x1A, 0x55, 0xB3, 0x1D, 0x69, 0x83, + 0xAB, 0x9E, 0xC4, 0x73, 0xEE, 0x64, 0x7A, 0x73, + 0x19, 0xEF, 0xCD, 0x7D, 0xB7, 0xF4, 0x2E, 0xCB, + 0x55, 0x2A, 0x8A, 0xCC, 0x8F, 0xF8, 0x4E, 0xFB, + 0xD2, 0x63, 0x8F, 0xF1, 0x10, 0x89, 0x02, 0x93, + 0x3E, 0xAC, 0xA4, 0xB4, 0x89, 0xC7, 0xF7, 0x8B, + 0x3E, 0xE1, 0xE8, 0x93, 0xB9, 0x8E, 0x36, 0x25, + 0xC1, 0xC0, 0xD9, 0x44, 0x81, 0xC0, 0x99, 0x3C, + 0x2B, 0x89, 0xF7, 0xDF, 0xDB, 0xD8, 0xCC, 0x84, + 0xE6, 0xFF, 0xFE, 0xAC, 0x21, 0x16, 0xF1, 0xE2, + 0xEF, 0x0A, 0x32, 0xA7, 0xDE, 0x87, 0x51, 0xEC, + 0xB1, 0x0C, 0x0B, 0xC7, 0x07, 0xD9, 0x9A, 0xF8, + 0xE8, 0xB0, 0xFE, 0xA5, 0x67, 0xAF, 0x53, 0x9F, + 0xEF, 0x23, 0xEF, 0x7D, 0xFF, 0xA8, 0x8E, 0xDE, + 0x97, 0x93, 0x32, 0xA6, 0x7C, 0xCF, 0x49, 0xBC, + 0x36, 0x0D, 0x88, 0x90, 0x89, 0x39, 0x76, 0xA8, + 0x82, 0x19, 0x02, 0xB6, 0x02, 0x82, 0xFE, 0xED, + 0x9C, 0x28, 0x8D, 0xB0, 0x1E, 0x2B, 0x2A, 0xCF, + 0xF3, 0x94, 0xFF, 0x66, 0x33, 0x93, 0x31, 0xD6, + 0xFC, 0xAF, 0xE7, 0xC5, 0x98, 0x01, 0x46, 0xCD, + 0xCB, 0xC4, 0x41, 0x13, 0x6D, 0x42, 0xF5, 0x13, + 0xDF, 0xF9, 0x97, 0x65, 0xD4, 0x7B, 0x6E, 0x10, + 0x79, 0x5D, 0x5A, 0x82, 0xA2, 0x49, 0x53, 0xA7, + 0x6D, 0x9C, 0xDD, 0x0A, 0x80, 0x98, 0x58, 0x07, + 0x30, 0xBF, 0x0B, 0x30, 0xAC, 0x24, 0x9E, 0xA0, + 0xE8, 0xE4, 0x7A, 0x0D, 0xD0, 0x50, 0x82, 0xAE, + 0xBB, 0xEC, 0x15, 0x30, 0x2A, 0xF2, 0xA7, 0xA6, + 0x6A, 0xC8, 0xAE, 0x1E, 0x14, 0x80, 0x7C, 0x18, + 0xE7, 0x2B, 0x88, 0x65, 0xB7, 0x93, 0x12, 0xB3, + 0xC1, 0x2A, 0x20, 0xAD, 0x3B, 0x2E, 0x84, 0xC4, + 0x0D, 0xA7, 0x62, 0x5C, 0x79, 0x52, 0x5D, 0x59, + 0xA4, 0x69, 0x5C, 0x26, 0xFD, 0x4F, 0x80, 0xCC, + 0xFE, 0x8E, 0x70, 0x72, 0xB1, 0x41, 0xE1, 0x75, + 0x53, 0x51, 0xCF, 0x4C, 0x0B, 0x57, 0xF2, 0xB8, + 0x59, 0x76, 0xE6, 0xEF, 0x6D, 0x74, 0xA6, 0x73, + 0x69, 0x7F, 0x7C, 0xB2, 0x35, 0xFE, 0x8A, 0x02, + 0x2F, 0xBE, 0x7C, 0x4D, 0x02, 0xBE, 0x8F, 0xFB, + 0x7A, 0x58, 0x45, 0xEC, 0xBA, 0x1B, 0xC6, 0xB9, + 0x8D, 0xF5, 0xB0, 0x82, 0xD1, 0xB4, 0x97, 0x86, + 0x9B, 0x33, 0x54, 0x49, 0x5B, 0x88, 0xD9, 0xB5, + 0xD0, 0x93, 0x8A, 0x00, 0x5D, 0x0F, 0x37, 0x88, + 0x57, 0xE3, 0xFA, 0x7E, 0x7B, 0xFA, 0x43, 0x74, + 0x8D, 0x64, 0x07, 0xD7, 0x07, 0x85, 0x4D, 0x49, + 0xBC, 0x83, 0xF5, 0xD4, 0x95, 0x3E, 0x3E, 0x09, + 0x65, 0xF3, 0xFC, 0x88, 0xA7, 0xF0, 0x46, 0x61, + 0x44, 0x7D, 0x76, 0xED, 0xC9, 0x8D, 0x0F, 0x8D, + 0xDA, 0x0D, 0x01, 0xC8, 0xB1, 0xA8, 0x9B, 0x4A, + 0xF0, 0xA3, 0x88, 0x54, 0xC1, 0xD6, 0x52, 0x97 + }; +#endif /* WOLFSSL_NO_ML_DSA_65 */ +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte seed_87[] = { + 0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C, + 0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B, + 0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F, + 0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8 + }; + static const byte pk_87[] = { + 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, + 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, + 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, + 0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB, + 0x24, 0xBF, 0x9E, 0x97, 0x9C, 0xD2, 0x3E, 0xDA, + 0x8A, 0x1B, 0xB6, 0x76, 0xDA, 0x7D, 0x7F, 0x44, + 0xAD, 0x6B, 0xB9, 0xB0, 0x70, 0xD3, 0xD6, 0x44, + 0x7F, 0xBE, 0x6C, 0x0C, 0x71, 0x37, 0xC6, 0xFB, + 0x7B, 0x39, 0x83, 0x63, 0x9C, 0x41, 0x5C, 0xF2, + 0xC9, 0x15, 0xFF, 0xD4, 0x18, 0xEA, 0xA1, 0x4D, + 0xA9, 0xD1, 0xAD, 0x3C, 0x09, 0x8E, 0xA9, 0x05, + 0x34, 0x6C, 0xAA, 0x75, 0x78, 0xF8, 0x6B, 0x6E, + 0x52, 0xE6, 0x57, 0x55, 0x16, 0xF4, 0x92, 0x3E, + 0x74, 0x3F, 0x96, 0xA3, 0x2A, 0xD0, 0x0E, 0xEE, + 0xA1, 0xCE, 0x8A, 0x33, 0xF4, 0x87, 0xB9, 0xF3, + 0x22, 0x5D, 0x2D, 0x84, 0xCD, 0x27, 0x57, 0xCC, + 0xCF, 0xE6, 0xA3, 0x66, 0x24, 0x53, 0x0E, 0x52, + 0x8A, 0x2F, 0x64, 0xFC, 0xE7, 0x04, 0xE7, 0xA7, + 0x6C, 0x2E, 0x6A, 0xDC, 0x00, 0xEF, 0x9B, 0xEC, + 0x91, 0x07, 0xB9, 0x69, 0x8F, 0x11, 0x59, 0xFC, + 0x52, 0xEF, 0x4C, 0x36, 0x5A, 0xFD, 0xB1, 0x50, + 0xED, 0xC3, 0x43, 0x5E, 0x03, 0xBB, 0x70, 0x26, + 0x00, 0x6E, 0x5A, 0x55, 0x13, 0x51, 0xA4, 0xB1, + 0x5F, 0xB8, 0x9F, 0xD2, 0xE9, 0x98, 0x38, 0xE8, + 0xCF, 0x41, 0x73, 0xFD, 0x0D, 0xF1, 0xF6, 0x80, + 0x89, 0xE1, 0x51, 0x8D, 0xD4, 0xB5, 0x79, 0x27, + 0x76, 0xBD, 0xD9, 0x2F, 0xC7, 0xC7, 0x9B, 0xC7, + 0x99, 0x7F, 0x78, 0x84, 0xD2, 0xB8, 0x80, 0xC5, + 0xD2, 0xB7, 0xEE, 0xC8, 0x0A, 0xFE, 0x35, 0x59, + 0x84, 0x5D, 0x39, 0x08, 0x39, 0xBE, 0x5E, 0xBF, + 0x95, 0x93, 0xA7, 0x3E, 0xD0, 0x1E, 0xF6, 0x7D, + 0x50, 0x3F, 0xFB, 0x74, 0x47, 0x04, 0xA2, 0xDC, + 0x49, 0x48, 0x76, 0x2B, 0xC8, 0x43, 0x45, 0x75, + 0x72, 0x84, 0x4D, 0x15, 0x74, 0xE3, 0xEB, 0x37, + 0x83, 0x0A, 0x3B, 0x7C, 0xD4, 0x02, 0xC7, 0x6E, + 0xD5, 0xB4, 0xFC, 0x15, 0xF0, 0x5E, 0x76, 0x03, + 0x4C, 0xBB, 0x6A, 0x29, 0xDE, 0xBC, 0x7E, 0x2B, + 0x34, 0xB2, 0x14, 0x2A, 0x57, 0xCF, 0x1B, 0x39, + 0x73, 0xE5, 0x8B, 0xFF, 0x47, 0x50, 0x42, 0xDC, + 0x22, 0x6C, 0x7E, 0x13, 0x71, 0xF3, 0x37, 0x51, + 0x40, 0xF2, 0x90, 0x57, 0xAC, 0xB4, 0x64, 0x7C, + 0x5F, 0x92, 0x6D, 0x3F, 0xDC, 0xCC, 0xC8, 0xD2, + 0xE1, 0x6B, 0x81, 0xA9, 0xED, 0xCD, 0x0C, 0x8B, + 0x5B, 0x2E, 0x11, 0x89, 0x87, 0x42, 0x4B, 0xEC, + 0xAD, 0x40, 0xA5, 0xE5, 0xB4, 0x6D, 0x1C, 0xB4, + 0x01, 0x0A, 0x8E, 0x9F, 0x6F, 0x25, 0x92, 0x5D, + 0xFE, 0x6B, 0x6F, 0x24, 0x64, 0x5F, 0x9C, 0x88, + 0x86, 0x96, 0xE8, 0x79, 0x64, 0x5B, 0x6A, 0x3A, + 0x76, 0x21, 0x90, 0xCC, 0xB7, 0xD6, 0x26, 0x9D, + 0x35, 0x54, 0x79, 0xDF, 0x71, 0x90, 0x55, 0x2A, + 0x38, 0x52, 0xD1, 0xE9, 0x56, 0x73, 0xE7, 0x19, + 0x44, 0x6A, 0xD3, 0x10, 0x24, 0xB9, 0x4B, 0xF8, + 0xBB, 0xC9, 0x7B, 0x04, 0x66, 0x39, 0xCE, 0x12, + 0x3F, 0xDE, 0xC3, 0x75, 0xAF, 0x9F, 0x8D, 0x4C, + 0xF7, 0x16, 0x9B, 0xEB, 0x5F, 0xE5, 0x1B, 0xBF, + 0x82, 0x2C, 0x53, 0xBA, 0x2D, 0x98, 0xA4, 0xA0, + 0x14, 0xA2, 0xDE, 0x69, 0x7F, 0x03, 0x3C, 0x9E, + 0x4A, 0x57, 0xC6, 0xED, 0xF6, 0x10, 0x6A, 0x76, + 0x2A, 0x81, 0x92, 0x9F, 0x3E, 0xF0, 0xFD, 0xE9, + 0xB7, 0xB3, 0x8A, 0xF6, 0x1A, 0x19, 0x9A, 0x16, + 0x0F, 0x09, 0x45, 0xBD, 0xBB, 0x96, 0x7C, 0x72, + 0x40, 0xFE, 0x94, 0xBD, 0xE1, 0x60, 0x50, 0x53, + 0x13, 0xC9, 0x2B, 0xFA, 0x52, 0x40, 0xA2, 0xA7, + 0xF0, 0x8C, 0x85, 0x78, 0xDB, 0xD6, 0x7F, 0x21, + 0x39, 0xB5, 0x06, 0x72, 0xEE, 0x99, 0xA1, 0xBD, + 0x78, 0x1F, 0xA4, 0xE9, 0x54, 0xF4, 0xFA, 0xDF, + 0xA7, 0x9E, 0xDD, 0x8E, 0xB1, 0xCF, 0xA8, 0x48, + 0x84, 0x5D, 0x70, 0xCB, 0x2D, 0xA9, 0x66, 0x09, + 0x0B, 0x75, 0x75, 0xA2, 0x32, 0xFE, 0xDF, 0x96, + 0x33, 0x84, 0xA7, 0x84, 0x48, 0x1A, 0xFA, 0x82, + 0x79, 0x0A, 0x87, 0xE1, 0x1F, 0x11, 0x74, 0xD4, + 0x3C, 0xC0, 0x8D, 0x4F, 0xD2, 0x5D, 0xBB, 0x40, + 0x10, 0xB2, 0x6F, 0x23, 0xD2, 0xD6, 0xF4, 0xA5, + 0x87, 0xEF, 0x7D, 0xE8, 0xC6, 0xF7, 0xC6, 0x0F, + 0xF9, 0x6F, 0xF8, 0x4C, 0x39, 0xE4, 0x82, 0x1E, + 0x1E, 0x6A, 0x80, 0x2F, 0xEC, 0x22, 0xD6, 0xA0, + 0xAA, 0xB6, 0x2C, 0xCB, 0x16, 0x43, 0x68, 0xC2, + 0x27, 0xF6, 0xA2, 0x31, 0x62, 0x66, 0xEC, 0x2F, + 0xFF, 0x8D, 0xB4, 0x19, 0x51, 0x19, 0xA0, 0x8C, + 0x67, 0xE2, 0x04, 0x04, 0xB9, 0x1F, 0x08, 0x70, + 0x9E, 0xAA, 0xC2, 0xDE, 0xCB, 0x96, 0x19, 0x8F, + 0x02, 0x74, 0x10, 0xCC, 0x1B, 0x82, 0x5D, 0x9C, + 0x07, 0x00, 0xE5, 0xD7, 0x04, 0x51, 0xBA, 0x7F, + 0x67, 0xF9, 0x64, 0x0C, 0xA3, 0x6B, 0xF3, 0x12, + 0x21, 0x80, 0x68, 0xD6, 0xA2, 0xCA, 0xFF, 0x59, + 0x33, 0x43, 0x7D, 0x67, 0xBF, 0xD4, 0x88, 0x4A, + 0x6E, 0x92, 0xBA, 0x41, 0xE1, 0x28, 0xDA, 0xEB, + 0xE1, 0xEA, 0x25, 0x60, 0xE1, 0x2F, 0xED, 0x2C, + 0xD4, 0x4B, 0xC9, 0x4E, 0x9E, 0x9D, 0xFA, 0xBB, + 0xF9, 0x61, 0x41, 0x4C, 0x24, 0x24, 0xFC, 0x9B, + 0x62, 0xFE, 0x73, 0x74, 0xF6, 0xB8, 0x9B, 0xA9, + 0x02, 0x96, 0xF4, 0x90, 0x18, 0xA7, 0xF5, 0x49, + 0xC1, 0xA3, 0x94, 0xB8, 0xED, 0xBD, 0x0B, 0xF3, + 0xDB, 0xF3, 0xBC, 0x10, 0x6A, 0x6B, 0x3F, 0x79, + 0x07, 0xF2, 0x11, 0x09, 0xD5, 0x42, 0x8F, 0xA9, + 0x09, 0x94, 0xBE, 0xF2, 0x0D, 0x3A, 0x91, 0x33, + 0x01, 0x31, 0x34, 0xBF, 0x0A, 0xCA, 0xF1, 0x3E, + 0x66, 0x18, 0xA6, 0x69, 0xEC, 0xEA, 0xC5, 0xE9, + 0x8B, 0x80, 0xFE, 0x4D, 0x93, 0x7B, 0xD4, 0xE5, + 0x74, 0x90, 0xFA, 0xFD, 0xCE, 0x45, 0xE8, 0xD7, + 0xD8, 0x8F, 0x08, 0x8B, 0x3A, 0xA8, 0x01, 0xA2, + 0xB4, 0xE5, 0xF2, 0x29, 0x41, 0x02, 0xBD, 0xCB, + 0xF9, 0x4A, 0x62, 0x54, 0x99, 0x94, 0x61, 0xB7, + 0x8F, 0xA5, 0x8A, 0x7F, 0xDC, 0xAD, 0xD2, 0xF2, + 0x28, 0x1E, 0xF3, 0x18, 0xAE, 0x21, 0x81, 0xF7, + 0xE9, 0xE5, 0xBF, 0x2B, 0xC2, 0x98, 0x24, 0xB1, + 0x45, 0x56, 0x57, 0x31, 0xA1, 0x48, 0xAB, 0x39, + 0xC2, 0x04, 0x29, 0x1B, 0x5B, 0xD3, 0x23, 0x35, + 0xCC, 0x5A, 0x58, 0x10, 0x11, 0x5B, 0xD5, 0x88, + 0xC2, 0x60, 0x37, 0x3D, 0x1C, 0x1C, 0x7B, 0x09, + 0x95, 0xB5, 0x05, 0x12, 0xD8, 0x52, 0x8D, 0xF5, + 0xBD, 0x4A, 0xA5, 0x45, 0x6F, 0x3D, 0x55, 0x9D, + 0x90, 0xAD, 0xD7, 0xA9, 0xD0, 0x25, 0x0B, 0xD7, + 0x55, 0x11, 0x5C, 0x60, 0xBF, 0xBD, 0xFB, 0x9D, + 0x2A, 0xCE, 0x4F, 0xE6, 0xB8, 0x36, 0x3A, 0x4D, + 0xE7, 0xB6, 0xFF, 0x6B, 0xD8, 0xBA, 0xD4, 0xEE, + 0x95, 0x9A, 0x0A, 0x47, 0xD4, 0x76, 0xE0, 0xF7, + 0xAC, 0x02, 0xB6, 0xA8, 0x10, 0x1E, 0xA5, 0x98, + 0xC0, 0xF4, 0x68, 0x5E, 0x55, 0xC1, 0x67, 0xCD, + 0x16, 0x31, 0xBD, 0xA2, 0x86, 0xF3, 0xF8, 0xC0, + 0xED, 0x4A, 0xFF, 0xE8, 0xF5, 0x2C, 0xFA, 0xD2, + 0x06, 0x78, 0x6D, 0x34, 0xBE, 0xF9, 0x15, 0x84, + 0x6D, 0xE5, 0x5F, 0xA4, 0xAC, 0x84, 0x3B, 0x3A, + 0xA6, 0x2D, 0xC2, 0x01, 0xE0, 0x63, 0x92, 0xC7, + 0x77, 0xB5, 0x4E, 0x2C, 0x40, 0x90, 0x48, 0xAF, + 0x8B, 0xE9, 0x6C, 0x1E, 0xEE, 0x16, 0x8F, 0x4E, + 0x4F, 0xFF, 0x35, 0x15, 0xE5, 0x51, 0xF4, 0xB2, + 0x23, 0x1C, 0x6A, 0xCE, 0x05, 0xDC, 0xDC, 0xAD, + 0x7F, 0x9D, 0xDA, 0xB3, 0x0C, 0xAD, 0x9C, 0x62, + 0x68, 0xD6, 0x84, 0x00, 0x76, 0xFF, 0xD3, 0x01, + 0x18, 0xB0, 0xC4, 0xE5, 0xE5, 0x0D, 0x87, 0x8E, + 0xAF, 0x77, 0xEE, 0xCB, 0x56, 0x88, 0x7F, 0xED, + 0xC5, 0x7C, 0x54, 0xD6, 0x28, 0x46, 0xE0, 0x8C, + 0xE6, 0x87, 0xF2, 0x4D, 0x0D, 0x2F, 0x12, 0x62, + 0x06, 0xDF, 0xB2, 0x4E, 0x03, 0x04, 0x78, 0x0B, + 0x03, 0x4C, 0xCE, 0x86, 0xD1, 0xCD, 0x53, 0x00, + 0xED, 0xC6, 0xF8, 0x9A, 0xCB, 0x59, 0x14, 0xA6, + 0x0C, 0x87, 0x35, 0x92, 0x66, 0x0D, 0x02, 0xA9, + 0xEF, 0x0D, 0x7D, 0xC6, 0x45, 0xF3, 0x11, 0xEF, + 0x1F, 0x55, 0x72, 0x1F, 0x1B, 0x45, 0xD2, 0xE4, + 0x8F, 0x3F, 0x9F, 0xEB, 0x27, 0x02, 0xD8, 0x2C, + 0xEF, 0xAD, 0x7E, 0x7E, 0x10, 0xDD, 0x91, 0x5E, + 0x39, 0x06, 0x7C, 0x39, 0xEA, 0x61, 0xB9, 0xCC, + 0xF1, 0x45, 0x56, 0x81, 0x53, 0x55, 0x42, 0xD4, + 0x37, 0x0F, 0x53, 0xF0, 0x7F, 0xA0, 0xC6, 0x50, + 0x9B, 0x1D, 0xC6, 0x7E, 0x9F, 0x1D, 0x89, 0x3B, + 0xEB, 0x85, 0x59, 0x6D, 0x9C, 0x12, 0xEE, 0xAC, + 0xFC, 0xAE, 0xC0, 0xAE, 0x5F, 0xD4, 0x9C, 0x62, + 0xE7, 0x09, 0x8C, 0xFA, 0x80, 0x1A, 0x19, 0x09, + 0x0F, 0x8D, 0x68, 0x9E, 0x45, 0x33, 0xE2, 0x58, + 0x7B, 0xEF, 0xC7, 0x6A, 0xDC, 0x38, 0x33, 0x3E, + 0x5C, 0x53, 0xB5, 0x99, 0xDB, 0x04, 0xA7, 0xEA, + 0xFB, 0x07, 0x9B, 0x25, 0x47, 0xED, 0xAC, 0x5A, + 0xAA, 0x1E, 0xE5, 0x23, 0xDE, 0x64, 0xE5, 0x87, + 0x46, 0x8C, 0x41, 0x52, 0xC9, 0x4F, 0x90, 0x48, + 0x1C, 0xAA, 0xA6, 0xB0, 0x3A, 0x1E, 0xC9, 0x08, + 0xF7, 0x82, 0x71, 0x13, 0x76, 0x6B, 0x9E, 0x52, + 0x22, 0x32, 0xE0, 0xC6, 0xF7, 0xD7, 0x4C, 0xBD, + 0xC3, 0x1C, 0x18, 0xAF, 0xA0, 0x12, 0xD3, 0x22, + 0x6A, 0xFC, 0x71, 0x8A, 0x64, 0x24, 0xAC, 0x19, + 0x4E, 0x85, 0x3C, 0x51, 0xE6, 0xA3, 0xAD, 0xA9, + 0x59, 0x94, 0xD2, 0x7F, 0xC4, 0x9D, 0x93, 0x5B, + 0x51, 0xD7, 0xF3, 0x03, 0xE7, 0x7D, 0x5B, 0x13, + 0x0E, 0xCD, 0x7D, 0x0F, 0x77, 0x3E, 0x84, 0xD7, + 0x4E, 0x69, 0x57, 0x1B, 0x73, 0x99, 0xC9, 0x4D, + 0xC0, 0x19, 0x6B, 0x9D, 0x5F, 0xBA, 0x69, 0xEE, + 0x11, 0xBD, 0x7C, 0x45, 0xD9, 0xA9, 0x65, 0x88, + 0xA7, 0x0E, 0x16, 0xBF, 0xB3, 0x82, 0x5E, 0x5E, + 0x56, 0x13, 0x02, 0x7D, 0xB1, 0xDC, 0xF5, 0x4A, + 0x82, 0x73, 0x72, 0x35, 0x9B, 0x91, 0xAC, 0x04, + 0x69, 0xE9, 0xEA, 0x19, 0xC9, 0xD8, 0x59, 0xEB, + 0x8F, 0x22, 0x5F, 0x43, 0x11, 0x0C, 0xCF, 0xB4, + 0x16, 0x6C, 0x7D, 0x60, 0xCE, 0x14, 0x24, 0xAD, + 0xD7, 0x07, 0xC2, 0x4E, 0x98, 0xA0, 0xDE, 0x9E, + 0xE6, 0x31, 0xED, 0xF8, 0x5B, 0x9C, 0xAF, 0xF7, + 0x57, 0x59, 0x10, 0xA9, 0x92, 0xDC, 0x4F, 0x0C, + 0x2B, 0x88, 0x75, 0x19, 0x1D, 0xB3, 0xBF, 0x70, + 0x23, 0x17, 0xD5, 0x1A, 0x50, 0x30, 0x18, 0x14, + 0x1A, 0x14, 0xE6, 0x1D, 0x4F, 0x8A, 0x96, 0x3E, + 0xD8, 0x6E, 0xD9, 0xBF, 0x94, 0x4E, 0xDE, 0xB8, + 0xFF, 0xE1, 0x6F, 0xFD, 0x31, 0xE8, 0xFE, 0x43, + 0xC2, 0x40, 0x82, 0x45, 0x50, 0xFE, 0x1B, 0xBC, + 0x77, 0x4B, 0xB4, 0x30, 0xA7, 0xD4, 0x46, 0x32, + 0x6A, 0xF7, 0xC5, 0x92, 0xDA, 0x70, 0xB1, 0xB7, + 0xA1, 0x5A, 0x5D, 0x17, 0x3B, 0xDB, 0x2F, 0x28, + 0x8A, 0x6E, 0xEC, 0xDA, 0xC4, 0xF7, 0x2E, 0xCB, + 0xEB, 0x96, 0x60, 0x92, 0x1B, 0xDD, 0xD6, 0x13, + 0x7C, 0x85, 0x9F, 0x8A, 0x9A, 0xE9, 0x5F, 0xC4, + 0x24, 0xFD, 0x33, 0xDF, 0xB3, 0x98, 0x66, 0xF7, + 0xA1, 0x5A, 0xDC, 0x01, 0xC9, 0xFA, 0x37, 0xF1, + 0x7B, 0xD0, 0xF6, 0x66, 0x8A, 0x26, 0x7C, 0xC2, + 0x1B, 0xFF, 0x62, 0xBC, 0xFD, 0xCD, 0x47, 0xDA, + 0xEE, 0x75, 0xF2, 0xAC, 0x60, 0x69, 0x87, 0x26, + 0xCC, 0x92, 0x10, 0x1C, 0x92, 0xC1, 0x43, 0x09, + 0xE9, 0xCE, 0x7D, 0x05, 0x5C, 0x64, 0x55, 0xCB, + 0xBB, 0x7A, 0xAE, 0x05, 0xDB, 0x38, 0xD3, 0xD5, + 0xBB, 0xD9, 0x9F, 0xCB, 0xCF, 0xB7, 0x9C, 0xEF, + 0x7E, 0x7B, 0x2A, 0x6F, 0x84, 0x4E, 0x6A, 0x7F, + 0xD3, 0x5F, 0xF3, 0xB3, 0xC1, 0xF0, 0x02, 0x9C, + 0xA2, 0x4C, 0x86, 0x0E, 0x6B, 0xE2, 0x2B, 0x1D, + 0x1D, 0xB4, 0x55, 0x7F, 0x85, 0x54, 0x2D, 0x85, + 0x64, 0x89, 0x92, 0x19, 0x65, 0x44, 0xD7, 0x95, + 0x48, 0x2C, 0x46, 0x8D, 0x0E, 0xBA, 0xFB, 0x13, + 0x63, 0x52, 0x2E, 0x22, 0x19, 0x3F, 0x7F, 0xFB, + 0x54, 0x4D, 0x73, 0xA1, 0x3C, 0x22, 0xD6, 0x5D, + 0x2B, 0x4A, 0xBD, 0xD7, 0xBB, 0x72, 0x55, 0x80, + 0xD4, 0x57, 0x4E, 0xDC, 0xF2, 0x8B, 0xB3, 0x09, + 0x6A, 0xF9, 0x1A, 0xD3, 0x41, 0x0E, 0x72, 0x95, + 0x49, 0xE7, 0xD1, 0xDC, 0x05, 0x22, 0xC3, 0x3E, + 0x26, 0x95, 0x00, 0x01, 0x8C, 0xE1, 0x54, 0x47, + 0x84, 0x10, 0xA7, 0x67, 0x45, 0xBB, 0xB9, 0x7B, + 0x0B, 0xB4, 0x74, 0x82, 0xED, 0x6C, 0x26, 0x6E, + 0xF2, 0x56, 0xCA, 0x1A, 0xD1, 0x10, 0x68, 0x40, + 0x28, 0x23, 0xD5, 0x98, 0xB3, 0x6B, 0x75, 0x16, + 0x13, 0x87, 0xE1, 0xF2, 0x3F, 0xAB, 0xC0, 0x2A, + 0xF0, 0x16, 0x59, 0x85, 0x1A, 0x5B, 0x41, 0xB7, + 0x52, 0xB1, 0x79, 0x46, 0x20, 0xDF, 0x59, 0xFB, + 0x33, 0xB3, 0x05, 0xF1, 0x12, 0x8B, 0xDB, 0x7C, + 0x51, 0x90, 0xC9, 0x8A, 0xC9, 0x48, 0x10, 0x54, + 0xF4, 0x0F, 0x88, 0x1D, 0xDB, 0x40, 0x1B, 0x3A, + 0xD7, 0x62, 0xD1, 0x75, 0x73, 0xD6, 0xCA, 0x23, + 0x26, 0xB2, 0xBF, 0x4C, 0xCA, 0x22, 0xDD, 0xF6, + 0xAF, 0x22, 0xB8, 0x4F, 0xC2, 0xC3, 0xB3, 0xD3, + 0xED, 0xFA, 0xBA, 0x2E, 0x38, 0x28, 0x6A, 0xAE, + 0x60, 0xE9, 0x2D, 0x11, 0x33, 0xED, 0x7E, 0xE9, + 0x29, 0x8E, 0x01, 0xB0, 0x0F, 0x13, 0x83, 0x44, + 0x17, 0xFA, 0xB6, 0x54, 0x7C, 0xAC, 0x1F, 0xED, + 0xC9, 0x22, 0xF2, 0x4F, 0x69, 0x24, 0x04, 0xFE, + 0xC2, 0x6A, 0xEB, 0xB0, 0xE4, 0xF5, 0x03, 0xCB, + 0xB3, 0x99, 0x50, 0x66, 0x1F, 0x6B, 0xF3, 0xFE, + 0xB7, 0xBF, 0x8D, 0xBA, 0x59, 0x75, 0x75, 0x51, + 0xB0, 0xA5, 0xB9, 0x66, 0xC8, 0xDD, 0x35, 0xAE, + 0x20, 0x66, 0x21, 0x9B, 0x04, 0x3F, 0xC6, 0x90, + 0x6F, 0x2B, 0x5C, 0x78, 0x49, 0x3C, 0x40, 0xE6, + 0xF9, 0x6B, 0x1A, 0xEF, 0xCE, 0x5A, 0xC1, 0x68, + 0xD3, 0x34, 0x05, 0xD0, 0x21, 0x6C, 0xF8, 0xA8, + 0x55, 0xE4, 0x6E, 0x80, 0x9B, 0xAD, 0xA5, 0xC3, + 0x55, 0x0B, 0x28, 0xBB, 0x54, 0x02, 0xD4, 0xF6, + 0x82, 0x73, 0xAB, 0x56, 0x0B, 0xB1, 0x5F, 0x94, + 0xC3, 0xDA, 0x24, 0x1E, 0x7F, 0x62, 0x6B, 0x98, + 0x6B, 0x2A, 0xF3, 0x92, 0x37, 0x3A, 0xB9, 0xE6, + 0x27, 0xC4, 0xBB, 0xAB, 0xE4, 0x9A, 0x60, 0xD2, + 0xAE, 0xCE, 0xFD, 0x44, 0xEB, 0x1C, 0xCF, 0x74, + 0x54, 0xFC, 0xEC, 0x4F, 0xC2, 0xBA, 0xF4, 0x3B, + 0xAC, 0x03, 0xC7, 0x2E, 0xE6, 0x62, 0x44, 0x61, + 0x42, 0xC8, 0xAE, 0xF1, 0xB2, 0xA9, 0xAC, 0xE0, + 0xCE, 0x23, 0xAF, 0xCC, 0x86, 0x61, 0xFE, 0xC5, + 0xCB, 0xAC, 0x4A, 0x1B, 0x5C, 0xC7, 0x2B, 0xFF, + 0x8A, 0x20, 0x62, 0x0E, 0xB9, 0x1D, 0xDD, 0x93, + 0x19, 0x29, 0xE4, 0xD9, 0x13, 0x1D, 0x28, 0x32, + 0x03, 0x5A, 0xA6, 0x8E, 0x20, 0xC7, 0xD6, 0xC6, + 0x4D, 0x19, 0x17, 0xCC, 0x65, 0xB8, 0x84, 0x0C, + 0x38, 0xB4, 0xA9, 0x45, 0x2B, 0x91, 0x61, 0x79, + 0x87, 0x08, 0xA6, 0xBD, 0x28, 0x9A, 0x58, 0x48, + 0xD5, 0x58, 0xC6, 0xCE, 0xC2, 0xC5, 0x72, 0x16, + 0xD9, 0xF4, 0xED, 0x66, 0xAC, 0xFA, 0x93, 0xE8, + 0x26, 0x10, 0x3B, 0x3D, 0x8F, 0xEA, 0x51, 0xCC, + 0x82, 0xC0, 0xDB, 0xDF, 0xA7, 0x13, 0xFB, 0x1B, + 0x77, 0x7E, 0x6F, 0x9E, 0x3C, 0xC5, 0x86, 0x35, + 0x92, 0x5B, 0x6F, 0x76, 0xA1, 0x71, 0x0D, 0x8C, + 0xDC, 0x95, 0x9F, 0xAC, 0x2C, 0x8E, 0x21, 0x01, + 0x37, 0x06, 0x28, 0x64, 0x4C, 0x23, 0xE2, 0x75, + 0x0B, 0xA7, 0xA4, 0xF5, 0x90, 0x87, 0xD2, 0x43, + 0x71, 0x59, 0x7C, 0x8C, 0xCA, 0x77, 0x3B, 0xC5, + 0x36, 0x46, 0xF7, 0x2F, 0xD3, 0x47, 0x18, 0xD7, + 0xC9, 0x4E, 0x56, 0x2D, 0x49, 0x82, 0xAC, 0x7D, + 0xD7, 0x3D, 0xF1, 0xDD, 0x73, 0x8B, 0xE4, 0xA1, + 0x10, 0x85, 0xB6, 0x94, 0xBE, 0x6A, 0x5E, 0xEE, + 0xBD, 0x60, 0xEB, 0x95, 0x76, 0xA8, 0x52, 0xE1, + 0x47, 0x57, 0xA1, 0x9C, 0xEC, 0x44, 0xE5, 0x6F, + 0x68, 0x34, 0x7E, 0x19, 0xBE, 0xCE, 0x56, 0xC9, + 0xBE, 0xCE, 0xFC, 0xB8, 0x32, 0x6D, 0xCB, 0x84, + 0x59, 0xBF, 0x4D, 0xF6, 0xE1, 0x53, 0x41, 0x61, + 0x5C, 0xFB, 0xD2, 0x48, 0xA6, 0x7F, 0x05, 0xB2, + 0xFC, 0xE8, 0xB2, 0x8A, 0x55, 0x7D, 0x19, 0xC0, + 0x69, 0x3B, 0x91, 0x5D, 0x71, 0xE7, 0xBB, 0x72, + 0x7D, 0xB9, 0x64, 0x6E, 0x8B, 0x5B, 0x70, 0x51, + 0xB5, 0x69, 0x8C, 0xC0, 0xFC, 0x95, 0xB2, 0x43, + 0x08, 0xF8, 0x70, 0xE4, 0x6F, 0x87, 0xA7, 0xDF, + 0x23, 0x84, 0xEE, 0xCF, 0x73, 0x38, 0xDE, 0x99, + 0x4C, 0xF8, 0xF1, 0x2D, 0xA2, 0x68, 0x99, 0xE3, + 0x9B, 0xB8, 0xF6, 0xC1, 0x5C, 0x83, 0x07, 0xE9, + 0xB9, 0xE2, 0x51, 0x62, 0xC8, 0x53, 0xF1, 0xC2, + 0xF7, 0x57, 0x8A, 0xA0, 0x42, 0x3C, 0x18, 0x36, + 0xF3, 0x99, 0xFD, 0x34, 0xB2, 0xF0, 0x1D, 0xBA, + 0x43, 0xEA, 0x72, 0x1C, 0x0B, 0x37, 0x47, 0xBC, + 0xAF, 0xDA, 0x22, 0x1F, 0x1C, 0x08, 0x16, 0x13, + 0xBD, 0xAA, 0x07, 0xFD, 0x7E, 0xCA, 0x70, 0x57, + 0x74, 0xDF, 0x68, 0x6B, 0x9F, 0x2D, 0x56, 0xBD, + 0x21, 0x89, 0xFA, 0x09, 0x04, 0xCA, 0x09, 0xBD, + 0x4F, 0xE6, 0x15, 0xF5, 0x89, 0xAB, 0xAC, 0xB2, + 0xC9, 0xBF, 0xC8, 0xBB, 0x87, 0x83, 0xB4, 0xD3, + 0xDC, 0xB1, 0x25, 0x9B, 0xAE, 0xC5, 0x75, 0x0C, + 0x9E, 0x6A, 0x83, 0x41, 0x85, 0x9D, 0x4B, 0xBF, + 0x62, 0x0C, 0x7D, 0x77, 0xC9, 0x89, 0xA6, 0xE1, + 0x28, 0xBD, 0x13, 0x5D, 0x41, 0x26, 0x80, 0x75, + 0x23, 0x57, 0xE7, 0x4F, 0x4D, 0x02, 0x8E, 0x0F, + 0x43, 0x67, 0xF6, 0xA6, 0xE6, 0xB6, 0x84, 0x8D, + 0xF5, 0x7B, 0x6A, 0x95, 0x73, 0x27, 0x86, 0x02, + 0x72, 0xCB, 0xDF, 0x77, 0x1C, 0x6C, 0x5E, 0xD3, + 0xF0, 0x1C, 0x82, 0x7A, 0x0D, 0xBB, 0x70, 0xA3, + 0x98, 0x8B, 0x7B, 0x4A, 0xFE, 0x2D, 0xB1, 0x5C, + 0x61, 0x89, 0x34, 0x4C, 0x81, 0x4B, 0x52, 0x17, + 0x03, 0x81, 0x54, 0x4F, 0x9E, 0x9E, 0x07, 0x16, + 0xF3, 0xD9, 0x18, 0x01, 0x11, 0xFD, 0x67, 0x18, + 0xA2, 0x64, 0x35, 0x42, 0x81, 0x80, 0x4A, 0xBA, + 0xCB, 0xD5, 0xF5, 0x4A, 0x10, 0x7F, 0xE2, 0xCF, + 0xA5, 0x1E, 0xCB, 0x0C, 0xAB, 0x3E, 0x03, 0x98, + 0x73, 0x89, 0xA4, 0x10, 0x75, 0xD5, 0xAC, 0x3D, + 0xCF, 0x56, 0x75, 0xD8, 0x86, 0xC2, 0x21, 0x42, + 0x99, 0x8D, 0x1B, 0x49, 0x09, 0xFE, 0x86, 0x41, + 0xC9, 0xDC, 0x87, 0x8D, 0x5A, 0xF0, 0xF5, 0xBE, + 0xF5, 0x49, 0x64, 0x5A, 0x7A, 0xC3, 0x5D, 0xE4, + 0xD6, 0xB7, 0x30, 0x92, 0x2A, 0x15, 0x86, 0x02, + 0xBE, 0xBA, 0x6E, 0xF6, 0x3D, 0x2D, 0x70, 0x89, + 0xFB, 0xB5, 0x1E, 0xBA, 0xDA, 0x20, 0x12, 0x49, + 0x22, 0xA0, 0xD8, 0x33, 0x9E, 0x4C, 0xC0, 0x27, + 0x0F, 0x9C, 0x1F, 0xD2, 0xA9, 0xF4, 0xD2, 0xA9, + 0x6D, 0xC5, 0x32, 0x16, 0x35, 0x9F, 0x19, 0x88, + 0xC1, 0xAA, 0xA4, 0x66, 0x33, 0xE6, 0x2C, 0x6A, + 0x6E, 0xA2, 0x1B, 0x33, 0xCB, 0xC3, 0x7E, 0xC5, + 0x31, 0x4D, 0x5C, 0x17, 0x4C, 0x33, 0x7F, 0x09, + 0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E, + 0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39 + }; + static const byte sk_87[] = { + 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, + 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, + 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, + 0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB, + 0x9A, 0xFE, 0xF5, 0x92, 0x58, 0xBB, 0x3C, 0xEB, + 0x4C, 0x5E, 0x83, 0xF9, 0xFF, 0xBC, 0x3B, 0x49, + 0xAE, 0xE1, 0xFC, 0x4B, 0x94, 0x4B, 0x8C, 0x75, + 0xD4, 0x67, 0x75, 0x66, 0x7D, 0x6B, 0xA4, 0xF2, + 0xDA, 0xC2, 0xB7, 0xC4, 0xD8, 0x50, 0x25, 0xCB, + 0x5A, 0xDB, 0xA4, 0xAD, 0xBB, 0x44, 0x20, 0x24, + 0x90, 0xEA, 0xA5, 0x2C, 0xAE, 0x80, 0x22, 0xC9, + 0x59, 0x02, 0xB7, 0x10, 0xB0, 0x5E, 0x1E, 0x5F, + 0x52, 0x7D, 0x88, 0xDA, 0xE2, 0x04, 0xBF, 0x45, + 0xA7, 0xA8, 0x49, 0x97, 0x7D, 0xAD, 0x7C, 0x7C, + 0x9E, 0x9C, 0x4A, 0xCC, 0x36, 0x33, 0x0F, 0x30, + 0xFA, 0xDE, 0x52, 0xE9, 0xAE, 0x23, 0x29, 0x13, + 0x10, 0x17, 0x8A, 0xD0, 0x08, 0x8E, 0xE1, 0x10, + 0x30, 0xD0, 0x84, 0x65, 0x92, 0x12, 0x2A, 0x81, + 0x26, 0x2E, 0x11, 0x14, 0x30, 0x61, 0x38, 0x61, + 0x64, 0x42, 0x05, 0x08, 0x91, 0x90, 0x4C, 0x06, + 0x82, 0xCC, 0x90, 0x45, 0x10, 0x39, 0x90, 0x22, + 0x40, 0x2A, 0x9B, 0x16, 0x26, 0x9A, 0xA8, 0x50, + 0x91, 0x12, 0x70, 0x91, 0x20, 0x4D, 0xC0, 0x34, + 0x90, 0x18, 0x28, 0x31, 0x10, 0x02, 0x11, 0x22, + 0xB3, 0x6C, 0x8B, 0xB8, 0x2C, 0x22, 0xB0, 0x69, + 0x53, 0x36, 0x31, 0x61, 0x42, 0x6C, 0xD9, 0x06, + 0x6A, 0xD9, 0x04, 0x45, 0xDB, 0x18, 0x05, 0x12, + 0x37, 0x4A, 0xD4, 0x06, 0x64, 0xD3, 0xA2, 0x85, + 0xA0, 0x38, 0x8A, 0x14, 0xA5, 0x85, 0x50, 0x20, + 0x85, 0xE4, 0xA8, 0x24, 0xC3, 0xC6, 0x31, 0xC9, + 0x34, 0x4E, 0xD2, 0x14, 0x68, 0x82, 0x90, 0x85, + 0xC4, 0x02, 0x61, 0x24, 0x38, 0x05, 0x01, 0xA3, + 0x50, 0x48, 0x08, 0x62, 0x20, 0xB0, 0x25, 0x5B, + 0xA6, 0x4D, 0x98, 0x92, 0x11, 0xC2, 0x06, 0x00, + 0xD1, 0xB0, 0x4D, 0x21, 0xA4, 0x8C, 0x01, 0x16, + 0x72, 0x11, 0xA6, 0x20, 0xD0, 0x16, 0x45, 0x10, + 0x31, 0x8E, 0xCB, 0xC2, 0x69, 0x02, 0x08, 0x91, + 0xD4, 0x30, 0x89, 0x03, 0x41, 0x05, 0x93, 0x16, + 0x8E, 0x5A, 0x18, 0x04, 0x41, 0x10, 0x6D, 0x18, + 0x42, 0x70, 0x53, 0x16, 0x31, 0x52, 0x30, 0x8E, + 0x0C, 0x49, 0x66, 0x0C, 0x90, 0x0C, 0xA4, 0x08, + 0x2E, 0x41, 0x92, 0x05, 0x24, 0x07, 0x30, 0x12, + 0x46, 0x72, 0x13, 0x99, 0x20, 0xE0, 0xA2, 0x4C, + 0x1B, 0x14, 0x52, 0x5A, 0x90, 0x05, 0x08, 0x82, + 0x31, 0x53, 0xC2, 0x90, 0xCC, 0x42, 0x68, 0x18, + 0xB0, 0x2C, 0x00, 0x80, 0x65, 0x58, 0x12, 0x84, + 0x19, 0x90, 0x08, 0x44, 0x26, 0x4A, 0x10, 0xA9, + 0x0C, 0x12, 0x25, 0x0C, 0x9C, 0x10, 0x25, 0x0C, + 0x28, 0x25, 0xD8, 0x46, 0x84, 0x1A, 0x22, 0x71, + 0x5B, 0x28, 0x6E, 0x98, 0x02, 0x51, 0x61, 0xB4, + 0x51, 0x01, 0xA1, 0x21, 0x24, 0x39, 0x12, 0xC8, + 0x08, 0x85, 0xD1, 0x34, 0x64, 0xA4, 0xA8, 0x04, + 0xA2, 0xC0, 0x09, 0x44, 0x48, 0x48, 0x03, 0x37, + 0x00, 0x20, 0x05, 0x4D, 0x20, 0xA4, 0x05, 0x11, + 0x18, 0x82, 0x42, 0x94, 0x4D, 0x24, 0x16, 0x01, + 0x02, 0x93, 0x4C, 0x00, 0x16, 0x06, 0xC1, 0xC0, + 0x0C, 0x8B, 0xC0, 0x41, 0x41, 0x06, 0x42, 0xA3, + 0xC6, 0x64, 0x1A, 0x85, 0x91, 0x41, 0x06, 0x49, + 0x04, 0xA7, 0x44, 0x82, 0x22, 0x6A, 0x50, 0x08, + 0x0E, 0x14, 0x18, 0x20, 0x4B, 0x88, 0x91, 0x01, + 0xA0, 0x49, 0x1A, 0x85, 0x4D, 0x94, 0x18, 0x10, + 0x0A, 0x05, 0x44, 0x94, 0x38, 0x05, 0x93, 0x40, + 0x68, 0x23, 0x07, 0x85, 0xE2, 0x12, 0x22, 0x9B, + 0xB8, 0x08, 0xD2, 0x10, 0x2A, 0x08, 0xA8, 0x10, + 0x92, 0x40, 0x2D, 0xD8, 0x44, 0x4C, 0xCC, 0x94, + 0x05, 0x24, 0x43, 0x4C, 0xD3, 0xC2, 0x48, 0x10, + 0x21, 0x2D, 0xC9, 0xB6, 0x08, 0xC9, 0x06, 0x4D, + 0xE1, 0x90, 0x20, 0x14, 0x24, 0x70, 0x5C, 0x84, + 0x28, 0xC0, 0xC2, 0x81, 0x22, 0x13, 0x50, 0x44, + 0x84, 0x91, 0xCA, 0xA2, 0x48, 0x12, 0x91, 0x05, + 0x5B, 0x92, 0x8D, 0x92, 0x92, 0x24, 0x82, 0x42, + 0x48, 0x03, 0x37, 0x46, 0xD8, 0x44, 0x86, 0x44, + 0x20, 0x89, 0xE4, 0xC2, 0x84, 0xC2, 0x04, 0x65, + 0x49, 0xA8, 0x4D, 0xA4, 0x38, 0x28, 0xDB, 0xA4, + 0x64, 0x24, 0x00, 0x51, 0xC8, 0x12, 0x6D, 0x19, + 0x82, 0x24, 0xCB, 0x00, 0x44, 0x4B, 0x20, 0x20, + 0x9B, 0x82, 0x4C, 0x5C, 0xA8, 0x08, 0xD2, 0xB6, + 0x8C, 0x08, 0x35, 0x20, 0xC0, 0x92, 0x45, 0xE3, + 0xB4, 0x2C, 0x50, 0x32, 0x0E, 0xD1, 0x82, 0x11, + 0x4A, 0x96, 0x08, 0x1C, 0x86, 0x29, 0x02, 0x19, + 0x71, 0x12, 0x03, 0x6E, 0x94, 0x08, 0x50, 0x12, + 0x27, 0x20, 0x0B, 0x10, 0x12, 0xA1, 0x18, 0x06, + 0x5A, 0x36, 0x4C, 0x93, 0xB4, 0x68, 0x21, 0xA7, + 0x28, 0x09, 0x34, 0x91, 0x18, 0x93, 0x49, 0x4A, + 0x32, 0x60, 0x00, 0x29, 0x2D, 0x94, 0x48, 0x44, + 0x09, 0x94, 0x2C, 0x21, 0x07, 0x6C, 0x41, 0x38, + 0x60, 0x8C, 0x10, 0x46, 0x11, 0x19, 0x65, 0x01, + 0x46, 0x60, 0x1A, 0x29, 0x42, 0x23, 0x30, 0x29, + 0x40, 0x96, 0x85, 0x81, 0xC6, 0x6C, 0x09, 0xA2, + 0x31, 0x23, 0xC9, 0x84, 0x18, 0x27, 0x61, 0x02, + 0xA6, 0x05, 0x1B, 0x11, 0x32, 0xD1, 0x80, 0x24, + 0x59, 0x22, 0x52, 0x21, 0x34, 0x64, 0x0A, 0x21, + 0x52, 0x10, 0xC2, 0x80, 0x5C, 0x98, 0x0D, 0x81, + 0xA0, 0x84, 0x14, 0x97, 0x04, 0xCC, 0xC2, 0x04, + 0x1A, 0x81, 0x45, 0x23, 0x44, 0x6C, 0x13, 0xC0, + 0x44, 0x59, 0xC2, 0x68, 0x64, 0x08, 0x52, 0x51, + 0x30, 0x71, 0x12, 0x49, 0x70, 0x12, 0x94, 0x84, + 0x80, 0x12, 0x12, 0x1B, 0x00, 0x50, 0x84, 0x10, + 0x45, 0x4A, 0x30, 0x10, 0x22, 0x95, 0x49, 0xC9, + 0x82, 0x24, 0x03, 0x35, 0x21, 0x18, 0x16, 0x72, + 0x09, 0x89, 0x65, 0x88, 0xB2, 0x89, 0x41, 0xB4, + 0x90, 0x92, 0x38, 0x8C, 0x08, 0x23, 0x26, 0x0B, + 0x80, 0x61, 0x84, 0x28, 0x6A, 0x4C, 0x98, 0x44, + 0x10, 0xB9, 0x30, 0x93, 0x02, 0x49, 0x22, 0x13, + 0x80, 0x1C, 0xC3, 0x48, 0x50, 0xA8, 0x20, 0x1C, + 0x05, 0x00, 0x5B, 0x02, 0x41, 0xD2, 0x84, 0x61, + 0x4B, 0x40, 0x46, 0x20, 0x21, 0x44, 0xD9, 0xC4, + 0x21, 0xD3, 0xA4, 0x4D, 0xC0, 0xC0, 0x09, 0x5B, + 0x28, 0x91, 0x18, 0x15, 0x41, 0x18, 0xC5, 0x4C, + 0x14, 0xB7, 0x61, 0xDB, 0x34, 0x25, 0x02, 0x06, + 0x41, 0x14, 0xA9, 0x65, 0x0B, 0x10, 0x04, 0x23, + 0xC7, 0x49, 0x13, 0x47, 0x0A, 0xD0, 0x30, 0x80, + 0x99, 0x32, 0x68, 0x50, 0x18, 0x06, 0xA2, 0x28, + 0x65, 0x13, 0x35, 0x82, 0xD3, 0x06, 0x81, 0x22, + 0x49, 0x4D, 0x48, 0x44, 0x30, 0xCA, 0x96, 0x2C, + 0x12, 0xC8, 0x08, 0xA1, 0x24, 0x2C, 0x52, 0xA8, + 0x28, 0x23, 0x14, 0x0A, 0xD4, 0x20, 0x4D, 0x18, + 0x12, 0x72, 0xD4, 0x80, 0x44, 0xDC, 0x26, 0x2C, + 0x88, 0x10, 0x0A, 0x04, 0x14, 0x51, 0xC1, 0x96, + 0x00, 0xA3, 0x40, 0x30, 0x99, 0x48, 0x92, 0x9B, + 0x08, 0x86, 0x81, 0x04, 0x20, 0x4C, 0xB2, 0x29, + 0x18, 0x31, 0x08, 0x09, 0x23, 0x8C, 0x4C, 0x02, + 0x6A, 0xCA, 0x00, 0x62, 0x09, 0x22, 0x2D, 0x21, + 0x00, 0x02, 0x0A, 0x39, 0x41, 0x04, 0xA3, 0x50, + 0x90, 0x80, 0x2D, 0x59, 0xB4, 0x71, 0x13, 0x16, + 0x31, 0x11, 0x90, 0x4C, 0xC3, 0x14, 0x20, 0x60, + 0xB2, 0x30, 0x0A, 0xB6, 0x24, 0x21, 0xA9, 0x10, + 0x89, 0x80, 0x88, 0x44, 0x06, 0x8A, 0x91, 0x22, + 0x8E, 0xD9, 0x36, 0x86, 0x10, 0x46, 0x0A, 0xE1, + 0x16, 0x85, 0x42, 0x40, 0x6C, 0x09, 0x49, 0x11, + 0xE0, 0x88, 0x68, 0x12, 0x08, 0x68, 0x5C, 0x26, + 0x24, 0x04, 0xA8, 0x70, 0xC8, 0x08, 0x05, 0x13, + 0x87, 0x41, 0x23, 0x29, 0x72, 0xC9, 0xB8, 0x88, + 0x1B, 0x22, 0x66, 0x11, 0xA5, 0x2D, 0x11, 0x29, + 0x12, 0x50, 0x12, 0x70, 0x03, 0x09, 0x6A, 0x4B, + 0x88, 0x4C, 0xD2, 0xC8, 0x31, 0x40, 0x26, 0x40, + 0x4C, 0x04, 0x50, 0x58, 0x16, 0x71, 0x90, 0xC2, + 0x00, 0x0A, 0x30, 0x8A, 0xDC, 0x24, 0x85, 0x19, + 0xB0, 0x65, 0x1A, 0xA3, 0x64, 0x13, 0xA3, 0x45, + 0xC8, 0x48, 0x91, 0x91, 0x12, 0x20, 0xDC, 0x42, + 0x40, 0x24, 0xC0, 0x4D, 0xA3, 0x98, 0x10, 0x40, + 0x26, 0x25, 0xDC, 0xB4, 0x68, 0x4B, 0xC2, 0x45, + 0x13, 0x06, 0x91, 0xC8, 0x92, 0x24, 0x82, 0xA8, + 0x20, 0x4C, 0x30, 0x48, 0x52, 0x06, 0x01, 0x0B, + 0x24, 0x51, 0x41, 0x36, 0x40, 0x93, 0xC4, 0x70, + 0x44, 0x40, 0x2C, 0x24, 0x28, 0x22, 0x81, 0xA4, + 0x4C, 0x43, 0x84, 0x60, 0x20, 0x23, 0x90, 0x01, + 0x94, 0x6C, 0xDB, 0x28, 0x21, 0x93, 0x30, 0x80, + 0x93, 0xC0, 0x25, 0xC8, 0xA6, 0x50, 0xCA, 0x24, + 0x26, 0xD1, 0x40, 0x31, 0x04, 0xC4, 0x8D, 0xE2, + 0xC0, 0x04, 0x08, 0x33, 0x8C, 0x18, 0x87, 0x91, + 0xC8, 0xC8, 0x71, 0x40, 0x46, 0x06, 0x00, 0x44, + 0x20, 0x22, 0x49, 0x70, 0x11, 0x45, 0x90, 0x02, + 0xC3, 0x61, 0x60, 0xB4, 0x25, 0x80, 0x16, 0x21, + 0x11, 0x09, 0x04, 0x88, 0x04, 0x05, 0xCC, 0x36, + 0x20, 0x01, 0xB1, 0x2C, 0x64, 0xB6, 0x50, 0x54, + 0x32, 0x42, 0x0B, 0x08, 0x8D, 0x12, 0x39, 0x0D, + 0x10, 0x29, 0x52, 0x88, 0xB0, 0x04, 0x11, 0x38, + 0x44, 0xD2, 0xA6, 0x71, 0x0B, 0x45, 0x48, 0x9C, + 0x34, 0x72, 0xA0, 0x28, 0x49, 0x82, 0x16, 0x86, + 0x12, 0x18, 0x61, 0x04, 0x41, 0x0D, 0x8A, 0xA6, + 0x41, 0x80, 0xA8, 0x61, 0xDA, 0x30, 0x65, 0x82, + 0x84, 0x30, 0x08, 0xA3, 0x29, 0x04, 0x33, 0x8E, + 0x02, 0x24, 0x0D, 0x9C, 0x44, 0x10, 0xC9, 0x02, + 0x81, 0x53, 0x06, 0x66, 0x8B, 0x06, 0x90, 0x03, + 0x87, 0x69, 0x21, 0xC9, 0x69, 0x83, 0x46, 0x4E, + 0x14, 0x24, 0x89, 0x8C, 0xA0, 0x6C, 0x99, 0xA2, + 0x2C, 0x11, 0x37, 0x66, 0x0C, 0xA6, 0x4D, 0xD3, + 0xC8, 0x70, 0x03, 0x02, 0x61, 0xC3, 0xB6, 0x65, + 0x23, 0xC1, 0x6C, 0x10, 0x34, 0x8D, 0x1A, 0xC1, + 0x31, 0x43, 0x40, 0x44, 0xD4, 0x08, 0x02, 0x0A, + 0x36, 0x20, 0xE3, 0x26, 0x42, 0x0A, 0x48, 0x26, + 0x1A, 0x13, 0x44, 0x0C, 0x18, 0x61, 0x91, 0x96, + 0x84, 0x02, 0x17, 0x46, 0x9C, 0x20, 0x40, 0x41, + 0xC6, 0x2D, 0x1B, 0x16, 0x0C, 0x98, 0xB2, 0x90, + 0x1A, 0x20, 0x84, 0xE2, 0x34, 0x2D, 0xCB, 0x14, + 0x44, 0x93, 0xC6, 0x8D, 0x58, 0xB2, 0x69, 0x22, + 0xB2, 0x88, 0xC0, 0xB8, 0x2D, 0xA2, 0xC2, 0x31, + 0x20, 0xA3, 0x24, 0x11, 0x46, 0x48, 0x4A, 0xA6, + 0x50, 0x24, 0x09, 0x21, 0x1A, 0x01, 0x0D, 0x20, + 0x36, 0x01, 0xC4, 0x34, 0x70, 0xDA, 0x16, 0x68, + 0x84, 0x22, 0x4C, 0x11, 0x14, 0x09, 0x13, 0xC4, + 0x68, 0x11, 0x41, 0x2D, 0x1C, 0x10, 0x31, 0xDC, + 0xB2, 0x64, 0x42, 0x36, 0x08, 0x5C, 0x10, 0x88, + 0x04, 0x91, 0x25, 0xE1, 0xA0, 0x20, 0x14, 0x18, + 0x12, 0x14, 0x94, 0x91, 0x4C, 0xC2, 0x24, 0xD4, + 0x06, 0x71, 0x21, 0x02, 0x8D, 0xD4, 0x88, 0x30, + 0xC9, 0x36, 0x0E, 0xE4, 0x82, 0x81, 0xC0, 0x04, + 0x6D, 0x24, 0x23, 0x09, 0x21, 0x45, 0x45, 0x20, + 0x06, 0x65, 0xC2, 0x30, 0x2A, 0x18, 0x30, 0x8E, + 0x24, 0x83, 0x89, 0x93, 0x32, 0x66, 0xC1, 0x48, + 0x45, 0x62, 0x48, 0x0A, 0x52, 0xB8, 0x80, 0x11, + 0x86, 0x21, 0x04, 0x34, 0x11, 0x24, 0xB5, 0x6C, + 0x50, 0x36, 0x0A, 0x19, 0xA7, 0x8C, 0x14, 0x90, + 0x0D, 0x1A, 0xA5, 0x68, 0x0B, 0xB1, 0x11, 0x50, + 0x40, 0x08, 0x48, 0xB6, 0x31, 0x14, 0x28, 0x8D, + 0xE3, 0x47, 0xB4, 0xA1, 0x44, 0x94, 0xCC, 0x9F, + 0x0B, 0x94, 0x9F, 0x25, 0x49, 0xD9, 0xB3, 0x8F, + 0x71, 0xF4, 0x17, 0xA4, 0xA6, 0xAC, 0x24, 0x58, + 0x14, 0x25, 0x03, 0xC8, 0x63, 0x3E, 0x10, 0xA8, + 0xD4, 0x10, 0xD7, 0x90, 0x4A, 0x28, 0x37, 0x90, + 0x70, 0x27, 0xE3, 0x56, 0x5F, 0x04, 0x67, 0x76, + 0xC3, 0x67, 0x3F, 0xF5, 0xA5, 0x11, 0xA2, 0x2C, + 0x11, 0x01, 0x5D, 0x63, 0x71, 0x1A, 0xE6, 0x70, + 0x86, 0x46, 0xAB, 0xCE, 0x03, 0xB6, 0x82, 0xAF, + 0x51, 0xBA, 0x81, 0x94, 0x9C, 0x82, 0x36, 0xA9, + 0x49, 0xA5, 0xA3, 0x11, 0x08, 0x8C, 0x4B, 0x13, + 0x41, 0xF0, 0x08, 0xFD, 0xB2, 0x99, 0xED, 0xA8, + 0x07, 0x61, 0x3C, 0x2E, 0xBC, 0x49, 0x7B, 0x1C, + 0xBC, 0x87, 0xBC, 0xAE, 0x5F, 0x5E, 0x8F, 0x5D, + 0xE7, 0xB9, 0x0C, 0x70, 0x36, 0x25, 0x61, 0xFD, + 0x95, 0x9F, 0xAE, 0x0F, 0x8D, 0xF3, 0xA2, 0x45, + 0x24, 0xA7, 0xDE, 0x60, 0xD1, 0x4E, 0x6D, 0xAC, + 0xC7, 0x6A, 0x32, 0x42, 0xC0, 0x73, 0xEB, 0x78, + 0x50, 0xF4, 0x49, 0x52, 0x5E, 0x6F, 0x81, 0x42, + 0x54, 0xF8, 0x82, 0x05, 0xC9, 0x64, 0x74, 0x6A, + 0x60, 0x5E, 0x36, 0x59, 0x40, 0x50, 0xA3, 0xFE, + 0xDA, 0xE2, 0x6D, 0x8D, 0x6E, 0xE4, 0x5A, 0x27, + 0x73, 0x89, 0xDB, 0x0C, 0x5B, 0x14, 0xD9, 0xED, + 0xB2, 0xC7, 0x1D, 0x71, 0x93, 0x91, 0x0A, 0x72, + 0x32, 0xBE, 0xA3, 0xD8, 0x95, 0x8C, 0x94, 0x7E, + 0x63, 0xEB, 0xCE, 0x8B, 0xFC, 0xB0, 0x3F, 0x77, + 0x5C, 0x43, 0x48, 0x18, 0x83, 0xFE, 0xC8, 0xDA, + 0x89, 0xF2, 0x3B, 0x54, 0x82, 0x44, 0xC6, 0x9C, + 0xCC, 0x77, 0x0A, 0xC1, 0x6F, 0xB9, 0x98, 0x10, + 0xD5, 0xF2, 0x60, 0xFF, 0x38, 0xD2, 0x0D, 0xD6, + 0x8C, 0x38, 0x54, 0x5B, 0xD8, 0x38, 0x84, 0x50, + 0x36, 0xF4, 0x02, 0xC1, 0x06, 0x0F, 0x15, 0x1B, + 0xC8, 0x90, 0x9B, 0x6E, 0x36, 0xC8, 0x3F, 0xE9, + 0x8B, 0x62, 0x15, 0x6F, 0xF0, 0xC2, 0x86, 0x7F, + 0xD1, 0xB5, 0x97, 0x53, 0xAE, 0x41, 0xAE, 0x21, + 0x84, 0xAC, 0x57, 0xA5, 0x1F, 0xA7, 0xC7, 0x24, + 0xDF, 0xDE, 0x2F, 0x3C, 0xCD, 0xA2, 0x7E, 0x1D, + 0x97, 0xE1, 0x96, 0xC5, 0xB4, 0x7D, 0xF9, 0x5F, + 0x7E, 0xEF, 0x09, 0xC4, 0xF3, 0x57, 0xF0, 0x51, + 0x73, 0xAB, 0x0E, 0x6A, 0xCA, 0x64, 0xE4, 0x99, + 0x0F, 0xD2, 0x20, 0xAC, 0x72, 0xF1, 0xA8, 0x23, + 0x8F, 0x94, 0x63, 0xDC, 0xB3, 0xBB, 0x62, 0x2C, + 0xEA, 0xA6, 0x27, 0x5A, 0x93, 0xC6, 0xCD, 0xCE, + 0x1E, 0x09, 0xAF, 0x89, 0xEC, 0x22, 0xE4, 0x30, + 0x2D, 0xB9, 0xCD, 0x08, 0x2E, 0x12, 0x76, 0x79, + 0x99, 0xBC, 0xA0, 0x34, 0x0B, 0xDA, 0x89, 0x08, + 0x14, 0x60, 0x7B, 0x98, 0xE6, 0xAF, 0xD2, 0xE1, + 0x87, 0xC8, 0xDA, 0x50, 0xF7, 0x10, 0x2C, 0x72, + 0x74, 0x50, 0xD0, 0x3C, 0x98, 0x06, 0xFE, 0xEB, + 0xC6, 0xC5, 0x69, 0x31, 0x06, 0xE2, 0x2E, 0x7E, + 0x7D, 0x3D, 0x2B, 0x1F, 0x48, 0x43, 0xC5, 0x95, + 0xDA, 0x84, 0x08, 0x1E, 0x2B, 0x50, 0x6D, 0x91, + 0xA6, 0x2B, 0xCD, 0x08, 0x43, 0x7B, 0xA2, 0xD8, + 0x60, 0x6E, 0xF7, 0x80, 0x08, 0xC3, 0x3F, 0x35, + 0xF3, 0x70, 0xA5, 0xC7, 0x56, 0xFC, 0xBD, 0x34, + 0x46, 0x7B, 0xBF, 0x63, 0x19, 0xAC, 0xB6, 0xC3, + 0x1B, 0x81, 0x84, 0x9F, 0xBB, 0x54, 0x05, 0x99, + 0xAE, 0x43, 0xE2, 0xA5, 0x20, 0xFD, 0x5C, 0xC7, + 0x25, 0x47, 0xB1, 0xFD, 0x80, 0xB5, 0x78, 0xC2, + 0x00, 0x98, 0x02, 0xB9, 0x61, 0x2A, 0xBA, 0x39, + 0xC7, 0x20, 0xB8, 0x7D, 0x7A, 0x03, 0x68, 0xE5, + 0x37, 0x71, 0x1F, 0x72, 0xAA, 0x41, 0x61, 0xB4, + 0xC0, 0xC2, 0xD3, 0x7A, 0xCD, 0xD2, 0xED, 0xC2, + 0xC5, 0x99, 0x8C, 0x62, 0xA3, 0x7D, 0xC8, 0x9C, + 0xD2, 0x50, 0x02, 0x0D, 0xCB, 0x68, 0x15, 0xB0, + 0xD6, 0x19, 0x03, 0xC8, 0x01, 0x12, 0x72, 0xA1, + 0x3A, 0xC2, 0xA6, 0x63, 0x51, 0x26, 0x03, 0x5D, + 0x3F, 0x1D, 0x3B, 0x0E, 0x30, 0x6B, 0xB7, 0xEC, + 0xB6, 0x8E, 0x2D, 0x76, 0xC8, 0xD7, 0xAE, 0x59, + 0x81, 0xFC, 0x5F, 0x57, 0x5E, 0xAD, 0xA0, 0x20, + 0xC8, 0xB4, 0x91, 0x2D, 0xEC, 0x03, 0xC4, 0xC6, + 0x55, 0x05, 0x87, 0xA4, 0xA2, 0x21, 0x09, 0x25, + 0x97, 0x21, 0xA4, 0x46, 0x45, 0x46, 0x40, 0x3B, + 0xDC, 0x6F, 0xCD, 0xFB, 0xFB, 0xD9, 0xF4, 0x2C, + 0xEC, 0xF1, 0xC4, 0x73, 0x41, 0x30, 0x60, 0x63, + 0x9A, 0xF2, 0xA5, 0x26, 0x78, 0x9A, 0x5E, 0x70, + 0x98, 0xDE, 0x35, 0x10, 0xA0, 0x5D, 0x45, 0xD5, + 0x95, 0xF7, 0x11, 0xBC, 0x99, 0xD3, 0x00, 0x67, + 0x9A, 0x30, 0x85, 0x36, 0x50, 0xDB, 0x18, 0xEA, + 0x6D, 0xB2, 0xF3, 0x14, 0xDA, 0x23, 0xE2, 0x8A, + 0x44, 0x21, 0x25, 0xD4, 0xA3, 0x28, 0x43, 0xA0, + 0xC6, 0x5C, 0x99, 0xB0, 0x72, 0x6B, 0xC2, 0x1A, + 0x30, 0xBE, 0x6B, 0x7B, 0xE0, 0x31, 0x54, 0x8C, + 0x29, 0xE5, 0xC6, 0x69, 0x53, 0xDE, 0x05, 0x1E, + 0x43, 0xCC, 0x7E, 0x9A, 0x82, 0x4A, 0xC4, 0x0A, + 0x50, 0x65, 0xDC, 0xD8, 0xF9, 0x01, 0x32, 0x65, + 0x1E, 0xF9, 0xA4, 0xCC, 0x07, 0xB9, 0x55, 0x97, + 0x45, 0xA9, 0x61, 0xF8, 0xBE, 0x99, 0x00, 0x12, + 0xD8, 0x17, 0x62, 0xFB, 0x89, 0xE7, 0x05, 0x5E, + 0x1B, 0xCD, 0x2B, 0x09, 0x6C, 0x5A, 0x5C, 0xA3, + 0x66, 0x4D, 0x02, 0x78, 0x0C, 0xC3, 0x63, 0x30, + 0xD0, 0xFA, 0x7B, 0x11, 0x00, 0x40, 0xDD, 0xF0, + 0x8C, 0x7C, 0xBA, 0x4C, 0x63, 0x78, 0xDA, 0xBB, + 0xDF, 0xF9, 0xC9, 0xA4, 0x40, 0x25, 0x86, 0xD1, + 0xBA, 0x22, 0xD7, 0x69, 0x98, 0x4E, 0x9D, 0x15, + 0x21, 0xA8, 0x56, 0xC0, 0xFF, 0x52, 0xE4, 0xB4, + 0x0F, 0xB2, 0x53, 0xE7, 0xA1, 0x34, 0x18, 0xEA, + 0x5B, 0x25, 0x42, 0x13, 0xE3, 0x13, 0xE7, 0xDF, + 0x54, 0x2B, 0x8D, 0x70, 0x51, 0xC7, 0x60, 0xB1, + 0x1E, 0x4D, 0x3A, 0x46, 0x04, 0xA1, 0x11, 0x43, + 0xAD, 0x24, 0x29, 0x90, 0xC9, 0x04, 0x15, 0xC5, + 0x07, 0xE5, 0x46, 0xB8, 0x50, 0x16, 0x6B, 0x66, + 0xFE, 0x1C, 0x8B, 0xFC, 0x20, 0x9C, 0xC4, 0x88, + 0x10, 0x36, 0x5E, 0x56, 0xE8, 0x45, 0x75, 0x89, + 0xFB, 0xD6, 0xD0, 0x8D, 0x9D, 0x53, 0xAE, 0x89, + 0x19, 0x54, 0xCF, 0xE1, 0xFF, 0x12, 0x13, 0xF2, + 0xC7, 0xBE, 0x4C, 0x1E, 0xB0, 0x70, 0x6E, 0xDC, + 0x0A, 0x64, 0x3B, 0x60, 0x3A, 0xEA, 0x0D, 0x41, + 0xDD, 0x8E, 0x09, 0xB9, 0x96, 0x8F, 0x6A, 0x49, + 0x50, 0xEF, 0xDF, 0xD7, 0x73, 0x8D, 0x16, 0x32, + 0xA8, 0x5C, 0x0A, 0x90, 0x18, 0xA1, 0xEB, 0x19, + 0xCC, 0x50, 0xD5, 0x59, 0xD7, 0x35, 0x3F, 0xBA, + 0x38, 0x1B, 0x5F, 0x71, 0x56, 0x70, 0xB3, 0x20, + 0x4D, 0x9E, 0x16, 0xA8, 0xF7, 0x35, 0x19, 0xD2, + 0x09, 0x0A, 0x22, 0x28, 0x81, 0x61, 0x26, 0x5B, + 0x9C, 0xEC, 0x9D, 0x4A, 0x61, 0xCF, 0x0D, 0x3C, + 0x88, 0xEA, 0x0B, 0x7A, 0xA7, 0xC6, 0xAE, 0x31, + 0xBE, 0xC2, 0xBA, 0x48, 0xBB, 0x9D, 0x06, 0xE1, + 0x32, 0x6D, 0x80, 0xCE, 0x27, 0x5C, 0x6F, 0x13, + 0x79, 0x35, 0x9F, 0x9C, 0x11, 0xEA, 0xDB, 0xF5, + 0x49, 0x15, 0xB6, 0x51, 0x86, 0xFC, 0x62, 0x34, + 0x3D, 0x58, 0x6B, 0x0E, 0xF8, 0x3B, 0xBB, 0x42, + 0xF6, 0x2D, 0x5C, 0xE2, 0xF3, 0xAA, 0x9F, 0x03, + 0x43, 0xE9, 0x9E, 0x90, 0xB9, 0xFF, 0x55, 0x93, + 0x60, 0xF8, 0x10, 0x2F, 0xFC, 0xBD, 0x40, 0x23, + 0xB8, 0x4F, 0x4C, 0x7A, 0x74, 0x9F, 0xDC, 0x55, + 0xDF, 0x5E, 0xCD, 0x23, 0xEB, 0xAC, 0x47, 0x4E, + 0x0D, 0x0F, 0xBE, 0xDE, 0x02, 0x64, 0x61, 0x7E, + 0x73, 0x78, 0x8E, 0x25, 0xE9, 0x7D, 0x66, 0xE5, + 0x82, 0xBF, 0x98, 0x5B, 0x36, 0xCE, 0x17, 0x72, + 0x56, 0x9C, 0xDA, 0x63, 0x77, 0x55, 0x8B, 0xA9, + 0x75, 0xF5, 0x28, 0xC3, 0x78, 0x6D, 0x8F, 0xC2, + 0x75, 0x5F, 0x28, 0x9E, 0x3F, 0xFB, 0xF1, 0xFD, + 0xB7, 0xDE, 0x05, 0x3C, 0xD3, 0xE8, 0xD7, 0x7A, + 0x7D, 0xC9, 0xF7, 0x9D, 0x58, 0xB4, 0xA6, 0x21, + 0x25, 0xFC, 0x52, 0x84, 0x21, 0xF6, 0x0B, 0x6D, + 0xA6, 0x62, 0x51, 0x97, 0xCD, 0xA9, 0xA1, 0x0C, + 0x88, 0x21, 0x67, 0xA5, 0xFB, 0x8C, 0x8A, 0x50, + 0xC5, 0x21, 0x91, 0x3A, 0xAB, 0x95, 0x96, 0xF3, + 0x30, 0x6D, 0x08, 0x42, 0x07, 0x4B, 0x78, 0x1F, + 0xC1, 0xD3, 0x41, 0x15, 0x68, 0xED, 0x93, 0x09, + 0xC7, 0x8B, 0xF9, 0x77, 0x25, 0xD3, 0xCE, 0x2B, + 0xA2, 0x0D, 0xB4, 0xC6, 0x84, 0x7F, 0x8E, 0xE5, + 0x24, 0x46, 0x59, 0x8D, 0x6F, 0x0F, 0x0C, 0xA8, + 0xFC, 0x04, 0x9B, 0x4D, 0x2B, 0xA7, 0x70, 0x1F, + 0x46, 0x7E, 0x76, 0x03, 0xC6, 0x7E, 0xA5, 0x3D, + 0x79, 0xE2, 0xF1, 0xAC, 0xBC, 0xDD, 0xF6, 0x91, + 0x69, 0x4C, 0x44, 0x1F, 0xC3, 0xBF, 0x9F, 0xFC, + 0x4E, 0xB0, 0x79, 0x30, 0x68, 0x89, 0xAC, 0xF2, + 0xD7, 0xC6, 0xE1, 0x6C, 0x37, 0xFB, 0xB3, 0x38, + 0x44, 0x2C, 0x97, 0xAB, 0xDA, 0x2C, 0x88, 0xC7, + 0xF2, 0x80, 0x08, 0x00, 0x4E, 0x44, 0xED, 0xBE, + 0xA4, 0x28, 0x3D, 0xC1, 0xCF, 0x9E, 0x83, 0xE7, + 0x2E, 0x7F, 0xF5, 0x08, 0x47, 0x26, 0xE0, 0xBD, + 0x1A, 0x17, 0xDB, 0x2F, 0xED, 0x19, 0x2E, 0x65, + 0x1B, 0x62, 0x5F, 0x08, 0x82, 0x10, 0x61, 0xCB, + 0xAA, 0xA7, 0xF8, 0x59, 0x4B, 0x46, 0xCB, 0xA2, + 0xCB, 0x41, 0x34, 0x30, 0x51, 0x58, 0x2A, 0xEE, + 0xE1, 0x5E, 0xAC, 0xCA, 0xBF, 0x37, 0x45, 0x98, + 0xBD, 0x93, 0x1B, 0x5A, 0x5E, 0x92, 0x14, 0x05, + 0x75, 0x2D, 0xFB, 0x8F, 0xBD, 0x24, 0x9B, 0x81, + 0xCD, 0xDD, 0xF5, 0xBE, 0x05, 0x0D, 0xBD, 0x4B, + 0x2B, 0x8C, 0x0A, 0xF0, 0x3A, 0x85, 0xD6, 0x74, + 0x65, 0x7F, 0x98, 0xF8, 0x57, 0xA2, 0x36, 0xA2, + 0xFE, 0xE4, 0xB4, 0xA4, 0x0D, 0xEA, 0x9A, 0xBE, + 0x41, 0x79, 0x68, 0x63, 0x70, 0x3F, 0x3E, 0x38, + 0x60, 0xC3, 0x40, 0x81, 0x72, 0xDD, 0x25, 0x34, + 0xB4, 0xFE, 0xAC, 0x41, 0x6E, 0x4A, 0xE7, 0xBF, + 0xE3, 0x87, 0xFA, 0x20, 0x8B, 0xBD, 0x68, 0x9E, + 0x06, 0xA9, 0x15, 0x23, 0x07, 0x04, 0x4B, 0xFA, + 0x45, 0x45, 0xB7, 0x75, 0xD3, 0x3E, 0x16, 0x70, + 0xF6, 0x26, 0xF2, 0x3A, 0x9D, 0xFB, 0xEA, 0xEB, + 0x47, 0xCE, 0x99, 0x6B, 0x0E, 0xB2, 0xE8, 0x2B, + 0x18, 0x15, 0x14, 0x2E, 0xF2, 0x14, 0x0D, 0x44, + 0x47, 0x1E, 0x63, 0x84, 0x5B, 0x3F, 0xA8, 0xEF, + 0x5F, 0xEB, 0xA0, 0x41, 0x77, 0xC1, 0xF4, 0x4F, + 0x8E, 0x2E, 0x29, 0xCD, 0xDB, 0xF2, 0x75, 0x24, + 0x24, 0x46, 0x73, 0xC3, 0x46, 0xB5, 0xCA, 0x13, + 0x35, 0x12, 0x0A, 0x8D, 0x88, 0x89, 0x17, 0x99, + 0x13, 0xCA, 0x66, 0x07, 0x67, 0x6B, 0x7B, 0x3B, + 0x20, 0xD3, 0x5F, 0x78, 0x1C, 0xC0, 0x99, 0x59, + 0x0A, 0xBA, 0x8F, 0xA0, 0xDB, 0xDF, 0xCC, 0x03, + 0xC4, 0xA6, 0xC7, 0x08, 0xB9, 0xFD, 0x95, 0xC2, + 0x45, 0xF9, 0xF3, 0x11, 0x62, 0xF7, 0x14, 0xB9, + 0xEB, 0x09, 0xB3, 0x7C, 0xF8, 0xF6, 0x67, 0xCC, + 0x03, 0xB3, 0x06, 0x6F, 0x60, 0xAC, 0x72, 0xF2, + 0xD3, 0x71, 0x6C, 0x4D, 0xAD, 0x3A, 0x99, 0x75, + 0x5C, 0x52, 0x2D, 0x87, 0x69, 0x3E, 0xD6, 0x7E, + 0x12, 0x96, 0xD3, 0x88, 0x8D, 0x11, 0x85, 0xAA, + 0x0A, 0xA5, 0x32, 0x90, 0x51, 0xC5, 0x65, 0x64, + 0xE0, 0xA9, 0x73, 0xA4, 0xF3, 0x8A, 0x32, 0x83, + 0xE5, 0x08, 0x09, 0x39, 0x6A, 0x90, 0x2C, 0xC3, + 0xFC, 0x92, 0x29, 0x7A, 0x45, 0xBE, 0x02, 0x79, + 0x15, 0x1B, 0xBB, 0x60, 0xBB, 0xD9, 0x42, 0xF1, + 0xE5, 0x14, 0xB4, 0xA5, 0xFF, 0x12, 0x42, 0x30, + 0xB0, 0xCB, 0xD0, 0x1D, 0xB4, 0x62, 0x49, 0xC5, + 0xB7, 0xDA, 0x37, 0x47, 0x2C, 0x8B, 0x16, 0xCA, + 0xD2, 0x2C, 0xA1, 0x24, 0xE6, 0x57, 0xFA, 0xEB, + 0x2C, 0x62, 0x2E, 0x12, 0x74, 0x37, 0x2B, 0x3F, + 0x56, 0x23, 0x9C, 0xED, 0x90, 0xDE, 0x0D, 0x6E, + 0x9E, 0x11, 0x78, 0xA4, 0x9C, 0xB3, 0xA1, 0x37, + 0xF7, 0x4B, 0x09, 0x61, 0xD8, 0x33, 0x1D, 0x80, + 0x68, 0x5C, 0xDD, 0xBD, 0x3E, 0xAE, 0x9D, 0xB8, + 0xBA, 0x42, 0x41, 0xDC, 0xC9, 0x93, 0xF1, 0x92, + 0x2F, 0x7A, 0xF9, 0xFE, 0x67, 0x13, 0x87, 0xBD, + 0x7D, 0x04, 0x17, 0x91, 0xB6, 0x03, 0x5E, 0xA0, + 0x5B, 0x23, 0xEA, 0x0C, 0xFA, 0x45, 0xCB, 0x1A, + 0xC5, 0x7F, 0x63, 0xD6, 0x3D, 0x3C, 0x66, 0x4A, + 0x83, 0x4E, 0x4E, 0x90, 0xA6, 0x63, 0xB0, 0x8A, + 0xD7, 0x0D, 0xB4, 0xB7, 0xA9, 0x0F, 0xC6, 0xC7, + 0x3B, 0xAD, 0x07, 0xA6, 0x94, 0x47, 0xDB, 0x63, + 0x26, 0x00, 0x18, 0x5E, 0x27, 0xB5, 0xE2, 0xE3, + 0xED, 0x8D, 0x97, 0x95, 0x38, 0x20, 0x24, 0x9F, + 0x40, 0x84, 0x44, 0x7E, 0x8C, 0x05, 0xAB, 0xB1, + 0x89, 0x26, 0x7D, 0x46, 0x2C, 0x9F, 0xE5, 0xC1, + 0x27, 0xCE, 0x1D, 0x5A, 0x9F, 0xF1, 0xF8, 0x57, + 0x8F, 0xCF, 0xB7, 0x4E, 0x07, 0xF3, 0xBA, 0x56, + 0xCF, 0xE9, 0x87, 0x21, 0x61, 0xD6, 0x97, 0x7B, + 0x26, 0x97, 0x07, 0xB4, 0x87, 0xFE, 0x25, 0x9C, + 0xA9, 0x8E, 0x06, 0x90, 0x17, 0x2C, 0x98, 0x26, + 0x23, 0xEE, 0xBB, 0x91, 0x8A, 0x15, 0x38, 0xA1, + 0x38, 0xCB, 0x8B, 0xA0, 0xF3, 0x4A, 0xF2, 0x12, + 0xA7, 0xB7, 0x05, 0xB6, 0x09, 0xD0, 0xEC, 0xDD, + 0x21, 0xB6, 0xFA, 0x29, 0x95, 0xB4, 0x08, 0xD5, + 0x95, 0xB7, 0xB8, 0x2E, 0x23, 0xAA, 0x89, 0x81, + 0xE2, 0xD0, 0xFD, 0x9C, 0x8D, 0xF0, 0xCA, 0x61, + 0xE3, 0x1E, 0x73, 0x9E, 0xD1, 0x72, 0x5C, 0x63, + 0xB8, 0x74, 0x0E, 0x2C, 0x27, 0x3A, 0x71, 0xF9, + 0xFE, 0x66, 0x33, 0xE9, 0x41, 0x27, 0x61, 0xA3, + 0xFA, 0xD8, 0x66, 0x2A, 0x52, 0x6D, 0xAB, 0xBF, + 0x32, 0xC2, 0x8E, 0x8F, 0xB0, 0x60, 0x52, 0xE1, + 0x96, 0xC8, 0x1E, 0x9A, 0x3E, 0x07, 0xFA, 0x34, + 0xFA, 0x9C, 0x4C, 0x0D, 0x29, 0x0F, 0x68, 0xA6, + 0x59, 0x28, 0x22, 0xB1, 0x99, 0x56, 0x2C, 0x01, + 0x04, 0x2F, 0x34, 0x65, 0xFD, 0xD4, 0xD0, 0xD5, + 0x17, 0x7C, 0x14, 0x92, 0x73, 0x6C, 0x31, 0xCE, + 0xD4, 0xB3, 0x59, 0x83, 0x6B, 0x34, 0x7C, 0x76, + 0x8C, 0xED, 0xD5, 0xE2, 0x4F, 0x39, 0x44, 0xBF, + 0x90, 0x53, 0x9A, 0xC7, 0xD4, 0x6A, 0x86, 0xA3, + 0xE2, 0x15, 0x59, 0xD0, 0x0F, 0x32, 0x92, 0xC2, + 0x9B, 0x9E, 0xE3, 0xF6, 0x94, 0x96, 0xFD, 0x0B, + 0xB6, 0x06, 0x8F, 0x0D, 0x1F, 0x38, 0xFC, 0x6F, + 0xA2, 0x78, 0xAC, 0xC5, 0xB5, 0x6A, 0x6B, 0xEC, + 0x78, 0x8A, 0x6F, 0xD8, 0x21, 0xB7, 0xCF, 0x66, + 0x73, 0x03, 0xCA, 0x2E, 0x3C, 0x7F, 0x2F, 0x29, + 0x41, 0xC9, 0x88, 0xFD, 0x0E, 0xA0, 0x43, 0xD6, + 0x9E, 0xB1, 0xE7, 0x13, 0x9C, 0xF0, 0x9C, 0xCF, + 0x33, 0x22, 0x57, 0xEF, 0xE5, 0xCE, 0xD9, 0xAC, + 0x7D, 0x34, 0x75, 0xBD, 0xAE, 0x84, 0xEE, 0xE8, + 0x5D, 0x8C, 0x55, 0x86, 0xBA, 0x19, 0xE5, 0x9D, + 0x35, 0x6D, 0xD8, 0x70, 0xC5, 0xE0, 0xEA, 0x77, + 0x3A, 0xE5, 0xB5, 0x2C, 0xD2, 0x28, 0xB5, 0xE8, + 0xAF, 0xB1, 0xD2, 0xC4, 0xE5, 0x59, 0x06, 0xB8, + 0x2E, 0xA6, 0x8F, 0xC4, 0x9B, 0x30, 0xF9, 0x37, + 0xDB, 0x29, 0xA1, 0x44, 0x0B, 0xB7, 0xB5, 0xB4, + 0x12, 0xD3, 0x4E, 0xB3, 0xB7, 0xD8, 0x2F, 0x19, + 0xDE, 0x3B, 0xC3, 0x53, 0xCE, 0x1C, 0x34, 0x4C, + 0xA4, 0x6A, 0xE2, 0xD0, 0x04, 0xDF, 0x3C, 0x53, + 0x8B, 0x06, 0x8F, 0x36, 0xE5, 0x77, 0xB2, 0x7A, + 0x1A, 0xC0, 0x0C, 0xBD, 0xA3, 0xA0, 0xEE, 0xB6, + 0x40, 0xAD, 0x5C, 0x04, 0xAE, 0xCF, 0x64, 0x2B, + 0x8A, 0x18, 0x58, 0x86, 0xDE, 0xC9, 0x3D, 0x7D, + 0x15, 0xBC, 0xEE, 0x4C, 0x22, 0xF4, 0x98, 0xD9, + 0x37, 0xEE, 0xE2, 0x40, 0x43, 0xFF, 0xB2, 0x6F, + 0x05, 0xC0, 0x0E, 0x30, 0xDE, 0xD8, 0x0C, 0x0B, + 0xAD, 0xED, 0xCC, 0xBC, 0x29, 0x95, 0x07, 0x40, + 0x10, 0x99, 0xA0, 0xD1, 0x08, 0xF7, 0xD5, 0xF1, + 0xAD, 0xC9, 0xDD, 0xC8, 0x6A, 0x1E, 0x9E, 0x06, + 0xDF, 0x12, 0xFF, 0x66, 0x33, 0x5E, 0x21, 0x47, + 0xC3, 0xDE, 0x36, 0x98, 0x5B, 0xBF, 0x42, 0x9E, + 0x30, 0xA0, 0x81, 0x5C, 0x28, 0x34, 0x1B, 0x3A, + 0x32, 0xBC, 0xDE, 0x52, 0x53, 0x25, 0x1E, 0xF6, + 0xE2, 0x99, 0x12, 0x92, 0x07, 0x1D, 0xEB, 0x08, + 0x36, 0xA7, 0xD5, 0x18, 0x1F, 0xDB, 0x44, 0xA7, + 0xE1, 0x13, 0x06, 0xB0, 0xDF, 0x63, 0x82, 0x68, + 0xEF, 0xF5, 0x2B, 0x04, 0x0B, 0x93, 0xE8, 0xB0, + 0x92, 0x7B, 0xDE, 0x1F, 0xC9, 0x39, 0x8F, 0x42, + 0x9D, 0x06, 0x22, 0x13, 0xC9, 0x97, 0x2F, 0x43, + 0x8A, 0xBA, 0xAF, 0xF9, 0x71, 0xE3, 0x55, 0x5D, + 0x06, 0x77, 0x38, 0x39, 0xA3, 0xED, 0x41, 0x63, + 0xFE, 0x2A, 0xB3, 0x23, 0x43, 0x0C, 0xF3, 0x17, + 0x3B, 0x69, 0xED, 0x32, 0x0A, 0x54, 0xF3, 0x8D, + 0x76, 0xC6, 0x09, 0xDD, 0x88, 0x5B, 0x23, 0x57, + 0x72, 0xC4, 0x87, 0xB8, 0x9D, 0xF7, 0xCA, 0xFB, + 0x7C, 0x61, 0x67, 0x5C, 0x65, 0xF8, 0xD6, 0xD7, + 0x1E, 0x95, 0xB9, 0x73, 0x4D, 0x2E, 0x1F, 0x43, + 0x3E, 0x2B, 0x58, 0x92, 0x15, 0x2E, 0xAA, 0x51, + 0xF0, 0xD4, 0xF2, 0xA6, 0xCD, 0x12, 0x21, 0xD6, + 0xCA, 0x46, 0x2A, 0xFF, 0xCB, 0x1B, 0x6B, 0xB4, + 0x09, 0x17, 0x3B, 0xA2, 0x94, 0xDF, 0x1D, 0x68, + 0x8B, 0x75, 0xEA, 0x11, 0xD6, 0x99, 0x04, 0xD1, + 0x00, 0xDB, 0x61, 0xBC, 0xF2, 0x3B, 0x88, 0x4B, + 0x33, 0xDF, 0x0F, 0xD4, 0xFB, 0x14, 0x0C, 0x6A, + 0x53, 0x61, 0x1F, 0xBD, 0x28, 0xB2, 0x11, 0x19, + 0x38, 0x71, 0x17, 0x76, 0x4D, 0xEE, 0x01, 0xC4, + 0x77, 0x53, 0x2A, 0xAF, 0xD3, 0x78, 0xFF, 0x45, + 0x7F, 0x97, 0x9D, 0x26, 0x92, 0x0E, 0xD9, 0x4E, + 0x34, 0x1D, 0xE8, 0xDD, 0xBF, 0x5F, 0x87, 0xE6, + 0x35, 0x9A, 0x39, 0x71, 0x59, 0x20, 0x01, 0xFB, + 0x53, 0x2C, 0x61, 0x38, 0x0C, 0x8C, 0x02, 0xD3, + 0xA0, 0x53, 0x95, 0x02, 0xED, 0x5C, 0xFE, 0x9B, + 0xD3, 0x6A, 0xF3, 0x3F, 0x92, 0x6F, 0x33, 0x37, + 0x19, 0x97, 0x81, 0x3A, 0x50, 0xE1, 0xD9, 0x27, + 0x7E, 0x64, 0xF8, 0x01, 0x52, 0x26, 0x51, 0xD1, + 0x06, 0xAF, 0x20, 0xA0, 0x28, 0x0F, 0x3F, 0xCB, + 0x21, 0xB7, 0x55, 0x1A, 0x76, 0xB8, 0x9B, 0x4D, + 0xED, 0x2A, 0x05, 0x0E, 0x6E, 0xAF, 0xCC, 0xA1, + 0x08, 0x9C, 0xBE, 0x3F, 0x98, 0xE6, 0xB4, 0xB9, + 0x83, 0xC9, 0x08, 0x41, 0x96, 0xDD, 0xD9, 0x0D, + 0x52, 0x66, 0x94, 0xA4, 0xEA, 0xFC, 0xE5, 0x48, + 0x04, 0x73, 0x64, 0x79, 0x68, 0xC9, 0x4A, 0x81, + 0xA8, 0x07, 0xF8, 0xD9, 0x4E, 0x07, 0x1E, 0xC1, + 0x8F, 0x62, 0xAB, 0xA6, 0xD7, 0x68, 0xFC, 0x57, + 0x5E, 0x75, 0x1B, 0xBF, 0x3D, 0xA6, 0x91, 0xC5, + 0x08, 0x14, 0x5E, 0xF2, 0x4C, 0x22, 0x8B, 0x4E, + 0x29, 0x2D, 0xC0, 0x46, 0x3A, 0x9C, 0x9D, 0x86, + 0xCF, 0x51, 0x85, 0x9D, 0x93, 0x23, 0xA1, 0xA1, + 0xF3, 0x76, 0xB1, 0x56, 0xB0, 0xF4, 0x1F, 0x39, + 0xDA, 0xDB, 0x13, 0x70, 0x29, 0x89, 0x95, 0xD2, + 0xC5, 0xF3, 0x76, 0xFE, 0xEE, 0x99, 0xCF, 0xA0, + 0x84, 0xEC, 0x70, 0xF0, 0xD3, 0xFA, 0x42, 0xDB, + 0xFD, 0x99, 0x65, 0x2F, 0x84, 0x11, 0x99, 0xCD, + 0x38, 0xB3, 0x1B, 0xAB, 0x8C, 0x2D, 0x33, 0x04, + 0xCA, 0xE1, 0xB3, 0x05, 0x9A, 0x20, 0x80, 0xDB, + 0xED, 0x59, 0x42, 0x30, 0x48, 0x37, 0xB3, 0x85, + 0x5C, 0xEE, 0x54, 0x06, 0x92, 0x97, 0x4E, 0xFC, + 0xFA, 0xF7, 0x25, 0xE0, 0x4E, 0x57, 0xC4, 0x72, + 0x38, 0x59, 0xCA, 0x3C, 0x4A, 0x3F, 0x09, 0xD6, + 0x09, 0x15, 0x83, 0xEF, 0x24, 0x21, 0xDD, 0xFD, + 0x66, 0x9E, 0xBF, 0xEE, 0xCC, 0xBF, 0x86, 0x20, + 0x29, 0x40, 0x5E, 0x42, 0xD2, 0xC0, 0x24, 0x2D, + 0x76, 0xE6, 0x64, 0xF9, 0x5D, 0xC2, 0x85, 0xB6, + 0x09, 0x41, 0x04, 0x62, 0x17, 0xDC, 0xF8, 0xFA, + 0x2A, 0x4C, 0xD1, 0x82, 0x31, 0x57, 0xB7, 0x2B, + 0x49, 0xE8, 0x40, 0x13, 0x2A, 0xA1, 0x86, 0xD2, + 0x9A, 0xB8, 0xA9, 0xBE, 0x39, 0xBE, 0xE9, 0xA5, + 0x35, 0x12, 0x08, 0xF1, 0xA9, 0x9E, 0x57, 0x46, + 0x3A, 0x55, 0x16, 0xA7, 0x41, 0xD9, 0x25, 0xB8, + 0x2F, 0xAF, 0xA8, 0x81, 0x5F, 0x5F, 0x46, 0xA4, + 0x3B, 0xB3, 0xE9, 0x1B, 0x74, 0xEF, 0x5D, 0x57, + 0x48, 0x4A, 0x72, 0x08, 0xDA, 0xFE, 0x1D, 0x55, + 0x6B, 0xAB, 0x8B, 0x13, 0x18, 0xBF, 0xDD, 0xF4, + 0x4E, 0x01, 0x5F, 0x4B, 0xF6, 0x80, 0xD4, 0x16, + 0x4B, 0x2F, 0x03, 0x4B, 0xF8, 0x93, 0x20, 0x21, + 0x55, 0x52, 0x49, 0x4A, 0x6C, 0x1F, 0x7D, 0xAD, + 0x04, 0xEF, 0xB3, 0x74, 0xEE, 0xC5, 0xB6, 0xBC, + 0x33, 0x7A, 0xCF, 0x64, 0xB9, 0xF9, 0x41, 0x70, + 0xAF, 0xE9, 0xC7, 0xD6, 0x25, 0x18, 0x17, 0xAB, + 0xBA, 0xC9, 0x05, 0xEF, 0x40, 0x89, 0xD5, 0x69, + 0x76, 0xAA, 0xA0, 0x3E, 0x4D, 0x1C, 0xE7, 0x9D, + 0x9E, 0x74, 0xF4, 0xF2, 0x7B, 0x40, 0xF6, 0x57, + 0x78, 0x66, 0xFC, 0xDA, 0xE3, 0x6B, 0xD2, 0x6E, + 0xC7, 0x9D, 0x65, 0x84, 0xAF, 0x7A, 0x1F, 0xE4, + 0x34, 0xD4, 0x1A, 0x17, 0xA2, 0x72, 0xB0, 0xEE, + 0x5A, 0x0C, 0xF4, 0x02, 0xAC, 0x1D, 0x6F, 0x4A, + 0xD0, 0xB2, 0x02, 0x3A, 0x7D, 0x2C, 0xF1, 0x43, + 0x0E, 0x1E, 0x96, 0xEB, 0x42, 0xF8, 0x3A, 0xF5, + 0x0B, 0x5D, 0xA9, 0x23, 0x02, 0x28, 0xE5, 0x26, + 0x5E, 0x69, 0x38, 0x2F, 0x85, 0x34, 0x32, 0x5E, + 0x5E, 0x29, 0x33, 0x94, 0x05, 0xBD, 0x58, 0xF8, + 0xE8, 0x9C, 0xBF, 0xB1, 0x5A, 0x05, 0xC6, 0x23, + 0x9B, 0xBB, 0x57, 0x69, 0x8C, 0xE6, 0x41, 0x97, + 0x48, 0x01, 0x95, 0xAF, 0xE9, 0x62, 0x8C, 0x6F, + 0x09, 0x43, 0xF3, 0x64, 0x50, 0x90, 0x2F, 0x14, + 0xF7, 0x30, 0x07, 0xE0, 0x4B, 0xA8, 0x39, 0xAC, + 0x21, 0xC4, 0x07, 0x45, 0x5F, 0xD9, 0x87, 0xB1, + 0x57, 0x47, 0x07, 0x66, 0xFF, 0xC7, 0xAB, 0xEE, + 0x1F, 0x55, 0x71, 0x50, 0x63, 0xCF, 0x58, 0x3B, + 0xC8, 0x1B, 0xEA, 0xA5, 0xE2, 0xF1, 0x57, 0xB3, + 0x77, 0x65, 0xA9, 0xBD, 0x23, 0xC8, 0x30, 0x86, + 0xC3, 0x5F, 0xBF, 0x16, 0x3F, 0x42, 0x28, 0x0A, + 0xC6, 0x5A, 0x57, 0x15, 0x2F, 0xA1, 0x96, 0xA9, + 0x25, 0xC5, 0x8E, 0x32, 0x11, 0x62, 0xB3, 0x54, + 0x18, 0x00, 0xA4, 0xA6, 0xD4, 0x0F, 0x68, 0x27, + 0x8F, 0x21, 0x78, 0x02, 0x37, 0x98, 0xBD, 0xCE, + 0x3F, 0xBC, 0xF2, 0x9C, 0x66, 0x8E, 0x79, 0xA1, + 0x54, 0x12, 0x55, 0x2E, 0xC0, 0x59, 0xC7, 0x18, + 0x18, 0x22, 0x4D, 0x27, 0x8B, 0x8D, 0xF3, 0x08, + 0x99, 0xE6, 0x35, 0x14, 0xB1, 0xE3, 0xB8, 0x7A, + 0x40, 0x7B, 0x68, 0x7B, 0xFF, 0xDC, 0x54, 0x41, + 0x06, 0xCA, 0x91, 0xFE, 0xDB, 0x2B, 0xDA, 0x9E, + 0xC5, 0x20, 0xD8, 0xBF, 0x42, 0xBC, 0xE6, 0x39, + 0xC4, 0x26, 0x9E, 0xF3, 0x82, 0xD9, 0xF1, 0xA0, + 0x04, 0xAF, 0xFB, 0x77, 0x13, 0x36, 0xAF, 0xD7, + 0x91, 0x9B, 0x3A, 0x57, 0x98, 0xFE, 0xAD, 0xCD, + 0x46, 0xF8, 0xF8, 0xF1, 0x87, 0x53, 0xBD, 0x57, + 0x3F, 0x99, 0xBC, 0xA6, 0xBD, 0x9B, 0x6E, 0xF4, + 0x17, 0x7A, 0x78, 0x30, 0x70, 0xA3, 0x43, 0xFF, + 0x92, 0xCD, 0x99, 0x73, 0xAE, 0x65, 0x6A, 0x10, + 0xFF, 0x70, 0x47, 0x0F, 0x16, 0x4C, 0x4A, 0x90, + 0xF4, 0x52, 0x05, 0x79, 0x33, 0x63, 0xDE, 0x14, + 0x65, 0xAF, 0x8A, 0x5E, 0x67, 0x20, 0x03, 0x9F, + 0xE6, 0x70, 0x13, 0x6B, 0xE0, 0xF3, 0x6A, 0x4C, + 0x6B, 0x5B, 0xCB, 0xE1, 0x7C, 0x5D, 0x7D, 0xE3, + 0x23, 0xFD, 0xB8, 0x6A, 0xDA, 0x56, 0x1E, 0xA8, + 0x36, 0xC4, 0x29, 0x2D, 0x70, 0x41, 0x03, 0x18, + 0x31, 0x40, 0x79, 0x2E, 0xC8, 0x22, 0x98, 0x5E, + 0x11, 0xED, 0xA6, 0xDD, 0xB9, 0xAF, 0x8C, 0x27, + 0x5C, 0x1B, 0x2E, 0xEA, 0xB8, 0xC6, 0x2F, 0xA0, + 0x40, 0xB2, 0x64, 0x61, 0xFC, 0x0A, 0x3A, 0x10, + 0x88, 0xC2, 0x58, 0xEC, 0xA5, 0x8D, 0x14, 0xE9, + 0x9D, 0x21, 0xAF, 0x64, 0xD6, 0xC2, 0x5D, 0xAA, + 0x0B, 0x8A, 0x57, 0x0F, 0x84, 0x3E, 0x60, 0x8D, + 0xED, 0x05, 0x1D, 0x98, 0xED, 0xAE, 0x11, 0xD9, + 0x27, 0x03, 0x55, 0xED, 0xF5, 0x34, 0x92, 0x52, + 0xF2, 0x6F, 0x30, 0x3E, 0x69, 0xA5, 0x54, 0xA7, + 0x2E, 0x1B, 0x85, 0xAB, 0xA2, 0x3B, 0xEC, 0xC8, + 0x9D, 0xA9, 0xA3, 0xE4, 0xEF, 0x58, 0xB5, 0x33, + 0x88, 0x55, 0x16, 0x5E, 0x7D, 0x7E, 0x69, 0xFC, + 0xCA, 0xBD, 0x9C, 0x65, 0xFA, 0x0B, 0xBD, 0x7B, + 0x16, 0xC4, 0xE2, 0x9C, 0xB4, 0xF1, 0x6A, 0x25, + 0x70, 0x30, 0x32, 0xED, 0xEA, 0xD3, 0x1D, 0xDB, + 0x6F, 0x29, 0x2E, 0x42, 0x14, 0xBE, 0x03, 0x29, + 0x0A, 0x8A, 0x98, 0x9A, 0xD7, 0xB7, 0x0C, 0xF8, + 0xB9, 0xCF, 0x37, 0xC6, 0xAC, 0xAC, 0x6D, 0xCC, + 0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45 + }; +#endif /* WOLFSSL_NO_ML_DSA_87 */ + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0); +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_dilithium_verify_kats(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + dilithium_key* key; + int res; +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte pk_44[] = { + 0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96, + 0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9, + 0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C, + 0x08, 0xF0, 0x45, 0xA9, 0xDD, 0x5A, 0xB8, 0x8C, + 0x0A, 0x51, 0xA9, 0xBA, 0x89, 0x0F, 0x4C, 0xCB, + 0x9D, 0x0A, 0x41, 0x3F, 0x9C, 0xF4, 0x13, 0x36, + 0x79, 0x49, 0x00, 0x90, 0xBB, 0x57, 0x3B, 0xBD, + 0x2E, 0x18, 0xB3, 0xD0, 0xA5, 0x0E, 0x6B, 0x67, + 0xFF, 0x98, 0x8C, 0xDD, 0x07, 0xE8, 0xA7, 0xA1, + 0x3F, 0xAE, 0xFB, 0xD6, 0xC0, 0xF8, 0xF3, 0x34, + 0xA5, 0x17, 0xC2, 0x34, 0x88, 0x92, 0x65, 0xA6, + 0xE8, 0x66, 0x57, 0xFE, 0x86, 0x08, 0xF7, 0xDF, + 0xA0, 0x5B, 0x70, 0x3E, 0x91, 0x6C, 0x63, 0xA0, + 0xA3, 0x75, 0x55, 0xF8, 0xB6, 0xAA, 0xD4, 0x1B, + 0x78, 0x5E, 0x42, 0x9F, 0x96, 0xE4, 0xA0, 0x50, + 0xB6, 0x94, 0x2D, 0xC3, 0xE3, 0x36, 0x2B, 0x9D, + 0x6B, 0x7A, 0xEF, 0xF5, 0x68, 0xF2, 0x11, 0xDF, + 0x87, 0xA0, 0x9A, 0xC4, 0x61, 0xFB, 0xA4, 0x1C, + 0x98, 0x3F, 0xC9, 0x52, 0x59, 0x3B, 0x47, 0x4D, + 0xF5, 0x24, 0xA3, 0xD8, 0x63, 0xE1, 0xED, 0xDC, + 0xFD, 0xEB, 0x96, 0xFB, 0xF3, 0xE7, 0x50, 0x9C, + 0x72, 0x61, 0xC7, 0x3C, 0xCE, 0xF2, 0xEB, 0x22, + 0x55, 0x6B, 0x9F, 0x25, 0xE4, 0x45, 0xE1, 0xFB, + 0x3E, 0x2E, 0x4E, 0x92, 0x4F, 0x8A, 0x85, 0xEB, + 0x63, 0x2C, 0x05, 0x0F, 0x9A, 0xEC, 0x0E, 0x9D, + 0x05, 0x81, 0x46, 0x82, 0xEA, 0x74, 0x91, 0xD5, + 0x2A, 0xBC, 0xCC, 0xBB, 0xD6, 0x7F, 0x5F, 0x9A, + 0xD3, 0xBD, 0xEB, 0x14, 0xBA, 0x84, 0x27, 0x13, + 0x32, 0xB5, 0xF3, 0x71, 0xAC, 0x47, 0x19, 0x6B, + 0x5E, 0x43, 0x50, 0xC2, 0xA8, 0x82, 0xF5, 0x97, + 0x9B, 0x27, 0x62, 0xFB, 0xB7, 0xFF, 0x6B, 0xC8, + 0x52, 0x1E, 0xFB, 0x97, 0x39, 0x1E, 0x7F, 0x01, + 0xF8, 0x34, 0x47, 0xAA, 0xB2, 0x64, 0xB5, 0x9E, + 0x28, 0x18, 0xCB, 0x4A, 0x94, 0xBE, 0x6A, 0x43, + 0x5B, 0xAE, 0x21, 0xA4, 0x63, 0x64, 0x46, 0x0C, + 0x6B, 0x36, 0x1C, 0x2A, 0x3B, 0x64, 0xFA, 0xA0, + 0xAB, 0xE3, 0x3B, 0x7D, 0xB0, 0x23, 0x99, 0x21, + 0x55, 0x59, 0xBF, 0xD6, 0xDB, 0xB8, 0xDB, 0x09, + 0x5E, 0xBC, 0x32, 0x3C, 0xAC, 0xAB, 0x1A, 0x63, + 0x32, 0x21, 0x10, 0xD5, 0x8D, 0x7A, 0x5F, 0xCE, + 0x72, 0x8D, 0x2A, 0xED, 0x1D, 0x30, 0x38, 0x5D, + 0x3E, 0x62, 0xC2, 0x8E, 0xC9, 0x9F, 0x8C, 0x50, + 0x3F, 0xC6, 0xCE, 0x86, 0x4D, 0x67, 0x3D, 0x09, + 0xB6, 0x27, 0x14, 0x57, 0x14, 0xED, 0xC9, 0x8F, + 0xAC, 0x9E, 0xAC, 0x6F, 0xB5, 0xB2, 0xE6, 0x8D, + 0x9D, 0x5E, 0xE6, 0x78, 0x77, 0x09, 0x94, 0x35, + 0x5E, 0x3B, 0x64, 0x04, 0x38, 0xD4, 0x5B, 0x04, + 0xB8, 0x6C, 0x33, 0x97, 0xE1, 0x58, 0x54, 0x32, + 0xB3, 0x0F, 0x37, 0x69, 0x39, 0xCE, 0x57, 0x31, + 0x5C, 0x75, 0xA8, 0x94, 0xD0, 0x39, 0x2D, 0xB4, + 0x73, 0xA7, 0xA4, 0x7C, 0xBE, 0x34, 0x03, 0x2D, + 0x99, 0x1D, 0xDF, 0x32, 0x26, 0xB7, 0x45, 0x1B, + 0x03, 0xCD, 0xEE, 0x9D, 0x58, 0xA8, 0xA7, 0x76, + 0x1B, 0x17, 0x42, 0xD9, 0x69, 0x0F, 0x26, 0x3A, + 0x9D, 0x70, 0x9B, 0x4E, 0x81, 0xEB, 0x96, 0x02, + 0xB5, 0xB3, 0x92, 0x31, 0xFE, 0xBC, 0x38, 0x11, + 0x5A, 0x47, 0xED, 0x0A, 0x2A, 0xE2, 0xB8, 0x47, + 0x13, 0x5E, 0x43, 0x97, 0xD5, 0xFA, 0x31, 0x02, + 0x58, 0xE9, 0x9E, 0xB5, 0x3F, 0x85, 0x92, 0x0E, + 0xB9, 0xDB, 0xE0, 0xEE, 0x56, 0x76, 0x64, 0x8F, + 0xF2, 0xE2, 0x47, 0x81, 0xD4, 0xA4, 0x82, 0x43, + 0x69, 0xAE, 0x8E, 0x48, 0x50, 0x84, 0x93, 0x3B, + 0x9C, 0x65, 0xD3, 0x6F, 0xCD, 0x90, 0xA0, 0xD8, + 0xA0, 0xE1, 0x79, 0xCC, 0xD5, 0x1F, 0x71, 0x73, + 0x93, 0xE7, 0xB2, 0xB0, 0x78, 0x17, 0xD7, 0x79, + 0xDE, 0xCC, 0x83, 0x7D, 0x5A, 0xF2, 0x0E, 0xA6, + 0xB1, 0x76, 0x61, 0x15, 0x88, 0x8E, 0xD7, 0xA6, + 0x51, 0xBF, 0x9C, 0xD1, 0x0A, 0xFC, 0xDA, 0x65, + 0xA5, 0x65, 0xFE, 0xB2, 0xED, 0x07, 0x74, 0x42, + 0x4C, 0xF5, 0x42, 0x3D, 0xAF, 0x5F, 0x4D, 0x72, + 0x51, 0xE6, 0x3F, 0x68, 0xCC, 0xC5, 0x2D, 0x89, + 0x01, 0xD8, 0x80, 0xB4, 0xFC, 0xEB, 0x3B, 0xBE, + 0x7C, 0xFA, 0x24, 0x27, 0xE1, 0x05, 0x94, 0x67, + 0xAD, 0xB3, 0x47, 0x7D, 0x28, 0x18, 0xC1, 0xC9, + 0xB8, 0xA1, 0x2A, 0x95, 0xBB, 0x5D, 0xC9, 0x42, + 0x4F, 0x64, 0x94, 0x07, 0x5F, 0x65, 0xD3, 0xA5, + 0x65, 0xEE, 0x67, 0x2C, 0x10, 0x65, 0x81, 0x4D, + 0x7F, 0xAF, 0x2E, 0x97, 0x9E, 0x11, 0xA3, 0xF5, + 0x3E, 0xDE, 0xB1, 0x1D, 0x44, 0x72, 0x90, 0x74, + 0xFD, 0x47, 0x82, 0xA6, 0x04, 0x3E, 0x28, 0x3C, + 0x15, 0xDF, 0xC4, 0x7A, 0x7C, 0xF5, 0x5A, 0xC6, + 0xFB, 0xE4, 0xC2, 0xE0, 0x6E, 0x4C, 0x09, 0x2E, + 0xE3, 0xE6, 0x3A, 0xEF, 0xF6, 0x54, 0xDC, 0x92, + 0xBE, 0x8F, 0x24, 0x8E, 0x70, 0x53, 0x90, 0x3D, + 0x06, 0xA5, 0x0A, 0x72, 0xA0, 0x7B, 0x22, 0x14, + 0x80, 0x43, 0xAD, 0xDC, 0x11, 0xFC, 0xFF, 0xCF, + 0x5E, 0xA4, 0x69, 0x1C, 0x09, 0x09, 0xC3, 0x3D, + 0xF5, 0xE7, 0x05, 0x6F, 0x16, 0x33, 0x75, 0xB4, + 0x9B, 0x7B, 0x26, 0xDB, 0xE7, 0x27, 0x56, 0xD3, + 0x91, 0x82, 0x9D, 0xEB, 0x96, 0x3E, 0xE8, 0x40, + 0xAB, 0x5D, 0x6C, 0xB7, 0xA6, 0x36, 0x07, 0xD4, + 0xE7, 0x7C, 0xD4, 0x5C, 0x36, 0xE4, 0xFC, 0x7C, + 0x8A, 0x36, 0x8D, 0x53, 0x43, 0xD4, 0xAC, 0x0B, + 0x1B, 0xBA, 0x32, 0x88, 0xFA, 0xCE, 0xC1, 0xB9, + 0x34, 0x3C, 0xAC, 0xA0, 0xF4, 0xF2, 0x83, 0xA8, + 0xBB, 0x6F, 0x12, 0xC6, 0xB5, 0x3C, 0xDE, 0xA8, + 0x49, 0x66, 0x97, 0xD7, 0x7E, 0x37, 0xF7, 0xCE, + 0x7C, 0xF8, 0xC8, 0xBB, 0x8C, 0xB5, 0x3B, 0x3F, + 0xB9, 0x51, 0x68, 0x00, 0xD7, 0x2E, 0x1C, 0x10, + 0xAF, 0x9F, 0x3C, 0xD2, 0xAC, 0xE5, 0xBE, 0x94, + 0xB9, 0x60, 0xF5, 0xB2, 0x70, 0x24, 0xE8, 0x8A, + 0x2C, 0xD8, 0x95, 0xAF, 0xAA, 0xA9, 0xA5, 0x2B, + 0xCA, 0xE0, 0x58, 0x44, 0x02, 0x3F, 0xF8, 0x21, + 0x0C, 0x29, 0xB7, 0xD5, 0x08, 0x9E, 0x69, 0x81, + 0xD4, 0x6C, 0xC5, 0x0B, 0xF6, 0xEF, 0xAB, 0x01, + 0xEA, 0xDF, 0x36, 0x2C, 0x5C, 0xFB, 0xEB, 0xC8, + 0x4F, 0x71, 0x80, 0xD7, 0x00, 0xC9, 0x32, 0x5D, + 0x02, 0x4F, 0x96, 0x94, 0x71, 0xCD, 0x98, 0xC4, + 0x25, 0x7A, 0x92, 0xF1, 0x9B, 0xA0, 0x34, 0x30, + 0x6C, 0x41, 0x59, 0xD5, 0x01, 0x5D, 0xD6, 0x56, + 0xEA, 0x05, 0xF2, 0xFC, 0xF8, 0x58, 0xFA, 0x12, + 0x9C, 0x5A, 0x5C, 0xD5, 0x3D, 0xC7, 0x5D, 0x1B, + 0x99, 0x2A, 0x6A, 0x4C, 0xF9, 0xEA, 0x9D, 0x70, + 0x53, 0xBC, 0xBE, 0xAD, 0x61, 0xC7, 0x2D, 0x77, + 0xEF, 0x61, 0xC7, 0xBE, 0x9C, 0x73, 0xC1, 0xD5, + 0xD4, 0x5C, 0x5F, 0x21, 0x6A, 0x5C, 0xEE, 0x78, + 0xAA, 0xC6, 0x6C, 0x56, 0xDB, 0x38, 0x5A, 0x94, + 0x12, 0xB8, 0x73, 0x7C, 0xDF, 0x9A, 0x27, 0xCD, + 0xC5, 0xD1, 0xD3, 0xCA, 0x0E, 0x37, 0x0A, 0xC1, + 0x6F, 0xAD, 0xE3, 0x32, 0x94, 0x6C, 0x20, 0xB5, + 0xED, 0xE6, 0x2D, 0x34, 0x39, 0x58, 0xD2, 0x1E, + 0x63, 0x8D, 0xFA, 0xFF, 0xB5, 0xE8, 0x40, 0xC8, + 0x42, 0x38, 0x7A, 0x01, 0x80, 0xFF, 0x52, 0x3F, + 0xE9, 0x89, 0x63, 0xAD, 0x91, 0x5F, 0xCE, 0x0A, + 0x47, 0x87, 0xF9, 0x6D, 0xD7, 0x79, 0xEF, 0xCE, + 0x10, 0x7B, 0x73, 0x43, 0xBE, 0x51, 0xA0, 0xDF, + 0xE5, 0xEC, 0xA9, 0x63, 0xF6, 0x5E, 0x72, 0x36, + 0x22, 0x86, 0xEE, 0x4E, 0x4A, 0x76, 0xFD, 0x86, + 0xBA, 0xE6, 0xD6, 0xC4, 0xD2, 0xE6, 0xFF, 0xB2, + 0x5B, 0x39, 0xF9, 0xC3, 0x29, 0xA8, 0x61, 0x3A, + 0x33, 0x34, 0x89, 0xC9, 0x83, 0xF9, 0xB2, 0x70, + 0x21, 0x54, 0x44, 0x94, 0x70, 0xAD, 0x70, 0x18, + 0x84, 0x38, 0x91, 0xFB, 0xDE, 0x5E, 0x3D, 0xE3, + 0xB2, 0xA7, 0x3C, 0x1D, 0x49, 0xA6, 0x66, 0x7C, + 0x4B, 0xEB, 0xB0, 0xA7, 0x7C, 0xC5, 0xAE, 0x45, + 0x1F, 0xBE, 0x0E, 0x2F, 0x11, 0xDC, 0x92, 0x08, + 0xAA, 0x18, 0x38, 0xFE, 0x61, 0xBE, 0x9D, 0xC3, + 0x3A, 0x1F, 0x2F, 0xB6, 0x6E, 0xB6, 0x54, 0x97, + 0x74, 0x06, 0xBC, 0x12, 0x2D, 0x64, 0x18, 0x14, + 0x25, 0x5A, 0xCB, 0x7B, 0xD7, 0x9D, 0xC3, 0x2C, + 0xC2, 0x0B, 0x19, 0x10, 0xD2, 0x57, 0xF0, 0xDF, + 0xA4, 0x95, 0xA4, 0x5A, 0xA0, 0x2D, 0x0F, 0xA0, + 0xBC, 0xF7, 0x60, 0x7F, 0x38, 0xE1, 0x17, 0x0D, + 0x36, 0x08, 0xF5, 0xF9, 0x75, 0x28, 0x75, 0xAC, + 0xA9, 0x2B, 0x75, 0xC4, 0x41, 0xE0, 0x0D, 0x5C, + 0xBC, 0x5F, 0x49, 0x16, 0x25, 0x38, 0x16, 0xE1, + 0x0C, 0x2C, 0x9C, 0x63, 0xA8, 0x5F, 0x70, 0xF4, + 0x64, 0xC7, 0x10, 0x19, 0x52, 0x19, 0x6E, 0x9B, + 0x5C, 0x09, 0x4F, 0xEE, 0xB6, 0x7C, 0x85, 0xC9, + 0x6E, 0xCB, 0x33, 0x32, 0x42, 0x9D, 0x57, 0x18, + 0xE6, 0x55, 0x94, 0x74, 0x02, 0xEE, 0xEB, 0xAA, + 0xF7, 0xD3, 0x45, 0x7A, 0x49, 0x6F, 0x83, 0x89, + 0x00, 0xE4, 0xAA, 0x20, 0x87, 0x10, 0xAD, 0xC0, + 0x0E, 0xF5, 0x93, 0x57, 0xE5, 0x45, 0x7A, 0xBD, + 0x82, 0x87, 0x50, 0x0F, 0xE1, 0x2C, 0x0C, 0x6D, + 0xEE, 0xC8, 0x94, 0xB8, 0x39, 0xF3, 0x3C, 0xFE, + 0x7E, 0xC1, 0x0F, 0xB4, 0x67, 0xA2, 0xDF, 0xC6, + 0x9D, 0xB5, 0x9D, 0xB8, 0x72, 0x50, 0xBD, 0xB3, + 0xDB, 0xF6, 0x87, 0x5E, 0x26, 0x93, 0xF0, 0xD4, + 0x0D, 0x68, 0xA4, 0x8B, 0xBD, 0x2C, 0x6E, 0xD8, + 0x4F, 0x81, 0x5D, 0x0D, 0xAC, 0x72, 0x65, 0xEC, + 0x4E, 0xF2, 0x4E, 0x5F, 0x67, 0x04, 0xF3, 0x08, + 0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9, + 0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4 + }; + static const byte msg_44[] = { + 0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B, + 0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA, + 0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A, + 0xA8, 0x23, 0x2B, 0x13, 0x9B, 0xBD, 0x46, 0x37, + 0x30, 0x60, 0xA7, 0x5B, 0xC4, 0x48, 0x63, 0x5F, + 0x41, 0x35, 0x38, 0x69, 0xF9, 0x6F, 0xB5, 0x65, + 0x26, 0xDB, 0xAE, 0xB7, 0x5C, 0xFE, 0x2C, 0x03, + 0xCB, 0x43, 0x08, 0x58, 0x5E, 0x27, 0xD1, 0x42, + 0x14, 0xF2, 0x4B, 0xD7, 0x13, 0xE4, 0x96, 0x74, + 0x6A, 0xC1, 0x36, 0xC7, 0x9D, 0x0F, 0x7D, 0xB0, + 0x7B, 0x8A, 0x3A, 0x6D, 0x00, 0x5B, 0x29, 0x7B, + 0x37, 0xBA, 0x3F, 0x5B, 0xBD, 0xCE, 0x21, 0x77, + 0xFD, 0xD6, 0x78, 0x77, 0x20, 0x31, 0xF0, 0x60, + 0x49, 0xAE, 0x12, 0x86, 0x7A, 0x64, 0xBD, 0x0B, + 0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D, + 0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D + }; + static const byte sig_44[] = { + 0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1, + 0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17, + 0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5, + 0xC2, 0x45, 0x29, 0xB9, 0xEC, 0x6F, 0x3B, 0xF2, + 0xDC, 0x2F, 0xC7, 0x34, 0x5A, 0x1E, 0xFE, 0x0C, + 0xCA, 0xB9, 0x6A, 0xD8, 0xDA, 0xBA, 0xAA, 0x80, + 0x90, 0xDC, 0x8C, 0x6C, 0x22, 0xFF, 0xC4, 0x90, + 0x9E, 0xE9, 0xA5, 0x45, 0xFC, 0xE8, 0x64, 0x53, + 0x9E, 0xC4, 0x17, 0xE1, 0xB2, 0x1A, 0x31, 0x40, + 0x26, 0x9D, 0x5E, 0x03, 0x6A, 0xC6, 0x09, 0x19, + 0xDD, 0xB3, 0x63, 0xE0, 0x35, 0xCD, 0xB4, 0x2E, + 0x25, 0x38, 0x6E, 0x6C, 0x76, 0xA9, 0x19, 0x75, + 0x68, 0x6E, 0xB7, 0xAB, 0xAD, 0x8F, 0x63, 0x64, + 0x97, 0x4E, 0x56, 0x82, 0x30, 0x45, 0x86, 0x22, + 0x64, 0xDA, 0xD2, 0xAE, 0x54, 0x70, 0x5C, 0xF1, + 0xEB, 0xD1, 0x84, 0x8D, 0xFF, 0x86, 0x15, 0xE6, + 0x20, 0xCE, 0x14, 0x89, 0xEF, 0xFA, 0x2E, 0xF8, + 0x60, 0xCA, 0x53, 0x52, 0xE4, 0xD5, 0xC8, 0x2E, + 0x50, 0xD5, 0x9D, 0x90, 0xA6, 0x12, 0xC7, 0xF1, + 0x70, 0x0D, 0xE2, 0x89, 0x5B, 0x31, 0x6A, 0x21, + 0x79, 0x9C, 0xBE, 0x77, 0x6E, 0xA6, 0xBF, 0x51, + 0x05, 0x2A, 0x83, 0x50, 0x7E, 0x86, 0x14, 0xD1, + 0x50, 0x53, 0x1F, 0x1C, 0x5E, 0x50, 0x24, 0x69, + 0x6C, 0x91, 0x55, 0x35, 0x19, 0x6F, 0xE0, 0xDC, + 0xB5, 0xD6, 0x48, 0x7E, 0x78, 0x61, 0x59, 0x2C, + 0xD0, 0x1B, 0x42, 0x58, 0xAF, 0x7A, 0x39, 0xCA, + 0x02, 0x1C, 0x50, 0xEF, 0xE9, 0xE1, 0xDE, 0x31, + 0x8D, 0x09, 0x51, 0xC9, 0xDB, 0x16, 0xF9, 0xB9, + 0x45, 0x54, 0x81, 0x16, 0xD7, 0x14, 0xD8, 0xBE, + 0x9C, 0xCA, 0x53, 0xFE, 0x8F, 0x24, 0x99, 0x0D, + 0xBA, 0x7F, 0x99, 0x42, 0x11, 0x9B, 0x32, 0xDD, + 0x93, 0x5C, 0xBA, 0x2D, 0xD3, 0xB3, 0xF2, 0x48, + 0x13, 0x9C, 0x80, 0xBB, 0x8D, 0xF4, 0xC7, 0xAA, + 0xEB, 0xC6, 0xFD, 0xB8, 0x35, 0x95, 0x87, 0x2B, + 0x9E, 0xCF, 0x48, 0xF3, 0x2D, 0xFF, 0x70, 0xF4, + 0xCE, 0x35, 0x68, 0x7E, 0x9D, 0xDF, 0xD5, 0x0C, + 0xCD, 0xE3, 0x51, 0xB0, 0x90, 0x86, 0xE5, 0xD1, + 0xF1, 0x3B, 0x72, 0x42, 0x73, 0x07, 0x03, 0xE2, + 0xFB, 0x40, 0x3F, 0xD4, 0xC8, 0x30, 0xB6, 0x86, + 0x49, 0x8A, 0x17, 0xDB, 0x8F, 0x46, 0x6C, 0x3A, + 0xC3, 0x49, 0xCD, 0x59, 0x68, 0x81, 0x66, 0x03, + 0xD7, 0x24, 0xAF, 0x1F, 0x77, 0xC7, 0xFB, 0xF7, + 0x83, 0xCD, 0xA2, 0x6D, 0x35, 0x0C, 0x8B, 0xBC, + 0x29, 0x3A, 0x7F, 0xAC, 0xB9, 0xF9, 0x78, 0x50, + 0x6A, 0x67, 0xFC, 0xDC, 0x6F, 0x01, 0x65, 0x06, + 0x82, 0x81, 0xB0, 0x7D, 0x25, 0x5D, 0x74, 0x0B, + 0x68, 0x5F, 0x51, 0x2C, 0x82, 0xF3, 0x1D, 0x92, + 0xF6, 0xA9, 0xA9, 0x6A, 0x77, 0x57, 0x58, 0xAA, + 0x7C, 0xBE, 0x35, 0xF4, 0x56, 0xDE, 0x42, 0x01, + 0x2D, 0xB8, 0x28, 0x83, 0x7B, 0xA0, 0xA9, 0x7D, + 0xC3, 0x30, 0x13, 0x52, 0xD0, 0xA1, 0xC8, 0xA1, + 0x2C, 0x51, 0x49, 0xAE, 0xA8, 0x04, 0xCB, 0xA8, + 0x66, 0x01, 0x26, 0xDF, 0x2D, 0x1C, 0x21, 0xA2, + 0x4E, 0xBD, 0xA5, 0x48, 0x2A, 0x2D, 0x56, 0x60, + 0x20, 0x98, 0x4D, 0x15, 0x7D, 0x02, 0xB6, 0x3A, + 0xE4, 0x11, 0xAE, 0xF7, 0x3E, 0x5D, 0x56, 0x4F, + 0x6A, 0xA3, 0x0A, 0xEA, 0xCC, 0x35, 0x8A, 0xB7, + 0xC4, 0x8F, 0x25, 0x3E, 0x42, 0x41, 0x2B, 0xA5, + 0x1F, 0xA7, 0x3B, 0x87, 0x22, 0x86, 0x79, 0xD5, + 0xE5, 0x2A, 0xA2, 0xCD, 0x68, 0xCE, 0xB8, 0x18, + 0x6D, 0xEF, 0x1C, 0x36, 0x7F, 0x75, 0x50, 0x36, + 0x1B, 0x58, 0xEB, 0x32, 0xA1, 0xC8, 0xAF, 0x47, + 0xE1, 0x26, 0x73, 0x1F, 0x5D, 0x73, 0x30, 0x13, + 0x2F, 0xC7, 0x8B, 0xA3, 0x03, 0xB4, 0xA8, 0x86, + 0x25, 0x29, 0xD1, 0x75, 0x10, 0xEE, 0x7F, 0x56, + 0xBC, 0x0D, 0x59, 0xB4, 0xAE, 0xC9, 0x44, 0x0A, + 0xF7, 0x0D, 0xBF, 0x17, 0x6A, 0x22, 0x9C, 0x75, + 0x2B, 0x3E, 0x22, 0xB8, 0x2F, 0x4B, 0x68, 0xF1, + 0x07, 0xE3, 0x47, 0x47, 0x21, 0x9C, 0xA3, 0x5B, + 0x31, 0x0A, 0x14, 0xD9, 0x7C, 0xA8, 0xC0, 0xC6, + 0x5C, 0xAD, 0x05, 0xD6, 0x15, 0xD3, 0xEC, 0xEC, + 0x32, 0xC2, 0xFF, 0xF4, 0x96, 0x9C, 0xC8, 0x65, + 0xA0, 0xB2, 0xD6, 0xF4, 0x98, 0xBB, 0xB1, 0x4E, + 0xA5, 0x11, 0x3B, 0x4E, 0xA8, 0xEB, 0x90, 0xAB, + 0xD8, 0x25, 0x10, 0xE3, 0x66, 0xB5, 0xA5, 0x11, + 0x60, 0xA0, 0xCB, 0xDF, 0x77, 0x8A, 0x80, 0x4C, + 0x07, 0x9B, 0x1B, 0x45, 0x95, 0x29, 0x1D, 0x88, + 0x85, 0xAC, 0x32, 0x94, 0x26, 0x87, 0x12, 0x0A, + 0x2F, 0x9E, 0xAE, 0x69, 0x79, 0x25, 0x5A, 0x50, + 0xF4, 0xDB, 0x15, 0x20, 0x9F, 0x7A, 0x7A, 0xF2, + 0xE5, 0x8A, 0x63, 0x6A, 0xDD, 0xBD, 0x06, 0xCB, + 0x42, 0xF0, 0x20, 0xA9, 0x3B, 0x52, 0xD8, 0x68, + 0x37, 0x71, 0x07, 0xB8, 0x5B, 0xFE, 0xA0, 0xEC, + 0xBD, 0x75, 0xFF, 0x9C, 0x89, 0xDF, 0x01, 0xE7, + 0x17, 0x7D, 0xA7, 0xE8, 0x27, 0x9E, 0xA2, 0x41, + 0x66, 0xE6, 0xDB, 0x8B, 0x5A, 0x3F, 0x6C, 0xC9, + 0xE3, 0x4F, 0x0D, 0xD0, 0x92, 0x1E, 0x27, 0x41, + 0xF2, 0xB3, 0x08, 0x32, 0x03, 0x6D, 0x2C, 0x4F, + 0x78, 0xEC, 0x99, 0xB3, 0x94, 0x6C, 0xC1, 0x89, + 0xD9, 0x34, 0x0F, 0xEF, 0x10, 0xF0, 0xDA, 0xCE, + 0x09, 0x69, 0x7A, 0x93, 0xC6, 0xFF, 0x19, 0x4F, + 0xBD, 0xDE, 0xA6, 0x54, 0x8A, 0xE5, 0x81, 0x3F, + 0x96, 0xD3, 0xA0, 0x77, 0x7C, 0xF2, 0x4B, 0xF1, + 0x68, 0xA2, 0x23, 0x3D, 0xD4, 0x16, 0xC1, 0x66, + 0xDA, 0x13, 0x53, 0xE1, 0x9F, 0x9A, 0x36, 0x09, + 0x4D, 0x72, 0x08, 0x09, 0xEB, 0x87, 0x74, 0x9A, + 0xB2, 0x8C, 0x60, 0x7F, 0xFB, 0x70, 0x17, 0x51, + 0xB1, 0xAC, 0x18, 0xDF, 0xCB, 0x43, 0x2A, 0xD3, + 0x89, 0xDA, 0x78, 0xAE, 0xDC, 0xEA, 0xB2, 0x22, + 0xCA, 0x2F, 0xF1, 0xE4, 0xA7, 0xCC, 0xAF, 0xB1, + 0x63, 0x1B, 0x5D, 0xDD, 0xD1, 0x49, 0xB8, 0x90, + 0x2E, 0xC9, 0xC0, 0x83, 0x0D, 0xAB, 0x88, 0x88, + 0x4C, 0x74, 0x72, 0x00, 0x7D, 0xFE, 0xF2, 0x46, + 0x73, 0xFD, 0x99, 0xEC, 0x89, 0x8B, 0x3B, 0x0F, + 0xCE, 0x35, 0x5A, 0xEA, 0x13, 0x4F, 0x67, 0x67, + 0xFD, 0x0D, 0x87, 0xFC, 0xB1, 0x36, 0x48, 0x07, + 0x33, 0x0B, 0xCA, 0xD4, 0xD7, 0xD0, 0xCC, 0xA1, + 0x8F, 0xF0, 0x3F, 0x01, 0x8B, 0x6B, 0x74, 0x44, + 0x2F, 0x1B, 0xE0, 0x65, 0x31, 0x1B, 0x4E, 0xDB, + 0x67, 0x65, 0xA9, 0x34, 0xE8, 0x4D, 0x0C, 0xF3, + 0x29, 0xED, 0x53, 0xAB, 0x8A, 0x98, 0x07, 0x2B, + 0xE0, 0xCD, 0xC0, 0x08, 0x82, 0x4A, 0x72, 0x28, + 0x72, 0xA2, 0xAC, 0xFE, 0xF7, 0xBF, 0x6E, 0x8E, + 0xF8, 0x3E, 0x04, 0x58, 0xA4, 0x36, 0x46, 0x33, + 0xAB, 0xDD, 0x0E, 0xBF, 0x01, 0xD2, 0xEF, 0x19, + 0x5B, 0x78, 0x2B, 0x30, 0x51, 0x25, 0x50, 0xD0, + 0xB5, 0x82, 0xC7, 0x20, 0x0D, 0xA1, 0x2C, 0x38, + 0xAF, 0x44, 0xFC, 0xBD, 0x49, 0xB8, 0x7F, 0x89, + 0xEF, 0xBE, 0x37, 0x5C, 0xCB, 0xA2, 0x11, 0x75, + 0x7D, 0xDA, 0xA8, 0x7B, 0x3A, 0x3C, 0x10, 0x11, + 0x4D, 0x9F, 0x99, 0xAB, 0x4B, 0xA2, 0x20, 0x7A, + 0x5F, 0x96, 0xEF, 0x1C, 0x00, 0xD7, 0x27, 0x17, + 0x77, 0x7C, 0x51, 0x58, 0x4B, 0x13, 0x97, 0x53, + 0x2A, 0xC6, 0x86, 0x4D, 0x3B, 0x8E, 0xBB, 0x4F, + 0xB8, 0xA0, 0x84, 0x87, 0xF6, 0xEF, 0x55, 0x12, + 0x2B, 0xCF, 0x9E, 0x5C, 0xD0, 0x0E, 0xBC, 0x1E, + 0x79, 0x53, 0xE7, 0x8C, 0x4D, 0x8B, 0xCB, 0x20, + 0xF6, 0xEA, 0x72, 0x0A, 0x63, 0x2F, 0x0C, 0xCF, + 0x57, 0x27, 0x26, 0xF4, 0x3A, 0x95, 0xCA, 0xBE, + 0xB5, 0x7C, 0x47, 0x60, 0x10, 0xCD, 0x28, 0x9E, + 0x02, 0x64, 0xC9, 0x8D, 0x82, 0x49, 0xD0, 0xD6, + 0x60, 0xF8, 0xDC, 0xC8, 0x4B, 0x7D, 0xB5, 0xEF, + 0x11, 0x17, 0xC7, 0x94, 0x5F, 0x0D, 0x99, 0xBE, + 0x75, 0x48, 0x49, 0xC6, 0x58, 0x43, 0x64, 0x99, + 0x1A, 0x5A, 0x41, 0xBA, 0xC2, 0x31, 0xB3, 0xE0, + 0x45, 0x1B, 0x81, 0xD2, 0x12, 0xBE, 0x90, 0xDB, + 0xFF, 0xBC, 0xCB, 0x99, 0xA3, 0xF0, 0x74, 0xE8, + 0x2C, 0x48, 0x58, 0xB3, 0x17, 0xA4, 0x9A, 0xD2, + 0x22, 0x46, 0xFB, 0xF5, 0x85, 0x8D, 0x07, 0xDF, + 0xDB, 0x78, 0x07, 0xF4, 0x99, 0xA8, 0x6C, 0xEE, + 0x6E, 0x96, 0x20, 0xB8, 0xC2, 0xA9, 0xFA, 0x8B, + 0x6E, 0xA6, 0x79, 0x6D, 0xF9, 0xC3, 0x0C, 0x77, + 0x74, 0xAE, 0xB0, 0x40, 0xA9, 0xE5, 0xA7, 0x0B, + 0x30, 0x40, 0x4B, 0x4F, 0xB1, 0x0A, 0x0B, 0x7B, + 0xEE, 0x1F, 0x69, 0xFA, 0xD0, 0xF0, 0x2D, 0x5D, + 0x00, 0xB5, 0x4D, 0xEB, 0x32, 0x84, 0xB2, 0xB7, + 0x60, 0xAA, 0x6C, 0xF9, 0x98, 0x18, 0xB3, 0xD9, + 0xC1, 0x54, 0x8D, 0xAC, 0x12, 0xB0, 0x3A, 0x26, + 0xB2, 0x23, 0x2D, 0x9B, 0xF8, 0x20, 0xEE, 0x90, + 0xE0, 0x6D, 0x31, 0xDE, 0xF5, 0xCA, 0xBA, 0x6A, + 0x53, 0x40, 0x29, 0x6C, 0x18, 0x62, 0xA5, 0x8A, + 0xB8, 0x17, 0xA0, 0xAB, 0xCB, 0xDC, 0xE1, 0x3B, + 0xD6, 0xC6, 0x29, 0xA3, 0x1C, 0x5F, 0x8D, 0x6E, + 0x73, 0xF6, 0x98, 0x10, 0x0F, 0x9F, 0x7E, 0xCA, + 0x4C, 0xD8, 0xEB, 0xE4, 0xB8, 0xDF, 0x72, 0x78, + 0x65, 0xAF, 0x4A, 0x20, 0xFE, 0x7C, 0xB4, 0xCA, + 0x07, 0x81, 0xFD, 0xC5, 0xC5, 0xFD, 0x33, 0x4D, + 0xB8, 0x37, 0x37, 0xC4, 0x21, 0x81, 0x66, 0x45, + 0xAE, 0x81, 0x34, 0x13, 0xA6, 0x40, 0x81, 0x39, + 0x55, 0x90, 0xE6, 0xF1, 0x42, 0x56, 0x74, 0xFF, + 0x06, 0x9B, 0x50, 0x1F, 0x0F, 0xDA, 0x6B, 0x31, + 0xC6, 0x4B, 0xC5, 0xC2, 0x14, 0xE7, 0x01, 0x5E, + 0xA9, 0xDA, 0x12, 0x2D, 0x6C, 0xE0, 0x8C, 0xEB, + 0x2D, 0xF6, 0x2C, 0x45, 0xBC, 0x01, 0x73, 0x34, + 0x6D, 0xAB, 0xBC, 0x15, 0x4C, 0x16, 0x03, 0x35, + 0x9D, 0xD4, 0xF0, 0xAC, 0x49, 0x84, 0x4A, 0xEE, + 0x46, 0x47, 0x64, 0x93, 0xF2, 0x49, 0x59, 0x86, + 0x26, 0xFB, 0x24, 0x6B, 0x99, 0xB3, 0x9A, 0xCB, + 0xB4, 0x2B, 0x28, 0x4E, 0x0C, 0x2D, 0x3F, 0x9E, + 0xCE, 0x32, 0x71, 0xC4, 0xD5, 0xE0, 0x6C, 0x48, + 0x25, 0xEA, 0x1A, 0x8F, 0x08, 0x57, 0x23, 0x85, + 0x89, 0xCD, 0xC5, 0x48, 0x37, 0x19, 0x8E, 0xD4, + 0x23, 0x4D, 0xD0, 0x31, 0x73, 0xA8, 0x8E, 0x43, + 0xEE, 0x95, 0x67, 0xF5, 0x7A, 0x93, 0x27, 0xD3, + 0x90, 0x36, 0x30, 0x4C, 0xA1, 0xCD, 0xB5, 0xF8, + 0x65, 0xC5, 0x89, 0x54, 0x57, 0x2C, 0xAE, 0xF8, + 0x75, 0xF1, 0x2E, 0x14, 0x14, 0x14, 0x0D, 0x97, + 0x5B, 0x24, 0x52, 0x46, 0x7A, 0x57, 0x6D, 0x9C, + 0x4C, 0x79, 0xDB, 0x0A, 0xE0, 0x23, 0x69, 0x52, + 0x9B, 0xF8, 0x1B, 0x54, 0x40, 0x18, 0xDF, 0xE0, + 0x1E, 0xF0, 0x61, 0xE4, 0x79, 0x81, 0xF9, 0x98, + 0x9A, 0x8C, 0x48, 0xFF, 0x86, 0x93, 0x0B, 0x68, + 0x96, 0x78, 0x2F, 0xF1, 0x2D, 0xDC, 0x60, 0x1F, + 0x8B, 0x1C, 0x04, 0x43, 0x4E, 0x60, 0x96, 0x5B, + 0x8A, 0xF6, 0x89, 0xCC, 0xC8, 0xB2, 0x9B, 0xBF, + 0x87, 0x16, 0x2E, 0xA8, 0x6F, 0x9B, 0x4B, 0xFD, + 0x74, 0x4E, 0x8F, 0x36, 0x33, 0x23, 0xDE, 0x94, + 0xD2, 0xA1, 0x72, 0x4F, 0xB2, 0xE6, 0x75, 0x3D, + 0x6E, 0x47, 0x9B, 0xDB, 0x58, 0xE5, 0x4A, 0x0C, + 0x09, 0x8F, 0x9C, 0x83, 0x63, 0x98, 0x8B, 0xA4, + 0xF7, 0x3D, 0x01, 0xA6, 0x8B, 0x93, 0x97, 0x48, + 0x84, 0x75, 0x32, 0xC7, 0xD7, 0x03, 0xDF, 0x7E, + 0x94, 0x8C, 0x8A, 0xA6, 0x78, 0x1A, 0xAE, 0xDE, + 0x36, 0x8A, 0xAD, 0x13, 0x7E, 0xF0, 0x16, 0xC2, + 0x3B, 0xAF, 0xF9, 0xD8, 0x66, 0x12, 0x30, 0x72, + 0x76, 0x6D, 0x21, 0x4C, 0xF3, 0xEF, 0x0D, 0x8C, + 0x11, 0xA4, 0x12, 0xBE, 0xF5, 0x7E, 0x8E, 0x6A, + 0x11, 0x13, 0x48, 0x8D, 0xC2, 0x62, 0xCF, 0x45, + 0x7C, 0xE3, 0x91, 0x88, 0x59, 0xFF, 0xB0, 0xF1, + 0xC3, 0xBC, 0x1D, 0x2A, 0x3E, 0x9B, 0x78, 0xF3, + 0xB1, 0x2E, 0xB0, 0x27, 0xD8, 0x16, 0xF8, 0x9B, + 0x2A, 0xAF, 0xF1, 0xAB, 0xB0, 0xF1, 0x8C, 0x7F, + 0x94, 0x31, 0x97, 0x85, 0xDA, 0xF0, 0xF4, 0x27, + 0x51, 0x3E, 0x5A, 0xE1, 0xDD, 0x6D, 0x9E, 0x98, + 0x39, 0xBB, 0xDF, 0xA2, 0xBA, 0x2C, 0x08, 0xAD, + 0x1D, 0x3F, 0x86, 0xF6, 0xC2, 0x1A, 0x8C, 0xAD, + 0xE0, 0xDC, 0xDD, 0x02, 0x47, 0x4C, 0x7E, 0x2D, + 0xDA, 0x1D, 0x70, 0x92, 0x39, 0xAA, 0x4E, 0xBA, + 0x14, 0xC7, 0xEC, 0x26, 0xBD, 0x9D, 0x1F, 0x6D, + 0x91, 0x58, 0x3C, 0xB5, 0xEF, 0x37, 0xB9, 0x66, + 0x4E, 0x04, 0x7C, 0x29, 0xCF, 0xD7, 0x8E, 0x47, + 0x84, 0xF3, 0xD2, 0x21, 0x84, 0xC5, 0xF8, 0xDC, + 0xC9, 0xF2, 0x52, 0xD5, 0x6A, 0xBF, 0xF1, 0xF1, + 0xDE, 0x9E, 0x7A, 0xF1, 0xD5, 0x5A, 0xF6, 0xEF, + 0x94, 0x66, 0xF9, 0x25, 0x44, 0x7F, 0x8D, 0x92, + 0xA2, 0x25, 0x1C, 0x72, 0x92, 0x30, 0x2A, 0xB7, + 0xEF, 0x18, 0xF3, 0x8C, 0xEF, 0x69, 0xA5, 0x5C, + 0x19, 0x3E, 0xC5, 0xBD, 0xEE, 0x2C, 0x2D, 0x71, + 0xDB, 0x89, 0xD4, 0x11, 0xA6, 0x27, 0x80, 0x8F, + 0x5A, 0x39, 0x9A, 0x04, 0x28, 0x4F, 0x9F, 0x00, + 0xBE, 0xF9, 0xF7, 0x9B, 0x46, 0x69, 0xD6, 0xAC, + 0x12, 0xE9, 0xA7, 0xC2, 0xD1, 0xC8, 0xAD, 0x5D, + 0xF7, 0xCB, 0x0C, 0x98, 0x78, 0x2D, 0x04, 0x4D, + 0x2D, 0x41, 0xAB, 0xC6, 0x3F, 0x81, 0x1D, 0xB9, + 0x2C, 0x1F, 0x3F, 0x59, 0x11, 0xF4, 0x80, 0x4F, + 0x0B, 0xCA, 0x9F, 0x81, 0x6E, 0x9C, 0xD1, 0xB4, + 0x74, 0x06, 0x48, 0x0A, 0x87, 0x2C, 0xFD, 0x4D, + 0x85, 0xD4, 0x21, 0x65, 0x7C, 0x96, 0x69, 0x53, + 0x51, 0xC0, 0xC4, 0xB0, 0xEB, 0x20, 0xDB, 0xE0, + 0x41, 0x09, 0xA7, 0x62, 0xB2, 0xF3, 0xC7, 0x6A, + 0x1D, 0x53, 0xA0, 0x39, 0xBA, 0xCF, 0x78, 0x9E, + 0xBF, 0x1D, 0xA5, 0x98, 0x09, 0x8E, 0xA7, 0x1A, + 0xE7, 0x95, 0xFF, 0x10, 0x38, 0xCC, 0x8F, 0x44, + 0xCB, 0xE7, 0xF6, 0xD6, 0x2C, 0xFF, 0xA8, 0x1C, + 0xFF, 0xA3, 0x65, 0xE8, 0x4E, 0xAE, 0xC7, 0xEF, + 0x61, 0xE1, 0x16, 0x4B, 0x8C, 0xA8, 0xC8, 0xFB, + 0xA5, 0x2C, 0xD1, 0x0A, 0x39, 0xAB, 0x4A, 0xF9, + 0xEE, 0x0B, 0x9B, 0xB4, 0x33, 0x5E, 0x25, 0x15, + 0xD0, 0xAA, 0x93, 0xC4, 0x53, 0x42, 0x91, 0xC5, + 0x98, 0x15, 0x34, 0x9A, 0x22, 0x1D, 0x9A, 0xE7, + 0x0E, 0x81, 0xF6, 0x99, 0x55, 0xB3, 0xD6, 0x49, + 0x1B, 0xB8, 0xA8, 0xBE, 0xDF, 0x54, 0xF0, 0x78, + 0xF7, 0x02, 0x97, 0x74, 0x84, 0x67, 0x6B, 0xAE, + 0x2F, 0xEC, 0x6E, 0x59, 0x20, 0x68, 0xD8, 0xE3, + 0x5A, 0x07, 0x48, 0xE1, 0x99, 0x90, 0xEE, 0xCD, + 0x17, 0x2B, 0xB6, 0xD6, 0xAA, 0x1A, 0xF8, 0x97, + 0x4E, 0xE0, 0x67, 0x9E, 0x4C, 0x35, 0xFE, 0x68, + 0x71, 0x54, 0x43, 0x5D, 0x43, 0x59, 0x19, 0xEB, + 0x58, 0x8E, 0x9A, 0xF6, 0xBD, 0x88, 0x71, 0xEE, + 0x89, 0xC6, 0xF2, 0x10, 0x04, 0x33, 0x13, 0x88, + 0xCD, 0x08, 0xB5, 0xE3, 0x5D, 0xA8, 0xBC, 0x43, + 0xB3, 0x84, 0x5F, 0x70, 0x94, 0xD9, 0xAC, 0xAE, + 0x74, 0x70, 0x13, 0x1E, 0x21, 0xFB, 0xD5, 0x7F, + 0xEC, 0x66, 0x2F, 0xA0, 0xB1, 0x1D, 0xE3, 0xF8, + 0xB9, 0x36, 0x48, 0x25, 0x3D, 0xBA, 0x7D, 0x44, + 0x08, 0xC5, 0x71, 0x74, 0xDA, 0xD3, 0x4F, 0x97, + 0x86, 0xF1, 0x16, 0x38, 0xD8, 0xC9, 0xE3, 0x3A, + 0xA7, 0x2E, 0x06, 0x4D, 0x9D, 0xE8, 0xFC, 0x38, + 0x58, 0x2A, 0x8D, 0x2D, 0x07, 0x99, 0xEA, 0xDF, + 0xF3, 0x00, 0x3B, 0xBC, 0x5F, 0x67, 0x1E, 0x4B, + 0x6C, 0xF1, 0x4A, 0x47, 0xB0, 0x71, 0x90, 0x5A, + 0x3B, 0x75, 0x93, 0x75, 0x56, 0x50, 0x4C, 0x70, + 0xF3, 0xC7, 0x95, 0xD5, 0xEA, 0xCB, 0x4C, 0x92, + 0x4F, 0x22, 0x4F, 0xD9, 0x34, 0x46, 0x76, 0xFB, + 0x79, 0xD6, 0xBD, 0x4E, 0x84, 0xEE, 0xE7, 0x78, + 0x7C, 0xB8, 0x92, 0x9F, 0xAD, 0xF2, 0x17, 0x5D, + 0x38, 0xB1, 0x88, 0x2E, 0xE9, 0x65, 0xAC, 0x4C, + 0x24, 0x27, 0x1D, 0x7B, 0xA3, 0x69, 0x96, 0x55, + 0x5C, 0x26, 0x40, 0xAF, 0x04, 0xB1, 0xCE, 0xA8, + 0x5D, 0x1E, 0x1F, 0xE5, 0x5A, 0xC3, 0xAE, 0xF9, + 0x14, 0x03, 0x58, 0x10, 0x1C, 0x8B, 0x1F, 0xDB, + 0x6C, 0x71, 0x68, 0x60, 0x13, 0x32, 0xF1, 0xA9, + 0x69, 0x45, 0x28, 0x69, 0x7C, 0xE3, 0xC9, 0x56, + 0xAF, 0xF3, 0xBD, 0x4B, 0x9E, 0x0A, 0x06, 0x6A, + 0x62, 0x20, 0x40, 0x65, 0xBD, 0xBC, 0xBF, 0xC7, + 0x0A, 0x2A, 0xCF, 0x56, 0x7C, 0x0E, 0x64, 0xBB, + 0x64, 0x71, 0x2D, 0x90, 0xBB, 0x32, 0x00, 0x0A, + 0x4A, 0x45, 0x44, 0x08, 0x75, 0x2C, 0x86, 0x13, + 0x86, 0x52, 0x8D, 0x3D, 0xFC, 0xF3, 0x5E, 0x5B, + 0x3F, 0x7A, 0xAA, 0x98, 0x84, 0xCF, 0x92, 0xF9, + 0x0B, 0x40, 0x8F, 0xC0, 0xA3, 0x71, 0x84, 0xAD, + 0xEE, 0xDF, 0xC4, 0x91, 0x7E, 0x87, 0x7D, 0x06, + 0xCA, 0x65, 0x8C, 0xE4, 0x8E, 0x03, 0xF0, 0x59, + 0x3E, 0xB4, 0x90, 0x4C, 0xEE, 0x88, 0x29, 0xE4, + 0x26, 0x7D, 0xA6, 0x54, 0x82, 0x49, 0xC1, 0x9D, + 0x80, 0xAB, 0x6B, 0xD7, 0xBE, 0x7D, 0x09, 0x80, + 0x5E, 0xB6, 0xD1, 0x1E, 0xD1, 0x1B, 0xE9, 0x8D, + 0xFC, 0x6E, 0x9C, 0x14, 0x0C, 0x15, 0x02, 0x87, + 0xF3, 0x9D, 0x21, 0xF8, 0xCB, 0xC8, 0xB9, 0xBD, + 0xE1, 0x70, 0xEA, 0xE4, 0x86, 0x4C, 0x97, 0xC1, + 0xEE, 0x4C, 0x18, 0x95, 0xEC, 0xD2, 0x4D, 0x35, + 0x9F, 0xC6, 0x56, 0x10, 0x3E, 0xC0, 0xB9, 0x7B, + 0x13, 0x1A, 0x37, 0x3D, 0x40, 0x4C, 0x88, 0x8B, + 0x9A, 0xA5, 0xB2, 0xB8, 0xB9, 0xC3, 0xEC, 0xF1, + 0x14, 0x33, 0x63, 0x67, 0x84, 0x98, 0xC8, 0xF4, + 0x06, 0x0C, 0x0E, 0x0F, 0x10, 0x12, 0x15, 0x16, + 0x45, 0x4E, 0x55, 0x5A, 0x5F, 0x8A, 0x94, 0x97, + 0xA8, 0xAF, 0xB2, 0xCC, 0xD4, 0xDC, 0xE7, 0xF1, + 0xFE, 0xFF, 0x11, 0x24, 0x53, 0x62, 0x94, 0xB7, + 0xB9, 0xD3, 0xD9, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x10, 0x18, 0x32, 0x3B + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte pk_65[] = { + 0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52, + 0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83, + 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, + 0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E, + 0x2D, 0x79, 0x77, 0x01, 0x86, 0xFC, 0x74, 0xD9, + 0x42, 0xC0, 0xF4, 0xA3, 0xB5, 0x95, 0xFF, 0x6C, + 0x19, 0x80, 0x4B, 0x49, 0x90, 0x1C, 0x6A, 0xD5, + 0xFA, 0xF7, 0x16, 0x01, 0xC2, 0xB6, 0x00, 0x31, + 0x5E, 0x1F, 0x40, 0xC2, 0x05, 0x47, 0x67, 0xB0, + 0x09, 0x25, 0xDF, 0x3A, 0xA4, 0x90, 0xE8, 0xC7, + 0x6F, 0x05, 0xFB, 0xFB, 0x74, 0x91, 0x10, 0x75, + 0xE6, 0x51, 0x8C, 0x5F, 0x1D, 0x91, 0xB8, 0xA0, + 0xE5, 0xB5, 0x98, 0x30, 0xD3, 0xDF, 0x39, 0x94, + 0x76, 0x04, 0x11, 0xEB, 0xB9, 0x11, 0xED, 0x4C, + 0xC2, 0xC1, 0x60, 0xE3, 0x84, 0x9A, 0x93, 0x76, + 0x2D, 0xFC, 0xA7, 0xB9, 0x81, 0x2B, 0xC7, 0xAE, + 0xB2, 0xDD, 0xB2, 0x76, 0x7B, 0xEF, 0x36, 0x50, + 0x56, 0x05, 0xAE, 0x06, 0x92, 0x60, 0xBC, 0xC8, + 0xDC, 0x47, 0x87, 0xC4, 0x28, 0xCB, 0x3C, 0x07, + 0x6E, 0xF2, 0xA6, 0xB9, 0x35, 0x61, 0xD8, 0x94, + 0x3F, 0x45, 0xCA, 0xBE, 0x8F, 0x05, 0x53, 0xFF, + 0x2E, 0xA1, 0xAC, 0x95, 0xC1, 0xCE, 0x21, 0x59, + 0x3A, 0x17, 0x54, 0x59, 0xD7, 0xDF, 0x12, 0xC4, + 0x07, 0x0A, 0xDB, 0x0E, 0xEE, 0x55, 0xB4, 0xAB, + 0xAE, 0x59, 0xBE, 0x69, 0xC3, 0xFF, 0x0D, 0xE5, + 0xA9, 0xB0, 0x27, 0xFC, 0x7D, 0x8E, 0x6E, 0x05, + 0x7B, 0x71, 0x52, 0xEE, 0x6A, 0xB4, 0x80, 0xD1, + 0x05, 0xD3, 0x0B, 0x0F, 0x50, 0x51, 0xB6, 0x0C, + 0x79, 0x01, 0xC5, 0x25, 0xC4, 0x63, 0x5F, 0xE6, + 0x68, 0xCC, 0x00, 0xE9, 0xD3, 0x09, 0x7D, 0xB9, + 0x9D, 0x66, 0x32, 0x37, 0x15, 0xCE, 0x4F, 0x0B, + 0x79, 0xB4, 0x26, 0xB4, 0x54, 0x5E, 0x09, 0xF4, + 0xDE, 0x39, 0x32, 0x3D, 0xD1, 0x4C, 0xCB, 0x0D, + 0x17, 0x10, 0x8C, 0xD4, 0x6D, 0xEC, 0x61, 0x38, + 0xCD, 0xFA, 0x28, 0x72, 0xC1, 0xC4, 0xC8, 0xAE, + 0xAD, 0x5C, 0x8C, 0xE0, 0x41, 0x57, 0xE5, 0x53, + 0xA3, 0x75, 0x58, 0xC2, 0x34, 0x6A, 0x06, 0x19, + 0x4C, 0xB5, 0x0B, 0x49, 0x81, 0xBF, 0x4D, 0x09, + 0x0C, 0xE4, 0xE8, 0x60, 0x12, 0x6A, 0x82, 0x54, + 0xA4, 0xD4, 0xC0, 0x84, 0xC3, 0xE2, 0x02, 0x0B, + 0xC0, 0x75, 0x35, 0x21, 0x04, 0x9B, 0x0F, 0xD8, + 0x89, 0x97, 0xE0, 0x27, 0xAC, 0x51, 0xE7, 0x5C, + 0xF1, 0x35, 0x0C, 0x3F, 0x30, 0x3A, 0x0E, 0xCE, + 0x42, 0x64, 0x87, 0x15, 0x3D, 0xAF, 0x1F, 0xAA, + 0xD6, 0x80, 0x8B, 0x9D, 0x99, 0x07, 0xDA, 0x9F, + 0x35, 0x18, 0x5B, 0xD3, 0xBE, 0x8D, 0x9C, 0xEB, + 0xE9, 0x16, 0xCE, 0xD1, 0xFA, 0x29, 0x28, 0xD8, + 0x85, 0xA9, 0xCB, 0xA8, 0x81, 0x49, 0x70, 0x3F, + 0x5E, 0x47, 0x72, 0xE4, 0x85, 0x23, 0x12, 0x5D, + 0xDD, 0x02, 0x6E, 0x71, 0x4C, 0x49, 0xF4, 0xFB, + 0x4E, 0x54, 0x4B, 0xBF, 0x61, 0x7A, 0x40, 0xB0, + 0x0B, 0x68, 0xDF, 0x8F, 0x15, 0x5F, 0x58, 0x80, + 0xD4, 0x11, 0x87, 0x7E, 0x25, 0xB4, 0x2B, 0x24, + 0x48, 0xB3, 0x6B, 0xEC, 0x2F, 0x1F, 0x8F, 0x9A, + 0x77, 0x0C, 0x54, 0x51, 0x50, 0xA0, 0x27, 0x8E, + 0x9B, 0x72, 0x45, 0x00, 0xAE, 0xAA, 0xEA, 0x47, + 0x1C, 0x11, 0xCF, 0xF0, 0x4E, 0x30, 0xEA, 0xB2, + 0xF4, 0x73, 0xBC, 0x04, 0x8E, 0x32, 0xCD, 0x31, + 0xAE, 0xF2, 0x15, 0x79, 0xB6, 0x99, 0x22, 0x5B, + 0xF9, 0xE1, 0xB6, 0x70, 0x0C, 0x57, 0xE5, 0x09, + 0xFC, 0xA1, 0xF2, 0x36, 0x29, 0x4A, 0x59, 0x74, + 0xDA, 0xA1, 0x5F, 0xBC, 0xAD, 0x62, 0xD4, 0xBD, + 0xDC, 0x45, 0x32, 0xB2, 0x61, 0x41, 0x44, 0xDB, + 0xE2, 0x88, 0x07, 0x36, 0x8C, 0x28, 0x1A, 0x77, + 0x0E, 0xA2, 0x2B, 0x1E, 0x5A, 0x3F, 0xA5, 0xBA, + 0x14, 0x92, 0x6D, 0xC5, 0x5A, 0x54, 0xF8, 0x4A, + 0x2A, 0x77, 0xC5, 0xA7, 0x08, 0x41, 0xF0, 0x7B, + 0xC1, 0xDE, 0xEF, 0x74, 0x03, 0xB2, 0x47, 0xAB, + 0x42, 0xB8, 0x4A, 0xDF, 0x14, 0x1E, 0x03, 0x0C, + 0x98, 0x46, 0x84, 0x24, 0xDA, 0xAE, 0xB9, 0x9D, + 0x25, 0x77, 0xF9, 0x50, 0xC2, 0x37, 0x3C, 0xCA, + 0x1E, 0x2D, 0xC2, 0x76, 0x1B, 0x8E, 0xDD, 0x6D, + 0x08, 0xFF, 0x79, 0xE5, 0x28, 0x88, 0x0F, 0xFB, + 0x51, 0xC3, 0x6E, 0xD4, 0x20, 0xAC, 0x5D, 0x50, + 0xF2, 0x58, 0x2A, 0xA6, 0x64, 0xE5, 0x4E, 0xA5, + 0xF4, 0x18, 0x9E, 0xA0, 0x17, 0x6D, 0xAA, 0x61, + 0x22, 0xF6, 0x23, 0x5A, 0x70, 0xB1, 0x5C, 0xEB, + 0x4D, 0xDD, 0x65, 0xD3, 0xBE, 0x6E, 0xBF, 0x3D, + 0xC4, 0x31, 0x89, 0xEE, 0x0A, 0x2E, 0x31, 0x05, + 0x63, 0x8F, 0x23, 0x87, 0x36, 0x95, 0x28, 0x0F, + 0x1B, 0x74, 0x27, 0x43, 0x52, 0xD6, 0x0A, 0x48, + 0xE5, 0xD3, 0xDD, 0x02, 0xFB, 0x7A, 0x5E, 0xD8, + 0x3F, 0xE2, 0x7A, 0x69, 0x82, 0x51, 0x42, 0x1C, + 0x8E, 0x9C, 0x98, 0x80, 0x61, 0x02, 0x39, 0x6E, + 0x53, 0x73, 0x90, 0xAC, 0xFD, 0x8C, 0x1D, 0x0B, + 0x4F, 0x99, 0xB7, 0x02, 0xA9, 0xEA, 0x65, 0x98, + 0x78, 0x58, 0x3D, 0x92, 0x75, 0x89, 0x41, 0xB3, + 0x0E, 0xCE, 0x50, 0x7C, 0x10, 0x4B, 0x2C, 0xE4, + 0x87, 0x67, 0x9E, 0xCF, 0x68, 0xB4, 0xD8, 0xB9, + 0x80, 0x69, 0x8A, 0xCF, 0x6A, 0xA6, 0xA5, 0x7E, + 0x8E, 0xD6, 0xAF, 0x3F, 0xF1, 0x8D, 0x26, 0x68, + 0x95, 0x04, 0x28, 0xB5, 0x7D, 0x18, 0x2F, 0x73, + 0xBB, 0x49, 0xB9, 0xB0, 0x38, 0xCC, 0xC8, 0x2D, + 0x56, 0x12, 0x78, 0xA3, 0x86, 0xD5, 0x66, 0x45, + 0xEC, 0x3F, 0xAF, 0xFB, 0x41, 0x25, 0xE0, 0xE7, + 0xF3, 0x6B, 0x48, 0xB1, 0x4B, 0x45, 0x25, 0x47, + 0xA0, 0xB4, 0x81, 0xAA, 0x6B, 0x33, 0x42, 0x29, + 0x24, 0x91, 0x53, 0xE4, 0x2E, 0xDF, 0x7E, 0x49, + 0xDD, 0x6E, 0x76, 0x36, 0xBF, 0xC6, 0x15, 0xA2, + 0x3A, 0x40, 0x1E, 0xFD, 0x40, 0x34, 0xC8, 0x1B, + 0x4D, 0xCE, 0xF0, 0x27, 0xD3, 0x44, 0xDD, 0xCC, + 0xE0, 0xA7, 0x16, 0x18, 0xEB, 0x59, 0x10, 0xCE, + 0xC6, 0x22, 0x28, 0x81, 0x93, 0x85, 0x03, 0x3E, + 0x8D, 0x0A, 0xBD, 0x49, 0x3D, 0x98, 0x3E, 0x4F, + 0xC0, 0x87, 0xD7, 0x2B, 0x45, 0x5E, 0x4D, 0xB6, + 0x3A, 0x2F, 0x82, 0xCE, 0xFF, 0x65, 0xC1, 0xE6, + 0x28, 0xEA, 0xE6, 0x30, 0x59, 0x6D, 0xEC, 0x27, + 0xFB, 0x98, 0xB8, 0x4D, 0xBF, 0xDC, 0xDF, 0xAB, + 0x40, 0xE4, 0x72, 0x24, 0x49, 0x14, 0xAF, 0xF1, + 0x79, 0x32, 0x6D, 0x54, 0x2D, 0x40, 0x1A, 0x3C, + 0xBB, 0x86, 0xE5, 0xFF, 0x83, 0x51, 0xEF, 0xE5, + 0x3A, 0x73, 0xC5, 0x1A, 0xBB, 0x63, 0xFF, 0x55, + 0x3E, 0x7D, 0x79, 0x57, 0xEF, 0x89, 0x13, 0x5E, + 0x0F, 0x5B, 0xB1, 0xBD, 0x0C, 0x24, 0xF9, 0xE4, + 0x5E, 0x32, 0x36, 0x41, 0x3C, 0x60, 0xE1, 0x39, + 0x6A, 0x47, 0x56, 0x7C, 0x94, 0x39, 0x51, 0x0F, + 0x00, 0xD4, 0xA4, 0x3C, 0x14, 0x9A, 0x5C, 0xCC, + 0x04, 0xF3, 0xD4, 0x7E, 0x67, 0xA8, 0xE2, 0x94, + 0xA4, 0x61, 0xA5, 0xF6, 0x93, 0xDB, 0x0C, 0xAE, + 0x22, 0xCF, 0xAC, 0x61, 0xE8, 0x53, 0x47, 0x7D, + 0x33, 0x9A, 0x4E, 0x45, 0xF7, 0xB1, 0x7C, 0x3C, + 0x11, 0x6D, 0x56, 0xF3, 0xA0, 0x68, 0xFC, 0x5A, + 0xDF, 0xEF, 0x38, 0xFF, 0x85, 0x33, 0x2B, 0xD5, + 0x15, 0x3C, 0x4D, 0x8F, 0xB8, 0xF1, 0x48, 0xF1, + 0x17, 0x65, 0x9C, 0x2E, 0xA9, 0x4D, 0xB4, 0x2A, + 0xA0, 0xB0, 0xBE, 0xBB, 0x47, 0x5A, 0x11, 0x04, + 0x12, 0xF3, 0xCD, 0x33, 0x49, 0xFC, 0x1A, 0xD0, + 0x41, 0xB7, 0xD5, 0x30, 0x4A, 0x85, 0x93, 0x14, + 0x4E, 0xFA, 0x3A, 0x36, 0x1D, 0x1B, 0x0C, 0x76, + 0x13, 0xB8, 0x2C, 0x08, 0x6E, 0xA7, 0x12, 0x6E, + 0x43, 0xC6, 0x16, 0xCE, 0xE8, 0xF1, 0x44, 0x4E, + 0x99, 0x56, 0xE8, 0x7F, 0x5C, 0xAB, 0x95, 0xC7, + 0xC7, 0xFB, 0x17, 0x58, 0xEC, 0x7D, 0x97, 0x01, + 0x9E, 0x5B, 0xA9, 0x35, 0x43, 0xEF, 0x3B, 0xAC, + 0x1A, 0x17, 0x42, 0x99, 0xCA, 0x48, 0xBF, 0x78, + 0x59, 0xDB, 0xFB, 0xDF, 0xF2, 0x43, 0xB1, 0x14, + 0xF6, 0xBF, 0x42, 0x3C, 0xE9, 0x8B, 0x4D, 0x4D, + 0x09, 0x1D, 0xA4, 0x4F, 0x32, 0x74, 0xD5, 0x73, + 0xFD, 0xC9, 0x04, 0xBD, 0x88, 0x5E, 0x35, 0xC9, + 0x15, 0x2A, 0x65, 0x35, 0x48, 0x88, 0xF1, 0x1E, + 0xD4, 0xF3, 0xD6, 0x3F, 0x26, 0xA7, 0xBE, 0x2F, + 0x57, 0x26, 0xEA, 0xDA, 0xF4, 0x85, 0x86, 0x59, + 0x2B, 0xBD, 0xF6, 0xCE, 0xE2, 0x46, 0x76, 0x9E, + 0x0E, 0xDA, 0x2A, 0x80, 0x77, 0x1F, 0xED, 0x34, + 0x7D, 0x67, 0xAF, 0xEE, 0xC6, 0x8B, 0x89, 0x46, + 0x3F, 0xA0, 0x49, 0x6D, 0xBC, 0x15, 0xC8, 0x9E, + 0x8D, 0x56, 0x99, 0x83, 0xD1, 0xD6, 0x74, 0x73, + 0x3F, 0x2B, 0xF9, 0xDF, 0x4A, 0x98, 0x0E, 0xA8, + 0xC5, 0xE3, 0xAF, 0x15, 0x56, 0x0A, 0x0E, 0x28, + 0xD6, 0x72, 0xB5, 0x80, 0xAB, 0x65, 0x52, 0xED, + 0x76, 0xAA, 0xCB, 0x5F, 0x80, 0x26, 0x0B, 0x97, + 0x03, 0x76, 0x9D, 0x33, 0xF4, 0x13, 0x8A, 0xBC, + 0x10, 0xBF, 0x5B, 0x05, 0x82, 0xDC, 0xC6, 0x2D, + 0xBE, 0x58, 0xC8, 0x90, 0xF5, 0x1B, 0x41, 0x00, + 0x12, 0x77, 0x34, 0xFB, 0x7D, 0xB7, 0x44, 0x7A, + 0x72, 0x0A, 0xAE, 0x00, 0x9D, 0x00, 0xBE, 0x8C, + 0x61, 0x07, 0x92, 0xC6, 0x4F, 0x13, 0x1F, 0x2D, + 0x72, 0x11, 0x5C, 0x7E, 0x05, 0x8E, 0x48, 0xB9, + 0xDE, 0x64, 0xF5, 0x5B, 0x4D, 0x61, 0x0C, 0x36, + 0xD1, 0x12, 0x71, 0x6A, 0x31, 0xA3, 0xDF, 0xE2, + 0x66, 0x99, 0xE9, 0xC2, 0xAB, 0xA0, 0x56, 0x58, + 0xCE, 0xF1, 0xB2, 0xB0, 0x86, 0x7C, 0xF8, 0xD5, + 0x23, 0x3D, 0xB7, 0x4F, 0xA8, 0xDC, 0x3A, 0xD1, + 0x45, 0xF5, 0xD2, 0x85, 0x74, 0x36, 0x0A, 0x85, + 0xE3, 0xB0, 0xB1, 0x0A, 0xC0, 0xA6, 0x46, 0x7A, + 0x7B, 0x05, 0x98, 0x46, 0x28, 0xEC, 0xA1, 0x04, + 0x63, 0xF3, 0x48, 0xA3, 0x11, 0x1E, 0x00, 0x57, + 0x8D, 0x3C, 0xE5, 0x48, 0x0F, 0x53, 0x75, 0xA1, + 0xEE, 0x23, 0xEE, 0x82, 0x08, 0x7B, 0xAC, 0x41, + 0x23, 0x3A, 0x14, 0xAA, 0xA7, 0x24, 0x73, 0x4B, + 0x18, 0x74, 0xA4, 0xAC, 0xE1, 0x13, 0x37, 0x06, + 0x25, 0x8F, 0x5F, 0xEA, 0x3A, 0x0C, 0x16, 0x09, + 0xE3, 0x0C, 0x7F, 0xD2, 0x10, 0xDA, 0x0C, 0x4F, + 0xDE, 0x91, 0x62, 0xDF, 0x66, 0xFB, 0xAF, 0x79, + 0x2F, 0xA2, 0xAE, 0xAA, 0x51, 0x2F, 0x0F, 0xF7, + 0x83, 0x7B, 0x9C, 0xC0, 0x2E, 0xE9, 0xBD, 0x95, + 0x53, 0x9F, 0x00, 0x1B, 0xBD, 0x60, 0xDD, 0x8B, + 0x42, 0xD6, 0x16, 0xB2, 0xCA, 0x95, 0xF3, 0x83, + 0x5F, 0x5E, 0x47, 0xD4, 0x3B, 0x14, 0x34, 0xC4, + 0x56, 0x3F, 0xD8, 0x1C, 0x15, 0xBE, 0xFA, 0x20, + 0x2C, 0xF3, 0xD9, 0x54, 0x08, 0x73, 0xF6, 0x84, + 0xAF, 0xE1, 0x9A, 0xB5, 0xC0, 0x1F, 0xA9, 0x2E, + 0x95, 0xA8, 0xCD, 0x6F, 0x36, 0x07, 0x30, 0x85, + 0x6E, 0x59, 0xC9, 0xC6, 0xAB, 0x77, 0x0D, 0x65, + 0x75, 0x96, 0x2A, 0xF7, 0x58, 0x78, 0x57, 0x2A, + 0x2A, 0x26, 0x41, 0x3D, 0x01, 0xAB, 0x31, 0x8C, + 0x10, 0x0D, 0xFC, 0x34, 0xDC, 0x1D, 0xEF, 0xA5, + 0x92, 0x7C, 0x4B, 0x45, 0x99, 0x25, 0xD7, 0x3E, + 0x1E, 0xB9, 0x14, 0x70, 0xE3, 0x7A, 0x58, 0x45, + 0x5C, 0x22, 0xA9, 0x61, 0xFD, 0x53, 0xF7, 0xD9, + 0x90, 0x26, 0xFF, 0x88, 0x4B, 0xF4, 0xA2, 0x57, + 0x9F, 0x70, 0x63, 0x35, 0xEF, 0xB6, 0xFB, 0x22, + 0x50, 0xD5, 0x2A, 0xE5, 0x61, 0x89, 0x8B, 0xA1, + 0x60, 0x6E, 0x51, 0xE9, 0x6D, 0x37, 0xC9, 0xED, + 0x3E, 0xC6, 0xCF, 0xCB, 0x33, 0xBF, 0xBE, 0x9C, + 0x31, 0x43, 0xFD, 0x3B, 0x6B, 0x33, 0x4D, 0x5F, + 0x61, 0x92, 0x2B, 0x36, 0x9A, 0xFB, 0xB3, 0x1C, + 0x3E, 0x6E, 0x9B, 0x5F, 0x3A, 0xEB, 0xF9, 0x5C, + 0xB7, 0x08, 0x34, 0x6F, 0xEC, 0xF7, 0x15, 0x9C, + 0xAD, 0x94, 0xA9, 0x3D, 0x8C, 0xD4, 0xB8, 0xC4, + 0x89, 0x41, 0x92, 0xDF, 0xE5, 0x3E, 0xA4, 0x36, + 0xFB, 0xF3, 0xAF, 0x4E, 0x86, 0x4E, 0x8C, 0x39, + 0x91, 0xEA, 0x02, 0x0A, 0x81, 0x1F, 0x0A, 0xF5, + 0x0B, 0x42, 0x57, 0x43, 0x6A, 0x3F, 0xF5, 0x22, + 0xBE, 0x73, 0x67, 0x39, 0x1D, 0x0F, 0x95, 0x0B, + 0xA6, 0x45, 0x2F, 0xBF, 0xD8, 0xFD, 0x87, 0x28, + 0xF4, 0x0B, 0xD2, 0xFC, 0xB8, 0x94, 0x52, 0x99, + 0x85, 0xB4, 0x32, 0xDF, 0xEF, 0x62, 0x30, 0xEB, + 0x4D, 0xEE, 0x73, 0x7A, 0x8D, 0x10, 0xA3, 0xBC, + 0xDF, 0xB7, 0x63, 0xE0, 0x86, 0x9B, 0x22, 0x5C, + 0x1A, 0x8D, 0x0E, 0x1F, 0xBF, 0x2D, 0x16, 0x1C, + 0x2C, 0x65, 0xD6, 0xDF, 0xB9, 0x58, 0xE9, 0x82, + 0xD1, 0x17, 0x77, 0xAC, 0xBE, 0xAD, 0x8D, 0xFB, + 0x6B, 0x1F, 0x5E, 0xB2, 0x1E, 0xA9, 0x42, 0xF7, + 0xC4, 0x0D, 0xC2, 0x0D, 0x2E, 0x4E, 0xB3, 0xE7, + 0x29, 0xB4, 0xE2, 0x9F, 0x75, 0x01, 0xDA, 0x34, + 0x23, 0x45, 0x61, 0xF6, 0x28, 0x88, 0x12, 0xD6, + 0x12, 0xD4, 0x1D, 0xFA, 0x83, 0xC5, 0xB8, 0xD9, + 0x0F, 0xF3, 0x8B, 0xA5, 0x48, 0x20, 0x1B, 0x57, + 0x5B, 0x52, 0x93, 0xAD, 0x78, 0x12, 0x0D, 0x91, + 0xCE, 0xC0, 0x59, 0xCA, 0xE2, 0xE7, 0x6A, 0x9A, + 0xB4, 0x3E, 0xF1, 0x28, 0x1E, 0x2B, 0xEF, 0x3E, + 0x34, 0x8D, 0x28, 0xF2, 0x19, 0x47, 0xC8, 0x88, + 0x48, 0x96, 0x04, 0x59, 0x48, 0x97, 0x75, 0x17, + 0x6F, 0x8E, 0x40, 0xEE, 0x06, 0x42, 0x79, 0x53, + 0x68, 0x7F, 0xB6, 0x3E, 0x47, 0x0F, 0x7D, 0x59, + 0xFB, 0x60, 0xDF, 0x56, 0x9F, 0x8A, 0x11, 0xE2, + 0x8E, 0x09, 0x37, 0x16, 0x2C, 0x46, 0xAF, 0xC7, + 0xD2, 0x21, 0x0A, 0x88, 0x5F, 0xFA, 0x21, 0xB3, + 0xDB, 0xF5, 0x35, 0x4B, 0x29, 0x41, 0xF4, 0xED, + 0x5D, 0x50, 0x79, 0x08, 0x90, 0x84, 0x0C, 0xC3, + 0xB9, 0x73, 0xD2, 0xC3, 0xD0, 0x26, 0x02, 0xB2, + 0x9B, 0xAC, 0xCB, 0x6C, 0xE1, 0x7C, 0xED, 0xB9, + 0x7B, 0x08, 0x5A, 0x2A, 0xB3, 0x10, 0x57, 0x2B, + 0xA7, 0x37, 0x1D, 0x1F, 0x81, 0x20, 0xFF, 0xE3, + 0x7D, 0x0B, 0x0F, 0xCA, 0x35, 0xAF, 0xC5, 0xB5, + 0x62, 0xAA, 0x84, 0x99, 0x71, 0x5A, 0x29, 0x9C, + 0xE0, 0x59, 0xCC, 0xE3, 0xB0, 0xD1, 0x1C, 0xEF, + 0x0D, 0x92, 0x38, 0x96, 0x1A, 0xD4, 0xBE, 0x11, + 0xE9, 0xA6, 0xD1, 0xA4, 0x69, 0x21, 0x77, 0xC8, + 0xB0, 0xC5, 0x3F, 0x11, 0xA8, 0xED, 0x26, 0x50, + 0x21, 0x2E, 0x7A, 0x2F, 0x80, 0xEB, 0xFF, 0x6D, + 0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34, + 0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6 + }; + static const byte msg_65[] = { + 0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F, + 0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37, + 0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44, + 0xF7, 0x17, 0xCE, 0x6F, 0x69, 0x58, 0x9E, 0x61, + 0x77, 0x2C, 0xFE, 0xFA, 0x7F, 0x97, 0x58, 0x65, + 0x34, 0x09, 0xD4, 0xEE, 0x5A, 0x26, 0x4B, 0x83, + 0x4E, 0x60, 0xD6, 0xBB, 0x96, 0x49, 0x9E, 0xBE, + 0xB2, 0xB0, 0x6B, 0x0B, 0xA8, 0x74, 0xBF, 0x31, + 0xE6, 0x41, 0x39, 0x4C, 0xFA, 0xA6, 0xA2, 0xD3, + 0x0D, 0xDB, 0x8F, 0x04, 0x58, 0x76, 0x20, 0x8D, + 0x2F, 0x51, 0xDE, 0x15, 0xE2, 0x05, 0xE8, 0xC9, + 0x1B, 0x87, 0xEC, 0xEB, 0x05, 0xFF, 0x31, 0x83, + 0x27, 0x1B, 0x26, 0x49, 0x66, 0x5D, 0xD3, 0xCC, + 0x49, 0xBF, 0xDB, 0x99, 0x8D, 0x53, 0x9D, 0xA8, + 0x09, 0x30, 0x55, 0x16, 0xBB, 0xBE, 0x9C, 0x90, + 0x60, 0x21, 0x19, 0x1C, 0x52, 0x23, 0xE5, 0x25, + 0xA8, 0xFC, 0x36, 0x16, 0xA1, 0x76, 0x5E, 0xC3, + 0xF9, 0xC5, 0xDB, 0x53, 0xCC, 0x33, 0x7E, 0x03, + 0x9F, 0x18, 0x6A, 0xCF, 0xEA, 0x91, 0x14, 0x8E, + 0xE2, 0xA7, 0x9C, 0xCA, 0x36, 0x89, 0xED, 0xB6, + 0x2A, 0xAF, 0x28, 0xB5, 0xD7, 0x52, 0xFD, 0xE2, + 0x65, 0xEE, 0x52, 0x80, 0xB5, 0x19, 0x72, 0x6C, + 0x1C, 0xA9, 0x80, 0x32, 0x95, 0xC6, 0x74, 0xB7, + 0xEF, 0xAF, 0xA4, 0xD6, 0x1B, 0x30, 0x6A, 0x79, + 0xE3, 0xF6, 0xE7, 0xA8, 0x87, 0xC2, 0xFB, 0x53, + 0x5B, 0x3B, 0x0F, 0xB3, 0xD9, 0xEB, 0xC8, 0x76, + 0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2, + 0x8E, 0x99, 0xBB + }; + static const byte sig_65[] = { + 0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30, + 0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96, + 0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90, + 0x21, 0x4F, 0x10, 0x9F, 0x56, 0x48, 0x4F, 0x98, + 0xC3, 0xAD, 0x1A, 0x53, 0xA5, 0x44, 0x1C, 0x2C, + 0xA7, 0x2A, 0x3B, 0x31, 0x91, 0xBC, 0x04, 0x6F, + 0x46, 0x37, 0x30, 0x45, 0xB9, 0xE5, 0x40, 0xC7, + 0x3D, 0xFE, 0x91, 0xB6, 0x1F, 0x05, 0x88, 0xD6, + 0x13, 0x59, 0x3F, 0xCE, 0x1B, 0x00, 0xEE, 0xF1, + 0xB2, 0x27, 0x03, 0x4C, 0x6F, 0xD3, 0xB1, 0x8B, + 0x3F, 0x22, 0x11, 0x10, 0xFB, 0x34, 0x5A, 0xA7, + 0x86, 0x31, 0xB8, 0xB5, 0x9F, 0xBD, 0xFD, 0xCC, + 0xDA, 0xE6, 0xA2, 0x4D, 0x25, 0x9D, 0x34, 0xAA, + 0xBA, 0xD2, 0x18, 0xB3, 0xAE, 0x4E, 0x77, 0x18, + 0x66, 0x53, 0xB8, 0x56, 0x3A, 0xA6, 0x12, 0x0A, + 0x0A, 0x53, 0x1A, 0x4E, 0x91, 0x37, 0x30, 0xDC, + 0x91, 0x4F, 0xE5, 0xE0, 0x08, 0xBE, 0xCE, 0x68, + 0x69, 0xB0, 0x2B, 0x07, 0xFD, 0xC1, 0x62, 0x14, + 0x54, 0x0D, 0x31, 0x6C, 0x43, 0xFA, 0x0C, 0x21, + 0x1B, 0x41, 0xAC, 0x7E, 0x52, 0x65, 0x67, 0x29, + 0xC7, 0x73, 0xE4, 0xC4, 0xB8, 0x8E, 0xD3, 0x11, + 0x88, 0x6D, 0xD4, 0xD2, 0x75, 0x41, 0x7D, 0x70, + 0x19, 0x66, 0x44, 0xEE, 0xD1, 0x5F, 0xA3, 0x15, + 0x06, 0x60, 0x03, 0xE3, 0x09, 0xF8, 0x32, 0xAF, + 0x91, 0x26, 0x2C, 0x94, 0x90, 0x11, 0xFC, 0xB0, + 0xAD, 0x2C, 0xCE, 0x65, 0xDD, 0x9E, 0xFF, 0x56, + 0x7E, 0xE2, 0x9C, 0xC4, 0x0A, 0x6F, 0xE0, 0x66, + 0x4E, 0x7D, 0x9F, 0x23, 0x65, 0x68, 0xFC, 0x94, + 0x29, 0x5D, 0xBB, 0x34, 0x28, 0x82, 0x33, 0xE8, + 0xC5, 0x11, 0xD2, 0x88, 0x15, 0xEC, 0x72, 0x10, + 0x32, 0x29, 0x6E, 0x1E, 0xDE, 0xCA, 0x7F, 0x72, + 0x6A, 0x6E, 0xB0, 0xF7, 0x6C, 0xC5, 0x82, 0x80, + 0x11, 0xC0, 0xE4, 0x01, 0x3C, 0xC7, 0xEE, 0x43, + 0x29, 0xB8, 0x1E, 0xCC, 0x0D, 0x52, 0xED, 0x1E, + 0x49, 0x1D, 0xD6, 0xD5, 0x5C, 0x52, 0x65, 0x66, + 0x5E, 0xD8, 0xAD, 0x21, 0x9B, 0x89, 0x4F, 0x31, + 0xC6, 0x8C, 0x61, 0x9A, 0xFC, 0xDB, 0x73, 0x58, + 0xE5, 0x55, 0x4C, 0x49, 0x5B, 0x8B, 0x6E, 0x33, + 0x25, 0x68, 0x8F, 0xB8, 0xC1, 0xA2, 0x53, 0x31, + 0xD5, 0x7B, 0xD3, 0x48, 0xA2, 0x7D, 0x39, 0x09, + 0x29, 0xBC, 0x46, 0xA1, 0x49, 0x6A, 0xB3, 0x5B, + 0x46, 0xBA, 0x61, 0xB6, 0xB9, 0xD2, 0x3C, 0xD0, + 0x63, 0x15, 0xFB, 0x72, 0xC2, 0x47, 0x76, 0x01, + 0x61, 0x30, 0xAD, 0xB1, 0xCF, 0x2D, 0xC7, 0x29, + 0x59, 0xEA, 0x9C, 0xAD, 0x96, 0xAF, 0x5D, 0xA9, + 0x96, 0x12, 0x6C, 0xDD, 0x85, 0xB1, 0x34, 0xCC, + 0x92, 0x7A, 0x51, 0xFD, 0x23, 0xF8, 0x47, 0x91, + 0xA3, 0xFC, 0xDA, 0x07, 0x7E, 0x15, 0x99, 0x17, + 0x48, 0xA0, 0x39, 0x4F, 0x33, 0x4E, 0xB8, 0xBC, + 0x48, 0xA9, 0x9A, 0xB9, 0xDF, 0xBB, 0x0F, 0x2A, + 0xAD, 0x6F, 0xBE, 0x48, 0x49, 0x61, 0xD3, 0xA4, + 0xE8, 0xF8, 0xB2, 0x1A, 0x6A, 0xC0, 0x92, 0xB2, + 0x26, 0xD6, 0xE1, 0x19, 0xFA, 0xD4, 0x4D, 0x8E, + 0x57, 0x6F, 0xE9, 0x6C, 0x6C, 0xDB, 0x68, 0x40, + 0xEA, 0x61, 0x4B, 0xAF, 0xC7, 0x07, 0x86, 0xC5, + 0x19, 0xE1, 0xD5, 0xDC, 0x0F, 0x98, 0x44, 0x43, + 0xC8, 0xB1, 0xE5, 0x4F, 0x8E, 0xE1, 0x76, 0xD9, + 0x8B, 0x2C, 0x70, 0x27, 0xF5, 0x7D, 0x7E, 0x3D, + 0xE9, 0xB2, 0xA0, 0xA3, 0x69, 0x11, 0xB8, 0xE4, + 0x71, 0x21, 0xDE, 0x0C, 0x07, 0xEB, 0xBA, 0x5D, + 0x7B, 0x59, 0x4E, 0xF2, 0x44, 0xC6, 0x83, 0x27, + 0xEC, 0x6C, 0x6D, 0x1D, 0xD5, 0x01, 0xF4, 0x83, + 0xFE, 0x9B, 0x95, 0x70, 0x59, 0x7E, 0x70, 0xDF, + 0x41, 0x3E, 0x7A, 0xF0, 0x38, 0x47, 0xF4, 0x09, + 0xED, 0x61, 0xE2, 0x84, 0x6E, 0x6C, 0x64, 0x1E, + 0x6A, 0x7F, 0xFA, 0x79, 0xDE, 0x6B, 0xFA, 0x37, + 0x3A, 0x06, 0x44, 0xB0, 0x0B, 0xF4, 0x1A, 0x03, + 0x49, 0x92, 0xA7, 0x94, 0xDA, 0x17, 0xC8, 0x88, + 0x85, 0x23, 0x90, 0x32, 0xC8, 0x51, 0x76, 0x4E, + 0x3E, 0x4D, 0xBD, 0xE7, 0xF1, 0x2A, 0x16, 0xC5, + 0xA2, 0x63, 0xE9, 0x64, 0xC1, 0xE7, 0xFD, 0xD3, + 0xCC, 0xE5, 0x76, 0xDD, 0x6D, 0x56, 0xB1, 0x81, + 0x82, 0x84, 0x8B, 0x75, 0x63, 0x64, 0x5D, 0x4E, + 0x42, 0xFF, 0x22, 0x74, 0x2A, 0x99, 0x67, 0x85, + 0x16, 0x9D, 0x7F, 0x50, 0x3B, 0x48, 0xA7, 0x15, + 0x8B, 0x3C, 0xBD, 0x29, 0x93, 0x5E, 0xD3, 0x20, + 0x49, 0xBE, 0xA1, 0xAD, 0x95, 0x3E, 0xF7, 0x07, + 0x32, 0x7B, 0x77, 0x8B, 0xFD, 0xDD, 0xFC, 0x60, + 0x51, 0x1D, 0xA1, 0x13, 0xA3, 0x4F, 0x65, 0x57, + 0x12, 0xE4, 0xE5, 0x9D, 0x6C, 0xCE, 0x40, 0x4E, + 0x94, 0xAB, 0xA6, 0x1E, 0x81, 0x35, 0x38, 0x8F, + 0xC2, 0x1C, 0x8E, 0x41, 0x34, 0x4F, 0x32, 0x4B, + 0x01, 0xAC, 0x8C, 0x06, 0x9F, 0x92, 0x57, 0x5D, + 0x34, 0xF8, 0x8B, 0xCA, 0x22, 0xCB, 0x30, 0x7E, + 0x37, 0x07, 0x00, 0x63, 0x32, 0x02, 0x56, 0xB8, + 0xBA, 0xD6, 0xEB, 0x7A, 0x81, 0xAF, 0xE9, 0xA2, + 0x54, 0x01, 0x6E, 0x1C, 0x8A, 0x12, 0x50, 0x89, + 0xAA, 0xA3, 0xED, 0xE8, 0x4E, 0x5B, 0x6C, 0x2E, + 0xCF, 0xAE, 0xFA, 0xA5, 0x2B, 0x9F, 0x57, 0x09, + 0x60, 0x2C, 0x06, 0xAE, 0xA4, 0xA0, 0x38, 0x4E, + 0x9B, 0x09, 0xE5, 0xB8, 0x81, 0x64, 0xB2, 0x74, + 0xEA, 0x32, 0x65, 0xFB, 0x51, 0x52, 0x39, 0x7D, + 0xFF, 0x5A, 0x3A, 0x08, 0x61, 0xE2, 0xBC, 0x12, + 0xD2, 0x10, 0x92, 0x89, 0x72, 0x97, 0x47, 0xE8, + 0x3F, 0xDF, 0x24, 0x3A, 0x1D, 0x17, 0xB9, 0x83, + 0x48, 0x37, 0x98, 0x45, 0xA9, 0xE9, 0x55, 0xE2, + 0xD6, 0xF9, 0x38, 0xDA, 0xA5, 0x91, 0x8E, 0x2A, + 0x14, 0xF9, 0x7B, 0xA2, 0xBE, 0x50, 0x1C, 0xCC, + 0xAF, 0xD6, 0x81, 0x91, 0x0F, 0x4A, 0x4F, 0x06, + 0x71, 0x5C, 0xE8, 0x40, 0x96, 0xF3, 0x7A, 0x91, + 0xDC, 0xCA, 0x2A, 0x8A, 0x4B, 0xE8, 0xDA, 0x79, + 0x21, 0xDB, 0xF8, 0xD3, 0xF4, 0xEF, 0xB9, 0x8C, + 0x6B, 0x4F, 0x94, 0x0E, 0xCE, 0xF8, 0x32, 0xB5, + 0x49, 0xD0, 0x68, 0x94, 0x7C, 0x3D, 0xFB, 0x58, + 0x09, 0xCB, 0x7B, 0x06, 0x0A, 0x3A, 0x0E, 0xF3, + 0xB2, 0x1C, 0x01, 0x64, 0x50, 0x1D, 0xDE, 0xA7, + 0xC9, 0xE5, 0xE7, 0x89, 0x7C, 0x6B, 0x1C, 0x46, + 0x34, 0x8B, 0x2C, 0x3E, 0x80, 0x5F, 0x6F, 0x22, + 0x87, 0xBA, 0x15, 0x8C, 0xF9, 0x25, 0xA7, 0xBA, + 0x7F, 0x08, 0x25, 0x49, 0x89, 0xC8, 0x7D, 0x24, + 0x97, 0x9A, 0xD9, 0x86, 0xAA, 0x97, 0xC5, 0x1B, + 0x01, 0xF4, 0x5D, 0x4A, 0x1F, 0x24, 0x75, 0x29, + 0x91, 0xF0, 0x42, 0x05, 0xEB, 0x55, 0x1F, 0xD0, + 0x2D, 0x41, 0x5F, 0x2D, 0xD1, 0xEF, 0xF1, 0x42, + 0xB0, 0xD7, 0x04, 0x16, 0xC6, 0xD8, 0x15, 0xEB, + 0x91, 0x73, 0x2B, 0x26, 0x8F, 0xB2, 0x0D, 0x08, + 0x67, 0x44, 0x2D, 0x71, 0xDE, 0xC0, 0x57, 0xB2, + 0x86, 0xCD, 0x93, 0x81, 0x1F, 0xF3, 0xF6, 0x46, + 0xEB, 0xD5, 0x65, 0xD5, 0x1D, 0x09, 0xA4, 0x2D, + 0x3A, 0xBA, 0xAC, 0x0F, 0x34, 0xCC, 0x81, 0x7B, + 0x18, 0x93, 0x8E, 0xCC, 0xBB, 0x1F, 0xEF, 0x05, + 0xBD, 0x3C, 0x2B, 0x49, 0x4F, 0xA5, 0x29, 0xED, + 0x4C, 0x63, 0x4C, 0x93, 0x25, 0xA4, 0x81, 0x73, + 0xF2, 0x0F, 0xFA, 0xC3, 0x2D, 0xC1, 0x01, 0xE6, + 0xEE, 0x03, 0xB2, 0xFC, 0xBE, 0xC2, 0x46, 0x8D, + 0xBC, 0x8F, 0x76, 0x75, 0x8C, 0x32, 0x15, 0x47, + 0x4F, 0x7E, 0xF2, 0x40, 0x65, 0xF7, 0x90, 0x60, + 0xAC, 0xA3, 0xC8, 0xD5, 0xD7, 0x4A, 0xF7, 0x0F, + 0x48, 0x30, 0x1D, 0xDB, 0x30, 0xC0, 0x5D, 0xB3, + 0xEF, 0xA7, 0x26, 0xCF, 0x88, 0x55, 0x59, 0x01, + 0x84, 0x12, 0x82, 0xAA, 0x08, 0xF6, 0x66, 0xA6, + 0x53, 0x51, 0xA6, 0xA2, 0x4E, 0xED, 0x6B, 0xE2, + 0x11, 0x77, 0x31, 0x07, 0xE1, 0x85, 0xE1, 0xB4, + 0x88, 0xA2, 0xE4, 0x91, 0xB6, 0xC1, 0x41, 0x52, + 0x84, 0x62, 0xA8, 0x64, 0x94, 0xB5, 0x4F, 0xDC, + 0xCE, 0xCC, 0xB6, 0xAA, 0x21, 0x25, 0x36, 0x86, + 0x69, 0x3A, 0xE7, 0x98, 0xC9, 0xCE, 0x9E, 0x0B, + 0xDD, 0xC6, 0xAE, 0x53, 0xD9, 0xB7, 0x06, 0xDC, + 0x4F, 0x4D, 0x81, 0xB9, 0xC7, 0x3C, 0x46, 0x1E, + 0xCD, 0x70, 0x35, 0xC5, 0x17, 0x2E, 0xFA, 0xE5, + 0x60, 0x2C, 0xAF, 0x88, 0xC6, 0x4E, 0x79, 0xE5, + 0x32, 0x40, 0x30, 0x55, 0x5D, 0xE2, 0x11, 0xF8, + 0x9F, 0xD4, 0x24, 0xC3, 0x38, 0xC3, 0x88, 0x3C, + 0x83, 0xCA, 0x94, 0x05, 0xC2, 0xB5, 0xD1, 0x44, + 0x5F, 0x7C, 0x98, 0xC4, 0x3E, 0xD3, 0xD2, 0xBE, + 0xCB, 0xE2, 0x5F, 0x5F, 0x3F, 0x54, 0x4C, 0xCC, + 0x5B, 0x5A, 0xEA, 0xE4, 0x7D, 0xDF, 0x3F, 0xB5, + 0x64, 0x9F, 0xF5, 0xD6, 0x1E, 0xAA, 0x02, 0xED, + 0xEB, 0xC7, 0x5C, 0xE4, 0x78, 0xBA, 0x00, 0x42, + 0x6C, 0xAF, 0x47, 0x4F, 0xA7, 0x9E, 0x5B, 0x08, + 0x9E, 0xB1, 0xA8, 0x82, 0xF1, 0x53, 0x54, 0x59, + 0x26, 0x95, 0x95, 0x2B, 0xA0, 0xA8, 0xEE, 0x91, + 0xE6, 0x49, 0xE3, 0xF2, 0xC3, 0x82, 0x26, 0x4D, + 0xAA, 0x30, 0xF6, 0xA6, 0xD2, 0x17, 0xF6, 0x12, + 0x9C, 0x19, 0x39, 0xB6, 0xDC, 0xAC, 0xCD, 0xA5, + 0xB6, 0x37, 0x32, 0x6E, 0x8A, 0x83, 0x61, 0xC3, + 0xB5, 0x6F, 0xCF, 0xFC, 0x48, 0x50, 0x36, 0x86, + 0x58, 0x22, 0xB9, 0xBB, 0x87, 0xB4, 0x35, 0x10, + 0xBC, 0xDD, 0x55, 0xBC, 0x35, 0x0D, 0xE7, 0xB2, + 0xAE, 0x90, 0xA2, 0x1E, 0x9E, 0x19, 0x97, 0x8E, + 0xDA, 0x10, 0xDF, 0x66, 0x76, 0x14, 0xA4, 0x4F, + 0xE2, 0xA8, 0x4D, 0x16, 0xBE, 0x04, 0x3E, 0xA8, + 0x77, 0x36, 0x33, 0xEA, 0x6B, 0xAD, 0xF6, 0x57, + 0x10, 0x05, 0x2F, 0x34, 0x1F, 0x65, 0xCB, 0xE9, + 0x28, 0xD3, 0x96, 0x2A, 0x5A, 0x2F, 0xE6, 0x4E, + 0x46, 0xD6, 0xBF, 0xB8, 0xFD, 0x0D, 0x99, 0x78, + 0xF0, 0x42, 0x3C, 0xBD, 0x19, 0x5F, 0x72, 0xF3, + 0xCB, 0x19, 0xD7, 0xEF, 0xD9, 0xEB, 0xE3, 0x3C, + 0xD2, 0xF5, 0x70, 0x9A, 0x57, 0x80, 0x7D, 0xF9, + 0x44, 0xEC, 0xE5, 0x68, 0xAA, 0xCA, 0x43, 0x36, + 0x42, 0x20, 0x83, 0xB0, 0x69, 0x7B, 0x6A, 0xA0, + 0x05, 0x86, 0xE4, 0xBF, 0x7D, 0xD6, 0x73, 0xA3, + 0xD5, 0x96, 0xB8, 0x61, 0x8A, 0xC3, 0xB4, 0x06, + 0x17, 0x50, 0xC6, 0xBE, 0x97, 0xCB, 0x53, 0x75, + 0x3D, 0x02, 0x39, 0x55, 0x56, 0x07, 0x5A, 0x26, + 0xF1, 0x40, 0xB9, 0x3F, 0x57, 0x7D, 0xAD, 0x50, + 0x5E, 0x1C, 0xF2, 0xB5, 0x51, 0xA0, 0x4C, 0x98, + 0xC7, 0xF0, 0x90, 0x18, 0x31, 0xB3, 0xCA, 0x61, + 0xD7, 0x5D, 0xA7, 0x93, 0xAC, 0x72, 0xA4, 0x4C, + 0x7A, 0x07, 0xF7, 0xDB, 0xBA, 0xD6, 0x0A, 0x55, + 0xF4, 0x9C, 0xBD, 0x79, 0xDE, 0xE4, 0x73, 0x9F, + 0xFD, 0x36, 0x77, 0x8E, 0xBD, 0x08, 0xEB, 0xDB, + 0x79, 0xEC, 0x07, 0xA1, 0x62, 0x39, 0xC5, 0xB9, + 0x21, 0x59, 0x9F, 0xEB, 0xFE, 0xA4, 0x6D, 0xDF, + 0x96, 0x6A, 0xA4, 0xA0, 0x15, 0x12, 0xE6, 0x10, + 0x94, 0x3F, 0x5D, 0xC5, 0x4B, 0x4C, 0x76, 0xB7, + 0x64, 0xB3, 0x80, 0xBF, 0x2F, 0x84, 0xED, 0xE3, + 0x21, 0x24, 0x91, 0x2F, 0x54, 0xF7, 0xB6, 0xE2, + 0x07, 0xB7, 0x38, 0x1F, 0x67, 0x0F, 0x7A, 0xA0, + 0xF3, 0xC3, 0xED, 0x10, 0x15, 0x74, 0x03, 0x84, + 0xDD, 0x61, 0xA9, 0x76, 0x5E, 0xE4, 0x69, 0x6E, + 0xAC, 0xF8, 0x2E, 0xA4, 0x10, 0x69, 0x18, 0x05, + 0xCB, 0x68, 0x89, 0x03, 0x53, 0x5D, 0x70, 0x46, + 0x10, 0x0D, 0xCC, 0x2B, 0xA7, 0xD8, 0x30, 0x2A, + 0xCB, 0x04, 0x30, 0xD5, 0x06, 0xCC, 0xC1, 0xC0, + 0xDD, 0xEA, 0x71, 0x11, 0xA7, 0x6F, 0x45, 0xB4, + 0x54, 0xE2, 0x5C, 0xDD, 0xFB, 0x63, 0x9B, 0x3D, + 0x66, 0x4C, 0x36, 0xD8, 0x84, 0x35, 0x13, 0xA3, + 0xFC, 0xAF, 0x9E, 0x60, 0x57, 0xE9, 0xBC, 0x06, + 0x82, 0x37, 0xFE, 0x24, 0x19, 0xA2, 0xD2, 0xD9, + 0x0B, 0x4A, 0x1F, 0xC2, 0xA7, 0x1A, 0x14, 0x6D, + 0x2B, 0xD0, 0x43, 0x64, 0xC7, 0x9B, 0x8E, 0xBA, + 0x8E, 0x3E, 0x88, 0xCE, 0x11, 0xE9, 0x16, 0xE4, + 0xA7, 0x52, 0x84, 0x21, 0x32, 0x8C, 0xF5, 0x4F, + 0xAA, 0xB2, 0xB1, 0x9F, 0x44, 0x46, 0x87, 0x81, + 0xF8, 0xAB, 0x84, 0xB7, 0xDD, 0x97, 0x2F, 0xF5, + 0x61, 0x50, 0x71, 0x43, 0x0A, 0x43, 0x74, 0xDA, + 0xFC, 0xAE, 0x1E, 0x60, 0x44, 0xAA, 0x98, 0xE9, + 0x85, 0x94, 0x1B, 0xA6, 0xB9, 0xDB, 0x8C, 0x02, + 0xF5, 0x89, 0x60, 0x3E, 0xEB, 0x8B, 0xE9, 0x0A, + 0x70, 0xEF, 0xC0, 0x88, 0xD7, 0x95, 0xE6, 0xDA, + 0x1F, 0x1F, 0x2E, 0x6E, 0xCE, 0xDD, 0x03, 0x1D, + 0x81, 0x99, 0xE6, 0x59, 0x12, 0xD4, 0x34, 0xD0, + 0x9B, 0xFB, 0xE5, 0x94, 0x40, 0x6D, 0xC1, 0x15, + 0x0E, 0x99, 0x35, 0x8C, 0xEA, 0x7F, 0xAD, 0x2E, + 0x7C, 0x44, 0xC3, 0x8B, 0x6E, 0x0C, 0xEE, 0xAB, + 0x9B, 0xDE, 0x0D, 0xB9, 0x7B, 0xCF, 0x5A, 0xC9, + 0x94, 0x10, 0xC9, 0x47, 0x0E, 0x26, 0x6B, 0x8B, + 0xE4, 0x5F, 0x66, 0x90, 0x83, 0x1F, 0x41, 0x45, + 0xE2, 0x63, 0x79, 0xDB, 0x80, 0x7C, 0x26, 0xDD, + 0xF9, 0x1E, 0x30, 0x9D, 0x4F, 0x4A, 0x3E, 0x7E, + 0xCA, 0xB7, 0x36, 0x2F, 0x15, 0xD2, 0x0E, 0xA4, + 0x33, 0xB7, 0xE7, 0x0A, 0x7D, 0xDE, 0x74, 0x16, + 0xCE, 0xA8, 0x71, 0x49, 0x8B, 0x2C, 0xE3, 0xF5, + 0x8D, 0x29, 0xD8, 0x62, 0x8C, 0x53, 0x18, 0x40, + 0xF0, 0x22, 0xDD, 0x3B, 0xD2, 0xF3, 0x80, 0x9B, + 0x11, 0x68, 0xD3, 0x8E, 0x63, 0xC7, 0xF6, 0x93, + 0x08, 0xA3, 0x1A, 0x2D, 0x4D, 0x5E, 0xEB, 0x97, + 0x42, 0x39, 0xB3, 0x4A, 0x62, 0xBC, 0x85, 0xE4, + 0xEC, 0xF9, 0x0C, 0x33, 0x6A, 0x0C, 0x37, 0xBD, + 0x9E, 0x0E, 0xF4, 0x26, 0x6B, 0x83, 0x5A, 0xC8, + 0x90, 0x6A, 0x83, 0xCF, 0x0B, 0x35, 0x13, 0x8A, + 0x65, 0xE5, 0xD9, 0xA6, 0x1F, 0xCC, 0x9B, 0x2D, + 0x5A, 0x33, 0x7B, 0x8A, 0xBE, 0xF8, 0x8A, 0x7F, + 0xB3, 0xC0, 0x94, 0x5D, 0x7C, 0xAF, 0x35, 0x61, + 0x1A, 0xE0, 0xE4, 0x46, 0x93, 0xA5, 0xBC, 0xE0, + 0xA6, 0xE2, 0xFE, 0xCA, 0xE9, 0xBD, 0xF4, 0xE3, + 0x56, 0xD6, 0x53, 0x6B, 0x58, 0x1A, 0x18, 0xF0, + 0x3A, 0x59, 0x16, 0x4E, 0xD5, 0x44, 0x7C, 0x7E, + 0xC8, 0xBD, 0x99, 0x7B, 0xE9, 0x53, 0xDE, 0xD9, + 0x32, 0x53, 0x5B, 0x5F, 0x43, 0x8A, 0x04, 0x31, + 0x9F, 0x5E, 0x0D, 0x8B, 0x0F, 0xEB, 0xC8, 0xDE, + 0x81, 0x46, 0x65, 0x8E, 0x52, 0xB9, 0x75, 0x9C, + 0x73, 0x93, 0x5B, 0x12, 0x0D, 0xC9, 0xB8, 0x54, + 0xF3, 0xC8, 0xF9, 0x4E, 0xC9, 0x33, 0x90, 0x57, + 0xD7, 0xD7, 0xCD, 0x91, 0xF7, 0xE0, 0xB9, 0x8D, + 0x84, 0xEC, 0x7B, 0x2F, 0x92, 0x32, 0x8D, 0x73, + 0x60, 0x18, 0xB0, 0x31, 0x65, 0xA8, 0x74, 0x5F, + 0x8E, 0x77, 0xEB, 0x80, 0x29, 0xF9, 0x78, 0x26, + 0x70, 0xCB, 0xD8, 0x6B, 0x43, 0x16, 0xC7, 0xBE, + 0x4A, 0x88, 0x03, 0x38, 0xBA, 0xCF, 0xB0, 0x15, + 0x69, 0x9B, 0xF3, 0x0D, 0x3A, 0x4B, 0x05, 0x32, + 0x54, 0x35, 0xBA, 0x5F, 0xA3, 0xB9, 0xD2, 0xB2, + 0xFE, 0x0B, 0x51, 0x9C, 0x2C, 0xB2, 0x46, 0xE5, + 0x3D, 0x1A, 0x34, 0x3D, 0x66, 0x1A, 0x66, 0x14, + 0x3C, 0x6F, 0x46, 0x8C, 0x55, 0x38, 0x64, 0x5C, + 0xC2, 0x6D, 0x4E, 0x2A, 0x87, 0x03, 0xEC, 0x9B, + 0x10, 0xFC, 0x89, 0xBE, 0x6F, 0x85, 0x99, 0x97, + 0x70, 0x8F, 0x31, 0x19, 0x4F, 0x0D, 0xFE, 0xE9, + 0x29, 0x98, 0xB2, 0x5E, 0x93, 0xB9, 0x70, 0x70, + 0xDE, 0x14, 0x40, 0x9D, 0x5B, 0xA4, 0x3D, 0xF8, + 0x8D, 0x15, 0xC2, 0xFB, 0xA9, 0x7B, 0xDD, 0xE6, + 0x18, 0xCC, 0x3F, 0xC0, 0x42, 0xF7, 0x74, 0x81, + 0x84, 0xBA, 0x9E, 0xC9, 0xCB, 0xA1, 0xB2, 0x00, + 0x68, 0x81, 0xD0, 0x51, 0x42, 0x64, 0x19, 0x8F, + 0xB6, 0x91, 0xC5, 0xC0, 0x38, 0xE0, 0x49, 0x50, + 0xCF, 0x69, 0x09, 0x93, 0x77, 0xFE, 0x66, 0xBA, + 0x64, 0xE2, 0x19, 0x52, 0xA4, 0x45, 0x81, 0x71, + 0x96, 0x64, 0xF5, 0xD9, 0x23, 0x97, 0xD2, 0x2A, + 0xA7, 0x03, 0x2B, 0xF5, 0x89, 0xAF, 0x8A, 0xCA, + 0x48, 0xDF, 0x6D, 0x14, 0xEB, 0x43, 0xCE, 0xF0, + 0xA9, 0xC8, 0xA8, 0xF9, 0xAD, 0x32, 0x95, 0x25, + 0xEF, 0x0A, 0xAA, 0x4F, 0x9E, 0x09, 0xC3, 0x51, + 0x3C, 0xF0, 0x29, 0xF3, 0xDE, 0xFC, 0xBB, 0x41, + 0x14, 0xFA, 0x0F, 0x66, 0x8D, 0xB4, 0x72, 0x2F, + 0xCC, 0xD9, 0xC2, 0x07, 0xB6, 0x6F, 0x10, 0x9E, + 0xD9, 0x5B, 0x45, 0x4B, 0xB6, 0x19, 0x5D, 0x59, + 0xC4, 0xA6, 0x78, 0xBA, 0x6F, 0x5A, 0x9B, 0x23, + 0x41, 0x21, 0xAD, 0x05, 0x16, 0xA1, 0xD4, 0x12, + 0x3D, 0x38, 0x26, 0xD9, 0x2A, 0x61, 0xB3, 0x5D, + 0xEB, 0x29, 0x5B, 0xAA, 0x2F, 0xE1, 0xB5, 0xEE, + 0x25, 0x02, 0x1D, 0xAE, 0xF8, 0x57, 0xB5, 0xDF, + 0x19, 0x2E, 0x17, 0x5E, 0x3A, 0x2A, 0x0D, 0x3F, + 0x08, 0x2F, 0x21, 0x1C, 0xB5, 0xBD, 0xC2, 0x36, + 0x27, 0x4F, 0x86, 0xC5, 0xDC, 0x74, 0xC3, 0x9B, + 0xE9, 0x7C, 0xCF, 0x5F, 0x57, 0x94, 0xEB, 0x64, + 0xEC, 0x64, 0x55, 0x45, 0x21, 0x0F, 0xC6, 0x67, + 0xD1, 0xE0, 0x74, 0x0E, 0x66, 0xCB, 0xED, 0xC2, + 0x06, 0x48, 0xCA, 0x1F, 0xA7, 0x34, 0x14, 0x59, + 0x6B, 0xA0, 0x89, 0x17, 0xA1, 0x9A, 0x46, 0x3A, + 0xD3, 0x02, 0x7C, 0x81, 0x83, 0x6B, 0x8F, 0x4F, + 0x02, 0xB9, 0x9F, 0xC5, 0x08, 0x3F, 0x06, 0xF3, + 0x4B, 0xD2, 0x30, 0x9C, 0x23, 0x42, 0xAD, 0x88, + 0xA8, 0x4F, 0xA9, 0x6E, 0x20, 0x7C, 0x01, 0x08, + 0xF6, 0x82, 0x54, 0x14, 0x94, 0x4F, 0x26, 0x4E, + 0xD6, 0xC4, 0x66, 0x7C, 0x78, 0x8D, 0x61, 0xA6, + 0xBC, 0x2C, 0x45, 0x6A, 0xF6, 0x6C, 0x2F, 0x76, + 0x9E, 0x16, 0x90, 0x17, 0x06, 0x91, 0x2C, 0xC9, + 0x0D, 0x4B, 0x6C, 0x90, 0xDC, 0xA1, 0x6C, 0xAC, + 0x8F, 0xFE, 0xD8, 0x39, 0x70, 0x20, 0xE2, 0x97, + 0x5E, 0x24, 0xFF, 0x4C, 0x80, 0x7C, 0x8A, 0xB7, + 0x31, 0xC8, 0x1D, 0x36, 0xCA, 0x84, 0xC9, 0x12, + 0x1A, 0x85, 0x13, 0xE0, 0xC9, 0xD0, 0xF4, 0x1B, + 0xC6, 0x8F, 0x88, 0xEA, 0xCA, 0xA3, 0x55, 0x99, + 0xFA, 0xE3, 0xBB, 0xA6, 0xFC, 0xC6, 0x52, 0x8D, + 0x47, 0xE4, 0x0C, 0x07, 0x64, 0xCF, 0x9C, 0x83, + 0x83, 0xB3, 0xA4, 0x45, 0x15, 0xE6, 0x1D, 0x92, + 0xCD, 0xAE, 0xC9, 0xCB, 0x90, 0x82, 0xB5, 0xA0, + 0xC0, 0x37, 0x94, 0x60, 0xD9, 0x17, 0x9A, 0x7D, + 0x9D, 0xF2, 0x9E, 0x0B, 0x4B, 0x6A, 0x41, 0x18, + 0x28, 0x52, 0x15, 0xE8, 0x7B, 0x6F, 0x11, 0x8E, + 0x97, 0x31, 0xE4, 0x66, 0xFB, 0x3F, 0xEB, 0xD1, + 0x95, 0xE1, 0x44, 0xFD, 0x20, 0x37, 0xD1, 0x16, + 0x62, 0x75, 0x79, 0xAC, 0x55, 0xFE, 0xD5, 0xE3, + 0x25, 0x85, 0xEC, 0x66, 0x38, 0xA0, 0xDF, 0xBE, + 0x6E, 0xD6, 0xC5, 0x87, 0x6C, 0xF8, 0x11, 0x4C, + 0x90, 0x2A, 0xEF, 0xA3, 0x63, 0xF4, 0xC9, 0xB7, + 0x2E, 0x7D, 0x5C, 0x85, 0x2D, 0xCC, 0x1A, 0xF2, + 0xB8, 0x85, 0x2A, 0x9D, 0x0F, 0x99, 0x59, 0x38, + 0x86, 0x50, 0x84, 0xCE, 0x52, 0x13, 0xB3, 0x08, + 0xA9, 0xCB, 0x37, 0xF6, 0x81, 0x96, 0x0D, 0x84, + 0xEF, 0xE1, 0xDF, 0x51, 0x34, 0xA5, 0x91, 0x5A, + 0xE5, 0x87, 0x8B, 0x10, 0xDA, 0x0F, 0xD4, 0xD9, + 0xAC, 0x2A, 0xEF, 0x0C, 0x7E, 0x01, 0xC2, 0xE9, + 0xE7, 0xC0, 0x17, 0xE7, 0xBA, 0x74, 0x0C, 0xEE, + 0x1A, 0x89, 0x94, 0x59, 0xBB, 0x75, 0x03, 0x3E, + 0xEA, 0xF3, 0x19, 0x0D, 0x67, 0x79, 0xED, 0x9E, + 0xDD, 0x84, 0x6A, 0x74, 0xE3, 0x21, 0x52, 0x8C, + 0x03, 0x08, 0x4A, 0x5D, 0x30, 0x87, 0x48, 0x39, + 0x71, 0x8A, 0x53, 0x54, 0x9B, 0x2E, 0xC6, 0xB2, + 0xB7, 0x30, 0xAA, 0x93, 0x5C, 0xA6, 0xE1, 0xC4, + 0xFD, 0x8B, 0xE0, 0x35, 0x7D, 0x93, 0xF6, 0x21, + 0x74, 0xEE, 0xED, 0xF8, 0xDA, 0xB7, 0x75, 0x5B, + 0x46, 0x65, 0x7E, 0x59, 0xD7, 0xAA, 0x00, 0xB9, + 0xF2, 0xF8, 0x5E, 0x4C, 0x0F, 0x77, 0xFA, 0x11, + 0xA5, 0xD6, 0x9A, 0x23, 0xB1, 0xEF, 0x3A, 0x09, + 0xF2, 0x19, 0xD8, 0x3B, 0x1F, 0x39, 0x1F, 0x84, + 0x13, 0x18, 0xEE, 0xF3, 0x5A, 0x32, 0x63, 0x67, + 0xBF, 0xA2, 0xB1, 0x5F, 0xD7, 0x14, 0x03, 0x20, + 0x92, 0xB9, 0xD0, 0x2B, 0xF6, 0x13, 0xAF, 0xF7, + 0x69, 0x6F, 0xAD, 0xF1, 0xDE, 0x2C, 0x81, 0x70, + 0x77, 0xCB, 0x7C, 0x99, 0x67, 0x76, 0xD6, 0x9E, + 0xC2, 0x41, 0xA2, 0x42, 0x54, 0xDA, 0x2D, 0x13, + 0x98, 0x76, 0x91, 0xEA, 0xC7, 0xEB, 0xA8, 0xCD, + 0x8D, 0xCF, 0xB3, 0x94, 0x7B, 0x1D, 0x99, 0xED, + 0xF9, 0x62, 0xD2, 0x15, 0xB3, 0x18, 0xBB, 0x5F, + 0x9A, 0xA0, 0x4D, 0x1C, 0x82, 0x62, 0x6A, 0x41, + 0x73, 0xD0, 0x2D, 0x41, 0x0C, 0x58, 0x6B, 0xCA, + 0x4E, 0x51, 0xCA, 0x4F, 0x3E, 0x15, 0x1B, 0x54, + 0xF1, 0x7A, 0x6B, 0xC9, 0x67, 0x76, 0x09, 0xBB, + 0xAF, 0x6C, 0x30, 0x38, 0xA6, 0x7C, 0xAD, 0xA6, + 0x6B, 0x4F, 0xDF, 0xB5, 0x10, 0x29, 0xE0, 0x78, + 0x07, 0xD7, 0x05, 0x96, 0x9D, 0x96, 0xC9, 0xAB, + 0xFB, 0x71, 0x62, 0xE4, 0x58, 0x10, 0xA1, 0xDC, + 0x4B, 0x56, 0xDA, 0x14, 0x77, 0xED, 0x90, 0x0A, + 0x89, 0xCC, 0xAC, 0x29, 0x8E, 0x17, 0x88, 0x42, + 0x69, 0xC3, 0x9E, 0x8D, 0x7A, 0xB9, 0x66, 0xF3, + 0x3D, 0xDA, 0xDB, 0xE5, 0x6A, 0x38, 0x4C, 0xA2, + 0x0A, 0x7B, 0x18, 0x99, 0xEC, 0x18, 0xE2, 0xAE, + 0x54, 0x70, 0x00, 0xB9, 0x04, 0xE3, 0x4E, 0x46, + 0x80, 0x1D, 0x85, 0x74, 0xDB, 0x00, 0x84, 0x17, + 0xBC, 0xFD, 0xD1, 0xA7, 0x4D, 0xC0, 0x18, 0xE5, + 0x07, 0xB7, 0x6B, 0x0F, 0xA0, 0x86, 0x26, 0x23, + 0x5B, 0x1C, 0xE2, 0x4B, 0xCF, 0xC3, 0x20, 0xFA, + 0xE3, 0x55, 0x1C, 0x1C, 0x92, 0x9B, 0x94, 0xC7, + 0xC4, 0x96, 0x53, 0x41, 0x82, 0x9D, 0x8A, 0x13, + 0x47, 0xD6, 0xA7, 0x38, 0x58, 0x03, 0xB0, 0x8B, + 0xCD, 0xA8, 0x4A, 0x27, 0xEA, 0x5E, 0x49, 0xCA, + 0x1E, 0x60, 0x06, 0xEA, 0x23, 0x2A, 0x53, 0xEE, + 0x41, 0x7E, 0xC8, 0x81, 0xD3, 0x32, 0x8A, 0x15, + 0x63, 0x82, 0xA6, 0xB2, 0x93, 0x89, 0x4D, 0xDF, + 0x9B, 0x36, 0x9C, 0xDE, 0x6B, 0x2F, 0xF5, 0x9C, + 0xB6, 0xA5, 0x64, 0xE2, 0x1C, 0x92, 0x79, 0xEC, + 0xA0, 0x31, 0x1F, 0x5D, 0x80, 0xCE, 0x39, 0xB9, + 0x8B, 0xF9, 0x0D, 0xB3, 0x27, 0xF7, 0x4D, 0x3F, + 0x76, 0x2D, 0x11, 0x7D, 0xF5, 0xF9, 0x13, 0x20, + 0x84, 0xFF, 0xB5, 0x55, 0xA5, 0xD1, 0x47, 0x22, + 0x1A, 0xF8, 0x63, 0xAB, 0xF7, 0x87, 0x15, 0xB7, + 0x21, 0x94, 0x52, 0x9A, 0x0E, 0x33, 0x4D, 0x4A, + 0x19, 0x1D, 0x42, 0xA9, 0x9B, 0xEA, 0x52, 0xAD, + 0xA2, 0xC7, 0xCC, 0x4A, 0x97, 0x74, 0xD5, 0xCB, + 0x28, 0xD4, 0xED, 0x82, 0xB6, 0x1F, 0x94, 0xE8, + 0x9F, 0x60, 0xF0, 0xC8, 0xEA, 0x52, 0xDC, 0x07, + 0x9D, 0x46, 0x58, 0xBF, 0x8C, 0x85, 0x6D, 0x61, + 0x52, 0xD9, 0x22, 0x51, 0x94, 0x8B, 0x3B, 0xA0, + 0x14, 0xD8, 0xBA, 0xF3, 0xDC, 0xD3, 0x6B, 0xC7, + 0x1F, 0x8E, 0x5B, 0x2C, 0xE6, 0xF5, 0x35, 0xB7, + 0xB9, 0xAE, 0x13, 0xDA, 0x4A, 0x1E, 0xAF, 0xFC, + 0x25, 0x3B, 0xE4, 0x3A, 0x9F, 0x60, 0x8E, 0xAC, + 0xE7, 0x33, 0xCF, 0xCE, 0x52, 0xEA, 0x5C, 0xDA, + 0x83, 0x59, 0xDB, 0x53, 0xFF, 0x3A, 0xF2, 0xCE, + 0xFE, 0x87, 0x79, 0xBC, 0xC5, 0x3C, 0x24, 0xA4, + 0xB1, 0x8D, 0x5E, 0x0D, 0x78, 0x1B, 0xEC, 0xF7, + 0x5B, 0x54, 0x77, 0x47, 0x3A, 0x20, 0x24, 0xAD, + 0x56, 0xC5, 0x4A, 0x7F, 0x99, 0x0E, 0xF6, 0xB1, + 0xDF, 0xAC, 0x50, 0x10, 0x88, 0x50, 0x9D, 0x3A, + 0x37, 0xF1, 0xC8, 0xD5, 0xC2, 0x64, 0x87, 0xE4, + 0x20, 0xB7, 0xF4, 0x35, 0x8E, 0x92, 0x69, 0x76, + 0x1F, 0xF1, 0xFA, 0x3A, 0xFC, 0xBE, 0xCA, 0xEB, + 0x68, 0xF5, 0xDD, 0xDE, 0x3A, 0xA8, 0xFD, 0x07, + 0x8C, 0xC4, 0x22, 0x4C, 0xEA, 0x67, 0x13, 0x2D, + 0x7E, 0xBF, 0x5D, 0x23, 0x2E, 0x43, 0xBA, 0xDD, + 0x21, 0x8C, 0x0B, 0x4D, 0xBE, 0x1E, 0x16, 0x52, + 0x98, 0x66, 0xB9, 0xAB, 0x93, 0x58, 0x85, 0xAC, + 0xB4, 0x15, 0xFB, 0xB1, 0xEE, 0xE6, 0x94, 0x08, + 0xA5, 0x21, 0xB4, 0x62, 0xEC, 0x59, 0xCD, 0x0D, + 0x3C, 0x54, 0x96, 0xD9, 0x85, 0xAE, 0xB0, 0xCE, + 0x37, 0x4F, 0x67, 0x72, 0xA4, 0xE6, 0x39, 0x3A, + 0x4E, 0xF0, 0x07, 0x43, 0x80, 0x90, 0xA8, 0xA9, + 0xE5, 0x2D, 0x2F, 0x55, 0x66, 0x6D, 0x70, 0xF0, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x08, 0x0E, 0x12, 0x19, 0x20 + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte pk_87[] = { + 0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1, + 0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D, + 0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21, + 0x0F, 0x45, 0x62, 0xA3, 0xBF, 0x67, 0x0C, 0xB1, + 0x5C, 0xE9, 0x25, 0xFD, 0x22, 0xF2, 0x62, 0x42, + 0xBA, 0xE3, 0x10, 0xB3, 0xAA, 0x41, 0x3B, 0x6E, + 0x78, 0xD4, 0x42, 0xD9, 0x35, 0xD1, 0x72, 0x8A, + 0x32, 0x48, 0xCC, 0x20, 0x5C, 0xCD, 0x8D, 0x3F, + 0xD8, 0x34, 0x95, 0x55, 0x20, 0xCD, 0xFB, 0x2C, + 0x73, 0xE9, 0x0E, 0x60, 0x8B, 0x2C, 0x3F, 0xA8, + 0xB7, 0xD1, 0x79, 0xFD, 0xDC, 0xC8, 0x81, 0x11, + 0xC9, 0xE8, 0x41, 0x71, 0xE9, 0x70, 0x9B, 0x53, + 0x59, 0x33, 0xE4, 0x92, 0xB6, 0x81, 0x9C, 0x6A, + 0x92, 0xED, 0xA2, 0x5A, 0xC4, 0x07, 0x77, 0x1A, + 0x8F, 0xED, 0xB4, 0xE7, 0x11, 0xFB, 0x89, 0xEB, + 0x7B, 0xDF, 0xCC, 0xEA, 0xC5, 0x3B, 0x4E, 0xF4, + 0x6B, 0x6F, 0xBE, 0xE1, 0x32, 0xA9, 0xD7, 0xAD, + 0xB4, 0x36, 0xE7, 0x4A, 0x6D, 0x67, 0x11, 0x83, + 0xAF, 0x31, 0x1A, 0x7A, 0x31, 0x42, 0x9B, 0x01, + 0x21, 0x17, 0x52, 0x75, 0x85, 0xF7, 0x92, 0x0F, + 0x34, 0x8A, 0x69, 0x11, 0x88, 0x5A, 0x02, 0x08, + 0xB6, 0x6D, 0xE3, 0x07, 0x93, 0xB1, 0x3F, 0xE1, + 0xD5, 0x7B, 0xD9, 0x51, 0xF7, 0xAA, 0xC0, 0x34, + 0x9A, 0x78, 0x5D, 0x26, 0xDB, 0xF1, 0xF0, 0xA9, + 0x1E, 0x5C, 0x9F, 0x4F, 0xA7, 0x43, 0x5C, 0x44, + 0xA9, 0x43, 0xF1, 0x38, 0x11, 0x45, 0xED, 0xEB, + 0x1C, 0x8A, 0x05, 0xEE, 0xFF, 0xAB, 0x20, 0x2C, + 0xF6, 0x2C, 0xEE, 0x77, 0x42, 0x36, 0x3E, 0xE6, + 0x9D, 0x8E, 0x45, 0x0F, 0xF6, 0x7C, 0x39, 0x62, + 0xD6, 0xFF, 0x97, 0xBC, 0x3D, 0x02, 0xD6, 0xDF, + 0x4A, 0x35, 0xDA, 0x3F, 0x89, 0xA4, 0x88, 0x33, + 0xCD, 0xF2, 0x90, 0xF0, 0xE9, 0x37, 0x2F, 0x65, + 0xA5, 0x88, 0x65, 0xFD, 0x40, 0x44, 0xAD, 0x09, + 0x09, 0x92, 0xAA, 0x15, 0x9E, 0xEE, 0xF7, 0x2B, + 0x0D, 0xA7, 0xCB, 0x3A, 0x5E, 0x0A, 0xED, 0xD6, + 0x7D, 0x82, 0x8B, 0xBA, 0xCF, 0xE5, 0x9E, 0xE4, + 0x62, 0xAB, 0x69, 0x6B, 0xBA, 0xD0, 0xE5, 0xA9, + 0xBB, 0x1F, 0x5A, 0x51, 0xE0, 0xFA, 0x5D, 0xD4, + 0x4D, 0x8E, 0xC0, 0xDC, 0x43, 0x06, 0xDF, 0x23, + 0x67, 0xB2, 0x4A, 0xA2, 0xFB, 0x75, 0x2F, 0x82, + 0xD8, 0x44, 0xE4, 0xC0, 0xCE, 0x15, 0x9E, 0x3F, + 0xD6, 0xB4, 0x70, 0x5F, 0x3B, 0xD0, 0x56, 0x3E, + 0x0A, 0x7A, 0x4B, 0x94, 0xBF, 0xBA, 0x01, 0x2B, + 0x9C, 0x8B, 0x91, 0x35, 0xF2, 0xDB, 0x4C, 0x8C, + 0x8D, 0xD6, 0xEE, 0xC8, 0x65, 0x8D, 0xF3, 0x05, + 0x59, 0xBE, 0x3A, 0x17, 0xA7, 0x72, 0x10, 0x56, + 0x14, 0xEF, 0xB8, 0xC1, 0xBE, 0x18, 0x11, 0x0B, + 0xE6, 0x70, 0xF8, 0x39, 0xA5, 0x72, 0x7D, 0xF9, + 0x47, 0xFB, 0xAC, 0xFD, 0x1F, 0xC3, 0x71, 0x33, + 0x58, 0x44, 0x15, 0xD3, 0x7C, 0x93, 0x2E, 0x70, + 0x92, 0xFA, 0xBB, 0xF2, 0xD0, 0x9D, 0x25, 0xC4, + 0xCF, 0x4A, 0xB8, 0xEC, 0xBE, 0x5D, 0x8B, 0x7F, + 0xA4, 0x7C, 0xAB, 0xAD, 0xE7, 0x1E, 0x93, 0x83, + 0x92, 0x86, 0x1E, 0x8D, 0x15, 0xA4, 0x1C, 0x5B, + 0x42, 0x25, 0xDA, 0x3D, 0x16, 0xD3, 0x93, 0xF2, + 0x85, 0x50, 0x86, 0x0A, 0x86, 0x35, 0x6B, 0x14, + 0xAB, 0x5F, 0x22, 0xD0, 0xCF, 0x03, 0x7C, 0xEB, + 0xB4, 0x0E, 0xAC, 0x87, 0xA2, 0x41, 0x42, 0xA0, + 0x21, 0x93, 0x00, 0xB6, 0x47, 0x6F, 0x96, 0xD0, + 0x41, 0xD1, 0xC3, 0x0E, 0x3C, 0x52, 0xD2, 0x45, + 0xAB, 0x6A, 0xE7, 0xA1, 0xE5, 0xFD, 0x73, 0xC5, + 0x82, 0x9D, 0x60, 0x62, 0x8B, 0x6D, 0x87, 0xFC, + 0x88, 0x9C, 0x3E, 0xEF, 0xAE, 0xAA, 0xB6, 0x1C, + 0x18, 0xEE, 0xD7, 0x51, 0x1A, 0x96, 0xC4, 0x93, + 0x25, 0x05, 0xD3, 0x83, 0x3D, 0xD8, 0x33, 0x16, + 0x14, 0x44, 0x88, 0xE2, 0xAF, 0xC4, 0xEC, 0x59, + 0x18, 0x12, 0xB9, 0x99, 0xC1, 0xC9, 0x5F, 0x31, + 0x79, 0x00, 0x03, 0xF6, 0xC9, 0x55, 0x14, 0xAA, + 0x29, 0x08, 0x78, 0x24, 0xAF, 0x1D, 0x99, 0x12, + 0x36, 0xD9, 0x4A, 0xD9, 0x50, 0xEF, 0x66, 0xFC, + 0x7F, 0xF4, 0xBC, 0x3B, 0xA0, 0xF6, 0xFD, 0xF2, + 0x62, 0xCA, 0xA5, 0x9D, 0x2B, 0x55, 0xB8, 0x33, + 0xBC, 0xA6, 0x7A, 0xA5, 0x1E, 0xE1, 0x14, 0x5F, + 0x94, 0xE2, 0xDC, 0xF0, 0x5B, 0xBD, 0x43, 0x07, + 0xD8, 0xB1, 0xE0, 0x81, 0x3F, 0x84, 0x54, 0x90, + 0xBF, 0x23, 0x59, 0x92, 0x3C, 0xA5, 0x98, 0xAB, + 0x7D, 0x99, 0xD2, 0xF0, 0xED, 0x8E, 0x0B, 0xC9, + 0x9F, 0xAF, 0xB0, 0x13, 0xED, 0xC7, 0xDD, 0xB8, + 0x61, 0x72, 0x07, 0x3D, 0xCC, 0x35, 0x73, 0xA0, + 0xCF, 0x0C, 0xD9, 0x7E, 0x93, 0xDC, 0x63, 0xB8, + 0x82, 0xEC, 0xF4, 0x30, 0xCE, 0x43, 0x92, 0xEA, + 0x5E, 0xD8, 0xC8, 0xA1, 0xEC, 0x79, 0xDC, 0xAE, + 0x64, 0xD4, 0x33, 0xEB, 0x53, 0x8C, 0xFC, 0x49, + 0x79, 0xBF, 0x7A, 0x28, 0x65, 0x1E, 0x8C, 0xD5, + 0x21, 0xB0, 0x8E, 0xCA, 0xAD, 0xF8, 0x96, 0x9A, + 0x98, 0x10, 0x00, 0x35, 0x6D, 0x58, 0x9A, 0xEF, + 0x84, 0x84, 0x86, 0x72, 0xBA, 0xCD, 0x38, 0x66, + 0x96, 0x9B, 0xC2, 0x83, 0xB0, 0x65, 0xC1, 0xAB, + 0xCF, 0x63, 0x8C, 0x2D, 0xC3, 0x42, 0xB2, 0x7D, + 0xF6, 0xB8, 0xF0, 0x3D, 0x26, 0x21, 0x8F, 0xAE, + 0x4E, 0x96, 0xF2, 0x55, 0x66, 0xBC, 0x6F, 0xED, + 0xE7, 0x19, 0xD3, 0x8D, 0xC0, 0xCD, 0x55, 0x20, + 0x5F, 0x10, 0xCA, 0xDA, 0x09, 0xED, 0x91, 0x4A, + 0x43, 0x33, 0xD3, 0x82, 0x11, 0x5C, 0x2F, 0x5D, + 0xEC, 0xCD, 0x54, 0xF9, 0x6C, 0xE4, 0xE5, 0xF2, + 0x68, 0xBC, 0xE9, 0x27, 0xB2, 0x1D, 0xCA, 0xB5, + 0xCD, 0x04, 0x01, 0x1E, 0x92, 0xF5, 0xF6, 0x01, + 0x86, 0x2B, 0x20, 0x20, 0x9B, 0xB0, 0xF9, 0x56, + 0xD9, 0x33, 0xD5, 0x0A, 0xEC, 0x1B, 0xF4, 0xCE, + 0xD2, 0xB2, 0xC2, 0xD4, 0x3F, 0x9A, 0x25, 0x76, + 0x8E, 0x29, 0x87, 0x52, 0x64, 0x86, 0x4A, 0xA5, + 0x7B, 0x5A, 0x91, 0x72, 0x6E, 0xBE, 0x6D, 0x73, + 0x0A, 0x8D, 0x89, 0x53, 0x82, 0x33, 0x70, 0x44, + 0x20, 0xBE, 0xE0, 0xB0, 0x1B, 0x76, 0x30, 0x43, + 0xA5, 0x5B, 0x8F, 0xAB, 0x7E, 0xB8, 0x61, 0x5F, + 0x43, 0x70, 0x1B, 0x1A, 0x71, 0x61, 0x56, 0xF9, + 0x13, 0x31, 0x2A, 0x64, 0x33, 0x14, 0x00, 0x98, + 0x72, 0xEC, 0x32, 0x88, 0x09, 0xFB, 0x64, 0x46, + 0x3D, 0x56, 0x02, 0xD9, 0x76, 0xD3, 0xAA, 0x90, + 0x0F, 0xBD, 0xF0, 0xF9, 0x96, 0x43, 0x7B, 0x62, + 0x19, 0x26, 0x22, 0x6A, 0x93, 0x91, 0xEC, 0x07, + 0x34, 0xF5, 0x22, 0x32, 0xB3, 0x65, 0x66, 0xE0, + 0x6B, 0x11, 0x7F, 0x97, 0x9F, 0x1A, 0x89, 0x46, + 0xCE, 0x8F, 0xBD, 0xFD, 0x2F, 0xCC, 0x3D, 0xBF, + 0xF2, 0x83, 0xA4, 0x30, 0xE1, 0x02, 0x72, 0xF8, + 0x74, 0xE6, 0x21, 0x96, 0x77, 0xE1, 0x57, 0x8A, + 0xF7, 0x9E, 0xB3, 0x31, 0xAF, 0xD8, 0xC5, 0xD7, + 0x20, 0xDC, 0xFD, 0xCF, 0x79, 0x06, 0x0F, 0x1F, + 0xE5, 0x84, 0x3D, 0x0B, 0x9C, 0xB3, 0xC7, 0xAB, + 0xB8, 0xF1, 0xC0, 0xD0, 0xB5, 0xC7, 0x01, 0xE2, + 0x0E, 0x3B, 0xAF, 0x7E, 0xAC, 0x44, 0x5A, 0x75, + 0x50, 0x0A, 0x76, 0x1C, 0x13, 0xDB, 0x25, 0xD4, + 0x0D, 0x19, 0x75, 0x4C, 0x02, 0xD9, 0xF3, 0xDF, + 0x6D, 0xBB, 0xCF, 0x47, 0xA6, 0xAE, 0xF6, 0xD1, + 0xFB, 0xF4, 0xB4, 0x55, 0xD3, 0xA5, 0x87, 0xA1, + 0x55, 0xFB, 0xBF, 0xCD, 0xF6, 0xA1, 0x64, 0x57, + 0x12, 0x75, 0x9A, 0x11, 0xA3, 0xCE, 0x42, 0x70, + 0x84, 0x54, 0x93, 0x12, 0xE1, 0x3A, 0x0F, 0xFA, + 0xCA, 0xF2, 0x25, 0x91, 0xF1, 0x4D, 0x8F, 0x84, + 0xB1, 0xB5, 0x35, 0xAC, 0xE9, 0x81, 0x77, 0x34, + 0x4D, 0x6F, 0x5D, 0x14, 0x9D, 0xB9, 0xE1, 0xF0, + 0x3F, 0x3C, 0xE7, 0xAD, 0x48, 0xE6, 0x8C, 0x51, + 0x86, 0xF4, 0x4A, 0xB4, 0xD0, 0x98, 0xEC, 0x3A, + 0x4E, 0xAB, 0x58, 0x2F, 0x08, 0x9E, 0x5A, 0x9D, + 0x45, 0x30, 0xB0, 0x85, 0xDF, 0x4A, 0xE7, 0x92, + 0xC6, 0xC8, 0x18, 0x93, 0x08, 0xCE, 0x9A, 0x8C, + 0xE2, 0x91, 0x8D, 0x91, 0x57, 0x7B, 0x37, 0xC8, + 0x80, 0xA2, 0x31, 0x10, 0x0D, 0x4E, 0xEF, 0x51, + 0x07, 0x94, 0x8E, 0xF8, 0x3C, 0x3C, 0x2E, 0xD5, + 0x03, 0x26, 0xB8, 0x72, 0x7F, 0xB9, 0xBC, 0xD7, + 0x95, 0xC4, 0x31, 0x08, 0xEC, 0x6F, 0xEE, 0x11, + 0xAF, 0xC0, 0xA2, 0xEC, 0xD7, 0xC8, 0x0B, 0xBE, + 0x15, 0xAE, 0xC9, 0x17, 0xBE, 0x37, 0xE2, 0x40, + 0x83, 0x65, 0xDE, 0xB3, 0x4E, 0xB4, 0x15, 0xB3, + 0x5C, 0x14, 0xF6, 0x5F, 0xA9, 0x1F, 0x70, 0xB5, + 0x23, 0x93, 0x78, 0xB9, 0x47, 0xF9, 0x1D, 0x2B, + 0x1E, 0x8D, 0xB1, 0x25, 0x7E, 0xE5, 0x85, 0x3C, + 0x16, 0x9F, 0xD0, 0xC2, 0x67, 0x8B, 0x0D, 0xD2, + 0x72, 0x4E, 0x74, 0x30, 0xE1, 0xAF, 0xB8, 0x66, + 0xCB, 0x53, 0xDF, 0xC4, 0xFB, 0xA5, 0x6D, 0x03, + 0xF2, 0xAE, 0xEE, 0x90, 0xFE, 0xD7, 0x30, 0xAF, + 0x33, 0x98, 0x09, 0xEB, 0x75, 0xC7, 0x3E, 0xC8, + 0x2F, 0xE7, 0x22, 0x5F, 0x2F, 0x0A, 0xBD, 0xA4, + 0x22, 0x88, 0x28, 0x19, 0x35, 0x83, 0x12, 0x86, + 0xEE, 0x72, 0xB4, 0x26, 0x89, 0x2F, 0xC7, 0x11, + 0x6E, 0xDD, 0x14, 0x98, 0x22, 0xE7, 0x73, 0x3E, + 0xFA, 0x46, 0x75, 0xF9, 0x40, 0xC1, 0x84, 0x22, + 0xBC, 0x75, 0x36, 0xC7, 0x82, 0xD3, 0xAE, 0x6E, + 0x0D, 0xBF, 0x6F, 0xC3, 0x4B, 0x67, 0x49, 0x19, + 0xF3, 0x4B, 0x12, 0xF2, 0x83, 0xFD, 0x39, 0x56, + 0x44, 0x05, 0x3A, 0x24, 0x6A, 0x35, 0x69, 0x12, + 0xCF, 0xE4, 0x93, 0xFE, 0x26, 0xCC, 0xD6, 0x01, + 0xA0, 0x4A, 0x84, 0xA8, 0x1D, 0x85, 0xE6, 0x83, + 0x0F, 0x3C, 0xE6, 0x6D, 0xD2, 0xCB, 0xB1, 0x14, + 0x8C, 0xEC, 0x10, 0xB3, 0x63, 0x4B, 0x9C, 0xF5, + 0x11, 0xE0, 0xF9, 0x86, 0x6F, 0xA7, 0xC0, 0x3B, + 0x9D, 0x25, 0xD7, 0x54, 0xCA, 0x40, 0x4D, 0x26, + 0xBA, 0x71, 0x8E, 0x25, 0xF5, 0xA7, 0xE3, 0x9B, + 0x25, 0x20, 0x7F, 0x29, 0x05, 0xB6, 0x27, 0x14, + 0x17, 0x67, 0x26, 0x10, 0xAD, 0xA3, 0x06, 0x03, + 0xFE, 0x82, 0x85, 0x5D, 0x01, 0x04, 0x4D, 0xE0, + 0x64, 0x38, 0x38, 0x5E, 0x83, 0x1E, 0x21, 0x9A, + 0x39, 0x02, 0xF8, 0xF9, 0x69, 0x85, 0x52, 0xE5, + 0xEC, 0x6A, 0xAC, 0x96, 0x86, 0xA7, 0x88, 0x69, + 0xB5, 0xB5, 0x7E, 0x03, 0x1D, 0xA9, 0x68, 0xCA, + 0x45, 0x0F, 0xF9, 0x14, 0xD6, 0x7B, 0xCF, 0x9C, + 0x03, 0x6F, 0xD1, 0xD9, 0x6F, 0x01, 0x3D, 0xF8, + 0xF3, 0x11, 0xF3, 0x29, 0x17, 0x90, 0xE8, 0x9B, + 0xED, 0x58, 0x9B, 0xF0, 0xBC, 0xC7, 0xBA, 0xF4, + 0x60, 0xC8, 0xAA, 0x30, 0xB4, 0x2F, 0x22, 0x8F, + 0xD3, 0xAC, 0x18, 0xC2, 0xB7, 0xC4, 0x7B, 0x31, + 0x9E, 0x0F, 0x7E, 0x9D, 0xBF, 0xD4, 0x63, 0xC2, + 0x8B, 0x1B, 0x58, 0x50, 0x33, 0x53, 0x6D, 0x79, + 0xBB, 0xF8, 0x0D, 0x91, 0x33, 0xD9, 0x07, 0xE7, + 0xB0, 0x81, 0xD4, 0xB4, 0x47, 0x61, 0x93, 0xF0, + 0xFB, 0x68, 0xBC, 0x1B, 0x41, 0xC2, 0xF5, 0x43, + 0x30, 0x7E, 0x76, 0xF9, 0xB1, 0xA3, 0xD6, 0xD4, + 0x26, 0xEA, 0x77, 0x75, 0x12, 0x7A, 0xC8, 0x30, + 0x9B, 0xCF, 0x45, 0xBE, 0x74, 0x7D, 0x8A, 0x8B, + 0xEC, 0xED, 0x11, 0xE6, 0xA1, 0xD1, 0xB8, 0xF1, + 0x90, 0xAD, 0x6D, 0x6A, 0xC6, 0x54, 0xE9, 0xDB, + 0xAD, 0x4C, 0x97, 0x39, 0xC8, 0xD8, 0x44, 0xA9, + 0x1A, 0x37, 0x16, 0x7E, 0x68, 0x45, 0x0C, 0xBB, + 0x10, 0xF4, 0xAE, 0x8E, 0x2B, 0x69, 0xFA, 0x95, + 0x3E, 0xA5, 0xC9, 0x91, 0xD3, 0xF1, 0xA3, 0x89, + 0x3F, 0x90, 0x86, 0x93, 0x1B, 0xF1, 0xA0, 0x89, + 0xC7, 0xF2, 0x23, 0x57, 0xD4, 0x8E, 0x2F, 0xD5, + 0x71, 0xCD, 0x36, 0xF1, 0x90, 0xB3, 0x98, 0x3E, + 0x19, 0xEA, 0xC8, 0x0F, 0x12, 0x9D, 0xBF, 0x58, + 0xED, 0xDC, 0x6B, 0x9A, 0x79, 0x84, 0xFC, 0xF0, + 0x4C, 0xC3, 0xB4, 0x0D, 0xB8, 0x7A, 0x8D, 0xAD, + 0x75, 0x40, 0xD5, 0xD5, 0xDE, 0xC8, 0xCA, 0x39, + 0x3E, 0x45, 0xE4, 0xBC, 0xF4, 0x33, 0xEA, 0x64, + 0xE1, 0x5E, 0x94, 0x42, 0x91, 0xAB, 0xBC, 0x42, + 0x2A, 0xB3, 0xD0, 0x60, 0x23, 0xCE, 0x57, 0x8E, + 0xFF, 0xAD, 0xA2, 0x2B, 0x64, 0xD9, 0x94, 0xA0, + 0x80, 0x0F, 0x8E, 0x50, 0x17, 0x08, 0x1D, 0x16, + 0xCF, 0x51, 0xD0, 0xB9, 0x28, 0xB6, 0x59, 0xEF, + 0x78, 0xCC, 0xC9, 0x96, 0xF9, 0xCA, 0x87, 0x7A, + 0xEE, 0xD9, 0x15, 0x5E, 0xDF, 0x5D, 0xBC, 0xC2, + 0x58, 0xE6, 0x04, 0xEE, 0x17, 0xDC, 0xB3, 0xF9, + 0x90, 0xF9, 0x88, 0x32, 0x9E, 0xA1, 0xDB, 0x1C, + 0x38, 0x56, 0x53, 0x90, 0x30, 0x69, 0x2E, 0x52, + 0x00, 0x2C, 0xF3, 0x0F, 0xD5, 0x80, 0x2E, 0x02, + 0x5B, 0x99, 0xBF, 0xCD, 0x11, 0x12, 0x64, 0x5B, + 0x56, 0xC6, 0x0A, 0xE6, 0x38, 0xE7, 0x4D, 0x21, + 0xE5, 0x98, 0x78, 0x9D, 0xE6, 0xCB, 0x60, 0xB4, + 0x2E, 0xE4, 0x98, 0x56, 0xCB, 0xAD, 0xE6, 0xDD, + 0x53, 0xF4, 0xC5, 0x67, 0xA2, 0x9F, 0xA0, 0x5C, + 0x7C, 0xFB, 0x24, 0x5A, 0xA7, 0x72, 0xD0, 0xE7, + 0x63, 0xF2, 0x5D, 0xBF, 0xD8, 0xE9, 0xF1, 0x6B, + 0xB4, 0x29, 0xA6, 0x28, 0xE6, 0x93, 0xD3, 0x87, + 0xB6, 0xD9, 0x3C, 0x39, 0x8D, 0xEA, 0x28, 0xC0, + 0x96, 0x3D, 0xF5, 0xC2, 0x3C, 0x29, 0xF2, 0x80, + 0x21, 0x8A, 0x03, 0x9D, 0x64, 0xF8, 0xBA, 0x81, + 0xC1, 0xDD, 0xA2, 0x88, 0x2A, 0x84, 0x2E, 0x3C, + 0xB5, 0x03, 0x95, 0xED, 0xAA, 0x6E, 0xE2, 0x6F, + 0x5E, 0x99, 0x3C, 0x63, 0xEE, 0xB8, 0x4F, 0x66, + 0x32, 0x77, 0x42, 0x23, 0x36, 0x29, 0x89, 0xB0, + 0xED, 0x5F, 0xF2, 0x5A, 0x65, 0x66, 0x3F, 0xD2, + 0x8B, 0x48, 0x68, 0x65, 0xDC, 0xE0, 0xB0, 0xC2, + 0x72, 0x73, 0xF1, 0xA4, 0xC6, 0x56, 0x2C, 0x5D, + 0xD8, 0xC6, 0x5C, 0x41, 0xCE, 0x30, 0x89, 0x59, + 0xA9, 0xD6, 0x45, 0x96, 0xD0, 0x8E, 0x7B, 0x25, + 0xE0, 0x13, 0xFB, 0xFE, 0x7C, 0xEA, 0xF3, 0x67, + 0x0D, 0xB2, 0x9A, 0x21, 0x3C, 0xCE, 0x99, 0x75, + 0xA9, 0x13, 0xCE, 0xF4, 0x23, 0x6E, 0x64, 0x00, + 0x30, 0x87, 0x70, 0x9C, 0xAD, 0x61, 0x81, 0x71, + 0x0E, 0x95, 0x19, 0x26, 0xCA, 0x55, 0x29, 0x71, + 0x99, 0xA6, 0x08, 0xAE, 0x54, 0x58, 0x75, 0xCD, + 0xC3, 0x8F, 0xE3, 0x83, 0xC1, 0x45, 0x62, 0xB4, + 0x8D, 0xCA, 0x66, 0x02, 0xEA, 0x34, 0x05, 0x5D, + 0x98, 0x3F, 0x38, 0xE6, 0x1C, 0xCE, 0x53, 0x1A, + 0xD9, 0x3F, 0x58, 0xEC, 0x16, 0x28, 0x45, 0xF5, + 0x38, 0xCE, 0x48, 0x43, 0x87, 0x1D, 0x3C, 0x4A, + 0xDF, 0x05, 0xF3, 0x5E, 0x29, 0x7E, 0xA6, 0x2E, + 0xFC, 0xDD, 0x5E, 0xF9, 0x40, 0x1B, 0xA0, 0x42, + 0xA2, 0x35, 0x15, 0x0A, 0x09, 0xD9, 0x47, 0x4A, + 0x3F, 0xB0, 0x3A, 0xAA, 0x19, 0xE7, 0xE3, 0x7A, + 0x22, 0x8D, 0x5F, 0x5B, 0x07, 0x41, 0x4C, 0x3D, + 0xA2, 0xAD, 0x2E, 0x5C, 0x75, 0xEC, 0xF0, 0x4C, + 0x11, 0x2B, 0x90, 0x76, 0x9E, 0x19, 0x96, 0x0E, + 0x97, 0x5E, 0x8D, 0x19, 0x17, 0xB3, 0xBF, 0xDA, + 0x84, 0xFD, 0xC6, 0xD2, 0x32, 0x6F, 0xB8, 0xA3, + 0xB0, 0x0F, 0x95, 0xD9, 0xC5, 0x26, 0x50, 0x11, + 0x15, 0x72, 0xBE, 0xC2, 0x1B, 0x12, 0x12, 0x7C, + 0xA5, 0x70, 0xD8, 0xA9, 0x8A, 0xB9, 0x77, 0xEB, + 0xD8, 0xD7, 0x9A, 0x59, 0x37, 0x5E, 0xE1, 0x4F, + 0x64, 0xB5, 0xB0, 0x4F, 0xD9, 0x69, 0xFE, 0xB0, + 0x3D, 0x0A, 0xF7, 0x34, 0x89, 0xE3, 0xBA, 0xEF, + 0xE7, 0xC7, 0xBC, 0x8D, 0xC7, 0xE8, 0x54, 0x83, + 0xEE, 0x62, 0xF0, 0x23, 0x98, 0x58, 0x0F, 0x83, + 0xB9, 0x6D, 0xD8, 0x44, 0x77, 0xB9, 0xC4, 0x8F, + 0x0B, 0xB3, 0x9F, 0x54, 0x06, 0xA3, 0x70, 0x36, + 0xD6, 0xF3, 0x6E, 0x2B, 0x1B, 0x6B, 0x53, 0xFE, + 0x6F, 0xF6, 0x1C, 0x32, 0x7B, 0x29, 0xD4, 0xE0, + 0x5D, 0xD2, 0xB8, 0x11, 0x74, 0xC6, 0x0B, 0x59, + 0xC7, 0x9C, 0xB1, 0x97, 0x6B, 0xC0, 0x6E, 0x7A, + 0xC3, 0x4D, 0xF3, 0xE3, 0x8F, 0x7D, 0x2C, 0x1C, + 0x0E, 0x31, 0x51, 0xB7, 0x14, 0x7A, 0xB8, 0x31, + 0x77, 0x47, 0x70, 0x14, 0x3B, 0x92, 0x7B, 0x5F, + 0xEC, 0x5D, 0xF7, 0x76, 0xC1, 0xD7, 0x2D, 0xB6, + 0xBC, 0x99, 0x81, 0xD6, 0x58, 0x67, 0x71, 0x3C, + 0xF2, 0x97, 0xC8, 0xB0, 0xF1, 0xE9, 0x8D, 0x0E, + 0x16, 0xF0, 0xCC, 0x22, 0x7A, 0x39, 0xE4, 0x7E, + 0x50, 0xBA, 0x01, 0x16, 0x15, 0x6D, 0x5B, 0x54, + 0x67, 0x53, 0x66, 0x04, 0xBE, 0x05, 0xCC, 0x2E, + 0xF4, 0x0A, 0xBC, 0xE8, 0x52, 0xF1, 0x5D, 0xFA, + 0x2C, 0xAC, 0xF8, 0x6A, 0x78, 0x9E, 0x5B, 0x7B, + 0x0E, 0x5B, 0xB4, 0xB7, 0x77, 0xCD, 0x7C, 0xC9, + 0xF6, 0x54, 0x77, 0x9B, 0x10, 0x2F, 0x78, 0xB5, + 0xAA, 0x4B, 0x94, 0xC3, 0xB4, 0xFD, 0xE5, 0x5F, + 0xA7, 0xF7, 0xBF, 0x54, 0xAC, 0x22, 0x5E, 0x1F, + 0x26, 0x16, 0x5B, 0x65, 0xF1, 0x6D, 0x03, 0x21, + 0x66, 0x9F, 0xD9, 0xF6, 0xE4, 0x7F, 0xCA, 0x1D, + 0xD3, 0x47, 0x09, 0x6D, 0xF5, 0xDD, 0xA8, 0x64, + 0x66, 0xA5, 0x7C, 0x5B, 0x06, 0x8D, 0x9C, 0x67, + 0xB7, 0x32, 0x03, 0x66, 0xEA, 0x19, 0xC8, 0x99, + 0x3F, 0xF9, 0x0B, 0xD8, 0xFB, 0x06, 0x93, 0xFB, + 0xA3, 0x70, 0xE6, 0x6D, 0x2B, 0x20, 0x3B, 0x99, + 0x70, 0x11, 0xB0, 0xD1, 0x5B, 0x94, 0xE2, 0x8B, + 0xAA, 0x2E, 0xBF, 0x01, 0x77, 0x4F, 0x7A, 0xE7, + 0x8F, 0x84, 0xED, 0xBD, 0xAD, 0x9F, 0x65, 0xA4, + 0x50, 0x42, 0x7A, 0x47, 0x74, 0xC6, 0x0C, 0xC8, + 0x9A, 0x02, 0x0B, 0x37, 0xDA, 0x21, 0xC7, 0x91, + 0xDA, 0xC8, 0xF7, 0xA7, 0x45, 0x7E, 0x30, 0xD0, + 0x8B, 0x01, 0x37, 0x51, 0x60, 0x03, 0x9C, 0x30, + 0x1B, 0x60, 0x51, 0xA9, 0x65, 0xE8, 0xA7, 0xCC, + 0xA2, 0xAE, 0xF9, 0x3B, 0xD5, 0x2F, 0x82, 0xC0, + 0x20, 0xBE, 0xCE, 0x90, 0xA1, 0x29, 0x02, 0x4E, + 0xFE, 0xA4, 0xB2, 0xFA, 0x21, 0x27, 0x0F, 0x8E, + 0xB5, 0xED, 0x6A, 0xAA, 0xE5, 0x59, 0x29, 0xAA, + 0xC5, 0x99, 0xA5, 0x77, 0x97, 0x29, 0x57, 0x66, + 0x0C, 0xC4, 0x7A, 0xC4, 0xE3, 0xCE, 0x77, 0x2B, + 0xBF, 0x10, 0x05, 0x2D, 0xE7, 0xED, 0xB1, 0xB8, + 0xA4, 0x49, 0x41, 0xF8, 0x84, 0xC9, 0xF8, 0xBE, + 0x13, 0x17, 0x46, 0x69, 0x94, 0x56, 0x29, 0xF4, + 0x6D, 0xE2, 0x46, 0x74, 0x44, 0xF3, 0x10, 0x6A, + 0x73, 0xFA, 0x27, 0x9C, 0xF0, 0x2A, 0x80, 0x0A, + 0x04, 0x7E, 0x20, 0xBD, 0x4D, 0x82, 0x0B, 0x38, + 0x9C, 0x3B, 0xB6, 0xA8, 0x68, 0xA5, 0x38, 0x4C, + 0xF5, 0x72, 0x4C, 0x20, 0x4C, 0xEF, 0xB1, 0xA6, + 0xA1, 0xBE, 0xB9, 0x72, 0x3E, 0x36, 0xDD, 0xDD, + 0xD9, 0xC7, 0x07, 0xC8, 0xF6, 0x3E, 0x8B, 0xC2, + 0x66, 0x83, 0xCC, 0x8B, 0x43, 0xC7, 0xDF, 0xDA, + 0xA4, 0x08, 0xAC, 0x4D, 0xD2, 0xBA, 0x9A, 0xEC, + 0xBC, 0x3B, 0x6D, 0xDA, 0xED, 0xCE, 0x09, 0x4A, + 0xAB, 0x58, 0xFF, 0x73, 0x2B, 0x19, 0x66, 0x38, + 0xD8, 0xB8, 0xEF, 0xC4, 0x28, 0xBB, 0xA9, 0x61, + 0x57, 0x93, 0xC4, 0xDD, 0x9F, 0x00, 0xF9, 0x0D, + 0x62, 0xC6, 0x76, 0xD1, 0x27, 0xA0, 0xE1, 0x8C, + 0x14, 0xC6, 0xEE, 0x9C, 0x99, 0x05, 0x10, 0xB0, + 0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12, + 0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12 + }; + static const byte msg_87[] = { + 0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77, + 0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89, + 0xC4, 0xC3, 0xED, 0x36 + }; + static const byte sig_87[] = { + 0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA, + 0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06, + 0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB, + 0xE1, 0x44, 0x4A, 0xDD, 0x46, 0x45, 0x16, 0x0D, + 0x22, 0x57, 0x82, 0x87, 0x10, 0xD1, 0xEE, 0x10, + 0x60, 0x21, 0xB5, 0x64, 0x1E, 0x78, 0x81, 0x55, + 0x75, 0xD4, 0xF0, 0x95, 0xD0, 0x15, 0xD8, 0x46, + 0x5C, 0x92, 0xD2, 0xDD, 0xF4, 0xAB, 0xDF, 0xBE, + 0xB1, 0x1E, 0xE5, 0xE0, 0x70, 0xE6, 0xDA, 0x52, + 0xE5, 0x48, 0xDC, 0x04, 0xFD, 0xEF, 0x54, 0x72, + 0xE7, 0xE5, 0xF1, 0x82, 0x10, 0xAA, 0xCB, 0xA0, + 0x4F, 0x4F, 0x18, 0xAE, 0x66, 0x86, 0xB9, 0xAF, + 0x96, 0x57, 0xE3, 0x8E, 0x3B, 0x9B, 0xDD, 0xB4, + 0xAA, 0x84, 0xE6, 0x7B, 0x4D, 0x81, 0x92, 0xD0, + 0x03, 0x87, 0x3D, 0xD3, 0xEE, 0xE7, 0x47, 0x00, + 0xFB, 0xD8, 0x1E, 0x38, 0x1C, 0x21, 0x98, 0xB7, + 0xCC, 0xC1, 0x37, 0xC1, 0x71, 0xB2, 0x2F, 0x93, + 0x53, 0x41, 0x9C, 0x48, 0xC1, 0x4B, 0x8D, 0x63, + 0x0F, 0x99, 0x63, 0x40, 0x27, 0x5F, 0x6E, 0x60, + 0x4B, 0x95, 0xC4, 0x35, 0x20, 0x8A, 0xED, 0x2B, + 0xCA, 0x1B, 0x41, 0x9F, 0x83, 0x63, 0xF0, 0x95, + 0x0E, 0x24, 0x0D, 0x6F, 0x9E, 0xAB, 0x11, 0x8E, + 0x4B, 0xD3, 0xDA, 0x0E, 0xC3, 0xA2, 0xBE, 0x26, + 0xA8, 0xA0, 0x98, 0x57, 0x71, 0x3C, 0x36, 0xDD, + 0x69, 0xC3, 0x4E, 0xDD, 0x2C, 0x61, 0x9E, 0x88, + 0x26, 0x70, 0x71, 0xCF, 0x9E, 0xE5, 0xA6, 0x0C, + 0xA3, 0x14, 0x2D, 0xF1, 0x63, 0xF0, 0x1D, 0x8D, + 0x79, 0x6A, 0xC8, 0x50, 0xCF, 0xF3, 0x66, 0x60, + 0x78, 0xB3, 0x18, 0xFB, 0x5B, 0xD1, 0x73, 0x60, + 0xC8, 0x76, 0xC9, 0xC9, 0x0D, 0x8A, 0x7F, 0x41, + 0x2C, 0x8A, 0x31, 0x61, 0x6B, 0xE7, 0xA3, 0x74, + 0x58, 0x71, 0x54, 0x84, 0x86, 0x71, 0x5C, 0x94, + 0x26, 0x3A, 0x17, 0xB3, 0x6C, 0xA4, 0x99, 0x25, + 0x45, 0x0C, 0x57, 0x8A, 0xD9, 0xD4, 0xB1, 0xC2, + 0x00, 0x43, 0xF4, 0x5E, 0x84, 0x31, 0x99, 0x4F, + 0xA6, 0xD2, 0x6A, 0x14, 0x1B, 0xAD, 0x9E, 0x49, + 0x6E, 0x00, 0x9E, 0x91, 0x46, 0x16, 0xCA, 0x57, + 0x0C, 0x09, 0xF6, 0x38, 0xD0, 0x62, 0xBE, 0xC6, + 0x87, 0x33, 0x3A, 0xC7, 0x28, 0x38, 0x34, 0x53, + 0x7E, 0xFB, 0x60, 0x42, 0xF3, 0x7D, 0x83, 0xF7, + 0x29, 0x5D, 0xEA, 0x30, 0xD5, 0x00, 0x90, 0xB6, + 0x38, 0x4C, 0x17, 0x29, 0xEF, 0x17, 0xA0, 0xD5, + 0x87, 0x50, 0xC0, 0x03, 0x75, 0x14, 0xE5, 0xE1, + 0x22, 0x78, 0x53, 0xBC, 0x5A, 0xA3, 0x1E, 0x95, + 0xBE, 0xEC, 0x37, 0xB1, 0x51, 0x82, 0x69, 0x26, + 0x2E, 0xA3, 0x5A, 0xDA, 0x4F, 0xDA, 0x77, 0x62, + 0x7E, 0xED, 0xDA, 0xAF, 0x57, 0x97, 0x1B, 0xA3, + 0x6D, 0x46, 0x7B, 0x19, 0xA9, 0x0B, 0x99, 0x1C, + 0xD2, 0x55, 0xDB, 0x79, 0xB0, 0x15, 0x48, 0x86, + 0x52, 0x30, 0x31, 0xD6, 0xC5, 0xB1, 0xAE, 0x8F, + 0xCF, 0x9A, 0x43, 0x10, 0xBB, 0xC8, 0x19, 0x74, + 0x84, 0xB2, 0x92, 0x3B, 0xFE, 0x0B, 0x12, 0x15, + 0xA1, 0xC4, 0xD8, 0xC6, 0x83, 0x90, 0x89, 0x8A, + 0xD5, 0x3E, 0x33, 0x69, 0xB7, 0x05, 0x3F, 0xB1, + 0x8B, 0x0D, 0x87, 0x40, 0x70, 0x90, 0x2A, 0x5D, + 0x3B, 0x3D, 0x91, 0xD8, 0x1D, 0x4D, 0xF1, 0x08, + 0x7E, 0xF7, 0xDC, 0x05, 0x84, 0xEB, 0xDC, 0x63, + 0xD7, 0xBA, 0x3C, 0x0D, 0x31, 0xF8, 0x6D, 0xA6, + 0xC0, 0xFD, 0x08, 0x11, 0x5C, 0x53, 0xF6, 0xAE, + 0xFE, 0xC0, 0x82, 0x9A, 0x68, 0xD2, 0xA3, 0x44, + 0x2E, 0xEE, 0x47, 0x36, 0x70, 0x2D, 0x66, 0x81, + 0x0D, 0x62, 0x30, 0x8A, 0x8C, 0xC8, 0x2A, 0xA6, + 0x21, 0x82, 0xF5, 0x98, 0xF4, 0x4E, 0x25, 0x37, + 0x11, 0xB5, 0xD6, 0x07, 0x88, 0xBD, 0x0D, 0x69, + 0x0E, 0xF9, 0x8F, 0x9A, 0xD5, 0x93, 0xE0, 0x3C, + 0xEF, 0x38, 0xB9, 0xC9, 0x77, 0x98, 0x3F, 0x69, + 0x11, 0xBA, 0x1A, 0xB9, 0xF7, 0x35, 0xE9, 0x28, + 0xCD, 0xA3, 0x8C, 0x03, 0xE6, 0xAD, 0x83, 0x62, + 0xF4, 0x60, 0xAE, 0x4C, 0xD0, 0xF4, 0x6E, 0x00, + 0xEE, 0xEC, 0x74, 0xB6, 0x12, 0x34, 0x98, 0xAB, + 0x31, 0xE7, 0xA7, 0x9D, 0x33, 0x4D, 0x72, 0xA7, + 0xA7, 0xEE, 0xF3, 0xB5, 0x51, 0xE7, 0x8D, 0x31, + 0xBC, 0x2C, 0xAF, 0xFB, 0x13, 0x9C, 0xAC, 0xA4, + 0xD7, 0x9C, 0x8B, 0xBD, 0x52, 0xBD, 0x78, 0xF4, + 0x90, 0x65, 0x09, 0xBE, 0x42, 0xE7, 0x76, 0x3A, + 0xE6, 0xAC, 0xB8, 0x98, 0x28, 0x5E, 0xC9, 0x32, + 0x3E, 0x68, 0x67, 0x6A, 0x8C, 0xC7, 0x4A, 0x58, + 0xC8, 0xDA, 0x8B, 0xE9, 0x11, 0xED, 0x6F, 0x51, + 0x3B, 0x66, 0x08, 0x70, 0x73, 0x10, 0xFB, 0x45, + 0xCB, 0xD9, 0x7D, 0x5F, 0xF0, 0xD2, 0xAB, 0xA3, + 0x6F, 0xCE, 0xF7, 0x3D, 0x46, 0xCB, 0x7F, 0x01, + 0xC2, 0xCF, 0xE3, 0x8E, 0x68, 0xE8, 0x4F, 0x4A, + 0x30, 0x19, 0x16, 0xD2, 0xF5, 0x10, 0xD8, 0x2B, + 0x49, 0x69, 0xBE, 0x7A, 0x0E, 0x9C, 0xC6, 0x0E, + 0xFF, 0x5C, 0x0A, 0x87, 0x17, 0xB8, 0x22, 0x83, + 0x8C, 0x77, 0xAF, 0x42, 0x06, 0xB1, 0x25, 0x45, + 0x08, 0x9B, 0xB2, 0xDD, 0x6A, 0x3F, 0xF0, 0x12, + 0xC8, 0x64, 0x15, 0xBB, 0xA0, 0x4F, 0xD7, 0xD4, + 0xEC, 0x70, 0x7A, 0xF3, 0xB1, 0x7F, 0x25, 0x57, + 0x47, 0x66, 0xF1, 0xE9, 0x27, 0x38, 0xE0, 0x62, + 0x10, 0xF4, 0x8A, 0x5E, 0xF2, 0x55, 0x0E, 0xBD, + 0xF8, 0x5A, 0x5C, 0xA3, 0x44, 0x97, 0xCF, 0x1D, + 0x4D, 0x3A, 0x75, 0x86, 0x48, 0xEC, 0x41, 0x17, + 0x24, 0x43, 0x83, 0x5E, 0x50, 0x91, 0xBE, 0x8F, + 0x04, 0x78, 0x23, 0xD9, 0x62, 0x0C, 0x2A, 0xD5, + 0x1C, 0x96, 0x11, 0xAA, 0xEE, 0x39, 0xB2, 0x1E, + 0x6D, 0x6A, 0xEC, 0x87, 0x0C, 0x89, 0x15, 0xE2, + 0x66, 0x47, 0x6A, 0x50, 0xEE, 0xCA, 0x59, 0x96, + 0x22, 0xF7, 0x09, 0x1A, 0x34, 0xC2, 0x3F, 0x14, + 0xB4, 0x04, 0x29, 0xD9, 0x5E, 0x3E, 0xF9, 0x8F, + 0xED, 0x3E, 0x74, 0x94, 0x37, 0xF0, 0x4B, 0xB4, + 0xA3, 0x37, 0x52, 0x2E, 0x68, 0x09, 0xFC, 0x10, + 0x45, 0x03, 0xE2, 0x53, 0xB4, 0x1C, 0x4F, 0x03, + 0x01, 0xAF, 0x46, 0x7F, 0x74, 0xD3, 0x31, 0x25, + 0xFA, 0x83, 0xEF, 0x71, 0x24, 0x45, 0xA1, 0x71, + 0xFA, 0x40, 0xEB, 0xF4, 0xE6, 0x55, 0x3E, 0x45, + 0x4A, 0xFE, 0x25, 0x68, 0x02, 0x1D, 0x2B, 0x2A, + 0x19, 0x8D, 0xEC, 0x9B, 0xF7, 0x20, 0xF9, 0xD7, + 0x2F, 0x81, 0x52, 0x0B, 0xE8, 0x74, 0x66, 0xAF, + 0x70, 0xD0, 0x0E, 0x0E, 0x86, 0x0F, 0xF9, 0xAB, + 0xD0, 0x39, 0x78, 0xC3, 0xE4, 0x29, 0xB5, 0xAA, + 0x17, 0xB9, 0x7F, 0x9A, 0xE9, 0x34, 0x48, 0x85, + 0x3D, 0x6E, 0xFD, 0x16, 0x8A, 0x30, 0xC6, 0xCB, + 0xE8, 0xDE, 0x2D, 0x28, 0x8D, 0x9A, 0x24, 0xEA, + 0x5D, 0x2A, 0x58, 0x23, 0x33, 0x2B, 0x84, 0xFD, + 0x2C, 0xE7, 0x93, 0xA2, 0x2B, 0xEC, 0x43, 0x98, + 0x48, 0xD4, 0xE6, 0x0F, 0x3B, 0xB9, 0xC7, 0x5D, + 0x7E, 0xB0, 0x87, 0x1E, 0x80, 0x3D, 0x61, 0xB0, + 0x7E, 0x74, 0x9E, 0xD7, 0x60, 0x72, 0xB2, 0x7C, + 0x87, 0xB6, 0x9D, 0x6C, 0x01, 0x42, 0x61, 0xF6, + 0x47, 0xAF, 0xA8, 0x8C, 0x4F, 0x1E, 0xC5, 0x5A, + 0x75, 0xA5, 0x0F, 0xB4, 0xC7, 0x9D, 0x2C, 0x94, + 0xC0, 0x50, 0x3D, 0xB2, 0x0D, 0xFD, 0xF7, 0x1F, + 0x62, 0x88, 0x74, 0x18, 0x8C, 0xDD, 0x73, 0x85, + 0xC0, 0x33, 0x81, 0xDA, 0xBB, 0x85, 0x4D, 0x4A, + 0xA9, 0xF4, 0x7B, 0x66, 0x43, 0x8C, 0x43, 0xFF, + 0x53, 0xEF, 0x5E, 0x78, 0xAB, 0x45, 0x0B, 0x45, + 0x01, 0x91, 0x27, 0x8A, 0xF6, 0xE2, 0x6A, 0x7B, + 0x5E, 0x64, 0x61, 0xF5, 0x77, 0xF9, 0x85, 0x2F, + 0x81, 0xC9, 0x02, 0x03, 0xC7, 0x13, 0xF5, 0xB1, + 0xF6, 0xC3, 0xEF, 0x55, 0x8C, 0x90, 0x32, 0x51, + 0x6D, 0x8D, 0x62, 0xFD, 0x5E, 0x24, 0xE4, 0xF0, + 0xF5, 0x07, 0x18, 0xF5, 0x6B, 0x5A, 0x59, 0xA0, + 0x09, 0xD5, 0x93, 0x8D, 0xAD, 0x55, 0x91, 0xF6, + 0x1F, 0x4C, 0x65, 0x9A, 0x76, 0x05, 0x26, 0xEF, + 0x41, 0x20, 0x2F, 0xA7, 0xE5, 0xF6, 0xC7, 0xD5, + 0xE0, 0xB0, 0xC0, 0xC4, 0x3B, 0x52, 0x4B, 0x66, + 0x71, 0x2C, 0x5A, 0x7C, 0x53, 0xC8, 0x4C, 0x50, + 0xB8, 0x3E, 0xB9, 0xC9, 0x8D, 0x2F, 0xD0, 0x84, + 0xC9, 0xC5, 0xF2, 0x1F, 0xEE, 0x77, 0x42, 0xE6, + 0xEF, 0xC8, 0xCB, 0xBE, 0x57, 0x18, 0xB7, 0x0C, + 0x06, 0x2D, 0x82, 0xE2, 0xF9, 0x86, 0xF3, 0x8D, + 0xF1, 0xE7, 0x15, 0x89, 0xDC, 0x79, 0x87, 0x24, + 0x35, 0x62, 0xA2, 0x31, 0x9D, 0x7C, 0x00, 0xB2, + 0x6E, 0x53, 0x1E, 0x93, 0xC3, 0x84, 0x44, 0x61, + 0x8C, 0xE7, 0x58, 0x73, 0x4F, 0xDE, 0xCF, 0xD0, + 0xC6, 0x85, 0x37, 0x28, 0xC6, 0x10, 0x00, 0x78, + 0x4E, 0xDF, 0xFE, 0xD7, 0xB3, 0x30, 0x86, 0xE1, + 0x68, 0xD6, 0xCB, 0x63, 0xE3, 0xDA, 0xCA, 0xF3, + 0x55, 0x2F, 0x88, 0x5B, 0x47, 0x82, 0x62, 0xDE, + 0x5E, 0x1E, 0x63, 0xCE, 0x7A, 0x4C, 0x66, 0x95, + 0xD1, 0x19, 0x38, 0x35, 0xE4, 0x5A, 0x67, 0x91, + 0x8C, 0x42, 0xD3, 0x9B, 0xF8, 0x80, 0x38, 0x53, + 0x30, 0x31, 0x0F, 0x2C, 0x7B, 0xF9, 0x1E, 0x6C, + 0x3E, 0x29, 0xB7, 0x81, 0xD0, 0x98, 0x70, 0xC2, + 0x6D, 0x76, 0xBD, 0x8A, 0xE2, 0x09, 0xC4, 0x2B, + 0xC7, 0x43, 0x2D, 0xBB, 0x4C, 0x16, 0x52, 0x63, + 0x57, 0xA5, 0x63, 0x4E, 0xEC, 0xDE, 0x93, 0xC5, + 0x1D, 0xD4, 0xD6, 0xF0, 0x06, 0x5B, 0x2E, 0xC5, + 0x7A, 0xD3, 0xB5, 0x82, 0x66, 0x53, 0x95, 0x97, + 0xC8, 0xF4, 0x2B, 0x55, 0x27, 0x1D, 0x6F, 0x90, + 0xE9, 0x86, 0xF6, 0x82, 0x8D, 0x95, 0x9E, 0xE8, + 0x00, 0xDB, 0xEB, 0xCF, 0x48, 0x23, 0x6B, 0xA3, + 0xDE, 0x25, 0x27, 0xE0, 0xEC, 0xA4, 0xA3, 0xC2, + 0xA3, 0x4B, 0xBC, 0xDD, 0x6C, 0xBB, 0x3A, 0x9C, + 0x96, 0xDC, 0x3B, 0xE1, 0x10, 0xD3, 0x49, 0x94, + 0x66, 0xE2, 0x85, 0x7F, 0xBA, 0x98, 0x12, 0x3A, + 0x6D, 0xBA, 0x90, 0x14, 0x87, 0x7E, 0x24, 0xEA, + 0xDC, 0xCA, 0x40, 0xF8, 0xAE, 0x94, 0xB2, 0xFE, + 0xD2, 0x36, 0xCB, 0xE5, 0xBC, 0xA9, 0xDF, 0xE0, + 0xCB, 0xA9, 0xA0, 0xF8, 0x62, 0x41, 0x33, 0x18, + 0x59, 0xF9, 0xD6, 0xC0, 0x87, 0xB2, 0x76, 0xDE, + 0xC9, 0x35, 0x6F, 0x1F, 0xEF, 0x69, 0xB3, 0x59, + 0xF9, 0xFB, 0x38, 0x4A, 0x84, 0x02, 0x2D, 0xEC, + 0xB7, 0x01, 0x08, 0xDA, 0xC8, 0xE9, 0x3B, 0xB6, + 0xC3, 0x00, 0xC0, 0x34, 0x5F, 0xC6, 0x40, 0xC0, + 0x06, 0xEA, 0xEB, 0xC1, 0x51, 0x13, 0x81, 0x2F, + 0xB3, 0x7D, 0xD9, 0x6E, 0x2A, 0x06, 0xA4, 0x63, + 0xAF, 0xCE, 0x66, 0xC5, 0x9F, 0x8D, 0x71, 0x4A, + 0xA1, 0xFF, 0x49, 0x4F, 0x08, 0x6F, 0xB9, 0xEA, + 0xDA, 0x18, 0x45, 0x63, 0xCA, 0x9D, 0x88, 0x08, + 0xB1, 0x6C, 0x19, 0xA8, 0x24, 0xAD, 0x85, 0x7D, + 0xDE, 0x51, 0xE5, 0x08, 0xB7, 0x04, 0x12, 0x35, + 0xF3, 0x00, 0xED, 0x2C, 0x79, 0x9C, 0x18, 0x23, + 0x05, 0x38, 0x95, 0x76, 0xCF, 0x39, 0x3C, 0xAE, + 0xB0, 0xD3, 0xBA, 0x3E, 0x4E, 0xE4, 0xB5, 0x77, + 0xA3, 0xE3, 0x7B, 0x27, 0x5F, 0xD8, 0x05, 0x19, + 0x42, 0xAE, 0x91, 0x54, 0xE5, 0xBD, 0x7C, 0x35, + 0xE0, 0xF8, 0x95, 0x52, 0x3A, 0x29, 0xB0, 0xE6, + 0xB7, 0xAE, 0x20, 0xBE, 0x21, 0xDF, 0xF5, 0x67, + 0xEC, 0x82, 0x52, 0xFF, 0x5B, 0xD0, 0xAA, 0x14, + 0x50, 0x15, 0xE1, 0x1C, 0x6A, 0x1B, 0x94, 0x1B, + 0xCC, 0x76, 0x01, 0xBF, 0x03, 0x94, 0x42, 0xF2, + 0x00, 0x61, 0x96, 0x58, 0xD9, 0xD0, 0x40, 0x21, + 0xFA, 0xCE, 0x6B, 0xAB, 0x5D, 0x49, 0xD8, 0xD7, + 0xBC, 0x9A, 0x66, 0xC2, 0xBA, 0x3F, 0xDC, 0x49, + 0x0D, 0xA5, 0x5C, 0xB4, 0x67, 0x08, 0x38, 0xEB, + 0x2D, 0x07, 0x24, 0x5B, 0xB1, 0x22, 0x7B, 0x02, + 0x4A, 0x8A, 0x53, 0x38, 0xE9, 0x42, 0x8E, 0xA5, + 0x57, 0x41, 0xD6, 0x71, 0xA7, 0x9D, 0x6A, 0x14, + 0xD2, 0x7D, 0x13, 0xFB, 0x59, 0xD0, 0xDA, 0xE5, + 0x23, 0x9E, 0x1B, 0xC4, 0x21, 0x87, 0xBB, 0x78, + 0xE0, 0x38, 0x01, 0x1D, 0xA0, 0xD1, 0x36, 0x3F, + 0xD0, 0xA7, 0x8F, 0x86, 0x26, 0x1E, 0xB0, 0x26, + 0xDE, 0x7E, 0x17, 0x3A, 0x90, 0xFC, 0xC0, 0x17, + 0xDD, 0x78, 0xF5, 0xA3, 0x2D, 0x3E, 0x29, 0xCE, + 0x38, 0x45, 0x76, 0xA9, 0x55, 0x11, 0xB6, 0xB4, + 0xE5, 0x6E, 0xDD, 0x01, 0x4B, 0x16, 0x07, 0x99, + 0xBD, 0x19, 0x77, 0xF5, 0xD7, 0x9E, 0x39, 0x9E, + 0xAA, 0x8E, 0x2B, 0x75, 0xC5, 0xEB, 0x33, 0x56, + 0x6C, 0xD8, 0xB6, 0x3F, 0x3F, 0x4E, 0x81, 0x7E, + 0x29, 0x0A, 0x68, 0xED, 0x1E, 0x9F, 0xDC, 0x6B, + 0xFA, 0x18, 0xE3, 0xE5, 0x7D, 0x05, 0x7F, 0x22, + 0xFA, 0xA2, 0xF6, 0x0F, 0xB6, 0x34, 0x56, 0x72, + 0x55, 0x16, 0x5E, 0xF4, 0x18, 0xD1, 0x82, 0xFA, + 0xDD, 0xF7, 0xB8, 0x9F, 0x7D, 0x30, 0x10, 0x69, + 0xC4, 0x85, 0xD8, 0xE8, 0x34, 0x89, 0xD4, 0x93, + 0xBE, 0x56, 0xEE, 0xDC, 0x43, 0xD4, 0x82, 0x00, + 0xFD, 0x1E, 0x2B, 0x06, 0x69, 0x07, 0x1B, 0xBF, + 0x33, 0x61, 0x39, 0x28, 0xCA, 0x31, 0x91, 0x0B, + 0xF2, 0xEA, 0x32, 0x8E, 0xA8, 0x64, 0x13, 0x9A, + 0xEF, 0x79, 0x1A, 0x9A, 0xBE, 0x52, 0x13, 0x32, + 0x49, 0x93, 0x7D, 0xA8, 0x8C, 0x48, 0xD4, 0xC0, + 0x1D, 0x10, 0x8A, 0x46, 0x85, 0xAD, 0x29, 0xDF, + 0x2E, 0xCD, 0x41, 0x83, 0x82, 0x01, 0x28, 0x44, + 0x0E, 0xE5, 0x37, 0x8D, 0x6B, 0xCA, 0x61, 0x98, + 0xDE, 0x89, 0xA9, 0x7B, 0xBB, 0x44, 0x48, 0xA2, + 0x8D, 0x82, 0x3A, 0x57, 0x40, 0x60, 0x7C, 0x6E, + 0x69, 0x98, 0x98, 0x93, 0xFA, 0x7E, 0x29, 0x9A, + 0x74, 0x53, 0xD8, 0xDC, 0xB3, 0x4B, 0xDB, 0x7E, + 0xFE, 0x95, 0xB0, 0xC7, 0x23, 0x14, 0xEF, 0xCB, + 0x49, 0x3C, 0x09, 0xD7, 0x7B, 0xD0, 0x11, 0x9B, + 0xAC, 0xF2, 0xC2, 0x2E, 0x7C, 0xCB, 0xCD, 0x59, + 0x7F, 0x6A, 0x09, 0xFE, 0xFE, 0xDF, 0xA0, 0xA7, + 0xAC, 0x3C, 0x90, 0xBA, 0x75, 0x19, 0xF4, 0x01, + 0x60, 0x56, 0xD5, 0xFB, 0x41, 0x2B, 0xA0, 0x2D, + 0x0D, 0x45, 0xCF, 0xF3, 0xA6, 0x3D, 0x36, 0xEE, + 0xE1, 0xE4, 0x68, 0xE6, 0xEA, 0x2F, 0x67, 0x3A, + 0x7A, 0x02, 0x92, 0x6B, 0xB3, 0x18, 0xBA, 0x73, + 0xEE, 0x1B, 0x2C, 0x13, 0x7D, 0xEF, 0x4A, 0x39, + 0xE8, 0x03, 0xFF, 0x57, 0x35, 0x53, 0xE9, 0xA5, + 0xC6, 0xAA, 0x1A, 0x17, 0x21, 0xCA, 0x54, 0x38, + 0x7C, 0xB1, 0xDF, 0xB8, 0xFA, 0x7D, 0xA7, 0x26, + 0xB2, 0xAE, 0x7A, 0x05, 0x45, 0x3B, 0x40, 0x0A, + 0x19, 0xE5, 0x32, 0x52, 0x78, 0x9D, 0xC3, 0x20, + 0x63, 0x24, 0xB2, 0x58, 0x4B, 0x86, 0x1F, 0x00, + 0xA2, 0x50, 0xF9, 0x9F, 0xD9, 0xDC, 0x7D, 0x51, + 0x3D, 0xD7, 0xA6, 0x5A, 0x04, 0x03, 0x4E, 0xB3, + 0x3D, 0x2D, 0x56, 0xA4, 0x96, 0xB3, 0x6A, 0xBA, + 0x0A, 0x30, 0x08, 0xE3, 0x0F, 0xC1, 0x38, 0x24, + 0x88, 0x5D, 0x9E, 0x6F, 0x68, 0x1A, 0x7D, 0xB6, + 0x2D, 0xDD, 0xE3, 0x50, 0x1B, 0xD4, 0x07, 0x75, + 0xE2, 0xE2, 0xCC, 0x09, 0xCC, 0x8E, 0x4E, 0x67, + 0x02, 0x72, 0x02, 0xA8, 0x11, 0x70, 0xA5, 0x7F, + 0x4A, 0xC1, 0x98, 0xC1, 0x7F, 0xBF, 0x95, 0xBB, + 0xCE, 0xD3, 0x6D, 0x49, 0x30, 0xB9, 0x50, 0x8C, + 0xFA, 0x3E, 0x8B, 0xF6, 0xE5, 0x54, 0xE9, 0x1B, + 0xD7, 0xD6, 0xE5, 0x32, 0x33, 0xBB, 0x91, 0xAD, + 0xC8, 0x15, 0x76, 0x1A, 0x04, 0x35, 0xDE, 0xCC, + 0xE1, 0x67, 0x26, 0x4C, 0x2F, 0x4E, 0x34, 0x34, + 0x3D, 0x1E, 0x5A, 0xF7, 0xBC, 0xE6, 0x0C, 0x9B, + 0x7B, 0x7E, 0xE5, 0xDF, 0x72, 0x9A, 0x0D, 0xDD, + 0x4B, 0xE6, 0x6F, 0x82, 0xFB, 0x5E, 0x2C, 0xC0, + 0x7B, 0x03, 0x85, 0x76, 0x11, 0x0E, 0xFD, 0xC7, + 0xD5, 0x50, 0x26, 0xBE, 0x75, 0x5E, 0xC1, 0xF0, + 0x2E, 0x47, 0x62, 0xD6, 0xF1, 0xDA, 0xDF, 0xF4, + 0x1C, 0xEE, 0x63, 0x52, 0xC4, 0x45, 0x37, 0xE6, + 0x85, 0xA5, 0x0A, 0x07, 0x54, 0x63, 0x21, 0x7B, + 0x92, 0xF7, 0x33, 0x0C, 0xD9, 0x29, 0xCF, 0xE3, + 0xAB, 0xB5, 0xFC, 0xAA, 0x26, 0x20, 0x93, 0x55, + 0x8A, 0x07, 0x33, 0xB2, 0x7D, 0x95, 0x02, 0x7A, + 0x76, 0x9E, 0x7D, 0xBB, 0xC1, 0xF3, 0x6E, 0x84, + 0x10, 0x30, 0x4B, 0x5D, 0x59, 0x73, 0x68, 0xEC, + 0x2A, 0x63, 0x2D, 0x46, 0xE8, 0xC2, 0xF8, 0xEA, + 0x2B, 0xC4, 0x4F, 0xA7, 0x6E, 0xF4, 0x74, 0xEB, + 0x96, 0xA3, 0x64, 0x40, 0x9B, 0x23, 0x63, 0x42, + 0x4B, 0x8F, 0x85, 0x00, 0x43, 0x04, 0xAD, 0x61, + 0x76, 0x93, 0xBD, 0xC3, 0x88, 0xC3, 0xFC, 0x29, + 0x61, 0xBD, 0xB1, 0x5A, 0x1F, 0x5B, 0x20, 0xEF, + 0x95, 0xED, 0x99, 0x84, 0x96, 0xB2, 0x93, 0x81, + 0x82, 0xFF, 0xE3, 0xB9, 0x27, 0xEA, 0x9A, 0x23, + 0xF6, 0x42, 0x8D, 0xD3, 0x5C, 0x86, 0x11, 0xC8, + 0x39, 0xE3, 0x16, 0xE9, 0xA5, 0x32, 0x7C, 0xC9, + 0xEA, 0x82, 0x50, 0x9B, 0x21, 0x5C, 0xC9, 0x66, + 0xBE, 0x1C, 0x78, 0x48, 0xEF, 0x39, 0x2D, 0xA1, + 0xC6, 0xF3, 0x69, 0xA3, 0x36, 0x25, 0x3A, 0xA1, + 0x15, 0x2B, 0x6D, 0xCF, 0xDA, 0xA7, 0xCA, 0xDD, + 0x4D, 0x9A, 0x1D, 0x58, 0x9F, 0x73, 0xD3, 0xEF, + 0x0F, 0xBF, 0x03, 0x88, 0x2F, 0xDE, 0xB9, 0x44, + 0xB5, 0xB6, 0xCF, 0xE2, 0x6F, 0x6A, 0xB5, 0x12, + 0x38, 0x29, 0x55, 0x8C, 0x4C, 0x73, 0x6F, 0x0B, + 0x68, 0x7A, 0xC7, 0x06, 0x83, 0x80, 0xFE, 0x7F, + 0x61, 0xBE, 0x6B, 0x40, 0xE3, 0xF0, 0x4D, 0x7B, + 0x36, 0x82, 0x0F, 0xD8, 0x63, 0x29, 0xB3, 0x10, + 0x9D, 0x02, 0xEC, 0x63, 0x90, 0xEA, 0xFC, 0x8C, + 0xA7, 0x30, 0x56, 0x2B, 0x68, 0x08, 0x24, 0x24, + 0xFD, 0xA9, 0x8D, 0x0B, 0x64, 0xBC, 0x97, 0x34, + 0xB4, 0x0B, 0x63, 0xF7, 0xE3, 0x7A, 0xF6, 0x89, + 0x0A, 0xF7, 0xC2, 0xD9, 0x2F, 0x79, 0xEE, 0xA3, + 0xCC, 0xEA, 0xC6, 0x0A, 0x6F, 0x38, 0x06, 0x92, + 0xF8, 0x02, 0xB1, 0x55, 0x6A, 0x78, 0xFE, 0x55, + 0x83, 0xFF, 0x20, 0xA9, 0xC6, 0xA7, 0xBF, 0xCC, + 0x86, 0x3A, 0x9E, 0x7B, 0x62, 0x01, 0x4D, 0x16, + 0x05, 0xDE, 0x89, 0x4F, 0xB5, 0x85, 0xE2, 0xD4, + 0xF9, 0x41, 0x15, 0xE0, 0x29, 0xE5, 0x85, 0x7E, + 0x6A, 0x0A, 0x73, 0x89, 0x27, 0x5F, 0x53, 0x0D, + 0x3D, 0x80, 0xCF, 0xAB, 0x1F, 0x22, 0x5D, 0x38, + 0x33, 0x5D, 0x24, 0x67, 0x91, 0x97, 0xD4, 0x8A, + 0x01, 0x8A, 0x34, 0x18, 0x7D, 0xE3, 0xBC, 0xCE, + 0xDE, 0x94, 0xFF, 0x8E, 0xC5, 0x34, 0xC0, 0x2D, + 0xA7, 0x24, 0xD4, 0x59, 0x8D, 0x66, 0x9E, 0x85, + 0xA9, 0xC6, 0x0E, 0x45, 0x21, 0x4F, 0xAA, 0x65, + 0x44, 0xD6, 0xA4, 0x7D, 0x1C, 0x4E, 0xD7, 0x40, + 0x9D, 0x55, 0xB1, 0xA7, 0xF1, 0x15, 0xAE, 0x15, + 0x44, 0x3A, 0x1C, 0x31, 0x06, 0x40, 0xD1, 0x16, + 0x23, 0x84, 0x93, 0xEF, 0x3E, 0xE2, 0x87, 0x9B, + 0xB8, 0x46, 0x1F, 0x7D, 0x68, 0x73, 0x64, 0x70, + 0xD4, 0xB5, 0x73, 0xAE, 0x45, 0x49, 0x93, 0xF5, + 0x32, 0x30, 0x1E, 0x35, 0xCB, 0x9E, 0xEE, 0xDF, + 0xFE, 0xA8, 0x2F, 0xAC, 0x49, 0x77, 0x53, 0xF7, + 0x50, 0x19, 0xF2, 0xB3, 0xB0, 0x2C, 0x70, 0xB6, + 0x4A, 0x57, 0x95, 0x31, 0xC3, 0x26, 0x07, 0x2A, + 0xCF, 0x1B, 0xD0, 0xAA, 0xA0, 0x9F, 0x0A, 0x97, + 0x8B, 0x78, 0xAB, 0x22, 0xBD, 0x61, 0x19, 0xF8, + 0x8D, 0xD2, 0xD5, 0x72, 0xF8, 0x91, 0x9D, 0x47, + 0x4F, 0x59, 0x1D, 0xAE, 0x9F, 0xCE, 0x47, 0x53, + 0xC9, 0x85, 0xFB, 0x25, 0x04, 0x25, 0xF2, 0x65, + 0x61, 0xFF, 0xA9, 0x44, 0x3F, 0x23, 0x76, 0x68, + 0x9F, 0xEB, 0x48, 0xC4, 0xCE, 0x51, 0x46, 0x04, + 0x52, 0x6A, 0x10, 0x0A, 0xF3, 0x3F, 0x0D, 0x43, + 0x37, 0xD1, 0x60, 0x42, 0x22, 0xC4, 0xD9, 0xF9, + 0x3A, 0x8E, 0x69, 0xE4, 0xCC, 0xD3, 0x66, 0x69, + 0x09, 0x0C, 0x5D, 0xFB, 0x0E, 0x95, 0x49, 0x42, + 0x29, 0xFF, 0x9B, 0x20, 0xCC, 0xB1, 0xAC, 0x81, + 0xB8, 0x1A, 0x36, 0xD6, 0x3A, 0x85, 0x0D, 0xDB, + 0x33, 0x33, 0x4D, 0xAA, 0x51, 0x46, 0xBF, 0x36, + 0xFE, 0x18, 0x80, 0x1E, 0x3B, 0xEB, 0xD0, 0xE9, + 0x1B, 0x5E, 0x1C, 0xFE, 0x7A, 0x98, 0x26, 0x85, + 0x0A, 0xF4, 0x39, 0x7D, 0x1B, 0x07, 0xD3, 0xB7, + 0x19, 0xE5, 0x7B, 0xB8, 0x32, 0xAF, 0x42, 0x34, + 0xC0, 0xCD, 0x9F, 0xD4, 0x0B, 0x88, 0x2F, 0xCE, + 0xDA, 0x93, 0x7E, 0xF9, 0xA2, 0xDA, 0x24, 0x59, + 0x2B, 0xCB, 0x5D, 0x1B, 0xE8, 0x3E, 0xC5, 0xF0, + 0x3D, 0xBD, 0xFB, 0xCB, 0x33, 0x5D, 0x90, 0xD5, + 0xC8, 0xA0, 0x2E, 0xE5, 0x3D, 0x50, 0x8E, 0xB5, + 0xDE, 0x4A, 0x96, 0x1B, 0x95, 0x8F, 0x75, 0x1E, + 0x5F, 0x89, 0xA1, 0xD2, 0x88, 0x95, 0xA3, 0xDB, + 0x7B, 0x62, 0xEF, 0x4A, 0xE1, 0x6D, 0x28, 0xFB, + 0x78, 0x9B, 0x32, 0x03, 0xAD, 0x24, 0x63, 0xD6, + 0xEA, 0xB8, 0x3A, 0x6D, 0x20, 0xCE, 0xA1, 0x31, + 0x4A, 0xE0, 0x2A, 0x3F, 0xF6, 0xF6, 0x53, 0x15, + 0x4A, 0xE1, 0x44, 0x23, 0x81, 0x86, 0x21, 0x47, + 0x41, 0xC2, 0x36, 0x14, 0x81, 0x83, 0xBC, 0x39, + 0xAE, 0xDF, 0x44, 0xDA, 0x97, 0xF7, 0x31, 0xCE, + 0x3D, 0xCB, 0x61, 0xA4, 0xCF, 0xE1, 0x4F, 0x9E, + 0x84, 0xAA, 0x05, 0xAB, 0x1C, 0x1B, 0x95, 0x1D, + 0x20, 0x15, 0x52, 0x33, 0xFA, 0xFA, 0xF1, 0x6C, + 0xF1, 0xBD, 0x0B, 0xAF, 0xE1, 0x99, 0xE6, 0x5D, + 0x56, 0x34, 0x53, 0xBF, 0xE5, 0x5D, 0x5F, 0x47, + 0x4A, 0xB1, 0x05, 0x94, 0xD7, 0x38, 0xA8, 0xC1, + 0x06, 0x28, 0x8D, 0x69, 0xD0, 0x7A, 0x16, 0x88, + 0x60, 0x14, 0x63, 0xF3, 0xBD, 0x21, 0x46, 0x81, + 0x9C, 0x83, 0x72, 0x6D, 0x14, 0xC6, 0xA8, 0x08, + 0x39, 0xB8, 0x79, 0x0B, 0x57, 0x16, 0xE7, 0x72, + 0xF6, 0xC2, 0x4C, 0x2B, 0xEB, 0x7E, 0x2C, 0xF3, + 0x7B, 0x3F, 0x42, 0xAC, 0xDD, 0x47, 0x3E, 0x8C, + 0xCD, 0xBE, 0x48, 0x4D, 0x6E, 0x07, 0xB0, 0x73, + 0xDE, 0xCB, 0x17, 0x4A, 0xC3, 0xB8, 0xBB, 0x2E, + 0xF5, 0x4E, 0x6D, 0xF9, 0xE0, 0x20, 0x71, 0xFA, + 0x60, 0x0A, 0xE5, 0x59, 0x67, 0xEB, 0x6F, 0x70, + 0x2F, 0x71, 0x91, 0x59, 0xF0, 0xEB, 0x06, 0x5C, + 0xC4, 0x60, 0x48, 0xE8, 0x75, 0xE7, 0xCF, 0x42, + 0x71, 0xAD, 0x2E, 0xDA, 0xF9, 0x10, 0x82, 0x9A, + 0xF6, 0x13, 0xBA, 0x89, 0xFC, 0x61, 0x2A, 0x00, + 0xFD, 0xAE, 0x53, 0x7B, 0x09, 0x3A, 0xE8, 0xCB, + 0xE6, 0xB7, 0x0D, 0x03, 0x01, 0xFA, 0x2E, 0x13, + 0xA9, 0x16, 0x38, 0x1C, 0x92, 0xEC, 0xB4, 0x51, + 0xA3, 0x6E, 0x3F, 0xA8, 0xB7, 0x37, 0x36, 0x20, + 0xC0, 0x71, 0xA3, 0x05, 0x34, 0xED, 0xCB, 0x4A, + 0x3F, 0x11, 0x31, 0x17, 0xA5, 0x02, 0xD6, 0xA7, + 0x2D, 0xE6, 0xC7, 0x7B, 0xBB, 0xF6, 0xAE, 0x99, + 0x85, 0x9A, 0xAC, 0xE6, 0x4A, 0x92, 0x8C, 0x37, + 0x4B, 0xD2, 0xC4, 0x65, 0x2A, 0xC9, 0x7E, 0xB7, + 0x44, 0xD2, 0x9A, 0x70, 0xCE, 0xA9, 0xA1, 0x9D, + 0x70, 0x13, 0x49, 0x7B, 0xCA, 0xB6, 0x96, 0x31, + 0x43, 0x3F, 0x9E, 0xD1, 0xFE, 0x20, 0xF8, 0x0B, + 0x59, 0x83, 0xE1, 0x28, 0x8B, 0xB6, 0xA2, 0xBE, + 0x91, 0x54, 0x3E, 0xD4, 0x79, 0x28, 0xBB, 0x5E, + 0x46, 0x2D, 0x01, 0xE9, 0xC0, 0xB7, 0xFF, 0xFA, + 0xC0, 0x6C, 0x10, 0xF1, 0x52, 0xF4, 0x3C, 0x32, + 0x9E, 0x89, 0xDF, 0x8A, 0x79, 0x99, 0x6A, 0x09, + 0x79, 0x8A, 0x36, 0x76, 0x40, 0xBE, 0x9F, 0xB5, + 0x3D, 0xCE, 0x27, 0xBD, 0x0B, 0xAA, 0x9B, 0xF0, + 0x21, 0xBF, 0x10, 0xD2, 0xFC, 0xFE, 0x5B, 0x13, + 0xFD, 0x7D, 0x84, 0xD1, 0xC1, 0xEB, 0xC0, 0xBC, + 0xEC, 0x26, 0xD0, 0x87, 0x80, 0xD1, 0x3B, 0x99, + 0x47, 0x67, 0x26, 0x61, 0xE0, 0xFA, 0x5F, 0xAE, + 0x6F, 0x31, 0x5B, 0x6D, 0xE4, 0x01, 0x68, 0xC2, + 0x35, 0x1D, 0xE3, 0x1F, 0x41, 0xFF, 0x6C, 0x53, + 0x32, 0x26, 0xE1, 0xBC, 0xE3, 0xF8, 0xE2, 0x16, + 0xAF, 0x3B, 0xE6, 0x4C, 0x69, 0x33, 0x72, 0xA0, + 0x66, 0xB1, 0x75, 0xF7, 0x26, 0xCF, 0xCD, 0x64, + 0x2B, 0xAE, 0x98, 0x02, 0x92, 0xC1, 0xCB, 0x65, + 0xE0, 0x1F, 0x07, 0x29, 0x64, 0x0A, 0xB0, 0x09, + 0xCB, 0x98, 0x89, 0x2D, 0x6C, 0xFE, 0x40, 0x03, + 0x34, 0x55, 0xDE, 0xE7, 0x30, 0x33, 0xB6, 0xD5, + 0xE1, 0x9C, 0x59, 0x9F, 0x8A, 0x40, 0x0E, 0xB1, + 0x41, 0x52, 0x7D, 0xF2, 0xBB, 0xDD, 0xEF, 0x50, + 0xBB, 0xD5, 0xFB, 0x55, 0xAA, 0x5E, 0xFD, 0xB3, + 0x5D, 0x08, 0x56, 0x9B, 0x02, 0x97, 0xE2, 0x48, + 0x14, 0x69, 0xF1, 0x7B, 0x87, 0xB5, 0x08, 0x93, + 0x6A, 0x9C, 0x5C, 0x11, 0x08, 0x9A, 0xE9, 0xE4, + 0xB0, 0xCA, 0xC5, 0x74, 0x93, 0x93, 0xC8, 0x03, + 0xE4, 0x70, 0x39, 0xF5, 0x1B, 0x5C, 0xBD, 0x42, + 0xA6, 0xC9, 0xE1, 0x9E, 0xC3, 0xF6, 0x3C, 0x23, + 0x32, 0xE8, 0x77, 0x68, 0xA9, 0x60, 0xFA, 0x02, + 0x18, 0x6B, 0x7A, 0x2B, 0x02, 0x92, 0x65, 0x09, + 0x11, 0x46, 0x73, 0x04, 0x63, 0xDF, 0x8B, 0x37, + 0x5F, 0x24, 0xAA, 0x83, 0xBD, 0xD4, 0x1D, 0x13, + 0x04, 0xFC, 0x2F, 0xB5, 0x2D, 0xA1, 0x0F, 0x1F, + 0xED, 0x65, 0x29, 0x08, 0xCF, 0x8C, 0x52, 0x8F, + 0xB2, 0x62, 0x5F, 0x39, 0x3F, 0xC8, 0xC7, 0xB3, + 0x3F, 0xAD, 0x45, 0xBA, 0xD4, 0x7D, 0x38, 0x3D, + 0x2C, 0x04, 0xCF, 0x32, 0xE8, 0x07, 0x42, 0x5F, + 0x93, 0xD2, 0x35, 0x07, 0x21, 0xB7, 0xB2, 0xF5, + 0x96, 0x64, 0x8E, 0xB5, 0xE1, 0x38, 0x6B, 0x43, + 0xD1, 0x2E, 0xFD, 0xDB, 0x8F, 0xE2, 0x43, 0x6A, + 0xEC, 0x27, 0x8E, 0xE7, 0x68, 0x75, 0xB5, 0x23, + 0xC5, 0x43, 0x1D, 0x99, 0x48, 0x57, 0x73, 0xD9, + 0xAD, 0xBC, 0xD0, 0x14, 0xDD, 0x87, 0xBC, 0x68, + 0xFB, 0x82, 0xEE, 0x47, 0x4B, 0x22, 0xA5, 0x43, + 0x3A, 0xF9, 0xF9, 0x91, 0xFC, 0x34, 0xB2, 0x58, + 0x34, 0xDF, 0x13, 0x09, 0x9A, 0x46, 0xF5, 0x68, + 0xAF, 0xD1, 0x15, 0x5F, 0x32, 0x1B, 0x9D, 0xA9, + 0xE9, 0xC0, 0x63, 0x47, 0xAB, 0x3C, 0x1F, 0x59, + 0xF7, 0xEA, 0x0E, 0xD6, 0xCF, 0x47, 0xB3, 0xE9, + 0xAF, 0x65, 0x7A, 0xA7, 0xAE, 0x9B, 0xF8, 0x26, + 0x0B, 0x96, 0x9D, 0xE4, 0xAD, 0x24, 0xD3, 0xA8, + 0xCE, 0x95, 0xE5, 0x77, 0xD0, 0x44, 0x13, 0x05, + 0x06, 0x4E, 0x07, 0xB9, 0xA2, 0xC7, 0x5C, 0x3C, + 0x43, 0x80, 0x1F, 0xCE, 0xB7, 0x36, 0xFE, 0x3D, + 0x27, 0x1B, 0xE1, 0xF3, 0x6B, 0xFF, 0xC8, 0xE4, + 0x3D, 0xB1, 0x4A, 0x16, 0x24, 0x76, 0xBA, 0xEA, + 0x9D, 0x34, 0x6B, 0x52, 0x11, 0xAB, 0xD0, 0x06, + 0x08, 0xB1, 0x5A, 0xF3, 0xB5, 0xE6, 0x3A, 0x00, + 0xFF, 0x92, 0x8D, 0x1E, 0xA1, 0xA1, 0x8D, 0x75, + 0xFA, 0x7C, 0x6C, 0x1B, 0x0F, 0xB6, 0x27, 0x2E, + 0x55, 0xC3, 0xFE, 0x7E, 0x4D, 0x42, 0x05, 0xE5, + 0xCF, 0x0A, 0x1F, 0x87, 0x18, 0x30, 0x4E, 0x14, + 0xF2, 0xB4, 0xCC, 0x54, 0x3D, 0x04, 0x37, 0x34, + 0x1A, 0x4A, 0x31, 0x16, 0x01, 0xA9, 0x2E, 0x92, + 0x56, 0x6B, 0x7D, 0xFB, 0x42, 0x64, 0xE8, 0x70, + 0xE1, 0xB3, 0xA8, 0x75, 0xED, 0xBC, 0x00, 0x3A, + 0x56, 0x19, 0x70, 0xCF, 0x8A, 0x66, 0x9F, 0x3D, + 0x1B, 0x69, 0x28, 0x8C, 0xC6, 0xE3, 0x59, 0xCE, + 0x28, 0xCA, 0x65, 0xF9, 0xDA, 0xE8, 0xCE, 0xCA, + 0x74, 0x3C, 0x1C, 0x8D, 0x9F, 0xFB, 0x55, 0x08, + 0x82, 0x4A, 0x83, 0x61, 0xE3, 0x3B, 0x43, 0x1A, + 0x2E, 0x9E, 0x9A, 0x99, 0x78, 0x47, 0xD2, 0xE6, + 0xE4, 0x3C, 0x83, 0xF0, 0x22, 0x62, 0xE2, 0x94, + 0x6D, 0xF7, 0x72, 0x6D, 0x54, 0xE3, 0xE6, 0xC9, + 0xCC, 0xDB, 0x6D, 0x3F, 0x13, 0x63, 0x46, 0xC1, + 0x1E, 0x59, 0x42, 0xE7, 0xA1, 0xBF, 0x85, 0x0C, + 0x2E, 0x99, 0xB4, 0xFA, 0xCE, 0x75, 0xFD, 0x40, + 0x88, 0x69, 0x33, 0x90, 0x7C, 0xCD, 0xFC, 0x0D, + 0xE1, 0x17, 0x70, 0x20, 0x31, 0x94, 0x1D, 0x00, + 0x1E, 0x2A, 0x68, 0x3C, 0x55, 0x78, 0xFD, 0x33, + 0x54, 0x21, 0x2C, 0xEA, 0xD9, 0x69, 0xBF, 0x1C, + 0x81, 0x23, 0x9E, 0xEC, 0xC7, 0x74, 0xFD, 0x0B, + 0x88, 0x3D, 0x0E, 0xEE, 0x82, 0x4B, 0x10, 0xB8, + 0x79, 0xCF, 0x70, 0x7C, 0xB2, 0x68, 0x47, 0x45, + 0x22, 0x06, 0x1E, 0x92, 0x7B, 0x12, 0x43, 0x24, + 0x41, 0x15, 0xC6, 0x69, 0xE9, 0xEB, 0x27, 0x2B, + 0x60, 0xA6, 0x44, 0xF5, 0x19, 0xEF, 0xEC, 0x06, + 0x34, 0x08, 0xB6, 0x58, 0x47, 0x2E, 0x91, 0x61, + 0xA1, 0xF7, 0x44, 0xFD, 0x66, 0x16, 0x9F, 0x0C, + 0xAE, 0x36, 0xB4, 0x2E, 0x23, 0x79, 0xCB, 0xE8, + 0x1E, 0x6E, 0x51, 0xA0, 0xF5, 0x34, 0x15, 0x18, + 0x4E, 0xA0, 0x06, 0xB2, 0x27, 0x0B, 0x33, 0xE2, + 0xCA, 0x36, 0x4C, 0xDB, 0x33, 0xAA, 0xAE, 0x77, + 0xFF, 0xD9, 0x53, 0xDB, 0x39, 0x70, 0x4D, 0x49, + 0x0C, 0xE9, 0xAC, 0x6F, 0x2D, 0xD1, 0xC7, 0xA1, + 0x8E, 0x61, 0x74, 0x19, 0xA9, 0xAA, 0xFB, 0x37, + 0xE7, 0x23, 0x9B, 0x23, 0x6A, 0x4B, 0x74, 0xCE, + 0x63, 0xE4, 0xA0, 0xAD, 0xFF, 0x85, 0x5D, 0xCD, + 0x78, 0xF6, 0x45, 0x8E, 0x76, 0x0B, 0xFD, 0x1D, + 0x2A, 0xB9, 0x5E, 0x83, 0xC0, 0x3B, 0x6F, 0xAE, + 0x0C, 0xD3, 0xC5, 0xCE, 0xEE, 0xEE, 0x1C, 0x69, + 0x51, 0x59, 0x65, 0xA3, 0x35, 0xFC, 0xF7, 0x8E, + 0x80, 0xAA, 0x73, 0x93, 0x39, 0x54, 0x21, 0x27, + 0x17, 0x0B, 0x2C, 0x3E, 0xE1, 0x0B, 0x0E, 0xAA, + 0x09, 0x9A, 0xC7, 0xAD, 0x4C, 0xD7, 0x6E, 0x7F, + 0xE4, 0xC1, 0x16, 0x4E, 0x62, 0xF4, 0xE5, 0x80, + 0x7D, 0xC0, 0x06, 0x1F, 0x77, 0xE4, 0xA8, 0xA5, + 0x28, 0xD7, 0x10, 0x37, 0x59, 0x30, 0xCB, 0x75, + 0x5B, 0x28, 0xBF, 0xFD, 0x92, 0x8C, 0xB0, 0x7B, + 0xB4, 0xA1, 0x07, 0xCD, 0xCA, 0xBB, 0x30, 0x8A, + 0x48, 0x65, 0x0D, 0xA4, 0xE5, 0x74, 0xD9, 0xBF, + 0x56, 0x07, 0xF5, 0x83, 0xDA, 0xC3, 0x40, 0xD7, + 0x20, 0x93, 0xEF, 0xB1, 0x2B, 0xBF, 0x93, 0x41, + 0x0F, 0x1E, 0xF5, 0xC9, 0x51, 0x6C, 0x74, 0x4D, + 0x23, 0x15, 0xEC, 0x9E, 0x00, 0x0A, 0x8D, 0xC5, + 0xD1, 0x7A, 0x7B, 0x6F, 0x0D, 0x07, 0x9D, 0x78, + 0x4B, 0x6D, 0x90, 0x19, 0x3F, 0x6E, 0x3E, 0xE7, + 0xEA, 0x0E, 0xAB, 0xFC, 0x6F, 0x68, 0xC5, 0x2B, + 0x37, 0xCB, 0xCE, 0x82, 0x18, 0xAF, 0xA3, 0x67, + 0x0A, 0x80, 0xBC, 0x17, 0xB9, 0x5D, 0x7B, 0x40, + 0x53, 0x62, 0x26, 0x35, 0x8F, 0x04, 0xAC, 0xD9, + 0x2A, 0x1B, 0xE1, 0x5B, 0x26, 0xA4, 0xE5, 0x81, + 0x7E, 0x62, 0x8B, 0xA6, 0x79, 0xB3, 0x52, 0x72, + 0x03, 0xCD, 0x36, 0x32, 0x62, 0x8E, 0xC8, 0x3A, + 0xA4, 0xF2, 0x18, 0x6D, 0x2F, 0x00, 0x5D, 0x5D, + 0xFE, 0x6F, 0x7F, 0xDB, 0x4F, 0xED, 0xAC, 0x9E, + 0x89, 0xD6, 0x66, 0xE3, 0x03, 0xBB, 0x56, 0x83, + 0x06, 0x15, 0x6C, 0x56, 0xF0, 0x95, 0x34, 0xE2, + 0x5C, 0x61, 0x9A, 0xB3, 0xB9, 0x50, 0x18, 0xF4, + 0x89, 0x6B, 0xAC, 0xAA, 0x48, 0x34, 0xF6, 0xD2, + 0xD8, 0xFE, 0x14, 0xA9, 0x38, 0xAA, 0x10, 0xE5, + 0x30, 0x54, 0xF0, 0x00, 0x84, 0x44, 0xAC, 0x2E, + 0xEA, 0x25, 0x38, 0xC1, 0x23, 0x0E, 0x6A, 0x18, + 0xC9, 0x2B, 0x01, 0xD9, 0x14, 0x7F, 0xDC, 0xEF, + 0xC9, 0xC8, 0xDA, 0xC1, 0xD4, 0xEC, 0xC8, 0xCF, + 0x1F, 0x96, 0x2E, 0xFA, 0x1B, 0x8C, 0xD3, 0xC9, + 0x69, 0x00, 0x0B, 0x7E, 0xBA, 0xC5, 0x98, 0xDC, + 0xA4, 0x5E, 0xB4, 0x0B, 0xCF, 0xB1, 0x98, 0x51, + 0x48, 0x38, 0x51, 0xCF, 0x34, 0x0F, 0x3E, 0x8C, + 0x23, 0x7A, 0x9E, 0xFF, 0x1C, 0x9F, 0x21, 0xE4, + 0x97, 0x55, 0x41, 0xC6, 0x1A, 0x8F, 0xEF, 0x2A, + 0xC6, 0x05, 0x7F, 0x59, 0xDC, 0xB2, 0x3A, 0x80, + 0xE8, 0x06, 0x10, 0xCD, 0x85, 0xDB, 0x20, 0x3C, + 0x35, 0xD2, 0x4B, 0xC8, 0x2B, 0x9C, 0xD7, 0x82, + 0x46, 0xF5, 0x9F, 0xEB, 0xB2, 0x48, 0x32, 0xD7, + 0xCD, 0x66, 0x4C, 0x99, 0x51, 0x88, 0xE0, 0x28, + 0x1C, 0xD7, 0x86, 0x79, 0x00, 0xDC, 0x0D, 0xF4, + 0x4D, 0x40, 0x90, 0x80, 0x26, 0x8B, 0x79, 0xE9, + 0x56, 0x82, 0x88, 0x5F, 0x22, 0x87, 0x70, 0x73, + 0x4F, 0xA5, 0x35, 0x18, 0xEC, 0x80, 0xCE, 0x23, + 0x06, 0xCE, 0x14, 0x48, 0x52, 0x4E, 0xF0, 0x18, + 0x43, 0x03, 0xD4, 0x50, 0xC7, 0x6E, 0xA6, 0x3B, + 0x73, 0x3E, 0xB0, 0xC8, 0xDC, 0x48, 0xBF, 0x12, + 0x42, 0x3A, 0xD2, 0x38, 0x89, 0xCF, 0xCD, 0xD8, + 0x91, 0xE5, 0x95, 0x00, 0x47, 0x24, 0x0D, 0xC0, + 0xC3, 0x8A, 0xB2, 0xDB, 0xC1, 0x65, 0xB8, 0x1E, + 0x63, 0x10, 0x02, 0xEA, 0x6F, 0x74, 0x11, 0x9E, + 0x27, 0xF9, 0xF8, 0x60, 0x73, 0xBF, 0x2D, 0xF7, + 0x10, 0x81, 0x86, 0x76, 0x98, 0x0C, 0x4C, 0xB6, + 0xBD, 0x53, 0xF9, 0xA5, 0x72, 0x17, 0x78, 0xB8, + 0x9F, 0x59, 0xC6, 0x8C, 0x89, 0x35, 0xF5, 0x03, + 0x1C, 0x8A, 0x93, 0x36, 0x7D, 0x71, 0x70, 0x57, + 0xFD, 0x4D, 0x5E, 0xFA, 0xBE, 0xDE, 0x70, 0x2C, + 0xC6, 0x45, 0xEF, 0xB6, 0xD7, 0xF4, 0x4C, 0x86, + 0x0F, 0xFF, 0x76, 0x37, 0xAA, 0xD9, 0x72, 0x24, + 0x8C, 0x84, 0x4D, 0x15, 0x13, 0x39, 0x20, 0x07, + 0x38, 0x91, 0xC3, 0x13, 0x5D, 0x29, 0x78, 0x68, + 0xB7, 0xDA, 0x86, 0xF0, 0x97, 0xD8, 0xFB, 0x39, + 0xC1, 0x3B, 0xA1, 0x4C, 0x4F, 0x24, 0x75, 0x16, + 0xAB, 0xA4, 0xC5, 0xF8, 0xCE, 0x38, 0x18, 0x48, + 0x2C, 0x8F, 0xF6, 0x0C, 0xCA, 0x51, 0xFD, 0xB2, + 0xCE, 0xE9, 0x6B, 0xC1, 0x13, 0x8D, 0xC0, 0x4A, + 0x86, 0xF8, 0x57, 0x72, 0x75, 0x91, 0xAA, 0xE6, + 0xF8, 0x7C, 0x30, 0x05, 0x9B, 0x3E, 0x81, 0xB6, + 0x80, 0x55, 0xB2, 0x4E, 0xA2, 0xFA, 0x98, 0x36, + 0x86, 0x49, 0x8B, 0xFC, 0x9D, 0x9E, 0x7D, 0x59, + 0x50, 0x79, 0xEB, 0x64, 0x6E, 0x85, 0xB2, 0x12, + 0xCE, 0xDD, 0x21, 0xD0, 0x08, 0x7E, 0x0F, 0x2A, + 0xF6, 0x63, 0xEB, 0x77, 0x2A, 0x98, 0x47, 0xB1, + 0xDF, 0x21, 0x97, 0xAF, 0x13, 0x62, 0x6B, 0x89, + 0x7C, 0x24, 0x63, 0x7A, 0xF5, 0xBF, 0xE8, 0x18, + 0x16, 0xA8, 0xC9, 0x0D, 0x30, 0x48, 0x37, 0x5B, + 0x69, 0x94, 0x97, 0x14, 0x3E, 0x57, 0x71, 0x85, + 0xA7, 0x0E, 0x11, 0x50, 0x58, 0xA3, 0xA9, 0x11, + 0x2B, 0x2C, 0x43, 0x51, 0xB6, 0xCA, 0xD0, 0x09, + 0x28, 0x2B, 0x4F, 0x7C, 0xB8, 0xBD, 0xFC, 0x28, + 0x57, 0x77, 0xD7, 0xDF, 0xE8, 0xF5, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17, + 0x1F, 0x27, 0x2E + + }; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44, + (word32)sizeof(msg_44), &res, key), 0); + ExpectIntEQ(res, 1); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65, + (word32)sizeof(msg_65), &res, key), 0); + ExpectIntEQ(res, 1); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87, + (word32)sizeof(msg_87), &res, key), 0); + ExpectIntEQ(res, 1); +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +/* + * Testing wc_SetSubjectBuffer + */ +static int test_wc_SetSubjectBuffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + Cert cert; + XFILE file = XBADFILE; + byte* der = NULL; + word32 derSz; + + derSz = FOURK_BUF; + ExpectNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((file = XFOPEN("./certs/ca-cert.der", "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, FOURK_BUF, file)) > 0); + if (file != XBADFILE) + XFCLOSE(file); + + ExpectIntEQ(wc_InitCert(&cert), 0); + ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, (int)derSz), 0); + ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), BAD_FUNC_ARG); + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} /* End test_wc_SetSubjectBuffer*/ + +/* + * Testing wc_SetSubjectKeyIdFromPublicKey_ex + */ +static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + WC_RNG rng; + Cert cert; +#if !defined(NO_RSA) && defined(HAVE_RSA) + RsaKey rsaKey; + int bits = 2048; +#endif +#if defined(HAVE_ECC) + ecc_key eccKey; + int ret; +#endif +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key ed25519Key; +#endif +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key ed448Key; +#endif + +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectIntEQ(wc_InitCert(&cert), 0); + +#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) + /* RSA */ + XMEMSET(&rsaKey, 0, sizeof(RsaKey)); + ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); + ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), + 0); + DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); +#endif + +#if defined(HAVE_ECC) + /* ECC */ + XMEMSET(&eccKey, 0, sizeof(ecc_key)); + ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), + 0); + DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + /* ED25519 */ + XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); + ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, + &ed25519Key), 0); + wc_ed25519_free(&ed25519Key); +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + /* ED448 */ + XMEMSET(&ed448Key, 0, sizeof(ed448_key)); + ExpectIntEQ(wc_ed448_init(&ed448Key), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, + &ed448Key), 0); + wc_ed448_free(&ed448Key); +#endif + + wc_FreeRng(&rng); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif /* WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} /* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/ + +/* + * Testing wc_SetAuthKeyIdFromPublicKey_ex + */ +static int test_wc_SetAuthKeyIdFromPublicKey_ex(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + WC_RNG rng; + Cert cert; +#if !defined(NO_RSA) && defined(HAVE_RSA) + RsaKey rsaKey; + int bits = 2048; +#endif +#if defined(HAVE_ECC) + ecc_key eccKey; + int ret; +#endif +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key ed25519Key; +#endif +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key ed448Key; +#endif + +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectIntEQ(wc_InitCert(&cert), 0); + +#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) + /* RSA */ + XMEMSET(&rsaKey, 0, sizeof(RsaKey)); + ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); + ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), 0); + DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); +#endif + +#if defined(HAVE_ECC) + /* ECC */ + XMEMSET(&eccKey, 0, sizeof(ecc_key)); + ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), 0); + DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + /* ED25519 */ + XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); + ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, + &ed25519Key), 0); + wc_ed25519_free(&ed25519Key); +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + /* ED448 */ + XMEMSET(&ed448Key, 0, sizeof(ed448_key)); + ExpectIntEQ(wc_ed448_init(&ed448Key), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key), + 0); + wc_ed448_free(&ed448Key); +#endif + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif /* defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/ + return EXPECT_RESULT(); +} /* End test_wc_SetAuthKeyIdFromPublicKey_ex*/ + +/* + * Testing wc_PKCS7_New() + */ +static int test_wc_PKCS7_New(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId)); + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test-wc_PKCS7_New */ + +/* + * Testing wc_PKCS7_Init() + */ +static int test_wc_PKCS7_Init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + + ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test-wc_PKCS7_Init */ + + +/* + * Testing wc_PKCS7_InitWithCert() + */ +static int test_wc_PKCS7_InitWithCert(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + unsigned char cert[sizeof(client_cert_der_2048)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048)); + #elif defined(USE_CERT_BUFFERS_1024) + unsigned char cert[sizeof(client_cert_der_1024)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024); + #else + unsigned char cert[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256)); + #else + unsigned char cert[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), + fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#else + #error PKCS7 requires ECC or RSA +#endif + +#ifdef HAVE_ECC + { + /* bad test case from ZD 11011, malformed cert gives bad ECC key */ + static unsigned char certWithInvalidEccKey[] = { + 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, + 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, + 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, @@ -26814,13 +38396,13 @@ static int test_wc_PKCS7_EncodeData(void) ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); if (pkcs7 != NULL) { pkcs7->content = data; pkcs7->contentSz = sizeof(data); pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; } ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0); @@ -27066,7 +38648,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) /* reinitialize and test setting stream mode */ { - int signedSz; + int signedSz = 0; encodeSignedDataStream strm; ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); @@ -27102,7 +38684,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* use exact signed buffer size since BER encoded */ - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0); wc_PKCS7_Free(pkcs7); /* now try with using callbacks for IO */ @@ -27135,7 +38717,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* use exact signed buffer size since BER encoded */ - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, signedSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, (word32)signedSz), 0); } #endif #ifndef NO_PKCS7_STREAM @@ -27207,6 +38789,167 @@ static int test_wc_PKCS7_EncodeSignedData(void) return EXPECT_RESULT(); } /* END test_wc_PKCS7_EncodeSignedData */ +static int test_wc_PKCS7_EncodeSignedData_absent(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + WC_RNG rng; + byte output[FOURK_BUF]; + word32 outputSz = (word32)sizeof(output); + int withParamsLen = 0; + int withoutParamsLen = 0; + byte data[] = "Test data to encode."; +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + #elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof(sizeof_client_cert_der_1024)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, certSz); + XMEMCPY(key, ecc_clikey_der_256, keySz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#endif + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + XMEMSET(output, 0, outputSz); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* First generate and verify with NULL params */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + + withParamsLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz); + ExpectIntGT(withParamsLen, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, withParamsLen), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + XMEMSET(output, 0, outputSz); + + /* Now generate again without params */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + pkcs7->hashParamsAbsent = TRUE; + } + + withoutParamsLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz); + ExpectIntGT(withoutParamsLen, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, withoutParamsLen), 0); + + /* Both are valid PKCS7 with non-zero len, ensure without is shorter */ + ExpectIntLT(withoutParamsLen, withParamsLen); + + wc_PKCS7_Free(pkcs7); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + +#endif + return EXPECT_RESULT(); +} /* * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex() @@ -27230,7 +38973,7 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void) enum wc_HashType hashType = WC_HASH_TYPE_SHA; #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = wc_HashGetDigestSize(hashType); + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) @@ -27792,7 +39535,7 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz, ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0); } - outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz); + outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz); ExpectIntGT(outputSz, 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; @@ -27802,7 +39545,7 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz, pkcs7->content = data; pkcs7->contentSz = dataSz; } - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); @@ -27835,7 +39578,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) enum wc_HashType hashType = WC_HASH_TYPE_SHA; #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = wc_HashGetDigestSize(hashType); + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); #ifndef NO_RSA PKCS7DecodedAttrib* decodedAttrib = NULL; /* contentType OID (1.2.840.113549.1.9.3) */ @@ -27874,7 +39617,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) XMEMSET(&hash, 0, sizeof(wc_HashAlg)); /* Success test with RSA certs/key */ - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0); /* calculate hash for content, used later */ @@ -27991,7 +39734,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) /* Try RSA certs/key/sig first */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 1, 1, 0, RSA_TYPE)), 0); ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); @@ -28082,7 +39825,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) #ifndef NO_RSA outputSz = sizeof(output); XMEMSET(output, 0, outputSz); - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 0, 0, 1, RSA_TYPE)), 0); ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); @@ -28129,7 +39872,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT, DYNAMIC_TYPE_FILE)); if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, signedBundleSz, signedBundle), + ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle), signedBundleSz); } if (signedBundle != XBADFILE) { @@ -28143,7 +39886,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) for (i = 0; i < signedBundleSz;) { int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i : chunkSz; - rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz); + rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz); if (rc < 0 ) { if (rc == WC_PKCS7_WANT_READ_E) { i += sz; @@ -28168,7 +39911,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) for (i = 0; i < signedBundleSz;) { int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i : chunkSz; - rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz); + rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz); if (rc < 0 ) { if (rc == WC_PKCS7_WANT_READ_E) { i += sz; @@ -28185,8 +39928,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void) pkcs7 = NULL; } - if (buf != NULL) - XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); } #endif /* BER and stream */ #endif @@ -28216,14 +39958,14 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void) enum wc_HashType hashType = WC_HASH_TYPE_SHA; #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = wc_HashGetDigestSize(hashType); + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); XMEMSET(&hash, 0, sizeof(wc_HashAlg)); /* Success test with ECC certs/key */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0); ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); @@ -28256,7 +39998,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void) * easily change content */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0); ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); @@ -28350,7 +40092,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void) /* Test verify on signedData containing intermediate/root CA certs */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); - ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0); ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); @@ -28422,7 +40164,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, if (ret == 0) { ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION); if (ret == 0) - ret = wc_AesCbcDecrypt(&aes, out, in, inSz); + ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz); wc_AesFree(&aes); } @@ -28927,7 +40669,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0); ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0); ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, - envelopedSz, decoded, sizeof(decoded))), 0); + (word32)envelopedSz, decoded, sizeof(decoded))), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; } @@ -29087,7 +40829,7 @@ static int test_wc_PKCS7_EncodeEncryptedData(void) /* Decode encryptedData */ ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, - encryptedSz, decoded, sizeof(decoded)), 0); + (word32)encryptedSz, decoded, sizeof(decoded)), 0); ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0); /* Keep values for last itr. */ @@ -29146,15 +40888,15 @@ static int test_wc_PKCS7_EncodeEncryptedData(void) pkcs7->encryptionKeySz = tmpWrd32; } - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0, decoded, sizeof(decoded)), BAD_FUNC_ARG); - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, NULL, sizeof(decoded)), BAD_FUNC_ARG); - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, decoded, 0), BAD_FUNC_ARG); /* Test struct fields */ @@ -29162,13 +40904,13 @@ static int test_wc_PKCS7_EncodeEncryptedData(void) tmpBytePtr = pkcs7->encryptionKey; pkcs7->encryptionKey = NULL; } - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); if (pkcs7 != NULL) { pkcs7->encryptionKey = tmpBytePtr; pkcs7->encryptionKeySz = 0; } - ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); wc_PKCS7_Free(pkcs7); @@ -29606,18 +41348,18 @@ static int test_wc_PKCS7_signed_enveloped(void) /* sign cert for envelope */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); if (pkcs7 != NULL) { pkcs7->content = cert; - pkcs7->contentSz = certSz; + pkcs7->contentSz = (word32)certSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; } - ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -29625,16 +41367,16 @@ static int test_wc_PKCS7_signed_enveloped(void) #ifdef HAVE_AES_CBC /* create envelope */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); if (pkcs7 != NULL) { pkcs7->content = sig; - pkcs7->contentSz = sigSz; + pkcs7->contentSz = (word32)sigSz; pkcs7->contentOID = DATA; pkcs7->encryptOID = AES256CBCb; pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; } - ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); + ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0); ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; @@ -29644,13 +41386,13 @@ static int test_wc_PKCS7_signed_enveloped(void) sigSz = FOURK_BUF * 2; ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); if (pkcs7 != NULL) { pkcs7->content = env; - pkcs7->contentSz = envSz; + pkcs7->contentSz = (word32)envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; @@ -29662,14 +41404,14 @@ static int test_wc_PKCS7_signed_enveloped(void) ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), BAD_FUNC_ARG); ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1); } - ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; /* check verify fails */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), PKCS7_SIGNEEDS_CHECK); /* try verifying the signature manually */ @@ -29681,7 +41423,7 @@ static int test_wc_PKCS7_signed_enveloped(void) int digestSz = 0; ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0); - ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0); ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0); ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz); @@ -29695,14 +41437,14 @@ static int test_wc_PKCS7_signed_enveloped(void) /* initializing the PKCS7 struct with the signing certificate should pass */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0); #ifndef NO_PKCS7_STREAM wc_PKCS7_Free(pkcs7); pkcs7 = NULL; ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); /* test for streaming */ ret = -1; @@ -29723,16 +41465,16 @@ static int test_wc_PKCS7_signed_enveloped(void) ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); if (pkcs7 != NULL) { pkcs7->content = env; - pkcs7->contentSz = envSz; + pkcs7->contentSz = (word32)envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; } ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); - ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; wc_FreeRng(&rng); @@ -29740,7 +41482,7 @@ static int test_wc_PKCS7_signed_enveloped(void) /* check verify */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0); ExpectNotNull(pkcs7->content); #ifndef NO_PKCS7_STREAM @@ -29752,16 +41494,16 @@ static int test_wc_PKCS7_signed_enveloped(void) ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); if (pkcs7 != NULL) { pkcs7->content = env; - pkcs7->contentSz = envSz; + pkcs7->contentSz = (word32)envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; - pkcs7->privateKeySz = keySz; + pkcs7->privateKeySz = (word32)keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; } ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); - ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); wc_PKCS7_Free(pkcs7); pkcs7 = NULL; wc_FreeRng(&rng); @@ -29783,13 +41525,13 @@ static int test_wc_PKCS7_signed_enveloped(void) #ifdef HAVE_AES_CBC /* check decode */ ExpectNotNull(inner = wc_PKCS7_New(NULL, 0)); - ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0); if (inner != NULL) { inner->privateKey = key; - inner->privateKeySz = keySz; + inner->privateKeySz = (word32)keySz; } ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, - pkcs7->contentSz, decoded, decodedSz)), 0); + pkcs7->contentSz, decoded, (word32)decodedSz)), 0); wc_PKCS7_Free(inner); inner = NULL; #endif @@ -29800,7 +41542,7 @@ static int test_wc_PKCS7_signed_enveloped(void) /* check cert set */ ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0); ExpectNotNull(pkcs7->singleCert); ExpectIntNE(pkcs7->singleCertSz, 0); wc_PKCS7_Free(pkcs7); @@ -29970,7 +41712,7 @@ static int test_wc_i2d_PKCS12(void) EXPECT_DECLS; #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ - && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA) + && !defined(NO_AES) && !defined(NO_SHA) WC_PKCS12* pkcs12 = NULL; unsigned char der[FOURK_BUF * 2]; unsigned char* pt; @@ -29986,7 +41728,7 @@ static int test_wc_i2d_PKCS12(void) XFCLOSE(f); ExpectNotNull(pkcs12 = wc_PKCS12_new()); - ExpectIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0); + ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0); ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E); ExpectIntEQ(outSz, derSz); @@ -31461,7 +43203,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void) ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb")); ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != NULL) + if (file != XBADFILE) fclose(file); /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */ @@ -31471,7 +43213,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void) ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); - ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, len), 0); + ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0); a = NULL; /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */ @@ -31606,8 +43348,8 @@ static int test_wolfSSL_ASN1_STRING_print(void) /* setup */ for (i = 0; i < (int)sizeof(HELLO_DATA); i++) { - unprintableData[i] = HELLO_DATA[i]; - expected[i] = HELLO_DATA[i]; + unprintableData[i] = (unsigned char)HELLO_DATA[i]; + expected[i] = (unsigned char)HELLO_DATA[i]; } for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) { @@ -31869,31 +43611,22 @@ static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL; - unsigned char nullstr[32]; - - XMEMSET(nullstr, 0, 32); - ExpectNotNull(asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( - sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER)); - if (asn1_gtime != NULL) { - XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); - wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); - ExpectIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); - - XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - wolfSSL_ASN1_GENERALIZEDTIME_free(NULL); -#endif /* OPENSSL_EXTRA */ + ExpectNotNull(asn1_gtime = ASN1_GENERALIZEDTIME_new()); + if (asn1_gtime != NULL) + XMEMCPY(asn1_gtime->data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE); + ASN1_GENERALIZEDTIME_free(asn1_gtime); +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */ return EXPECT_RESULT(); } static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) - WOLFSSL_ASN1_GENERALIZEDTIME gtime; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) + WOLFSSL_ASN1_GENERALIZEDTIME* gtime = NULL; BIO* bio = NULL; unsigned char buf[24]; int i; @@ -31901,19 +43634,17 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) ExpectNotNull(bio = BIO_new(BIO_s_mem())); BIO_set_write_buf_size(bio, 24); - XMEMSET(>ime, 0, sizeof(WOLFSSL_ASN1_GENERALIZEDTIME)); - XMEMCPY(gtime.data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE); - gtime.length = ASN_GENERALIZED_TIME_SIZE; + ExpectNotNull(gtime = ASN1_GENERALIZEDTIME_new()); /* Type not set. */ - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); - gtime.type = V_ASN1_GENERALIZEDTIME; + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); + ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1); /* Invalid parameters testing. */ ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG); ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, >ime), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 1); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1); ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0); @@ -31924,15 +43655,15 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); /* Ensure there is 0 bytes available to write into. */ ExpectIntEQ(BIO_write(bio, buf, 1), 1); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); for (i = 1; i < 20; i++) { ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); } BIO_free(bio); - wolfSSL_ASN1_GENERALIZEDTIME_free(>ime); -#endif /* OPENSSL_EXTRA */ + wolfSSL_ASN1_GENERALIZEDTIME_free(gtime); +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ return EXPECT_RESULT(); } @@ -32941,6 +44672,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void) X509_NAME* name = NULL; const char* expNormal = "C=US, CN=wolfssl.com"; + const char* expEqSpace = "C = US, CN = wolfssl.com"; const char* expReverse = "CN=wolfssl.com, C=US"; const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; @@ -32998,6 +44730,17 @@ static int test_wolfSSL_X509_NAME_print_ex(void) BIO_free(membio); membio = NULL; + /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for + spaces aroun '=' */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), + WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); + ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); + BIO_free(membio); + membio = NULL; + /* Test flags: XN_FLAG_RFC2253 - should be reversed */ ExpectNotNull(membio = BIO_new(BIO_s_mem())); ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, @@ -33348,7 +45091,7 @@ static int test_wc_PemToDer(void) XMEMSET(&info, 0, sizeof(info)); ExpectIntEQ(ret = load_file(ca_cert, &cert_buf, &cert_sz), 0); - ExpectIntEQ(ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL, + ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, CERT_TYPE, &pDer, NULL, &info, &eccKey), 0); wc_FreeDer(&pDer); pDer = NULL; @@ -33487,7 +45230,7 @@ static int test_wc_KeyPemToDer(void) /* Test normal operation */ cert_dersz = cert_sz; /* DER will be smaller than PEM */ - ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz)); ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw), 0); ExpectIntLE(ret, cert_sz); @@ -33501,7 +45244,7 @@ static int test_wc_KeyPemToDer(void) ExpectIntLE(ret, cert_sz); if (EXPECT_SUCCESS()) cert_dersz = ret; - ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz)); ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw), 0); ExpectIntLE(ret, cert_sz); @@ -33538,7 +45281,7 @@ static int test_wc_PubKeyPemToDer(void) /* Test NULL for DER buffer to return needed DER buffer size */ ExpectIntGT(ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0), 0); ExpectIntLE(ret, cert_sz); - cert_dersz = ret; + cert_dersz = (size_t)ret; ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz), 0); @@ -33802,8 +45545,8 @@ static int test_wolfSSL_certs(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509* x509ext = NULL; -#ifdef OPENSSL_ALL X509* x509 = NULL; +#ifdef OPENSSL_ALL WOLFSSL_X509_EXTENSION* ext = NULL; ASN1_OBJECT* obj = NULL; #endif @@ -33832,6 +45575,14 @@ static int test_wolfSSL_certs(void) #endif ExpectNotNull(ssl = SSL_new(ctx)); + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem", + WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG); + #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif @@ -33840,6 +45591,16 @@ static int test_wolfSSL_certs(void) ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); #endif /* HAVE_PK_CALLBACKS */ + /* Invalid parameters. */ + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_use_certificate(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate(NULL, x509), WOLFSSL_FAILURE); + /* No data in certificate. */ + ExpectIntEQ(SSL_use_certificate(ssl, x509), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509); + x509 = NULL; + /* create and use x509 */ #ifdef OPENSSL_ALL ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, @@ -33856,6 +45617,15 @@ static int test_wolfSSL_certs(void) #if defined(USE_CERT_BUFFERS_2048) + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, + (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE); + /* No data. */ + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, + (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, (unsigned char*)server_cert_der_2048, sizeof_server_cert_der_2048), WOLFSSL_SUCCESS); @@ -34107,13 +45877,15 @@ static int test_wolfSSL_private_keys(void) #else ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif - ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); /* Have to load a cert before you can check the private key against that * certificates public key! */ #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE); #endif - ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif @@ -34123,12 +45895,34 @@ static int test_wolfSSL_private_keys(void) ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WOLFSSL_FAILURE); + #ifdef USE_CERT_BUFFERS_2048 { const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; word32 bufSz; + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, + (unsigned char*)client_key_der_2048, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, + 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); @@ -34163,8 +45957,15 @@ static int test_wolfSSL_private_keys(void) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif - /* pkey not set yet, expecting to fail */ - ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE); + /* Invalid parameters. */ + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE); + /* pkey is empty - no key data to use. */ + ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), ASN_PARSE_E); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; /* set PKEY and test again */ ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, @@ -34181,7 +45982,7 @@ static int test_wolfSSL_private_keys(void) /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */ bufSz = FOURK_BUF; - ExpectIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz, + ExpectIntGT((bufSz = (word32)wc_CreatePKCS8Key(buf, &bufSz, (byte*)server_key_der_2048, sizeof_server_key_der_2048, RSAk, NULL, 0)), 0); server_key = (const unsigned char*)buf; @@ -34314,29 +46115,79 @@ static int test_wolfSSL_private_keys(void) return EXPECT_RESULT(); } +static int test_wolfSSL_PEM_def_callback(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + char buf[10]; + const char* defpwd = "DEF PWD"; + int defpwdLen = (int)XSTRLEN(defpwd); + int smallLen = 1; + + /* Bad parameters. */ + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), + 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); + + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), + defpwdLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); + ExpectIntEQ(buf[defpwdLen], 0); + /* Size of buffer is smaller than default password. */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), + smallLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); + ExpectIntEQ(buf[smallLen], 0); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + static int test_wolfSSL_PEM_read_PrivateKey(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ - && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) XFILE file = XBADFILE; - const char* fname = "./certs/server-key.pem"; - EVP_PKEY* pkey = NULL; +#if !defined(NO_RSA) + const char* fname_rsa = "./certs/server-key.pem"; RSA* rsa = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; unsigned char* sig = NULL; size_t sigLen = 0; const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; size_t tbsLen = sizeof(tbs); +#endif +#if !defined(NO_DSA) + const char* fname_dsa = "./certs/dsa2048.pem"; +#endif +#if defined(HAVE_ECC) + const char* fname_ec = "./certs/ecc-key.pem"; +#endif +#if !defined(NO_DH) + const char* fname_dh = "./certs/dh-priv-2048.pem"; +#endif + EVP_PKEY* pkey = NULL; /* Check error case. */ ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); + /* not a PEM key. */ + ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + +#ifndef NO_RSA /* Read in an RSA key. */ - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); if (file != XBADFILE) XFCLOSE(file); + file = XBADFILE; /* Make sure the key is usable by signing some data with it. */ ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); @@ -34351,6 +46202,52 @@ static int test_wolfSSL_PEM_read_PrivateKey(void) XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DSA + /* Read in a DSA key. */ + ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif + +#ifdef HAVE_ECC + /* Read in an EC key. */ + ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DH + /* Read in a DH key. */ + ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif #endif return EXPECT_RESULT(); } @@ -34371,280 +46268,440 @@ static int test_wolfSSL_PEM_read_PUBKEY(void) ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); EVP_PKEY_free(pkey); + pkey = NULL; + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); + EVP_PKEY_free(pkey); if (file != XBADFILE) XFCLOSE(file); #endif return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_PrivateKey(void) +/* test loading RSA key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_rsa(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) -#ifndef NO_BIO +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ + !defined(NO_BIO) BIO* bio = NULL; -#endif + XFILE file = XBADFILE; + const char* fname = "./certs/server-key.pem"; + const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; EVP_PKEY* pkey = NULL; + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + RSA* rsa_key = NULL; +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + unsigned char extra[10]; + int i; + BIO* pub_bio = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#endif -#ifndef NO_BIO + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } - /* test creating new EVP_PKEY with bad arg */ - ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; - /* test loading RSA key using BIO */ -#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) - { - XFILE file = XBADFILE; - const char* fname = "./certs/server-key.pem"; - const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; + /* New empty EVP_PKEY */ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_RSA; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - RSA* rsa_key = NULL; + /* Qt unit test case : rsa pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey2 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_RSA; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); - EVP_PKEY_free(pkey2); - EVP_PKEY_free(pkey); - pkey = NULL; + ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); + ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); - /* Qt unit test case : rsa pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); + RSA_free(rsa_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; + pkey2 = NULL; - ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); - ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + #define BIO_PEM_TEST_CHAR 'a' + XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); - #endif + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE); - RSA_free(rsa_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; - } + ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectNull(pkey); + + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), + WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + ExpectIntEQ(BIO_pending(bio), 1679); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 451); +#else + /* Not supported. */ + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); #endif - /* test loading ECC key using BIO */ -#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) - { - XFILE file = XBADFILE; - const char* fname = "./certs/ecc-key.pem"; - const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; + /* test creating new EVP_PKEY with good args */ + ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - EC_KEY* ec_key = NULL; - int nid = 0; + /* test of reuse of EVP_PKEY */ + ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + /* add 10 extra bytes after PEM */ + ExpectIntEQ(BIO_write(bio, extra, 10), 10); + ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectNotNull(pkey); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + /* check 10 extra bytes still there */ + ExpectIntEQ(BIO_pending(bio), 10); + ExpectIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); + } - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + EVP_PKEY_free(pkey2); +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && + * !NO_FILESYSTEM && !NO_BIO */ + return EXPECT_RESULT(); +} - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey2 = EVP_PKEY_new()); - ExpectNotNull(pkey3 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_EC; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); - /* Qt unit test case 1*/ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); - #endif - /* Test default digest */ - ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); - ExpectIntEQ(nid, NID_sha256); - EC_KEY_free(ec_key); - ec_key = NULL; - EVP_PKEY_free(pkey3); - pkey3 = NULL; - EVP_PKEY_free(pkey2); - pkey2 = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; +/* test loading ECC key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_ecc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-key.pem"; + const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; + + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + EC_KEY* ec_key = NULL; + int nid = 0; + BIO* pub_bio = NULL; - /* Qt unit test case ec pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); - /* Qt unit test case */ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); - #endif - EC_KEY_free(ec_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + /* No parameters. */ + ExpectIntEQ(BIO_pending(bio), 227); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 178); +#endif + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(pkey3 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_EC; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); + + + /* Qt unit test case 1*/ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); + #endif + /* Test default digest */ + ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); + ExpectIntEQ(nid, NID_sha256); + EC_KEY_free(ec_key); + ec_key = NULL; + EVP_PKEY_free(pkey3); + pkey3 = NULL; + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case ec pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + /* Qt unit test case */ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; #endif + return EXPECT_RESULT(); +} -#if !defined(NO_BIO) && !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || \ - defined(WOLFSSL_CERT_GEN)) - { - #define BIO_PEM_TEST_CHAR 'a' - EVP_PKEY* pkey2 = NULL; - unsigned char extra[10]; - int i; - BIO* pub_bio = NULL; +/* test loading DSA key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); + /* Private DSA EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif - XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); + ExpectIntEQ(BIO_pending(bio), 1178); + BIO_reset(bio); +#endif - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); - ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + ExpectIntEQ(BIO_pending(bio), 1196); - ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - ExpectNull(pkey); + BIO_free(bio); + bio = NULL; - ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(bio), 0); - ExpectIntEQ(BIO_pending(bio), 1679); - /* Check if the pubkey API writes only the public key */ + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +/* test loading DH key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_dh(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); + /* Private DH EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif #ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(pub_bio), 0); - /* Previously both the private key and the pubkey calls would write - * out the private key and the PEM header was the only difference. - * The public PEM should be significantly shorter than the - * private key versison. */ - ExpectIntEQ(BIO_pending(pub_bio), 451); -#endif - - - /* test creating new EVP_PKEY with good args */ - ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0); - - /* test of reuse of EVP_PKEY */ - ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectIntEQ(BIO_pending(bio), 0); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - ExpectIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */ - ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectNotNull(pkey); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); - } - ExpectIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ - ExpectIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); - } + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); +#endif - BIO_free(pub_bio); - BIO_free(bio); - bio = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - EVP_PKEY_free(pkey2); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + ExpectIntEQ(BIO_pending(bio), 806); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) +#ifndef NO_BIO + BIO* bio = NULL; +#endif + EVP_PKEY* pkey = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + +#ifndef NO_BIO + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* Test bad EVP_PKEY type. */ + /* New HMAC EVP_PKEY */ + ExpectNotNull(bio = BIO_new_mem_buf("", 1)); + ExpectNotNull(pkey = EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = EVP_PKEY_HMAC; } - #endif + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 0); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WOLFSSL_FAILURE); +#endif + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ @@ -34736,9 +46793,9 @@ static int test_wolfSSL_PEM_PrivateKey(void) server_key = buf; pkey = NULL; - ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes)); + ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long int)bytes)); ExpectNull(pkey); - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes)); + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long int)bytes)); ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); @@ -35164,7 +47221,7 @@ static int test_wolfSSL_PEM_PUBKEY(void) { XFILE file = XBADFILE; const char* fname = "./certs/ecc-client-keyPub.pem"; - size_t sz; + size_t sz = 0; byte* buf = NULL; EVP_PKEY* pkey2 = NULL; @@ -35185,6 +47242,13 @@ static int test_wolfSSL_PEM_PUBKEY(void) /* Test using BIO new mem and loading PEM private key */ ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; @@ -35202,7 +47266,7 @@ static int test_wolfSSL_PEM_PUBKEY(void) EC_KEY_free(ec_key); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); - pkey = NULL; + pkey = NULL; } #endif @@ -35253,7 +47317,7 @@ static int test_DSA_do_sign_verify(void) XMEMSET(digest, 202, sizeof(digest)); ExpectNotNull(dsa = DSA_new()); - ExpectIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1); + ExpectIntEQ(DSA_LoadDer(dsa, tmp, (int)bytes), 1); ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1); ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1); @@ -35272,33 +47336,123 @@ static int test_wolfSSL_tmp_dh(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) + !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[6000]; + static const unsigned char p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93 + }; + int pSz = (int)sizeof(p); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + static const unsigned char bad_p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x91 + }; +#endif + static const unsigned char g[] = { 0x02 }; + int gSz = (int)sizeof(g); +#if !defined(NO_DSA) char file[] = "./certs/dsaparams.pem"; + DSA* dsa = NULL; +#else + char file[] = "./certs/dh2048.pem"; +#endif XFILE f = XBADFILE; int bytes = 0; - DSA* dsa = NULL; DH* dh = NULL; -#if defined(WOLFSSL_DH_EXTRA) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH* dh2 = NULL; -#endif BIO* bio = NULL; SSL* ssl = NULL; SSL_CTX* ctx = NULL; +#ifndef NO_WOLFSSL_CLIENT + SSL* ssl_c = NULL; + SSL_CTX* ctx_c = NULL; +#endif #ifndef NO_WOLFSSL_SERVER ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); -#endif ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); ExpectNotNull(ssl = SSL_new(ctx)); +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method())); + ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl_c = SSL_new(ctx_c)); +#ifdef NO_WOLFSSL_SERVER + ctx = ctx_c; + ssl = ssl_c; +#endif +#endif + XMEMSET(buff, 0, sizeof(buff)); ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); if (f != XBADFILE) @@ -35306,16 +47460,91 @@ static int test_wolfSSL_tmp_dh(void) ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); +#if !defined(NO_DSA) dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); ExpectNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); +#else + dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL); +#endif ExpectNotNull(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) ExpectNotNull(dh2 = wolfSSL_DH_dup(dh)); + DH_free(dh2); + dh2 = NULL; +#endif + + /* Failure cases */ + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 1, g , 1), + DH_KEY_SIZE_E); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g , 1), + DH_KEY_SIZE_E); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz), + DH_CHECK_PUB_E); +#endif + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 1, g , 1), + DH_KEY_SIZE_E); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g , 1), + DH_KEY_SIZE_E); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) +#ifndef NO_WOLFSSL_SERVER + /* Parameters will be tested later so it passes now. */ + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl, bad_p, pSz, g, gSz), + WOLFSSL_SUCCESS); +#endif #endif +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz), + SIDE_ERROR); +#endif + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh ), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh ), BAD_FUNC_ARG); + /* No p/g to use. */ + dh2 = wolfSSL_DH_new(); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WOLFSSL_FATAL_ERROR); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WOLFSSL_FATAL_ERROR); + DH_free(dh2); + dh2 = NULL; + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz), + WOLFSSL_SUCCESS); ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); @@ -35324,15 +47553,22 @@ static int test_wolfSSL_tmp_dh(void) #endif BIO_free(bio); +#if !defined(NO_DSA) DSA_free(dsa); +#endif DH_free(dh); dh = NULL; -#if defined(WOLFSSL_DH_EXTRA) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) - DH_free(dh2); - dh2 = NULL; +#ifndef NO_WOLFSSL_CLIENT + if (ssl != ssl_c) { + SSL_free(ssl_c); + } #endif SSL_free(ssl); +#ifndef NO_WOLFSSL_CLIENT + if (ctx != ctx_c) { + SSL_CTX_free(ctx_c); + } +#endif SSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif @@ -36120,8 +48356,20 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM)); + + /* Negative tests. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Empty certificate. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM)); @@ -36210,7 +48458,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) return EXPECT_RESULT(); } - #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int test_wolfSSL_ERR_peek_last_error_line(void) { @@ -36305,7 +48552,7 @@ static int test_wolfSSL_X509_Name_canon(void) /* When output buffer is NULL, should return necessary output buffer * length.*/ ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); - ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | @@ -36327,7 +48574,7 @@ static int test_wolfSSL_X509_Name_canon(void) ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); ExpectNotNull(name = X509_get_issuer_name(x509)); - ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | @@ -37492,20 +49739,19 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args) #endif /* HAVE_ECH && WOLFSSL_TLS13 */ #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) -static void keyLog_callback(const WOLFSSL* ssl, const char* line ) +static void keyLog_callback(const WOLFSSL* ssl, const char* line) { + XFILE fp; + const byte lf = '\n'; AssertNotNull(ssl); AssertNotNull(line); - XFILE fp; - const byte lf = '\n'; fp = XFOPEN("./MyKeyLog.txt", "a"); - XFWRITE( line, 1, strlen(line),fp); - XFWRITE( (void*)&lf,1,1,fp); + XFWRITE(line, 1, XSTRLEN(line), fp); + XFWRITE((void*)&lf, 1, 1, fp); XFFLUSH(fp); XFCLOSE(fp); - } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ static int test_wolfSSL_CTX_set_keylog_callback(void) @@ -37553,12 +49799,14 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) -/* This test is intended for checking whether keylog callback is called - * in client during TLS handshake between the client and a server. - */ + /* This test is intended for checking whether keylog callback is called + * in client during TLS handshake between the client and a server. + */ test_ssl_cbf server_cbf; test_ssl_cbf client_cbf; XFILE fp = XBADFILE; + char buff[500]; + int found = 0; XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf)); XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf)); @@ -37575,16 +49823,12 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void) ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, &server_cbf, NULL), TEST_SUCCESS); - XSLEEP_MS(100); /* check if the keylog file exists */ - - char buff[300] = {0}; - int found = 0; - ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE); XFFLUSH(fp); /* Just to make sure any buffers get flushed */ + XMEMSET(buff, 0, sizeof(buff)); while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) { if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) { found = 1; @@ -38069,13 +50313,15 @@ static int test_wolfSSL_X509_STORE(void) #ifdef HAVE_CRL X509_STORE_CTX *storeCtx = NULL; - X509_CRL *crl = NULL; X509 *ca = NULL; X509 *cert = NULL; - const char crlPem[] = "./certs/crl/crl.revoked"; const char srvCert[] = "./certs/server-revoked-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + X509_CRL *crl = NULL; + const char crlPem[] = "./certs/crl/crl.revoked"; XFILE fp = XBADFILE; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, @@ -38095,6 +50341,7 @@ static int test_wolfSSL_X509_STORE(void) X509_free(ca); ca = NULL; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP /* should fail to verify now after adding in CRL */ ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, @@ -38124,6 +50371,7 @@ static int test_wolfSSL_X509_STORE(void) cert = NULL; X509_free(ca); ca = NULL; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ #endif /* HAVE_CRL */ @@ -39739,6 +51987,89 @@ static int test_wolfSSL_set1_curves_list(void) return EXPECT_RESULT(); } +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC) +static int test_wolfSSL_curves_mismatch_ctx_ready(WOLFSSL_CTX* ctx) +{ + static int counter = 0; + EXPECT_DECLS; + + if (counter % 2) { + ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-256"), + WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-384"), + WOLFSSL_SUCCESS); + } + + /* Ciphersuites that require curves */ + wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384:" + "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:" + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-CHACHA20-POLY1305"); + + counter++; + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_curves_mismatch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* desc; + int client_last_err; + int server_last_err; + } test_params[] = { +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", + FATAL_ERROR, BAD_KEY_SHARE_DATA}, +#endif +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", + FATAL_ERROR, MATCH_SUITE_ERROR}, +#endif +#ifndef NO_OLD_TLS + {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1", + FATAL_ERROR, MATCH_SUITE_ERROR}, +#endif + }; + + for (i = 0; i < XELEM_CNT(test_params) && !EXPECT_FAIL(); i++) { + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + printf("\tTesting with %s...\n", test_params[i].desc); + + func_cb_client.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready; + func_cb_server.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready; + + func_cb_client.method = test_params[i].client_meth; + func_cb_server.method = test_params[i].server_meth; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_FAIL); + ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err); + ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err); + + if (!EXPECT_SUCCESS()) + break; + printf("\t%s passed\n", test_params[i].desc); + } +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_set1_sigalgs_list(void) { EXPECT_DECLS; @@ -40300,6 +52631,516 @@ static int test_wolfSSL_X509_time_adj(void) return EXPECT_RESULT(); } +static int test_wolfSSL_X509_bad_altname(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + const unsigned char malformed_alt_name_cert[] = { + 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, + 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, + 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, + 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, + 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, + 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, + 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, + 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, + 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, + 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, + 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, + 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, + 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, + 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, + 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, + 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, + 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, + 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, + 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, + 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, + 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, + 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, + 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, + 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, + 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, + 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, + 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, + 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, + 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, + 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, + 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, + 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, + 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, + 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, + 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, + 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, + 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, + 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, + 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, + 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, + 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, + 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, + 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, + 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, + 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, + 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, + 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, + 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, + 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, + 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd + }; + + X509* x509 = NULL; + int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); + const char *name = "aaaaa"; + int nameLen = (int)XSTRLEN(name); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); + + /* malformed_alt_name_cert has a malformed alternative + * name of "a*\0*". Ensure that it does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, + 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, + 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, + 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, + 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, + 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, + 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, + 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, + 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, + 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, + 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, + 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, + 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, + 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, + 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, + 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, + 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, + 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, + 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, + 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, + 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, + 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, + 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, + 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, + 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, + 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, + 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, + 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, + 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, + 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, + 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, + 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, + 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, + 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, + 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, + 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, + 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, + 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, + 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, + 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, + 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, + 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, + 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, + 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, + 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, + 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, + 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "aaaaa"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "a"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "abbbb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "bbb"; + int nameLen4 = (int)(XSTRLEN(name4)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*" matches "aaaaa" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "a" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "abbbb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a*b* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, + 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, + 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, + 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, + 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, + 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, + 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, + 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, + 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, + 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, + 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, + 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, + 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, + 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, + 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, + 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, + 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, + 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, + 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, + 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, + 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, + 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, + 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, + 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, + 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, + 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, + 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, + 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, + 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, + 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, + 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, + 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, + 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, + 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, + 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, + 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, + 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, + 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, + 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, + 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, + 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, + 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, + 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, + 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, + 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, + 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, + 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "ab"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "acccbccc"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "accb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "accda"; + int nameLen4 = (int)(XSTRLEN(name4)); + const char *name5 = "acc\0bcc"; + int nameLen5 = 7; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*b*" matches "ab" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "acccbccc" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "accb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" does not match "accda" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication + * on check len input handling, 0 for len is OK as it should then use + * strlen(name1) */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Openssl also allows for len to include NULL terminator */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that check string with NULL terminator in middle is + * rejected */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match3(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name *.example.com */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, + 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, + 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, + 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, + 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, + 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, + 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, + 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, + 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, + 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, + 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, + 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, + 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, + 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, + 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, + 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, + 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, + 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, + 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, + 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, + 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, + 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, + 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, + 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, + 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, + 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, + 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, + 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, + 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, + 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, + 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, + 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, + 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, + 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, + 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, + 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, + 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, + 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, + 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, + 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, + 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, + 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, + 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, + 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, + 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, + 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "foo.example.com"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "x.y.example.com"; + int nameLen2 = (int)(XSTRLEN(name2)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "*.example.com" matches "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_max_altnames(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) + + /* Only test if max alt names has not been modified */ +#if WOLFSSL_MAX_ALT_NAMES <= 1024 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate encoded with 130 subject alternative names */ + const char* over_max_altnames_cert = \ + "./certs/test/cert-over-max-altnames.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, + over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), + WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_max_name_constraints(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(IGNORE_NAME_CONSTRAINTS) + + /* Only test if max name constraints has not been modified */ +#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate with 130 name constraints */ + const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, + NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif + +#endif + return EXPECT_RESULT(); +} static int test_wolfSSL_X509(void) { @@ -40665,7 +53506,7 @@ static int test_wolfSSL_X509_sign(void) ExpectIntEQ(wolfSSL_X509_add_altname(x509, "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", ASN_DNS_TYPE), SSL_SUCCESS); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME { unsigned char ip4_type[] = {127,128,0,255}; unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, @@ -40680,6 +53521,13 @@ static int test_wolfSSL_X509_sign(void) #endif #endif /* WOLFSSL_ALT_NAMES */ + { + ASN1_UTCTIME* infinite_past = NULL; + ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); + ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); + ASN1_UTCTIME_free(infinite_past); + } + /* test valid sign case */ ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); @@ -40691,7 +53539,7 @@ static int test_wolfSSL_X509_sign(void) #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) ExpectIntEQ(X509_get_ext_count(x509), 1); #endif -#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) +#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); #endif @@ -40707,7 +53555,7 @@ static int test_wolfSSL_X509_sign(void) #ifndef WOLFSSL_ALT_NAMES /* Valid case - size should be 781-786 with 16 byte serial number */ ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); -#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#elif defined(WOLFSSL_IP_ALT_NAME) /* Valid case - size should be 955-960 with 16 byte serial number */ ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); #else @@ -40734,7 +53582,7 @@ static int test_wolfSSL_X509_sign(void) ExpectNotNull(name = X509_get_subject_name(ca)); cnSz = X509_NAME_get_sz(name); ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); + ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); cn = NULL; @@ -40756,7 +53604,7 @@ static int test_wolfSSL_X509_sign(void) ExpectNotNull(name = X509_get_issuer_name(x509)); cnSz = X509_NAME_get_sz(name); ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); + ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); @@ -40969,7 +53817,8 @@ static int test_wolfSSL_X509_VERIFY_PARAM(void) return EXPECT_RESULT(); } -#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY) static int test_wolfSSL_check_domain_verify_count = 0; @@ -41034,6 +53883,14 @@ static int test_wolfSSL_check_domain(void) return EXPECT_RESULT(); } +#else + +static int test_wolfSSL_check_domain(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} + #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ static int test_wolfSSL_X509_get_X509_PUBKEY(void) @@ -41460,6 +54317,18 @@ static int test_wolfSSL_PKCS8_Compat(void) return EXPECT_RESULT(); } +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) +static int NoPasswordCallBack(char* passwd, int sz, int rw, void* userdata) +{ + (void)passwd; + (void)sz; + (void)rw; + (void)userdata; + + return -1; +} +#endif + static int test_wolfSSL_PKCS8_d2i(void) { EXPECT_DECLS; @@ -41542,6 +54411,13 @@ static int test_wolfSSL_PKCS8_d2i(void) #endif /* OPENSSL_ALL */ #ifndef NO_FILESYSTEM +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_PKCS8PrivateKey(XBADFILE, pkey, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, NULL, NULL, NULL, 0, NULL, + NULL), 0); +#endif + #ifndef NO_RSA /* Get DER encoded RSA PKCS#8 data. */ ExpectTrue((file = XFOPEN(rsaDerPkcs8File, "rb")) != XBADFILE); @@ -41572,20 +54448,33 @@ static int test_wolfSSL_PKCS8_d2i(void) #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, NULL, NULL, NULL, 0, NULL, + NULL), 0); /* Write PKCS#8 PEM to BIO. */ ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); + /* Write PKCS#8 PEM to stderr. */ + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL, + NULL), bytes); /* Compare file and written data */ ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); bio = NULL; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_gcm(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), 0); +#endif #if !defined(NO_DES3) && !defined(NO_SHA) ExpectNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 1834; ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_des_ede3_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); @@ -41655,6 +54544,8 @@ static int test_wolfSSL_PKCS8_d2i(void) /* Write PKCS#8 PEM to BIO. */ ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL, + NULL), bytes); /* Compare file and written data */ ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); @@ -41663,8 +54554,16 @@ static int test_wolfSSL_PKCS8_d2i(void) ExpectNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 379; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), + NULL, 0, NoPasswordCallBack, (void*)"yassl123"), 0); ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(), + (char*)"yassl123", 8, PasswordCallBack, NULL), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); @@ -41703,8 +54602,9 @@ static int test_wolfSSL_PKCS8_d2i(void) return EXPECT_RESULT(); } -#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ - defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) +#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \ + !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) #define LOGGING_THREADS 5 #define ERROR_COUNT 10 /* copied from logging.c since this is not exposed otherwise */ @@ -41759,8 +54659,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args) static int test_error_queue_per_thread(void) { int res = TEST_SKIPPED; -#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ - defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) +#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \ + !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) THREAD_TYPE loggingThreads[LOGGING_THREADS]; int i; @@ -42852,7 +55753,7 @@ static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest, ExpectIntEQ(digestSz, digestSz2); ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0); - *sz = digestSz; + *sz = (int)digestSz; return EXPECT_RESULT(); } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */ @@ -44113,10 +57014,10 @@ static int test_wolfSSL_RC4(void) XMEMSET(dec, 0, sizeof(dec)); /* Encrypt */ - wolfSSL_RC4_set_key(&rc4Key, i, key); + wolfSSL_RC4_set_key(&rc4Key, (int)i, key); wolfSSL_RC4(&rc4Key, j, data, enc); /* Decrypt */ - wolfSSL_RC4_set_key(&rc4Key, i, key); + wolfSSL_RC4_set_key(&rc4Key, (int)i, key); wolfSSL_RC4(&rc4Key, j, enc, dec); ExpectIntEQ(XMEMCMP(dec, data, j), 0); @@ -44752,8 +57653,8 @@ static int test_GENERAL_NAME_set0_othername(void) { ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); gns = NULL; - ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, - NULL)); + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3); @@ -44801,13 +57702,13 @@ static int test_othername_and_SID_ext(void) { /* SID extension. SID data format explained here: * https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/ */ - uint8_t SidExtension[] = { + byte SidExtension[] = { 48, 64, 160, 62, 6, 10, 43, 6, 1, 4, 1, 130, 55, 25, 2, 1, 160, 48, 4, 46, 83, 45, 49, 45, 53, 45, 50, 49, 45, 50, 56, 52, 51, 57, 48, 55, 52, 49, 56, 45, 51, 57, 50, 54, 50, 55, 55, 52, 50, 49, 45, 51, 56, 49, 53, 57, 57, 51, 57, 55, 50, 45, 52, 54, 48, 49}; - uint8_t expectedAltName[] = { + byte expectedAltName[] = { 0x30, 0x27, 0xA0, 0x25, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03, 0xA0, 0x17, 0x0C, 0x15, 0x6F, 0x74, 0x68, 0x65, 0x72, 0x6E, 0x61, 0x6D, 0x65, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, @@ -44916,8 +57817,8 @@ static int test_othername_and_SID_ext(void) { 0); /* Cleanup */ - ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, - NULL)); + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1); ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0)); ExpectIntEQ(gn->type, 0); @@ -45543,7 +58444,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); /* Start the test proper */ /* Setup the TCP BIO */ @@ -45590,7 +58491,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx)); ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); @@ -45661,6 +58562,182 @@ static int test_wolfSSL_BIO_tls(void) return EXPECT_RESULT(); } + +static int test_wolfSSL_BIO_datagram(void) +{ + EXPECT_DECLS; +#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) + int ret; + SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID; + WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; + WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL; + SOCKADDR_IN sin1, sin2; + socklen_t slen; + static const char test_msg[] = "I am a datagram, short and stout."; + char test_msg_recvd[sizeof(test_msg) + 10]; +#ifdef USE_WINDOWS_API + static const DWORD timeout = 250; /* ms */ +#else + static const struct timeval timeout = { 0, 250000 }; +#endif + + StartTCP(); + + if (EXPECT_SUCCESS()) { + fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd1, SOCKET_INVALID); + } + if (EXPECT_SUCCESS()) { + fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd2, SOCKET_INVALID); + } + + if (EXPECT_SUCCESS()) { + bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */); + ExpectNotNull(bio1); + } + + if (EXPECT_SUCCESS()) { + bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */); + ExpectNotNull(bio2); + } + + if (EXPECT_SUCCESS()) { + sin1.sin_family = AF_INET; + sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin1.sin_port = 0; + slen = (socklen_t)sizeof(sin1); + ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0); + ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + sin2.sin_family = AF_INET; + sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin2.sin_port = 0; + slen = (socklen_t)sizeof(sin2); + ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0); + ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + bio_addr1 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + + if (EXPECT_SUCCESS()) { + bio_addr2 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */ + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg)); +#endif + + /* bio2 should now have bio1's addr stored as its peer_addr, because the + * BIOs aren't "connected" yet. use it to send a reply. + */ + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntNE(BIO_should_retry(bio1), 0); + + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntNE(BIO_should_retry(bio2), 0); + + /* now "connect" the sockets. */ + + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr1); + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + +#ifdef __linux__ + /* now "disconnect" the sockets and attempt transmits expected to fail. */ + + sin1.sin_family = AF_UNSPEC; + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + sin1.sin_family = AF_INET; + + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + + if (EXPECT_SUCCESS()) { + sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + test_msg_recvd[0] = 0; + errno = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1); + ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH)); + +#endif /* __linux__ */ + + + if (bio1) { + ret = wolfSSL_BIO_free(bio1); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } else if (fd1 != SOCKET_INVALID) + CloseSocket(fd1); + if (bio2) { + ret = wolfSSL_BIO_free(bio2); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } else if (fd2 != SOCKET_INVALID) + CloseSocket(fd2); + if (bio_addr1) + wolfSSL_BIO_ADDR_free(bio_addr1); + if (bio_addr2) + wolfSSL_BIO_ADDR_free(bio_addr2); + +#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + + #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_HTTP_CLIENT) static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) @@ -46334,7 +59411,7 @@ static int test_wolfSSL_sigalg_info(void) word16 idx = 0; int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM; - InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len); + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len); for (idx = 0; idx < len; idx += 2) { int hashAlgo = 0; int sigAlgo = 0; @@ -46346,7 +59423,7 @@ static int test_wolfSSL_sigalg_info(void) ExpectIntNE(sigAlgo, 0); } - InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs | SIG_ANON, 1, + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1, 0xFFFFFFFF, &len); for (idx = 0; idx < len; idx += 2) { int hashAlgo = 0; @@ -46482,6 +59559,7 @@ static int test_wolfSSL_SESSION(void) ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */ ExpectPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */ + ExpectIntEQ(wolfSSL_SessionIsSetup(sess), 1); #ifdef HAVE_EXT_CACHE ExpectPtrEq(sess, sess_copy); /* they should be the same pointer but without * HAVE_EXT_CACHE we get new objects each time */ @@ -46859,6 +59937,7 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void) /* Both should have been allocated */ ExpectIntEQ(clientSessRemCountMalloc, 1); ExpectIntEQ(serverSessRemCountMalloc, 1); + /* This should not be called yet. Session wasn't evicted from cache yet. */ ExpectIntEQ(clientSessRemCountFree, 0); #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ @@ -46885,7 +59964,6 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void) ExpectIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0); ExpectNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx)); ExpectIntEQ(serverSessRemCountFree, 1); - /* Need to free the references that we kept */ SSL_CTX_free(serverSessCtx); SSL_SESSION_free(serverSess); @@ -47095,7 +60173,10 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void) ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL)); /* RSA not set yet, expecting to fail*/ - ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); + rsa = wolfSSL_RSA_new(); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_FAILURE); + wolfSSL_RSA_free(rsa); + rsa = NULL; #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) /* set RSA using bio*/ @@ -47104,6 +60185,11 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void) ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa)); ExpectNotNull(rsa); + /* Tests bad parameters */ + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); /* i2d RSAprivate key tests */ @@ -48281,9 +61367,9 @@ static int test_wolfSSL_make_cert(void) ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - idx)), 6); + (int)idx)), 6); ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - idx)), -1); + (int)idx)), -1); #endif /* WOLFSSL_MULTI_ATTRIB */ /* compare DN at index 0 */ @@ -48306,13 +61392,13 @@ static int test_wolfSSL_make_cert(void) /* get first and second DC and compare result */ ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - idx)), 6); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); + (int)idx)), 6); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); #endif /* WOLFSSL_MULTI_ATTRIB */ @@ -48500,7 +61586,7 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); - bytes = dsaKeySz; + bytes = (word32)dsaKeySz; #else byte tmp[TWOK_BUF]; const unsigned char* dsaKeyDer = (const unsigned char*)tmp; @@ -51064,7 +64150,7 @@ static int test_wolfSSL_X509V3_EXT_print(void) /* X509_get_ext_by_NID should return 3 for now. If that changes then * update the index */ ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); - ExpectNotNull(ext = X509_get_ext(x509, idx)); + ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); ExpectIntGT(fprintf(stderr, "\n"), 0); } @@ -51526,7 +64612,7 @@ static int test_wolfSSL_OCSP_id_cmp(void) static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_SINGLERESP single; const WOLFSSL_OCSP_CERTID* certId; @@ -51543,7 +64629,8 @@ static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) static int test_wolfSSL_OCSP_single_get0_status(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_OCSP_PARSE_STATUS) WOLFSSL_OCSP_SINGLERESP single; CertStatus certStatus; WOLFSSL_ASN1_TIME* thisDate; @@ -51578,7 +64665,7 @@ static int test_wolfSSL_OCSP_single_get0_status(void) static int test_wolfSSL_OCSP_resp_count(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; @@ -51599,7 +64686,7 @@ static int test_wolfSSL_OCSP_resp_count(void) static int test_wolfSSL_OCSP_resp_get0(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; @@ -51803,7 +64890,8 @@ static int test_wc_CreateEncryptedPKCS8Key(void) { EXPECT_DECLS; #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ - && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) + && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \ + !defined(NO_ASN_CRYPT) WC_RNG rng; byte* encKey = NULL; word32 encKeySz = 0; @@ -51814,26 +64902,28 @@ static int test_wc_CreateEncryptedPKCS8Key(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); ExpectIntEQ(wc_InitRng(&rng), 0); + PRIVATE_KEY_UNLOCK(); /* Call with NULL for out buffer to get necessary length. */ ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, - sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz, + sizeof_server_key_der_2048, NULL, &encKeySz, password, (int)passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), LENGTH_ONLY_E); ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Call with the allocated out buffer. */ ExpectIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, - sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz, + sizeof_server_key_der_2048, encKey, &encKeySz, password, (int)passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), 0); /* Decrypt the encrypted PKCS8 key we just made. */ - ExpectIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password, - passwordSz)), 0); + ExpectIntGT((decKeySz = (word32)wc_DecryptPKCS8Key(encKey, encKeySz, password, + (int)passwordSz)), 0); /* encKey now holds the decrypted key (decrypted in place). */ ExpectIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0); /* Check that the decrypted key matches the key prior to encryption. */ ExpectIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048, sizeof_server_key_der_2048), 0); + PRIVATE_KEY_LOCK(); XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); @@ -51859,12 +64949,12 @@ static int test_wc_GetPkcs8TraditionalOffset(void) /* valid case */ inOutIdx = 0; - ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz), + ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), 0); /* inOutIdx > sz */ inOutIdx = 4000; - ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz), + ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), BAD_FUNC_ARG); /* null input */ @@ -51875,7 +64965,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void) /* invalid input, fill buffer with 1's */ XMEMSET(der, 1, sizeof(der)); inOutIdx = 0; - ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz), + ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), ASN_PARSE_E); #endif /* NO_ASN */ return EXPECT_RESULT(); @@ -52022,37 +65112,37 @@ static int test_CheckCertSignature(void) int certSz; #endif - ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL)); + ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL)); ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm)); + ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm)); #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_1024, sizeof_ca_cert_der_1024, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024, + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); #elif defined(USE_CERT_BUFFERS_2048) - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048, + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); #endif #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, + ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); #endif @@ -52067,10 +65157,10 @@ static int test_CheckCertSignature(void) XFCLOSE(fp); fp = XBADFILE; } - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); - ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); #endif #ifdef HAVE_ECC ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE); @@ -52079,10 +65169,10 @@ static int test_CheckCertSignature(void) XFCLOSE(fp); fp = XBADFILE; } - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-ecc-cert.pem", NULL)); - ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); #endif #endif @@ -52209,7 +65299,7 @@ static int test_MakeCertWithPathLen(void) ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der, FOURK_BUF, NULL, &key, &rng), 0); - wc_InitDecodedCert(&decodedCert, der, derSize, NULL); + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); ExpectIntEQ(decodedCert.pathLength, expectedPathLen); @@ -52222,6 +65312,74 @@ static int test_MakeCertWithPathLen(void) return EXPECT_RESULT(); } +static int test_MakeCertWith0Ser(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) && \ + defined(WOLFSSL_ASN_TEMPLATE) + Cert cert; + DecodedCert decodedCert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + ecc_key key; + int ret; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", + CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 1; + cert.sigType = CTC_SHA256wECDSA; + +#ifdef WOLFSSL_CERT_EXT + cert.keyUsage |= KEYUSE_KEY_CERT_SIGN; +#endif + + /* set serial number to 0 */ + cert.serialSz = 1; + cert.serial[0] = 0; + + ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); + ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der, + FOURK_BUF, NULL, &key, &rng), 0); + + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); + +#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), + ASN_PARSE_E); +#else + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); +#endif + + wc_FreeDecodedCert(&decodedCert); + ret = wc_ecc_free(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); +#endif + return EXPECT_RESULT(); +} + static int test_MakeCertWithCaFalse(void) { EXPECT_DECLS; @@ -53256,12 +66414,12 @@ static int test_wolfssl_PKCS7(void) byte* out = NULL; #endif - ExpectIntGT((len = CreatePKCS7SignedData(data, len, content, + ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content, (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0); - ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, len)); + ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len)); ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_FAILURE); PKCS7_free(pkcs7); @@ -53269,7 +66427,7 @@ static int test_wolfssl_PKCS7(void) /* fail case, without PKCS7_NOVERIFY */ p = data; - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, 0), WOLFSSL_FAILURE); PKCS7_free(pkcs7); @@ -53277,7 +66435,7 @@ static int test_wolfssl_PKCS7(void) /* success case, with PKCS7_NOVERIFY */ p = data; - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_SUCCESS); @@ -53385,7 +66543,7 @@ static int test_wolfSSL_PKCS7_sign(void) /* verify with wc_PKCS7_VerifySignedData */ ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); #ifndef NO_PKCS7_STREAM /* verify with wc_PKCS7_VerifySignedData streaming */ @@ -53472,7 +66630,7 @@ static int test_wolfSSL_PKCS7_sign(void) p7Ver->content = data; p7Ver->contentSz = sizeof(data); } - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); wc_PKCS7_Free(p7Ver); p7Ver = NULL; @@ -53529,7 +66687,7 @@ static int test_wolfSSL_PKCS7_sign(void) p7Ver->content = data; p7Ver->contentSz = sizeof(data); } - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); wc_PKCS7_Free(p7Ver); p7Ver = NULL; @@ -53724,6 +66882,7 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void) } #ifdef HAVE_SMIME +/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */ static int test_wolfSSL_SMIME_read_PKCS7(void) { EXPECT_DECLS; @@ -53749,7 +66908,10 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) ExpectNotNull(pkcs7); ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); - XFCLOSE(smimeTestFile); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } if (bcont) BIO_free(bcont); bcont = NULL; wolfSSL_PKCS7_free(pkcs7); @@ -53757,12 +66919,16 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) /* smime-test-multipart.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r"); + ExpectFalse(smimeTestFile == XBADFILE); ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); ExpectNotNull(pkcs7); ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); - XFCLOSE(smimeTestFile); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } if (bcont) BIO_free(bcont); bcont = NULL; wolfSSL_PKCS7_free(pkcs7); @@ -53770,12 +66936,16 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) /* smime-test-multipart-badsig.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r"); + ExpectFalse(smimeTestFile == XBADFILE); ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */ ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE); - XFCLOSE(smimeTestFile); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } if (bcont) BIO_free(bcont); bcont = NULL; wolfSSL_PKCS7_free(pkcs7); @@ -53783,12 +66953,16 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) /* smime-test-canon.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r"); + ExpectFalse(smimeTestFile == XBADFILE); ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); ExpectNotNull(pkcs7); ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); - XFCLOSE(smimeTestFile); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } if (bcont) BIO_free(bcont); bcont = NULL; wolfSSL_PKCS7_free(pkcs7); @@ -53796,6 +66970,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */ smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r"); + ExpectFalse(smimeTestFile == XBADFILE); ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); ExpectNotNull(pkcs7); @@ -53815,6 +66990,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void) #endif return EXPECT_RESULT(); } +/* // NOLINTEND(clang-analyzer-unix.Stream) */ static int test_wolfSSL_SMIME_write_PKCS7(void) { @@ -54149,7 +67325,8 @@ static int test_X509_LOOKUP_add_dir(void) /* Now we SHOULD get CRL_MISSING, because we looked for PEM * in dir containing only ASN1/DER. */ ExpectIntEQ(X509_verify_cert(storeCtx), WOLFSSL_FAILURE); - ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_MISSING); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + X509_V_ERR_UNABLE_TO_GET_CRL); X509_CRL_free(crl); X509_STORE_free(store); @@ -54211,7 +67388,7 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz, (void)ca; #endif - ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, + ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, (long int)cert_sz, WOLFSSL_FILETYPE_ASN1); /* Let ExpectIntEQ handle return code */ @@ -54232,13 +67409,17 @@ static int test_RsaSigFailure_cm(void) size_t cert_sz = 0; ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0); - if (cert_buf != NULL) { + if ((cert_buf != NULL) && (cert_sz > 0)) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; /* test bad cert */ #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* RSA verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), ASN_SIG_CONFIRM_E); @@ -54264,7 +67445,7 @@ static int test_EccSigFailure_cm(void) size_t cert_sz = 0; ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0); - if (cert_buf != NULL) { + if (cert_buf != NULL && cert_sz > 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; @@ -54272,6 +67453,10 @@ static int test_EccSigFailure_cm(void) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* ECC verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), ASN_SIG_CONFIRM_E); @@ -54337,7 +67522,7 @@ static int test_tls13_apis(void) #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) int groups[2] = { WOLFSSL_ECC_SECP256R1, -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER WOLFSSL_KYBER_LEVEL1 #else WOLFSSL_ECC_SECP256R1 @@ -54350,21 +67535,27 @@ static int test_tls13_apis(void) #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) char groupList[] = +#ifdef HAVE_CURVE25519 + "X25519:" +#endif +#ifdef HAVE_CURVE448 + "X448:" +#endif #ifndef NO_ECC_SECP #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - "P-521:" + "P-521:secp521r1:" #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - "P-384:" + "P-384:secp384r1:" #endif #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - "P-256" -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) + "P-256:secp256r1" +#if defined(WOLFSSL_HAVE_KYBER) ":P256_KYBER_LEVEL1" #endif #endif #endif /* !defined(NO_ECC_SECP) */ -#ifdef HAVE_PQC +#if defined(WOLFSSL_HAVE_KYBER) ":KYBER_LEVEL1" #endif ""; @@ -54497,7 +67688,7 @@ static int test_tls13_apis(void) #endif #endif -#if defined(HAVE_PQC) +#if defined(WOLFSSL_HAVE_KYBER) ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3), @@ -54654,7 +67845,7 @@ static int test_tls13_apis(void) #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), - BAD_FUNC_ARG); + WOLFSSL_SUCCESS); #endif ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); @@ -54678,7 +67869,7 @@ static int test_tls13_apis(void) #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), - BAD_FUNC_ARG); + WOLFSSL_SUCCESS); #endif ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); @@ -54705,7 +67896,7 @@ static int test_tls13_apis(void) #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), - WOLFSSL_FAILURE); + WOLFSSL_SUCCESS); #endif ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), WOLFSSL_SUCCESS); @@ -54723,7 +67914,7 @@ static int test_tls13_apis(void) #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), - WOLFSSL_FAILURE); + WOLFSSL_SUCCESS); #endif ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), WOLFSSL_SUCCESS); @@ -55594,7 +68785,8 @@ static int test_wolfSSL_X509_load_crl_file(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) int i; char pem[][100] = { "./certs/crl/crl.pem", @@ -55710,8 +68902,7 @@ static int test_wolfSSL_i2d_X509(void) ExpectIntGT(i2d_X509(cert, &tmp), 0); ExpectPtrGT(tmp, out); - if (out != NULL) - XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); X509_free(cert); #endif return EXPECT_RESULT(); @@ -55916,6 +69107,25 @@ static int test_wolfSSL_PEM_read(void) size_t fileDataSz = 0; byte* out; + ExpectNotNull(bio = BIO_new_file(filename, "rb")); + ExpectIntEQ(PEM_read_bio(bio, NULL, &header, &data, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, NULL, &data, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, &header, NULL, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, NULL), 0); + + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1); + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntGT(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + name = NULL; + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + header = NULL; + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = NULL; + BIO_free(bio); + bio = NULL; + ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE); /* Fail cases. */ @@ -55953,6 +69163,26 @@ static int test_wolfSSL_PEM_read(void) ExpectIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); + /* Fail cases. */ + ExpectIntEQ(PEM_write(XBADFILE, name, header, data, len), 0); + ExpectIntEQ(PEM_write(stderr, NULL, header, data, len), 0); + ExpectIntEQ(PEM_write(stderr, name, NULL, data, len), 0); + ExpectIntEQ(PEM_write(stderr, name, header, NULL, len), 0); + /* Pass case */ + ExpectIntEQ(PEM_write(stderr, name, header, data, len), fileDataSz); + + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + name = NULL; + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + header = NULL; + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = NULL; + /* Read out of a fixed buffer BIO - forces malloc in PEM_read_bio. */ + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1); + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntGT(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + /* Fail cases. */ ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE); ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE); @@ -55963,6 +69193,8 @@ static int test_wolfSSL_PEM_read(void) #endif /* Fail cases. */ + ExpectIntEQ(PEM_do_header(NULL, data, &len, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_FAILURE); ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_FAILURE); ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack, @@ -55970,9 +69202,14 @@ static int test_wolfSSL_PEM_read(void) ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL, (void*)"yassl123"), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_do_header(&cipher, data, &len, NoPasswordCallBack, + (void*)"yassl123"), WOLFSSL_FAILURE); #if !defined(NO_DES3) && !defined(NO_MD5) ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_FAILURE); #endif BIO_free(bio); @@ -57561,6 +70798,156 @@ static int test_wolfSSL_X509_STORE_get1_certs(void) #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ return EXPECT_RESULT(); } + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) +static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + X509_CRL *crl = NULL; + XFILE fp = XBADFILE; + char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + int ret = 0; + + (void)ctx; + + if (cert_issuer == NULL) + return 0; + + if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { + PEM_read_X509_CRL(fp, &crl, NULL, NULL); + XFCLOSE(fp); + if (crl != NULL) { + char* crl_issuer = X509_NAME_oneline( + X509_CRL_get_issuer(crl), NULL, 0); + if ((crl_issuer != NULL) && + (XSTRCMP(cert_issuer, crl_issuer) == 0)) { + *crl_out = X509_CRL_dup(crl); + if (*crl_out != NULL) + ret = 1; + } + OPENSSL_free(crl_issuer); + } + } + + X509_CRL_free(crl); + OPENSSL_free(cert_issuer); + return ret; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + (void)ctx; + (void)cert; + *crl_out = NULL; + return 1; +} + +#ifndef NO_WOLFSSL_STUB +static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, + X509_CRL* crl) { + (void)ctx; + (void)crl; + return 1; +} +#endif + +static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, + X509_STORE_CTX* ctx) { + int cert_error = X509_STORE_CTX_get_error(ctx); + X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); + int flags = X509_VERIFY_PARAM_get_flags(param); + if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != + (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { + /* Make sure the flags are set */ + return 0; + } + /* Ignore CRL missing error */ +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + if (cert_error == CRL_MISSING) +#else + if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) +#endif + return 1; + return ok; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + X509_VERIFY_PARAM* param = NULL; + + SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider2); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + X509_STORE_set_verify_cb(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_verify); + ExpectNotNull(param = X509_STORE_get0_param(cert_store)); + ExpectIntEQ(X509_VERIFY_PARAM_set_flags( + param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + ExpectIntEQ(X509_STORE_set_flags(cert_store, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + + return EXPECT_RESULT(); +} +#endif + +/* This test mimics the usage of the CRL provider in gRPC */ +static int test_wolfSSL_X509_STORE_set_get_crl(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + + static int test_wolfSSL_dup_CA_list(void) { int res = TEST_SKIPPED; @@ -57579,7 +70966,10 @@ static int test_wolfSSL_dup_CA_list(void) for (i = 0; i < 3; i++) { name = X509_NAME_new(); ExpectNotNull(name); - AssertIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS); + ExpectIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + X509_NAME_free(name); + } } copyStack = SSL_dup_CA_list(originalStack); @@ -57587,7 +70977,7 @@ static int test_wolfSSL_dup_CA_list(void) originalCount = sk_X509_NAME_num(originalStack); copyCount = sk_X509_NAME_num(copyStack); - AssertIntEQ(originalCount, copyCount); + ExpectIntEQ(originalCount, copyCount); sk_X509_NAME_pop_free(originalStack, X509_NAME_free); sk_X509_NAME_pop_free(copyStack, X509_NAME_free); @@ -60470,6 +73860,7 @@ static int test_wolfSSL_EC_POINT(void) EC_POINT* Gxy = NULL; EC_POINT* new_point = NULL; EC_POINT* set_point = NULL; + EC_POINT* get_point = NULL; EC_POINT* infinity = NULL; BIGNUM* k = NULL; BIGNUM* Gx = NULL; @@ -60487,6 +73878,14 @@ static int test_wolfSSL_EC_POINT(void) "77037D812DEB33A0F4A13945D898C296"; const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" "2BCE33576B315ECECBB6406837BF51F5"; + const char* uncompG + = "046B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5"; + const char* compG + = "036B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296"; #ifndef HAVE_SELFTEST EC_POINT *tmp = NULL; @@ -60495,10 +73894,6 @@ static int test_wolfSSL_EC_POINT(void) unsigned char* buf = NULL; unsigned char bufInf[1] = { 0x00 }; - const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F2" - "77037D812DEB33A0F4A13945D898C296" - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" - "2BCE33576B315ECECBB6406837BF51F5"; const unsigned char binUncompG[] = { 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, @@ -60516,8 +73911,6 @@ static int test_wolfSSL_EC_POINT(void) 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, }; - const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F2" - "77037D812DEB33A0F4A13945D898C296"; #ifdef HAVE_COMP_KEY const unsigned char binCompG[] = { 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, @@ -60742,7 +74135,6 @@ static int test_wolfSSL_EC_POINT(void) #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); -#ifndef HAVE_SELFTEST /* Test point to hex */ ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, ctx)); @@ -60759,13 +74151,22 @@ static int test_wolfSSL_EC_POINT(void) hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx); ExpectNotNull(hexStr); ExpectStrEQ(hexStr, uncompG); + ExpectNotNull(get_point = EC_POINT_hex2point(group, hexStr, NULL, ctx)); + ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0); XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); ExpectNotNull(hexStr); ExpectStrEQ(hexStr, compG); + #ifdef HAVE_COMP_KEY + ExpectNotNull(get_point = EC_POINT_hex2point + (group, hexStr, get_point, ctx)); + ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0); + #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + EC_POINT_free(get_point); +#ifndef HAVE_SELFTEST /* Test point to oct */ ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 0); @@ -61614,6 +75015,16 @@ static int test_wolfSSL_ECDSA_SIG(void) ExpectIntEQ((p == outSig + 8), 1); ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0); + p = NULL; + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8); +#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC + ExpectNull(p); +#else + ExpectNotNull(p); + ExpectIntEQ(XMEMCMP(p, outSig, 8), 0); + XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + wolfSSL_ECDSA_SIG_free(sig); #endif return EXPECT_RESULT(); @@ -61645,14 +75056,14 @@ static int test_ECDSA_size_sign(void) ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0); ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0); ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0); - ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, NULL), 0); - ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, sigSz, key), 0); - ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, sigSz, key), 0); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, NULL), 0); + ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, (int)sigSz, key), 0); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, (int)sigSz, key), 0); ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1); ExpectIntGE(ECDSA_size(key), sigSz); - ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1); - ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, sigSz, key), 0); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, key), 1); + ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, (int)sigSz, key), 0); ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL)); ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key)); @@ -61905,8 +75316,15 @@ static int test_stubs_are_stubs(void) CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN); + /* when implemented this should take WOLFSSL object instead, right now + * always returns 0 */ + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); + wolfSSL_CTX_free(ctx); ctx = NULL; + + ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported"); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT || * !NO_WOLFSSL_SERVER) */ return EXPECT_RESULT(); @@ -62053,7 +75471,8 @@ static int test_wolfSSL_CTX_LoadCRL(void) return EXPECT_RESULT(); } -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx) { EXPECT_DECLS; @@ -62067,7 +75486,8 @@ static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx) static int test_multiple_crls_same_issuer(void) { EXPECT_DECLS; -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) test_ssl_cbf client_cbs, server_cbs; struct { const char* server_cert; @@ -62830,7 +76250,8 @@ static int test_wolfSSL_dtls_AEAD_limit(void) #endif #if defined(WOLFSSL_DTLS) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ + !defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING) static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl) { int fd, ret; @@ -63143,9 +76564,7 @@ static int test_wolfSSL_dtls_stateless(void) #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; @@ -63361,10 +76780,12 @@ static int test_various_pathlen_chains(void) #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); wolfSSL_CertManagerFree(cm); + cm = NULL; ExpectNotNull(cm = wolfSSL_CertManagerNew()); ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); wolfSSL_CertManagerFree(cm); + cm = NULL; /* Test chain J (Again only first ICA has pathLen set and it's set to 2, * this time followed by 3 ICA's, should fail */ @@ -63372,6 +76793,7 @@ static int test_various_pathlen_chains(void) ExpectIntLT(test_chainJ(cm), 0); ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); wolfSSL_CertManagerFree(cm); + cm = NULL; ExpectNotNull(cm = wolfSSL_CertManagerNew()); ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); @@ -63450,6 +76872,19 @@ static int test_wolfSSL_THREADID_hash(void) #endif /* OPENSSL_EXTRA */ return EXPECT_RESULT(); } +static int test_wolfSSL_set_ecdh_auto(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL* ssl = NULL; + + ExpectIntEQ(SSL_set_ecdh_auto(NULL,0), 1); + ExpectIntEQ(SSL_set_ecdh_auto(NULL,1), 1); + ExpectIntEQ(SSL_set_ecdh_auto(ssl,0), 1); + ExpectIntEQ(SSL_set_ecdh_auto(ssl,1), 1); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} static int test_wolfSSL_CTX_set_ecdh_auto(void) { EXPECT_DECLS; @@ -63753,6 +77188,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void) wolfSSL_CTX_free(ctx); ctx = NULL; + #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_TLSV10 ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method())); #else @@ -63767,6 +77203,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void) #endif wolfSSL_CTX_free(ctx); ctx = NULL; + #endif ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), @@ -64813,9 +78250,11 @@ static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer, (void)encInfo; /* not used in this test */ #ifdef DEBUG_WOLFSSL - fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n", - (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz, - (*pDer)->length); + if (*pDer != NULL) { + fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n", + (ret == 0) ? "Success" : "Failure", ret, privKeyFile, + (int)key_sz, (*pDer)->length); + } #endif return ret; @@ -65270,11 +78709,16 @@ static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) ExpectNotNull((ssl1 = wolfSSL_new(ctx))); ExpectNotNull((ssl2 = wolfSSL_new(ctx))); + +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* this should fail because kMaxCtxClients == 2 */ ExpectNull((ssl3 = wolfSSL_new(ctx))); +#else + (void)ssl3; +#endif if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) { - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) wolfSSL_PrintStatsConn(&ssl_stats); #endif (void)ssl_stats; @@ -65282,7 +78726,7 @@ static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) /* display collected statistics */ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) { - #ifdef DEBUG_WOLFSSL + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) wolfSSL_PrintStats(&mem_stats); #endif (void)mem_stats; @@ -65721,6 +79165,7 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void) /* CH without cookie shouldn't change state */ ExpectIntEQ(ssl_s->max_fragment, max_fragment); ExpectIntNE(test_ctx.c_len, 0); + /* consume HRR from buffer */ test_ctx.c_len = 0; ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); @@ -65973,7 +79418,9 @@ static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler) sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5, handshake, 0, 0, 0); + AssertIntGT(sz, 0); test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl); + AssertNotNull(test_ctx); ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx); return !(ret == sz); } @@ -66070,8 +79517,16 @@ static int test_ticket_nonce_malloc(void) } small = TLS13_TICKET_NONCE_STATIC_SZ; - medium = small + 20 <= 255 ? small + 20 : 255; - big = medium + 20 <= 255 ? small + 20 : 255; +#if TLS13_TICKET_NONCE_STATIC_SZ + 20 <= 255 + medium = small + 20; +#else + medium = 255; +#endif +#if TLS13_TICKET_NONCE_STATIC_SZ + 20 + 20 <= 255 + big = small + 20; +#else + big = 255; +#endif ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS); ExpectPtrEq(ssl_c->session->ticketNonce.data, @@ -66610,7 +80065,7 @@ static int test_extra_alerts_wrong_cs(void) ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); - ExpectIntEQ(h.last_tx.code, illegal_parameter); + ExpectIntEQ(h.last_tx.code, handshake_failure); ExpectIntEQ(h.last_tx.level, alert_fatal); wolfSSL_free(ssl_c); @@ -66625,6 +80080,67 @@ static int test_extra_alerts_wrong_cs(void) } #endif +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + +#define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384" + +byte test_wrong_cs_downgrade_sh[] = { + 0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0x10, + 0x2c, 0x88, 0xd9, 0x7a, 0x23, 0xc9, 0xbd, 0x11, 0x3b, 0x64, 0x24, 0xab, + 0x5b, 0x45, 0x33, 0xf6, 0x2c, 0x34, 0xe4, 0xcf, 0xf4, 0x78, 0xc8, 0x62, + 0x06, 0xc7, 0xe5, 0x30, 0x39, 0xbf, 0xa1, 0x20, 0xa3, 0x06, 0x74, 0xc3, + 0xa9, 0x74, 0x52, 0x8a, 0xfb, 0xae, 0xf0, 0xd8, 0x6f, 0xb2, 0x9d, 0xfe, + 0x78, 0xf0, 0x3f, 0x51, 0x8f, 0x9c, 0xcf, 0xbe, 0x61, 0x43, 0x9d, 0xf8, + 0x85, 0xe5, 0x2f, 0x54, + 0xc0, 0x2f, /* ECDHE-RSA-AES128-GCM-SHA256 */ + 0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00, + 0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00 +}; + +static int test_wrong_cs_downgrade(void) +{ + EXPECT_DECLS; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfSSLv23_client_method, NULL), 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, TEST_CS_DOWNGRADE_CLIENT), + WOLFSSL_SUCCESS); + + /* CH */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + + /* consume CH */ + test_ctx.s_len = 0; + /* inject SH */ + XMEMCPY(test_ctx.c_buff, test_wrong_cs_downgrade_sh, + sizeof(test_wrong_cs_downgrade_sh)); + test_ctx.c_len = sizeof(test_wrong_cs_downgrade_sh); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + MATCH_SUITE_ERROR); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} +#else +static int test_wrong_cs_downgrade(void) +{ + return TEST_SKIPPED; +} +#endif + #if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) && \ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH) @@ -66650,7 +80166,7 @@ static int test_remove_hs_msg_from_buffer(byte *buf, int *len, byte type, word32 hLength; idx = buf; - tail_len = *len; + tail_len = (unsigned int)*len; *found = 0; while (tail_len > _RECORD_HEADER_SZ) { curr = idx; @@ -66826,7 +80342,7 @@ static int test_extra_alerts_bad_psk(void) WOLFSSL_ERROR_WANT_READ); ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); - ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); @@ -67113,7 +80629,7 @@ static int test_override_alt_cert_chain(void) #define svrRpkCertFile "./certs/rpk/server-cert-rpk.der" #define clntRpkCertFile "./certs/rpk/client-cert-rpk.der" -#if defined(WOLFSSL_ALWAYS_VERIFY_CB) +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx) { int ret = WOLFSSL_SUCCESS; @@ -67122,7 +80638,7 @@ static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx) WOLFSSL_ENTER("MyRpkVerifyCb"); return ret; } -#endif /* WOLFSSL_ALWAYS_VERIFY_CB */ +#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */ static WC_INLINE int test_rpk_memio_setup( struct test_memio_ctx *ctx, @@ -67227,7 +80743,7 @@ static int test_rpk_set_xxx_cert_type(void) WOLFSSL* ssl = NULL; int tp; - ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + ctx = wolfSSL_CTX_new(wolfTLS_client_method()); ExpectNotNull(ctx); ssl = wolfSSL_new(ctx); @@ -67454,8 +80970,10 @@ static int test_rpk_set_xxx_cert_type(void) static int test_tls13_rpk_handshake(void) { EXPECT_DECLS; -#if defined(HAVE_RPK) +#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#ifdef WOLFSSL_TLS13 int ret = 0; +#endif WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; @@ -67464,7 +80982,10 @@ static int test_tls13_rpk_handshake(void) char certType_s[MAX_CLIENT_CERT_TYPE_CNT]; int typeCnt_c; int typeCnt_s; - int tp; + int tp = 0; +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) + int isServer; +#endif (void)err; (void)typeCnt_c; @@ -67472,6 +80993,7 @@ static int test_tls13_rpk_handshake(void) (void)certType_c; (void)certType_s; +#ifndef WOLFSSL_NO_TLS12 /* TLS1.2 * Both client and server load x509 cert and start handshaking. * Check no negotiation occurred. @@ -67529,7 +81051,9 @@ static int test_tls13_rpk_handshake(void) wolfSSL_CTX_free(ctx_s); ssl_c = ssl_s = NULL; ctx_c = ctx_s = NULL; +#endif +#ifdef WOLFSSL_TLS13 /* Both client and server load x509 cert and start handshaking. * Check no negotiation occurred. */ @@ -67653,8 +81177,10 @@ static int test_tls13_rpk_handshake(void) wolfSSL_CTX_free(ctx_s); ssl_c = ssl_s = NULL; ctx_c = ctx_s = NULL; +#endif +#ifndef WOLFSSL_NO_TLS12 /* TLS1.2 * Both client and server load RPK cert and start handshaking. * Confirm negotiated cert types match as expected. @@ -67720,8 +81246,10 @@ static int test_tls13_rpk_handshake(void) wolfSSL_CTX_free(ctx_s); ssl_c = ssl_s = NULL; ctx_c = ctx_s = NULL; +#endif +#ifdef WOLFSSL_TLS13 /* Both client and server load x509 cert. * Have client call set_client_cert_type with both RPK and x509. * This doesn't makes client add client cert type extension to ClientHello, @@ -68084,7 +81612,7 @@ static int test_tls13_rpk_handshake(void) WOLFSSL_SUCCESS); /* set certificate verify callback to both client and server */ - int isServer = 0; + isServer = 0; wolfSSL_SetCertCbCtx(ssl_c, &isServer); wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb); @@ -68119,8 +81647,9 @@ static int test_tls13_rpk_handshake(void) ssl_c = ssl_s = NULL; ctx_c = ctx_s = NULL; #endif /* WOLFSSL_ALWAYS_VERIFY_CB */ +#endif /* WOLFSSL_TLS13 */ -#endif /* HAVE_RPK */ +#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */ return EXPECT_RESULT(); } @@ -68666,6 +82195,34 @@ static int test_dtls_no_extensions(void) return EXPECT_RESULT(); } +static int test_tls_alert_no_server_hello(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) + WOLFSSL *ssl_c = NULL; + WOLFSSL_CTX *ctx_c = NULL; + struct test_memio_ctx test_ctx; + unsigned char alert_msg[] = { 0x15, 0x03, 0x01, 0x00, 0x02, 0x02, 0x28 }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ssl_c = NULL; + ctx_c = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_2_client_method, NULL), 0); + + XMEMCPY(test_ctx.c_buff, alert_msg, sizeof(alert_msg)); + test_ctx.c_len = sizeof(alert_msg); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), FATAL_ERROR); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + static int test_TLSX_CA_NAMES_bad_extension(void) { EXPECT_DECLS; @@ -69533,7 +83090,8 @@ static int test_certreq_sighash_algos(void) return EXPECT_RESULT(); } -#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx) { EXPECT_DECLS; @@ -69583,7 +83141,8 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx) static int test_revoked_loaded_int_cert(void) { EXPECT_DECLS; -#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; struct { @@ -69616,18 +83175,13 @@ static int test_revoked_loaded_int_cert(void) ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, &server_cbf, NULL), TEST_FAIL); -#ifndef WOLFSSL_HAPROXY ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED); -#else - ExpectIntEQ(client_cbf.last_err, WOLFSSL_X509_V_ERR_CERT_REVOKED); -#endif ExpectIntEQ(server_cbf.last_err, FATAL_ERROR); if (!EXPECT_SUCCESS()) break; printf("\t%s passed\n", test_params[i].certPemFile); } - #endif return EXPECT_RESULT(); } @@ -69904,6 +83458,59 @@ static int test_dtls_empty_keyshare_with_cookie(void) return EXPECT_RESULT(); } +static int test_dtls_old_seq_number(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client second flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Modify the sequence number */ + { + DtlsRecordLayerHeader* dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff; + XMEMSET(dtlsRH->sequence_number, 0, sizeof(dtlsRH->sequence_number)); + } + /* Server second flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Server should not do anything as a pkt was dropped */ + ExpectIntEQ(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.s_len, 0); + /* Trigger rtx */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + + /* Complete connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ defined(HAVE_LIBOQS) static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) @@ -70401,7 +84008,7 @@ static int test_read_write_hs(void) WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL; WOLFSSL *ssl_s = NULL, *ssl_c = NULL; struct test_memio_ctx test_ctx; - uint8_t test_buffer[16]; + byte test_buffer[16]; unsigned int test; /* test == 0 : client writes, server reads */ @@ -70817,6 +84424,131 @@ static int test_tls_cert_store_unchanged(void) return EXPECT_RESULT(); } +static int test_wolfSSL_SendUserCanceled(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) +/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */ + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }, +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, +#endif +#endif +#if !defined(NO_OLD_TLS) + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, +#endif +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + + printf("Testing %s\n", params[i].tls_version); + + XMEMSET(&h, 0, sizeof(h)); + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectIntEQ(wolfSSL_SendUserCanceled(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + + /* Alert closed connection */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_ZERO_RETURN); + + /* Last alert will be close notify because user_canceled should be + * followed by a close_notify */ + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.code, close_notify); + ExpectIntEQ(h.last_rx.level, alert_warning); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(WOLFSSL_NO_TLS12) +static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz, + byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) +{ + (void)ctx; + (void)url; + (void)urlSz; + (void)ocspReqBuf; + (void)ocspReqSz; + (void)ocspRespBuf; + return -1; +} +static int test_ocsp_callback_fails(void) +{ + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + EXPECT_DECLS; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl_c, WOLFSSL_CSR_OCSP,0), WOLFSSL_SUCCESS); + /* override URL to avoid exing from SendCertificateStatus because of no AuthInfo on the certificate */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx_s, "http://dummy.test"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx_s, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), OCSP_INVALID_STATUS); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_ocsp_callback_fails(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) */ + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -70844,6 +84576,8 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfCrypt_Init), + TEST_DECL(test_wc_LoadStaticMemory_ex), + /* Locking with Compat Mutex */ TEST_DECL(test_wc_SetMutexCb), TEST_DECL(test_wc_LockMutex_ex), @@ -71045,6 +84779,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_RsaPrivateKeyDecode), TEST_DECL(test_wc_RsaPublicKeyDecode), TEST_DECL(test_wc_RsaPublicKeyDecodeRaw), + TEST_DECL(test_wc_RsaPrivateKeyDecodeRaw), TEST_DECL(test_wc_MakeRsaKey), TEST_DECL(test_wc_CheckProbablePrime), TEST_DECL(test_wc_RsaPSS_Verify), @@ -71173,6 +84908,23 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_Ed448PublicKeyToDer), TEST_DECL(test_wc_Ed448KeyToDer), TEST_DECL(test_wc_Ed448PrivateKeyToDer), + TEST_DECL(test_wc_Curve448PrivateKeyToDer), + + /* Kyber */ + TEST_DECL(test_wc_kyber_make_key_kats), + TEST_DECL(test_wc_kyber_encapsulate_kats), + TEST_DECL(test_wc_kyber_decapsulate_kats), + + /* Dilithium */ + TEST_DECL(test_wc_dilithium), + TEST_DECL(test_wc_dilithium_make_key), + TEST_DECL(test_wc_dilithium_sign), + TEST_DECL(test_wc_dilithium_verify), + TEST_DECL(test_wc_dilithium_check_key), + TEST_DECL(test_wc_dilithium_public_der_decode), + TEST_DECL(test_wc_dilithium_der), + TEST_DECL(test_wc_dilithium_make_key_from_seed), + TEST_DECL(test_wc_dilithium_verify_kats), /* Signature API */ TEST_DECL(test_wc_SignatureGetSize_ecc), @@ -71204,6 +84956,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_ParseCert), TEST_DECL(test_wc_ParseCert_Error), TEST_DECL(test_MakeCertWithPathLen), + TEST_DECL(test_MakeCertWith0Ser), TEST_DECL(test_MakeCertWithCaFalse), TEST_DECL(test_wc_SetKeyUsage), TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex), @@ -71217,6 +84970,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_PKCS7_EncodeData), TEST_DECL(test_wc_PKCS7_EncodeSignedData), TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex), + TEST_DECL(test_wc_PKCS7_EncodeSignedData_absent), TEST_DECL(test_wc_PKCS7_VerifySignedData_RSA), TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC), TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData), @@ -71290,9 +85044,14 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_certs), TEST_DECL(test_wolfSSL_private_keys), + TEST_DECL(test_wolfSSL_PEM_def_callback), TEST_DECL(test_wolfSSL_PEM_read_PrivateKey), TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY), TEST_DECL(test_wolfSSL_PEM_read_PUBKEY), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_rsa), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_ecc), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_dsa), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_dh), TEST_DECL(test_wolfSSL_PEM_PrivateKey), TEST_DECL(test_wolfSSL_PEM_file_RSAKey), TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey), @@ -71449,6 +85208,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_configure_args), TEST_DECL(test_wolfSSL_sk_SSL_CIPHER), TEST_DECL(test_wolfSSL_set1_curves_list), + TEST_DECL(test_wolfSSL_curves_mismatch), TEST_DECL(test_wolfSSL_set1_sigalgs_list), TEST_DECL(test_wolfSSL_OtherName), @@ -71477,6 +85237,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_X509_STORE_get0_objects), TEST_DECL(test_wolfSSL_X509_load_crl_file), TEST_DECL(test_wolfSSL_X509_STORE_get1_certs), + TEST_DECL(test_wolfSSL_X509_STORE_set_get_crl), TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object), TEST_DECL(test_wolfSSL_X509_cmp_time), TEST_DECL(test_wolfSSL_X509_time_adj), @@ -71515,6 +85276,12 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_PEM_read_X509), TEST_DECL(test_wolfSSL_X509_check_ca), TEST_DECL(test_wolfSSL_X509_check_ip_asc), + TEST_DECL(test_wolfSSL_X509_bad_altname), + TEST_DECL(test_wolfSSL_X509_name_match), + TEST_DECL(test_wolfSSL_X509_name_match2), + TEST_DECL(test_wolfSSL_X509_name_match3), + TEST_DECL(test_wolfSSL_X509_max_altnames), + TEST_DECL(test_wolfSSL_X509_max_name_constraints), TEST_DECL(test_wolfSSL_make_cert), #ifndef NO_BIO @@ -71639,9 +85406,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_BIO_get_len), #endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_check_domain), -#endif TEST_DECL(test_wolfSSL_cert_cb), TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers), TEST_DECL(test_wolfSSL_ciphersuite_auth), @@ -71788,7 +85553,9 @@ TEST_CASE testCases[] = { #endif #ifdef OPENSSL_EXTRA + TEST_DECL(test_EC25519), TEST_DECL(test_ED25519), + TEST_DECL(test_EC448), TEST_DECL(test_ED448), #endif @@ -71820,9 +85587,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CertManagerCRL), TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_various_pathlen_chains), #endif @@ -71900,19 +85665,28 @@ TEST_CASE testCases[] = { TEST_DECL(test_SSL_CIPHER_get_xxx), TEST_DECL(test_wolfSSL_ERR_strings), TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), + TEST_DECL(test_wolfSSL_CTX_use_certificate), TEST_DECL(test_wolfSSL_CTX_use_certificate_file), TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), + TEST_DECL(test_wolfSSL_use_certificate_buffer), TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_PrivateKey), TEST_DECL(test_wolfSSL_CTX_load_verify_locations), /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_wolfSSL_CertRsaPss), +#endif TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), + TEST_DECL(test_wolfSSL_use_certificate_chain_file), TEST_DECL(test_wolfSSL_CTX_trust_peer_cert), TEST_DECL(test_wolfSSL_CTX_LoadCRL), TEST_DECL(test_multiple_crls_same_issuer), @@ -71969,6 +85743,7 @@ TEST_CASE testCases[] = { /* Can't memory test as server hangs. */ TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test), TEST_DECL(test_wolfSSL_Tls13_postauth), + TEST_DECL(test_wolfSSL_set_ecdh_auto), TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto), TEST_DECL(test_wolfSSL_set_minmax_proto_version), TEST_DECL(test_wolfSSL_CTX_set_max_proto_version), @@ -72014,6 +85789,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_UseOCSPStapling), TEST_DECL(test_wolfSSL_UseOCSPStaplingV2), TEST_DECL(test_self_signed_stapling), + TEST_DECL(test_ocsp_callback_fails), /* Multicast */ TEST_DECL(test_wolfSSL_mcast), @@ -72041,6 +85817,7 @@ TEST_CASE testCases[] = { /* Can't memory test as server Asserts in thread. */ TEST_DECL(test_wolfSSL_BIO_accept), TEST_DECL(test_wolfSSL_BIO_tls), + TEST_DECL(test_wolfSSL_BIO_datagram), #endif #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) @@ -72088,6 +85865,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_ticket_nonce_malloc), #endif TEST_DECL(test_ticket_ret_create), + TEST_DECL(test_wrong_cs_downgrade), TEST_DECL(test_extra_alerts_wrong_cs), TEST_DECL(test_extra_alerts_skip_hs), TEST_DECL(test_extra_alerts_bad_psk), @@ -72105,6 +85883,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_dtls_ipv6_check), TEST_DECL(test_wolfSSL_SCR_after_resumption), TEST_DECL(test_dtls_no_extensions), + TEST_DECL(test_tls_alert_no_server_hello), TEST_DECL(test_TLSX_CA_NAMES_bad_extension), TEST_DECL(test_dtls_1_0_hvr_downgrade), TEST_DECL(test_session_ticket_no_id), @@ -72120,6 +85899,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_dtls_frag_ch), TEST_DECL(test_dtls13_frag_ch_pq), TEST_DECL(test_dtls_empty_keyshare_with_cookie), + TEST_DECL(test_dtls_old_seq_number), TEST_DECL(test_tls13_pq_groups), TEST_DECL(test_tls13_early_data), TEST_DECL(test_tls_multi_handshakes_one_record), @@ -72127,6 +85907,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_read_write_hs), TEST_DECL(test_get_signature_nid), TEST_DECL(test_tls_cert_store_unchanged), + TEST_DECL(test_wolfSSL_SendUserCanceled), /* This test needs to stay at the end to clean up any caches allocated. */ TEST_DECL(test_wolfSSL_Cleanup) }; diff --git a/tests/hash.c b/tests/hash.c index a2ecf58b5e..1ebbc61998 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,6 +1,6 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/tests/quic.c b/tests/quic.c index a044343994..bc93c4a7d9 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -1,6 +1,6 @@ /* quic.c QUIC unit tests * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -569,10 +569,10 @@ static int ctx_session_ticket_cb(WOLFSSL* ssl, } memset(ctx->ticket, 0, sizeof(ctx->ticket)); ctx->ticket_len = (word32)ticketSz; - memcpy(ctx->ticket, ticket, ticketSz); + memcpy(ctx->ticket, ticket, (size_t)ticketSz); if (ctx->verbose) { printf("Session Ticket[%s]: ", ctx->name); - dump_buffer("", ticket, ticketSz, 4); + dump_buffer("", ticket, (size_t)ticketSz, 4); } return 0; } @@ -848,7 +848,7 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i rec_name = "Finished"; break; default: - sprintf(lbuffer, "%d", rec_type); + (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type); rec_name = lbuffer; break; } @@ -931,7 +931,7 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data, if (ret < 0) { int err = wolfSSL_get_error(conv->client->ssl, ret); char lbuffer[1024]; - printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, wolfSSL_ERR_error_string(err, lbuffer)); + printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, wolfSSL_ERR_error_string((unsigned long)err, lbuffer)); AssertTrue(0); } *pwritten = (size_t)written; @@ -991,7 +991,7 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail) } } else if (n > 0) { - conv->early_data_len += n; + conv->early_data_len += (size_t)n; if (conv->verbose) printf("RECVed early data, len now=%d\n", (int)conv->early_data_len); } @@ -1382,10 +1382,10 @@ static int test_quic_resumption(int verbose) { * a session works. */ AssertTrue(tclient.ticket_len > 0); AssertNotNull(session = wolfSSL_get1_session(tclient.ssl)); - AssertTrue((session_size = wolfSSL_i2d_SSL_SESSION(session, NULL)) > 0); + AssertTrue((session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, NULL)) > 0); AssertTrue((size_t)session_size < sizeof(session_buffer)); session_data2 = session_data = session_buffer; - session_size = wolfSSL_i2d_SSL_SESSION(session, &session_data); + session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, &session_data); session_restored = wolfSSL_d2i_SSL_SESSION(NULL, &session_data2, session_size); AssertNotNull(session_restored); @@ -1550,7 +1550,7 @@ static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) return -1; } data = ctx->session; - ctx->session_len = wolfSSL_i2d_SSL_SESSION(session, &data); + ctx->session_len = (word32)wolfSSL_i2d_SSL_SESSION(session, &data); if (ctx->verbose) { printf("[%s]", ctx->name); dump_buffer(" new SESSION", ctx->session, ctx->session_len, 4); diff --git a/tests/srp.c b/tests/srp.c index a890f3cc1b..0a41361ced 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -1,6 +1,6 @@ /* srp.c SRP unit tests * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/tests/suites.c b/tests/suites.c index e95ff933c9..5c367fe9c9 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -154,7 +154,7 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc) printf("suite too long!\n"); return 0; } - XMEMCPY(suite, begin, len); + XMEMCPY(suite, begin, (size_t) len); suite[len] = '\0'; } else @@ -660,7 +660,7 @@ static void test_harness(void* vargs) return; } - script = (char*)malloc(sz+1); + script = (char*)malloc((size_t)(sz+1)); if (script == 0) { fprintf(stderr, "unable to allocate script buffer\n"); fclose(file); @@ -668,7 +668,7 @@ static void test_harness(void* vargs) return; } - len = fread(script, 1, sz, file); + len = (long) fread(script, 1, (size_t)sz, file); if (len != sz) { fprintf(stderr, "read error\n"); fclose(file); @@ -1060,7 +1060,9 @@ int SuiteTest(int argc, char** argv) #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \ defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \ /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \ - !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) + !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \ + /* only supported with newer ASN template code */ \ + defined(WOLFSSL_ASN_TEMPLATE) /* TLS non-NIST curves (Koblitz / Brainpool) */ XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1])); diff --git a/tests/test-dtls13-downgrade.conf b/tests/test-dtls13-downgrade.conf index bda26666cd..931cc6b8c5 100644 --- a/tests/test-dtls13-downgrade.conf +++ b/tests/test-dtls13-downgrade.conf @@ -41,3 +41,16 @@ -7 2 -u -l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + +# server DTLSv1.2 - PSK +-v 3 +-u +-s +-l ECDHE-PSK-AES128-GCM-SHA256 + +# client DTLS PSK multiversion, allow downgrade +-vd +-7 2 +-u +-s +-l ECDHE-PSK-AES128-GCM-SHA256 diff --git a/tests/test-ecc-cust-curves.conf b/tests/test-ecc-cust-curves.conf index 697d96796e..6f24783e86 100644 --- a/tests/test-ecc-cust-curves.conf +++ b/tests/test-ecc-cust-curves.conf @@ -179,3 +179,19 @@ -k ./certs/ecc/bp256r1-key.pem -A ./certs/ecc/server-bp256r1-cert.pem -C + +# -- SECP256K1 without OID inside PKCS#8 -- +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ecc/server2-secp256k1-cert.pem +-k ./certs/ecc/secp256k1-privkey.pem +-d + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ecc/ca-secp256k1-cert.pem +-x +-C + diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf index 02512f4d6d..90f0c4bb43 100644 --- a/tests/test-tls13-down.conf +++ b/tests/test-tls13-down.conf @@ -108,3 +108,14 @@ # client TLSv 1.2 -v 3 -H exitWithRet + +# server TLSv1.2 - PSK +-v 3 +-s +-l ECDHE-PSK-AES128-GCM-SHA256 + +# client TLS PSK multiversion, allow downgrade +-v d +-7 3 +-s +-l ECDHE-PSK-AES128-GCM-SHA256 diff --git a/tests/unit.c b/tests/unit.c index 00bac225c3..870be9875c 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -1,6 +1,6 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -68,7 +68,6 @@ int unit_test(int argc, char** argv) (void)argc; (void)argv; - #ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST if (argc > 1) { int memFailCount = atoi(argv[1]); @@ -161,7 +160,7 @@ int unit_test(int argc, char** argv) err_sys("KDF TLSv1.2 CAST failed"); } #endif -#if defined(WOLFSSL_HAVE_PRF) && defined(WOLFSSL_TLS13) +#if defined(HAVE_HKDF) && !defined(NO_HMAC) if (wc_RunCast_fips(FIPS_CAST_KDF_TLS13) != 0) { err_sys("KDF TLSv1.3 CAST failed"); } @@ -172,6 +171,11 @@ int unit_test(int argc, char** argv) } #endif #endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */ +#if FIPS_VERSION3_GT(5,2,0) + if (wc_RunAllCast_fips() != 0) { + err_sys("wc_RunAllCast_fips() failed\n"); + } +#endif while (argc > 1) { if (argv[1][0] != '-') { @@ -247,16 +251,14 @@ int unit_test(int argc, char** argv) SrpTest(); } -#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST -#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) -#ifndef SINGLE_THREADED +#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(SINGLE_THREADED) if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; } #endif -#endif -#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */ exit: #ifdef HAVE_WNR diff --git a/tests/unit.h b/tests/unit.h index 061e84d830..f63c4bd636 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -1,6 +1,6 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -127,7 +127,7 @@ #define EXPECT_RESULT() \ _ret #define EXPECT_SUCCESS() \ - (_ret == TEST_SUCCESS) + ((_ret == TEST_SUCCESS) || (_ret == TEST_SKIPPED)) #define EXPECT_FAIL() \ (_ret == TEST_FAIL) diff --git a/tests/utils.h b/tests/utils.h index cf57e336fd..ecc634e6ca 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -1,6 +1,6 @@ /* utils.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,7 @@ char* create_tmp_dir(char *tmpDir, int len) XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX)); - if (mymktemp(tmpDir, len, len - XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL) + if (mymktemp(tmpDir, len, len - (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL) return NULL; #ifdef _MSC_VER @@ -99,8 +99,12 @@ int copy_file(const char* in, const char* out) goto cleanup; while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) { + if (XFERROR(inFile)) + goto cleanup; if (XFWRITE(buf, 1, sz, outFile) != sz) goto cleanup; + if (XFEOF(inFile)) + break; } ret = 0; @@ -192,7 +196,7 @@ static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, } } #endif - XMEMCPY(buf + *len, data, sz); + XMEMCPY(buf + *len, data, (size_t)sz); *len += sz; return sz; @@ -222,8 +226,8 @@ static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, read_sz = sz < *len ? sz : *len; - XMEMCPY(data, buf, read_sz); - XMEMMOVE(buf, buf + read_sz, *len - read_sz); + XMEMCPY(data, buf, (size_t)read_sz); + XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz)); *len -= read_sz; diff --git a/tests/w64wrapper.c b/tests/w64wrapper.c index 926de49d14..ffaa57cad8 100644 --- a/tests/w64wrapper.c +++ b/tests/w64wrapper.c @@ -1,6 +1,6 @@ /* w64wrapper.c w64wrapper unit tests * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 70aecb887f..3e0986e155 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -300,7 +300,7 @@ static int test_crl_monitor(void) printf("\nRunning CRL monitor test\n"); - sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS); + (void)XSNPRINTF(rounds, sizeof(rounds), "%d", CRL_MONITOR_TEST_ROUNDS); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); @@ -320,18 +320,19 @@ static int test_crl_monitor(void) InitTcpReady(&ready); start_thread(server_test, &server_args, &serverThread); wait_tcp_ready(&server_args); - sprintf(portNum, "%d", server_args.signal->port); + (void)XSNPRINTF(portNum, sizeof(portNum), "%d", server_args.signal->port); for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) { int expectFail; if (i % 2 == 0) { + /* succeed on even rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -349,12 +350,12 @@ static int test_crl_monitor(void) } else { /* fail on odd rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -395,9 +396,9 @@ static int test_crl_monitor(void) cleanup: if (ret != 0 && i >= 0) fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i); - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); rem_file(buf); - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); rem_file(buf); (void)rem_dir(tmpDir); return ret; @@ -610,12 +611,19 @@ void file_test(const char* file, byte* check) return; } while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) { - ret = wc_Sha256Update(&sha256, buf, i); + if (ferror(f)) { + printf("I/O error reading %s\n", file); + fclose(f); + return; + } + ret = wc_Sha256Update(&sha256, buf, (word32)i); if (ret != 0) { printf("Can't wc_Sha256Update %d\n", ret); fclose(f); return; } + if (feof(f)) + break; } ret = wc_Sha256Final(&sha256, shasum); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 61e51a36e5..9078c0bf6c 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -53,6 +53,8 @@ * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) * DEBUG_WOLFSSL_BENCHMARK_TIMING * + * Turn on timer debugging (used when CPU cycles not available) + * WOLFSSL_BENCHMARK_TIMER_DEBUG */ #ifdef HAVE_CONFIG_H @@ -197,16 +199,14 @@ #include #endif -#if defined(HAVE_PQC) - #if defined(HAVE_FALCON) - #include - #endif - #if defined(HAVE_DILITHIUM) - #include - #endif - #if defined(HAVE_SPHINCS) - #include - #endif +#if defined(HAVE_FALCON) + #include +#endif +#if defined(HAVE_DILITHIUM) + #include +#endif +#if defined(HAVE_SPHINCS) + #include #endif #ifdef WOLF_CRYPTO_CB @@ -310,16 +310,36 @@ #endif /* WOLFSSL_NO_FLOAT_FMT */ #ifdef WOLFSSL_ESPIDF + #include + + /* Benchmark uses 64 bit integer formatting support. When new nanolib is + * enabled, all if the values in report are blank. */ + #ifdef CONFIG_NEWLIB_NANO_FORMAT + #if CONFIG_NEWLIB_NANO_FORMAT == 1 + #error "Nano newlib formatting must not be enabled for benchmark" + #endif + #endif + #ifdef configTICK_RATE_HZ /* Define CPU clock cycles per tick of FreeRTOS clock * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240 * configTICK_RATE_HZ is typically 100 or 1000. **/ + #if defined(CONFIG_IDF_TARGET_ESP8266) + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ + #endif + #endif #define CPU_TICK_CYCLES ( \ (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \ / configTICK_RATE_HZ \ ) - #endif + #endif /* WOLFSSL_ESPIDF configTICK_RATE_HZ */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) #include "driver/gptimer.h" static gptimer_handle_t esp_gptimer = NULL; @@ -336,18 +356,24 @@ #define RESOLUTION_SCALE 100 static gptimer_handle_t esp_gptimer = NULL; static gptimer_config_t esp_timer_config = { - .clk_src = GPTIMER_CLK_SRC_DEFAULT, - .direction = GPTIMER_COUNT_UP, - .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * (MILLION_VALUE / RESOLUTION_SCALE), /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ - }; + .clk_src = GPTIMER_CLK_SRC_DEFAULT, + .direction = GPTIMER_COUNT_UP, + /* CONFIG_XTAL_FREQ = 40, + * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ + .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * + (MILLION_VALUE / RESOLUTION_SCALE), + }; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ #elif defined(CONFIG_IDF_TARGET_ESP32) || \ defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) #include + #elif defined(CONFIG_IDF_TARGET_ESP8266) + /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */ + #include #elif defined(CONFIG_IDF_TARGET_ESP32H2) - + /* TODO add ESP32-H2 benchmark support */ #else /* Other platform */ #endif @@ -628,7 +654,6 @@ #define BENCH_RSA 0x00000002 #define BENCH_RSA_SZ 0x00000004 #define BENCH_DH 0x00000010 -#define BENCH_KYBER 0x00000020 #define BENCH_ECC_MAKEKEY 0x00001000 #define BENCH_ECC 0x00002000 #define BENCH_ECC_ENCRYPT 0x00004000 @@ -655,11 +680,22 @@ #define BENCH_SAKKE 0x80000000 /* Post-Quantum Asymmetric algorithms. */ +#define BENCH_KYBER512 0x00000020 +#define BENCH_KYBER768 0x00000040 +#define BENCH_KYBER1024 0x00000080 +#define BENCH_KYBER (BENCH_KYBER512 | BENCH_KYBER768 | \ + BENCH_KYBER1024) #define BENCH_FALCON_LEVEL1_SIGN 0x00000001 #define BENCH_FALCON_LEVEL5_SIGN 0x00000002 #define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000 #define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000 #define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000 +#define BENCH_ML_DSA_44_SIGN 0x04000000 +#define BENCH_ML_DSA_65_SIGN 0x08000000 +#define BENCH_ML_DSA_87_SIGN 0x10000000 +#define BENCH_ML_DSA_SIGN (BENCH_ML_DSA_44_SIGN | \ + BENCH_ML_DSA_65_SIGN | \ + BENCH_ML_DSA_87_SIGN) /* Post-Quantum Asymmetric algorithms. (Part 2) */ #define BENCH_SPHINCS_FAST_LEVEL1_SIGN 0x00000001 @@ -926,14 +962,13 @@ static const bench_alg bench_asym_opt[] = { { "-rsa-kg", BENCH_RSA_KEYGEN }, #endif { "-rsa", BENCH_RSA }, + #ifdef WOLFSSL_KEY_GEN { "-rsa-sz", BENCH_RSA_SZ }, + #endif #endif #ifndef NO_DH { "-dh", BENCH_DH }, #endif -#ifdef WOLFSSL_HAVE_KYBER - { "-kyber", BENCH_KYBER }, -#endif #ifdef HAVE_ECC { "-ecc-kg", BENCH_ECC_MAKEKEY }, { "-ecc", BENCH_ECC }, @@ -1032,7 +1067,8 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = { }; #endif /* BENCH_PQ_STATEFUL_HBS */ -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) +#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) /* The post-quantum-specific mapping of command line option to bit values and * OQS name. */ typedef struct bench_pq_alg { @@ -1040,49 +1076,49 @@ typedef struct bench_pq_alg { const char* str; /* Bit values to set. */ word32 val; - const char* pqc_name; } bench_pq_alg; /* All recognized post-quantum asymmetric algorithm choosing command line * options. */ static const bench_pq_alg bench_pq_asym_opt[] = { - { "-pq", 0xffffffff, NULL}, -#ifdef HAVE_LIBOQS - { "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN, - OQS_SIG_alg_falcon_512 }, - { "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN, - OQS_SIG_alg_falcon_1024 }, - { "-dilithium_level2", BENCH_DILITHIUM_LEVEL2_SIGN, - OQS_SIG_alg_dilithium_2 }, - { "-dilithium_level3", BENCH_DILITHIUM_LEVEL3_SIGN, - OQS_SIG_alg_dilithium_3 }, - { "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN, - OQS_SIG_alg_dilithium_5 }, -#endif /* HAVE_LIBOQS */ - { NULL, 0, NULL } + { "-pq", 0xffffffff }, +#ifdef WOLFSSL_HAVE_KYBER + { "-kyber", BENCH_KYBER }, + { "-kyber512", BENCH_KYBER512 }, + { "-kyber768", BENCH_KYBER768 }, + { "-kyber1024", BENCH_KYBER1024 }, +#endif +#if defined(HAVE_FALCON) + { "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN }, + { "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN }, +#endif +#if defined(HAVE_DILITHIUM) + { "-dilithium_level2", BENCH_DILITHIUM_LEVEL2_SIGN }, + { "-dilithium_level3", BENCH_DILITHIUM_LEVEL3_SIGN }, + { "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN }, + { "-ml-dsa", BENCH_ML_DSA_SIGN }, + { "-ml-dsa-44", BENCH_ML_DSA_44_SIGN }, + { "-ml-dsa-65", BENCH_ML_DSA_65_SIGN }, + { "-ml-dsa-87", BENCH_ML_DSA_87_SIGN }, +#endif + { NULL, 0 } }; -#if defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS) +#if defined(HAVE_SPHINCS) /* All recognized post-quantum asymmetric algorithm choosing command line * options. (Part 2) */ static const bench_pq_alg bench_pq_asym_opt2[] = { - { "-pq", 0xffffffff, NULL}, - { "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN, - OQS_SIG_alg_sphincs_shake_128f_simple }, - { "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN, - OQS_SIG_alg_sphincs_shake_192f_simple }, - { "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN, - OQS_SIG_alg_sphincs_shake_256f_simple }, - { "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN, - OQS_SIG_alg_sphincs_shake_128s_simple }, - { "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN, - OQS_SIG_alg_sphincs_shake_192s_simple }, - { "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN, - OQS_SIG_alg_sphincs_shake_256s_simple }, - { NULL, 0, NULL } + { "-pq", 0xffffffff }, + { "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN }, + { "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN }, + { "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN }, + { "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN }, + { "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN }, + { "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN }, + { NULL, 0, } }; -#endif /* HAVE_LIBOQS && HAVE_SPHINCS */ -#endif /* HAVE_PQC */ +#endif /* HAVE_SPHINCS */ +#endif #ifdef HAVE_WNR const char* wnrConfigFile = "wnr-example.conf"; @@ -1190,7 +1226,7 @@ static const char* bench_result_words1[][4] = { defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) static const char* bench_desc_words[][15] = { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 */ @@ -1285,10 +1321,10 @@ static const char* bench_result_words3[][5] = { /* TAG for ESP_LOGx() */ static const char* TAG = "wolfssl_benchmark"; - static THREAD_LS_T word64 begin_cycles; - static THREAD_LS_T word64 begin_cycles_ticks; - static THREAD_LS_T word64 end_cycles; - static THREAD_LS_T word64 total_cycles; + static THREAD_LS_T word64 begin_cycles = 0; + static THREAD_LS_T word64 begin_cycles_ticks = 0; + static THREAD_LS_T word64 end_cycles = 0; + static THREAD_LS_T word64 total_cycles = 0; /* the return value, as a global var */ static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0; @@ -1380,19 +1416,20 @@ static const char* bench_result_words3[][5] = { uint64_t thisIncrement = 0; /* The adjusted increment amount. */ uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - uint32_t tickCount = 0; /* Current rtos tick counter. */ - uint32_t tickDiff = 0; /* Tick difference from last check. */ - uint32_t tickBeginDiff = 0; /* Tick difference from beginning. */ + uint64_t tickCount = 0; /* Current rtos tick counter. */ + uint64_t tickDiff = 0; /* Tick difference from last check. */ + uint64_t tickBeginDiff = 0; /* Tick difference from beginning. */ + #endif + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */ + uint64_t diffDiff = 0; /* Difference between CPU & Timer differences: + * (current - last) */ #endif - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG - uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */ - uint64_t diffDiff = 0; /* Difference between CPU & Timer differences: - * (current - last) */ ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal)); thisTimerVal = thisTimerVal * RESOLUTION_SCALE; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ @@ -1405,9 +1442,19 @@ static const char* bench_result_words3[][5] = { /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa? * Calling current_time(1) to reset time causes thisVal overflow, * on Xtensa, but not on RISC-V architecture. See also, below */ - #ifndef __XTENSA__ + #if defined(CONFIG_IDF_TARGET_ESP8266) || (ESP_IDF_VERSION_MAJOR < 5) + #ifndef configCPU_CLOCK_HZ + /* esp_cpu_get_cycle_count not available in ESP-IDF v4 */ + #define configCPU_CLOCK_HZ \ + (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + #endif + /* There's no CPU counter on the ESP8266 (Tensilica). Using RTOS */ + thisVal = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif defined(__XTENSA__) thisVal = esp_cpu_get_cycle_count(); #else + /* Not Tensilica(ESP8266), not Xtensa(ESP32/-S2/-S3, then RISC-V */ thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */ #endif #endif @@ -1418,9 +1465,9 @@ static const char* bench_result_words3[][5] = { tickDiff = tickCount - last_tickCount; /* ticks since bench start */ expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */ ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES); - ESP_LOGV(TAG, "tickCount = %lu", tickCount); - ESP_LOGV(TAG, "last_tickCount = %lu", last_tickCount); - ESP_LOGV(TAG, "tickDiff = %lu", tickDiff); + ESP_LOGV(TAG, "tickCount = %llu", tickCount); + ESP_LOGV(TAG, "last_tickCount = %u", last_tickCount); + ESP_LOGV(TAG, "tickDiff = %llu", tickDiff); ESP_LOGV(TAG, "expected_diff1 = %llu", expected_diff); } #endif @@ -1444,10 +1491,13 @@ static const char* bench_result_words3[][5] = { ** overflow CPU tick count, all will be well. */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, - "Alert: Detected xthal_get_ccount overflow at %llu, " - "adding UINT_MAX.", - thisVal); + ESP_LOGW(TAG, "Alert: Detected xthal_get_ccount overflow at " + "(%llu < %llu) adding UINT_MAX = %llu.", + thisVal, _esp_cpu_count_last, (uint64_t) UINT_MAX); + #endif + #if !defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ) && \ + !defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #error "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ not found" #endif /* double check expected diff calc */ @@ -1474,9 +1524,9 @@ static const char* bench_result_words3[][5] = { tickBeginDiff = tickCount - begin_cycles_ticks; ESP_LOGI(TAG, "begin_cycles_ticks = %llu", begin_cycles_ticks); - ESP_LOGI(TAG, "tickDiff = %lu", tickDiff); + ESP_LOGI(TAG, "tickDiff = %llu", tickDiff); ESP_LOGI(TAG, "expected_diff = %llu", expected_diff); - ESP_LOGI(TAG, "tickBeginDiff = %lu", tickBeginDiff); + ESP_LOGI(TAG, "tickBeginDiff = %llu", tickBeginDiff); ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } @@ -1541,16 +1591,26 @@ static const char* bench_result_words3[][5] = { * when resetting CPU cycle counter? FreeRTOS tick collision? * thisVal = esp_cpu_get_cycle_count(); See also, above * or thisVal = xthal_get_ccount(); */ - #if ESP_IDF_VERSION_MAJOR < 5 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* There's no CPU counter on the ESP8266, so we'll estimate + * cycles based on defined CPU frequency from sdkconfig and + * the RTOS tick frequency */ + _esp_cpu_count_last = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif ESP_IDF_VERSION_MAJOR < 5 _esp_cpu_count_last = xthal_get_ccount(); #else _esp_cpu_count_last = esp_cpu_get_cycle_count(); #endif #endif + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "_esp_cpu_count_last = %llu", _esp_cpu_count_last); + #endif + /* Return the 64 bit extended total from 32 bit counter. */ return _esp_get_cycle_count_ex; - } + } /* esp_get_cycle_count_ex for esp_get_cpu_benchmark_cycles() */ /* implement other architecture cycle counters here */ @@ -1603,18 +1663,6 @@ static const char* bench_result_words3[][5] = { const char *desc_extra); #endif -#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) && \ - !defined(HAVE_STACK_SIZE) -#ifdef __cplusplus - extern "C" { -#endif - WOLFSSL_API int wolfSSL_Debugging_ON(void); - WOLFSSL_API void wolfSSL_Debugging_OFF(void); -#ifdef __cplusplus - } /* extern "C" */ -#endif -#endif - #if !defined(WC_NO_RNG) && \ ((!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) \ || !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \ @@ -1632,7 +1680,7 @@ static const char* bench_result_words3[][5] = { defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ defined(HAVE_ECC) || !defined(NO_DH) || \ !defined(NO_RSA) || defined(HAVE_SCRYPT) || \ - defined(WOLFSSL_HAVE_KYBER) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) #define BENCH_ASYM #endif @@ -1640,7 +1688,7 @@ static const char* bench_result_words3[][5] = { #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) static const char* bench_result_words2[][5] = { #ifdef BENCH_MICROSECOND { "ops took", "μsec" , "avg" , "ops/μsec", NULL }, /* 0 English @@ -1917,6 +1965,12 @@ static int numBlocks = NUM_BLOCKS; static word32 bench_size = BENCH_SIZE; static int base2 = 1; static int digest_stream = 1; +#ifdef HAVE_CHACHA +static int encrypt_only = 0; +#endif +#ifdef HAVE_AES_CBC +static int cipher_same_buffer = 0; +#endif #ifdef MULTI_VALUE_STATISTICS static int minimum_runs = 0; @@ -2200,11 +2254,10 @@ static WC_INLINE int bench_stats_check(double start) int ret = 0; double this_current_time; this_current_time = current_time(0); /* get the timestamp, no reset */ -#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) - #if (WOLFSSL_ESPIDF) - ESP_LOGI(TAG, "bench_stats_check Current time %f, start %f", - this_current_time, start ); - #endif + +#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF) + ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f", + this_current_time, start ); #endif ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC @@ -2591,7 +2644,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) static void bench_stats_asym_finish_ex(const char* algo, int strength, const char* desc, const char* desc_extra, int useDeviceID, int count, double start, int ret) @@ -2964,7 +3017,7 @@ static void* benchmarks_do(void* args) #ifndef NO_FILESYSTEM if (hash_input) { - int rawSz; + size_t rawSz; XFILE file; file = XFOPEN(hash_input, "rb"); if (file == XBADFILE) @@ -2983,7 +3036,7 @@ static void* benchmarks_do(void* args) XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - rawSz = (int)bench_buf_size; + rawSz = (size_t)bench_buf_size; if (bench_buf_size % 16) bench_buf_size += 16 - (bench_buf_size % 16); @@ -2998,7 +3051,7 @@ static void* benchmarks_do(void* args) } if ((size_t)XFREAD(bench_plain, 1, rawSz, file) - != (size_t)rawSz) { + != rawSz) { XFCLOSE(file); goto exit; } @@ -3010,7 +3063,7 @@ static void* benchmarks_do(void* args) } if (cipher_input) { - int rawSz; + size_t rawSz; XFILE file; file = XFOPEN(cipher_input, "rb"); if (file == XBADFILE) @@ -3029,7 +3082,7 @@ static void* benchmarks_do(void* args) XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - rawSz = (int)bench_buf_size; + rawSz = (size_t)bench_buf_size; if (bench_buf_size % 16) bench_buf_size += 16 - (bench_buf_size % 16); @@ -3045,7 +3098,7 @@ static void* benchmarks_do(void* args) } if ((size_t)XFREAD(bench_cipher, 1, rawSz, file) - != (size_t)rawSz) { + != rawSz) { XFCLOSE(file); goto exit; } @@ -3528,15 +3581,21 @@ static void* benchmarks_do(void* args) #endif #ifdef WOLFSSL_HAVE_KYBER - if (bench_all || (bench_asym_algs & BENCH_KYBER)) { + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) { #ifdef WOLFSSL_KYBER512 - bench_kyber(KYBER512); + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { + bench_kyber(KYBER512); + } #endif #ifdef WOLFSSL_KYBER768 - bench_kyber(KYBER768); + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) { + bench_kyber(KYBER768); + } #endif #ifdef WOLFSSL_KYBER1024 - bench_kyber(KYBER1024); + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) { + bench_kyber(KYBER1024); + } #endif } #endif @@ -3721,7 +3780,6 @@ static void* benchmarks_do(void* args) #endif #endif -#if defined(HAVE_LIBOQS) #ifdef HAVE_FALCON if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN)) bench_falconKeySign(1); @@ -3729,13 +3787,19 @@ static void* benchmarks_do(void* args) bench_falconKeySign(5); #endif #ifdef HAVE_DILITHIUM +#ifndef WOLFSSL_NO_ML_DSA_44 if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN)) bench_dilithiumKeySign(2); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN)) bench_dilithiumKeySign(3); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN)) bench_dilithiumKeySign(5); #endif +#endif #ifdef HAVE_SPHINCS if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL1_SIGN)) bench_sphincsKeySign(1, FAST_VARIANT); @@ -3750,7 +3814,6 @@ static void* benchmarks_do(void* args) if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL5_SIGN)) bench_sphincsKeySign(5, SMALL_VARIANT); #endif -#endif /* HAVE_LIBOQS */ exit: /* free benchmark buffers */ @@ -4084,6 +4147,8 @@ static void bench_aescbc_internal(int useDeviceID, const byte* iv, const char* encLabel, const char* decLabel) { + const byte* in = bench_cipher; + byte* out = bench_plain; int ret = 0, i, count = 0, times, pending = 0; WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING, sizeof(Aes), HEAP_HINT); @@ -4108,6 +4173,10 @@ static void bench_aescbc_internal(int useDeviceID, } } + if (cipher_same_buffer) { + in = bench_plain; + } + bench_stats_start(&count, &start); do { for (times = 0; times < numBlocks || pending > 0; ) { @@ -4117,8 +4186,7 @@ static void bench_aescbc_internal(int useDeviceID, for (i = 0; i < BENCH_MAX_PENDING; i++) { if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesCbcEncrypt(enc[i], bench_plain, bench_cipher, - bench_size); + ret = wc_AesCbcEncrypt(enc[i], out, in, bench_size); if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, &pending)) { @@ -4167,8 +4235,7 @@ static void bench_aescbc_internal(int useDeviceID, for (i = 0; i < BENCH_MAX_PENDING; i++) { if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesCbcDecrypt(enc[i], bench_cipher, bench_plain, - bench_size); + ret = wc_AesCbcDecrypt(enc[i], out, in, bench_size); if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, ×, &pending)) { @@ -4689,9 +4756,9 @@ static void bench_aesecb_internal(int useDeviceID, double start; DECLARE_MULTI_VALUE_STATS_VARS() #ifdef HAVE_FIPS - const int benchSz = AES_BLOCK_SIZE; + const word32 benchSz = AES_BLOCK_SIZE; #else - const int benchSz = (int)bench_size; + const word32 benchSz = bench_size; #endif WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, @@ -4714,7 +4781,7 @@ static void bench_aesecb_internal(int useDeviceID, bench_stats_start(&count, &start); do { - int outer_loop_limit = (((int)bench_size / benchSz) * 10) + 1; + int outer_loop_limit = (int)((bench_size / benchSz) * 10) + 1; for (times = 0; times < outer_loop_limit /* numBlocks */ || pending > 0; ) { @@ -4767,7 +4834,7 @@ static void bench_aesecb_internal(int useDeviceID, bench_stats_start(&count, &start); do { - int outer_loop_limit = (10 * ((int)bench_size / benchSz)) + 1; + int outer_loop_limit = (int)(10 * (bench_size / benchSz)) + 1; for (times = 0; times < outer_loop_limit || pending > 0; ) { bench_async_poll(&pending); @@ -4806,6 +4873,8 @@ static void bench_aesecb_internal(int useDeviceID, #endif /* HAVE_AES_DECRYPT */ + (void)decLabel; + exit: if (WC_ARRAY_OK(enc)) { @@ -5168,6 +5237,7 @@ void bench_aesccm(int useDeviceID) goto exit; } +#ifdef HAVE_AES_DECRYPT RESET_MULTI_VALUE_STATS_VARS(); bench_stats_start(&count, &start); @@ -5194,6 +5264,7 @@ void bench_aesccm(int useDeviceID) printf("wc_AesCcmEncrypt failed, ret = %d\n", ret); goto exit; } +#endif exit: @@ -5534,7 +5605,7 @@ void bench_sm4_gcm(void) #endif #ifdef WOLFSSL_SM4_CCM -void bench_sm4_ccm() +void bench_sm4_ccm(void) { wc_Sm4 enc; double start; @@ -5767,27 +5838,54 @@ void bench_chacha(void) XMEMSET(enc, 0, sizeof(ChaCha)); wc_Chacha_SetKey(enc, bench_key, 16); - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_Chacha_SetIV(enc, bench_iv, 0); - if (ret < 0) { - printf("wc_Chacha_SetIV error: %d\n", ret); - goto exit; + if (encrypt_only) { + ret = wc_Chacha_SetIV(enc, bench_iv, 0); + if (ret < 0) { + printf("wc_Chacha_SetIV error: %d\n", ret); + goto exit; + } + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, + bench_size); + if (ret < 0) { + printf("wc_Chacha_Process error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); } - ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, bench_size); - if (ret < 0) { - printf("wc_Chacha_Process error: %d\n", ret); - goto exit; + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Chacha_SetIV(enc, bench_iv, 0); + if (ret < 0) { + printf("wc_Chacha_SetIV error: %d\n", ret); + goto exit; + } + ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, + bench_size); + if (ret < 0) { + printf("wc_Chacha_Process error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); } - RECORD_MULTI_VALUE_STATS(); - } - count += i; - } while (bench_stats_check(start) -#ifdef MULTI_VALUE_STATISTICS - || runs < minimum_runs -#endif - ); + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } bench_stats_sym_finish("CHACHA", 0, count, bench_size, start, 0); #ifdef MULTI_VALUE_STATISTICS @@ -7473,12 +7571,12 @@ void bench_sm3(int useDeviceID) bench_stats_start(&count, &start); do { for (times = 0; times < numBlocks; times++) { - ret = wc_InitSm3(hash, HEAP_HINT, + ret = wc_InitSm3(hash[0], HEAP_HINT, useDeviceID ? devId: INVALID_DEVID); if (ret == 0) - ret = wc_Sm3Update(hash, bench_plain, bench_size); + ret = wc_Sm3Update(hash[0], bench_plain, bench_size); if (ret == 0) - ret = wc_Sm3Final(hash, digest[0]); + ret = wc_Sm3Final(hash[0], digest[0]); if (ret != 0) goto exit_sm3; RECORD_MULTI_VALUE_STATS(); @@ -8075,6 +8173,7 @@ void bench_pbkdf2(void) DECLARE_MULTI_VALUE_STATS_VARS() bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); do { ret = wc_PBKDF2(derived, (const byte*)passwd32, (int)XSTRLEN(passwd32), salt32, (int)sizeof(salt32), 1000, 32, WC_SHA256); @@ -8085,6 +8184,7 @@ void bench_pbkdf2(void) || runs < minimum_runs #endif ); + PRIVATE_KEY_LOCK(); bench_stats_sym_finish("PBKDF2", 32, count, 32, start, ret); #ifdef MULTI_VALUE_STATISTICS @@ -8165,6 +8265,7 @@ void bench_srtpkdf(void) DECLARE_MULTI_VALUE_STATS_VARS() bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); do { for (i = 0; i < numBlocks; i++) { ret = wc_SRTP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt), @@ -8178,6 +8279,7 @@ void bench_srtpkdf(void) || runs < minimum_runs #endif ); + PRIVATE_KEY_LOCK(); bench_stats_asym_finish("KDF", 128, "SRTP", 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); @@ -8186,6 +8288,7 @@ void bench_srtpkdf(void) RESET_MULTI_VALUE_STATS_VARS(); bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); do { for (i = 0; i < numBlocks; i++) { ret = wc_SRTP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt), @@ -8199,6 +8302,7 @@ void bench_srtpkdf(void) || runs < minimum_runs #endif ); + PRIVATE_KEY_LOCK(); bench_stats_asym_finish("KDF", 256, "SRTP", 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); @@ -8207,6 +8311,7 @@ void bench_srtpkdf(void) RESET_MULTI_VALUE_STATS_VARS(); bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); do { for (i = 0; i < numBlocks; i++) { ret = wc_SRTCP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt), @@ -8220,6 +8325,7 @@ void bench_srtpkdf(void) || runs < minimum_runs #endif ); + PRIVATE_KEY_LOCK(); bench_stats_asym_finish("KDF", 128, "SRTCP", 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); @@ -8228,6 +8334,7 @@ void bench_srtpkdf(void) RESET_MULTI_VALUE_STATS_VARS(); bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); do { for (i = 0; i < numBlocks; i++) { ret = wc_SRTCP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt), @@ -8241,6 +8348,7 @@ void bench_srtpkdf(void) || runs < minimum_runs #endif ); + PRIVATE_KEY_LOCK(); bench_stats_asym_finish("KDF", 256, "SRTCP", 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); @@ -9468,7 +9576,7 @@ static int lms_read_key_mem(byte* priv, word32 privSz, void* context) } static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN]; -static void bench_lms_keygen(int parm, byte* pub) +static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) { WC_RNG rng; LmsKey key; @@ -9580,7 +9688,7 @@ static void bench_lms_keygen(int parm, byte* pub) wc_FreeRng(&rng); } -static void bench_lms_sign_verify(int parm, byte* pub) +static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) { LmsKey key; int ret = 0; @@ -9644,6 +9752,31 @@ static void bench_lms_sign_verify(int parm, byte* pub) case WC_LMS_PARM_L1_H15_W4: case WC_LMS_PARM_L2_H10_W8: case WC_LMS_PARM_L3_H5_W2: + case WC_LMS_PARM_L1_H5_W1: + case WC_LMS_PARM_L1_H5_W2: + case WC_LMS_PARM_L1_H5_W4: + case WC_LMS_PARM_L1_H5_W8: + case WC_LMS_PARM_L1_H10_W2: + case WC_LMS_PARM_L1_H10_W4: + case WC_LMS_PARM_L1_H10_W8: + case WC_LMS_PARM_L1_H15_W8: + case WC_LMS_PARM_L1_H20_W2: + case WC_LMS_PARM_L1_H20_W4: + case WC_LMS_PARM_L1_H20_W8: + case WC_LMS_PARM_L2_H5_W2: + case WC_LMS_PARM_L2_H5_W4: + case WC_LMS_PARM_L2_H5_W8: + case WC_LMS_PARM_L2_H15_W2: + case WC_LMS_PARM_L2_H15_W4: + case WC_LMS_PARM_L2_H15_W8: + case WC_LMS_PARM_L2_H20_W2: + case WC_LMS_PARM_L2_H20_W4: + case WC_LMS_PARM_L2_H20_W8: + case WC_LMS_PARM_L3_H10_W8: + case WC_LMS_PARM_L4_H5_W2: + case WC_LMS_PARM_L4_H5_W4: + case WC_LMS_PARM_L4_H10_W4: + case WC_LMS_PARM_L4_H10_W8: default: XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); break; @@ -9735,7 +9868,7 @@ static void bench_lms_sign_verify(int parm, byte* pub) loaded = 1; - sig = XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { printf("bench_lms_sign_verify malloc failed\n"); goto exit_lms_sign_verify; @@ -9860,8 +9993,8 @@ void bench_lms(void) #endif #if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) - bench_lms_keygen(0x100, pub); - bench_lms_sign_verify(0x100, pub); + bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); + bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); #endif return; @@ -10057,24 +10190,18 @@ static void bench_xmss_sign_verify(const char * params) bench_stats_asym_finish(params, (int)sigSz, "verify", 0, count, start, ret); /* Cleanup everything. */ - if (sig != NULL) { - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - sig = NULL; - } + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; - if (sk != NULL) { - XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - sk = NULL; - } + XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sk = NULL; if (freeRng) { wc_FreeRng(&rng); - freeRng = 0; } if (freeKey) { wc_XmssKey_Free(&key); - freeKey = 0; } return; @@ -10522,11 +10649,15 @@ void bench_ecc(int useDeviceID, int curveId) BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); #endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) /* old scan-build misfires -Wmaybe-uninitialized on these. */ XMEMSET(sig, 0, sizeof(sig)); XMEMSET(digest, 0, sizeof(digest)); - XMEMSET(shared, 0, sizeof(shared)); +#endif +#ifdef HAVE_ECC_DHE + XMEMSET(shared, 0, sizeof(shared)); +#endif WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, sizeof(ecc_key), HEAP_HINT); @@ -10923,10 +11054,8 @@ void bench_eccEncrypt(int curveId) wc_ecc_free(userB); XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (msg) - XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (out) - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else wc_ecc_free(userB); wc_ecc_free(userA); @@ -10937,13 +11066,13 @@ void bench_eccEncrypt(int curveId) #ifdef WOLFSSL_SM2 static void bench_sm2_MakeKey(int useDeviceID) { - int ret = 0, i, times, count, pending = 0; + int ret = 0, i, times, count = 0, pending = 0; int deviceID; int keySize; WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, sizeof(ecc_key), HEAP_HINT); char name[BENCH_ECC_NAME_SZ]; - double start; + double start = 0; const char**desc = bench_desc_words[lng_index]; DECLARE_MULTI_VALUE_STATS_VARS() @@ -12335,18 +12464,15 @@ void bench_sakke(void) exit: - if (iTable) - XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (table) - XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR(genKey, HEAP_HINT); } #endif /* WOLFCRYPT_SAKKE_CLIENT */ #endif /* WOLFCRYPT_HAVE_SAKKE */ -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) #ifdef HAVE_FALCON void bench_falconKeySign(byte level) { @@ -12463,17 +12589,1100 @@ void bench_falconKeySign(byte level) #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + +#if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + +#ifndef WOLFSSL_NO_ML_DSA_44 +static const unsigned char bench_dilithium_level2_sig[] = { + 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, + 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, + 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, + 0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f, + 0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74, + 0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd, + 0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0, + 0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3, + 0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e, + 0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47, + 0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0, + 0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4, + 0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64, + 0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a, + 0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59, + 0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b, + 0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8, + 0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32, + 0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb, + 0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28, + 0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c, + 0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71, + 0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77, + 0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65, + 0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17, + 0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d, + 0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3, + 0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e, + 0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61, + 0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb, + 0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3, + 0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12, + 0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d, + 0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57, + 0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34, + 0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0, + 0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57, + 0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e, + 0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d, + 0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea, + 0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3, + 0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57, + 0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd, + 0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07, + 0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f, + 0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83, + 0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa, + 0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c, + 0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e, + 0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b, + 0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a, + 0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d, + 0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0, + 0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48, + 0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9, + 0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84, + 0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b, + 0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad, + 0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb, + 0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63, + 0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6, + 0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb, + 0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45, + 0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6, + 0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29, + 0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f, + 0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25, + 0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95, + 0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44, + 0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5, + 0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17, + 0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59, + 0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda, + 0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1, + 0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a, + 0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46, + 0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1, + 0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36, + 0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc, + 0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde, + 0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4, + 0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21, + 0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91, + 0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f, + 0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29, + 0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf, + 0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3, + 0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6, + 0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f, + 0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53, + 0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6, + 0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19, + 0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e, + 0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58, + 0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8, + 0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5, + 0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66, + 0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7, + 0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65, + 0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad, + 0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13, + 0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba, + 0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e, + 0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde, + 0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a, + 0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f, + 0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56, + 0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac, + 0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48, + 0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25, + 0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93, + 0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38, + 0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2, + 0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c, + 0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad, + 0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e, + 0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9, + 0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51, + 0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea, + 0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3, + 0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37, + 0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54, + 0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06, + 0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae, + 0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89, + 0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62, + 0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb, + 0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a, + 0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31, + 0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f, + 0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5, + 0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6, + 0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0, + 0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a, + 0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86, + 0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4, + 0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a, + 0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69, + 0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7, + 0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2, + 0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a, + 0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12, + 0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6, + 0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4, + 0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02, + 0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61, + 0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5, + 0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a, + 0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82, + 0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60, + 0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd, + 0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a, + 0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3, + 0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61, + 0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba, + 0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05, + 0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68, + 0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe, + 0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56, + 0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87, + 0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37, + 0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76, + 0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09, + 0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66, + 0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57, + 0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67, + 0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b, + 0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10, + 0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00, + 0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac, + 0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2, + 0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13, + 0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda, + 0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c, + 0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd, + 0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9, + 0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d, + 0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56, + 0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc, + 0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc, + 0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34, + 0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57, + 0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98, + 0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d, + 0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86, + 0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5, + 0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98, + 0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2, + 0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3, + 0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90, + 0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6, + 0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d, + 0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40, + 0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b, + 0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f, + 0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28, + 0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37, + 0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f, + 0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1, + 0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd, + 0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81, + 0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae, + 0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61, + 0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72, + 0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97, + 0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa, + 0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f, + 0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51, + 0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80, + 0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc, + 0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32, + 0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1, + 0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81, + 0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8, + 0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61, + 0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf, + 0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32, + 0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35, + 0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59, + 0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d, + 0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44, + 0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d, + 0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a, + 0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67, + 0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b, + 0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d, + 0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47, + 0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45, + 0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78, + 0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48, + 0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b, + 0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6, + 0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d, + 0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b, + 0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4, + 0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67, + 0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25, + 0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2, + 0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32, + 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, + 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46, +}; +static const int sizeof_bench_dilithium_level2_sig = + sizeof(bench_dilithium_level2_sig); +#endif + +#ifndef WOLFSSL_NO_ML_DSA_65 +static const unsigned char bench_dilithium_level3_sig[] = { + 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, + 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, + 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, + 0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04, + 0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca, + 0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7, + 0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99, + 0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66, + 0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2, + 0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb, + 0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a, + 0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74, + 0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd, + 0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b, + 0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13, + 0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47, + 0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b, + 0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3, + 0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0, + 0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46, + 0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35, + 0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1, + 0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73, + 0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87, + 0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe, + 0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa, + 0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10, + 0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1, + 0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8, + 0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde, + 0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f, + 0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12, + 0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e, + 0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e, + 0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2, + 0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9, + 0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89, + 0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf, + 0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9, + 0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45, + 0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a, + 0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33, + 0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad, + 0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd, + 0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8, + 0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25, + 0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd, + 0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8, + 0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a, + 0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd, + 0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d, + 0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84, + 0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba, + 0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90, + 0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49, + 0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c, + 0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05, + 0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a, + 0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5, + 0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75, + 0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f, + 0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61, + 0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e, + 0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72, + 0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e, + 0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9, + 0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6, + 0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4, + 0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1, + 0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99, + 0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6, + 0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e, + 0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c, + 0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea, + 0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62, + 0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca, + 0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b, + 0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78, + 0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab, + 0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4, + 0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20, + 0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92, + 0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80, + 0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb, + 0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3, + 0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5, + 0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74, + 0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7, + 0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20, + 0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7, + 0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02, + 0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4, + 0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6, + 0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf, + 0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94, + 0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76, + 0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f, + 0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74, + 0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88, + 0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08, + 0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57, + 0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04, + 0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16, + 0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07, + 0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45, + 0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5, + 0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5, + 0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7, + 0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d, + 0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16, + 0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1, + 0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82, + 0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d, + 0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47, + 0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11, + 0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f, + 0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc, + 0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69, + 0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50, + 0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1, + 0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74, + 0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8, + 0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92, + 0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5, + 0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d, + 0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7, + 0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f, + 0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42, + 0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4, + 0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2, + 0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36, + 0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30, + 0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68, + 0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41, + 0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0, + 0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce, + 0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce, + 0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c, + 0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83, + 0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9, + 0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca, + 0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec, + 0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15, + 0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e, + 0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab, + 0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34, + 0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03, + 0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0, + 0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea, + 0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7, + 0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32, + 0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8, + 0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9, + 0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce, + 0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee, + 0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe, + 0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e, + 0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8, + 0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7, + 0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a, + 0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98, + 0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47, + 0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe, + 0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5, + 0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74, + 0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e, + 0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92, + 0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12, + 0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab, + 0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25, + 0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80, + 0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55, + 0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0, + 0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20, + 0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda, + 0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76, + 0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b, + 0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e, + 0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7, + 0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1, + 0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5, + 0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f, + 0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15, + 0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94, + 0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7, + 0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12, + 0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd, + 0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7, + 0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b, + 0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68, + 0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e, + 0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98, + 0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61, + 0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6, + 0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5, + 0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89, + 0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7, + 0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7, + 0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd, + 0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37, + 0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e, + 0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff, + 0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e, + 0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb, + 0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8, + 0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2, + 0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20, + 0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73, + 0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e, + 0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1, + 0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1, + 0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c, + 0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3, + 0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42, + 0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21, + 0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f, + 0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb, + 0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76, + 0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66, + 0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36, + 0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8, + 0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee, + 0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10, + 0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1, + 0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec, + 0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f, + 0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61, + 0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9, + 0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0, + 0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06, + 0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b, + 0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07, + 0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31, + 0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12, + 0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab, + 0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73, + 0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6, + 0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe, + 0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7, + 0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12, + 0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8, + 0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69, + 0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43, + 0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26, + 0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0, + 0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61, + 0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45, + 0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83, + 0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63, + 0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e, + 0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9, + 0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad, + 0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52, + 0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9, + 0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f, + 0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4, + 0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d, + 0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73, + 0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a, + 0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe, + 0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd, + 0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24, + 0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf, + 0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3, + 0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38, + 0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e, + 0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b, + 0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38, + 0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c, + 0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3, + 0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb, + 0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2, + 0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44, + 0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33, + 0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25, + 0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27, + 0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a, + 0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2, + 0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d, + 0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d, + 0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd, + 0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d, + 0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01, + 0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91, + 0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86, + 0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d, + 0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69, + 0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f, + 0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21, + 0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4, + 0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89, + 0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05, + 0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c, + 0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf, + 0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3, + 0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d, + 0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42, + 0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7, + 0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20, + 0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0, + 0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6, + 0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5, + 0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9, + 0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8, + 0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f, + 0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a, + 0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a, + 0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16, + 0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33, + 0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76, + 0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8, + 0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde, + 0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7, + 0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00, + 0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92, + 0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d, + 0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4, + 0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7, + 0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a, + 0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef, + 0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba, + 0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12, + 0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1, + 0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46, + 0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2, + 0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5, + 0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d, + 0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e, + 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28, +}; +static const int sizeof_bench_dilithium_level3_sig = + sizeof(bench_dilithium_level3_sig); +#endif + +#ifndef WOLFSSL_NO_ML_DSA_87 +static const unsigned char bench_dilithium_level5_sig[] = { + 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, + 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, + 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, + 0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57, + 0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35, + 0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70, + 0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94, + 0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d, + 0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47, + 0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e, + 0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4, + 0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37, + 0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d, + 0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84, + 0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a, + 0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41, + 0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe, + 0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c, + 0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8, + 0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3, + 0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8, + 0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a, + 0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb, + 0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f, + 0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe, + 0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28, + 0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80, + 0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51, + 0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65, + 0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d, + 0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95, + 0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae, + 0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4, + 0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f, + 0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0, + 0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1, + 0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19, + 0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21, + 0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd, + 0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0, + 0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f, + 0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e, + 0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab, + 0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70, + 0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e, + 0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88, + 0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff, + 0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14, + 0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc, + 0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6, + 0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f, + 0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34, + 0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0, + 0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1, + 0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e, + 0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e, + 0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44, + 0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba, + 0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3, + 0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6, + 0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c, + 0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c, + 0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a, + 0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc, + 0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6, + 0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba, + 0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b, + 0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00, + 0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f, + 0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71, + 0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf, + 0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7, + 0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75, + 0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f, + 0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d, + 0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85, + 0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0, + 0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7, + 0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b, + 0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94, + 0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3, + 0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63, + 0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69, + 0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf, + 0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16, + 0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a, + 0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0, + 0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f, + 0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96, + 0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a, + 0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87, + 0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9, + 0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01, + 0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70, + 0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b, + 0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb, + 0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec, + 0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9, + 0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d, + 0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8, + 0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57, + 0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e, + 0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb, + 0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c, + 0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde, + 0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b, + 0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53, + 0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81, + 0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76, + 0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9, + 0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9, + 0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c, + 0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a, + 0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d, + 0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde, + 0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a, + 0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb, + 0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70, + 0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25, + 0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac, + 0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3, + 0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6, + 0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f, + 0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c, + 0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07, + 0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63, + 0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a, + 0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c, + 0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d, + 0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7, + 0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74, + 0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36, + 0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81, + 0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68, + 0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40, + 0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14, + 0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90, + 0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2, + 0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d, + 0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc, + 0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8, + 0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3, + 0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c, + 0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e, + 0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45, + 0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e, + 0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1, + 0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c, + 0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4, + 0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66, + 0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58, + 0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d, + 0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a, + 0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57, + 0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9, + 0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62, + 0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6, + 0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb, + 0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9, + 0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55, + 0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8, + 0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08, + 0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18, + 0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f, + 0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6, + 0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0, + 0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1, + 0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6, + 0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57, + 0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17, + 0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48, + 0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85, + 0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d, + 0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f, + 0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88, + 0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66, + 0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51, + 0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57, + 0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98, + 0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b, + 0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe, + 0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00, + 0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32, + 0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04, + 0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff, + 0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54, + 0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65, + 0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17, + 0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5, + 0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d, + 0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72, + 0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51, + 0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3, + 0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02, + 0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c, + 0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06, + 0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b, + 0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6, + 0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44, + 0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7, + 0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89, + 0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52, + 0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1, + 0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98, + 0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0, + 0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab, + 0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab, + 0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0, + 0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83, + 0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84, + 0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b, + 0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a, + 0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec, + 0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46, + 0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5, + 0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00, + 0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd, + 0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92, + 0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6, + 0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5, + 0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c, + 0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c, + 0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57, + 0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7, + 0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78, + 0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57, + 0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04, + 0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed, + 0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc, + 0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d, + 0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71, + 0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d, + 0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e, + 0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6, + 0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7, + 0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3, + 0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f, + 0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a, + 0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6, + 0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56, + 0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7, + 0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b, + 0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d, + 0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef, + 0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9, + 0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21, + 0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0, + 0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c, + 0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1, + 0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9, + 0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90, + 0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76, + 0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35, + 0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4, + 0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb, + 0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a, + 0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07, + 0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b, + 0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc, + 0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e, + 0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92, + 0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64, + 0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12, + 0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f, + 0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88, + 0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a, + 0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20, + 0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8, + 0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25, + 0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4, + 0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d, + 0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0, + 0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8, + 0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f, + 0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0, + 0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1, + 0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb, + 0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f, + 0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e, + 0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b, + 0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b, + 0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d, + 0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d, + 0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd, + 0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6, + 0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68, + 0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38, + 0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49, + 0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5, + 0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7, + 0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81, + 0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0, + 0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1, + 0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c, + 0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad, + 0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81, + 0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e, + 0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1, + 0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56, + 0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f, + 0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2, + 0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88, + 0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6, + 0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67, + 0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92, + 0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a, + 0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75, + 0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2, + 0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63, + 0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b, + 0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86, + 0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83, + 0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa, + 0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10, + 0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5, + 0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07, + 0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b, + 0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27, + 0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21, + 0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e, + 0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00, + 0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d, + 0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55, + 0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc, + 0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81, + 0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2, + 0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb, + 0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01, + 0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe, + 0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc, + 0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f, + 0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24, + 0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52, + 0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45, + 0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c, + 0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c, + 0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2, + 0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb, + 0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b, + 0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c, + 0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b, + 0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c, + 0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe, + 0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8, + 0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf, + 0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b, + 0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40, + 0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b, + 0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1, + 0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0, + 0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe, + 0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f, + 0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95, + 0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f, + 0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b, + 0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2, + 0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e, + 0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6, + 0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d, + 0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44, + 0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6, + 0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e, + 0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11, + 0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55, + 0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19, + 0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d, + 0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e, + 0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c, + 0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4, + 0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9, + 0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78, + 0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2, + 0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31, + 0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e, + 0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12, + 0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca, + 0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06, + 0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53, + 0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a, + 0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59, + 0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87, + 0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1, + 0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a, + 0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05, + 0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d, + 0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93, + 0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83, + 0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c, + 0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80, + 0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0, + 0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e, + 0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37, + 0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01, + 0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72, + 0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae, + 0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6, + 0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31, + 0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b, + 0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a, + 0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74, + 0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70, + 0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0, + 0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00, + 0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69, + 0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e, + 0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30, + 0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80, + 0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25, + 0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9, + 0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf, + 0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47, + 0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2, + 0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31, + 0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5, + 0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86, + 0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b, + 0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1, + 0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e, + 0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e, + 0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65, + 0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19, + 0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3, + 0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24, + 0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa, + 0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62, + 0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd, + 0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70, + 0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a, + 0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1, + 0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d, + 0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b, + 0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c, + 0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17, + 0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72, + 0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7, + 0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03, + 0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39, + 0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd, + 0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd, + 0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63, + 0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b, + 0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d, + 0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2, + 0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9, + 0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c, + 0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e, + 0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde, + 0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6, + 0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0, + 0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f, + 0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e, + 0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18, + 0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b, + 0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44, + 0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf, + 0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1, + 0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2, + 0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c, + 0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38, + 0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8, + 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f, +}; +static const int sizeof_bench_dilithium_level5_sig = + sizeof(bench_dilithium_level5_sig); +#endif + +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + + void bench_dilithiumKeySign(byte level) { int ret = 0; dilithium_key key; double start; int i, count; +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) byte sig[DILITHIUM_MAX_SIG_SIZE]; byte msg[512]; word32 x = 0; +#endif const char**desc = bench_desc_words[lng_index]; DECLARE_MULTI_VALUE_STATS_VARS() + byte params = 0; + + if (level == 2) { + params = 44; + } + else if (level == 3) { + params = 65; + } + else if (level == 5) { + params = 87; + } + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) { + msg[i] = (byte)i; + } +#endif ret = wc_dilithium_init(&key); if (ret != 0) { @@ -12486,46 +13695,77 @@ void bench_dilithiumKeySign(byte level) printf("wc_dilithium_set_level() failed %d\n", ret); } - if (ret == 0) { - ret = -1; - if (level == 2) { - ret = wc_dilithium_import_private_key(bench_dilithium_level2_key, - sizeof_bench_dilithium_level2_key, NULL, 0, &key); - } - else if (level == 3) { - ret = wc_dilithium_import_private_key(bench_dilithium_level3_key, - sizeof_bench_dilithium_level3_key, NULL, 0, &key); - } - else if (level == 5) { - ret = wc_dilithium_import_private_key(bench_dilithium_level5_key, - sizeof_bench_dilithium_level5_key, NULL, 0, &key); +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + ret = wc_dilithium_make_key(&key, GLOBAL_RNG); + if (ret != 0) { + printf("wc_dilithium_import_private_key failed %d\n", ret); + return; + } } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); - if (ret != 0) { - printf("wc_dilithium_import_private_key failed %d\n", ret); - } + if (ret == 0) { + bench_stats_asym_finish("ML-DSA", params, desc[2], 0, count, + start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif } - /* make dummy msg */ - for (i = 0; i < (int)sizeof(msg); i++) { - msg[i] = (byte)i; +#elif !defined WOLFSSL_DILITHIUM_NO_SIGN + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (level == 2) { + ret = wc_dilithium_import_private(bench_dilithium_level2_key, + sizeof_bench_dilithium_level2_key, &key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (level == 3) { + ret = wc_dilithium_import_private(bench_dilithium_level3_key, + sizeof_bench_dilithium_level3_key, &key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (level == 5) { + ret = wc_dilithium_import_private(bench_dilithium_level5_key, + sizeof_bench_dilithium_level5_key, &key); + } +#endif + if (ret != 0) { + printf("Failed to load private key\n"); + return; + } + +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + if (level == 2) { + x = DILITHIUM_LEVEL2_SIG_SIZE; + } + else if (level == 3) { + x = DILITHIUM_LEVEL3_SIG_SIZE; + } + else { + x = DILITHIUM_LEVEL5_SIG_SIZE; } + RESET_MULTI_VALUE_STATS_VARS(); + bench_stats_start(&count, &start); do { for (i = 0; i < agreeTimes; i++) { if (ret == 0) { - if (level == 2) { - x = DILITHIUM_LEVEL2_SIG_SIZE; - } - else if (level == 3) { - x = DILITHIUM_LEVEL3_SIG_SIZE; - } - else { - x = DILITHIUM_LEVEL5_SIG_SIZE; - } - - ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG); + ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, + GLOBAL_RNG); if (ret != 0) { printf("wc_dilithium_sign_msg failed\n"); } @@ -12540,13 +13780,57 @@ void bench_dilithiumKeySign(byte level) ); if (ret == 0) { - bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count, start, + bench_stats_asym_finish("ML-DSA", params, desc[4], 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif } +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + (defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)) + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (level == 2) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level2_sig; + XMEMCPY(sig, bench_dilithium_level2_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey, + sizeof_bench_dilithium_level2_pubkey, &key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (level == 3) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level3_sig; + XMEMCPY(sig, bench_dilithium_level3_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey, + sizeof_bench_dilithium_level3_pubkey, &key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (level == 5) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level5_sig; + XMEMCPY(sig, bench_dilithium_level5_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey, + sizeof_bench_dilithium_level5_pubkey, &key); + } +#endif + if (ret != 0) { + printf("Failed to load public key\n"); + return; + } + +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY RESET_MULTI_VALUE_STATS_VARS(); bench_stats_start(&count, &start); @@ -12573,12 +13857,13 @@ void bench_dilithiumKeySign(byte level) ); if (ret == 0) { - bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count, start, + bench_stats_asym_finish("ML-DSA", params, desc[5], 0, count, start, ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif } +#endif wc_dilithium_free(&key); } @@ -12741,7 +14026,6 @@ void bench_sphincsKeySign(byte level, byte optim) wc_sphincs_free(&key); } #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ #if defined(_WIN32) && !defined(INTIME_RTOS) @@ -12801,7 +14085,13 @@ void bench_sphincsKeySign(byte level, byte optim) #elif defined(FREERTOS) - #include "task.h" + #ifdef PLATFORMIO + #include + #include + #else + #include "task.h" + #endif + #if defined(WOLFSSL_ESPIDF) /* prototype definition */ int construct_argv(); @@ -12861,9 +14151,9 @@ void bench_sphincsKeySign(byte level, byte optim) typiclly in app_startup.c */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "tickCount = %lu", tickCount); + ESP_LOGV(TAG, "tickCount = %d", tickCount); if (tickCount == last_tickCount) { - ESP_LOGW(TAG, "last_tickCount unchanged? %lu", tickCount); + ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount); } if (tickCount < last_tickCount) { @@ -12873,13 +14163,13 @@ void bench_sphincsKeySign(byte level, byte optim) if (reset) { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "Assign last_tickCount = %lu", tickCount); + ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount); #endif last_tickCount = tickCount; } else { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "No Reset last_tickCount = %lu", tickCount); + ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount); #endif } @@ -12903,10 +14193,13 @@ void bench_sphincsKeySign(byte level, byte optim) * Use care when repeatedly calling calling. See implementation. */ double current_time(int reset) { - portTickType tickCount; - /* tick count == ms, if configTICK_RATE_HZ is set to 1000 */ - tickCount = xTaskGetTickCount(); + portTickType tickCount = xTaskGetTickCount(); + /* if configTICK_RATE_HZ is available use if (default is 1000) */ + #ifdef configTICK_RATE_HZ + return (double)tickCount / configTICK_RATE_HZ; + #else return (double)tickCount / 1000; + #endif } #endif @@ -13265,14 +14558,15 @@ static void Usage(void) print_alg(bench_asym_opt[i].str, &line); for (i=0; bench_other_opt[i].str != NULL; i++) print_alg(bench_other_opt[i].str, &line); -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) +#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) for (i=0; bench_pq_asym_opt[i].str != NULL; i++) print_alg(bench_pq_asym_opt[i].str, &line); -#if defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS) +#if defined(HAVE_SPHINCS) for (i=0; bench_pq_asym_opt2[i].str != NULL; i++) print_alg(bench_pq_asym_opt2[i].str, &line); -#endif /* HAVE_LIBOQS && HAVE_SPHINCS */ -#endif /* HAVE_PQC */ +#endif /* HAVE_SPHINCS */ +#endif #if defined(BENCH_PQ_STATEFUL_HBS) for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++) print_alg(bench_pq_hash_sig_opt[i].str, &line); @@ -13413,6 +14707,10 @@ int wolfcrypt_benchmark_main(int argc, char** argv) #endif else if (string_matches(argv[1], "-dgst_full")) digest_stream = 0; +#ifdef HAVE_CHACHA + else if (string_matches(argv[1], "-enc_only")) + encrypt_only = 1; +#endif #ifndef NO_RSA else if (string_matches(argv[1], "-rsa_sign")) rsa_sign_verify = 1; @@ -13539,7 +14837,8 @@ int wolfcrypt_benchmark_main(int argc, char** argv) optMatched = 1; } } - #if defined(HAVE_PQC) && defined(HAVE_LIBOQS) + #if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) /* Known asymmetric post-quantum algorithms */ for (i=0; !optMatched && bench_pq_asym_opt[i].str != NULL; i++) { if (string_matches(argv[1], bench_pq_asym_opt[i].str)) { @@ -13567,7 +14866,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv) } } #endif - #endif /* HAVE_PQC */ + #endif /* Other known cryptographic algorithms */ for (i=0; !optMatched && bench_other_opt[i].str != NULL; i++) { if (string_matches(argv[1], bench_other_opt[i].str)) { diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h index b814a94763..5116dbe3dd 100644 --- a/wolfcrypt/benchmark/benchmark.h +++ b/wolfcrypt/benchmark/benchmark.h @@ -1,6 +1,6 @@ /* wolfcrypt/benchmark/benchmark.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e9716bcd8b..93f91816b4 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,15 +39,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits /* Tip: Locate the software cipher modes by searching for "Software AES" */ -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - +#if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$g") - #pragma const_seg(".fipsB$g") + #pragma code_seg(".fipsA$b") + #pragma const_seg(".fipsB$b") #endif #endif @@ -97,7 +95,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif -#ifndef WOLFSSL_ARMASM +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) #ifdef WOLFSSL_IMX6_CAAM_BLOB /* case of possibly not using hardware acceleration for AES but using key @@ -114,6 +112,15 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #pragma warning(disable: 4127) #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000002 }; + int wolfCrypt_FIPS_AES_sanity(void) + { + return 0; + } +#endif + /* Define AES implementation includes and functions */ #if defined(STM32_CRYPTO) /* STM32F2/F4/F7/L4/L5/H7/WB55 hardware AES support for ECB, CBC, CTR and GCM modes */ @@ -720,7 +727,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits return MEMORY_E; #endif - if (AES_set_encrypt_key_AESNI(userKey,bits,temp_key) == BAD_FUNC_ARG) { + if (AES_set_encrypt_key_AESNI(userKey,bits,temp_key) + == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { #ifdef WOLFSSL_SMALL_STACK XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES); #endif @@ -960,6 +968,9 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ +#elif defined(WOLFSSL_RISCV_ASM) +/* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ + #else /* using wolfCrypt software implementation */ @@ -1908,6 +1919,7 @@ static word32 GetTable8_4(const byte* t, byte o0, byte o1, byte o2, byte o3) ((word32)(t)[o2] << 8) | ((word32)(t)[o3] << 0)) #endif +#ifndef HAVE_CUDA /* Encrypt a block using AES. * * @param [in] aes AES object. @@ -1922,7 +1934,7 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, word32 t0, t1, t2, t3; const word32* rk; -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK rk = aes->key_C_fallback; #else rk = aes->key; @@ -2208,6 +2220,11 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) } } #endif +#else +extern void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, + word32 r); +extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz); +#endif /* HAVE_CUDA */ #else @@ -2703,6 +2720,7 @@ static void bs_encrypt(bs_word* state, bs_word* rk, word32 r) bs_inv_transpose(state, trans); } +#ifndef HAVE_CUDA /* Encrypt a block using AES. * * @param [in] aes AES object. @@ -2754,6 +2772,11 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) } } #endif +#else +extern void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, + word32 r); +extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz); +#endif /* HAVE_CUDA */ #endif /* !WC_AES_BITSLICED */ @@ -2926,7 +2949,7 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, word32 t0, t1, t2, t3; const word32* rk; -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK rk = aes->key_C_fallback; #else rk = aes->key; @@ -4066,7 +4089,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( */ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) { -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK word32* rk = aes->key_C_fallback; #else word32* rk = aes->key; @@ -4227,7 +4250,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) if (dir == AES_DECRYPTION) { unsigned int j; -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK rk = aes->key_C_fallback; #else rk = aes->key; @@ -4298,6 +4321,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif /* NEED_AES_TABLES */ +#ifndef WOLFSSL_RISCV_ASM /* Software AES - SetKey */ static WARN_UNUSED_RESULT int wc_AesSetKeyLocal( Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir, @@ -4436,11 +4460,11 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) if (ret != 0) return ret; -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK #ifdef NEED_AES_TABLES AesSetKey_C(aes, userKey, keylen, dir); #endif /* NEED_AES_TABLES */ -#endif /* WC_AES_C_DYNAMIC_FALLBACK */ +#endif /* WC_C_DYNAMIC_FALLBACK */ #ifdef WOLFSSL_AESNI aes->use_aesni = 0; @@ -4469,13 +4493,13 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) if (ret == 0) aes->use_aesni = 1; else { -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK ret = 0; #endif } return ret; } else { -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK return 0; #else return ret; @@ -4611,6 +4635,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); } /* wc_AesSetKey() */ +#endif #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) /* AES-CTR and AES-DIRECT need to use this for key setup */ @@ -4661,7 +4686,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #ifdef WOLFSSL_AESNI -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK #define VECTOR_REGISTERS_PUSH { \ int orig_use_aesni = aes->use_aesni; \ @@ -5490,7 +5515,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif { int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -5659,7 +5684,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif { int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -6037,6 +6062,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int ret = 0; word32 processed; + XMEMSET(scratch, 0, sizeof(scratch)); + if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } @@ -6047,7 +6074,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif { int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -6144,13 +6171,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return BAD_FUNC_ARG; } - return wc_AesSetKeyLocal(aes, key, len, iv, dir, 0); + return wc_AesSetKey(aes, key, len, iv, dir); } #endif /* NEED_AES_CTR_SOFT */ #endif /* WOLFSSL_AES_COUNTER */ -#endif /* !WOLFSSL_ARMASM */ +#endif /* !WOLFSSL_ARMASM && ! WOLFSSL_RISCV_ASM */ /* @@ -6200,6 +6227,9 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #ifdef WOLFSSL_ARMASM /* implementation is located in wolfcrypt/src/port/arm/armv8-aes.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ + #elif defined(WOLFSSL_AFALG) /* implemented in wolfcrypt/src/port/afalg/afalg_aes.c */ @@ -6381,7 +6411,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) if (!((len == 16) || (len == 24) || (len == 32))) return BAD_FUNC_ARG; - if (aes == NULL) { + if (aes == NULL || key == NULL) { #ifdef WOLFSSL_IMX6_CAAM_BLOB ForceZero(local, sizeof(local)); #endif @@ -8278,7 +8308,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, int ret; /* argument checks */ - if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) { + if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || + ((authTagSz > 0) && (authTag == NULL)) || + ((authInSz > 0) && (authIn == NULL))) + { return BAD_FUNC_ARG; } @@ -8295,7 +8328,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, int crypto_cb_ret = wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -8407,8 +8440,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 || - ivSz == 0) { - + ivSz == 0 || ((authInSz > 0) && (authIn == NULL))) + { return BAD_FUNC_ARG; } @@ -8838,7 +8871,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, { int ret; #ifdef WOLFSSL_AESNI - int res = AES_GCM_AUTH_E; + int res = WC_NO_ERR_TRACE(AES_GCM_AUTH_E); #endif /* argument checks */ @@ -8859,7 +8892,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, int crypto_cb_ret = wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -10457,6 +10490,9 @@ int wc_AesCcmCheckTagSize(int sz) #ifdef WOLFSSL_ARMASM /* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implementation located in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ + #elif defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't currently support AES-CCM mode" @@ -10728,6 +10764,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, authTagSz > AES_BLOCK_SIZE) return BAD_FUNC_ARG; + /* Sanity check on authIn to prevent segfault in xorbuf() where + * variable 'in' is dereferenced as the mask 'm' in misc.c */ + if (authIn == NULL && authInSz > 0) + return BAD_FUNC_ARG; + /* sanity check on tag size */ if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG; @@ -10741,7 +10782,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, int crypto_cb_ret = wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -10870,6 +10911,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, authTagSz > AES_BLOCK_SIZE) return BAD_FUNC_ARG; + /* Sanity check on authIn to prevent segfault in xorbuf() where + * variable 'in' is dereferenced as the mask 'm' in misc.c */ + if (authIn == NULL && authInSz > 0) + return BAD_FUNC_ARG; + /* sanity check on tag size */ if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG; @@ -10883,7 +10929,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, int crypto_cb_ret = wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz); - if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE) + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return crypto_cb_ret; /* fall-through when unavailable */ } @@ -11261,10 +11307,8 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - if (aes->streamData != NULL) { - XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); - aes->streamData = NULL; - } + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + aes->streamData = NULL; #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -11354,6 +11398,9 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #elif defined(WOLFSSL_DEVCRYPTO_AES) /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */ + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) /* Software AES - ECB */ @@ -11388,7 +11435,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( #endif { ret = wc_CryptoCb_AesEcbEncrypt(aes, out, in, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; ret = 0; /* fall-through when unavailable */ @@ -11428,6 +11475,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( return ret; } +#ifdef HAVE_AES_DECRYPT static WARN_UNUSED_RESULT int _AesEcbDecrypt( Aes* aes, byte* out, const byte* in, word32 sz) { @@ -11439,7 +11487,7 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( #endif { ret = wc_CryptoCb_AesEcbDecrypt(aes, out, in, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; ret = 0; /* fall-through when unavailable */ @@ -11478,6 +11526,7 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( return ret; } +#endif int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { @@ -11490,6 +11539,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return _AesEcbEncrypt(aes, out, in, sz); } +#ifdef HAVE_AES_DECRYPT int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { if ((in == NULL) || (out == NULL) || (aes == NULL)) @@ -11500,6 +11550,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return _AesEcbDecrypt(aes, out, in, sz); } +#endif /* HAVE_AES_DECRYPT */ #endif #endif /* HAVE_AES_ECB */ @@ -11863,7 +11914,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1( } if (ret == 0) { - if (bit > 0 && bit < 7) { + if (bit >= 0 && bit < 7) { out[0] = cur; } } @@ -12117,8 +12168,7 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, out: #ifdef WOLFSSL_SMALL_STACK - if (aes != NULL) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif return ret; @@ -12236,8 +12286,7 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, out: #ifdef WOLFSSL_SMALL_STACK - if (aes) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif return ret; @@ -12313,12 +12362,16 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) return BAD_FUNC_ARG; } - keySz = len/2; - if (keySz != AES_128_KEY_SIZE && keySz != AES_256_KEY_SIZE) { + if ((len != (AES_128_KEY_SIZE*2)) && + (len != (AES_192_KEY_SIZE*2)) && + (len != (AES_256_KEY_SIZE*2))) + { WOLFSSL_MSG("Unsupported key size"); return WC_KEY_SIZE_E; } + keySz = len/2; + #ifdef HAVE_FIPS if (XMEMCMP(key, key + keySz, keySz) == 0) { WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ"); @@ -12350,7 +12403,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) #ifdef WOLFSSL_AESNI if (ret == 0) { - /* With WC_AES_C_DYNAMIC_FALLBACK, the main and tweak keys could have + /* With WC_C_DYNAMIC_FALLBACK, the main and tweak keys could have * conflicting _aesni status, but the AES-XTS asm implementations need * them to all be AESNI. If any aren't, disable AESNI on all. */ @@ -12363,7 +12416,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) (dir == AES_ENCRYPTION_AND_DECRYPTION)) && (aes->aes_decrypt.use_aesni != aes->tweak.use_aesni))) { - #ifdef WC_AES_C_DYNAMIC_FALLBACK + #ifdef WC_C_DYNAMIC_FALLBACK aes->aes.use_aesni = 0; aes->aes_decrypt.use_aesni = 0; aes->tweak.use_aesni = 0; @@ -12373,7 +12426,7 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) } #else /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */ if (aes->aes.use_aesni != aes->tweak.use_aesni) { - #ifdef WC_AES_C_DYNAMIC_FALLBACK + #ifdef WC_C_DYNAMIC_FALLBACK aes->aes.use_aesni = 0; aes->tweak.use_aesni = 0; #else @@ -12502,12 +12555,28 @@ void AES_XTS_encrypt_aesni(const unsigned char *in, unsigned char *out, word32 s const unsigned char* i, const unsigned char* key, const unsigned char* key2, int nr) XASM_LINK("AES_XTS_encrypt_aesni"); +#ifdef WOLFSSL_AESXTS_STREAM +void AES_XTS_init_aesni(unsigned char* i, const unsigned char* tweak_key, + int tweak_nr) + XASM_LINK("AES_XTS_init_aesni"); +void AES_XTS_encrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz, + const unsigned char* key, unsigned char *i, int nr) + XASM_LINK("AES_XTS_encrypt_update_aesni"); +#endif #ifdef HAVE_INTEL_AVX1 void AES_XTS_encrypt_avx1(const unsigned char *in, unsigned char *out, - word32 sz, const unsigned char* i, - const unsigned char* key, const unsigned char* key2, - int nr) - XASM_LINK("AES_XTS_encrypt_avx1"); + word32 sz, const unsigned char* i, + const unsigned char* key, const unsigned char* key2, + int nr) + XASM_LINK("AES_XTS_encrypt_avx1"); +#ifdef WOLFSSL_AESXTS_STREAM +void AES_XTS_init_avx1(unsigned char* i, const unsigned char* tweak_key, + int tweak_nr) + XASM_LINK("AES_XTS_init_avx1"); +void AES_XTS_encrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz, + const unsigned char* key, unsigned char *i, int nr) + XASM_LINK("AES_XTS_encrypt_update_avx1"); +#endif #endif /* HAVE_INTEL_AVX1 */ #ifdef HAVE_AES_DECRYPT @@ -12515,12 +12584,22 @@ void AES_XTS_decrypt_aesni(const unsigned char *in, unsigned char *out, word32 s const unsigned char* i, const unsigned char* key, const unsigned char* key2, int nr) XASM_LINK("AES_XTS_decrypt_aesni"); +#ifdef WOLFSSL_AESXTS_STREAM +void AES_XTS_decrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz, + const unsigned char* key, unsigned char *i, int nr) + XASM_LINK("AES_XTS_decrypt_update_aesni"); +#endif #ifdef HAVE_INTEL_AVX1 void AES_XTS_decrypt_avx1(const unsigned char *in, unsigned char *out, - word32 sz, const unsigned char* i, - const unsigned char* key, const unsigned char* key2, - int nr) - XASM_LINK("AES_XTS_decrypt_avx1"); + word32 sz, const unsigned char* i, + const unsigned char* key, const unsigned char* key2, + int nr) + XASM_LINK("AES_XTS_decrypt_avx1"); +#ifdef WOLFSSL_AESXTS_STREAM +void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz, + const unsigned char* key, unsigned char *i, int nr) + XASM_LINK("AES_XTS_decrypt_update_avx1"); +#endif #endif /* HAVE_INTEL_AVX1 */ #endif /* HAVE_AES_DECRYPT */ @@ -12558,16 +12637,24 @@ static WARN_UNUSED_RESULT int _AesXtsHelper( } xorbuf(out, in, totalSz); +#ifndef WOLFSSL_RISCV_ASM if (dir == AES_ENCRYPTION) { return _AesEcbEncrypt(aes, out, out, totalSz); } else { return _AesEcbDecrypt(aes, out, out, totalSz); } +#else + if (dir == AES_ENCRYPTION) { + return wc_AesEcbEncrypt(aes, out, out, totalSz); + } + else { + return wc_AesEcbDecrypt(aes, out, out, totalSz); + } +#endif } #endif /* HAVE_AES_ECB */ - /* AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing. * * xaes AES keys to use for block encrypt/decrypt @@ -12579,27 +12666,63 @@ static WARN_UNUSED_RESULT int _AesXtsHelper( * returns 0 on success */ /* Software AES - XTS Encrypt */ + +static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, + word32 sz, + byte *i); static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i) { - int ret = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); - Aes *aes = &xaes->aes; - Aes *tweak = &xaes->tweak; - byte tmp[AES_BLOCK_SIZE]; - - XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES - * key setup passed to encrypt direct*/ - - ret = wc_AesEncryptDirect(tweak, tmp, i); + int ret; + byte tweak_block[AES_BLOCK_SIZE]; + ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); if (ret != 0) return ret; + return AesXtsEncryptUpdate_sw(xaes, out, in, sz, tweak_block); +} + +#ifdef WOLFSSL_AESXTS_STREAM + +/* Block-streaming AES-XTS tweak setup. + * + * xaes AES keys to use for block encrypt/decrypt + * i readwrite value to use for tweak + * + * returns 0 on success + */ +static int AesXtsInitTweak_sw(XtsAes* xaes, byte* i) { + return wc_AesEncryptDirect(&xaes->tweak, i, i); +} + +#endif /* WOLFSSL_AESXTS_STREAM */ + +/* Block-streaming AES-XTS. + * + * Supply block-aligned input data with successive calls. Final call need not + * be block aligned. + * + * xaes AES keys to use for block encrypt/decrypt + * out output buffer to hold cipher text + * in input plain text buffer to encrypt + * sz size of both out and in buffers + * + * returns 0 on success + */ +/* Software AES - XTS Encrypt */ +static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, + word32 sz, + byte *i) +{ + int ret = 0; + word32 blocks = (sz / AES_BLOCK_SIZE); + Aes *aes = &xaes->aes; + #ifdef HAVE_AES_ECB /* encrypt all of buffer at once when possible */ if (in != out) { /* can not handle inline */ - XMEMCPY(out, tmp, AES_BLOCK_SIZE); + XMEMCPY(out, i, AES_BLOCK_SIZE); if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0) return ret; } @@ -12616,23 +12739,23 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte buf[AES_BLOCK_SIZE]; XMEMCPY(buf, in, AES_BLOCK_SIZE); - xorbuf(buf, tmp, AES_BLOCK_SIZE); + xorbuf(buf, i, AES_BLOCK_SIZE); ret = wc_AesEncryptDirect(aes, out, buf); if (ret != 0) return ret; } - xorbuf(out, tmp, AES_BLOCK_SIZE); + xorbuf(out, i, AES_BLOCK_SIZE); /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; - tmpC = (tmp[j] >> 7) & 0x01; - tmp[j] = (byte)((tmp[j] << 1) + carry); + tmpC = (i[j] >> 7) & 0x01; + i[j] = (byte)((i[j] << 1) + carry); carry = tmpC; } if (carry) { - tmp[0] ^= GF_XTS; + i[0] ^= GF_XTS; } in += AES_BLOCK_SIZE; @@ -12661,10 +12784,10 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, XMEMCPY(out, buf2, sz); } - xorbuf(buf, tmp, AES_BLOCK_SIZE); + xorbuf(buf, i, AES_BLOCK_SIZE); ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf); if (ret == 0) - xorbuf(out - AES_BLOCK_SIZE, tmp, AES_BLOCK_SIZE); + xorbuf(out - AES_BLOCK_SIZE, i, AES_BLOCK_SIZE); } return ret; @@ -12693,6 +12816,17 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } +#if FIPS_VERSION3_GE(6,0,0) + /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is + * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + */ + if (sz > FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) { + WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E"); + return BAD_FUNC_ARG; + } +#endif + aes = &xaes->aes; if (aes->keylen == 0) { @@ -12711,19 +12845,8 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, { #ifdef WOLFSSL_AESNI -#ifdef WC_AES_C_DYNAMIC_FALLBACK - int orig_use_aesni = aes->use_aesni; -#endif - - if (aes->use_aesni && ((ret = SAVE_VECTOR_REGISTERS2()) != 0)) { -#ifdef WC_AES_C_DYNAMIC_FALLBACK - aes->use_aesni = 0; - xaes->tweak.use_aesni = 0; -#else - return ret; -#endif - } if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); #if defined(HAVE_INTEL_AVX1) if (IS_INTEL_AVX1(intel_flags)) { AES_XTS_encrypt_avx1(in, out, sz, i, @@ -12741,28 +12864,212 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, (int)aes->rounds); ret = 0; } + RESTORE_VECTOR_REGISTERS(); } else #endif { ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); } + } + return ret; +} + +#ifdef WOLFSSL_AESXTS_STREAM + +/* Block-streaming AES-XTS. + * + * xaes AES keys to use for block encrypt/decrypt + * i readwrite value to use for tweak + * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * adds a sanity check on how the user calls the function. + * + * returns 0 on success + */ +int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream) +{ + int ret; + + Aes *aes; + + if ((xaes == NULL) || (i == NULL) || (stream == NULL)) { + return BAD_FUNC_ARG; + } + + if (iSz < AES_BLOCK_SIZE) { + return BAD_FUNC_ARG; + } + + aes = &xaes->aes; + + if (aes->keylen == 0) { + WOLFSSL_MSG("wc_AesXtsEncrypt called with unset encryption key."); + return BAD_FUNC_ARG; + } + + XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE); + stream->bytes_crypted_with_this_tweak = 0; + + { #ifdef WOLFSSL_AESNI - if (aes->use_aesni) + if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + AES_XTS_init_avx1(stream->tweak_block, + (const byte*)xaes->tweak.key, + (int)xaes->tweak.rounds); + ret = 0; + } + else +#endif + { + AES_XTS_init_aesni(stream->tweak_block, + (const byte*)xaes->tweak.key, + (int)xaes->tweak.rounds); + ret = 0; + } RESTORE_VECTOR_REGISTERS(); -#ifdef WC_AES_C_DYNAMIC_FALLBACK - else if (orig_use_aesni) { - aes->use_aesni = orig_use_aesni; - xaes->tweak.use_aesni = orig_use_aesni; } + else +#endif /* WOLFSSL_AESNI */ + { + ret = AesXtsInitTweak_sw(xaes, stream->tweak_block); + } + } + + return ret; +} + +/* Block-streaming AES-XTS + * + * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple + * of AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate(). + * wc_AesXtsEncryptFinal() can handle any length >= AES_BLOCK_SIZE. + * + * xaes AES keys to use for block encrypt/decrypt + * out output buffer to hold cipher text + * in input plain text buffer to encrypt + * sz size of both out and in buffers -- must be >= AES_BLOCK_SIZE. + * i value to use for tweak + * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * adds a sanity check on how the user calls the function. + * + * returns 0 on success + */ +static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + int ret; + +#ifdef WOLFSSL_AESNI + Aes *aes; #endif + + if (xaes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_AESNI + aes = &xaes->aes; #endif + + if (sz < AES_BLOCK_SIZE) { + WOLFSSL_MSG("Plain text input too small for encryption"); + return BAD_FUNC_ARG; + } + + if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U)) + { + WOLFSSL_MSG("Call to AesXtsEncryptUpdate after previous finalizing call"); + return BAD_FUNC_ARG; } +#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING + (void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz, + stream->bytes_crypted_with_this_tweak); +#endif +#if FIPS_VERSION3_GE(6,0,0) + /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is + * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + */ + if (stream->bytes_crypted_with_this_tweak > + FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) + { + WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E"); + return BAD_FUNC_ARG; + } +#endif + { +#ifdef WOLFSSL_AESNI + if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + AES_XTS_encrypt_update_avx1(in, out, sz, + (const byte*)aes->key, + stream->tweak_block, + (int)aes->rounds); + ret = 0; + } + else +#endif + { + AES_XTS_encrypt_update_aesni(in, out, sz, + (const byte*)aes->key, + stream->tweak_block, + (int)aes->rounds); + ret = 0; + } + RESTORE_VECTOR_REGISTERS(); + } + else +#endif /* WOLFSSL_AESNI */ + { + ret = AesXtsEncryptUpdate_sw(xaes, out, in, sz, stream->tweak_block); + } + } + + return ret; +} + +int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + if (stream == NULL) + return BAD_FUNC_ARG; + if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + return BAD_FUNC_ARG; + return AesXtsEncryptUpdate(xaes, out, in, sz, stream); +} + +int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + int ret; + if (stream == NULL) + return BAD_FUNC_ARG; + if (sz > 0) + ret = AesXtsEncryptUpdate(xaes, out, in, sz, stream); + else + ret = 0; + /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate() + * after finalization. + */ + stream->bytes_crypted_with_this_tweak |= 1U; + ForceZero(stream->tweak_block, AES_BLOCK_SIZE); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE); +#endif return ret; } +#endif /* WOLFSSL_AESXTS_STREAM */ + + /* Same process as encryption but use aes_decrypt key. * * xaes AES keys to use for block encrypt/decrypt @@ -12774,8 +13081,41 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, * returns 0 on success */ /* Software AES - XTS Decrypt */ + +static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, + word32 sz, byte *i); + static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i) +{ + int ret; + byte tweak_block[AES_BLOCK_SIZE]; + + ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); + if (ret != 0) + return ret; + + return AesXtsDecryptUpdate_sw(xaes, out, in, sz, tweak_block); +} + +/* Block-streaming AES-XTS. + * + * Same process as encryption but use decrypt key. + * + * Supply block-aligned input data with successive calls. Final call need not + * be block aligned. + * + * xaes AES keys to use for block encrypt/decrypt + * out output buffer to hold plain text + * in input cipher text buffer to decrypt + * sz size of both out and in buffers + * i value to use for tweak + * + * returns 0 on success + */ +/* Software AES - XTS Decrypt */ +static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, + word32 sz, byte *i) { int ret = 0; word32 blocks = (sz / AES_BLOCK_SIZE); @@ -12784,19 +13124,10 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, #else Aes *aes = &xaes->aes; #endif - Aes *tweak = &xaes->tweak; word32 j; byte carry = 0; - byte tmp[AES_BLOCK_SIZE]; byte stl = (sz % AES_BLOCK_SIZE); - XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES - * key setup passed to decrypt direct*/ - - ret = wc_AesEncryptDirect(tweak, tmp, i); - if (ret != 0) - return ret; - /* if Stealing then break out of loop one block early to handle special * case */ if (stl > 0) { @@ -12806,7 +13137,7 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, #ifdef HAVE_AES_ECB /* decrypt all of buffer at once when possible */ if (in != out) { /* can not handle inline */ - XMEMCPY(out, tmp, AES_BLOCK_SIZE); + XMEMCPY(out, i, AES_BLOCK_SIZE); if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0) return ret; } @@ -12820,23 +13151,23 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte buf[AES_BLOCK_SIZE]; XMEMCPY(buf, in, AES_BLOCK_SIZE); - xorbuf(buf, tmp, AES_BLOCK_SIZE); + xorbuf(buf, i, AES_BLOCK_SIZE); ret = wc_AesDecryptDirect(aes, out, buf); if (ret != 0) return ret; } - xorbuf(out, tmp, AES_BLOCK_SIZE); + xorbuf(out, i, AES_BLOCK_SIZE); /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; - tmpC = (tmp[j] >> 7) & 0x01; - tmp[j] = (byte)((tmp[j] << 1) + carry); + tmpC = (i[j] >> 7) & 0x01; + i[j] = (byte)((i[j] << 1) + carry); carry = tmpC; } if (carry) { - tmp[0] ^= GF_XTS; + i[0] ^= GF_XTS; } carry = 0; @@ -12855,8 +13186,8 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; - tmpC = (tmp[j] >> 7) & 0x01; - tmp2[j] = (byte)((tmp[j] << 1) + carry); + tmpC = (i[j] >> 7) & 0x01; + tmp2[j] = (byte)((i[j] << 1) + carry); carry = tmpC; } if (carry) { @@ -12884,11 +13215,11 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, XMEMCPY(buf, in, sz); XMEMCPY(out, tmp2, sz); - xorbuf(buf, tmp, AES_BLOCK_SIZE); + xorbuf(buf, i, AES_BLOCK_SIZE); ret = wc_AesDecryptDirect(aes, tmp2, buf); if (ret != 0) return ret; - xorbuf(tmp2, tmp, AES_BLOCK_SIZE); + xorbuf(tmp2, i, AES_BLOCK_SIZE); XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE); } @@ -12923,6 +13254,14 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, aes = &xaes->aes; #endif +/* FIPS TODO: SP800-38E - Restrict data unit to 2^20 blocks per key. A block is + * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes or + * 134,217,728-bits) Add helpful printout and message along with BAD_FUNC_ARG + * return whenever sz / AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is + * not a sequence of complete blocks. + */ + if (aes->keylen == 0) { WOLFSSL_MSG("wc_AesXtsDecrypt called with unset decryption key."); return BAD_FUNC_ARG; @@ -12939,19 +13278,8 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, { #ifdef WOLFSSL_AESNI -#ifdef WC_AES_C_DYNAMIC_FALLBACK - int orig_use_aesni = aes->use_aesni; -#endif - - if (aes->use_aesni && ((ret = SAVE_VECTOR_REGISTERS2() != 0))) { -#ifdef WC_AES_C_DYNAMIC_FALLBACK - aes->use_aesni = 0; - xaes->tweak.use_aesni = 0; -#else - return ret; -#endif - } if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); #if defined(HAVE_INTEL_AVX1) if (IS_INTEL_AVX1(intel_flags)) { AES_XTS_decrypt_avx1(in, out, sz, i, @@ -12969,6 +13297,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, (int)aes->rounds); ret = 0; } + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -12976,20 +13305,198 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); } + return ret; + } +} + +#ifdef WOLFSSL_AESXTS_STREAM + +/* Same process as encryption but Aes key is AES_DECRYPTION type. + * + * xaes AES keys to use for block encrypt/decrypt + * i readwrite value to use for tweak + * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * adds a sanity check on how the user calls the function. + * + * returns 0 on success + */ +int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream) +{ + int ret; + Aes *aes; + + if (xaes == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + aes = &xaes->aes_decrypt; +#else + aes = &xaes->aes; +#endif + + if (aes->keylen == 0) { + WOLFSSL_MSG("wc_AesXtsDecrypt called with unset decryption key."); + return BAD_FUNC_ARG; + } + + if (iSz < AES_BLOCK_SIZE) { + return BAD_FUNC_ARG; + } + + XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE); + stream->bytes_crypted_with_this_tweak = 0; + + { #ifdef WOLFSSL_AESNI - if (aes->use_aesni) + if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + AES_XTS_init_avx1(stream->tweak_block, + (const byte*)xaes->tweak.key, + (int)xaes->tweak.rounds); + ret = 0; + } + else +#endif + { + AES_XTS_init_aesni(stream->tweak_block, + (const byte*)xaes->tweak.key, + (int)xaes->tweak.rounds); + ret = 0; + } RESTORE_VECTOR_REGISTERS(); -#ifdef WC_AES_C_DYNAMIC_FALLBACK - else if (orig_use_aesni) { - aes->use_aesni = orig_use_aesni; - xaes->tweak.use_aesni = orig_use_aesni; } + else +#endif /* WOLFSSL_AESNI */ + { + ret = AesXtsInitTweak_sw(xaes, stream->tweak_block); + } + + } + + return ret; +} + +/* Block-streaming AES-XTS + * + * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple + * of AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate(). + * wc_AesXtsDecryptFinal() can handle any length >= AES_BLOCK_SIZE. + * + * xaes AES keys to use for block encrypt/decrypt + * out output buffer to hold plain text + * in input cipher text buffer to decrypt + * sz size of both out and in buffers + * i tweak buffer of size AES_BLOCK_SIZE. + * + * returns 0 on success + */ +static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + int ret; +#ifdef WOLFSSL_AESNI + Aes *aes; +#endif + + if (xaes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_AESNI +#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + aes = &xaes->aes_decrypt; +#else + aes = &xaes->aes; #endif #endif - return ret; + if (sz < AES_BLOCK_SIZE) { + WOLFSSL_MSG("Cipher text input too small for decryption"); + return BAD_FUNC_ARG; } + + if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U)) + { + WOLFSSL_MSG("Call to AesXtsDecryptUpdate after previous finalizing call"); + return BAD_FUNC_ARG; + } + +#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING + (void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz, + stream->bytes_crypted_with_this_tweak); +#endif + + { +#ifdef WOLFSSL_AESNI + if (aes->use_aesni) { + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + AES_XTS_decrypt_update_avx1(in, out, sz, + (const byte*)aes->key, + stream->tweak_block, + (int)aes->rounds); + ret = 0; + } + else +#endif + { + AES_XTS_decrypt_update_aesni(in, out, sz, + (const byte*)aes->key, + stream->tweak_block, + (int)aes->rounds); + ret = 0; + } + RESTORE_VECTOR_REGISTERS(); + } + else +#endif /* WOLFSSL_AESNI */ + { + ret = AesXtsDecryptUpdate_sw(xaes, out, in, sz, + stream->tweak_block); + } + } + + return ret; +} + +int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + if (stream == NULL) + return BAD_FUNC_ARG; + if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + return BAD_FUNC_ARG; + return AesXtsDecryptUpdate(xaes, out, in, sz, stream); +} + +int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, + struct XtsAesStreamData *stream) +{ + int ret; + if (stream == NULL) + return BAD_FUNC_ARG; + if (sz > 0) + ret = AesXtsDecryptUpdate(xaes, out, in, sz, stream); + else + ret = 0; + ForceZero(stream->tweak_block, AES_BLOCK_SIZE); + /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate() + * after finalization. + */ + stream->bytes_crypted_with_this_tweak |= 1U; +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE); +#endif + return ret; } + +#endif /* WOLFSSL_AESXTS_STREAM */ + #endif /* !WOLFSSL_ARMASM || WOLFSSL_ARMASM_NO_HW_CRYPTO */ /* Same as wc_AesXtsEncryptSector but the sector gets incremented by one every @@ -13185,9 +13692,7 @@ static WARN_UNUSED_RESULT int S2V( } } #ifdef WOLFSSL_SMALL_STACK - if (cmac != NULL) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif diff --git a/wolfcrypt/src/aes_asm.S b/wolfcrypt/src/aes_asm.S index f961a7975f..c8d3ca703f 100644 --- a/wolfcrypt/src/aes_asm.S +++ b/wolfcrypt/src/aes_asm.S @@ -1,6 +1,6 @@ /* aes_asm.S * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/aes_asm.asm b/wolfcrypt/src/aes_asm.asm index 39d5fdc9bf..c0cb58c636 100644 --- a/wolfcrypt/src/aes_asm.asm +++ b/wolfcrypt/src/aes_asm.asm @@ -1,6 +1,6 @@ ; /* aes_asm.asm ; * -; * Copyright (C) 2006-2023 wolfSSL Inc. +; * Copyright (C) 2006-2024 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * @@ -40,7 +40,7 @@ IFDEF HAVE_FIPS ENDIF IF fips_version GE 2 - fipsAh SEGMENT ALIAS(".fipsA$h") 'CODE' + fipsAb SEGMENT ALIAS(".fipsA$b") 'CODE' ELSE _text SEGMENT ENDIF @@ -1523,7 +1523,7 @@ MAKE_RK256_b: IF fips_version GE 2 - fipsAh ENDS + fipsAb ENDS ELSE _text ENDS ENDIF diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S index 4175888f12..156354c406 100644 --- a/wolfcrypt/src/aes_gcm_asm.S +++ b/wolfcrypt/src/aes_gcm_asm.S @@ -1,6 +1,6 @@ /* aes_gcm_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/aes_gcm_asm.asm b/wolfcrypt/src/aes_gcm_asm.asm index c0e3682fe3..38d3a9872a 100644 --- a/wolfcrypt/src/aes_gcm_asm.asm +++ b/wolfcrypt/src/aes_gcm_asm.asm @@ -1,6 +1,6 @@ ; /* aes_gcm_asm.asm */ ; /* -; * Copyright (C) 2006-2023 wolfSSL Inc. +; * Copyright (C) 2006-2024 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * @@ -116,16 +116,16 @@ AES_GCM_encrypt_aesni PROC mov r15, QWORD PTR [rsp+136] mov r10d, DWORD PTR [rsp+144] sub rsp, 320 - movdqu [rsp+160], xmm6 - movdqu [rsp+176], xmm7 - movdqu [rsp+192], xmm8 - movdqu [rsp+208], xmm9 - movdqu [rsp+224], xmm10 - movdqu [rsp+240], xmm11 - movdqu [rsp+256], xmm12 - movdqu [rsp+272], xmm13 - movdqu [rsp+288], xmm14 - movdqu [rsp+304], xmm15 + movdqu OWORD PTR [rsp+160], xmm6 + movdqu OWORD PTR [rsp+176], xmm7 + movdqu OWORD PTR [rsp+192], xmm8 + movdqu OWORD PTR [rsp+208], xmm9 + movdqu OWORD PTR [rsp+224], xmm10 + movdqu OWORD PTR [rsp+240], xmm11 + movdqu OWORD PTR [rsp+256], xmm12 + movdqu OWORD PTR [rsp+272], xmm13 + movdqu OWORD PTR [rsp+288], xmm14 + movdqu OWORD PTR [rsp+304], xmm15 pxor xmm4, xmm4 pxor xmm6, xmm6 cmp ebx, 12 @@ -189,7 +189,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_12_last: aesenclast xmm5, xmm7 aesenclast xmm1, xmm7 pshufb xmm5, OWORD PTR L_aes_gcm_bswap_mask - movdqu [rsp+144], xmm1 + movdqu OWORD PTR [rsp+144], xmm1 jmp L_AES_GCM_encrypt_aesni_iv_done L_AES_GCM_encrypt_aesni_iv_not_12: ; Calculate values when IV is not 12 bytes @@ -227,7 +227,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last: jl L_AES_GCM_encrypt_aesni_calc_iv_lt16 and edx, 4294967280 L_AES_GCM_encrypt_aesni_calc_iv_16_loop: - movdqu xmm8, [rax+rcx] + movdqu xmm8, OWORD PTR [rax+rcx] pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm8 pshufd xmm1, xmm4, 78 @@ -294,7 +294,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_lt16: sub rsp, 16 pxor xmm8, xmm8 xor ebx, ebx - movdqu [rsp], xmm8 + movdqu OWORD PTR [rsp], xmm8 L_AES_GCM_encrypt_aesni_calc_iv_loop: movzx r13d, BYTE PTR [rax+rcx] mov BYTE PTR [rsp+rbx], r13b @@ -302,7 +302,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_loop: inc ebx cmp ecx, edx jl L_AES_GCM_encrypt_aesni_calc_iv_loop - movdqu xmm8, [rsp] + movdqu xmm8, OWORD PTR [rsp] add rsp, 16 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm8 @@ -446,7 +446,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_done: movdqa xmm9, OWORD PTR [r15+224] L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last: aesenclast xmm8, xmm9 - movdqu [rsp+144], xmm8 + movdqu OWORD PTR [rsp+144], xmm8 L_AES_GCM_encrypt_aesni_iv_done: ; Additional authentication data mov edx, r11d @@ -457,7 +457,7 @@ L_AES_GCM_encrypt_aesni_iv_done: jl L_AES_GCM_encrypt_aesni_calc_aad_lt16 and edx, 4294967280 L_AES_GCM_encrypt_aesni_calc_aad_16_loop: - movdqu xmm8, [r12+rcx] + movdqu xmm8, OWORD PTR [r12+rcx] pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 pshufd xmm1, xmm6, 78 @@ -524,7 +524,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_lt16: sub rsp, 16 pxor xmm8, xmm8 xor ebx, ebx - movdqu [rsp], xmm8 + movdqu OWORD PTR [rsp], xmm8 L_AES_GCM_encrypt_aesni_calc_aad_loop: movzx r13d, BYTE PTR [r12+rcx] mov BYTE PTR [rsp+rbx], r13b @@ -532,7 +532,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_loop: inc ebx cmp ecx, edx jl L_AES_GCM_encrypt_aesni_calc_aad_loop - movdqu xmm8, [rsp] + movdqu xmm8, OWORD PTR [rsp] add rsp, 16 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 @@ -596,7 +596,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: movdqa xmm9, xmm5 paddd xmm4, OWORD PTR L_aes_gcm_one movdqa xmm8, xmm5 - movdqu [rsp+128], xmm4 + movdqu OWORD PTR [rsp+128], xmm4 psrlq xmm9, 63 psllq xmm8, 1 pslldq xmm9, 8 @@ -612,7 +612,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: and r13d, 4294967168 movdqa xmm2, xmm6 ; H ^ 1 - movdqu [rsp], xmm5 + movdqu OWORD PTR [rsp], xmm5 ; H ^ 2 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm5, 78 @@ -654,7 +654,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm0, xmm14 - movdqu [rsp+16], xmm0 + movdqu OWORD PTR [rsp+16], xmm0 ; H ^ 3 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm0, 78 @@ -696,7 +696,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm1, xmm14 - movdqu [rsp+32], xmm1 + movdqu OWORD PTR [rsp+32], xmm1 ; H ^ 4 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm0, 78 @@ -738,7 +738,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm3, xmm14 - movdqu [rsp+48], xmm3 + movdqu OWORD PTR [rsp+48], xmm3 ; H ^ 5 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm1, 78 @@ -780,7 +780,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+64], xmm7 + movdqu OWORD PTR [rsp+64], xmm7 ; H ^ 6 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm1, 78 @@ -822,7 +822,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+80], xmm7 + movdqu OWORD PTR [rsp+80], xmm7 ; H ^ 7 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm3, 78 @@ -864,7 +864,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+96], xmm7 + movdqu OWORD PTR [rsp+96], xmm7 ; H ^ 8 pshufd xmm9, xmm3, 78 pshufd xmm10, xmm3, 78 @@ -906,9 +906,9 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+112], xmm7 + movdqu OWORD PTR [rsp+112], xmm7 ; First 128 bytes of input - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -935,7 +935,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [r15] - movdqu [rsp+128], xmm0 + movdqu OWORD PTR [rsp+128], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -1069,36 +1069,36 @@ L_AES_GCM_encrypt_aesni_calc_aad_done: L_AES_GCM_encrypt_aesni_enc_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [rdi] - movdqu xmm1, [rdi+16] + movdqu xmm0, OWORD PTR [rdi] + movdqu xmm1, OWORD PTR [rdi+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [rsi], xmm8 - movdqu [rsi+16], xmm9 + movdqu OWORD PTR [rsi], xmm8 + movdqu OWORD PTR [rsi+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [rdi+32] - movdqu xmm1, [rdi+48] + movdqu xmm0, OWORD PTR [rdi+32] + movdqu xmm1, OWORD PTR [rdi+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [rsi+32], xmm10 - movdqu [rsi+48], xmm11 + movdqu OWORD PTR [rsi+32], xmm10 + movdqu OWORD PTR [rsi+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [rdi+64] - movdqu xmm1, [rdi+80] + movdqu xmm0, OWORD PTR [rdi+64] + movdqu xmm1, OWORD PTR [rdi+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [rsi+64], xmm12 - movdqu [rsi+80], xmm13 + movdqu OWORD PTR [rsi+64], xmm12 + movdqu OWORD PTR [rsi+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [rdi+96] - movdqu xmm1, [rdi+112] + movdqu xmm0, OWORD PTR [rdi+96] + movdqu xmm1, OWORD PTR [rdi+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [rsi+96], xmm14 - movdqu [rsi+112], xmm15 + movdqu OWORD PTR [rsi+96], xmm14 + movdqu OWORD PTR [rsi+112], xmm15 cmp r13d, 128 mov ebx, 128 jle L_AES_GCM_encrypt_aesni_end_128 @@ -1106,7 +1106,7 @@ L_AES_GCM_encrypt_aesni_enc_done: L_AES_GCM_encrypt_aesni_ghash_128: lea rcx, QWORD PTR [rdi+rbx] lea rdx, QWORD PTR [rsi+rbx] - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -1133,7 +1133,7 @@ L_AES_GCM_encrypt_aesni_ghash_128: pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [r15] - movdqu [rsp+128], xmm0 + movdqu OWORD PTR [rsp+128], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -1142,8 +1142,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm13, xmm7 pxor xmm14, xmm7 pxor xmm15, xmm7 - movdqu xmm7, [rsp+112] - movdqu xmm0, [rdx+-128] + movdqu xmm7, OWORD PTR [rsp+112] + movdqu xmm0, OWORD PTR [rdx+-128] aesenc xmm8, [r15+16] pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask pxor xmm0, xmm2 @@ -1165,8 +1165,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: aesenc xmm15, [r15+16] pxor xmm1, xmm2 pxor xmm1, xmm3 - movdqu xmm7, [rsp+96] - movdqu xmm0, [rdx+-112] + movdqu xmm7, OWORD PTR [rsp+96] + movdqu xmm0, OWORD PTR [rdx+-112] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+32] @@ -1189,8 +1189,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+80] - movdqu xmm0, [rdx+-96] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm0, OWORD PTR [rdx+-96] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+48] @@ -1213,8 +1213,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+64] - movdqu xmm0, [rdx+-80] + movdqu xmm7, OWORD PTR [rsp+64] + movdqu xmm0, OWORD PTR [rdx+-80] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+64] @@ -1237,8 +1237,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+48] - movdqu xmm0, [rdx+-64] + movdqu xmm7, OWORD PTR [rsp+48] + movdqu xmm0, OWORD PTR [rdx+-64] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+80] @@ -1261,8 +1261,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+32] - movdqu xmm0, [rdx+-48] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm0, OWORD PTR [rdx+-48] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+96] @@ -1285,8 +1285,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+16] - movdqu xmm0, [rdx+-32] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm0, OWORD PTR [rdx+-32] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+112] @@ -1309,8 +1309,8 @@ L_AES_GCM_encrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp] - movdqu xmm0, [rdx+-16] + movdqu xmm7, OWORD PTR [rsp] + movdqu xmm0, OWORD PTR [rdx+-16] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+128] @@ -1413,36 +1413,36 @@ L_AES_GCM_encrypt_aesni_ghash_128: L_AES_GCM_encrypt_aesni_aesenc_128_ghash_avx_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [rcx] - movdqu xmm1, [rcx+16] + movdqu xmm0, OWORD PTR [rcx] + movdqu xmm1, OWORD PTR [rcx+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [rdx], xmm8 - movdqu [rdx+16], xmm9 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [rcx+32] - movdqu xmm1, [rcx+48] + movdqu xmm0, OWORD PTR [rcx+32] + movdqu xmm1, OWORD PTR [rcx+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [rdx+32], xmm10 - movdqu [rdx+48], xmm11 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [rcx+64] - movdqu xmm1, [rcx+80] + movdqu xmm0, OWORD PTR [rcx+64] + movdqu xmm1, OWORD PTR [rcx+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [rdx+64], xmm12 - movdqu [rdx+80], xmm13 + movdqu OWORD PTR [rdx+64], xmm12 + movdqu OWORD PTR [rdx+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [rcx+96] - movdqu xmm1, [rcx+112] + movdqu xmm0, OWORD PTR [rcx+96] + movdqu xmm1, OWORD PTR [rcx+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [rdx+96], xmm14 - movdqu [rdx+112], xmm15 + movdqu OWORD PTR [rdx+96], xmm14 + movdqu OWORD PTR [rdx+112], xmm15 add ebx, 128 cmp ebx, r13d jl L_AES_GCM_encrypt_aesni_ghash_128 @@ -1457,7 +1457,7 @@ L_AES_GCM_encrypt_aesni_end_128: pshufb xmm13, xmm4 pshufb xmm14, xmm4 pshufb xmm15, xmm4 - movdqu xmm7, [rsp+112] + movdqu xmm7, OWORD PTR [rsp+112] pshufd xmm1, xmm8, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1476,7 +1476,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+96] + movdqu xmm7, OWORD PTR [rsp+96] pshufd xmm1, xmm9, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1495,7 +1495,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+80] + movdqu xmm7, OWORD PTR [rsp+80] pshufd xmm1, xmm10, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1514,7 +1514,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+64] + movdqu xmm7, OWORD PTR [rsp+64] pshufd xmm1, xmm11, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1533,7 +1533,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+48] + movdqu xmm7, OWORD PTR [rsp+48] pshufd xmm1, xmm12, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1552,7 +1552,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+32] + movdqu xmm7, OWORD PTR [rsp+32] pshufd xmm1, xmm13, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1571,7 +1571,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+16] + movdqu xmm7, OWORD PTR [rsp+16] pshufd xmm1, xmm14, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1590,7 +1590,7 @@ L_AES_GCM_encrypt_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp] + movdqu xmm7, OWORD PTR [rsp] pshufd xmm1, xmm15, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -1632,7 +1632,7 @@ L_AES_GCM_encrypt_aesni_end_128: pxor xmm2, xmm1 pxor xmm2, xmm4 pxor xmm6, xmm2 - movdqu xmm5, [rsp] + movdqu xmm5, OWORD PTR [rsp] L_AES_GCM_encrypt_aesni_done_128: mov edx, r9d cmp ebx, edx @@ -1643,12 +1643,12 @@ L_AES_GCM_encrypt_aesni_done_128: jge L_AES_GCM_encrypt_aesni_last_block_done lea rcx, QWORD PTR [rdi+rbx] lea rdx, QWORD PTR [rsi+rbx] - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [r15] - movdqu [rsp+128], xmm9 + movdqu OWORD PTR [rsp+128], xmm9 aesenc xmm8, [r15+16] aesenc xmm8, [r15+32] aesenc xmm8, [r15+48] @@ -1671,9 +1671,9 @@ L_AES_GCM_encrypt_aesni_done_128: movdqa xmm9, OWORD PTR [r15+224] L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 add ebx, 16 @@ -1682,12 +1682,12 @@ L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last: L_AES_GCM_encrypt_aesni_last_block_start: lea rcx, QWORD PTR [rdi+rbx] lea rdx, QWORD PTR [rsi+rbx] - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [r15] - movdqu [rsp+128], xmm9 + movdqu OWORD PTR [rsp+128], xmm9 movdqa xmm10, xmm6 pclmulqdq xmm10, xmm5, 16 aesenc xmm8, [r15+16] @@ -1735,9 +1735,9 @@ L_AES_GCM_encrypt_aesni_last_block_start: movdqa xmm9, OWORD PTR [r15+224] L_AES_GCM_encrypt_aesni_aesenc_gfmul_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 add ebx, 16 @@ -1789,7 +1789,7 @@ L_AES_GCM_encrypt_aesni_last_block_done: mov edx, ecx and ecx, 15 jz L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done - movdqu xmm4, [rsp+128] + movdqu xmm4, OWORD PTR [rsp+128] pshufb xmm4, OWORD PTR L_aes_gcm_bswap_epi64 pxor xmm4, [r15] aesenc xmm4, [r15+16] @@ -1816,7 +1816,7 @@ L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last: aesenclast xmm4, xmm9 sub rsp, 16 xor ecx, ecx - movdqu [rsp], xmm4 + movdqu OWORD PTR [rsp], xmm4 L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop: movzx r13d, BYTE PTR [rdi+rbx] xor r13b, BYTE PTR [rsp+rcx] @@ -1835,7 +1835,7 @@ L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop: cmp ecx, 16 jl L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc: - movdqu xmm4, [rsp] + movdqu xmm4, OWORD PTR [rsp] add rsp, 16 pshufb xmm4, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm4 @@ -1929,12 +1929,12 @@ L_AES_GCM_encrypt_aesni_done_enc: pxor xmm14, xmm8 pxor xmm6, xmm14 pshufb xmm6, OWORD PTR L_aes_gcm_bswap_mask - movdqu xmm0, [rsp+144] + movdqu xmm0, OWORD PTR [rsp+144] pxor xmm0, xmm6 cmp r14d, 16 je L_AES_GCM_encrypt_aesni_store_tag_16 xor rcx, rcx - movdqu [rsp], xmm0 + movdqu OWORD PTR [rsp], xmm0 L_AES_GCM_encrypt_aesni_store_tag_loop: movzx r13d, BYTE PTR [rsp+rcx] mov BYTE PTR [r8+rcx], r13b @@ -1943,18 +1943,18 @@ L_AES_GCM_encrypt_aesni_store_tag_loop: jne L_AES_GCM_encrypt_aesni_store_tag_loop jmp L_AES_GCM_encrypt_aesni_store_tag_done L_AES_GCM_encrypt_aesni_store_tag_16: - movdqu [r8], xmm0 + movdqu OWORD PTR [r8], xmm0 L_AES_GCM_encrypt_aesni_store_tag_done: - movdqu xmm6, [rsp+160] - movdqu xmm7, [rsp+176] - movdqu xmm8, [rsp+192] - movdqu xmm9, [rsp+208] - movdqu xmm10, [rsp+224] - movdqu xmm11, [rsp+240] - movdqu xmm12, [rsp+256] - movdqu xmm13, [rsp+272] - movdqu xmm14, [rsp+288] - movdqu xmm15, [rsp+304] + movdqu xmm6, OWORD PTR [rsp+160] + movdqu xmm7, OWORD PTR [rsp+176] + movdqu xmm8, OWORD PTR [rsp+192] + movdqu xmm9, OWORD PTR [rsp+208] + movdqu xmm10, OWORD PTR [rsp+224] + movdqu xmm11, OWORD PTR [rsp+240] + movdqu xmm12, OWORD PTR [rsp+256] + movdqu xmm13, OWORD PTR [rsp+272] + movdqu xmm14, OWORD PTR [rsp+288] + movdqu xmm15, OWORD PTR [rsp+304] add rsp, 320 pop r15 pop r14 @@ -1989,16 +1989,16 @@ AES_GCM_decrypt_aesni PROC mov r10d, DWORD PTR [rsp+152] mov rbp, QWORD PTR [rsp+160] sub rsp, 328 - movdqu [rsp+168], xmm6 - movdqu [rsp+184], xmm7 - movdqu [rsp+200], xmm8 - movdqu [rsp+216], xmm9 - movdqu [rsp+232], xmm10 - movdqu [rsp+248], xmm11 - movdqu [rsp+264], xmm12 - movdqu [rsp+280], xmm13 - movdqu [rsp+296], xmm14 - movdqu [rsp+312], xmm15 + movdqu OWORD PTR [rsp+168], xmm6 + movdqu OWORD PTR [rsp+184], xmm7 + movdqu OWORD PTR [rsp+200], xmm8 + movdqu OWORD PTR [rsp+216], xmm9 + movdqu OWORD PTR [rsp+232], xmm10 + movdqu OWORD PTR [rsp+248], xmm11 + movdqu OWORD PTR [rsp+264], xmm12 + movdqu OWORD PTR [rsp+280], xmm13 + movdqu OWORD PTR [rsp+296], xmm14 + movdqu OWORD PTR [rsp+312], xmm15 pxor xmm4, xmm4 pxor xmm6, xmm6 cmp ebx, 12 @@ -2062,7 +2062,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_12_last: aesenclast xmm5, xmm7 aesenclast xmm1, xmm7 pshufb xmm5, OWORD PTR L_aes_gcm_bswap_mask - movdqu [rsp+144], xmm1 + movdqu OWORD PTR [rsp+144], xmm1 jmp L_AES_GCM_decrypt_aesni_iv_done L_AES_GCM_decrypt_aesni_iv_not_12: ; Calculate values when IV is not 12 bytes @@ -2100,7 +2100,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last: jl L_AES_GCM_decrypt_aesni_calc_iv_lt16 and edx, 4294967280 L_AES_GCM_decrypt_aesni_calc_iv_16_loop: - movdqu xmm8, [rax+rcx] + movdqu xmm8, OWORD PTR [rax+rcx] pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm8 pshufd xmm1, xmm4, 78 @@ -2167,7 +2167,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_lt16: sub rsp, 16 pxor xmm8, xmm8 xor ebx, ebx - movdqu [rsp], xmm8 + movdqu OWORD PTR [rsp], xmm8 L_AES_GCM_decrypt_aesni_calc_iv_loop: movzx r13d, BYTE PTR [rax+rcx] mov BYTE PTR [rsp+rbx], r13b @@ -2175,7 +2175,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_loop: inc ebx cmp ecx, edx jl L_AES_GCM_decrypt_aesni_calc_iv_loop - movdqu xmm8, [rsp] + movdqu xmm8, OWORD PTR [rsp] add rsp, 16 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm8 @@ -2319,7 +2319,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_done: movdqa xmm9, OWORD PTR [r15+224] L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last: aesenclast xmm8, xmm9 - movdqu [rsp+144], xmm8 + movdqu OWORD PTR [rsp+144], xmm8 L_AES_GCM_decrypt_aesni_iv_done: ; Additional authentication data mov edx, r11d @@ -2330,7 +2330,7 @@ L_AES_GCM_decrypt_aesni_iv_done: jl L_AES_GCM_decrypt_aesni_calc_aad_lt16 and edx, 4294967280 L_AES_GCM_decrypt_aesni_calc_aad_16_loop: - movdqu xmm8, [r12+rcx] + movdqu xmm8, OWORD PTR [r12+rcx] pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 pshufd xmm1, xmm6, 78 @@ -2397,7 +2397,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_lt16: sub rsp, 16 pxor xmm8, xmm8 xor ebx, ebx - movdqu [rsp], xmm8 + movdqu OWORD PTR [rsp], xmm8 L_AES_GCM_decrypt_aesni_calc_aad_loop: movzx r13d, BYTE PTR [r12+rcx] mov BYTE PTR [rsp+rbx], r13b @@ -2405,7 +2405,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_loop: inc ebx cmp ecx, edx jl L_AES_GCM_decrypt_aesni_calc_aad_loop - movdqu xmm8, [rsp] + movdqu xmm8, OWORD PTR [rsp] add rsp, 16 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 @@ -2469,7 +2469,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: movdqa xmm9, xmm5 paddd xmm4, OWORD PTR L_aes_gcm_one movdqa xmm8, xmm5 - movdqu [rsp+128], xmm4 + movdqu OWORD PTR [rsp+128], xmm4 psrlq xmm9, 63 psllq xmm8, 1 pslldq xmm9, 8 @@ -2485,7 +2485,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: and r13d, 4294967168 movdqa xmm2, xmm6 ; H ^ 1 - movdqu [rsp], xmm5 + movdqu OWORD PTR [rsp], xmm5 ; H ^ 2 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm5, 78 @@ -2527,7 +2527,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm0, xmm14 - movdqu [rsp+16], xmm0 + movdqu OWORD PTR [rsp+16], xmm0 ; H ^ 3 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm0, 78 @@ -2569,7 +2569,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm1, xmm14 - movdqu [rsp+32], xmm1 + movdqu OWORD PTR [rsp+32], xmm1 ; H ^ 4 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm0, 78 @@ -2611,7 +2611,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm3, xmm14 - movdqu [rsp+48], xmm3 + movdqu OWORD PTR [rsp+48], xmm3 ; H ^ 5 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm1, 78 @@ -2653,7 +2653,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+64], xmm7 + movdqu OWORD PTR [rsp+64], xmm7 ; H ^ 6 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm1, 78 @@ -2695,7 +2695,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+80], xmm7 + movdqu OWORD PTR [rsp+80], xmm7 ; H ^ 7 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm3, 78 @@ -2737,7 +2737,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+96], xmm7 + movdqu OWORD PTR [rsp+96], xmm7 ; H ^ 8 pshufd xmm9, xmm3, 78 pshufd xmm10, xmm3, 78 @@ -2779,11 +2779,11 @@ L_AES_GCM_decrypt_aesni_calc_aad_done: pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+112], xmm7 + movdqu OWORD PTR [rsp+112], xmm7 L_AES_GCM_decrypt_aesni_ghash_128: lea rcx, QWORD PTR [rdi+rbx] lea rdx, QWORD PTR [rsi+rbx] - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -2810,7 +2810,7 @@ L_AES_GCM_decrypt_aesni_ghash_128: pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [r15] - movdqu [rsp+128], xmm0 + movdqu OWORD PTR [rsp+128], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -2819,8 +2819,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm13, xmm7 pxor xmm14, xmm7 pxor xmm15, xmm7 - movdqu xmm7, [rsp+112] - movdqu xmm0, [rcx] + movdqu xmm7, OWORD PTR [rsp+112] + movdqu xmm0, OWORD PTR [rcx] aesenc xmm8, [r15+16] pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask pxor xmm0, xmm2 @@ -2842,8 +2842,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: aesenc xmm15, [r15+16] pxor xmm1, xmm2 pxor xmm1, xmm3 - movdqu xmm7, [rsp+96] - movdqu xmm0, [rcx+16] + movdqu xmm7, OWORD PTR [rsp+96] + movdqu xmm0, OWORD PTR [rcx+16] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+32] @@ -2866,8 +2866,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+80] - movdqu xmm0, [rcx+32] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm0, OWORD PTR [rcx+32] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+48] @@ -2890,8 +2890,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+64] - movdqu xmm0, [rcx+48] + movdqu xmm7, OWORD PTR [rsp+64] + movdqu xmm0, OWORD PTR [rcx+48] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+64] @@ -2914,8 +2914,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+48] - movdqu xmm0, [rcx+64] + movdqu xmm7, OWORD PTR [rsp+48] + movdqu xmm0, OWORD PTR [rcx+64] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+80] @@ -2938,8 +2938,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+32] - movdqu xmm0, [rcx+80] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm0, OWORD PTR [rcx+80] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+96] @@ -2962,8 +2962,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+16] - movdqu xmm0, [rcx+96] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm0, OWORD PTR [rcx+96] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+112] @@ -2986,8 +2986,8 @@ L_AES_GCM_decrypt_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp] - movdqu xmm0, [rcx+112] + movdqu xmm7, OWORD PTR [rsp] + movdqu xmm0, OWORD PTR [rcx+112] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [r15+128] @@ -3090,41 +3090,41 @@ L_AES_GCM_decrypt_aesni_ghash_128: L_AES_GCM_decrypt_aesni_aesenc_128_ghash_avx_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [rcx] - movdqu xmm1, [rcx+16] + movdqu xmm0, OWORD PTR [rcx] + movdqu xmm1, OWORD PTR [rcx+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [rdx], xmm8 - movdqu [rdx+16], xmm9 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [rcx+32] - movdqu xmm1, [rcx+48] + movdqu xmm0, OWORD PTR [rcx+32] + movdqu xmm1, OWORD PTR [rcx+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [rdx+32], xmm10 - movdqu [rdx+48], xmm11 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [rcx+64] - movdqu xmm1, [rcx+80] + movdqu xmm0, OWORD PTR [rcx+64] + movdqu xmm1, OWORD PTR [rcx+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [rdx+64], xmm12 - movdqu [rdx+80], xmm13 + movdqu OWORD PTR [rdx+64], xmm12 + movdqu OWORD PTR [rdx+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [rcx+96] - movdqu xmm1, [rcx+112] + movdqu xmm0, OWORD PTR [rcx+96] + movdqu xmm1, OWORD PTR [rcx+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [rdx+96], xmm14 - movdqu [rdx+112], xmm15 + movdqu OWORD PTR [rdx+96], xmm14 + movdqu OWORD PTR [rdx+112], xmm15 add ebx, 128 cmp ebx, r13d jl L_AES_GCM_decrypt_aesni_ghash_128 movdqa xmm6, xmm2 - movdqu xmm5, [rsp] + movdqu xmm5, OWORD PTR [rsp] L_AES_GCM_decrypt_aesni_done_128: mov edx, r9d cmp ebx, edx @@ -3136,16 +3136,16 @@ L_AES_GCM_decrypt_aesni_done_128: L_AES_GCM_decrypt_aesni_last_block_start: lea rcx, QWORD PTR [rdi+rbx] lea rdx, QWORD PTR [rsi+rbx] - movdqu xmm1, [rcx] + movdqu xmm1, OWORD PTR [rcx] movdqa xmm0, xmm5 pshufb xmm1, OWORD PTR L_aes_gcm_bswap_mask pxor xmm1, xmm6 - movdqu xmm8, [rsp+128] + movdqu xmm8, OWORD PTR [rsp+128] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [r15] - movdqu [rsp+128], xmm9 + movdqu OWORD PTR [rsp+128], xmm9 movdqa xmm10, xmm1 pclmulqdq xmm10, xmm0, 16 aesenc xmm8, [r15+16] @@ -3193,9 +3193,9 @@ L_AES_GCM_decrypt_aesni_last_block_start: movdqa xmm9, OWORD PTR [r15+224] L_AES_GCM_decrypt_aesni_aesenc_gfmul_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 add ebx, 16 cmp ebx, r13d jl L_AES_GCM_decrypt_aesni_last_block_start @@ -3204,7 +3204,7 @@ L_AES_GCM_decrypt_aesni_last_block_done: mov edx, ecx and ecx, 15 jz L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done - movdqu xmm4, [rsp+128] + movdqu xmm4, OWORD PTR [rsp+128] pshufb xmm4, OWORD PTR L_aes_gcm_bswap_epi64 pxor xmm4, [r15] aesenc xmm4, [r15+16] @@ -3231,9 +3231,9 @@ L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last: aesenclast xmm4, xmm9 sub rsp, 32 xor ecx, ecx - movdqu [rsp], xmm4 + movdqu OWORD PTR [rsp], xmm4 pxor xmm0, xmm0 - movdqu [rsp+16], xmm0 + movdqu OWORD PTR [rsp+16], xmm0 L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop: movzx r13d, BYTE PTR [rdi+rbx] mov BYTE PTR [rsp+rcx+16], r13b @@ -3243,7 +3243,7 @@ L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop: inc ecx cmp ebx, edx jl L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop - movdqu xmm4, [rsp+16] + movdqu xmm4, OWORD PTR [rsp+16] add rsp, 32 pshufb xmm4, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm4 @@ -3337,14 +3337,14 @@ L_AES_GCM_decrypt_aesni_done_dec: pxor xmm14, xmm8 pxor xmm6, xmm14 pshufb xmm6, OWORD PTR L_aes_gcm_bswap_mask - movdqu xmm0, [rsp+144] + movdqu xmm0, OWORD PTR [rsp+144] pxor xmm0, xmm6 cmp r14d, 16 je L_AES_GCM_decrypt_aesni_cmp_tag_16 sub rsp, 16 xor rcx, rcx xor rbx, rbx - movdqu [rsp], xmm0 + movdqu OWORD PTR [rsp], xmm0 L_AES_GCM_decrypt_aesni_cmp_tag_loop: movzx r13d, BYTE PTR [rsp+rcx] xor r13b, BYTE PTR [r8+rcx] @@ -3352,13 +3352,13 @@ L_AES_GCM_decrypt_aesni_cmp_tag_loop: inc ecx cmp ecx, r14d jne L_AES_GCM_decrypt_aesni_cmp_tag_loop - cmp rbx, 0 + cmp bl, 0 sete bl add rsp, 16 xor rcx, rcx jmp L_AES_GCM_decrypt_aesni_cmp_tag_done L_AES_GCM_decrypt_aesni_cmp_tag_16: - movdqu xmm1, [r8] + movdqu xmm1, OWORD PTR [r8] pcmpeqb xmm0, xmm1 pmovmskb rdx, xmm0 ; %%edx == 0xFFFF then return 1 else => return 0 @@ -3367,16 +3367,16 @@ L_AES_GCM_decrypt_aesni_cmp_tag_16: sete bl L_AES_GCM_decrypt_aesni_cmp_tag_done: mov DWORD PTR [rbp], ebx - movdqu xmm6, [rsp+168] - movdqu xmm7, [rsp+184] - movdqu xmm8, [rsp+200] - movdqu xmm9, [rsp+216] - movdqu xmm10, [rsp+232] - movdqu xmm11, [rsp+248] - movdqu xmm12, [rsp+264] - movdqu xmm13, [rsp+280] - movdqu xmm14, [rsp+296] - movdqu xmm15, [rsp+312] + movdqu xmm6, OWORD PTR [rsp+168] + movdqu xmm7, OWORD PTR [rsp+184] + movdqu xmm8, OWORD PTR [rsp+200] + movdqu xmm9, OWORD PTR [rsp+216] + movdqu xmm10, OWORD PTR [rsp+232] + movdqu xmm11, OWORD PTR [rsp+248] + movdqu xmm12, OWORD PTR [rsp+264] + movdqu xmm13, OWORD PTR [rsp+280] + movdqu xmm14, OWORD PTR [rsp+296] + movdqu xmm15, OWORD PTR [rsp+312] add rsp, 328 pop rbp pop r15 @@ -3404,10 +3404,10 @@ AES_GCM_init_aesni PROC mov r8, QWORD PTR [rsp+88] mov r9, QWORD PTR [rsp+96] sub rsp, 80 - movdqu [rsp+16], xmm6 - movdqu [rsp+32], xmm7 - movdqu [rsp+48], xmm8 - movdqu [rsp+64], xmm15 + movdqu OWORD PTR [rsp+16], xmm6 + movdqu OWORD PTR [rsp+32], xmm7 + movdqu OWORD PTR [rsp+48], xmm8 + movdqu OWORD PTR [rsp+64], xmm15 pxor xmm4, xmm4 mov edx, r11d cmp edx, 12 @@ -3508,7 +3508,7 @@ L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last: jl L_AES_GCM_init_aesni_calc_iv_lt16 and edx, 4294967280 L_AES_GCM_init_aesni_calc_iv_16_loop: - movdqu xmm7, [r10+rcx] + movdqu xmm7, OWORD PTR [r10+rcx] pshufb xmm7, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm7 pshufd xmm1, xmm4, 78 @@ -3575,7 +3575,7 @@ L_AES_GCM_init_aesni_calc_iv_lt16: sub rsp, 16 pxor xmm7, xmm7 xor r13d, r13d - movdqu [rsp], xmm7 + movdqu OWORD PTR [rsp], xmm7 L_AES_GCM_init_aesni_calc_iv_loop: movzx r12d, BYTE PTR [r10+rcx] mov BYTE PTR [rsp+r13], r12b @@ -3583,7 +3583,7 @@ L_AES_GCM_init_aesni_calc_iv_loop: inc r13d cmp ecx, edx jl L_AES_GCM_init_aesni_calc_iv_loop - movdqu xmm7, [rsp] + movdqu xmm7, OWORD PTR [rsp] add rsp, 16 pshufb xmm7, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm7 @@ -3734,10 +3734,10 @@ L_AES_GCM_init_aesni_iv_done: paddd xmm4, OWORD PTR L_aes_gcm_one movdqa OWORD PTR [rax], xmm5 movdqa OWORD PTR [r8], xmm4 - movdqu xmm6, [rsp+16] - movdqu xmm7, [rsp+32] - movdqu xmm8, [rsp+48] - movdqu xmm15, [rsp+64] + movdqu xmm6, OWORD PTR [rsp+16] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm8, OWORD PTR [rsp+48] + movdqu xmm15, OWORD PTR [rsp+64] add rsp, 80 pop r14 pop r13 @@ -3751,13 +3751,13 @@ _text SEGMENT READONLY PARA AES_GCM_aad_update_aesni PROC mov rax, rcx sub rsp, 32 - movdqu [rsp], xmm6 - movdqu [rsp+16], xmm7 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 movdqa xmm5, OWORD PTR [r8] movdqa xmm6, OWORD PTR [r9] xor ecx, ecx L_AES_GCM_aad_update_aesni_16_loop: - movdqu xmm7, [rax+rcx] + movdqu xmm7, OWORD PTR [rax+rcx] pshufb xmm7, OWORD PTR L_aes_gcm_bswap_mask pxor xmm5, xmm7 pshufd xmm1, xmm5, 78 @@ -3818,8 +3818,8 @@ L_AES_GCM_aad_update_aesni_16_loop: cmp ecx, edx jl L_AES_GCM_aad_update_aesni_16_loop movdqa OWORD PTR [r8], xmm5 - movdqu xmm6, [rsp] - movdqu xmm7, [rsp+16] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] add rsp, 32 ret AES_GCM_aad_update_aesni ENDP @@ -3829,12 +3829,12 @@ AES_GCM_encrypt_block_aesni PROC mov r10, r8 mov r11, r9 mov rax, QWORD PTR [rsp+40] - movdqu xmm0, [rax] + movdqu xmm0, OWORD PTR [rax] movdqa xmm1, xmm0 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm1, OWORD PTR L_aes_gcm_one pxor xmm0, [rcx] - movdqu [rax], xmm1 + movdqu OWORD PTR [rax], xmm1 aesenc xmm0, [rcx+16] aesenc xmm0, [rcx+32] aesenc xmm0, [rcx+48] @@ -3857,9 +3857,9 @@ AES_GCM_encrypt_block_aesni PROC movdqa xmm1, OWORD PTR [rcx+224] L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last: aesenclast xmm0, xmm1 - movdqu xmm1, [r11] + movdqu xmm1, OWORD PTR [r11] pxor xmm0, xmm1 - movdqu [r10], xmm0 + movdqu OWORD PTR [r10], xmm0 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask ret AES_GCM_encrypt_block_aesni ENDP @@ -3867,11 +3867,11 @@ _text ENDS _text SEGMENT READONLY PARA AES_GCM_ghash_block_aesni PROC sub rsp, 32 - movdqu [rsp], xmm6 - movdqu [rsp+16], xmm7 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 movdqa xmm4, OWORD PTR [rdx] movdqa xmm5, OWORD PTR [r8] - movdqu xmm7, [rcx] + movdqu xmm7, OWORD PTR [rcx] pshufb xmm7, OWORD PTR L_aes_gcm_bswap_mask pxor xmm4, xmm7 pshufd xmm1, xmm4, 78 @@ -3929,8 +3929,8 @@ AES_GCM_ghash_block_aesni PROC pxor xmm2, xmm6 pxor xmm4, xmm2 movdqa OWORD PTR [rdx], xmm4 - movdqu xmm6, [rsp] - movdqu xmm7, [rsp+16] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] add rsp, 32 ret AES_GCM_ghash_block_aesni ENDP @@ -3951,16 +3951,16 @@ AES_GCM_encrypt_update_aesni PROC mov r14, QWORD PTR [rsp+96] mov r15, QWORD PTR [rsp+104] sub rsp, 320 - movdqu [rsp+160], xmm6 - movdqu [rsp+176], xmm7 - movdqu [rsp+192], xmm8 - movdqu [rsp+208], xmm9 - movdqu [rsp+224], xmm10 - movdqu [rsp+240], xmm11 - movdqu [rsp+256], xmm12 - movdqu [rsp+272], xmm13 - movdqu [rsp+288], xmm14 - movdqu [rsp+304], xmm15 + movdqu OWORD PTR [rsp+160], xmm6 + movdqu OWORD PTR [rsp+176], xmm7 + movdqu OWORD PTR [rsp+192], xmm8 + movdqu OWORD PTR [rsp+208], xmm9 + movdqu OWORD PTR [rsp+224], xmm10 + movdqu OWORD PTR [rsp+240], xmm11 + movdqu OWORD PTR [rsp+256], xmm12 + movdqu OWORD PTR [rsp+272], xmm13 + movdqu OWORD PTR [rsp+288], xmm14 + movdqu OWORD PTR [rsp+304], xmm15 movdqa xmm6, OWORD PTR [r12] movdqa xmm5, OWORD PTR [r14] movdqa xmm9, xmm5 @@ -3980,7 +3980,7 @@ AES_GCM_encrypt_update_aesni PROC and r13d, 4294967168 movdqa xmm2, xmm6 ; H ^ 1 - movdqu [rsp], xmm5 + movdqu OWORD PTR [rsp], xmm5 ; H ^ 2 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm5, 78 @@ -4022,7 +4022,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm0, xmm14 - movdqu [rsp+16], xmm0 + movdqu OWORD PTR [rsp+16], xmm0 ; H ^ 3 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm0, 78 @@ -4064,7 +4064,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm1, xmm14 - movdqu [rsp+32], xmm1 + movdqu OWORD PTR [rsp+32], xmm1 ; H ^ 4 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm0, 78 @@ -4106,7 +4106,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm3, xmm14 - movdqu [rsp+48], xmm3 + movdqu OWORD PTR [rsp+48], xmm3 ; H ^ 5 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm1, 78 @@ -4148,7 +4148,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+64], xmm7 + movdqu OWORD PTR [rsp+64], xmm7 ; H ^ 6 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm1, 78 @@ -4190,7 +4190,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+80], xmm7 + movdqu OWORD PTR [rsp+80], xmm7 ; H ^ 7 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm3, 78 @@ -4232,7 +4232,7 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+96], xmm7 + movdqu OWORD PTR [rsp+96], xmm7 ; H ^ 8 pshufd xmm9, xmm3, 78 pshufd xmm10, xmm3, 78 @@ -4274,9 +4274,9 @@ AES_GCM_encrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+112], xmm7 + movdqu OWORD PTR [rsp+112], xmm7 ; First 128 bytes of input - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -4303,7 +4303,7 @@ AES_GCM_encrypt_update_aesni PROC pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [rax] - movdqu [r15], xmm0 + movdqu OWORD PTR [r15], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -4437,36 +4437,36 @@ AES_GCM_encrypt_update_aesni PROC L_AES_GCM_encrypt_update_aesni_enc_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [r11] - movdqu xmm1, [r11+16] + movdqu xmm0, OWORD PTR [r11] + movdqu xmm1, OWORD PTR [r11+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [r10], xmm8 - movdqu [r10+16], xmm9 + movdqu OWORD PTR [r10], xmm8 + movdqu OWORD PTR [r10+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [r11+32] - movdqu xmm1, [r11+48] + movdqu xmm0, OWORD PTR [r11+32] + movdqu xmm1, OWORD PTR [r11+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [r10+32], xmm10 - movdqu [r10+48], xmm11 + movdqu OWORD PTR [r10+32], xmm10 + movdqu OWORD PTR [r10+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [r11+64] - movdqu xmm1, [r11+80] + movdqu xmm0, OWORD PTR [r11+64] + movdqu xmm1, OWORD PTR [r11+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [r10+64], xmm12 - movdqu [r10+80], xmm13 + movdqu OWORD PTR [r10+64], xmm12 + movdqu OWORD PTR [r10+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [r11+96] - movdqu xmm1, [r11+112] + movdqu xmm0, OWORD PTR [r11+96] + movdqu xmm1, OWORD PTR [r11+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [r10+96], xmm14 - movdqu [r10+112], xmm15 + movdqu OWORD PTR [r10+96], xmm14 + movdqu OWORD PTR [r10+112], xmm15 cmp r13d, 128 mov edi, 128 jle L_AES_GCM_encrypt_update_aesni_end_128 @@ -4474,7 +4474,7 @@ L_AES_GCM_encrypt_update_aesni_enc_done: L_AES_GCM_encrypt_update_aesni_ghash_128: lea rcx, QWORD PTR [r11+rdi] lea rdx, QWORD PTR [r10+rdi] - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -4501,7 +4501,7 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [rax] - movdqu [r15], xmm0 + movdqu OWORD PTR [r15], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -4510,8 +4510,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm13, xmm7 pxor xmm14, xmm7 pxor xmm15, xmm7 - movdqu xmm7, [rsp+112] - movdqu xmm0, [rdx+-128] + movdqu xmm7, OWORD PTR [rsp+112] + movdqu xmm0, OWORD PTR [rdx+-128] aesenc xmm8, [rax+16] pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask pxor xmm0, xmm2 @@ -4533,8 +4533,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: aesenc xmm15, [rax+16] pxor xmm1, xmm2 pxor xmm1, xmm3 - movdqu xmm7, [rsp+96] - movdqu xmm0, [rdx+-112] + movdqu xmm7, OWORD PTR [rsp+96] + movdqu xmm0, OWORD PTR [rdx+-112] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+32] @@ -4557,8 +4557,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+80] - movdqu xmm0, [rdx+-96] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm0, OWORD PTR [rdx+-96] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+48] @@ -4581,8 +4581,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+64] - movdqu xmm0, [rdx+-80] + movdqu xmm7, OWORD PTR [rsp+64] + movdqu xmm0, OWORD PTR [rdx+-80] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+64] @@ -4605,8 +4605,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+48] - movdqu xmm0, [rdx+-64] + movdqu xmm7, OWORD PTR [rsp+48] + movdqu xmm0, OWORD PTR [rdx+-64] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+80] @@ -4629,8 +4629,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+32] - movdqu xmm0, [rdx+-48] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm0, OWORD PTR [rdx+-48] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+96] @@ -4653,8 +4653,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+16] - movdqu xmm0, [rdx+-32] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm0, OWORD PTR [rdx+-32] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+112] @@ -4677,8 +4677,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp] - movdqu xmm0, [rdx+-16] + movdqu xmm7, OWORD PTR [rsp] + movdqu xmm0, OWORD PTR [rdx+-16] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+128] @@ -4781,36 +4781,36 @@ L_AES_GCM_encrypt_update_aesni_ghash_128: L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [rcx] - movdqu xmm1, [rcx+16] + movdqu xmm0, OWORD PTR [rcx] + movdqu xmm1, OWORD PTR [rcx+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [rdx], xmm8 - movdqu [rdx+16], xmm9 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [rcx+32] - movdqu xmm1, [rcx+48] + movdqu xmm0, OWORD PTR [rcx+32] + movdqu xmm1, OWORD PTR [rcx+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [rdx+32], xmm10 - movdqu [rdx+48], xmm11 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [rcx+64] - movdqu xmm1, [rcx+80] + movdqu xmm0, OWORD PTR [rcx+64] + movdqu xmm1, OWORD PTR [rcx+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [rdx+64], xmm12 - movdqu [rdx+80], xmm13 + movdqu OWORD PTR [rdx+64], xmm12 + movdqu OWORD PTR [rdx+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [rcx+96] - movdqu xmm1, [rcx+112] + movdqu xmm0, OWORD PTR [rcx+96] + movdqu xmm1, OWORD PTR [rcx+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [rdx+96], xmm14 - movdqu [rdx+112], xmm15 + movdqu OWORD PTR [rdx+96], xmm14 + movdqu OWORD PTR [rdx+112], xmm15 add edi, 128 cmp edi, r13d jl L_AES_GCM_encrypt_update_aesni_ghash_128 @@ -4825,7 +4825,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: pshufb xmm13, xmm4 pshufb xmm14, xmm4 pshufb xmm15, xmm4 - movdqu xmm7, [rsp+112] + movdqu xmm7, OWORD PTR [rsp+112] pshufd xmm1, xmm8, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4844,7 +4844,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+96] + movdqu xmm7, OWORD PTR [rsp+96] pshufd xmm1, xmm9, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4863,7 +4863,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+80] + movdqu xmm7, OWORD PTR [rsp+80] pshufd xmm1, xmm10, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4882,7 +4882,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+64] + movdqu xmm7, OWORD PTR [rsp+64] pshufd xmm1, xmm11, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4901,7 +4901,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+48] + movdqu xmm7, OWORD PTR [rsp+48] pshufd xmm1, xmm12, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4920,7 +4920,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+32] + movdqu xmm7, OWORD PTR [rsp+32] pshufd xmm1, xmm13, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4939,7 +4939,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp+16] + movdqu xmm7, OWORD PTR [rsp+16] pshufd xmm1, xmm14, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -4958,7 +4958,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: psrldq xmm1, 8 pxor xmm4, xmm2 pxor xmm6, xmm1 - movdqu xmm7, [rsp] + movdqu xmm7, OWORD PTR [rsp] pshufd xmm1, xmm15, 78 pshufd xmm2, xmm7, 78 movdqa xmm3, xmm7 @@ -5000,7 +5000,7 @@ L_AES_GCM_encrypt_update_aesni_end_128: pxor xmm2, xmm1 pxor xmm2, xmm4 pxor xmm6, xmm2 - movdqu xmm5, [rsp] + movdqu xmm5, OWORD PTR [rsp] L_AES_GCM_encrypt_update_aesni_done_128: mov edx, r9d cmp edi, edx @@ -5011,12 +5011,12 @@ L_AES_GCM_encrypt_update_aesni_done_128: jge L_AES_GCM_encrypt_update_aesni_last_block_done lea rcx, QWORD PTR [r11+rdi] lea rdx, QWORD PTR [r10+rdi] - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [rax] - movdqu [r15], xmm9 + movdqu OWORD PTR [r15], xmm9 aesenc xmm8, [rax+16] aesenc xmm8, [rax+32] aesenc xmm8, [rax+48] @@ -5039,9 +5039,9 @@ L_AES_GCM_encrypt_update_aesni_done_128: movdqa xmm9, OWORD PTR [rax+224] L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 add edi, 16 @@ -5050,12 +5050,12 @@ L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last: L_AES_GCM_encrypt_update_aesni_last_block_start: lea rcx, QWORD PTR [r11+rdi] lea rdx, QWORD PTR [r10+rdi] - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [rax] - movdqu [r15], xmm9 + movdqu OWORD PTR [r15], xmm9 movdqa xmm10, xmm6 pclmulqdq xmm10, xmm5, 16 aesenc xmm8, [rax+16] @@ -5103,9 +5103,9 @@ L_AES_GCM_encrypt_update_aesni_last_block_start: movdqa xmm9, OWORD PTR [rax+224] L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_mask pxor xmm6, xmm8 add edi, 16 @@ -5155,16 +5155,16 @@ L_AES_GCM_encrypt_update_aesni_last_block_ghash: L_AES_GCM_encrypt_update_aesni_last_block_done: L_AES_GCM_encrypt_update_aesni_done_enc: movdqa OWORD PTR [r12], xmm6 - movdqu xmm6, [rsp+160] - movdqu xmm7, [rsp+176] - movdqu xmm8, [rsp+192] - movdqu xmm9, [rsp+208] - movdqu xmm10, [rsp+224] - movdqu xmm11, [rsp+240] - movdqu xmm12, [rsp+256] - movdqu xmm13, [rsp+272] - movdqu xmm14, [rsp+288] - movdqu xmm15, [rsp+304] + movdqu xmm6, OWORD PTR [rsp+160] + movdqu xmm7, OWORD PTR [rsp+176] + movdqu xmm8, OWORD PTR [rsp+192] + movdqu xmm9, OWORD PTR [rsp+208] + movdqu xmm10, OWORD PTR [rsp+224] + movdqu xmm11, OWORD PTR [rsp+240] + movdqu xmm12, OWORD PTR [rsp+256] + movdqu xmm13, OWORD PTR [rsp+272] + movdqu xmm14, OWORD PTR [rsp+288] + movdqu xmm15, OWORD PTR [rsp+304] add rsp, 320 pop rdi pop r15 @@ -5186,14 +5186,14 @@ AES_GCM_encrypt_final_aesni PROC mov r12, QWORD PTR [rsp+72] mov r14, QWORD PTR [rsp+80] sub rsp, 144 - movdqu [rsp+16], xmm6 - movdqu [rsp+32], xmm7 - movdqu [rsp+48], xmm8 - movdqu [rsp+64], xmm9 - movdqu [rsp+80], xmm10 - movdqu [rsp+96], xmm11 - movdqu [rsp+112], xmm12 - movdqu [rsp+128], xmm13 + movdqu OWORD PTR [rsp+16], xmm6 + movdqu OWORD PTR [rsp+32], xmm7 + movdqu OWORD PTR [rsp+48], xmm8 + movdqu OWORD PTR [rsp+64], xmm9 + movdqu OWORD PTR [rsp+80], xmm10 + movdqu OWORD PTR [rsp+96], xmm11 + movdqu OWORD PTR [rsp+112], xmm12 + movdqu OWORD PTR [rsp+128], xmm13 movdqa xmm4, OWORD PTR [rax] movdqa xmm5, OWORD PTR [r12] movdqa xmm6, OWORD PTR [r14] @@ -5260,7 +5260,7 @@ AES_GCM_encrypt_final_aesni PROC cmp r8d, 16 je L_AES_GCM_encrypt_final_aesni_store_tag_16 xor rcx, rcx - movdqu [rsp], xmm0 + movdqu OWORD PTR [rsp], xmm0 L_AES_GCM_encrypt_final_aesni_store_tag_loop: movzx r13d, BYTE PTR [rsp+rcx] mov BYTE PTR [r9+rcx], r13b @@ -5269,16 +5269,16 @@ L_AES_GCM_encrypt_final_aesni_store_tag_loop: jne L_AES_GCM_encrypt_final_aesni_store_tag_loop jmp L_AES_GCM_encrypt_final_aesni_store_tag_done L_AES_GCM_encrypt_final_aesni_store_tag_16: - movdqu [r9], xmm0 + movdqu OWORD PTR [r9], xmm0 L_AES_GCM_encrypt_final_aesni_store_tag_done: - movdqu xmm6, [rsp+16] - movdqu xmm7, [rsp+32] - movdqu xmm8, [rsp+48] - movdqu xmm9, [rsp+64] - movdqu xmm10, [rsp+80] - movdqu xmm11, [rsp+96] - movdqu xmm12, [rsp+112] - movdqu xmm13, [rsp+128] + movdqu xmm6, OWORD PTR [rsp+16] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm8, OWORD PTR [rsp+48] + movdqu xmm9, OWORD PTR [rsp+64] + movdqu xmm10, OWORD PTR [rsp+80] + movdqu xmm11, OWORD PTR [rsp+96] + movdqu xmm12, OWORD PTR [rsp+112] + movdqu xmm13, OWORD PTR [rsp+128] add rsp, 144 pop r14 pop r12 @@ -5303,16 +5303,16 @@ AES_GCM_decrypt_update_aesni PROC mov r14, QWORD PTR [rsp+104] mov r15, QWORD PTR [rsp+112] sub rsp, 328 - movdqu [rsp+168], xmm6 - movdqu [rsp+184], xmm7 - movdqu [rsp+200], xmm8 - movdqu [rsp+216], xmm9 - movdqu [rsp+232], xmm10 - movdqu [rsp+248], xmm11 - movdqu [rsp+264], xmm12 - movdqu [rsp+280], xmm13 - movdqu [rsp+296], xmm14 - movdqu [rsp+312], xmm15 + movdqu OWORD PTR [rsp+168], xmm6 + movdqu OWORD PTR [rsp+184], xmm7 + movdqu OWORD PTR [rsp+200], xmm8 + movdqu OWORD PTR [rsp+216], xmm9 + movdqu OWORD PTR [rsp+232], xmm10 + movdqu OWORD PTR [rsp+248], xmm11 + movdqu OWORD PTR [rsp+264], xmm12 + movdqu OWORD PTR [rsp+280], xmm13 + movdqu OWORD PTR [rsp+296], xmm14 + movdqu OWORD PTR [rsp+312], xmm15 movdqa xmm6, OWORD PTR [r12] movdqa xmm5, OWORD PTR [r14] movdqa xmm9, xmm5 @@ -5332,7 +5332,7 @@ AES_GCM_decrypt_update_aesni PROC and r13d, 4294967168 movdqa xmm2, xmm6 ; H ^ 1 - movdqu [rsp], xmm5 + movdqu OWORD PTR [rsp], xmm5 ; H ^ 2 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm5, 78 @@ -5374,7 +5374,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm0, xmm14 - movdqu [rsp+16], xmm0 + movdqu OWORD PTR [rsp+16], xmm0 ; H ^ 3 pshufd xmm9, xmm5, 78 pshufd xmm10, xmm0, 78 @@ -5416,7 +5416,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm1, xmm14 - movdqu [rsp+32], xmm1 + movdqu OWORD PTR [rsp+32], xmm1 ; H ^ 4 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm0, 78 @@ -5458,7 +5458,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm3, xmm14 - movdqu [rsp+48], xmm3 + movdqu OWORD PTR [rsp+48], xmm3 ; H ^ 5 pshufd xmm9, xmm0, 78 pshufd xmm10, xmm1, 78 @@ -5500,7 +5500,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+64], xmm7 + movdqu OWORD PTR [rsp+64], xmm7 ; H ^ 6 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm1, 78 @@ -5542,7 +5542,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+80], xmm7 + movdqu OWORD PTR [rsp+80], xmm7 ; H ^ 7 pshufd xmm9, xmm1, 78 pshufd xmm10, xmm3, 78 @@ -5584,7 +5584,7 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+96], xmm7 + movdqu OWORD PTR [rsp+96], xmm7 ; H ^ 8 pshufd xmm9, xmm3, 78 pshufd xmm10, xmm3, 78 @@ -5626,11 +5626,11 @@ AES_GCM_decrypt_update_aesni PROC pxor xmm14, xmm13 pxor xmm14, xmm8 pxor xmm7, xmm14 - movdqu [rsp+112], xmm7 + movdqu OWORD PTR [rsp+112], xmm7 L_AES_GCM_decrypt_update_aesni_ghash_128: lea rcx, QWORD PTR [r11+rdi] lea rdx, QWORD PTR [r10+rdi] - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm1, OWORD PTR L_aes_gcm_bswap_epi64 movdqa xmm0, xmm8 pshufb xmm8, xmm1 @@ -5657,7 +5657,7 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pshufb xmm15, xmm1 paddd xmm0, OWORD PTR L_aes_gcm_eight movdqa xmm7, OWORD PTR [rax] - movdqu [r15], xmm0 + movdqu OWORD PTR [r15], xmm0 pxor xmm8, xmm7 pxor xmm9, xmm7 pxor xmm10, xmm7 @@ -5666,8 +5666,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm13, xmm7 pxor xmm14, xmm7 pxor xmm15, xmm7 - movdqu xmm7, [rsp+112] - movdqu xmm0, [rcx] + movdqu xmm7, OWORD PTR [rsp+112] + movdqu xmm0, OWORD PTR [rcx] aesenc xmm8, [rax+16] pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask pxor xmm0, xmm2 @@ -5689,8 +5689,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: aesenc xmm15, [rax+16] pxor xmm1, xmm2 pxor xmm1, xmm3 - movdqu xmm7, [rsp+96] - movdqu xmm0, [rcx+16] + movdqu xmm7, OWORD PTR [rsp+96] + movdqu xmm0, OWORD PTR [rcx+16] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+32] @@ -5713,8 +5713,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+80] - movdqu xmm0, [rcx+32] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm0, OWORD PTR [rcx+32] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+48] @@ -5737,8 +5737,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+64] - movdqu xmm0, [rcx+48] + movdqu xmm7, OWORD PTR [rsp+64] + movdqu xmm0, OWORD PTR [rcx+48] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+64] @@ -5761,8 +5761,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+48] - movdqu xmm0, [rcx+64] + movdqu xmm7, OWORD PTR [rsp+48] + movdqu xmm0, OWORD PTR [rcx+64] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+80] @@ -5785,8 +5785,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+32] - movdqu xmm0, [rcx+80] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm0, OWORD PTR [rcx+80] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+96] @@ -5809,8 +5809,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp+16] - movdqu xmm0, [rcx+96] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm0, OWORD PTR [rcx+96] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+112] @@ -5833,8 +5833,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: pxor xmm1, xmm6 pxor xmm3, xmm6 pxor xmm1, xmm4 - movdqu xmm7, [rsp] - movdqu xmm0, [rcx+112] + movdqu xmm7, OWORD PTR [rsp] + movdqu xmm0, OWORD PTR [rcx+112] pshufd xmm4, xmm7, 78 pshufb xmm0, OWORD PTR L_aes_gcm_bswap_mask aesenc xmm8, [rax+128] @@ -5937,41 +5937,41 @@ L_AES_GCM_decrypt_update_aesni_ghash_128: L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done: aesenclast xmm8, xmm7 aesenclast xmm9, xmm7 - movdqu xmm0, [rcx] - movdqu xmm1, [rcx+16] + movdqu xmm0, OWORD PTR [rcx] + movdqu xmm1, OWORD PTR [rcx+16] pxor xmm8, xmm0 pxor xmm9, xmm1 - movdqu [rdx], xmm8 - movdqu [rdx+16], xmm9 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 aesenclast xmm10, xmm7 aesenclast xmm11, xmm7 - movdqu xmm0, [rcx+32] - movdqu xmm1, [rcx+48] + movdqu xmm0, OWORD PTR [rcx+32] + movdqu xmm1, OWORD PTR [rcx+48] pxor xmm10, xmm0 pxor xmm11, xmm1 - movdqu [rdx+32], xmm10 - movdqu [rdx+48], xmm11 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 aesenclast xmm12, xmm7 aesenclast xmm13, xmm7 - movdqu xmm0, [rcx+64] - movdqu xmm1, [rcx+80] + movdqu xmm0, OWORD PTR [rcx+64] + movdqu xmm1, OWORD PTR [rcx+80] pxor xmm12, xmm0 pxor xmm13, xmm1 - movdqu [rdx+64], xmm12 - movdqu [rdx+80], xmm13 + movdqu OWORD PTR [rdx+64], xmm12 + movdqu OWORD PTR [rdx+80], xmm13 aesenclast xmm14, xmm7 aesenclast xmm15, xmm7 - movdqu xmm0, [rcx+96] - movdqu xmm1, [rcx+112] + movdqu xmm0, OWORD PTR [rcx+96] + movdqu xmm1, OWORD PTR [rcx+112] pxor xmm14, xmm0 pxor xmm15, xmm1 - movdqu [rdx+96], xmm14 - movdqu [rdx+112], xmm15 + movdqu OWORD PTR [rdx+96], xmm14 + movdqu OWORD PTR [rdx+112], xmm15 add edi, 128 cmp edi, r13d jl L_AES_GCM_decrypt_update_aesni_ghash_128 movdqa xmm6, xmm2 - movdqu xmm5, [rsp] + movdqu xmm5, OWORD PTR [rsp] L_AES_GCM_decrypt_update_aesni_done_128: mov edx, r9d cmp edi, edx @@ -5983,16 +5983,16 @@ L_AES_GCM_decrypt_update_aesni_done_128: L_AES_GCM_decrypt_update_aesni_last_block_start: lea rcx, QWORD PTR [r11+rdi] lea rdx, QWORD PTR [r10+rdi] - movdqu xmm1, [rcx] + movdqu xmm1, OWORD PTR [rcx] movdqa xmm0, xmm5 pshufb xmm1, OWORD PTR L_aes_gcm_bswap_mask pxor xmm1, xmm6 - movdqu xmm8, [r15] + movdqu xmm8, OWORD PTR [r15] movdqa xmm9, xmm8 pshufb xmm8, OWORD PTR L_aes_gcm_bswap_epi64 paddd xmm9, OWORD PTR L_aes_gcm_one pxor xmm8, [rax] - movdqu [r15], xmm9 + movdqu OWORD PTR [r15], xmm9 movdqa xmm10, xmm1 pclmulqdq xmm10, xmm0, 16 aesenc xmm8, [rax+16] @@ -6040,25 +6040,25 @@ L_AES_GCM_decrypt_update_aesni_last_block_start: movdqa xmm9, OWORD PTR [rax+224] L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last: aesenclast xmm8, xmm9 - movdqu xmm9, [rcx] + movdqu xmm9, OWORD PTR [rcx] pxor xmm8, xmm9 - movdqu [rdx], xmm8 + movdqu OWORD PTR [rdx], xmm8 add edi, 16 cmp edi, r13d jl L_AES_GCM_decrypt_update_aesni_last_block_start L_AES_GCM_decrypt_update_aesni_last_block_done: L_AES_GCM_decrypt_update_aesni_done_dec: movdqa OWORD PTR [r12], xmm6 - movdqu xmm6, [rsp+168] - movdqu xmm7, [rsp+184] - movdqu xmm8, [rsp+200] - movdqu xmm9, [rsp+216] - movdqu xmm10, [rsp+232] - movdqu xmm11, [rsp+248] - movdqu xmm12, [rsp+264] - movdqu xmm13, [rsp+280] - movdqu xmm14, [rsp+296] - movdqu xmm15, [rsp+312] + movdqu xmm6, OWORD PTR [rsp+168] + movdqu xmm7, OWORD PTR [rsp+184] + movdqu xmm8, OWORD PTR [rsp+200] + movdqu xmm9, OWORD PTR [rsp+216] + movdqu xmm10, OWORD PTR [rsp+232] + movdqu xmm11, OWORD PTR [rsp+248] + movdqu xmm12, OWORD PTR [rsp+264] + movdqu xmm13, OWORD PTR [rsp+280] + movdqu xmm14, OWORD PTR [rsp+296] + movdqu xmm15, OWORD PTR [rsp+312] add rsp, 328 pop rsi pop rdi @@ -6084,15 +6084,15 @@ AES_GCM_decrypt_final_aesni PROC mov r14, QWORD PTR [rsp+96] mov rbp, QWORD PTR [rsp+104] sub rsp, 160 - movdqu [rsp+16], xmm6 - movdqu [rsp+32], xmm7 - movdqu [rsp+48], xmm8 - movdqu [rsp+64], xmm9 - movdqu [rsp+80], xmm10 - movdqu [rsp+96], xmm11 - movdqu [rsp+112], xmm12 - movdqu [rsp+128], xmm13 - movdqu [rsp+144], xmm15 + movdqu OWORD PTR [rsp+16], xmm6 + movdqu OWORD PTR [rsp+32], xmm7 + movdqu OWORD PTR [rsp+48], xmm8 + movdqu OWORD PTR [rsp+64], xmm9 + movdqu OWORD PTR [rsp+80], xmm10 + movdqu OWORD PTR [rsp+96], xmm11 + movdqu OWORD PTR [rsp+112], xmm12 + movdqu OWORD PTR [rsp+128], xmm13 + movdqu OWORD PTR [rsp+144], xmm15 movdqa xmm6, OWORD PTR [rax] movdqa xmm5, OWORD PTR [r12] movdqa xmm15, OWORD PTR [r14] @@ -6161,7 +6161,7 @@ AES_GCM_decrypt_final_aesni PROC sub rsp, 16 xor rcx, rcx xor r15, r15 - movdqu [rsp], xmm0 + movdqu OWORD PTR [rsp], xmm0 L_AES_GCM_decrypt_final_aesni_cmp_tag_loop: movzx r13d, BYTE PTR [rsp+rcx] xor r13b, BYTE PTR [r9+rcx] @@ -6169,13 +6169,13 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_loop: inc ecx cmp ecx, r8d jne L_AES_GCM_decrypt_final_aesni_cmp_tag_loop - cmp r15, 0 + cmp r15b, 0 sete r15b add rsp, 16 xor rcx, rcx jmp L_AES_GCM_decrypt_final_aesni_cmp_tag_done L_AES_GCM_decrypt_final_aesni_cmp_tag_16: - movdqu xmm1, [r9] + movdqu xmm1, OWORD PTR [r9] pcmpeqb xmm0, xmm1 pmovmskb rdx, xmm0 ; %%edx == 0xFFFF then return 1 else => return 0 @@ -6184,15 +6184,15 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_16: sete r15b L_AES_GCM_decrypt_final_aesni_cmp_tag_done: mov DWORD PTR [rbp], r15d - movdqu xmm6, [rsp+16] - movdqu xmm7, [rsp+32] - movdqu xmm8, [rsp+48] - movdqu xmm9, [rsp+64] - movdqu xmm10, [rsp+80] - movdqu xmm11, [rsp+96] - movdqu xmm12, [rsp+112] - movdqu xmm13, [rsp+128] - movdqu xmm15, [rsp+144] + movdqu xmm6, OWORD PTR [rsp+16] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm8, OWORD PTR [rsp+48] + movdqu xmm9, OWORD PTR [rsp+64] + movdqu xmm10, OWORD PTR [rsp+80] + movdqu xmm11, OWORD PTR [rsp+96] + movdqu xmm12, OWORD PTR [rsp+112] + movdqu xmm13, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 pop r15 pop rbp @@ -9012,7 +9012,7 @@ L_AES_GCM_decrypt_avx1_cmp_tag_loop: inc ecx cmp ecx, r14d jne L_AES_GCM_decrypt_avx1_cmp_tag_loop - cmp rbx, 0 + cmp bl, 0 sete bl add rsp, 16 xor rcx, rcx @@ -11398,7 +11398,7 @@ L_AES_GCM_decrypt_final_avx1_cmp_tag_loop: inc ecx cmp ecx, r8d jne L_AES_GCM_decrypt_final_avx1_cmp_tag_loop - cmp r15, 0 + cmp r15b, 0 sete r15b add rsp, 16 xor rcx, rcx @@ -13765,7 +13765,7 @@ L_AES_GCM_decrypt_avx2_cmp_tag_loop: inc edx cmp edx, r15d jne L_AES_GCM_decrypt_avx2_cmp_tag_loop - cmp rax, 0 + cmp al, 0 sete al jmp L_AES_GCM_decrypt_avx2_cmp_tag_done L_AES_GCM_decrypt_avx2_cmp_tag_16: @@ -15764,7 +15764,7 @@ L_AES_GCM_decrypt_final_avx2_cmp_tag_loop: inc r13d cmp r13d, r8d jne L_AES_GCM_decrypt_final_avx2_cmp_tag_loop - cmp r10, 0 + cmp r10b, 0 sete r10b jmp L_AES_GCM_decrypt_final_avx2_cmp_tag_done L_AES_GCM_decrypt_final_avx2_cmp_tag_16: diff --git a/wolfcrypt/src/aes_gcm_x86_asm.S b/wolfcrypt/src/aes_gcm_x86_asm.S index 0559a206dd..8a384996ee 100644 --- a/wolfcrypt/src/aes_gcm_x86_asm.S +++ b/wolfcrypt/src/aes_gcm_x86_asm.S @@ -1,6 +1,6 @@ /* aes_gcm_x86_asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/aes_xts_asm.S b/wolfcrypt/src/aes_xts_asm.S index fedead84f8..f65c015255 100644 --- a/wolfcrypt/src/aes_xts_asm.S +++ b/wolfcrypt/src/aes_xts_asm.S @@ -1,6 +1,6 @@ /* aes_xts_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,6 +48,59 @@ #ifdef WOLFSSL_AES_XTS #ifdef WOLFSSL_X86_64_BUILD #ifndef __APPLE__ +.text +.globl AES_XTS_init_aesni +.type AES_XTS_init_aesni,@function +.align 16 +AES_XTS_init_aesni: +#else +.section __TEXT,__text +.globl _AES_XTS_init_aesni +.p2align 4 +_AES_XTS_init_aesni: +#endif /* __APPLE__ */ + movdqu (%rdi), %xmm0 + # aes_enc_block + pxor (%rsi), %xmm0 + movdqu 16(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 32(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 48(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 64(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 80(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 96(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 112(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 128(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + movdqu 144(%rsi), %xmm2 + aesenc %xmm2, %xmm0 + cmpl $11, %edx + movdqu 160(%rsi), %xmm2 + jl L_AES_XTS_init_aesni_tweak_aes_enc_block_last + aesenc %xmm2, %xmm0 + movdqu 176(%rsi), %xmm3 + aesenc %xmm3, %xmm0 + cmpl $13, %edx + movdqu 192(%rsi), %xmm2 + jl L_AES_XTS_init_aesni_tweak_aes_enc_block_last + aesenc %xmm2, %xmm0 + movdqu 208(%rsi), %xmm3 + aesenc %xmm3, %xmm0 + movdqu 224(%rsi), %xmm2 +L_AES_XTS_init_aesni_tweak_aes_enc_block_last: + aesenclast %xmm2, %xmm0 + movdqu %xmm0, (%rdi) + repz retq +#ifndef __APPLE__ +.size AES_XTS_init_aesni,.-AES_XTS_init_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ .data #else .section __DATA,__data @@ -378,6 +431,291 @@ L_AES_XTS_encrypt_aesni_done_enc: #endif /* __APPLE__ */ #ifndef __APPLE__ .text +.globl AES_XTS_encrypt_update_aesni +.type AES_XTS_encrypt_update_aesni,@function +.align 16 +AES_XTS_encrypt_update_aesni: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt_update_aesni +.p2align 4 +_AES_XTS_encrypt_update_aesni: +#endif /* __APPLE__ */ + pushq %r12 + movq %rdx, %rax + movq %rcx, %r10 + subq $0x40, %rsp + movdqu L_aes_xts_gc_xts(%rip), %xmm12 + movdqu (%r8), %xmm0 + xorl %r12d, %r12d + cmpl $0x40, %eax + movl %eax, %r11d + jl L_AES_XTS_encrypt_update_aesni_done_64 + andl $0xffffffc0, %r11d +L_AES_XTS_encrypt_update_aesni_enc_64: + # 64 bytes of input + # aes_enc_64 + leaq (%rdi,%r12,1), %rcx + leaq (%rsi,%r12,1), %rdx + movdqu (%rcx), %xmm8 + movdqu 16(%rcx), %xmm9 + movdqu 32(%rcx), %xmm10 + movdqu 48(%rcx), %xmm11 + movdqa %xmm0, %xmm4 + movdqa %xmm0, %xmm1 + psrad $31, %xmm4 + pslld $0x01, %xmm1 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm1 + movdqa %xmm1, %xmm4 + movdqa %xmm1, %xmm2 + psrad $31, %xmm4 + pslld $0x01, %xmm2 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm2 + movdqa %xmm2, %xmm4 + movdqa %xmm2, %xmm3 + psrad $31, %xmm4 + pslld $0x01, %xmm3 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm3 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm2, %xmm10 + pxor %xmm3, %xmm11 + # aes_enc_block + movdqu (%r10), %xmm4 + pxor %xmm4, %xmm8 + pxor %xmm4, %xmm9 + pxor %xmm4, %xmm10 + pxor %xmm4, %xmm11 + movdqu 16(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 32(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 48(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 64(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 80(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 96(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 112(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 128(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 144(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + cmpl $11, %r9d + movdqu 160(%r10), %xmm4 + jl L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 176(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + cmpl $13, %r9d + movdqu 192(%r10), %xmm4 + jl L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 208(%r10), %xmm4 + aesenc %xmm4, %xmm8 + aesenc %xmm4, %xmm9 + aesenc %xmm4, %xmm10 + aesenc %xmm4, %xmm11 + movdqu 224(%r10), %xmm4 +L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last: + aesenclast %xmm4, %xmm8 + aesenclast %xmm4, %xmm9 + aesenclast %xmm4, %xmm10 + aesenclast %xmm4, %xmm11 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm2, %xmm10 + pxor %xmm3, %xmm11 + movdqu %xmm8, (%rdx) + movdqu %xmm9, 16(%rdx) + movdqu %xmm10, 32(%rdx) + movdqu %xmm11, 48(%rdx) + movdqa %xmm3, %xmm4 + movdqa %xmm3, %xmm0 + psrad $31, %xmm4 + pslld $0x01, %xmm0 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm0 + addl $0x40, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_encrypt_update_aesni_enc_64 +L_AES_XTS_encrypt_update_aesni_done_64: + cmpl %eax, %r12d + movl %eax, %r11d + je L_AES_XTS_encrypt_update_aesni_done_enc + subl %r12d, %r11d + cmpl $16, %r11d + movl %eax, %r11d + jl L_AES_XTS_encrypt_update_aesni_last_15 + andl $0xfffffff0, %r11d + # 16 bytes of input +L_AES_XTS_encrypt_update_aesni_enc_16: + leaq (%rdi,%r12,1), %rcx + movdqu (%rcx), %xmm8 + pxor %xmm0, %xmm8 + # aes_enc_block + pxor (%r10), %xmm8 + movdqu 16(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 32(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 48(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 64(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 80(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 96(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 112(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 128(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 144(%r10), %xmm5 + aesenc %xmm5, %xmm8 + cmpl $11, %r9d + movdqu 160(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_aesni_aes_enc_block_last + aesenc %xmm5, %xmm8 + movdqu 176(%r10), %xmm6 + aesenc %xmm6, %xmm8 + cmpl $13, %r9d + movdqu 192(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_aesni_aes_enc_block_last + aesenc %xmm5, %xmm8 + movdqu 208(%r10), %xmm6 + aesenc %xmm6, %xmm8 + movdqu 224(%r10), %xmm5 +L_AES_XTS_encrypt_update_aesni_aes_enc_block_last: + aesenclast %xmm5, %xmm8 + pxor %xmm0, %xmm8 + leaq (%rsi,%r12,1), %rcx + movdqu %xmm8, (%rcx) + movdqa %xmm0, %xmm4 + psrad $31, %xmm4 + pslld $0x01, %xmm0 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm0 + addl $16, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_encrypt_update_aesni_enc_16 + cmpl %eax, %r12d + je L_AES_XTS_encrypt_update_aesni_done_enc +L_AES_XTS_encrypt_update_aesni_last_15: + subq $16, %r12 + leaq (%rsi,%r12,1), %rcx + movdqu (%rcx), %xmm8 + addq $16, %r12 + movdqu %xmm8, (%rsp) + xorq %rdx, %rdx +L_AES_XTS_encrypt_update_aesni_last_15_byte_loop: + movb (%rsp,%rdx,1), %r11b + movb (%rdi,%r12,1), %cl + movb %r11b, (%rsi,%r12,1) + movb %cl, (%rsp,%rdx,1) + incl %r12d + incl %edx + cmpl %eax, %r12d + jl L_AES_XTS_encrypt_update_aesni_last_15_byte_loop + subq %rdx, %r12 + movdqu (%rsp), %xmm8 + subq $16, %r12 + pxor %xmm0, %xmm8 + # aes_enc_block + pxor (%r10), %xmm8 + movdqu 16(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 32(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 48(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 64(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 80(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 96(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 112(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 128(%r10), %xmm5 + aesenc %xmm5, %xmm8 + movdqu 144(%r10), %xmm5 + aesenc %xmm5, %xmm8 + cmpl $11, %r9d + movdqu 160(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last + aesenc %xmm5, %xmm8 + movdqu 176(%r10), %xmm6 + aesenc %xmm6, %xmm8 + cmpl $13, %r9d + movdqu 192(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last + aesenc %xmm5, %xmm8 + movdqu 208(%r10), %xmm6 + aesenc %xmm6, %xmm8 + movdqu 224(%r10), %xmm5 +L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last: + aesenclast %xmm5, %xmm8 + pxor %xmm0, %xmm8 + leaq (%rsi,%r12,1), %rcx + movdqu %xmm8, (%rcx) +L_AES_XTS_encrypt_update_aesni_done_enc: + movdqu %xmm0, (%r8) + addq $0x40, %rsp + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_XTS_encrypt_update_aesni,.-AES_XTS_encrypt_update_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text .globl AES_XTS_decrypt_aesni .type AES_XTS_decrypt_aesni,@function .align 16 @@ -752,73 +1090,466 @@ L_AES_XTS_decrypt_aesni_done_dec: #ifndef __APPLE__ .size AES_XTS_decrypt_aesni,.-AES_XTS_decrypt_aesni #endif /* __APPLE__ */ -#ifdef HAVE_INTEL_AVX1 -#ifndef __APPLE__ -.data -#else -.section __DATA,__data -#endif /* __APPLE__ */ -L_avx1_aes_xts_gc_xts: -.long 0x87,0x1,0x1,0x1 #ifndef __APPLE__ .text -.globl AES_XTS_encrypt_avx1 -.type AES_XTS_encrypt_avx1,@function +.globl AES_XTS_decrypt_update_aesni +.type AES_XTS_decrypt_update_aesni,@function .align 16 -AES_XTS_encrypt_avx1: +AES_XTS_decrypt_update_aesni: #else .section __TEXT,__text -.globl _AES_XTS_encrypt_avx1 +.globl _AES_XTS_decrypt_update_aesni .p2align 4 -_AES_XTS_encrypt_avx1: +_AES_XTS_decrypt_update_aesni: #endif /* __APPLE__ */ pushq %r12 - pushq %r13 movq %rdx, %rax - movq %rcx, %r12 - movl 24(%rsp), %r10d - subq $0x40, %rsp - vmovdqu L_avx1_aes_xts_gc_xts(%rip), %xmm12 - vmovdqu (%r12), %xmm0 - # aes_enc_block - vpxor (%r9), %xmm0, %xmm0 - vmovdqu 16(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 32(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 48(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 64(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 80(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 96(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 112(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 128(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 144(%r9), %xmm5 - vaesenc %xmm5, %xmm0, %xmm0 - cmpl $11, %r10d - vmovdqu 160(%r9), %xmm5 - jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 176(%r9), %xmm6 - vaesenc %xmm6, %xmm0, %xmm0 - cmpl $13, %r10d - vmovdqu 192(%r9), %xmm5 - jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last - vaesenc %xmm5, %xmm0, %xmm0 - vmovdqu 208(%r9), %xmm6 - vaesenc %xmm6, %xmm0, %xmm0 - vmovdqu 224(%r9), %xmm5 -L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last: - vaesenclast %xmm5, %xmm0, %xmm0 - xorl %r13d, %r13d - cmpl $0x40, %eax + movq %rcx, %r10 + subq $16, %rsp + movdqu L_aes_xts_gc_xts(%rip), %xmm12 + movdqu (%r8), %xmm0 + xorl %r12d, %r12d movl %eax, %r11d - jl L_AES_XTS_encrypt_avx1_done_64 + andl $0xfffffff0, %r11d + cmpl %eax, %r11d + je L_AES_XTS_decrypt_update_aesni_mul16_64 + subl $16, %r11d + cmpl $16, %r11d + jl L_AES_XTS_decrypt_update_aesni_last_31_start +L_AES_XTS_decrypt_update_aesni_mul16_64: + cmpl $0x40, %r11d + jl L_AES_XTS_decrypt_update_aesni_done_64 + andl $0xffffffc0, %r11d +L_AES_XTS_decrypt_update_aesni_dec_64: + # 64 bytes of input + # aes_dec_64 + leaq (%rdi,%r12,1), %rcx + leaq (%rsi,%r12,1), %rdx + movdqu (%rcx), %xmm8 + movdqu 16(%rcx), %xmm9 + movdqu 32(%rcx), %xmm10 + movdqu 48(%rcx), %xmm11 + movdqa %xmm0, %xmm4 + movdqa %xmm0, %xmm1 + psrad $31, %xmm4 + pslld $0x01, %xmm1 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm1 + movdqa %xmm1, %xmm4 + movdqa %xmm1, %xmm2 + psrad $31, %xmm4 + pslld $0x01, %xmm2 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm2 + movdqa %xmm2, %xmm4 + movdqa %xmm2, %xmm3 + psrad $31, %xmm4 + pslld $0x01, %xmm3 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm3 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm2, %xmm10 + pxor %xmm3, %xmm11 + # aes_dec_block + movdqu (%r10), %xmm4 + pxor %xmm4, %xmm8 + pxor %xmm4, %xmm9 + pxor %xmm4, %xmm10 + pxor %xmm4, %xmm11 + movdqu 16(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 32(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 48(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 64(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 80(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 96(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 112(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 128(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 144(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + cmpl $11, %r9d + movdqu 160(%r10), %xmm4 + jl L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 176(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + cmpl $13, %r9d + movdqu 192(%r10), %xmm4 + jl L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 208(%r10), %xmm4 + aesdec %xmm4, %xmm8 + aesdec %xmm4, %xmm9 + aesdec %xmm4, %xmm10 + aesdec %xmm4, %xmm11 + movdqu 224(%r10), %xmm4 +L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last: + aesdeclast %xmm4, %xmm8 + aesdeclast %xmm4, %xmm9 + aesdeclast %xmm4, %xmm10 + aesdeclast %xmm4, %xmm11 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm2, %xmm10 + pxor %xmm3, %xmm11 + movdqu %xmm8, (%rdx) + movdqu %xmm9, 16(%rdx) + movdqu %xmm10, 32(%rdx) + movdqu %xmm11, 48(%rdx) + movdqa %xmm3, %xmm4 + movdqa %xmm3, %xmm0 + psrad $31, %xmm4 + pslld $0x01, %xmm0 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm0 + addl $0x40, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_decrypt_update_aesni_dec_64 +L_AES_XTS_decrypt_update_aesni_done_64: + cmpl %eax, %r12d + movl %eax, %r11d + je L_AES_XTS_decrypt_update_aesni_done_dec + andl $0xfffffff0, %r11d + cmpl %eax, %r11d + je L_AES_XTS_decrypt_update_aesni_mul16 + subl $16, %r11d + subl %r12d, %r11d + cmpl $16, %r11d + jl L_AES_XTS_decrypt_update_aesni_last_31_start + addl %r12d, %r11d +L_AES_XTS_decrypt_update_aesni_mul16: +L_AES_XTS_decrypt_update_aesni_dec_16: + # 16 bytes of input + leaq (%rdi,%r12,1), %rcx + movdqu (%rcx), %xmm8 + pxor %xmm0, %xmm8 + # aes_dec_block + pxor (%r10), %xmm8 + movdqu 16(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 32(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 48(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 64(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 80(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 96(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 112(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 128(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 144(%r10), %xmm5 + aesdec %xmm5, %xmm8 + cmpl $11, %r9d + movdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 176(%r10), %xmm6 + aesdec %xmm6, %xmm8 + cmpl $13, %r9d + movdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 208(%r10), %xmm6 + aesdec %xmm6, %xmm8 + movdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_aesni_aes_dec_block_last: + aesdeclast %xmm5, %xmm8 + pxor %xmm0, %xmm8 + leaq (%rsi,%r12,1), %rcx + movdqu %xmm8, (%rcx) + movdqa %xmm0, %xmm4 + psrad $31, %xmm4 + pslld $0x01, %xmm0 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm0 + addl $16, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_decrypt_update_aesni_dec_16 + cmpl %eax, %r12d + je L_AES_XTS_decrypt_update_aesni_done_dec +L_AES_XTS_decrypt_update_aesni_last_31_start: + movdqa %xmm0, %xmm4 + movdqa %xmm0, %xmm7 + psrad $31, %xmm4 + pslld $0x01, %xmm7 + pshufd $0x93, %xmm4, %xmm4 + pand %xmm12, %xmm4 + pxor %xmm4, %xmm7 + leaq (%rdi,%r12,1), %rcx + movdqu (%rcx), %xmm8 + pxor %xmm7, %xmm8 + # aes_dec_block + pxor (%r10), %xmm8 + movdqu 16(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 32(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 48(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 64(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 80(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 96(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 112(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 128(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 144(%r10), %xmm5 + aesdec %xmm5, %xmm8 + cmpl $11, %r9d + movdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 176(%r10), %xmm6 + aesdec %xmm6, %xmm8 + cmpl $13, %r9d + movdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 208(%r10), %xmm6 + aesdec %xmm6, %xmm8 + movdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last: + aesdeclast %xmm5, %xmm8 + pxor %xmm7, %xmm8 + movdqu %xmm8, (%rsp) + addq $16, %r12 + xorq %rdx, %rdx +L_AES_XTS_decrypt_update_aesni_last_31_byte_loop: + movb (%rsp,%rdx,1), %r11b + movb (%rdi,%r12,1), %cl + movb %r11b, (%rsi,%r12,1) + movb %cl, (%rsp,%rdx,1) + incl %r12d + incl %edx + cmpl %eax, %r12d + jl L_AES_XTS_decrypt_update_aesni_last_31_byte_loop + subq %rdx, %r12 + movdqu (%rsp), %xmm8 + pxor %xmm0, %xmm8 + # aes_dec_block + pxor (%r10), %xmm8 + movdqu 16(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 32(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 48(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 64(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 80(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 96(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 112(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 128(%r10), %xmm5 + aesdec %xmm5, %xmm8 + movdqu 144(%r10), %xmm5 + aesdec %xmm5, %xmm8 + cmpl $11, %r9d + movdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 176(%r10), %xmm6 + aesdec %xmm6, %xmm8 + cmpl $13, %r9d + movdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last + aesdec %xmm5, %xmm8 + movdqu 208(%r10), %xmm6 + aesdec %xmm6, %xmm8 + movdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last: + aesdeclast %xmm5, %xmm8 + pxor %xmm0, %xmm8 + subq $16, %r12 + leaq (%rsi,%r12,1), %rcx + movdqu %xmm8, (%rcx) +L_AES_XTS_decrypt_update_aesni_done_dec: + movdqu %xmm0, (%r8) + addq $16, %rsp + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_XTS_decrypt_update_aesni,.-AES_XTS_decrypt_update_aesni +#endif /* __APPLE__ */ +#ifdef HAVE_INTEL_AVX1 +#ifndef __APPLE__ +.text +.globl AES_XTS_init_avx1 +.type AES_XTS_init_avx1,@function +.align 16 +AES_XTS_init_avx1: +#else +.section __TEXT,__text +.globl _AES_XTS_init_avx1 +.p2align 4 +_AES_XTS_init_avx1: +#endif /* __APPLE__ */ + movl %edx, %eax + vmovdqu (%rdi), %xmm0 + # aes_enc_block + vpxor (%rsi), %xmm0, %xmm0 + vmovdqu 16(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 32(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 48(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 64(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 80(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 96(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 112(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 128(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 144(%rsi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + cmpl $11, %eax + vmovdqu 160(%rsi), %xmm2 + jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 176(%rsi), %xmm3 + vaesenc %xmm3, %xmm0, %xmm0 + cmpl $13, %eax + vmovdqu 192(%rsi), %xmm2 + jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqu 208(%rsi), %xmm3 + vaesenc %xmm3, %xmm0, %xmm0 + vmovdqu 224(%rsi), %xmm2 +L_AES_XTS_init_avx1_tweak_aes_enc_block_last: + vaesenclast %xmm2, %xmm0, %xmm0 + vmovdqu %xmm0, (%rdi) + repz retq +#ifndef __APPLE__ +.size AES_XTS_init_avx1,.-AES_XTS_init_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_avx1_aes_xts_gc_xts: +.long 0x87,0x1,0x1,0x1 +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt_avx1 +.type AES_XTS_encrypt_avx1,@function +.align 16 +AES_XTS_encrypt_avx1: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt_avx1 +.p2align 4 +_AES_XTS_encrypt_avx1: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + movq %rdx, %rax + movq %rcx, %r12 + movl 24(%rsp), %r10d + subq $0x40, %rsp + vmovdqu L_avx1_aes_xts_gc_xts(%rip), %xmm12 + vmovdqu (%r12), %xmm0 + # aes_enc_block + vpxor (%r9), %xmm0, %xmm0 + vmovdqu 16(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 32(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 48(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 64(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 80(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 96(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 112(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 128(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 144(%r9), %xmm5 + vaesenc %xmm5, %xmm0, %xmm0 + cmpl $11, %r10d + vmovdqu 160(%r9), %xmm5 + jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 176(%r9), %xmm6 + vaesenc %xmm6, %xmm0, %xmm0 + cmpl $13, %r10d + vmovdqu 192(%r9), %xmm5 + jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last + vaesenc %xmm5, %xmm0, %xmm0 + vmovdqu 208(%r9), %xmm6 + vaesenc %xmm6, %xmm0, %xmm0 + vmovdqu 224(%r9), %xmm5 +L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last: + vaesenclast %xmm5, %xmm0, %xmm0 + xorl %r13d, %r13d + cmpl $0x40, %eax + movl %eax, %r11d + jl L_AES_XTS_encrypt_avx1_done_64 andl $0xffffffc0, %r11d L_AES_XTS_encrypt_avx1_enc_64: # 64 bytes of input @@ -969,110 +1700,385 @@ L_AES_XTS_encrypt_avx1_enc_16: vaesenc %xmm5, %xmm8, %xmm8 vmovdqu 64(%r8), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 80(%r8), %xmm5 + vmovdqu 80(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 96(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 112(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 128(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 144(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + cmpl $11, %r10d + vmovdqu 160(%r8), %xmm5 + jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 176(%r8), %xmm6 + vaesenc %xmm6, %xmm8, %xmm8 + cmpl $13, %r10d + vmovdqu 192(%r8), %xmm5 + jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 208(%r8), %xmm6 + vaesenc %xmm6, %xmm8, %xmm8 + vmovdqu 224(%r8), %xmm5 +L_AES_XTS_encrypt_avx1_aes_enc_block_last: + vaesenclast %xmm5, %xmm8, %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + leaq (%rsi,%r13,1), %rcx + vmovdqu %xmm8, (%rcx) + vpsrad $31, %xmm0, %xmm4 + vpslld $0x01, %xmm0, %xmm0 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm0, %xmm0 + addl $16, %r13d + cmpl %r11d, %r13d + jl L_AES_XTS_encrypt_avx1_enc_16 + cmpl %eax, %r13d + je L_AES_XTS_encrypt_avx1_done_enc +L_AES_XTS_encrypt_avx1_last_15: + subq $16, %r13 + leaq (%rsi,%r13,1), %rcx + vmovdqu (%rcx), %xmm8 + addq $16, %r13 + vmovdqu %xmm8, (%rsp) + xorq %rdx, %rdx +L_AES_XTS_encrypt_avx1_last_15_byte_loop: + movb (%rsp,%rdx,1), %r11b + movb (%rdi,%r13,1), %cl + movb %r11b, (%rsi,%r13,1) + movb %cl, (%rsp,%rdx,1) + incl %r13d + incl %edx + cmpl %eax, %r13d + jl L_AES_XTS_encrypt_avx1_last_15_byte_loop + subq %rdx, %r13 + vmovdqu (%rsp), %xmm8 + subq $16, %r13 + vpxor %xmm0, %xmm8, %xmm8 + # aes_enc_block + vpxor (%r8), %xmm8, %xmm8 + vmovdqu 16(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 32(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 48(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 64(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 80(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 96(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 112(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 128(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 144(%r8), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + cmpl $11, %r10d + vmovdqu 160(%r8), %xmm5 + jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 176(%r8), %xmm6 + vaesenc %xmm6, %xmm8, %xmm8 + cmpl $13, %r10d + vmovdqu 192(%r8), %xmm5 + jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 208(%r8), %xmm6 + vaesenc %xmm6, %xmm8, %xmm8 + vmovdqu 224(%r8), %xmm5 +L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last: + vaesenclast %xmm5, %xmm8, %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + leaq (%rsi,%r13,1), %rcx + vmovdqu %xmm8, (%rcx) +L_AES_XTS_encrypt_avx1_done_enc: + addq $0x40, %rsp + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_XTS_encrypt_avx1,.-AES_XTS_encrypt_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt_update_avx1 +.type AES_XTS_encrypt_update_avx1,@function +.align 16 +AES_XTS_encrypt_update_avx1: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt_update_avx1 +.p2align 4 +_AES_XTS_encrypt_update_avx1: +#endif /* __APPLE__ */ + pushq %r12 + movq %rdx, %rax + movq %rcx, %r10 + subq $0x40, %rsp + vmovdqu L_avx1_aes_xts_gc_xts(%rip), %xmm12 + vmovdqu (%r8), %xmm0 + xorl %r12d, %r12d + cmpl $0x40, %eax + movl %eax, %r11d + jl L_AES_XTS_encrypt_update_avx1_done_64 + andl $0xffffffc0, %r11d +L_AES_XTS_encrypt_update_avx1_enc_64: + # 64 bytes of input + # aes_enc_64 + leaq (%rdi,%r12,1), %rcx + leaq (%rsi,%r12,1), %rdx + vmovdqu (%rcx), %xmm8 + vmovdqu 16(%rcx), %xmm9 + vmovdqu 32(%rcx), %xmm10 + vmovdqu 48(%rcx), %xmm11 + vpsrad $31, %xmm0, %xmm4 + vpslld $0x01, %xmm0, %xmm1 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm1, %xmm1 + vpsrad $31, %xmm1, %xmm4 + vpslld $0x01, %xmm1, %xmm2 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm2, %xmm2 + vpsrad $31, %xmm2, %xmm4 + vpslld $0x01, %xmm2, %xmm3 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm3, %xmm3 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + # aes_enc_block + vmovdqu (%r10), %xmm4 + vpxor %xmm4, %xmm8, %xmm8 + vpxor %xmm4, %xmm9, %xmm9 + vpxor %xmm4, %xmm10, %xmm10 + vpxor %xmm4, %xmm11, %xmm11 + vmovdqu 16(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 32(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 48(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 64(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 80(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 96(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 112(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 128(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 144(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm4 + jl L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 176(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm4 + jl L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 208(%r10), %xmm4 + vaesenc %xmm4, %xmm8, %xmm8 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vmovdqu 224(%r10), %xmm4 +L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last: + vaesenclast %xmm4, %xmm8, %xmm8 + vaesenclast %xmm4, %xmm9, %xmm9 + vaesenclast %xmm4, %xmm10, %xmm10 + vaesenclast %xmm4, %xmm11, %xmm11 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vpsrad $31, %xmm3, %xmm4 + vpslld $0x01, %xmm3, %xmm0 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm0, %xmm0 + addl $0x40, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_encrypt_update_avx1_enc_64 +L_AES_XTS_encrypt_update_avx1_done_64: + cmpl %eax, %r12d + movl %eax, %r11d + je L_AES_XTS_encrypt_update_avx1_done_enc + subl %r12d, %r11d + cmpl $16, %r11d + movl %eax, %r11d + jl L_AES_XTS_encrypt_update_avx1_last_15 + andl $0xfffffff0, %r11d + # 16 bytes of input +L_AES_XTS_encrypt_update_avx1_enc_16: + leaq (%rdi,%r12,1), %rcx + vmovdqu (%rcx), %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + # aes_enc_block + vpxor (%r10), %xmm8, %xmm8 + vmovdqu 16(%r10), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 32(%r10), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 48(%r10), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 64(%r10), %xmm5 + vaesenc %xmm5, %xmm8, %xmm8 + vmovdqu 80(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 96(%r8), %xmm5 + vmovdqu 96(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 112(%r8), %xmm5 + vmovdqu 112(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 128(%r8), %xmm5 + vmovdqu 128(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 144(%r8), %xmm5 + vmovdqu 144(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - cmpl $11, %r10d - vmovdqu 160(%r8), %xmm5 - jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_avx1_aes_enc_block_last vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 176(%r8), %xmm6 + vmovdqu 176(%r10), %xmm6 vaesenc %xmm6, %xmm8, %xmm8 - cmpl $13, %r10d - vmovdqu 192(%r8), %xmm5 - jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_avx1_aes_enc_block_last vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 208(%r8), %xmm6 + vmovdqu 208(%r10), %xmm6 vaesenc %xmm6, %xmm8, %xmm8 - vmovdqu 224(%r8), %xmm5 -L_AES_XTS_encrypt_avx1_aes_enc_block_last: + vmovdqu 224(%r10), %xmm5 +L_AES_XTS_encrypt_update_avx1_aes_enc_block_last: vaesenclast %xmm5, %xmm8, %xmm8 vpxor %xmm0, %xmm8, %xmm8 - leaq (%rsi,%r13,1), %rcx + leaq (%rsi,%r12,1), %rcx vmovdqu %xmm8, (%rcx) vpsrad $31, %xmm0, %xmm4 vpslld $0x01, %xmm0, %xmm0 vpshufd $0x93, %xmm4, %xmm4 vpand %xmm12, %xmm4, %xmm4 vpxor %xmm4, %xmm0, %xmm0 - addl $16, %r13d - cmpl %r11d, %r13d - jl L_AES_XTS_encrypt_avx1_enc_16 - cmpl %eax, %r13d - je L_AES_XTS_encrypt_avx1_done_enc -L_AES_XTS_encrypt_avx1_last_15: - subq $16, %r13 - leaq (%rsi,%r13,1), %rcx + addl $16, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_encrypt_update_avx1_enc_16 + cmpl %eax, %r12d + je L_AES_XTS_encrypt_update_avx1_done_enc +L_AES_XTS_encrypt_update_avx1_last_15: + subq $16, %r12 + leaq (%rsi,%r12,1), %rcx vmovdqu (%rcx), %xmm8 - addq $16, %r13 + addq $16, %r12 vmovdqu %xmm8, (%rsp) xorq %rdx, %rdx -L_AES_XTS_encrypt_avx1_last_15_byte_loop: +L_AES_XTS_encrypt_update_avx1_last_15_byte_loop: movb (%rsp,%rdx,1), %r11b - movb (%rdi,%r13,1), %cl - movb %r11b, (%rsi,%r13,1) + movb (%rdi,%r12,1), %cl + movb %r11b, (%rsi,%r12,1) movb %cl, (%rsp,%rdx,1) - incl %r13d + incl %r12d incl %edx - cmpl %eax, %r13d - jl L_AES_XTS_encrypt_avx1_last_15_byte_loop - subq %rdx, %r13 + cmpl %eax, %r12d + jl L_AES_XTS_encrypt_update_avx1_last_15_byte_loop + subq %rdx, %r12 vmovdqu (%rsp), %xmm8 - subq $16, %r13 + subq $16, %r12 vpxor %xmm0, %xmm8, %xmm8 # aes_enc_block - vpxor (%r8), %xmm8, %xmm8 - vmovdqu 16(%r8), %xmm5 + vpxor (%r10), %xmm8, %xmm8 + vmovdqu 16(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 32(%r8), %xmm5 + vmovdqu 32(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 48(%r8), %xmm5 + vmovdqu 48(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 64(%r8), %xmm5 + vmovdqu 64(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 80(%r8), %xmm5 + vmovdqu 80(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 96(%r8), %xmm5 + vmovdqu 96(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 112(%r8), %xmm5 + vmovdqu 112(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 128(%r8), %xmm5 + vmovdqu 128(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 144(%r8), %xmm5 + vmovdqu 144(%r10), %xmm5 vaesenc %xmm5, %xmm8, %xmm8 - cmpl $11, %r10d - vmovdqu 160(%r8), %xmm5 - jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 176(%r8), %xmm6 + vmovdqu 176(%r10), %xmm6 vaesenc %xmm6, %xmm8, %xmm8 - cmpl $13, %r10d - vmovdqu 192(%r8), %xmm5 - jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm5 + jl L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last vaesenc %xmm5, %xmm8, %xmm8 - vmovdqu 208(%r8), %xmm6 + vmovdqu 208(%r10), %xmm6 vaesenc %xmm6, %xmm8, %xmm8 - vmovdqu 224(%r8), %xmm5 -L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last: + vmovdqu 224(%r10), %xmm5 +L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last: vaesenclast %xmm5, %xmm8, %xmm8 vpxor %xmm0, %xmm8, %xmm8 - leaq (%rsi,%r13,1), %rcx + leaq (%rsi,%r12,1), %rcx vmovdqu %xmm8, (%rcx) -L_AES_XTS_encrypt_avx1_done_enc: - vzeroupper +L_AES_XTS_encrypt_update_avx1_done_enc: + vmovdqu %xmm0, (%r8) addq $0x40, %rsp - popq %r13 popq %r12 repz retq #ifndef __APPLE__ -.size AES_XTS_encrypt_avx1,.-AES_XTS_encrypt_avx1 +.size AES_XTS_encrypt_update_avx1,.-AES_XTS_encrypt_update_avx1 #endif /* __APPLE__ */ #ifndef __APPLE__ .text @@ -1432,7 +2438,6 @@ L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last: leaq (%rsi,%r13,1), %rcx vmovdqu %xmm8, (%rcx) L_AES_XTS_decrypt_avx1_done_dec: - vzeroupper addq $16, %rsp popq %r13 popq %r12 @@ -1440,6 +2445,334 @@ L_AES_XTS_decrypt_avx1_done_dec: #ifndef __APPLE__ .size AES_XTS_decrypt_avx1,.-AES_XTS_decrypt_avx1 #endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_XTS_decrypt_update_avx1 +.type AES_XTS_decrypt_update_avx1,@function +.align 16 +AES_XTS_decrypt_update_avx1: +#else +.section __TEXT,__text +.globl _AES_XTS_decrypt_update_avx1 +.p2align 4 +_AES_XTS_decrypt_update_avx1: +#endif /* __APPLE__ */ + pushq %r12 + movq %rdx, %rax + movq %rcx, %r10 + subq $16, %rsp + vmovdqu L_avx1_aes_xts_gc_xts(%rip), %xmm12 + vmovdqu (%r8), %xmm0 + xorl %r12d, %r12d + movl %eax, %r11d + andl $0xfffffff0, %r11d + cmpl %eax, %r11d + je L_AES_XTS_decrypt_update_avx1_mul16_64 + subl $16, %r11d + cmpl $16, %r11d + jl L_AES_XTS_decrypt_update_avx1_last_31_start +L_AES_XTS_decrypt_update_avx1_mul16_64: + cmpl $0x40, %r11d + jl L_AES_XTS_decrypt_update_avx1_done_64 + andl $0xffffffc0, %r11d +L_AES_XTS_decrypt_update_avx1_dec_64: + # 64 bytes of input + # aes_dec_64 + leaq (%rdi,%r12,1), %rcx + leaq (%rsi,%r12,1), %rdx + vmovdqu (%rcx), %xmm8 + vmovdqu 16(%rcx), %xmm9 + vmovdqu 32(%rcx), %xmm10 + vmovdqu 48(%rcx), %xmm11 + vpsrad $31, %xmm0, %xmm4 + vpslld $0x01, %xmm0, %xmm1 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm1, %xmm1 + vpsrad $31, %xmm1, %xmm4 + vpslld $0x01, %xmm1, %xmm2 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm2, %xmm2 + vpsrad $31, %xmm2, %xmm4 + vpslld $0x01, %xmm2, %xmm3 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm3, %xmm3 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + # aes_dec_block + vmovdqu (%r10), %xmm4 + vpxor %xmm4, %xmm8, %xmm8 + vpxor %xmm4, %xmm9, %xmm9 + vpxor %xmm4, %xmm10, %xmm10 + vpxor %xmm4, %xmm11, %xmm11 + vmovdqu 16(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 32(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 48(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 64(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 80(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 96(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 112(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 128(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 144(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm4 + jl L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 176(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm4 + jl L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 208(%r10), %xmm4 + vaesdec %xmm4, %xmm8, %xmm8 + vaesdec %xmm4, %xmm9, %xmm9 + vaesdec %xmm4, %xmm10, %xmm10 + vaesdec %xmm4, %xmm11, %xmm11 + vmovdqu 224(%r10), %xmm4 +L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last: + vaesdeclast %xmm4, %xmm8, %xmm8 + vaesdeclast %xmm4, %xmm9, %xmm9 + vaesdeclast %xmm4, %xmm10, %xmm10 + vaesdeclast %xmm4, %xmm11, %xmm11 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vpsrad $31, %xmm3, %xmm4 + vpslld $0x01, %xmm3, %xmm0 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm0, %xmm0 + addl $0x40, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_decrypt_update_avx1_dec_64 +L_AES_XTS_decrypt_update_avx1_done_64: + cmpl %eax, %r12d + movl %eax, %r11d + je L_AES_XTS_decrypt_update_avx1_done_dec + andl $0xfffffff0, %r11d + cmpl %eax, %r11d + je L_AES_XTS_decrypt_update_avx1_mul16 + subl $16, %r11d + subl %r12d, %r11d + cmpl $16, %r11d + jl L_AES_XTS_decrypt_update_avx1_last_31_start + addl %r12d, %r11d +L_AES_XTS_decrypt_update_avx1_mul16: +L_AES_XTS_decrypt_update_avx1_dec_16: + # 16 bytes of input + leaq (%rdi,%r12,1), %rcx + vmovdqu (%rcx), %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + # aes_dec_block + vpxor (%r10), %xmm8, %xmm8 + vmovdqu 16(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 32(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 48(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 64(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 80(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 96(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 112(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 128(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 144(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 176(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 208(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + vmovdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_avx1_aes_dec_block_last: + vaesdeclast %xmm5, %xmm8, %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + leaq (%rsi,%r12,1), %rcx + vmovdqu %xmm8, (%rcx) + vpsrad $31, %xmm0, %xmm4 + vpslld $0x01, %xmm0, %xmm0 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm0, %xmm0 + addl $16, %r12d + cmpl %r11d, %r12d + jl L_AES_XTS_decrypt_update_avx1_dec_16 + cmpl %eax, %r12d + je L_AES_XTS_decrypt_update_avx1_done_dec +L_AES_XTS_decrypt_update_avx1_last_31_start: + vpsrad $31, %xmm0, %xmm4 + vpslld $0x01, %xmm0, %xmm7 + vpshufd $0x93, %xmm4, %xmm4 + vpand %xmm12, %xmm4, %xmm4 + vpxor %xmm4, %xmm7, %xmm7 + leaq (%rdi,%r12,1), %rcx + vmovdqu (%rcx), %xmm8 + vpxor %xmm7, %xmm8, %xmm8 + # aes_dec_block + vpxor (%r10), %xmm8, %xmm8 + vmovdqu 16(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 32(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 48(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 64(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 80(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 96(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 112(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 128(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 144(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 176(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 208(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + vmovdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last: + vaesdeclast %xmm5, %xmm8, %xmm8 + vpxor %xmm7, %xmm8, %xmm8 + vmovdqu %xmm8, (%rsp) + addq $16, %r12 + xorq %rdx, %rdx +L_AES_XTS_decrypt_update_avx1_last_31_byte_loop: + movb (%rsp,%rdx,1), %r11b + movb (%rdi,%r12,1), %cl + movb %r11b, (%rsi,%r12,1) + movb %cl, (%rsp,%rdx,1) + incl %r12d + incl %edx + cmpl %eax, %r12d + jl L_AES_XTS_decrypt_update_avx1_last_31_byte_loop + subq %rdx, %r12 + vmovdqu (%rsp), %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + # aes_dec_block + vpxor (%r10), %xmm8, %xmm8 + vmovdqu 16(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 32(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 48(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 64(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 80(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 96(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 112(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 128(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 144(%r10), %xmm5 + vaesdec %xmm5, %xmm8, %xmm8 + cmpl $11, %r9d + vmovdqu 160(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 176(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + cmpl $13, %r9d + vmovdqu 192(%r10), %xmm5 + jl L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last + vaesdec %xmm5, %xmm8, %xmm8 + vmovdqu 208(%r10), %xmm6 + vaesdec %xmm6, %xmm8, %xmm8 + vmovdqu 224(%r10), %xmm5 +L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last: + vaesdeclast %xmm5, %xmm8, %xmm8 + vpxor %xmm0, %xmm8, %xmm8 + subq $16, %r12 + leaq (%rsi,%r12,1), %rcx + vmovdqu %xmm8, (%rcx) +L_AES_XTS_decrypt_update_avx1_done_dec: + vmovdqu %xmm0, (%r8) + addq $16, %rsp + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_XTS_decrypt_update_avx1,.-AES_XTS_decrypt_update_avx1 +#endif /* __APPLE__ */ #endif /* HAVE_INTEL_AVX1 */ #endif /* WOLFSSL_X86_64_BUILD */ #endif /* WOLFSSL_AES_XTS */ diff --git a/wolfcrypt/src/aes_xts_asm.asm b/wolfcrypt/src/aes_xts_asm.asm new file mode 100644 index 0000000000..aea341fe76 --- /dev/null +++ b/wolfcrypt/src/aes_xts_asm.asm @@ -0,0 +1,2832 @@ +; /* aes_xts_asm.asm */ +; /* +; * Copyright (C) 2006-2024 wolfSSL Inc. +; * +; * This file is part of wolfSSL. +; * +; * wolfSSL is free software; you can redistribute it and/or modify +; * it under the terms of the GNU General Public License as published by +; * the Free Software Foundation; either version 2 of the License, or +; * (at your option) any later version. +; * +; * wolfSSL is distributed in the hope that it will be useful, +; * but WITHOUT ANY WARRANTY; without even the implied warranty of +; * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +; * GNU General Public License for more details. +; * +; * You should have received a copy of the GNU General Public License +; * along with this program; if not, write to the Free Software +; * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +; */ +IF @Version LT 1200 +; AVX2 instructions not recognized by old versions of MASM +IFNDEF NO_AVX2_SUPPORT +NO_AVX2_SUPPORT = 1 +ENDIF +; MOVBE instruction not recognized by old versions of MASM +IFNDEF NO_MOVBE_SUPPORT +NO_MOVBE_SUPPORT = 1 +ENDIF +ENDIF + +IFNDEF HAVE_INTEL_AVX1 +HAVE_INTEL_AVX1 = 1 +ENDIF +IFNDEF NO_AVX2_SUPPORT +HAVE_INTEL_AVX2 = 1 +ENDIF + +IFNDEF _WIN64 +_WIN64 = 1 +ENDIF + +_text SEGMENT READONLY PARA +AES_XTS_init_aesni PROC + movdqu xmm0, OWORD PTR [rcx] + ; aes_enc_block + pxor xmm0, [rdx] + movdqu xmm2, OWORD PTR [rdx+16] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+32] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+48] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+64] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+80] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+96] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+112] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+128] + aesenc xmm0, xmm2 + movdqu xmm2, OWORD PTR [rdx+144] + aesenc xmm0, xmm2 + cmp r8d, 11 + movdqu xmm2, OWORD PTR [rdx+160] + jl L_AES_XTS_init_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm2 + movdqu xmm3, OWORD PTR [rdx+176] + aesenc xmm0, xmm3 + cmp r8d, 13 + movdqu xmm2, OWORD PTR [rdx+192] + jl L_AES_XTS_init_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm2 + movdqu xmm3, OWORD PTR [rdx+208] + aesenc xmm0, xmm3 + movdqu xmm2, OWORD PTR [rdx+224] +L_AES_XTS_init_aesni_tweak_aes_enc_block_last: + aesenclast xmm0, xmm2 + movdqu OWORD PTR [rcx], xmm0 + ret +AES_XTS_init_aesni ENDP +_text ENDS +_DATA SEGMENT +ALIGN 16 +L_aes_xts_gc_xts DWORD 135,1,1,1 +ptr_L_aes_xts_gc_xts QWORD L_aes_xts_gc_xts +_DATA ENDS +_text SEGMENT READONLY PARA +AES_XTS_encrypt_aesni PROC + push rdi + push rsi + push r12 + push r13 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r12, r9 + mov r8, QWORD PTR [rsp+72] + mov r9, QWORD PTR [rsp+80] + mov r10d, DWORD PTR [rsp+88] + sub rsp, 176 + movdqu OWORD PTR [rsp+64], xmm6 + movdqu OWORD PTR [rsp+80], xmm7 + movdqu OWORD PTR [rsp+96], xmm8 + movdqu OWORD PTR [rsp+112], xmm9 + movdqu OWORD PTR [rsp+128], xmm10 + movdqu OWORD PTR [rsp+144], xmm11 + movdqu OWORD PTR [rsp+160], xmm12 + movdqu xmm12, OWORD PTR L_aes_xts_gc_xts + movdqu xmm0, OWORD PTR [r12] + ; aes_enc_block + pxor xmm0, [r9] + movdqu xmm5, OWORD PTR [r9+16] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+32] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+48] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+64] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+80] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+96] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+112] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+128] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+144] + aesenc xmm0, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r9+160] + jl L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm5 + movdqu xmm6, OWORD PTR [r9+176] + aesenc xmm0, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r9+192] + jl L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm5 + movdqu xmm6, OWORD PTR [r9+208] + aesenc xmm0, xmm6 + movdqu xmm5, OWORD PTR [r9+224] +L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last: + aesenclast xmm0, xmm5 + xor r13d, r13d + cmp eax, 64 + mov r11d, eax + jl L_AES_XTS_encrypt_aesni_done_64 + and r11d, 4294967232 +L_AES_XTS_encrypt_aesni_enc_64: + ; 64 bytes of input + ; aes_enc_64 + lea rcx, QWORD PTR [rdi+r13] + lea rdx, QWORD PTR [rsi+r13] + movdqu xmm8, OWORD PTR [rcx] + movdqu xmm9, OWORD PTR [rcx+16] + movdqu xmm10, OWORD PTR [rcx+32] + movdqu xmm11, OWORD PTR [rcx+48] + movdqa xmm4, xmm0 + movdqa xmm1, xmm0 + psrad xmm4, 31 + pslld xmm1, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm1, xmm4 + movdqa xmm4, xmm1 + movdqa xmm2, xmm1 + psrad xmm4, 31 + pslld xmm2, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm2, xmm4 + movdqa xmm4, xmm2 + movdqa xmm3, xmm2 + psrad xmm4, 31 + pslld xmm3, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm3, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + ; aes_enc_block + movdqu xmm4, OWORD PTR [r8] + pxor xmm8, xmm4 + pxor xmm9, xmm4 + pxor xmm10, xmm4 + pxor xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+16] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+32] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+48] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+64] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+80] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+96] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+112] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+128] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+144] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + cmp r10d, 11 + movdqu xmm4, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+176] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + cmp r10d, 13 + movdqu xmm4, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+208] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+224] +L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last: + aesenclast xmm8, xmm4 + aesenclast xmm9, xmm4 + aesenclast xmm10, xmm4 + aesenclast xmm11, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 + movdqa xmm4, xmm3 + movdqa xmm0, xmm3 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r13d, 64 + cmp r13d, r11d + jl L_AES_XTS_encrypt_aesni_enc_64 +L_AES_XTS_encrypt_aesni_done_64: + cmp r13d, eax + mov r11d, eax + je L_AES_XTS_encrypt_aesni_done_enc + sub r11d, r13d + cmp r11d, 16 + mov r11d, eax + jl L_AES_XTS_encrypt_aesni_last_15 + and r11d, 4294967280 + ; 16 bytes of input +L_AES_XTS_encrypt_aesni_enc_16: + lea rcx, QWORD PTR [rdi+r13] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm0 + ; aes_enc_block + pxor xmm8, [r8] + movdqu xmm5, OWORD PTR [r8+16] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+32] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+48] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+64] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+80] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+96] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+112] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+128] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+144] + aesenc xmm8, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_aesni_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+176] + aesenc xmm8, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_aesni_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+208] + aesenc xmm8, xmm6 + movdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_encrypt_aesni_aes_enc_block_last: + aesenclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + movdqu OWORD PTR [rcx], xmm8 + movdqa xmm4, xmm0 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r13d, 16 + cmp r13d, r11d + jl L_AES_XTS_encrypt_aesni_enc_16 + cmp r13d, eax + je L_AES_XTS_encrypt_aesni_done_enc +L_AES_XTS_encrypt_aesni_last_15: + sub r13, 16 + lea rcx, QWORD PTR [rsi+r13] + movdqu xmm8, OWORD PTR [rcx] + add r13, 16 + movdqu OWORD PTR [rsp], xmm8 + xor rdx, rdx +L_AES_XTS_encrypt_aesni_last_15_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r13] + mov BYTE PTR [rsi+r13], r11b + mov BYTE PTR [rsp+rdx], cl + inc r13d + inc edx + cmp r13d, eax + jl L_AES_XTS_encrypt_aesni_last_15_byte_loop + sub r13, rdx + movdqu xmm8, OWORD PTR [rsp] + sub r13, 16 + pxor xmm8, xmm0 + ; aes_enc_block + pxor xmm8, [r8] + movdqu xmm5, OWORD PTR [r8+16] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+32] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+48] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+64] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+80] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+96] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+112] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+128] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+144] + aesenc xmm8, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+176] + aesenc xmm8, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+208] + aesenc xmm8, xmm6 + movdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last: + aesenclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + movdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_encrypt_aesni_done_enc: + movdqu xmm6, OWORD PTR [rsp+64] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm8, OWORD PTR [rsp+96] + movdqu xmm9, OWORD PTR [rsp+112] + movdqu xmm10, OWORD PTR [rsp+128] + movdqu xmm11, OWORD PTR [rsp+144] + movdqu xmm12, OWORD PTR [rsp+160] + add rsp, 176 + pop r13 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_encrypt_aesni ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_encrypt_update_aesni PROC + push rdi + push rsi + push r12 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r10, r9 + mov r8, QWORD PTR [rsp+64] + mov r9d, DWORD PTR [rsp+72] + sub rsp, 176 + movdqu OWORD PTR [rsp+64], xmm6 + movdqu OWORD PTR [rsp+80], xmm7 + movdqu OWORD PTR [rsp+96], xmm8 + movdqu OWORD PTR [rsp+112], xmm9 + movdqu OWORD PTR [rsp+128], xmm10 + movdqu OWORD PTR [rsp+144], xmm11 + movdqu OWORD PTR [rsp+160], xmm12 + movdqu xmm12, OWORD PTR L_aes_xts_gc_xts + movdqu xmm0, OWORD PTR [r8] + xor r12d, r12d + cmp eax, 64 + mov r11d, eax + jl L_AES_XTS_encrypt_update_aesni_done_64 + and r11d, 4294967232 +L_AES_XTS_encrypt_update_aesni_enc_64: + ; 64 bytes of input + ; aes_enc_64 + lea rcx, QWORD PTR [rdi+r12] + lea rdx, QWORD PTR [rsi+r12] + movdqu xmm8, OWORD PTR [rcx] + movdqu xmm9, OWORD PTR [rcx+16] + movdqu xmm10, OWORD PTR [rcx+32] + movdqu xmm11, OWORD PTR [rcx+48] + movdqa xmm4, xmm0 + movdqa xmm1, xmm0 + psrad xmm4, 31 + pslld xmm1, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm1, xmm4 + movdqa xmm4, xmm1 + movdqa xmm2, xmm1 + psrad xmm4, 31 + pslld xmm2, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm2, xmm4 + movdqa xmm4, xmm2 + movdqa xmm3, xmm2 + psrad xmm4, 31 + pslld xmm3, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm3, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + ; aes_enc_block + movdqu xmm4, OWORD PTR [r10] + pxor xmm8, xmm4 + pxor xmm9, xmm4 + pxor xmm10, xmm4 + pxor xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+16] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+32] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+48] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+64] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+80] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+96] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+112] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+128] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+144] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + cmp r9d, 11 + movdqu xmm4, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+176] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + cmp r9d, 13 + movdqu xmm4, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+208] + aesenc xmm8, xmm4 + aesenc xmm9, xmm4 + aesenc xmm10, xmm4 + aesenc xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last: + aesenclast xmm8, xmm4 + aesenclast xmm9, xmm4 + aesenclast xmm10, xmm4 + aesenclast xmm11, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 + movdqa xmm4, xmm3 + movdqa xmm0, xmm3 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r12d, 64 + cmp r12d, r11d + jl L_AES_XTS_encrypt_update_aesni_enc_64 +L_AES_XTS_encrypt_update_aesni_done_64: + cmp r12d, eax + mov r11d, eax + je L_AES_XTS_encrypt_update_aesni_done_enc + sub r11d, r12d + cmp r11d, 16 + mov r11d, eax + jl L_AES_XTS_encrypt_update_aesni_last_15 + and r11d, 4294967280 + ; 16 bytes of input +L_AES_XTS_encrypt_update_aesni_enc_16: + lea rcx, QWORD PTR [rdi+r12] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm0 + ; aes_enc_block + pxor xmm8, [r10] + movdqu xmm5, OWORD PTR [r10+16] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+32] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+48] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+64] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+80] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+96] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+112] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+128] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+144] + aesenc xmm8, xmm5 + cmp r9d, 11 + movdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_aesni_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+176] + aesenc xmm8, xmm6 + cmp r9d, 13 + movdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_aesni_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+208] + aesenc xmm8, xmm6 + movdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_aesni_aes_enc_block_last: + aesenclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + movdqu OWORD PTR [rcx], xmm8 + movdqa xmm4, xmm0 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r12d, 16 + cmp r12d, r11d + jl L_AES_XTS_encrypt_update_aesni_enc_16 + cmp r12d, eax + je L_AES_XTS_encrypt_update_aesni_done_enc +L_AES_XTS_encrypt_update_aesni_last_15: + sub r12, 16 + lea rcx, QWORD PTR [rsi+r12] + movdqu xmm8, OWORD PTR [rcx] + add r12, 16 + movdqu OWORD PTR [rsp], xmm8 + xor rdx, rdx +L_AES_XTS_encrypt_update_aesni_last_15_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r12] + mov BYTE PTR [rsi+r12], r11b + mov BYTE PTR [rsp+rdx], cl + inc r12d + inc edx + cmp r12d, eax + jl L_AES_XTS_encrypt_update_aesni_last_15_byte_loop + sub r12, rdx + movdqu xmm8, OWORD PTR [rsp] + sub r12, 16 + pxor xmm8, xmm0 + ; aes_enc_block + pxor xmm8, [r10] + movdqu xmm5, OWORD PTR [r10+16] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+32] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+48] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+64] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+80] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+96] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+112] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+128] + aesenc xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+144] + aesenc xmm8, xmm5 + cmp r9d, 11 + movdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+176] + aesenc xmm8, xmm6 + cmp r9d, 13 + movdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last + aesenc xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+208] + aesenc xmm8, xmm6 + movdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last: + aesenclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + movdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_encrypt_update_aesni_done_enc: + movdqu OWORD PTR [r8], xmm0 + movdqu xmm6, OWORD PTR [rsp+64] + movdqu xmm7, OWORD PTR [rsp+80] + movdqu xmm8, OWORD PTR [rsp+96] + movdqu xmm9, OWORD PTR [rsp+112] + movdqu xmm10, OWORD PTR [rsp+128] + movdqu xmm11, OWORD PTR [rsp+144] + movdqu xmm12, OWORD PTR [rsp+160] + add rsp, 176 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_encrypt_update_aesni ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_decrypt_aesni PROC + push rdi + push rsi + push r12 + push r13 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r12, r9 + mov r8, QWORD PTR [rsp+72] + mov r9, QWORD PTR [rsp+80] + mov r10d, DWORD PTR [rsp+88] + sub rsp, 128 + movdqu OWORD PTR [rsp+16], xmm6 + movdqu OWORD PTR [rsp+32], xmm7 + movdqu OWORD PTR [rsp+48], xmm8 + movdqu OWORD PTR [rsp+64], xmm9 + movdqu OWORD PTR [rsp+80], xmm10 + movdqu OWORD PTR [rsp+96], xmm11 + movdqu OWORD PTR [rsp+112], xmm12 + movdqu xmm12, OWORD PTR L_aes_xts_gc_xts + movdqu xmm0, OWORD PTR [r12] + ; aes_enc_block + pxor xmm0, [r9] + movdqu xmm5, OWORD PTR [r9+16] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+32] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+48] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+64] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+80] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+96] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+112] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+128] + aesenc xmm0, xmm5 + movdqu xmm5, OWORD PTR [r9+144] + aesenc xmm0, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r9+160] + jl L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm5 + movdqu xmm6, OWORD PTR [r9+176] + aesenc xmm0, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r9+192] + jl L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last + aesenc xmm0, xmm5 + movdqu xmm6, OWORD PTR [r9+208] + aesenc xmm0, xmm6 + movdqu xmm5, OWORD PTR [r9+224] +L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last: + aesenclast xmm0, xmm5 + xor r13d, r13d + mov r11d, eax + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_aesni_mul16_64 + sub r11d, 16 + cmp r11d, 16 + jl L_AES_XTS_decrypt_aesni_last_31_start +L_AES_XTS_decrypt_aesni_mul16_64: + cmp r11d, 64 + jl L_AES_XTS_decrypt_aesni_done_64 + and r11d, 4294967232 +L_AES_XTS_decrypt_aesni_dec_64: + ; 64 bytes of input + ; aes_dec_64 + lea rcx, QWORD PTR [rdi+r13] + lea rdx, QWORD PTR [rsi+r13] + movdqu xmm8, OWORD PTR [rcx] + movdqu xmm9, OWORD PTR [rcx+16] + movdqu xmm10, OWORD PTR [rcx+32] + movdqu xmm11, OWORD PTR [rcx+48] + movdqa xmm4, xmm0 + movdqa xmm1, xmm0 + psrad xmm4, 31 + pslld xmm1, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm1, xmm4 + movdqa xmm4, xmm1 + movdqa xmm2, xmm1 + psrad xmm4, 31 + pslld xmm2, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm2, xmm4 + movdqa xmm4, xmm2 + movdqa xmm3, xmm2 + psrad xmm4, 31 + pslld xmm3, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm3, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + ; aes_dec_block + movdqu xmm4, OWORD PTR [r8] + pxor xmm8, xmm4 + pxor xmm9, xmm4 + pxor xmm10, xmm4 + pxor xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+16] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+32] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+48] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+64] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+80] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+96] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+112] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+128] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+144] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + cmp r10d, 11 + movdqu xmm4, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+176] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + cmp r10d, 13 + movdqu xmm4, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+208] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r8+224] +L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last: + aesdeclast xmm8, xmm4 + aesdeclast xmm9, xmm4 + aesdeclast xmm10, xmm4 + aesdeclast xmm11, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 + movdqa xmm4, xmm3 + movdqa xmm0, xmm3 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r13d, 64 + cmp r13d, r11d + jl L_AES_XTS_decrypt_aesni_dec_64 +L_AES_XTS_decrypt_aesni_done_64: + cmp r13d, eax + mov r11d, eax + je L_AES_XTS_decrypt_aesni_done_dec + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_aesni_mul16 + sub r11d, 16 + sub r11d, r13d + cmp r11d, 16 + jl L_AES_XTS_decrypt_aesni_last_31_start + add r11d, r13d +L_AES_XTS_decrypt_aesni_mul16: +L_AES_XTS_decrypt_aesni_dec_16: + ; 16 bytes of input + lea rcx, QWORD PTR [rdi+r13] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm0 + ; aes_dec_block + pxor xmm8, [r8] + movdqu xmm5, OWORD PTR [r8+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+144] + aesdec xmm8, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_aesni_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+176] + aesdec xmm8, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_aesni_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_aesni_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + movdqu OWORD PTR [rcx], xmm8 + movdqa xmm4, xmm0 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r13d, 16 + cmp r13d, r11d + jl L_AES_XTS_decrypt_aesni_dec_16 + cmp r13d, eax + je L_AES_XTS_decrypt_aesni_done_dec +L_AES_XTS_decrypt_aesni_last_31_start: + movdqa xmm4, xmm0 + movdqa xmm7, xmm0 + psrad xmm4, 31 + pslld xmm7, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm7, xmm4 + lea rcx, QWORD PTR [rdi+r13] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm7 + ; aes_dec_block + pxor xmm8, [r8] + movdqu xmm5, OWORD PTR [r8+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+144] + aesdec xmm8, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+176] + aesdec xmm8, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm7 + movdqu OWORD PTR [rsp], xmm8 + add r13, 16 + xor rdx, rdx +L_AES_XTS_decrypt_aesni_last_31_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r13] + mov BYTE PTR [rsi+r13], r11b + mov BYTE PTR [rsp+rdx], cl + inc r13d + inc edx + cmp r13d, eax + jl L_AES_XTS_decrypt_aesni_last_31_byte_loop + sub r13, rdx + movdqu xmm8, OWORD PTR [rsp] + pxor xmm8, xmm0 + ; aes_dec_block + pxor xmm8, [r8] + movdqu xmm5, OWORD PTR [r8+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r8+144] + aesdec xmm8, xmm5 + cmp r10d, 11 + movdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+176] + aesdec xmm8, xmm6 + cmp r10d, 13 + movdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r8+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm0 + sub r13, 16 + lea rcx, QWORD PTR [rsi+r13] + movdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_decrypt_aesni_done_dec: + movdqu xmm6, OWORD PTR [rsp+16] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm8, OWORD PTR [rsp+48] + movdqu xmm9, OWORD PTR [rsp+64] + movdqu xmm10, OWORD PTR [rsp+80] + movdqu xmm11, OWORD PTR [rsp+96] + movdqu xmm12, OWORD PTR [rsp+112] + add rsp, 128 + pop r13 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_decrypt_aesni ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_decrypt_update_aesni PROC + push rdi + push rsi + push r12 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r10, r9 + mov r8, QWORD PTR [rsp+64] + mov r9d, DWORD PTR [rsp+72] + sub rsp, 128 + movdqu OWORD PTR [rsp+16], xmm6 + movdqu OWORD PTR [rsp+32], xmm7 + movdqu OWORD PTR [rsp+48], xmm8 + movdqu OWORD PTR [rsp+64], xmm9 + movdqu OWORD PTR [rsp+80], xmm10 + movdqu OWORD PTR [rsp+96], xmm11 + movdqu OWORD PTR [rsp+112], xmm12 + movdqu xmm12, OWORD PTR L_aes_xts_gc_xts + movdqu xmm0, OWORD PTR [r8] + xor r12d, r12d + mov r11d, eax + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_update_aesni_mul16_64 + sub r11d, 16 + cmp r11d, 16 + jl L_AES_XTS_decrypt_update_aesni_last_31_start +L_AES_XTS_decrypt_update_aesni_mul16_64: + cmp r11d, 64 + jl L_AES_XTS_decrypt_update_aesni_done_64 + and r11d, 4294967232 +L_AES_XTS_decrypt_update_aesni_dec_64: + ; 64 bytes of input + ; aes_dec_64 + lea rcx, QWORD PTR [rdi+r12] + lea rdx, QWORD PTR [rsi+r12] + movdqu xmm8, OWORD PTR [rcx] + movdqu xmm9, OWORD PTR [rcx+16] + movdqu xmm10, OWORD PTR [rcx+32] + movdqu xmm11, OWORD PTR [rcx+48] + movdqa xmm4, xmm0 + movdqa xmm1, xmm0 + psrad xmm4, 31 + pslld xmm1, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm1, xmm4 + movdqa xmm4, xmm1 + movdqa xmm2, xmm1 + psrad xmm4, 31 + pslld xmm2, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm2, xmm4 + movdqa xmm4, xmm2 + movdqa xmm3, xmm2 + psrad xmm4, 31 + pslld xmm3, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm3, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + ; aes_dec_block + movdqu xmm4, OWORD PTR [r10] + pxor xmm8, xmm4 + pxor xmm9, xmm4 + pxor xmm10, xmm4 + pxor xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+16] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+32] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+48] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+64] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+80] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+96] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+112] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+128] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+144] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + cmp r9d, 11 + movdqu xmm4, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+176] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + cmp r9d, 13 + movdqu xmm4, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+208] + aesdec xmm8, xmm4 + aesdec xmm9, xmm4 + aesdec xmm10, xmm4 + aesdec xmm11, xmm4 + movdqu xmm4, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last: + aesdeclast xmm8, xmm4 + aesdeclast xmm9, xmm4 + aesdeclast xmm10, xmm4 + aesdeclast xmm11, xmm4 + pxor xmm8, xmm0 + pxor xmm9, xmm1 + pxor xmm10, xmm2 + pxor xmm11, xmm3 + movdqu OWORD PTR [rdx], xmm8 + movdqu OWORD PTR [rdx+16], xmm9 + movdqu OWORD PTR [rdx+32], xmm10 + movdqu OWORD PTR [rdx+48], xmm11 + movdqa xmm4, xmm3 + movdqa xmm0, xmm3 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r12d, 64 + cmp r12d, r11d + jl L_AES_XTS_decrypt_update_aesni_dec_64 +L_AES_XTS_decrypt_update_aesni_done_64: + cmp r12d, eax + mov r11d, eax + je L_AES_XTS_decrypt_update_aesni_done_dec + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_update_aesni_mul16 + sub r11d, 16 + sub r11d, r12d + cmp r11d, 16 + jl L_AES_XTS_decrypt_update_aesni_last_31_start + add r11d, r12d +L_AES_XTS_decrypt_update_aesni_mul16: +L_AES_XTS_decrypt_update_aesni_dec_16: + ; 16 bytes of input + lea rcx, QWORD PTR [rdi+r12] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm0 + ; aes_dec_block + pxor xmm8, [r10] + movdqu xmm5, OWORD PTR [r10+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+144] + aesdec xmm8, xmm5 + cmp r9d, 11 + movdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_aesni_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+176] + aesdec xmm8, xmm6 + cmp r9d, 13 + movdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_aesni_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_aesni_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + movdqu OWORD PTR [rcx], xmm8 + movdqa xmm4, xmm0 + psrad xmm4, 31 + pslld xmm0, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm0, xmm4 + add r12d, 16 + cmp r12d, r11d + jl L_AES_XTS_decrypt_update_aesni_dec_16 + cmp r12d, eax + je L_AES_XTS_decrypt_update_aesni_done_dec +L_AES_XTS_decrypt_update_aesni_last_31_start: + movdqa xmm4, xmm0 + movdqa xmm7, xmm0 + psrad xmm4, 31 + pslld xmm7, 1 + pshufd xmm4, xmm4, 147 + pand xmm4, xmm12 + pxor xmm7, xmm4 + lea rcx, QWORD PTR [rdi+r12] + movdqu xmm8, OWORD PTR [rcx] + pxor xmm8, xmm7 + ; aes_dec_block + pxor xmm8, [r10] + movdqu xmm5, OWORD PTR [r10+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+144] + aesdec xmm8, xmm5 + cmp r9d, 11 + movdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+176] + aesdec xmm8, xmm6 + cmp r9d, 13 + movdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm7 + movdqu OWORD PTR [rsp], xmm8 + add r12, 16 + xor rdx, rdx +L_AES_XTS_decrypt_update_aesni_last_31_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r12] + mov BYTE PTR [rsi+r12], r11b + mov BYTE PTR [rsp+rdx], cl + inc r12d + inc edx + cmp r12d, eax + jl L_AES_XTS_decrypt_update_aesni_last_31_byte_loop + sub r12, rdx + movdqu xmm8, OWORD PTR [rsp] + pxor xmm8, xmm0 + ; aes_dec_block + pxor xmm8, [r10] + movdqu xmm5, OWORD PTR [r10+16] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+32] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+48] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+64] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+80] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+96] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+112] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+128] + aesdec xmm8, xmm5 + movdqu xmm5, OWORD PTR [r10+144] + aesdec xmm8, xmm5 + cmp r9d, 11 + movdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+176] + aesdec xmm8, xmm6 + cmp r9d, 13 + movdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last + aesdec xmm8, xmm5 + movdqu xmm6, OWORD PTR [r10+208] + aesdec xmm8, xmm6 + movdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last: + aesdeclast xmm8, xmm5 + pxor xmm8, xmm0 + sub r12, 16 + lea rcx, QWORD PTR [rsi+r12] + movdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_decrypt_update_aesni_done_dec: + movdqu OWORD PTR [r8], xmm0 + movdqu xmm6, OWORD PTR [rsp+16] + movdqu xmm7, OWORD PTR [rsp+32] + movdqu xmm8, OWORD PTR [rsp+48] + movdqu xmm9, OWORD PTR [rsp+64] + movdqu xmm10, OWORD PTR [rsp+80] + movdqu xmm11, OWORD PTR [rsp+96] + movdqu xmm12, OWORD PTR [rsp+112] + add rsp, 128 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_decrypt_update_aesni ENDP +_text ENDS +IFDEF HAVE_INTEL_AVX1 +_text SEGMENT READONLY PARA +AES_XTS_init_avx1 PROC + mov eax, r8d + vmovdqu xmm0, OWORD PTR [rcx] + ; aes_enc_block + vpxor xmm0, xmm0, [rdx] + vmovdqu xmm2, OWORD PTR [rdx+16] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+32] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+48] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+64] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+80] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+96] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+112] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+128] + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm2, OWORD PTR [rdx+144] + vaesenc xmm0, xmm0, xmm2 + cmp eax, 11 + vmovdqu xmm2, OWORD PTR [rdx+160] + jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm3, OWORD PTR [rdx+176] + vaesenc xmm0, xmm0, xmm3 + cmp eax, 13 + vmovdqu xmm2, OWORD PTR [rdx+192] + jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm2 + vmovdqu xmm3, OWORD PTR [rdx+208] + vaesenc xmm0, xmm0, xmm3 + vmovdqu xmm2, OWORD PTR [rdx+224] +L_AES_XTS_init_avx1_tweak_aes_enc_block_last: + vaesenclast xmm0, xmm0, xmm2 + vmovdqu OWORD PTR [rcx], xmm0 + ret +AES_XTS_init_avx1 ENDP +_text ENDS +_DATA SEGMENT +ALIGN 16 +L_avx1_aes_xts_gc_xts DWORD 135,1,1,1 +ptr_L_avx1_aes_xts_gc_xts QWORD L_avx1_aes_xts_gc_xts +_DATA ENDS +_text SEGMENT READONLY PARA +AES_XTS_encrypt_avx1 PROC + push rdi + push rsi + push r12 + push r13 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r12, r9 + mov r8, QWORD PTR [rsp+72] + mov r9, QWORD PTR [rsp+80] + mov r10d, DWORD PTR [rsp+88] + sub rsp, 176 + vmovdqu OWORD PTR [rsp+64], xmm6 + vmovdqu OWORD PTR [rsp+80], xmm7 + vmovdqu OWORD PTR [rsp+96], xmm8 + vmovdqu OWORD PTR [rsp+112], xmm9 + vmovdqu OWORD PTR [rsp+128], xmm10 + vmovdqu OWORD PTR [rsp+144], xmm11 + vmovdqu OWORD PTR [rsp+160], xmm12 + vmovdqu xmm12, OWORD PTR L_avx1_aes_xts_gc_xts + vmovdqu xmm0, OWORD PTR [r12] + ; aes_enc_block + vpxor xmm0, xmm0, [r9] + vmovdqu xmm5, OWORD PTR [r9+16] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+32] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+48] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+64] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+80] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+96] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+112] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+128] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+144] + vaesenc xmm0, xmm0, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r9+160] + jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm6, OWORD PTR [r9+176] + vaesenc xmm0, xmm0, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r9+192] + jl L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm6, OWORD PTR [r9+208] + vaesenc xmm0, xmm0, xmm6 + vmovdqu xmm5, OWORD PTR [r9+224] +L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last: + vaesenclast xmm0, xmm0, xmm5 + xor r13d, r13d + cmp eax, 64 + mov r11d, eax + jl L_AES_XTS_encrypt_avx1_done_64 + and r11d, 4294967232 +L_AES_XTS_encrypt_avx1_enc_64: + ; 64 bytes of input + ; aes_enc_64 + lea rcx, QWORD PTR [rdi+r13] + lea rdx, QWORD PTR [rsi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + vmovdqu xmm9, OWORD PTR [rcx+16] + vmovdqu xmm10, OWORD PTR [rcx+32] + vmovdqu xmm11, OWORD PTR [rcx+48] + vpsrad xmm4, xmm0, 31 + vpslld xmm1, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm1, xmm1, xmm4 + vpsrad xmm4, xmm1, 31 + vpslld xmm2, xmm1, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm2, xmm2, xmm4 + vpsrad xmm4, xmm2, 31 + vpslld xmm3, xmm2, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm3, xmm3, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + ; aes_enc_block + vmovdqu xmm4, OWORD PTR [r8] + vpxor xmm8, xmm8, xmm4 + vpxor xmm9, xmm9, xmm4 + vpxor xmm10, xmm10, xmm4 + vpxor xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+16] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+32] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+48] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+64] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+80] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+96] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+112] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+128] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+144] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + cmp r10d, 11 + vmovdqu xmm4, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+176] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + cmp r10d, 13 + vmovdqu xmm4, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+208] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+224] +L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm4 + vaesenclast xmm9, xmm9, xmm4 + vaesenclast xmm10, xmm10, xmm4 + vaesenclast xmm11, xmm11, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + vmovdqu OWORD PTR [rdx], xmm8 + vmovdqu OWORD PTR [rdx+16], xmm9 + vmovdqu OWORD PTR [rdx+32], xmm10 + vmovdqu OWORD PTR [rdx+48], xmm11 + vpsrad xmm4, xmm3, 31 + vpslld xmm0, xmm3, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r13d, 64 + cmp r13d, r11d + jl L_AES_XTS_encrypt_avx1_enc_64 +L_AES_XTS_encrypt_avx1_done_64: + cmp r13d, eax + mov r11d, eax + je L_AES_XTS_encrypt_avx1_done_enc + sub r11d, r13d + cmp r11d, 16 + mov r11d, eax + jl L_AES_XTS_encrypt_avx1_last_15 + and r11d, 4294967280 + ; 16 bytes of input +L_AES_XTS_encrypt_avx1_enc_16: + lea rcx, QWORD PTR [rdi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm0 + ; aes_enc_block + vpxor xmm8, xmm8, [r8] + vmovdqu xmm5, OWORD PTR [r8+16] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+32] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+48] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+64] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+80] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+96] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+112] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+128] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+144] + vaesenc xmm8, xmm8, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+176] + vaesenc xmm8, xmm8, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_avx1_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+208] + vaesenc xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_encrypt_avx1_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + vmovdqu OWORD PTR [rcx], xmm8 + vpsrad xmm4, xmm0, 31 + vpslld xmm0, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r13d, 16 + cmp r13d, r11d + jl L_AES_XTS_encrypt_avx1_enc_16 + cmp r13d, eax + je L_AES_XTS_encrypt_avx1_done_enc +L_AES_XTS_encrypt_avx1_last_15: + sub r13, 16 + lea rcx, QWORD PTR [rsi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + add r13, 16 + vmovdqu OWORD PTR [rsp], xmm8 + xor rdx, rdx +L_AES_XTS_encrypt_avx1_last_15_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r13] + mov BYTE PTR [rsi+r13], r11b + mov BYTE PTR [rsp+rdx], cl + inc r13d + inc edx + cmp r13d, eax + jl L_AES_XTS_encrypt_avx1_last_15_byte_loop + sub r13, rdx + vmovdqu xmm8, OWORD PTR [rsp] + sub r13, 16 + vpxor xmm8, xmm8, xmm0 + ; aes_enc_block + vpxor xmm8, xmm8, [r8] + vmovdqu xmm5, OWORD PTR [r8+16] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+32] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+48] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+64] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+80] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+96] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+112] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+128] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+144] + vaesenc xmm8, xmm8, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+176] + vaesenc xmm8, xmm8, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+208] + vaesenc xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + vmovdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_encrypt_avx1_done_enc: + vmovdqu xmm6, OWORD PTR [rsp+64] + vmovdqu xmm7, OWORD PTR [rsp+80] + vmovdqu xmm8, OWORD PTR [rsp+96] + vmovdqu xmm9, OWORD PTR [rsp+112] + vmovdqu xmm10, OWORD PTR [rsp+128] + vmovdqu xmm11, OWORD PTR [rsp+144] + vmovdqu xmm12, OWORD PTR [rsp+160] + add rsp, 176 + pop r13 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_encrypt_avx1 ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_encrypt_update_avx1 PROC + push rdi + push rsi + push r12 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r10, r9 + mov r8, QWORD PTR [rsp+64] + mov r9d, DWORD PTR [rsp+72] + sub rsp, 176 + vmovdqu OWORD PTR [rsp+64], xmm6 + vmovdqu OWORD PTR [rsp+80], xmm7 + vmovdqu OWORD PTR [rsp+96], xmm8 + vmovdqu OWORD PTR [rsp+112], xmm9 + vmovdqu OWORD PTR [rsp+128], xmm10 + vmovdqu OWORD PTR [rsp+144], xmm11 + vmovdqu OWORD PTR [rsp+160], xmm12 + vmovdqu xmm12, OWORD PTR L_avx1_aes_xts_gc_xts + vmovdqu xmm0, OWORD PTR [r8] + xor r12d, r12d + cmp eax, 64 + mov r11d, eax + jl L_AES_XTS_encrypt_update_avx1_done_64 + and r11d, 4294967232 +L_AES_XTS_encrypt_update_avx1_enc_64: + ; 64 bytes of input + ; aes_enc_64 + lea rcx, QWORD PTR [rdi+r12] + lea rdx, QWORD PTR [rsi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + vmovdqu xmm9, OWORD PTR [rcx+16] + vmovdqu xmm10, OWORD PTR [rcx+32] + vmovdqu xmm11, OWORD PTR [rcx+48] + vpsrad xmm4, xmm0, 31 + vpslld xmm1, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm1, xmm1, xmm4 + vpsrad xmm4, xmm1, 31 + vpslld xmm2, xmm1, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm2, xmm2, xmm4 + vpsrad xmm4, xmm2, 31 + vpslld xmm3, xmm2, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm3, xmm3, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + ; aes_enc_block + vmovdqu xmm4, OWORD PTR [r10] + vpxor xmm8, xmm8, xmm4 + vpxor xmm9, xmm9, xmm4 + vpxor xmm10, xmm10, xmm4 + vpxor xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+16] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+32] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+48] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+64] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+80] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+96] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+112] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+128] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+144] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + cmp r9d, 11 + vmovdqu xmm4, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+176] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + cmp r9d, 13 + vmovdqu xmm4, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+208] + vaesenc xmm8, xmm8, xmm4 + vaesenc xmm9, xmm9, xmm4 + vaesenc xmm10, xmm10, xmm4 + vaesenc xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm4 + vaesenclast xmm9, xmm9, xmm4 + vaesenclast xmm10, xmm10, xmm4 + vaesenclast xmm11, xmm11, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + vmovdqu OWORD PTR [rdx], xmm8 + vmovdqu OWORD PTR [rdx+16], xmm9 + vmovdqu OWORD PTR [rdx+32], xmm10 + vmovdqu OWORD PTR [rdx+48], xmm11 + vpsrad xmm4, xmm3, 31 + vpslld xmm0, xmm3, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r12d, 64 + cmp r12d, r11d + jl L_AES_XTS_encrypt_update_avx1_enc_64 +L_AES_XTS_encrypt_update_avx1_done_64: + cmp r12d, eax + mov r11d, eax + je L_AES_XTS_encrypt_update_avx1_done_enc + sub r11d, r12d + cmp r11d, 16 + mov r11d, eax + jl L_AES_XTS_encrypt_update_avx1_last_15 + and r11d, 4294967280 + ; 16 bytes of input +L_AES_XTS_encrypt_update_avx1_enc_16: + lea rcx, QWORD PTR [rdi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm0 + ; aes_enc_block + vpxor xmm8, xmm8, [r10] + vmovdqu xmm5, OWORD PTR [r10+16] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+32] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+48] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+64] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+80] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+96] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+112] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+128] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+144] + vaesenc xmm8, xmm8, xmm5 + cmp r9d, 11 + vmovdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_avx1_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+176] + vaesenc xmm8, xmm8, xmm6 + cmp r9d, 13 + vmovdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_avx1_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+208] + vaesenc xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_avx1_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + vmovdqu OWORD PTR [rcx], xmm8 + vpsrad xmm4, xmm0, 31 + vpslld xmm0, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r12d, 16 + cmp r12d, r11d + jl L_AES_XTS_encrypt_update_avx1_enc_16 + cmp r12d, eax + je L_AES_XTS_encrypt_update_avx1_done_enc +L_AES_XTS_encrypt_update_avx1_last_15: + sub r12, 16 + lea rcx, QWORD PTR [rsi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + add r12, 16 + vmovdqu OWORD PTR [rsp], xmm8 + xor rdx, rdx +L_AES_XTS_encrypt_update_avx1_last_15_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r12] + mov BYTE PTR [rsi+r12], r11b + mov BYTE PTR [rsp+rdx], cl + inc r12d + inc edx + cmp r12d, eax + jl L_AES_XTS_encrypt_update_avx1_last_15_byte_loop + sub r12, rdx + vmovdqu xmm8, OWORD PTR [rsp] + sub r12, 16 + vpxor xmm8, xmm8, xmm0 + ; aes_enc_block + vpxor xmm8, xmm8, [r10] + vmovdqu xmm5, OWORD PTR [r10+16] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+32] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+48] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+64] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+80] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+96] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+112] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+128] + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+144] + vaesenc xmm8, xmm8, xmm5 + cmp r9d, 11 + vmovdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+176] + vaesenc xmm8, xmm8, xmm6 + cmp r9d, 13 + vmovdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last + vaesenc xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+208] + vaesenc xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last: + vaesenclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + vmovdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_encrypt_update_avx1_done_enc: + vmovdqu OWORD PTR [r8], xmm0 + vmovdqu xmm6, OWORD PTR [rsp+64] + vmovdqu xmm7, OWORD PTR [rsp+80] + vmovdqu xmm8, OWORD PTR [rsp+96] + vmovdqu xmm9, OWORD PTR [rsp+112] + vmovdqu xmm10, OWORD PTR [rsp+128] + vmovdqu xmm11, OWORD PTR [rsp+144] + vmovdqu xmm12, OWORD PTR [rsp+160] + add rsp, 176 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_encrypt_update_avx1 ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_decrypt_avx1 PROC + push rdi + push rsi + push r12 + push r13 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r12, r9 + mov r8, QWORD PTR [rsp+72] + mov r9, QWORD PTR [rsp+80] + mov r10d, DWORD PTR [rsp+88] + sub rsp, 128 + vmovdqu OWORD PTR [rsp+16], xmm6 + vmovdqu OWORD PTR [rsp+32], xmm7 + vmovdqu OWORD PTR [rsp+48], xmm8 + vmovdqu OWORD PTR [rsp+64], xmm9 + vmovdqu OWORD PTR [rsp+80], xmm10 + vmovdqu OWORD PTR [rsp+96], xmm11 + vmovdqu OWORD PTR [rsp+112], xmm12 + vmovdqu xmm12, OWORD PTR L_avx1_aes_xts_gc_xts + vmovdqu xmm0, OWORD PTR [r12] + ; aes_enc_block + vpxor xmm0, xmm0, [r9] + vmovdqu xmm5, OWORD PTR [r9+16] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+32] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+48] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+64] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+80] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+96] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+112] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+128] + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm5, OWORD PTR [r9+144] + vaesenc xmm0, xmm0, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r9+160] + jl L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm6, OWORD PTR [r9+176] + vaesenc xmm0, xmm0, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r9+192] + jl L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last + vaesenc xmm0, xmm0, xmm5 + vmovdqu xmm6, OWORD PTR [r9+208] + vaesenc xmm0, xmm0, xmm6 + vmovdqu xmm5, OWORD PTR [r9+224] +L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last: + vaesenclast xmm0, xmm0, xmm5 + xor r13d, r13d + mov r11d, eax + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_avx1_mul16_64 + sub r11d, 16 + cmp r11d, 16 + jl L_AES_XTS_decrypt_avx1_last_31_start +L_AES_XTS_decrypt_avx1_mul16_64: + cmp r11d, 64 + jl L_AES_XTS_decrypt_avx1_done_64 + and r11d, 4294967232 +L_AES_XTS_decrypt_avx1_dec_64: + ; 64 bytes of input + ; aes_dec_64 + lea rcx, QWORD PTR [rdi+r13] + lea rdx, QWORD PTR [rsi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + vmovdqu xmm9, OWORD PTR [rcx+16] + vmovdqu xmm10, OWORD PTR [rcx+32] + vmovdqu xmm11, OWORD PTR [rcx+48] + vpsrad xmm4, xmm0, 31 + vpslld xmm1, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm1, xmm1, xmm4 + vpsrad xmm4, xmm1, 31 + vpslld xmm2, xmm1, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm2, xmm2, xmm4 + vpsrad xmm4, xmm2, 31 + vpslld xmm3, xmm2, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm3, xmm3, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + ; aes_dec_block + vmovdqu xmm4, OWORD PTR [r8] + vpxor xmm8, xmm8, xmm4 + vpxor xmm9, xmm9, xmm4 + vpxor xmm10, xmm10, xmm4 + vpxor xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+16] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+32] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+48] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+64] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+80] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+96] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+112] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+128] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+144] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + cmp r10d, 11 + vmovdqu xmm4, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+176] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + cmp r10d, 13 + vmovdqu xmm4, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+208] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r8+224] +L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm4 + vaesdeclast xmm9, xmm9, xmm4 + vaesdeclast xmm10, xmm10, xmm4 + vaesdeclast xmm11, xmm11, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + vmovdqu OWORD PTR [rdx], xmm8 + vmovdqu OWORD PTR [rdx+16], xmm9 + vmovdqu OWORD PTR [rdx+32], xmm10 + vmovdqu OWORD PTR [rdx+48], xmm11 + vpsrad xmm4, xmm3, 31 + vpslld xmm0, xmm3, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r13d, 64 + cmp r13d, r11d + jl L_AES_XTS_decrypt_avx1_dec_64 +L_AES_XTS_decrypt_avx1_done_64: + cmp r13d, eax + mov r11d, eax + je L_AES_XTS_decrypt_avx1_done_dec + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_avx1_mul16 + sub r11d, 16 + sub r11d, r13d + cmp r11d, 16 + jl L_AES_XTS_decrypt_avx1_last_31_start + add r11d, r13d +L_AES_XTS_decrypt_avx1_mul16: +L_AES_XTS_decrypt_avx1_dec_16: + ; 16 bytes of input + lea rcx, QWORD PTR [rdi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm0 + ; aes_dec_block + vpxor xmm8, xmm8, [r8] + vmovdqu xmm5, OWORD PTR [r8+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+144] + vaesdec xmm8, xmm8, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_avx1_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+176] + vaesdec xmm8, xmm8, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_avx1_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_avx1_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r13] + vmovdqu OWORD PTR [rcx], xmm8 + vpsrad xmm4, xmm0, 31 + vpslld xmm0, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r13d, 16 + cmp r13d, r11d + jl L_AES_XTS_decrypt_avx1_dec_16 + cmp r13d, eax + je L_AES_XTS_decrypt_avx1_done_dec +L_AES_XTS_decrypt_avx1_last_31_start: + vpsrad xmm4, xmm0, 31 + vpslld xmm7, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm7, xmm7, xmm4 + lea rcx, QWORD PTR [rdi+r13] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm7 + ; aes_dec_block + vpxor xmm8, xmm8, [r8] + vmovdqu xmm5, OWORD PTR [r8+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+144] + vaesdec xmm8, xmm8, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+176] + vaesdec xmm8, xmm8, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm7 + vmovdqu OWORD PTR [rsp], xmm8 + add r13, 16 + xor rdx, rdx +L_AES_XTS_decrypt_avx1_last_31_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r13] + mov BYTE PTR [rsi+r13], r11b + mov BYTE PTR [rsp+rdx], cl + inc r13d + inc edx + cmp r13d, eax + jl L_AES_XTS_decrypt_avx1_last_31_byte_loop + sub r13, rdx + vmovdqu xmm8, OWORD PTR [rsp] + vpxor xmm8, xmm8, xmm0 + ; aes_dec_block + vpxor xmm8, xmm8, [r8] + vmovdqu xmm5, OWORD PTR [r8+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r8+144] + vaesdec xmm8, xmm8, xmm5 + cmp r10d, 11 + vmovdqu xmm5, OWORD PTR [r8+160] + jl L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+176] + vaesdec xmm8, xmm8, xmm6 + cmp r10d, 13 + vmovdqu xmm5, OWORD PTR [r8+192] + jl L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r8+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r8+224] +L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + sub r13, 16 + lea rcx, QWORD PTR [rsi+r13] + vmovdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_decrypt_avx1_done_dec: + vmovdqu xmm6, OWORD PTR [rsp+16] + vmovdqu xmm7, OWORD PTR [rsp+32] + vmovdqu xmm8, OWORD PTR [rsp+48] + vmovdqu xmm9, OWORD PTR [rsp+64] + vmovdqu xmm10, OWORD PTR [rsp+80] + vmovdqu xmm11, OWORD PTR [rsp+96] + vmovdqu xmm12, OWORD PTR [rsp+112] + add rsp, 128 + pop r13 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_decrypt_avx1 ENDP +_text ENDS +_text SEGMENT READONLY PARA +AES_XTS_decrypt_update_avx1 PROC + push rdi + push rsi + push r12 + mov rdi, rcx + mov rsi, rdx + mov rax, r8 + mov r10, r9 + mov r8, QWORD PTR [rsp+64] + mov r9d, DWORD PTR [rsp+72] + sub rsp, 128 + vmovdqu OWORD PTR [rsp+16], xmm6 + vmovdqu OWORD PTR [rsp+32], xmm7 + vmovdqu OWORD PTR [rsp+48], xmm8 + vmovdqu OWORD PTR [rsp+64], xmm9 + vmovdqu OWORD PTR [rsp+80], xmm10 + vmovdqu OWORD PTR [rsp+96], xmm11 + vmovdqu OWORD PTR [rsp+112], xmm12 + vmovdqu xmm12, OWORD PTR L_avx1_aes_xts_gc_xts + vmovdqu xmm0, OWORD PTR [r8] + xor r12d, r12d + mov r11d, eax + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_update_avx1_mul16_64 + sub r11d, 16 + cmp r11d, 16 + jl L_AES_XTS_decrypt_update_avx1_last_31_start +L_AES_XTS_decrypt_update_avx1_mul16_64: + cmp r11d, 64 + jl L_AES_XTS_decrypt_update_avx1_done_64 + and r11d, 4294967232 +L_AES_XTS_decrypt_update_avx1_dec_64: + ; 64 bytes of input + ; aes_dec_64 + lea rcx, QWORD PTR [rdi+r12] + lea rdx, QWORD PTR [rsi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + vmovdqu xmm9, OWORD PTR [rcx+16] + vmovdqu xmm10, OWORD PTR [rcx+32] + vmovdqu xmm11, OWORD PTR [rcx+48] + vpsrad xmm4, xmm0, 31 + vpslld xmm1, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm1, xmm1, xmm4 + vpsrad xmm4, xmm1, 31 + vpslld xmm2, xmm1, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm2, xmm2, xmm4 + vpsrad xmm4, xmm2, 31 + vpslld xmm3, xmm2, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm3, xmm3, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + ; aes_dec_block + vmovdqu xmm4, OWORD PTR [r10] + vpxor xmm8, xmm8, xmm4 + vpxor xmm9, xmm9, xmm4 + vpxor xmm10, xmm10, xmm4 + vpxor xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+16] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+32] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+48] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+64] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+80] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+96] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+112] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+128] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+144] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + cmp r9d, 11 + vmovdqu xmm4, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+176] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + cmp r9d, 13 + vmovdqu xmm4, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+208] + vaesdec xmm8, xmm8, xmm4 + vaesdec xmm9, xmm9, xmm4 + vaesdec xmm10, xmm10, xmm4 + vaesdec xmm11, xmm11, xmm4 + vmovdqu xmm4, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm4 + vaesdeclast xmm9, xmm9, xmm4 + vaesdeclast xmm10, xmm10, xmm4 + vaesdeclast xmm11, xmm11, xmm4 + vpxor xmm8, xmm8, xmm0 + vpxor xmm9, xmm9, xmm1 + vpxor xmm10, xmm10, xmm2 + vpxor xmm11, xmm11, xmm3 + vmovdqu OWORD PTR [rdx], xmm8 + vmovdqu OWORD PTR [rdx+16], xmm9 + vmovdqu OWORD PTR [rdx+32], xmm10 + vmovdqu OWORD PTR [rdx+48], xmm11 + vpsrad xmm4, xmm3, 31 + vpslld xmm0, xmm3, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r12d, 64 + cmp r12d, r11d + jl L_AES_XTS_decrypt_update_avx1_dec_64 +L_AES_XTS_decrypt_update_avx1_done_64: + cmp r12d, eax + mov r11d, eax + je L_AES_XTS_decrypt_update_avx1_done_dec + and r11d, 4294967280 + cmp r11d, eax + je L_AES_XTS_decrypt_update_avx1_mul16 + sub r11d, 16 + sub r11d, r12d + cmp r11d, 16 + jl L_AES_XTS_decrypt_update_avx1_last_31_start + add r11d, r12d +L_AES_XTS_decrypt_update_avx1_mul16: +L_AES_XTS_decrypt_update_avx1_dec_16: + ; 16 bytes of input + lea rcx, QWORD PTR [rdi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm0 + ; aes_dec_block + vpxor xmm8, xmm8, [r10] + vmovdqu xmm5, OWORD PTR [r10+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+144] + vaesdec xmm8, xmm8, xmm5 + cmp r9d, 11 + vmovdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_avx1_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+176] + vaesdec xmm8, xmm8, xmm6 + cmp r9d, 13 + vmovdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_avx1_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_avx1_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + lea rcx, QWORD PTR [rsi+r12] + vmovdqu OWORD PTR [rcx], xmm8 + vpsrad xmm4, xmm0, 31 + vpslld xmm0, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm0, xmm0, xmm4 + add r12d, 16 + cmp r12d, r11d + jl L_AES_XTS_decrypt_update_avx1_dec_16 + cmp r12d, eax + je L_AES_XTS_decrypt_update_avx1_done_dec +L_AES_XTS_decrypt_update_avx1_last_31_start: + vpsrad xmm4, xmm0, 31 + vpslld xmm7, xmm0, 1 + vpshufd xmm4, xmm4, 147 + vpand xmm4, xmm4, xmm12 + vpxor xmm7, xmm7, xmm4 + lea rcx, QWORD PTR [rdi+r12] + vmovdqu xmm8, OWORD PTR [rcx] + vpxor xmm8, xmm8, xmm7 + ; aes_dec_block + vpxor xmm8, xmm8, [r10] + vmovdqu xmm5, OWORD PTR [r10+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+144] + vaesdec xmm8, xmm8, xmm5 + cmp r9d, 11 + vmovdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+176] + vaesdec xmm8, xmm8, xmm6 + cmp r9d, 13 + vmovdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm7 + vmovdqu OWORD PTR [rsp], xmm8 + add r12, 16 + xor rdx, rdx +L_AES_XTS_decrypt_update_avx1_last_31_byte_loop: + mov r11b, BYTE PTR [rsp+rdx] + mov cl, BYTE PTR [rdi+r12] + mov BYTE PTR [rsi+r12], r11b + mov BYTE PTR [rsp+rdx], cl + inc r12d + inc edx + cmp r12d, eax + jl L_AES_XTS_decrypt_update_avx1_last_31_byte_loop + sub r12, rdx + vmovdqu xmm8, OWORD PTR [rsp] + vpxor xmm8, xmm8, xmm0 + ; aes_dec_block + vpxor xmm8, xmm8, [r10] + vmovdqu xmm5, OWORD PTR [r10+16] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+32] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+48] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+64] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+80] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+96] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+112] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+128] + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm5, OWORD PTR [r10+144] + vaesdec xmm8, xmm8, xmm5 + cmp r9d, 11 + vmovdqu xmm5, OWORD PTR [r10+160] + jl L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+176] + vaesdec xmm8, xmm8, xmm6 + cmp r9d, 13 + vmovdqu xmm5, OWORD PTR [r10+192] + jl L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last + vaesdec xmm8, xmm8, xmm5 + vmovdqu xmm6, OWORD PTR [r10+208] + vaesdec xmm8, xmm8, xmm6 + vmovdqu xmm5, OWORD PTR [r10+224] +L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last: + vaesdeclast xmm8, xmm8, xmm5 + vpxor xmm8, xmm8, xmm0 + sub r12, 16 + lea rcx, QWORD PTR [rsi+r12] + vmovdqu OWORD PTR [rcx], xmm8 +L_AES_XTS_decrypt_update_avx1_done_dec: + vmovdqu OWORD PTR [r8], xmm0 + vmovdqu xmm6, OWORD PTR [rsp+16] + vmovdqu xmm7, OWORD PTR [rsp+32] + vmovdqu xmm8, OWORD PTR [rsp+48] + vmovdqu xmm9, OWORD PTR [rsp+64] + vmovdqu xmm10, OWORD PTR [rsp+80] + vmovdqu xmm11, OWORD PTR [rsp+96] + vmovdqu xmm12, OWORD PTR [rsp+112] + add rsp, 128 + pop r12 + pop rsi + pop rdi + ret +AES_XTS_decrypt_update_avx1 ENDP +_text ENDS +ENDIF +END diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c index af298a0d2d..649d52fa3c 100644 --- a/wolfcrypt/src/arc4.c +++ b/wolfcrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index c735ebfe48..c360990675 100644 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 97c6e367f0..58391e31ab 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -166,16 +166,14 @@ ASN Options: #include #endif -#ifdef HAVE_PQC - #if defined(HAVE_FALCON) +#if defined(HAVE_FALCON) #include - #endif - #if defined(HAVE_DILITHIUM) +#endif +#if defined(HAVE_DILITHIUM) #include - #endif - #if defined(HAVE_SPHINCS) +#endif +#if defined(HAVE_SPHINCS) #include - #endif #endif #ifdef WOLFSSL_QNX_CAAM @@ -1203,7 +1201,7 @@ static int GetASN_ObjectId(const byte* input, word32 idx, int length) /* OID data must be at least 3 bytes. */ if (length < 3) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE - WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len); + WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", length); #else WOLFSSL_MSG("OID length less than 3"); #endif @@ -1212,7 +1210,7 @@ static int GetASN_ObjectId(const byte* input, word32 idx, int length) /* Last octet of a sub-identifier has bit 8 clear. Last octet must be last * of a subidentifier. Ensure last octet hasn't got top bit set. */ - else if ((input[(int)idx + length - 1] & 0x80) != 0x00) { + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { WOLFSSL_MSG("OID last octet has top bit set"); ret = ASN_PARSE_E; } @@ -2287,7 +2285,7 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, /* Bottom 7 bits are the number of bytes to calculate length with. * Note: 0 indicates indefinite length encoding *not* 0 bytes of length. */ - word32 bytes = (word32)b & 0x7FU; + int bytes = (int)(b & 0x7F); int minLen; /* Calculate minimum length to be encoded with bytes. */ @@ -2299,15 +2297,16 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, minLen = 0x80; } /* Only support up to the number of bytes that fit into return var. */ - else if (bytes > sizeof(length)) { + else if (bytes > (int)sizeof(length)) { WOLFSSL_MSG("GetLength - overlong data length spec"); return ASN_PARSE_E; - } else { + } + else { minLen = 1 << ((bytes - 1) * 8); } /* Check the number of bytes required are available. */ - if ((idx + bytes) > maxIdx) { + if ((idx + (word32)bytes) > maxIdx) { WOLFSSL_MSG("GetLength - bad long length"); return BUFFER_E; } @@ -2431,6 +2430,19 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) { ret = ASN_PARSE_E; } + if (ret == 0 && tag == ASN_OBJECT_ID) { + if (length < 3) { + /* OID data must be at least 3 bytes. */ + WOLFSSL_MSG("OID length less than 3"); + ret = ASN_PARSE_E; + } + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { + /* Last octet of a sub-identifier has bit 8 clear. Last octet must be + * last of a subidentifier. Ensure last octet hasn't got top bit set. */ + WOLFSSL_MSG("OID last octet has top bit set"); + ret = ASN_PARSE_E; + } + } if (ret == 0) { /* Return the length of data and index after header. */ *len = length; @@ -2692,14 +2704,15 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, return ret; if (*len > 0) { - #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY /* check for invalid padding on negative integer. * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1 */ if (*len > 1) { - if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) - return ASN_PARSE_E; + if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) { + WOLFSSL_MSG("Bad INTEGER encoding of negative"); + return ASN_EXPECT_0_E; + } } #endif @@ -2709,8 +2722,10 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, (*len)--; #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY - if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) - return ASN_PARSE_E; + if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) { + WOLFSSL_MSG("INTEGER is negative"); + return ASN_EXPECT_0_E; + } #endif } } @@ -3475,7 +3490,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, } b = input[idx]; - if (zeroBits && b != 0x00) + if (zeroBits && (b != 0x00)) return ASN_EXPECT_0_E; if (b >= 0x08) return ASN_PARSE_E; @@ -3496,7 +3511,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, #else ASNGetData dataASN[bitStringASN_Length]; int ret; - int bits; + int bits = 0; /* Parse BIT_STRING and check validity of unused bits. */ XMEMSET(dataASN, 0, sizeof(dataASN)); @@ -3534,7 +3549,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \ defined(OPENSSL_EXTRA))) || \ - (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERT)) || \ + (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERTS)) || \ (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) || \ (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) @@ -3645,7 +3660,7 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS /* Convert BER to DER */ -/* Pull informtation from the ASN.1 BER encoded item header */ +/* Pull information from the ASN.1 BER encoded item header */ static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx, byte* pTag, word32* pLen, int* indef) { @@ -4010,9 +4025,7 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) } end: #ifdef WOLFSSL_SMALL_STACK - if (indefItems != NULL) { - XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -4200,7 +4213,6 @@ static word32 SetBitString16Bit(word16 val, byte* output) #ifdef HAVE_ED448 static const byte sigEd448Oid[] = {43, 101, 113}; #endif /* HAVE_ED448 */ -#ifdef HAVE_PQC #ifdef HAVE_FALCON /* Falcon Level 1: 1 3 9999 3 6 */ static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 6}; @@ -4209,17 +4221,17 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FACON */ #ifdef HAVE_DILITHIUM - /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */ + /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte sigDilithium_Level2Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; - /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */ + /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */ static const byte sigDilithium_Level3Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5}; - /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */ + /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte sigDilithium_Level5Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4246,7 +4258,6 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte sigSphincsSmall_Level5Oid[] = {43, 206, 15, 6, 9, 7}; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ /* keyType */ #ifndef NO_DSA @@ -4276,7 +4287,6 @@ static word32 SetBitString16Bit(word16 val, byte* output) #ifndef NO_DH static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1}; #endif /* !NO_DH */ -#ifdef HAVE_PQC #ifdef HAVE_FALCON /* Falcon Level 1: 1 3 9999 3 6 */ static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 6}; @@ -4285,17 +4295,17 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */ + /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte keyDilithium_Level2Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; - /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */ + /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */ static const byte keyDilithium_Level3Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5}; - /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */ + /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte keyDilithium_Level5Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4322,7 +4332,6 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte keySphincsSmall_Level5Oid[] = {43, 206, 15, 6, 9, 7}; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ /* curveType */ #ifdef HAVE_ECC @@ -4830,7 +4839,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(sigEd448Oid); break; #endif - #ifdef HAVE_PQC #ifdef HAVE_FALCON case CTC_FALCON_LEVEL1: oid = sigFalcon_Level1Oid; @@ -4881,7 +4889,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(sigSphincsSmall_Level5Oid); break; #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: break; } @@ -4943,7 +4950,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(keyDhOid); break; #endif /* !NO_DH */ - #ifdef HAVE_PQC #ifdef HAVE_FALCON case FALCON_LEVEL1k: oid = keyFalcon_Level1Oid; @@ -4994,7 +5000,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(keySphincsSmall_Level5Oid); break; #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: break; } @@ -5699,8 +5704,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } #endif /* HAVE_OID_ENCODING */ -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ - defined(OPENSSL_ALL) +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) /* Encode dotted form of OID into byte array version. * * @param [in] in Byte array containing OID. @@ -5747,7 +5751,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) return 0; } -#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */ +#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */ /* Decode the header of a BER/DER encoded OBJECT ID. * @@ -5875,7 +5879,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, const byte* checkOid = NULL; word32 checkOidSz; #endif /* NO_VERIFY_OID */ -#ifdef HAVE_PQC +#if defined(HAVE_SPHINCS) word32 found_collision = 0; #endif (void)oidType; @@ -5887,7 +5891,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, actualOidSz = (word32)length; #endif /* NO_VERIFY_OID */ -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS) +#if defined(HAVE_SPHINCS) /* Since we are summing it up, there could be collisions...and indeed there * are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3. * @@ -5901,7 +5905,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, sizeof(sigSphincsFast_Level3Oid)) == 0) { found_collision = SPHINCS_FAST_LEVEL3k; } -#endif /* HAVE_PQC */ +#endif /* HAVE_SPHINCS */ /* Sum it up for now. */ while (length--) { @@ -5910,11 +5914,11 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, idx++; } -#ifdef HAVE_PQC +#ifdef HAVE_SPHINCS if (found_collision) { *oid = found_collision; } -#endif /* HAVE_PQC */ +#endif /* HAVE_SPHINCS */ /* Return the index after the OID data. */ *inOutIdx = idx; @@ -6057,22 +6061,8 @@ enum { #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem)) #endif -/* Get the OID id/sum from the BER encoding of an algorithm identifier. - * - * NULL tag is skipped if present. - * - * @param [in] input Buffer holding BER encoded data. - * @param [in, out] inOutIdx On in, start of algorithm identifier. - * On out, start of ASN.1 item after algorithm id. - * @param [out] oid Id of OID in algorithm identifier data. - * @param [in] oidType Type of OID to expect. - * @param [in] maxIdx Maximum index of data in buffer. - * @return 0 on success. - * @return ASN_PARSE_E when encoding is invalid. - * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. - */ -int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, - word32 oidType, word32 maxIdx) +static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE int length; @@ -6098,6 +6088,10 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, ret = GetASNNull(input, &idx, maxIdx); if (ret != 0) return ret; + + if (absentParams != NULL) { + *absentParams = FALSE; + } } } } @@ -6122,6 +6116,11 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, if (ret == 0) { /* Return the OID id/sum. */ *oid = dataASN[ALGOIDASN_IDX_OID].data.oid.sum; + + if ((absentParams != NULL) && + (dataASN[ALGOIDASN_IDX_NULL].tag == ASN_TAG_NULL)) { + *absentParams = FALSE; + } } FREE_ASNGETDATA(dataASN, NULL); @@ -6129,6 +6128,37 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, #endif /* WOLFSSL_ASN_TEMPLATE */ } +/* Get the OID id/sum from the BER encoding of an algorithm identifier. + * + * NULL tag is skipped if present. + * + * @param [in] input Buffer holding BER encoded data. + * @param [in, out] inOutIdx On in, start of algorithm identifier. + * On out, start of ASN.1 item after algorithm id. + * @param [out] oid Id of OID in algorithm identifier data. + * @param [in] oidType Type of OID to expect. + * @param [in] maxIdx Maximum index of data in buffer. + * @return 0 on success. + * @return ASN_PARSE_E when encoding is invalid. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + */ +int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx) +{ + return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, NULL); +} + +int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams) +{ + /* Assume absent until proven otherwise */ + if (absentParams != NULL) { + *absentParams = TRUE; + } + + return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, absentParams); +} + #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -6220,7 +6250,8 @@ static int RsaPssHashOidToMgf1(word32 oid, int* mgf) return ret; } -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(NO_ASN_CRYPT) + /* Convert a hash OID to a fake signature OID. * * @param [in] oid Hash OID. @@ -6271,7 +6302,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid) #endif #ifdef WOLFSSL_ASN_TEMPLATE -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | 1) @@ -6319,7 +6350,7 @@ enum { /* Number of items in ASN.1 template for an algorithm identifier. */ #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem)) #else -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) @@ -6867,6 +6898,7 @@ enum { * On out, start of encoded key. * @param [in] sz Size of data in buffer. * @param [out] algId Key's algorithm id from PKCS #8 header. + * @param [out] eccOid ECC curve OID. * @return Length of key data on success. * @return BAD_FUNC_ARG when input or inOutIdx is NULL. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -6876,8 +6908,8 @@ enum { * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ -int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, - word32* algId) +int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, + word32* algId, word32* eccOid) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx; @@ -6927,13 +6959,19 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, #endif /* WC_RSA_PSS && !NO_RSA */ if (tag == ASN_OBJECT_ID) { - if (SkipObjectId(input, &idx, sz) < 0) - return ASN_PARSE_E; + if ((*algId == ECDSAk) && (eccOid != NULL)) { + if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0) + return ASN_PARSE_E; + } + else { + if (SkipObjectId(input, &idx, sz) < 0) + return ASN_PARSE_E; + } } ret = GetOctetString(input, &idx, &length, sz); if (ret < 0) { - if (ret == BUFFER_E) + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) return ASN_PARSE_E; /* Some private keys don't expect an octet string */ WOLFSSL_MSG("Couldn't find Octet string"); @@ -6949,6 +6987,8 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, byte version = 0; word32 idx; + (void)eccOid; + /* Check validity of parameters. */ if (input == NULL || inOutIdx == NULL) { return BAD_FUNC_ARG; @@ -7022,6 +7062,11 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) { ret = ASN_PARSE_E; } + if (eccOid != NULL) { + ASNGetData* oidCurve = + &dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE]; + *eccOid = oidCurve->data.oid.sum; + } break; #endif #ifdef HAVE_ED25519 @@ -7081,6 +7126,29 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, #endif } +/* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448. + * + * @param [in] input Buffer holding BER data. + * @param [in, out] inOutIdx On in, start of PKCS #8 encoding. + * On out, start of encoded key. + * @param [in] sz Size of data in buffer. + * @param [out] algId Key's algorithm id from PKCS #8 header. + * @return Length of key data on success. + * @return BAD_FUNC_ARG when input or inOutIdx is NULL. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. + * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a + * non-zero length. + */ +int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, + word32* algId) +{ + return ToTraditionalInline_ex2(input, inOutIdx, sz, algId, NULL); +} + + /* TODO: test case */ int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz) { @@ -7227,7 +7295,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, return (int)(tmpSz + sz); #else DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length); - int sz; + int sz = 0; int ret = 0; word32 keyIdx = 0; word32 tmpAlgId = 0; @@ -7565,7 +7633,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } else #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) if ((ks == FALCON_LEVEL1k) || (ks == FALCON_LEVEL5k)) { #ifdef WOLFSSL_SMALL_STACK @@ -7627,7 +7694,8 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } else #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) if ((ks == DILITHIUM_LEVEL2k) || (ks == DILITHIUM_LEVEL3k) || (ks == DILITHIUM_LEVEL5k)) { @@ -7685,7 +7753,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, #endif } else - #endif /* HAVE_DILITHIUM */ +#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */ #if defined(HAVE_SPHINCS) if ((ks == SPHINCS_FAST_LEVEL1k) || (ks == SPHINCS_FAST_LEVEL3k) || @@ -7757,7 +7825,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } else #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ { ret = 0; } @@ -8102,7 +8169,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */ -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) if (*algoID == 0) { falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(*falcon), heap, @@ -8138,7 +8204,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, XFREE(falcon, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) if (*algoID == 0) { dilithium_key *dilithium = (dilithium_key *)XMALLOC(sizeof(*dilithium), heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8184,7 +8251,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, } XFREE(dilithium, heap, DYNAMIC_TYPE_TMP_BUFFER); } -#endif /* HAVE_DILITHIUM */ +#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */ #if defined(HAVE_SPHINCS) if (*algoID == 0) { sphincs_key *sphincs = (sphincs_key *)XMALLOC(sizeof(*sphincs), @@ -8262,7 +8329,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, XFREE(sphincs, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ /* if flag is not set then this is not a key that we understand. */ if (*algoID == 0) { @@ -8574,9 +8640,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, } #ifdef WOLFSSL_SMALL_STACK - if (saltTmp != NULL) { - XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret); @@ -8647,7 +8711,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, if (ret == 0) { ret = wc_CreatePKCS8Key(NULL, &pkcs8KeySz, key, keySz, algId, curveOid, curveOidSz); - if (ret == LENGTH_ONLY_E) + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) ret = 0; } if (ret == 0) { @@ -8903,7 +8967,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length); int ret = 0; int id = 0; - int version; + int version = 0; word32 idx = 0; word32 pIdx = 0; word32 iterations = 0; @@ -9135,7 +9199,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, word32 seqSz; word32 innerSz; int ret; - int version, id, blockSz = 0; + int version, id = PBE_NONE, blockSz = 0; #ifdef WOLFSSL_SMALL_STACK byte* saltTmp = NULL; byte* cbcIv = NULL; @@ -9957,7 +10021,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) /* If ASN_DH_KEY_E: Check if input started at beginning of key */ - if (ret == ASN_DH_KEY_E) { + if (ret == WC_NO_ERR_TRACE(ASN_DH_KEY_E)) { *inOutIdx = temp; /* the version (0) - private only (for public skip) */ @@ -10118,7 +10182,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* DH Parameters sequence with P and G */ total = 0; ret = wc_DhParamsToDer(key, NULL, &total); - if (ret != LENGTH_ONLY_E) + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; idx += total; @@ -10767,7 +10831,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, } } /* An alternate pass if default certificate fails parsing */ - if (ret == ASN_PARSE_E) { + if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) { *inOutIdx = (word32)temp; if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) return ASN_PARSE_E; @@ -11385,10 +11449,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap) DNS_entry* tmp = altNames->next; XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); #endif - #if defined(OPENSSL_ALL) + #ifdef WOLFSSL_RID_ALT_NAME XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME); #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); @@ -11408,6 +11472,47 @@ DNS_entry* AltNameNew(void* heap) return ret; } +DNS_entry* AltNameDup(DNS_entry* from, void* heap) +{ + DNS_entry* ret; + + ret = AltNameNew(heap); + if (ret == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return NULL; + } + + ret->type = from->type; + ret->len = from->len; + + + ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME); +#ifdef WOLFSSL_IP_ALT_NAME + ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME); +#endif +#ifdef WOLFSSL_RID_ALT_NAME + ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME); +#endif + if (ret->name == NULL +#ifdef WOLFSSL_IP_ALT_NAME + || (from->ipString != NULL && ret->ipString == NULL) +#endif +#ifdef WOLFSSL_RID_ALT_NAME + || (from->ridString != NULL && ret->ridString == NULL) +#endif + ) { + WOLFSSL_MSG("\tOut of Memory"); + FreeAltNames(ret, heap); + return NULL; + } + +#ifdef WOLFSSL_FPKI + ret->oidSum = from->oidSum; +#endif + + return ret; +} + #ifndef IGNORE_NAME_CONSTRAINTS @@ -11471,8 +11576,7 @@ void FreeDecodedCert(DecodedCert* cert) wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName); #endif /* WOLFSSL_X509_NAME_AVAILABLE */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - if (cert->sce_tsip_encRsaKeyIdx != NULL) - XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA); + XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA); #endif FreeSignatureCtx(&cert->sigCtx); } @@ -11505,16 +11609,18 @@ static int GetCertHeader(DecodedCert* cert) cert->sigIndex) < 0) return ASN_PARSE_E; - if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, - &cert->serialSz, cert->sigIndex) < 0) - return ASN_PARSE_E; + ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->sigIndex); + if (ret < 0) { + return ret; + } return ret; } #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) || (defined(HAVE_PQC) && \ - defined(HAVE_LIBOQS)) +#if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) /* Store the key data under the BIT_STRING in dynamically allocated data. * * @param [in, out] cert Certificate object. @@ -11759,7 +11865,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, #endif PRIVATE_KEY_LOCK(); /* LENGTH_ONLY_E on success. */ - if (ret == LENGTH_ONLY_E) { + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { ret = 0; } } @@ -11927,9 +12033,13 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, DECL_ASNSETDATA(dataASN, edPubKeyASN_Length); #endif - if (pubKey == NULL) { + /* validate parameters */ + if (pubKey == NULL){ return BAD_FUNC_ARG; } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } #ifndef WOLFSSL_ASN_TEMPLATE /* calculate size */ @@ -12587,7 +12697,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, ret = StoreKey(cert, source, &srcIdx, maxIdx); break; #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) && defined(HAVE_LIBOQS) #ifdef HAVE_FALCON case FALCON_LEVEL1k: cert->pkCurveOID = FALCON_LEVEL1k; @@ -12638,7 +12747,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, ret = StoreKey(cert, source, &srcIdx, maxIdx); break; #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ #ifndef NO_DSA case DSAk: cert->publicKey = source + pubIdx; @@ -13237,7 +13345,7 @@ static const byte rdnChoice[] = { }; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* used to set the human readable string for the IP address with a ASN_IP_TYPE * DNS entry * return 0 on success @@ -13301,9 +13409,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* used to set the human readable string for the registeredID with an * ASN_RID_TYPE DNS entry * return 0 on success @@ -13312,7 +13420,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { int i, j, ret = 0; int nameSz = 0; +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) int nid = 0; +#endif int tmpSize = MAX_OID_SZ; word32 oid = 0; word32 idx = 0; @@ -13332,40 +13442,46 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType, entry->len); + if (ret == 0) { + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) { + /* OID has known string value */ + finalName = (char*)wolfSSL_OBJ_nid2ln(nid); + } + else + #endif + { + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, + tmpName, (word32*)&tmpSize); - if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { - /* OID has known string value */ - finalName = (char*)wolfSSL_OBJ_nid2ln(nid); - } - else { - /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, - tmpName, (word32*)&tmpSize); - - if (ret == 0) { - j = 0; - /* Append each number of dotted form. */ - for (i = 0; i < tmpSize; i++) { - if (j >= MAX_OID_SZ) { - return BUFFER_E; - } + if (ret == 0) { + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + if (j >= MAX_OID_SZ) { + return BUFFER_E; + } - if (i < tmpSize - 1) { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]); - } - else { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]); - } + if (i < tmpSize - 1) { + ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", + tmpName[i]); + } + else { + ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", + tmpName[i]); + } - if (ret >= 0) { - j += ret; - } - else { - return BUFFER_E; + if (ret >= 0) { + j += ret; + } + else { + return BUFFER_E; + } } + ret = 0; + finalName = oidName; } - ret = 0; - finalName = oidName; } } @@ -13386,7 +13502,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_RID_ALT_NAME */ #ifdef WOLFSSL_ASN_TEMPLATE @@ -13455,7 +13571,6 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); ret = MEMORY_E; } } @@ -13466,29 +13581,29 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XMEMCPY(dnsEntry->name, str, (size_t)strLen); dnsEntry->name[strLen] = '\0'; -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* store registeredID as a string */ if (type == ASN_RID_TYPE) { - if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } + ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap); } #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* store IP addresses as a string */ if (type == ASN_IP_TYPE) { - if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } + ret = GenerateDNSEntryIPString(dnsEntry, cert->heap); } +#endif } if (ret == 0) { -#endif ret = AddDNSEntryToList(entries, dnsEntry); } + /* failure cleanup */ + if (ret != 0 && dnsEntry != NULL) { + XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + } + return ret; } #endif @@ -13747,7 +13862,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, * @param [in, out] cert Decoded certificate object. * @param [out] full Buffer to hold full name as a string. * @param [out] hash Buffer to hold hash of name. - * @param [in] nameType ISSUER or SUBJECT. + * @param [in] nameType ASN_ISSUER or ASN_SUBJECT. * @param [in] input Buffer holding certificate name. * @param [in, out] inOutIdx On in, start of certificate name. * On out, start of ASN.1 item after cert name. @@ -13802,13 +13917,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* store pointer to raw issuer */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = length; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = length; } @@ -13876,15 +13991,27 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, return ASN_PARSE_E; } + #ifndef WOLFSSL_NO_ASN_STRICT + /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being + * 1..MAX in length */ + if (strLen < 1) { + WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" + " found"); + WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow" + " empty DirectoryString's"); + return ASN_PARSE_E; + } + #endif + if (id == ASN_COMMON_NAME) { - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCNLen = strLen; cert->subjectCNEnc = (char)b; } #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerCN = (char*)&input[srcIdx]; cert->issuerCNLen = strLen; cert->issuerCNEnc = (char)b; @@ -13903,7 +14030,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_NAME; copyLen = sizeof(WOLFSSL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectN = (char*)&input[srcIdx]; cert->subjectNLen = strLen; cert->subjectNEnc = b; @@ -13919,7 +14046,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_INITIALS; copyLen = sizeof(WOLFSSL_INITIALS) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectI = (char*)&input[srcIdx]; cert->subjectILen = strLen; cert->subjectIEnc = b; @@ -13935,7 +14062,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_GIVEN_NAME; copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectGN = (char*)&input[srcIdx]; cert->subjectGNLen = strLen; cert->subjectGNEnc = b; @@ -13951,7 +14078,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_DNQUALIFIER; copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectDNQ = (char*)&input[srcIdx]; cert->subjectDNQLen = strLen; cert->subjectDNQEnc = b; @@ -13968,13 +14095,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSNLen = strLen; cert->subjectSNEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSN = (char*)&input[srcIdx]; cert->issuerSNLen = strLen; cert->issuerSNEnc = (char)b; @@ -13991,13 +14118,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_COUNTRY_NAME; copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectC = (char*)&input[srcIdx]; cert->subjectCLen = strLen; cert->subjectCEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerC = (char*)&input[srcIdx]; cert->issuerCLen = strLen; cert->issuerCEnc = (char)b; @@ -14014,13 +14141,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_LOCALITY_NAME; copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectL = (char*)&input[srcIdx]; cert->subjectLLen = strLen; cert->subjectLEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerL = (char*)&input[srcIdx]; cert->issuerLLen = strLen; cert->issuerLEnc = (char)b; @@ -14037,13 +14164,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STATE_NAME; copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectST = (char*)&input[srcIdx]; cert->subjectSTLen = strLen; cert->subjectSTEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerST = (char*)&input[srcIdx]; cert->issuerSTLen = strLen; cert->issuerSTEnc = (char)b; @@ -14060,13 +14187,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORG_NAME; copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectO = (char*)&input[srcIdx]; cert->subjectOLen = strLen; cert->subjectOEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerO = (char*)&input[srcIdx]; cert->issuerOLen = strLen; cert->issuerOEnc = (char)b; @@ -14083,13 +14210,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORGUNIT_NAME; copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOULen = strLen; cert->subjectOUEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerOU = (char*)&input[srcIdx]; cert->issuerOULen = strLen; cert->issuerOUEnc = (char)b; @@ -14106,13 +14233,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SERIAL_NUMBER; copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSNDLen = strLen; cert->subjectSNDEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSND = (char*)&input[srcIdx]; cert->issuerSNDLen = strLen; cert->issuerSNDEnc = (char)b; @@ -14129,7 +14256,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_USER_ID; copyLen = sizeof(WOLFSSL_USER_ID) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUIDLen = strLen; cert->subjectUIDEnc = (char)b; @@ -14146,7 +14273,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STREET_ADDR_NAME; copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreetLen = strLen; cert->subjectStreetEnc = (char)b; @@ -14162,7 +14289,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_BUS_CAT; copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBCLen = strLen; cert->subjectBCEnc = (char)b; @@ -14177,7 +14304,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_POSTAL_NAME; copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPCLen = strLen; cert->subjectPCEnc = (char)b; @@ -14216,7 +14343,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_C; copyLen = sizeof(WOLFSSL_JOI_C) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJCLen = strLen; cert->subjectJCEnc = (char)b; @@ -14234,7 +14361,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_ST; copyLen = sizeof(WOLFSSL_JOI_ST) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJSLen = strLen; cert->subjectJSEnc = (char)b; @@ -14298,13 +14425,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if !defined(IGNORE_NAME_CONSTRAINTS) || \ defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectEmail = (char*)&input[srcIdx]; cert->subjectEmailLen = strLen; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerEmail = (char*)&input[srcIdx]; cert->issuerEmailLen = strLen; } @@ -14406,8 +14533,8 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) - if (nameType == ISSUER) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + if (nameType == ASN_ISSUER) { +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); @@ -14430,7 +14557,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, DECL_ASNGETDATA(dataASN, rdnASN_Length); int ret = 0; word32 idx = 0; - int len; + int len = 0; word32 srcIdx = *inOutIdx; #ifdef WOLFSSL_X509_NAME_AVAILABLE WOLFSSL_X509_NAME* dName = NULL; @@ -14465,14 +14592,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (ret == 0) { #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw issuer. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = len; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw subject. */ - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = len; } @@ -14491,7 +14618,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, &srcIdx, maxIdx); if (ret == 0) { /* Put RDN data into certificate. */ - ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT, + ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT, dataASN); } #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -14506,6 +14633,18 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, /* Get string reference. */ GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen); + #ifndef WOLFSSL_NO_ASN_STRICT + /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being + * 1..MAX in length */ + if (ret == 0 && strLen < 1) { + WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" + " found"); + WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow" + " empty DirectoryString's"); + ret = ASN_PARSE_E; + } + #endif + /* Convert BER tag to a OpenSSL type. */ switch (tag) { case CTC_UTF8: @@ -14537,7 +14676,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #ifdef WOLFSSL_X509_NAME_AVAILABLE /* Store X509_NAME in certificate. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) @@ -14587,7 +14726,7 @@ enum { * Either the issuer or subject name. * * @param [in, out] cert Decoded certificate object. - * @param [in] nameType Type of name being decoded: ISSUER or SUBJECT. + * @param [in] nameType Type being decoded: ASN_ISSUER or ASN_SUBJECT. * @param [in] maxIdx Index of next item after certificate name. * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -14608,7 +14747,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) WOLFSSL_MSG("Getting Name"); - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -14666,7 +14805,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset; /* Get fields to fill in based on name type. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -14723,18 +14862,23 @@ static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx) } #endif +/* Extract certTime from date string parameter. + * Reminder: idx is incremented in each call to GetTime() + * Return 0 on failure, 1 for success. */ int ExtractDate(const unsigned char* date, unsigned char format, - struct tm* certTime, int* idx) + struct tm* certTime, int* idx) { XMEMSET(certTime, 0, sizeof(struct tm)); + /* Get the first two bytes of the year (century) */ if (format == ASN_UTC_TIME) { if (btoi(date[*idx]) >= 5) certTime->tm_year = 1900; else certTime->tm_year = 2000; } - else { /* format == GENERALIZED_TIME */ + else { + /* format == GENERALIZED_TIME */ #ifdef WOLFSSL_LINUXKM if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; #else @@ -14754,11 +14898,7 @@ int ExtractDate(const unsigned char* date, unsigned char format, int tm_min = certTime->tm_min; int tm_sec = certTime->tm_sec; -#ifdef WOLFSSL_LINUXKM - if (GetTime_Long(&tm_year, date, idx) != 0) return 0; -#else if (GetTime(&tm_year, date, idx) != 0) return 0; -#endif if (GetTime(&tm_mon , date, idx) != 0) return 0; if (GetTime(&tm_mday, date, idx) != 0) return 0; if (GetTime(&tm_hour, date, idx) != 0) return 0; @@ -14772,28 +14912,30 @@ int ExtractDate(const unsigned char* date, unsigned char format, certTime->tm_hour = tm_hour; certTime->tm_min = tm_min; certTime->tm_sec = tm_sec; -#else - /* adjust tm_year, tm_mon */ -#ifdef WOLFSSL_LINUXKM - if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; -#else - if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; -#endif +#else /* !AVR */ + /* Get the next two bytes of the year. */ + #ifdef WOLFSSL_LINUXKM + if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; + #else + if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; + #endif certTime->tm_year -= 1900; + + /* The next fields are expected in specific order in [date] string: */ if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0; certTime->tm_mon -= 1; if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0; if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0; if (GetTime(&certTime->tm_min , date, idx) != 0) return 0; if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0; -#endif + +#endif /* !AVR */ return 1; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -14839,7 +14981,7 @@ int GetTimeString(byte* date, int format, char* buf, int len) return 1; } -#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_ASN_TIME_STRING */ /* Check time struct for valid values. Returns 0 for success */ static int ValidateGmtime(struct tm* inTime) @@ -14955,19 +15097,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_UTC_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%02d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%02d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } else { /* GeneralizedTime */ @@ -14977,19 +15113,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_GENERALIZED_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%4d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%4d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } return ret; @@ -15040,7 +15170,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b) /* Make sure before and after dates are valid */ /* date = ASN.1 raw */ /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */ -/* dateType = AFTER or BEFORE */ +/* dateType = ASN_AFTER or ASN_BEFORE */ int wc_ValidateDate(const byte* date, byte format, int dateType) { time_t ltime; @@ -15070,14 +15200,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) #endif #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_MSG("Skewing local time for before date check"); ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW; } #endif #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW - if (dateType == AFTER) { + if (dateType == ASN_AFTER) { WOLFSSL_MSG("Skewing local time for after date check"); ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW; } @@ -15111,13 +15241,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) return 0; } - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { if (DateLessThan(localTime, &certTime)) { WOLFSSL_MSG("Date BEFORE check failed"); return 0; } } - else { /* dateType == AFTER */ + else { /* dateType == ASN_AFTER */ if (DateGreaterThan(localTime, &certTime)) { WOLFSSL_MSG("Date AFTER check failed"); return 0; @@ -15283,7 +15413,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) byte format; word32 startIdx = 0; - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDate = &cert->source[cert->srcIdx]; else cert->afterDate = &cert->source[cert->srcIdx]; @@ -15297,7 +15427,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) XMEMSET(date, 0, MAX_DATE_SIZE); XMEMCPY(date, datePtr, (size_t)length); - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDateLen = (int)(cert->srcIdx - startIdx); else cert->afterDateLen = (int)(cert->srcIdx - startIdx); @@ -15305,7 +15435,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) #ifndef NO_ASN_TIME_CHECK if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && !XVALIDATE_DATE(date, format, dateType)) { - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); return ASN_BEFORE_DATE_E; } @@ -15331,10 +15461,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx) maxIdx = (int)cert->srcIdx + length; - if (GetDate(cert, BEFORE, verify, maxIdx) < 0) + if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0) badDate = ASN_BEFORE_DATE_E; /* continue parsing */ - if (GetDate(cert, AFTER, verify, maxIdx) < 0) + if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0) return ASN_AFTER_DATE_E; if (badDate != 0) @@ -15534,7 +15664,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) WOLFSSL_MSG("Got Algo ID"); - if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0) return ret; if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) @@ -15543,7 +15673,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) } #endif - if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0) return ret; WOLFSSL_MSG("Got Subject Name"); @@ -15570,8 +15700,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) * @return 0 on success. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -15942,7 +16072,6 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) #ifdef HAVE_CURVE448 || (algoOID == X448k) #endif - #ifdef HAVE_PQC #ifdef HAVE_FACON || (algoOID == FALCON_LEVEL1k) || (algoOID == FALCON_LEVEL5k) @@ -15960,7 +16089,6 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) || (algoOID == SPHINCS_SMALL_LEVEL3k) || (algoOID == SPHINCS_SMALL_LEVEL5k) #endif - #endif /* HAVE_PQC */ ); } @@ -15975,7 +16103,7 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ -word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE word32 tagSz, idSz, seqSz, algoSz = 0; @@ -15984,9 +16112,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ word32 length = 0; - tagSz = (type == oidHashType || + tagSz = ((type == oidHashType || (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || - (type == oidKeyType && algoOID == RSAk)) ? 2U : 0U; + (type == oidKeyType && algoOID == RSAk)) && + (absentParams == FALSE)) ? 2U : 0U; algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); @@ -16042,6 +16171,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) /* Don't put out NULL DER item. */ dataASN[ALGOIDASN_IDX_NULL].noOut = 1; } + /* Override for absent (not NULL) params */ + if (TRUE == absentParams) { + dataASN[ALGOIDASN_IDX_NULL].noOut = 1; + } if (algoOID == DSAk) { /* Don't include SEQUENCE for DSA keys. */ o = 1; @@ -16084,6 +16217,27 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) #endif /* WOLFSSL_ASN_TEMPLATE */ } +/* Encode an algorithm identifier. + * + * [algoOID, type] is unique. + * + * @param [in] algoOID Algorithm identifier. + * @param [out] output Buffer to hold encoding. + * @param [in] type Type of OID being encoded. + * @param [in] curveSz Add extra space for curve data. + * @return Encoded data size on success. + * @return 0 when dynamic memory allocation fails. + */ +word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +{ + return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE); +} + +word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams) +{ + return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams); +} + #ifdef WOLFSSL_ASN_TEMPLATE /* Always encode PKCS#1 v1.5 RSA signature and compare to encoded data. */ /* ASN.1 template for DigestInfo for a PKCS#1 v1.5 RSA signature. @@ -16139,7 +16293,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, #else DECL_ASNSETDATA(dataASN, digestInfoASN_Length); int ret = 0; - int sz; + int sz = 0; unsigned char dgst[WC_MAX_DIGEST_SIZE]; CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL); @@ -16216,15 +16370,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) if (sigCtx == NULL) return; - if (sigCtx->digest) { - XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); - sigCtx->digest = NULL; - } + XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); + sigCtx->digest = NULL; #if !(defined(NO_RSA) && defined(NO_DSA)) - if (sigCtx->sigCpy) { - XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); - sigCtx->sigCpy = NULL; - } + XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); + sigCtx->sigCpy = NULL; #endif #ifndef NO_ASN_CRYPT if (sigCtx->key.ptr) { @@ -16278,7 +16428,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) sigCtx->key.ed448 = NULL; break; #endif /* HAVE_ED448 */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: case FALCON_LEVEL5k: @@ -16311,7 +16460,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) sigCtx->key.sphincs = NULL; break; #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: break; } /* switch (keyOID) */ @@ -16457,7 +16605,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, */ break; #endif - #ifdef HAVE_PQC #ifdef HAVE_FALCON case CTC_FALCON_LEVEL1: case CTC_FALCON_LEVEL5: @@ -16481,7 +16628,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, /* Hashes done in signing operation. */ break; #endif - #endif /* HAVE_PQC */ default: ret = HASH_TYPE_E; @@ -16508,7 +16654,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, const byte* sigParams, word32 sigParamsSz, byte* rsaKeyIdx) { - int ret = 0; + int ret = ASN_SIG_CONFIRM_E; /* default to failure */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) CertAttribute* certatt = NULL; #endif @@ -16861,7 +17007,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: { @@ -16918,7 +17063,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) case DILITHIUM_LEVEL2k: { word32 idx = 0; @@ -17159,7 +17306,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: WOLFSSL_MSG("Verify Key type unknown"); ret = ASN_UNKNOWN_OID_E; @@ -17211,7 +17357,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx, !defined(WOLFSSL_RENESAS_TSIP_TLS) else #else - if (!sigCtx->pkCbRsa || ret == CRYPTOCB_UNAVAILABLE) + if (!sigCtx->pkCbRsa || + ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLFSSL_RENESAS_FSPSM_TLS */ #endif /* HAVE_PK_CALLBACKS */ { @@ -17285,7 +17432,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx, !defined(WOLFSSL_RENESAS_TSIP_TLS) else #else - if (!sigCtx->pkCbEcc || ret == CRYPTOCB_UNAVAILABLE) + if (!sigCtx->pkCbEcc || + ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLFSSL_RENESAS_FSPSM_TLS */ #endif /* HAVE_PK_CALLBACKS */ { @@ -17313,7 +17461,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) case FALCON_LEVEL1k: case FALCON_LEVEL5k: @@ -17324,7 +17471,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: @@ -17349,13 +17496,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: break; } /* switch (keyOID) */ #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { goto exit_cs; } #endif @@ -17502,7 +17648,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_ED448 */ - #ifdef HAVE_PQC #ifdef HAVE_FALCON case FALCON_LEVEL1k: { @@ -17632,7 +17777,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ default: break; } /* switch (keyOID) */ @@ -17646,6 +17790,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: +#else + /* For NO_ASN_CRYPT return "not compiled in" */ + ret = NOT_COMPILED_IN; #endif /* !NO_ASN_CRYPT */ (void)keyOID; @@ -17654,7 +17801,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_LEAVE("ConfirmSignature", ret); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; #endif @@ -17692,8 +17839,7 @@ int wc_ConfirmAltSignature( } #ifdef WOLFSSL_SMALL_STACK - if (sigCtx != NULL) - XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); #endif return ret; } @@ -17944,7 +18090,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry) { -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV) +#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_ALT_NAMES_NO_REV) + /* logic to add alt name to end of list */ dnsEntry->next = NULL; if (cert->altNames == NULL) { /* First on list */ @@ -18239,8 +18387,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME /* GeneralName choice: iPAddress */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE, @@ -18249,8 +18396,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } - #endif /* WOLFSSL_QT || OPENSSL_ALL */ - + #endif /* WOLFSSL_IP_ALT_NAME */ + #ifdef WOLFSSL_RID_ALT_NAME /* GeneralName choice: registeredID */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { ret = SetDNSEntry(cert, (const char*)(input + idx), len, @@ -18259,6 +18406,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } + #endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI) /* GeneralName choice: otherName */ @@ -18502,6 +18650,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int length = 0; + word32 numNames = 0; WOLFSSL_ENTER("DecodeAltNames"); @@ -18534,8 +18683,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) return BUFFER_E; } - current_byte = input[idx++]; + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + return ASN_ALT_NAME_E; + } + current_byte = input[idx++]; length--; /* Save DNS Type names in the altNames list. */ @@ -18729,7 +18883,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { DNS_entry* ipAddr; int strLen; @@ -18764,21 +18918,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) XMEMCPY(ipAddr->name, &input[idx], strLen); ipAddr->name[strLen] = '\0'; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { WOLFSSL_MSG("\tOut of Memory for IP string"); XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ AddAltName(cert, ipAddr); length -= strLen; idx += (word32)strLen; } -#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#endif /* WOLFSSL_IP_ALT_NAME */ +#ifdef WOLFSSL_RID_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { DNS_entry* rid; int strLen; @@ -18825,7 +18977,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#endif /* OPENSSL_ALL */ +#endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { @@ -18901,6 +19053,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) word32 idx = 0; int length = 0; int ret = 0; + word32 numNames = 0; WOLFSSL_ENTER("DecodeAltNames"); @@ -18933,6 +19086,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) while ((ret == 0) && (idx < sz)) { ASNGetData dataASN[altNameASN_Length]; + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + ret = ASN_ALT_NAME_E; + break; + } + /* Clear dynamic data items. */ XMEMSET(dataASN, 0, sizeof(dataASN)); /* Parse GeneralName with the choices supported. */ @@ -19419,15 +19579,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) /* Set ocsp entry */ if (b == GENERALNAME_URI && oid == AIA_OCSP_OID && - cert->extAuthInfo == NULL) - { + cert->extAuthInfo == NULL) { cert->extAuthInfoSz = length; cert->extAuthInfo = input + idx; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Set CaIssuers entry */ else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID && cert->extAuthInfoCaIssuer == NULL) @@ -19435,7 +19591,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) cert->extAuthInfoCaIssuerSz = length; cert->extAuthInfoCaIssuer = input + idx; } - #endif + #endif idx += (word32)length; } @@ -19473,11 +19629,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &cert->extAuthInfo, &sz32); cert->extAuthInfoSz = (int)sz32; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Check we have CA Issuer and URI. */ else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_CA_ISSUER_OID) && @@ -19488,7 +19641,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) &cert->extAuthInfoCaIssuer, &sz32); cert->extAuthInfoCaIssuerSz = (int)sz32; } - #endif + #endif /* Otherwise skip. */ } } @@ -19800,7 +19953,7 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert) while (idx < (word32)sz) { ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz); - if (ret == ASN_UNKNOWN_OID_E) + if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)) continue; else if (ret < 0) return ret; @@ -19880,7 +20033,7 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert) ret = GetASN_Items(keyPurposeIdASN, dataASN, keyPurposeIdASN_Length, 0, input, &idx, sz); /* Skip unknown OIDs. */ - if (ret == ASN_UNKNOWN_OID_E) { + if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)) { ret = 0; } else if (ret == 0) { @@ -20043,17 +20196,21 @@ static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag, * @param [in] input Buffer holding data. * @param [in] sz Size of data in buffer. * @param [in, out] head Linked list of subtree names. + * @param [in] limit If > 0, limit on number of tree + * entries to process, exceeding + * is an error. * @param [in] heap Dynamic memory hint. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. * @return ASN_PARSE_E when SEQUENCE is not found as expected. */ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, - void* heap) + word32 limit, void* heap) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int ret = 0; + word32 cnt = 0; (void)heap; @@ -20062,6 +20219,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, word32 nameIdx; byte b, bType; + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + return ASN_NAME_INVALID_E; + } + } + if (GetSequence(input, &idx, &seqLength, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); return ASN_PARSE_E; @@ -20127,6 +20292,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, DECL_ASNGETDATA(dataASN, subTreeASN_Length); word32 idx = 0; int ret = 0; + word32 cnt = 0; (void)heap; @@ -20136,6 +20302,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, while ((ret == 0) && (idx < (word32)sz)) { byte minVal = 0; byte maxVal = 0; + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + ret = ASN_NAME_INVALID_E; + break; + } + } /* Clear dynamic data and set choice for GeneralName and location to * store minimum and maximum. @@ -20234,7 +20408,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } if (DecodeSubtree(input + idx, (word32)length, subtree, - cert->heap) < 0) { + WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap) < 0) { WOLFSSL_MSG("\terror parsing subtree"); return ASN_PARSE_E; } @@ -20261,7 +20435,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.length, - &cert->permittedNames, cert->heap); + &cert->permittedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + cert->heap); } } if (ret == 0) { @@ -20270,7 +20445,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz, ret = DecodeSubtree( dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data, dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.length, - &cert->excludedNames, cert->heap); + &cert->excludedNames, WOLFSSL_MAX_NAME_CONSTRAINTS, + cert->heap); } } @@ -20281,7 +20457,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } #endif /* IGNORE_NAME_CONSTRAINTS */ -#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ +#if defined(WOLFSSL_CERT_EXT) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Decode ITU-T X.690 OID format to a string representation @@ -20334,10 +20510,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) exit: return w; } -#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ +#endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT) - #ifdef WOLFSSL_ASN_TEMPLATE +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +#ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for PolicyInformation. * X.509: RFC 5280, 4.2.1.4 - Certificate Policies. */ @@ -20356,230 +20532,221 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) /* Number of items in ASN.1 template for PolicyInformation. */ #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem)) - #endif +#endif - /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ - static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) - { - #ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 oldIdx; - int policy_length = 0; - int ret; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; - #endif +/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ +static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) +{ +#ifndef WOLFSSL_ASN_TEMPLATE + word32 idx = 0; + word32 oldIdx; + int policy_length = 0; + int ret; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - WOLFSSL_ENTER("DecodeCertPolicy"); + WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - return BAD_FUNC_ARG; - #else - (void)cert; - #endif + /* Check if cert is null before dereferencing below */ + if (cert == NULL) + return BAD_FUNC_ARG; - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif +#if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; +#endif - if (GetSequence(input, &idx, &total_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy total seq failed"); - return ASN_PARSE_E; - } + if (GetSequence(input, &idx, &total_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy total seq failed"); + return ASN_PARSE_E; + } + + /* Validate total length */ + if (total_length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length mismatch"); + return ASN_PARSE_E; + } + + /* Unwrap certificatePolicies */ + do { + int length = 0; - /* Validate total length */ - if (total_length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length mismatch"); + if (GetSequence(input, &idx, &policy_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy seq failed"); return ASN_PARSE_E; } - /* Unwrap certificatePolicies */ - do { - int length = 0; + oldIdx = idx; + ret = GetASNObjectId(input, &idx, &length, sz); + if (ret != 0) + return ret; + policy_length -= (int)(idx - oldIdx); - if (GetSequence(input, &idx, &policy_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy seq failed"); + if (length > 0) { + /* Verify length won't overrun buffer */ + if (length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); return ASN_PARSE_E; } - oldIdx = idx; - ret = GetASNObjectId(input, &idx, &length, sz); - if (ret != 0) - return ret; - policy_length -= (int)(idx - oldIdx); - - if (length > 0) { - /* Verify length won't overrun buffer */ - if (length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); - return ASN_PARSE_E; - } - - #if defined(WOLFSSL_SEP) + #ifdef WOLFSSL_SEP + if (cert->deviceType == NULL) { cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, - DYNAMIC_TYPE_X509_EXT); + DYNAMIC_TYPE_X509_EXT); if (cert->deviceType == NULL) { WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); return MEMORY_E; } cert->deviceTypeSz = length; XMEMCPY(cert->deviceType, input + idx, (size_t)length); - break; - #elif defined(WOLFSSL_CERT_EXT) - /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[ - cert->extCertPoliciesNb], MAX_CERTPOL_SZ, - input + idx, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; i < cert->extCertPoliciesNb; i++) { - if (XMEMCMP(cert->extCertPolicies[i], + } + #endif + + #ifdef WOLFSSL_CERT_EXT + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[ + cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; i < cert->extCertPoliciesNb; i++) { + if (XMEMCMP(cert->extCertPolicies[i], cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - return CERTPOLICIES_E; - } + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + return CERTPOLICIES_E; } - #endif /* !WOLFSSL_DUP_CERTPOL */ - cert->extCertPoliciesNb++; - #else - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - return 0; - #endif } - idx += (word32)policy_length; - } while((int)idx < total_length - #if defined(WOLFSSL_CERT_EXT) - && cert->extCertPoliciesNb < MAX_CERTPOL_NB + #endif /* !WOLFSSL_DUP_CERTPOL */ + cert->extCertPoliciesNb++; #endif - ); - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return 0; - #else /* WOLFSSL_ASN_TEMPLATE */ - word32 idx = 0; - int ret = 0; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; + } + idx += (word32)policy_length; + } while((int)idx < total_length + #ifdef WOLFSSL_CERT_EXT + && cert->extCertPoliciesNb < MAX_CERTPOL_NB #endif + ); - WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - ret = BAD_FUNC_ARG; - #endif + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return 0; +#else /* WOLFSSL_ASN_TEMPLATE */ + word32 idx = 0; + int ret = 0; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - if (ret == 0) { - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif + WOLFSSL_ENTER("DecodeCertPolicy"); - /* Strip SEQUENCE OF and check using all data. */ - if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) - { - ret = ASN_PARSE_E; - } + /* Check if cert is null before dereferencing below */ + if (cert == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + #if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; + #endif + + /* Strip SEQUENCE OF and check using all data. */ + if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) + { + ret = ASN_PARSE_E; } + } - /* Unwrap certificatePolicies */ - while ((ret == 0) && ((int)idx < total_length) - #if defined(WOLFSSL_CERT_EXT) - && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) - #endif - ) { - ASNGetData dataASN[policyInfoASN_Length]; - byte* data = NULL; - word32 length = 0; + /* Unwrap certificatePolicies */ + while ((ret == 0) && ((int)idx < total_length) + #if defined(WOLFSSL_CERT_EXT) + && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) + #endif + ) { + ASNGetData dataASN[policyInfoASN_Length]; + byte* data = NULL; + word32 length = 0; - /* Clear dynamic data and check OID is a cert policy type. */ - XMEMSET(dataASN, 0, sizeof(dataASN)); - GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); - ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, - input, &idx, (word32)sz); - if (ret == 0) { - /* Get the OID. */ - GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); - if (length == 0) { - ret = ASN_PARSE_E; - } - } - #if defined(WOLFSSL_SEP) - /* Store OID in device type. */ - if (ret == 0) { - cert->deviceType = (byte*)XMALLOC(length, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->deviceType == NULL) { - WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); - ret = MEMORY_E; - } + /* Clear dynamic data and check OID is a cert policy type. */ + XMEMSET(dataASN, 0, sizeof(dataASN)); + GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); + ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, + input, &idx, (word32)sz); + if (ret == 0) { + /* Get the OID. */ + GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); + if (length == 0) { + ret = ASN_PARSE_E; } - if (ret == 0) { + } + #ifdef WOLFSSL_SEP + /* Store OID in device type. */ + if (ret == 0 && cert->deviceType == NULL) { + cert->deviceType = (byte*)XMALLOC(length, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->deviceType != NULL) { /* Store device type data and length. */ cert->deviceTypeSz = (int)length; XMEMCPY(cert->deviceType, data, length); - break; } - #elif defined(WOLFSSL_CERT_EXT) - if (ret == 0) { - /* Decode cert policy. */ - if (DecodePolicyOID( - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ, data, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - ret = ASN_PARSE_E; - } + else { + WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); + ret = MEMORY_E; } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { - if (XMEMCMP(cert->extCertPolicies[i], - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - ret = CERTPOLICIES_E; - } + } + #endif /* WOLFSSL_SEP */ + + #ifdef WOLFSSL_CERT_EXT + if (ret == 0) { + /* Decode cert policy. */ + if (DecodePolicyOID( + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ, data, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + ret = ASN_PARSE_E; } - #endif /* !defined(WOLFSSL_DUP_CERTPOL) */ - if (ret == 0) { - /* Keep count of policies seen. */ - cert->extCertPoliciesNb++; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { + if (XMEMCMP(cert->extCertPolicies[i], + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ) == 0) { + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + ret = CERTPOLICIES_E; } - #else - (void)data; - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - break; - #endif } - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return ret; - #endif /* WOLFSSL_ASN_TEMPLATE */ + #endif /* !WOLFSSL_DUP_CERTPOL */ + if (ret == 0) { + /* Keep count of policies seen. */ + cert->extCertPoliciesNb++; + } + #endif /* WOLFSSL_CERT_EXT */ } -#endif /* WOLFSSL_SEP */ + + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return ret; +#endif /* WOLFSSL_ASN_TEMPLATE */ +} +#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_SUBJ_DIR_ATTR #ifdef WOLFSSL_ASN_TEMPLATE @@ -20679,6 +20846,11 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert) WOLFSSL_ENTER("DecodeSubjDirAttr"); +#ifdef OPENSSL_ALL + cert->extSubjDirAttrSrc = input; + cert->extSubjDirAttrSz = sz; +#endif /* OPENSSL_ALL */ + CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap); /* Strip outer SEQUENCE. */ @@ -20916,6 +21088,7 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert) (void)cert; } + /* We do this to make sure the format of the extension is correct. */ if (ret == 0) { GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType); @@ -20925,8 +21098,8 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert) } if (ret == 0) { - cert->altSigAlgDer = dataASN[ALTSIG_ALGOID_SEQ].data.u8; - cert->altSigAlgLen = dataASN[ALTSIG_ALGOID_SEQ].length; + cert->altSigAlgDer = (byte *)input; + cert->altSigAlgLen = sz; cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum; } @@ -21108,15 +21281,11 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid, /* Certificate policies. */ case CERT_POLICY_OID: - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP VERIFY_AND_SET_OID(cert->extCertPolicySet); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) - cert->extCertPolicyCrit = critical ? 1 : 0; - #endif + cert->extCertPolicyCrit = critical ? 1 : 0; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \ - defined(WOLFSSL_QT) + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) if (DecodeCertPolicy(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -21288,8 +21457,7 @@ enum { #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem)) #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb) { if (cert == NULL) { @@ -21299,7 +21467,18 @@ int wc_SetUnknownExtCallback(DecodedCert* cert, cert->unknownExtCallback = cb; return 0; } -#endif + +int wc_SetUnknownExtCallbackEx(DecodedCert* cert, + wc_UnknownExtCallbackEx cb, void *ctx) { + if (cert == NULL) { + return BAD_FUNC_ARG; + } + + cert->unknownExtCallbackEx = cb; + cert->unknownExtCallbackExCtx = ctx; + return 0; +} +#endif /* WC_ASN_UNKNOWN_EXT_CB */ /* * Processing the Certificate Extensions. This does not modify the current @@ -21390,7 +21569,7 @@ static int DecodeCertExtensions(DecodedCert* cert) ret = DecodeExtensionType(input + idx, (word32)length, oid, critical, cert, NULL); - if (ret == ASN_CRIT_EXT_E) { + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { ret = 0; criticalFail = 1; } @@ -21453,8 +21632,9 @@ static int DecodeCertExtensions(DecodedCert* cert) /* Decode the extension by type. */ ret = DecodeExtensionType(input + idx, length, oid, critical, cert, &isUnknownExt); -#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) - if (isUnknownExt && (cert->unknownExtCallback != NULL)) { +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (isUnknownExt && (cert->unknownExtCallback != NULL || + cert->unknownExtCallbackEx != NULL)) { word16 decOid[MAX_OID_SZ]; word32 decOidSz = sizeof(decOid); ret = DecodeObjectId( @@ -21468,19 +21648,29 @@ static int DecodeCertExtensions(DecodedCert* cert) WOLFSSL_ERROR(ret); } - ret = cert->unknownExtCallback(decOid, decOidSz, critical, - dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, - dataASN[CERTEXTASN_IDX_VAL].length); + if ((ret == 0) && (cert->unknownExtCallback != NULL)) { + ret = cert->unknownExtCallback(decOid, decOidSz, critical, + dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, + dataASN[CERTEXTASN_IDX_VAL].length); + } + + if ((ret == 0) && (cert->unknownExtCallbackEx != NULL)) { + ret = cert->unknownExtCallbackEx(decOid, decOidSz, critical, + dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, + dataASN[CERTEXTASN_IDX_VAL].length, + cert->unknownExtCallbackExCtx); + } } -#endif +#else (void)isUnknownExt; +#endif /* Move index on to next extension. */ idx += length; } /* Don't fail criticality until all other extensions have been checked. */ - if (ret == ASN_CRIT_EXT_E) { + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { criticalRet = ASN_CRIT_EXT_E; ret = 0; } @@ -21656,12 +21846,12 @@ enum { /* Check the data data. * * @param [in] dataASN ASN template dynamic data item. - * @param [in] dataType BEFORE or AFTER date. + * @param [in] dataType ASN_BEFORE or ASN_AFTER date. * @return 0 on success. * @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. */ static int CheckDate(ASNGetData *dataASN, int dateType) { @@ -21679,14 +21869,18 @@ static int CheckDate(ASNGetData *dataASN, int dateType) } #ifndef NO_ASN_TIME_CHECK - /* Check date is a valid string and BEFORE or AFTER now. */ - if ((ret == 0) && - (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) { - if (dateType == BEFORE) { - ret = ASN_BEFORE_DATE_E; - } - else { - ret = ASN_AFTER_DATE_E; + /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */ + if (ret == 0) { + if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) { + if (dateType == ASN_BEFORE) { + ret = ASN_BEFORE_DATE_E; + } + else if (dateType == ASN_AFTER) { + ret = ASN_AFTER_DATE_E; + } + else { + ret = ASN_TIME_E; + } } } #endif @@ -21707,8 +21901,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType) * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -21725,9 +21919,9 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, DECL_ASNGETDATA(dataASN, x509CertASN_Length); int ret = 0; int badDate = 0; - byte version; + byte version = 0; word32 idx; - word32 serialSz; + word32 serialSz = 0; const unsigned char* issuer = NULL; word32 issuerSz = 0; const unsigned char* subject = NULL; @@ -21810,33 +22004,46 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Set fields extracted from data. */ cert->version = version; cert->serialSz = (int)serialSz; + + #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) + /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue + * a negative or zero serial number and should be handled gracefully. + * Since it is a non-conforming CA that issues a serial of 0 then we + * treat it as an error here. */ + if (cert->serialSz == 1 && cert->serial[0] == 0) { + WOLFSSL_MSG("Error serial number of 0, use WOLFSSL_NO_ASN_STRICT " + "if wanted"); + ret = ASN_PARSE_E; + } + #endif + cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum; cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum; cert->certBegin = dataASN[X509CERTASN_IDX_TBS_SEQ].offset; /* No bad date error - don't always care. */ badDate = 0; - /* Find the item with the BEFORE date and check it. */ + /* Find the item with the ASN_BEFORE date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT; - if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_BEFORE_DATE_E; } - /* Store reference to BEFOREdate. */ + /* Store reference to ASN_BEFORE date. */ cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source); cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); - /* Find the item with the AFTER date and check it. */ + /* Find the item with the ASN_AFTER date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT; - if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_AFTER_DATE_E; } - /* Store reference to AFTER date. */ + /* Store reference to ASN_AFTER date. */ cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source); cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); @@ -21967,13 +22174,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, if ((ret == 0) && (issuer != NULL)) { idx = 0; /* Put issuer into cert and calculate hash. */ - ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer, + ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer, &idx, issuerSz); } if ((ret == 0) && (subject != NULL)) { idx = 0; /* Put subject into cert and calculate hash. */ - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, subject, &idx, subjectSz); } if (ret == 0) { @@ -22003,7 +22210,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Decode the extension data starting at [3]. */ ret = DecodeCertExtensions(cert); if (criticalExt != NULL) { - if (ret == ASN_CRIT_EXT_E) { + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { /* Return critical extension not recognized. */ *criticalExt = ret; ret = 0; @@ -22035,8 +22242,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -22194,7 +22401,7 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, /* Decode and validate extensions. */ ret = DecodeCertExtensions(cert); - if (ret == ASN_CRIT_EXT_E) { + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { /* Return critical extension not recognized. */ *criticalExt = ret; ret = 0; @@ -22381,7 +22588,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) /* Parse the subject name. */ idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset; - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, cert->source, &idx, dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset); } @@ -22421,7 +22628,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) char* ptr; #endif - ret = ParseCertRelative(cert, type, verify, cm); + ret = ParseCertRelative(cert, type, verify, cm, NULL); if (ret < 0) return ret; @@ -22954,8 +23161,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, FreeSignatureCtx(sigCtx); #ifdef WOLFSSL_SMALL_STACK - if (sigCtx != NULL) - XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); #endif return ret; #else /* WOLFSSL_ASN_TEMPLATE */ @@ -23174,9 +23380,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, #endif /* WOLFSSL_ASN_TEMPLATE */ } -#ifdef OPENSSL_EXTRA -/* Call CheckCertSignature_ex using a public key buffer for verification - */ +/* Call CheckCertSignature_ex using a public key buffer for verification */ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID) { @@ -23184,6 +23388,7 @@ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, pubKey, pubKeySz, pubKeyOID, 0); } +/* Call CheckCertSignature_ex using a public key and oid */ int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID) { @@ -23199,15 +23404,12 @@ int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, pubKey, pubKeySz, pubKeyOID, 1); } #endif /* WOLFSSL_CERT_REQ */ -#endif /* OPENSSL_EXTRA */ -#ifdef WOLFSSL_SMALL_CERT_VERIFY -/* Call CheckCertSignature_ex using a certificate manager (cm) - */ -int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) + +/* Call CheckCertSignature_ex using a certificate manager (cm) */ +int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) { return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0); } -#endif /* WOLFSSL_SMALL_CERT_VERIFY */ #endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */ #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \ @@ -23312,8 +23514,18 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, return ret; } #endif +Signer* findSignerByName(Signer *list, byte *hash) +{ + Signer *s; + for (s = list; s != NULL; s = s->next) { + if (XMEMCMP(s->subjectNameHash, hash, SIGNER_DIGEST_SIZE) == 0) { + return s; + } + } + return NULL; +} -int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) +int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList) { int ret = 0; #ifndef WOLFSSL_ASN_TEMPLATE @@ -23326,6 +23538,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int idx = 0; #endif byte* sce_tsip_encRsaKeyIdx; + (void)extraCAList; if (cert == NULL) { return BAD_FUNC_ARG; @@ -23341,7 +23554,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->badDate = 0; cert->criticalExt = 0; if ((ret = DecodeToKey(cert, verify)) < 0) { - if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { + if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || + ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { cert->badDate = ret; if (verify == VERIFY_SKIP_DATE) ret = 0; @@ -23504,7 +23718,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->extensionsIdx = cert->srcIdx; /* for potential later use */ if ((ret = DecodeCertExtensions(cert)) < 0) { - if (ret == ASN_CRIT_EXT_E) { + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { cert->criticalExt = ret; } else { @@ -23538,7 +23752,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->extensionsIdx = cert->srcIdx; /* for potential later use */ if ((ret = DecodeCertExtensions(cert)) < 0) { - if (ret == ASN_CRIT_EXT_E) + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) cert->criticalExt = ret; else return ret; @@ -23591,7 +23805,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #endif { ret = DecodeCert(cert, verify, &cert->criticalExt); - if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { + if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || + ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { cert->badDate = ret; if (verify == VERIFY_SKIP_DATE) ret = 0; @@ -23642,8 +23857,13 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (!cert->selfSigned || (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE)) { cert->ca = NULL; +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (extraCAList != NULL) { + cert->ca = findSignerByName(extraCAList, cert->issuerHash); + } +#endif #ifndef NO_SKID - if (cert->extAuthKeyIdSet) { + if (cert->ca == NULL && cert->extAuthKeyIdSet) { cert->ca = GetCA(cm, cert->extAuthKeyId); #ifdef WOLFSSL_AKID_NAME if (cert->ca == NULL) { @@ -23788,13 +24008,19 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (cert->ca) { if (verify == VERIFY || verify == VERIFY_OCSP || verify == VERIFY_SKIP_DATE) { + word32 keyOID = cert->ca->keyOID; + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + if (cert->selfSigned && (cert->signatureOID == CTC_SM3wSM2)) { + keyOID = SM2k; + } + #endif /* try to confirm/verify signature */ if ((ret = ConfirmSignature(&cert->sigCtx, cert->source + cert->certBegin, cert->sigIndex - cert->certBegin, cert->ca->publicKey, cert->ca->pubKeySize, - cert->ca->keyOID, cert->signature, - cert->sigLength, cert->signatureOID, + keyOID, cert->signature, cert->sigLength, + cert->signatureOID, #ifdef WC_RSA_PSS cert->source + cert->sigParamsIndex, cert->sigParamsLength, @@ -23802,7 +24028,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) NULL, 0, #endif sce_tsip_encRsaKeyIdx)) != 0) { - if (ret != WC_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { WOLFSSL_MSG("Confirm signature failed"); } WOLFSSL_ERROR_VERBOSE(ret); @@ -23815,13 +24041,12 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #ifndef WOLFSSL_SMALL_STACK byte der[MAX_CERT_VERIFY_SZ]; #else - byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, ssl->heap, + byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap, DYNAMIC_TYPE_DCERT); if (der == NULL) { ret = MEMORY_E; } else #endif /* ! WOLFSSL_SMALL_STACK */ - { ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ); @@ -23833,7 +24058,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) NULL, 0, NULL); } #ifdef WOLFSSL_SMALL_STACK - XFREE(der, ssl->heap, DYNAMIC_TYPE_DCERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_DCERT); #endif /* WOLFSSL_SMALL_STACK */ if (ret != 0) { @@ -23863,6 +24088,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } #ifdef WOLFSSL_CERT_REQ else if (type == CERTREQ_TYPE) { + /* try to confirm/verify signature */ if ((ret = ConfirmSignature(&cert->sigCtx, cert->source + cert->certBegin, cert->sigIndex - cert->certBegin, @@ -23875,19 +24101,59 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) NULL, 0, #endif sce_tsip_encRsaKeyIdx)) != 0) { - if (ret != WC_PENDING_E) { + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { WOLFSSL_MSG("Confirm signature failed"); } WOLFSSL_ERROR_VERBOSE(ret); return ret; } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + if ((ret == 0) && cert->extAltSigAlgSet && + cert->extAltSigValSet) { + #ifndef WOLFSSL_SMALL_STACK + byte der[MAX_CERT_VERIFY_SZ]; + #else + byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap, + DYNAMIC_TYPE_DCERT); + if (der == NULL) { + ret = MEMORY_E; + } else + #endif /* ! WOLFSSL_SMALL_STACK */ + { + ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ); + + if (ret > 0) { + ret = ConfirmSignature(&cert->sigCtx, der, ret, + cert->sapkiDer, cert->sapkiLen, + cert->sapkiOID, cert->altSigValDer, + cert->altSigValLen, cert->altSigAlgOID, + NULL, 0, NULL); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(der, cert->heap, DYNAMIC_TYPE_DCERT); + #endif /* WOLFSSL_SMALL_STACK */ + + if (ret != 0) { + WOLFSSL_MSG("Confirm alternative signature failed"); + WOLFSSL_ERROR_VERBOSE(ret); + return ret; + } + else { + WOLFSSL_MSG("Alt signature has been verified!"); + } + } + } + #endif /* WOLFSSL_DUAL_ALG_CERTS */ } #endif else { /* no signer */ WOLFSSL_MSG("No CA signer to verify with"); + /* If you end up here with error -188, + * consider using WOLFSSL_ALT_CERT_CHAINS. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* ret needs to be self-signer error for Qt compat */ + /* ret needs to be self-signer error for openssl compatibility */ if (cert->selfSigned) { WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E); return ASN_SELF_SIGNED_E; @@ -23918,6 +24184,89 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) return ret; } +int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) +{ + int ret = 0; + + if (signer == NULL || cert == NULL) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (ret == 0 && signer != NULL) { + if (cert->extSapkiSet && cert->sapkiLen > 0) { + /* Allocated space for alternative public key. */ + signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cert->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (signer->sapkiDer == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(signer->sapkiDer, cert->sapkiDer, cert->sapkiLen); + signer->sapkiLen = cert->sapkiLen; + signer->sapkiOID = cert->sapkiOID; + } + } + } +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + +#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL) + if (ret == 0 && signer != NULL) + ret = CalcHashId(cert->serial, (word32)cert->serialSz, + signer->serialHash); +#endif + if (ret == 0 && signer != NULL) { + #ifdef WOLFSSL_SIGNER_DER_CERT + ret = AllocDer(&signer->derCert, der->length, der->type, NULL); + } + if (ret == 0 && signer != NULL) { + XMEMCPY(signer->derCert->buffer, der->buffer, der->length); + #else + (void)der; + #endif + signer->keyOID = cert->keyOID; + if (cert->pubKeyStored) { + signer->publicKey = cert->publicKey; + signer->pubKeySize = cert->pubKeySize; + } + + if (cert->subjectCNStored) { + signer->nameLen = cert->subjectCNLen; + signer->name = cert->subjectCN; + } + signer->maxPathLen = cert->maxPathLen; + signer->selfSigned = cert->selfSigned; + #ifndef IGNORE_NAME_CONSTRAINTS + signer->permittedNames = cert->permittedNames; + signer->excludedNames = cert->excludedNames; + #endif + #ifndef NO_SKID + XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId, + SIGNER_DIGEST_SIZE); + #endif + XMEMCPY(signer->subjectNameHash, cert->subjectHash, + SIGNER_DIGEST_SIZE); + #if defined(HAVE_OCSP) || defined(HAVE_CRL) + XMEMCPY(signer->issuerNameHash, cert->issuerHash, + SIGNER_DIGEST_SIZE); + #endif + #ifdef HAVE_OCSP + XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash, + KEYID_SIZE); + #endif + signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage + : 0xFFFF; + signer->next = NULL; /* If Key Usage not set, all uses valid. */ + cert->publicKey = 0; /* in case lock fails don't free here. */ + cert->subjectCN = 0; + #ifndef IGNORE_NAME_CONSTRAINTS + cert->permittedNames = NULL; + cert->excludedNames = NULL; + #endif + signer->type = (byte)type; + } + return ret; +} + /* Create and init an new signer */ Signer* MakeSigner(void* heap) { @@ -24020,13 +24369,9 @@ void FreeTrustedPeer(TrustedPeerCert* tp, void* heap) return; } - if (tp->name) { - XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); - } + XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); - if (tp->sig) { - XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); - } + XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); #ifndef IGNORE_NAME_CONSTRAINTS if (tp->permittedNames) FreeNameSubtrees(tp->permittedNames, heap); @@ -24177,7 +24522,7 @@ int wc_GetSerialNumber(const byte* input, word32* inOutIdx, int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (pDer) { int dynType = 0; DerBuffer* der; @@ -24208,18 +24553,31 @@ int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap) der->buffer = (byte*)der + sizeof(DerBuffer); der->length = length; ret = 0; /* Success */ + } else { + ret = BAD_FUNC_ARG; + } + return ret; +} + +int AllocCopyDer(DerBuffer** pDer, const unsigned char* buff, word32 length, + int type, void* heap) +{ + int ret = AllocDer(pDer, length, type, heap); + if (ret == 0) { + XMEMCPY((*pDer)->buffer, buff, length); } + return ret; } void FreeDer(DerBuffer** pDer) { - if (pDer && *pDer) - { + if (pDer && *pDer) { DerBuffer* der = (DerBuffer*)*pDer; /* ForceZero private keys */ - if (der->type == PRIVATEKEY_TYPE && der->buffer != NULL) { + if (((der->type == PRIVATEKEY_TYPE) || + (der->type == ALT_PRIVATEKEY_TYPE)) && der->buffer != NULL) { ForceZero(der->buffer, der->length); } der->buffer = NULL; @@ -24279,6 +24637,10 @@ wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; wcchar END_EC_PARAM = "-----END EC PARAMETERS-----"; #endif #endif +#ifdef HAVE_PKCS7 +wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; +wcchar END_PKCS7 = "-----END PKCS7-----"; +#endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ !defined(NO_DSA) wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; @@ -24295,7 +24657,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----"; wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----"; @@ -24325,7 +24686,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----" "-----END X509 CRL-----"); @@ -24345,7 +24705,7 @@ static WC_INLINE const char* SkipEndOfLineChars(const char* line, int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (type) { case CA_TYPE: /* same as below */ @@ -24388,6 +24748,13 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) ret = 0; break; #endif + #ifdef HAVE_PKCS7 + case PKCS7_TYPE: + if (header) *header = BEGIN_PKCS7; + if (footer) *footer = END_PKCS7; + ret = 0; + break; + #endif #ifndef NO_DSA case DSA_TYPE: case DSA_PRIVATEKEY_TYPE: @@ -24433,7 +24800,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) ret = 0; break; #endif -#ifdef HAVE_PQC #ifdef HAVE_FALCON case FALCON_LEVEL1_TYPE: if (header) *header = BEGIN_FALCON_LEVEL1_PRIV; @@ -24495,7 +24861,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) ret = 0; break; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ case PUBLICKEY_TYPE: case ECC_PUBLICKEY_TYPE: if (header) *header = BEGIN_PUB_KEY; @@ -24521,6 +24886,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) ret = 0; break; default: + ret = BAD_FUNC_ARG; break; } return ret; @@ -24823,7 +25189,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif outLen = 0; if ((err = Base64_Encode(der, derSz, NULL, (word32*)&outLen)) - != LENGTH_ONLY_E) { + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_ERROR_VERBOSE(err); return err; } @@ -25426,7 +25792,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz, } if (type != CERT_TYPE && type != CHAIN_CERT_TYPE && type != CA_TYPE && - type != CERTREQ_TYPE) { + type != CERTREQ_TYPE && type != PKCS7_TYPE) { WOLFSSL_MSG("Bad cert type"); return BAD_FUNC_ARG; } @@ -25767,7 +26133,7 @@ static DNS_entry* FindAltName(struct DecodedCert* cert, int nameType, /* returns 0 on success */ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz) { - int ret = ALT_NAME_E; + int ret = WC_NO_ERR_TRACE(ALT_NAME_E); DNS_entry* id = NULL; do { @@ -25804,7 +26170,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz) /* returns 0 on success */ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz) { - int ret = ALT_NAME_E; + int ret = WC_NO_ERR_TRACE(ALT_NAME_E); DNS_entry* id = NULL; do { @@ -26014,6 +26380,7 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA || ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */ +#endif /* NO_CERTS */ #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \ @@ -26184,6 +26551,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */ +#ifndef NO_CERTS #ifdef WOLFSSL_CERT_GEN @@ -26444,7 +26812,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz, InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz, cert->heap, devId); ret = ParseCertRelative((DecodedCert*)cert->decodedCert, - CERT_TYPE, 0, NULL); + CERT_TYPE, 0, NULL, NULL); if (ret >= 0) { cert->der = (byte*)der; } @@ -27176,12 +27544,8 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) } /* Dispose of allocated data. */ - if (extKuASN != NULL) { - XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (dataASN != NULL) { - XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; #endif @@ -27800,8 +28164,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, } #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE /* Convert key usage string (comma delimited, null terminated) to word16 * Returns 0 on success, negative on error */ @@ -27924,7 +28287,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap) return ret; } -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */ #ifdef WOLFSSL_CERT_GEN /* Encodes one attribute of the name (issuer/subject) @@ -28281,10 +28644,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) } } - if (namesASN != NULL) - XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dataASN != NULL) - XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; return ret; #endif @@ -28347,7 +28708,7 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, } break; #endif - #if defined(HAVE_PQC) && defined(HAVE_FALCON) + #if defined(HAVE_FALCON) case FALCON_LEVEL1_KEY: case FALCON_LEVEL5_KEY: ret = wc_Falcon_PublicKeyToDer(falconKey, output, @@ -28356,8 +28717,8 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, ret = PUBLIC_KEY_E; } break; - #endif /* HAVE_PQC && HAVE_FALCON */ - #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) case DILITHIUM_LEVEL2_KEY: case DILITHIUM_LEVEL3_KEY: case DILITHIUM_LEVEL5_KEY: @@ -28367,8 +28728,8 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, ret = PUBLIC_KEY_E; } break; - #endif /* HAVE_PQC && HAVE_DILITHIUM */ - #if defined(HAVE_PQC) && defined(HAVE_SPHINCS) + #endif /* HAVE_DILITHIUM */ + #if defined(HAVE_SPHINCS) case SPHINCS_FAST_LEVEL1_KEY: case SPHINCS_FAST_LEVEL3_KEY: case SPHINCS_FAST_LEVEL5_KEY: @@ -28381,7 +28742,7 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, ret = PUBLIC_KEY_E; } break; - #endif /* HAVE_PQC && HAVE_SPHINCS */ + #endif /* HAVE_SPHINCS */ default: ret = PUBLIC_KEY_E; break; @@ -29170,7 +29531,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) if ((cert->keyType == FALCON_LEVEL1_KEY) || (cert->keyType == FALCON_LEVEL5_KEY)) { @@ -29182,7 +29542,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, (word32)sizeof(der->publicKey), 1); } #endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || (cert->keyType == DILITHIUM_LEVEL3_KEY) || (cert->keyType == DILITHIUM_LEVEL5_KEY)) { @@ -29209,7 +29569,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, (word32)sizeof(der->publicKey), 1); } #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ if (der->publicKeySz <= 0) return PUBLIC_KEY_E; @@ -29715,7 +30074,6 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, } #endif /* HAVE_ED448 && HAVE_ED448_SIGN */ - #if defined(HAVE_PQC) #if defined(HAVE_FALCON) if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) { word32 outSz = sigSz; @@ -29742,7 +30100,6 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, ret = outSz; } #endif /* HAVE_SPHINCS */ - #endif /* HAVE_PQC */ break; } @@ -29750,7 +30107,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, exit_ms: #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { return ret; } #endif @@ -29959,7 +30316,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = ED25519_KEY; else if (ed448Key) cert->keyType = ED448_KEY; -#ifdef HAVE_PQC #ifdef HAVE_FALCON else if ((falconKey != NULL) && (falconKey->level == 1)) cert->keyType = FALCON_LEVEL1_KEY; @@ -29994,7 +30350,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, && (sphincsKey->optim == SMALL_VARIANT)) cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ else return BAD_FUNC_ARG; @@ -30054,7 +30409,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, else if (ed448Key) { cert->keyType = ED448_KEY; } -#ifdef HAVE_PQC #ifdef HAVE_FALCON else if ((falconKey != NULL) && (falconKey->level == 1)) { cert->keyType = FALCON_LEVEL1_KEY; @@ -30100,7 +30454,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; } #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ else { ret = BAD_FUNC_ARG; } @@ -30675,7 +31028,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, (word32)sizeof(der->publicKey), 1); } #endif -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) if ((cert->keyType == FALCON_LEVEL1_KEY) || (cert->keyType == FALCON_LEVEL5_KEY)) { @@ -30685,7 +31037,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, der->publicKey, (word32)sizeof(der->publicKey), 1); } #endif -#if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || (cert->keyType == DILITHIUM_LEVEL3_KEY) || (cert->keyType == DILITHIUM_LEVEL5_KEY)) { @@ -30708,7 +31060,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, der->publicKey, (word32)sizeof(der->publicKey), 1); } #endif -#endif /* HAVE_PQC */ if (der->publicKeySz <= 0) return PUBLIC_KEY_E; @@ -31034,7 +31385,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = ED25519_KEY; else if (ed448Key) cert->keyType = ED448_KEY; -#ifdef HAVE_PQC #ifdef HAVE_FALCON else if ((falconKey != NULL) && (falconKey->level == 1)) cert->keyType = FALCON_LEVEL1_KEY; @@ -31069,7 +31419,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, && (sphincsKey->optim == SMALL_VARIANT)) cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ else return BAD_FUNC_ARG; @@ -31130,7 +31479,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, else if (ed448Key != NULL) { cert->keyType = ED448_KEY; } -#ifdef HAVE_PQC #ifdef HAVE_FALCON else if ((falconKey != NULL) && (falconKey->level == 1)) { cert->keyType = FALCON_LEVEL1_KEY; @@ -31176,7 +31524,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; } #endif /* HAVE_SPHINCS */ -#endif /* HAVE_PQC */ else { ret = BAD_FUNC_ARG; } @@ -31444,7 +31791,7 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key, falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap); #ifdef WOLFSSL_ASYNC_CRYPT - if (sigSz == WC_PENDING_E) { + if (sigSz == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Not free'ing certSignCtx->sig here because it could still be in use * with async operations. */ return sigSz; @@ -31557,7 +31904,7 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key, falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* Not free'ing certSignCtx->sig here because it could still be in use * with async operations. */ return ret; @@ -31565,6 +31912,8 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, #endif if (ret <= 0) { + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->sig = NULL; return ret; } @@ -31715,14 +32064,13 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, bufferSz = wc_Ed448PublicKeyToDer(ed448Key, buf, MAX_PUBLIC_KEY_SZ, 0); } #endif -#if defined(HAVE_PQC) #if defined(HAVE_FALCON) if (falconKey != NULL) { bufferSz = wc_Falcon_PublicKeyToDer(falconKey, buf, MAX_PUBLIC_KEY_SZ, 0); } #endif -#if defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) if (dilithiumKey != NULL) { bufferSz = wc_Dilithium_PublicKeyToDer(dilithiumKey, buf, MAX_PUBLIC_KEY_SZ, 0); @@ -31734,7 +32082,6 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, MAX_PUBLIC_KEY_SZ, 0); } #endif -#endif /* HAVE_PQC */ if (bufferSz <= 0) { XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -32202,7 +32549,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz, #endif InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId); - ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); + ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL); if (ret < 0) { WOLFSSL_MSG("ParseCertRelative error"); @@ -32401,7 +32748,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId) #endif InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId); - ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); + ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL); if (ret < 0) { WOLFSSL_MSG("ParseCertRelative error"); @@ -33440,9 +33787,9 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz, #else if (ret == 0) { /* Base X-ordinate */ - DataToHexString(base + 1, curve->size, curve->Gx); + DataToHexString(base + 1, (word32)curve->size, curve->Gx); /* Base Y-ordinate */ - DataToHexString(base + 1 + curve->size, curve->size, curve->Gy); + DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy); /* Prime */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length, @@ -33667,6 +34014,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, int curve_id = ECC_CURVE_DEF; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) word32 algId = 0; + word32 eccOid = 0; #endif /* Validate parameters. */ @@ -33676,11 +34024,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) /* if has pkcs8 header skip it */ - if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { + if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) { /* ignore error, did not have pkcs8 header */ } else { - curve_id = wc_ecc_get_oid(algId, NULL, NULL); + curve_id = wc_ecc_get_oid(eccOid, NULL, NULL); } #endif @@ -34173,7 +34521,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, #endif /* WOLFSSL_ASN_TEMPLATE */ } -#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) +#ifdef HAVE_ECC_KEY_EXPORT /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, @@ -34254,7 +34602,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(key, NULL, &pubSz); PRIVATE_KEY_LOCK(); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -34352,7 +34700,8 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, return (int)totalSz; #else DECL_ASNSETDATA(dataASN, eccKeyASN_Length); - word32 privSz, pubSz; + word32 privSz = 0; + word32 pubSz = 0; int sz = 0; int ret = 0; int curveIdSz = 0; @@ -34377,7 +34726,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(key, NULL, &pubSz); PRIVATE_KEY_LOCK(); - if (ret == LENGTH_ONLY_E) + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) ret = 0; } } @@ -34479,7 +34828,7 @@ int wc_EccKeyDerSize(ecc_key* key, int pub) ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } return (int)sz; @@ -34546,7 +34895,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, /* get pkcs8 expected output size */ ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, tmpDer, tmpDerSz, algoID, curveOID, oidSz); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -34603,7 +34952,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, return eccToPKCS8(key, output, outLen, 1); } #endif /* HAVE_PKCS8 */ -#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ +#endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC */ #ifdef WC_ENABLE_ASYM_KEY_IMPORT @@ -34646,13 +34995,11 @@ enum { || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \ || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ - || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \ - || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \ - || (defined(HAVE_PQC) && defined(HAVE_SPHINCS))) + || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) -int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, - byte* privKey, word32* privKeyLen, - byte* pubKey, word32* pubKeyLen, int keyType) +int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, + const byte** privKey, word32* privKeyLen, + const byte** pubKey, word32* pubKeyLen, int keyType) { #ifndef WOLFSSL_ASN_TEMPLATE word32 oid; @@ -34707,12 +35054,9 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, endKeyIdx = (int)*inOutIdx; } - if ((word32)privSz > *privKeyLen) - return BUFFER_E; - if (endKeyIdx == (int)*inOutIdx) { *privKeyLen = (word32)privSz; - XMEMCPY(privKey, priv, *privKeyLen); + *privKey = priv; if (pubKeyLen != NULL) *pubKeyLen = 0; } @@ -34726,17 +35070,14 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; } - if ((word32)pubSz > *pubKeyLen) - return BUFFER_E; - pub = input + *inOutIdx; *inOutIdx += (word32)pubSz; *privKeyLen = (word32)privSz; - XMEMCPY(privKey, priv, *privKeyLen); + *privKey = priv; *pubKeyLen = (word32)pubSz; if (pubKey != NULL) - XMEMCPY(pubKey, pub, *pubKeyLen); + *pubKey = pub; } if (endKeyIdx != (int)*inOutIdx) return ASN_PARSE_E; @@ -34760,33 +35101,22 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, } } } - /* Check the private value length is correct. */ - if ((ret == 0) && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length - > *privKeyLen) { - ret = ASN_PARSE_E; + if (ret == 0) { + /* Import private value. */ + *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; + *privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; } if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) { - *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data, - *privKeyLen); + /* Set public length to 0 as not seen. */ if (pubKeyLen != NULL) *pubKeyLen = 0; } - else if ((ret == 0) && - (pubKeyLen != NULL) && - (dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) { - ret = ASN_PARSE_E; - } else if (ret == 0) { - /* Import private and public value. */ - *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data, - *privKeyLen); + /* Import public value. */ if (pubKeyLen != NULL) *pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length; if (pubKey != NULL && pubKeyLen != NULL) - XMEMCPY(pubKey, dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data, - *pubKeyLen); + *pubKey = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data; } FREE_ASNGETDATA(dataASN, NULL); @@ -34794,8 +35124,46 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, #endif /* WOLFSSL_ASN_TEMPLATE */ } -int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, +int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, + byte* privKey, word32* privKeyLen, byte* pubKey, word32* pubKeyLen, int keyType) +{ + int ret = 0; + const byte* privKeyPtr = NULL; + const byte* pubKeyPtr = NULL; + word32 privKeyPtrLen = 0; + word32 pubKeyPtrLen = 0; + + if (privKey == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr, + &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, keyType); + } + if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) { + ret = BUFFER_E; + } + if ((ret == 0) && (pubKeyLen != NULL) && (pubKeyPtrLen > *pubKeyLen)) { + ret = BUFFER_E; + } + if ((ret == 0) && (privKeyPtr != NULL)) { + XMEMCPY(privKey, privKeyPtr, privKeyPtrLen); + *privKeyLen = privKeyPtrLen; + } + if ((ret == 0) && (pubKey != NULL) && (pubKeyPtr != NULL)) { + XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen); + } + if ((ret == 0) && (pubKeyLen != NULL)) { + *pubKeyLen = pubKeyPtrLen; + } + + return ret; +} + +int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, + const byte** pubKey, word32* pubKeyLen, int keyType) { int ret = 0; #ifndef WOLFSSL_ASN_TEMPLATE @@ -34828,17 +35196,13 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, if (ret != 0) return ret; - /* check that the value found is not too large for pubKey buffer */ - if ((word32)length > *pubKeyLen) - return ASN_PARSE_E; - /* check that input buffer is exhausted */ if (*inOutIdx + (word32)length != inSz) return ASN_PARSE_E; /* This is the raw point data compressed or uncompressed. */ *pubKeyLen = (word32)length; - XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen); + *pubKey = input + *inOutIdx; #else len = inSz - *inOutIdx; @@ -34859,11 +35223,6 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, if (*inOutIdx != inSz) ret = ASN_PARSE_E; } - /* Check the public value length is correct. */ - if ((ret == 0) && - (dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) { - ret = ASN_PARSE_E; - } /* Check that the all the buffer was used. */ if ((ret == 0) && (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) { @@ -34871,14 +35230,39 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, } if (ret == 0) { *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length; - XMEMCPY(pubKey, dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data, - *pubKeyLen); + *pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data; } FREE_ASNGETDATA(dataASN, NULL); #endif /* WOLFSSL_ASN_TEMPLATE */ return ret; } + +int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, + byte* pubKey, word32* pubKeyLen, int keyType) +{ + int ret = 0; + const byte* pubKeyPtr = NULL; + word32 pubKeyPtrLen = 0; + + if (pubKey == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr, + &pubKeyPtrLen, keyType); + } + if ((ret == 0) && (pubKeyPtrLen > *pubKeyLen)) { + ret = BUFFER_E; + } + if ((ret == 0) && (pubKeyPtr != NULL)) { + XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen); + *pubKeyLen = pubKeyPtrLen; + } + + return ret; +} #endif #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ @@ -34999,10 +35383,13 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, int sz; #endif - /* Validate parameters. */ - if (privKey == NULL || outLen == 0) { + /* validate parameters */ + if (privKey == NULL) { return BAD_FUNC_ARG; } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } #ifndef WOLFSSL_ASN_TEMPLATE /* calculate size */ @@ -35160,7 +35547,7 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, byte pubKey[CURVE25519_PUB_KEY_SIZE]; word32 pubKeyLen = (word32)sizeof(pubKey); - if (key == NULL || output == NULL) { + if (key == NULL) { return BAD_FUNC_ARG; } @@ -35314,7 +35701,7 @@ int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, word32 inLen, byte pubKey[CURVE448_PUB_KEY_SIZE]; word32 pubKeyLen = (word32)sizeof(pubKey); - if (key == NULL || output == NULL) { + if (key == NULL) { return BAD_FUNC_ARG; } @@ -35533,7 +35920,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, if (idx >= size) return BUFFER_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->thisDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, @@ -35554,7 +35941,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) + if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif #endif @@ -35569,7 +35956,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->nextDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, @@ -35590,7 +35977,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) + if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER)) return ASN_AFTER_DATE_E; #endif #endif @@ -35698,15 +36085,14 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, /* Store the thisDate format - only one possible. */ cs->thisDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and BEFORE now. */ - if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) { + /* Check date is a valid string and ASN_BEFORE now. */ + if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) { ret = ASN_BEFORE_DATE_E; } } if (ret == 0) { #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + #ifdef WOLFSSL_OCSP_PARSE_STATUS /* Store ASN.1 version of thisDate. */ cs->thisDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source); @@ -35721,16 +36107,15 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, /* Store the nextDate format - only one possible. */ cs->nextDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and AFTER now. */ - if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) { + /* Check date is a valid string and ASN_AFTER now. */ + if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) { ret = ASN_AFTER_DATE_E; } } if ((ret == 0) && (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) { #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + #ifdef WOLFSSL_OCSP_PARSE_STATUS /* Store ASN.1 version of thisDate. */ cs->nextDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source); @@ -36304,7 +36689,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, /* Don't verify if we don't have access to Cert Manager. */ ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY_OCSP_CERT, - cm); + cm, resp->pendingCAs); if (ret < 0) { WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); break; @@ -36363,7 +36748,11 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, #else ca = GetCA(cm, resp->single->issuerHash); #endif - +#if defined(HAVE_CERTIFICATE_STATUS_V2) + if (ca == NULL && resp->pendingCAs != NULL) { + ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash); + } +#endif if (ca) { SignatureCtx sigCtx; InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); @@ -36461,7 +36850,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, /* Parse the certificate and don't verify if we don't have access to * Cert Manager. */ ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY, - cm); + cm, resp->pendingCAs); if (ret < 0) { WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); } @@ -36500,6 +36889,13 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, #else ca = GetCA(cm, resp->single->issuerHash); #endif + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (ca == NULL && resp->pendingCAs != NULL) { + ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash); + } + #endif + if (ca) { SignatureCtx sigCtx; @@ -36557,6 +36953,7 @@ void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, resp->source = source; resp->maxIdx = inSz; resp->heap = heap; + resp->pendingCAs = NULL; } void FreeOcspResponse(OcspResponse* resp) @@ -37125,8 +37522,7 @@ void FreeOcspRequest(OcspRequest* req) WOLFSSL_ENTER("FreeOcspRequest"); if (req) { - if (req->serial) - XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); req->serial = NULL; #ifdef OPENSSL_EXTRA @@ -37139,13 +37535,10 @@ void FreeOcspRequest(OcspRequest* req) req->serialInt = NULL; #endif - if (req->url) - XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); req->url = NULL; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) +#ifdef OPENSSL_EXTRA if (req->cid != NULL) wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid); req->cid = NULL; @@ -37363,8 +37756,7 @@ void FreeDecodedCRL(DecodedCRL* dcrl) tmp = next; } #ifdef OPENSSL_EXTRA - if (dcrl->issuer != NULL) - XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif } @@ -37592,7 +37984,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned, InitSignatureCtx(sigCtx, heap, INVALID_DEVID); if (ConfirmSignature(sigCtx, toBeSigned, tbsSz, ca->publicKey, ca->pubKeySize, ca->keyOID, signature, sigSz, - signatureOID, sigParams, sigParamsSz, NULL) != 0) { + signatureOID, sigParams, (word32)sigParamsSz, NULL) != 0) { WOLFSSL_MSG("CRL Confirm signature failed"); WOLFSSL_ERROR_VERBOSE(ASN_CRL_CONFIRM_E); return ASN_CRL_CONFIRM_E; @@ -37742,7 +38134,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; @@ -37805,6 +38197,7 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) } dcrl->extAuthKeyIdSet = 1; + /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(input + idx, length, dcrl->extAuthKeyId, HashIdAlg(dcrl->signatureOID)); @@ -37830,6 +38223,8 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); } else { + dcrl->extAuthKeyIdSet = 1; + /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data, (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length, @@ -38316,7 +38711,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, buff); dcrl->sigParamsIndex = dataASN[CRLASN_IDX_SIGALGO_PARAMS].offset; - dcrl->sigParamsLength = sigParamsSz; + dcrl->sigParamsLength = (word32)sigParamsSz; } #endif @@ -38355,7 +38750,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, if (dcrl->nextDateFormat != 0) { /* Next date was set, so validate it. */ if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; WOLFSSL_ERROR_VERBOSE(ret); @@ -38667,10 +39062,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) mimeType == MIME_PARAM)) && pos >= 1) { mimeStatus = MIME_BODYVAL; end = pos-1; - if (nameAttr != NULL) { - XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); - nameAttr = NULL; - } + XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); + nameAttr = NULL; ret = wc_MIME_header_strip(curLine, &nameAttr, start, end); if (ret) { goto error; @@ -38679,10 +39072,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) } else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) { end = pos-1; - if (bodyVal != NULL) { - XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); - bodyVal = NULL; - } + XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + bodyVal = NULL; ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); if (ret) { goto error; @@ -38775,12 +39166,9 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) if (ret != 0) wc_MIME_free_hdrs(curHdr); wc_MIME_free_hdrs(nextHdr); - if (nameAttr != NULL) - XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); - if (bodyVal != NULL) - XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); - if (nextParam != NULL) - XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); return ret; } @@ -39190,7 +39578,7 @@ static void PrintObjectIdText(Asn1* asn1, Asn1PrintOptions* opts) /* Get the OID value for the OBJECT_ID. */ if (GetObjectId(asn1->data + asn1->offset, &i, &oid, oidIgnoreType, - asn1->item.len + 2) == ASN_PARSE_E) { + asn1->item.len + 2) == WC_NO_ERR_TRACE(ASN_PARSE_E)) { known = 0; } else diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index adc6034040..bce74b305d 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -12,7 +12,7 @@ */ /* blake2b.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c index 9efa84f3b8..7e36d6ee11 100644 --- a/wolfcrypt/src/blake2s.c +++ b/wolfcrypt/src/blake2s.c @@ -12,7 +12,7 @@ */ /* blake2s.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/camellia.c b/wolfcrypt/src/camellia.c index 9f2897f281..3425177e56 100644 --- a/wolfcrypt/src/camellia.c +++ b/wolfcrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index c84829b772..b87418a724 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,9 @@ Public domain. #if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON) /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */ + #else #if defined(HAVE_CHACHA) @@ -72,6 +75,10 @@ Public domain. #elif defined(__clang__) && defined(NO_AVX2_SUPPORT) #undef NO_AVX2_SUPPORT #endif + #if defined(_MSC_VER) && (_MSC_VER <= 1900) + #undef NO_AVX2_SUPPORT + #define NO_AVX2_SUPPORT + #endif #ifndef NO_AVX2_SUPPORT #define HAVE_INTEL_AVX2 diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index df4147c879..a29a18f25d 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/chacha_asm.S b/wolfcrypt/src/chacha_asm.S index 9ca854cb4e..0ef0978369 100644 --- a/wolfcrypt/src/chacha_asm.S +++ b/wolfcrypt/src/chacha_asm.S @@ -1,6 +1,6 @@ /* chacha_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -536,9 +536,19 @@ chacha_encrypt_avx1: .p2align 4 _chacha_encrypt_avx1: #endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 subq $0x190, %rsp movq %rsp, %r9 leaq 256(%rsp), %r10 + leaq L_chacha20_avx1_rotl8(%rip), %r12 + leaq L_chacha20_avx1_rotl16(%rip), %r13 + leaq L_chacha20_avx1_add(%rip), %r14 + leaq L_chacha20_avx1_four(%rip), %r15 + addq $15, %r9 + addq $15, %r10 andq $-16, %r9 andq $-16, %r10 movl %ecx, %eax @@ -560,7 +570,7 @@ _chacha_encrypt_avx1: vpshufd $0x00, 52(%rdi), %xmm13 vpshufd $0x00, 56(%rdi), %xmm14 vpshufd $0x00, 60(%rdi), %xmm15 - vpaddd L_chacha20_avx1_add(%rip), %xmm12, %xmm12 + vpaddd (%r14), %xmm12, %xmm12 vmovdqa %xmm0, (%r9) vmovdqa %xmm1, 16(%r9) vmovdqa %xmm2, 32(%r9) @@ -584,22 +594,22 @@ L_chacha20_avx1_loop128: vpaddd %xmm4, %xmm0, %xmm0 vpxor %xmm0, %xmm12, %xmm12 vmovdqa 48(%r10), %xmm11 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm12, %xmm12 + vpshufb (%r13), %xmm12, %xmm12 vpaddd %xmm12, %xmm8, %xmm8 vpxor %xmm8, %xmm4, %xmm4 vpaddd %xmm5, %xmm1, %xmm1 vpxor %xmm1, %xmm13, %xmm13 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm13, %xmm13 + vpshufb (%r13), %xmm13, %xmm13 vpaddd %xmm13, %xmm9, %xmm9 vpxor %xmm9, %xmm5, %xmm5 vpaddd %xmm6, %xmm2, %xmm2 vpxor %xmm2, %xmm14, %xmm14 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm14, %xmm14 + vpshufb (%r13), %xmm14, %xmm14 vpaddd %xmm14, %xmm10, %xmm10 vpxor %xmm10, %xmm6, %xmm6 vpaddd %xmm7, %xmm3, %xmm3 vpxor %xmm3, %xmm15, %xmm15 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm15, %xmm15 + vpshufb (%r13), %xmm15, %xmm15 vpaddd %xmm15, %xmm11, %xmm11 vpxor %xmm11, %xmm7, %xmm7 vmovdqa %xmm11, 48(%r10) @@ -618,22 +628,22 @@ L_chacha20_avx1_loop128: vpaddd %xmm4, %xmm0, %xmm0 vpxor %xmm0, %xmm12, %xmm12 vmovdqa 48(%r10), %xmm11 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm12, %xmm12 + vpshufb (%r12), %xmm12, %xmm12 vpaddd %xmm12, %xmm8, %xmm8 vpxor %xmm8, %xmm4, %xmm4 vpaddd %xmm5, %xmm1, %xmm1 vpxor %xmm1, %xmm13, %xmm13 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm13, %xmm13 + vpshufb (%r12), %xmm13, %xmm13 vpaddd %xmm13, %xmm9, %xmm9 vpxor %xmm9, %xmm5, %xmm5 vpaddd %xmm6, %xmm2, %xmm2 vpxor %xmm2, %xmm14, %xmm14 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm14, %xmm14 + vpshufb (%r12), %xmm14, %xmm14 vpaddd %xmm14, %xmm10, %xmm10 vpxor %xmm10, %xmm6, %xmm6 vpaddd %xmm7, %xmm3, %xmm3 vpxor %xmm3, %xmm15, %xmm15 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm15, %xmm15 + vpshufb (%r12), %xmm15, %xmm15 vpaddd %xmm15, %xmm11, %xmm11 vpxor %xmm11, %xmm7, %xmm7 vmovdqa %xmm11, 48(%r10) @@ -652,22 +662,22 @@ L_chacha20_avx1_loop128: vpaddd %xmm5, %xmm0, %xmm0 vpxor %xmm0, %xmm15, %xmm15 vmovdqa 48(%r10), %xmm11 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm15, %xmm15 + vpshufb (%r13), %xmm15, %xmm15 vpaddd %xmm15, %xmm10, %xmm10 vpxor %xmm10, %xmm5, %xmm5 vpaddd %xmm6, %xmm1, %xmm1 vpxor %xmm1, %xmm12, %xmm12 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm12, %xmm12 + vpshufb (%r13), %xmm12, %xmm12 vpaddd %xmm12, %xmm11, %xmm11 vpxor %xmm11, %xmm6, %xmm6 vpaddd %xmm7, %xmm2, %xmm2 vpxor %xmm2, %xmm13, %xmm13 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm13, %xmm13 + vpshufb (%r13), %xmm13, %xmm13 vpaddd %xmm13, %xmm8, %xmm8 vpxor %xmm8, %xmm7, %xmm7 vpaddd %xmm4, %xmm3, %xmm3 vpxor %xmm3, %xmm14, %xmm14 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm14, %xmm14 + vpshufb (%r13), %xmm14, %xmm14 vpaddd %xmm14, %xmm9, %xmm9 vpxor %xmm9, %xmm4, %xmm4 vmovdqa %xmm11, 48(%r10) @@ -686,22 +696,22 @@ L_chacha20_avx1_loop128: vpaddd %xmm5, %xmm0, %xmm0 vpxor %xmm0, %xmm15, %xmm15 vmovdqa 48(%r10), %xmm11 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm15, %xmm15 + vpshufb (%r12), %xmm15, %xmm15 vpaddd %xmm15, %xmm10, %xmm10 vpxor %xmm10, %xmm5, %xmm5 vpaddd %xmm6, %xmm1, %xmm1 vpxor %xmm1, %xmm12, %xmm12 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm12, %xmm12 + vpshufb (%r12), %xmm12, %xmm12 vpaddd %xmm12, %xmm11, %xmm11 vpxor %xmm11, %xmm6, %xmm6 vpaddd %xmm7, %xmm2, %xmm2 vpxor %xmm2, %xmm13, %xmm13 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm13, %xmm13 + vpshufb (%r12), %xmm13, %xmm13 vpaddd %xmm13, %xmm8, %xmm8 vpxor %xmm8, %xmm7, %xmm7 vpaddd %xmm4, %xmm3, %xmm3 vpxor %xmm3, %xmm14, %xmm14 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm14, %xmm14 + vpshufb (%r12), %xmm14, %xmm14 vpaddd %xmm14, %xmm9, %xmm9 vpxor %xmm9, %xmm4, %xmm4 vmovdqa %xmm11, 48(%r10) @@ -835,7 +845,7 @@ L_chacha20_avx1_loop128: vmovdqa 192(%r9), %xmm12 addq $0x100, %rsi addq $0x100, %rdx - vpaddd L_chacha20_avx1_four(%rip), %xmm12, %xmm12 + vpaddd (%r15), %xmm12, %xmm12 subl $0x100, %ecx vmovdqa %xmm12, 192(%r9) cmpl $0x100, %ecx @@ -858,7 +868,7 @@ L_chacha20_avx1_loop128: vmovdqa 240(%r9), %xmm15 jmp L_chacha20_avx1_start128 L_chacha20_avx1_done128: - shl $2, %eax + shll $2, %eax addl %eax, 48(%rdi) L_chacha20_avx1_end128: cmpl $0x40, %ecx @@ -876,7 +886,7 @@ L_chacha20_avx1_block_start: L_chacha20_avx1_block_crypt_start: vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3 + vpshufb (%r13), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $20, %xmm1, %xmm4 @@ -884,7 +894,7 @@ L_chacha20_avx1_block_crypt_start: vpxor %xmm4, %xmm1, %xmm1 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3 + vpshufb (%r12), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $25, %xmm1, %xmm4 @@ -895,7 +905,7 @@ L_chacha20_avx1_block_crypt_start: vpshufd $0x93, %xmm3, %xmm3 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3 + vpshufb (%r13), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $20, %xmm1, %xmm4 @@ -903,7 +913,7 @@ L_chacha20_avx1_block_crypt_start: vpxor %xmm4, %xmm1, %xmm1 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3 + vpshufb (%r12), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $25, %xmm1, %xmm4 @@ -952,7 +962,7 @@ L_chacha20_avx1_block_done: L_chacha20_avx1_partial_crypt_start: vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3 + vpshufb (%r13), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $20, %xmm1, %xmm4 @@ -960,7 +970,7 @@ L_chacha20_avx1_partial_crypt_start: vpxor %xmm4, %xmm1, %xmm1 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3 + vpshufb (%r12), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $25, %xmm1, %xmm4 @@ -971,7 +981,7 @@ L_chacha20_avx1_partial_crypt_start: vpshufd $0x93, %xmm3, %xmm3 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3 + vpshufb (%r13), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $20, %xmm1, %xmm4 @@ -979,7 +989,7 @@ L_chacha20_avx1_partial_crypt_start: vpxor %xmm4, %xmm1, %xmm1 vpaddd %xmm1, %xmm0, %xmm0 vpxor %xmm0, %xmm3, %xmm3 - vpshufb L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3 + vpshufb (%r12), %xmm3, %xmm3 vpaddd %xmm3, %xmm2, %xmm2 vpxor %xmm2, %xmm1, %xmm1 vpsrld $25, %xmm1, %xmm4 @@ -1023,7 +1033,12 @@ L_chacha20_avx1_partial_end64: subl %r11d, %r8d movl %r8d, 76(%rdi) L_chacha20_avx1_partial_done: + vzeroupper addq $0x190, %rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 repz retq #ifndef __APPLE__ .size chacha_encrypt_avx1,.-chacha_encrypt_avx1 @@ -1094,9 +1109,18 @@ chacha_encrypt_avx2: .p2align 4 _chacha_encrypt_avx2: #endif /* __APPLE__ */ - subq $0x310, %rsp + pushq %r12 + pushq %r13 + pushq %r14 + subq $0x320, %rsp movq %rsp, %r9 + leaq L_chacha20_avx2_rotl8(%rip), %r11 + leaq L_chacha20_avx2_rotl16(%rip), %r12 + leaq L_chacha20_avx2_add(%rip), %r13 + leaq L_chacha20_avx2_eight(%rip), %r14 leaq 512(%rsp), %r10 + addq $31, %r9 + addq $31, %r10 andq $-32, %r9 andq $-32, %r10 movl %ecx, %eax @@ -1118,7 +1142,7 @@ _chacha_encrypt_avx2: vpbroadcastd 52(%rdi), %ymm13 vpbroadcastd 56(%rdi), %ymm14 vpbroadcastd 60(%rdi), %ymm15 - vpaddd L_chacha20_avx2_add(%rip), %ymm12, %ymm12 + vpaddd (%r13), %ymm12, %ymm12 vmovdqa %ymm0, (%r9) vmovdqa %ymm1, 32(%r9) vmovdqa %ymm2, 64(%r9) @@ -1142,22 +1166,22 @@ L_chacha20_avx2_loop256: vpaddd %ymm4, %ymm0, %ymm0 vpxor %ymm0, %ymm12, %ymm12 vmovdqa 96(%r10), %ymm11 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm12, %ymm12 + vpshufb (%r12), %ymm12, %ymm12 vpaddd %ymm12, %ymm8, %ymm8 vpxor %ymm8, %ymm4, %ymm4 vpaddd %ymm5, %ymm1, %ymm1 vpxor %ymm1, %ymm13, %ymm13 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm13, %ymm13 + vpshufb (%r12), %ymm13, %ymm13 vpaddd %ymm13, %ymm9, %ymm9 vpxor %ymm9, %ymm5, %ymm5 vpaddd %ymm6, %ymm2, %ymm2 vpxor %ymm2, %ymm14, %ymm14 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm14, %ymm14 + vpshufb (%r12), %ymm14, %ymm14 vpaddd %ymm14, %ymm10, %ymm10 vpxor %ymm10, %ymm6, %ymm6 vpaddd %ymm7, %ymm3, %ymm3 vpxor %ymm3, %ymm15, %ymm15 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm15, %ymm15 + vpshufb (%r12), %ymm15, %ymm15 vpaddd %ymm15, %ymm11, %ymm11 vpxor %ymm11, %ymm7, %ymm7 vmovdqa %ymm11, 96(%r10) @@ -1176,22 +1200,22 @@ L_chacha20_avx2_loop256: vpaddd %ymm4, %ymm0, %ymm0 vpxor %ymm0, %ymm12, %ymm12 vmovdqa 96(%r10), %ymm11 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm12, %ymm12 + vpshufb (%r11), %ymm12, %ymm12 vpaddd %ymm12, %ymm8, %ymm8 vpxor %ymm8, %ymm4, %ymm4 vpaddd %ymm5, %ymm1, %ymm1 vpxor %ymm1, %ymm13, %ymm13 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm13, %ymm13 + vpshufb (%r11), %ymm13, %ymm13 vpaddd %ymm13, %ymm9, %ymm9 vpxor %ymm9, %ymm5, %ymm5 vpaddd %ymm6, %ymm2, %ymm2 vpxor %ymm2, %ymm14, %ymm14 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm14, %ymm14 + vpshufb (%r11), %ymm14, %ymm14 vpaddd %ymm14, %ymm10, %ymm10 vpxor %ymm10, %ymm6, %ymm6 vpaddd %ymm7, %ymm3, %ymm3 vpxor %ymm3, %ymm15, %ymm15 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm15, %ymm15 + vpshufb (%r11), %ymm15, %ymm15 vpaddd %ymm15, %ymm11, %ymm11 vpxor %ymm11, %ymm7, %ymm7 vmovdqa %ymm11, 96(%r10) @@ -1210,22 +1234,22 @@ L_chacha20_avx2_loop256: vpaddd %ymm5, %ymm0, %ymm0 vpxor %ymm0, %ymm15, %ymm15 vmovdqa 96(%r10), %ymm11 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm15, %ymm15 + vpshufb (%r12), %ymm15, %ymm15 vpaddd %ymm15, %ymm10, %ymm10 vpxor %ymm10, %ymm5, %ymm5 vpaddd %ymm6, %ymm1, %ymm1 vpxor %ymm1, %ymm12, %ymm12 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm12, %ymm12 + vpshufb (%r12), %ymm12, %ymm12 vpaddd %ymm12, %ymm11, %ymm11 vpxor %ymm11, %ymm6, %ymm6 vpaddd %ymm7, %ymm2, %ymm2 vpxor %ymm2, %ymm13, %ymm13 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm13, %ymm13 + vpshufb (%r12), %ymm13, %ymm13 vpaddd %ymm13, %ymm8, %ymm8 vpxor %ymm8, %ymm7, %ymm7 vpaddd %ymm4, %ymm3, %ymm3 vpxor %ymm3, %ymm14, %ymm14 - vpshufb L_chacha20_avx2_rotl16(%rip), %ymm14, %ymm14 + vpshufb (%r12), %ymm14, %ymm14 vpaddd %ymm14, %ymm9, %ymm9 vpxor %ymm9, %ymm4, %ymm4 vmovdqa %ymm11, 96(%r10) @@ -1244,22 +1268,22 @@ L_chacha20_avx2_loop256: vpaddd %ymm5, %ymm0, %ymm0 vpxor %ymm0, %ymm15, %ymm15 vmovdqa 96(%r10), %ymm11 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm15, %ymm15 + vpshufb (%r11), %ymm15, %ymm15 vpaddd %ymm15, %ymm10, %ymm10 vpxor %ymm10, %ymm5, %ymm5 vpaddd %ymm6, %ymm1, %ymm1 vpxor %ymm1, %ymm12, %ymm12 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm12, %ymm12 + vpshufb (%r11), %ymm12, %ymm12 vpaddd %ymm12, %ymm11, %ymm11 vpxor %ymm11, %ymm6, %ymm6 vpaddd %ymm7, %ymm2, %ymm2 vpxor %ymm2, %ymm13, %ymm13 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm13, %ymm13 + vpshufb (%r11), %ymm13, %ymm13 vpaddd %ymm13, %ymm8, %ymm8 vpxor %ymm8, %ymm7, %ymm7 vpaddd %ymm4, %ymm3, %ymm3 vpxor %ymm3, %ymm14, %ymm14 - vpshufb L_chacha20_avx2_rotl8(%rip), %ymm14, %ymm14 + vpshufb (%r11), %ymm14, %ymm14 vpaddd %ymm14, %ymm9, %ymm9 vpxor %ymm9, %ymm4, %ymm4 vmovdqa %ymm11, 96(%r10) @@ -1409,7 +1433,7 @@ L_chacha20_avx2_loop256: vmovdqa 384(%r9), %ymm12 addq $0x200, %rsi addq $0x200, %rdx - vpaddd L_chacha20_avx2_eight(%rip), %ymm12, %ymm12 + vpaddd (%r14), %ymm12, %ymm12 subl $0x200, %ecx vmovdqa %ymm12, 384(%r9) cmpl $0x200, %ecx @@ -1432,7 +1456,7 @@ L_chacha20_avx2_loop256: vmovdqa 480(%r9), %ymm15 jmp L_chacha20_avx2_start256 L_chacha20_avx2_done256: - shl $3, %eax + shll $3, %eax addl %eax, 48(%rdi) L_chacha20_avx2_end256: #ifndef __APPLE__ @@ -1440,7 +1464,11 @@ L_chacha20_avx2_end256: #else callq _chacha_encrypt_avx1 #endif /* __APPLE__ */ - addq $0x310, %rsp + vzeroupper + addq $0x320, %rsp + popq %r14 + popq %r13 + popq %r12 repz retq #ifndef __APPLE__ .size chacha_encrypt_avx2,.-chacha_encrypt_avx2 diff --git a/wolfcrypt/src/chacha_asm.asm b/wolfcrypt/src/chacha_asm.asm new file mode 100644 index 0000000000..43b4ee16ed --- /dev/null +++ b/wolfcrypt/src/chacha_asm.asm @@ -0,0 +1,1426 @@ +; /* chacha_asm.asm */ +; /* +; * Copyright (C) 2006-2024 wolfSSL Inc. +; * +; * This file is part of wolfSSL. +; * +; * wolfSSL is free software; you can redistribute it and/or modify +; * it under the terms of the GNU General Public License as published by +; * the Free Software Foundation; either version 2 of the License, or +; * (at your option) any later version. +; * +; * wolfSSL is distributed in the hope that it will be useful, +; * but WITHOUT ANY WARRANTY; without even the implied warranty of +; * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +; * GNU General Public License for more details. +; * +; * You should have received a copy of the GNU General Public License +; * along with this program; if not, write to the Free Software +; * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +; */ +IF @Version LT 1200 +; AVX2 instructions not recognized by old versions of MASM +IFNDEF NO_AVX2_SUPPORT +NO_AVX2_SUPPORT = 1 +ENDIF +; MOVBE instruction not recognized by old versions of MASM +IFNDEF NO_MOVBE_SUPPORT +NO_MOVBE_SUPPORT = 1 +ENDIF +ENDIF + +IFNDEF HAVE_INTEL_AVX1 +HAVE_INTEL_AVX1 = 1 +ENDIF +IFNDEF NO_AVX2_SUPPORT +HAVE_INTEL_AVX2 = 1 +ENDIF + +IFNDEF _WIN64 +_WIN64 = 1 +ENDIF + +_text SEGMENT READONLY PARA +chacha_encrypt_x64 PROC + push rbx + push rbp + push r12 + push r13 + push r14 + push r15 + sub rsp, 64 + cmp r9d, 64 + jl L_chacha_x64_small +L_chacha_x64_start: + sub rsp, 48 + mov QWORD PTR [rsp+24], r8 + mov QWORD PTR [rsp+32], rdx + mov QWORD PTR [rsp+40], r9 + mov rax, QWORD PTR [rcx+32] + mov rbx, QWORD PTR [rcx+40] + mov QWORD PTR [rsp+8], rax + mov QWORD PTR [rsp+16], rbx + mov eax, DWORD PTR [rcx] + mov ebx, DWORD PTR [rcx+4] + mov r9d, DWORD PTR [rcx+8] + mov r8d, DWORD PTR [rcx+12] + mov r8d, DWORD PTR [rcx+16] + mov r9d, DWORD PTR [rcx+20] + mov r10d, DWORD PTR [rcx+24] + mov r11d, DWORD PTR [rcx+28] + mov r12d, DWORD PTR [rcx+48] + mov r13d, DWORD PTR [rcx+52] + mov r14d, DWORD PTR [rcx+56] + mov r15d, DWORD PTR [rcx+60] + mov BYTE PTR [rsp], 10 + mov edx, DWORD PTR [rsp+8] + mov ebp, DWORD PTR [rsp+12] +L_chacha_x64_block_crypt_start: + add eax, r8d + add ebx, r9d + xor r12d, eax + xor r13d, ebx + rol r12d, 16 + rol r13d, 16 + add edx, r12d + add ebp, r13d + xor r8d, edx + xor r9d, ebp + rol r8d, 12 + rol r9d, 12 + add eax, r8d + add ebx, r9d + xor r12d, eax + xor r13d, ebx + rol r12d, 8 + rol r13d, 8 + add edx, r12d + add ebp, r13d + xor r8d, edx + xor r9d, ebp + rol r8d, 7 + rol r9d, 7 + mov DWORD PTR [rsp+8], edx + mov DWORD PTR [rsp+12], ebp + mov edx, DWORD PTR [rsp+16] + mov ebp, DWORD PTR [rsp+20] + add r9d, r10d + add r8d, r11d + xor r14d, r9d + xor r15d, r8d + rol r14d, 16 + rol r15d, 16 + add edx, r14d + add ebp, r15d + xor r10d, edx + xor r11d, ebp + rol r10d, 12 + rol r11d, 12 + add r9d, r10d + add r8d, r11d + xor r14d, r9d + xor r15d, r8d + rol r14d, 8 + rol r15d, 8 + add edx, r14d + add ebp, r15d + xor r10d, edx + xor r11d, ebp + rol r10d, 7 + rol r11d, 7 + add eax, r9d + add ebx, r10d + xor r15d, eax + xor r12d, ebx + rol r15d, 16 + rol r12d, 16 + add edx, r15d + add ebp, r12d + xor r9d, edx + xor r10d, ebp + rol r9d, 12 + rol r10d, 12 + add eax, r9d + add ebx, r10d + xor r15d, eax + xor r12d, ebx + rol r15d, 8 + rol r12d, 8 + add edx, r15d + add ebp, r12d + xor r9d, edx + xor r10d, ebp + rol r9d, 7 + rol r10d, 7 + mov DWORD PTR [rsp+16], edx + mov DWORD PTR [rsp+20], ebp + mov edx, DWORD PTR [rsp+8] + mov ebp, DWORD PTR [rsp+12] + add r9d, r11d + add r8d, r8d + xor r13d, r9d + xor r14d, r8d + rol r13d, 16 + rol r14d, 16 + add edx, r13d + add ebp, r14d + xor r11d, edx + xor r8d, ebp + rol r11d, 12 + rol r8d, 12 + add r9d, r11d + add r8d, r8d + xor r13d, r9d + xor r14d, r8d + rol r13d, 8 + rol r14d, 8 + add edx, r13d + add ebp, r14d + xor r11d, edx + xor r8d, ebp + rol r11d, 7 + rol r8d, 7 + dec BYTE PTR [rsp] + jnz L_chacha_x64_block_crypt_start + mov DWORD PTR [rsp+8], edx + mov DWORD PTR [rsp+12], ebp + mov rdx, QWORD PTR [rsp+32] + mov rbp, QWORD PTR [rsp+24] + add eax, DWORD PTR [rcx] + add ebx, DWORD PTR [rcx+4] + add r9d, DWORD PTR [rcx+8] + add r8d, DWORD PTR [rcx+12] + add r8d, DWORD PTR [rcx+16] + add r9d, DWORD PTR [rcx+20] + add r10d, DWORD PTR [rcx+24] + add r11d, DWORD PTR [rcx+28] + add r12d, DWORD PTR [rcx+48] + add r13d, DWORD PTR [rcx+52] + add r14d, DWORD PTR [rcx+56] + add r15d, DWORD PTR [rcx+60] + xor eax, DWORD PTR [rdx] + xor ebx, DWORD PTR [rdx+4] + xor r9d, DWORD PTR [rdx+8] + xor r8d, DWORD PTR [rdx+12] + xor r8d, DWORD PTR [rdx+16] + xor r9d, DWORD PTR [rdx+20] + xor r10d, DWORD PTR [rdx+24] + xor r11d, DWORD PTR [rdx+28] + xor r12d, DWORD PTR [rdx+48] + xor r13d, DWORD PTR [rdx+52] + xor r14d, DWORD PTR [rdx+56] + xor r15d, DWORD PTR [rdx+60] + mov DWORD PTR [rbp], eax + mov DWORD PTR [rbp+4], ebx + mov DWORD PTR [rbp+8], r9d + mov DWORD PTR [rbp+12], r8d + mov DWORD PTR [rbp+16], r8d + mov DWORD PTR [rbp+20], r9d + mov DWORD PTR [rbp+24], r10d + mov DWORD PTR [rbp+28], r11d + mov DWORD PTR [rbp+48], r12d + mov DWORD PTR [rbp+52], r13d + mov DWORD PTR [rbp+56], r14d + mov DWORD PTR [rbp+60], r15d + mov eax, DWORD PTR [rsp+8] + mov ebx, DWORD PTR [rsp+12] + mov r9d, DWORD PTR [rsp+16] + mov r8d, DWORD PTR [rsp+20] + add eax, DWORD PTR [rcx+32] + add ebx, DWORD PTR [rcx+36] + add r9d, DWORD PTR [rcx+40] + add r8d, DWORD PTR [rcx+44] + xor eax, DWORD PTR [rdx+32] + xor ebx, DWORD PTR [rdx+36] + xor r9d, DWORD PTR [rdx+40] + xor r8d, DWORD PTR [rdx+44] + mov DWORD PTR [rbp+32], eax + mov DWORD PTR [rbp+36], ebx + mov DWORD PTR [rbp+40], r9d + mov DWORD PTR [rbp+44], r8d + mov r8, QWORD PTR [rsp+24] + mov r9, QWORD PTR [rsp+40] + add DWORD PTR [rcx+48], 1 + add rsp, 48 + sub r9d, 64 + add rdx, 64 + add r8, 64 + cmp r9d, 64 + jge L_chacha_x64_start +L_chacha_x64_small: + cmp r9d, 0 + je L_chacha_x64_done + sub rsp, 48 + mov QWORD PTR [rsp+24], r8 + mov QWORD PTR [rsp+32], rdx + mov QWORD PTR [rsp+40], r9 + mov rax, QWORD PTR [rcx+32] + mov rbx, QWORD PTR [rcx+40] + mov QWORD PTR [rsp+8], rax + mov QWORD PTR [rsp+16], rbx + mov eax, DWORD PTR [rcx] + mov ebx, DWORD PTR [rcx+4] + mov r9d, DWORD PTR [rcx+8] + mov r8d, DWORD PTR [rcx+12] + mov r8d, DWORD PTR [rcx+16] + mov r9d, DWORD PTR [rcx+20] + mov r10d, DWORD PTR [rcx+24] + mov r11d, DWORD PTR [rcx+28] + mov r12d, DWORD PTR [rcx+48] + mov r13d, DWORD PTR [rcx+52] + mov r14d, DWORD PTR [rcx+56] + mov r15d, DWORD PTR [rcx+60] + mov BYTE PTR [rsp], 10 + mov edx, DWORD PTR [rsp+8] + mov ebp, DWORD PTR [rsp+12] +L_chacha_x64_partial_crypt_start: + add eax, r8d + add ebx, r9d + xor r12d, eax + xor r13d, ebx + rol r12d, 16 + rol r13d, 16 + add edx, r12d + add ebp, r13d + xor r8d, edx + xor r9d, ebp + rol r8d, 12 + rol r9d, 12 + add eax, r8d + add ebx, r9d + xor r12d, eax + xor r13d, ebx + rol r12d, 8 + rol r13d, 8 + add edx, r12d + add ebp, r13d + xor r8d, edx + xor r9d, ebp + rol r8d, 7 + rol r9d, 7 + mov DWORD PTR [rsp+8], edx + mov DWORD PTR [rsp+12], ebp + mov edx, DWORD PTR [rsp+16] + mov ebp, DWORD PTR [rsp+20] + add r9d, r10d + add r8d, r11d + xor r14d, r9d + xor r15d, r8d + rol r14d, 16 + rol r15d, 16 + add edx, r14d + add ebp, r15d + xor r10d, edx + xor r11d, ebp + rol r10d, 12 + rol r11d, 12 + add r9d, r10d + add r8d, r11d + xor r14d, r9d + xor r15d, r8d + rol r14d, 8 + rol r15d, 8 + add edx, r14d + add ebp, r15d + xor r10d, edx + xor r11d, ebp + rol r10d, 7 + rol r11d, 7 + add eax, r9d + add ebx, r10d + xor r15d, eax + xor r12d, ebx + rol r15d, 16 + rol r12d, 16 + add edx, r15d + add ebp, r12d + xor r9d, edx + xor r10d, ebp + rol r9d, 12 + rol r10d, 12 + add eax, r9d + add ebx, r10d + xor r15d, eax + xor r12d, ebx + rol r15d, 8 + rol r12d, 8 + add edx, r15d + add ebp, r12d + xor r9d, edx + xor r10d, ebp + rol r9d, 7 + rol r10d, 7 + mov DWORD PTR [rsp+16], edx + mov DWORD PTR [rsp+20], ebp + mov edx, DWORD PTR [rsp+8] + mov ebp, DWORD PTR [rsp+12] + add r9d, r11d + add r8d, r8d + xor r13d, r9d + xor r14d, r8d + rol r13d, 16 + rol r14d, 16 + add edx, r13d + add ebp, r14d + xor r11d, edx + xor r8d, ebp + rol r11d, 12 + rol r8d, 12 + add r9d, r11d + add r8d, r8d + xor r13d, r9d + xor r14d, r8d + rol r13d, 8 + rol r14d, 8 + add edx, r13d + add ebp, r14d + xor r11d, edx + xor r8d, ebp + rol r11d, 7 + rol r8d, 7 + dec BYTE PTR [rsp] + jnz L_chacha_x64_partial_crypt_start + mov DWORD PTR [rsp+8], edx + mov DWORD PTR [rsp+12], ebp + mov rdx, QWORD PTR [rsp+32] + add eax, DWORD PTR [rcx] + add ebx, DWORD PTR [rcx+4] + add r9d, DWORD PTR [rcx+8] + add r8d, DWORD PTR [rcx+12] + add r8d, DWORD PTR [rcx+16] + add r9d, DWORD PTR [rcx+20] + add r10d, DWORD PTR [rcx+24] + add r11d, DWORD PTR [rcx+28] + add r12d, DWORD PTR [rcx+48] + add r13d, DWORD PTR [rcx+52] + add r14d, DWORD PTR [rcx+56] + add r15d, DWORD PTR [rcx+60] + lea rbp, QWORD PTR [rcx+80] + mov DWORD PTR [rbp], eax + mov DWORD PTR [rbp+4], ebx + mov DWORD PTR [rbp+8], r9d + mov DWORD PTR [rbp+12], r8d + mov DWORD PTR [rbp+16], r8d + mov DWORD PTR [rbp+20], r9d + mov DWORD PTR [rbp+24], r10d + mov DWORD PTR [rbp+28], r11d + mov DWORD PTR [rbp+48], r12d + mov DWORD PTR [rbp+52], r13d + mov DWORD PTR [rbp+56], r14d + mov DWORD PTR [rbp+60], r15d + mov eax, DWORD PTR [rsp+8] + mov ebx, DWORD PTR [rsp+12] + mov r9d, DWORD PTR [rsp+16] + mov r8d, DWORD PTR [rsp+20] + add eax, DWORD PTR [rcx+32] + add ebx, DWORD PTR [rcx+36] + add r9d, DWORD PTR [rcx+40] + add r8d, DWORD PTR [rcx+44] + mov DWORD PTR [rbp+32], eax + mov DWORD PTR [rbp+36], ebx + mov DWORD PTR [rbp+40], r9d + mov DWORD PTR [rbp+44], r8d + mov r8, QWORD PTR [rsp+24] + mov r9, QWORD PTR [rsp+40] + add DWORD PTR [rcx+48], 1 + add rsp, 48 + mov r8d, r9d + xor rbx, rbx + and r8d, 7 + jz L_chacha_x64_partial_start64 +L_chacha_x64_partial_start8: + movzx eax, BYTE PTR [rbp+rbx] + xor al, BYTE PTR [rdx+rbx] + mov BYTE PTR [r8+rbx], al + inc ebx + cmp ebx, r8d + jne L_chacha_x64_partial_start8 + je L_chacha_x64_partial_end64 +L_chacha_x64_partial_start64: + mov rax, QWORD PTR [rbp+rbx] + xor rax, QWORD PTR [rdx+rbx] + mov QWORD PTR [r8+rbx], rax + add ebx, 8 +L_chacha_x64_partial_end64: + cmp ebx, r9d + jne L_chacha_x64_partial_start64 + mov r9d, 64 + sub r9d, ebx + mov DWORD PTR [rcx+76], r9d +L_chacha_x64_done: + add rsp, 64 + pop r15 + pop r14 + pop r13 + pop r12 + pop rbp + pop rbx + ret +chacha_encrypt_x64 ENDP +_text ENDS +IFDEF HAVE_INTEL_AVX1 +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx1_rotl8 QWORD 433757367256023043, 1012478749960636427 +ptr_L_chacha20_avx1_rotl8 QWORD L_chacha20_avx1_rotl8 +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx1_rotl16 QWORD 361421592464458498, 940142975169071882 +ptr_L_chacha20_avx1_rotl16 QWORD L_chacha20_avx1_rotl16 +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx1_add QWORD 4294967296, 12884901890 +ptr_L_chacha20_avx1_add QWORD L_chacha20_avx1_add +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx1_four QWORD 17179869188, 17179869188 +ptr_L_chacha20_avx1_four QWORD L_chacha20_avx1_four +_DATA ENDS +_text SEGMENT READONLY PARA +chacha_encrypt_avx1 PROC + push r12 + push r13 + push r14 + push r15 + push rdi + push rsi + sub rsp, 560 + vmovdqu OWORD PTR [rsp+400], xmm6 + vmovdqu OWORD PTR [rsp+416], xmm7 + vmovdqu OWORD PTR [rsp+432], xmm8 + vmovdqu OWORD PTR [rsp+448], xmm9 + vmovdqu OWORD PTR [rsp+464], xmm10 + vmovdqu OWORD PTR [rsp+480], xmm11 + vmovdqu OWORD PTR [rsp+496], xmm12 + vmovdqu OWORD PTR [rsp+512], xmm13 + vmovdqu OWORD PTR [rsp+528], xmm14 + vmovdqu OWORD PTR [rsp+544], xmm15 + mov r11, rsp + lea r12, QWORD PTR [rsp+256] + mov r14, QWORD PTR [ptr_L_chacha20_avx1_rotl8] + mov r15, QWORD PTR [ptr_L_chacha20_avx1_rotl16] + mov rdi, QWORD PTR [ptr_L_chacha20_avx1_add] + mov rsi, QWORD PTR [ptr_L_chacha20_avx1_four] + add r11, 15 + add r12, 15 + and r11, -16 + and r12, -16 + mov eax, r9d + shr eax, 8 + jz L_chacha20_avx1_end128 + vpshufd xmm0, [rcx], 0 + vpshufd xmm1, [rcx+4], 0 + vpshufd xmm2, [rcx+8], 0 + vpshufd xmm3, [rcx+12], 0 + vpshufd xmm4, [rcx+16], 0 + vpshufd xmm5, [rcx+20], 0 + vpshufd xmm6, [rcx+24], 0 + vpshufd xmm7, [rcx+28], 0 + vpshufd xmm8, [rcx+32], 0 + vpshufd xmm9, [rcx+36], 0 + vpshufd xmm10, [rcx+40], 0 + vpshufd xmm11, [rcx+44], 0 + vpshufd xmm12, [rcx+48], 0 + vpshufd xmm13, [rcx+52], 0 + vpshufd xmm14, [rcx+56], 0 + vpshufd xmm15, [rcx+60], 0 + vpaddd xmm12, xmm12, OWORD PTR [rdi] + vmovdqa OWORD PTR [r11], xmm0 + vmovdqa OWORD PTR [r11+16], xmm1 + vmovdqa OWORD PTR [r11+32], xmm2 + vmovdqa OWORD PTR [r11+48], xmm3 + vmovdqa OWORD PTR [r11+64], xmm4 + vmovdqa OWORD PTR [r11+80], xmm5 + vmovdqa OWORD PTR [r11+96], xmm6 + vmovdqa OWORD PTR [r11+112], xmm7 + vmovdqa OWORD PTR [r11+128], xmm8 + vmovdqa OWORD PTR [r11+144], xmm9 + vmovdqa OWORD PTR [r11+160], xmm10 + vmovdqa OWORD PTR [r11+176], xmm11 + vmovdqa OWORD PTR [r11+192], xmm12 + vmovdqa OWORD PTR [r11+208], xmm13 + vmovdqa OWORD PTR [r11+224], xmm14 + vmovdqa OWORD PTR [r11+240], xmm15 +L_chacha20_avx1_start128: + vmovdqa OWORD PTR [r12+48], xmm11 + mov r10b, 10 +L_chacha20_avx1_loop128: + vpaddd xmm0, xmm0, xmm4 + vpxor xmm12, xmm12, xmm0 + vmovdqa xmm11, OWORD PTR [r12+48] + vpshufb xmm12, xmm12, OWORD PTR [r15] + vpaddd xmm8, xmm8, xmm12 + vpxor xmm4, xmm4, xmm8 + vpaddd xmm1, xmm1, xmm5 + vpxor xmm13, xmm13, xmm1 + vpshufb xmm13, xmm13, OWORD PTR [r15] + vpaddd xmm9, xmm9, xmm13 + vpxor xmm5, xmm5, xmm9 + vpaddd xmm2, xmm2, xmm6 + vpxor xmm14, xmm14, xmm2 + vpshufb xmm14, xmm14, OWORD PTR [r15] + vpaddd xmm10, xmm10, xmm14 + vpxor xmm6, xmm6, xmm10 + vpaddd xmm3, xmm3, xmm7 + vpxor xmm15, xmm15, xmm3 + vpshufb xmm15, xmm15, OWORD PTR [r15] + vpaddd xmm11, xmm11, xmm15 + vpxor xmm7, xmm7, xmm11 + vmovdqa OWORD PTR [r12+48], xmm11 + vpsrld xmm11, xmm4, 20 + vpslld xmm4, xmm4, 12 + vpxor xmm4, xmm4, xmm11 + vpsrld xmm11, xmm5, 20 + vpslld xmm5, xmm5, 12 + vpxor xmm5, xmm5, xmm11 + vpsrld xmm11, xmm6, 20 + vpslld xmm6, xmm6, 12 + vpxor xmm6, xmm6, xmm11 + vpsrld xmm11, xmm7, 20 + vpslld xmm7, xmm7, 12 + vpxor xmm7, xmm7, xmm11 + vpaddd xmm0, xmm0, xmm4 + vpxor xmm12, xmm12, xmm0 + vmovdqa xmm11, OWORD PTR [r12+48] + vpshufb xmm12, xmm12, OWORD PTR [r14] + vpaddd xmm8, xmm8, xmm12 + vpxor xmm4, xmm4, xmm8 + vpaddd xmm1, xmm1, xmm5 + vpxor xmm13, xmm13, xmm1 + vpshufb xmm13, xmm13, OWORD PTR [r14] + vpaddd xmm9, xmm9, xmm13 + vpxor xmm5, xmm5, xmm9 + vpaddd xmm2, xmm2, xmm6 + vpxor xmm14, xmm14, xmm2 + vpshufb xmm14, xmm14, OWORD PTR [r14] + vpaddd xmm10, xmm10, xmm14 + vpxor xmm6, xmm6, xmm10 + vpaddd xmm3, xmm3, xmm7 + vpxor xmm15, xmm15, xmm3 + vpshufb xmm15, xmm15, OWORD PTR [r14] + vpaddd xmm11, xmm11, xmm15 + vpxor xmm7, xmm7, xmm11 + vmovdqa OWORD PTR [r12+48], xmm11 + vpsrld xmm11, xmm4, 25 + vpslld xmm4, xmm4, 7 + vpxor xmm4, xmm4, xmm11 + vpsrld xmm11, xmm5, 25 + vpslld xmm5, xmm5, 7 + vpxor xmm5, xmm5, xmm11 + vpsrld xmm11, xmm6, 25 + vpslld xmm6, xmm6, 7 + vpxor xmm6, xmm6, xmm11 + vpsrld xmm11, xmm7, 25 + vpslld xmm7, xmm7, 7 + vpxor xmm7, xmm7, xmm11 + vpaddd xmm0, xmm0, xmm5 + vpxor xmm15, xmm15, xmm0 + vmovdqa xmm11, OWORD PTR [r12+48] + vpshufb xmm15, xmm15, OWORD PTR [r15] + vpaddd xmm10, xmm10, xmm15 + vpxor xmm5, xmm5, xmm10 + vpaddd xmm1, xmm1, xmm6 + vpxor xmm12, xmm12, xmm1 + vpshufb xmm12, xmm12, OWORD PTR [r15] + vpaddd xmm11, xmm11, xmm12 + vpxor xmm6, xmm6, xmm11 + vpaddd xmm2, xmm2, xmm7 + vpxor xmm13, xmm13, xmm2 + vpshufb xmm13, xmm13, OWORD PTR [r15] + vpaddd xmm8, xmm8, xmm13 + vpxor xmm7, xmm7, xmm8 + vpaddd xmm3, xmm3, xmm4 + vpxor xmm14, xmm14, xmm3 + vpshufb xmm14, xmm14, OWORD PTR [r15] + vpaddd xmm9, xmm9, xmm14 + vpxor xmm4, xmm4, xmm9 + vmovdqa OWORD PTR [r12+48], xmm11 + vpsrld xmm11, xmm5, 20 + vpslld xmm5, xmm5, 12 + vpxor xmm5, xmm5, xmm11 + vpsrld xmm11, xmm6, 20 + vpslld xmm6, xmm6, 12 + vpxor xmm6, xmm6, xmm11 + vpsrld xmm11, xmm7, 20 + vpslld xmm7, xmm7, 12 + vpxor xmm7, xmm7, xmm11 + vpsrld xmm11, xmm4, 20 + vpslld xmm4, xmm4, 12 + vpxor xmm4, xmm4, xmm11 + vpaddd xmm0, xmm0, xmm5 + vpxor xmm15, xmm15, xmm0 + vmovdqa xmm11, OWORD PTR [r12+48] + vpshufb xmm15, xmm15, OWORD PTR [r14] + vpaddd xmm10, xmm10, xmm15 + vpxor xmm5, xmm5, xmm10 + vpaddd xmm1, xmm1, xmm6 + vpxor xmm12, xmm12, xmm1 + vpshufb xmm12, xmm12, OWORD PTR [r14] + vpaddd xmm11, xmm11, xmm12 + vpxor xmm6, xmm6, xmm11 + vpaddd xmm2, xmm2, xmm7 + vpxor xmm13, xmm13, xmm2 + vpshufb xmm13, xmm13, OWORD PTR [r14] + vpaddd xmm8, xmm8, xmm13 + vpxor xmm7, xmm7, xmm8 + vpaddd xmm3, xmm3, xmm4 + vpxor xmm14, xmm14, xmm3 + vpshufb xmm14, xmm14, OWORD PTR [r14] + vpaddd xmm9, xmm9, xmm14 + vpxor xmm4, xmm4, xmm9 + vmovdqa OWORD PTR [r12+48], xmm11 + vpsrld xmm11, xmm5, 25 + vpslld xmm5, xmm5, 7 + vpxor xmm5, xmm5, xmm11 + vpsrld xmm11, xmm6, 25 + vpslld xmm6, xmm6, 7 + vpxor xmm6, xmm6, xmm11 + vpsrld xmm11, xmm7, 25 + vpslld xmm7, xmm7, 7 + vpxor xmm7, xmm7, xmm11 + vpsrld xmm11, xmm4, 25 + vpslld xmm4, xmm4, 7 + vpxor xmm4, xmm4, xmm11 + dec r10b + jnz L_chacha20_avx1_loop128 + vmovdqa xmm11, OWORD PTR [r12+48] + vpaddd xmm0, xmm0, OWORD PTR [r11] + vpaddd xmm1, xmm1, OWORD PTR [r11+16] + vpaddd xmm2, xmm2, OWORD PTR [r11+32] + vpaddd xmm3, xmm3, OWORD PTR [r11+48] + vpaddd xmm4, xmm4, OWORD PTR [r11+64] + vpaddd xmm5, xmm5, OWORD PTR [r11+80] + vpaddd xmm6, xmm6, OWORD PTR [r11+96] + vpaddd xmm7, xmm7, OWORD PTR [r11+112] + vpaddd xmm8, xmm8, OWORD PTR [r11+128] + vpaddd xmm9, xmm9, OWORD PTR [r11+144] + vpaddd xmm10, xmm10, OWORD PTR [r11+160] + vpaddd xmm11, xmm11, OWORD PTR [r11+176] + vpaddd xmm12, xmm12, OWORD PTR [r11+192] + vpaddd xmm13, xmm13, OWORD PTR [r11+208] + vpaddd xmm14, xmm14, OWORD PTR [r11+224] + vpaddd xmm15, xmm15, OWORD PTR [r11+240] + vmovdqa OWORD PTR [r12], xmm8 + vmovdqa OWORD PTR [r12+16], xmm9 + vmovdqa OWORD PTR [r12+32], xmm10 + vmovdqa OWORD PTR [r12+48], xmm11 + vmovdqa OWORD PTR [r12+64], xmm12 + vmovdqa OWORD PTR [r12+80], xmm13 + vmovdqa OWORD PTR [r12+96], xmm14 + vmovdqa OWORD PTR [r12+112], xmm15 + vpunpckldq xmm8, xmm0, xmm1 + vpunpckldq xmm9, xmm2, xmm3 + vpunpckhdq xmm12, xmm0, xmm1 + vpunpckhdq xmm13, xmm2, xmm3 + vpunpckldq xmm10, xmm4, xmm5 + vpunpckldq xmm11, xmm6, xmm7 + vpunpckhdq xmm14, xmm4, xmm5 + vpunpckhdq xmm15, xmm6, xmm7 + vpunpcklqdq xmm0, xmm8, xmm9 + vpunpcklqdq xmm1, xmm10, xmm11 + vpunpckhqdq xmm2, xmm8, xmm9 + vpunpckhqdq xmm3, xmm10, xmm11 + vpunpcklqdq xmm4, xmm12, xmm13 + vpunpcklqdq xmm5, xmm14, xmm15 + vpunpckhqdq xmm6, xmm12, xmm13 + vpunpckhqdq xmm7, xmm14, xmm15 + vmovdqu xmm8, OWORD PTR [rdx] + vmovdqu xmm9, OWORD PTR [rdx+16] + vmovdqu xmm10, OWORD PTR [rdx+64] + vmovdqu xmm11, OWORD PTR [rdx+80] + vmovdqu xmm12, OWORD PTR [rdx+128] + vmovdqu xmm13, OWORD PTR [rdx+144] + vmovdqu xmm14, OWORD PTR [rdx+192] + vmovdqu xmm15, OWORD PTR [rdx+208] + vpxor xmm0, xmm0, xmm8 + vpxor xmm1, xmm1, xmm9 + vpxor xmm2, xmm2, xmm10 + vpxor xmm3, xmm3, xmm11 + vpxor xmm4, xmm4, xmm12 + vpxor xmm5, xmm5, xmm13 + vpxor xmm6, xmm6, xmm14 + vpxor xmm7, xmm7, xmm15 + vmovdqu OWORD PTR [r8], xmm0 + vmovdqu OWORD PTR [r8+16], xmm1 + vmovdqu OWORD PTR [r8+64], xmm2 + vmovdqu OWORD PTR [r8+80], xmm3 + vmovdqu OWORD PTR [r8+128], xmm4 + vmovdqu OWORD PTR [r8+144], xmm5 + vmovdqu OWORD PTR [r8+192], xmm6 + vmovdqu OWORD PTR [r8+208], xmm7 + vmovdqa xmm0, OWORD PTR [r12] + vmovdqa xmm1, OWORD PTR [r12+16] + vmovdqa xmm2, OWORD PTR [r12+32] + vmovdqa xmm3, OWORD PTR [r12+48] + vmovdqa xmm4, OWORD PTR [r12+64] + vmovdqa xmm5, OWORD PTR [r12+80] + vmovdqa xmm6, OWORD PTR [r12+96] + vmovdqa xmm7, OWORD PTR [r12+112] + vpunpckldq xmm8, xmm0, xmm1 + vpunpckldq xmm9, xmm2, xmm3 + vpunpckhdq xmm12, xmm0, xmm1 + vpunpckhdq xmm13, xmm2, xmm3 + vpunpckldq xmm10, xmm4, xmm5 + vpunpckldq xmm11, xmm6, xmm7 + vpunpckhdq xmm14, xmm4, xmm5 + vpunpckhdq xmm15, xmm6, xmm7 + vpunpcklqdq xmm0, xmm8, xmm9 + vpunpcklqdq xmm1, xmm10, xmm11 + vpunpckhqdq xmm2, xmm8, xmm9 + vpunpckhqdq xmm3, xmm10, xmm11 + vpunpcklqdq xmm4, xmm12, xmm13 + vpunpcklqdq xmm5, xmm14, xmm15 + vpunpckhqdq xmm6, xmm12, xmm13 + vpunpckhqdq xmm7, xmm14, xmm15 + vmovdqu xmm8, OWORD PTR [rdx+32] + vmovdqu xmm9, OWORD PTR [rdx+48] + vmovdqu xmm10, OWORD PTR [rdx+96] + vmovdqu xmm11, OWORD PTR [rdx+112] + vmovdqu xmm12, OWORD PTR [rdx+160] + vmovdqu xmm13, OWORD PTR [rdx+176] + vmovdqu xmm14, OWORD PTR [rdx+224] + vmovdqu xmm15, OWORD PTR [rdx+240] + vpxor xmm0, xmm0, xmm8 + vpxor xmm1, xmm1, xmm9 + vpxor xmm2, xmm2, xmm10 + vpxor xmm3, xmm3, xmm11 + vpxor xmm4, xmm4, xmm12 + vpxor xmm5, xmm5, xmm13 + vpxor xmm6, xmm6, xmm14 + vpxor xmm7, xmm7, xmm15 + vmovdqu OWORD PTR [r8+32], xmm0 + vmovdqu OWORD PTR [r8+48], xmm1 + vmovdqu OWORD PTR [r8+96], xmm2 + vmovdqu OWORD PTR [r8+112], xmm3 + vmovdqu OWORD PTR [r8+160], xmm4 + vmovdqu OWORD PTR [r8+176], xmm5 + vmovdqu OWORD PTR [r8+224], xmm6 + vmovdqu OWORD PTR [r8+240], xmm7 + vmovdqa xmm12, OWORD PTR [r11+192] + add rdx, 256 + add r8, 256 + vpaddd xmm12, xmm12, OWORD PTR [rsi] + sub r9d, 256 + vmovdqa OWORD PTR [r11+192], xmm12 + cmp r9d, 256 + jl L_chacha20_avx1_done128 + vmovdqa xmm0, OWORD PTR [r11] + vmovdqa xmm1, OWORD PTR [r11+16] + vmovdqa xmm2, OWORD PTR [r11+32] + vmovdqa xmm3, OWORD PTR [r11+48] + vmovdqa xmm4, OWORD PTR [r11+64] + vmovdqa xmm5, OWORD PTR [r11+80] + vmovdqa xmm6, OWORD PTR [r11+96] + vmovdqa xmm7, OWORD PTR [r11+112] + vmovdqa xmm8, OWORD PTR [r11+128] + vmovdqa xmm9, OWORD PTR [r11+144] + vmovdqa xmm10, OWORD PTR [r11+160] + vmovdqa xmm11, OWORD PTR [r11+176] + vmovdqa xmm12, OWORD PTR [r11+192] + vmovdqa xmm13, OWORD PTR [r11+208] + vmovdqa xmm14, OWORD PTR [r11+224] + vmovdqa xmm15, OWORD PTR [r11+240] + jmp L_chacha20_avx1_start128 +L_chacha20_avx1_done128: + shl eax, 2 + add DWORD PTR [rcx+48], eax +L_chacha20_avx1_end128: + cmp r9d, 64 + jl L_chacha20_avx1_block_done +L_chacha20_avx1_block_start: + vmovdqu xmm0, OWORD PTR [rcx] + vmovdqu xmm1, OWORD PTR [rcx+16] + vmovdqu xmm2, OWORD PTR [rcx+32] + vmovdqu xmm3, OWORD PTR [rcx+48] + vmovdqa xmm5, xmm0 + vmovdqa xmm6, xmm1 + vmovdqa xmm7, xmm2 + vmovdqa xmm8, xmm3 + mov al, 10 +L_chacha20_avx1_block_crypt_start: + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r15] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 20 + vpslld xmm1, xmm1, 12 + vpxor xmm1, xmm1, xmm4 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r14] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 25 + vpslld xmm1, xmm1, 7 + vpxor xmm1, xmm1, xmm4 + vpshufd xmm1, xmm1, 57 + vpshufd xmm2, xmm2, 78 + vpshufd xmm3, xmm3, 147 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r15] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 20 + vpslld xmm1, xmm1, 12 + vpxor xmm1, xmm1, xmm4 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r14] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 25 + vpslld xmm1, xmm1, 7 + vpxor xmm1, xmm1, xmm4 + vpshufd xmm1, xmm1, 147 + vpshufd xmm2, xmm2, 78 + vpshufd xmm3, xmm3, 57 + dec al + jnz L_chacha20_avx1_block_crypt_start + vpaddd xmm0, xmm0, xmm5 + vpaddd xmm1, xmm1, xmm6 + vpaddd xmm2, xmm2, xmm7 + vpaddd xmm3, xmm3, xmm8 + vmovdqu xmm5, OWORD PTR [rdx] + vmovdqu xmm6, OWORD PTR [rdx+16] + vmovdqu xmm7, OWORD PTR [rdx+32] + vmovdqu xmm8, OWORD PTR [rdx+48] + vpxor xmm0, xmm0, xmm5 + vpxor xmm1, xmm1, xmm6 + vpxor xmm2, xmm2, xmm7 + vpxor xmm3, xmm3, xmm8 + vmovdqu OWORD PTR [r8], xmm0 + vmovdqu OWORD PTR [r8+16], xmm1 + vmovdqu OWORD PTR [r8+32], xmm2 + vmovdqu OWORD PTR [r8+48], xmm3 + add DWORD PTR [rcx+48], 1 + sub r9d, 64 + add rdx, 64 + add r8, 64 + cmp r9d, 64 + jge L_chacha20_avx1_block_start +L_chacha20_avx1_block_done: + cmp r9d, 0 + je L_chacha20_avx1_partial_done + lea r12, QWORD PTR [rcx+80] + vmovdqu xmm0, OWORD PTR [rcx] + vmovdqu xmm1, OWORD PTR [rcx+16] + vmovdqu xmm2, OWORD PTR [rcx+32] + vmovdqu xmm3, OWORD PTR [rcx+48] + vmovdqa xmm5, xmm0 + vmovdqa xmm6, xmm1 + vmovdqa xmm7, xmm2 + vmovdqa xmm8, xmm3 + mov al, 10 +L_chacha20_avx1_partial_crypt_start: + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r15] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 20 + vpslld xmm1, xmm1, 12 + vpxor xmm1, xmm1, xmm4 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r14] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 25 + vpslld xmm1, xmm1, 7 + vpxor xmm1, xmm1, xmm4 + vpshufd xmm1, xmm1, 57 + vpshufd xmm2, xmm2, 78 + vpshufd xmm3, xmm3, 147 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r15] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 20 + vpslld xmm1, xmm1, 12 + vpxor xmm1, xmm1, xmm4 + vpaddd xmm0, xmm0, xmm1 + vpxor xmm3, xmm3, xmm0 + vpshufb xmm3, xmm3, OWORD PTR [r14] + vpaddd xmm2, xmm2, xmm3 + vpxor xmm1, xmm1, xmm2 + vpsrld xmm4, xmm1, 25 + vpslld xmm1, xmm1, 7 + vpxor xmm1, xmm1, xmm4 + vpshufd xmm1, xmm1, 147 + vpshufd xmm2, xmm2, 78 + vpshufd xmm3, xmm3, 57 + dec al + jnz L_chacha20_avx1_partial_crypt_start + vpaddd xmm0, xmm0, xmm5 + vpaddd xmm1, xmm1, xmm6 + vpaddd xmm2, xmm2, xmm7 + vpaddd xmm3, xmm3, xmm8 + vmovdqu OWORD PTR [r12], xmm0 + vmovdqu OWORD PTR [r12+16], xmm1 + vmovdqu OWORD PTR [r12+32], xmm2 + vmovdqu OWORD PTR [r12+48], xmm3 + add DWORD PTR [rcx+48], 1 + mov r10d, r9d + xor r13, r13 + and r10d, 7 + jz L_chacha20_avx1_partial_start64 +L_chacha20_avx1_partial_start8: + movzx eax, BYTE PTR [r12+r13] + xor al, BYTE PTR [rdx+r13] + mov BYTE PTR [r8+r13], al + inc r13d + cmp r13d, r10d + jne L_chacha20_avx1_partial_start8 + je L_chacha20_avx1_partial_end64 +L_chacha20_avx1_partial_start64: + mov rax, QWORD PTR [r12+r13] + xor rax, QWORD PTR [rdx+r13] + mov QWORD PTR [r8+r13], rax + add r13d, 8 +L_chacha20_avx1_partial_end64: + cmp r13d, r9d + jne L_chacha20_avx1_partial_start64 + mov r10d, 64 + sub r10d, r13d + mov DWORD PTR [rcx+76], r10d +L_chacha20_avx1_partial_done: + vzeroupper + vmovdqu xmm6, OWORD PTR [rsp+400] + vmovdqu xmm7, OWORD PTR [rsp+416] + vmovdqu xmm8, OWORD PTR [rsp+432] + vmovdqu xmm9, OWORD PTR [rsp+448] + vmovdqu xmm10, OWORD PTR [rsp+464] + vmovdqu xmm11, OWORD PTR [rsp+480] + vmovdqu xmm12, OWORD PTR [rsp+496] + vmovdqu xmm13, OWORD PTR [rsp+512] + vmovdqu xmm14, OWORD PTR [rsp+528] + vmovdqu xmm15, OWORD PTR [rsp+544] + add rsp, 560 + pop rsi + pop rdi + pop r15 + pop r14 + pop r13 + pop r12 + ret +chacha_encrypt_avx1 ENDP +_text ENDS +ENDIF +IFDEF HAVE_INTEL_AVX2 +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx2_rotl8 QWORD 433757367256023043, 1012478749960636427, + 433757367256023043, 1012478749960636427 +ptr_L_chacha20_avx2_rotl8 QWORD L_chacha20_avx2_rotl8 +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx2_rotl16 QWORD 361421592464458498, 940142975169071882, + 361421592464458498, 940142975169071882 +ptr_L_chacha20_avx2_rotl16 QWORD L_chacha20_avx2_rotl16 +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx2_add QWORD 4294967296, 12884901890, + 21474836484, 30064771078 +ptr_L_chacha20_avx2_add QWORD L_chacha20_avx2_add +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_chacha20_avx2_eight QWORD 34359738376, 34359738376, + 34359738376, 34359738376 +ptr_L_chacha20_avx2_eight QWORD L_chacha20_avx2_eight +_DATA ENDS +_text SEGMENT READONLY PARA +chacha_encrypt_avx2 PROC + push r12 + push r13 + push r14 + push r15 + push rdi + sub rsp, 960 + vmovdqu OWORD PTR [rsp+800], xmm6 + vmovdqu OWORD PTR [rsp+816], xmm7 + vmovdqu OWORD PTR [rsp+832], xmm8 + vmovdqu OWORD PTR [rsp+848], xmm9 + vmovdqu OWORD PTR [rsp+864], xmm10 + vmovdqu OWORD PTR [rsp+880], xmm11 + vmovdqu OWORD PTR [rsp+896], xmm12 + vmovdqu OWORD PTR [rsp+912], xmm13 + vmovdqu OWORD PTR [rsp+928], xmm14 + vmovdqu OWORD PTR [rsp+944], xmm15 + mov r11, rsp + mov r13, QWORD PTR [ptr_L_chacha20_avx2_rotl8] + mov r14, QWORD PTR [ptr_L_chacha20_avx2_rotl16] + mov r15, QWORD PTR [ptr_L_chacha20_avx2_add] + mov rdi, QWORD PTR [ptr_L_chacha20_avx2_eight] + lea r12, QWORD PTR [rsp+512] + add r11, 31 + add r12, 31 + and r11, -32 + and r12, -32 + mov eax, r9d + shr eax, 9 + jz L_chacha20_avx2_end256 + vpbroadcastd ymm0, DWORD PTR [rcx] + vpbroadcastd ymm1, DWORD PTR [rcx+4] + vpbroadcastd ymm2, DWORD PTR [rcx+8] + vpbroadcastd ymm3, DWORD PTR [rcx+12] + vpbroadcastd ymm4, DWORD PTR [rcx+16] + vpbroadcastd ymm5, DWORD PTR [rcx+20] + vpbroadcastd ymm6, DWORD PTR [rcx+24] + vpbroadcastd ymm7, DWORD PTR [rcx+28] + vpbroadcastd ymm8, DWORD PTR [rcx+32] + vpbroadcastd ymm9, DWORD PTR [rcx+36] + vpbroadcastd ymm10, DWORD PTR [rcx+40] + vpbroadcastd ymm11, DWORD PTR [rcx+44] + vpbroadcastd ymm12, DWORD PTR [rcx+48] + vpbroadcastd ymm13, DWORD PTR [rcx+52] + vpbroadcastd ymm14, DWORD PTR [rcx+56] + vpbroadcastd ymm15, DWORD PTR [rcx+60] + vpaddd ymm12, ymm12, YMMWORD PTR [r15] + vmovdqa YMMWORD PTR [r11], ymm0 + vmovdqa YMMWORD PTR [r11+32], ymm1 + vmovdqa YMMWORD PTR [r11+64], ymm2 + vmovdqa YMMWORD PTR [r11+96], ymm3 + vmovdqa YMMWORD PTR [r11+128], ymm4 + vmovdqa YMMWORD PTR [r11+160], ymm5 + vmovdqa YMMWORD PTR [r11+192], ymm6 + vmovdqa YMMWORD PTR [r11+224], ymm7 + vmovdqa YMMWORD PTR [r11+256], ymm8 + vmovdqa YMMWORD PTR [r11+288], ymm9 + vmovdqa YMMWORD PTR [r11+320], ymm10 + vmovdqa YMMWORD PTR [r11+352], ymm11 + vmovdqa YMMWORD PTR [r11+384], ymm12 + vmovdqa YMMWORD PTR [r11+416], ymm13 + vmovdqa YMMWORD PTR [r11+448], ymm14 + vmovdqa YMMWORD PTR [r11+480], ymm15 +L_chacha20_avx2_start256: + mov r10b, 10 + vmovdqa YMMWORD PTR [r12+96], ymm11 +L_chacha20_avx2_loop256: + vpaddd ymm0, ymm0, ymm4 + vpxor ymm12, ymm12, ymm0 + vmovdqa ymm11, YMMWORD PTR [r12+96] + vpshufb ymm12, ymm12, YMMWORD PTR [r14] + vpaddd ymm8, ymm8, ymm12 + vpxor ymm4, ymm4, ymm8 + vpaddd ymm1, ymm1, ymm5 + vpxor ymm13, ymm13, ymm1 + vpshufb ymm13, ymm13, YMMWORD PTR [r14] + vpaddd ymm9, ymm9, ymm13 + vpxor ymm5, ymm5, ymm9 + vpaddd ymm2, ymm2, ymm6 + vpxor ymm14, ymm14, ymm2 + vpshufb ymm14, ymm14, YMMWORD PTR [r14] + vpaddd ymm10, ymm10, ymm14 + vpxor ymm6, ymm6, ymm10 + vpaddd ymm3, ymm3, ymm7 + vpxor ymm15, ymm15, ymm3 + vpshufb ymm15, ymm15, YMMWORD PTR [r14] + vpaddd ymm11, ymm11, ymm15 + vpxor ymm7, ymm7, ymm11 + vmovdqa YMMWORD PTR [r12+96], ymm11 + vpsrld ymm11, ymm4, 20 + vpslld ymm4, ymm4, 12 + vpxor ymm4, ymm4, ymm11 + vpsrld ymm11, ymm5, 20 + vpslld ymm5, ymm5, 12 + vpxor ymm5, ymm5, ymm11 + vpsrld ymm11, ymm6, 20 + vpslld ymm6, ymm6, 12 + vpxor ymm6, ymm6, ymm11 + vpsrld ymm11, ymm7, 20 + vpslld ymm7, ymm7, 12 + vpxor ymm7, ymm7, ymm11 + vpaddd ymm0, ymm0, ymm4 + vpxor ymm12, ymm12, ymm0 + vmovdqa ymm11, YMMWORD PTR [r12+96] + vpshufb ymm12, ymm12, YMMWORD PTR [r13] + vpaddd ymm8, ymm8, ymm12 + vpxor ymm4, ymm4, ymm8 + vpaddd ymm1, ymm1, ymm5 + vpxor ymm13, ymm13, ymm1 + vpshufb ymm13, ymm13, YMMWORD PTR [r13] + vpaddd ymm9, ymm9, ymm13 + vpxor ymm5, ymm5, ymm9 + vpaddd ymm2, ymm2, ymm6 + vpxor ymm14, ymm14, ymm2 + vpshufb ymm14, ymm14, YMMWORD PTR [r13] + vpaddd ymm10, ymm10, ymm14 + vpxor ymm6, ymm6, ymm10 + vpaddd ymm3, ymm3, ymm7 + vpxor ymm15, ymm15, ymm3 + vpshufb ymm15, ymm15, YMMWORD PTR [r13] + vpaddd ymm11, ymm11, ymm15 + vpxor ymm7, ymm7, ymm11 + vmovdqa YMMWORD PTR [r12+96], ymm11 + vpsrld ymm11, ymm4, 25 + vpslld ymm4, ymm4, 7 + vpxor ymm4, ymm4, ymm11 + vpsrld ymm11, ymm5, 25 + vpslld ymm5, ymm5, 7 + vpxor ymm5, ymm5, ymm11 + vpsrld ymm11, ymm6, 25 + vpslld ymm6, ymm6, 7 + vpxor ymm6, ymm6, ymm11 + vpsrld ymm11, ymm7, 25 + vpslld ymm7, ymm7, 7 + vpxor ymm7, ymm7, ymm11 + vpaddd ymm0, ymm0, ymm5 + vpxor ymm15, ymm15, ymm0 + vmovdqa ymm11, YMMWORD PTR [r12+96] + vpshufb ymm15, ymm15, YMMWORD PTR [r14] + vpaddd ymm10, ymm10, ymm15 + vpxor ymm5, ymm5, ymm10 + vpaddd ymm1, ymm1, ymm6 + vpxor ymm12, ymm12, ymm1 + vpshufb ymm12, ymm12, YMMWORD PTR [r14] + vpaddd ymm11, ymm11, ymm12 + vpxor ymm6, ymm6, ymm11 + vpaddd ymm2, ymm2, ymm7 + vpxor ymm13, ymm13, ymm2 + vpshufb ymm13, ymm13, YMMWORD PTR [r14] + vpaddd ymm8, ymm8, ymm13 + vpxor ymm7, ymm7, ymm8 + vpaddd ymm3, ymm3, ymm4 + vpxor ymm14, ymm14, ymm3 + vpshufb ymm14, ymm14, YMMWORD PTR [r14] + vpaddd ymm9, ymm9, ymm14 + vpxor ymm4, ymm4, ymm9 + vmovdqa YMMWORD PTR [r12+96], ymm11 + vpsrld ymm11, ymm5, 20 + vpslld ymm5, ymm5, 12 + vpxor ymm5, ymm5, ymm11 + vpsrld ymm11, ymm6, 20 + vpslld ymm6, ymm6, 12 + vpxor ymm6, ymm6, ymm11 + vpsrld ymm11, ymm7, 20 + vpslld ymm7, ymm7, 12 + vpxor ymm7, ymm7, ymm11 + vpsrld ymm11, ymm4, 20 + vpslld ymm4, ymm4, 12 + vpxor ymm4, ymm4, ymm11 + vpaddd ymm0, ymm0, ymm5 + vpxor ymm15, ymm15, ymm0 + vmovdqa ymm11, YMMWORD PTR [r12+96] + vpshufb ymm15, ymm15, YMMWORD PTR [r13] + vpaddd ymm10, ymm10, ymm15 + vpxor ymm5, ymm5, ymm10 + vpaddd ymm1, ymm1, ymm6 + vpxor ymm12, ymm12, ymm1 + vpshufb ymm12, ymm12, YMMWORD PTR [r13] + vpaddd ymm11, ymm11, ymm12 + vpxor ymm6, ymm6, ymm11 + vpaddd ymm2, ymm2, ymm7 + vpxor ymm13, ymm13, ymm2 + vpshufb ymm13, ymm13, YMMWORD PTR [r13] + vpaddd ymm8, ymm8, ymm13 + vpxor ymm7, ymm7, ymm8 + vpaddd ymm3, ymm3, ymm4 + vpxor ymm14, ymm14, ymm3 + vpshufb ymm14, ymm14, YMMWORD PTR [r13] + vpaddd ymm9, ymm9, ymm14 + vpxor ymm4, ymm4, ymm9 + vmovdqa YMMWORD PTR [r12+96], ymm11 + vpsrld ymm11, ymm5, 25 + vpslld ymm5, ymm5, 7 + vpxor ymm5, ymm5, ymm11 + vpsrld ymm11, ymm6, 25 + vpslld ymm6, ymm6, 7 + vpxor ymm6, ymm6, ymm11 + vpsrld ymm11, ymm7, 25 + vpslld ymm7, ymm7, 7 + vpxor ymm7, ymm7, ymm11 + vpsrld ymm11, ymm4, 25 + vpslld ymm4, ymm4, 7 + vpxor ymm4, ymm4, ymm11 + dec r10b + jnz L_chacha20_avx2_loop256 + vmovdqa ymm11, YMMWORD PTR [r12+96] + vpaddd ymm0, ymm0, YMMWORD PTR [r11] + vpaddd ymm1, ymm1, YMMWORD PTR [r11+32] + vpaddd ymm2, ymm2, YMMWORD PTR [r11+64] + vpaddd ymm3, ymm3, YMMWORD PTR [r11+96] + vpaddd ymm4, ymm4, YMMWORD PTR [r11+128] + vpaddd ymm5, ymm5, YMMWORD PTR [r11+160] + vpaddd ymm6, ymm6, YMMWORD PTR [r11+192] + vpaddd ymm7, ymm7, YMMWORD PTR [r11+224] + vpaddd ymm8, ymm8, YMMWORD PTR [r11+256] + vpaddd ymm9, ymm9, YMMWORD PTR [r11+288] + vpaddd ymm10, ymm10, YMMWORD PTR [r11+320] + vpaddd ymm11, ymm11, YMMWORD PTR [r11+352] + vpaddd ymm12, ymm12, YMMWORD PTR [r11+384] + vpaddd ymm13, ymm13, YMMWORD PTR [r11+416] + vpaddd ymm14, ymm14, YMMWORD PTR [r11+448] + vpaddd ymm15, ymm15, YMMWORD PTR [r11+480] + vmovdqa YMMWORD PTR [r12], ymm8 + vmovdqa YMMWORD PTR [r12+32], ymm9 + vmovdqa YMMWORD PTR [r12+64], ymm10 + vmovdqa YMMWORD PTR [r12+96], ymm11 + vmovdqa YMMWORD PTR [r12+128], ymm12 + vmovdqa YMMWORD PTR [r12+160], ymm13 + vmovdqa YMMWORD PTR [r12+192], ymm14 + vmovdqa YMMWORD PTR [r12+224], ymm15 + vpunpckldq ymm8, ymm0, ymm1 + vpunpckldq ymm9, ymm2, ymm3 + vpunpckhdq ymm12, ymm0, ymm1 + vpunpckhdq ymm13, ymm2, ymm3 + vpunpckldq ymm10, ymm4, ymm5 + vpunpckldq ymm11, ymm6, ymm7 + vpunpckhdq ymm14, ymm4, ymm5 + vpunpckhdq ymm15, ymm6, ymm7 + vpunpcklqdq ymm0, ymm8, ymm9 + vpunpcklqdq ymm1, ymm10, ymm11 + vpunpckhqdq ymm2, ymm8, ymm9 + vpunpckhqdq ymm3, ymm10, ymm11 + vpunpcklqdq ymm4, ymm12, ymm13 + vpunpcklqdq ymm5, ymm14, ymm15 + vpunpckhqdq ymm6, ymm12, ymm13 + vpunpckhqdq ymm7, ymm14, ymm15 + vperm2i128 ymm8, ymm0, ymm1, 32 + vperm2i128 ymm9, ymm2, ymm3, 32 + vperm2i128 ymm12, ymm0, ymm1, 49 + vperm2i128 ymm13, ymm2, ymm3, 49 + vperm2i128 ymm10, ymm4, ymm5, 32 + vperm2i128 ymm11, ymm6, ymm7, 32 + vperm2i128 ymm14, ymm4, ymm5, 49 + vperm2i128 ymm15, ymm6, ymm7, 49 + vmovdqu ymm0, YMMWORD PTR [rdx] + vmovdqu ymm1, YMMWORD PTR [rdx+64] + vmovdqu ymm2, YMMWORD PTR [rdx+128] + vmovdqu ymm3, YMMWORD PTR [rdx+192] + vmovdqu ymm4, YMMWORD PTR [rdx+256] + vmovdqu ymm5, YMMWORD PTR [rdx+320] + vmovdqu ymm6, YMMWORD PTR [rdx+384] + vmovdqu ymm7, YMMWORD PTR [rdx+448] + vpxor ymm8, ymm8, ymm0 + vpxor ymm9, ymm9, ymm1 + vpxor ymm10, ymm10, ymm2 + vpxor ymm11, ymm11, ymm3 + vpxor ymm12, ymm12, ymm4 + vpxor ymm13, ymm13, ymm5 + vpxor ymm14, ymm14, ymm6 + vpxor ymm15, ymm15, ymm7 + vmovdqu YMMWORD PTR [r8], ymm8 + vmovdqu YMMWORD PTR [r8+64], ymm9 + vmovdqu YMMWORD PTR [r8+128], ymm10 + vmovdqu YMMWORD PTR [r8+192], ymm11 + vmovdqu YMMWORD PTR [r8+256], ymm12 + vmovdqu YMMWORD PTR [r8+320], ymm13 + vmovdqu YMMWORD PTR [r8+384], ymm14 + vmovdqu YMMWORD PTR [r8+448], ymm15 + vmovdqa ymm0, YMMWORD PTR [r12] + vmovdqa ymm1, YMMWORD PTR [r12+32] + vmovdqa ymm2, YMMWORD PTR [r12+64] + vmovdqa ymm3, YMMWORD PTR [r12+96] + vmovdqa ymm4, YMMWORD PTR [r12+128] + vmovdqa ymm5, YMMWORD PTR [r12+160] + vmovdqa ymm6, YMMWORD PTR [r12+192] + vmovdqa ymm7, YMMWORD PTR [r12+224] + vpunpckldq ymm8, ymm0, ymm1 + vpunpckldq ymm9, ymm2, ymm3 + vpunpckhdq ymm12, ymm0, ymm1 + vpunpckhdq ymm13, ymm2, ymm3 + vpunpckldq ymm10, ymm4, ymm5 + vpunpckldq ymm11, ymm6, ymm7 + vpunpckhdq ymm14, ymm4, ymm5 + vpunpckhdq ymm15, ymm6, ymm7 + vpunpcklqdq ymm0, ymm8, ymm9 + vpunpcklqdq ymm1, ymm10, ymm11 + vpunpckhqdq ymm2, ymm8, ymm9 + vpunpckhqdq ymm3, ymm10, ymm11 + vpunpcklqdq ymm4, ymm12, ymm13 + vpunpcklqdq ymm5, ymm14, ymm15 + vpunpckhqdq ymm6, ymm12, ymm13 + vpunpckhqdq ymm7, ymm14, ymm15 + vperm2i128 ymm8, ymm0, ymm1, 32 + vperm2i128 ymm9, ymm2, ymm3, 32 + vperm2i128 ymm12, ymm0, ymm1, 49 + vperm2i128 ymm13, ymm2, ymm3, 49 + vperm2i128 ymm10, ymm4, ymm5, 32 + vperm2i128 ymm11, ymm6, ymm7, 32 + vperm2i128 ymm14, ymm4, ymm5, 49 + vperm2i128 ymm15, ymm6, ymm7, 49 + vmovdqu ymm0, YMMWORD PTR [rdx+32] + vmovdqu ymm1, YMMWORD PTR [rdx+96] + vmovdqu ymm2, YMMWORD PTR [rdx+160] + vmovdqu ymm3, YMMWORD PTR [rdx+224] + vmovdqu ymm4, YMMWORD PTR [rdx+288] + vmovdqu ymm5, YMMWORD PTR [rdx+352] + vmovdqu ymm6, YMMWORD PTR [rdx+416] + vmovdqu ymm7, YMMWORD PTR [rdx+480] + vpxor ymm8, ymm8, ymm0 + vpxor ymm9, ymm9, ymm1 + vpxor ymm10, ymm10, ymm2 + vpxor ymm11, ymm11, ymm3 + vpxor ymm12, ymm12, ymm4 + vpxor ymm13, ymm13, ymm5 + vpxor ymm14, ymm14, ymm6 + vpxor ymm15, ymm15, ymm7 + vmovdqu YMMWORD PTR [r8+32], ymm8 + vmovdqu YMMWORD PTR [r8+96], ymm9 + vmovdqu YMMWORD PTR [r8+160], ymm10 + vmovdqu YMMWORD PTR [r8+224], ymm11 + vmovdqu YMMWORD PTR [r8+288], ymm12 + vmovdqu YMMWORD PTR [r8+352], ymm13 + vmovdqu YMMWORD PTR [r8+416], ymm14 + vmovdqu YMMWORD PTR [r8+480], ymm15 + vmovdqa ymm12, YMMWORD PTR [r11+384] + add rdx, 512 + add r8, 512 + vpaddd ymm12, ymm12, YMMWORD PTR [rdi] + sub r9d, 512 + vmovdqa YMMWORD PTR [r11+384], ymm12 + cmp r9d, 512 + jl L_chacha20_avx2_done256 + vmovdqa ymm0, YMMWORD PTR [r11] + vmovdqa ymm1, YMMWORD PTR [r11+32] + vmovdqa ymm2, YMMWORD PTR [r11+64] + vmovdqa ymm3, YMMWORD PTR [r11+96] + vmovdqa ymm4, YMMWORD PTR [r11+128] + vmovdqa ymm5, YMMWORD PTR [r11+160] + vmovdqa ymm6, YMMWORD PTR [r11+192] + vmovdqa ymm7, YMMWORD PTR [r11+224] + vmovdqa ymm8, YMMWORD PTR [r11+256] + vmovdqa ymm9, YMMWORD PTR [r11+288] + vmovdqa ymm10, YMMWORD PTR [r11+320] + vmovdqa ymm11, YMMWORD PTR [r11+352] + vmovdqa ymm12, YMMWORD PTR [r11+384] + vmovdqa ymm13, YMMWORD PTR [r11+416] + vmovdqa ymm14, YMMWORD PTR [r11+448] + vmovdqa ymm15, YMMWORD PTR [r11+480] + jmp L_chacha20_avx2_start256 +L_chacha20_avx2_done256: + shl eax, 3 + add DWORD PTR [rcx+48], eax +L_chacha20_avx2_end256: + call chacha_encrypt_avx1 + vzeroupper + vmovdqu xmm6, OWORD PTR [rsp+800] + vmovdqu xmm7, OWORD PTR [rsp+816] + vmovdqu xmm8, OWORD PTR [rsp+832] + vmovdqu xmm9, OWORD PTR [rsp+848] + vmovdqu xmm10, OWORD PTR [rsp+864] + vmovdqu xmm11, OWORD PTR [rsp+880] + vmovdqu xmm12, OWORD PTR [rsp+896] + vmovdqu xmm13, OWORD PTR [rsp+912] + vmovdqu xmm14, OWORD PTR [rsp+928] + vmovdqu xmm15, OWORD PTR [rsp+944] + add rsp, 960 + pop rdi + pop r15 + pop r14 + pop r13 + pop r12 + ret +chacha_encrypt_avx2 ENDP +_text ENDS +ENDIF +END diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index c1edfc3abe..8accb1a872 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -1,6 +1,6 @@ /* cmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,8 +39,8 @@ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$n") - #pragma const_seg(".fipsB$n") + #pragma code_seg(".fipsA$c") + #pragma const_seg(".fipsB$c") #endif #endif @@ -59,6 +59,15 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000003 }; + int wolfCrypt_FIPS_CMAC_sanity(void) + { + return 0; + } +#endif + #ifdef WOLFSSL_HASH_KEEP /* Some hardware have issues with update, this function stores the data to be * hashed into an array. Once ready, the Final operation is called on all of the @@ -125,7 +134,7 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL, type, unused); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -193,7 +202,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, NULL, NULL, 0, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -202,7 +211,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) /* Clear CRYPTOCB_UNAVAILABLE return code */ ret = 0; - while (inSz != 0) { + while ((ret == 0) && (inSz != 0)) { word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); @@ -233,9 +242,7 @@ int wc_CmacFree(Cmac* cmac) /* TODO: msg is leaked if wc_CmacFinal() is not called * e.g. when multiple calls to wc_CmacUpdate() and one fails but * wc_CmacFinal() not called. */ - if (cmac->msg != NULL) { - XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif wc_AesFree(&cmac->aes); ForceZero(cmac, sizeof(Cmac)); @@ -261,7 +268,7 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -331,7 +338,7 @@ int wc_AesCmacGenerate_ex(Cmac* cmac, ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz, WC_CMAC_AES, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* Clear CRYPTOCB_UNAVAILABLE return code */ @@ -405,9 +412,7 @@ int wc_AesCmacGenerate(byte* out, word32* outSz, #ifdef WOLFSSL_SMALL_STACK - if (cmac) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif @@ -440,10 +445,8 @@ int wc_AesCmacVerify_ex(Cmac* cmac, devId); if (ret == 0) { compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz)); - } - - if (ret == 0) ret = compareRet ? 1 : 0; + } return ret; } @@ -488,9 +491,7 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, INVALID_DEVID); #ifdef WOLFSSL_SMALL_STACK - if (cmac) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index be5f418d1e..27cf988187 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -181,7 +181,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) byte e1, e2, e3, e4; if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { - if (ret == BUFFER_E) { + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) { /* Running out of buffer here is not an error */ break; } diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c index 58c154c596..941596e7fa 100644 --- a/wolfcrypt/src/compress.c +++ b/wolfcrypt/src/compress.c @@ -1,6 +1,6 @@ /* compress.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -310,10 +310,8 @@ int wc_DeCompressDynamic(byte** out, int maxSz, int memoryType, if (inflateEnd(&stream) != Z_OK) result = DECOMPRESS_E; - if (tmp != NULL) { - XFREE(tmp, heap, memoryType); - tmp = NULL; - } + XFREE(tmp, heap, memoryType); + tmp = NULL; return result; } diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c index fa7ee43675..67223860c8 100644 --- a/wolfcrypt/src/cpuid.c +++ b/wolfcrypt/src/cpuid.c @@ -1,6 +1,6 @@ /* cpuid.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 07b37f1ba3..e3c62a86fc 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -1,6 +1,6 @@ /* cryptocb.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -260,9 +260,9 @@ static CryptoCb* wc_CryptoCb_FindDeviceByIndex(int startIdx) static WC_INLINE int wc_CryptoCb_TranslateErrorCode(int ret) { - if (ret == NOT_COMPILED_IN) { + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { /* backwards compatibility for older NOT_COMPILED_IN syntax */ - ret = CRYPTOCB_UNAVAILABLE; + ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); } return ret; } @@ -344,8 +344,8 @@ int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx) /* Success. Update dev->ctx */ dev->ctx = info.cmd.ctx; } - else if ((rc == CRYPTOCB_UNAVAILABLE) || - (rc == NOT_COMPILED_IN)) { + else if ((rc == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) || + (rc == WC_NO_ERR_TRACE(NOT_COMPILED_IN))) { /* Not implemented. Return success*/ rc = 0; } @@ -391,7 +391,7 @@ void wc_CryptoCb_UnRegisterDevice(int devId) int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -421,7 +421,7 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, #ifdef WOLFSSL_KEY_GEN int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -449,7 +449,7 @@ int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey, word32 pubKeySz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -474,7 +474,7 @@ int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey, int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -500,7 +500,7 @@ int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize) #ifdef HAVE_ECC int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -527,7 +527,7 @@ int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId) int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (private_key == NULL) @@ -554,7 +554,7 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key, int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -583,7 +583,7 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -612,7 +612,7 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -640,7 +640,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, curve25519_key* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -666,7 +666,7 @@ int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, int wc_CryptoCb_Curve25519(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (private_key == NULL) @@ -696,7 +696,7 @@ int wc_CryptoCb_Curve25519(curve25519_key* private_key, int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize, ed25519_key* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -723,7 +723,7 @@ int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, byte contextLen) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -755,7 +755,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type, const byte* context, byte contextLen) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (key == NULL) @@ -785,7 +785,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, } #endif /* HAVE_ED25519 */ -#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_HAVE_KYBER) int wc_CryptoCb_PqcKemGetDevId(int type, void* key) { int devId = INVALID_DEVID; @@ -794,18 +794,16 @@ int wc_CryptoCb_PqcKemGetDevId(int type, void* key) return devId; /* get devId */ -#if defined(WOLFSSL_HAVE_KYBER) if (type == WC_PQC_KEM_TYPE_KYBER) { devId = ((KyberKey*) key)->devId; } -#endif return devId; } int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type, int keySize, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -839,7 +837,7 @@ int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen, WC_RNG* rng, int type, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -875,7 +873,7 @@ int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, word32 ciphertextLen, int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen, int type, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -906,9 +904,9 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_KYBER */ -#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)) +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) int wc_CryptoCb_PqcSigGetDevId(int type, void* key) { int devId = INVALID_DEVID; @@ -934,7 +932,7 @@ int wc_CryptoCb_PqcSigGetDevId(int type, void* key) int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -967,7 +965,7 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, int type, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -1003,7 +1001,7 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, word32 msglen, int* res, int type, void* key) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -1039,7 +1037,7 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, const byte* pubKey, word32 pubKeySz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; CryptoCb* dev; @@ -1068,7 +1066,7 @@ int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */ +#endif /* HAVE_FALCON || HAVE_DILITHIUM */ #ifndef NO_AES #ifdef HAVE_AESGCM @@ -1078,7 +1076,7 @@ int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1119,7 +1117,7 @@ int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1162,7 +1160,7 @@ int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1203,7 +1201,7 @@ int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1243,7 +1241,7 @@ int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out, int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1275,7 +1273,7 @@ int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out, int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1308,7 +1306,7 @@ int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out, int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1341,7 +1339,7 @@ int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out, int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1373,7 +1371,7 @@ int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out, int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1408,7 +1406,7 @@ int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out, int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1440,7 +1438,7 @@ int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out, int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out, const byte* in, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1474,7 +1472,7 @@ int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out, int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1507,7 +1505,7 @@ int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz, byte* digest) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1540,7 +1538,7 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, word32 inSz, byte* digest) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1576,7 +1574,7 @@ int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in, int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, word32 inSz, byte* digest) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1608,11 +1606,45 @@ int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, } #endif /* WOLFSSL_SHA512 */ +#if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)) +int wc_CryptoCb_Sha3Hash(wc_Sha3* sha3, int type, const byte* in, + word32 inSz, byte* digest) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sha3) { + dev = wc_CryptoCb_FindDevice(sha3->devId, WC_ALGO_TYPE_HASH); + } + else + { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = type; + cryptoInfo.hash.sha3 = sha3; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SHA3 && (!HAVE_FIPS || FIPS_VERSION_GE(6, 0)) */ + #ifndef NO_HMAC int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; if (hmac == NULL) @@ -1640,7 +1672,7 @@ int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, #ifndef WC_NO_RNG int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1668,7 +1700,7 @@ int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz) int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ @@ -1692,7 +1724,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32* outSz, int type, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; /* locate registered callback */ diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 2c967dd8d0..e24034222f 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -1,6 +1,6 @@ /* curve25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -238,7 +238,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Curve25519Gen(rng, keysize, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -299,7 +299,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, if (private_key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen, endian); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c index dd320a8cc0..3cbf577c0b 100644 --- a/wolfcrypt/src/curve448.c +++ b/wolfcrypt/src/curve448.c @@ -1,6 +1,6 @@ /* curve448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 650c33a369..87502ab073 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,8 +38,8 @@ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$i") - #pragma const_seg(".fipsB$i") + #pragma code_seg(".fipsA$d") + #pragma const_seg(".fipsB$d") #endif #endif @@ -1602,7 +1602,7 @@ #ifdef WOLF_CRYPTO_CB if (des->devId != INVALID_DEVID) { int ret = wc_CryptoCb_Des3Encrypt(des, out, in, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1653,7 +1653,7 @@ #ifdef WOLF_CRYPTO_CB if (des->devId != INVALID_DEVID) { int ret = wc_CryptoCb_Des3Decrypt(des, out, in, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 6b68601210..c2f1fc0b2d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,8 +35,8 @@ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$m") - #pragma const_seg(".fipsB$m") + #pragma code_seg(".fipsA$e") + #pragma const_seg(".fipsB$e") #endif #endif @@ -55,6 +55,15 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_dh_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000004 }; + int wolfCrypt_FIPS_DH_sanity(void) + { + return 0; + } +#endif + #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS @@ -1019,7 +1028,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key, if (n < 5) return 0; else - return (word32)(2.4 * XPOW((double)n, 1.0/3.0) * + return (word32)((double)2.4 * XPOW((double)n, 1.0/3.0) * XPOW(XLOG((double)n), 2.0/3.0) - 5); } #endif /* WOLFSSL_DH_CONST*/ @@ -1144,7 +1153,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, } #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); + wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); /* cppcheck-suppress uninitvar */ mp_memzero_add("GeneratePrivateDh186 tmpX", tmpX); #endif do { @@ -2931,6 +2940,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { /* modulus size in bytes */ modSz /= WOLFSSL_BIT_SIZE; + + if ((word32)modSz < groupSz) { + WOLFSSL_MSG("DH modSz was too small"); + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { bufSz = (word32)modSz - groupSz; /* allocate ram */ diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index f2e241b54a..bedba14ae0 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -1,6 +1,6 @@ /* dilithium.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,86 +19,7094 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* Based on ed448.c and Reworked for Dilithium by Anthony Hu. */ +/* Based on ed448.c and Reworked for Dilithium by Anthony Hu. + * WolfSSL implementation by Sean Parkinson. + */ + +/* Possible Dilithium/ML-DSA options: + * + * HAVE_DILITHIUM Default: OFF + * Enables the code in this file to be compiled. + * WOLFSSL_WC_DILITHIUM Default: OFF + * Compiles the wolfSSL implementation of dilithium. + * + * WOLFSSL_NO_ML_DSA_44 Default: OFF + * Does not compile in parameter set ML-DSA-44 and any code specific to that + * parameter set. + * WOLFSSL_NO_ML_DSA_65 Default: OFF + * Does not compile in parameter set ML-DSA-65 and any code specific to that + * parameter set. + * WOLFSSL_NO_ML_DSA_87 Default: OFF + * Does not compile in parameter set ML-DSA-87 and any code specific to that + * parameter set. + * + * WOLFSSL_DILITHIUM_NO_LARGE_CODE Default: OFF + * Compiles smaller, fast code with speed trade-off. + * WOLFSSL_DILITHIUM_SMALL Default: OFF + * Compiles to small code size with a speed trade-off. + * WOLFSSL_DILITHIUM_VERIFY_ONLY Default: OFF + * Compiles in only the verification and public key operations. + * WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM Default: OFF + * Compiles verification implementation that uses smaller amounts of memory. + * WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC Default: OFF + * Only works with WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM. + * Don't allocate memory with XMALLOC. Memory is pinned against key. + * WOLFSSL_DILITHIUM_ASSIGN_KEY Default: OFF + * Key data is assigned into Dilithium key rather than copied. + * Life of key data passed in is tightly coupled to life of Dilithium key. + * Cannot be used when make key is enabled. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is considerably slower. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is considerably slower. Allocates vectors and decodes private key data + * into them upfront. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is slower. Allocates matrix A and calculates it upfront. + * WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM Default: OFF + * Compiles key generation implementation that uses smaller amounts of memory + * but is slower. + * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 Default: OFF + * Compiles the small memory implementations to use a 64-bit polynomial. + * Uses 2KB of memory but is slighlty quicker (2.75-7%). + * + * WOLFSSL_DILITHIUM_ALIGNMENT Default: 8 + * Use to indicate whether loading and storing of words needs to be aligned. + * Default is to use WOLFSSL_GENERAL_ALIGNMENT - should be 4 on some ARM CPUs. + * Set this value explicitly if specific Dilithium implementation alignment is + * needed. + * + * WOLFSSL_DILITHIUM_NO_ASN1 Default: OFF + * Disables any ASN.1 encoding or decoding code. + * + * WC_DILITHIUM_CACHE_MATRIX_A Default: OFF + * Enable caching of the A matrix on import. + * Less work is required in sign and verify operations. + * WC_DILITHIUM_CACHE_PRIV_VECTORS Default: OFF + * Enable caching of private key vectors on import. + * Enables WC_DILITHIUM_CACHE_MATRIX_A. + * Less work is required in sign operations. + * WC_DILITHIUM_CACHE_PUB_VECTORS Default: OFF + * Enable caching of public key vectors on import. + * Enables WC_DILITHIUM_CACHE_MATRIX_A. + * Less work is required in sign operations. + * WC_DILITHIUM_FIXED_ARRAY Default: OFF + * Make the matrix and vectors of cached data fixed arrays that have + * maximumal sizes for the configured parameters. + * Useful in low dynamic memory situations. + * + * WOLFSSL_DILITHIUM_SIGN_CHECK_Y Default: OFF + * Check vector y is in required range as an early check on valid vector z. + * Falsely reports invalid in approximately 1-2% of checks. + * All valid reports are true. + * Fast fail gives faster signing times on average. + * DO NOT enable this if implementation must be conformant to FIPS 204. + * WOLFSSL_DILITHIUM_SIGN_CHECK_W0 Default: OFF + * Check vector w0 is in required range as an early check on valid vector r0. + * Falsely reports invalid in approximately 3-5% of checks. + * All valid reports are true. + * Fast fail gives faster signing times on average. + * DO NOT enable this if implementation must be conformant to FIPS 204. + * + * DILITHIUM_MUL_SLOW Default: OFF + * Define when multiplying by Q / 44 is slower than masking. + * Only applies to ML-DSA-44. + * DILITHIUM_MUL_44_SLOW Default: OFF + * Define when multiplying by 44 is slower than by 11. + * Only applies to ML-DSA-44. + * DILITHIUM_MUL_11_SLOW Default: OFF + * Define when multiplying by 11 is slower than adding and shifting. + * Only applies to ML-DSA-44. + * DILITHIUM_MUL_QINV_SLOW Default: OFF + * Define when multiplying by QINV 0x3802001 is slower than add, subtract and + * shift equivalent. + * DILITHIUM_MUL_Q_SLOW Default: OFF + * Define when multiplying by Q 0x7fe001 is slower than add, subtract and + * shift equivalent. + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* in case user set HAVE_PQC there */ +#include + +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#include +#endif + +#if defined(HAVE_DILITHIUM) + +#ifdef HAVE_LIBOQS +#include +#endif + +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#endif +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + #error "PRECALC and PRECALC_A is equivalent to non small mem" + #endif +#endif + +#ifdef WOLFSSL_WC_DILITHIUM + +#ifdef DEBUG_DILITHIUM +void print_polys(const char* name, const sword32* a, int d1, int d2); +void print_polys(const char* name, const sword32* a, int d1, int d2) +{ + int i; + int j; + int k; + + fprintf(stderr, "%s\n", name); + for (i = 0; i < d1; i++) { + for (j = 0; j < d2; j++) { + for (k = 0; k < 256; k++) { + fprintf(stderr, "%9d,", a[(i*d2*256) + (j*256) + k]); + if ((k % 8) == 7) fprintf(stderr, "\n"); + } + fprintf(stderr, "\n"); + } + } +} + +void print_data(const char* name, const byte* d, int len); +void print_data(const char* name, const byte* d, int len) +{ + int i; + + fprintf(stderr, "%s\n", name); + for (i = 0; i < len; i++) { + fprintf(stderr, "0x%02x,", d[i]); + if ((i % 16) == 15) fprintf(stderr, "\n"); + } + fprintf(stderr, "\n"); +} +#endif + +#if defined(WOLFSSL_NO_ML_DSA_44) && defined(WOLFSSL_NO_ML_DSA_65) && \ + defined(WOLFSSL_NO_ML_DSA_87) + #error "No Dilithium parameters chosen" +#endif + +#if defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + #error "Cannot use assign key when making keys" +#endif + + +/* Number of bytes from first block to use for sign. */ +#define DILITHIUM_SIGN_BYTES 8 + + +/* Length of seed in bytes when generating y. */ +#define DILITHIUM_Y_SEED_SZ (DILITHIUM_PRIV_RAND_SEED_SZ + 2) + + +/* Length of seed in bytes used in generating matrix a. */ +#define DILITHIUM_GEN_A_SEED_SZ (DILITHIUM_PUB_SEED_SZ + 2) +/* Length of seed in bytes used in generating vectors s1 and s2. */ +#define DILITHIUM_GEN_S_SEED_SZ (DILITHIUM_PRIV_SEED_SZ + 2) + + +/* MAX: (256 * 8 / (17 + 1)) = 576, or ((256 * 8 / (19 + 1)) = 640 + * but need blocks of 17 * 8 bytes: 5 * 17 * 8 = 680 */ +#define DILITHIUM_MAX_V_BLOCKS 5 +/* Maximum number of bytes to generate into v to make y. */ +#define DILITHIUM_MAX_V (DILITHIUM_MAX_V_BLOCKS * 8 * 17) + + +/* 2 blocks, each block 136 bytes = 272 bytes. + * ETA 2: Min req is 128 but reject rate is 2 in 16 so we need 146.3 on average. + * ETA 4: Min req is 128 but reject rate is 7 in 16 so we need 227.6 on average. + */ +#define DILITHIUM_GEN_S_NBLOCKS 2 +/* Number of bytes to generate with SHAKE-256 when generating s1 and s2. */ +#define DILITHIUM_GEN_S_BYTES \ + (DILITHIUM_GEN_S_NBLOCKS * WC_SHA3_256_COUNT * 8) +/* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */ +#define DILITHIUM_GEN_S_BLOCK_BYTES (WC_SHA3_256_COUNT * 8) + + +/* The ML-DSA parameters sets. */ +static const wc_dilithium_params dilithium_params[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + { WC_ML_DSA_44, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L, + PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS, + PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA, + PARAMS_ML_DSA_44_LAMBDA, + PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2, + PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE, + PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE, + PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE, + PARAMS_ML_DSA_44_Z_ENC_SIZE, + PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + { WC_ML_DSA_65, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L, + PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS, + PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA, + PARAMS_ML_DSA_65_LAMBDA, + PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2, + PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE, + PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE, + PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE, + PARAMS_ML_DSA_65_Z_ENC_SIZE, + PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + { WC_ML_DSA_87, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L, + PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS, + PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA, + PARAMS_ML_DSA_87_LAMBDA, + PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2, + PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE, + PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE, + PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE, + PARAMS_ML_DSA_87_Z_ENC_SIZE, + PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, +#endif +}; +/* Number of ML-DSA parameter sets compiled in. */ +#define DILITHIUM_PARAMS_CNT \ + ((unsigned int)(sizeof(dilithium_params) / sizeof(wc_dilithium_params))) + +/* Get the ML-DSA parameters that match the level. + * + * @param [in] level Level required. + * @param [out] params Parameter set. + * @return 0 on success. + * @return NOT_COMPILED_IN when parameters at level are not compiled in. + */ +static int dilithium_get_params(int level, const wc_dilithium_params** params) +{ + unsigned int i; + int ret = NOT_COMPILED_IN; + + for (i = 0; i < DILITHIUM_PARAMS_CNT; i++) { + if (dilithium_params[i].level == level) { + *params = &dilithium_params[i]; + ret = 0; + } + } + + return ret; +} + +/****************************************************************************** + * Hash operations + ******************************************************************************/ + +/* 256-bit hash using SHAKE-256. + * + * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] data Buffer holding data to hash. + * @param [in] dataLen Length of data to hash in bytes. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Number of bytes of hash to return. + * @return 0 on success. + * @return Negative on error. + */ +static int dilithium_shake256(wc_Shake* shake256, const byte* data, + word32 dataLen, byte* hash, word32 hashLen) +{ + int ret; + + /* Initialize SHAKE-256 operation. */ + ret = wc_InitShake256(shake256, NULL, INVALID_DEVID); + if (ret == 0) { + /* Update with data. */ + ret = wc_Shake256_Update(shake256, data, dataLen); + } + if (ret == 0) { + /* Compute hash of data. */ + ret = wc_Shake256_Final(shake256, hash, hashLen); + } + + return ret; +} + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +/* 256-bit hash using SHAKE-256. + * + * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] data1 First block of data to hash. + * @param [in] data1Len Length of first block in bytes. + * @param [in] data2 Second block of data to hash. + * @param [in] data2Len Length of second block in bytes. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Number of bytes of hash to return. + * @return 0 on success. + * @return Negative on error. + */ +static int dilithium_hash256(wc_Shake* shake256, const byte* data1, + word32 data1Len, const byte* data2, word32 data2Len, byte* hash, + word32 hashLen) +{ + int ret; + + /* Initialize SHAKE-256 operation. */ + ret = wc_InitShake256(shake256, NULL, INVALID_DEVID); + if (ret == 0) { + /* Update with first data. */ + ret = wc_Shake256_Update(shake256, data1, data1Len); + } + if (ret == 0) { + /* Update with second data. */ + ret = wc_Shake256_Update(shake256, data2, data2Len); + } + if (ret == 0) { + /* Compute hash of data. */ + ret = wc_Shake256_Final(shake256, hash, hashLen); + } + + return ret; +} +#endif + +#ifndef WOLFSSL_DILITHIUM_SMALL +/* 128-bit hash using SHAKE-128. + * + * FIPS 204. 8.3: H128(v,d) <- SHAKE128(v,d) + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] in Block of data to hash. + * @param [in] inLen Length of data in bytes. + * @param [out] out Buffer to hold hash result. + * @param [in] outLen Number of hash blocks to return. + * @return 0 on success. + * @return Negative on error. + */ +static int dilithium_squeeze128(wc_Shake* shake128, const byte* in, + word32 inLen, byte* out, word32 outBlocks) +{ + int ret; + + /* Initialize SHAKE-128 operation. */ + ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); + if (ret == 0) { + /* Absorb data - update plus final. */ + ret = wc_Shake128_Absorb(shake128, in, inLen); + } + if (ret == 0) { + /* Squeeze out hash data. */ + ret = wc_Shake128_SqueezeBlocks(shake128, out, outBlocks); + } + + return ret; +} +#endif /* WOLFSSL_DILITHIUM_SMALL */ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (!defined(WOLFSSL_DILITHIUM_SMALL) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)) +/* 256-bit hash using SHAKE-256. + * + * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) + * Using SqueezeBlocks interface to get larger amounts of output. + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] in Block of data to hash. + * @param [in] inLen Length of data in bytes. + * @param [out] out Buffer to hold hash result. + * @param [in] outLen Number of hash blocks to return. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_squeeze256(wc_Shake* shake256, const byte* in, + word32 inLen, byte* out, word32 outBlocks) +{ + int ret; + + /* Initialize SHAKE-256 operation. */ + ret = wc_InitShake256(shake256, NULL, INVALID_DEVID); + if (ret == 0) { + /* Absorb data - update plus final. */ + ret = wc_Shake256_Absorb(shake256, in, inLen); + } + if (ret == 0) { + /* Squeeze out hash data. */ + ret = wc_Shake256_SqueezeBlocks(shake256, out, outBlocks); + } + + return ret; +} +#endif + +/****************************************************************************** + * Encode/Decode operations + ******************************************************************************/ + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +/* Encode vector of polynomials with range -ETA..ETA. + * + * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0) + * ... + * 2: for i from 0 to l - 1 do + * 3: sk <- sk || BitPack(s1[i], eta, eta) + * 4: end for + * ... + * OR + * ... + * 5: for i from 0 to k - 1 do + * 6: sk <- sk || BitPack(s2[i], eta, eta) + * 7: end for + * ... + * + * FIPS 204. 8.2: Algorithm 11 BitPack(w, a, b) + * 1: z <- () + * 2: for i from 0 to 255 do + * 3: z <- z||IntegerToBits(b - wi, bitlen(a + b)) + * 4: end for + * 5: return BitsToBytes(z) + * + * IntegerToBits makes bit array with width specified from integer. + * BitToBytes make a byte array from a bit array. + * + * @param [in] s Vector of polynomials to encode. + * @param [in] d Dimension of vector. + * @param [in] eta Range specifier of each value. + * @param [out] p Buffer to encode into. + */ +static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta, + byte* p) +{ + unsigned int i; + unsigned int j; + +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87) + /* -2..2 */ + if (eta == DILITHIUM_ETA_2) { + /* Setp 2 or 5: For each polynomial of vector. */ + for (i = 0; i < d; i++) { + /* Step 3 or 6. + * 3 bits to encode each number. + * 8 numbers become 3 bytes. (8 * 3 bits = 3 * 8 bits) */ + for (j = 0; j < DILITHIUM_N; j += 8) { + /* Make value a positive integer. */ + byte s0 = 2 - s[j + 0]; + byte s1 = 2 - s[j + 1]; + byte s2 = 2 - s[j + 2]; + byte s3 = 2 - s[j + 3]; + byte s4 = 2 - s[j + 4]; + byte s5 = 2 - s[j + 5]; + byte s6 = 2 - s[j + 6]; + byte s7 = 2 - s[j + 7]; + + /* Pack 8 3-bit values into 3 bytes. */ + p[0] = (s0 >> 0) | (s1 << 3) | (s2 << 6); + p[1] = (s2 >> 2) | (s3 << 1) | (s4 << 4) | (s5 << 7); + p[2] = (s5 >> 1) | (s6 << 2) | (s7 << 5); + /* Move to next place to encode into. */ + p += DILITHIUM_ETA_2_BITS; + } + /* Next polynomial. */ + s += DILITHIUM_N; + } + } + else +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + /* -4..4 */ + if (eta == DILITHIUM_ETA_4) { + for (i = 0; i < d; i++) { + #ifdef WOLFSSL_DILITHIUM_SMALL + /* Step 3 or 6. + * 4 bits to encode each number. + * 2 numbers become 1 bytes. (2 * 4 bits = 1 * 8 bits) */ + for (j = 0; j < DILITHIUM_N / 2; j++) { + /* Make values positive and pack 2 4-bit values into 1 byte. */ + p[j] = (((byte)(4 - s[j * 2 + 0])) << 0) | + (((byte)(4 - s[j * 2 + 1])) << 4); + } + #else + /* Step 3 or 6. + * 4 bits to encode each number. + * 8 numbers become 4 bytes. (8 * 4 bits = 4 * 8 bits) */ + for (j = 0; j < DILITHIUM_N / 2; j += 4) { + /* Make values positive and pack 2 4-bit values into 1 byte. */ + p[j + 0] = (((byte)(4 - s[j * 2 + 0])) << 0) | + (((byte)(4 - s[j * 2 + 1])) << 4); + p[j + 1] = (((byte)(4 - s[j * 2 + 2])) << 0) | + (((byte)(4 - s[j * 2 + 3])) << 4); + p[j + 2] = (((byte)(4 - s[j * 2 + 4])) << 0) | + (((byte)(4 - s[j * 2 + 5])) << 4); + p[j + 3] = (((byte)(4 - s[j * 2 + 6])) << 0) | + (((byte)(4 - s[j * 2 + 7])) << 4); + } + #endif + /* Move to next place to encode into. */ + p += DILITHIUM_N / 2; + /* Next polynomial. */ + s += DILITHIUM_N; + } + } + else +#endif + { + } +} +#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || defined(WOLFSSL_DILITHIUM_CHECK_KEY) + +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Decode polynomial with range -2..2. + * + * FIPS 204. 8.2: Algorithm 19 skDecode(sk) + * ... + * 5: for i from 0 to l - 1 do + * 6: s1[i] <- BitUnpack(yi, eta, eta) + * 7: end for + * ... + * OR + * ... + * 8: for i from 0 to k - 1 do + * 9: s2[i] <- BitUnpack(zi, eta, eta) + * 10: end for + * ... + * Where y and z are arrays of bit arrays. + * + * @param [in] p Buffer of data to decode. + * @param [in] s Vector of decoded polynomials. + */ +static void dilithium_decode_eta_2_bits(const byte* p, sword32* s) +{ + unsigned int j; + + /* Step 6 or 9. + * 3 bits to encode each number. + * 8 numbers from 3 bytes. (8 * 3 bits = 3 * 8 bits) */ + for (j = 0; j < DILITHIUM_N; j += 8) { + /* Get 3 bits and put in range of -2..2. */ + s[j + 0] = 2 - ((p[0] >> 0) & 0x7 ); + s[j + 1] = 2 - ((p[0] >> 3) & 0x7 ); + s[j + 2] = 2 - ((p[0] >> 6) | ((p[1] << 2) & 0x7)); + s[j + 3] = 2 - ((p[1] >> 1) & 0x7 ); + s[j + 4] = 2 - ((p[1] >> 4) & 0x7 ); + s[j + 5] = 2 - ((p[1] >> 7) | ((p[2] << 1) & 0x7)); + s[j + 6] = 2 - ((p[2] >> 2) & 0x7 ); + s[j + 7] = 2 - ((p[2] >> 5) & 0x7 ); + /* Move to next place to decode from. */ + p += DILITHIUM_ETA_2_BITS; + } +} +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +/* Decode polynomial with range -4..4. + * + * FIPS 204. 8.2: Algorithm 19 skDecode(sk) + * ... + * 5: for i from 0 to l - 1 do + * 6: s1[i] <- BitUnpack(yi, eta, eta) + * 7: end for + * ... + * OR + * ... + * 8: for i from 0 to k - 1 do + * 9: s2[i] <- BitUnpack(zi, eta, eta) + * 10: end for + * ... + * Where y and z are arrays of bit arrays. + * + * @param [in] p Buffer of data to decode. + * @param [in] s Vector of decoded polynomials. + */ +static void dilithium_decode_eta_4_bits(const byte* p, sword32* s) +{ + unsigned int j; + +#ifdef WOLFSSL_DILITHIUM_SMALL + /* Step 6 or 9. + * 4 bits to encode each number. + * 2 numbers from 1 bytes. (2 * 4 bits = 1 * 8 bits) */ + for (j = 0; j < DILITHIUM_N / 2; j++) { + /* Get 4 bits and put in range of -4..4. */ + s[j * 2 + 0] = 4 - (p[j] & 0xf); + s[j * 2 + 1] = 4 - (p[j] >> 4); + } +#else + /* Step 6 or 9. + * 4 bits to encode each number. + * 8 numbers from 4 bytes. (8 * 4 bits = 4 * 8 bits) */ + for (j = 0; j < DILITHIUM_N / 2; j += 4) { + /* Get 4 bits and put in range of -4..4. */ + s[j * 2 + 0] = 4 - (p[j + 0] & 0xf); + s[j * 2 + 1] = 4 - (p[j + 0] >> 4); + s[j * 2 + 2] = 4 - (p[j + 1] & 0xf); + s[j * 2 + 3] = 4 - (p[j + 1] >> 4); + s[j * 2 + 4] = 4 - (p[j + 2] & 0xf); + s[j * 2 + 5] = 4 - (p[j + 2] >> 4); + s[j * 2 + 6] = 4 - (p[j + 3] & 0xf); + s[j * 2 + 7] = 4 - (p[j + 3] >> 4); + } +#endif /* WOLFSSL_DILITHIUM_SMALL */ +} +#endif + +#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))) +/* Decode vector of polynomials with range -ETA..ETA. + * + * FIPS 204. 8.2: Algorithm 19 skDecode(sk) + * ... + * 5: for i from 0 to l - 1 do + * 6: s1[i] <- BitUnpack(yi, eta, eta) + * 7: end for + * ... + * OR + * ... + * 8: for i from 0 to k - 1 do + * 9: s2[i] <- BitUnpack(zi, eta, eta) + * 10: end for + * ... + * Where y and z are arrays of bit arrays. + * + * @param [in] p Buffer of data to decode. + * @param [in] eta Range specifier of each value. + * @param [in] s Vector of decoded polynomials. + * @param [in] d Dimension of vector. + */ +static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s, + byte d) +{ + unsigned int i; + +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87) + /* -2..2 */ + if (eta == DILITHIUM_ETA_2) { + /* Step 5 or 8: For each polynomial of vector */ + for (i = 0; i < d; i++) { + dilithium_decode_eta_2_bits(p, s); + /* Move to next place to decode from. */ + p += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8; + /* Next polynomial. */ + s += DILITHIUM_N; + } + } + else +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + /* -4..4 */ + if (eta == DILITHIUM_ETA_4) { + /* Step 5 or 8: For each polynomial of vector */ + for (i = 0; i < d; i++) { + dilithium_decode_eta_4_bits(p, s); + /* Move to next place to decode from. */ + p += DILITHIUM_N / 2; + /* Next polynomial. */ + s += DILITHIUM_N; + } + } + else +#endif + { + } +} +#endif +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN || WOLFSSL_DILITHIUM_CHECK_KEY */ + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +/* Encode t into t0 and t1. + * + * FIPS 204. 8.4: Algorithm 29 Power2Round(r) + * 1: r+ <- r mod q + * 2: r0 <- r+ mod +/- 2^d + * 3: return ((r+ - r0) / 2^d, r0) + * + * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0) + * ... + * 8: for i form 0 to k - 1 do + * 9: sk <- sk || BitPack(t0[i], s^(d-1) - 1, 2^(d-1)) + * 10: end for + * + * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1) + * ... + * 2: for i from 0 to k - 1 do + * 3: pk <- pk || SimpleBitPack(t1[i], 2^bitlen(q-1) - d - 1) + * 4: end for + * + * @param [in] t Vector of polynomials. + * @param [in] d Dimension of vector. + * @param [out] t0 Buffer to encode bottom part of value of t into. + * @param [out] t1 Buffer to encode top part of value of t into. + */ +static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1) +{ + unsigned int i; + unsigned int j; + + /* Alg 18, Step 8 and Alg 16, Step 2. For each polynomial of vector. */ + for (i = 0; i < d; i++) { + /* Alg 18, Step 9 and Alg 16, Step 3. + * Do all polynomial values - 8 at a time. */ + for (j = 0; j < DILITHIUM_N; j += 8) { + /* Take 8 values of t and take top bits and make positive. */ + word16 n1_0 = (t[j + 0] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_1 = (t[j + 1] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_2 = (t[j + 2] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_3 = (t[j + 3] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_4 = (t[j + 4] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_5 = (t[j + 5] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_6 = (t[j + 6] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_7 = (t[j + 7] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + /* Take 8 values of t and take bottom bits and make positive. */ + word16 n0_0 = DILITHIUM_D_MAX_HALF - + (t[j + 0] - (n1_0 << DILITHIUM_D)); + word16 n0_1 = DILITHIUM_D_MAX_HALF - + (t[j + 1] - (n1_1 << DILITHIUM_D)); + word16 n0_2 = DILITHIUM_D_MAX_HALF - + (t[j + 2] - (n1_2 << DILITHIUM_D)); + word16 n0_3 = DILITHIUM_D_MAX_HALF - + (t[j + 3] - (n1_3 << DILITHIUM_D)); + word16 n0_4 = DILITHIUM_D_MAX_HALF - + (t[j + 4] - (n1_4 << DILITHIUM_D)); + word16 n0_5 = DILITHIUM_D_MAX_HALF - + (t[j + 5] - (n1_5 << DILITHIUM_D)); + word16 n0_6 = DILITHIUM_D_MAX_HALF - + (t[j + 6] - (n1_6 << DILITHIUM_D)); + word16 n0_7 = DILITHIUM_D_MAX_HALF - + (t[j + 7] - (n1_7 << DILITHIUM_D)); + + /* 13 bits per number. + * 8 numbers become 13 bytes. (8 * 13 bits = 13 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2) + word32* tp; + #endif + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + tp = (word32*)t0; + tp[0] = (n0_0 ) | ((word32)n0_1 << 13) | ((word32)n0_2 << 26); + tp[1] = (n0_2 >> 6) | ((word32)n0_3 << 7) | ((word32)n0_4 << 20); + tp[2] = (n0_4 >> 12) | ((word32)n0_5 << 1) | + ((word32)n0_6 << 14) | ((word32)n0_7 << 27); + #else + t0[ 0] = (n0_0 << 0); + t0[ 1] = (n0_0 >> 8) | (n0_1 << 5); + t0[ 2] = (n0_1 >> 3) ; + t0[ 3] = (n0_1 >> 11) | (n0_2 << 2); + t0[ 4] = (n0_2 >> 6) | (n0_3 << 7); + t0[ 5] = (n0_3 >> 1) ; + t0[ 6] = (n0_3 >> 9) | (n0_4 << 4); + t0[ 7] = (n0_4 >> 4) ; + t0[ 8] = (n0_4 >> 12) | (n0_5 << 1); + t0[ 9] = (n0_5 >> 7) | (n0_6 << 6); + t0[10] = (n0_6 >> 2) ; + t0[11] = (n0_6 >> 10) | (n0_7 << 3); + #endif + t0[12] = (n0_7 >> 5) ; + + /* 10 bits per number. + * 8 bytes become 10 bytes. (8 * 10 bits = 10 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2) + tp = (word32*)t1; + tp[0] = (n1_0 ) | ((word32)n1_1 << 10) | + ((word32)n1_2 << 20) | ((word32)n1_3 << 30); + tp[1] = (n1_3 >> 2) | ((word32)n1_4 << 8) | + ((word32)n1_5 << 18) | ((word32)n1_6 << 28); + #else + t1[0] = (n1_0 << 0); + t1[1] = (n1_0 >> 8) | (n1_1 << 2); + t1[2] = (n1_1 >> 6) | (n1_2 << 4); + t1[3] = (n1_2 >> 4) | (n1_3 << 6); + t1[4] = (n1_3 >> 2) ; + t1[5] = (n1_4 << 0); + t1[6] = (n1_4 >> 8) | (n1_5 << 2); + t1[7] = (n1_5 >> 6) | (n1_6 << 4); + #endif + t1[8] = (n1_6 >> 4) | (n1_7 << 6); + t1[9] = (n1_7 >> 2) ; + + /* Move to next place to encode bottom bits to. */ + t0 += DILITHIUM_D; + /* Move to next place to encode top bits to. */ + t1 += DILITHIUM_U; + } + /* Next polynomial. */ + t += DILITHIUM_N; + } +} +#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || defined(WOLFSSL_DILITHIUM_CHECK_KEY) +/* Decode bottom D bits of t as t0. + * + * FIPS 204. 8.2: Algorithm 19 skDecode(sk) + * ... + * 12: t0[i] <- BitUnpack(wi, 2^(d-1) - 1, 2^(d-1) + * ... + * + * @param [in] t0 Encoded values of t0. + * @param [in] d Dimensions of vector t0. + * @param [out] t Vector of polynomials. + */ +static void dilithium_decode_t0(const byte* t0, sword32* t) +{ + unsigned int j; + + /* Step 12. Get 13 bits and convert to range (2^(d-1)-1)..2^(d-1). */ + for (j = 0; j < DILITHIUM_N; j += 8) { + /* 13 bits used per number. + * 8 numbers from 13 bytes. (8 * 13 bits = 13 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + word32 t32_2 = ((const word32*)t0)[2]; + #ifdef WC_64BIT_CPU + word64 t64 = *(const word64*)t0; + t[j + 0] = DILITHIUM_D_MAX_HALF - ( t64 & 0x1fff); + t[j + 1] = DILITHIUM_D_MAX_HALF - ((t64 >> 13) & 0x1fff); + t[j + 2] = DILITHIUM_D_MAX_HALF - ((t64 >> 26) & 0x1fff); + t[j + 3] = DILITHIUM_D_MAX_HALF - ((t64 >> 39) & 0x1fff); + t[j + 4] = DILITHIUM_D_MAX_HALF - + ((t64 >> 52) | ((t32_2 & 0x0001) << 12)); + #else + word32 t32_0 = ((const word32*)t0)[0]; + word32 t32_1 = ((const word32*)t0)[1]; + t[j + 0] = DILITHIUM_D_MAX_HALF - + ( t32_0 & 0x1fff); + t[j + 1] = DILITHIUM_D_MAX_HALF - + ((t32_0 >> 13) & 0x1fff); + t[j + 2] = DILITHIUM_D_MAX_HALF - + (( t32_0 >> 26 ) | ((t32_1 & 0x007f) << 6)); + t[j + 3] = DILITHIUM_D_MAX_HALF - + ((t32_1 >> 7) & 0x1fff); + t[j + 4] = DILITHIUM_D_MAX_HALF - + (( t32_1 >> 20 ) | ((t32_2 & 0x0001) << 12)); + #endif + t[j + 5] = DILITHIUM_D_MAX_HALF - + ((t32_2 >> 1) & 0x1fff); + t[j + 6] = DILITHIUM_D_MAX_HALF - + ((t32_2 >> 14) & 0x1fff); + t[j + 7] = DILITHIUM_D_MAX_HALF - + (( t32_2 >> 27 ) | ((word32)t0[12] ) << 5 ); +#else + t[j + 0] = DILITHIUM_D_MAX_HALF - + ((t0[ 0] ) | (((word16)(t0[ 1] & 0x1f)) << 8)); + t[j + 1] = DILITHIUM_D_MAX_HALF - + ((t0[ 1] >> 5) | (((word16)(t0[ 2] )) << 3) | + (((word16)(t0[ 3] & 0x03)) << 11)); + t[j + 2] = DILITHIUM_D_MAX_HALF - + ((t0[ 3] >> 2) | (((word16)(t0[ 4] & 0x7f)) << 6)); + t[j + 3] = DILITHIUM_D_MAX_HALF - + ((t0[ 4] >> 7) | (((word16)(t0[ 5] )) << 1) | + (((word16)(t0[ 6] & 0x0f)) << 9)); + t[j + 4] = DILITHIUM_D_MAX_HALF - + ((t0[ 6] >> 4) | (((word16)(t0[ 7] )) << 4) | + (((word16)(t0[ 8] & 0x01)) << 12)); + t[j + 5] = DILITHIUM_D_MAX_HALF - + ((t0[ 8] >> 1) | (((word16)(t0[ 9] & 0x3f)) << 7)); + t[j + 6] = DILITHIUM_D_MAX_HALF - + ((t0[ 9] >> 6) | (((word16)(t0[10] )) << 2) | + (((word16)(t0[11] & 0x07)) << 10)); + t[j + 7] = DILITHIUM_D_MAX_HALF - + ((t0[11] >> 3) | (((word16)(t0[12] )) << 5)); +#endif + /* Move to next place to decode from. */ + t0 += DILITHIUM_D; + } +} + +#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))) +/* Decode bottom D bits of t as t0. + * + * FIPS 204. 8.2: Algorithm 19 skDecode(sk) + * ... + * 11: for i from 0 to k - 1 do + * 12: t0[i] <- BitUnpack(wi, 2^(d-1) - 1, 2^(d-1) + * 13: end for + * ... + * + * @param [in] t0 Encoded values of t0. + * @param [in] d Dimensions of vector t0. + * @param [out] t Vector of polynomials. + */ +static void dilithium_vec_decode_t0(const byte* t0, byte d, sword32* t) +{ + unsigned int i; + + /* Step 11. For each polynomial of vector. */ + for (i = 0; i < d; i++) { + dilithium_decode_t0(t0, t); + t0 += DILITHIUM_D * DILITHIUM_N / 8; + /* Next polynomial. */ + t += DILITHIUM_N; + } +} +#endif +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN || WOLFSSL_DILITHIUM_CHECK_KEY */ + +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) +/* Decode top bits of t as t1. + * + * FIPS 204. 8.2: Algorithm 17 pkDecode(pk) + * ... + * 4: t1[i] <- SimpleBitUnpack(zi, 2^(bitlen(q-1)-d) - 1) + * ... + * + * @param [in] t1 Encoded values of t1. + * @param [out] t Polynomials. + */ +static void dilithium_decode_t1(const byte* t1, sword32* t) +{ + unsigned int j; + /* Step 4. Get 10 bits as a number. */ + for (j = 0; j < DILITHIUM_N; j += 8) { + /* 10 bits used per number. + * 8 numbers from 10 bytes. (8 * 10 bits = 10 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + #ifdef WC_64BIT_CPU + word64 t64 = *(const word64*) t1; + word16 t16 = *(const word16*)(t1 + 8); + t[j+0] = (sword32)( ( t64 & 0x03ff) << DILITHIUM_D); + t[j+1] = (sword32)( ((t64 >> 10) & 0x03ff) << DILITHIUM_D); + t[j+2] = (sword32)( ((t64 >> 20) & 0x03ff) << DILITHIUM_D); + t[j+3] = (sword32)( ((t64 >> 30) & 0x03ff) << DILITHIUM_D); + t[j+4] = (sword32)( ((t64 >> 40) & 0x03ff) << DILITHIUM_D); + t[j+5] = (sword32)( ((t64 >> 50) & 0x03ff) << DILITHIUM_D); + t[j+6] = (sword32)((((t64 >> 60)| (t16 << 4)) & 0x03ff) << DILITHIUM_D); + t[j+7] = (sword32)( ((t16 >> 6) & 0x03ff) << DILITHIUM_D); + #else + word32 t32 = *((const word32*)t1); + t[j + 0] = ( t32 & 0x03ff ) << + DILITHIUM_D; + t[j + 1] = ((t32 >> 10) & 0x03ff ) << + DILITHIUM_D; + t[j + 2] = ((t32 >> 20) & 0x03ff ) << + DILITHIUM_D; + t[j + 3] = ((t32 >> 30) | (((word16)t1[4]) << 2)) << + DILITHIUM_D; + t32 = *((const word32*)(t1 + 5)); + t[j + 4] = ( t32 & 0x03ff ) << + DILITHIUM_D; + t[j + 5] = ((t32 >> 10) & 0x03ff ) << + DILITHIUM_D; + t[j + 6] = ((t32 >> 20) & 0x03ff ) << + DILITHIUM_D; + t[j + 7] = ((t32 >> 30) | (((word16)t1[9]) << 2)) << + DILITHIUM_D; + #endif +#else + t[j + 0] = (sword32)((t1[0] >> 0) | (((word16)(t1[1] & 0x03)) << 8)) + << DILITHIUM_D; + t[j + 1] = (sword32)((t1[1] >> 2) | (((word16)(t1[2] & 0x0f)) << 6)) + << DILITHIUM_D; + t[j + 2] = (sword32)((t1[2] >> 4) | (((word16)(t1[3] & 0x3f)) << 4)) + << DILITHIUM_D; + t[j + 3] = (sword32)((t1[3] >> 6) | (((word16)(t1[4] )) << 2)) + << DILITHIUM_D; + t[j + 4] = (sword32)((t1[5] >> 0) | (((word16)(t1[6] & 0x03)) << 8)) + << DILITHIUM_D; + t[j + 5] = (sword32)((t1[6] >> 2) | (((word16)(t1[7] & 0x0f)) << 6)) + << DILITHIUM_D; + t[j + 6] = (sword32)((t1[7] >> 4) | (((word16)(t1[8] & 0x3f)) << 4)) + << DILITHIUM_D; + t[j + 7] = (sword32)((t1[8] >> 6) | (((word16)(t1[9] )) << 2)) + << DILITHIUM_D; +#endif + /* Move to next place to decode from. */ + t1 += DILITHIUM_U; + } +} +#endif + +#if (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) +/* Decode top bits of t as t1. + * + * FIPS 204. 8.2: Algorithm 17 pkDecode(pk) + * ... + * 3: for i from 0 to k - 1 do + * 4: t1[i] <- SimpleBitUnpack(zi, 2^(bitlen(q-1)-d) - 1) + * 5: end for + * ... + * + * @param [in] t1 Encoded values of t1. + * @param [in] d Dimensions of vector t1. + * @param [out] t Vector of polynomials. + */ +static void dilithium_vec_decode_t1(const byte* t1, byte d, sword32* t) +{ + unsigned int i; + + /* Step 3. For each polynomial of vector. */ + for (i = 0; i < d; i++) { + dilithium_decode_t1(t1, t); + /* Next polynomial. */ + t1 += DILITHIUM_U * DILITHIUM_N / 8; + t += DILITHIUM_N; + } +} +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Encode z with range of -(GAMMA1-1)...GAMMA1 + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 3: sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1) + * ... + * + * @param [in] z Polynomial to encode. + * @param [out] s Buffer to encode into. + */ +static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s) +{ + unsigned int j; + + /* Step 3. Get 18 bits as a number. */ + for (j = 0; j < DILITHIUM_N; j += 4) { + word32 z0 = DILITHIUM_GAMMA1_17 - z[j + 0]; + word32 z1 = DILITHIUM_GAMMA1_17 - z[j + 1]; + word32 z2 = DILITHIUM_GAMMA1_17 - z[j + 2]; + word32 z3 = DILITHIUM_GAMMA1_17 - z[j + 3]; + + /* 18 bits per number. + * 8 numbers become 9 bytes. (8 * 9 bits = 9 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + #ifdef WC_64BIT_CPU + word64* s64p = (word64*)s; + s64p[0] = z0 | ((word64)z1 << 18) | + ((word64)z2 << 36) | ((word64)z3 << 54); + #else + word32* s32p = (word32*)s; + s32p[0] = z0 | (z1 << 18) ; + s32p[1] = (z1 >> 14) | (z2 << 4) | (z3 << 22); + #endif +#else + s[0] = z0 ; + s[1] = z0 >> 8 ; + s[2] = (z0 >> 16) | (z1 << 2); + s[3] = z1 >> 6 ; + s[4] = (z1 >> 14) | (z2 << 4); + s[5] = z2 >> 4 ; + s[6] = (z2 >> 12) | (z3 << 6); + s[7] = z3 >> 2 ; +#endif + s[8] = z3 >> 10 ; + /* Move to next place to encode to. */ + s += DILITHIUM_GAMMA1_17_ENC_BITS / 2; + } +} +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Encode z with range of -(GAMMA1-1)...GAMMA1 + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 3: sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1) + * ... + * + * @param [in] z Polynomial to encode. + * @param [out] s Buffer to encode into. + */ +static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s) +{ + unsigned int j; + + /* Step 3. Get 20 bits as a number. */ + for (j = 0; j < DILITHIUM_N; j += 4) { + sword32 z0 = DILITHIUM_GAMMA1_19 - z[j + 0]; + sword32 z1 = DILITHIUM_GAMMA1_19 - z[j + 1]; + sword32 z2 = DILITHIUM_GAMMA1_19 - z[j + 2]; + sword32 z3 = DILITHIUM_GAMMA1_19 - z[j + 3]; + + /* 20 bits per number. + * 4 numbers become 10 bytes. (4 * 20 bits = 10 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2) + word16* s16p = (word16*)s; + #ifdef WC_64BIT_CPU + word64* s64p = (word64*)s; + s64p[0] = z0 | ((word64)z1 << 20) | + ((word64)z2 << 40) | ((word64)z3 << 60); + #else + word32* s32p = (word32*)s; + s32p[0] = z0 | (z1 << 20) ; + s32p[1] = (z1 >> 12) | (z2 << 8) | (z3 << 28); + #endif + s16p[4] = (z3 >> 4) ; +#else + s[0] = z0 ; + s[1] = (z0 >> 8) ; + s[2] = (z0 >> 16) | (z1 << 4); + s[3] = (z1 >> 4) ; + s[4] = (z1 >> 12) ; + s[5] = z2 ; + s[6] = (z2 >> 8) ; + s[7] = (z2 >> 16) | (z3 << 4); + s[8] = (z3 >> 4) ; + s[9] = (z3 >> 12) ; +#endif + /* Move to next place to encode to. */ + s += DILITHIUM_GAMMA1_19_ENC_BITS / 2; + } +} +#endif + +#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +/* Encode z with range of -(GAMMA1-1)...GAMMA1 + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 2: for i form 0 to l - 1 do + * 3: sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1) + * 4: end for + * ... + * + * @param [in] z Vector of polynomials to encode. + * @param [in] l Dimension of vector. + * @param [in] bits Number of bits used in encoding - GAMMA1 bits. + * @param [out] s Buffer to encode into. + */ +static void dilithium_vec_encode_gamma1(const sword32* z, byte l, int bits, + byte* s) +{ + unsigned int i; + + (void)l; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (bits == DILITHIUM_GAMMA1_BITS_17) { + /* Step 2. For each polynomial of vector. */ + for (i = 0; i < PARAMS_ML_DSA_44_L; i++) { + dilithium_encode_gamma1_17_bits(z, s); + /* Move to next place to encode to. */ + s += DILITHIUM_GAMMA1_17_ENC_BITS / 2 * DILITHIUM_N / 4; + /* Next polynomial. */ + z += DILITHIUM_N; + } + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (bits == DILITHIUM_GAMMA1_BITS_19) { + /* Step 2. For each polynomial of vector. */ + for (i = 0; i < l; i++) { + dilithium_encode_gamma1_19_bits(z, s); + /* Move to next place to encode to. */ + s += DILITHIUM_GAMMA1_19_ENC_BITS / 2 * DILITHIUM_N / 4; + /* Next polynomial. */ + z += DILITHIUM_N; + } + } + else +#endif + { + } +} +#endif /* WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */ + +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +/* Decode polynomial with range -(GAMMA1-1)..GAMMA1. + * + * FIPS 204. 8.2: Algorithm 21 sigDecode(sigma) + * ... + * 4: z[i] <- BitUnpack(xi, GAMMA1 - 1, GAMMA1) + * ... + * + * @param [in] s Encoded values of z. + * @param [in] bits Number of bits used in encoding - GAMMA1 bits. + * @param [out] z Polynomial to fill. + */ +static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z) +{ + unsigned int i; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (bits == DILITHIUM_GAMMA1_BITS_17) { +#if defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) || defined(WOLFSSL_DILITHIUM_SMALL) + /* Step 4: Get 18 bits as a number. */ + for (i = 0; i < DILITHIUM_N; i += 4) { + /* 18 bits per number. + * 4 numbers from 9 bytes. (4 * 18 bits = 9 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + #ifdef WC_64BIT_CPU + word64 s64_0 = *(const word64*)(s+0); + z[i+0] = (word32)DILITHIUM_GAMMA1_17 - + ( s64_0 & 0x3ffff ); + z[i+1] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 18) & 0x3ffff ); + z[i+2] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 36) & 0x3ffff ); + z[i+3] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 54) | (((word32)s[8]) << 10)); + #else + word32 s32_0 = ((const word32*)(s+0))[0]; + word32 s32_1 = ((const word32*)(s+0))[1]; + z[i+0] = (word32)DILITHIUM_GAMMA1_17 - + ( s32_0 & 0x3ffff ); + z[i+1] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14))); + z[i+2] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 4) & 0x3ffff); + z[i+3] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 22) | (((word32)s[8]) << 10 )); + #endif + #else + z[i+0] = DILITHIUM_GAMMA1_17 - + ( s[ 0] | ((sword32)(s[ 1] << 8) | + (sword32)(s[ 2] & 0x03) << 16)); + z[i+1] = DILITHIUM_GAMMA1_17 - + ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | + (sword32)(s[ 4] & 0x0f) << 14)); + z[i+2] = DILITHIUM_GAMMA1_17 - + ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | + (sword32)(s[ 6] & 0x3f) << 12)); + z[i+3] = DILITHIUM_GAMMA1_17 - + ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | + (sword32)(s[ 8] ) << 10)); + #endif + /* Move to next place to decode from. */ + s += DILITHIUM_GAMMA1_17_ENC_BITS / 2; + } +#else + /* Step 4: Get 18 bits as a number. */ + for (i = 0; i < DILITHIUM_N; i += 8) { + /* 18 bits per number. + * 8 numbers from 9 bytes. (8 * 18 bits = 18 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + #ifdef WC_64BIT_CPU + word64 s64_0 = *(const word64*)(s+0); + word64 s64_1 = *(const word64*)(s+9); + z[i+0] = (word32)DILITHIUM_GAMMA1_17 - + ( s64_0 & 0x3ffff ); + z[i+1] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 18) & 0x3ffff ); + z[i+2] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 36) & 0x3ffff ); + z[i+3] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 54) | (((word32)s[8]) << 10)); + z[i+4] = (word32)DILITHIUM_GAMMA1_17 - + ( s64_1 & 0x3ffff ); + z[i+5] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 18) & 0x3ffff ); + z[i+6] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 36) & 0x3ffff ); + z[i+7] = (word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 54) | (((word32)s[17]) << 10)); + #else + word32 s32_0 = ((const word32*)(s+0))[0]; + word32 s32_1 = ((const word32*)(s+0))[1]; + word32 s32_2 = ((const word32*)(s+9))[0]; + word32 s32_3 = ((const word32*)(s+9))[1]; + z[i+0] = (word32)DILITHIUM_GAMMA1_17 - + ( s32_0 & 0x3ffff ); + z[i+1] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14))); + z[i+2] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 4) & 0x3ffff); + z[i+3] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 22) | (((word32)s[8]) << 10 )); + z[i+4] = (word32)DILITHIUM_GAMMA1_17 - + ( s32_2 & 0x3ffff ); + z[i+5] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_2 >> 18) | (((s32_3 & 0x0000f) << 14))); + z[i+6] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_3 >> 4) & 0x3ffff); + z[i+7] = (word32)DILITHIUM_GAMMA1_17 - + ((s32_3 >> 22) | (((word32)s[17]) << 10 )); + #endif + #else + z[i+0] = DILITHIUM_GAMMA1_17 - + ( s[ 0] | ((sword32)(s[ 1] << 8) | + (sword32)(s[ 2] & 0x03) << 16)); + z[i+1] = DILITHIUM_GAMMA1_17 - + ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | + (sword32)(s[ 4] & 0x0f) << 14)); + z[i+2] = DILITHIUM_GAMMA1_17 - + ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | + (sword32)(s[ 6] & 0x3f) << 12)); + z[i+3] = DILITHIUM_GAMMA1_17 - + ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | + (sword32)(s[ 8] ) << 10)); + z[i+4] = DILITHIUM_GAMMA1_17 - + ( s[ 9] | ((sword32)(s[10] << 8) | + (sword32)(s[11] & 0x03) << 16)); + z[i+5] = DILITHIUM_GAMMA1_17 - + ((s[11] >> 2) | ((sword32)(s[12] << 6) | + (sword32)(s[13] & 0x0f) << 14)); + z[i+6] = DILITHIUM_GAMMA1_17 - + ((s[13] >> 4) | ((sword32)(s[14] << 4) | + (sword32)(s[15] & 0x3f) << 12)); + z[i+7] = DILITHIUM_GAMMA1_17 - + ((s[15] >> 6) | ((sword32)(s[16] << 2) | + (sword32)(s[17] ) << 10)); + #endif + /* Move to next place to decode from. */ + s += DILITHIUM_GAMMA1_17_ENC_BITS; + } +#endif + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (bits == DILITHIUM_GAMMA1_BITS_19) { +#if defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) || defined(WOLFSSL_DILITHIUM_SMALL) + /* Step 4: Get 20 bits as a number. */ + for (i = 0; i < DILITHIUM_N; i += 4) { + /* 20 bits per number. + * 4 numbers from 10 bytes. (4 * 20 bits = 10 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2) + word16 s16_0 = ((const word16*)s)[4]; + #ifdef WC_64BIT_CPU + word64 s64_0 = *(const word64*)s; + z[i+0] = DILITHIUM_GAMMA1_19 - ( s64_0 & 0xfffff) ; + z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff) ; + z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff) ; + z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff) | + ((sword32)s16_0 << 4)); + #else + word32 s32_0 = ((const word32*)s)[0]; + word32 s32_1 = ((const word32*)s)[1]; + z[i+0] = DILITHIUM_GAMMA1_19 - ( s32_0 & 0xfffff); + z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0 >> 20) | + ((s32_1 & 0x000ff) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >> 8) & 0xfffff); + z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1 >> 28) | + ((sword32)s16_0 << 4)); + #endif + #else + z[i+0] = DILITHIUM_GAMMA1_19 - ( s[0] | ((sword32)s[1] << 8) | + ((sword32)(s[2] & 0x0f) << 16)); + z[i+1] = DILITHIUM_GAMMA1_19 - ((s[2] >> 4) | ((sword32)s[3] << 4) | + ((sword32)(s[4] ) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - ( s[5] | ((sword32)s[6] << 8) | + ((sword32)(s[7] & 0x0f) << 16)); + z[i+3] = DILITHIUM_GAMMA1_19 - ((s[7] >> 4) | ((sword32)s[8] << 4) | + ((sword32)(s[9] ) << 12)); + #endif + /* Move to next place to decode from. */ + s += DILITHIUM_GAMMA1_19_ENC_BITS / 2; + } +#else + /* Step 4: Get 20 bits as a number. */ + for (i = 0; i < DILITHIUM_N; i += 8) { + /* 20 bits per number. + * 8 numbers from 10 bytes. (8 * 20 bits = 20 * 8 bits) */ + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2) + word16 s16_0 = ((const word16*)s)[4]; + word16 s16_1 = ((const word16*)s)[9]; + #ifdef WC_64BIT_CPU + word64 s64_0 = *(const word64*)(s+0); + word64 s64_1 = *(const word64*)(s+10); + z[i+0] = DILITHIUM_GAMMA1_19 - ( s64_0 & 0xfffff) ; + z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff) ; + z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff) ; + z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff) | + ((sword32)s16_0 << 4)); + z[i+4] = DILITHIUM_GAMMA1_19 - ( s64_1 & 0xfffff) ; + z[i+5] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 20) & 0xfffff) ; + z[i+6] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 40) & 0xfffff) ; + z[i+7] = DILITHIUM_GAMMA1_19 - (((s64_1 >> 60) & 0xfffff) | + ((sword32)s16_1 << 4)); + #else + word32 s32_0 = ((const word32*)(s+ 0))[0]; + word32 s32_1 = ((const word32*)(s+ 0))[1]; + word32 s32_2 = ((const word32*)(s+10))[0]; + word32 s32_3 = ((const word32*)(s+10))[1]; + z[i+0] = DILITHIUM_GAMMA1_19 - ( s32_0 & 0xfffff); + z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0 >> 20) | + ((s32_1 & 0x000ff) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >> 8) & 0xfffff); + z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1 >> 28) | + ((sword32)s16_0 << 4)); + z[i+4] = DILITHIUM_GAMMA1_19 - ( s32_2 & 0xfffff); + z[i+5] = DILITHIUM_GAMMA1_19 - (( s32_2 >> 20) | + ((s32_3 & 0x000ff) << 12)); + z[i+6] = DILITHIUM_GAMMA1_19 - ( (s32_3 >> 8) & 0xfffff); + z[i+7] = DILITHIUM_GAMMA1_19 - (( s32_3 >> 28) | + ((sword32)s16_1 << 4)); + #endif + #else + z[i+0] = DILITHIUM_GAMMA1_19 - ( s[ 0] | + ((sword32)s[ 1] << 8) | + ((sword32)(s[ 2] & 0x0f) << 16)); + z[i+1] = DILITHIUM_GAMMA1_19 - ((s[ 2] >> 4) | + ((sword32) s[ 3] << 4) | + ((sword32)(s[ 4] ) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - ( s[ 5] | + ((sword32) s[ 6] << 8) | + ((sword32)(s[ 7] & 0x0f) << 16)); + z[i+3] = DILITHIUM_GAMMA1_19 - ((s[ 7] >> 4) | + ((sword32) s[ 8] << 4) | + ((sword32)(s[ 9] ) << 12)); + z[i+4] = DILITHIUM_GAMMA1_19 - ( s[10] | + ((sword32) s[11] << 8) | + ((sword32)(s[12] & 0x0f) << 16)); + z[i+5] = DILITHIUM_GAMMA1_19 - ((s[12] >> 4) | + ((sword32) s[13] << 4) | + ((sword32)(s[14] ) << 12)); + z[i+6] = DILITHIUM_GAMMA1_19 - ( s[15] | + ((sword32) s[16] << 8) | + ((sword32)(s[17] & 0x0f) << 16)); + z[i+7] = DILITHIUM_GAMMA1_19 - ((s[17] >> 4) | + ((sword32) s[18] << 4) | + ((sword32)(s[19] ) << 12)); + #endif + /* Move to next place to decode from. */ + s += DILITHIUM_GAMMA1_19_ENC_BITS; + } +#endif + } + else +#endif + { + } +} +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* Decode polynomial with range -(GAMMA1-1)..GAMMA1. + * + * FIPS 204. 8.2: Algorithm 21 sigDecode(sigma) + * ... + * 3: for i from 0 to l - 1 do + * 4: z[i] <- BitUnpack(xi, GAMMA1 - 1, GAMMA1) + * 5: end for + * ... + * + * @param [in] x Encoded values of t0. + * @param [in] l Dimensions of vector z. + * @param [in] bits Number of bits used in encoding - GAMMA1 bits. + * @param [out] z Vector of polynomials. + */ +static void dilithium_vec_decode_gamma1(const byte* x, byte l, int bits, + sword32* z) +{ + unsigned int i; + + /* Step 3: For each polynomial of vector. */ + for (i = 0; i < l; i++) { + /* Step 4: Unpack a polynomial. */ + dilithium_decode_gamma1(x, bits, z); + /* Move pointers on to next polynomial. */ + x += DILITHIUM_N / 8 * (bits + 1); + z += DILITHIUM_N; + } +} +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1). + * + * FIPS 204. 8.2: Algorithm 22 w1Encode(w1) + * ... + * 3: w1_tilde <- w1_tilde || + * ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1)) + * ... + * + * @param [in] w1 Vector of polynomials to encode. + * @param [in] gamma2 Maximum value in range. + * @param [out] w1e Buffer to encode into. + */ +static void dilithium_encode_w1_88(const sword32* w1, byte* w1e) +{ + unsigned int j; + + /* Step 3: Encode a polynomial values 6 bits at a time. */ + for (j = 0; j < DILITHIUM_N; j += 16) { + /* 6 bits per number. + * 16 numbers in 12 bytes. (16 * 6 bits = 12 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 4) + word32* w1e32 = (word32*)w1e; + w1e32[0] = w1[j+ 0] | (w1[j+ 1] << 6) | + (w1[j+ 2] << 12) | (w1[j+ 3] << 18) | + (w1[j+ 4] << 24) | (w1[j+ 5] << 30); + w1e32[1] = (w1[j+ 5] >> 2) | (w1[j+ 6] << 4) | + (w1[j+ 7] << 10) | (w1[j+ 8] << 16) | + (w1[j+ 9] << 22) | (w1[j+10] << 28); + w1e32[2] = (w1[j+10] >> 4) | (w1[j+11] << 2) | + (w1[j+12] << 8) | (w1[j+13] << 14) | + (w1[j+14] << 20) | (w1[j+15] << 26); +#else + w1e[ 0] = w1[j+ 0] | (w1[j+ 1] << 6); + w1e[ 1] = (w1[j+ 1] >> 2) | (w1[j+ 2] << 4); + w1e[ 2] = (w1[j+ 2] >> 4) | (w1[j+ 3] << 2); + w1e[ 3] = w1[j+ 4] | (w1[j+ 5] << 6); + w1e[ 4] = (w1[j+ 5] >> 2) | (w1[j+ 6] << 4); + w1e[ 5] = (w1[j+ 6] >> 4) | (w1[j+ 7] << 2); + w1e[ 6] = w1[j+ 8] | (w1[j+ 9] << 6); + w1e[ 7] = (w1[j+ 9] >> 2) | (w1[j+10] << 4); + w1e[ 8] = (w1[j+10] >> 4) | (w1[j+11] << 2); + w1e[ 9] = w1[j+12] | (w1[j+13] << 6); + w1e[10] = (w1[j+13] >> 2) | (w1[j+14] << 4); + w1e[11] = (w1[j+14] >> 4) | (w1[j+15] << 2); +#endif + /* Move to next place to encode to. */ + w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2; + } +} +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1). + * + * FIPS 204. 8.2: Algorithm 22 w1Encode(w1) + * ... + * 3: w1_tilde <- w1_tilde || + * ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1)) + * ... + * + * @param [in] w1 Vector of polynomials to encode. + * @param [in] gamma2 Maximum value in range. + * @param [out] w1e Buffer to encode into. + */ +static void dilithium_encode_w1_32(const sword32* w1, byte* w1e) +{ + unsigned int j; + + /* Step 3: Encode a polynomial values 4 bits at a time. */ + for (j = 0; j < DILITHIUM_N; j += 16) { + /* 4 bits per number. + * 16 numbers in 8 bytes. (16 * 4 bits = 8 * 8 bits) */ +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 8) + word32* w1e32 = (word32*)w1e; + w1e32[0] = (w1[j + 0] << 0) | (w1[j + 1] << 4) | + (w1[j + 2] << 8) | (w1[j + 3] << 12) | + (w1[j + 4] << 16) | (w1[j + 5] << 20) | + (w1[j + 6] << 24) | (w1[j + 7] << 28); + w1e32[1] = (w1[j + 8] << 0) | (w1[j + 9] << 4) | + (w1[j + 10] << 8) | (w1[j + 11] << 12) | + (w1[j + 12] << 16) | (w1[j + 13] << 20) | + (w1[j + 14] << 24) | (w1[j + 15] << 28); +#else + w1e[0] = w1[j + 0] | (w1[j + 1] << 4); + w1e[1] = w1[j + 2] | (w1[j + 3] << 4); + w1e[2] = w1[j + 4] | (w1[j + 5] << 4); + w1e[3] = w1[j + 6] | (w1[j + 7] << 4); + w1e[4] = w1[j + 8] | (w1[j + 9] << 4); + w1e[5] = w1[j + 10] | (w1[j + 11] << 4); + w1e[6] = w1[j + 12] | (w1[j + 13] << 4); + w1e[7] = w1[j + 14] | (w1[j + 15] << 4); +#endif + /* Move to next place to encode to. */ + w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2; + } +} +#endif +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1). + * + * FIPS 204. 8.2: Algorithm 22 w1Encode(w1) + * 1: w1_tilde = () + * 2: for i form 0 to k - 1 do + * 3: w1_tilde <- w1_tilde || + * ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1)) + * 4: end for + * 5: return w1_tilde + * + * @param [in] w1 Vector of polynomials to encode. + * @param [in] k Dimension of vector. + * @param [in] gamma2 Maximum value in range. + * @param [out] w1e Buffer to encode into. + */ +static void dilithium_vec_encode_w1(const sword32* w1, byte k, sword32 gamma2, + byte* w1e) +{ + unsigned int i; + + (void)k; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (gamma2 == DILITHIUM_Q_LOW_88) { + /* Step 2. For each polynomial of vector. */ + for (i = 0; i < PARAMS_ML_DSA_44_K; i++) { + dilithium_encode_w1_88(w1, w1e); + /* Next polynomial. */ + w1 += DILITHIUM_N; + w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16; + } + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (gamma2 == DILITHIUM_Q_LOW_32) { + /* Step 2. For each polynomial of vector. */ + for (i = 0; i < k; i++) { + dilithium_encode_w1_32(w1, w1e); + /* Next polynomial. */ + w1 += DILITHIUM_N; + w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16; + } + } + else +#endif + { + } +} +#endif + +/****************************************************************************** + * Expand operations + ******************************************************************************/ + +/* Generate a random polynomial by rejection. + * + * FIPS 204. 8.3: Algorithm 24 RejNTTPoly(rho) + * 1: j <- 0 + * 2: c <- 0 + * 3: while j < 256 do + * 4: a_hat[j] <- CoeffFromThreeBytes(H128(rho)[[c]], H128(rho)[[c+1]], + * H128(rho)[[c+2]]) + * 5: c <- c + 3 + * 6: if a_hat[j] != falsam then + * 7: j <- j + 1 + * 8: end if + * 9: end while + * 10: return a_hat + * + * FIPS 204. 8.1: Algorithm 8 CoeffFromThreeBytes(b0,b1,b2) + * 1: if b2 > 127 then + * 2: b2 <- b2 - 128 + * 3. end if + * 4. z <- 2^16.b2 + s^8.b1 + b0 + * 5. if z < q then return z + * 6. else return falsam + * 7. end if + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] seed Seed to hash to generate values. + * @param [out] a Polynomial. + * @param [in] h Buffer to hold hashes. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a, + byte* h) +{ + int ret = 0; +#ifdef WOLFSSL_DILITHIUM_SMALL + int j = 0; + +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Reading 4 bytes for 3 so need to set 1 past for last read. */ + h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0; +#endif + + /* Initialize SHAKE-128 object for new hash. */ + ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); + if (ret == 0) { + /* Absorb the seed. */ + ret = wc_Shake128_Absorb(shake128, seed, DILITHIUM_GEN_A_SEED_SZ); + } + /* Keep generating more blocks and using triplets until we have enough. + */ + while ((ret == 0) && (j < DILITHIUM_N)) { + /* Squeeze out a block - 168 bytes = 56 values. */ + ret = wc_Shake128_SqueezeBlocks(shake128, h, 1); + if (ret == 0) { + int c; + /* Use triplets until run out or have enough for polynomial. */ + for (c = 0; c < DILITHIUM_GEN_A_BLOCK_BYTES; c += 3) { + #if defined(LITTLE_ENDIAN_ORDER) && \ + (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t = *((sword32*)(h + c)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t = (h[c] + ((sword32)h[c+1] << 8) + + ((sword32)h[c+2] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. + */ + a[j++] = t; + /* Check we whether we have enough yet. */ + if (j == DILITHIUM_N) { + break; + } + } + } + } + } +#else + unsigned int j = 0; + unsigned int c; + + /* Generate enough SHAKE-128 output blocks to give high probability of + * being able to get 256 valid 3-byte, 23-bit values from it. */ + ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h, + DILITHIUM_GEN_A_NBLOCKS); + if (ret == 0) { + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Reading 4 bytes for 3 so need to set 1 past for last read. */ + h[DILITHIUM_GEN_A_BYTES] = 0; + #endif + + /* Use the first 256 triplets and know we won't exceed required. */ + #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE + for (c = 0; c < (DILITHIUM_N - 1) * 3; c += 3) { + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t = *((sword32*)(h + c)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t = (h[c] + ((sword32)h[c+1] << 8) + + ((sword32)h[c+2] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t; + } + } + /* Use the remaining triplets, checking we have enough. */ + for (; c < DILITHIUM_GEN_A_BYTES; c += 3) { + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t = *((sword32*)(h + c)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t = (h[c] + ((sword32)h[c+1] << 8) + + ((sword32)h[c+2] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t; + /* Check we whether we have enough yet. */ + if (j == DILITHIUM_N) { + break; + } + } + } + #else + /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */ + for (c = 0; c < DILITHIUM_N * 3; c += 24) { + #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t0 = *((sword32*)(h + c + 0)) & 0x7fffff; + sword32 t1 = *((sword32*)(h + c + 3)) & 0x7fffff; + sword32 t2 = *((sword32*)(h + c + 6)) & 0x7fffff; + sword32 t3 = *((sword32*)(h + c + 9)) & 0x7fffff; + sword32 t4 = *((sword32*)(h + c + 12)) & 0x7fffff; + sword32 t5 = *((sword32*)(h + c + 15)) & 0x7fffff; + sword32 t6 = *((sword32*)(h + c + 18)) & 0x7fffff; + sword32 t7 = *((sword32*)(h + c + 21)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t0 = (h[c + 0] + ((sword32)h[c + 1] << 8) + + ((sword32)h[c + 2] << 16)) & 0x7fffff; + sword32 t1 = (h[c + 3] + ((sword32)h[c + 4] << 8) + + ((sword32)h[c + 5] << 16)) & 0x7fffff; + sword32 t2 = (h[c + 6] + ((sword32)h[c + 7] << 8) + + ((sword32)h[c + 8] << 16)) & 0x7fffff; + sword32 t3 = (h[c + 9] + ((sword32)h[c + 10] << 8) + + ((sword32)h[c + 11] << 16)) & 0x7fffff; + sword32 t4 = (h[c + 12] + ((sword32)h[c + 13] << 8) + + ((sword32)h[c + 14] << 16)) & 0x7fffff; + sword32 t5 = (h[c + 15] + ((sword32)h[c + 16] << 8) + + ((sword32)h[c + 17] << 16)) & 0x7fffff; + sword32 t6 = (h[c + 18] + ((sword32)h[c + 19] << 8) + + ((sword32)h[c + 20] << 16)) & 0x7fffff; + sword32 t7 = (h[c + 21] + ((sword32)h[c + 22] << 8) + + ((sword32)h[c + 23] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t0 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t0; + } + /* Check if value is in valid range. */ + if (t1 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t1; + } + /* Check if value is in valid range. */ + if (t2 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t2; + } + /* Check if value is in valid range. */ + if (t3 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t3; + } + /* Check if value is in valid range. */ + if (t4 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t4; + } + /* Check if value is in valid range. */ + if (t5 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t5; + } + /* Check if value is in valid range. */ + if (t6 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t6; + } + /* Check if value is in valid range. */ + if (t7 < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. */ + a[j++] = t7; + } + } + if (j < DILITHIUM_N) { + /* Use the remaining triplets, checking we have enough. */ + for (; c < DILITHIUM_GEN_A_BYTES; c += 3) { + #if defined(LITTLE_ENDIAN_ORDER) && \ + (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t = *((sword32*)(h + c)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t = (h[c] + ((sword32)h[c+1] << 8) + + ((sword32)h[c+2] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. + */ + a[j++] = t; + /* Check we whether we have enough yet. */ + if (j == DILITHIUM_N) { + break; + } + } + } + } + #endif + /* Keep generating more blocks and using triplets until we have enough. + */ + while (j < DILITHIUM_N) { + /* Squeeze out a block - 168 bytes = 56 values. */ + ret = wc_Shake128_SqueezeBlocks(shake128, h, 1); + if (ret != 0) { + break; + } + /* Use triplets until run out or have enough for polynomial. */ + for (c = 0; c < DILITHIUM_GEN_A_BLOCK_BYTES; c += 3) { + #if defined(LITTLE_ENDIAN_ORDER) && \ + (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Load 32-bit value and mask out 23 bits. */ + sword32 t = *((sword32*)(h + c)) & 0x7fffff; + #else + /* Load 24-bit value and mask out 23 bits. */ + sword32 t = (h[c] + ((sword32)h[c+1] << 8) + + ((sword32)h[c+2] << 16)) & 0x7fffff; + #endif + /* Check if value is in valid range. */ + if (t < DILITHIUM_Q) { + /* Store value in polynomial and increment count of values. + */ + a[j++] = t; + /* Check we whether we have enough yet. */ + if (j == DILITHIUM_N) { + break; + } + } + } + } + } +#endif + + return ret; +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Generate a random polynomial by rejection. + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] seed Seed to hash to generate values. + * @param [out] a Polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, + void* heap) +{ + int ret; +#if defined(WOLFSSL_SMALL_STACK) + byte* h = NULL; +#else + byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; +#endif + + (void)heap; + +#if defined(WOLFSSL_SMALL_STACK) + h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, heap, + DYNAMIC_TYPE_DILITHIUM); + if (h == NULL) { + ret = MEMORY_E; + } +#endif + + ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h); + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM); +#endif + + return ret; +} +#endif + +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WC_DILITHIUM_CACHE_MATRIX_A))) +/* Expand the seed to create matrix a. + * + * FIPS 204. 8.3: Algorithm 26 ExpandA(rho) + * 1: for r from 0 to k - 1 do + * 2: for s from 0 to l - 1 do + * 3: A_hat[r,s] <- RejNTTPoly(rho||IntegerToBits(s,8)|| + * IntegerToBits(r,8)) + * 4: end for + * 5: end for + * 6: return A_hat + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] pub_seed Seed to generate stream of data. + * @param [in] k First dimension of matrix a. + * @param [in] l Second dimension of matrix a. + * @param [out] a Matrix of polynomials. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, + byte l, sword32* a, void* heap) +{ + int ret = 0; + byte r; + byte s; + byte seed[DILITHIUM_GEN_A_SEED_SZ]; + + /* Copy the seed into a buffer that has space for s and r. */ + XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ); + /* Step 1: Loop over first dimension of matrix. */ + for (r = 0; (ret == 0) && (r < k); r++) { + /* Put r into buffer to be hashed. */ + seed[DILITHIUM_PUB_SEED_SZ + 1] = r; + /* Step 2: Loop over second dimension of matrix. */ + for (s = 0; (ret == 0) && (s < l); s++) { + /* Put s into buffer to be hashed. */ + seed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Step 3: Create polynomial from hashing seed. */ + ret = dilithium_rej_ntt_poly(shake128, seed, a, heap); + /* Next polynomial. */ + a += DILITHIUM_N; + } + } + + return ret; +} +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Check random value is in valid range. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: if b < 15 + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 2 - unused. + * @return 1 when value less than 9. + * @return 0 when value greater than or equal to 9. + */ +#define DILITHIUM_COEFF_S_VALID_ETA2(b) \ + ((b) < DILITHIUM_ETA_2_MOD) + +static const char dilithium_coeff_eta2[] = { + 2, 1, 0, -1, -2, + 2, 1, 0, -1, -2, + 2, 1, 0, -1, -2 +}; +/* Convert random value 0..15 to a value in range of -2..2. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: return 2 - (b mod 5) + * + * @param [in] b Random half-byte (nibble) value. + * @return Value in range of -2..2 on success. + */ +#define DILITHIUM_COEFF_S_ETA2(b) \ + (dilithium_coeff_eta2[b]) +#endif + +#ifndef WOLFSSL_NO_ML_DSA_65 +/* Check random value is in valid range. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 3: if b < 9 + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 4 - unused. + * @return 1 when value less than 9. + * @return 0 when value greater than or equal to 9. + */ +#define DILITHIUM_COEFF_S_VALID_ETA4(b) \ + ((b) < DILITHIUM_ETA_4_MOD) + +/* Convert random value 0..15 to a value in range of -4..4. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 3: return 4 - b + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 4 - unused. + * @return Value in range of -4..4 on success. + */ +#define DILITHIUM_COEFF_S_ETA4(b) \ + (4 - (b)) +#endif + +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87) +#ifndef WOLFSSL_NO_ML_DSA_65 + +/* Check random value is in valid range. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: if eta = 2 and b < 15 + * 2: else + * 3: if eta = 4 and b < 9 + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. + * @return Value in range of -ETA..ETA on success. + */ +#define DILITHIUM_COEFF_S_VALID(b, eta) \ + (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_VALID_ETA2(b) : \ + DILITHIUM_COEFF_S_VALID_ETA4(b)) + +/* Convert random value 0..15 to a value in range of -ETA..ETA. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: if eta = 2 then return 2 - (b mod 5) + * 2: else + * 3: if eta = 4 then return 4 - b + * ... + * 6: end if + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. + * @return Value in range of -ETA..ETA on success. + */ +#define DILITHIUM_COEFF_S(b, eta) \ + (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_ETA2(b) \ + : DILITHIUM_COEFF_S_ETA4(b)) + +#else + +/* Check random value is in valid range. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: if b < 15 + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 2 - unused. + * @return 1 when value less than 9. + * @return 0 when value greater than or equal to 9. + */ +#define DILITHIUM_COEFF_S_VALID(b, eta) \ + DILITHIUM_COEFF_S_VALID_ETA2(b) + +/* Convert random value 0..15 to a value in range of -2..2. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 1: return 2 - (b mod 5) + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 2 - unused. + * @return Value in range of -2..2 on success. + */ +#define DILITHIUM_COEFF_S(b, eta) \ + DILITHIUM_COEFF_S_ETA2(b) + +#endif /* WOLFSSL_NO_ML_DSA_65 */ + +#else + +/* Check random value is in valid range. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 3: if b < 9 + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 4 - unused. + * @return 1 when value less than 9. + * @return 0 when value greater than or equal to 9. + */ +#define DILITHIUM_COEFF_S_VALID(b, eta) \ + DILITHIUM_COEFF_S_VALID_ETA4(b) + +/* Convert random value 0..15 to a value in range of -4..4. + * + * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b) + * 3: return 4 - b + * + * @param [in] b Random half-byte (nibble) value. + * @param [in] eta Range specifier of result. Will always be 4 - unused. + * @return Value in range of -4..4 on success. + */ +#define DILITHIUM_COEFF_S(b, eta) \ + DILITHIUM_COEFF_S_ETA4(b) + +#endif /* !WOLFSSL_NO_ML_DSA_44 || !WOLFSSL_NO_ML_DSA_87 */ + +/* Extract a coefficient from a nibble of z. + * + * Breaks out of loop when we have enough coefficients. + * + * @param [in] z A random value. + * @param [in] rs Amount to shift right. + * @param [in] t Temporary result. + * @param [in] eta ETA value from parameters. + * @return Value in range -eta..eta on success. + * @return Falsam (0x10) when random value out of range. + */ +#define EXTRACT_COEFF_NIBBLE_CHECK_J(z, rs, t, eta) \ + (t) = (sword8)(((z) >> (rs)) & 0xf); \ + /* Step 7: Check we have a valid coefficient. */ \ + if (DILITHIUM_COEFF_S_VALID(t, eta)) { \ + (t) = DILITHIUM_COEFF_S(t, eta); \ + /* Step 8: Store coefficient as next polynomial value. \ + * Step 9: Increment count of polynomial values set. */ \ + s[j++] = (sword32)(t); \ + if (j == DILITHIUM_N) { \ + break; \ + } \ + } + +/* Extract a coefficient from a nibble of z. + * + * @param [in] z A random value. + * @param [in] rs Amount to shift right. + * @param [in] t Temporary result. + * @param [in] eta ETA value from parameters. + * @return Value in range -eta..eta on success. + * @return Falsam (0x10) when random value out of range. + */ +#define EXTRACT_COEFF_NIBBLE(z, rs, t, eta) \ + (t) = (sword8)(((z) >> (rs)) & 0xf); \ + /* Step 7: Check we have a valid coefficient. */ \ + if (DILITHIUM_COEFF_S_VALID(t, eta)) { \ + (t) = DILITHIUM_COEFF_S(t, eta); \ + /* Step 8: Store coefficient as next polynomial value. \ + * Step 9: Increment count of polynomial values set. */ \ + s[j++] = (sword32)(t); \ + } + + +/* Extract coefficients from hash - z. + * + * FIPS 204. 8.3: Algorithm 25 RejBoundedPoly(rho) + * 2: c <- 0 + * 5: z0 <- CoeffFromHalfByte(z mod 16, eta) + * 6: z1 <- CoeffFromHalfByte(lower(z / 16), eta) + * 7: if z0 != falsam then + * 8: aj <- z0 + * 9: j <- j + 1 + * 10: end if + * 11: if z1 != falsam then + * 12: aj <- z1 + * 13: j <- j + 1 + * 14: end if + * 15: c <- c + 1 + * + * @param [in] z Hash data to extract coefficients from. + * @param [in] zLen Length of z in bytes. + * @param [in] eta Range specifier of each value. + * @param [out] s Polynomial to fill with coefficients. + * @param [in, out] cnt Current count of coefficients in polynomial. + */ +static void dilithium_extract_coeffs(byte* z, unsigned int zLen, byte eta, + sword32* s, unsigned int* cnt) +{ +#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE + unsigned int j = *cnt; + unsigned int c; + + (void)eta; + + /* Extract values from the squeezed data. */ + for (c = 0; c < zLen; c++) { + sword8 t; + + /* Step 5: Get coefficient from bottom nibble. */ + EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 0, t, eta); + /* Step 6: Get coefficient from top nibble. */ + EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 4, t, eta); + } + + *cnt = j; +#else + unsigned int j = *cnt; + unsigned int c; + unsigned int min = (DILITHIUM_N - j) / 2; + + (void)eta; + +#if defined(LITTLE_ENDIAN_ORDER) +#ifdef WC_64BIT_CPU + min &= ~(unsigned int)7; + /* Extract values from the squeezed data. */ + for (c = 0; c < min; c += 8) { + word64 z64 = *(word64*)(z + c); + sword8 t; + + /* Do each nibble from lowest to highest 16 at a time. */ + EXTRACT_COEFF_NIBBLE(z64, 0, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 4, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 8, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 12, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 16, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 20, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 24, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 28, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 32, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 36, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 40, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 44, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 48, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 52, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 56, t, eta); + EXTRACT_COEFF_NIBBLE(z64, 60, t, eta); + } +#else + min &= ~(unsigned int)3; + /* Extract values from the squeezed data. */ + for (c = 0; c < min; c += 4) { + word32 z32 = *(word32*)(z + c); + sword8 t; + + /* Do each nibble from lowest to highest 8 at a time. */ + EXTRACT_COEFF_NIBBLE(z32, 0, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 4, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 8, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 12, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 16, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 20, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 24, t, eta); + EXTRACT_COEFF_NIBBLE(z32, 28, t, eta); + } +#endif +#else + /* Extract values from the squeezed data. */ + for (c = 0; c < min; c++) { + sword8 t; + + /* Step 5: Get coefficient from bottom nibble. */ + EXTRACT_COEFF_NIBBLE(z[c], 0, t, eta); + EXTRACT_COEFF_NIBBLE(z[c], 4, t, eta); + } +#endif + if (j != DILITHIUM_N) { + /* Extract values from the squeezed data. */ + for (; c < zLen; c++) { + sword8 t; + + EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 0, t, eta); + EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 4, t, eta); + } + } + + *cnt = j; +#endif +} + +/* Create polynomial from hashing the seed with bounded values. + * + * FIPS 204. 8.3: Algorithm 25 RejBoundedPoly(rho) + * 1: j <- 0 + * ... + * 3: while j < 256 do + * 4: z <- H(rho)[[c]] + * ... [Extract coefficients into polynomial from z] + * 16: end while + * 17: return a + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] seed Seed, rho, to hash to generate values. + * @param [in] eta Range specifier of each value. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_rej_bound_poly(wc_Shake* shake256, byte* seed, sword32* s, + byte eta) +{ +#ifdef WOLFSSL_DILITHIUM_SMALL + int ret; + unsigned int j = 0; + byte z[DILITHIUM_GEN_S_BLOCK_BYTES]; + + /* Initialize SHAKE-256 object for new hash. */ + ret = wc_InitShake256(shake256, NULL, INVALID_DEVID); + if (ret == 0) { + /* Absorb the seed. */ + ret = wc_Shake256_Absorb(shake256, seed, DILITHIUM_GEN_S_SEED_SZ); + } + if (ret == 0) { + do { + /* Squeeze out another block. */ + ret = wc_Shake256_SqueezeBlocks(shake256, z, 1); + if (ret != 0) { + break; + } + /* Extract up to the 256 valid coefficients for polynomial. */ + dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BLOCK_BYTES, eta, s, + &j); + } + /* Check we got enough values to fill polynomial. */ + while (j < DILITHIUM_N); + } + + return ret; +#else + int ret; + unsigned int j = 0; + byte z[DILITHIUM_GEN_S_BYTES]; + + /* Absorb seed and squeeze out some blocks. */ + ret = dilithium_squeeze256(shake256, seed, DILITHIUM_GEN_S_SEED_SZ, z, + DILITHIUM_GEN_S_NBLOCKS); + if (ret == 0) { + /* Extract up to 256 valid coefficients for polynomial. */ + dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BYTES, eta, s, &j); + /* Check we got enough values to fill polynomial. */ + while (j < DILITHIUM_N) { + /* Squeeze out another block. */ + ret = wc_Shake256_SqueezeBlocks(shake256, z, 1); + if (ret != 0) { + break; + } + /* Extract up to the 256 valid coefficients for polynomial. */ + dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BLOCK_BYTES, eta, s, + &j); + } + } + + return ret; +#endif +} + +/* Expand private seed into vectors s1 and s2. + * + * FIPS 204. 8.3: Algorithm 27 ExpandS(rho) + * 1: for r from 0 to l - 1 do + * 2: s1[r] <- RejBoundedPoly(rho||IntegerToBits(r,16)) + * 3: end for + * 4: for r from 0 to k - 1 do + * 5: s2[r] <- RejBoundedPoly(rho||IntegerToBits(r + l,16)) + * 6: end for + * 7: return (s1,s2) + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] priv_seed Private seed, rho, to expand. + * @param [in] eta Range specifier of each value. + * @param [out] s1 First vector of polynomials. + * @param [in] s1Len Dimension of first vector. + * @param [out] s2 Second vector of polynomials. + * @param [in] s2Len Dimension of second vector. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta, + sword32* s1, byte s1Len, sword32* s2, byte s2Len) +{ + int ret = 0; + byte r; + byte seed[DILITHIUM_GEN_S_SEED_SZ]; + + /* Copy the seed into a buffer that has space for r. */ + XMEMCPY(seed, priv_seed, DILITHIUM_PRIV_SEED_SZ); + /* Set top 8-bits of r in buffer to 0. */ + seed[DILITHIUM_PRIV_SEED_SZ + 1] = 0; + /* Step 1: Each polynomial in s1. */ + for (r = 0; (ret == 0) && (r < s1Len); r++) { + /* Set bottom 8-bits of r into buffer - little endian. */ + seed[DILITHIUM_PRIV_SEED_SZ] = r; + + /* Step 2: Generate polynomial for s1. */ + ret = dilithium_rej_bound_poly(shake256, seed, s1, eta); + /* Next polynomial in s1. */ + s1 += DILITHIUM_N; + } + /* Step 4: Each polynomial in s2. */ + for (r = 0; (ret == 0) && (r < s2Len); r++) { + /* Set bottom 8-bits of r + l into buffer - little endian. */ + seed[DILITHIUM_PRIV_SEED_SZ] = r + s1Len; + /* Step 5: Generate polynomial for s1. */ + ret = dilithium_rej_bound_poly(shake256, seed, s2, eta); + /* Next polynomial in s2. */ + s2 += DILITHIUM_N; + } + + return ret; +} + +#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* Expand the private random seed into vector y. + * + * FIPS 204. 8.3: Algorithm 28 ExpandMask(rho, mu) + * 1: c <- 1 + bitlen(GAMMA1 - 1) + * 2: for r from 0 to l - 1 do + * 3: n <- IntegerToBits(mu + r, 16) + * 4: v <- (H(rho||n)[[32rc]], H(rho||n)[[32rc + 1]], ..., + * H(rho||n)[[32rc + 32c - 1]]) + * 5: s[r] <- BitUnpack(v, GAMMA-1, GAMMA1) + * 6: end for + * 7: return s + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in, out] seed Buffer containing seed to expand. + * Has space for two bytes to be appended. + * @param [in] kappa Base value to append to seed. + * @param [in] gamma1_bits Number of bits per value. + * @param [out] y Vector of polynomials. + * @param [in] l Dimension of vector. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, + word16 kappa, byte gamma1_bits, sword32* y, byte l) +{ + int ret = 0; + byte r; + byte v[DILITHIUM_MAX_V]; + + /* Step 2: For each polynomial of vector. */ + for (r = 0; (ret == 0) && (r < l); r++) { + /* Step 3: Calculate value to append to seed. */ + word16 n = kappa + r; + + /* Step 4: Append to seed and squeeze out data. */ + seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = n; + seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = n >> 8; + ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, v, + DILITHIUM_MAX_V_BLOCKS); + if (ret == 0) { + /* Decode v into polynomial. */ + dilithium_decode_gamma1(v, gamma1_bits, y); + /* Next polynomial. */ + y += DILITHIUM_N; + } + } + + return ret; +} +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + +/* Expand commit to a polynomial. + * + * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho) + * 1: c <- 0 + * 2: k <- 8 + * 3: for i from 256 - TAU to 255 do + * 4: while H(rho)[[k]] > i do + * 5: k <- k + 1 + * 6: end while + * 7: j <- H(rho)[[k]] + * 8: c[i] <- c[j] + * 9: c[j] <- (-1)^H(rho)[i+TAU-256] + * 10: k <- k + 1 + * 11: end for + * 12: return c + * + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] block Memory to use for block from key. + * @return 0 on success. + * @return Negative on hash error. + */ +static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, + byte tau, sword32* c, byte* block) +{ + int ret = 0; + unsigned int k; + unsigned int i; + unsigned int s; + byte signs[DILITHIUM_SIGN_BYTES]; + + if (ret == 0) { + /* Set polynomial to all zeros. */ + XMEMSET(c, 0, DILITHIUM_POLY_SIZE); + + /* Generate a block of data from seed. */ + ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } + if (ret == 0) { + /* Copy first 8 bytes of first hash block as random sign bits. */ + XMEMCPY(signs, block, DILITHIUM_SIGN_BYTES); + /* Step 1: Initialize sign bit index. */ + s = 0; + /* Step 2: First 8 bytes are used for sign. */ + k = DILITHIUM_SIGN_BYTES; + } + + /* Step 3: Put in TAU +/- 1s. */ + for (i = DILITHIUM_N - tau; (ret == 0) && (i < DILITHIUM_N); i++) { + unsigned int j; + do { + /* Check whether block is exhausted. */ + if (k == DILITHIUM_GEN_C_BLOCK_BYTES) { + /* Generate a new block. */ + ret = wc_Shake256_SqueezeBlocks(shake256, block, 1); + /* Restart hash block index. */ + k = 0; + } + /* Step 7: Get random byte from block as index. + * Step 5 and 10: Increment hash block index. + */ + j = block[k++]; + } + /* Step 4: Get another random if random index is a future swap index. */ + while ((ret == 0) && (j > i)); + + /* Step 8: Move value from random index to current index. */ + c[i] = c[j]; + /* Step 9: Set value at random index to +/- 1. */ + c[j] = 1 - ((((signs[s >> 3]) >> (s & 0x7)) & 0x1) << 1); + /* Next sign bit index. */ + s++; + } + + return ret; +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Expand commit to a polynomial. + * + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, + byte tau, sword32* c, void* heap) +{ + int ret = 0; +#if defined(WOLFSSL_SMALL_STACK) + byte* block = NULL; +#else + byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; +#endif + + (void)heap; + +#if defined(WOLFSSL_SMALL_STACK) + block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, heap, + DYNAMIC_TYPE_DILITHIUM); + if (block == NULL) { + ret = MEMORY_E; + } +#endif + + if (ret == 0) { + ret = dilithium_sample_in_ball_ex(shake256, seed, tau, c, block); + } + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(block, heap, DYNAMIC_TYPE_DILITHIUM); +#endif + return ret; +} +#endif + +#endif + +/****************************************************************************** + * Decompose operations + ******************************************************************************/ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Decompose value into high and low based on GAMMA2 being ((q-1) / 88). + * + * FIPS 204. 8.4: Algorithm 30 Decompose(r) + * 1: r+ <- r mod q + * 2: r0 <- r+ mod+/- (2 * GAMMA2) + * 3: if r+ - r0 = q - 1 then + * 4: r1 <- 0 + * 5: r0 <- r0 - 1 + * 6: else r1 <- (r+ - r0) / (2 * GAMMA2) + * 7: end if + * 8: return (r1, r0) + * + * DILITHIUM_Q_LOW_88_2 = 0x2e800 = 0b101110100000000000 + * t1 * DILITHIUM_Q_LOW_88_2 = (t1 << 18) - (t1 << 16) - (t1 << 12) - (t1 << 11) + * = ((93 * t1) << 11) + * Nothing faster than straight multiply. + * + * Implementation using Barrett Reduction. + * + * @param [in] r Value to decompose. + * @param [out] r0 Low bits. + * @param [out] r1 High bits. + */ +static void dilithium_decompose_q88(sword32 r, sword32* r0, sword32* r1) +{ + sword32 t0; + sword32 t1; +#ifdef DILITHIUM_MUL_SLOW + sword32 t2; +#endif + + /* Roundup r and calculate approx high value. */ +#if !defined(DILITHIUM_MUL_44_SLOW) + t1 = ((r * 44) + ((DILITHIUM_Q_LOW_88 - 1) * 44)) >> 23; +#elif !defined(DILITHIUM_MUL_11_SLOW) + t1 = ((r * 11) + ((DILITHIUM_Q_LOW_88 - 1) * 11)) >> 21; +#else + t0 = r + DILITHIUM_Q_LOW_88 - 1; + t1 = ((t0 << 3) + (t0 << 1) + t0) >> 21; +#endif + /* Calculate approx low value. */ + t0 = r - (t1 * DILITHIUM_Q_LOW_88_2); +#ifndef DILITHIUM_MUL_SLOW + /* Calculate real high value, When t0 > modulus, +1 to approx high value. */ + t1 += ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31; + /* Calculate real low value. */ + t0 = r - (t1 * DILITHIUM_Q_LOW_88_2); +#else + /* Calculate real high value, When t0 > modulus, +1 to approx high value. */ + t2 = ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31; + t1 += t2; + /* Calculate real low value. */ + t0 -= (0 - t2) & DILITHIUM_Q_LOW_88_2; +#endif + /* -1 from low value if high value is 44. Was 43 but low is negative. */ + t0 -= ((word32)(43 - t1)) >> 31; + /* When high value is 44, too large, set to 0. */ + t1 &= 0 - (((word32)(t1 - 44)) >> 31); + + *r0 = t0; + *r1 = t1; +} +#endif + +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Decompose value into high and low based on GAMMA2 being ((q-1) / 32). + * + * FIPS 204. 8.4: Algorithm 30 Decompose(r) + * 1: r+ <- r mod q + * 2: r0 <- r+ mod+/- (2 * GAMMA2) + * 3: if r+ - r0 = q - 1 then + * 4: r1 <- 0 + * 5: r0 <- r0 - 1 + * 6: else r1 <- (r+ - r0) / (2 * GAMMA2) + * 7: end if + * 8: return (r1, r0) + * + * DILITHIUM_Q_LOW_32_2 = 0x7fe00 = 0b1111111111000000000 + * t1 * DILITHIUM_Q_LOW_32_2 = (t1 << 19) - (t1 << 9) + * + * Implementation using Barrett Reduction. + * + * @param [in] r Value to decompose. + * @param [out] r0 Low bits. + * @param [out] r1 High bits. + */ +static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1) +{ + sword32 t0; + sword32 t1; + + /* Roundup r and calculate approx high value. */ + t1 = (r + DILITHIUM_Q_LOW_32 - 1) >> 19; + /* Calculate approx low value. */ + t0 = r - (t1 << 19) + (t1 << 9); + /* Calculate real high value, When t0 > modulus, +1 to approx high value. */ + t1 += ((word32)(DILITHIUM_Q_LOW_32 - t0)) >> 31; + /* Calculate real low value. */ + t0 = r - (t1 << 19) + (t1 << 9); + /* -1 from low value if high value is 16. Was 15 but low is negative. */ + t0 -= t1 >> 4; + /* When high value is 16, too large, set to 0. */ + t1 &= 0xf; + + *r0 = t0; + *r1 = t1; +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) +/* Decompose vector of polynomials into high and low based on GAMMA2. + * + * @param [in] r Vector of polynomials to decompose. + * @param [in] k Dimension of vector. + * @param [in] gamma2 Low-order rounding range, GAMMA2. + * @param [out] r0 Low parts in vector of polynomials. + * @param [out] r1 High parts in vector of polynomials. + */ +static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2, + sword32* r0, sword32* r1) +{ + unsigned int i; + unsigned int j; + + (void)k; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (gamma2 == DILITHIUM_Q_LOW_88) { + /* For each polynomial of vector. */ + for (i = 0; i < PARAMS_ML_DSA_44_K; i++) { + /* For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + /* Decompose value into two vectors. */ + dilithium_decompose_q88(r[j], &r0[j], &r1[j]); + } + /* Next polynomial of vectors. */ + r += DILITHIUM_N; + r0 += DILITHIUM_N; + r1 += DILITHIUM_N; + } + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (gamma2 == DILITHIUM_Q_LOW_32) { + /* For each polynomial of vector. */ + for (i = 0; i < k; i++) { + /* For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + /* Decompose value into two vectors. */ + dilithium_decompose_q32(r[j], &r0[j], &r1[j]); + } + /* Next polynomial of vectors. */ + r += DILITHIUM_N; + r0 += DILITHIUM_N; + r1 += DILITHIUM_N; + } + } + else +#endif + { + } +} +#endif + +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +/****************************************************************************** + * Range check operation + ******************************************************************************/ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +/* Check that the values of the polynomial are in range. + * + * Many places in FIPS 204. One example from Algorithm 2: + * 23: if ||z||inf >= GAMMA1 - BETA or ..., then (z, h) = falsam + * + * @param [in] a Polynomial. + * @param [in] hi Largest value in range. + */ +static int dilithium_check_low(const sword32* a, sword32 hi) +{ + int ret = 1; + unsigned int j; + /* Calculate lowest range value. */ + sword32 nhi = -hi; + + /* For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + /* Check range is -(hi-1)..(hi-1). */ + if ((a[j] <= nhi) || (a[j] >= hi)) { + /* Check failed. */ + ret = 0; + break; + } + } + + return ret; +} + +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Check that the values of the vector are in range. + * + * Many places in FIPS 204. One example from Algorithm 2: + * 23: if ||z||inf >= GAMMA1 - BETA or ..., then (z, h) = falsam + * + * @param [in] a Vector of polynomials. + * @param [in] l Dimension of vector. + * @param [in] hi Largest value in range. + */ +static int dilithium_vec_check_low(const sword32* a, byte l, sword32 hi) +{ + int ret = 1; + unsigned int i; + + /* For each polynomial of vector. */ + for (i = 0; (ret == 1) && (i < l); i++) { + ret = dilithium_check_low(a, hi); + if (ret == 0) { + break; + } + /* Next polynomial. */ + a += DILITHIUM_N; + } + + return ret; +} +#endif +#endif + +/****************************************************************************** + * Hint operations + ******************************************************************************/ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Compute hints indicating whether adding ct0 to w alters high bits of w. + * + * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M) + * ... + * 26: h <- MakeHint(-<>, w - <> + <>) + * 27: if ... or the number of 1's in h is greater than OMEGA, then + * (z, h) <- falsam + * ... + * 32: sigma <- sigEncode(c_tilda, z mod+/- q, h) + * ... + * + * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r) + * 1: r1 <- HighBits(r) + * 2: v1 <- HightBits(r+z) + * 3: return [[r1 != v1]] + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 5: sigma <- sigma || HintBitPack(h) + * ... + * + * FIPS 204. 8.1: Algorithm 14 HintBitPack(h) + * ... + * 4: for j from 0 to 255 do + * 5: if h[i]j != 0 then + * 6: y[Index] <- j + * 7: Index <- Index + 1 + * 8: end if + * 9: end for + * ... + * + * @param [in] s Vector of polynomials that is sum of ct0 and w0. + * @param [in] w1 Vector of polynomials that is high part of w. + * @param [out] h Encoded hints. + * @param [in, out] idxp Index to write next hint into. + * return Number of hints on success. + * return Falsam of -1 when too many hints. + */ +static int dilithium_make_hint_88(const sword32* s, const sword32* w1, byte* h, + byte *idxp) +{ + unsigned int j; + byte idx = *idxp; + + /* Alg 14, Step 3: For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + /* Alg 14, Step 4: Check whether hint is required. + * Did sum end up greater than low modulus or + * sum end up less than the negative of low modulus or + * sum is the negative of the low modulus and w1 is not zero, + * then w1 will be modified. + */ + if ((s[j] > (sword32)DILITHIUM_Q_LOW_88) || + (s[j] < -(sword32)DILITHIUM_Q_LOW_88) || + ((s[j] == -(sword32)DILITHIUM_Q_LOW_88) && + (w1[j] != 0))) { + /* Alg 14, Step 6, 7: Put index as hint modifier. */ + h[idx++] = (byte)j; + /* Alg 2, Step 27: If there are too many hints, return + * falsam of -1. */ + if (idx > PARAMS_ML_DSA_44_OMEGA) { + return -1; + } + } + } + + *idxp = idx; + return 0; +} +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Compute hints indicating whether adding ct0 to w alters high bits of w. + * + * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M) + * ... + * 26: h <- MakeHint(-<>, w - <> + <>) + * 27: if ... or the number of 1's in h is greater than OMEGA, then + * (z, h) <- falsam + * ... + * 32: sigma <- sigEncode(c_tilda, z mod+/- q, h) + * ... + * + * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r) + * 1: r1 <- HighBits(r) + * 2: v1 <- HightBits(r+z) + * 3: return [[r1 != v1]] + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 5: sigma <- sigma || HintBitPack(h) + * ... + * + * FIPS 204. 8.1: Algorithm 14 HintBitPack(h) + * ... + * 4: for j from 0 to 255 do + * 5: if h[i]j != 0 then + * 6: y[Index] <- j + * 7: Index <- Index + 1 + * 8: end if + * 9: end for + * ... + * + * @param [in] s Vector of polynomials that is sum of ct0 and w0. + * @param [in] w1 Vector of polynomials that is high part of w. + * @param [in] omega Maximum number of hints allowed. + * @param [out] h Encoded hints. + * @param [in, out] idxp Index to write next hint into. + * return Number of hints on success. + * return Falsam of -1 when too many hints. + */ +static int dilithium_make_hint_32(const sword32* s, const sword32* w1, + byte omega, byte* h, byte *idxp) +{ + unsigned int j; + byte idx = *idxp; + + (void)omega; + + /* Alg 14, Step 3: For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + /* Alg 14, Step 4: Check whether hint is required. + * Did sum end up greater than low modulus or + * sum end up less than the negative of low modulus or + * sum is the negative of the low modulus and w1 is not zero, + * then w1 will be modified. + */ + if ((s[j] > (sword32)DILITHIUM_Q_LOW_32) || + (s[j] < -(sword32)DILITHIUM_Q_LOW_32) || + ((s[j] == -(sword32)DILITHIUM_Q_LOW_32) && + (w1[j] != 0))) { + /* Alg 14, Step 6, 7: Put index as hint modifier. */ + h[idx++] = (byte)j; + /* Alg 2, Step 27: If there are too many hints, return + * falsam of -1. */ + if (idx > omega) { + return -1; + } + } + } + + *idxp = idx; + return 0; +} +#endif + +#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +/* Compute hints indicating whether adding ct0 to w alters high bits of w. + * + * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M) + * ... + * 26: h <- MakeHint(-<>, w - <> + <>) + * 27: if ... or the number of 1's in h is greater than OMEGA, then + * (z, h) <- falsam + * ... + * 32: sigma <- sigEncode(c_tilda, z mod+/- q, h) + * ... + * + * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r) + * 1: r1 <- HighBits(r) + * 2: v1 <- HightBits(r+z) + * 3: return [[r1 != v1]] + * + * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h) + * ... + * 5: sigma <- sigma || HintBitPack(h) + * ... + * + * FIPS 204. 8.1: Algorithm 14 HintBitPack(h) + * ... + * 2: Index <- 0 + * 3. for i from 0 to k - 1 do + * 4: for j from 0 to 255 do + * 5: if h[i]j != 0 then + * 6: y[Index] <- j + * 7: Index <- Index + 1 + * 8: end if + * 9: end for + * 10: y[OMEGA + i] <- Index + * 11: end for + * 12: return y + * + * @param [in] s Vector of polynomials that is sum of ct0 and w0. + * @param [in] w1 Vector of polynomials that is high part of w. + * @param [in] k Dimension of vectors. + * @param [in] gamma2 Low-order rounding range, GAMMA2. + * @param [in] omega Maximum number of hints allowed. + * @param [out] h Encoded hints. + * return Number of hints on success. + * return Falsam of -1 when too many hints. + */ +static int dilithium_make_hint(const sword32* s, const sword32* w1, byte k, + word32 gamma2, byte omega, byte* h) +{ + unsigned int i; + byte idx = 0; + + (void)k; + (void)omega; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (gamma2 == DILITHIUM_Q_LOW_88) { + /* Alg 14, Step 2: For each polynomial of vector. */ + for (i = 0; i < PARAMS_ML_DSA_44_K; i++) { + if (dilithium_make_hint_88(s, w1, h, &idx) == -1) { + return -1; + } + /* Alg 14, Step 10: Store count of hints for polynomial at end of + * list. */ + h[PARAMS_ML_DSA_44_OMEGA + i] = idx; + /* Next polynomial. */ + s += DILITHIUM_N; + w1 += DILITHIUM_N; + } + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (gamma2 == DILITHIUM_Q_LOW_32) { + /* Alg 14, Step 2: For each polynomial of vector. */ + for (i = 0; i < k; i++) { + if (dilithium_make_hint_32(s, w1, omega, h, &idx) == -1) { + return -1; + } + /* Alg 14, Step 10: Store count of hints for polynomial at end of + * list. */ + h[omega + i] = idx; + /* Next polynomial. */ + s += DILITHIUM_N; + w1 += DILITHIUM_N; + } + } + else +#endif + { + } + + /* Set remaining hints to zero. */ + XMEMSET(h + idx, 0, omega - idx); + return idx; +} +#endif /* !WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */ + +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* Check that the hints are valid. + * + * @param [in] h Hints to check + * @param [in] k Dimension of vector. + * @param [in] omega Maximum number of hints. Hint counts after this index. + * @return 0 when hints valid. + * @return SIG_VERIFY_E when hints invalid. + */ +static int dilithium_check_hint(const byte* h, byte k, byte omega) +{ + int ret = 0; + unsigned int o = 0; + unsigned int i; + + /* Skip polynomial index while count is 0. */ + while ((o < k) && (h[omega + o] == 0)) { + o++; + } + /* Check all possible hints. */ + for (i = 1; (o < k) && (i < omega); i++) { + /* Done with polynomial if index equals count of hints. */ + if (i == h[omega + o]) { + /* Next polynomial index while count is index. */ + do { + o++; + } + while ((o < k) && (i == h[omega + o])); + /* Stop if hints for all polynomials checked. */ + if (o == k) { + break; + } + } + /* Ensure the last hint is less than the current hint. */ + else if (h[i - 1] > h[i]) { + ret = SIG_VERIFY_E; + break; + } + } + if (ret == 0) { + /* Use up any sizes that are the last element. */ + while ((o < k) && (i == h[omega + o])) { + o++; + } + /* Ensure all sizes were used. */ + if (o != k) { + ret = SIG_VERIFY_E; + } + } + /* Check remaining hints are 0. */ + for (; (ret == 0) && (i < omega); i++) { + if (h[i] != 0) { + ret = SIG_VERIFY_E; + } + } + + return ret; +} + +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Use hints to modify w1. + * + * FIPS 204. 8.4: Algorithm 34 UseHint(h, r) + * 1: m <- (q - 1) / (2 * GAMMA2) + * 2: (r1, r0) <- Decompose(r) + * 3: if h == 1 and r0 > 0 return (r1 + 1) mod m + * 4: if h == 1 and r0 <= 0 return (r1 - 1) mod m + * 5: return r1 + * + * @param [in, out] w1 Vector of polynomials needing hints applied to. + * @param [in] h Hints to apply. In signature encoding. + * @param [in] i Dimension index. + * @param [in, out] op Pointer to current offset into hints. + */ +static void dilithium_use_hint_88(sword32* w1, const byte* h, unsigned int i, + byte* op) +{ + byte o = *op; + unsigned int j; + + /* For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + sword32 r; + sword32 r0; + sword32 r1; +#ifdef DILITHIUM_USE_HINT_CT + /* Hint is 1 when index is next in hint list. */ + sword32 hint = ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) & + (h[o] == (byte)j)); + + /* Increment hint offset if this index has hint. */ + o += hint; + /* Convert value to positive only range. */ + r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + /* Decompose value into low and high parts. */ + dilithium_decompose_q88(r, &r0, &r1); + /* Make hint positive or negative based on sign of r0. */ + hint = (1 - (2 * (((word32)r0) >> 31))) & (0 - hint); + /* Make w1 only the top part plus the hint. */ + w1[j] = r1 + hint; + + /* Fix up w1 to not be 44 but 0. */ + w1[j] &= 0 - (((word32)(w1[j] - 44)) >> 31); + /* Hint may have reduced 0 to -1 which is actually 43. */ + w1[j] += (0 - (((word32)w1[j]) >> 31)) & 44; +#else + /* Convert value to positive only range. */ + r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + /* Decompose value into low and high parts. */ + dilithium_decompose_q88(r, &r0, &r1); + /* Check for hint. */ + if ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) && (h[o] == (byte)j)) { + /* Add or subtrac hint based on sign of r0. */ + r1 += 1 - (2 * (((word32)r0) >> 31)); + /* Go to next hint offset. */ + o++; + } + /* Fix up w1 to not be 44 but 0. */ + r1 &= 0 - (((word32)(r1 - 44)) >> 31); + /* Hint may have reduced 0 to -1 which is actually 43. */ + r1 += (0 - (((word32)r1) >> 31)) & 44; + /* Make w1 only the top part plus any hint. */ + w1[j] = r1; +#endif + } + *op = o; +} +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +/* Use hints to modify w1. + * + * FIPS 204. 8.4: Algorithm 34 UseHint(h, r) + * 1: m <- (q - 1) / (2 * GAMMA2) + * 2: (r1, r0) <- Decompose(r) + * 3: if h == 1 and r0 > 0 return (r1 + 1) mod m + * 4: if h == 1 and r0 <= 0 return (r1 - 1) mod m + * 5: return r1 + * + * @param [in, out] w1 Vector of polynomials needing hints applied to. + * @param [in] h Hints to apply. In signature encoding. + * @param [in] omega Max number of hints. Hint counts after this index. + * @param [in] i Dimension index. + * @param [in, out] op Pointer to current offset into hints. + */ +static void dilithium_use_hint_32(sword32* w1, const byte* h, byte omega, + unsigned int i, byte* op) +{ + byte o = *op; + unsigned int j; + + /* For each value of polynomial. */ + for (j = 0; j < DILITHIUM_N; j++) { + sword32 r; + sword32 r0; + sword32 r1; +#ifdef DILITHIUM_USE_HINT_CT + /* Hint is 1 when index is next in hint list. */ + sword32 hint = ((o < h[omega + i]) & (h[o] == (byte)j)); + + /* Increment hint offset if this index has hint. */ + o += hint; + /* Convert value to positive only range. */ + r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + /* Decompose value into low and high parts. */ + dilithium_decompose_q32(r, &r0, &r1); + /* Make hint positive or negative based on sign of r0. */ + hint = (1 - (2 * (((word32)r0) >> 31))) & (0 - hint); + /* Make w1 only the top part plus the hint. */ + w1[j] = r1 + hint; + + /* Fix up w1 not be 16 (-> 0) or -1 (-> 15). */ + w1[j] &= 0xf; +#else + /* Convert value to positive only range. */ + r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + /* Decompose value into low and high parts. */ + dilithium_decompose_q32(r, &r0, &r1); + /* Check for hint. */ + if ((o < h[omega + i]) && (h[o] == (byte)j)) { + /* Add or subtract hint based on sign of r0. */ + r1 += 1 - (2 * (((word32)r0) >> 31)); + /* Go to next hint offset. */ + o++; + } + /* Fix up w1 not be 16 (-> 0) or -1 (-> 15). */ + w1[j] = r1 & 0xf; +#endif + } + *op = o; +} +#endif + +#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM +/* Use hints to modify w1. + * + * FIPS 204. 8.4: Algorithm 34 UseHint(h, r) + * 1: m <- (q - 1) / (2 * GAMMA2) + * 2: (r1, r0) <- Decompose(r) + * 3: if h == 1 and r0 > 0 return (r1 + 1) mod m + * 4: if h == 1 and r0 <= 0 return (r1 - 1) mod m + * 5: return r1 + * + * @param [in, out] w1 Vector of polynomials needing hints applied to. + * @param [in] k Dimension of vector. + * @param [in] gamma2 Low-order rounding range, GAMMA2. + * @param [in] omega Max number of hints. Hint counts after this index. + * @param [in] h Hints to apply. In signature encoding. + */ +static void dilithium_vec_use_hint(sword32* w1, byte k, word32 gamma2, + byte omega, const byte* h) +{ + unsigned int i; + byte o = 0; + + (void)k; + (void)omega; + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (gamma2 == DILITHIUM_Q_LOW_88) { + /* For each polynomial of vector. */ + for (i = 0; i < PARAMS_ML_DSA_44_K; i++) { + dilithium_use_hint_88(w1, h, i, &o); + w1 += DILITHIUM_N; + } + } + else +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (gamma2 == DILITHIUM_Q_LOW_32) { + /* For each polynomial of vector. */ + for (i = 0; i < k; i++) { + dilithium_use_hint_32(w1, h, omega, i, &o); + w1 += DILITHIUM_N; + } + } + else +#endif + { + } +} +#endif +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + +/****************************************************************************** + * Maths operations + ******************************************************************************/ + +/* q^-1 mod 2^32 (inverse of 8380417 mod 2^32 = 58728449 = 0x3802001) */ +#define DILITHIUM_QINV 58728449 + +/* Montgomery reduce a. + * + * @param [in] a 64-bit value to be reduced. + * @return Montgomery reduction result. + */ +static sword32 dilithium_mont_red(sword64 a) +{ +#ifndef DILITHIUM_MUL_QINV_SLOW + sword64 t = (sword32)((sword32)a * (sword32)DILITHIUM_QINV); +#else + sword64 t = (sword32)((sword32)a + (sword32)((sword32)a << 13) - + (sword32)((sword32)a << 23) + (sword32)((sword32)a << 26)); +#endif +#ifndef DILITHIUM_MUL_Q_SLOW + return (sword32)((a - ((sword32)t * (sword64)DILITHIUM_Q)) >> 32); +#else + return (sword32)((a - (t << 23) + (t << 13) - t) >> 32); +#endif +} + +#if !defined(WOLFSSL_DILITHIUM_SMALL) || !defined(WOLFSSL_DILITHIUM_NO_SIGN) + +/* Reduce 32-bit a modulo q. r = a mod q. + * + * @param [in] a 32-bit value to be reduced to range of q. + * @return Modulo result. + */ +static sword32 dilithium_red(sword32 a) +{ + sword32 t = (sword32)((a + (1 << 22)) >> 23); +#ifndef DILITHIUM_MUL_Q_SLOW + return (sword32)(a - (t * DILITHIUM_Q)); +#else + return (sword32)(a - (t << 23) + (t << 13) - t); +#endif +} + +#endif /* !WOLFSSL_DILITHIUM_SMALL || !WOLFSSL_DILITHIUM_NO_SIGN */ + +/* Zetas for NTT. */ +static const sword32 zetas[DILITHIUM_N] = { + -41978, 25847, -2608894, -518909, 237124, -777960, -876248, 466468, + 1826347, 2353451, -359251, -2091905, 3119733, -2884855, 3111497, 2680103, + 2725464, 1024112, -1079900, 3585928, -549488, -1119584, 2619752, -2108549, + -2118186, -3859737, -1399561, -3277672, 1757237, -19422, 4010497, 280005, + 2706023, 95776, 3077325, 3530437, -1661693, -3592148, -2537516, 3915439, + -3861115, -3043716, 3574422, -2867647, 3539968, -300467, 2348700, -539299, + -1699267, -1643818, 3505694, -3821735, 3507263, -2140649, -1600420, 3699596, + 811944, 531354, 954230, 3881043, 3900724, -2556880, 2071892, -2797779, + -3930395, -1528703, -3677745, -3041255, -1452451, 3475950, 2176455, -1585221, + -1257611, 1939314, -4083598, -1000202, -3190144, -3157330, -3632928, 126922, + 3412210, -983419, 2147896, 2715295, -2967645, -3693493, -411027, -2477047, + -671102, -1228525, -22981, -1308169, -381987, 1349076, 1852771, -1430430, + -3343383, 264944, 508951, 3097992, 44288, -1100098, 904516, 3958618, + -3724342, -8578, 1653064, -3249728, 2389356, -210977, 759969, -1316856, + 189548, -3553272, 3159746, -1851402, -2409325, -177440, 1315589, 1341330, + 1285669, -1584928, -812732, -1439742, -3019102, -3881060, -3628969, 3839961, + 2091667, 3407706, 2316500, 3817976, -3342478, 2244091, -2446433, -3562462, + 266997, 2434439, -1235728, 3513181, -3520352, -3759364, -1197226, -3193378, + 900702, 1859098, 909542, 819034, 495491, -1613174, -43260, -522500, + -655327, -3122442, 2031748, 3207046, -3556995, -525098, -768622, -3595838, + 342297, 286988, -2437823, 4108315, 3437287, -3342277, 1735879, 203044, + 2842341, 2691481, -2590150, 1265009, 4055324, 1247620, 2486353, 1595974, + -3767016, 1250494, 2635921, -3548272, -2994039, 1869119, 1903435, -1050970, + -1333058, 1237275, -3318210, -1430225, -451100, 1312455, 3306115, -1962642, + -1279661, 1917081, -2546312, -1374803, 1500165, 777191, 2235880, 3406031, + -542412, -2831860, -1671176, -1846953, -2584293, -3724270, 594136, -3776993, + -2013608, 2432395, 2454455, -164721, 1957272, 3369112, 185531, -1207385, + -3183426, 162844, 1616392, 3014001, 810149, 1652634, -3694233, -1799107, + -3038916, 3523897, 3866901, 269760, 2213111, -975884, 1717735, 472078, + -426683, 1723600, -1803090, 1910376, -1667432, -1104333, -260646, -3833893, + -2939036, -2235985, -420899, -2286327, 183443, -976891, 1612842, -3545687, + -554416, 3919660, -48306, -1362209, 3937738, 1400424, -846154, 1976782 +}; + +#ifndef WOLFSSL_DILITHIUM_SMALL +/* Zetas for inverse NTT. */ +static const sword32 zetas_inv[DILITHIUM_N] = { + -1976782, 846154, -1400424, -3937738, 1362209, 48306, -3919660, 554416, + 3545687, -1612842, 976891, -183443, 2286327, 420899, 2235985, 2939036, + 3833893, 260646, 1104333, 1667432, -1910376, 1803090, -1723600, 426683, + -472078, -1717735, 975884, -2213111, -269760, -3866901, -3523897, 3038916, + 1799107, 3694233, -1652634, -810149, -3014001, -1616392, -162844, 3183426, + 1207385, -185531, -3369112, -1957272, 164721, -2454455, -2432395, 2013608, + 3776993, -594136, 3724270, 2584293, 1846953, 1671176, 2831860, 542412, + -3406031, -2235880, -777191, -1500165, 1374803, 2546312, -1917081, 1279661, + 1962642, -3306115, -1312455, 451100, 1430225, 3318210, -1237275, 1333058, + 1050970, -1903435, -1869119, 2994039, 3548272, -2635921, -1250494, 3767016, + -1595974, -2486353, -1247620, -4055324, -1265009, 2590150, -2691481, -2842341, + -203044, -1735879, 3342277, -3437287, -4108315, 2437823, -286988, -342297, + 3595838, 768622, 525098, 3556995, -3207046, -2031748, 3122442, 655327, + 522500, 43260, 1613174, -495491, -819034, -909542, -1859098, -900702, + 3193378, 1197226, 3759364, 3520352, -3513181, 1235728, -2434439, -266997, + 3562462, 2446433, -2244091, 3342478, -3817976, -2316500, -3407706, -2091667, + -3839961, 3628969, 3881060, 3019102, 1439742, 812732, 1584928, -1285669, + -1341330, -1315589, 177440, 2409325, 1851402, -3159746, 3553272, -189548, + 1316856, -759969, 210977, -2389356, 3249728, -1653064, 8578, 3724342, + -3958618, -904516, 1100098, -44288, -3097992, -508951, -264944, 3343383, + 1430430, -1852771, -1349076, 381987, 1308169, 22981, 1228525, 671102, + 2477047, 411027, 3693493, 2967645, -2715295, -2147896, 983419, -3412210, + -126922, 3632928, 3157330, 3190144, 1000202, 4083598, -1939314, 1257611, + 1585221, -2176455, -3475950, 1452451, 3041255, 3677745, 1528703, 3930395, + 2797779, -2071892, 2556880, -3900724, -3881043, -954230, -531354, -811944, + -3699596, 1600420, 2140649, -3507263, 3821735, -3505694, 1643818, 1699267, + 539299, -2348700, 300467, -3539968, 2867647, -3574422, 3043716, 3861115, + -3915439, 2537516, 3592148, 1661693, -3530437, -3077325, -95776, -2706023, + -280005, -4010497, 19422, -1757237, 3277672, 1399561, 3859737, 2118186, + 2108549, -2619752, 1119584, 549488, -3585928, 1079900, -1024112, -2725464, + -2680103, -3111497, 2884855, -3119733, 2091905, 359251, -2353451, -1826347, + -466468, 876248, 777960, -237124, 518909, 2608894, -25847, 41978 +}; +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_MAKE) && defined(WOLFSSL_DILITHIUM_SMALL)) + +/* One iteration of Number-Theoretic Transform. + * + * @param [in] len Length of sequence. + */ +#define NTT(len) \ +do { \ + for (start = 0; start < DILITHIUM_N; start += 2 * (len)) { \ + zeta = zetas[++k]; \ + for (j = 0; j < (len); ++j) { \ + sword32 t = \ + dilithium_mont_red((sword64)zeta * r[start + j + (len)]); \ + sword32 rj = r[start + j]; \ + r[start + j + (len)] = rj - t; \ + r[start + j] = rj + t; \ + } \ + } \ +} \ +while (0) + +/* Number-Theoretic Transform. + * + * @param [in, out] r Polynomial to transform. + */ +static void dilithium_ntt(sword32* r) +{ +#ifdef WOLFSSL_DILITHIUM_SMALL + unsigned int len; + unsigned int k; + unsigned int j; + + k = 0; + for (len = DILITHIUM_N / 2; len >= 1; len >>= 1) { + unsigned int start; + for (start = 0; start < DILITHIUM_N; start = j + len) { + sword32 zeta = zetas[++k]; + for (j = start; j < start + len; ++j) { + sword32 t = dilithium_mont_red((sword64)zeta * r[j + len]); + sword32 rj = r[j]; + r[j + len] = rj - t; + r[j] = rj + t; + } + } + } +#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) + unsigned int j; + unsigned int k; + unsigned int start; + sword32 zeta; + + zeta = zetas[1]; + for (j = 0; j < DILITHIUM_N / 2; j++) { + sword32 t = + dilithium_mont_red((sword64)zeta * r[j + DILITHIUM_N / 2]); + sword32 rj = r[j]; + r[j + DILITHIUM_N / 2] = rj - t; + r[j] = rj + t; + } + + k = 1; + NTT(64); + NTT(32); + NTT(16); + NTT(8); + NTT(4); + NTT(2); + + for (j = 0; j < DILITHIUM_N; j += 2) { + sword32 t = dilithium_mont_red((sword64)zetas[++k] * r[j + 1]); + sword32 rj = r[j]; + r[j + 1] = rj - t; + r[j] = rj + t; + } +#elif defined(WC_32BIT_CPU) + unsigned int j; + unsigned int k; + sword32 t0; + sword32 t2; + + sword32 zeta128 = zetas[1]; + sword32 zeta640 = zetas[2]; + sword32 zeta641 = zetas[3]; + for (j = 0; j < DILITHIUM_N / 4; j++) { + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 64]; + sword32 r4 = r[j + 128]; + sword32 r6 = r[j + 192]; + + t0 = dilithium_mont_red((sword64)zeta128 * r4); + t2 = dilithium_mont_red((sword64)zeta128 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta640 * r2); + t2 = dilithium_mont_red((sword64)zeta641 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + 0] = r0; + r[j + 64] = r2; + r[j + 128] = r4; + r[j + 192] = r6; + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta32 = zetas[ 4 + j / 64 + 0]; + sword32 zeta160 = zetas[ 8 + j / 32 + 0]; + sword32 zeta161 = zetas[ 8 + j / 32 + 1]; + for (i = 0; i < 16; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 16]; + sword32 r4 = r[j + i + 32]; + sword32 r6 = r[j + i + 48]; + + t0 = dilithium_mont_red((sword64)zeta32 * r4); + t2 = dilithium_mont_red((sword64)zeta32 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta160 * r2); + t2 = dilithium_mont_red((sword64)zeta161 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + i + 0] = r0; + r[j + i + 16] = r2; + r[j + i + 32] = r4; + r[j + i + 48] = r6; + } + } + + for (j = 0; j < DILITHIUM_N; j += 16) { + int i; + sword32 zeta8 = zetas[16 + j / 16]; + sword32 zeta40 = zetas[32 + j / 8 + 0]; + sword32 zeta41 = zetas[32 + j / 8 + 1]; + for (i = 0; i < 4; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 4]; + sword32 r4 = r[j + i + 8]; + sword32 r6 = r[j + i + 12]; + + t0 = dilithium_mont_red((sword64)zeta8 * r4); + t2 = dilithium_mont_red((sword64)zeta8 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta40 * r2); + t2 = dilithium_mont_red((sword64)zeta41 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + i + 0] = r0; + r[j + i + 4] = r2; + r[j + i + 8] = r4; + r[j + i + 12] = r6; + } + } + + k = 128; + for (j = 0; j < DILITHIUM_N; j += 4) { + sword32 zeta2 = zetas[64 + j / 4]; + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 1]; + sword32 r4 = r[j + 2]; + sword32 r6 = r[j + 3]; + + t0 = dilithium_mont_red((sword64)zeta2 * r4); + t2 = dilithium_mont_red((sword64)zeta2 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zetas[k++] * r2); + t2 = dilithium_mont_red((sword64)zetas[k++] * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + 0] = r0; + r[j + 1] = r2; + r[j + 2] = r4; + r[j + 3] = r6; + } +#else + unsigned int j; + unsigned int k; + sword32 t0; + sword32 t1; + sword32 t2; + sword32 t3; + + sword32 zeta128 = zetas[1]; + sword32 zeta640 = zetas[2]; + sword32 zeta641 = zetas[3]; + for (j = 0; j < DILITHIUM_N / 8; j++) { + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 32]; + sword32 r2 = r[j + 64]; + sword32 r3 = r[j + 96]; + sword32 r4 = r[j + 128]; + sword32 r5 = r[j + 160]; + sword32 r6 = r[j + 192]; + sword32 r7 = r[j + 224]; + + t0 = dilithium_mont_red((sword64)zeta128 * r4); + t1 = dilithium_mont_red((sword64)zeta128 * r5); + t2 = dilithium_mont_red((sword64)zeta128 * r6); + t3 = dilithium_mont_red((sword64)zeta128 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta640 * r2); + t1 = dilithium_mont_red((sword64)zeta640 * r3); + t2 = dilithium_mont_red((sword64)zeta641 * r6); + t3 = dilithium_mont_red((sword64)zeta641 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta32 = zetas[ 4 + j / 64 + 0]; + sword32 zeta160 = zetas[ 8 + j / 32 + 0]; + sword32 zeta161 = zetas[ 8 + j / 32 + 1]; + sword32 zeta80 = zetas[16 + j / 16 + 0]; + sword32 zeta81 = zetas[16 + j / 16 + 1]; + sword32 zeta82 = zetas[16 + j / 16 + 2]; + sword32 zeta83 = zetas[16 + j / 16 + 3]; + for (i = 0; i < 8; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r1 = r[j + i + 8]; + sword32 r2 = r[j + i + 16]; + sword32 r3 = r[j + i + 24]; + sword32 r4 = r[j + i + 32]; + sword32 r5 = r[j + i + 40]; + sword32 r6 = r[j + i + 48]; + sword32 r7 = r[j + i + 56]; + + t0 = dilithium_mont_red((sword64)zeta32 * r4); + t1 = dilithium_mont_red((sword64)zeta32 * r5); + t2 = dilithium_mont_red((sword64)zeta32 * r6); + t3 = dilithium_mont_red((sword64)zeta32 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta160 * r2); + t1 = dilithium_mont_red((sword64)zeta160 * r3); + t2 = dilithium_mont_red((sword64)zeta161 * r6); + t3 = dilithium_mont_red((sword64)zeta161 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = dilithium_mont_red((sword64)zeta80 * r1); + t1 = dilithium_mont_red((sword64)zeta81 * r3); + t2 = dilithium_mont_red((sword64)zeta82 * r5); + t3 = dilithium_mont_red((sword64)zeta83 * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + k = 128; + for (j = 0; j < DILITHIUM_N; j += 8) { + sword32 zeta4 = zetas[32 + j / 8 + 0]; + sword32 zeta20 = zetas[64 + j / 4 + 0]; + sword32 zeta21 = zetas[64 + j / 4 + 1]; + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 1]; + sword32 r2 = r[j + 2]; + sword32 r3 = r[j + 3]; + sword32 r4 = r[j + 4]; + sword32 r5 = r[j + 5]; + sword32 r6 = r[j + 6]; + sword32 r7 = r[j + 7]; + + t0 = dilithium_mont_red((sword64)zeta4 * r4); + t1 = dilithium_mont_red((sword64)zeta4 * r5); + t2 = dilithium_mont_red((sword64)zeta4 * r6); + t3 = dilithium_mont_red((sword64)zeta4 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta20 * r2); + t1 = dilithium_mont_red((sword64)zeta20 * r3); + t2 = dilithium_mont_red((sword64)zeta21 * r6); + t3 = dilithium_mont_red((sword64)zeta21 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = dilithium_mont_red((sword64)zetas[k++] * r1); + t1 = dilithium_mont_red((sword64)zetas[k++] * r3); + t2 = dilithium_mont_red((sword64)zetas[k++] * r5); + t3 = dilithium_mont_red((sword64)zetas[k++] * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + 0] = r0; + r[j + 1] = r1; + r[j + 2] = r2; + r[j + 3] = r3; + r[j + 4] = r4; + r[j + 5] = r5; + r[j + 6] = r6; + r[j + 7] = r7; + } +#endif +} + +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))) +/* Number-Theoretic Transform. + * + * @param [in, out] r Vector of polynomials to transform. + * @param [in] l Dimension of polynomial. + */ +static void dilithium_vec_ntt(sword32* r, byte l) +{ + unsigned int i; + + for (i = 0; i < l; i++) { + dilithium_ntt(r); + r += DILITHIUM_N; + } +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_SMALL + +/* Number-Theoretic Transform with small initial values. + * + * @param [in, out] r Polynomial to transform. + */ +static void dilithium_ntt_small(sword32* r) +{ + unsigned int k; + unsigned int j; +#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE + unsigned int start; + sword32 zeta; + + for (j = 0; j < DILITHIUM_N / 2; ++j) { + sword32 t = dilithium_red((sword32)-3572223 * r[j + DILITHIUM_N / 2]); + sword32 rj = r[j]; + r[j + DILITHIUM_N / 2] = rj - t; + r[j] = rj + t; + } + + k = 1; + NTT(64); + NTT(32); + NTT(16); + NTT(8); + NTT(4); + NTT(2); + + for (j = 0; j < DILITHIUM_N; j += 2) { + sword32 t = dilithium_mont_red((sword64)zetas[++k] * r[j + 1]); + sword32 rj = r[j]; + r[j + 1] = rj - t; + r[j] = rj + t; + } +#elif defined(WC_32BIT_CPU) + sword32 t0; + sword32 t2; + + sword32 zeta640 = zetas[2]; + sword32 zeta641 = zetas[3]; + for (j = 0; j < DILITHIUM_N / 4; j++) { + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 64]; + sword32 r4 = r[j + 128]; + sword32 r6 = r[j + 192]; + + t0 = dilithium_red((sword32)-3572223 * r4); + t2 = dilithium_red((sword32)-3572223 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta640 * r2); + t2 = dilithium_mont_red((sword64)zeta641 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + 0] = r0; + r[j + 64] = r2; + r[j + 128] = r4; + r[j + 192] = r6; + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta32 = zetas[ 4 + j / 64 + 0]; + sword32 zeta160 = zetas[ 8 + j / 32 + 0]; + sword32 zeta161 = zetas[ 8 + j / 32 + 1]; + for (i = 0; i < 16; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 16]; + sword32 r4 = r[j + i + 32]; + sword32 r6 = r[j + i + 48]; + + t0 = dilithium_mont_red((sword64)zeta32 * r4); + t2 = dilithium_mont_red((sword64)zeta32 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta160 * r2); + t2 = dilithium_mont_red((sword64)zeta161 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + i + 0] = r0; + r[j + i + 16] = r2; + r[j + i + 32] = r4; + r[j + i + 48] = r6; + } + } + + for (j = 0; j < DILITHIUM_N; j += 16) { + int i; + sword32 zeta8 = zetas[16 + j / 16]; + sword32 zeta40 = zetas[32 + j / 8 + 0]; + sword32 zeta41 = zetas[32 + j / 8 + 1]; + for (i = 0; i < 4; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 4]; + sword32 r4 = r[j + i + 8]; + sword32 r6 = r[j + i + 12]; + + t0 = dilithium_mont_red((sword64)zeta8 * r4); + t2 = dilithium_mont_red((sword64)zeta8 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zeta40 * r2); + t2 = dilithium_mont_red((sword64)zeta41 * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + i + 0] = r0; + r[j + i + 4] = r2; + r[j + i + 8] = r4; + r[j + i + 12] = r6; + } + } + + k = 128; + for (j = 0; j < DILITHIUM_N; j += 4) { + sword32 zeta2 = zetas[64 + j / 4]; + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 1]; + sword32 r4 = r[j + 2]; + sword32 r6 = r[j + 3]; + + t0 = dilithium_mont_red((sword64)zeta2 * r4); + t2 = dilithium_mont_red((sword64)zeta2 * r6); + r4 = r0 - t0; + r6 = r2 - t2; + r0 += t0; + r2 += t2; + + t0 = dilithium_mont_red((sword64)zetas[k++] * r2); + t2 = dilithium_mont_red((sword64)zetas[k++] * r6); + r2 = r0 - t0; + r6 = r4 - t2; + r0 += t0; + r4 += t2; + + r[j + 0] = r0; + r[j + 1] = r2; + r[j + 2] = r4; + r[j + 3] = r6; + } +#else + sword32 t0; + sword32 t1; + sword32 t2; + sword32 t3; + sword32 zeta640 = zetas[2]; + sword32 zeta641 = zetas[3]; + for (j = 0; j < DILITHIUM_N / 8; j++) { + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 32]; + sword32 r2 = r[j + 64]; + sword32 r3 = r[j + 96]; + sword32 r4 = r[j + 128]; + sword32 r5 = r[j + 160]; + sword32 r6 = r[j + 192]; + sword32 r7 = r[j + 224]; + + t0 = dilithium_red((sword32)-3572223 * r4); + t1 = dilithium_red((sword32)-3572223 * r5); + t2 = dilithium_red((sword32)-3572223 * r6); + t3 = dilithium_red((sword32)-3572223 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta640 * r2); + t1 = dilithium_mont_red((sword64)zeta640 * r3); + t2 = dilithium_mont_red((sword64)zeta641 * r6); + t3 = dilithium_mont_red((sword64)zeta641 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta32 = zetas[ 4 + j / 64 + 0]; + sword32 zeta160 = zetas[ 8 + j / 32 + 0]; + sword32 zeta161 = zetas[ 8 + j / 32 + 1]; + sword32 zeta80 = zetas[16 + j / 16 + 0]; + sword32 zeta81 = zetas[16 + j / 16 + 1]; + sword32 zeta82 = zetas[16 + j / 16 + 2]; + sword32 zeta83 = zetas[16 + j / 16 + 3]; + for (i = 0; i < 8; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r1 = r[j + i + 8]; + sword32 r2 = r[j + i + 16]; + sword32 r3 = r[j + i + 24]; + sword32 r4 = r[j + i + 32]; + sword32 r5 = r[j + i + 40]; + sword32 r6 = r[j + i + 48]; + sword32 r7 = r[j + i + 56]; + + t0 = dilithium_mont_red((sword64)zeta32 * r4); + t1 = dilithium_mont_red((sword64)zeta32 * r5); + t2 = dilithium_mont_red((sword64)zeta32 * r6); + t3 = dilithium_mont_red((sword64)zeta32 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta160 * r2); + t1 = dilithium_mont_red((sword64)zeta160 * r3); + t2 = dilithium_mont_red((sword64)zeta161 * r6); + t3 = dilithium_mont_red((sword64)zeta161 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = dilithium_mont_red((sword64)zeta80 * r1); + t1 = dilithium_mont_red((sword64)zeta81 * r3); + t2 = dilithium_mont_red((sword64)zeta82 * r5); + t3 = dilithium_mont_red((sword64)zeta83 * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + k = 128; + for (j = 0; j < DILITHIUM_N; j += 8) { + sword32 zeta4 = zetas[32 + j / 8 + 0]; + sword32 zeta20 = zetas[64 + j / 4 + 0]; + sword32 zeta21 = zetas[64 + j / 4 + 1]; + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 1]; + sword32 r2 = r[j + 2]; + sword32 r3 = r[j + 3]; + sword32 r4 = r[j + 4]; + sword32 r5 = r[j + 5]; + sword32 r6 = r[j + 6]; + sword32 r7 = r[j + 7]; + + t0 = dilithium_mont_red((sword64)zeta4 * r4); + t1 = dilithium_mont_red((sword64)zeta4 * r5); + t2 = dilithium_mont_red((sword64)zeta4 * r6); + t3 = dilithium_mont_red((sword64)zeta4 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = dilithium_mont_red((sword64)zeta20 * r2); + t1 = dilithium_mont_red((sword64)zeta20 * r3); + t2 = dilithium_mont_red((sword64)zeta21 * r6); + t3 = dilithium_mont_red((sword64)zeta21 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = dilithium_mont_red((sword64)zetas[k++] * r1); + t1 = dilithium_mont_red((sword64)zetas[k++] * r3); + t2 = dilithium_mont_red((sword64)zetas[k++] * r5); + t3 = dilithium_mont_red((sword64)zetas[k++] * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + 0] = r0; + r[j + 1] = r1; + r[j + 2] = r2; + r[j + 3] = r3; + r[j + 4] = r4; + r[j + 5] = r5; + r[j + 6] = r6; + r[j + 7] = r7; + } +#endif +} + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))) +/* Number-Theoretic Transform with small initial values. + * + * @param [in, out] r Vector of polynomials to transform. + * @param [in] l Dimension of polynomial. + */ +static void dilithium_vec_ntt_small(sword32* r, byte l) +{ + unsigned int i; + + for (i = 0; i < l; i++) { + dilithium_ntt_small(r); + r += DILITHIUM_N; + } +} +#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */ + +#else + +/* Number-Theoretic Transform with small initial values. + * + * @param [in, out] r Polynomial to transform. + */ +#define dilithium_ntt_small dilithium_ntt +/* Number-Theoretic Transform with small initial values. + * + * @param [in, out] r Vector of polynomials to transform. + * @param [in] l Dimension of polynomial. + */ +#define dilithium_vec_ntt_small dilithium_vec_ntt + +#endif /* WOLFSSL_DILITHIUM_SMALL */ + + +/* One iteration of Inverse Number-Theoretic Transform. + * + * @param [in] len Length of sequence. + */ +#define INVNTT(len) \ +do { \ + for (start = 0; start < DILITHIUM_N; start += 2 * (len)) { \ + zeta = zetas_inv[k++]; \ + for (j = 0; j < (len); ++j) { \ + sword32 rj = r[start + j]; \ + sword32 rjl = r[start + j + (len)]; \ + sword32 t = rj + rjl; \ + r[start + j] = t; \ + rjl = rj - rjl; \ + r[start + j + (len)] = dilithium_mont_red((sword64)zeta * rjl); \ + } \ + } \ +} \ +while (0) + +/* Inverse Number-Theoretic Transform. + * + * @param [in, out] r Polynomial to transform. + */ +static void dilithium_invntt(sword32* r) +{ +#ifdef WOLFSSL_DILITHIUM_SMALL + unsigned int len; + unsigned int k; + unsigned int j; + sword32 zeta; + + k = 256; + for (len = 1; len <= DILITHIUM_N / 2; len <<= 1) { + unsigned int start; + for (start = 0; start < DILITHIUM_N; start = j + len) { + zeta = -zetas[--k]; + for (j = start; j < start + len; ++j) { + sword32 rj = r[j]; + sword32 rjl = r[j + len]; + sword32 t = rj + rjl; + r[j] = t; + rjl = rj - rjl; + r[j + len] = dilithium_mont_red((sword64)zeta * rjl); + } + } + } + + zeta = -zetas[0]; + for (j = 0; j < DILITHIUM_N; ++j) { + r[j] = dilithium_mont_red((sword64)zeta * r[j]); + } +#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) + unsigned int j; + unsigned int k = 0; + unsigned int start; + sword32 zeta; + + for (j = 0; j < DILITHIUM_N; j += 2) { + sword32 rj = r[j]; + sword32 rjl = r[j + 1]; + sword32 t = rj + rjl; + r[j] = t; + rjl = rj - rjl; + r[j + 1] = dilithium_mont_red((sword64)zetas_inv[k++] * rjl); + } + + INVNTT(2); + INVNTT(4); + INVNTT(8); + INVNTT(16); + INVNTT(32); + INVNTT(64); + INVNTT(128); + + zeta = zetas_inv[255]; + for (j = 0; j < DILITHIUM_N; ++j) { + r[j] = dilithium_mont_red((sword64)zeta * r[j]); + } +#elif defined(WC_32BIT_CPU) + unsigned int j; + unsigned int k = 0; + sword32 t0; + sword32 t2; + + sword32 zeta640; + sword32 zeta641; + sword32 zeta128; + sword32 zeta256; + for (j = 0; j < DILITHIUM_N; j += 4) { + sword32 zeta2 = zetas_inv[128 + j / 4]; + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 1]; + sword32 r4 = r[j + 2]; + sword32 r6 = r[j + 3]; + + t0 = dilithium_mont_red((sword64)zetas_inv[k++] * (r0 - r2)); + t2 = dilithium_mont_red((sword64)zetas_inv[k++] * (r4 - r6)); + r0 += r2; + r4 += r6; + r2 = t0; + r6 = t2; + + t0 = dilithium_mont_red((sword64)zeta2 * (r0 - r4)); + t2 = dilithium_mont_red((sword64)zeta2 * (r2 - r6)); + r0 += r4; + r2 += r6; + r4 = t0; + r6 = t2; + + r[j + 0] = r0; + r[j + 1] = r2; + r[j + 2] = r4; + r[j + 3] = r6; + } + + for (j = 0; j < DILITHIUM_N; j += 16) { + int i; + sword32 zeta40 = zetas_inv[192 + j / 8 + 0]; + sword32 zeta41 = zetas_inv[192 + j / 8 + 1]; + sword32 zeta8 = zetas_inv[224 + j / 16 + 0]; + for (i = 0; i < 4; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 4]; + sword32 r4 = r[j + i + 8]; + sword32 r6 = r[j + i + 12]; + + t0 = dilithium_mont_red((sword64)zeta40 * (r0 - r2)); + t2 = dilithium_mont_red((sword64)zeta41 * (r4 - r6)); + r0 += r2; + r4 += r6; + r2 = t0; + r6 = t2; + + t0 = dilithium_mont_red((sword64)zeta8 * (r0 - r4)); + t2 = dilithium_mont_red((sword64)zeta8 * (r2 - r6)); + r0 += r4; + r2 += r6; + r4 = t0; + r6 = t2; + + r[j + i + 0] = r0; + r[j + i + 4] = r2; + r[j + i + 8] = r4; + r[j + i + 12] = r6; + } + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta160 = zetas_inv[240 + j / 32 + 0]; + sword32 zeta161 = zetas_inv[240 + j / 32 + 1]; + sword32 zeta32 = zetas_inv[248 + j / 64 + 0]; + for (i = 0; i < 16; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r2 = r[j + i + 16]; + sword32 r4 = r[j + i + 32]; + sword32 r6 = r[j + i + 48]; + + t0 = dilithium_mont_red((sword64)zeta160 * (r0 - r2)); + t2 = dilithium_mont_red((sword64)zeta161 * (r4 - r6)); + r0 += r2; + r4 += r6; + r2 = t0; + r6 = t2; + + t0 = dilithium_mont_red((sword64)zeta32 * (r0 - r4)); + t2 = dilithium_mont_red((sword64)zeta32 * (r2 - r6)); + r0 += r4; + r2 += r6; + r4 = t0; + r6 = t2; + + r[j + i + 0] = r0; + r[j + i + 16] = r2; + r[j + i + 32] = r4; + r[j + i + 48] = r6; + } + } + + zeta640 = zetas_inv[252]; + zeta641 = zetas_inv[253]; + zeta128 = zetas_inv[254]; + zeta256 = zetas_inv[255]; + for (j = 0; j < DILITHIUM_N / 4; j++) { + sword32 r0 = r[j + 0]; + sword32 r2 = r[j + 64]; + sword32 r4 = r[j + 128]; + sword32 r6 = r[j + 192]; + + t0 = dilithium_mont_red((sword64)zeta640 * (r0 - r2)); + t2 = dilithium_mont_red((sword64)zeta641 * (r4 - r6)); + r0 += r2; + r4 += r6; + r2 = t0; + r6 = t2; + + t0 = dilithium_mont_red((sword64)zeta128 * (r0 - r4)); + t2 = dilithium_mont_red((sword64)zeta128 * (r2 - r6)); + r0 += r4; + r2 += r6; + r4 = t0; + r6 = t2; + + r0 = dilithium_mont_red((sword64)zeta256 * r0); + r2 = dilithium_mont_red((sword64)zeta256 * r2); + r4 = dilithium_mont_red((sword64)zeta256 * r4); + r6 = dilithium_mont_red((sword64)zeta256 * r6); + + r[j + 0] = r0; + r[j + 64] = r2; + r[j + 128] = r4; + r[j + 192] = r6; + } +#else + unsigned int j; + unsigned int k = 0; + sword32 t0; + sword32 t1; + sword32 t2; + sword32 t3; + + sword32 zeta640; + sword32 zeta641; + sword32 zeta128; + sword32 zeta256; + for (j = 0; j < DILITHIUM_N; j += 8) { + sword32 zeta20 = zetas_inv[128 + j / 4 + 0]; + sword32 zeta21 = zetas_inv[128 + j / 4 + 1]; + sword32 zeta4 = zetas_inv[192 + j / 8 + 0]; + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 1]; + sword32 r2 = r[j + 2]; + sword32 r3 = r[j + 3]; + sword32 r4 = r[j + 4]; + sword32 r5 = r[j + 5]; + sword32 r6 = r[j + 6]; + sword32 r7 = r[j + 7]; + + t0 = dilithium_mont_red((sword64)zetas_inv[k++] * (r0 - r1)); + t1 = dilithium_mont_red((sword64)zetas_inv[k++] * (r2 - r3)); + t2 = dilithium_mont_red((sword64)zetas_inv[k++] * (r4 - r5)); + t3 = dilithium_mont_red((sword64)zetas_inv[k++] * (r6 - r7)); + r0 += r1; + r2 += r3; + r4 += r5; + r6 += r7; + r1 = t0; + r3 = t1; + r5 = t2; + r7 = t3; + + t0 = dilithium_mont_red((sword64)zeta20 * (r0 - r2)); + t1 = dilithium_mont_red((sword64)zeta20 * (r1 - r3)); + t2 = dilithium_mont_red((sword64)zeta21 * (r4 - r6)); + t3 = dilithium_mont_red((sword64)zeta21 * (r5 - r7)); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + t0 = dilithium_mont_red((sword64)zeta4 * (r0 - r4)); + t1 = dilithium_mont_red((sword64)zeta4 * (r1 - r5)); + t2 = dilithium_mont_red((sword64)zeta4 * (r2 - r6)); + t3 = dilithium_mont_red((sword64)zeta4 * (r3 - r7)); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + 0] = r0; + r[j + 1] = r1; + r[j + 2] = r2; + r[j + 3] = r3; + r[j + 4] = r4; + r[j + 5] = r5; + r[j + 6] = r6; + r[j + 7] = r7; + } + + for (j = 0; j < DILITHIUM_N; j += 64) { + int i; + sword32 zeta80 = zetas_inv[224 + j / 16 + 0]; + sword32 zeta81 = zetas_inv[224 + j / 16 + 1]; + sword32 zeta82 = zetas_inv[224 + j / 16 + 2]; + sword32 zeta83 = zetas_inv[224 + j / 16 + 3]; + sword32 zeta160 = zetas_inv[240 + j / 32 + 0]; + sword32 zeta161 = zetas_inv[240 + j / 32 + 1]; + sword32 zeta32 = zetas_inv[248 + j / 64 + 0]; + for (i = 0; i < 8; i++) { + sword32 r0 = r[j + i + 0]; + sword32 r1 = r[j + i + 8]; + sword32 r2 = r[j + i + 16]; + sword32 r3 = r[j + i + 24]; + sword32 r4 = r[j + i + 32]; + sword32 r5 = r[j + i + 40]; + sword32 r6 = r[j + i + 48]; + sword32 r7 = r[j + i + 56]; + + t0 = dilithium_mont_red((sword64)zeta80 * (r0 - r1)); + t1 = dilithium_mont_red((sword64)zeta81 * (r2 - r3)); + t2 = dilithium_mont_red((sword64)zeta82 * (r4 - r5)); + t3 = dilithium_mont_red((sword64)zeta83 * (r6 - r7)); + r0 += r1; + r2 += r3; + r4 += r5; + r6 += r7; + r1 = t0; + r3 = t1; + r5 = t2; + r7 = t3; + + t0 = dilithium_mont_red((sword64)zeta160 * (r0 - r2)); + t1 = dilithium_mont_red((sword64)zeta160 * (r1 - r3)); + t2 = dilithium_mont_red((sword64)zeta161 * (r4 - r6)); + t3 = dilithium_mont_red((sword64)zeta161 * (r5 - r7)); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + t0 = dilithium_mont_red((sword64)zeta32 * (r0 - r4)); + t1 = dilithium_mont_red((sword64)zeta32 * (r1 - r5)); + t2 = dilithium_mont_red((sword64)zeta32 * (r2 - r6)); + t3 = dilithium_mont_red((sword64)zeta32 * (r3 - r7)); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + zeta640 = zetas_inv[252]; + zeta641 = zetas_inv[253]; + zeta128 = zetas_inv[254]; + zeta256 = zetas_inv[255]; + for (j = 0; j < DILITHIUM_N / 8; j++) { + sword32 r0 = r[j + 0]; + sword32 r1 = r[j + 32]; + sword32 r2 = r[j + 64]; + sword32 r3 = r[j + 96]; + sword32 r4 = r[j + 128]; + sword32 r5 = r[j + 160]; + sword32 r6 = r[j + 192]; + sword32 r7 = r[j + 224]; + + t0 = dilithium_mont_red((sword64)zeta640 * (r0 - r2)); + t1 = dilithium_mont_red((sword64)zeta640 * (r1 - r3)); + t2 = dilithium_mont_red((sword64)zeta641 * (r4 - r6)); + t3 = dilithium_mont_red((sword64)zeta641 * (r5 - r7)); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + t0 = dilithium_mont_red((sword64)zeta128 * (r0 - r4)); + t1 = dilithium_mont_red((sword64)zeta128 * (r1 - r5)); + t2 = dilithium_mont_red((sword64)zeta128 * (r2 - r6)); + t3 = dilithium_mont_red((sword64)zeta128 * (r3 - r7)); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r0 = dilithium_mont_red((sword64)zeta256 * r0); + r1 = dilithium_mont_red((sword64)zeta256 * r1); + r2 = dilithium_mont_red((sword64)zeta256 * r2); + r3 = dilithium_mont_red((sword64)zeta256 * r3); + r4 = dilithium_mont_red((sword64)zeta256 * r4); + r5 = dilithium_mont_red((sword64)zeta256 * r5); + r6 = dilithium_mont_red((sword64)zeta256 * r6); + r7 = dilithium_mont_red((sword64)zeta256 * r7); + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } +#endif +} + + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Inverse Number-Theoretic Transform. + * + * @param [in, out] r Vector of polynomials to transform. + * @param [in] l Dimension of polynomial. + */ +static void dilithium_vec_invntt(sword32* r, byte l) +{ + unsigned int i; + + for (i = 0; i < l; i++) { + dilithium_invntt(r); + r += DILITHIUM_N; + } +} +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Matrix multiplication. + * + * @param [out] r Vector of polynomials that is result. + * @param [in] m Matrix of polynomials. + * @param [in] v Vector of polynomials. + * @param [in] k First dimension of matrix and dimension of result. + * @param [in] l Second dimension of matrix and dimension of v. + */ +static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v, + byte k, byte l) +{ + byte i; + + for (i = 0; i < k; i++) { + byte j; + unsigned int e; + const sword32* vt = v; + +#ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + r[e] = dilithium_mont_red((sword64)m[e] * vt[e]); + } + m += DILITHIUM_N; + vt += DILITHIUM_N; + for (j = 1; j < l; j++) { + for (e = 0; e < DILITHIUM_N; e++) { + r[e] += dilithium_mont_red((sword64)m[e] * vt[e]); + } + m += DILITHIUM_N; + vt += DILITHIUM_N; + } +#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) + (void)j; + if (l == 4) { + for (e = 0; e < DILITHIUM_N; e++) { + sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) + + ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) + + ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) + + ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]); + r[e] = dilithium_mont_red(t); + } + m += DILITHIUM_N * 4; + } + else if (l == 5) { + for (e = 0; e < DILITHIUM_N; e++) { + sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) + + ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) + + ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) + + ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]) + + ((sword64)m[e + 4 * 256] * vt[e + 4 * 256]); + r[e] = dilithium_mont_red(t); + } + m += DILITHIUM_N * 5; + } + else if (l == 7) { + for (e = 0; e < DILITHIUM_N; e++) { + sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) + + ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) + + ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) + + ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]) + + ((sword64)m[e + 4 * 256] * vt[e + 4 * 256]) + + ((sword64)m[e + 5 * 256] * vt[e + 5 * 256]) + + ((sword64)m[e + 6 * 256] * vt[e + 6 * 256]); + r[e] = dilithium_mont_red(t); + } + m += DILITHIUM_N * 7; + } +#else + sword64 t0; + sword64 t1; +#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65) + sword64 t2; + sword64 t3; +#endif + + (void)j; +#ifndef WOLFSSL_NO_ML_DSA_44 + if (l == 4) { + for (e = 0; e < DILITHIUM_N; e += 4) { + t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) + + ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) + + ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) + + ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]); + t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) + + ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) + + ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) + + ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]); + t2 = ((sword64)m[e + 2 + 0 * 256] * vt[e + 2 + 0 * 256]) + + ((sword64)m[e + 2 + 1 * 256] * vt[e + 2 + 1 * 256]) + + ((sword64)m[e + 2 + 2 * 256] * vt[e + 2 + 2 * 256]) + + ((sword64)m[e + 2 + 3 * 256] * vt[e + 2 + 3 * 256]); + t3 = ((sword64)m[e + 3 + 0 * 256] * vt[e + 3 + 0 * 256]) + + ((sword64)m[e + 3 + 1 * 256] * vt[e + 3 + 1 * 256]) + + ((sword64)m[e + 3 + 2 * 256] * vt[e + 3 + 2 * 256]) + + ((sword64)m[e + 3 + 3 * 256] * vt[e + 3 + 3 * 256]); + r[e + 0] = dilithium_mont_red(t0); + r[e + 1] = dilithium_mont_red(t1); + r[e + 2] = dilithium_mont_red(t2); + r[e + 3] = dilithium_mont_red(t3); + } + m += DILITHIUM_N * 4; + } + else +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (l == 5) { + for (e = 0; e < DILITHIUM_N; e += 4) { + t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) + + ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) + + ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) + + ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]) + + ((sword64)m[e + 0 + 4 * 256] * vt[e + 0 + 4 * 256]); + t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) + + ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) + + ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) + + ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]) + + ((sword64)m[e + 1 + 4 * 256] * vt[e + 1 + 4 * 256]); + t2 = ((sword64)m[e + 2 + 0 * 256] * vt[e + 2 + 0 * 256]) + + ((sword64)m[e + 2 + 1 * 256] * vt[e + 2 + 1 * 256]) + + ((sword64)m[e + 2 + 2 * 256] * vt[e + 2 + 2 * 256]) + + ((sword64)m[e + 2 + 3 * 256] * vt[e + 2 + 3 * 256]) + + ((sword64)m[e + 2 + 4 * 256] * vt[e + 2 + 4 * 256]); + t3 = ((sword64)m[e + 3 + 0 * 256] * vt[e + 3 + 0 * 256]) + + ((sword64)m[e + 3 + 1 * 256] * vt[e + 3 + 1 * 256]) + + ((sword64)m[e + 3 + 2 * 256] * vt[e + 3 + 2 * 256]) + + ((sword64)m[e + 3 + 3 * 256] * vt[e + 3 + 3 * 256]) + + ((sword64)m[e + 3 + 4 * 256] * vt[e + 3 + 4 * 256]); + r[e + 0] = dilithium_mont_red(t0); + r[e + 1] = dilithium_mont_red(t1); + r[e + 2] = dilithium_mont_red(t2); + r[e + 3] = dilithium_mont_red(t3); + } + m += DILITHIUM_N * 5; + } + else +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (l == 7) { + for (e = 0; e < DILITHIUM_N; e += 2) { + t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) + + ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) + + ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) + + ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]) + + ((sword64)m[e + 0 + 4 * 256] * vt[e + 0 + 4 * 256]) + + ((sword64)m[e + 0 + 5 * 256] * vt[e + 0 + 5 * 256]) + + ((sword64)m[e + 0 + 6 * 256] * vt[e + 0 + 6 * 256]); + t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) + + ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) + + ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) + + ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]) + + ((sword64)m[e + 1 + 4 * 256] * vt[e + 1 + 4 * 256]) + + ((sword64)m[e + 1 + 5 * 256] * vt[e + 1 + 5 * 256]) + + ((sword64)m[e + 1 + 6 * 256] * vt[e + 1 + 6 * 256]); + r[e + 0] = dilithium_mont_red(t0); + r[e + 1] = dilithium_mont_red(t1); + } + m += DILITHIUM_N * 7; + } + else +#endif + { + } +#endif + r += DILITHIUM_N; + } +} +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Polynomial multiplication. + * + * @param [out] r Polynomial result. + * @param [in] a Polynomial + * @param [in] b Polynomial. + */ +static void dilithium_mul(sword32* r, sword32* a, sword32* b) +{ + unsigned int e; +#ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + r[e] = dilithium_mont_red((sword64)a[e] * b[e]); + } +#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) + for (e = 0; e < DILITHIUM_N; e += 8) { + r[e+0] = dilithium_mont_red((sword64)a[e+0] * b[e+0]); + r[e+1] = dilithium_mont_red((sword64)a[e+1] * b[e+1]); + r[e+2] = dilithium_mont_red((sword64)a[e+2] * b[e+2]); + r[e+3] = dilithium_mont_red((sword64)a[e+3] * b[e+3]); + r[e+4] = dilithium_mont_red((sword64)a[e+4] * b[e+4]); + r[e+5] = dilithium_mont_red((sword64)a[e+5] * b[e+5]); + r[e+6] = dilithium_mont_red((sword64)a[e+6] * b[e+6]); + r[e+7] = dilithium_mont_red((sword64)a[e+7] * b[e+7]); + } +#else + for (e = 0; e < DILITHIUM_N; e += 16) { + r[e+ 0] = dilithium_mont_red((sword64)a[e+ 0] * b[e+ 0]); + r[e+ 1] = dilithium_mont_red((sword64)a[e+ 1] * b[e+ 1]); + r[e+ 2] = dilithium_mont_red((sword64)a[e+ 2] * b[e+ 2]); + r[e+ 3] = dilithium_mont_red((sword64)a[e+ 3] * b[e+ 3]); + r[e+ 4] = dilithium_mont_red((sword64)a[e+ 4] * b[e+ 4]); + r[e+ 5] = dilithium_mont_red((sword64)a[e+ 5] * b[e+ 5]); + r[e+ 6] = dilithium_mont_red((sword64)a[e+ 6] * b[e+ 6]); + r[e+ 7] = dilithium_mont_red((sword64)a[e+ 7] * b[e+ 7]); + r[e+ 8] = dilithium_mont_red((sword64)a[e+ 8] * b[e+ 8]); + r[e+ 9] = dilithium_mont_red((sword64)a[e+ 9] * b[e+ 9]); + r[e+10] = dilithium_mont_red((sword64)a[e+10] * b[e+10]); + r[e+11] = dilithium_mont_red((sword64)a[e+11] * b[e+11]); + r[e+12] = dilithium_mont_red((sword64)a[e+12] * b[e+12]); + r[e+13] = dilithium_mont_red((sword64)a[e+13] * b[e+13]); + r[e+14] = dilithium_mont_red((sword64)a[e+14] * b[e+14]); + r[e+15] = dilithium_mont_red((sword64)a[e+15] * b[e+15]); + } +#endif +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Vector multiplication. + * + * @param [out] r Vector of polynomials that is result. + * @param [in] a Polynomials + * @param [in] b Vector of polynomials. + * @param [in] l Dimension of vectors. + */ +static void dilithium_vec_mul(sword32* r, sword32* a, sword32* b, byte l) +{ + byte i; + + for (i = 0; i < l; i++) { + dilithium_mul(r, a, b); + r += DILITHIUM_N; + b += DILITHIUM_N; + } +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* Modulo reduce values in polynomial. Range (-2^31)..(2^31-1). + * + * @param [in, out] a Polynomial. + */ +static void dilithium_poly_red(sword32* a) +{ + word16 j; +#ifdef WOLFSSL_DILITHIUM_SMALL + for (j = 0; j < DILITHIUM_N; j++) { + a[j] = dilithium_red(a[j]); + } +#else + for (j = 0; j < DILITHIUM_N; j += 8) { + a[j+0] = dilithium_red(a[j+0]); + a[j+1] = dilithium_red(a[j+1]); + a[j+2] = dilithium_red(a[j+2]); + a[j+3] = dilithium_red(a[j+3]); + a[j+4] = dilithium_red(a[j+4]); + a[j+5] = dilithium_red(a[j+5]); + a[j+6] = dilithium_red(a[j+6]); + a[j+7] = dilithium_red(a[j+7]); + } +#endif +} + +#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +/* Modulo reduce values in polynomials of vector. Range (-2^31)..(2^31-1). + * + * @param [in, out] a Vector of polynomials. + * @param [in] l Dimension of vector. + */ +static void dilithium_vec_red(sword32* a, byte l) +{ + byte i; + + for (i = 0; i < l; i++) { + dilithium_poly_red(a); + a += DILITHIUM_N; + } +} +#endif /* WOLFSSL_DILITHIUM_SIGN_SMALL_MEM*/ +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) +/* Subtract polynomials a from r. r -= a. + * + * @param [out] r Polynomial to subtract from. + * @param [in] a Polynomial to subtract. + */ +static void dilithium_sub(sword32* r, const sword32* a) +{ + word16 j; +#ifdef WOLFSSL_DILITHIUM_SMALL + for (j = 0; j < DILITHIUM_N; j++) { + r[j] -= a[j]; + } +#else + for (j = 0; j < DILITHIUM_N; j += 8) { + r[j+0] -= a[j+0]; + r[j+1] -= a[j+1]; + r[j+2] -= a[j+2]; + r[j+3] -= a[j+3]; + r[j+4] -= a[j+4]; + r[j+5] -= a[j+5]; + r[j+6] -= a[j+6]; + r[j+7] -= a[j+7]; + } +#endif +} + +#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Subtract vector a from r. r -= a. + * + * @param [out] r Vector of polynomials that is result. + * @param [in] a Vector of polynomials to subtract. + * @param [in] l Dimension of vectors. + */ +static void dilithium_vec_sub(sword32* r, const sword32* a, byte l) +{ + byte i; + + for (i = 0; i < l; i++) { + dilithium_sub(r, a); + r += DILITHIUM_N; + a += DILITHIUM_N; + } +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY +/* Add polynomials a to r. r += a. + * + * @param [out] r Polynomial to add to. + * @param [in] a Polynomial to add. + */ +static void dilithium_add(sword32* r, const sword32* a) +{ + word16 j; +#ifdef WOLFSSL_DILITHIUM_SMALL + for (j = 0; j < DILITHIUM_N; j++) { + r[j] += a[j]; + } +#else + for (j = 0; j < DILITHIUM_N; j += 8) { + r[j+0] += a[j+0]; + r[j+1] += a[j+1]; + r[j+2] += a[j+2]; + r[j+3] += a[j+3]; + r[j+4] += a[j+4]; + r[j+5] += a[j+5]; + r[j+6] += a[j+6]; + r[j+7] += a[j+7]; + } +#endif +} + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Add vector a to r. r += a. + * + * @param [out] r Vector of polynomials that is result. + * @param [in] a Vector of polynomials to add. + * @param [in] l Dimension of vectors. + */ +static void dilithium_vec_add(sword32* r, const sword32* a, byte l) +{ + byte i; + + for (i = 0; i < l; i++) { + dilithium_add(r, a); + r += DILITHIUM_N; + a += DILITHIUM_N; + } +} +#endif + +/* Make values in polynomial be in positive range. + * + * @param [in, out] a Polynomial. + */ +static void dilithium_make_pos(sword32* a) +{ + word16 j; +#ifdef WOLFSSL_DILITHIUM_SMALL + for (j = 0; j < DILITHIUM_N; j++) { + a[j] += (0 - (((word32)a[j]) >> 31)) & DILITHIUM_Q; + } +#else + for (j = 0; j < DILITHIUM_N; j += 8) { + a[j+0] += (0 - (((word32)a[j+0]) >> 31)) & DILITHIUM_Q; + a[j+1] += (0 - (((word32)a[j+1]) >> 31)) & DILITHIUM_Q; + a[j+2] += (0 - (((word32)a[j+2]) >> 31)) & DILITHIUM_Q; + a[j+3] += (0 - (((word32)a[j+3]) >> 31)) & DILITHIUM_Q; + a[j+4] += (0 - (((word32)a[j+4]) >> 31)) & DILITHIUM_Q; + a[j+5] += (0 - (((word32)a[j+5]) >> 31)) & DILITHIUM_Q; + a[j+6] += (0 - (((word32)a[j+6]) >> 31)) & DILITHIUM_Q; + a[j+7] += (0 - (((word32)a[j+7]) >> 31)) & DILITHIUM_Q; + } +#endif +} + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) +/* Make values in polynomials of vector be in positive range. + * + * @param [in, out] a Vector of polynomials. + * @param [in] l Dimension of vector. + */ +static void dilithium_vec_make_pos(sword32* a, byte l) +{ + byte i; + + for (i = 0; i < l; i++) { + dilithium_make_pos(a); + a += DILITHIUM_N; + } +} +#endif + +#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */ + +/******************************************************************************/ + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + +/* Make a key from a random seed. + * + * xi is seed passed in. + * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen() + * ... + * 2: (rho, rho', K) E {0,1}256 x {0,1}512 x {0,1}256 <- H(xi, 1024) + * 3: A_circum <- ExpandA(rho) + * 4: (s1,s2) <- ExpandS(rho') + * 5: t <- NTT-1(A_circum o NTT(s1)) + s2 + * 6: (t1, t0) <- Power2Round(t, d) + * 7: pk <- pkEncode(rho, t1) + * 8: tr <- H(BytesToBits(pk), 512) + * 9: sk <- skEncode(rho, K, tr, s1, s2, t0) + * 10: return (pk, sk) + * + * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1) + * 1: pk <- BitsToBytes(rho) + * 2: for i from 0 to l - 1 do + * 3: pk <- pk || SimpleBitPack(t1[i], 2^(bitlen(q-1)-d) - 1) + * 4: end for + * 5: return pk + * + * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s, s2, t0) + * 1: sk <- BitsToBytes(rho) || BitsToBytes(K) || BitsToBytes(tr) + * 2: for i from 0 to l - 1 do + * 3: sk <- sk || BitPack(s1[i], eta, eta) + * 4: end for + * 5: for i from 0 to k - 1 do + * 6: sk <- sk || BitPack(s2[i], eta, eta) + * 7: end for + * 8: for i from 0 to k - 1 do + * 9: sk <- sk || BitPack(t0[i], 2^(d-1)-1, 2^(d-1)) + * 10: end for + * 11: return sk + * + * Public and private key store in key. + * + * @param [in, out] key Dilithium key. + * @param [in] seed Seed to hash to generate values. + * @return 0 on success. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) +{ +#ifndef WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM + int ret = 0; + const wc_dilithium_params* params = key->params; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t = NULL; + byte* pub_seed = key->k; + + /* Allocate memory for large intermediates. */ +#ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY + if (key->a == NULL) { + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->a == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + a = key->a; + } +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->s1 == NULL)) { + key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->s1 == NULL) { + ret = MEMORY_E; + } + else { + key->s2 = key->s1 + params->s1Sz / sizeof(*s1); + key->t0 = key->s2 + params->s2Sz / sizeof(*s2); + } + } +#endif + if (ret == 0) { + s1 = key->s1; + s2 = key->s2; + t = key->t0; + } +#else + if (ret == 0) { + unsigned int allocSz; + + allocSz = params->s1Sz + params->s2Sz + params->s2Sz; +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + allocSz += params->aSz; +#endif + + /* s1, s2, t, a */ + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (s1 == NULL) { + ret = MEMORY_E; + } + else { + s2 = s1 + params->s1Sz / sizeof(*s1); + t = s2 + params->s2Sz / sizeof(*s2); +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + a = t + params->s2Sz / sizeof(*t); +#endif + } + } +#endif + + if (ret == 0) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, + DILITHIUM_SEEDS_SZ); + } + if (ret == 0) { + /* Step 7; Alg 16 Step 1: Copy public seed into public key. */ + XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ); + + /* Step 3: Expand public seed into a matrix of polynomials. */ + ret = dilithium_expand_a(&key->shake, pub_seed, params->k, params->l, + a, key->heap); + } + if (ret == 0) { + byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; + + /* Step 4: Expand private seed into to vectors of polynomials. */ + ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1, + params->l, s2, params->k); + } + if (ret == 0) { + byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + byte* tr = k + DILITHIUM_K_SZ; + byte* s1p = tr + DILITHIUM_TR_SZ; + byte* s2p = s1p + params->s1EncSz; + byte* t0 = s2p + params->s2EncSz; + byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ; + + /* Step 9: Move k down to after public seed. */ + XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ); + /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */ + dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p); + /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */ + dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p); + + /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ + dilithium_vec_ntt_small(s1, params->l); + dilithium_matrix_mul(t, a, s1, params->k, params->l); + dilithium_vec_invntt(t, params->k); + dilithium_vec_add(t, s2, params->k); + + /* Make positive for decomposing. */ + dilithium_vec_make_pos(t, params->k); + /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10. + * Decompose t in t0 and t1 and encode into public and private key. + */ + dilithium_vec_encode_t0_t1(t, params->k, t0, t1); + /* Step 8. Alg 18, Step 1: Hash public key into private key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Public key and private key are available. */ + key->prvKeySet = 1; + key->pubKeySet = 1; +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + /* Matrix A is available. */ + key->aSet = 1; +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + /* Private vectors are not available as they were overwritten. */ + key->privVecsSet = 0; +#endif +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + /* Public vector, t1, is not available as it was not created. */ + key->pubVecSet = 0; +#endif + } + +#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); +#endif + return ret; +#else + int ret = 0; + const wc_dilithium_params* params = key->params; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* h = NULL; + byte* pub_seed = key->k; + unsigned int r; + unsigned int s; + + /* Allocate memory for large intermediates. */ + if (ret == 0) { + unsigned int allocSz; + + /* s1-l, s2-k, t-k, a-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + /* t64 */ + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (s1 == NULL) { + ret = MEMORY_E; + } + else { + s2 = s1 + params->s1Sz / sizeof(*s1); + t = s2 + params->s2Sz / sizeof(*s2); + h = (byte*)(t + params->s2Sz / sizeof(*t)); + a = (sword32*)(h + DILITHIUM_REJ_NTT_POLY_H_SIZE); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + } + } + + if (ret == 0) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, + DILITHIUM_SEEDS_SZ); + } + if (ret == 0) { + byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; + + /* Step 7; Alg 16 Step 1: Copy public seed into public key. */ + XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ); + + /* Step 4: Expand private seed into to vectors of polynomials. */ + ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1, + params->l, s2, params->k); + } + if (ret == 0) { + byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + byte* tr = k + DILITHIUM_K_SZ; + byte* s1p = tr + DILITHIUM_TR_SZ; + byte* s2p = s1p + params->s1EncSz; + byte* t0 = s2p + params->s2EncSz; + byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ; + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; + sword32* s2t = s2; + sword32* tt = t; + + /* Step 9: Move k down to after public seed. */ + XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ); + /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */ + dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p); + /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */ + dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p); + + /* Step 5: NTT(s1) */ + dilithium_vec_ntt_small(s1, params->l); + /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ + XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + for (r = 0; (ret == 0) && (r < params->k); r++) { + sword32* s1t = s1; + unsigned int e; + + /* Put r/i into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; + for (s = 0; (ret == 0) && (s < params->l); s++) { + + /* Put s into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Step 3: Expand public seed into a matrix of polynomials. */ + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h); + if (ret != 0) { + break; + } + /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] = dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] = dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] = dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] = dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] = dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] = dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] = dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] = dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] += dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] += dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] += dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] += dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] += dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] += dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] += dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] += dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] += dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)a[e+0] * s1t[e+0]; + t64[e+1] = (sword64)a[e+1] * s1t[e+1]; + t64[e+2] = (sword64)a[e+2] * s1t[e+2]; + t64[e+3] = (sword64)a[e+3] * s1t[e+3]; + t64[e+4] = (sword64)a[e+4] * s1t[e+4]; + t64[e+5] = (sword64)a[e+5] * s1t[e+5]; + t64[e+6] = (sword64)a[e+6] * s1t[e+6]; + t64[e+7] = (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * s1t[e+0]; + t64[e+1] += (sword64)a[e+1] * s1t[e+1]; + t64[e+2] += (sword64)a[e+2] * s1t[e+2]; + t64[e+3] += (sword64)a[e+3] * s1t[e+3]; + t64[e+4] += (sword64)a[e+4] * s1t[e+4]; + t64[e+5] += (sword64)a[e+5] * s1t[e+5]; + t64[e+6] += (sword64)a[e+6] * s1t[e+6]; + t64[e+7] += (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + #endif + /* Next polynomial. */ + s1t += DILITHIUM_N; + } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red(t64[e]); + } + #endif + dilithium_invntt(tt); + dilithium_add(tt, s2t); + /* Make positive for decomposing. */ + dilithium_make_pos(tt); + + tt += DILITHIUM_N; + s2t += DILITHIUM_N; + } + + /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10. + * Decompose t in t0 and t1 and encode into public and private key. + */ + dilithium_vec_encode_t0_t1(t, params->k, t0, t1); + /* Step 8. Alg 18, Step 1: Hash public key into private key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Public key and private key are available. */ + key->prvKeySet = 1; + key->pubKeySet = 1; + } + + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +#endif +} + +/* Make a key from a random seed. + * + * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen() + * 1: xi <- {0,1}256 [Choose random seed] + * ... + * + * @param [in, out] key Dilithium key. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_make_key(dilithium_key* key, WC_RNG* rng) +{ + int ret; + byte seed[DILITHIUM_SEED_SZ]; + + /* Generate a 256-bit random seed. */ + ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_SEED_SZ); + if (ret == 0) { + /* Make key with random seed. */ + ret = wc_dilithium_make_key_from_seed(key, seed); + } + + return ret; +} +#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \ + defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) +/* Decode, from private key, and NTT private key vectors s1, s2, and t0. + * + * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * 1: (rho, K, tr, s1, s2, t0) <- skDecode(sk) + * 2: s1_circum <- NTT(s1) + * 3: s2_circum <- NTT(s2) + * 4: t0_circum <- NTT(t0) + * + * @param [in, out] key Dilithium key. + * @param [out] s1 Vector of polynomials s1. + * @param [out] s2 Vector of polynomials s2. + * @param [out] t0 Vector of polynomials t0. + */ +static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1, + sword32* s2, sword32* t0) +{ + const wc_dilithium_params* params = key->params; + const byte* pubSeed = key->k; + const byte* k = pubSeed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + const byte* s1p = tr + DILITHIUM_TR_SZ; + const byte* s2p = s1p + params->s1EncSz; + const byte* t0p = s2p + params->s2EncSz; + + /* Step 1: Decode s1, s2, t0. */ + dilithium_vec_decode_eta_bits(s1p, params->eta, s1, params->l); + dilithium_vec_decode_eta_bits(s2p, params->eta, s2, params->k); + dilithium_vec_decode_t0(t0p, params->k, t0); + + /* Step 2: NTT s1. */ + dilithium_vec_ntt_small(s1, params->l); + /* Step 3: NTT s2. */ + dilithium_vec_ntt_small(s2, params->k); + /* Step 4: NTT t0. */ + dilithium_vec_ntt(t0, params->k); + +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + /* Private key vectors have been created. */ + key->privVecsSet = 1; +#endif +} +#endif + +/* Sign a message with the key and a seed. + * + * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * 1: (rho, K, tr, s1, s2, t0) <- skDecode(sk) + * 2: s1_circum <- NTT(s1) + * 3: s2_circum <- NTT(s2) + * 4: t0_circum <- NTT(t0) + * 5: A_circum <- ExpandA(rho) + * 6: mu <- H(tr||M, 512) + * 7: rnd <- {0,1}256 + * 8: rho' <- H(K||rnd||mu, 512) + * 9: kappa <- 0 + * 10: (z, h) <- falsam + * 11: while (z, h) = falsam do + * 12: y <- ExpandMask(rho', kappa) + * 13: w <- NTT-1(A_circum o NTT(y)) + * 14: w1 <- HighBits(w) + * 15: c_tilde E {0,1}2*lambda <- H(mu|w1Encode(w1), 2 * lambda) + * 16: (c1_tilde, c2_tilde) E {0,1}256 x {0,1}2*lambda-256 <- c_tilde + * 17: c < SampleInBall(c1_tilde) + * 18: c_circum <- NTT(c) + * 19: <> <- NTT-1(c_circum o s1_circum) + * 20: <> <- NTT-1(c_circum o s2_circum) + * 21: z <- y + <> + * 22: r0 <- LowBits(w - <> + * 23: if ||z||inf >= GAMMA1 - BETA or ||r0||inf GAMMA2 - BETA then + * (z, h) <- falsam + * 24: else + * 25: <> <- NTT-1(c_circum o t0_circum) + * 26: h < MakeHint(-<>, w - <> + <>) + * 27: if (||<>||inf >= GAMMMA1 or + * the number of 1's in h is greater than OMEGA, then + * (z, h) <- falsam + * 28: end if + * 29: end if + * 30: kappa <- kappa + l + * 31: end while + * 32: sigma <- sigEncode(c_tilde, z mod +/- q, h) + * 33: return sigma + * + * @param [in, out] key Dilithium key. + * @param [in, out] seed Random seed. + * @param [in] msg Message data to sign. + * @param [in] msgLen Length of message data in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, + const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) +{ +#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM + int ret = 0; + const wc_dilithium_params* params = key->params; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t0 = NULL; + sword32* y = NULL; + sword32* w0 = NULL; + sword32* w1 = NULL; + sword32* c = NULL; + sword32* z = NULL; + sword32* ct0 = NULL; + byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = data + DILITHIUM_RND_SZ; + byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; + byte* h = sig + params->lambda * 2 + params->zEncSz; + + /* Check the signature buffer isn't too small. */ + if ((ret == 0) && (*sigLen < params->sigSz)) { + ret = BUFFER_E; + } + if (ret == 0) { + /* Return the size of the signature. */ + *sigLen = params->sigSz; + } + + /* Allocate memory for large intermediates. */ +#ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->a == NULL)) { + a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (a == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + a = key->a; + } +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->s1 == NULL)) { + key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (key->s1 == NULL) { + ret = MEMORY_E; + } + else { + key->s2 = key->s1 + params->s1Sz / sizeof(*s1); + key->t0 = key->s2 + params->s2Sz / sizeof(*s2); + } + } +#endif + if (ret == 0) { + s1 = key->s1; + s2 = key->s2; + t0 = key->t0; + } +#endif + if (ret == 0) { + unsigned int allocSz; + + /* y-l, w0-k, w1-k, c-1, z-l, ct0-k */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz; +#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS + /* s1-l, s2-k, t0-k */ + allocSz += params->s1Sz + params->s2Sz + params->s2Sz; +#endif +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + /* A */ + allocSz += params->aSz; +#endif + y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (y == NULL) { + ret = MEMORY_E; + } + else { + w0 = y + params->s1Sz / sizeof(*y); + w1 = w0 + params->s2Sz / sizeof(*w0); + c = w1 + params->s2Sz / sizeof(*w1); + z = c + DILITHIUM_N; + ct0 = z + params->s1Sz / sizeof(*z); +#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS + s1 = ct0 + params->s2Sz / sizeof(*ct0); + s2 = s1 + params->s1Sz / sizeof(*s1); + t0 = s2 + params->s2Sz / sizeof(*s2); +#endif +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + a = t0 + params->s2Sz / sizeof(*s2); +#endif + } + } + + if (ret == 0) { +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + /* Check that we haven't already cached the private vectors. */ + if (!key->privVecsSet) +#endif + { + /* Steps 1-4: Decode and NTT vectors s1, s2, and t0. */ + dilithium_make_priv_vecs(key, s1, s2, t0); + } + +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + /* Check that we haven't already cached the matrix A. */ + if (!key->aSet) +#endif + { + /* Step 5: Create the matrix A from the public seed. */ + ret = dilithium_expand_a(&key->shake, pub_seed, params->k, + params->l, a, key->heap); +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + key->aSet = (ret == 0); +#endif + } + } + if (ret == 0) { + /* Step 6: Compute the hash of tr, public key hash, and message. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + /* Step 7: Copy random into buffer for hashing. */ + XMEMCPY(data, seed, DILITHIUM_RND_SZ); + } + if (ret == 0) { + /* Step 9: Compute private random using hash. */ + ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data, + DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed, + DILITHIUM_PRIV_RAND_SEED_SZ); + } + if (ret == 0) { + word16 kappa = 0; + int valid = 0; + + /* Step 11: Start rejection sampling loop */ + do { + byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; + sword32* w = w1; + sword32* y_ntt = z; + sword32* cs2 = ct0; + byte* commit = sig; + + /* Step 12: Compute vector y from private random seed and kappa. */ + dilithium_vec_expand_mask(&key->shake, priv_rand_seed, kappa, + params->gamma1_bits, y, params->l); + #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y + valid = dilithium_vec_check_low(y, params->l, + (1 << params->gamma1_bits) - params->beta); + if (valid) + #endif + { + /* Step 13: NTT-1(A o NTT(y)) */ + XMEMCPY(y_ntt, y, params->s1Sz); + dilithium_vec_ntt(y_ntt, params->l); + dilithium_matrix_mul(w, a, y_ntt, params->k, params->l); + dilithium_vec_invntt(w, params->k); + /* Step 14, Step 22: Make values positive and decompose. */ + dilithium_vec_make_pos(w, params->k); + dilithium_vec_decompose(w, params->k, params->gamma2, w0, w1); + #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_W0 + valid = dilithium_vec_check_low(w0, params->k, + params->gamma2 - params->beta); + } + if (valid) { + #endif + /* Step 15: Encode w1. */ + dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e); + /* Step 15: Hash mu and encoded w1. + * Step 32: Hash is stored in signature. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, + w1e, params->w1EncSz, commit, 2 * params->lambda); + if (ret == 0) { + /* Step 17: Compute c from first 256 bits of commit. */ + ret = dilithium_sample_in_ball(&key->shake, commit, + params->tau, c, key->heap); + } + if (ret == 0) { + sword32 hi; + + /* Step 18: NTT(c). */ + dilithium_ntt_small(c); + /* Step 20: cs2 = NTT-1(c o s2) */ + dilithium_vec_mul(cs2, c, s2, params->k); + dilithium_vec_invntt(cs2, params->k); + /* Step 22: w0 - cs2 */ + dilithium_vec_sub(w0, cs2, params->k); + dilithium_vec_red(w0, params->k); + /* Step 23: Check w0 - cs2 has low enough values. */ + hi = params->gamma2 - params->beta; + valid = dilithium_vec_check_low(w0, params->k, hi); + if (valid) { + /* Step 19: cs1 = NTT-1(c o s1) */ + dilithium_vec_mul(z, c, s1, params->l); + dilithium_vec_invntt(z, params->l); + /* Step 21: z = y + cs1 */ + dilithium_vec_add(z, y, params->l); + dilithium_vec_red(z, params->l); + /* Step 23: Check z has low enough values. */ + hi = (1 << params->gamma1_bits) - params->beta; + valid = dilithium_vec_check_low(z, params->l, hi); + } + if (valid) { + /* Step 25: ct0 = NTT-1(c o t0) */ + dilithium_vec_mul(ct0, c, t0, params->k); + dilithium_vec_invntt(ct0, params->k); + /* Step 27: Check ct0 has low enough values. */ + hi = params->gamma2; + valid = dilithium_vec_check_low(ct0, params->k, hi); + } + if (valid) { + /* Step 26: ct0 = ct0 + w0 */ + dilithium_vec_add(ct0, w0, params->k); + dilithium_vec_red(ct0, params->k); + /* Step 26, 27: Make hint from ct0 and w1 and check + * number of hints is valid. + * Step 32: h is encoded into signature. + */ + valid = (dilithium_make_hint(ct0, w1, params->k, + params->gamma2, params->omega, h) >= 0); + } + } + } + + if (!valid) { + /* Too many attempts - something wrong with implementation. */ + if ((kappa > (word16)(kappa + params->l))) { + ret = BAD_COND_E; + } + + /* Step 30: increment value to append to seed to unique value. + */ + kappa += params->l; + } + } + /* Step 11: Check we have a valid signature. */ + while ((ret == 0) && (!valid)); + } + if (ret == 0) { + byte* ze = sig + params->lambda * 2; + /* Step 32: Encode z into signature. + * Commit (c) and h already encoded into signature. */ + dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze); + } + + XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +#else + int ret = 0; + const wc_dilithium_params* params = key->params; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + const byte* s1p = tr + DILITHIUM_TR_SZ; + const byte* s2p = s1p + params->s1EncSz; + const byte* t0p = s2p + params->s2EncSz; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t0 = NULL; + sword32* y = NULL; + sword32* y_ntt = NULL; + sword32* w0 = NULL; + sword32* w1 = NULL; + sword32* c = NULL; + sword32* z = NULL; + sword32* ct0 = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* blocks = NULL; + byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = data + DILITHIUM_RND_SZ; + byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; + byte* h = sig + params->lambda * 2 + params->zEncSz; +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A, + params->k); +#endif + + /* Check the signature buffer isn't too small. */ + if ((ret == 0) && (*sigLen < params->sigSz)) { + ret = BUFFER_E; + } + if (ret == 0) { + /* Return the size of the signature. */ + *sigLen = params->sigSz; + } + + /* Allocate memory for large intermediates. */ + if (ret == 0) { + unsigned int allocSz; + + /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE; + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + allocSz += params->s1Sz + params->s2Sz + params->s2Sz; + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + allocSz += maxK * params->l * DILITHIUM_POLY_SIZE; + #endif + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (y == NULL) { + ret = MEMORY_E; + } + else { + w0 = y + params->s1Sz / sizeof(*y_ntt); + w1 = w0 + params->s2Sz / sizeof(*w0); + blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1)); + c = (sword32*)(blocks + DILITHIUM_REJ_NTT_POLY_H_SIZE); + z = c + DILITHIUM_N; + a = z + DILITHIUM_N; + ct0 = z; + #if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + y_ntt = w0; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + (1 + maxK * params->l) * DILITHIUM_N); + #endif + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) + y_ntt = z; + s1 = a + DILITHIUM_N; + s2 = s1 + params->s1Sz / sizeof(*s1); + t0 = s2 + params->s2Sz / sizeof(*s2); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(t0 + params->s2Sz / sizeof(*t0)); + #endif + #else + y_ntt = z; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + #endif + } + } + + if (ret == 0) { + /* Step 7: Copy random into buffer for hashing. */ + XMEMCPY(data, seed, DILITHIUM_RND_SZ); + + /* Step 6: Compute the hash of tr, public key hash, and message. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + /* Step 9: Compute private random using hash. */ + ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data, + DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed, + DILITHIUM_PRIV_RAND_SEED_SZ); + } +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + if (ret == 0) { + dilithium_make_priv_vecs(key, s1, s2, t0); + } +#endif +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + if (ret == 0) { + /* Step 5: Create the matrix A from the public seed. */ + ret = dilithium_expand_a(&key->shake, pub_seed, maxK, params->l, a, + key->heap); + } +#endif + if (ret == 0) { + word16 kappa = 0; + int valid; + + /* Step 11: Start rejection sampling loop */ + do { + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; + byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; + sword32* w = w1; + byte* commit = sig; + byte r; + byte s; + sword32 hi; + sword32* wt = w; + sword32* w0t = w0; + sword32* w1t = w1; + sword32* at = a; + + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + w0t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + w1t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + wt += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + at += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * params->l * + DILITHIUM_N; + #endif + + valid = 1; + /* Step 12: Compute vector y from private random seed and kappa. */ + dilithium_vec_expand_mask(&key->shake, priv_rand_seed, kappa, + params->gamma1_bits, y, params->l); + #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y + valid = dilithium_vec_check_low(y, params->l, + (1 << params->gamma1_bits) - params->beta); + #endif + + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + /* Step 13: NTT-1(A o NTT(y)) */ + XMEMCPY(y_ntt, y, params->s1Sz); + dilithium_vec_ntt(y_ntt, params->l); + dilithium_matrix_mul(w, a, y_ntt, maxK, params->l); + dilithium_vec_invntt(w, maxK); + /* Step 14, Step 22: Make values positive and decompose. */ + dilithium_vec_make_pos(w, maxK); + dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1); + #endif + /* Step 5: Create the matrix A from the public seed. */ + /* Copy the seed into a buffer that has space for s and r. */ + XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + r = WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A; + #else + r = 0; + #endif + /* Alg 26. Step 1: Loop over first dimension of matrix. */ + for (; (ret == 0) && valid && (r < params->k); r++) { + unsigned int e; + sword32* yt = y; + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + sword32* y_ntt_t = z; + #else + sword32* y_ntt_t = y_ntt; + #endif + + /* Put r/i into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; + /* Alg 26. Step 2: Loop over second dimension of matrix. */ + for (s = 0; (ret == 0) && (s < params->l); s++) { + /* Put s into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Alg 26. Step 3: Create polynomial from hashing seed. */ + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, at, + blocks); + if (ret != 0) { + break; + } + XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE); + dilithium_ntt(y_ntt_t); + /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + wt[e] = dilithium_mont_red((sword64)at[e] * + y_ntt_t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] = dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] = dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] = dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] = dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] = dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] = dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] = dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] = dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + wt[e] += dilithium_mont_red((sword64)at[e] * + y_ntt_t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] += dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] += dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] += dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] += dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] += dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] += dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] += dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] += dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] = (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] = (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] = (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] = (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] = (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] = (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] = (sword64)at[e+7] * y_ntt_t[e+7]; + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] += (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] += (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] += (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] += (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] += (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] += (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] += (sword64)at[e+7] * y_ntt_t[e+7]; + } + #endif + } + #endif + /* Next polynomial. */ + yt += DILITHIUM_N; + } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + wt[e] = dilithium_mont_red(t64[e]); + } + #endif + dilithium_invntt(wt); + /* Step 14, Step 22: Make values positive and decompose. */ + dilithium_make_pos(wt); + #ifndef WOLFSSL_NO_ML_DSA_44 + if (params->gamma2 == DILITHIUM_Q_LOW_88) { + /* For each value of polynomial. */ + for (e = 0; e < DILITHIUM_N; e++) { + /* Decompose value into two vectors. */ + dilithium_decompose_q88(wt[e], &w0t[e], &w1t[e]); + } + } + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (params->gamma2 == DILITHIUM_Q_LOW_32) { + /* For each value of polynomial. */ + for (e = 0; e < DILITHIUM_N; e++) { + /* Decompose value into two vectors. */ + dilithium_decompose_q32(wt[e], &w0t[e], &w1t[e]); + } + } + #endif + #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_W0 + valid = dilithium_vec_check_low(w0t, + params->gamma2 - params->beta); + #endif + wt += DILITHIUM_N; + w0t += DILITHIUM_N; + w1t += DILITHIUM_N; + } + if ((ret == 0) && valid) { + sword32* yt = y; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + const byte* s1pt = s1p; + #endif + byte* ze = sig + params->lambda * 2; + + /* Step 15: Encode w1. */ + dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e); + /* Step 15: Hash mu and encoded w1. + * Step 32: Hash is stored in signature. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, + w1e, params->w1EncSz, commit, 2 * params->lambda); + if (ret == 0) { + /* Step 17: Compute c from first 256 bits of commit. */ + ret = dilithium_sample_in_ball_ex(&key->shake, commit, + params->tau, c, blocks); + } + if (ret == 0) { + /* Step 18: NTT(c). */ + dilithium_ntt_small(c); + } + + for (s = 0; (ret == 0) && valid && (s < params->l); s++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + #if !defined(WOLFSSL_NO_ML_DSA_44) || \ + !defined(WOLFSSL_NO_ML_DSA_87) + /* -2..2 */ + if (params->eta == DILITHIUM_ETA_2) { + dilithium_decode_eta_2_bits(s1pt, s1); + s1pt += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8; + } + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + /* -4..4 */ + if (params->eta == DILITHIUM_ETA_4) { + dilithium_decode_eta_4_bits(s1pt, s1); + s1pt += DILITHIUM_N / 2; + } + #endif + dilithium_ntt_small(s1); + dilithium_mul(z, c, s1); + #else + dilithium_mul(z, c, s1 + s * DILITHIUM_N); + #endif + /* Step 19: cs1 = NTT-1(c o s1) */ + dilithium_invntt(z); + /* Step 21: z = y + cs1 */ + dilithium_add(z, yt); + dilithium_poly_red(z); + /* Step 23: Check z has low enough values. */ + hi = (1 << params->gamma1_bits) - params->beta; + valid = dilithium_check_low(z, hi); + if (valid) { + /* Step 32: Encode z into signature. + * Commit (c) and h already encoded into signature. */ + #if !defined(WOLFSSL_NO_ML_DSA_44) + if (params->gamma1_bits == DILITHIUM_GAMMA1_BITS_17) { + dilithium_encode_gamma1_17_bits(z, ze); + /* Move to next place to encode to. */ + ze += DILITHIUM_GAMMA1_17_ENC_BITS / 2 * + DILITHIUM_N / 4; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || \ + !defined(WOLFSSL_NO_ML_DSA_87) + if (params->gamma1_bits == DILITHIUM_GAMMA1_BITS_19) { + dilithium_encode_gamma1_19_bits(z, ze); + /* Move to next place to encode to. */ + ze += DILITHIUM_GAMMA1_19_ENC_BITS / 2 * + DILITHIUM_N / 4; + } + #endif + } + + yt += DILITHIUM_N; + } + } + if ((ret == 0) && valid) { + const byte* t0pt = t0p; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + const byte* s2pt = s2p; + #endif + sword32* cs2 = ct0; + w0t = w0; + w1t = w1; + byte idx = 0; + + for (r = 0; valid && (r < params->k); r++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + #if !defined(WOLFSSL_NO_ML_DSA_44) || \ + !defined(WOLFSSL_NO_ML_DSA_87) + /* -2..2 */ + if (params->eta == DILITHIUM_ETA_2) { + dilithium_decode_eta_2_bits(s2pt, s2); + s2pt += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8; + } + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + /* -4..4 */ + if (params->eta == DILITHIUM_ETA_4) { + dilithium_decode_eta_4_bits(s2pt, s2); + s2pt += DILITHIUM_N / 2; + } + #endif + dilithium_ntt_small(s2); + /* Step 20: cs2 = NTT-1(c o s2) */ + dilithium_mul(cs2, c, s2); + #else + /* Step 20: cs2 = NTT-1(c o s2) */ + dilithium_mul(cs2, c, s2 + r * DILITHIUM_N); + #endif + dilithium_invntt(cs2); + /* Step 22: w0 - cs2 */ + dilithium_sub(w0t, cs2); + dilithium_poly_red(w0t); + /* Step 23: Check w0 - cs2 has low enough values. */ + hi = params->gamma2 - params->beta; + valid = dilithium_check_low(w0t, hi); + if (valid) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + dilithium_decode_t0(t0pt, t0); + dilithium_ntt(t0); + + /* Step 25: ct0 = NTT-1(c o t0) */ + dilithium_mul(ct0, c, t0); + #else + /* Step 25: ct0 = NTT-1(c o t0) */ + dilithium_mul(ct0, c, t0 + r * DILITHIUM_N); + #endif + dilithium_invntt(ct0); + /* Step 27: Check ct0 has low enough values. */ + valid = dilithium_check_low(ct0, params->gamma2); + } + if (valid) { + /* Step 26: ct0 = ct0 + w0 */ + dilithium_add(ct0, w0t); + dilithium_poly_red(ct0); + + /* Step 26, 27: Make hint from ct0 and w1 and check + * number of hints is valid. + * Step 32: h is encoded into signature. + */ + #ifndef WOLFSSL_NO_ML_DSA_44 + if (params->gamma2 == DILITHIUM_Q_LOW_88) { + valid = (dilithium_make_hint_88(ct0, w1t, h, + &idx) == 0); + /* Alg 14, Step 10: Store count of hints for + * polynomial at end of list. */ + h[PARAMS_ML_DSA_44_OMEGA + r] = idx; + } + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || \ + !defined(WOLFSSL_NO_ML_DSA_87) + if (params->gamma2 == DILITHIUM_Q_LOW_32) { + valid = (dilithium_make_hint_32(ct0, w1t, + params->omega, h, &idx) == 0); + /* Alg 14, Step 10: Store count of hints for + * polynomial at end of list. */ + h[params->omega + r] = idx; + } + #endif + } + + t0pt += DILITHIUM_D * DILITHIUM_N / 8; + w0t += DILITHIUM_N; + w1t += DILITHIUM_N; + } + /* Set remaining hints to zero. */ + XMEMSET(h + idx, 0, params->omega - idx); + } + + if (!valid) { + /* Too many attempts - something wrong with implementation. */ + if ((kappa > (word16)(kappa + params->l))) { + ret = BAD_COND_E; + } + + /* Step 30: increment value to append to seed to unique value. + */ + kappa += params->l; + } + } + /* Step 11: Check we have a valid signature. */ + while ((ret == 0) && (!valid)); + } + + XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +#endif +} + +/* Sign a message with the key and a random number generator. + * + * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * ... + * 7: rnd <- {0,1}256 [Randomly generated.] + * ... + * + * @param [in, out] key Dilithium key. + * @param [in, out] rng Random number generator. + * @param [in] msg Message data to sign. + * @param [in] msgLen Length of message data in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg, + word32 msgLen, byte* sig, word32 *sigLen) +{ + int ret = 0; + byte rnd[DILITHIUM_RND_SZ]; + + /* Must have a random number generator. */ + if (rng == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Step 7: Generate random seed. */ + ret = wc_RNG_GenerateBlock(rng, rnd, DILITHIUM_RND_SZ); + } + if (ret == 0) { + /* Sign with random seed. */ + ret = dilithium_sign_msg_with_seed(key, rnd, msg, msgLen, sig, + sigLen); + } + + return ret; +} + +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + +#if !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) || \ + defined(WC_DILITHIUM_CACHE_PUB_VECTORS) +static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1) +{ + const wc_dilithium_params* params = key->params; + const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ; + + dilithium_vec_decode_t1(t1p, params->k, t1); + dilithium_vec_ntt(t1, params->k); + +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + key->pubVecSet = 1; +#endif +} +#endif + +/* Verify signature of message using public key. + * + * FIPS 204. 6: Algorithm 3 ML-DSA.Verify(pk, M, sigma) + * 1: (rho, t1) <- pkDecode(pk) + * 2: (c_tilde, z, h) <- sigDecode(sigma) + * 3: if h = falsam then return false + * 4: end if + * 5: A_circum <- ExpandS(rho) + * 6: tr <- H(BytesToBits(pk), 512) + * 7: mu <- H(tr||M, 512) + * 8: (c1_tilde, c2_tilde) E {0,1}256 x {0,1)2*lambda-256 <- c_tilde + * 9: c <- SampleInBall(c1_tilde) + * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.s^d)) + * 11: w1' <- UseHint(h, w'approx) + * 12: c'_tilde < H(mu||w1Encode(w1'), 2*lambda) + * 13: return [[ ||z||inf < GAMMA1 - BETA]] and [[c_tilde = c'_tilde]] and + * [[number of 1's in h is <= OMEGA + * + * @param [in, out] key Dilithium key. + * @param [in] msg Message to verify. + * @param [in] msgLen Length of message in bytes. + * @param [in] sig Signature to verify message. + * @param [in] sigLen Length of message in bytes. + * @param [out] res Result of verification. + * @return 0 on success. + * @return SIG_VERIFY_E when hint is malformed. + * @return BUFFER_E when the length of the signature does not match + * parameters. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_verify_msg(dilithium_key* key, const byte* msg, + word32 msgLen, const byte* sig, word32 sigLen, int* res) +{ +#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM + int ret = 0; + const wc_dilithium_params* params = key->params; + const byte* pub_seed = key->p; + const byte* commit = sig; + const byte* ze = sig + params->lambda * 2; + const byte* h = ze + params->zEncSz; + sword32* a = NULL; + sword32* t1 = NULL; + sword32* c = NULL; + sword32* z = NULL; + sword32* w = NULL; + sword32* t1c = NULL; + byte tr[DILITHIUM_TR_SZ]; + byte* mu = tr; + byte* w1e = NULL; + byte* commit_calc = tr; + int valid = 0; + sword32 hi; + + /* Ensure the signature is the right size for the parameters. */ + if (sigLen != params->sigSz) { + ret = BUFFER_E; + } + if (ret == 0) { + /* Step 13: Verify the hint is well-formed. */ + ret = dilithium_check_hint(h, params->k, params->omega); + } + + /* Allocate memory for large intermediates. */ +#ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->a == NULL)) { + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->a == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + a = key->a; + } +#endif +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->t1 == NULL)) { + key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->t1 == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + t1 = key->t1; + } +#endif + if (ret == 0) { + unsigned int allocSz; + + /* z, c, w, t1/t1c */ + allocSz = DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz + + params->s2Sz; +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + /* a */ + allocSz += params->aSz; +#endif -#ifdef HAVE_CONFIG_H - #include + z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (z == NULL) { + ret = MEMORY_E; + } + else { + c = z + params->s1Sz / sizeof(*z); + w = c + DILITHIUM_N; +#ifndef WC_DILITHIUM_CACHE_PUB_VECTORS + t1 = w + params->s2Sz / sizeof(*w); + t1c = t1; +#else + t1c = w + params->s2Sz / sizeof(*w); +#endif +#ifndef WC_DILITHIUM_CACHE_MATRIX_A + a = t1 + params->s2Sz / sizeof(*t1); #endif + w1e = (byte*)c; + } + } -/* in case user set HAVE_PQC there */ -#include + if (ret == 0) { + /* Step 2: Decode z from signature. */ + dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z); + /* Step 13: Check z is valid - values are low enough. */ + hi = (1 << params->gamma1_bits) - params->beta; + valid = dilithium_vec_check_low(z, params->l, hi); + } + if ((ret == 0) && valid) { +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + /* Check that we haven't already cached the public vector. */ + if (!key->pubVecSet) +#endif + { + /* Step 1: Decode and NTT vector t1. */ + dilithium_make_pub_vec(key, t1); + } -#include +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + /* Check that we haven't already cached the matrix A. */ + if (!key->aSet) +#endif + { + /* Step 5: Expand pub seed to compute matrix A. */ + ret = dilithium_expand_a(&key->shake, pub_seed, params->k, + params->l, a, key->heap); +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + /* Whether we have cached A is dependent on success of operation. */ + key->aSet = (ret == 0); +#endif + } + } + if ((ret == 0) && valid) { + /* Step 6: Hash public key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if ((ret == 0) && valid) { + /* Step 7: Hash hash of public key and message. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if ((ret == 0) && valid) { + /* Step 9: Compute c from first 256 bits of commit. */ + ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, + key->heap); + } + if ((ret == 0) && valid) { + /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ + dilithium_vec_ntt(z, params->l); + dilithium_matrix_mul(w, a, z, params->k, params->l); + dilithium_ntt_small(c); + dilithium_vec_mul(t1c, c, t1, params->k); + dilithium_vec_sub(w, t1c, params->k); + dilithium_vec_invntt(w, params->k); + /* Step 11: Use hint to give full w1. */ + dilithium_vec_use_hint(w, params->k, params->gamma2, params->omega, h); + /* Step 12: Encode w1. */ + dilithium_vec_encode_w1(w, params->k, params->gamma2, w1e); + /* Step 12: Hash mu and encoded w1. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e, + params->w1EncSz, commit_calc, 2 * params->lambda); + } + if ((ret == 0) && valid) { + /* Step 13: Compare commit. */ + valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0); + } -#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + *res = valid; + XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +#else + int ret = 0; + const wc_dilithium_params* params = key->params; + const byte* pub_seed = key->p; + const byte* t1p = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* commit = sig; + const byte* ze = sig + params->lambda * 2; + const byte* h = ze + params->zEncSz; + sword32* t1 = NULL; + sword32* a = NULL; + sword32* c = NULL; + sword32* z = NULL; + sword32* w = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + byte* block = NULL; +#endif + byte tr[DILITHIUM_TR_SZ]; + byte* mu = tr; + byte* w1e = NULL; + byte* commit_calc = tr; + int valid = 0; + sword32 hi; + unsigned int r; + byte o; + byte* encW1; + byte* seed = tr; + + /* Ensure the signature is the right size for the parameters. */ + if (sigLen != params->sigSz) { + ret = BUFFER_E; + } + if (ret == 0) { + /* Step 13: Verify the hint is well-formed. */ + ret = dilithium_check_hint(h, params->k, params->omega); + } -#ifdef HAVE_LIBOQS -#include +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + /* Allocate memory for large intermediates. */ + if (ret == 0) { + /* z, c, w, t1, w1e. */ + unsigned int allocSz; + + allocSz = params->s1Sz + 3 * DILITHIUM_POLY_SIZE + + DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (z == NULL) { + ret = MEMORY_E; + } + else { + c = z + params->s1Sz / sizeof(*t1); + w = c + DILITHIUM_N; + t1 = w + DILITHIUM_N; + block = (byte*)(t1 + DILITHIUM_N); + w1e = block + DILITHIUM_REJ_NTT_POLY_H_SIZE; + a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(w1e + params->w1EncSz); + #endif + } + } +#else + if (ret == 0) { + z = key->z; + c = key->c; + w = key->w; + t1 = key->t1; + w1e = key->w1e; + a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = key->t64; + #endif + } #endif -#include -#include -#ifdef NO_INLINE - #include + if (ret == 0) { + /* Step 2: Decode z from signature. */ + dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z); + /* Step 13: Check z is valid - values are low enough. */ + hi = (1 << params->gamma1_bits) - params->beta; + valid = dilithium_vec_check_low(z, params->l, hi); + } + if ((ret == 0) && valid) { + /* Step 10: NTT(z) */ + dilithium_vec_ntt(z, params->l); + + /* Step 9: Compute c from first 256 bits of commit. */ +#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c, + key->block); #else - #define WOLFSSL_MISC_INCLUDED - #include + ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c, + block); +#endif + } + if ((ret == 0) && valid) { + dilithium_ntt_small(c); + + o = 0; + encW1 = w1e; + + /* Copy the seed into a buffer that has space for s and r. */ + XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ); + /* Step 1: Loop over first dimension of matrix. */ + for (r = 0; (ret == 0) && (r < params->k); r++) { + unsigned int s; + unsigned int e; + const sword32* zt = z; + + /* Step 1: Decode and NTT vector t1. */ + dilithium_decode_t1(t1p, w); + /* Next polynomial. */ + t1p += DILITHIUM_U * DILITHIUM_N / 8; + + /* Step 10: - NTT(c) o NTT(t1)) */ + dilithium_ntt(w); + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = -dilithium_mont_red((sword64)c[e] * w[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] = -dilithium_mont_red((sword64)c[e+0] * w[e+0]); + w[e+1] = -dilithium_mont_red((sword64)c[e+1] * w[e+1]); + w[e+2] = -dilithium_mont_red((sword64)c[e+2] * w[e+2]); + w[e+3] = -dilithium_mont_red((sword64)c[e+3] * w[e+3]); + w[e+4] = -dilithium_mont_red((sword64)c[e+4] * w[e+4]); + w[e+5] = -dilithium_mont_red((sword64)c[e+5] * w[e+5]); + w[e+6] = -dilithium_mont_red((sword64)c[e+6] * w[e+6]); + w[e+7] = -dilithium_mont_red((sword64)c[e+7] * w[e+7]); + } + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = -(sword64)c[e] * w[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = -(sword64)c[e+0] * w[e+0]; + t64[e+1] = -(sword64)c[e+1] * w[e+1]; + t64[e+2] = -(sword64)c[e+2] * w[e+2]; + t64[e+3] = -(sword64)c[e+3] * w[e+3]; + t64[e+4] = -(sword64)c[e+4] * w[e+4]; + t64[e+5] = -(sword64)c[e+5] * w[e+5]; + t64[e+6] = -(sword64)c[e+6] * w[e+6]; + t64[e+7] = -(sword64)c[e+7] * w[e+7]; + } + #endif + #endif + + /* Step 5: Expand pub seed to compute matrix A. */ + /* Put r into buffer to be hashed. */ + seed[DILITHIUM_PUB_SEED_SZ + 1] = r; + for (s = 0; (ret == 0) && (s < params->l); s++) { + /* Put s into buffer to be hashed. */ + seed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Step 3: Create polynomial from hashing seed. */ + #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h); + #else + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, block); + #endif + + /* Step 10: w = A o NTT(z) - NTT(c) o NTT(t1) */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] += dilithium_mont_red((sword64)a[e] * zt[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] += dilithium_mont_red((sword64)a[e+0] * zt[e+0]); + w[e+1] += dilithium_mont_red((sword64)a[e+1] * zt[e+1]); + w[e+2] += dilithium_mont_red((sword64)a[e+2] * zt[e+2]); + w[e+3] += dilithium_mont_red((sword64)a[e+3] * zt[e+3]); + w[e+4] += dilithium_mont_red((sword64)a[e+4] * zt[e+4]); + w[e+5] += dilithium_mont_red((sword64)a[e+5] * zt[e+5]); + w[e+6] += dilithium_mont_red((sword64)a[e+6] * zt[e+6]); + w[e+7] += dilithium_mont_red((sword64)a[e+7] * zt[e+7]); + } + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * zt[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * zt[e+0]; + t64[e+1] += (sword64)a[e+1] * zt[e+1]; + t64[e+2] += (sword64)a[e+2] * zt[e+2]; + t64[e+3] += (sword64)a[e+3] * zt[e+3]; + t64[e+4] += (sword64)a[e+4] * zt[e+4]; + t64[e+5] += (sword64)a[e+5] * zt[e+5]; + t64[e+6] += (sword64)a[e+6] * zt[e+6]; + t64[e+7] += (sword64)a[e+7] * zt[e+7]; + } + #endif + #endif + /* Next polynomial. */ + zt += DILITHIUM_N; + } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = dilithium_mont_red(t64[e]); + } + #endif + + /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ + dilithium_invntt(w); + + #ifndef WOLFSSL_NO_ML_DSA_44 + if (params->gamma2 == DILITHIUM_Q_LOW_88) { + /* Step 11: Use hint to give full w1. */ + dilithium_use_hint_88(w, h, r, &o); + /* Step 12: Encode w1. */ + dilithium_encode_w1_88(w, encW1); + encW1 += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + if (params->gamma2 == DILITHIUM_Q_LOW_32) { + /* Step 11: Use hint to give full w1. */ + dilithium_use_hint_32(w, h, params->omega, r, &o); + /* Step 12: Encode w1. */ + dilithium_encode_w1_32(w, encW1); + encW1 += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16; + } + else + #endif + { + } + } + } + if ((ret == 0) && valid) { + /* Step 6: Hash public key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if ((ret == 0) && valid) { + /* Step 7: Hash hash of public key and message. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if ((ret == 0) && valid) { + /* Step 12: Hash mu and encoded w1. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e, + params->w1EncSz, commit_calc, 2 * params->lambda); + } + if ((ret == 0) && valid) { + /* Step 13: Compare commit. */ + valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0); + } + + *res = valid; +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM); #endif + return ret; +#endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ +} -/* Sign the message using the dilithium private key. - * - * in [in] Message to sign. - * inLen [in] Length of the message in bytes. - * out [in] Buffer to write signature into. - * outLen [in/out] On in, size of buffer. - * On out, the length of the signature in bytes. - * key [in] Dilithium key to use when signing - * returns BAD_FUNC_ARG when a parameter is NULL or public key not set, - * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, - * 0 otherwise. - */ -int wc_dilithium_sign_msg(const byte* in, word32 inLen, - byte* out, word32 *outLen, - dilithium_key* key, WC_RNG* rng) +#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ + +#elif defined(HAVE_LIBOQS) + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng) { int ret = 0; + OQS_SIG *oqssig = NULL; - /* sanity check on arguments */ - if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) { - return BAD_FUNC_ARG; + if (key->level == WC_ML_DSA_44) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); + } + else if (key->level == WC_ML_DSA_65) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); + } + else if (key->level == WC_ML_DSA_87) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); + } + else { + ret = SIG_TYPE_E; } -#ifdef WOLF_CRYPTO_CB - #ifndef WOLF_CRYPTO_CB_FIND - if (key->devId != INVALID_DEVID) - #endif - { - ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); - if (ret != CRYPTOCB_UNAVAILABLE) - return ret; - /* fall-through when unavailable */ - ret = 0; + if (ret == 0) { + ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_keypair(oqssig, key->p, key->k) != OQS_SUCCESS) { + ret = BUFFER_E; + } + } + wolfSSL_liboqsRngMutexUnlock(); + } + if (ret == 0) { + key->prvKeySet = 1; + key->pubKeySet = 1; } -#endif -#ifdef HAVE_LIBOQS + if (oqssig != NULL) { + OQS_SIG_free(oqssig); + } + + return ret; +} +#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN +static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, + word32 *sigLen, dilithium_key* key, WC_RNG* rng) +{ + int ret = 0; OQS_SIG *oqssig = NULL; size_t localOutLen = 0; - if ((ret == 0) && (!key->prvKeySet)) { + if (!key->prvKeySet) { ret = BAD_FUNC_ARG; } if (ret == 0) { - if (key->level == 2) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2); + if (key->level == WC_ML_DSA_44) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3); + else if (key->level == WC_ML_DSA_65) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5); + else if (key->level == WC_ML_DSA_87) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { ret = SIG_TYPE_E; @@ -111,19 +7119,22 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen, /* check and set up out length */ if (ret == 0) { - if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_SIG_SIZE)) { - *outLen = DILITHIUM_LEVEL2_SIG_SIZE; + if ((key->level == WC_ML_DSA_44) && + (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) { + *sigLen = DILITHIUM_LEVEL2_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_SIG_SIZE)) { - *outLen = DILITHIUM_LEVEL3_SIG_SIZE; + else if ((key->level == WC_ML_DSA_65) && + (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) { + *sigLen = DILITHIUM_LEVEL3_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_SIG_SIZE)) { - *outLen = DILITHIUM_LEVEL5_SIG_SIZE; + else if ((key->level == WC_ML_DSA_87) && + (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) { + *sigLen = DILITHIUM_LEVEL5_SIG_SIZE; ret = BUFFER_E; } - localOutLen = *outLen; + localOutLen = *sigLen; } if (ret == 0) { @@ -131,13 +7142,13 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen, } if ((ret == 0) && - (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) + (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k) == OQS_ERROR)) { ret = BAD_FUNC_ARG; } if (ret == 0) { - *outLen = (word32)localOutLen; + *sigLen = (word32)localOutLen; } wolfSSL_liboqsRngMutexUnlock(); @@ -145,92 +7156,274 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen, if (oqssig != NULL) { OQS_SIG_free(oqssig); } -#else - ret = NOT_COMPILED_IN; + return ret; +} #endif + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, dilithium_key* key) +{ + int ret = 0; + OQS_SIG *oqssig = NULL; + + if (!key->pubKeySet) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + if (key->level == WC_ML_DSA_44) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); + } + else if (key->level == WC_ML_DSA_65) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); + } + else if (key->level == WC_ML_DSA_87) { + oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); + } + else { + ret = SIG_TYPE_E; + } + } + + if ((ret == 0) && (oqssig == NULL)) { + ret = BUFFER_E; + } + + if ((ret == 0) && + (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p) + == OQS_ERROR)) { + ret = SIG_VERIFY_E; + } + + if (ret == 0) { + *res = 1; + } + + if (oqssig != NULL) { + OQS_SIG_free(oqssig); + } return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ -/* Verify the message using the dilithium public key. - * - * sig [in] Signature to verify. - * sigLen [in] Size of signature in bytes. - * msg [in] Message to verify. - * msgLen [in] Length of the message in bytes. - * res [out] *res is set to 1 on successful verification. - * key [in] Dilithium key to use to verify. - * returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and - * BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE, - * 0 otherwise. - */ -int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* res, dilithium_key* key) +#else + #error "No dilithium implementation chosen." +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng) { int ret = 0; - if (key == NULL || sig == NULL || msg == NULL || res == NULL) { - return BAD_FUNC_ARG; + /* Validate parameters. */ + if ((key == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; } #ifdef WOLF_CRYPTO_CB + if (ret == 0) { #ifndef WOLF_CRYPTO_CB_FIND - if (key->devId != INVALID_DEVID) + if (key->devId != INVALID_DEVID) #endif - { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_DILITHIUM, key); - if (ret != CRYPTOCB_UNAVAILABLE) - return ret; - /* fall-through when unavailable */ - ret = 0; + { + ret = wc_CryptoCb_MakePqcSignatureKey(rng, + WC_PQC_SIG_TYPE_DILITHIUM, key->level, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } } #endif -#ifdef HAVE_LIBOQS - OQS_SIG *oqssig = NULL; + if (ret == 0) { +#ifdef WOLFSSL_WC_DILITHIUM + /* Check the level or parameters have been set. */ + if (key->params == NULL) { + ret = BAD_STATE_E; + } + else { + /* Make the key. */ + ret = dilithium_make_key(key, rng); + } +#elif defined(HAVE_LIBOQS) + /* Make the key. */ + ret = oqs_dilithium_make_key(key, rng); +#endif + } - if ((ret == 0) && (!key->pubKeySet)) { + return ret; +} + +int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (seed == NULL)) { ret = BAD_FUNC_ARG; } if (ret == 0) { - if (key->level == 2) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2); - } - else if (key->level == 3) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3); - } - else if (key->level == 5) { - oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5); +#ifdef WOLFSSL_WC_DILITHIUM + /* Check the level or parameters have been set. */ + if (key->params == NULL) { + ret = BAD_STATE_E; } else { - ret = SIG_TYPE_E; + /* Make the key. */ + ret = dilithium_make_key_from_seed(key, seed); } +#elif defined(HAVE_LIBOQS) + /* Make the key. */ + ret = NOT_COMPILED_IN; +#endif } - if ((ret == 0) && (oqssig == NULL)) { - ret = BUFFER_E; + return ret; +} +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* Sign the message using the dilithium private key. + * + * msg [in] Message to sign. + * msgLen [in] Length of the message in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL or public key not set, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, + word32 *sigLen, dilithium_key* key, WC_RNG* rng) +{ + int ret = 0; + + /* Validate parameters. */ + if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, + WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_msg(key, rng, msg, msgLen, sig, sigLen); + #elif defined(HAVE_LIBOQS) + ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng); + #endif + } + + return ret; +} + +/* Sign the message using the dilithium private key. + * + * msg [in] Message to sign. + * msgLen [in] Length of the message in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL or public key not set, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, + word32 *sigLen, dilithium_key* key, byte* seed) +{ + int ret = 0; + + /* Validate parameters. */ + if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_msg_with_seed(key, seed, msg, msgLen, sig, sigLen); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)msgLen; + (void)seed; + #endif } - if ((ret == 0) && - (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p) - == OQS_ERROR)) { - ret = SIG_VERIFY_E; + return ret; +} +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* Verify the message using the dilithium public key. + * + * sig [in] Signature to verify. + * sigLen [in] Size of signature in bytes. + * msg [in] Message to verify. + * msgLen [in] Length of the message in bytes. + * res [out] *res is set to 1 on successful verification. + * key [in] Dilithium key to use to verify. + * returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and + * BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* res, dilithium_key* key) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) { + ret = BAD_FUNC_ARG; } + #ifdef WOLF_CRYPTO_CB if (ret == 0) { - *res = 1; + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, + WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } } + #endif - if (oqssig != NULL) { - OQS_SIG_free(oqssig); + if (ret == 0) { + /* Verify message with signature. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_verify_msg(key, msg, msgLen, sig, sigLen, res); + #elif defined(HAVE_LIBOQS) + ret = oqs_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key); + #endif } -#else - ret = NOT_COMPILED_IN; -#endif return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ /* Initialize the dilithium private/public key. * @@ -251,74 +7444,86 @@ int wc_dilithium_init(dilithium_key* key) */ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId) { + int ret = 0; + + (void)devId; + + /* Validate parameters. */ if (key == NULL) { - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } - ForceZero(key, sizeof(*key)); - -#ifdef WOLF_CRYPTO_CB - key->devCtx = NULL; - key->devId = devId; -#endif -#ifdef WOLF_PRIVATE_KEY_ID - key->idLen = 0; - key->labelLen = 0; -#endif + if (ret == 0) { + /* Ensure all fields reset. */ + XMEMSET(key, 0, sizeof(*key)); - (void) heap; - (void) devId; + #ifdef WOLF_CRYPTO_CB + key->devCtx = NULL; + key->devId = devId; + #endif + #ifdef WOLF_PRIVATE_KEY_ID + key->idLen = 0; + key->labelLen = 0; + #endif + key->heap = heap; + } - return 0; + return ret; } #ifdef WOLF_PRIVATE_KEY_ID int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len, - void* heap, int devId) + void* heap, int devId) { int ret = 0; - if (key == NULL) + if (key == NULL) { ret = BAD_FUNC_ARG; - if (ret == 0 && (len < 0 || len > DILITHIUM_MAX_ID_LEN)) + } + if ((ret == 0) && ((len < 0) || (len > DILITHIUM_MAX_ID_LEN))) { ret = BUFFER_E; + } - if (ret == 0) + if (ret == 0) { ret = wc_dilithium_init_ex(key, heap, devId); - if (ret == 0 && id != NULL && len != 0) { + } + if ((ret == 0) && (id != NULL) && (len != 0)) { XMEMCPY(key->id, id, (size_t)len); key->idLen = len; } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap, - int devId) + int devId) { int ret = 0; int labelLen = 0; - if (key == NULL || label == NULL) + if ((key == NULL) || (label == NULL)) { ret = BAD_FUNC_ARG; + } if (ret == 0) { labelLen = (int)XSTRLEN(label); - if (labelLen == 0 || labelLen > DILITHIUM_MAX_LABEL_LEN) + if ((labelLen == 0) || (labelLen > DILITHIUM_MAX_LABEL_LEN)) { ret = BUFFER_E; + } } - if (ret == 0) + if (ret == 0) { ret = wc_dilithium_init_ex(key, heap, devId); + } if (ret == 0) { XMEMCPY(key->label, label, (size_t)labelLen); key->labelLen = labelLen; } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } @@ -332,18 +7537,52 @@ int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap, */ int wc_dilithium_set_level(dilithium_key* key, byte level) { + int ret = 0; + + /* Validate parameters. */ if (key == NULL) { - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) && + (level != WC_ML_DSA_87)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { +#ifdef WOLFSSL_WC_DILITHIUM + /* Get the parameters for level into key. */ + ret = dilithium_get_params(level, &key->params); } + if (ret == 0) { + /* Clear any cached items. */ +#ifndef WC_DILITHIUM_FIXED_ARRAY + #ifdef WC_DILITHIUM_CACHE_MATRIX_A + XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->a = NULL; + key->aSet = 0; + #endif + #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->s1 = NULL; + key->s2 = NULL; + key->t0 = NULL; + key->privVecsSet = 0; + #endif + #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->t1 = NULL; + key->pubVecSet = 0; + #endif +#endif +#endif /* WOLFSSL_WC_DILITHIUM */ - if (level != 2 && level != 3 && level != 5) { - return BAD_FUNC_ARG; + /* Store level and indicate public and private key are not set. */ + key->level = level; + key->pubKeySet = 0; + key->prvKeySet = 0; } - key->level = level; - key->pubKeySet = 0; - key->prvKeySet = 0; - return 0; + return ret; } /* Get the level of the dilithium private/public key. @@ -354,16 +7593,23 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) */ int wc_dilithium_get_level(dilithium_key* key, byte* level) { - if (key == NULL || level == NULL) { - return BAD_FUNC_ARG; + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (level == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { + ret = BAD_FUNC_ARG; } - if (key->level != 2 && key->level != 3 && key->level != 5) { - return BAD_FUNC_ARG; + if (ret == 0) { + /* Return level. */ + *level = key->level; } - *level = key->level; - return 0; + return ret; } /* Clears the dilithium key data @@ -373,687 +7619,1249 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level) void wc_dilithium_free(dilithium_key* key) { if (key != NULL) { +#ifdef WOLFSSL_WC_DILITHIUM +#ifndef WC_DILITHIUM_FIXED_ARRAY + /* Dispose of cached items. */ + #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM); + #endif + #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + #endif + #ifdef WC_DILITHIUM_CACHE_MATRIX_A + XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM); + #endif +#endif + /* Free the SHAKE-128/256 object. */ + wc_Shake256_Free(&key->shake); +#endif + /* Ensure all private data is zeroized. */ ForceZero(key, sizeof(*key)); } } -/* Export the dilithium public key. +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY +/* Returns the size of a dilithium private key. * - * key [in] Dilithium public key. - * out [in] Array to hold public key. - * outLen [in/out] On in, the number of bytes in array. - * On out, the number bytes put into array. - * returns BAD_FUNC_ARG when a parameter is NULL, - * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PUB_KEY_SIZE, - * 0 otherwise. + * @param [in] key Dilithium private/public key. + * @return Private key size on success for set level. + * @return BAD_FUNC_ARG when key is NULL or level not set, */ -int wc_dilithium_export_public(dilithium_key* key, - byte* out, word32* outLen) +int wc_dilithium_size(dilithium_key* key) { - /* sanity check on arguments */ - if ((key == NULL) || (out == NULL) || (outLen == NULL)) { - return BAD_FUNC_ARG; - } + int ret = BAD_FUNC_ARG; - if ((key->level != 2) && (key->level != 3) && (key->level != 5)) { - return BAD_FUNC_ARG; + if (key != NULL) { + if (key->level == WC_ML_DSA_44) { + ret = DILITHIUM_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = DILITHIUM_LEVEL5_KEY_SIZE; + } } - if (!key->pubKeySet) { - return BAD_FUNC_ARG; - } + return ret; +} - /* check and set up out length */ - if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PUB_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; - return BUFFER_E; +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY +/* Returns the size of a dilithium private plus public key. + * + * @param [in] key Dilithium private/public key. + * @return Private key size on success for set level. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_dilithium_priv_size(dilithium_key* key) +{ + int ret = BAD_FUNC_ARG; + + if (key != NULL) { + if (key->level == WC_ML_DSA_44) { + ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE; + } } - else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_PUB_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; - return BUFFER_E; + + return ret; +} + +/* Returns the size of a dilithium private plus public key. + * + * @param [in] key Dilithium private/public key. + * @param [out] len Private key size for set level. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len) +{ + int ret = 0; + + *len = wc_dilithium_priv_size(key); + if (*len < 0) { + ret = *len; } - else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_PUB_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; - return BUFFER_E; + + return ret; +} +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY +/* Returns the size of a dilithium public key. + * + * @param [in] key Dilithium private/public key. + * @return Public key size on success for set level. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_dilithium_pub_size(dilithium_key* key) +{ + int ret = BAD_FUNC_ARG; + + if (key != NULL) { + if (key->level == WC_ML_DSA_44) { + ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + } } - if (key->level == 2) { - *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; - XMEMCPY(out, key->p, DILITHIUM_LEVEL2_PUB_KEY_SIZE); + return ret; +} + +/* Returns the size of a dilithium public key. + * + * @param [in] key Dilithium private/public key. + * @param [out] len Public key size for set level. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len) +{ + int ret = 0; + + *len = wc_dilithium_pub_size(key); + if (*len < 0) { + ret = *len; } - else if (key->level == 3) { - *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; - XMEMCPY(out, key->p, DILITHIUM_LEVEL3_PUB_KEY_SIZE); + + return ret; +} +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +/* Returns the size of a dilithium signature. + * + * @param [in] key Dilithium private/public key. + * @return Signature size on success for set level. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_dilithium_sig_size(dilithium_key* key) +{ + int ret = BAD_FUNC_ARG; + + if (key != NULL) { + if (key->level == WC_ML_DSA_44) { + ret = DILITHIUM_LEVEL2_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = DILITHIUM_LEVEL3_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = DILITHIUM_LEVEL5_SIG_SIZE; + } } - else if (key->level == 5) { - *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; - XMEMCPY(out, key->p, DILITHIUM_LEVEL5_PUB_KEY_SIZE); + + return ret; +} + +/* Returns the size of a dilithium signature. + * + * @param [in] key Dilithium private/public key. + * @param [out] len Signature size for set level. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or level not set, + */ +int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len) +{ + int ret = 0; + + *len = wc_dilithium_sig_size(key); + if (*len < 0) { + ret = *len; } - return 0; + return ret; } +#endif -/* Import a dilithium public key from a byte array. - * Public key encoded in big-endian. +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY +/* Check the public key of the dilithium key matches the private key. * - * in [in] Array holding public key. - * inLen [in] Number of bytes of data in array. - * key [in] Dilithium public key. - * returns BAD_FUNC_ARG when a parameter is NULL or key format is not supported, - * 0 otherwise. + * @param [in] key Dilithium private/public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or no private key available, + * @return PUBLIC_KEY_E when the public key is not set or doesn't match, + * @return MEMORY_E when dynamic memory allocation fails. */ -int wc_dilithium_import_public(const byte* in, word32 inLen, - dilithium_key* key) +int wc_dilithium_check_key(dilithium_key* key) { - /* sanity check on arguments */ - if ((in == NULL) || (key == NULL)) { - return BAD_FUNC_ARG; + int ret = 0; +#ifdef WOLFSSL_WC_DILITHIUM + const wc_dilithium_params* params; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t = NULL; + sword32* t0 = NULL; + sword32* t1 = NULL; + + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (!key->prvKeySet)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (!key->pubKeySet)) { + ret = PUBLIC_KEY_E; + } + + /* Any value in public key are valid. + * Public seed is hashed to generate matrix A. + * t1 is the top 10 bits of a number in range of 0..(Q-1). + * Q >> 13 = 0x3ff so all encoded values are valid. + */ + + if (ret == 0) { + params = key->params; + unsigned int allocSz; + + /* s1-L, s2-K, t0-K, t-K, t1-K */ + allocSz = params->s1Sz + 4 * params->s2Sz; +#if !defined(WC_DILITHIUM_CACHE_MATRIX_A) + /* A-KxL */ + allocSz += params->aSz; +#endif + + /* Allocate memory for large intermediates. */ + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (s1 == NULL) { + ret = MEMORY_E; + } + else { + s2 = s1 + params->s1Sz / sizeof(*s1); + t0 = s2 + params->s2Sz / sizeof(*s2); + t = t0 + params->s2Sz / sizeof(*t0); + t1 = t + params->s2Sz / sizeof(*t); +#if !defined(WC_DILITHIUM_CACHE_MATRIX_A) + a = t1 + params->s2Sz / sizeof(*t1); +#else + a = key->a; +#endif + } + } + + if (ret == 0) { +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + /* Check that we haven't already cached the matrix A. */ + if (!key->aSet) +#endif + { + const byte* pub_seed = key->p; + + ret = dilithium_expand_a(&key->shake, pub_seed, params->k, + params->l, a, key->heap); +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + key->aSet = (ret == 0); +#endif + } } + if (ret == 0) { + const byte* s1p = key->k + DILITHIUM_PUB_SEED_SZ + DILITHIUM_K_SZ + + DILITHIUM_TR_SZ; + const byte* s2p = s1p + params->s1EncSz; + const byte* t0p = s2p + params->s2EncSz; + const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ; + sword32* tt = t; + unsigned int i; + unsigned int j; + sword32 x = 0; + + /* Get s1, s2 and t0 from private key. */ + dilithium_vec_decode_eta_bits(s1p, params->eta, s1, params->l); + dilithium_vec_decode_eta_bits(s2p, params->eta, s2, params->k); + dilithium_vec_decode_t0(t0p, params->k, t0); + + /* Get t1 from public key. */ + dilithium_vec_decode_t1(t1p, params->k, t1); + + /* Calcaluate t = NTT-1(A o NTT(s1)) + s2 */ + dilithium_vec_ntt_small(s1, params->l); + dilithium_matrix_mul(t, a, s1, params->k, params->l); + dilithium_vec_invntt(t, params->k); + dilithium_vec_add(t, s2, params->k); + /* Subtract t0 from t. */ + dilithium_vec_sub(t, t0, params->k); + /* Make t positive to match t1. */ + dilithium_vec_make_pos(t, params->k); + + /* Check t - t0 and t1 are the same. */ + for (i = 0; i < params->k; i++) { + for (j = 0; j < DILITHIUM_N; j++) { + x |= tt[j] ^ t1[j]; + } + tt += DILITHIUM_N; + t1 += DILITHIUM_N; + } + /* Check the public seed is the same in private and public key. */ + for (i = 0; i < DILITHIUM_PUB_SEED_SZ; i++) { + x |= key->p[i] ^ key->k[i]; + } - if ((key->level != 2) && (key->level != 3) && (key->level != 5)) { - return BAD_FUNC_ARG; + if ((ret == 0) && (x != 0)) { + ret = PUBLIC_KEY_E; + } } - if ((key->level == 2) && (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; + if (key != NULL) { + /* Dispose of allocated memory. */ + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + } +#else + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; } - else if ((key->level == 3) && (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; + if ((ret == 0) && (!key->prvKeySet)) { + ret = BAD_FUNC_ARG; } - else if ((key->level == 5) && (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; + if ((ret == 0) && (!key->pubKeySet)) { + ret = PUBLIC_KEY_E; } - XMEMCPY(key->p, in, inLen); - key->pubKeySet = 1; + if (ret == 0) { + int i; + sword32 x = 0; + + /* Check the public seed is the same in private and public key. */ + for (i = 0; i < 32; i++) { + x |= key->p[i] ^ key->k[i]; + } - return 0; + if (x != 0) { + ret = PUBLIC_KEY_E; + } + } +#endif /* WOLFSSL_WC_DILITHIUM */ + return ret; } +#endif /* WOLFSSL_DILITHIUM_CHECK_KEY */ -static int parse_private_key(const byte* priv, word32 privSz, - byte** out, word32 *outSz, - dilithium_key* key) { - word32 idx = 0; +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + +/* Export the dilithium public key. + * + * @param [in] key Dilithium public key. + * @param [out] out Array to hold public key. + * @param [in, out] outLen On in, the number of bytes in array. + * On out, the number bytes put into array. + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PUB_KEY_SIZE. + */ +int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) +{ int ret = 0; - int length = 0; + word32 inLen; - /* sanity check on arguments */ - if ((priv == NULL) || (key == NULL)) { - return BAD_FUNC_ARG; + /* Validate parameters */ + if ((key == NULL) || (out == NULL) || (outLen == NULL)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Get length passed in for checking. */ + inLen = *outLen; + if (key->level == WC_ML_DSA_44) { + /* Set out length. */ + *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < DILITHIUM_LEVEL2_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Set out length. */ + *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < DILITHIUM_LEVEL3_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Set out length. */ + *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < DILITHIUM_LEVEL5_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } } - if ((key->level != 2) && (key->level != 3) && (key->level != 5)) { - return BAD_FUNC_ARG; + /* Check public key available. */ + if ((ret == 0) && (!key->pubKeySet)) { + ret = BAD_FUNC_ARG; } - /* At this point, it is still a PKCS8 private key. */ - if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) { - return ret; + if (ret == 0) { + /* Copy public key out. */ + XMEMCPY(out, key->p, *outLen); } - /* Now it is a octet_string(concat(priv,pub)) */ - if ((ret = GetOctetString(priv, &idx, &length, privSz)) < 0) { - return ret; + return ret; +} + +/* Import a dilithium public key from a byte array. + * + * Public key encoded in big-endian. + * + * @param [in] in Array holding public key. + * @param [in] inLen Number of bytes of data in array. + * @param [in, out] key Dilithium public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when in or key is NULL or key format is not supported. + */ +int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) +{ + int ret = 0; + + /* Validate parameters. */ + if ((in == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + if (key->level == WC_ML_DSA_44) { + /* Check length. */ + if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Check length. */ + if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Check length. */ + if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } } - *out = (byte *)priv + idx; - *outSz = privSz - idx; + if (ret == 0) { + /* Copy the private key data in or copy pointer. */ + #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY + XMEMCPY(key->p, in, inLen); + #else + key->p = in; + #endif - /* And finally it is concat(priv,pub). Key size check. */ - if ((key->level == 2) && (*outSz != DILITHIUM_LEVEL2_KEY_SIZE + - DILITHIUM_LEVEL2_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + #ifndef WC_DILITHIUM_FIXED_ARRAY + /* Allocate t1 if required. */ + if (key->t1 == NULL) { + key->t1 = (sword32*)XMALLOC(key->params->s2Sz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->t1 == NULL) { + ret = MEMORY_E; + } + } + #endif } - else if ((key->level == 3) && (*outSz != DILITHIUM_LEVEL3_KEY_SIZE + - DILITHIUM_LEVEL3_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; + if (ret == 0) { + /* Compute t1 from public key data. */ + dilithium_make_pub_vec(key, key->t1); +#endif +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + #ifndef WC_DILITHIUM_FIXED_ARRAY + /* Allocate matrix a if required. */ + if (key->a == NULL) { + key->a = (sword32*)XMALLOC(key->params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->a == NULL) { + ret = MEMORY_E; + } + } + #endif } - else if ((key->level == 5) && (*outSz != DILITHIUM_LEVEL5_KEY_SIZE + - DILITHIUM_LEVEL5_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; + if (ret == 0) { + /* Compute matrix a from public key data. */ + ret = dilithium_expand_a(&key->shake, key->p, key->params->k, + key->params->l, key->a, key->heap); + if (ret == 0) { + key->aSet = 1; + } + } + if (ret == 0) { +#endif + /* Public key is set. */ + key->pubKeySet = 1; } - return 0; + return ret; } -/* Import a dilithium private key from a byte array. - * - * priv [in] Array holding private key. - * privSz [in] Number of bytes of data in array. - * key [in] Dilithium private key. - * returns BAD_FUNC_ARG when a parameter is NULL or privSz is less than - * DILITHIUM_LEVEL2_KEY_SIZE, - * 0 otherwise. - */ -int wc_dilithium_import_private_only(const byte* priv, word32 privSz, - dilithium_key* key) -{ - int ret = 0; - byte *newPriv = NULL; - word32 newPrivSz = 0; - - if ((ret = parse_private_key(priv, privSz, &newPriv, &newPrivSz, key)) - != 0) { - return ret; - } - - XMEMCPY(key->k, newPriv, newPrivSz); - key->prvKeySet = 1; +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ - return 0; -} +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY -/* Import a dilithium private and public keys from byte array(s). +/* Set the private key data into key. * - * priv [in] Array holding private key or private+public keys - * privSz [in] Number of bytes of data in private key array. - * pub [in] Array holding public key (or NULL). - * pubSz [in] Number of bytes of data in public key array (or 0). - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when a required parameter is NULL or an invalid - * combination of keys/lengths is supplied, 0 otherwise. + * @param [in] priv Private key data. + * @param [in] privSz Size of private key data in bytes. + * @param in, out] key Dilithium key to set into. + * @return 0 on success. + * @return BAD_FUNC_ARG when private key size is invalid. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Other negative on hash error. */ -int wc_dilithium_import_private_key(const byte* priv, word32 privSz, - const byte* pub, word32 pubSz, - dilithium_key* key) +static int dilithium_set_priv_key(const byte* priv, word32 privSz, + dilithium_key* key) { int ret = 0; - byte *newPriv = NULL; - word32 newPrivSz = 0; +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + const wc_dilithium_params* params = key->params; +#endif - if ((ret = parse_private_key(priv, privSz, &newPriv, &newPrivSz, key)) - != 0) { - return ret; + /* Validate parameters. */ + if ((privSz != DILITHIUM_LEVEL2_KEY_SIZE) && + (privSz != DILITHIUM_LEVEL3_KEY_SIZE) && + (privSz != DILITHIUM_LEVEL5_KEY_SIZE)) { + ret = BAD_FUNC_ARG; } - if (pub == NULL) { - if (pubSz != 0) { - return BAD_FUNC_ARG; - } + if (ret == 0) { + /* Copy the private key data in or copy pointer. */ + #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY + XMEMCPY(key->k, priv, privSz); + #else + key->k = priv; + #endif + } - if ((newPrivSz != DILITHIUM_LEVEL2_PRV_KEY_SIZE) && - (newPrivSz != DILITHIUM_LEVEL3_PRV_KEY_SIZE) && - (newPrivSz != DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { - return BAD_FUNC_ARG; + /* Allocate and create cached values. */ +#ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY + if (ret == 0) { + /* Allocate matrix a if required. */ + if (key->a == NULL) { + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (key->a == NULL) { + ret = MEMORY_E; + } } - - if (key->level == 2) { - pub = newPriv + DILITHIUM_LEVEL2_KEY_SIZE; - pubSz = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + } +#endif + if (ret == 0) { + /* Compute matrix a from private key data. */ + ret = dilithium_expand_a(&key->shake, key->k, params->k, params->l, + key->a, key->heap); + if (ret == 0) { + key->aSet = 1; } - else if (key->level == 3) { - pub = newPriv + DILITHIUM_LEVEL3_KEY_SIZE; - pubSz = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + } +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY + if ((ret == 0) && (key->s1 == NULL)) { + /* Allocate L vector s1, K vector s2 and K vector t0 if required. */ + key->s1 = (sword32*)XMALLOC(params->s1Sz + params->s2Sz + params->s2Sz, + key->heap, DYNAMIC_TYPE_DILITHIUM); + if (key->s1 == NULL) { + ret = MEMORY_E; } - else if (key->level == 5) { - pub = newPriv + DILITHIUM_LEVEL5_KEY_SIZE; - pubSz = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + if (ret == 0) { + /* Set pointers into allocated memory. */ + key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1); + key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2); } } - else if ((pubSz != DILITHIUM_LEVEL2_PUB_KEY_SIZE) && - (pubSz != DILITHIUM_LEVEL3_PUB_KEY_SIZE) && - (pubSz != DILITHIUM_LEVEL5_PUB_KEY_SIZE)) { - return BAD_FUNC_ARG; +#endif + if (ret == 0) { + /* Compute vectors from private key. */ + dilithium_make_priv_vecs(key, key->s1, key->s2, key->t0); } - - /* import public key */ - ret = wc_dilithium_import_public(pub, pubSz, key); - +#endif if (ret == 0) { - /* make the private key (priv + pub) */ - XMEMCPY(key->k, newPriv, newPrivSz); + /* Private key is set. */ key->prvKeySet = 1; } return ret; } -/* Export the dilithium private key. +/* Import a dilithium private key from a byte array. * - * key [in] Dilithium private key. - * out [in] Array to hold private key. - * outLen [in/out] On in, the number of bytes in array. - * On out, the number bytes put into array. - * returns BAD_FUNC_ARG when a parameter is NULL, - * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE, - * 0 otherwise. + * @param [in] priv Array holding private key. + * @param [in] privSz Number of bytes of data in array. + * @param [in, out] key Dilithium private key. + * @return 0 otherwise. + * @return BAD_FUNC_ARG when a parameter is NULL or privSz is less than size + * required for level, */ -int wc_dilithium_export_private_only(dilithium_key* key, byte* out, - word32* outLen) +int wc_dilithium_import_private(const byte* priv, word32 privSz, + dilithium_key* key) { - /* sanity checks on arguments */ - if ((key == NULL) || (out == NULL) || (outLen == NULL)) { - return BAD_FUNC_ARG; + int ret = 0; + + /* Validate parameters. */ + if ((priv == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { + ret = BAD_FUNC_ARG; } - if ((key->level != 2) && (key->level != 3) && (key->level != 5)) { - return BAD_FUNC_ARG; + if (ret == 0) { + /* Set the private key data. */ + ret = dilithium_set_priv_key(priv, privSz, key); } - /* check and set up out length */ - if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL2_KEY_SIZE; - return BUFFER_E; + return ret; +} + +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +/* Import a dilithium private and public keys from byte array(s). + * + * @param [in] priv Array holding private key or private+public keys + * @param [in] privSz Number of bytes of data in private key array. + * @param [in] pub Array holding public key (or NULL). + * @param [in] pubSz Number of bytes of data in public key array (or 0). + * @param [in] key Dilithium private/public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when a required parameter is NULL an invalid + * combination of keys/lengths is supplied. + */ +int wc_dilithium_import_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, dilithium_key* key) +{ + int ret = 0; + + /* Validate parameters. */ + if ((priv == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; } - else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL3_KEY_SIZE; - return BUFFER_E; + if ((pub == NULL) && (pubSz != 0)) { + ret = BAD_FUNC_ARG; } - else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL5_KEY_SIZE; - return BUFFER_E; + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { + ret = BAD_FUNC_ARG; } - if (key->level == 2) { - *outLen = DILITHIUM_LEVEL2_KEY_SIZE; - } - else if (key->level == 3) { - *outLen = DILITHIUM_LEVEL3_KEY_SIZE; + if ((ret == 0) && (pub != NULL)) { + /* Import public key. */ + ret = wc_dilithium_import_public(pub, pubSz, key); } - else if (key->level == 5) { - *outLen = DILITHIUM_LEVEL5_KEY_SIZE; + if (ret == 0) { + ret = dilithium_set_priv_key(priv, privSz, key); } - XMEMCPY(out, key->k, *outLen); - - return 0; + return ret; } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ -/* Export the dilithium private and public key. +/* Export the dilithium private key. * - * key [in] Dilithium private/public key. - * out [in] Array to hold private and public key. - * outLen [in/out] On in, the number of bytes in array. - * On out, the number bytes put into array. - * returns BAD_FUNC_ARG when a parameter is NULL, - * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PRV_KEY_SIZE, - * 0 otherwise. + * @param [in] key Dilithium private key. + * @param [out] out Array to hold private key. + * @param [in, out] outLen On in, the number of bytes in array. + * On out, the number bytes put into array. + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE. */ -int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen) +int wc_dilithium_export_private(dilithium_key* key, byte* out, + word32* outLen) { - /* sanity checks on arguments */ + int ret = 0; + word32 inLen; + + /* Validate parameters. */ if ((key == NULL) || (out == NULL) || (outLen == NULL)) { - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } - if ((key->level != 2) && (key->level != 3) && (key->level != 5)) { - return BAD_FUNC_ARG; + /* Check private key available. */ + if ((ret == 0) && (!key->prvKeySet)) { + ret = BAD_FUNC_ARG; } - if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE; - return BUFFER_E; - } - else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL3_PRV_KEY_SIZE; - return BUFFER_E; - } - else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { - *outLen = DILITHIUM_LEVEL5_PRV_KEY_SIZE; - return BUFFER_E; + if (ret == 0) { + inLen = *outLen; + /* check and set up out length */ + if (key->level == WC_ML_DSA_44) { + *outLen = DILITHIUM_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + *outLen = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + *outLen = DILITHIUM_LEVEL5_KEY_SIZE; + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } } - - if (key->level == 2) { - *outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE; - XMEMCPY(out, key->k, DILITHIUM_LEVEL2_KEY_SIZE); - XMEMCPY(out + DILITHIUM_LEVEL2_KEY_SIZE, key->p, - DILITHIUM_LEVEL2_PUB_KEY_SIZE); - } - else if (key->level == 3) { - *outLen = DILITHIUM_LEVEL3_PRV_KEY_SIZE; - XMEMCPY(out, key->k, DILITHIUM_LEVEL3_KEY_SIZE); - XMEMCPY(out + DILITHIUM_LEVEL3_KEY_SIZE, key->p, - DILITHIUM_LEVEL3_PUB_KEY_SIZE); + /* Check array length. */ + if ((ret == 0) && (inLen < *outLen)) { + ret = BUFFER_E; } - else if (key->level == 5) { - *outLen = DILITHIUM_LEVEL5_PRV_KEY_SIZE; - XMEMCPY(out, key->k, DILITHIUM_LEVEL5_KEY_SIZE); - XMEMCPY(out + DILITHIUM_LEVEL5_KEY_SIZE, key->p, - DILITHIUM_LEVEL5_PUB_KEY_SIZE); + + if (ret == 0) { + /* Copy private key out key. */ + XMEMCPY(out, key->k, *outLen); } - return 0; + return ret; } +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY /* Export the dilithium private and public key. * - * key [in] Dilithium private/public key. - * priv [in] Array to hold private key. - * privSz [in/out] On in, the number of bytes in private key array. - * pub [in] Array to hold public key. - * pubSz [in/out] On in, the number of bytes in public key array. - * On out, the number bytes put into array. - * returns BAD_FUNC_ARG when a parameter is NULL, - * BUFFER_E when privSz is less than DILITHIUM_LEVEL2_PRV_KEY_SIZE or pubSz is less - * than DILITHIUM_LEVEL2_PUB_KEY_SIZE, - * 0 otherwise. + * @param [in] key Dilithium private/public key. + * @param [out] priv Array to hold private key. + * @param [in, out] privSz On in, the number of bytes in private key array. + * On out, the number bytes put into private key. + * @param [out] pub Array to hold public key. + * @param [in, out] pubSz On in, the number of bytes in public key array. + * On out, the number bytes put into public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when a key, priv, privSz, pub or pubSz is NULL. + * @return BUFFER_E when privSz or pubSz is less than required size. */ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, - byte* pub, word32 *pubSz) + byte* pub, word32 *pubSz) { - int ret = 0; + int ret; - /* export private part */ + /* Export private key only. */ ret = wc_dilithium_export_private(key, priv, privSz); if (ret == 0) { - /* export public part */ + /* Export public key. */ ret = wc_dilithium_export_public(key, pub, pubSz); } return ret; } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ -/* Check the public key of the dilithium key matches the private key. +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) + +/* Decode the DER encoded Dilithium key. * - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * PUBLIC_KEY_E when the public key is not set or doesn't match, - * other -ve value on hash failure, - * 0 otherwise. + * @param [in] input Array holding DER encoded data. + * @param [in, out] inOutIdx On in, index into array of start of DER encoding. + * On out, index into array after DER encoding. + * @param [in, out] key Dilithium key to store key. + * @param [in] inSz Total size of data in array. + * @return 0 on success. + * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. + * @return BAD_FUNC_ARG when level not set. + * @return Other negative on parse error. */ -int wc_dilithium_check_key(dilithium_key* key) +int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, + dilithium_key* key, word32 inSz) { - if (key == NULL) { - return BAD_FUNC_ARG; - } - int ret = 0; + const byte* privKey = NULL; + const byte* pubKey = NULL; + word32 privKeyLen = 0; + word32 pubKeyLen = 0; + int keytype = 0; - /* The public key is also decoded and stored within the private key buffer - * behind the private key. Hence, we can compare both stored public keys. */ - if (key->level == 2) { - ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL2_KEY_SIZE, - DILITHIUM_LEVEL2_PUB_KEY_SIZE); - } - else if (key->level == 3) { - ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL3_KEY_SIZE, - DILITHIUM_LEVEL3_PUB_KEY_SIZE); - } - else if (key->level == 5) { - ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL5_KEY_SIZE, - DILITHIUM_LEVEL5_PUB_KEY_SIZE); - } - - if (ret != 0) { - ret = PUBLIC_KEY_E; + /* Validate parameters. */ + if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { + ret = BAD_FUNC_ARG; } - return ret; - -} - -/* Returns the size of a dilithium private key. - * - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * DILITHIUM_LEVEL2_KEY_SIZE otherwise. - */ -int wc_dilithium_size(dilithium_key* key) -{ - if (key == NULL) { - return BAD_FUNC_ARG; + if (ret == 0) { + /* Get OID sum for level. */ + if (key->level == WC_ML_DSA_44) { + keytype = DILITHIUM_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = DILITHIUM_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = DILITHIUM_LEVEL5k; + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } } - if (key->level == 2) { - return DILITHIUM_LEVEL2_KEY_SIZE; + if (ret == 0) { + /* Decode the asymmetric key and get out private and public key data. */ + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen, + &pubKey, &pubKeyLen, keytype); } - else if (key->level == 3) { - return DILITHIUM_LEVEL3_KEY_SIZE; + if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { + /* Check if the public key is included in the private key. */ + if ((key->level == WC_ML_DSA_44) && + (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_65) && + (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_87) && + (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE; + } } - else if (key->level == 5) { - return DILITHIUM_LEVEL5_KEY_SIZE; + + if (ret == 0) { + /* Check whether public key data was found. */ +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + if (pubKeyLen == 0) +#endif + { + /* No public key data, only import private key data. */ + ret = wc_dilithium_import_private(privKey, privKeyLen, key); + } +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + else { + /* Import private and public key data. */ + ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey, + pubKeyLen, key); + } +#endif } - return BAD_FUNC_ARG; + (void)pubKey; + (void)pubKeyLen; + + return ret; } -/* Returns the size of a dilithium private plus public key. - * - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * DILITHIUM_LEVEL2_PRV_KEY_SIZE otherwise. - */ -int wc_dilithium_priv_size(dilithium_key* key) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ - if (key->level == 2) { - return DILITHIUM_LEVEL2_PRV_KEY_SIZE; - } - else if (key->level == 3) { - return DILITHIUM_LEVEL3_PRV_KEY_SIZE; - } - else if (key->level == 5) { - return DILITHIUM_LEVEL5_PRV_KEY_SIZE; - } +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ - return BAD_FUNC_ARG; -} +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY -/* Returns the size of a dilithium public key. - * - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * DILITHIUM_LEVEL2_PUB_KEY_SIZE otherwise. - */ -int wc_dilithium_pub_size(dilithium_key* key) +#if defined(WOLFSSL_DILITHIUM_NO_ASN1) +#ifndef WOLFSSL_NO_ML_DSA_44 +static unsigned char dilithium_oid_44[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04 +}; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +static unsigned char dilithium_oid_65[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05 +}; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 +static unsigned char dilithium_oid_87[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07 +}; +#endif + +static int dilitihium_get_der_length(const byte* input, word32* inOutIdx, + int *length, word32 inSz) { - if (key == NULL) { - return BAD_FUNC_ARG; - } + int ret = 0; + word32 idx = *inOutIdx; + word32 len = 0; - if (key->level == 2) { - return DILITHIUM_LEVEL2_PUB_KEY_SIZE; - } - else if (key->level == 3) { - return DILITHIUM_LEVEL3_PUB_KEY_SIZE; + if (idx >= inSz) { + ret = ASN_PARSE_E; } - else if (key->level == 5) { - return DILITHIUM_LEVEL5_PUB_KEY_SIZE; + else if (input[idx] < 0x80) { + len = input[idx]; + idx++; } - - return BAD_FUNC_ARG; -} - -/* Returns the size of a dilithium signature. - * - * key [in] Dilithium private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * DILITHIUM_LEVEL2_SIG_SIZE otherwise. - */ -int wc_dilithium_sig_size(dilithium_key* key) -{ - if (key == NULL) { - return BAD_FUNC_ARG; + else if ((input[idx] == 0x80) || (input[idx] >= 0x83)) { + ret = ASN_PARSE_E; } - - if (key->level == 2) { - return DILITHIUM_LEVEL2_SIG_SIZE; + else if (input[idx] == 0x81) { + if (idx + 1 >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx + 1] < 0x80) { + ret = ASN_PARSE_E; + } + else { + len = input[idx + 1]; + idx += 2; + } } - else if (key->level == 3) { - return DILITHIUM_LEVEL3_SIG_SIZE; + else if (input[idx] == 0x82) { + if (idx + 2 >= inSz) { + ret = ASN_PARSE_E; + } + else { + len = ((word16)input[idx + 1] << 8) + input[idx + 2]; + idx += 3; + if (len < 0x100) { + ret = ASN_PARSE_E; + } + } } - else if (key->level == 5) { - return DILITHIUM_LEVEL5_SIG_SIZE; + + if ((ret == 0) && ((idx + len) > inSz)) { + ret = ASN_PARSE_E; } - return BAD_FUNC_ARG; + *length = (int)len; + *inOutIdx = idx; + return ret; } -int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, - dilithium_key* key, word32 inSz) +static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, + word32 inSz) { int ret = 0; - byte privKey[DILITHIUM_MAX_PRV_KEY_SIZE]; - byte pubKey[DILITHIUM_MAX_PUB_KEY_SIZE]; - word32 privKeyLen = (word32)sizeof(privKey); - word32 pubKeyLen = (word32)sizeof(pubKey); - int keytype = 0; - - if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) { - return BAD_FUNC_ARG; - } + word32 idx = *inOutIdx; - if (key->level == 2) { - keytype = DILITHIUM_LEVEL2k; - } - else if (key->level == 3) { - keytype = DILITHIUM_LEVEL3k; + if (idx >= inSz) { + ret = ASN_PARSE_E; } - else if (key->level == 5) { - keytype = DILITHIUM_LEVEL5k; + else if (input[idx] != type){ + ret = ASN_PARSE_E; } else { - return BAD_FUNC_ARG; + idx++; } - ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen, - pubKey, &pubKeyLen, keytype); - if (ret == 0) { - if (pubKeyLen == 0) { - ret = wc_dilithium_import_private_key(input, inSz, NULL, 0, key); - } - else { - ret = wc_dilithium_import_private_key(input, inSz, pubKey, - pubKeyLen, key); - } - } + *inOutIdx = idx; return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + +/* Decode the DER encoded Dilithium public key. + * + * @param [in] input Array holding DER encoded data. + * @param [in, out] inOutIdx On in, index into array of start of DER encoding. + * On out, index into array after DER encoding. + * @param [in, out] key Dilithium key to store key. + * @param [in] inSz Total size of data in array. + * @return 0 on success. + * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. + * @return BAD_FUNC_ARG when level not set. + * @return Other negative on parse error. + */ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, - dilithium_key* key, word32 inSz) + dilithium_key* key, word32 inSz) { int ret = 0; - byte pubKey[DILITHIUM_MAX_PUB_KEY_SIZE]; - word32 pubKeyLen = (word32)sizeof(pubKey); - int keytype = 0; - - if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) { - return BAD_FUNC_ARG; - } - - ret = wc_dilithium_import_public(input, inSz, key); - if (ret == 0) { - return 0; - } + const byte* pubKey; + word32 pubKeyLen = 0; - if (key->level == 2) { - keytype = DILITHIUM_LEVEL2k; - } - else if (key->level == 3) { - keytype = DILITHIUM_LEVEL3k; - } - else if (key->level == 5) { - keytype = DILITHIUM_LEVEL5k; - } - else { - return BAD_FUNC_ARG; + /* Validate parameters. */ + if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { + ret = BAD_FUNC_ARG; } - ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen, - keytype); if (ret == 0) { - ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); + /* Try to import the key directly. */ + ret = wc_dilithium_import_public(input, inSz, key); + if (ret != 0) { + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) + int keytype = 0; + #else + int length; + unsigned char* oid; + int oidLen; + word32 idx = 0; + #endif + + /* Start again. */ + ret = 0; + + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) + /* Get OID sum for level. */ + if (key->level == WC_ML_DSA_44) { + keytype = DILITHIUM_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = DILITHIUM_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = DILITHIUM_LEVEL5k; + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Decode the asymmetric key and get out public key data. */ + ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey, + &pubKeyLen, keytype); + } + #else + /* Get OID sum for level. */ + #ifndef WOLFSSL_NO_ML_DSA_44 + if (key->level == WC_ML_DSA_44) { + oid = dilithium_oid_44; + oidLen = (int)sizeof(dilithium_oid_44); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + if (key->level == WC_ML_DSA_65) { + oid = dilithium_oid_65; + oidLen = (int)sizeof(dilithium_oid_65); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_87 + if (key->level == WC_ML_DSA_87) { + oid = dilithium_oid_87; + oidLen = (int)sizeof(dilithium_oid_87); + } + else + #endif + { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x06, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if ((length != oidLen) || + (XMEMCMP(input + idx, oid, oidLen) != 0)) { + ret = ASN_PARSE_E; + } + idx += oidLen; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x03, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if (input[idx] != 0) { + ret = ASN_PARSE_E; + } + idx++; + length--; + } + if (ret == 0) { + /* This is the raw point data compressed or uncompressed. */ + pubKeyLen = (word32)length; + pubKey = input + idx; + } + #endif + if (ret == 0) { + /* Import public key data. */ + ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); + } + } } return ret; } +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + #ifdef WC_ENABLE_ASYM_KEY_EXPORT -/* Encode the public part of an Dilithium key in DER. +/* Encode the public part of a Dilithium key in DER. * * Pass NULL for output to get the size of the encoding. * - * @param [in] key Dilithium key object. - * @param [out] output Buffer to put encoded data in. - * @param [in] outLen Size of buffer in bytes. - * @param [in] withAlg Whether to use SubjectPublicKeyInfo format. + * @param [in] key Dilithium key object. + * @param [out] output Buffer to put encoded data in. + * @param [in] len Size of buffer in bytes. + * @param [in] withAlg Whether to use SubjectPublicKeyInfo format. * @return Size of encoded data in bytes on success. * @return BAD_FUNC_ARG when key is NULL. * @return MEMORY_E when dynamic memory allocation failed. */ -int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen, - int withAlg) +int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, + int withAlg) { - int ret; - byte pubKey[DILITHIUM_MAX_PUB_KEY_SIZE]; - word32 pubKeyLen = (word32)sizeof(pubKey); - int keytype = 0; + int ret = 0; + int keytype = 0; + int pubKeyLen = 0; + /* Validate parameters. */ if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->level == 2) { - keytype = DILITHIUM_LEVEL2k; - } - else if (key->level == 3) { - keytype = DILITHIUM_LEVEL3k; + ret = BAD_FUNC_ARG; } - else if (key->level == 5) { - keytype = DILITHIUM_LEVEL5k; + /* Check we have a public key to encode. */ + if ((ret == 0) && (!key->pubKeySet)) { + ret = BAD_FUNC_ARG; } - else { - return BAD_FUNC_ARG; + + if (ret == 0) { + /* Get OID and length for level. */ + if (key->level == WC_ML_DSA_44) { + keytype = DILITHIUM_LEVEL2k; + pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + keytype = DILITHIUM_LEVEL3k; + pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + keytype = DILITHIUM_LEVEL5k; + pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + } + else { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } } - ret = wc_dilithium_export_public(key, pubKey, &pubKeyLen); if (ret == 0) { - ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen, keytype, - withAlg); + ret = SetAsymKeyDerPublic(key->p, pubKeyLen, output, len, keytype, + withAlg); } return ret; } -#endif +#endif /* WC_ENABLE_ASYM_KEY_EXPORT */ -int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 inLen) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 */ - if (key->level == 2) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p, - DILITHIUM_LEVEL2_KEY_SIZE, output, inLen, - DILITHIUM_LEVEL2k); - } - else if (key->level == 3) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p, - DILITHIUM_LEVEL3_KEY_SIZE, output, inLen, - DILITHIUM_LEVEL3k); - } - else if (key->level == 5) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p, - DILITHIUM_LEVEL5_KEY_SIZE, output, inLen, - DILITHIUM_LEVEL5k); - } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ - return BAD_FUNC_ARG; -} +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY -int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 inLen) +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY +/* Encode the private and public data of a Dilithium key in DER. + * + * Pass NULL for output to get the size of the encoding. + * + * @param [in] key Dilithium key object. + * @param [out] output Buffer to put encoded data in. + * @param [in] len Size of buffer in bytes. + * @return Size of encoded data in bytes on success. + * @return BAD_FUNC_ARG when key is NULL. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len) { - if (key == NULL) { - return BAD_FUNC_ARG; + int ret = BAD_FUNC_ARG; + + /* Validate parameters and check public and private key set. */ + if ((key != NULL) && key->prvKeySet && key->pubKeySet) { + /* Create DER for level. */ + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p, + DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p, + DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p, + DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k); + } } - if (key->level == 2) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output, - inLen, DILITHIUM_LEVEL2k); - } - else if (key->level == 3) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output, - inLen, DILITHIUM_LEVEL3k); - } - else if (key->level == 5) { - return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output, - inLen, DILITHIUM_LEVEL5k); + return ret; +} +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ + +/* Encode the private data of a Dilithium key in DER. + * + * Pass NULL for output to get the size of the encoding. + * + * @param [in] key Dilithium key object. + * @param [out] output Buffer to put encoded data in. + * @param [in] len Size of buffer in bytes. + * @return Size of encoded data in bytes on success. + * @return BAD_FUNC_ARG when key is NULL. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len) +{ + int ret = BAD_FUNC_ARG; + + /* Validate parameters and check private key set. */ + if ((key != NULL) && key->prvKeySet) { + /* Create DER for level. */ + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, + output, len, DILITHIUM_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, + output, len, DILITHIUM_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, + output, len, DILITHIUM_LEVEL5k); + } } - return BAD_FUNC_ARG; + return ret; } -#endif /* HAVE_PQC && HAVE_DILITHIUM */ + +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#endif /* HAVE_DILITHIUM */ diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 08f70db5d1..520c100408 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -930,33 +930,39 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key, #ifdef WOLFSSL_SMALL_STACK if (k) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_forcezero(k); XFREE(k, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (kInv) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_forcezero(kInv); XFREE(kInv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (r) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_clear(r); XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (s) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_clear(s); XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (H) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_clear(H); XFREE(H, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME if (b) { - if ((ret != MP_INIT_E) && (ret != MEMORY_E)) + if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) && + (ret != WC_NO_ERR_TRACE(MEMORY_E))) mp_forcezero(b); XFREE(b, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -966,7 +972,7 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key, XFREE(buffer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #else /* !WOLFSSL_SMALL_STACK */ - if (ret != MP_INIT_E) { + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) { ForceZero(buffer, halfSz); mp_forcezero(kInv); mp_forcezero(k); @@ -1106,37 +1112,37 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig, #ifdef WOLFSSL_SMALL_STACK if (s) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(s); XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (r) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(r); XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (u1) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(u1); XFREE(u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (u2) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(u2); XFREE(u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (w) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(w); XFREE(w, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (v) { - if (ret != MP_INIT_E) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(v); XFREE(v, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #else - if (ret != MP_INIT_E) { + if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) { mp_clear(s); mp_clear(r); mp_clear(u1); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 524210421d..46d7da16c3 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,6 +98,12 @@ Possible ECC enable options: * Use this when CPU state can be closely observed by * attacker. * default: off + * WOLFSSL_ECC_BLIND_K + * Blind the private key k by using a random mask. + * The private key is never stored unprotected but an + * unmasked copy is computed and stored each time it is + * needed. + * default: off */ /* @@ -180,6 +186,15 @@ ECC Curve Sizes: #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_ecc_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000005 }; + int wolfCrypt_FIPS_ECC_sanity(void) + { + return 0; + } +#endif + #if defined(FREESCALE_LTC_ECC) #include #endif @@ -288,6 +303,53 @@ ECC Curve Sizes: #endif +#ifdef WOLFSSL_ECC_BLIND_K +mp_int* ecc_get_k(ecc_key* key) +{ + mp_xor_ct(key->k, key->kb, key->dp->size, key->ku); + return key->ku; +} +void ecc_blind_k(ecc_key* key, mp_int* b) +{ + mp_xor_ct(key->k, b, key->dp->size, key->k); + mp_xor_ct(key->kb, b, key->dp->size, key->kb); +} +int ecc_blind_k_rng(ecc_key* key, WC_RNG* rng) +{ + int ret = 0; + WC_RNG local_rng; + +#ifdef ECC_TIMING_RESISTANT + if (rng == NULL) { + rng = key->rng; + } +#endif + if (rng == NULL) { + ret = wc_InitRng(&local_rng); + if (ret == 0) { + rng = &local_rng; + } + } + if (ret == 0) { + ret = mp_rand(key->kb, (key->dp->size + sizeof(mp_digit) - 1) / + sizeof(mp_digit), rng); + if (ret == 0) { + mp_xor_ct(key->k, key->kb, key->dp->size, key->k); + } + } + + if (rng == &local_rng) { + wc_FreeRng(&local_rng); + } + return ret; +} + +mp_int* wc_ecc_key_get_priv(ecc_key* key) +{ + return ecc_get_k(key); +} +#endif + /* forward declarations */ static int wc_ecc_new_point_ex(ecc_point** point, void* heap); static void wc_ecc_del_point_ex(ecc_point* p, void* heap); @@ -1486,7 +1548,11 @@ static int xil_mpi_import(mp_int *mpi, #ifdef ECC_CACHE_CURVE /* cache (mp_int) of the curve parameters */ + #ifdef WOLFSSL_NO_MALLOC + static ecc_curve_spec ecc_curve_spec_cache[ECC_SET_COUNT]; + #else static ecc_curve_spec* ecc_curve_spec_cache[ECC_SET_COUNT]; + #endif #ifndef SINGLE_THREADED static wolfSSL_Mutex ecc_curve_cache_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_curve_cache_mutex); #endif @@ -1666,6 +1732,9 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve, } #endif +#ifdef WOLFSSL_NO_MALLOC + curve = &ecc_curve_spec_cache[x]; +#else /* make sure cache has been allocated */ if (ecc_curve_spec_cache[x] == NULL #ifdef WOLFSSL_CUSTOM_CURVES @@ -1692,6 +1761,8 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve, else { curve = ecc_curve_spec_cache[x]; } +#endif /* WOLFSSL_NO_MALLOC */ + /* return new or cached curve */ *pCurve = curve; #else @@ -1771,11 +1842,16 @@ void wc_ecc_curve_cache_free(void) /* free all ECC curve caches */ for (x = 0; x < (int)ECC_SET_COUNT; x++) { + #ifdef WOLFSSL_NO_MALLOC + wc_ecc_curve_cache_free_spec(&ecc_curve_spec_cache[x]); + XMEMSET(&ecc_curve_spec_cache[x], 0, sizeof(ecc_curve_spec_cache[x])); + #else if (ecc_curve_spec_cache[x]) { wc_ecc_curve_cache_free_spec(ecc_curve_spec_cache[x]); XFREE(ecc_curve_spec_cache[x], NULL, DYNAMIC_TYPE_ECC); ecc_curve_spec_cache[x] = NULL; } + #endif /* WOLFSSL_NO_MALLOC */ } #if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) && \ @@ -3577,17 +3653,12 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap) FREE_MP_INT_SIZE(key->t1, heap, DYNAMIC_TYPE_ECC); #else #ifdef ALT_ECC_SIZE - if (key->z != NULL) - XFREE(key->z, heap, DYNAMIC_TYPE_ECC); - if (key->y != NULL) - XFREE(key->y, heap, DYNAMIC_TYPE_ECC); - if (key->x != NULL) - XFREE(key->x, heap, DYNAMIC_TYPE_ECC); + XFREE(key->z, heap, DYNAMIC_TYPE_ECC); + XFREE(key->y, heap, DYNAMIC_TYPE_ECC); + XFREE(key->x, heap, DYNAMIC_TYPE_ECC); #endif - if (key->t2 != NULL) - XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); - if (key->t1 != NULL) - XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); + XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); + XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); #endif } #endif /* WOLFSSL_SMALL_STACK_CACHE */ @@ -3982,6 +4053,12 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a, int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map) { + if ((k != NULL) && (R != NULL) && (mp_iszero(k))) { + mp_zero(R->x); + mp_zero(R->y); + mp_set(R->z, 1); + return MP_OKAY; + } return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, NULL); } @@ -4599,7 +4676,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, #endif { err = wc_CryptoCb_Ecdh(private_key, public_key, out, outlen); - if (err != CRYPTOCB_UNAVAILABLE) + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return err; /* fall-through when unavailable */ } @@ -4670,7 +4747,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, byte* out, word32* outlen) { int err = MP_OKAY; - mp_int* k = private_key->k; + mp_int* k = ecc_get_k(private_key); #ifdef HAVE_ECC_CDH #ifdef WOLFSSL_SMALL_STACK mp_int *k_lcl = NULL; @@ -4700,7 +4777,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, goto errout; } /* multiply cofactor times private key "k" */ - err = mp_mul_d(private_key->k, cofactor, k); + err = mp_mul_d(ecc_get_k(private_key), cofactor, k); if (err != MP_OKAY) goto errout; } @@ -4899,8 +4976,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, if (k == k_lcl) mp_clear(k); #ifdef WOLFSSL_SMALL_STACK - if (k_lcl != NULL) - XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); #endif #endif @@ -4941,7 +5017,8 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, word32 keySz = private_key->dp->size; /* sync public key x/y */ - err = wc_mp_to_bigint_sz(private_key->k, &private_key->k->raw, keySz); + err = wc_mp_to_bigint_sz(ecc_get_k(private_key), + &ecc_get_k(private_key)->raw, keySz); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(point->x, &point->x->raw, keySz); if (err == MP_OKAY) @@ -4955,7 +5032,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, NitroxEccGetSize(private_key)*2); if (err == MP_OKAY) err = NitroxEcdh(private_key, - &private_key->k->raw, &point->x->raw, &point->y->raw, + &ecc_get_k(private_key)->raw, &point->x->raw, &point->y->raw, private_key->e->raw.buf, &private_key->e->raw.len, &curve->prime->raw); #else @@ -4963,7 +5040,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF); if (err == MP_OKAY) err = IntelQaEcdh(&private_key->asyncDev, - &private_key->k->raw, &point->x->raw, &point->y->raw, + &ecc_get_k(private_key)->raw, &point->x->raw, &point->y->raw, out, outlen, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, private_key->dp->cofactor); @@ -4986,7 +5063,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key, err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen); } - if (err == WC_PENDING_E) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { private_key->state++; } @@ -5079,7 +5156,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, RESTORE_VECTOR_REGISTERS(); /* if async pending then return and skip done cleanup below */ - if (err == WC_PENDING_E) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { return err; } @@ -5101,11 +5178,33 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, err = wc_ecc_init_ex(&public_key, private_key->heap, INVALID_DEVID); if (err == MP_OKAY) { + #if FIPS_VERSION3_GE(6,0,0) + /* Since we are allowing a pass-through of ecc_make_key_ex_fips when + * both keysize == 0 and curve_id == 0 ensure we select an appropriate + * keysize here when relying on default selection */ + if (private_key->dp->size < WC_ECC_FIPS_GEN_MIN) { + if (private_key->dp->size == 0 && + (private_key->dp->id == ECC_SECP256R1 || + private_key->dp->id == ECC_SECP224R1 || + private_key->dp->id == ECC_SECP384R1 || + private_key->dp->id == ECC_SECP521R1)) { + WOLFSSL_MSG("ECC dp->size zero but dp->id sufficient for FIPS"); + err = 0; + } else { + WOLFSSL_MSG("ECC curve too small for FIPS mode"); + err = ECC_CURVE_OID_E; + } + } + if (err == 0) { /* FIPS specific check */ + #endif err = wc_ecc_set_curve(&public_key, private_key->dp->size, private_key->dp->id); if (err == MP_OKAY) { err = mp_copy(point->x, public_key.pubkey.x); } + #if FIPS_VERSION3_GE(6,0,0) + } /* end FIPS specific check */ + #endif if (err == MP_OKAY) { err = mp_copy(point->y, public_key.pubkey.y); } @@ -5326,9 +5425,9 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, key->type = ECC_PRIVATEKEY_ONLY; } - if ((err == MP_OKAY) && (mp_iszero(key->k) || mp_isneg(key->k) || - (mp_cmp(key->k, curve->order) != MP_LT))) - { + if ((err == MP_OKAY) && (mp_iszero(ecc_get_k(key)) || + mp_isneg(ecc_get_k(key)) || + (mp_cmp(ecc_get_k(key), curve->order) != MP_LT))) { err = ECC_PRIV_KEY_E; } @@ -5350,10 +5449,10 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, if (err == MP_OKAY && key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { word32 keySz = key->dp->size; /* sync private key to raw */ - err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz); + err = wc_mp_to_bigint_sz(ecc_get_k(key), &ecc_get_k(key)->raw, keySz); if (err == MP_OKAY) { err = IntelQaEccPointMul(&key->asyncDev, - &key->k->raw, pub->x, pub->y, pub->z, + &ecc_get_k(key)->raw, pub->x, pub->y, pub->z, &curve->Gx->raw, &curve->Gy->raw, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, key->dp->cofactor); @@ -5369,25 +5468,25 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, else #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { - err = sp_ecc_mulmod_base_256(key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_256(ecc_get_k(key), pub, 1, key->heap); } else #endif /* WOLFSSL_SP_NO_256 */ #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) { - err = sp_ecc_mulmod_base_sm2_256(key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_sm2_256(ecc_get_k(key), pub, 1, key->heap); } else #endif #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { - err = sp_ecc_mulmod_base_384(key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_384(ecc_get_k(key), pub, 1, key->heap); } else #endif #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { - err = sp_ecc_mulmod_base_521(key->k, pub, 1, key->heap); + err = sp_ecc_mulmod_base_521(ecc_get_k(key), pub, 1, key->heap); } else #endif @@ -5419,8 +5518,8 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, /* make the public key */ if (err == MP_OKAY) { /* Map in a separate call as this should be constant time */ - err = wc_ecc_mulmod_ex2(key->k, base, pub, curve->Af, curve->prime, - curve->order, rng, 0, key->heap); + err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, pub, curve->Af, + curve->prime, curve->order, rng, 0, key->heap); if (err == MP_MEM) { err = MEMORY_E; } @@ -5542,11 +5641,30 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, /* make sure required variables are reset */ wc_ecc_reset(key); + #if FIPS_VERSION3_GE(6,0,0) + /* Since we are allowing a pass-through of ecc_make_key_ex_fips when + * both keysize == 0 and curve_id == 0 ensure we select an appropriate + * keysize here when relying on default selection */ + if (keysize < WC_ECC_FIPS_GEN_MIN) { + if (keysize == 0 && (curve_id == ECC_SECP256R1 || + curve_id == ECC_SECP224R1 || curve_id == ECC_SECP384R1 || + curve_id == ECC_SECP521R1)) { + WOLFSSL_MSG("ECC keysize zero but curve_id sufficient for FIPS"); + err = 0; + } else { + WOLFSSL_MSG("ECC curve too small for FIPS mode"); + err = ECC_CURVE_OID_E; + } + } + if (err == 0) { /* FIPS specific check */ + #endif err = wc_ecc_set_curve(key, keysize, curve_id); if (err != 0) { return err; } - + #if FIPS_VERSION3_GE(6,0,0) + } /* end FIPS specific check */ + #endif key->flags = (byte)flags; #ifdef WOLF_CRYPTO_CB @@ -5555,7 +5673,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #endif { err = wc_CryptoCb_MakeEccKey(rng, keysize, key, curve_id); - if (err != CRYPTOCB_UNAVAILABLE) + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return err; /* fall-through when unavailable */ } @@ -5656,6 +5774,11 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, if (err == SA_SILIB_RET_OK) { err = mp_read_unsigned_bin(key->k, ucompressed_key, raw_size); +#ifdef WOLFSSL_ECC_BLIND_K + if (err == MP_OKAY) { + err = ecc_blind_k_rng(key, rng); + } +#endif } #elif defined(WOLFSSL_SILABS_SE_ACCEL) @@ -5707,7 +5830,12 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, err = xil_mpi_import(key->pubkey.y, key->keyRaw + key->dp->size, key->dp->size, key->heap); if (err == 0) - err = xil_mpi_import(key->k, key->privKey, key->dp->size, key->heap); + err = xil_mpi_import(key->k, key->privKey, key->dp->size, + key->heap); +#ifdef WOLFSSL_ECC_BLIND_K + if (err == 0) + err = ecc_blind_k_rng(key, rng); +#endif if (err == 0) err = mp_set(key->pubkey.z, 1); if (err) { @@ -5889,6 +6017,11 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, err = wc_mp_to_bigint(key->pubkey.z, &key->pubkey.z->raw); #endif +#ifdef WOLFSSL_ECC_BLIND_K + if (err == MP_OKAY) + err = ecc_blind_k_rng(key, rng); +#endif + #endif /* HAVE_ECC_MAKE_PUB */ return err; @@ -6044,20 +6177,11 @@ WOLFSSL_ABI int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) { int ret = 0; -#if defined(HAVE_PKCS11) - int isPkcs11 = 0; -#endif if (key == NULL) { return BAD_FUNC_ARG; } -#if defined(HAVE_PKCS11) - if (key->isPkcs11) { - isPkcs11 = 1; - } -#endif - #ifdef ECC_DUMP_OID wc_ecc_dump_oids(); #endif @@ -6085,13 +6209,27 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) alt_fp_init(key->pubkey.z); key->k = (mp_int*)key->ka; alt_fp_init(key->k); +#ifdef WOLFSSL_ECC_BLIND_K + key->kb = (mp_int*)key->kba; + key->ku = (mp_int*)key->kia; + alt_fp_init(key->kb); + alt_fp_init(key->ku); +#endif #else ret = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, - NULL, NULL); +#ifndef WOLFSSL_ECC_BLIND_K + NULL, NULL +#else + key->kb, key->ku +#endif + ); if (ret != MP_OKAY) { return MEMORY_E; } #endif /* ALT_ECC_SIZE */ +#ifdef WOLFSSL_ECC_BLIND_K + mp_forcezero(key->kb); +#endif #endif /* WOLFSSL_ATECC508A */ #if (defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ @@ -6111,16 +6249,17 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) - #if defined(HAVE_PKCS11) - if (!isPkcs11) + #ifdef WOLF_CRYPTO_CB + /* prefer crypto callback */ + if (key->devId != INVALID_DEVID) #endif - { - /* handle as async */ - ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, - key->heap, devId); - } -#elif defined(HAVE_PKCS11) - (void)isPkcs11; + { + /* handle as async */ + ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, + key->heap, devId); + } + if (ret != 0) + return ret; #endif #if defined(WOLFSSL_DSP) @@ -6134,6 +6273,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #ifdef WOLFSSL_CHECK_MEM_ZERO mp_memzero_add("ECC k", key->k); +#ifdef WOLFSSL_ECC_BLIND_K + mp_memzero_add("ECC kb", key->kb); + mp_memzero_add("ECC ku", key->ku); +#endif #endif #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) @@ -6172,12 +6315,6 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, ret = BAD_FUNC_ARG; if (ret == 0 && (len < 0 || len > ECC_MAX_ID_LEN)) ret = BUFFER_E; - -#if defined(HAVE_PKCS11) - XMEMSET(key, 0, sizeof(ecc_key)); - key->isPkcs11 = 1; -#endif - if (ret == 0) ret = wc_ecc_init_ex(key, heap, devId); if (ret == 0 && id != NULL && len != 0) { @@ -6207,12 +6344,6 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId) if (labelLen == 0 || labelLen > ECC_MAX_LABEL_LEN) ret = BUFFER_E; } - -#if defined(HAVE_PKCS11) - XMEMSET(key, 0, sizeof(ecc_key)); - key->isPkcs11 = 1; -#endif - if (ret == 0) ret = wc_ecc_init_ex(key, heap, devId); if (ret == 0) { @@ -6258,9 +6389,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) #ifdef HAVE_ECC_SIGN -#ifndef NO_ASN - - #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \ defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \ @@ -6554,7 +6682,7 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out, } /* if async pending then return and skip done cleanup below */ - if (err == WC_PENDING_E) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { key->state++; return err; } @@ -6585,6 +6713,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); #endif +#ifdef NO_ASN + word32 keySz; +#endif if (in == NULL || out == NULL || outlen == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -6596,7 +6727,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #endif { err = wc_CryptoCb_EccSign(in, inlen, out, outlen, rng, key); - if (err != CRYPTOCB_UNAVAILABLE) + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return err; /* fall-through when unavailable */ } @@ -6621,17 +6752,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #else NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif + #endif NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { @@ -6663,8 +6794,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; } +#ifndef NO_ASN /* encoded with DSA header */ err = StoreECC_DSA_Sig(out, outlen, r, s); +#else + /* No support for DSA ASN.1 header. + * Signature will be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (keySz <= 0) { + WOLFSSL_MSG("Error: ECDSA sign raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + *outlen = keySz * 2; + + /* Export signature into r,s */ + mp_to_unsigned_bin_len(r, out, keySz); + mp_to_unsigned_bin_len(s, out + keySz, keySz); +#endif /* !NO_ASN */ /* cleanup */ mp_clear(r); @@ -6676,7 +6825,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) @@ -6700,13 +6848,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) if (key->sign_k == NULL) { key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); + if (key->sign_k != NULL) { + err = mp_init(key->sign_k); + if (err != MP_OKAY) { + XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); + key->sign_k = NULL; + } + } } - if (key->sign_k != NULL) { - /* currently limiting to SHA256 for auto create */ - if (mp_init(key->sign_k) != MP_OKAY || - wc_ecc_gen_deterministic_k(in, inlen, - WC_HASH_TYPE_SHA256, key->k, key->sign_k, + if (wc_ecc_gen_deterministic_k(in, inlen, + key->hashType, ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) { mp_free(key->sign_k); XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); @@ -6724,9 +6876,8 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) } #else key->sign_k_set = 0; - /* currently limiting to SHA256 for auto create */ - if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256, key->k, - key->sign_k, curve->order, key->heap) != 0) { + if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType, + ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) { err = ECC_PRIV_KEY_E; } else { @@ -6786,7 +6937,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, err = wc_ecc_gen_k(rng, key->dp->size, b, curve->order); } - while (err == MP_ZERO_E); + while (err == WC_NO_ERR_TRACE(MP_ZERO_E)); loop_check = 0; } #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -6864,15 +7015,18 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, if (err != MP_OKAY) break; if (mp_iszero(r) == MP_NO) { - mp_int* ep = pubkey->k; - mp_int* kp = pubkey->k; - mp_int* x = key->k; + mp_int* kp = ecc_get_k(pubkey); + mp_int* ep = kp; + mp_int* x = ecc_get_k(key); + + /* Blind after getting. */ + ecc_blind_k(key, b); /* find s = (e + xr)/k = b.(e/k.b + x.r/k.b) */ /* k' = k.b */ - err = mp_mulmod(pubkey->k, b, curve->order, kp); + err = mp_mulmod(kp, b, curve->order, kp); if (err != MP_OKAY) break; /* k' = 1/k.b @@ -6951,12 +7105,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_256_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_256_nb(&nb_ctx.sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -6965,8 +7119,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_256(in, inlen, rng, key->k, r, s, sign_k, - key->heap); + ret = sp_ecc_sign_256(in, inlen, rng, ecc_get_k(key), r, s, + sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; } @@ -6977,8 +7131,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, if (ecc_sets[key->idx].id == ECC_SM2P256V1) { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_sm2_256(in, inlen, rng, key->k, r, s, sign_k, - key->heap); + ret = sp_ecc_sign_sm2_256(in, inlen, rng, ecc_get_k(key), r, s, + sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; } @@ -6991,12 +7145,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_384_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_384_nb(&nb_ctx.sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -7005,8 +7159,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_384(in, inlen, rng, key->k, r, s, sign_k, - key->heap); + ret = sp_ecc_sign_384(in, inlen, rng, ecc_get_k(key), r, s, + sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; } @@ -7021,12 +7175,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, #endif if (key->nb_ctx) { return sp_ecc_sign_521_nb(&key->nb_ctx->sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } #ifdef WC_ECC_NONBLOCK_ONLY do { /* perform blocking call to non-blocking function */ err = sp_ecc_sign_521_nb(&nb_ctx.sp_ctx, in, inlen, rng, - key->k, r, s, sign_k, key->heap); + ecc_get_k(key), r, s, sign_k, key->heap); } while (err == FP_WOULDBLOCK); return err; #endif @@ -7035,8 +7189,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng, { int ret; SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = sp_ecc_sign_521(in, inlen, rng, key->k, r, s, sign_k, - key->heap); + ret = sp_ecc_sign_521(in, inlen, rng, ecc_get_k(key), r, s, + sign_k, key->heap); RESTORE_VECTOR_REGISTERS(); return ret; } @@ -7127,7 +7281,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - defined(WOLFSSL_ASYNC_CRYPT_SW) + defined(WOLFSSL_ASYNC_CRYPT_SW) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_SIGN)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; @@ -7144,7 +7298,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, #if defined(WOLFSSL_HAVE_SP_ECC) err = ecc_sign_hash_sp(in, inlen, rng, key, r, s); - if (err != WC_KEY_SIZE_E) { + if (err != WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) { return err; } #else @@ -7259,7 +7413,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, if (err == MP_OKAY) err = wc_mp_to_bigint_sz(e, &e->raw, keySz); if (err == MP_OKAY) - err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz); + err = wc_mp_to_bigint_sz(ecc_get_k(key), &ecc_get_k(key)->raw, + keySz); if (err == MP_OKAY) err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order); if (err == MP_OKAY) @@ -7267,14 +7422,15 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, #ifdef HAVE_CAVIUM_V if (err == MP_OKAY) - err = NitroxEcdsaSign(key, &e->raw, &key->k->raw, &k->raw, - &r->raw, &s->raw, &curve->prime->raw, &curve->order->raw); + err = NitroxEcdsaSign(key, &e->raw, &ecc_get_k(key)->raw, + &k->raw, &r->raw, &s->raw, &curve->prime->raw, + &curve->order->raw); #else if (err == MP_OKAY) - err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k->raw, - &k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw, - &curve->prime->raw, &curve->order->raw, &curve->Gx->raw, - &curve->Gy->raw); + err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, + &ecc_get_k(key)->raw, &k->raw, &r->raw, &s->raw, + &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, + &curve->order->raw, &curve->Gx->raw, &curve->Gy->raw); #endif #ifndef HAVE_CAVIUM_V @@ -7337,7 +7493,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz, Hmac hmac; int ret, init; - ret = init = wc_HmacInit(&hmac, heap, 0); + ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID); if (ret == 0) ret = wc_HmacSetKey(&hmac, hashType, K, KSz); @@ -7377,7 +7533,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order, void* heap) { - int ret = 0, qbits = 0; + int ret = 0; #ifndef WOLFSSL_SMALL_STACK byte h1[MAX_ECC_BYTES]; byte V[WC_MAX_DIGEST_SIZE]; @@ -7393,6 +7549,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, #endif word32 xSz, VSz, KSz, h1len, qLen; byte intOct; + int qbits = 0; if (hash == NULL || k == NULL || order == NULL) { return BAD_FUNC_ARG; @@ -7403,9 +7560,20 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, return BAD_FUNC_ARG; } - if (hashSz != WC_SHA256_DIGEST_SIZE) { - WOLFSSL_MSG("Currently only SHA256 digest is supported"); - return BAD_FUNC_ARG; + /* if none is provided then detect has type based on hash size */ + if (hashType == WC_HASH_TYPE_NONE) { + if (hashSz == 64) { + hashType = WC_HASH_TYPE_SHA512; + } + else if (hashSz == 48) { + hashType = WC_HASH_TYPE_SHA384; + } + else if (hashSz == 32) { + hashType = WC_HASH_TYPE_SHA256; + } + else { + return BAD_FUNC_ARG; + } } if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) { @@ -7445,14 +7613,10 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, /* bail out if any error has been hit at this point */ if (ret != 0) { - if (x != NULL) - XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (K != NULL) - XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (V != NULL) - XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (h1 != NULL) - XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); + XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); return ret; } #endif @@ -7473,6 +7637,16 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen); #endif qbits = mp_count_bits(order); + if (qbits < 0) + ret = MP_VAL; + } + + if (ret == 0) { + /* hash truncate if too long */ + if (((WOLFSSL_BIT_SIZE) * hashSz) > (word32)qbits) { + /* calculate truncated hash size using bits rounded up byte */ + hashSz = ((word32)qbits + (WOLFSSL_BIT_SIZE - 1)) / WOLFSSL_BIT_SIZE; + } ret = mp_read_unsigned_bin(z1, hash, hashSz); } @@ -7494,7 +7668,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ret = BUFFER_E; } else { - ret = mp_to_unsigned_bin_len(z1, h1, h1len); + ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len); } } else @@ -7563,7 +7737,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ret = mp_read_unsigned_bin(k, x, xSz); } - if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) { + if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != (word32)qbits)) { /* handle odd case where shift of 'k' is needed with RFC 6979 * k = bits2int(T) in section 3.2 h.3 */ mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits); @@ -7595,16 +7769,11 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ForceZero(x, MAX_ECC_BYTES); #ifdef WOLFSSL_SMALL_STACK - if (z1 != NULL) - XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (x != NULL) - XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (K != NULL) - XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (V != NULL) - XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (h1 != NULL) - XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); + XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(x, MAX_ECC_BYTES); #endif @@ -7616,15 +7785,23 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, /* Sets the deterministic flag for 'k' generation with sign. * returns 0 on success */ -int wc_ecc_set_deterministic(ecc_key* key, byte flag) +int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, + enum wc_HashType hashType) { if (key == NULL) { return BAD_FUNC_ARG; } key->deterministic = flag ? 1 : 0; + key->hashType = hashType; return 0; } + +int wc_ecc_set_deterministic(ecc_key* key, byte flag) +{ + return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE); +} + #endif /* end sign_ex and deterministic sign */ @@ -7717,7 +7894,9 @@ int wc_ecc_free(ecc_key* key) return 0; } -#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) +#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) #ifndef WOLFSSL_NO_MALLOC if (key->sign_k != NULL) #endif @@ -7776,6 +7955,16 @@ int wc_ecc_free(ecc_key* key) if (key->k) #endif mp_forcezero(key->k); +#ifdef WOLFSSL_ECC_BLIND_K +#ifdef ALT_ECC_SIZE + if (key->kb) +#endif + mp_forcezero(key->kb); +#ifdef ALT_ECC_SIZE + if (key->ku) +#endif + mp_forcezero(key->ku); +#endif #ifdef WOLFSSL_CUSTOM_CURVES if (key->deallocSet && key->dp != NULL) @@ -8271,7 +8460,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #ifdef HAVE_ECC_VERIFY -#ifndef NO_ASN /* verify * * w = s^-1 mod n @@ -8309,6 +8497,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLFSSL_ASYNC_CRYPT int isPrivateKeyOnly = 0; #endif +#ifdef NO_ASN + word32 keySz; +#endif if (sig == NULL || hash == NULL || res == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -8320,7 +8511,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #endif { err = wc_CryptoCb_EccVerify(sig, siglen, hash, hashlen, res, key); - if (err != CRYPTOCB_UNAVAILABLE) + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return err; /* fall-through when unavailable */ } @@ -8341,18 +8532,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, r = key->r; s = key->s; #else - NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif - NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #endif + NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); @@ -8375,6 +8568,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, /* default to invalid signature */ *res = 0; + #ifndef NO_ASN /* Decode ASN.1 ECDSA signature. */ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s. @@ -8389,6 +8583,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, if (err < 0) { break; } + #else + /* No support for DSA ASN.1 header. + * Signature must be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (siglen != keySz * 2) { + WOLFSSL_MSG("Error: ECDSA Verify raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + + /* Import signature into r,s */ + mp_init(r); + mp_init(s); + mp_read_unsigned_bin(r, sig, keySz); + mp_read_unsigned_bin(s, sig + keySz, keySz); + #endif /* !NO_ASN */ FALL_THROUGH; case ECC_STATE_VERIFY_DO: @@ -8428,7 +8640,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLFSSL_ASYNC_CRYPT /* if async pending then return and skip done cleanup below */ - if (err == WC_PENDING_E) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { if (!isPrivateKeyOnly) /* do not advance state if doing make pub key */ key->state++; return err; @@ -8448,7 +8660,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #ifndef WOLF_CRYPTO_CB_ONLY_ECC @@ -8937,7 +9148,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, keySz = (word32)key->dp->size; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - defined(WOLFSSL_ASYNC_CRYPT_SW) + defined(WOLFSSL_ASYNC_CRYPT_SW) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; @@ -9070,7 +9281,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } err = ecc_verify_hash_sp(r, s, hash, hashlen, res, key); - if (err != NOT_COMPILED_IN) { + if (err != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { if (curveLoaded) { wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); @@ -9314,12 +9525,8 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, } #ifdef WOLFSSL_SMALL_STACK - if (t1 != NULL) { - XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); - } - if (t2 != NULL) { - XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); #endif wc_ecc_curve_free(curve); @@ -9848,7 +10055,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_256(key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_256(ecc_get_k(key), res, 1, key->heap); } } else @@ -9856,7 +10063,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_sm2_256(key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_sm2_256(ecc_get_k(key), res, 1, key->heap); } } else @@ -9864,7 +10071,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_384(key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_384(ecc_get_k(key), res, 1, key->heap); } } else @@ -9872,7 +10079,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { if (err == MP_OKAY) { - err = sp_ecc_mulmod_base_521(key->k, res, 1, key->heap); + err = sp_ecc_mulmod_base_521(ecc_get_k(key), res, 1, key->heap); } } else @@ -9925,12 +10132,12 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #else #ifdef ECC_TIMING_RESISTANT if (err == MP_OKAY) - err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order, - key->rng, 1, key->heap); + err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, res, a, prime, + curve->order, key->rng, 1, key->heap); #else if (err == MP_OKAY) - err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order, - NULL, 1, key->heap); + err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, res, a, prime, + curve->order, NULL, 1, key->heap); #endif #endif /* WOLFSSL_KCAPI_ECC */ } @@ -10201,31 +10408,31 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { return sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap); } #endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) { return sp_ecc_check_key_sm2_256(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap); } #endif #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { return sp_ecc_check_key_384(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap); } #endif #ifdef WOLFSSL_SP_521 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) { return sp_ecc_check_key_521(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap); } #endif #if defined(WOLFSSL_SP_1024) && defined(WOLFCRYPT_HAVE_SAKKE) if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SAKKE_1) { return sp_ecc_check_key_1024(key->pubkey.x, key->pubkey.y, - key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap); + key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap); } #endif #endif @@ -10336,8 +10543,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) /* SP 800-56Ar3, section 5.6.2.1.2 */ /* private keys must be in the range [1, n-1] */ if ((err == MP_OKAY) && (key->type == ECC_PRIVATEKEY) && - (mp_iszero(key->k) || mp_isneg(key->k) || - (mp_cmp(key->k, curve->order) != MP_LT)) + (mp_iszero(ecc_get_k(key)) || mp_isneg(ecc_get_k(key)) || + (mp_cmp(ecc_get_k(key), curve->order) != MP_LT)) #ifdef WOLFSSL_KCAPI_ECC && key->handle == NULL #endif @@ -10422,12 +10629,26 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, alt_fp_init(key->pubkey.z); key->k = (mp_int*)key->ka; alt_fp_init(key->k); + #ifdef WOLFSSL_ECC_BLIND_K + key->kb = (mp_int*)key->kba; + key->ku = (mp_int*)key->kua; + alt_fp_init(key->kb); + alt_fp_init(key->ku); + #endif #else - err = mp_init_multi(key->k, - key->pubkey.x, key->pubkey.y, key->pubkey.z, NULL, NULL); + err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, + #ifndef WOLFSSL_ECC_BLIND_K + NULL, NULL + #else + key->kb, key->ku + #endif + ); #endif if (err != MP_OKAY) return MEMORY_E; +#ifdef WOLFSSL_ECC_BLIND_K + mp_forcezero(key->kb); +#endif SAVE_VECTOR_REGISTERS(return _svr_ret;); @@ -10471,6 +10692,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, /* determine key size */ keysize = (int)(inLen>>1); + /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only + * on created keys or signatures */ err = wc_ecc_set_curve(key, keysize, curve_id); key->type = ECC_PUBLICKEY; } @@ -10569,12 +10792,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, mp_clear(t1); } #ifdef WOLFSSL_SMALL_STACK - if (t1 != NULL) { - XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); - } - if (t2 != NULL) { - XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); #endif wc_ecc_curve_free(curve); @@ -10734,7 +10953,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, return BUFFER_E; } - err = wc_export_int(key->k, d, dLen, keySz + WC_CAAM_MAC_SZ, + err = wc_export_int(ecc_get_k(key), d, dLen, keySz + WC_CAAM_MAC_SZ, encType); *dLen = keySz + WC_CAAM_MAC_SZ; } @@ -10756,7 +10975,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, else #endif { - err = wc_export_int(key->k, d, dLen, keySz, encType); + err = wc_export_int(ecc_get_k(key), d, dLen, keySz, encType); if (err != MP_OKAY) return err; } @@ -10865,6 +11084,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, wc_ecc_reset(key); /* set key size */ + /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only + * on created keys or signatures */ ret = wc_ecc_set_curve(key, (int)privSz, curve_id); key->type = ECC_PRIVATEKEY_ONLY; } @@ -10889,6 +11110,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, } ret = mp_read_unsigned_bin(key->k, priv, privSz); + #ifdef WOLFSSL_ECC_BLIND_K + if (ret == MP_OKAY) { + err = ecc_blind_k_rng(key, NULL); + } + #endif } #elif defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) { @@ -10920,11 +11146,21 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, #else key->blackKey = CAAM_BLACK_KEY_CCM; ret = mp_read_unsigned_bin(key->k, priv, privSz); + #ifdef WOLFSSL_ECC_BLIND_K + if (ret == MP_OKAY) { + err = ecc_blind_k_rng(key, NULL); + } + #endif #endif } else { key->blackKey = 0; ret = mp_read_unsigned_bin(key->k, priv, privSz); + #ifdef WOLFSSL_ECC_BLIND_K + if (ret == MP_OKAY) { + err = ecc_blind_k_rng(key, NULL); + } + #endif /* If using AES-ECB encrypted black keys check here if key is valid, * if not valid than assume is an encrypted key. A public key is needed @@ -10953,8 +11189,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, ret = mp_read_unsigned_bin(key->k, priv, privSz); #ifdef HAVE_WOLF_BIGINT - if (ret == 0 && - wc_bigint_from_unsigned_bin(&key->k->raw, priv, privSz) != 0) { + if (ret == 0 && wc_bigint_from_unsigned_bin(&key->k->raw, priv, + privSz) != 0) { mp_clear(key->k); ret = ASN_GETINT_E; } @@ -10996,6 +11232,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, #endif } #endif /* WOLFSSL_VALIDATE_ECC_IMPORT */ +#ifdef WOLFSSL_ECC_BLIND_K + if (ret == 0) { + ret = ecc_blind_k_rng(key, NULL); + } +#endif #endif /* WOLFSSL_CRYPTOCELL */ @@ -11171,6 +11412,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, wc_ecc_reset(key); /* set curve type and index */ + /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only + * on created keys or signatures */ err = wc_ecc_set_curve(key, 0, curve_id); if (err != 0) { return err; @@ -11186,12 +11429,26 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, alt_fp_init(key->pubkey.z); key->k = (mp_int*)key->ka; alt_fp_init(key->k); +#ifdef WOLFSSL_ECC_BLIND_K + key->kb = (mp_int*)key->kba; + key->ku = (mp_int*)key->kua; + alt_fp_init(key->kb); + alt_fp_init(key->ku); +#endif #else err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z, - NULL, NULL); +#ifndef WOLFSSL_ECC_BLIND_K + NULL, NULL +#else + key->kb, key->ku +#endif + ); #endif if (err != MP_OKAY) return MEMORY_E; +#ifdef WOLFSSL_ECC_BLIND_K + mp_forcezero(key->kb); +#endif /* read Qx */ if (err == MP_OKAY) { @@ -11338,6 +11595,11 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, err = wc_export_int(key->k, &keyRaw[0], &keySz, keySz, WC_TYPE_UNSIGNED_BIN); } + #ifdef WOLFSSL_ECC_BLIND_K + if (err == 0) { + err = ecc_blind_k_rng(key, NULL); + } + #endif if (err == MP_OKAY) { /* Create private key from external key buffer*/ @@ -11369,12 +11631,17 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, (word32)key->dp->size); } } + #ifdef WOLFSSL_ECC_BLIND_K + if (err == 0) { + err = ecc_blind_k_rng(key, NULL); + } + #endif #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) if (err == MP_OKAY) { const word32 key_size = key->dp->size; word32 buf_size = key_size; - err = wc_export_int(key->k, key->privKey, - &buf_size, key_size, WC_TYPE_UNSIGNED_BIN); + err = wc_export_int(key, key->privKey, &buf_size, key_size, + WC_TYPE_UNSIGNED_BIN); mp_reverse(key->privKey, key_size); } #endif @@ -11392,7 +11659,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (err == MP_OKAY) { err = wc_ecc_check_key(key); - if (err == IS_POINT_E && (mp_iszero(key->pubkey.x) || + if (err == WC_NO_ERR_TRACE(IS_POINT_E) && (mp_iszero(key->pubkey.x) || mp_iszero(key->pubkey.y))) { err = BAD_FUNC_ARG; } @@ -13614,17 +13881,17 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) * * @param [in, out] ctx ECIES context object. * @param [in] salt Salt to use with KDF. - * @param [in] len Length of salt in bytes. + * @param [in] sz Length of salt in bytes. * @return 0 on success. * @return BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0. */ -int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len) +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz) { - if (ctx == NULL || (salt == NULL && len != 0)) + if (ctx == NULL || (salt == NULL && sz != 0)) return BAD_FUNC_ARG; ctx->kdfSalt = salt; - ctx->kdfSaltSz = len; + ctx->kdfSaltSz = sz; if (ctx->protocol == REQ_RESP_CLIENT) { ctx->cliSt = ecCLI_SALT_SET; @@ -13636,9 +13903,37 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len) return 0; } +/* Set your own salt. By default we generate a random salt for ourselves. + * This allows overriding that after init or reset. + * + * @param [in, out] ctx ECIES context object. + * @param [in] salt Salt to use for ourselves + * @param [in] sz Length of salt in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0. + */ +int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz) +{ + byte* saltBuffer; + + if (ctx == NULL || ctx->protocol == 0 || salt == NULL) + return BAD_FUNC_ARG; + + if (sz > EXCHANGE_SALT_SZ) + sz = EXCHANGE_SALT_SZ; + saltBuffer = (ctx->protocol == REQ_RESP_CLIENT) ? + ctx->clientSalt : + ctx->serverSalt; + XMEMSET(saltBuffer, 0, EXCHANGE_SALT_SZ); + XMEMCPY(saltBuffer, salt, sz); + + return 0; +} + + static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags) { - byte* saltBuffer = NULL; + byte* saltBuffer; if (ctx == NULL || flags == 0) return BAD_FUNC_ARG; @@ -13648,7 +13943,6 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags) return wc_RNG_GenerateBlock(ctx->rng, saltBuffer, EXCHANGE_SALT_SZ); } - static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng) { if (ctx) { @@ -13941,7 +14235,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, &sharedSz); #endif } - while (ret == WC_PENDING_E); + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret == 0) { #ifdef WOLFSSL_ECIES_ISO18033 @@ -14360,7 +14654,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret + pubKeySz, &sharedSz); #endif - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); } if (ret == 0) { #ifdef WOLFSSL_ECIES_ISO18033 @@ -14562,9 +14856,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif #ifdef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_ECIES_OLD - if (peerKey != NULL) { - XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); - } + XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); #endif XFREE(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); XFREE(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -14993,57 +15285,57 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret) #ifdef WOLFSSL_SMALL_STACK if (t1) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(t1); XFREE(t1, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (C) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(C); XFREE(C, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (Q) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(Q); XFREE(Q, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (S) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(S); XFREE(S, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (Z) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(Z); XFREE(Z, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (M) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(M); XFREE(M, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (T) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(T); XFREE(T, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (R) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(R); XFREE(R, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (N) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(N); XFREE(N, NULL, DYNAMIC_TYPE_ECC_BUFFER); } if (two) { - if (res != MP_INIT_E) + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(two); XFREE(two, NULL, DYNAMIC_TYPE_ECC_BUFFER); } #else - if (res != MP_INIT_E) { + if (res != WC_NO_ERR_TRACE(MP_INIT_E)) { mp_clear(t1); mp_clear(C); mp_clear(Q); @@ -15120,9 +15412,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) /* find matching OID sum (based on encoded value) */ for (x = 0; ecc_sets[x].size != 0; x++) { if (ecc_sets[x].oidSum == oidSum) { - int ret; #ifdef HAVE_OID_ENCODING - ret = 0; + int ret = 0; /* check cache */ oid_cache_t* o = &ecc_oid_cache[x]; if (o->oidSz == 0) { @@ -15140,6 +15431,7 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (ret == 0) { ret = ecc_sets[x].id; } + return ret; #else if (oidSz) { *oidSz = ecc_sets[x].oidSz; @@ -15147,9 +15439,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = ecc_sets[x].oid; } - ret = ecc_sets[x].id; + return ecc_sets[x].id; #endif - return ret; } } diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 0b12991efd..157c5ba7a9 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -1,6 +1,6 @@ /* eccsi.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1447,7 +1447,7 @@ static int eccsi_mulmod_point_add(EccsiKey* key, const mp_int* n, ecc_point* point, ecc_point* a, ecc_point* res, mp_digit mp, int map) { #if defined(WOLFSSL_HAVE_SP_ECC) && !defined(WOLFSSL_SP_NO_256) - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if ((key->ecc.idx != ECC_CUSTOM_IDX) && (ecc_sets[key->ecc.idx].id == ECC_SECP256R1)) { diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index f59b672901..86f594dd79 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1,6 +1,6 @@ /* ed25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,15 @@ #include #ifdef HAVE_ED25519 +#if FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + + #ifdef USE_WINDOWS_API + #pragma code_seg(".fipsA$f") + #pragma const_seg(".fipsB$f") + #endif +#endif #include #include @@ -48,6 +57,15 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_ed25519_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000006 }; + int wolfCrypt_FIPS_ED25519_sanity(void) + { + return 0; + } +#endif + #ifdef FREESCALE_LTC_ECC #include #endif @@ -190,6 +208,56 @@ static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen, } #ifdef HAVE_ED25519_MAKE_KEY +#if FIPS_VERSION3_GE(6,0,0) +/* Performs a Pairwise Consistency Test on an Ed25519 key pair. + * + * @param [in] key Ed25519 key to test. + * @param [in] rng Random number generator to use to create random digest. + * @return 0 on success. + * @return ECC_PCT_E when signing or verification fail. + * @return Other -ve when random number generation fails. + */ +static int ed25519_pairwise_consistency_test(ed25519_key* key, WC_RNG* rng) +{ + int err = 0; + byte digest[WC_SHA512_DIGEST_SIZE]; + word32 digestLen = WC_SHA512_DIGEST_SIZE; + byte sig[ED25519_SIG_SIZE]; + word32 sigLen = ED25519_SIG_SIZE; + int res = 0; + + /* Generate a random digest to sign. */ + err = wc_RNG_GenerateBlock(rng, digest, digestLen); + if (err == 0) { + /* Sign digest without context. */ + err = wc_ed25519_sign_msg_ex(digest, digestLen, sig, &sigLen, key, + (byte)Ed25519, NULL, 0); + if (err != 0) { + /* Any sign failure means test failed. */ + err = ECC_PCT_E; + } + } + if (err == 0) { + /* Verify digest without context. */ + err = wc_ed25519_verify_msg_ex(sig, sigLen, digest, digestLen, &res, + key, (byte)Ed25519, NULL, 0); + if (err != 0) { + /* Any verification operation failure means test failed. */ + err = ECC_PCT_E; + } + /* Check whether the signature verified. */ + else if (res == 0) { + /* Test failed. */ + err = ECC_PCT_E; + } + } + + ForceZero(sig, sigLen); + + return err; +} +#endif + int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, word32 pubKeySz) { @@ -252,7 +320,7 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Gen(rng, keySz, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -273,6 +341,13 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) /* put public key after private key, on the same buffer */ XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); +#if FIPS_VERSION3_GE(6,0,0) + ret = wc_ed25519_check_key(key); + if (ret == 0) { + ret = ed25519_pairwise_consistency_test(key, rng); + } +#endif + return ret; } #endif /* HAVE_ED25519_MAKE_KEY */ @@ -325,7 +400,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type, context, contextLen); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -623,15 +698,14 @@ static int ed25519_verify_msg_update_with_sha(const byte* msgSegment, return ed25519_hash_update(key, sha, msgSegment, msgSegmentLen); } -/* Low part of order in big endian. */ -static const byte ed25519_low_order[] = { - 0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, - 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed +/* ed25519 order in little endian. */ +static const byte ed25519_order[] = { + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 }; -#define ED25519_SIG_LOW_ORDER_IDX \ - ((int)(ED25519_SIG_SIZE/2 + sizeof(ed25519_low_order) - 1)) - /* sig is array of bytes containing the signature sigLen is the length of sig byte array @@ -650,6 +724,7 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen, ge_p2 R; #endif int ret; + int i; /* sanity check on arguments */ if (sig == NULL || res == NULL || key == NULL) @@ -665,33 +740,19 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen, * 2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed * = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed */ - if (sig[ED25519_SIG_SIZE-1] > 0x10) - return BAD_FUNC_ARG; - if (sig[ED25519_SIG_SIZE-1] == 0x10) { - int i = ED25519_SIG_SIZE-1; - int j; - - /* Check high zeros. */ - for (--i; i > ED25519_SIG_LOW_ORDER_IDX; i--) { - if (sig[i] > 0x00) - break; - } - /* Did we see all zeros up to lower order index? */ - if (i == ED25519_SIG_LOW_ORDER_IDX) { - /* Check lower part. */ - for (j = 0; j < (int)sizeof(ed25519_low_order); j++, i--) { - /* Check smaller. */ - if (sig[i] < ed25519_low_order[j]) - break; - /* Check bigger. */ - if (sig[i] > ed25519_low_order[j]) - return BAD_FUNC_ARG; - } - /* Check equal - all bytes match. */ - if (i == ED25519_SIG_SIZE/2 - 1) - return BAD_FUNC_ARG; - } + + /* Check S is not larger than or equal to order. */ + for (i = (int)sizeof(ed25519_order) - 1; i >= 0; i--) { + /* Bigger than order. */ + if (sig[ED25519_SIG_SIZE/2 + i] > ed25519_order[i]) + return BAD_FUNC_ARG; + /* Less than order. */ + if (sig[ED25519_SIG_SIZE/2 + i] < ed25519_order[i]) + break; } + /* Check equal - all bytes match. */ + if (i == -1) + return BAD_FUNC_ARG; /* uncompress A (public key), test if valid, and negate it */ #ifndef FREESCALE_LTC_ECC @@ -797,7 +858,7 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key, type, context, contextLen); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1059,7 +1120,7 @@ int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key, if (ret == 0) { key->pubKeySet = 1; - if (key->privKeySet && (!trusted)) { + if (!trusted) { ret = wc_ed25519_check_key(key); } } @@ -1260,23 +1321,84 @@ int wc_ed25519_export_key(ed25519_key* key, #endif /* HAVE_ED25519_KEY_EXPORT */ -/* check the private and public keys match */ +/* Check the public key is valid. + * + * When private key available, check the calculated public key matches. + * When no private key, check Y is in range and an X is able to be calculated. + * + * @param [in] key Ed25519 private/public key. + * @return 0 otherwise. + * @return BAD_FUNC_ARG when key is NULL. + * @return PUBLIC_KEY_E when the public key is not set, doesn't match or is + * invalid. + * @return other -ve value on hash failure. + */ int wc_ed25519_check_key(ed25519_key* key) { int ret = 0; -#ifdef HAVE_ED25519_MAKE_KEY - ALIGN16 unsigned char pubKey[ED25519_PUB_KEY_SIZE]; - if (!key->pubKeySet) + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + /* Check we have a public key to check. */ + if ((ret == 0) && (!key->pubKeySet)) { ret = PUBLIC_KEY_E; - if (ret == 0) + } + +#ifdef HAVE_ED25519_MAKE_KEY + /* If we have a private key just make the public key and compare. */ + if ((ret == 0) && (key->privKeySet)) { + ALIGN16 unsigned char pubKey[ED25519_PUB_KEY_SIZE]; + ret = wc_ed25519_make_public(key, pubKey, sizeof(pubKey)); - if (ret == 0 && XMEMCMP(pubKey, key->p, ED25519_PUB_KEY_SIZE) != 0) - ret = PUBLIC_KEY_E; + if (ret == 0 && XMEMCMP(pubKey, key->p, ED25519_PUB_KEY_SIZE) != 0) + ret = PUBLIC_KEY_E; + } #else - (void)key; + (void)key; #endif /* HAVE_ED25519_MAKE_KEY */ + /* No private key (or ability to make a public key), check Y is valid. */ + if ((ret == 0) +#ifdef HAVE_ED25519_MAKE_KEY + && (!key->privKeySet) +#endif + ) { + /* Verify that Q is not identity element 0. + * 0 has no representation for Ed25519. */ + + /* Verify that xQ and yQ are integers in the interval [0, p - 1]. + * Only have yQ so check that ordinate. p = 2^255 - 19 */ + if ((key->p[ED25519_PUB_KEY_SIZE - 1] & 0x7f) == 0x7f) { + int i; + + ret = PUBLIC_KEY_E; + /* Check up to last byte. */ + for (i = ED25519_PUB_KEY_SIZE - 2; i > 0; i--) { + if (key->p[i] != 0xff) { + ret = 0; + break; + } + } + /* Bits are all one up to last byte - check less than -19. */ + if ((ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) && (key->p[0] < 0xed)) { + ret = 0; + } + } + + if (ret == 0) { + /* Verify that Q is on the curve. + * Uncompressing the public key will validate yQ. */ + ge_p3 A; + + if (ge_frombytes_negate_vartime(&A, key->p) != 0) { + ret = PUBLIC_KEY_E; + } + } + } + return ret; } diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c index e93c212886..1598c9c98d 100644 --- a/wolfcrypt/src/ed448.c +++ b/wolfcrypt/src/ed448.c @@ -1,6 +1,6 @@ /* ed448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,15 @@ #include #ifdef HAVE_ED448 +#if FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + + #ifdef USE_WINDOWS_API + #pragma code_seg(".fipsA$f") + #pragma const_seg(".fipsB$f") + #endif +#endif #include #include @@ -56,6 +65,14 @@ static const byte ed448Ctx[ED448CTX_SIZE+1] = "SigEd448"; #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_ed448_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000007 }; + int wolfCrypt_FIPS_ED448_sanity(void) + { + return 0; + } +#endif static int ed448_hash_init(ed448_key* key, wc_Shake *sha) { @@ -170,6 +187,56 @@ static int ed448_hash(ed448_key* key, const byte* in, word32 inLen, return ret; } +#if FIPS_VERSION3_GE(6,0,0) +/* Performs a Pairwise Consistency Test on an Ed448 key pair. + * + * @param [in] key Ed448 key to test. + * @param [in] rng Random number generator to use to create random digest. + * @return 0 on success. + * @return ECC_PCT_E when signing or verification fail. + * @return Other -ve when random number generation fails. + */ +static int ed448_pairwise_consistency_test(ed448_key* key, WC_RNG* rng) +{ + int err = 0; + byte digest[WC_SHA256_DIGEST_SIZE]; + word32 digestLen = WC_SHA256_DIGEST_SIZE; + byte sig[ED448_SIG_SIZE]; + word32 sigLen = ED448_SIG_SIZE; + int res = 0; + + /* Generate a random digest to sign. */ + err = wc_RNG_GenerateBlock(rng, digest, digestLen); + if (err == 0) { + /* Sign digest without context. */ + err = wc_ed448_sign_msg_ex(digest, digestLen, sig, &sigLen, key, Ed448, + NULL, 0); + if (err != 0) { + /* Any sign failure means test failed. */ + err = ECC_PCT_E; + } + } + if (err == 0) { + /* Verify digest without context. */ + err = wc_ed448_verify_msg_ex(sig, sigLen, digest, digestLen, &res, key, + Ed448, NULL, 0); + if (err != 0) { + /* Any verification operation failure means test failed. */ + err = ECC_PCT_E; + } + /* Check whether the signature verified. */ + else if (res == 0) { + /* Test failed. */ + err = ECC_PCT_E; + } + } + + ForceZero(sig, sigLen); + + return err; +} +#endif + /* Derive the public key for the private key. * * key [in] Ed448 key object. @@ -255,6 +322,13 @@ int wc_ed448_make_key(WC_RNG* rng, int keySz, ed448_key* key) if (ret == 0) { /* put public key after private key, on the same buffer */ XMEMMOVE(key->k + ED448_KEY_SIZE, key->p, ED448_PUB_KEY_SIZE); + + #if FIPS_VERSION3_GE(6,0,0) + ret = wc_ed448_check_key(key); + if (ret == 0) { + ret = ed448_pairwise_consistency_test(key, rng); + } + #endif } return ret; @@ -949,7 +1023,7 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, ret = BAD_FUNC_ARG; } - if (inLen != ED448_PUB_KEY_SIZE) { + if ((inLen != ED448_PUB_KEY_SIZE) && (inLen != ED448_PUB_KEY_SIZE + 1)) { ret = BAD_FUNC_ARG; } @@ -978,7 +1052,7 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, if (ret == 0) { key->pubKeySet = 1; - if (key->privKeySet && (!trusted)) { + if (!trusted) { /* Check untrusted public key data matches private key. */ ret = wc_ed448_check_key(key); } @@ -1226,31 +1300,91 @@ int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz, #endif /* HAVE_ED448_KEY_EXPORT */ -/* Check the public key of the ed448 key matches the private key. +/* Check the public key is valid. * - * key [in] Ed448 private/public key. - * returns BAD_FUNC_ARG when key is NULL, - * PUBLIC_KEY_E when the public key is not set or doesn't match, - * other -ve value on hash failure, - * 0 otherwise. + * When private key available, check the calculated public key matches. + * When no private key, check Y is in range and an X is able to be calculated. + * + * @param [in] key Ed448 private/public key. + * @return 0 otherwise. + * @return BAD_FUNC_ARG when key is NULL. + * @return PUBLIC_KEY_E when the public key is not set, doesn't match or is + * invalid. + * @return other -ve value on hash failure. */ int wc_ed448_check_key(ed448_key* key) { int ret = 0; unsigned char pubKey[ED448_PUB_KEY_SIZE]; + /* Validate parameter. */ if (key == NULL) { ret = BAD_FUNC_ARG; } + /* Check we have a public key to check. */ if (ret == 0 && !key->pubKeySet) { ret = PUBLIC_KEY_E; } - if (ret == 0) { + + /* If we have a private key just make the public key and compare. */ + if ((ret == 0) && key->privKeySet) { ret = wc_ed448_make_public(key, pubKey, sizeof(pubKey)); + if ((ret == 0) && (XMEMCMP(pubKey, key->p, ED448_PUB_KEY_SIZE) != 0)) { + ret = PUBLIC_KEY_E; + } } - if ((ret == 0) && (XMEMCMP(pubKey, key->p, ED448_PUB_KEY_SIZE) != 0)) { - ret = PUBLIC_KEY_E; + /* No private key, check Y is valid. */ + else if ((ret == 0) && (!key->privKeySet)) { + /* Verify that Q is not identity element 0. + * 0 has no representation for Ed448. */ + + /* Verify that xQ and yQ are integers in the interval [0, p - 1]. + * Only have yQ so check that ordinate. + * p = 2^448-2^224-1 = 0xff..fe..ff + */ + { + int i; + ret = PUBLIC_KEY_E; + + /* Check top part before 0xFE. */ + for (i = ED448_PUB_KEY_SIZE - 1; i > ED448_PUB_KEY_SIZE/2; i--) { + if (key->p[i] < 0xff) { + ret = 0; + break; + } + } + if (ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + /* Check against 0xFE. */ + if (key->p[ED448_PUB_KEY_SIZE/2] < 0xfe) { + ret = 0; + } + else if (key->p[ED448_PUB_KEY_SIZE/2] == 0xfe) { + /* Check bottom part before last byte. */ + for (i = ED448_PUB_KEY_SIZE/2 - 1; i > 0; i--) { + if (key->p[i] != 0xff) { + ret = 0; + break; + } + } + /* Check last byte. */ + if ((ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) && + (key->p[0] < 0xff)) { + ret = 0; + } + } + } + } + + if (ret == 0) { + /* Verify that Q is on the curve. + * Uncompressing the public key will validate yQ. */ + ge448_p2 A; + + if (ge448_from_bytes_negate_vartime(&A, key->p) != 0) { + ret = PUBLIC_KEY_E; + } + } } return ret; diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index eebd4dbc06..3a1ae2151d 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,11 @@ #endif #ifndef NO_ERROR_STRINGS + +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H +#include +#endif + WOLFSSL_ABI const char* wc_GetErrorString(int error) { @@ -604,12 +609,37 @@ const char* wc_GetErrorString(int error) case KEY_EXHAUSTED_E: return "Key no longer usable for operation"; + case FIPS_INVALID_VER_E: + return "Invalid FIPS version defined, check length"; + + case FIPS_DATA_SZ_E: + return "FIPS Module Data too large adjust MAX_FIPS_DATA_SZ"; + + case FIPS_CODE_SZ_E: + return "FIPS Module Code too large adjust MAX_FIPS_CODE_SZ"; + + case KDF_SRTP_KAT_FIPS_E: + return "wolfCrypt FIPS SRTP-KDF Known Answer Test Failure"; + + case ED25519_KAT_FIPS_E: + return "wolfCrypt FIPS Ed25519 Known Answer Test Failure"; + + case ED448_KAT_FIPS_E: + return "wolfCrypt FIPS Ed448 Known Answer Test Failure"; + + case PBKDF2_KAT_FIPS_E: + return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + default: return "unknown error number"; } } +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#include +#endif + void wc_ErrorString(int error, char* buffer) { XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index a365ff6821..8b78f620c6 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -711,8 +711,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->authIn, + byte* tmp; + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz); + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; + } + #else + tmp = (byte*)XREALLOC(ctx->authIn, (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { ctx->authIn = tmp; XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl); @@ -745,9 +756,19 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen); + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; + } + #else tmp = (byte*)XREALLOC(ctx->authBuffer, (size_t)(ctx->authBufferLen + inl), NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl); ctx->authBufferLen += inl; @@ -817,8 +838,19 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->authIn, + byte* tmp; + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz); + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; + } + #else + tmp = (byte*)XREALLOC(ctx->authIn, (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { ctx->authIn = tmp; XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl); @@ -843,9 +875,19 @@ static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx, /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen); + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; + } + #else tmp = (byte*)XREALLOC(ctx->authBuffer, (size_t)(ctx->authBufferLen + inl), NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl); ctx->authBufferLen += inl; @@ -875,8 +917,19 @@ static int wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->authIn, + byte* tmp; + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)ctx->authInSz + inl, NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz); + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; + } + #else + tmp = (byte*)XREALLOC(ctx->authIn, (size_t)ctx->authInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { ctx->authIn = tmp; XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl); @@ -905,9 +958,18 @@ static int wolfSSL_EVP_CipherUpdate_AriaGCM(WOLFSSL_EVP_CIPHER_CTX *ctx, if (ctx->enc == 0) { /* Append extra space for the tag */ size = WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(size); } - tmp = (byte*)XREALLOC(ctx->authBuffer, - (size_t)size, NULL, - DYNAMIC_TYPE_OPENSSL); + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)size, NULL, + DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL) { + XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen); + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; + } + #else + tmp = (byte*)XREALLOC(ctx->authBuffer, (size_t)size, NULL, + DYNAMIC_TYPE_OPENSSL); + #endif if (tmp) { XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl); ctx->authBufferLen += inl; @@ -2617,9 +2679,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) { - if (ctx->pkey->hkdfSalt != NULL) { - XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - } + XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL, DYNAMIC_TYPE_SALT); if (ctx->pkey->hkdfSalt == NULL) { @@ -2654,9 +2714,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS) { - if (ctx->pkey->hkdfKey != NULL) { - XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - } + XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL, DYNAMIC_TYPE_KEY); if (ctx->pkey->hkdfKey == NULL) { @@ -2693,9 +2751,19 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx, if (ret == WOLFSSL_SUCCESS && info != NULL && infoSz > 0) { unsigned char* p; /* If there's already info in the buffer, append. */ + #ifdef WOLFSSL_NO_REALLOC + p = (byte*)XMALLOC((size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL, + DYNAMIC_TYPE_INFO); + if (p != NULL) { + XMEMCPY(p, ctx->pkey->hkdfInfo, (size_t)ctx->pkey->hkdfInfoSz); + XFREE(ctx->pkey->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); + ctx->pkey->hkdfInfo = NULL; + } + #else p = (byte*)XREALLOC(ctx->pkey->hkdfInfo, (size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL, DYNAMIC_TYPE_INFO); + #endif if (p == NULL) { WOLFSSL_MSG("Failed to reallocate larger HKDF info buffer."); ret = WOLFSSL_FAILURE; @@ -3211,6 +3279,8 @@ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) if (pkey == NULL) return 0; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; + if (bytes < 0) + return 0; return bytes*8; } @@ -4275,23 +4345,39 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx, int ret; if (ctx->isHMAC) { - Hmac hmacCopy; - - if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) +#ifdef WOLFSSL_SMALL_STACK + Hmac *hmacCopy = (Hmac *)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_OPENSSL); + if (hmacCopy == NULL) return WOLFSSL_FAILURE; - ret = wc_HmacFinal(&hmacCopy, md) == 0; - wc_HmacFree(&hmacCopy); +#else + Hmac hmacCopy[1]; +#endif + ret = wolfSSL_HmacCopy(hmacCopy, &ctx->hash.hmac); + if (ret == WOLFSSL_SUCCESS) + ret = wc_HmacFinal(hmacCopy, md) == 0; + wc_HmacFree(hmacCopy); +#ifdef WOLFSSL_SMALL_STACK + XFREE(hmacCopy, NULL, DYNAMIC_TYPE_OPENSSL); +#endif return ret; } else { - WOLFSSL_EVP_MD_CTX ctxCopy; - wolfSSL_EVP_MD_CTX_init(&ctxCopy); - - if (wolfSSL_EVP_MD_CTX_copy_ex(&ctxCopy, ctx) != WOLFSSL_SUCCESS) +#ifdef WOLFSSL_SMALL_STACK + WOLFSSL_EVP_MD_CTX *ctxCopy = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL); + if (ctxCopy == NULL) return WOLFSSL_FAILURE; +#else + WOLFSSL_EVP_MD_CTX ctxCopy[1]; +#endif + wolfSSL_EVP_MD_CTX_init(ctxCopy); - ret = wolfSSL_EVP_DigestFinal(&ctxCopy, md, mdlen); - wolfSSL_EVP_MD_CTX_cleanup(&ctxCopy); + ret = wolfSSL_EVP_MD_CTX_copy_ex(ctxCopy, ctx); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(ctxCopy, md, mdlen); + wolfSSL_EVP_MD_CTX_cleanup(ctxCopy); +#ifdef WOLFSSL_SMALL_STACK + XFREE(ctxCopy, NULL, DYNAMIC_TYPE_OPENSSL); +#endif return ret; } } @@ -5468,7 +5554,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) { @@ -6208,15 +6294,11 @@ void wolfSSL_EVP_init(void) ctx->keyLen = 0; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - if (ctx->authBuffer) { - XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authBuffer = NULL; - } + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; ctx->authBufferLen = 0; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->authIvGenEnable = 0; ctx->authIncIv = 0; @@ -6338,10 +6420,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6545,10 +6625,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6696,10 +6774,8 @@ void wolfSSL_EVP_init(void) return WOLFSSL_FAILURE; } - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -7731,10 +7807,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7763,10 +7837,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -8465,7 +8537,7 @@ void wolfSSL_EVP_init(void) } if (ret < 0) { - if (ret == AES_GCM_AUTH_E) { + if (ret == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) { WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag."); } WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); @@ -8543,7 +8615,7 @@ static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey) if (key->pkcs8HeaderSz) { ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, (word32)derSz, RSAk, NULL, 0); - if (ret == LENGTH_ONLY_E) + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) ret = 0; } #endif @@ -8917,7 +8989,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) ret = wc_DhParamsToDer(dhkey,NULL,&derSz); } - if (derSz == 0 || ret != LENGTH_ONLY_E) { + if (derSz == 0 || ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_MSG("Failed to get size of DH Key"); return WOLFSSL_FAILURE; } @@ -9060,7 +9132,7 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) #ifdef HAVE_PKCS8 if (key->pkcs8HeaderSz) { /* when key has pkcs8 header the pkey should too */ - if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == LENGTH_ONLY_E) { + if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL); if (derBuf) { @@ -9112,8 +9184,17 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) } else if (ecc->type == ECC_PUBLICKEY) { if ((derSz = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { - derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz, NULL, + #ifdef WOLFSSL_NO_REALLOC + derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL); + if (derBuf != NULL) { + XMEMCPY(derBuf, pkey->pkey.ptr, (size_t)pkey->pkey_sz); + XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL); + pkey->pkey.ptr = NULL; + } + #else + derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL); + #endif if (derBuf != NULL) { pkey->pkey.ptr = (char*)derBuf; if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, (word32)derSz, @@ -9205,7 +9286,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); @@ -9229,6 +9310,9 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) ret = NID_sha512WithRSAEncryption; } } + else { + ret = BAD_FUNC_ARG; + } WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret); @@ -11006,18 +11090,12 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #ifdef HAVE_HKDF case EVP_PKEY_HKDF: - if (key->hkdfSalt != NULL) { - XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - key->hkdfSalt = NULL; - } - if (key->hkdfKey != NULL) { - XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - key->hkdfKey = NULL; - } - if (key->hkdfInfo != NULL) { - XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); - key->hkdfInfo = NULL; - } + XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); + key->hkdfSalt = NULL; + XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); + key->hkdfKey = NULL; + XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); + key->hkdfInfo = NULL; key->hkdfSaltSz = 0; key->hkdfKeySz = 0; key->hkdfInfoSz = 0; @@ -11496,10 +11574,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = wolfSSL_BIO_write(out, "\n", 1) > 0; } - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); - pub = NULL; - } + XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); + pub = NULL; wc_ecc_free(key); mp_free(a); @@ -12432,7 +12508,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, (word32)(BASE64_DECODE_BLOCK_SIZE - ctx->remaining), (word32)inl); for ( i = 0; cpySz > 0 && inLen > 0; i++) { - if (Base64_SkipNewline(in, &inLen, &j) == ASN_INPUT_E) { + if (Base64_SkipNewline(in, &inLen, &j) == WC_NO_ERR_TRACE(ASN_INPUT_E)) { return -1; /* detected an illegal char in input */ } c = in[j++]; @@ -12472,7 +12548,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, */ while (inLen > 3) { if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) { - if (res == BUFFER_E) { + if (res == WC_NO_ERR_TRACE(BUFFER_E)) { break; } else { @@ -12486,7 +12562,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, } inLen--; if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) { - if (res == BUFFER_E) { + if (res == WC_NO_ERR_TRACE(BUFFER_E)) { break; } else { @@ -12497,7 +12573,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, e[1] = in[j++]; inLen--; if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) { - if (res == BUFFER_E) { + if (res == WC_NO_ERR_TRACE(BUFFER_E)) { break; } else { @@ -12508,7 +12584,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, e[2] = in[j++]; inLen--; if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) { - if (res == BUFFER_E) { + if (res == WC_NO_ERR_TRACE(BUFFER_E)) { break; } else { @@ -12615,8 +12691,10 @@ int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx, inLen = (word32)ctx->remaining; if ((res = Base64_SkipNewline(ctx->data, &inLen, &j)) != 0) { *outl = 0; - if (res == BUFFER_E) /* means no valid data to decode in buffer */ + if (res == WC_NO_ERR_TRACE(BUFFER_E)) { + /* means no valid data to decode in buffer */ return 1; /* returns as success with no output */ + } else return -1; } diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c index 0e694c0976..4f1a754df7 100644 --- a/wolfcrypt/src/ext_kyber.c +++ b/wolfcrypt/src/ext_kyber.c @@ -1,6 +1,6 @@ /* ext_kyber.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,7 +27,7 @@ #include #include -#ifdef WOLFSSL_HAVE_KYBER +#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_WC_KYBER) #include #ifdef NO_INLINE @@ -329,7 +329,7 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng) { ret = wc_CryptoCb_MakePqcKemKey(rng, WC_PQC_KEM_TYPE_KYBER, key->type, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; @@ -440,7 +440,7 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss, ) { ret = wc_CryptoCb_PqcEncapsulate(ct, ctlen, ss, KYBER_SS_SZ, rng, WC_PQC_KEM_TYPE_KYBER, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; @@ -549,7 +549,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, ) { ret = wc_CryptoCb_PqcDecapsulate(ct, ctlen, ss, KYBER_SS_SZ, WC_PQC_KEM_TYPE_KYBER, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; @@ -608,7 +608,8 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, * @return NOT_COMPILED_IN when key type is not supported. * @return BUFFER_E when len is not the correct size. */ -int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len) +int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + word32 len) { int ret = 0; word32 privLen = 0; @@ -647,7 +648,8 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len) * @return NOT_COMPILED_IN when key type is not supported. * @return BUFFER_E when len is not the correct size. */ -int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len) +int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + word32 len) { int ret = 0; word32 pubLen = 0; @@ -748,4 +750,4 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) return ret; } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_WC_KYBER */ diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c index a5155076b2..a991129ec5 100644 --- a/wolfcrypt/src/ext_lms.c +++ b/wolfcrypt/src/ext_lms.c @@ -1,6 +1,6 @@ /* ext_lms.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -160,38 +160,77 @@ const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm) { switch (lmsParm) { case WC_LMS_PARM_NONE: - return "LMS_NONE"; - + return "LMS/HSS NONE"; + case WC_LMS_PARM_L1_H5_W1: + return "LMS/HSS L1_H5_W1"; + case WC_LMS_PARM_L1_H5_W2: + return "LMS/HSS L1_H5_W2"; + case WC_LMS_PARM_L1_H5_W4: + return "LMS/HSS L1_H5_W4"; + case WC_LMS_PARM_L1_H5_W8: + return "LMS/HSS L1_H5_W8"; + case WC_LMS_PARM_L1_H10_W2: + return "LMS/HSS L1_H10_W2"; + case WC_LMS_PARM_L1_H10_W4: + return "LMS/HSS L1_H10_W4"; + case WC_LMS_PARM_L1_H10_W8: + return "LMS/HSS L1_H10_W8"; case WC_LMS_PARM_L1_H15_W2: return "LMS/HSS L1_H15_W2"; - case WC_LMS_PARM_L1_H15_W4: return "LMS/HSS L1_H15_W4"; - + case WC_LMS_PARM_L1_H15_W8: + return "LMS/HSS L1_H15_W8"; + case WC_LMS_PARM_L1_H20_W2: + return "LMS/HSS L1_H20_W2"; + case WC_LMS_PARM_L1_H20_W4: + return "LMS/HSS L1_H20_W4"; + case WC_LMS_PARM_L1_H20_W8: + return "LMS/HSS L1_H20_W8"; + case WC_LMS_PARM_L2_H5_W2: + return "LMS/HSS L2_H5_W2"; + case WC_LMS_PARM_L2_H5_W4: + return "LMS/HSS L2_H5_W4"; + case WC_LMS_PARM_L2_H5_W8: + return "LMS/HSS L2_H5_W8"; case WC_LMS_PARM_L2_H10_W2: return "LMS/HSS L2_H10_W2"; - case WC_LMS_PARM_L2_H10_W4: return "LMS/HSS L2_H10_W4"; - case WC_LMS_PARM_L2_H10_W8: return "LMS/HSS L2_H10_W8"; - + case WC_LMS_PARM_L2_H15_W2: + return "LMS/HSS L2_H15_W2"; + case WC_LMS_PARM_L2_H15_W4: + return "LMS/HSS L2_H15_W4"; + case WC_LMS_PARM_L2_H15_W8: + return "LMS/HSS L2_H15_W8"; + case WC_LMS_PARM_L2_H20_W2: + return "LMS/HSS L2_H20_W2"; + case WC_LMS_PARM_L2_H20_W4: + return "LMS/HSS L2_H20_W4"; + case WC_LMS_PARM_L2_H20_W8: + return "LMS/HSS L2_H20_W8"; case WC_LMS_PARM_L3_H5_W2: return "LMS/HSS L3_H5_W2"; - case WC_LMS_PARM_L3_H5_W4: return "LMS/HSS L3_H5_W4"; - case WC_LMS_PARM_L3_H5_W8: return "LMS/HSS L3_H5_W8"; - case WC_LMS_PARM_L3_H10_W4: return "LMS/HSS L3_H10_W4"; - + case WC_LMS_PARM_L3_H10_W8: + return "LMS/HSS L3_H10_W8"; + case WC_LMS_PARM_L4_H5_W2: + return "LMS/HSS L4_H5_W2"; + case WC_LMS_PARM_L4_H5_W4: + return "LMS/HSS L4_H5_W4"; case WC_LMS_PARM_L4_H5_W8: return "LMS/HSS L4_H5_W8"; - + case WC_LMS_PARM_L4_H10_W4: + return "LMS/HSS L4_H10_W4"; + case WC_LMS_PARM_L4_H10_W8: + return "LMS/HSS L4_H10_W8"; default: WOLFSSL_MSG("error: invalid LMS parameter"); break; @@ -279,36 +318,76 @@ int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm) /* If NONE is passed, default to the lowest predefined set. */ switch (lmsParm) { case WC_LMS_PARM_NONE: + case WC_LMS_PARM_L1_H5_W1: + return wc_LmsKey_SetParameters(key, 1, 5, 1); + case WC_LMS_PARM_L1_H5_W2: + return wc_LmsKey_SetParameters(key, 1, 5, 2); + case WC_LMS_PARM_L1_H5_W4: + return wc_LmsKey_SetParameters(key, 1, 5, 4); + case WC_LMS_PARM_L1_H5_W8: + return wc_LmsKey_SetParameters(key, 1, 5, 8); + case WC_LMS_PARM_L1_H10_W2: + return wc_LmsKey_SetParameters(key, 1, 10, 2); + case WC_LMS_PARM_L1_H10_W4: + return wc_LmsKey_SetParameters(key, 1, 10, 4); + case WC_LMS_PARM_L1_H10_W8: + return wc_LmsKey_SetParameters(key, 1, 10, 8); case WC_LMS_PARM_L1_H15_W2: return wc_LmsKey_SetParameters(key, 1, 15, 2); - case WC_LMS_PARM_L1_H15_W4: return wc_LmsKey_SetParameters(key, 1, 15, 4); - + case WC_LMS_PARM_L1_H15_W8: + return wc_LmsKey_SetParameters(key, 1, 15, 8); + case WC_LMS_PARM_L1_H20_W2: + return wc_LmsKey_SetParameters(key, 1, 20, 2); + case WC_LMS_PARM_L1_H20_W4: + return wc_LmsKey_SetParameters(key, 1, 20, 4); + case WC_LMS_PARM_L1_H20_W8: + return wc_LmsKey_SetParameters(key, 1, 20, 8); + case WC_LMS_PARM_L2_H5_W2: + return wc_LmsKey_SetParameters(key, 2, 5, 2); + case WC_LMS_PARM_L2_H5_W4: + return wc_LmsKey_SetParameters(key, 2, 5, 4); + case WC_LMS_PARM_L2_H5_W8: + return wc_LmsKey_SetParameters(key, 2, 5, 8); case WC_LMS_PARM_L2_H10_W2: return wc_LmsKey_SetParameters(key, 2, 10, 2); - case WC_LMS_PARM_L2_H10_W4: return wc_LmsKey_SetParameters(key, 2, 10, 4); - case WC_LMS_PARM_L2_H10_W8: return wc_LmsKey_SetParameters(key, 2, 10, 8); - + case WC_LMS_PARM_L2_H15_W2: + return wc_LmsKey_SetParameters(key, 2, 15, 2); + case WC_LMS_PARM_L2_H15_W4: + return wc_LmsKey_SetParameters(key, 2, 15, 4); + case WC_LMS_PARM_L2_H15_W8: + return wc_LmsKey_SetParameters(key, 2, 15, 8); + case WC_LMS_PARM_L2_H20_W2: + return wc_LmsKey_SetParameters(key, 2, 20, 2); + case WC_LMS_PARM_L2_H20_W4: + return wc_LmsKey_SetParameters(key, 2, 20, 4); + case WC_LMS_PARM_L2_H20_W8: + return wc_LmsKey_SetParameters(key, 2, 20, 8); case WC_LMS_PARM_L3_H5_W2: return wc_LmsKey_SetParameters(key, 3, 5, 2); - case WC_LMS_PARM_L3_H5_W4: return wc_LmsKey_SetParameters(key, 3, 5, 4); - case WC_LMS_PARM_L3_H5_W8: return wc_LmsKey_SetParameters(key, 3, 5, 8); - case WC_LMS_PARM_L3_H10_W4: return wc_LmsKey_SetParameters(key, 3, 10, 4); - + case WC_LMS_PARM_L3_H10_W8: + return wc_LmsKey_SetParameters(key, 3, 10, 8); + case WC_LMS_PARM_L4_H5_W2: + return wc_LmsKey_SetParameters(key, 4, 5, 2); + case WC_LMS_PARM_L4_H5_W4: + return wc_LmsKey_SetParameters(key, 4, 5, 4); case WC_LMS_PARM_L4_H5_W8: return wc_LmsKey_SetParameters(key, 4, 5, 8); - + case WC_LMS_PARM_L4_H10_W4: + return wc_LmsKey_SetParameters(key, 4, 10, 4); + case WC_LMS_PARM_L4_H10_W8: + return wc_LmsKey_SetParameters(key, 4, 10, 8); default: WOLFSSL_MSG("error: invalid LMS parameter set"); break; @@ -507,7 +586,7 @@ void wc_LmsKey_Free(LmsKey* key) * * Returns 0 on success. * */ -int wc_LmsKey_SetWriteCb(LmsKey * key, write_private_key_cb write_cb) +int wc_LmsKey_SetWriteCb(LmsKey * key, wc_lms_write_private_key_cb write_cb) { if (key == NULL || write_cb == NULL) { return BAD_FUNC_ARG; @@ -531,7 +610,7 @@ int wc_LmsKey_SetWriteCb(LmsKey * key, write_private_key_cb write_cb) * * Returns 0 on success. * */ -int wc_LmsKey_SetReadCb(LmsKey * key, read_private_key_cb read_cb) +int wc_LmsKey_SetReadCb(LmsKey * key, wc_lms_read_private_key_cb read_cb) { if (key == NULL || read_cb == NULL) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c index 84498d9a37..14e3f71c97 100644 --- a/wolfcrypt/src/ext_xmss.c +++ b/wolfcrypt/src/ext_xmss.c @@ -1,6 +1,6 @@ /* ext_xmss.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -307,7 +307,7 @@ void wc_XmssKey_Free(XmssKey* key) * returns BAD_FUNC_ARG when a parameter is NULL. * returns -1 on failure. * */ -int wc_XmssKey_SetWriteCb(XmssKey * key, write_private_key_cb write_cb) +int wc_XmssKey_SetWriteCb(XmssKey * key, wc_xmss_write_private_key_cb write_cb) { if (key == NULL || write_cb == NULL) { return BAD_FUNC_ARG; @@ -336,7 +336,7 @@ int wc_XmssKey_SetWriteCb(XmssKey * key, write_private_key_cb write_cb) * returns BAD_FUNC_ARG when a parameter is NULL. * returns -1 on failure. * */ -int wc_XmssKey_SetReadCb(XmssKey * key, read_private_key_cb read_cb) +int wc_XmssKey_SetReadCb(XmssKey * key, wc_xmss_read_private_key_cb read_cb) { if (key == NULL || read_cb == NULL) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index eef982cad7..b1aabb13b2 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -1,6 +1,6 @@ /* falcon.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -75,7 +75,7 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, { ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, WC_PQC_SIG_TYPE_FALCON, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; @@ -173,7 +173,7 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, { ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, WC_PQC_SIG_TYPE_FALCON, key); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; @@ -469,7 +469,8 @@ static int parse_private_key(const byte* priv, word32 privSz, /* At this point, it is still a PKCS8 private key. */ if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) { - return ret; + /* ignore error, did not have PKCS8 header */ + (void)ret; } /* Now it is a octet_string(concat(priv,pub)) */ diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c index 73853b79e7..ede162a5e2 100644 --- a/wolfcrypt/src/fe_448.c +++ b/wolfcrypt/src/fe_448.c @@ -1,6 +1,6 @@ /* fe_448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a) b[ 0] = (byte)(in0 >> 0); b[ 1] = (byte)(in0 >> 8); b[ 2] = (byte)(in0 >> 16); - b[ 3] = (byte)(in0 >> 24) + ((in1 >> 0) << 4); + b[ 3] = (byte)((in0 >> 24) + ((in1 >> 0) << 4)); b[ 4] = (byte)(in1 >> 4); b[ 5] = (byte)(in1 >> 12); b[ 6] = (byte)(in1 >> 20); b[ 7] = (byte)(in2 >> 0); b[ 8] = (byte)(in2 >> 8); b[ 9] = (byte)(in2 >> 16); - b[10] = (byte)(in2 >> 24) + ((in3 >> 0) << 4); + b[10] = (byte)((in2 >> 24) + ((in3 >> 0) << 4)); b[11] = (byte)(in3 >> 4); b[12] = (byte)(in3 >> 12); b[13] = (byte)(in3 >> 20); b[14] = (byte)(in4 >> 0); b[15] = (byte)(in4 >> 8); b[16] = (byte)(in4 >> 16); - b[17] = (byte)(in4 >> 24) + ((in5 >> 0) << 4); + b[17] = (byte)((in4 >> 24) + ((in5 >> 0) << 4)); b[18] = (byte)(in5 >> 4); b[19] = (byte)(in5 >> 12); b[20] = (byte)(in5 >> 20); b[21] = (byte)(in6 >> 0); b[22] = (byte)(in6 >> 8); b[23] = (byte)(in6 >> 16); - b[24] = (byte)(in6 >> 24) + ((in7 >> 0) << 4); + b[24] = (byte)((in6 >> 24) + ((in7 >> 0) << 4)); b[25] = (byte)(in7 >> 4); b[26] = (byte)(in7 >> 12); b[27] = (byte)(in7 >> 20); b[28] = (byte)(in8 >> 0); b[29] = (byte)(in8 >> 8); b[30] = (byte)(in8 >> 16); - b[31] = (byte)(in8 >> 24) + ((in9 >> 0) << 4); + b[31] = (byte)((in8 >> 24) + ((in9 >> 0) << 4)); b[32] = (byte)(in9 >> 4); b[33] = (byte)(in9 >> 12); b[34] = (byte)(in9 >> 20); b[35] = (byte)(in10 >> 0); b[36] = (byte)(in10 >> 8); b[37] = (byte)(in10 >> 16); - b[38] = (byte)(in10 >> 24) + ((in11 >> 0) << 4); + b[38] = (byte)((in10 >> 24) + ((in11 >> 0) << 4)); b[39] = (byte)(in11 >> 4); b[40] = (byte)(in11 >> 12); b[41] = (byte)(in11 >> 20); b[42] = (byte)(in12 >> 0); b[43] = (byte)(in12 >> 8); b[44] = (byte)(in12 >> 16); - b[45] = (byte)(in12 >> 24) + ((in13 >> 0) << 4); + b[45] = (byte)((in12 >> 24) + ((in13 >> 0) << 4)); b[46] = (byte)(in13 >> 4); b[47] = (byte)(in13 >> 12); b[48] = (byte)(in13 >> 20); b[49] = (byte)(in14 >> 0); b[50] = (byte)(in14 >> 8); b[51] = (byte)(in14 >> 16); - b[52] = (byte)(in14 >> 24) + ((in15 >> 0) << 4); + b[52] = (byte)((in14 >> 24) + ((in15 >> 0) << 4)); b[53] = (byte)(in15 >> 4); b[54] = (byte)(in15 >> 12); b[55] = (byte)(in15 >> 20); @@ -1834,6 +1834,7 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b sword64 t13 = (sword64)a[ 6] * b[ 7]; sword64 t113 = (sword64)a[ 7] * b[ 6]; sword64 t14 = (sword64)a[ 7] * b[ 7]; + sword64 o, t15; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; @@ -1850,8 +1851,8 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b t11 += t111; t11 += t211; t11 += t311; t12 += t112; t12 += t212; t13 += t113; - sword64 o = t14 >> 28; - sword64 t15 = o; + o = t14 >> 28; + t15 = o; t14 -= o << 28; o = (t0 >> 28); t1 += o; t = o << 28; t0 -= t; o = (t1 >> 28); t2 += o; t = o << 28; t1 -= t; diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 3556639600..ad10a0e944 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -1,6 +1,6 @@ /* fe_low_mem.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 18e2b05e80..2910151dfb 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -1,6 +1,6 @@ /* fe_operations.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,7 +45,7 @@ #elif defined(WOLFSSL_ARMASM) /* Assembly code in fe_armv[78]_x25519.* */ #elif defined(CURVED25519_128BIT) -#include "fe_x25519_128.i" +#include "fe_x25519_128.h" #else #if defined(HAVE_CURVE25519) || \ @@ -58,24 +58,24 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context. */ -word64 load_3(const unsigned char *in) +sword64 load_3(const unsigned char *in) { word64 result; result = (word64) in[0]; result |= ((word64) in[1]) << 8; result |= ((word64) in[2]) << 16; - return result; + return (sword64)result; } -word64 load_4(const unsigned char *in) +sword64 load_4(const unsigned char *in) { word64 result; result = (word64) in[0]; result |= ((word64) in[1]) << 8; result |= ((word64) in[2]) << 16; result |= ((word64) in[3]) << 24; - return result; + return (sword64)result; } #endif @@ -170,8 +170,8 @@ int curve25519(byte* q, const byte* n, const byte* p) #endif b &= 1; swap ^= b; - fe_cswap(x2,x3,swap); - fe_cswap(z2,z3,swap); + fe_cswap(x2,x3,(int)swap); + fe_cswap(z2,z3,(int)swap); swap = b; /* montgomery */ @@ -194,8 +194,8 @@ int curve25519(byte* q, const byte* n, const byte* p) fe_mul(z3,x1,z2); fe_mul(z2,tmp1,tmp0); } - fe_cswap(x2,x3,swap); - fe_cswap(z2,z3,swap); + fe_cswap(x2,x3,(int)swap); + fe_cswap(z2,z3,(int)swap); fe_invert(z2,z2); fe_mul(x2,x2,z2); diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.h similarity index 98% rename from wolfcrypt/src/fe_x25519_128.i rename to wolfcrypt/src/fe_x25519_128.h index eff2d408eb..3ddc41aba9 100644 --- a/wolfcrypt/src/fe_x25519_128.i +++ b/wolfcrypt/src/fe_x25519_128.h @@ -1,6 +1,6 @@ -/* fe_x25519_128.i +/* fe_x25519_128.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,7 +21,7 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./x25519/fe_x25519_128_gen.rb > ../wolfssl/wolfcrypt/src/fe_x25519_128.i + * ruby ./x25519/fe_x25519_128_gen.rb > ../wolfssl/wolfcrypt/src/fe_x25519_128.h */ void fe_init(void) @@ -600,7 +600,7 @@ void fe_sq2(fe r, const fe a) * in An array of bytes. * returns a 64-bit word. */ -word64 load_3(const unsigned char *in) +sword64 load_3(const unsigned char *in) { word64 result; @@ -608,7 +608,7 @@ word64 load_3(const unsigned char *in) (((word64)in[1]) << 8) | (((word64)in[2]) << 16)); - return result; + return (sword64)result; } /* Load 4 little endian bytes into a 64-bit word. @@ -616,7 +616,7 @@ word64 load_3(const unsigned char *in) * in An array of bytes. * returns a 64-bit word. */ -word64 load_4(const unsigned char *in) +sword64 load_4(const unsigned char *in) { word64 result; @@ -625,6 +625,6 @@ word64 load_4(const unsigned char *in) (((word64)in[2]) << 16) | (((word64)in[3]) << 24)); - return result; + return (sword64)result; } diff --git a/wolfcrypt/src/fe_x25519_asm.S b/wolfcrypt/src/fe_x25519_asm.S index 2001bc0a89..308aaae034 100644 --- a/wolfcrypt/src/fe_x25519_asm.S +++ b/wolfcrypt/src/fe_x25519_asm.S @@ -1,6 +1,6 @@ /* fe_x25519_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -4140,7 +4140,7 @@ _fe_sq2_x64: adcq %r11, %r8 adcq %r12, %r9 adcq %r13, %r10 - mov %r10, %rax + movq %r10, %rax shldq $0x01, %r9, %r10 shldq $0x01, %r8, %r9 shldq $0x01, %rcx, %r8 @@ -5946,7 +5946,7 @@ _ge_p2_dbl_x64: adcq %r13, %r10 adcq %r14, %r11 adcq %r15, %r12 - mov %r12, %rax + movq %r12, %rax shldq $0x01, %r11, %r12 shldq $0x01, %r10, %r11 shldq $0x01, %r9, %r10 @@ -8676,7 +8676,7 @@ _sc_reduce_x64: movq $0xa7ed9ce5a30a2c13, %rcx movq %r12, %rax mulq %rcx - mov $0x00, %rbp + movq $0x00, %rbp addq %rax, %r8 adcq %rdx, %rbp movq %r13, %rax @@ -8689,7 +8689,7 @@ _sc_reduce_x64: addq %rbp, %r9 adcq %rax, %r10 adcq %rdx, %r11 - mov $0x00, %rbx + movq $0x00, %rbx adcq $0x00, %rbx movq %r15, %rax mulq %rcx @@ -8699,7 +8699,7 @@ _sc_reduce_x64: movq $0xeb2106215d086329, %rcx movq %r12, %rax mulq %rcx - mov $0x00, %rbp + movq $0x00, %rbp addq %rax, %r9 adcq %rdx, %rbp movq %r13, %rax @@ -8712,7 +8712,7 @@ _sc_reduce_x64: addq %rbp, %r10 adcq %rax, %r11 adcq %rdx, %rbx - mov $0x00, %rbp + movq $0x00, %rbp adcq $0x00, %rbp movq %r15, %rax mulq %rcx @@ -8962,7 +8962,7 @@ _sc_muladd_x64: movq $0xa7ed9ce5a30a2c13, %rbx movq %r12, %rax mulq %rbx - mov $0x00, %rbp + movq $0x00, %rbp addq %rax, %r8 adcq %rdx, %rbp movq %r13, %rax @@ -8975,7 +8975,7 @@ _sc_muladd_x64: addq %rbp, %r9 adcq %rax, %r10 adcq %rdx, %r11 - mov $0x00, %rsi + movq $0x00, %rsi adcq $0x00, %rsi movq %r15, %rax mulq %rbx @@ -8985,7 +8985,7 @@ _sc_muladd_x64: movq $0xeb2106215d086329, %rbx movq %r12, %rax mulq %rbx - mov $0x00, %rbp + movq $0x00, %rbp addq %rax, %r9 adcq %rdx, %rbp movq %r13, %rax @@ -8998,7 +8998,7 @@ _sc_muladd_x64: addq %rbp, %r10 adcq %rax, %r11 adcq %rdx, %rsi - mov $0x00, %rbp + movq $0x00, %rbp adcq $0x00, %rbp movq %r15, %rax mulq %rbx @@ -11371,7 +11371,7 @@ _fe_sq2_avx2: adcxq %rax, %r10 adoxq %r14, %r11 adcxq %rcx, %r11 - mov %r11, %rax + movq %r11, %rax shldq $0x01, %r10, %r11 shldq $0x01, %r9, %r10 shldq $0x01, %r8, %r9 @@ -12862,7 +12862,7 @@ _ge_p2_dbl_avx2: adcxq %r9, %r12 adoxq %rbx, %r13 adcxq %rcx, %r13 - mov %r13, %r9 + movq %r13, %r9 shldq $0x01, %r12, %r13 shldq $0x01, %r11, %r12 shldq $0x01, %r10, %r11 @@ -15206,33 +15206,33 @@ _sc_reduce_avx2: adcq $0x00, %r15 # Sub product of top 4 words and order movq $0xa7ed9ce5a30a2c13, %rdx - mulx %r12, %rcx, %rax + mulxq %r12, %rcx, %rax addq %rcx, %r8 adcq %rax, %r9 - mulx %r14, %rcx, %rax + mulxq %r14, %rcx, %rax adcq %rcx, %r10 adcq %rax, %r11 - mov $0x00, %rsi + movq $0x00, %rsi adcq $0x00, %rsi - mulx %r13, %rcx, %rax + mulxq %r13, %rcx, %rax addq %rcx, %r9 adcq %rax, %r10 - mulx %r15, %rcx, %rax + mulxq %r15, %rcx, %rax adcq %rcx, %r11 adcq %rax, %rsi movq $0xeb2106215d086329, %rdx - mulx %r12, %rcx, %rax + mulxq %r12, %rcx, %rax addq %rcx, %r9 adcq %rax, %r10 - mulx %r14, %rcx, %rax + mulxq %r14, %rcx, %rax adcq %rcx, %r11 adcq %rax, %rsi - mov $0x00, %rbx + movq $0x00, %rbx adcq $0x00, %rbx - mulx %r13, %rcx, %rax + mulxq %r13, %rcx, %rax addq %rcx, %r10 adcq %rax, %r11 - mulx %r15, %rcx, %rax + mulxq %r15, %rcx, %rax adcq %rcx, %rsi adcq %rax, %rbx subq %r12, %r10 @@ -15265,21 +15265,21 @@ _sc_reduce_avx2: # Sub product of top 2 words and order # * -5812631a5cf5d3ed movq $0xa7ed9ce5a30a2c13, %rdx - mulx %r12, %rbp, %rax + mulxq %r12, %rbp, %rax movq $0x00, %rsi addq %rbp, %r8 adcq %rax, %r9 - mulx %r13, %rbp, %rax + mulxq %r13, %rbp, %rax adcq $0x00, %rsi addq %rbp, %r9 adcq %rax, %rsi # * -14def9dea2f79cd7 movq $0xeb2106215d086329, %rdx - mulx %r12, %rbp, %rax + mulxq %r12, %rbp, %rax movq $0x00, %rbx addq %rbp, %r9 adcq %rax, %r10 - mulx %r13, %rbp, %rax + mulxq %r13, %rbp, %rax adcq $0x00, %rbx addq %rbp, %r10 adcq %rax, %rbx @@ -15450,33 +15450,33 @@ _sc_muladd_avx2: adcq $0x00, %rbp # Sub product of top 4 words and order movq $0xa7ed9ce5a30a2c13, %rdx - mulx %r14, %rcx, %rax + mulxq %r14, %rcx, %rax addq %rcx, %r10 adcq %rax, %r11 - mulx %rbx, %rcx, %rax + mulxq %rbx, %rcx, %rax adcq %rcx, %r12 adcq %rax, %r13 - mov $0x00, %rsi + movq $0x00, %rsi adcq $0x00, %rsi - mulx %r15, %rcx, %rax + mulxq %r15, %rcx, %rax addq %rcx, %r11 adcq %rax, %r12 - mulx %rbp, %rcx, %rax + mulxq %rbp, %rcx, %rax adcq %rcx, %r13 adcq %rax, %rsi movq $0xeb2106215d086329, %rdx - mulx %r14, %rcx, %rax + mulxq %r14, %rcx, %rax addq %rcx, %r11 adcq %rax, %r12 - mulx %rbx, %rcx, %rax + mulxq %rbx, %rcx, %rax adcq %rcx, %r13 adcq %rax, %rsi - mov $0x00, %r8 + movq $0x00, %r8 adcq $0x00, %r8 - mulx %r15, %rcx, %rax + mulxq %r15, %rcx, %rax addq %rcx, %r12 adcq %rax, %r13 - mulx %rbp, %rcx, %rax + mulxq %rbp, %rcx, %rax adcq %rcx, %rsi adcq %rax, %r8 subq %r14, %r12 @@ -15509,21 +15509,21 @@ _sc_muladd_avx2: # Sub product of top 2 words and order # * -5812631a5cf5d3ed movq $0xa7ed9ce5a30a2c13, %rdx - mulx %r14, %r9, %rax + mulxq %r14, %r9, %rax movq $0x00, %rsi addq %r9, %r10 adcq %rax, %r11 - mulx %r15, %r9, %rax + mulxq %r15, %r9, %rax adcq $0x00, %rsi addq %r9, %r11 adcq %rax, %rsi # * -14def9dea2f79cd7 movq $0xeb2106215d086329, %rdx - mulx %r14, %r9, %rax + mulxq %r14, %r9, %rax movq $0x00, %r8 addq %r9, %r11 adcq %rax, %r12 - mulx %r15, %r9, %rax + mulxq %r15, %r9, %rax adcq $0x00, %r8 addq %r9, %r12 adcq %rax, %r8 diff --git a/wolfcrypt/src/fp_mont_small.i b/wolfcrypt/src/fp_mont_small.i index c0f9092487..c75547b6a3 100644 --- a/wolfcrypt/src/fp_mont_small.i +++ b/wolfcrypt/src/fp_mont_small.i @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_12.i b/wolfcrypt/src/fp_mul_comba_12.i index b5840a5d7f..153b02c4eb 100644 --- a/wolfcrypt/src/fp_mul_comba_12.i +++ b/wolfcrypt/src/fp_mul_comba_12.i @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_17.i b/wolfcrypt/src/fp_mul_comba_17.i index 8092e4549e..6e2487cd61 100644 --- a/wolfcrypt/src/fp_mul_comba_17.i +++ b/wolfcrypt/src/fp_mul_comba_17.i @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_20.i b/wolfcrypt/src/fp_mul_comba_20.i index cec9e46e8b..b2994324fc 100644 --- a/wolfcrypt/src/fp_mul_comba_20.i +++ b/wolfcrypt/src/fp_mul_comba_20.i @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_24.i b/wolfcrypt/src/fp_mul_comba_24.i index 299ebc41db..cc1463e2de 100644 --- a/wolfcrypt/src/fp_mul_comba_24.i +++ b/wolfcrypt/src/fp_mul_comba_24.i @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_28.i b/wolfcrypt/src/fp_mul_comba_28.i index 13af28df84..5d079164fb 100644 --- a/wolfcrypt/src/fp_mul_comba_28.i +++ b/wolfcrypt/src/fp_mul_comba_28.i @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_3.i b/wolfcrypt/src/fp_mul_comba_3.i index 1ac5622e26..4318b8e0c5 100644 --- a/wolfcrypt/src/fp_mul_comba_3.i +++ b/wolfcrypt/src/fp_mul_comba_3.i @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_32.i b/wolfcrypt/src/fp_mul_comba_32.i index c8d3b6c0cd..e381d73596 100644 --- a/wolfcrypt/src/fp_mul_comba_32.i +++ b/wolfcrypt/src/fp_mul_comba_32.i @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_4.i b/wolfcrypt/src/fp_mul_comba_4.i index d4e400224e..0f404ff895 100644 --- a/wolfcrypt/src/fp_mul_comba_4.i +++ b/wolfcrypt/src/fp_mul_comba_4.i @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_48.i b/wolfcrypt/src/fp_mul_comba_48.i index a81cec53ad..2189b601bc 100644 --- a/wolfcrypt/src/fp_mul_comba_48.i +++ b/wolfcrypt/src/fp_mul_comba_48.i @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_6.i b/wolfcrypt/src/fp_mul_comba_6.i index 67ee873777..f5c33d2fc0 100644 --- a/wolfcrypt/src/fp_mul_comba_6.i +++ b/wolfcrypt/src/fp_mul_comba_6.i @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_64.i b/wolfcrypt/src/fp_mul_comba_64.i index 8f75cddafd..dba74829ef 100644 --- a/wolfcrypt/src/fp_mul_comba_64.i +++ b/wolfcrypt/src/fp_mul_comba_64.i @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_7.i b/wolfcrypt/src/fp_mul_comba_7.i index a50d30d866..ffb8a322e9 100644 --- a/wolfcrypt/src/fp_mul_comba_7.i +++ b/wolfcrypt/src/fp_mul_comba_7.i @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_8.i b/wolfcrypt/src/fp_mul_comba_8.i index a0a4d38fcb..044a731fb3 100644 --- a/wolfcrypt/src/fp_mul_comba_8.i +++ b/wolfcrypt/src/fp_mul_comba_8.i @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_9.i b/wolfcrypt/src/fp_mul_comba_9.i index cf63f82cab..4ebc103499 100644 --- a/wolfcrypt/src/fp_mul_comba_9.i +++ b/wolfcrypt/src/fp_mul_comba_9.i @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_mul_comba_small_set.i b/wolfcrypt/src/fp_mul_comba_small_set.i index 1ece3cc465..7b6277917d 100644 --- a/wolfcrypt/src/fp_mul_comba_small_set.i +++ b/wolfcrypt/src/fp_mul_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_12.i b/wolfcrypt/src/fp_sqr_comba_12.i index f542b9129f..87deca00a8 100644 --- a/wolfcrypt/src/fp_sqr_comba_12.i +++ b/wolfcrypt/src/fp_sqr_comba_12.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_17.i b/wolfcrypt/src/fp_sqr_comba_17.i index 6987c5757a..b6c589a9fb 100644 --- a/wolfcrypt/src/fp_sqr_comba_17.i +++ b/wolfcrypt/src/fp_sqr_comba_17.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_20.i b/wolfcrypt/src/fp_sqr_comba_20.i index bd388d5fde..f8776d59eb 100644 --- a/wolfcrypt/src/fp_sqr_comba_20.i +++ b/wolfcrypt/src/fp_sqr_comba_20.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_24.i b/wolfcrypt/src/fp_sqr_comba_24.i index e57148a3c2..25178e3713 100644 --- a/wolfcrypt/src/fp_sqr_comba_24.i +++ b/wolfcrypt/src/fp_sqr_comba_24.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_28.i b/wolfcrypt/src/fp_sqr_comba_28.i index 78fb8e0164..1e639ffb70 100644 --- a/wolfcrypt/src/fp_sqr_comba_28.i +++ b/wolfcrypt/src/fp_sqr_comba_28.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_3.i b/wolfcrypt/src/fp_sqr_comba_3.i index bab8996dd9..b16412c920 100644 --- a/wolfcrypt/src/fp_sqr_comba_3.i +++ b/wolfcrypt/src/fp_sqr_comba_3.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_32.i b/wolfcrypt/src/fp_sqr_comba_32.i index 9ee96c52f1..359a47e41c 100644 --- a/wolfcrypt/src/fp_sqr_comba_32.i +++ b/wolfcrypt/src/fp_sqr_comba_32.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_4.i b/wolfcrypt/src/fp_sqr_comba_4.i index d0bae98021..92e38b5d6a 100644 --- a/wolfcrypt/src/fp_sqr_comba_4.i +++ b/wolfcrypt/src/fp_sqr_comba_4.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_48.i b/wolfcrypt/src/fp_sqr_comba_48.i index a9fa4f8e10..d6568f95e7 100644 --- a/wolfcrypt/src/fp_sqr_comba_48.i +++ b/wolfcrypt/src/fp_sqr_comba_48.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_6.i b/wolfcrypt/src/fp_sqr_comba_6.i index 2e91e69b15..a92eb1032a 100644 --- a/wolfcrypt/src/fp_sqr_comba_6.i +++ b/wolfcrypt/src/fp_sqr_comba_6.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_64.i b/wolfcrypt/src/fp_sqr_comba_64.i index a072269cb5..41da933311 100644 --- a/wolfcrypt/src/fp_sqr_comba_64.i +++ b/wolfcrypt/src/fp_sqr_comba_64.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_7.i b/wolfcrypt/src/fp_sqr_comba_7.i index 9ae37801df..2b2f1d8fb1 100644 --- a/wolfcrypt/src/fp_sqr_comba_7.i +++ b/wolfcrypt/src/fp_sqr_comba_7.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_8.i b/wolfcrypt/src/fp_sqr_comba_8.i index c0be97bb52..13b728366c 100644 --- a/wolfcrypt/src/fp_sqr_comba_8.i +++ b/wolfcrypt/src/fp_sqr_comba_8.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_9.i b/wolfcrypt/src/fp_sqr_comba_9.i index 92369de40c..aa04a22dfb 100644 --- a/wolfcrypt/src/fp_sqr_comba_9.i +++ b/wolfcrypt/src/fp_sqr_comba_9.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/fp_sqr_comba_small_set.i b/wolfcrypt/src/fp_sqr_comba_small_set.i index f8e0a4dc15..a47ca8c2dc 100644 --- a/wolfcrypt/src/fp_sqr_comba_small_set.i +++ b/wolfcrypt/src/fp_sqr_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c index 5ce8ea75d7..415928f97f 100644 --- a/wolfcrypt/src/ge_448.c +++ b/wolfcrypt/src/ge_448.c @@ -1,6 +1,6 @@ /* ge_448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -5453,56 +5453,56 @@ void sc448_reduce(byte* b) b[ 0] = (byte)(d[0 ] >> 0); b[ 1] = (byte)(d[0 ] >> 8); b[ 2] = (byte)(d[0 ] >> 16); - b[ 3] = (byte)(d[0 ] >> 24) + ((d[1 ] >> 0) << 4); + b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >> 0) << 4)); b[ 4] = (byte)(d[1 ] >> 4); b[ 5] = (byte)(d[1 ] >> 12); b[ 6] = (byte)(d[1 ] >> 20); b[ 7] = (byte)(d[2 ] >> 0); b[ 8] = (byte)(d[2 ] >> 8); b[ 9] = (byte)(d[2 ] >> 16); - b[10] = (byte)(d[2 ] >> 24) + ((d[3 ] >> 0) << 4); + b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >> 0) << 4)); b[11] = (byte)(d[3 ] >> 4); b[12] = (byte)(d[3 ] >> 12); b[13] = (byte)(d[3 ] >> 20); b[14] = (byte)(d[4 ] >> 0); b[15] = (byte)(d[4 ] >> 8); b[16] = (byte)(d[4 ] >> 16); - b[17] = (byte)(d[4 ] >> 24) + ((d[5 ] >> 0) << 4); + b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >> 0) << 4)); b[18] = (byte)(d[5 ] >> 4); b[19] = (byte)(d[5 ] >> 12); b[20] = (byte)(d[5 ] >> 20); b[21] = (byte)(d[6 ] >> 0); b[22] = (byte)(d[6 ] >> 8); b[23] = (byte)(d[6 ] >> 16); - b[24] = (byte)(d[6 ] >> 24) + ((d[7 ] >> 0) << 4); + b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >> 0) << 4)); b[25] = (byte)(d[7 ] >> 4); b[26] = (byte)(d[7 ] >> 12); b[27] = (byte)(d[7 ] >> 20); b[28] = (byte)(d[8 ] >> 0); b[29] = (byte)(d[8 ] >> 8); b[30] = (byte)(d[8 ] >> 16); - b[31] = (byte)(d[8 ] >> 24) + ((d[9 ] >> 0) << 4); + b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >> 0) << 4)); b[32] = (byte)(d[9 ] >> 4); b[33] = (byte)(d[9 ] >> 12); b[34] = (byte)(d[9 ] >> 20); b[35] = (byte)(d[10] >> 0); b[36] = (byte)(d[10] >> 8); b[37] = (byte)(d[10] >> 16); - b[38] = (byte)(d[10] >> 24) + ((d[11] >> 0) << 4); + b[38] = (byte)((d[10] >> 24) + ((d[11] >> 0) << 4)); b[39] = (byte)(d[11] >> 4); b[40] = (byte)(d[11] >> 12); b[41] = (byte)(d[11] >> 20); b[42] = (byte)(d[12] >> 0); b[43] = (byte)(d[12] >> 8); b[44] = (byte)(d[12] >> 16); - b[45] = (byte)(d[12] >> 24) + ((d[13] >> 0) << 4); + b[45] = (byte)((d[12] >> 24) + ((d[13] >> 0) << 4)); b[46] = (byte)(d[13] >> 4); b[47] = (byte)(d[13] >> 12); b[48] = (byte)(d[13] >> 20); b[49] = (byte)(d[14] >> 0); b[50] = (byte)(d[14] >> 8); b[51] = (byte)(d[14] >> 16); - b[52] = (byte)(d[14] >> 24) + ((d[15] >> 0) << 4); + b[52] = (byte)((d[14] >> 24) + ((d[15] >> 0) << 4)); b[53] = (byte)(d[15] >> 4); b[54] = (byte)(d[15] >> 12); b[55] = (byte)(d[15] >> 20); @@ -6206,56 +6206,56 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) r[ 0] = (byte)(rd[0 ] >> 0); r[ 1] = (byte)(rd[0 ] >> 8); r[ 2] = (byte)(rd[0 ] >> 16); - r[ 3] = (byte)(rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4); + r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4)); r[ 4] = (byte)(rd[1 ] >> 4); r[ 5] = (byte)(rd[1 ] >> 12); r[ 6] = (byte)(rd[1 ] >> 20); r[ 7] = (byte)(rd[2 ] >> 0); r[ 8] = (byte)(rd[2 ] >> 8); r[ 9] = (byte)(rd[2 ] >> 16); - r[10] = (byte)(rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4); + r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4)); r[11] = (byte)(rd[3 ] >> 4); r[12] = (byte)(rd[3 ] >> 12); r[13] = (byte)(rd[3 ] >> 20); r[14] = (byte)(rd[4 ] >> 0); r[15] = (byte)(rd[4 ] >> 8); r[16] = (byte)(rd[4 ] >> 16); - r[17] = (byte)(rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4); + r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4)); r[18] = (byte)(rd[5 ] >> 4); r[19] = (byte)(rd[5 ] >> 12); r[20] = (byte)(rd[5 ] >> 20); r[21] = (byte)(rd[6 ] >> 0); r[22] = (byte)(rd[6 ] >> 8); r[23] = (byte)(rd[6 ] >> 16); - r[24] = (byte)(rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4); + r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4)); r[25] = (byte)(rd[7 ] >> 4); r[26] = (byte)(rd[7 ] >> 12); r[27] = (byte)(rd[7 ] >> 20); r[28] = (byte)(rd[8 ] >> 0); r[29] = (byte)(rd[8 ] >> 8); r[30] = (byte)(rd[8 ] >> 16); - r[31] = (byte)(rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4); + r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4)); r[32] = (byte)(rd[9 ] >> 4); r[33] = (byte)(rd[9 ] >> 12); r[34] = (byte)(rd[9 ] >> 20); r[35] = (byte)(rd[10] >> 0); r[36] = (byte)(rd[10] >> 8); r[37] = (byte)(rd[10] >> 16); - r[38] = (byte)(rd[10] >> 24) + ((rd[11] >> 0) << 4); + r[38] = (byte)((rd[10] >> 24) + ((rd[11] >> 0) << 4)); r[39] = (byte)(rd[11] >> 4); r[40] = (byte)(rd[11] >> 12); r[41] = (byte)(rd[11] >> 20); r[42] = (byte)(rd[12] >> 0); r[43] = (byte)(rd[12] >> 8); r[44] = (byte)(rd[12] >> 16); - r[45] = (byte)(rd[12] >> 24) + ((rd[13] >> 0) << 4); + r[45] = (byte)((rd[12] >> 24) + ((rd[13] >> 0) << 4)); r[46] = (byte)(rd[13] >> 4); r[47] = (byte)(rd[13] >> 12); r[48] = (byte)(rd[13] >> 20); r[49] = (byte)(rd[14] >> 0); r[50] = (byte)(rd[14] >> 8); r[51] = (byte)(rd[14] >> 16); - r[52] = (byte)(rd[14] >> 24) + ((rd[15] >> 0) << 4); + r[52] = (byte)((rd[14] >> 24) + ((rd[15] >> 0) << 4)); r[53] = (byte)(rd[15] >> 4); r[54] = (byte)(rd[15] >> 12); r[55] = (byte)(rd[15] >> 20); @@ -10781,18 +10781,10 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, } #if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)) - if (p2 != NULL) { - XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (pi != NULL) { - XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (bslide != NULL) { - XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (aslide != NULL) { - XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c index abe6ea697a..df747a126c 100644 --- a/wolfcrypt/src/ge_low_mem.c +++ b/wolfcrypt/src/ge_low_mem.c @@ -1,6 +1,6 @@ /* ge_low_mem.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 57a838cda7..bcf9d354b5 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -1,6 +1,6 @@ /* ge_operations.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -9470,18 +9470,12 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) out: - if (aslide != NULL) - XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (bslide != NULL) - XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (Ai != NULL) - XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (A2 != NULL) - XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; #else diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 9c7682f2e1..db3a047998 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1,6 +1,6 @@ /* hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -145,7 +145,7 @@ enum wc_HashType wc_HashTypeConvert(int hashType) int wc_HashGetOID(enum wc_HashType hash_type) { - int oid = HASH_TYPE_E; /* Default to hash type error */ + int oid = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ switch(hash_type) { case WC_HASH_TYPE_MD2: @@ -317,7 +317,7 @@ enum wc_HashType wc_OidGetHash(int oid) /* Get Hash digest size */ int wc_HashGetDigestSize(enum wc_HashType hash_type) { - int dig_size = HASH_TYPE_E; /* Default to hash type error */ + int dig_size = WC_NO_ERR_TRACE(HASH_TYPE_E); switch(hash_type) { case WC_HASH_TYPE_MD2: @@ -436,7 +436,7 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) /* Get Hash block size */ int wc_HashGetBlockSize(enum wc_HashType hash_type) { - int block_size = HASH_TYPE_E; /* Default to hash type error */ + int block_size = WC_NO_ERR_TRACE(HASH_TYPE_E); switch (hash_type) { case WC_HASH_TYPE_MD2: @@ -555,7 +555,7 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type) int wc_Hash_ex(enum wc_HashType hash_type, const byte* data, word32 data_len, byte* hash, word32 hash_len, void* heap, int devId) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ int dig_size; /* Validate hash buffer size */ @@ -689,7 +689,7 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL) return BAD_FUNC_ARG; @@ -801,7 +801,7 @@ int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type) int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, word32 dataSz) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; @@ -904,7 +904,7 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL || out == NULL) return BAD_FUNC_ARG; @@ -1007,7 +1007,7 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL) return BAD_FUNC_ARG; @@ -1124,7 +1124,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifdef WOLFSSL_HASH_FLAGS int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL) return BAD_FUNC_ARG; @@ -1203,7 +1203,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) } int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) { - int ret = HASH_TYPE_E; /* Default to hash type error */ + int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ if (hash == NULL) return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 9a80cb1e2e..47f8f13824 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,15 +30,13 @@ #ifndef NO_HMAC -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - +#if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$b") - #pragma const_seg(".fipsB$b") + #pragma code_seg(".fipsA$g") + #pragma const_seg(".fipsB$g") #endif #endif @@ -64,6 +62,14 @@ #define wc_HmacFinal wc_HmacFinal_Software #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_hmac_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000008 }; + int wolfCrypt_FIPS_HMAC_sanity(void) + { + return 0; + } +#endif int wc_HmacSizeByType(int type) { @@ -237,7 +243,8 @@ int _InitHmac(Hmac* hmac, int type, void* heap) } -int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) +int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, + int allowFlag) { #ifndef WOLFSSL_MAXQ108X byte* ip; @@ -259,7 +266,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return BAD_FUNC_ARG; } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) /* if set key has already been run then make sure and free existing */ /* This is for async and PIC32MZ situations, and just normally OK, provided the user calls wc_HmacInit() first. That function is not @@ -277,12 +284,40 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) if (ret != 0) return ret; -#ifdef HAVE_FIPS - if (length < HMAC_FIPS_MIN_KEY) { - WOLFSSL_ERROR_VERBOSE(HMAC_MIN_KEYLEN_E); - return HMAC_MIN_KEYLEN_E; + /* Regarding the password length: + * SP800-107r1 ss 5.3.2 states: "An HMAC key shall have a security strength + * that meets or exceeds the security strength required to protect the data + * over which the HMAC is computed" then refers to SP800-133 for HMAC keys + * generation. + * + * SP800-133r2 ss 6.2.3 states: "When a key is generated from a password, + * the entropy provided (and thus, the maximum security strength that can be + * supported by the generated key) shall be considered to be zero unless the + * password is generated using an approved RBG" + * + * wolfSSL Notes: The statement from SP800-133r2 applies to + * all password lengths. Any human generated password is considered to have + * 0 security strength regardless of length, there is no minimum length that + * is OK or will provide any amount of security strength other than 0. If + * a security strength is required users shall generate random passwords + * using a FIPS approved RBG of sufficient length that any HMAC key + * generated from that password can claim to inherit the needed security + * strength from that input. + */ + + /* In light of the above, Loosen past restriction that limited passwords to + * no less than 14-bytes to allow for shorter Passwords. + * User needs to pass true (non-zero) to override historical behavior that + * prevented use of any password less than 14-bytes. ALL non-RBG generated + * passwords shall inherit a security strength of zero + * (no security strength) + */ + if (!allowFlag) { + if (length < HMAC_FIPS_MIN_KEY) { + WOLFSSL_ERROR_VERBOSE(HMAC_MIN_KEYLEN_E); + return HMAC_MIN_KEYLEN_E; + } } -#endif #ifdef WOLF_CRYPTO_CB hmac->keyRaw = key; /* use buffer directly */ @@ -564,6 +599,16 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) #endif /* WOLFSSL_MAXQ108X */ } +int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) +{ + int allowFlag; + #if defined(HAVE_FIPS) + allowFlag = 0; /* default false for FIPS cases */ + #else + allowFlag = 1; /* default true for all non-FIPS cases */ + #endif + return wc_HmacSetKey_ex(hmac, type, key, length, allowFlag); +} static int HmacKeyInnerHash(Hmac* hmac) { @@ -666,7 +711,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #ifdef WOLF_CRYPTO_CB if (hmac->devId != INVALID_DEVID) { ret = wc_CryptoCb_Hmac(hmac, hmac->macType, msg, length, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; /* reset error code */ @@ -775,7 +820,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) #ifdef WOLF_CRYPTO_CB if (hmac->devId != INVALID_DEVID) { ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, hash); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1230,7 +1275,12 @@ int wolfSSL_GetHmacMaxSize(void) ret = wc_HmacInit(myHmac, heap, devId); if (ret == 0) { + #if FIPS_VERSION3_GE(6,0,0) + ret = wc_HmacSetKey_ex(myHmac, type, localSalt, saltSz, + FIPS_ALLOW_SHORT); + #else ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz); + #endif if (ret == 0) ret = wc_HmacUpdate(myHmac, inKey, inKeySz); if (ret == 0) @@ -1311,7 +1361,12 @@ int wolfSSL_GetHmacMaxSize(void) word32 tmpSz = (n == 1) ? 0 : hashSz; word32 left = outSz - outIdx; + #if FIPS_VERSION3_GE(6,0,0) + ret = wc_HmacSetKey_ex(myHmac, type, inKey, inKeySz, + FIPS_ALLOW_SHORT); + #else ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz); + #endif if (ret != 0) break; ret = wc_HmacUpdate(myHmac, tmp, tmpSz); diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index 15e8d85698..450ee73173 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -1,6 +1,6 @@ /* hpke.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 0a6fa2154a..e6a93af6d4 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -15,6 +15,9 @@ EXTRA_DIST += wolfcrypt/src/evp.c EXTRA_DIST += wolfcrypt/src/asm.c EXTRA_DIST += wolfcrypt/src/aes_asm.asm EXTRA_DIST += wolfcrypt/src/aes_gcm_asm.asm +EXTRA_DIST += wolfcrypt/src/aes_xts_asm.asm +EXTRA_DIST += wolfcrypt/src/chacha_asm.asm +EXTRA_DIST += wolfcrypt/src/poly1305_asm.asm EXTRA_DIST += wolfcrypt/src/wc_dsp.c EXTRA_DIST += wolfcrypt/src/sp_dsp32.c EXTRA_DIST += wolfcrypt/src/sp_x86_64_asm.asm @@ -52,7 +55,7 @@ EXTRA_DIST += \ wolfcrypt/src/fp_sqr_comba_8.i \ wolfcrypt/src/fp_sqr_comba_9.i \ wolfcrypt/src/fp_sqr_comba_small_set.i \ - wolfcrypt/src/fe_x25519_128.i + wolfcrypt/src/fe_x25519_128.h EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/ti/ti-des3.c \ @@ -117,6 +120,9 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/Espressif/esp32_sha.c \ wolfcrypt/src/port/Espressif/esp32_util.c \ wolfcrypt/src/port/Espressif/esp32_mp.c \ + wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \ + wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \ + wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \ wolfcrypt/src/port/Espressif/README.md \ wolfcrypt/src/port/arm/cryptoCell.c \ wolfcrypt/src/port/arm/cryptoCellHash.c \ diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index dadfeb4eef..3deeaeb82e 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 55b7ab0c31..690774474b 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -1,6 +1,6 @@ /* kdf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,15 +30,13 @@ #ifndef NO_KDF -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) - +#if FIPS_VERSION3_GE(5,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$m") - #pragma const_seg(".fipsB$m") + #pragma code_seg(".fipsA$h") + #pragma const_seg(".fipsB$h") #endif #endif @@ -56,6 +54,14 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_kdf_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000009 }; + int wolfCrypt_FIPS_KDF_sanity(void) + { + return 0; + } +#endif #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) @@ -151,9 +157,9 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); if (previous == NULL || current == NULL || hmac == NULL) { - if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); - if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); - if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); + XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); + XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); return MEMORY_E; } #endif @@ -300,6 +306,16 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, { int ret = 0; +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG(" secret"); + WOLFSSL_BUFFER(secret, secLen); + WOLFSSL_MSG(" label"); + WOLFSSL_BUFFER(label, labLen); + WOLFSSL_MSG(" seed"); + WOLFSSL_BUFFER(seed, seedLen); +#endif + + if (useAtLeastSha256) { #ifdef WOLFSSL_SMALL_STACK byte* labelSeed; @@ -344,6 +360,12 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, #endif } +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG(" digest"); + WOLFSSL_BUFFER(digest, digLen); + WOLFSSL_MSG_EX("hash_type %d", hash_type); +#endif + return ret; } #endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */ @@ -542,14 +564,14 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, const byte* info, word32 infoLen, int digest, void* heap) { int ret = 0; - int idx = 0; - int len; + word32 idx = 0; + size_t len; byte *data; (void)heap; /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen + * labellen + infolen */ - len = 4 + protocolLen + labelLen + infoLen; + len = 4U + protocolLen + labelLen + infoLen; data = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER); if (data == NULL) @@ -637,7 +659,7 @@ typedef union { static int _HashInit(byte hashId, _hash* hash) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hashId) { #ifndef NO_SHA @@ -662,6 +684,9 @@ int _HashInit(byte hashId, _hash* hash) ret = wc_InitSha512(&hash->sha512); break; #endif /* WOLFSSL_SHA512 */ + default: + ret = BAD_FUNC_ARG; + break; } return ret; @@ -671,7 +696,7 @@ static int _HashUpdate(byte hashId, _hash* hash, const byte* data, word32 dataSz) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hashId) { #ifndef NO_SHA @@ -696,6 +721,9 @@ int _HashUpdate(byte hashId, _hash* hash, ret = wc_Sha512Update(&hash->sha512, data, dataSz); break; #endif /* WOLFSSL_SHA512 */ + default: + ret = BAD_FUNC_ARG; + break; } return ret; @@ -704,7 +732,7 @@ int _HashUpdate(byte hashId, _hash* hash, static int _HashFinal(byte hashId, _hash* hash, byte* digest) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (hashId) { #ifndef NO_SHA @@ -729,6 +757,9 @@ int _HashFinal(byte hashId, _hash* hash, byte* digest) ret = wc_Sha512Final(&hash->sha512, digest); break; #endif /* WOLFSSL_SHA512 */ + default: + ret = BAD_FUNC_ARG; + break; } return ret; @@ -936,7 +967,7 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx, * @param [in] aes AES object to encrypt with. * @return 0 on success. */ -static int wc_srtp_kdf_derive_key(byte* block, byte indexSz, byte label, +static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, byte* key, word32 keySz, Aes* aes) { int i; @@ -1093,9 +1124,9 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, * @return MEMORY_E on dynamic memory allocation failure. * @return 0 on success. */ -int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, +int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, - word32 key2Sz, byte* key3, word32 key3Sz) + word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator) { int ret = 0; byte block[AES_BLOCK_SIZE]; @@ -1105,6 +1136,15 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, Aes aes[1]; #endif int aes_inited = 0; + int idxLen; + + if (idxLenIndicator == WC_SRTCP_32BIT_IDX) { + idxLen = WC_SRTCP_INDEX_LEN; + } else if (idxLenIndicator == WC_SRTCP_48BIT_IDX) { + idxLen = WC_SRTP_INDEX_LEN; + } else { + return BAD_FUNC_ARG; /* bad or invalid idxLenIndicator */ + } /* Validate parameters. */ if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) || @@ -1136,23 +1176,22 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, /* Calculate first block that can be used in each derivation. */ if (ret == 0) { - wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTCP_INDEX_LEN, - block); + wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, idxLen, block); } /* Calculate first key if required. */ if ((ret == 0) && (key1 != NULL)) { - ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN, + ret = wc_srtp_kdf_derive_key(block, idxLen, WC_SRTCP_LABEL_ENCRYPTION, key1, key1Sz, aes); } /* Calculate second key if required. */ if ((ret == 0) && (key2 != NULL)) { - ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN, + ret = wc_srtp_kdf_derive_key(block, idxLen, WC_SRTCP_LABEL_MSG_AUTH, key2, key2Sz, aes); } /* Calculate third key if required. */ if ((ret == 0) && (key3 != NULL)) { - ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN, + ret = wc_srtp_kdf_derive_key(block, idxLen, WC_SRTCP_LABEL_SALT, key3, key3Sz, aes); } @@ -1164,6 +1203,15 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, return ret; } +int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, + int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, + word32 key2Sz, byte* key3, word32 key3Sz) +{ + /* The default 32-bit IDX expected by many implementations */ + return wc_SRTCP_KDF_ex(key, keySz, salt, saltSz, kdrIdx, index, + key1, key1Sz, key2, key2Sz, key3, key3Sz, + WC_SRTCP_32BIT_IDX); +} /* Derive key with label using SRTP KDF algorithm. * * SP 800-135 (RFC 3711). @@ -1350,4 +1398,104 @@ int wc_SRTP_KDF_kdr_to_idx(word32 kdr) } #endif /* WC_SRTP_KDF */ +#ifdef WC_KDF_NIST_SP_800_56C +static int wc_KDA_KDF_iteration(const byte* z, word32 zSz, word32 counter, + const byte* fixedInfo, word32 fixedInfoSz, enum wc_HashType hashType, + byte* output) +{ + byte counterBuf[4]; + wc_HashAlg hash; + int ret; + + ret = wc_HashInit(&hash, hashType); + if (ret != 0) + return ret; + c32toa(counter, counterBuf); + ret = wc_HashUpdate(&hash, hashType, counterBuf, 4); + if (ret == 0) { + ret = wc_HashUpdate(&hash, hashType, z, zSz); + } + if (ret == 0 && fixedInfoSz > 0) { + ret = wc_HashUpdate(&hash, hashType, fixedInfo, fixedInfoSz); + } + if (ret == 0) { + ret = wc_HashFinal(&hash, hashType, output); + } + wc_HashFree(&hash, hashType); + return ret; +} + +/** + * \brief Performs the single-step key derivation function (KDF) as specified in + * SP800-56C option 1. + * + * \param [in] z The input keying material. + * \param [in] zSz The size of the input keying material. + * \param [in] fixedInfo The fixed information to be included in the KDF. + * \param [in] fixedInfoSz The size of the fixed information. + * \param [in] derivedSecretSz The desired size of the derived secret. + * \param [in] hashType The hash algorithm to be used in the KDF. + * \param [out] output The buffer to store the derived secret. + * \param [in] outputSz The size of the output buffer. + * + * \return 0 if the KDF operation is successful. + * \return BAD_FUNC_ARG if the input parameters are invalid. + * \return negative error code if the KDF operation fails. + */ +int wc_KDA_KDF_onestep(const byte* z, word32 zSz, const byte* fixedInfo, + word32 fixedInfoSz, word32 derivedSecretSz, enum wc_HashType hashType, + byte* output, word32 outputSz) +{ + byte hashTempBuf[WC_MAX_DIGEST_SIZE]; + word32 counter, outIdx; + int hashOutSz; + int ret; + + if (output == NULL || outputSz < derivedSecretSz) + return BAD_FUNC_ARG; + if (z == NULL || zSz == 0 || (fixedInfoSz > 0 && fixedInfo == NULL)) + return BAD_FUNC_ARG; + if (derivedSecretSz == 0) + return BAD_FUNC_ARG; + + hashOutSz = wc_HashGetDigestSize(hashType); + if (hashOutSz == WC_NO_ERR_TRACE(HASH_TYPE_E)) + return BAD_FUNC_ARG; + + /* According to SP800_56C, table 1, the max input size (max_H_inputBits) + * depends on the HASH algo. The smaller value in the table is (2**64-1)/8. + * This is larger than the possible length using word32 integers. */ + + counter = 1; + outIdx = 0; + ret = 0; + + /* According to SP800_56C the number of iterations shall not be greater than + * 2**32-1. This is not possible using word32 integers.*/ + while (outIdx + hashOutSz <= derivedSecretSz) { + ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz, + hashType, output + outIdx); + if (ret != 0) + break; + counter++; + outIdx += hashOutSz; + } + + if (ret == 0 && outIdx < derivedSecretSz) { + ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz, + hashType, hashTempBuf); + if (ret == 0) { + XMEMCPY(output + outIdx, hashTempBuf, derivedSecretSz - outIdx); + } + ForceZero(hashTempBuf, hashOutSz); + } + + if (ret != 0) { + ForceZero(output, derivedSecretSz); + } + + return ret; +} +#endif /* WC_KDF_NIST_SP_800_56C */ + #endif /* NO_KDF */ diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 43c44a1e71..9568f1c6a1 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -126,7 +126,10 @@ THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0; /* Set these to default values initially. */ static wolfSSL_Logging_cb log_function = NULL; -static int loggingEnabled = 0; +#ifndef WOLFSSL_LOGGINGENABLED_DEFAULT +#define WOLFSSL_LOGGINGENABLED_DEFAULT 0 +#endif +static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT; THREAD_LS_T const char* log_prefix = NULL; #if defined(WOLFSSL_APACHE_MYNEWT) @@ -276,8 +279,11 @@ void WOLFSSL_TIME(int count) #include #endif -static void wolfssl_log(const int logLevel, const char *const logMessage) +static void wolfssl_log(const int logLevel, const char* const file_name, + int line_number, const char* const logMessage) { + (void)file_name; + (void)line_number; if (log_function) log_function(logLevel, logMessage); else { @@ -286,46 +292,103 @@ static void wolfssl_log(const int logLevel, const char *const logMessage) #elif defined(ARDUINO) wolfSSL_Arduino_Serial_Print(logMessage); #elif defined(WOLFSSL_LOG_PRINTF) - printf("%s\n", logMessage); + if (file_name != NULL) + printf("[%s L %d] %s\n", file_name, line_number, logMessage); + else + printf("%s\n", logMessage); #elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) - dc_log_printf("%s\n", logMessage); + if (file_name != NULL) + dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage); + else + dc_log_printf("%s\n", logMessage); #elif defined(WOLFSSL_DEOS) - printf("%s\r\n", logMessage); + if (file_name != NULL) + printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); + else + printf("%s\r\n", logMessage); #elif defined(MICRIUM) - BSP_Ser_Printf("%s\r\n", logMessage); + if (file_name != NULL) + BSP_Ser_Printf("[%s L %d] %s\r\n", + file_name, line_number, logMessage); + else + BSP_Ser_Printf("%s\r\n", logMessage); #elif defined(WOLFSSL_MDK_ARM) fflush(stdout) ; - printf("%s\n", logMessage); + if (file_name != NULL) + printf("[%s L %d] %s\n", file_name, line_number, logMessage); + else + printf("%s\n", logMessage); fflush(stdout) ; #elif defined(WOLFSSL_UTASKER) fnDebugMsg((char*)logMessage); fnDebugMsg("\r\n"); #elif defined(MQX_USE_IO_OLD) - fprintf(_mqxio_stderr, "%s\n", logMessage); + if (file_name != NULL) + fprintf(_mqxio_stderr, "[%s L %d] %s\n", + file_name, line_number, logMessage); + else + fprintf(_mqxio_stderr, "%s\n", logMessage); #elif defined(WOLFSSL_APACHE_MYNEWT) - LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage); + if (file_name != NULL) + LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n", + file_name, line_number, logMessage); + else + LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage); #elif defined(WOLFSSL_ESPIDF) - ESP_LOGI("wolfssl", "%s", logMessage); + if (file_name != NULL) + ESP_LOGI("wolfssl", "[%s L %d] %s", + file_name, line_number, logMessage); + else + ESP_LOGI("wolfssl", "%s", logMessage); #elif defined(WOLFSSL_ZEPHYR) - printk("%s\n", logMessage); + if (file_name != NULL) + printk("[%s L %d] %s\n", file_name, line_number, logMessage); + else + printk("%s\n", logMessage); #elif defined(WOLFSSL_TELIT_M2MB) - M2M_LOG_INFO("%s\n", logMessage); + if (file_name != NULL) + M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage); + else + M2M_LOG_INFO("%s\n", logMessage); #elif defined(WOLFSSL_ANDROID_DEBUG) - __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", logMessage); + if (file_name != NULL) + __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s", + file_name, line_number, logMessage); + else + __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", + logMessage); #elif defined(WOLFSSL_XILINX) - xil_printf("%s\r\n", logMessage); + if (file_name != NULL) + xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); + else + xil_printf("%s\r\n", logMessage); #elif defined(WOLFSSL_LINUXKM) - printk("%s\n", logMessage); + if (file_name != NULL) + printk("[%s L %d] %s\n", file_name, line_number, logMessage); + else + printk("%s\n", logMessage); #elif defined(WOLFSSL_RENESAS_RA6M4) - myprintf("%s\n", logMessage); + if (file_name != NULL) + myprintf("[%s L %d] %s\n", file_name, line_number, logMessage); + else + myprintf("%s\n", logMessage); #elif defined(STACK_SIZE_CHECKPOINT_MSG) && \ defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG) STACK_SIZE_CHECKPOINT_MSG(logMessage); #else - if (log_prefix != NULL) - fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage); - else - fprintf(stderr, "%s\n", logMessage); + if (log_prefix != NULL) { + if (file_name != NULL) + fprintf(stderr, "[%s]: [%s L %d] %s\n", + log_prefix, file_name, line_number, logMessage); + else + fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage); + } else { + if (file_name != NULL) + fprintf(stderr, "[%s L %d] %s\n", + file_name, line_number, logMessage); + else + fprintf(stderr, "%s\n", logMessage); + } #endif } } @@ -337,6 +400,7 @@ static void wolfssl_log(const int logLevel, const char *const logMessage) #ifndef WOLFSSL_MSG_EX_BUF_SZ #define WOLFSSL_MSG_EX_BUF_SZ 100 #endif +#undef WOLFSSL_MSG_EX /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ #ifdef __clang__ /* tell clang argument 1 is format */ __attribute__((__format__ (__printf__, 1, 0))) @@ -351,16 +415,42 @@ void WOLFSSL_MSG_EX(const char* fmt, ...) written = XVSNPRINTF(msg, sizeof(msg), fmt, args); va_end(args); if (written > 0) - wolfssl_log(INFO_LOG , msg); + wolfssl_log(INFO_LOG, NULL, 0, msg); + } +} + +#ifdef WOLFSSL_DEBUG_CODEPOINTS +void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...) +{ + if (loggingEnabled) { + char msg[WOLFSSL_MSG_EX_BUF_SZ]; + int written; + va_list args; + va_start(args, fmt); + written = XVSNPRINTF(msg, sizeof(msg), fmt, args); + va_end(args); + if (written > 0) + wolfssl_log(INFO_LOG, file, line, msg); } } #endif +#endif + +#undef WOLFSSL_MSG /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ void WOLFSSL_MSG(const char* msg) { if (loggingEnabled) - wolfssl_log(INFO_LOG , msg); + wolfssl_log(INFO_LOG, NULL, 0, msg); +} + +#ifdef WOLFSSL_DEBUG_CODEPOINTS +void WOLFSSL_MSG2(const char *file, int line, const char* msg) +{ + if (loggingEnabled) + wolfssl_log(INFO_LOG, file, line, msg); } +#endif #ifndef LINE_LEN #define LINE_LEN 16 @@ -375,62 +465,140 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length) } if (!buffer) { - wolfssl_log(INFO_LOG, "\tNULL"); + wolfssl_log(INFO_LOG, NULL, 0, "\tNULL"); return; } while (buflen > 0) { int bufidx = 0; - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t"); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; for (i = 0; i < LINE_LEN; i++) { if (i < buflen) { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", buffer[i]); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", + buffer[i]) >= (int)sizeof(line) - bufidx) + { + goto errout; + } } else { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, " "); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, " ") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } } bufidx += 3; } - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| "); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; for (i = 0; i < LINE_LEN; i++) { if (i < buflen) { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, - "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.'); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, + "%c", 31 < buffer[i] && buffer[i] < 127 + ? buffer[i] + : '.') + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; } } - wolfssl_log(INFO_LOG, line); + wolfssl_log(INFO_LOG, NULL, 0, line); buffer += LINE_LEN; buflen -= LINE_LEN; } -} + return; +errout: + + wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]"); +} + +#undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ void WOLFSSL_ENTER(const char* msg) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg); - wolfssl_log(ENTER_LOG , buffer); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } + wolfssl_log(ENTER_LOG, NULL, 0, buffer); } } +#ifdef WOLFSSL_DEBUG_CODEPOINTS +void WOLFSSL_ENTER2(const char *file, int line, const char* msg) +{ + if (loggingEnabled) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } + wolfssl_log(ENTER_LOG, file, line, buffer); + } +} +#endif +#undef WOLFSSL_LEAVE /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ void WOLFSSL_LEAVE(const char* msg, int ret) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", - msg, ret); - wolfssl_log(LEAVE_LOG , buffer); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", + msg, ret) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } + wolfssl_log(LEAVE_LOG, NULL, 0, buffer); + } +} + +#ifdef WOLFSSL_DEBUG_CODEPOINTS +void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret) +{ + if (loggingEnabled) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", + msg, ret) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } + wolfssl_log(LEAVE_LOG, file, line, buffer); } } +#endif + +#ifdef WOLFSSL_DEBUG_CODEPOINTS + /* restore the wrappers */ + #define WOLFSSL_MSG(msg) WOLFSSL_MSG2(__FILE__, __LINE__, msg) + #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg) + #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret) + #ifdef XVSNPRINTF + #define WOLFSSL_MSG_EX(fmt, args...) \ + WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args) + #endif +#endif WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void) { @@ -714,7 +882,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, while (1) { int ret = wc_PeekErrorNode(0, file, NULL, line); - if (ret == BAD_STATE_E) { + if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) { WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; } @@ -744,7 +912,7 @@ unsigned long wc_GetErrorNodeErr(void) ret = wc_PullErrorNode(NULL, NULL, NULL); if (ret < 0) { - if (ret == BAD_STATE_E) { + if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) { ret = 0; /* no errors in queue */ } else { @@ -1230,7 +1398,9 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, idx = getErrorNodeCurrentIdx(); while (1) { int ret = peekErrorNode(idx, file, NULL, line); - if (ret == BAD_MUTEX_E || ret == BAD_FUNC_ARG || ret == BAD_STATE_E) { + if (ret == WC_NO_ERR_TRACE(BAD_MUTEX_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) || + ret == WC_NO_ERR_TRACE(BAD_STATE_E)) { ERRQ_UNLOCK(); WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; @@ -1263,7 +1433,7 @@ unsigned long wc_GetErrorNodeErr(void) ret = pullErrorNode(NULL, NULL, NULL); if (ret < 0) { - if (ret == BAD_STATE_E) { + if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) { ret = 0; /* no errors in queue */ } else { @@ -1483,7 +1653,7 @@ void WOLFSSL_ERROR(int error) #endif { #ifdef WOLFSSL_ASYNC_CRYPT - if (error != WC_PENDING_E) + if (error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { char buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -1501,7 +1671,8 @@ void WOLFSSL_ERROR(int error) #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* If running in compatibility mode do not add want read and want right to error queue */ - if (error != WANT_READ && error != WANT_WRITE) { + if (error != WC_NO_ERR_TRACE(WANT_READ) && + error != WC_NO_ERR_TRACE(WANT_WRITE)) { #endif if (error < 0) error = error - (2 * error); /* get absolute value */ @@ -1531,7 +1702,7 @@ void WOLFSSL_ERROR(int error) #ifdef DEBUG_WOLFSSL if (loggingEnabled) - wolfssl_log(ERROR_LOG , buffer); + wolfssl_log(ERROR_LOG, NULL, 0, buffer); #endif } } @@ -1540,10 +1711,142 @@ void WOLFSSL_ERROR_MSG(const char* msg) { #ifdef DEBUG_WOLFSSL if (loggingEnabled) - wolfssl_log(ERROR_LOG , msg); + wolfssl_log(ERROR_LOG, NULL, 0, msg); #else (void)msg; #endif } #endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES + +#include + +#if BACKTRACE_SUPPORTED != 1 + #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES is defined but BACKTRACE_SUPPORTED is 0. +#endif + +#if !defined(WOLFSSL_MUTEX_INITIALIZER) && defined(WOLFSSL_NO_ATOMICS) + #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES requires WOLFSSL_MUTEX_INITIALIZER or wolfSSL_Atomic_Ints. +#endif + +#include + +static int backtrace_callback(void *data, uintptr_t pc, const char *filename, + int lineno, const char *function) +{ + if (function == NULL) + return 0; + /* the first callback is for the call to wc_print_backtrace() -- skip it. */ + if (*(int *)data == 0) { + *(int *)data = 1; + return 0; + } +#ifdef NO_STDIO_FILESYSTEM + printf(" #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, + function, filename, lineno); +#else + fprintf(stderr, " #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, + function, filename, lineno); +#endif + return 0; +} + +static void backtrace_error(void *data, const char *msg, int errnum) { + (void)data; +#ifdef NO_STDIO_FILESYSTEM + printf("ERR TRACE: error %d while backtracing: %s", errnum, msg); +#else + fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg); +#endif +} + +static void backtrace_creation_error(void *data, const char *msg, int errnum) { + (void)data; +#ifdef NO_STDIO_FILESYSTEM + printf("ERR TRACE: internal error %d " + "while initializing backtrace facility: %s", errnum, msg); + printf("ERR TRACE: internal error " + "while initializing backtrace facility"); +#else + fprintf(stderr, "ERR TRACE: internal error %d " + "while initializing backtrace facility: %s", errnum, msg); +#endif +} + +static int backtrace_init(struct backtrace_state **backtrace_state) { +#ifdef WOLFSSL_MUTEX_INITIALIZER + static wolfSSL_Mutex backtrace_create_state_mutex = + WOLFSSL_MUTEX_INITIALIZER(backtrace_create_state_mutex); + if (wc_LockMutex(&backtrace_create_state_mutex) != 0) + return -1; +#elif defined(WOLFSSL_ATOMIC_OPS) + static wolfSSL_Atomic_Int init_count = 0; + if (wolfSSL_Atomic_Int_FetchAdd(&init_count, 1) != 1) + return -1; +#endif + if (*backtrace_state == NULL) { + /* passing a NULL filename to backtrace_create_state() tells + * libbacktrace to use a target-specific strategy to determine the + * executable. "libbacktrace supports ELF, PE/COFF, Mach-O, and XCOFF + * executables with DWARF debugging information. In other words, it + * supports GNU/Linux, *BSD, macOS, Windows, and AIX." + */ + *backtrace_state = backtrace_create_state( + NULL, 0, backtrace_creation_error, NULL); + } +#ifdef WOLFSSL_MUTEX_INITIALIZER + wc_UnLockMutex(&backtrace_create_state_mutex); +#endif + if (*backtrace_state == NULL) + return -1; + return 0; +} + +void wc_backtrace_render(void) { + static wolfSSL_Mutex backtrace_mutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex); + static struct backtrace_state *backtrace_state = NULL; + int depth = 0; + +#ifndef WOLFSSL_MUTEX_INITIALIZER + static wolfSSL_Atomic_Int init_count = 0; + if (init_count != 1) { + int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1); + if (cur_init_count != 0) { + (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1); + return; + } + if (wc_InitMutex(&backtrace_mutex) != 0) + return; + /* set init_count to 1, race-free: (-1) - (0-2) = 1 */ + (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2); + } +#endif + + /* backtrace_state can't be shared between threads even when + * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op. this + * helpfully mutexes the initialization too. + */ + if (wc_LockMutex(&backtrace_mutex) != 0) + return; + + if (backtrace_state == NULL) { + if (backtrace_init(&backtrace_state) < 0) { + wc_UnLockMutex(&backtrace_mutex); + return; + } + } + + /* note that the optimizer can produce misleading backtraces, even with + * -funwind-tables. in contrast, the macro-generated "ERR TRACE" message + * from WC_ERR_TRACE() always accurately identifies the error code point. + */ + backtrace_full(backtrace_state, 0, backtrace_callback, backtrace_error, + (void *)&depth); + + wc_UnLockMutex(&backtrace_mutex); +} + +#endif /* WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES */ diff --git a/wolfcrypt/src/md2.c b/wolfcrypt/src/md2.c index 789704e675..c28a049d4f 100644 --- a/wolfcrypt/src/md2.c +++ b/wolfcrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -123,7 +123,7 @@ void wc_Md2Final(Md2* md2, byte* hash) for (i = 0; i < padLen; i++) padding[i] = (byte)padLen; - wc_Md2Update(md2, padding, padLen); + wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */ wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE); XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE); diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c index 68eab5fb2b..65b4dc23f6 100644 --- a/wolfcrypt/src/md4.c +++ b/wolfcrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index daab9c9ecf..f6ca240be9 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 4b068ce9cd..164dc95717 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,16 @@ Possible memory options: * NO_WOLFSSL_MEMORY: Disables wolf memory callback support. When not defined settings.h defines USE_WOLFSSL_MEMORY. * WOLFSSL_STATIC_MEMORY: Turns on the use of static memory buffers and functions. This allows for using static memory instead of dynamic. + * WOLFSSL_STATIC_MEMORY_LEAN: Requires WOLFSSL_STATIC_MEMORY be defined. + * Uses smaller type sizes for structs + * requiring that memory pool sizes be less + * then 65k and limits features available like + * IO buffers to reduce footprint size. + * WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK: + * Enables option to register a debugging + * callback function, useful for + * WOLFSSL_STATIC_MEMORY builds where XMALLOC + * and XFREE are not user defined. * WOLFSSL_STATIC_ALIGN: Define defaults to 16 to indicate static memory alignment. * HAVE_IO_POOL: Enables use of static thread safe memory pool for input/output buffers. * XMALLOC_OVERRIDE: Allows override of the XMALLOC, XFREE and XREALLOC macros. @@ -514,20 +524,39 @@ void* wolfSSL_Realloc(void *ptr, size_t size) struct wc_Memory { byte* buffer; struct wc_Memory* next; +#ifdef WOLFSSL_STATIC_MEMORY_LEAN + /* lean static memory is assumed to be under 65k */ + word16 sz; +#else word32 sz; +#endif +#ifdef WOLFSSL_DEBUG_MEMORY + word16 szUsed; +#endif }; +#ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK +static DebugMemoryCb DebugCb = NULL; + +/* Used to set a debug memory callback. Helpful in cases where + * printf is not available. */ +void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb) +{ + DebugCb = cb; +} +#endif + /* returns amount of memory used on success. On error returns negative value wc_Memory** list is the list that new buckets are prepended to */ -static int create_memory_buckets(byte* buffer, word32 bufSz, - word32 buckSz, word32 buckNum, wc_Memory** list) { - word32 i; +static int wc_create_memory_buckets(byte* buffer, word32 bufSz, + word32 buckSz, byte buckNum, wc_Memory** list) { byte* pt = buffer; int ret = 0; - word32 memSz = (word32)sizeof(wc_Memory); - word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + byte memSz = (byte)sizeof(wc_Memory); + word16 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); + word16 i; /* if not enough space available for bucket size then do not try */ if (buckSz + memSz + padSz > bufSz) { @@ -542,6 +571,12 @@ static int create_memory_buckets(byte* buffer, word32 bufSz, mem->buffer = (byte*)pt + padSz + memSz; mem->next = NULL; + #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK + if (DebugCb) { + DebugCb(buckSz, buckSz, WOLFSSL_DEBUG_MEMORY_INIT, 0); + } + #endif + /* add the newly created struct to front of list */ if (*list == NULL) { *list = mem; @@ -562,41 +597,126 @@ static int create_memory_buckets(byte* buffer, word32 bufSz, return ret; } -int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) +static int wc_partition_static_memory(byte* buffer, word32 sz, int flag, + WOLFSSL_HEAP* heap) { - word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; - word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; + word32 ava = sz; + byte* pt = buffer; + int ret = 0; + byte memSz = (word32)sizeof(wc_Memory); + byte padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); - if (heap == NULL) { - return BAD_FUNC_ARG; + WOLFSSL_ENTER("wc_partition_static_memory"); + + /* align pt */ + while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { + *pt = 0x00; + pt++; + ava--; } +#ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "Allocated %d bytes for static memory @ %p\n", ava, pt); +#endif + + /* divide into chunks of memory and add them to available list */ + while (ava >= (word32)(heap->sizeList[0] + padSz + memSz)) { + #ifndef WOLFSSL_STATIC_MEMORY_LEAN + /* creating only IO buffers from memory passed in, max TLS is 16k */ + if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { + if ((ret = wc_create_memory_buckets(pt, ava, + WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) { + WOLFSSL_LEAVE("wc_partition_static_memory", ret); + return ret; + } + + /* check if no more room left for creating IO buffers */ + if (ret == 0) { + break; + } + + /* advance pointer in buffer for next buckets and keep track + of how much memory is left available */ + pt += ret; + ava -= ret; + } + else + #endif + { + int i; + /* start at largest and move to smaller buckets */ + for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { + if ((word32)(heap->sizeList[i] + padSz + memSz) <= ava) { + if ((ret = wc_create_memory_buckets(pt, ava, + heap->sizeList[i], heap->distList[i], + &(heap->ava[i]))) < 0) { + WOLFSSL_LEAVE("wc_partition_static_memory", ret); + return ret; + } + + /* advance pointer in buffer for next buckets and keep track + of how much memory is left available */ + pt += ret; + ava -= ret; + } + } + } + } + + (void)flag; + return 1; +} + +static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz, + const unsigned int* sizeList, const unsigned int* distList) +{ + unsigned int i; + XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP)); - XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz)); - XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist)); + /* avoid XMEMCPY for LEAN static memory build */ + for (i = 0; i < listSz; i++) { + heap->sizeList[i] = sizeList[i]; + } + for (i = 0; i < listSz; i++) { + heap->distList[i] = distList[i]; + } + +#ifndef SINGLE_THREADED if (wc_InitMutex(&(heap->memory_mutex)) != 0) { WOLFSSL_MSG("Error creating heap memory mutex"); return BAD_MUTEX_E; } +#endif return 0; } -int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, - unsigned char* buf, unsigned int sz, int flag, int maxSz) +int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, + unsigned int listSz, const unsigned int* sizeList, + const unsigned int* distList, unsigned char* buf, + unsigned int sz, int flag, int maxSz) { + WOLFSSL_HEAP* heap = NULL; + WOLFSSL_HEAP_HINT* hint = NULL; + word16 idx = 0; int ret; - WOLFSSL_HEAP* heap; - WOLFSSL_HEAP_HINT* hint; - word32 idx = 0; - if (pHint == NULL || buf == NULL) { + WOLFSSL_ENTER("wc_LoadStaticMemory_ex"); + + if (pHint == NULL || buf == NULL || sizeList == NULL || distList == NULL) { return BAD_FUNC_ARG; } + /* Cap the listSz to the actual number of items allocated in the list. */ + if (listSz > WOLFMEM_MAX_BUCKETS) { + WOLFSSL_MSG("Truncating the list of memory buckets"); + listSz = WOLFMEM_MAX_BUCKETS; + } + if ((sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) > sz - idx) { + WOLFSSL_MSG("Not enough memory for partition tracking"); return BUFFER_E; /* not enough memory for structures */ } @@ -607,7 +727,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, hint = (WOLFSSL_HEAP_HINT*)(buf + idx); idx += sizeof(WOLFSSL_HEAP_HINT); - ret = wolfSSL_init_memory_heap(heap); + ret = wc_init_memory_heap(heap, listSz, sizeList, distList); if (ret != 0) { return ret; } @@ -627,12 +747,13 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, heap = hint->memory; } - ret = wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap); + ret = wc_partition_static_memory(buf + idx, sz - idx, flag, heap); if (ret != 1) { WOLFSSL_MSG("Error partitioning memory"); - return -1; + return MEMORY_E; } +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* determine what max applies too */ if ((flag & WOLFMEM_IO_POOL) || (flag & WOLFMEM_IO_POOL_FIXED)) { heap->maxIO = maxSz; @@ -640,85 +761,48 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, else { /* general memory used in handshakes */ heap->maxHa = maxSz; } - heap->flag |= flag; +#endif *pHint = hint; (void)maxSz; - return 0; } -int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, - WOLFSSL_HEAP* heap) +int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, + unsigned char* buf, unsigned int sz, int flag, int maxSz) { - word32 ava = sz; - byte* pt = buffer; - int ret = 0; - word32 memSz = (word32)sizeof(wc_Memory); - word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); - - WOLFSSL_ENTER("wolfSSL_load_static_memory"); - - if (buffer == NULL) { - return BAD_FUNC_ARG; - } - - /* align pt */ - while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { - *pt = 0x00; - pt++; - ava--; - } - -#ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Allocated %d bytes for static memory @ %p\n", ava, pt); +#ifdef WOLFSSL_LEAN_STATIC_PSK + word16 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; + byte distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; +#else + word32 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; + word32 distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; #endif + int ret = 0; - /* divide into chunks of memory and add them to available list */ - while (ava >= (heap->sizeList[0] + padSz + memSz)) { - /* creating only IO buffers from memory passed in, max TLS is 16k */ - if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { - if ((ret = create_memory_buckets(pt, ava, - WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) { - WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret); - return ret; - } - - /* check if no more room left for creating IO buffers */ - if (ret == 0) { - break; - } + WOLFSSL_ENTER("wc_LoadStaticMemory"); + ret = wc_LoadStaticMemory_ex(pHint, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + buf, sz, flag, maxSz); + WOLFSSL_LEAVE("wc_LoadStaticMemory", ret); + return ret; +} - /* advance pointer in buffer for next buckets and keep track - of how much memory is left available */ - pt += ret; - ava -= ret; - } - else { - int i; - /* start at largest and move to smaller buckets */ - for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { - if ((heap->sizeList[i] + padSz + memSz) <= ava) { - if ((ret = create_memory_buckets(pt, ava, heap->sizeList[i], - heap->distList[i], &(heap->ava[i]))) < 0) { - WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret); - return ret; - } - /* advance pointer in buffer for next buckets and keep track - of how much memory is left available */ - pt += ret; - ava -= ret; - } - } - } +void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap) +{ + WOLFSSL_ENTER("wc_UnloadStaticMemory"); +#ifndef SINGLE_THREADED + if (heap != NULL && heap->memory != NULL) { + wc_FreeMutex(&heap->memory->memory_mutex); } - - return 1; +#else + (void)heap; +#endif } - +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* returns the size of management memory needed for each bucket. * This is memory that is used to keep track of and align memory buckets. */ int wolfSSL_MemoryPaddingSz(void) @@ -731,28 +815,34 @@ int wolfSSL_MemoryPaddingSz(void) /* Used to calculate memory size for optimum use with buckets. returns the suggested size rounded down to the nearest bucket. */ -int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag) +int wolfSSL_StaticBufferSz_ex(unsigned int listSz, + const unsigned int *sizeList, const unsigned int *distList, + byte* buffer, word32 sz, int flag) { - word32 bucketSz[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_BUCKETS}; - word32 distList[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_DIST}; - word32 ava = sz; byte* pt = buffer; word32 memSz = (word32)sizeof(wc_Memory); word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1); - WOLFSSL_ENTER("wolfSSL_static_size"); + WOLFSSL_ENTER("wolfSSL_StaticBufferSz_ex"); - if (buffer == NULL) { + if (buffer == NULL || sizeList == NULL || distList == NULL) { return BAD_FUNC_ARG; } + /* Cap the listSz to the actual number of items allocated in the list. */ + if (listSz > WOLFMEM_MAX_BUCKETS) { + WOLFSSL_MSG("Truncating the list of memory buckets"); + listSz = WOLFMEM_MAX_BUCKETS; + } + /* align pt */ while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { pt++; ava--; } +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* creating only IO buffers from memory passed in, max TLS is 16k */ if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { if (ava < (memSz + padSz + WOLFMEM_IO_SZ)) { @@ -761,29 +851,44 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag) ava = ava % (memSz + padSz + WOLFMEM_IO_SZ); } - else { + else +#endif + { int i, k; - if (ava < (bucketSz[0] + padSz + memSz)) { + if (ava < (sizeList[0] + padSz + memSz)) { return 0; /* not enough room for even one bucket */ } - while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) { + while ((ava >= (sizeList[0] + padSz + memSz)) && (ava > 0)) { /* start at largest and move to smaller buckets */ - for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { + for (i = (listSz - 1); i >= 0; i--) { for (k = distList[i]; k > 0; k--) { - if ((bucketSz[i] + padSz + memSz) <= ava) { - ava -= bucketSz[i] + padSz + memSz; + if ((sizeList[i] + padSz + memSz) <= ava) { + ava -= sizeList[i] + padSz + memSz; } } } } } + WOLFSSL_LEAVE("wolfSSL_StaticBufferSz_ex", sz - ava); return sz - ava; /* round down */ } +/* Calls wolfSSL_StaticBufferSz_ex with the static memory pool config + * used by wolfSSL by default. */ +int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag) +{ + word32 bucketSz[WOLFMEM_DEF_BUCKETS] = {WOLFMEM_BUCKETS}; + word32 distList[WOLFMEM_DEF_BUCKETS] = {WOLFMEM_DIST}; + + return wolfSSL_StaticBufferSz_ex(WOLFMEM_DEF_BUCKETS, bucketSz, distList, + buffer, sz, flag); +} + + int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) { WOLFSSL_MSG("Freeing fixed IO buffer"); @@ -855,6 +960,32 @@ int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats) return 1; } +#endif /* !WOLFSSL_STATIC_MEMORY_LEAN */ + + +/* global heap hint to fall back on when no heap hint is passed to + * XMALLOC/XFREE + * NOT thread safe, should be set once before any expected XMALLOC XFREE calls + */ +static void* globalHeapHint = NULL; + + +/* Used to set a new global heap hint. Returns a pointer to the current global + * heap hint before being set. */ +void* wolfSSL_SetGlobalHeapHint(void* heap) +{ + void *oldHint = globalHeapHint; + + globalHeapHint = heap; + return oldHint; +} + + +/* returns a pointer to the current global heap hint */ +void* wolfSSL_GetGlobalHeapHint(void) +{ + return globalHeapHint; +} #ifdef WOLFSSL_DEBUG_MEMORY @@ -875,7 +1006,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #endif /* if no heap hint then use dynamic memory*/ - if (heap == NULL) { + if (heap == NULL && globalHeapHint == NULL) { #ifdef WOLFSSL_HEAP_TEST /* allow using malloc for creating ctx and method */ if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD || @@ -910,13 +1041,24 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } else { WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; - WOLFSSL_HEAP* mem = hint->memory; + WOLFSSL_HEAP* mem; + + if (hint == NULL) { + hint = (WOLFSSL_HEAP_HINT*)globalHeapHint; + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "(Using global heap hint %p) ", hint); + #endif + } + mem = hint->memory; + #ifndef SINGLE_THREADED if (wc_LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } + #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* case of using fixed IO buffers */ if (mem->flag & WOLFMEM_IO_POOL_FIXED && (type == DYNAMIC_TYPE_OUT_BUFFER || @@ -928,7 +1070,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) pt = hint->inBuf; } } - else { + else + #endif + { + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* check if using IO pool flag */ if (mem->flag & WOLFMEM_IO_POOL && (type == DYNAMIC_TYPE_OUT_BUFFER || @@ -938,6 +1083,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) mem->io = pt->next; } } + #endif /* general static memory */ if (pt == NULL) { @@ -950,7 +1096,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } #ifdef WOLFSSL_DEBUG_STATIC_MEMORY else { - fprintf(stderr, "Size: %ld, Empty: %d\n", size, + fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size, mem->sizeList[i]); } #endif @@ -960,14 +1106,21 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } if (pt != NULL) { - mem->inUse += pt->sz; + #ifndef WOLFSSL_STATIC_MEMORY_LEAN mem->alloc += 1; + #endif res = pt->buffer; #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line); + pt->szUsed = size; + fprintf(stderr, "Alloc: %p -> %lu at %s:%d\n", pt->buffer, size, func, line); #endif - + #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK + if (DebugCb) { + DebugCb(size, pt->sz, WOLFSSL_DEBUG_MEMORY_ALLOC, type); + } + #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* keep track of connection statistics if flag is set */ if (mem->flag & WOLFMEM_TRACK_STATS) { WOLFSSL_MEM_CONN_STATS* stats = hint->stats; @@ -983,15 +1136,24 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) stats->totalAlloc++; } } + #endif } else { WOLFSSL_MSG("ERROR ran out of static memory"); + res = NULL; #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func, line); + fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func, + line); + #endif + #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK + if (DebugCb) { + DebugCb(size, 0, WOLFSSL_DEBUG_MEMORY_FAIL, type); + } #endif } - + #ifndef SINGLE_THREADED wc_UnLockMutex(&(mem->memory_mutex)); + #endif } #ifdef WOLFSSL_MALLOC_CHECK @@ -1030,7 +1192,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type) } #endif - if (heap == NULL) { + if (heap == NULL && globalHeapHint == NULL) { #ifdef WOLFSSL_HEAP_TEST /* allow using malloc for creating ctx and method */ if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD || @@ -1049,22 +1211,40 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #else free(ptr); #endif + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line); + #endif #else WOLFSSL_MSG("Error trying to call free when turned off"); #endif /* WOLFSSL_NO_MALLOC */ } else { WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; - WOLFSSL_HEAP* mem = hint->memory; + WOLFSSL_HEAP* mem; word32 padSz = -(int)sizeof(wc_Memory) & (WOLFSSL_STATIC_ALIGN - 1); + if (hint == NULL) { + hint = (WOLFSSL_HEAP_HINT*)globalHeapHint; + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "(Using global heap hint %p) ", hint); + #endif + } + mem = hint->memory; + if (mem == NULL) { + WOLFSSL_MSG("Bad hint pointer to memory"); + return; + } + /* get memory struct and add it to available list */ pt = (wc_Memory*)((byte*)ptr - sizeof(wc_Memory) - padSz); + #ifndef SINGLE_THREADED if (wc_LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return; } + #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* case of using fixed IO buffers */ if (mem->flag & WOLFMEM_IO_POOL_FIXED && (type == DYNAMIC_TYPE_OUT_BUFFER || @@ -1078,22 +1258,38 @@ void wolfSSL_Free(void *ptr, void* heap, int type) pt->next = mem->io; mem->io = pt; } - else { /* general memory free */ + else + #endif + { /* general memory free */ for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { if (pt->sz == mem->sizeList[i]) { pt->next = mem->ava[i]; mem->ava[i] = pt; + + #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK + if (DebugCb) { + #ifdef WOLFSSL_DEBUG_MEMORY + DebugCb(pt->szUsed, pt->sz, WOLFSSL_DEBUG_MEMORY_FREE, type); + #else + DebugCb(pt->sz, pt->sz, WOLFSSL_DEBUG_MEMORY_FREE, type); + #endif + } + #endif break; } } } + #ifndef WOLFSSL_STATIC_MEMORY_LEAN mem->inUse -= pt->sz; mem->frAlc += 1; + #endif #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Free: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line); + fprintf (stderr, "Free: %p -> %u at %s:%d\n", pt->buffer, + pt->szUsed, func, line); #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* keep track of connection statistics if flag is set */ if (mem->flag & WOLFMEM_TRACK_STATS) { WOLFSSL_MEM_CONN_STATS* stats = hint->stats; @@ -1112,7 +1308,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type) stats->totalFr++; } } + #endif + #ifndef SINGLE_THREADED wc_UnLockMutex(&(mem->memory_mutex)); + #endif } } @@ -1121,6 +1320,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type) (void)type; } +#ifndef WOLFSSL_NO_REALLOC #ifdef WOLFSSL_DEBUG_MEMORY void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line) #else @@ -1138,7 +1338,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) } #endif - if (heap == NULL) { + if (heap == NULL && globalHeapHint == NULL) { #ifdef WOLFSSL_HEAP_TEST WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC"); #endif @@ -1150,9 +1350,17 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) } else { WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; - WOLFSSL_HEAP* mem = hint->memory; + WOLFSSL_HEAP* mem; word32 padSz = -(int)sizeof(wc_Memory) & (WOLFSSL_STATIC_ALIGN - 1); + if (hint == NULL) { + hint = (WOLFSSL_HEAP_HINT*)globalHeapHint; + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "(Using global heap hint %p) ", hint); + #endif + } + mem = hint->memory; + if (ptr == NULL) { #ifdef WOLFSSL_DEBUG_MEMORY return wolfSSL_Malloc(size, heap, type, func, line); @@ -1160,12 +1368,14 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) return wolfSSL_Malloc(size, heap, type); #endif } - + #ifndef SINGLE_THREADED if (wc_LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } + #endif + #ifndef WOLFSSL_STATIC_MEMORY_LEAN /* case of using fixed IO buffers or IO pool */ if (((mem->flag & WOLFMEM_IO_POOL)||(mem->flag & WOLFMEM_IO_POOL_FIXED)) && (type == DYNAMIC_TYPE_OUT_BUFFER || @@ -1178,7 +1388,9 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) } res = pt->buffer; } - else { + else + #endif + { /* general memory */ for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { if ((word32)size <= mem->sizeList[i]) { @@ -1191,30 +1403,40 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) } if (pt != NULL && res == NULL) { + word32 prvSz; + res = pt->buffer; /* copy over original information and free ptr */ - word32 prvSz = ((wc_Memory*)((byte*)ptr - padSz - + prvSz = ((wc_Memory*)((byte*)ptr - padSz - sizeof(wc_Memory)))->sz; prvSz = (prvSz > pt->sz)? pt->sz: prvSz; XMEMCPY(pt->buffer, ptr, prvSz); + #ifndef WOLFSSL_STATIC_MEMORY_LEAN mem->inUse += pt->sz; mem->alloc += 1; + #endif /* free memory that was previously being used */ + #ifndef SINGLE_THREADED wc_UnLockMutex(&(mem->memory_mutex)); + #endif wolfSSL_Free(ptr, heap, type #ifdef WOLFSSL_DEBUG_MEMORY , func, line #endif ); + #ifndef SINGLE_THREADED if (wc_LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } + #endif } } + #ifndef SINGLE_THREADED wc_UnLockMutex(&(mem->memory_mutex)); + #endif } #ifdef WOLFSSL_MALLOC_CHECK @@ -1231,7 +1453,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) return res; } #endif /* WOLFSSL_STATIC_MEMORY */ - +#endif /* WOLFSSL_NO_REALLOC */ #endif /* USE_WOLFSSL_MEMORY */ diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index af5f09abb7..7a9bcb02c9 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -709,13 +709,23 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) { WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n = a.n + b; + a.n += b; if (a.n < b && wrap != NULL) *wrap = 1; return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n += b.n; + if (a.n < b.n && wrap != NULL) + *wrap = 1; + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { if (a.n < b && wrap != NULL) @@ -796,6 +806,13 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) +{ + w64wrapper ret; + ret.n = (word64)a * (word64)b; + return ret; +} + #else WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n) @@ -831,7 +848,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n[1] = a.n[1] + b; + a.n[1] += b; if (a.n[1] < b) { a.n[0]++; if (wrap != NULL && a.n[0] == 0) @@ -841,6 +858,24 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n[1] += b.n[1]; + if (a.n[1] < b.n[1]) { + a.n[0]++; + if (wrap != NULL && a.n[0] == 0) + *wrap = 1; + } + + a.n[0] += b.n[0]; + if (wrap != NULL && a.n[0] < b.n[0]) { + *wrap = 1; + } + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { byte _underflow = 0; @@ -894,7 +929,7 @@ WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a) return a.n[0] == 0 && a.n[1] == 0; } -WC_MISC_STATIC WC_INLINE void c64toa(w64wrapper *a, byte *out) +WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out) { #ifdef BIG_ENDIAN_ORDER word32 *_out = (word32*)(out); @@ -939,7 +974,7 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) { if (shift < 32) { - a.n[1] = (a.n[1] >> shift) || (a.n[0] << (32 - shift)); + a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift)); a.n[0] >>= shift; } else { @@ -951,7 +986,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) { if (shift < 32) { - a.n[0] = (a.n[0] << shift) || (a.n[1] >> (32 - shift)); + a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift)); a.n[1] <<= shift; } else { @@ -961,6 +996,30 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) +{ + w64wrapper ret; + word16 ltlA, ltlB, ltlC, ltlD; + word32 bigA, bigB, bigC, bigD; + + ltlA = a & 0xFFFF; + ltlB = (a >> 16) & 0xFFFF; + ltlC = b & 0xFFFF; + ltlD = (b >> 16) & 0xFFFF; + + bigA = (word32)ltlA * (word32)ltlC; + bigC = (word32)ltlB * (word32)ltlC; + bigD = (word32)ltlA * (word32)ltlD; + bigB = (word32)ltlB * (word32)ltlD; + + ret = w64From32(0, bigB); + ret = w64ShiftLeft(ret, 16); + ret = w64Add32(ret, bigD, NULL); + ret = w64Add32(ret, bigC, NULL); + ret = w64ShiftLeft(ret, 16); + return w64Add32(ret, bigA, NULL); +} + #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */ #endif /* WOLFSSL_W64_WRAPPER */ @@ -1001,6 +1060,25 @@ WC_MISC_STATIC WC_INLINE word32 HashObject(const byte* o, word32 len, #endif /* WOLFCRYPT_ONLY && !NO_HASH_WRAPPER && * (!NO_SESSION_CACHE || HAVE_SESSION_TICKET) */ +WC_MISC_STATIC WC_INLINE char* CopyString(const char* src, int srcLen, + void* heap, int type) { + char* dst = NULL; + + if (src == NULL) + return NULL; + + if (srcLen <= 0) + srcLen = (int)XSTRLEN(src); + + dst = (char*)XMALLOC((size_t)srcLen + 1, heap, type); + if (dst != NULL) { + XMEMCPY(dst, src, (size_t)srcLen); + dst[srcLen] = '\0'; + } + + return dst; +} + #endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */ #endif /* WOLF_CRYPT_MISC_C */ diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index e76f1b1a8e..c24e1f1810 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1,6 +1,6 @@ /* pkcs12.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -130,15 +130,22 @@ typedef struct WC_PKCS12_ATTRIBUTE { WC_PKCS12* wc_PKCS12_new(void) +{ + return wc_PKCS12_new_ex(NULL); +} + + +WC_PKCS12* wc_PKCS12_new_ex(void* heap) { WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12), - NULL, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_PKCS); if (pkcs12 == NULL) { WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct"); return NULL; } XMEMSET(pkcs12, 0, sizeof(WC_PKCS12)); + pkcs12->heap = heap; return pkcs12; } @@ -158,9 +165,7 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap) safe->CI = ci->next; XFREE(ci, heap, DYNAMIC_TYPE_PKCS); } - if (safe->data != NULL) { - XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS); XFREE(safe, heap, DYNAMIC_TYPE_PKCS); (void)heap; @@ -184,25 +189,17 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) /* free mac data */ if (pkcs12->signData != NULL) { - if (pkcs12->signData->digest != NULL) { - XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); - } - if (pkcs12->signData->salt != NULL) { - XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); - } + XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); + XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS); } #ifdef ASN_BER_TO_DER - if (pkcs12->der != NULL) { - XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS); - } - if (pkcs12->safeDer != NULL) { - XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - } + XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS); #endif - XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS); } @@ -290,7 +287,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, #ifdef ASN_BER_TO_DER if (pkcs12->indefinite) { if (wc_BerToDer(input, safe->dataSz, NULL, - &pkcs12->safeDersz) != LENGTH_ONLY_E) { + &pkcs12->safeDersz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_MSG("Not BER sequence"); return ASN_PARSE_E; } @@ -526,8 +523,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, /* failure cleanup */ if (ret != 0) { if (mac) { - if (mac->digest) - XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); + XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); } } @@ -704,7 +700,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) #ifdef ASN_BER_TO_DER if (size == 0) { if (wc_BerToDer(der, totalSz, NULL, - (word32*)&size) != LENGTH_ONLY_E) { + (word32*)&size) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_MSG("Not BER sequence"); return ASN_PARSE_E; } @@ -849,9 +845,7 @@ int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12) wc_PKCS12_free(*pkcs12); *pkcs12 = NULL; } - if (buf != NULL) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("wc_d2i_PKCS12_fp", ret); @@ -1092,9 +1086,7 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap) while (current != NULL) { next = current->next; - if (current->buffer != NULL) { - XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); XFREE(current, heap, DYNAMIC_TYPE_PKCS); current = next; } @@ -1119,7 +1111,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, while (current != NULL) { InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); - if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) { + if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { WOLFSSL_MSG("Key Pair found"); *cert = current->buffer; @@ -1700,10 +1692,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } /* free temporary buffer */ - if (buf != NULL) { - XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - buf = NULL; - } + XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); + buf = NULL; ci = ci->next; WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container"); @@ -1737,10 +1727,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; } - if (buf) { - XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - buf = NULL; - } + XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); + buf = NULL; wc_FreeCertList(certList, pkcs12->heap); } @@ -1819,7 +1807,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, ret = UnTraditionalEnc(key, keySz, pkcs8Key, &sz, pass, passSz, vPKCS, vAlgo, NULL, 0, itt, rng, heap); } - if (ret == LENGTH_ONLY_E) { + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { *outSz = sz + MAX_LENGTH_SZ + 1; return LENGTH_ONLY_E; } @@ -1876,7 +1864,7 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng, /* get max size for shrouded key */ ret = wc_PKCS12_shroud_key(pkcs12, rng, NULL, &length, key, keySz, algo, pass, passSz, iter); - if (ret != LENGTH_ONLY_E && ret < 0) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && ret < 0) { return ret; } @@ -2085,7 +2073,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, encSz = contentSz; if ((ret = EncryptContent(NULL, contentSz, NULL, &encSz, pass, passSz, vPKCS, vAlgo, NULL, 0, iter, rng, heap)) < 0) { - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } } @@ -2275,7 +2263,7 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey, /* get max size for key bag */ ret = wc_PKCS12_create_key_bag(pkcs12, rng, NULL, &keyBufSz, key, keySz, algo, iter, pass, (int)passSz); - if (ret != LENGTH_ONLY_E && ret < 0) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && ret < 0) { WOLFSSL_MSG("Error getting key bag size"); return NULL; } @@ -2312,7 +2300,7 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey, #endif ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, keyCiSz, NULL, keyBufSz, algo, pass, (int)passSz, iter, WC_PKCS12_DATA); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_MSG("Error getting key encrypt content size"); return NULL; @@ -2397,7 +2385,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert, /* get max size of buffer needed */ ret = wc_PKCS12_create_cert_bag(pkcs12, NULL, &certBufSz, cert, certSz); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return NULL; } @@ -2409,7 +2397,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert, while (current != NULL) { ret = wc_PKCS12_create_cert_bag(pkcs12, NULL, &curBufSz, current->buffer, current->bufferSz); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return NULL; } certBufSz += curBufSz; @@ -2461,7 +2449,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert, /* get buffer size needed for content info */ ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, certCiSz, NULL, certBufSz, algo, pass, (int)passSz, iter, type); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { XFREE(certBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("wc_PKCS12_create()", ret); return NULL; @@ -2517,7 +2505,7 @@ static int PKCS12_create_safe(WC_PKCS12* pkcs12, byte* certCi, word32 certCiSz, /* add Content Info structs to safe, key first then cert */ ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, &safeDataSz, NULL, innerDataSz, 0, NULL, 0, 0, WC_PKCS12_DATA); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -2604,20 +2592,12 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, return NULL; } - if ((pkcs12 = wc_PKCS12_new()) == NULL) { + if ((pkcs12 = wc_PKCS12_new_ex(heap)) == NULL) { wc_FreeRng(&rng); WOLFSSL_LEAVE("wc_PKCS12_create", MEMORY_E); return NULL; } - if ((ret = wc_PKCS12_SetHeap(pkcs12, heap)) != 0) { - wc_PKCS12_free(pkcs12); - wc_FreeRng(&rng); - WOLFSSL_LEAVE("wc_PKCS12_create", ret); - (void)ret; - return NULL; - } - if (iter <= 0) { iter = WC_PKCS12_ITT_DEFAULT; } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 96a39f3a52..84bea86135 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1,6 +1,6 @@ /* pkcs7.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -284,12 +284,12 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, if (rdSz >= inSz) { /* no more input to read, reset input index and request more data */ pkcs7->stream->idx = 0; - return WC_PKCS7_WANT_READ_E; + return WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E); } /* try to store input data into stream buffer */ if (inSz - rdSz > 0 && pkcs7->stream->length < expected) { - int len = min(inSz - rdSz, expected - pkcs7->stream->length); + int len = (int)min(inSz - rdSz, expected - pkcs7->stream->length); /* sanity check that the input buffer is not internal buffer */ if (in == pkcs7->stream->buffer) { @@ -324,7 +324,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, /* if not enough data was read in then request more */ if (pkcs7->stream->length < expected) { pkcs7->stream->idx = 0; - return WC_PKCS7_WANT_READ_E; + return WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E); } /* adjust pointer to read from stored buffer */ @@ -357,11 +357,11 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) byte* pt; if (pkcs7->stream->length > 0) { - length = pkcs7->stream->length; + length = (int)pkcs7->stream->length; pt = pkcs7->stream->buffer; } else { - length = defSz; + length = (int)defSz; pt = in; } maxIdx = (word32)length; @@ -379,8 +379,8 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) #ifdef ASN_BER_TO_DER if (length == 0 && ret == 0) { idx = 0; - if ((ret = wc_BerToDer(pt, maxIdx, NULL, - (word32*)&length)) != LENGTH_ONLY_E) { + if ((ret = wc_BerToDer(pt, maxIdx, NULL, (word32*)&length)) + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } } @@ -504,7 +504,7 @@ static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState) pkcs7->state, wc_PKCS7_GetStateName(pkcs7->state), newState, wc_PKCS7_GetStateName(newState)); #endif - pkcs7->state = newState; + pkcs7->state = (word32)newState; } #define MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ + \ @@ -630,7 +630,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) return BAD_FUNC_ARG; } - idSz = SetLength(typeSz, ID_Length); + idSz = (int)SetLength(typeSz, ID_Length); output[idx++] = ASN_OBJECT_ID; XMEMCPY(output + idx, ID_Length, idSz); idx += idSz; @@ -830,6 +830,14 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) return 0; } +#ifdef WC_ASN_UNKNOWN_EXT_CB +void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb) +{ + if (pkcs7 != NULL) { + pkcs7->unknownExtCallback = cb; + } +} +#endif /* Certificate structure holding der pointer, size, and pointer to next * Pkcs7Cert struct. Used when creating SignedData types with multiple @@ -1041,9 +1049,11 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID, /* Try to decode public key and check with wc_ecc_check_key() */ ret = wc_EccPublicKeyDecode(key, &scratch, ecc, keySz); + #if defined(WOLFSSL_VALIDATE_ECC_IMPORT) if (ret == 0) { ret = wc_ecc_check_key(ecc); } + #endif wc_ecc_free(ecc); break; @@ -1072,6 +1082,9 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) int devId; Pkcs7Cert* cert; Pkcs7Cert* lastCert; +#ifdef WC_ASN_UNKNOWN_EXT_CB + wc_UnknownExtCallback cb; +#endif if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) { return BAD_FUNC_ARG; @@ -1080,9 +1093,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) heap = pkcs7->heap; devId = pkcs7->devId; cert = pkcs7->certList; +#ifdef WC_ASN_UNKNOWN_EXT_CB + cb = pkcs7->unknownExtCallback; /* save / restore callback */ +#endif ret = wc_PKCS7_Init(pkcs7, heap, devId); if (ret != 0) return ret; + +#ifdef WC_ASN_UNKNOWN_EXT_CB + pkcs7->unknownExtCallback = cb; +#endif pkcs7->certList = cert; if (derCert != NULL && derCertSz > 0) { @@ -1131,6 +1151,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) } InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap); +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (pkcs7->unknownExtCallback != NULL) + wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback); +#endif ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { FreeDecodedCert(dCert); @@ -1167,9 +1191,9 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) pkcs7->publicKeyOID = dCert->keyOID; XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE); pkcs7->issuer = dCert->issuerRaw; - pkcs7->issuerSz = dCert->issuerRawLen; + pkcs7->issuerSz = (word32)dCert->issuerRawLen; XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz); - pkcs7->issuerSnSz = dCert->serialSz; + pkcs7->issuerSnSz = (word32)dCert->serialSz; XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE); /* default to IssuerAndSerialNumber for SignerIdentifier */ @@ -1241,12 +1265,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap) current = attrib; while (current != NULL) { PKCS7DecodedAttrib* next = current->next; - if (current->oid != NULL) { - XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7); - } - if (current->value != NULL) { - XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7); + XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7); XFREE(current, heap, DYNAMIC_TYPE_PKCS7); current = next; } @@ -1258,10 +1278,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap) /* return 0 on success */ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) { - if (pkcs7->signerInfo != NULL) { - XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo = NULL; - } + XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo = NULL; pkcs7->signerInfo = (PKCS7SignerInfo*)XMALLOC(sizeof(PKCS7SignerInfo), pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -1277,10 +1295,8 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7) { if (pkcs7->signerInfo != NULL) { - if (pkcs7->signerInfo->sid != NULL) { - XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo->sid = NULL; - } + XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo->sid = NULL; XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->signerInfo = NULL; } @@ -1296,17 +1312,15 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz) return BAD_FUNC_ARG; } - if (pkcs7->signerInfo->sid != NULL) { - XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo->sid = NULL; - } + XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo->sid = NULL; pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->signerInfo->sid == NULL) { return MEMORY_E; } XMEMCPY(pkcs7->signerInfo->sid, in, inSz); - pkcs7->signerInfo->sidSz = inSz; + pkcs7->signerInfo->sidSz = (word32)inSz; return 0; } @@ -1327,15 +1341,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7) wc_PKCS7_FreeCertSet(pkcs7); #ifdef ASN_BER_TO_DER - if (pkcs7->der != NULL) { - XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->der = NULL; - } + XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->der = NULL; #endif - if (pkcs7->contentDynamic != NULL) { - XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->contentDynamic = NULL; - } + XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->contentDynamic = NULL; if (pkcs7->cek != NULL) { ForceZero(pkcs7->cek, pkcs7->cekSz); @@ -1554,7 +1564,7 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz, PKCS7Attrib* attribs, int attribsSz) { int i; - int maxSz = min(eaSz, attribsSz); + int maxSz = (int)min((word32)eaSz, attribsSz); int allAttribsSz = 0; for (i = 0; i < maxSz; i++) @@ -1564,14 +1574,14 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz, ea[i].value = attribs[i].value; ea[i].valueSz = attribs[i].valueSz; attribSz += ea[i].valueSz; - ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet); + ea[i].valueSetSz = SetSet((word32)attribSz, ea[i].valueSet); attribSz += ea[i].valueSetSz; ea[i].oid = attribs[i].oid; ea[i].oidSz = attribs[i].oidSz; attribSz += ea[i].oidSz; - ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq); + ea[i].valueSeqSz = SetSequence((word32)attribSz, ea[i].valueSeq); attribSz += ea[i].valueSeqSz; - ea[i].totalSz = attribSz; + ea[i].totalSz = (word32)attribSz; allAttribsSz += attribSz; } @@ -1614,7 +1624,7 @@ static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows) XFREE(arr[i], pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } } - ForceZero(arr, rows); + ForceZero(arr, (word32)rows); XFREE(arr, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } (void)pkcs7; @@ -1637,12 +1647,12 @@ static int SortAttribArray(FlatAttrib** arr, int rows) for (i = 0; i < rows; i++) { a = arr[i]; minSz = a->dataSz; - minIdx = i; + minIdx = (word32)i; for (j = i+1; j < rows; j++) { b = arr[j]; if (b->dataSz < minSz) { minSz = b->dataSz; - minIdx = j; + minIdx = (word32)j; } } if (minSz < a->dataSz) { @@ -1695,7 +1705,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, fa = derArr[i]; fa->data = output; - fa->dataSz = sz; + fa->dataSz = (word32)sz; } return 0; @@ -1715,12 +1725,12 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea, } /* create array of FlatAttrib struct pointers to hold DER attribs */ - derArr = (FlatAttrib**) XMALLOC(eaSz * sizeof(FlatAttrib*), pkcs7->heap, + derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (derArr == NULL) { return MEMORY_E; } - XMEMSET(derArr, 0, eaSz * sizeof(FlatAttrib*)); + XMEMSET(derArr, 0, (unsigned long)eaSz * sizeof(FlatAttrib*)); for (i = 0; i < eaSz; i++) { derArr[i] = NewAttrib(pkcs7->heap); @@ -1785,7 +1795,8 @@ static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey) #endif } #ifdef WOLF_CRYPTO_CB - else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) { + else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) && + pkcs7->devId != INVALID_DEVID) { /* if using crypto callbacks, try public key decode */ idx = 0; ret = wc_RsaPublicKeyDecode(pkcs7->privateKey, &idx, privKey, @@ -1837,7 +1848,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) privKey, pkcs7->rng); } #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif } @@ -1874,7 +1885,8 @@ static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey) } } #ifdef WOLF_CRYPTO_CB - else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) { + else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) && + pkcs7->devId != INVALID_DEVID) { /* if using crypto callbacks, try public key decode */ idx = 0; ret = wc_EccPublicKeyDecode(pkcs7->privateKey, &idx, privKey, @@ -1927,7 +1939,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) &outSz, pkcs7->rng, privKey); } #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif if (ret == 0) ret = (int)outSz; @@ -2068,7 +2080,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, cannedAttribs[idx].oid = signingTimeOid; cannedAttribs[idx].oidSz = signingTimeOidSz; cannedAttribs[idx].value = signingTime; - cannedAttribs[idx].valueSz = timeSz; + cannedAttribs[idx].valueSz = (word32)timeSz; idx++; } #endif @@ -2078,13 +2090,13 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, cannedAttribs[idx].oid = messageDigestOid; cannedAttribs[idx].oidSz = messageDigestOidSz; cannedAttribs[idx].value = esd->contentDigest; - cannedAttribs[idx].valueSz = hashSz + 2; /* ASN.1 heading */ + cannedAttribs[idx].valueSz = (word32)hashSz + 2; /* ASN.1 heading */ idx++; } esd->signedAttribsCount += cannedAttribsCount; esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx], - idx, cannedAttribs, cannedAttribsCount); + (int)idx, cannedAttribs, cannedAttribsCount); atrIdx += idx; } else { esd->signedAttribsCount = 0; @@ -2310,8 +2322,9 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2, hashSz); } - /* set algoID, with NULL attributes */ - algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0); + /* Set algoID, allow absent hash params */ + algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType, + 0, pkcs7->hashParamsAbsent); digestStrSz = SetOctetString(hashSz, digestStr); digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz, @@ -2330,7 +2343,7 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz); digIdx += hashSz; - *digestInfoSz = digIdx; + *digestInfoSz = (word32)digIdx; return 0; } @@ -2426,7 +2439,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, /* CMS with ECDSA does not sign DigestInfo structure * like PKCS#7 with RSA does */ ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest, - hashSz, esd); + (word32)hashSz, esd); break; #endif @@ -2468,7 +2481,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz, byte* out, word32* outIdx, ESD* esd) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); byte encContentOutOct[MAX_OCTET_STR_SZ]; word32 encContentOutOctSz = 0; @@ -2477,39 +2490,40 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, XMEMCPY(encContentOut, contentData, contentDataSz); if (esd && esd->contentDigestSet != 1) { ret = wc_HashUpdate(&esd->hash, esd->hashType, - contentData, contentDataSz); + contentData, (word32)contentDataSz); } break; #ifndef NO_AES case WC_CIPHER_AES_CBC: ret = wc_AesCbcEncrypt(aes, encContentOut, - contentData, contentDataSz); + contentData, (word32)contentDataSz); break; #endif #ifdef WOLFSSL_AESGCM_STREAM case WC_CIPHER_AES_GCM: ret = wc_AesGcmEncryptUpdate(aes, encContentOut, - contentData, contentDataSz, NULL, 0); + contentData, (word32)contentDataSz, NULL, 0); break; #endif } #ifdef WOLFSSL_ASYNC_CRYPT /* async encrypt not available here, so block till done */ - if (ret == WC_PENDING_E && cipherType != WC_CIPHER_NONE) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && + cipherType != WC_CIPHER_NONE) { ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); } #endif if (ret == 0) { - encContentOutOctSz = SetOctetString(contentDataSz, encContentOutOct); + encContentOutOctSz = SetOctetString((word32)contentDataSz, encContentOutOct); wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx: NULL, encContentOutOct, encContentOutOctSz); *outIdx += encContentOutOctSz; wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL, - encContentOut, contentDataSz); + encContentOut, (word32)contentDataSz); *outIdx += contentDataSz; } @@ -2551,7 +2565,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, if (cipherType != WC_CIPHER_NONE) { padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, - wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID)); + (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID)); } if (cipherType == WC_CIPHER_NONE && esd && esd->contentDigestSet != 1) { @@ -2633,7 +2647,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, /* copy over any remaining data */ XMEMCPY(contentData, buf + sz, contentDataRead); - idx = contentDataRead; + idx = (word32)contentDataRead; } else { /* was not on an octet boundary, copy full @@ -2661,7 +2675,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, /* encrypt and flush out remainder of content data */ ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, aes, - encContentOut, contentData, idx, out, &outIdx, esd); + encContentOut, contentData, (int)idx, out, &outIdx, esd); if (ret == 0) { if (cipherType == WC_CIPHER_NONE && esd && esd->contentDigestSet != 1) { @@ -2688,7 +2702,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, ret = wc_HashInit(&esd->hash, esd->hashType); if (ret == 0) ret = wc_HashUpdate(&esd->hash, esd->hashType, in, - inSz); + (word32)inSz); if (ret == 0) ret = wc_HashFinal(&esd->hash, esd->hashType, esd->contentDigest + 2); @@ -2698,13 +2712,13 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, #ifndef NO_AES case WC_CIPHER_AES_CBC: - ret = wc_AesCbcEncrypt(aes, out, in, inSz); + ret = wc_AesCbcEncrypt(aes, out, in, (word32)inSz); break; #endif #ifdef WOLFSSL_AESGCM_STREAM case WC_CIPHER_AES_GCM: - ret = wc_AesGcmEncryptUpdate(aes, out, in, inSz, NULL, 0); + ret = wc_AesGcmEncryptUpdate(aes, out, in, (word32)inSz, NULL, 0); break; #endif } @@ -2829,7 +2843,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = ret; goto out; } - pkcs7->contentTypeSz = ret; + pkcs7->contentTypeSz = (word32)ret; } /* set signedData outer content type */ @@ -2838,7 +2852,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = ret; goto out; } - signedDataOidSz = ret; + signedDataOidSz = (word32)ret; if (pkcs7->sidType != DEGENERATE_SID) { esd->hashType = wc_OidGetHash(pkcs7->hashOID); @@ -2884,7 +2898,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, /* SignerIdentifier */ if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { /* IssuerAndSerialNumber */ - esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, + esd->issuerSnSz = (word32)SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, esd->issuerSn, MAX_SN_SZ, MAX_SN_SZ); signerInfoSz += esd->issuerSnSz; esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName); @@ -2894,22 +2908,22 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, if (pkcs7->version == 3) { /* RFC 4108 version MUST be 3 for firmware package signer */ - esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0); + esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0); } else { /* version MUST be 1 otherwise*/ - esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0); + esd->signerVersionSz = (word32)SetMyVersion(1, esd->signerVersion, 0); } } else if (pkcs7->sidType == CMS_SKID) { /* SubjectKeyIdentifier */ - esd->issuerSKIDSz = SetOctetString(keyIdSize, esd->issuerSKID); + esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID); esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize, esd->issuerSKIDSeq, 0); signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize); /* version MUST be 3 */ - esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0); + esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0); } else if (pkcs7->sidType == DEGENERATE_SID) { /* no signer info added */ } else { @@ -2919,8 +2933,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, if (pkcs7->sidType != DEGENERATE_SID) { signerInfoSz += esd->signerVersionSz; - esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId, - oidHashType, 0); + esd->signerDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->signerDigAlgoId, + oidHashType, 0, pkcs7->hashParamsAbsent); signerInfoSz += esd->signerDigAlgoIdSz; /* set signatureAlgorithm */ @@ -2930,8 +2944,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = ret; goto out; } - esd->digEncAlgoIdSz = SetAlgoID(digEncAlgoId, esd->digEncAlgoId, - digEncAlgoType, 0); + esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId, + digEncAlgoType, 0, pkcs7->hashParamsAbsent); signerInfoSz += esd->digEncAlgoIdSz; /* build up signed attributes, include contentType, signingTime, and @@ -2966,7 +2980,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } if (pkcs7->publicKeyOID != ECDSAk && hashBuf == NULL) { - ret = esd->encContentDigestSz = wc_PKCS7_GetSignSize(pkcs7); + ret = wc_PKCS7_GetSignSize(pkcs7); + esd->encContentDigestSz = (word32)ret; } else { ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs, @@ -3004,17 +3019,17 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0); if (pkcs7->sidType != DEGENERATE_SID) { - esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, - oidHashType, 0); + esd->singleDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->singleDigAlgoId, + oidHashType, 0, pkcs7->hashParamsAbsent); } esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet); if (pkcs7->version == 3) { /* RFC 4108 version MUST be 3 for firmware package signer */ - esd->versionSz = SetMyVersion(3, esd->version, 0); + esd->versionSz = (word32)SetMyVersion(3, esd->version, 0); } else { - esd->versionSz = SetMyVersion(1, esd->version, 0); + esd->versionSz = (word32)SetMyVersion(1, esd->version, 0); } totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz + @@ -3096,7 +3111,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } #endif *outputSz = totalSz; - idx = totalSz; + idx = (int)totalSz; goto out; } idx = BUFFER_E; @@ -3149,7 +3164,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, /* support returning header and footer without content */ if (output2 && output2Sz) { - *outputSz = idx; + *outputSz = (word32)idx; idx = 0; } else { @@ -3243,7 +3258,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, esd->issuerSKID, esd->issuerSKIDSz); idx += esd->issuerSKIDSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, - pkcs7->issuerSubjKeyId, keyIdSize); + pkcs7->issuerSubjKeyId, (word32)keyIdSize); idx += keyIdSize; } else if (pkcs7->sidType == DEGENERATE_SID) { /* no signer infos in degenerate case */ @@ -3341,23 +3356,20 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, #endif if (output2Sz) { - *output2Sz = idx; + *output2Sz = (word32)idx; idx = 0; /* success */ } else { - *outputSz = idx; + *outputSz = (word32)idx; } out: - if (flatSignedAttribs != NULL) - XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - if (esd) - XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (signedDataOid) - XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; @@ -3517,7 +3529,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_HashFree(&hash, hashType); } if (ret == 0) { - ret = PKCS7_EncodeSigned(pkcs7, hashBuf, hashSz, + ret = PKCS7_EncodeSigned(pkcs7, hashBuf, (word32)hashSz, output, &outputSz, NULL, NULL); } } @@ -3669,7 +3681,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) { - ForceZero(encrypted, encryptedSz); + ForceZero(encrypted, (word32)encryptedSz); XFREE(encrypted, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -3677,7 +3689,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, /* 2: build up SignedData, encapsulating EncryptedData */ pkcs7->rng = &rng; pkcs7->content = encrypted; - pkcs7->contentSz = encryptedSz; + pkcs7->contentSz = (word32)encryptedSz; pkcs7->contentOID = ENCRYPTED_DATA; pkcs7->hashOID = hashOID; pkcs7->encryptOID = signOID; @@ -3691,7 +3703,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, WOLFSSL_MSG("Error encoding CMS SignedData content type"); } - ForceZero(encrypted, encryptedSz); + ForceZero(encrypted, (word32)encryptedSz); XFREE(encrypted, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->rng = NULL; wc_FreeRng(&rng); @@ -4041,11 +4053,11 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_RsaSSL_Verify(sig, sigSz, digest, MAX_PKCS7_DIGEST_SZ, + ret = wc_RsaSSL_Verify(sig, (word32)sigSz, digest, MAX_PKCS7_DIGEST_SZ, key); } #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif FreeDecodedCert(dCert); wc_FreeRsaKey(key); @@ -4169,10 +4181,10 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &res, key); + ret = wc_ecc_verify_hash(sig, (word32)sigSz, hash, hashSz, &res, key); } #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif FreeDecodedCert(dCert); @@ -4248,7 +4260,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashGetDigestSize(hashType); if (ret < 0) return ret; - hashSz = ret; + hashSz = (word32)ret; if (signedAttribSz > 0) { if (signedAttrib == NULL) @@ -4312,8 +4324,9 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, } } - /* Set algoID, with NULL attributes */ - algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0); + /* Set algoID, match whatever was input to match either NULL or absent */ + algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType, + 0, pkcs7->hashParamsAbsent); digestStrSz = SetOctetString(hashSz, digestStr); digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz, @@ -4329,7 +4342,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, digIdx += hashSz; XMEMCPY(pkcs7Digest, digestInfo, digIdx); - *pkcs7DigestSz = digIdx; + *pkcs7DigestSz = (word32)digIdx; /* set plain digest pointer */ *plainDigest = pkcs7Digest + digIdx - hashSz; @@ -4421,7 +4434,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); content = pkcs7->content; - contentLen = pkcs7->contentSz; + contentLen = (int)pkcs7->contentSz; if (pkcs7->contentIsPkcs7Type == 1) { /* Content follows PKCS#7 RFC, which defines type as ANY. CMS @@ -4434,7 +4447,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, } if (GetLength_ex(content, &contentIdx, &contentLen, - contentLen, 1) < 0) { + (word32)contentLen, 1) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -4442,7 +4455,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, } } - ret = wc_Hash(hashType, content + contentIdx, contentLen, digest, + ret = wc_Hash(hashType, content + contentIdx, (word32)contentLen, digest, MAX_PKCS7_DIGEST_SZ); if (ret < 0) { WOLFSSL_MSG("Error hashing PKCS7 content for verification"); @@ -4623,11 +4636,11 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, #ifndef NO_RSA case RSAk: - ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, pkcs7Digest, + ret = wc_PKCS7_RsaVerify(pkcs7, sig, (int)sigSz, pkcs7Digest, pkcs7DigestSz); if (ret < 0) { WOLFSSL_MSG("PKCS#7 verification failed, trying CMS"); - ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, plainDigest, + ret = wc_PKCS7_RsaVerify(pkcs7, sig, (int)sigSz, plainDigest, plainDigestSz); } break; @@ -4635,7 +4648,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, #ifdef HAVE_ECC case ECDSAk: - ret = wc_PKCS7_EcdsaVerify(pkcs7, sig, sigSz, plainDigest, + ret = wc_PKCS7_EcdsaVerify(pkcs7, sig, (int)sigSz, plainDigest, plainDigestSz); break; #endif @@ -4681,7 +4694,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) /* if sigOID is already RSAk */ case RSAk: - pkcs7->publicKeyOID = sigOID; + pkcs7->publicKeyOID = (word32)sigOID; break; #endif @@ -4693,7 +4706,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) /* if sigOID is already DSAk */ case DSAk: - pkcs7->publicKeyOID = sigOID; + pkcs7->publicKeyOID = (word32)sigOID; break; #endif @@ -4713,7 +4726,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) /* if sigOID is already ECDSAk */ case ECDSAk: - pkcs7->publicKeyOID = sigOID; + pkcs7->publicKeyOID = (word32)sigOID; break; #endif @@ -4757,7 +4770,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) int oidIdx; PKCS7DecodedAttrib* attrib; - if (GetSequence(in, &idx, &length, inSz) < 0) + if (GetSequence(in, &idx, &length, (word32)inSz) < 0) return ASN_PARSE_E; attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib), @@ -4767,8 +4780,8 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) } XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib)); - oidIdx = idx; - if (GetObjectId(in, &idx, &oid, oidIgnoreType, inSz) + oidIdx = (int)idx; + if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz) < 0) { XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; @@ -4783,7 +4796,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) XMEMCPY(attrib->oid, in + oidIdx, attrib->oidSz); /* Get Set that contains the printable string value */ - if (GetSet(in, &idx, &length, inSz) < 0) { + if (GetSet(in, &idx, &length, (word32)inSz) < 0) { XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; @@ -4857,6 +4870,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, word32 sigOID = 0, hashOID = 0; word32 idx = *idxIn, localIdx; byte tag; + byte absentParams = FALSE; WOLFSSL_ENTER("wc_PKCS7_ParseSignerInfo"); /* require a signer if degenerate case not allowed */ @@ -4958,10 +4972,12 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, } /* Get the sequence of digestAlgorithm */ - if (ret == 0 && GetAlgoId(in, &idx, &hashOID, oidHashType, inSz) < 0) { + if (ret == 0 && GetAlgoIdEx(in, &idx, &hashOID, oidHashType, + inSz, &absentParams) < 0) { ret = ASN_PARSE_E; } pkcs7->hashOID = (int)hashOID; + pkcs7->hashParamsAbsent = absentParams; /* Get the IMPLICIT[0] SET OF signedAttributes */ localIdx = idx; @@ -4992,7 +5008,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, /* store public key type based on digestEncryptionAlgorithm */ if (ret == 0) { - ret = wc_PKCS7_SetPublicKeyOID(pkcs7, sigOID); + ret = wc_PKCS7_SetPublicKeyOID(pkcs7, (int)sigOID); if (ret < 0) { WOLFSSL_MSG("Failed to set public key OID from signature"); } @@ -5039,10 +5055,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, /* no content case, do nothing */ if (pkcs7->stream->noContent) { if (pkcs7->content && pkcs7->contentSz > 0) { - if (pkcs7->stream->content != NULL) { - XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->content = NULL; - } + XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->stream->content = NULL; pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -5057,10 +5071,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, } /* free pkcs7->contentDynamic buffer */ - if (pkcs7->contentDynamic != NULL) { - XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->contentDynamic = NULL; - } + XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->contentDynamic = NULL; while(1) { if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, @@ -5087,8 +5099,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, } /* set up for next octet string */ - pkcs7->stream->currContSz = length; - pkcs7->stream->currContRmnSz = length; + pkcs7->stream->currContSz = (word32)length; + pkcs7->stream->currContRmnSz = (word32)length; pkcs7->stream->expected = min(pkcs7->stream->currContRmnSz, MAX_PKCS7_STREAM_BUFFER); @@ -5100,7 +5112,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, /* check if expected data is available in stream */ ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, &msg, idx); - if (ret == WC_PKCS7_WANT_READ_E) { + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { break; /* ask user more input */ } @@ -5114,7 +5126,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, * in-definite length encoding. * number of indef is stored in pkcs7->stream->cntIdfCnt. */ - pkcs7->stream->expected = (ASN_TAG_SZ + TRAILING_ZERO) * + pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) * pkcs7->stream->cntIdfCnt; /* dec idx by one since already consumed to get ASN_EOC */ @@ -5127,7 +5139,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, /* check if expected data is available in stream */ ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, &msg, idx); - if (ret == WC_PKCS7_WANT_READ_E) { + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { break; /* ask user more input */ } @@ -5164,7 +5176,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, &msg, idx); - if (ret == WC_PKCS7_WANT_READ_E) { + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { break; } @@ -5195,10 +5207,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, if (pkcs7->stream->content == NULL) { WOLFSSL_MSG("failed to grow content buffer."); - if (tempBuf != NULL) { - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; - } + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; ret = MEMORY_E; break; } @@ -5209,10 +5219,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, } XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx, pkcs7->stream->expected); - if (tempBuf != NULL) { - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; - } + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; } } @@ -5331,9 +5339,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, switch (pkcs7->state) { case WC_PKCS7_START: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ + + /* The expected size calculation originally assumed digest OID + * with NULL params, -2 to also accept with absent params */ + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, (MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ + - ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ, + ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ) - 2, &pkiMsg, &idx)) != 0) { break; } @@ -5371,7 +5381,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, word32 len = 0; ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len); - if (ret != LENGTH_ONLY_E) + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -5475,7 +5485,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, < 0) ret = ASN_PARSE_E; - pkcs7->hashOID = hashOID; + pkcs7->hashOID = (int)hashOID; /* get hash type */ hashType = wc_OidGetHash(pkcs7->hashOID); @@ -5708,8 +5718,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #ifndef NO_PKCS7_STREAM pkcs7->stream->multi = multiPart; pkcs7->stream->currContIdx = localIdx; - pkcs7->stream->currContSz = length; - pkcs7->stream->currContRmnSz = length; + pkcs7->stream->currContSz = (word32)length; + pkcs7->stream->currContRmnSz = (word32)length; #endif /* reset length to outer OCTET_STRING for bundle * size check below */ @@ -5736,8 +5746,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (ret == 0) { pkcs7->stream->multi = multiPart; pkcs7->stream->currContIdx = localIdx; - pkcs7->stream->currContSz = length; - pkcs7->stream->currContRmnSz = length; + pkcs7->stream->currContSz = (word32)length; + pkcs7->stream->currContRmnSz = (word32)length; } #endif } @@ -5821,7 +5831,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) { break; } - wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, localIdx, length); + wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, (int)localIdx, length); #endif /* !NO_PKCS7_STREAM */ @@ -5830,10 +5840,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #ifndef NO_PKCS7_STREAM /* free pkcs7->stream->content buffer */ - if (pkcs7->stream->content != NULL) { - XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->content = NULL; - } + XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->stream->content = NULL; #endif /* !NO_PKCS7_STREAM */ FALL_THROUGH; @@ -6081,7 +6089,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, 0, length); if (length > 0) { - pkcs7->stream->expected = length; + pkcs7->stream->expected = (word32)length; } else { pkcs7->stream->expected = MAX_SEQ_SZ; @@ -6119,7 +6127,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* restore content */ content = pkcs7->stream->content; - contentSz = pkcs7->stream->contentSz; + contentSz = (int)pkcs7->stream->contentSz; /* restore detached flag */ detached = pkcs7->stream->detached; @@ -6139,7 +6147,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length); pkiMsg2 = pkcs7->stream->tmpCert; - pkiMsg2Sz = length; + pkiMsg2Sz = (word32)length; idx = 0; } #else @@ -6209,7 +6217,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, pkcs7->isDynamic = isDynamic; /* This will reset PKCS7 structure and then set the * certificate */ - ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz); /* Restore pkcs7->contentDynamic from above, will be * freed by application with wc_PKCS7_Free() */ @@ -6238,7 +6246,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, int i; pkcs7->cert[0] = cert; - pkcs7->certSz[0] = certSz; + pkcs7->certSz[0] = (word32)certSz; certIdx = idx + certSz; for (i = 1; i < MAX_PKCS7_CERTS && @@ -6411,7 +6419,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (in2 && in2Sz > 0 && hashBuf && hashSz > 0) { if (length > 0) { - pkcs7->stream->expected = length; + pkcs7->stream->expected = (word32)length; } else { pkcs7->stream->expected = 0; @@ -6426,10 +6434,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, * zero's should exist at the end of the bundle. */ if (pkcs7->stream->indefLen == 1) { - pkcs7->stream->expected = length + 3 * ASN_INDEF_END_SZ; + pkcs7->stream->expected = (word32)length + 3 * ASN_INDEF_END_SZ; } else { - pkcs7->stream->expected = length; + pkcs7->stream->expected = (word32)length; } wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE7); @@ -6460,7 +6468,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* restore content */ content = pkcs7->stream->content; - contentSz = pkcs7->stream->contentSz; + contentSz = (int)pkcs7->stream->contentSz; #endif ret = wc_PKCS7_ParseSignerInfo(pkcs7, pkiMsg2, pkiMsg2Sz, &idx, @@ -6489,18 +6497,18 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } pkcs7->content = content; - pkcs7->contentSz = contentSz; + pkcs7->contentSz = (word32)contentSz; if (ret == 0) { - ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, sigSz, - signedAttrib, signedAttribSz, + ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, (word32)sigSz, + signedAttrib, (word32)signedAttribSz, hashBuf, hashSz); } } #ifndef NO_PKCS7_STREAM /* make sure that terminating zero's follow */ - if ((ret == PKCS7_SIGNEEDS_CHECK || ret >= 0) && + if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) && pkcs7->stream->indefLen == 1) { int i; for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) { @@ -6528,7 +6536,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = BAD_FUNC_ARG; } - if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { #ifndef NO_PKCS7_STREAM wc_PKCS7_ResetStream(pkcs7); #endif @@ -7037,7 +7045,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) return BAD_FUNC_ARG; /* kekOctet */ - kekOctetSz = SetOctetString(sizeof(word32), kekOctet); + kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet); sharedInfoSz += (kekOctetSz + sizeof(word32)); /* suppPubInfo */ @@ -7048,7 +7056,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) /* optional ukm/entityInfo */ if (kari->ukmSz > 0) { - entityUInfoOctetSz = SetOctetString(kari->ukmSz, entityUInfoOctet); + entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet); sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz); entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz + @@ -7058,11 +7066,11 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) } /* keyInfo */ - keyInfoSz = SetAlgoID(keyWrapOID, keyInfo, oidKeyWrapType, 0); + keyInfoSz = (int)SetAlgoID(keyWrapOID, keyInfo, oidKeyWrapType, 0); sharedInfoSz += keyInfoSz; /* sharedInfo */ - sharedInfoSeqSz = SetSequence(sharedInfoSz, sharedInfoSeq); + sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq); sharedInfoSz += sharedInfoSeqSz; kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap, @@ -7070,7 +7078,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) if (kari->sharedInfo == NULL) return MEMORY_E; - kari->sharedInfoSz = sharedInfoSz; + kari->sharedInfoSz = (word32)sharedInfoSz; XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz); idx += sharedInfoSeqSz; @@ -7132,7 +7140,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng, return ret; /* generate shared secret */ - secretSz = kari->senderKey->dp->size; + secretSz = (word32)kari->senderKey->dp->size; secret = (byte*)XMALLOC(secretSz, kari->heap, DYNAMIC_TYPE_PKCS7); if (secret == NULL) return MEMORY_E; @@ -7321,7 +7329,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, } /* generate random content encryption key, if needed */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -7420,11 +7428,11 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* Start of RecipientEncryptedKeys */ /* EncryptedKey */ - encryptedKeyOctetSz = SetOctetString(encryptedKeySz, encryptedKeyOctet); + encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, encryptedKeyOctet); totalSz += (encryptedKeyOctetSz + encryptedKeySz); /* SubjectKeyIdentifier */ - subjKeyIdOctetSz = SetOctetString(keyIdSize, subjKeyIdOctet); + subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet); totalSz += (subjKeyIdOctetSz + keyIdSize); /* RecipientKeyIdentifier IMPLICIT [0] */ @@ -7433,17 +7441,17 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, totalSz += recipKeyIdSeqSz; /* RecipientEncryptedKey */ - recipEncKeySeqSz = SetSequence(totalSz, recipEncKeySeq); + recipEncKeySeqSz = (int)SetSequence((word32)totalSz, recipEncKeySeq); totalSz += recipEncKeySeqSz; /* RecipientEncryptedKeys */ - recipEncKeysSeqSz = SetSequence(totalSz, recipEncKeysSeq); + recipEncKeysSeqSz = (int)SetSequence((word32)totalSz, recipEncKeysSeq); totalSz += recipEncKeysSeqSz; /* Start of optional UserKeyingMaterial */ if (kari->ukmSz > 0) { - ukmOctetSz = SetOctetString(kari->ukmSz, ukmOctetStr); + ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr); totalSz += (ukmOctetSz + kari->ukmSz); ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz, @@ -7454,11 +7462,11 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* Start of KeyEncryptionAlgorithmIdentifier */ /* KeyWrapAlgorithm */ - keyWrapAlgSz = SetAlgoID(keyWrapOID, keyWrapAlg, oidKeyWrapType, 0); + keyWrapAlgSz = (int)SetAlgoID(keyWrapOID, keyWrapAlg, oidKeyWrapType, 0); totalSz += keyWrapAlgSz; /* KeyEncryptionAlgorithmIdentifier */ - keyEncryptAlgoIdSz = SetAlgoID(keyAgreeOID, keyEncryptAlgoId, + keyEncryptAlgoIdSz = (int)SetAlgoID(keyAgreeOID, keyEncryptAlgoId, oidCmsKeyAgreeType, keyWrapAlgSz); totalSz += keyEncryptAlgoIdSz; @@ -7467,25 +7475,25 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* recipient ECPoint, public key */ XMEMSET(origPubKeyStr, 0, sizeof(origPubKeyStr)); /* no unused bits */ origPubKeyStr[0] = ASN_BIT_STRING; - origPubKeyStrSz = SetLength(kari->senderKeyExportSz + 1, + origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1, origPubKeyStr + 1) + 2; totalSz += (origPubKeyStrSz + kari->senderKeyExportSz); /* Originator AlgorithmIdentifier, params set to NULL for interop compatibility */ - origAlgIdSz = SetAlgoID(ECDSAk, origAlgId, oidKeyType, 2); + origAlgIdSz = (int)SetAlgoID(ECDSAk, origAlgId, oidKeyType, 2); origAlgId[origAlgIdSz++] = ASN_TAG_NULL; origAlgId[origAlgIdSz++] = 0; totalSz += origAlgIdSz; /* outer OriginatorPublicKey IMPLICIT [1] */ - origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1, + origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1, origAlgIdSz + origPubKeyStrSz + kari->senderKeyExportSz, origPubKeySeq, 0); totalSz += origPubKeySeqSz; /* outer OriginatorIdentifierOrKey IMPLICIT [0] */ - origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0, + origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0, origPubKeySeqSz + origAlgIdSz + origPubKeyStrSz + kari->senderKeyExportSz, origIdOrKeySeq, 0); @@ -7497,7 +7505,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, recip->recipVersion = 3; /* outer IMPLICIT [1] kari */ - kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq, 0); + kariSeqSz = (int)SetImplicit(ASN_SEQUENCE, 1, (word32)totalSz, kariSeq, 0); totalSz += kariSeqSz; if (totalSz > MAX_RECIP_SZ) { @@ -7583,7 +7591,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, (void)options; - return idx; + return (int)idx; } #endif /* HAVE_ECC */ @@ -7704,7 +7712,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, } /* generate random content encryption key, if needed */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -7757,7 +7765,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, return -1; } issuerSz = decoded->issuerRawLen; - issuerSeqSz = SetSequence(issuerSz, issuerSeq); + issuerSeqSz = (int)SetSequence((word32)issuerSz, issuerSeq); if (decoded->serialSz == 0) { WOLFSSL_MSG("DecodedCert missing serial number"); @@ -7793,7 +7801,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, verSz = SetMyVersion(2, ver, 0); recip->recipVersion = 2; - issuerSKIDSz = SetLength(keyIdSize, issuerSKID); + issuerSKIDSz = SetLength((word32)keyIdSize, issuerSKID); } else { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7906,7 +7914,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, encryptedKeySz, pubKey, &rng); } #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif wc_FreeRsaKey(pubKey); wc_FreeRng(&rng); @@ -7927,13 +7935,13 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - encryptedKeySz = ret; + encryptedKeySz = (word32)ret; - encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr); + encKeyOctetStrSz = (int)SetOctetString(encryptedKeySz, encKeyOctetStr); /* RecipientInfo */ if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { - recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz + + recipSeqSz = (int)SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz + issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz, recipSeq); @@ -8024,7 +8032,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, lastRecip->next = recip; } - return idx; + return (int)idx; } #endif /* !NO_RSA */ @@ -8137,7 +8145,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_PKCS7_EncodeContentStream(pkcs7, NULL, aes, in, inSz, out, WC_CIPHER_AES_CBC); @@ -8171,7 +8179,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); + ret = wc_AesGcmSetKey(aes, key, (word32)keySz); if (ret == 0) { #ifndef WOLFSSL_AESGCM_STREAM if (pkcs7->encodeStream) { @@ -8188,7 +8196,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif } #else - ret = wc_AesGcmEncryptInit(aes, key, keySz, iv, ivSz); + ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, ivSz); if (ret == 0) { ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad, aadSz); @@ -8238,9 +8246,9 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesCcmSetKey(aes, key, keySz); + ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmEncrypt(aes, out, in, inSz, iv, ivSz, + ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, ivSz, authTag, authTagSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async encrypt not available here, so block till done */ @@ -8268,7 +8276,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, ret = wc_Des_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) - ret = wc_Des_CbcEncrypt(&des, out, in, inSz); + ret = wc_Des_CbcEncrypt(&des, out, in, (word32)inSz); break; @@ -8285,7 +8293,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION); if (ret == 0) { - ret = wc_Des3_CbcEncrypt(&des3, out, in, inSz); + ret = wc_Des3_CbcEncrypt(&des3, out, in, (word32)inSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async encrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE); @@ -8372,9 +8380,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); + ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION); if (ret == 0) { - ret = wc_AesCbcDecrypt(aes, out, in, inSz); + ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8409,9 +8417,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); + ret = wc_AesGcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesGcmDecrypt(aes, out, in, inSz, iv, ivSz, + ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, authTag, authTagSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ @@ -8448,9 +8456,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - ret = wc_AesCcmSetKey(aes, key, keySz); + ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmDecrypt(aes, out, in, inSz, iv, ivSz, + ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, authTag, authTagSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ @@ -8473,7 +8481,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, ret = wc_Des_SetKey(&des, key, iv, DES_DECRYPTION); if (ret == 0) - ret = wc_Des_CbcDecrypt(&des, out, in, inSz); + ret = wc_Des_CbcDecrypt(&des, out, in, (word32)inSz); break; case DES3b: @@ -8484,7 +8492,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION); if (ret == 0) { - ret = wc_Des3_CbcDecrypt(&des3, out, in, inSz); + ret = wc_Des3_CbcDecrypt(&des3, out, in, (word32)inSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE); @@ -8628,6 +8636,8 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, return BAD_FUNC_ARG; padSz = wc_PKCS7_GetPadSize(inSz, blockSz); + if (padSz < 0) + return padSz; if (outSz < (inSz + padSz)) return BAD_FUNC_ARG; @@ -8682,7 +8692,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, } /* generate random content encryption key, if needed */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret < 0) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -8697,7 +8707,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, return ret; } - oriTypeLenSz = SetLength(oriTypeSz, oriTypeLen); + oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen); recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz + oriValueSz, recipSeq, 0); @@ -8734,7 +8744,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, (void)options; - return idx; + return (int)idx; } #if !defined(NO_PWDBASED) && !defined(NO_SHA) @@ -8754,8 +8764,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, case PBKDF2_OID: - ret = wc_PBKDF2(out, passwd, pLen, salt, saltSz, iterations, - outSz, prfOID); + ret = wc_PBKDF2(out, passwd, (int)pLen, salt, saltSz, iterations, + (int)outSz, prfOID); if (ret != 0) { return ret; } @@ -8806,7 +8816,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, /* if user set out to NULL, give back required length */ if (out == NULL) { - *outSz = outLen; + *outSz = (word32)outLen; return LENGTH_ONLY_E; } @@ -8829,21 +8839,21 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, if (ret == 0) { /* encrypt, normal */ - ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, kekSz, - (byte*)iv, ivSz, NULL, 0, NULL, 0, out, + ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, + (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out, outLen, out); } if (ret == 0) { /* encrypt again, using last ciphertext block as IV */ lastBlock = out + (((outLen / blockSz) - 1) * blockSz); - ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, kekSz, + ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, out, outLen, out); } if (ret == 0) { - *outSz = outLen; + *outSz = (word32)outLen; } else { outLen = ret; } @@ -8899,21 +8909,21 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, tmpIv = lastBlock - blockSz; /* decrypt last block */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, tmpIv, blockSz, NULL, 0, NULL, 0, lastBlock, blockSz, outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap); if (ret == 0) { /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp, pkcs7->devId, pkcs7->heap); } @@ -9035,12 +9045,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, return kekBlockSz; /* generate random CEK */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, cekKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)cekKeySz); if (ret < 0) return ret; /* generate random IV */ - ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, kekBlockSz); + ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, (word32)kekBlockSz); if (ret != 0) return ret; @@ -9072,7 +9082,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* generate KEK: expand password into KEK */ ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, passwd, pLen, salt, saltSz, kdfOID, hashOID, iterations, kek, - kekKeySz); + (word32)kekKeySz); if (ret < 0) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9081,23 +9091,23 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, } /* generate encrypted key: encrypt CEK with KEK */ - ret = wc_PKCS7_PwriKek_KeyWrap(pkcs7, kek, kekKeySz, pkcs7->cek, + ret = wc_PKCS7_PwriKek_KeyWrap(pkcs7, kek, (word32)kekKeySz, pkcs7->cek, pkcs7->cekSz, encryptedKey, &encryptedKeySz, - tmpIv, kekBlockSz, encryptOID); + tmpIv, (word32)kekBlockSz, encryptOID); if (ret < 0) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - encryptedKeySz = ret; + encryptedKeySz = (word32)ret; /* put together encrypted key OCTET STRING */ encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr); totalSz += (encKeyOctetStrSz + encryptedKeySz); /* put together IV OCTET STRING */ - ivOctetStringSz = SetOctetString(kekBlockSz, ivOctetString); + ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString); totalSz += (ivOctetStringSz + kekBlockSz); /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz + @@ -9114,7 +9124,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - keyEncAlgoIdSz = ret; + keyEncAlgoIdSz = (word32)ret; totalSz += keyEncAlgoIdSz; /* KeyEncryptionAlgorithm SEQ */ @@ -9128,7 +9138,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, totalSz += (kdfSaltOctetStrSz + saltSz); /* set KDF iteration count */ - kdfIterationsSz = SetMyVersion(iterations, kdfIterations, 0); + kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations, 0); totalSz += kdfIterationsSz; /* set KDF params SEQ */ @@ -9144,7 +9154,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - kdfAlgoIdSz = ret; + kdfAlgoIdSz = (word32)ret; totalSz += kdfAlgoIdSz; /* set KeyDerivationAlgorithmIdentifier EXPLICIT [0] SEQ */ @@ -9154,7 +9164,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, totalSz += kdfAlgoIdSeqSz; /* set PasswordRecipientInfo CMSVersion, MUST be 0 */ - verSz = SetMyVersion(0, ver, 0); + verSz = (word32)SetMyVersion(0, ver, 0); totalSz += verSz; recip->recipVersion = 0; @@ -9202,7 +9212,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); idx += encryptedKeySz; - ForceZero(kek, kekBlockSz); + ForceZero(kek, (word32)kekBlockSz); ForceZero(encryptedKey, encryptedKeySz); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9224,7 +9234,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, (void)options; - return idx; + return (int)idx; } /* Import password and KDF settings into a PKCS7 structure. Used for setting @@ -9315,7 +9325,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } /* generate random content encryption key, if needed */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret < 0) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -9340,7 +9350,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, #endif encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz, - encryptedKey, encryptedKeySz, keyWrapOID, + encryptedKey, (word32)encryptedKeySz, keyWrapOID, direction); if (encryptedKeySz < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -9358,7 +9368,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, return WC_KEY_SIZE_E; } - encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr); + encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr); totalSz += (encKeyOctetStrSz + encryptedKeySz); /* KeyEncryptionAlgorithmIdentifier */ @@ -9397,7 +9407,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, totalSz += kekIdSeqSz; /* version */ - verSz = SetMyVersion(4, ver, 0); + verSz = (word32)SetMyVersion(4, ver, 0); totalSz += verSz; recip->recipVersion = 4; @@ -9464,7 +9474,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, (void)options; - return idx; + return (int)idx; } @@ -9583,7 +9593,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate random content encryption key */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret != 0) { return ret; } @@ -9626,7 +9636,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) WOLFSSL_MSG("You must add at least one CMS recipient"); return PKCS7_RECIP_E; } - recipSetSz = SetSet(recipSz, recipSet); + recipSetSz = (int)SetSet((word32)recipSz, recipSet); /* version, defined in Section 6.1 of RFC 5652 */ kariVersion = wc_PKCS7_GetCMSVersion(pkcs7, ENVELOPED_DATA); @@ -9636,7 +9646,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return PKCS7_RECIP_E; } - verSz = SetMyVersion(kariVersion, ver, 0); + verSz = SetMyVersion((word32)kariVersion, ver, 0); ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) { @@ -9645,7 +9655,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate IV for block cipher */ - ret = wc_PKCS7_GenerateBlock(pkcs7, &rng, tmpIv, blockSz); + ret = wc_PKCS7_GenerateBlock(pkcs7, &rng, tmpIv, (word32)blockSz); wc_FreeRng(&rng); if (ret != 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9663,7 +9673,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) contentTypeSz = ret; /* allocate encrypted content buffer and PKCS#7 padding */ - padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz); + padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)blockSz); if (padSz < 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); return padSz; @@ -9682,7 +9692,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - encryptedOutSz, blockSz); + (word32)encryptedOutSz, blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9705,11 +9715,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* put together IV OCTET STRING */ - ivOctetStringSz = SetOctetString(blockSz, ivOctetString); + ivOctetStringSz = (int)SetOctetString((word32)blockSz, ivOctetString); /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (ivOctetStringSz + blockSz) for IV OCTET STRING */ - contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, + contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo, oidBlkType, ivOctetStringSz + blockSz); if (contentEncAlgoSz == 0) { @@ -9719,9 +9729,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return BAD_FUNC_ARG; } - encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz, + encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream); - encContentSeqSz = SetSequenceEx(contentTypeSz + contentEncAlgoSz + + encContentSeqSz = (int)SetSequenceEx(contentTypeSz + contentEncAlgoSz + ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz, encContentSeq, pkcs7->encodeStream); @@ -9743,7 +9753,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) totalSz += ASN_INDEF_END_SZ; /* account for asn1 syntax around octet strings */ - StreamOctetString(NULL, encryptedOutSz, NULL, &streamSz, &tmpIdx); + StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, &tmpIdx); totalSz += (streamSz - encryptedOutSz); /* resize encrypted content buffer */ @@ -9759,7 +9769,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } } #endif - envDataSeqSz = SetSequenceEx(totalSz, envDataSeq, pkcs7->encodeStream); + envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq, pkcs7->encodeStream); totalSz += envDataSeqSz; #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { @@ -9768,7 +9778,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) #endif /* outer content */ - outerContentSz = SetExplicit(0, totalSz, outerContent, pkcs7->encodeStream); + outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, pkcs7->encodeStream); #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { totalSz += ASN_INDEF_END_SZ; @@ -9779,7 +9789,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->contentOID != FIRMWARE_PKG_DATA) { /* ContentInfo */ - contentInfoSeqSz = SetSequenceEx(totalSz, contentInfoSeq, + contentInfoSeqSz = (int)SetSequenceEx((word32)totalSz, contentInfoSeq, pkcs7->encodeStream); totalSz += contentInfoSeqSz; #ifdef ASN_BER_TO_DER @@ -9804,24 +9814,24 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* begin writing out PKCS7 bundle */ if (pkcs7->contentOID != FIRMWARE_PKG_DATA) { wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - contentInfoSeq, contentInfoSeqSz); + contentInfoSeq, (word32)contentInfoSeqSz); idx += contentInfoSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - outerContentType, outerContentTypeSz); + outerContentType, (word32)outerContentTypeSz); idx += outerContentTypeSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - outerContent, outerContentSz); + outerContent, (word32)outerContentSz); idx += outerContentSz; } wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - envDataSeq, envDataSeqSz); + envDataSeq, (word32)envDataSeqSz); idx += envDataSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - ver, verSz); + ver, (word32)verSz); idx += verSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - recipSet, recipSetSz); + recipSet, (word32)recipSetSz); idx += recipSetSz; /* copy in recipients from list */ tmpRecip = pkcs7->recipList; @@ -9834,22 +9844,22 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_PKCS7_FreeEncodedRecipientSet(pkcs7); wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - encContentSeq, encContentSeqSz); + encContentSeq, (word32)encContentSeqSz); idx += encContentSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - contentType, contentTypeSz); + contentType, (word32)contentTypeSz); idx += contentTypeSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - contentEncAlgo, contentEncAlgoSz); + contentEncAlgo, (word32)contentEncAlgoSz); idx += contentEncAlgoSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - ivOctetString, ivOctetStringSz); + ivOctetString, (word32)ivOctetStringSz); idx += ivOctetStringSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - tmpIv, blockSz); + tmpIv, (word32)blockSz); idx += blockSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - encContentOctet, encContentOctetSz); + encContentOctet, (word32)encContentOctetSz); idx += encContentOctetSz; /* encrypt content */ @@ -9857,13 +9867,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent); if (ret != 0) { - if (encryptedContent != NULL) { - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (plain != NULL) { - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); return ret; @@ -9909,13 +9915,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += encryptedOutSz; } - if (plain != NULL) { - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (encryptedContent != NULL) { - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return idx; } @@ -10035,7 +10037,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, return ret; } - pkcs7->stream->expected = sz + MAX_ALGO_SZ + ASN_TAG_SZ + + pkcs7->stream->expected = (word32)sz + MAX_ALGO_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ; if (pkcs7->stream->length > 0 && pkcs7->stream->length < pkcs7->stream->expected) { @@ -10050,7 +10052,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - if (GetNameHash_ex(pkiMsg, idx, issuerHash, pkiMsgSz, + if (GetNameHash_ex(pkiMsg, idx, issuerHash, (int)pkiMsgSz, pkcs7->publicKeyOID) < 0) return ASN_PARSE_E; @@ -10156,8 +10158,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { break; } - wc_PKCS7_StreamStoreVar(pkcs7, encryptedKeySz, sidType, version); - pkcs7->stream->expected = encryptedKeySz; + wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType, version); + pkcs7->stream->expected = (word32)encryptedKeySz; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_3); FALL_THROUGH; @@ -10168,7 +10170,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, pkcs7->stream->expected, &pkiMsg, idx)) != 0) { return ret; } - encryptedKeySz = pkcs7->stream->expected; + encryptedKeySz = (int)pkcs7->stream->expected; #endif /* Always allocate to ensure aligned use with RSA */ @@ -10239,12 +10241,12 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, if (encOID != RSAESOAEPk) { #endif keySz = wc_RsaPrivateDecryptInline(encryptedKey, - encryptedKeySz, &outKey, + (word32)encryptedKeySz, &outKey, privKey); #ifndef WC_NO_RSA_OAEP } else { - word32 outLen = wc_RsaEncryptSize(privKey); + word32 outLen = (word32)wc_RsaEncryptSize(privKey); outKey = (byte*)XMALLOC(outLen, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (!outKey) { @@ -10261,14 +10263,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, } keySz = wc_RsaPrivateDecrypt_ex(encryptedKey, - encryptedKeySz, outKey, outLen, privKey, + (word32)encryptedKeySz, outKey, outLen, privKey, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); } #endif } #ifdef WOLFSSL_ASYNC_CRYPT - } while (keySz == WC_PENDING_E); + } while (keySz == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif #ifdef WC_RSA_BLINDING wc_FreeRng(&rng); @@ -10279,7 +10281,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, wc_FreeRsaKey(privKey); if (keySz <= 0 || outKey == NULL) { - ForceZero(encryptedKey, encryptedKeySz); + ForceZero(encryptedKey, (word32)encryptedKeySz); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); #ifdef WOLFSSL_SMALL_STACK XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -10293,9 +10295,9 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, #endif return keySz; } else { - *decryptedKeySz = keySz; + *decryptedKeySz = (word32)keySz; XMEMCPY(decryptedKey, outKey, keySz); - ForceZero(encryptedKey, encryptedKeySz); + ForceZero(encryptedKey, (word32)encryptedKeySz); } XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); @@ -10470,7 +10472,7 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari, } (*idx) += length; - kari->ukmSz = length; + kari->ukmSz = (word32)length; return 0; } @@ -10603,7 +10605,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - if (GetNameHash_ex(pkiMsg, idx, rid, pkiMsgSz, + if (GetNameHash_ex(pkiMsg, idx, rid, (int)pkiMsgSz, kari->decoded->signatureOID) < 0) { return ASN_PARSE_E; } @@ -10994,14 +10996,14 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; } - blockSz = wc_PKCS7_GetOIDBlockSize(pwriEncAlgoId); + blockSz = wc_PKCS7_GetOIDBlockSize((int)pwriEncAlgoId); if (blockSz < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return blockSz; } /* get content-encryption key size, based on algorithm */ - kekKeySz = wc_PKCS7_GetOIDKeySize(pwriEncAlgoId); + kekKeySz = wc_PKCS7_GetOIDKeySize((int)pwriEncAlgoId); if (kekKeySz < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return kekKeySz; @@ -11049,7 +11051,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* allocate temporary space for decrypted key */ - cekSz = length; + cekSz = (word32)length; cek = (byte*)XMALLOC(cekSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (cek == NULL) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11065,8 +11067,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz, - salt, saltSz, kdfAlgoId, hashOID, - iterations, kek, kekKeySz); + salt, (word32)saltSz, kdfAlgoId, hashOID, + iterations, kek, (word32)kekKeySz); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11075,17 +11077,17 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* decrypt CEK with KEK */ - ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, kekKeySz, - pkiMsg + (*idx), length, cek, - cekSz, tmpIv, blockSz, - pwriEncAlgoId); + ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz, + pkiMsg + (*idx), (word32)length, cek, + cekSz, tmpIv, (word32)blockSz, + (int)pwriEncAlgoId); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - cekSz = ret; + cekSz = (word32)ret; if (*decryptedKeySz < cekSz) { WOLFSSL_MSG("Decrypted key buffer too small for CEK"); @@ -11158,7 +11160,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - kekIdSz = length; + kekIdSz = (word32)length; if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) return ASN_PARSE_E; @@ -11171,14 +11173,14 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, /* save keyIdentifier and length */ keyId = pkiMsg + *idx; - keyIdSz = length; + keyIdSz = (word32)length; *idx += keyIdSz; /* may have OPTIONAL GeneralizedTime */ localIdx = *idx; if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 && tag == ASN_GENERALIZED_TIME) { - if (wc_GetDateInfo(pkiMsg + *idx, pkiMsgSz, &datePtr, &dateFormat, + if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr, &dateFormat, &dateLen) != 0) { return ASN_PARSE_E; } @@ -11227,15 +11229,15 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, /* decrypt CEK with KEK */ if (pkcs7->wrapCEKCb) { - keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, length, keyId, + keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length, keyId, keyIdSz, NULL, 0, decryptedKey, - *decryptedKeySz, keyWrapOID, + *decryptedKeySz, (int)keyWrapOID, (int)PKCS7_KEKRI, direction); } else { - keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, length, pkcs7->privateKey, + keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length, pkcs7->privateKey, pkcs7->privateKeySz, decryptedKey, *decryptedKeySz, - keyWrapOID, direction); + (int)keyWrapOID, direction); } if (keySz <= 0) return keySz; @@ -11378,7 +11380,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, /* if user has not explicitly set keyAgreeOID, set from one in bundle */ if (pkcs7->keyAgreeOID == 0) - pkcs7->keyAgreeOID = keyAgreeOID; + pkcs7->keyAgreeOID = (int)keyAgreeOID; /* set direction based on key wrap algorithm */ switch (keyWrapOID) { @@ -11430,7 +11432,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(kari->senderKey, NULL, &tmpKeySz); PRIVATE_KEY_LOCK(); - if (ret != LENGTH_ONLY_E) { + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -11456,10 +11458,10 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, } tmpKeySz = (word32)ret; - keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, encryptedKeySz, - rid, keyIdSize, tmpKeyDer, tmpKeySz, + keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, (word32)encryptedKeySz, + rid, (word32)keyIdSize, tmpKeyDer, tmpKeySz, decryptedKey, *decryptedKeySz, - keyWrapOID, (int)PKCS7_KARI, direction); + (int)keyWrapOID, (int)PKCS7_KARI, direction); XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (keySz > 0) { @@ -11472,7 +11474,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, } else { /* create KEK */ - ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, keyWrapOID, + ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, (int)keyWrapOID, pkcs7->keyAgreeOID); if (ret != 0) { wc_PKCS7_KariFree(kari); @@ -11483,9 +11485,9 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, } /* decrypt CEK with KEK */ - keySz = wc_PKCS7_KeyWrap(encryptedKey, encryptedKeySz, kari->kek, + keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz, kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz, - keyWrapOID, direction); + (int)keyWrapOID, direction); } if (keySz <= 0) { wc_PKCS7_KariFree(kari); @@ -11857,7 +11859,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in, len = 0; ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len); - if (ret != LENGTH_ONLY_E) + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->der == NULL) @@ -11960,7 +11962,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in, break; } - pkcs7->stream->varOne = version; + pkcs7->stream->varOne = (word32)version; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_INFOSET_END); FALL_THROUGH; @@ -11972,7 +11974,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in, return ret; } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; - version = pkcs7->stream->varOne; + version = (int)pkcs7->stream->varOne; #endif if (type == ENVELOPED_DATA) { @@ -12220,7 +12222,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - pkcs7->contentOID = contentType; + pkcs7->contentOID = (int)contentType; } if (ret == 0 && GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, @@ -12228,12 +12230,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; } - blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); + blockKeySz = wc_PKCS7_GetOIDKeySize((int)encOID); if (ret == 0 && blockKeySz < 0) { ret = blockKeySz; } - expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); + expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID); if (ret == 0 && expBlockSz < 0) { ret = expBlockSz; } @@ -12264,8 +12266,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, break; } wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, length); - pkcs7->stream->contentSz = blockKeySz; - pkcs7->stream->expected = length + MAX_LENGTH_SZ + MAX_LENGTH_SZ + + pkcs7->stream->contentSz = (word32)blockKeySz; + pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ + MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_4); @@ -12320,7 +12322,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; } - pkcs7->stream->expected = encryptedContentTotalSz; + pkcs7->stream->expected = (word32)encryptedContentTotalSz; wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, 0); wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, explicitOctet); #endif @@ -12337,12 +12339,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, &explicitOctet); tmpIv = pkcs7->stream->tmpIv; - encryptedContentTotalSz = pkcs7->stream->expected; + encryptedContentTotalSz = (int)pkcs7->stream->expected; /* restore decrypted key */ decryptedKey = pkcs7->stream->aad; decryptedKeySz = pkcs7->stream->aadSz; - blockKeySz = pkcs7->stream->contentSz; + blockKeySz = (int)pkcs7->stream->contentSz; #else ret = 0; #endif @@ -12369,7 +12371,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, if (ret == 0) { ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx], - encryptedContentSz); + (word32)encryptedContentSz); } if (ret != 0) { @@ -12387,7 +12389,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, } else { /* cache encrypted content, no OCTET STRING */ ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx], - encryptedContentTotalSz); + (word32)encryptedContentTotalSz); if (ret != 0) { break; } @@ -12396,10 +12398,10 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, /* use cached content */ encryptedContent = pkcs7->cachedEncryptedContent; - encryptedContentSz = pkcs7->cachedEncryptedContentSz; + encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz; /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, + ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, encryptedContent, encryptedContentSz, encryptedContent, pkcs7->devId, pkcs7->heap); @@ -12442,7 +12444,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, } #ifndef NO_PKCS7_STREAM - if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) { + if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { wc_PKCS7_ResetStream(pkcs7); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_START); if (pkcs7->cachedEncryptedContent != NULL) { @@ -12594,7 +12596,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, verSz = SetMyVersion(0, ver, 0); /* generate random content encryption key */ - ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz); + ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz); if (ret != 0) { return ret; } @@ -12637,7 +12639,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, WOLFSSL_MSG("You must add at least one CMS recipient"); return PKCS7_RECIP_E; } - recipSetSz = SetSet(recipSz, recipSet); + recipSetSz = (int)SetSet((word32)recipSz, recipSet); /* generate random nonce and IV for encryption */ switch (pkcs7->encryptOID) { @@ -12709,7 +12711,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, sizeof(contentTypeValue)); if (ret > 0) { contentTypeAttrib.value = contentTypeValue; - contentTypeAttrib.valueSz = ret; + contentTypeAttrib.valueSz = (word32)ret; /* otherwise, try to set from custom content type */ } else { @@ -12747,7 +12749,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, } ret = FlattenAttributes(pkcs7, flatAuthAttribs, authAttribs, - authAttribsCount); + (int)authAttribsCount); if (ret != 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -12791,15 +12793,13 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, DYNAMIC_TYPE_PKCS7); if (flatUnauthAttribs == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs, - unauthAttribsCount); + (int)unauthAttribsCount); unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz, unauthAttribSet, 0); } @@ -12807,7 +12807,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* AES-GCM/CCM does NOT require padding for plaintext content or * AAD inputs RFC 5084 section 3.1 and 3.2, but we must alloc * full blocks to ensure crypto only gets full blocks */ - encryptedOutSz = pkcs7->contentSz; + encryptedOutSz = (int)pkcs7->contentSz; encryptedAllocSz = (encryptedOutSz % blockSz) ? encryptedOutSz + blockSz - (encryptedOutSz % blockSz) : @@ -12818,12 +12818,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (plain == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } @@ -12837,12 +12834,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } @@ -12854,17 +12848,13 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); plain = NULL; - if (aadBuffer) { - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - aadBuffer = NULL; - } + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + aadBuffer = NULL; if (ret != 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -12874,10 +12864,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, sizeof(contentType)); if (ret < 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -12885,10 +12873,10 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, contentTypeSz = ret; /* put together nonce OCTET STRING */ - nonceOctetStringSz = SetOctetString(nonceSz, nonceOctetString); + nonceOctetStringSz = (int)SetOctetString(nonceSz, nonceOctetString); /* put together aes-ICVlen INTEGER */ - macIntSz = SetMyVersion(sizeof(authTag), macInt, 0); + macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0); /* add nonce and icv len into parameters string RFC5084 */ algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz, @@ -12897,28 +12885,26 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING * and tag size */ - contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, + contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo, oidBlkType, nonceOctetStringSz + nonceSz + macIntSz + algoParamSeqSz); if (contentEncAlgoSz == 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BAD_FUNC_ARG; } - encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz, + encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + + encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz + algoParamSeqSz + encContentOctetSz + encryptedOutSz, encContentSeq); - macOctetStringSz = SetOctetString(sizeof(authTag), macOctetString); + macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString); /* keep track of sizes for outer wrapper layering */ totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + @@ -12928,25 +12914,23 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz; /* EnvelopedData */ - envDataSeqSz = SetSequence(totalSz, envDataSeq); + envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq); totalSz += envDataSeqSz; /* outer content */ - outerContentSz = SetExplicit(0, totalSz, outerContent, 0); + outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, 0); totalSz += outerContentTypeSz; totalSz += outerContentSz; /* ContentInfo */ - contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq); + contentInfoSeqSz = (int)SetSequence((word32)totalSz, contentInfoSeq); totalSz += contentInfoSeqSz; if (totalSz > (int)outputSz) { WOLFSSL_MSG("Pkcs7_encrypt output buffer too small"); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; } @@ -13014,9 +12998,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, idx += unauthAttribsSz; } - if (flatUnauthAttribs != NULL) { - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13183,7 +13165,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - pkcs7->contentOID = contentType; + pkcs7->contentOID = (int)contentType; } if (ret == 0 && GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, @@ -13192,14 +13174,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); + blockKeySz = wc_PKCS7_GetOIDKeySize((int)encOID); if (blockKeySz < 0) { ret = blockKeySz; } } if (ret == 0) { - expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); + expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID); if (expBlockSz < 0) { ret = expBlockSz; } @@ -13315,7 +13297,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store nonce for later */ if (nonceSz > 0) { - pkcs7->stream->nonceSz = nonceSz; + pkcs7->stream->nonceSz = (word32)nonceSz; pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->nonce == NULL) { @@ -13327,7 +13309,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } } - pkcs7->stream->expected = encryptedContentSz; + pkcs7->stream->expected = (word32)encryptedContentSz; wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz, encryptedContentSz); #endif @@ -13344,7 +13326,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; - encryptedContentSz = pkcs7->stream->expected; + encryptedContentSz = (int)pkcs7->stream->expected; #else pkiMsgSz = inSz; #endif @@ -13356,7 +13338,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, if (encOID == 0) expBlockSz = 1; else { - expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); + expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID); if (expBlockSz < 0) { ret = expBlockSz; break; @@ -13397,7 +13379,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0) ret = ASN_PARSE_E; #ifndef NO_PKCS7_STREAM - pkcs7->stream->expected = length; + pkcs7->stream->expected = (word32)length; #endif encodedAttribSz = length + (idx - encodedAttribIdx); @@ -13442,7 +13424,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, return ret; } - length = pkcs7->stream->expected; + length = (int)pkcs7->stream->expected; encodedAttribs = pkcs7->stream->aad; #endif @@ -13530,7 +13512,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store tag for later */ if (authTagSz > 0) { - pkcs7->stream->tagSz = authTagSz; + pkcs7->stream->tagSz = (word32)authTagSz; pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->tag == NULL) { @@ -13555,7 +13537,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* restore all variables needed */ if (pkcs7->stream->nonceSz > 0) { - nonceSz = pkcs7->stream->nonceSz; + nonceSz = (int)pkcs7->stream->nonceSz; if (nonceSz > GCM_NONCE_MID_SZ) { WOLFSSL_MSG("PKCS7 saved nonce is too large"); ret = BUFFER_E; @@ -13567,7 +13549,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (pkcs7->stream->tagSz > 0) { - authTagSz = pkcs7->stream->tagSz; + authTagSz = (int)pkcs7->stream->tagSz; if (authTagSz > AES_BLOCK_SIZE) { WOLFSSL_MSG("PKCS7 saved tag is too large"); ret = BUFFER_E; @@ -13592,9 +13574,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, #endif /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, + ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz, - authTag, authTagSz, encryptedContent, encryptedContentSz, + authTag, (word32)authTagSz, encryptedContent, encryptedContentSz, encryptedContent, pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13610,7 +13592,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, XMEMCPY(output, encryptedContent, encryptedContentSz); /* free memory, zero out keys */ - ForceZero(encryptedContent, encryptedContentSz); + ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK @@ -13632,7 +13614,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } #ifdef WOLFSSL_SMALL_STACK - if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { if (decryptedKey != NULL) { ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); } @@ -13640,7 +13622,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } #endif #ifndef NO_PKCS7_STREAM - if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) { + if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { wc_PKCS7_ResetStream(pkcs7); } #endif @@ -13739,7 +13721,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (blockSz < 0) return blockSz; - padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz); + padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)blockSz); if (padSz < 0) return padSz; @@ -13751,7 +13733,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) return MEMORY_E; ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - encryptedOutSz, blockSz); + (word32)encryptedOutSz, blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -13765,11 +13747,11 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* put together IV OCTET STRING */ - ivOctetStringSz = SetOctetString(blockSz, ivOctetString); + ivOctetStringSz = (int)SetOctetString((word32)blockSz, ivOctetString); /* build up ContentEncryptionAlgorithmIdentifier sequence, adding (ivOctetStringSz + blockSz) for IV OCTET STRING */ - contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, + contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo, oidBlkType, ivOctetStringSz + blockSz); if (contentEncAlgoSz == 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13779,7 +13761,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* encrypt content */ WOLFSSL_MSG("Encrypting the content"); - ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, blockSz); + ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, (word32)blockSz); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13795,10 +13777,10 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) return ret; } - encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, - encryptedOutSz, encContentOctet, 0); + encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, + (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz + + encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz, encContentSeq); @@ -13834,7 +13816,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) return MEMORY_E; } - ret = FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount); + ret = FlattenAttributes(pkcs7, flatAttribs, attribs, (int)attribsCount); if (ret != 0) { XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13855,16 +13837,16 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) attribsSz + attribsSetSz; /* EncryptedData */ - encDataSeqSz = SetSequence(totalSz, encDataSeq); + encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq); totalSz += encDataSeqSz; if (pkcs7->version != 3) { /* outer content */ - outerContentSz = SetExplicit(0, totalSz, outerContent, 0); + outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, 0); totalSz += outerContentTypeSz; totalSz += outerContentSz; /* ContentInfo */ - contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq); + contentInfoSeqSz = (int)SetSequence((word32)totalSz, contentInfoSeq); totalSz += contentInfoSeqSz; } else { contentInfoSeqSz = 0; @@ -13873,10 +13855,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (totalSz > (int)outputSz) { WOLFSSL_MSG("PKCS#7 output buffer too small"); - if (attribs != NULL) - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAttribs != NULL) - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; @@ -13914,10 +13894,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += attribsSz; } - if (attribs != NULL) - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAttribs != NULL) - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -14101,27 +14079,27 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, ret = ASN_PARSE_E; if (ret == 0) { - pkcs7->contentOID = contentType; + pkcs7->contentOID = (int)contentType; } if (ret == 0 && (ret = GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz)) < 0) ret = ASN_PARSE_E; - if (ret == 0 && (expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID)) < 0) + if (ret == 0 && (expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0) ret = expBlockSz; if (ret != 0) break; #ifndef NO_PKCS7_STREAM /* store expBlockSz for later */ - pkcs7->stream->varOne = expBlockSz; - pkcs7->stream->varTwo = encOID; + pkcs7->stream->varOne = (word32)expBlockSz; + pkcs7->stream->varTwo = (int)encOID; if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; } /* store version for later */ - pkcs7->stream->vers = version; + pkcs7->stream->vers = (word32)version; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_STAGE4); FALL_THROUGH; @@ -14137,7 +14115,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; /* restore saved variables */ - expBlockSz = pkcs7->stream->varOne; + expBlockSz = (int)pkcs7->stream->varOne; #endif if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) ret = ASN_PARSE_E; @@ -14155,7 +14133,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, if (ret != 0) break; #ifndef NO_PKCS7_STREAM /* next chunk of data expected should have the IV */ - pkcs7->stream->expected = length; + pkcs7->stream->expected = (word32)length; if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; @@ -14176,7 +14154,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, /* use IV buffer from stream structure */ tmpIv = pkcs7->stream->tmpIv; - length = pkcs7->stream->expected; + length = (int)pkcs7->stream->expected; #endif XMEMCPY(tmpIv, &pkiMsg[idx], length); idx += length; @@ -14221,10 +14199,10 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; /* restore saved variables */ - expBlockSz = pkcs7->stream->varOne; - encOID = pkcs7->stream->varTwo; + expBlockSz = (int)pkcs7->stream->varOne; + encOID = (word32)pkcs7->stream->varTwo; encryptedContentSz = pkcs7->stream->varThree; - version = pkcs7->stream->vers; + version = (int)pkcs7->stream->vers; tmpIv = pkcs7->stream->tmpIv; #endif if (ret == 0 && (encryptedContent = (byte*)XMALLOC( @@ -14238,7 +14216,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, idx += encryptedContentSz; /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, encOID, + ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, encryptedContent, encryptedContentSz, encryptedContent, @@ -14275,7 +14253,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, ret = wc_PKCS7_DecodeUnprotectedAttributes(pkcs7, pkiMsg, pkiMsgSz, &idx); if (ret != 0) { - ForceZero(encryptedContent, encryptedContentSz); + ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); ret = ASN_PARSE_E; } @@ -14283,7 +14261,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, } if (ret == 0) { - ForceZero(encryptedContent, encryptedContentSz); + ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); /* go back and check the version now that attribs have been processed */ diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index f56b3fdadd..43528c23f0 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -1,6 +1,6 @@ /* poly1305.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,13 @@ and Daniel J. Bernstein */ +/* + * WOLFSSL_W64_WRAPPER Uses wrappers around word64 types for a system that does + * not have word64 available. As expected it reduces + * performance. Benchmarks collected July 2024 show + * 303.004 MiB/s with and 1874.194 MiB/s without. + */ + #ifdef HAVE_CONFIG_H #include #endif @@ -55,7 +62,7 @@ and Daniel J. Bernstein #pragma warning(disable: 4127) #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP #include #include @@ -70,6 +77,10 @@ and Daniel J. Bernstein #elif defined(__clang__) && defined(NO_AVX2_SUPPORT) #undef NO_AVX2_SUPPORT #endif + #if defined(_MSC_VER) && (_MSC_VER <= 1900) + #undef NO_AVX2_SUPPORT + #define NO_AVX2_SUPPORT + #endif #define HAVE_INTEL_AVX1 #ifndef NO_AVX2_SUPPORT @@ -77,13 +88,12 @@ and Daniel J. Bernstein #endif #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP static word32 intel_flags = 0; static word32 cpu_flags_set = 0; #endif -#if (defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)) || \ - defined(POLY130564) +#if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564) #if defined(_MSC_VER) #define POLY1305_NOINLINE __declspec(noinline) #elif defined(__GNUC__) @@ -123,7 +133,7 @@ static word32 cpu_flags_set = 0; #endif #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP #ifdef __cplusplus extern "C" { #endif @@ -266,7 +276,7 @@ with a given ctx pointer to a Poly1305 structure. static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, size_t bytes) { -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP /* AVX2 is handled in wc_Poly1305Update. */ SAVE_VECTOR_REGISTERS(return _svr_ret;); poly1305_blocks_avx(ctx, m, bytes); @@ -329,8 +339,22 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, word32 r0,r1,r2,r3,r4; word32 s1,s2,s3,s4; word32 h0,h1,h2,h3,h4; - word64 d0,d1,d2,d3,d4; word32 c; +#ifdef WOLFSSL_W64_WRAPPER + #ifdef WOLFSSL_SMALL_STACK + w64wrapper* d; + + d = (w64wrapper*)XMALLOC(5 * sizeof(w64wrapper), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (d == NULL) { + return MEMORY_E; + } + #else + w64wrapper d[5]; + #endif +#else + word64 d0,d1,d2,d3,d4; +#endif r0 = ctx->r[0]; @@ -359,6 +383,41 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, h4 += (U8TO32(m+12) >> 8) | hibit; /* h *= r */ +#ifdef WOLFSSL_W64_WRAPPER + { + w64wrapper tmp; + + d[0] = w64Mul(h0, r0); tmp = w64Mul(h1, s4); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h2, s3); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h3, s2); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h4, s1); + d[0] = w64Add(d[0], tmp, NULL); + + d[1] = w64Mul(h0, r1); tmp = w64Mul(h1, r0); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h2, s4); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h3, s3); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h4, s2); + d[1] = w64Add(d[1], tmp, NULL); + + d[2] = w64Mul(h0, r2); tmp = w64Mul(h1, r1); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h2, r0); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h3, s4); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h4, s3); + d[2] = w64Add(d[2], tmp, NULL); + + d[3] = w64Mul(h0, r3); tmp = w64Mul(h1, r2); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h2, r1); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h3, r0); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h4, s4); + d[3] = w64Add(d[3], tmp, NULL); + + d[4] = w64Mul(h0, r4); tmp = w64Mul(h1, r3); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h2, r2); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h3, r1); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h4, r0); + d[4] = w64Add(d[4], tmp, NULL); + } +#else d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + ((word64)h3 * s2) + ((word64)h4 * s1); d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) + @@ -369,13 +428,31 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ((word64)h3 * r0) + ((word64)h4 * s4); d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) + ((word64)h3 * r1) + ((word64)h4 * r0); +#endif /* (partial) h %= p */ +#ifdef WOLFSSL_W64_WRAPPER + c = w64GetLow32(w64ShiftRight(d[0], 26)); + h0 = w64GetLow32(d[0]) & 0x3ffffff; + d[1] = w64Add32(d[1], c, NULL); + c = w64GetLow32(w64ShiftRight(d[1], 26)); + h1 = w64GetLow32(d[1]) & 0x3ffffff; + d[2] = w64Add32(d[2], c, NULL); + c = w64GetLow32(w64ShiftRight(d[2], 26)); + h2 = w64GetLow32(d[2]) & 0x3ffffff; + d[3] = w64Add32(d[3], c, NULL); + c = w64GetLow32(w64ShiftRight(d[3], 26)); + h3 = w64GetLow32(d[3]) & 0x3ffffff; + d[4] = w64Add32(d[4], c, NULL); + c = w64GetLow32(w64ShiftRight(d[4], 26)); + h4 = w64GetLow32(d[4]) & 0x3ffffff; +#else c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff; d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff; d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff; +#endif h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; h1 += c; @@ -389,6 +466,10 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ctx->h[3] = h3; ctx->h[4] = h4; +#if defined(WOLFSSL_W64_WRAPPER) && defined(WOLFSSL_SMALL_STACK) + XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; #endif /* end of 64 bit cpu blocks or 32 bit cpu */ @@ -400,7 +481,7 @@ number of bytes is less than the block size. */ static int poly1305_block(Poly1305* ctx, const unsigned char *m) { -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP /* No call to poly1305_block when AVX2, AVX2 does 4 blocks at a time. */ SAVE_VECTOR_REGISTERS(return _svr_ret;); poly1305_block_avx(ctx, m); @@ -415,8 +496,7 @@ static int poly1305_block(Poly1305* ctx, const unsigned char *m) #if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { -#if defined(POLY130564) && \ - !(defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)) +#if defined(POLY130564) && !defined(USE_INTEL_POLY1305_SPEEDUP) word64 t0,t1; #endif @@ -437,7 +517,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) if (keySz != 32 || ctx == NULL) return BAD_FUNC_ARG; -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP if (!cpu_flags_set) { intel_flags = cpuid_get_flags(); cpu_flags_set = 1; @@ -504,7 +584,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) int wc_Poly1305Final(Poly1305* ctx, byte* mac) { -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP #elif defined(POLY130564) word64 h0,h1,h2,c; @@ -515,7 +595,11 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) word32 h0,h1,h2,h3,h4,c; word32 g0,g1,g2,g3,g4; +#ifdef WOLFSSL_W64_WRAPPER + w64wrapper f; +#else word64 f; +#endif word32 mask; #endif @@ -523,7 +607,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) if (ctx == NULL || mac == NULL) return BAD_FUNC_ARG; -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP SAVE_VECTOR_REGISTERS(return _svr_ret;); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) @@ -654,10 +738,31 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; /* mac = (h + pad) % (2^128) */ +#ifdef WOLFSSL_W64_WRAPPER + f = w64From32(0, h0); + f = w64Add32(f, ctx->pad[0], NULL); + h0 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h1, NULL); + f = w64Add32(f, ctx->pad[1], NULL); + h1 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h2, NULL); + f = w64Add32(f, ctx->pad[2], NULL); + h2 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h3, NULL); + f = w64Add32(f, ctx->pad[3], NULL); + h3 = w64GetLow32(f); +#else f = (word64)h0 + ctx->pad[0] ; h0 = (word32)f; f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f; f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f; f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f; +#endif U32TO8(mac + 0, h0); U32TO8(mac + 4, h1); @@ -709,7 +814,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) printf("\n"); #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { SAVE_VECTOR_REGISTERS(return _svr_ret;); diff --git a/wolfcrypt/src/poly1305_asm.S b/wolfcrypt/src/poly1305_asm.S index ba1d29449c..b995670f8b 100644 --- a/wolfcrypt/src/poly1305_asm.S +++ b/wolfcrypt/src/poly1305_asm.S @@ -1,6 +1,6 @@ /* poly1305_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -699,7 +699,11 @@ _poly1305_blocks_avx2: #endif /* __APPLE__ */ pushq %r12 pushq %rbx + pushq %r13 + pushq %r14 subq $0x140, %rsp + leaq L_poly1305_avx2_blocks_mask(%rip), %r13 + leaq L_poly1305_avx2_blocks_hibit(%rip), %r14 movq %rsp, %rcx andq $-32, %rcx addq $32, %rcx @@ -720,11 +724,11 @@ _poly1305_blocks_avx2: vpunpckhdq %ymm15, %ymm1, %ymm1 vpunpckldq %ymm15, %ymm3, %ymm2 vpunpckhdq %ymm15, %ymm3, %ymm3 - vmovdqu L_poly1305_avx2_blocks_hibit(%rip), %ymm4 + vmovdqu (%r14), %ymm4 vpsllq $6, %ymm1, %ymm1 vpsllq $12, %ymm2, %ymm2 vpsllq $18, %ymm3, %ymm3 - vmovdqu L_poly1305_avx2_blocks_mask(%rip), %ymm14 + vmovdqu (%r13), %ymm14 # Reduce, in place, the message data vpsrlq $26, %ymm0, %ymm10 vpsrlq $26, %ymm3, %ymm11 @@ -811,7 +815,7 @@ L_poly1305_avx2_blocks_mul_5: vmovdqa %ymm7, 64(%rcx) vmovdqa %ymm8, 96(%rcx) vmovdqa %ymm9, 128(%rcx) - vmovdqu L_poly1305_avx2_blocks_mask(%rip), %ymm14 + vmovdqu (%r13), %ymm14 # If not finished then loop over data cmpb $0x01, 616(%rdi) jne L_poly1305_avx2_blocks_start @@ -922,7 +926,7 @@ L_poly1305_avx2_blocks_start: vpunpckhdq %ymm15, %ymm6, %ymm6 vpunpckldq %ymm15, %ymm8, %ymm7 vpunpckhdq %ymm15, %ymm8, %ymm8 - vmovdqu L_poly1305_avx2_blocks_hibit(%rip), %ymm9 + vmovdqu (%r14), %ymm9 vpsllq $6, %ymm6, %ymm6 vpsllq $12, %ymm7, %ymm7 vpsllq $18, %ymm8, %ymm8 @@ -1038,7 +1042,10 @@ L_poly1305_avx2_blocks_end_calc: movq %rcx, 40(%rdi) L_poly1305_avx2_blocks_complete: movb $0x01, 617(%rdi) + vzeroupper addq $0x140, %rsp + popq %r14 + popq %r13 popq %rbx popq %r12 repz retq @@ -1099,7 +1106,7 @@ L_poly1305_avx2_final_start_copy: incb %cl incb %dl L_poly1305_avx2_final_cmp_copy: - cmp %rcx, %rax + cmpb %cl, %al jne L_poly1305_avx2_final_start_copy #ifndef __APPLE__ callq poly1305_final_avx@plt @@ -1118,6 +1125,7 @@ L_poly1305_avx2_final_cmp_copy: vmovdqu %ymm0, 320(%rdi) movq $0x00, 608(%rdi) movw $0x00, 616(%rdi) + vzeroupper repz retq #ifndef __APPLE__ .size poly1305_final_avx2,.-poly1305_final_avx2 diff --git a/wolfcrypt/src/poly1305_asm.asm b/wolfcrypt/src/poly1305_asm.asm new file mode 100644 index 0000000000..1182da509b --- /dev/null +++ b/wolfcrypt/src/poly1305_asm.asm @@ -0,0 +1,1060 @@ +; /* poly1305_asm.asm */ +; /* +; * Copyright (C) 2006-2024 wolfSSL Inc. +; * +; * This file is part of wolfSSL. +; * +; * wolfSSL is free software; you can redistribute it and/or modify +; * it under the terms of the GNU General Public License as published by +; * the Free Software Foundation; either version 2 of the License, or +; * (at your option) any later version. +; * +; * wolfSSL is distributed in the hope that it will be useful, +; * but WITHOUT ANY WARRANTY; without even the implied warranty of +; * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +; * GNU General Public License for more details. +; * +; * You should have received a copy of the GNU General Public License +; * along with this program; if not, write to the Free Software +; * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +; */ +IF @Version LT 1200 +; AVX2 instructions not recognized by old versions of MASM +IFNDEF NO_AVX2_SUPPORT +NO_AVX2_SUPPORT = 1 +ENDIF +; MOVBE instruction not recognized by old versions of MASM +IFNDEF NO_MOVBE_SUPPORT +NO_MOVBE_SUPPORT = 1 +ENDIF +ENDIF + +IFNDEF HAVE_INTEL_AVX1 +HAVE_INTEL_AVX1 = 1 +ENDIF +IFNDEF NO_AVX2_SUPPORT +HAVE_INTEL_AVX2 = 1 +ENDIF + +IFNDEF _WIN64 +_WIN64 = 1 +ENDIF + +IFDEF HAVE_INTEL_AVX1 +_text SEGMENT READONLY PARA +poly1305_setkey_avx PROC + push r12 + push r13 + mov r12, 1152921487695413247 + mov r13, 1152921487695413244 + mov rax, QWORD PTR [rdx] + mov r8, QWORD PTR [rdx+8] + mov r9, QWORD PTR [rdx+16] + mov r10, QWORD PTR [rdx+24] + and rax, r12 + and r8, r13 + mov r12, rax + mov r13, r8 + xor r11, r11 + mov QWORD PTR [rcx], rax + mov QWORD PTR [rcx+8], r8 + mov QWORD PTR [rcx+24], r11 + mov QWORD PTR [rcx+32], r11 + mov QWORD PTR [rcx+40], r11 + mov QWORD PTR [rcx+48], r9 + mov QWORD PTR [rcx+56], r10 + mov QWORD PTR [rcx+352], r11 + mov QWORD PTR [rcx+408], r11 + mov QWORD PTR [rcx+360], rax + mov QWORD PTR [rcx+416], r8 + add r12, rax + add r13, r8 + mov QWORD PTR [rcx+368], r12 + mov QWORD PTR [rcx+424], r13 + add r12, rax + add r13, r8 + mov QWORD PTR [rcx+376], r12 + mov QWORD PTR [rcx+432], r13 + add r12, rax + add r13, r8 + mov QWORD PTR [rcx+384], r12 + mov QWORD PTR [rcx+440], r13 + add r12, rax + add r13, r8 + mov QWORD PTR [rcx+392], r12 + mov QWORD PTR [rcx+448], r13 + add r12, rax + add r13, r8 + mov QWORD PTR [rcx+400], r12 + mov QWORD PTR [rcx+456], r13 + mov QWORD PTR [rcx+608], r11 + mov BYTE PTR [rcx+616], 1 + pop r13 + pop r12 + ret +poly1305_setkey_avx ENDP +_text ENDS +_text SEGMENT READONLY PARA +poly1305_block_avx PROC + push r15 + push rbx + push r12 + push r13 + push r14 + mov r15, QWORD PTR [rcx] + mov rbx, QWORD PTR [rcx+8] + mov r8, QWORD PTR [rcx+24] + mov r9, QWORD PTR [rcx+32] + mov r10, QWORD PTR [rcx+40] + xor r14, r14 + mov r14b, BYTE PTR [rcx+616] + ; h += m + mov r11, QWORD PTR [rdx] + mov r12, QWORD PTR [rdx+8] + add r8, r11 + adc r9, r12 + mov rax, rbx + adc r10, r14 + ; r[1] * h[0] => rdx, rax ==> t2, t1 + mul r8 + mov r12, rax + mov r13, rdx + ; r[0] * h[1] => rdx, rax ++> t2, t1 + mov rax, r15 + mul r9 + add r12, rax + mov rax, r15 + adc r13, rdx + ; r[0] * h[0] => rdx, rax ==> t4, t0 + mul r8 + mov r11, rax + mov r8, rdx + ; r[1] * h[1] => rdx, rax =+> t3, t2 + mov rax, rbx + mul r9 + ; r[0] * h[2] +> t2 + add r13, QWORD PTR [rcx+8*r10+352] + mov r14, rdx + add r12, r8 + adc r13, rax + ; r[1] * h[2] +> t3 + adc r14, QWORD PTR [rcx+8*r10+408] + ; r * h in r14, r13, r12, r11 + ; h = (r * h) mod 2^130 - 5 + mov r10, r13 + and r13, -4 + and r10, 3 + add r11, r13 + mov r8, r13 + adc r12, r14 + adc r10, 0 + shrd r8, r14, 2 + shr r14, 2 + add r8, r11 + adc r12, r14 + mov r9, r12 + adc r10, 0 + ; h in r10, r9, r8 + ; Store h to ctx + mov QWORD PTR [rcx+24], r8 + mov QWORD PTR [rcx+32], r9 + mov QWORD PTR [rcx+40], r10 + pop r14 + pop r13 + pop r12 + pop rbx + pop r15 + ret +poly1305_block_avx ENDP +_text ENDS +_text SEGMENT READONLY PARA +poly1305_blocks_avx PROC + push rdi + push rsi + push r15 + push rbx + push r12 + push r13 + push r14 + mov rdi, rcx + mov rsi, rdx + mov rcx, r8 + mov r15, QWORD PTR [rdi] + mov rbx, QWORD PTR [rdi+8] + mov r8, QWORD PTR [rdi+24] + mov r9, QWORD PTR [rdi+32] + mov r10, QWORD PTR [rdi+40] +L_poly1305_avx_blocks_start: + ; h += m + mov r11, QWORD PTR [rsi] + mov r12, QWORD PTR [rsi+8] + add r8, r11 + adc r9, r12 + mov rax, rbx + adc r10, 0 + ; r[1] * h[0] => rdx, rax ==> t2, t1 + mul r8 + mov r12, rax + mov r13, rdx + ; r[0] * h[1] => rdx, rax ++> t2, t1 + mov rax, r15 + mul r9 + add r12, rax + mov rax, r15 + adc r13, rdx + ; r[0] * h[0] => rdx, rax ==> t4, t0 + mul r8 + mov r11, rax + mov r8, rdx + ; r[1] * h[1] => rdx, rax =+> t3, t2 + mov rax, rbx + mul r9 + ; r[0] * h[2] +> t2 + add r13, QWORD PTR [rdi+8*r10+360] + mov r14, rdx + add r12, r8 + adc r13, rax + ; r[1] * h[2] +> t3 + adc r14, QWORD PTR [rdi+8*r10+416] + ; r * h in r14, r13, r12, r11 + ; h = (r * h) mod 2^130 - 5 + mov r10, r13 + and r13, -4 + and r10, 3 + add r11, r13 + mov r8, r13 + adc r12, r14 + adc r10, 0 + shrd r8, r14, 2 + shr r14, 2 + add r8, r11 + adc r12, r14 + mov r9, r12 + adc r10, 0 + ; h in r10, r9, r8 + ; Next block from message + add rsi, 16 + sub rcx, 16 + jg L_poly1305_avx_blocks_start + ; Store h to ctx + mov QWORD PTR [rdi+24], r8 + mov QWORD PTR [rdi+32], r9 + mov QWORD PTR [rdi+40], r10 + pop r14 + pop r13 + pop r12 + pop rbx + pop r15 + pop rsi + pop rdi + ret +poly1305_blocks_avx ENDP +_text ENDS +_text SEGMENT READONLY PARA +poly1305_final_avx PROC + push rdi + push rbx + push r12 + mov rdi, rcx + mov rbx, rdx + mov rax, QWORD PTR [rdi+608] + test rax, rax + je L_poly1305_avx_final_no_more + mov BYTE PTR [rdi+rax+480], 1 + jmp L_poly1305_avx_final_cmp_rem +L_poly1305_avx_final_zero_rem: + mov BYTE PTR [rdi+rax+480], 0 +L_poly1305_avx_final_cmp_rem: + inc al + cmp rax, 16 + jl L_poly1305_avx_final_zero_rem + mov BYTE PTR [rdi+616], 0 + lea rdx, QWORD PTR [rdi+480] + call poly1305_block_avx +L_poly1305_avx_final_no_more: + mov rax, QWORD PTR [rdi+24] + mov rdx, QWORD PTR [rdi+32] + mov rcx, QWORD PTR [rdi+40] + mov r11, QWORD PTR [rdi+48] + mov r12, QWORD PTR [rdi+56] + ; h %= p + ; h = (h + pad) + ; mod 2^130 - 5 + mov r8, rcx + and rcx, 3 + shr r8, 2 + ; Multiply by 5 + lea r8, QWORD PTR [r8+4*r8+0] + add rax, r8 + adc rdx, 0 + adc rcx, 0 + ; Fixup when between (1 << 130) - 1 and (1 << 130) - 5 + mov r8, rax + mov r9, rdx + mov r10, rcx + add r8, 5 + adc r9, 0 + adc r10, 0 + cmp r10, 4 + cmove rax, r8 + cmove rdx, r9 + ; h += pad + add rax, r11 + adc rdx, r12 + mov QWORD PTR [rbx], rax + mov QWORD PTR [rbx+8], rdx + ; Zero out r + mov QWORD PTR [rdi], 0 + mov QWORD PTR [rdi+8], 0 + ; Zero out h + mov QWORD PTR [rdi+24], 0 + mov QWORD PTR [rdi+32], 0 + mov QWORD PTR [rdi+40], 0 + ; Zero out pad + mov QWORD PTR [rdi+48], 0 + mov QWORD PTR [rdi+56], 0 + pop r12 + pop rbx + pop rdi + ret +poly1305_final_avx ENDP +_text ENDS +ENDIF +IFDEF HAVE_INTEL_AVX2 +_text SEGMENT READONLY PARA +poly1305_calc_powers_avx2 PROC + push r12 + push r13 + push r14 + push r15 + push rdi + push rsi + push rbx + push rbp + mov r8, QWORD PTR [rcx] + mov r9, QWORD PTR [rcx+8] + xor r10, r10 + ; Convert to 26 bits in 32 + mov rax, r8 + mov rdx, r8 + mov rsi, r8 + mov rbx, r9 + mov rbp, r9 + shr rdx, 26 + shrd rsi, r9, 52 + shr rbx, 14 + shrd rbp, r10, 40 + and rax, 67108863 + and rdx, 67108863 + and rsi, 67108863 + and rbx, 67108863 + and rbp, 67108863 + mov DWORD PTR [rcx+224], eax + mov DWORD PTR [rcx+228], edx + mov DWORD PTR [rcx+232], esi + mov DWORD PTR [rcx+236], ebx + mov DWORD PTR [rcx+240], ebp + mov DWORD PTR [rcx+244], 0 + ; Square 128-bit + mov rax, r9 + mul r8 + xor r14, r14 + mov r12, rax + mov r13, rdx + add r12, rax + adc r13, rdx + adc r14, 0 + mov rax, r8 + mul rax + mov r11, rax + mov rdi, rdx + mov rax, r9 + mul rax + add r12, rdi + adc r13, rax + adc r14, rdx + ; Reduce 256-bit to 130-bit + mov rax, r13 + mov rdx, r14 + and rax, -4 + and r13, 3 + add r11, rax + adc r12, rdx + adc r13, 0 + shrd rax, rdx, 2 + shr rdx, 2 + add r11, rax + adc r12, rdx + adc r13, 0 + mov rax, r13 + shr rax, 2 + lea rax, QWORD PTR [rax+4*rax+0] + and r13, 3 + add r11, rax + adc r12, 0 + adc r13, 0 + ; Convert to 26 bits in 32 + mov rax, r11 + mov rdx, r11 + mov rsi, r11 + mov rbx, r12 + mov rbp, r12 + shr rdx, 26 + shrd rsi, r12, 52 + shr rbx, 14 + shrd rbp, r13, 40 + and rax, 67108863 + and rdx, 67108863 + and rsi, 67108863 + and rbx, 67108863 + and rbp, 67108863 + mov DWORD PTR [rcx+256], eax + mov DWORD PTR [rcx+260], edx + mov DWORD PTR [rcx+264], esi + mov DWORD PTR [rcx+268], ebx + mov DWORD PTR [rcx+272], ebp + mov DWORD PTR [rcx+276], 0 + ; Multiply 128-bit by 130-bit + ; r1[0] * r2[0] + mov rax, r8 + mul r11 + mov r14, rax + mov r15, rdx + ; r1[0] * r2[1] + mov rax, r8 + mul r12 + mov rdi, 0 + add r15, rax + adc rdi, rdx + ; r1[1] * r2[0] + mov rax, r9 + mul r11 + mov rsi, 0 + add r15, rax + adc rdi, rdx + adc rsi, 0 + ; r1[0] * r2[2] + mov rax, r8 + mul r13 + add rdi, rax + adc rsi, rdx + ; r1[1] * r2[1] + mov rax, r9 + mul r12 + mov rbx, 0 + add rdi, rax + adc rsi, rdx + adc rbx, 0 + ; r1[1] * r2[2] + mov rax, r9 + mul r13 + add rsi, rax + adc rbx, rdx + ; Reduce 260-bit to 130-bit + mov rax, rdi + mov rdx, rsi + mov rbx, rbx + and rax, -4 + and rdi, 3 + add r14, rax + adc r15, rdx + adc rdi, rbx + shrd rax, rdx, 2 + shrd rdx, rbx, 2 + shr rbx, 2 + add r14, rax + adc r15, rdx + adc rdi, rbx + mov rax, rdi + and rdi, 3 + shr rax, 2 + lea rax, QWORD PTR [rax+4*rax+0] + add r14, rax + adc r15, 0 + adc rdi, 0 + ; Convert to 26 bits in 32 + mov rax, r14 + mov rdx, r14 + mov rsi, r14 + mov rbx, r15 + mov rbp, r15 + shr rdx, 26 + shrd rsi, r15, 52 + shr rbx, 14 + shrd rbp, rdi, 40 + and rax, 67108863 + and rdx, 67108863 + and rsi, 67108863 + and rbx, 67108863 + and rbp, 67108863 + mov DWORD PTR [rcx+288], eax + mov DWORD PTR [rcx+292], edx + mov DWORD PTR [rcx+296], esi + mov DWORD PTR [rcx+300], ebx + mov DWORD PTR [rcx+304], ebp + mov DWORD PTR [rcx+308], 0 + ; Square 130-bit + mov rax, r12 + mul r11 + xor r14, r14 + mov r9, rax + mov r10, rdx + add r9, rax + adc r10, rdx + adc r14, 0 + mov rax, r11 + mul rax + mov r8, rax + mov rdi, rdx + mov rax, r12 + mul rax + add r9, rdi + adc r10, rax + adc r14, rdx + mov rax, r13 + mul rax + mov r15, rax + mov rax, r13 + mul r11 + add r10, rax + adc r14, rdx + adc r15, 0 + add r10, rax + adc r14, rdx + adc r15, 0 + mov rax, r13 + mul r12 + add r14, rax + adc r15, rdx + add r14, rax + adc r15, rdx + ; Reduce 260-bit to 130-bit + mov rax, r10 + mov rdx, r14 + mov rdi, r15 + and rax, -4 + and r10, 3 + add r8, rax + adc r9, rdx + adc r10, rdi + shrd rax, rdx, 2 + shrd rdx, rdi, 2 + shr rdi, 2 + add r8, rax + adc r9, rdx + adc r10, rdi + mov rax, r10 + and r10, 3 + shr rax, 2 + lea rax, QWORD PTR [rax+4*rax+0] + add r8, rax + adc r9, 0 + adc r10, 0 + ; Convert to 26 bits in 32 + mov rax, r8 + mov rdx, r8 + mov rsi, r8 + mov rbx, r9 + mov rbp, r9 + shr rdx, 26 + shrd rsi, r9, 52 + shr rbx, 14 + shrd rbp, r10, 40 + and rax, 67108863 + and rdx, 67108863 + and rsi, 67108863 + and rbx, 67108863 + and rbp, 67108863 + mov DWORD PTR [rcx+320], eax + mov DWORD PTR [rcx+324], edx + mov DWORD PTR [rcx+328], esi + mov DWORD PTR [rcx+332], ebx + mov DWORD PTR [rcx+336], ebp + mov DWORD PTR [rcx+340], 0 + pop rbp + pop rbx + pop rsi + pop rdi + pop r15 + pop r14 + pop r13 + pop r12 + ret +poly1305_calc_powers_avx2 ENDP +_text ENDS +_text SEGMENT READONLY PARA +poly1305_setkey_avx2 PROC + call poly1305_setkey_avx + vpxor ymm0, ymm0, ymm0 + vmovdqu YMMWORD PTR [rcx+64], ymm0 + vmovdqu YMMWORD PTR [rcx+96], ymm0 + vmovdqu YMMWORD PTR [rcx+128], ymm0 + vmovdqu YMMWORD PTR [rcx+160], ymm0 + vmovdqu YMMWORD PTR [rcx+192], ymm0 + mov QWORD PTR [rcx+608], 0 + mov WORD PTR [rcx+616], 0 + ret +poly1305_setkey_avx2 ENDP +_text ENDS +_DATA SEGMENT +ALIGN 16 +L_poly1305_avx2_blocks_mask QWORD 67108863, 67108863, + 67108863, 67108863 +ptr_L_poly1305_avx2_blocks_mask QWORD L_poly1305_avx2_blocks_mask +_DATA ENDS +_DATA SEGMENT +ALIGN 16 +L_poly1305_avx2_blocks_hibit QWORD 16777216, 16777216, + 16777216, 16777216 +ptr_L_poly1305_avx2_blocks_hibit QWORD L_poly1305_avx2_blocks_hibit +_DATA ENDS +_text SEGMENT READONLY PARA +poly1305_blocks_avx2 PROC + push r12 + push rdi + push rsi + push rbx + push r13 + push r14 + mov rdi, rcx + mov rsi, rdx + mov rdx, r8 + sub rsp, 480 + vmovdqu OWORD PTR [rsp+320], xmm6 + vmovdqu OWORD PTR [rsp+336], xmm7 + vmovdqu OWORD PTR [rsp+352], xmm8 + vmovdqu OWORD PTR [rsp+368], xmm9 + vmovdqu OWORD PTR [rsp+384], xmm10 + vmovdqu OWORD PTR [rsp+400], xmm11 + vmovdqu OWORD PTR [rsp+416], xmm12 + vmovdqu OWORD PTR [rsp+432], xmm13 + vmovdqu OWORD PTR [rsp+448], xmm14 + vmovdqu OWORD PTR [rsp+464], xmm15 + mov r13, QWORD PTR [ptr_L_poly1305_avx2_blocks_mask] + mov r14, QWORD PTR [ptr_L_poly1305_avx2_blocks_hibit] + mov rcx, rsp + and rcx, -32 + add rcx, 32 + vpxor ymm15, ymm15, ymm15 + mov rbx, rcx + lea rax, QWORD PTR [rdi+64] + add rbx, 160 + cmp WORD PTR [rdi+616], 0 + jne L_poly1305_avx2_blocks_begin_h + ; Load the message data + vmovdqu ymm0, YMMWORD PTR [rsi] + vmovdqu ymm1, YMMWORD PTR [rsi+32] + vperm2i128 ymm2, ymm0, ymm1, 32 + vperm2i128 ymm0, ymm0, ymm1, 49 + vpunpckldq ymm1, ymm2, ymm0 + vpunpckhdq ymm3, ymm2, ymm0 + vpunpckldq ymm0, ymm1, ymm15 + vpunpckhdq ymm1, ymm1, ymm15 + vpunpckldq ymm2, ymm3, ymm15 + vpunpckhdq ymm3, ymm3, ymm15 + vmovdqu ymm4, YMMWORD PTR [r14] + vpsllq ymm1, ymm1, 6 + vpsllq ymm2, ymm2, 12 + vpsllq ymm3, ymm3, 18 + vmovdqu ymm14, YMMWORD PTR [r13] + ; Reduce, in place, the message data + vpsrlq ymm10, ymm0, 26 + vpsrlq ymm11, ymm3, 26 + vpand ymm0, ymm0, ymm14 + vpand ymm3, ymm3, ymm14 + vpaddq ymm1, ymm10, ymm1 + vpaddq ymm4, ymm11, ymm4 + vpsrlq ymm10, ymm1, 26 + vpsrlq ymm11, ymm4, 26 + vpand ymm1, ymm1, ymm14 + vpand ymm4, ymm4, ymm14 + vpaddq ymm2, ymm10, ymm2 + vpslld ymm12, ymm11, 2 + vpaddd ymm12, ymm11, ymm12 + vpsrlq ymm10, ymm2, 26 + vpaddq ymm0, ymm12, ymm0 + vpsrlq ymm11, ymm0, 26 + vpand ymm2, ymm2, ymm14 + vpand ymm0, ymm0, ymm14 + vpaddq ymm3, ymm10, ymm3 + vpaddq ymm1, ymm11, ymm1 + vpsrlq ymm10, ymm3, 26 + vpand ymm3, ymm3, ymm14 + vpaddq ymm4, ymm10, ymm4 + add rsi, 64 + sub rdx, 64 + jz L_poly1305_avx2_blocks_store + jmp L_poly1305_avx2_blocks_load_r4 +L_poly1305_avx2_blocks_begin_h: + ; Load the H values. + vmovdqu ymm0, YMMWORD PTR [rax] + vmovdqu ymm1, YMMWORD PTR [rax+32] + vmovdqu ymm2, YMMWORD PTR [rax+64] + vmovdqu ymm3, YMMWORD PTR [rax+96] + vmovdqu ymm4, YMMWORD PTR [rax+128] + ; Check if there is a power of r to load - otherwise use r^4. + cmp BYTE PTR [rdi+616], 0 + je L_poly1305_avx2_blocks_load_r4 + ; Load the 4 powers of r - r^4, r^3, r^2, r^1. + vmovdqu ymm8, YMMWORD PTR [rdi+224] + vmovdqu ymm7, YMMWORD PTR [rdi+256] + vmovdqu ymm6, YMMWORD PTR [rdi+288] + vmovdqu ymm5, YMMWORD PTR [rdi+320] + vpermq ymm5, ymm5, 216 + vpermq ymm6, ymm6, 216 + vpermq ymm7, ymm7, 216 + vpermq ymm8, ymm8, 216 + vpunpcklqdq ymm10, ymm5, ymm6 + vpunpckhqdq ymm11, ymm5, ymm6 + vpunpcklqdq ymm12, ymm7, ymm8 + vpunpckhqdq ymm13, ymm7, ymm8 + vperm2i128 ymm5, ymm10, ymm12, 32 + vperm2i128 ymm7, ymm10, ymm12, 49 + vperm2i128 ymm9, ymm11, ymm13, 32 + vpsrlq ymm6, ymm5, 32 + vpsrlq ymm8, ymm7, 32 + jmp L_poly1305_avx2_blocks_mul_5 +L_poly1305_avx2_blocks_load_r4: + ; Load r^4 into all four positions. + vmovdqu ymm13, YMMWORD PTR [rdi+320] + vpermq ymm5, ymm13, 0 + vpsrlq ymm14, ymm13, 32 + vpermq ymm7, ymm13, 85 + vpermq ymm9, ymm13, 170 + vpermq ymm6, ymm14, 0 + vpermq ymm8, ymm14, 85 +L_poly1305_avx2_blocks_mul_5: + ; Multiply top 4 26-bit values of all four H by 5 + vpslld ymm10, ymm6, 2 + vpslld ymm11, ymm7, 2 + vpslld ymm12, ymm8, 2 + vpslld ymm13, ymm9, 2 + vpaddq ymm10, ymm6, ymm10 + vpaddq ymm11, ymm7, ymm11 + vpaddq ymm12, ymm8, ymm12 + vpaddq ymm13, ymm9, ymm13 + ; Store powers of r and multiple of 5 for use in multiply. + vmovdqa YMMWORD PTR [rbx], ymm10 + vmovdqa YMMWORD PTR [rbx+32], ymm11 + vmovdqa YMMWORD PTR [rbx+64], ymm12 + vmovdqa YMMWORD PTR [rbx+96], ymm13 + vmovdqa YMMWORD PTR [rcx], ymm5 + vmovdqa YMMWORD PTR [rcx+32], ymm6 + vmovdqa YMMWORD PTR [rcx+64], ymm7 + vmovdqa YMMWORD PTR [rcx+96], ymm8 + vmovdqa YMMWORD PTR [rcx+128], ymm9 + vmovdqu ymm14, YMMWORD PTR [r13] + ; If not finished then loop over data + cmp BYTE PTR [rdi+616], 1 + jne L_poly1305_avx2_blocks_start + ; Do last multiply, reduce, add the four H together and move to + ; 32-bit registers + vpmuludq ymm5, ymm4, [rbx] + vpmuludq ymm10, ymm3, [rbx+32] + vpmuludq ymm6, ymm4, [rbx+32] + vpmuludq ymm11, ymm3, [rbx+64] + vpmuludq ymm7, ymm4, [rbx+64] + vpaddq ymm5, ymm10, ymm5 + vpmuludq ymm12, ymm2, [rbx+64] + vpmuludq ymm8, ymm4, [rbx+96] + vpaddq ymm6, ymm11, ymm6 + vpmuludq ymm13, ymm1, [rbx+96] + vpmuludq ymm10, ymm2, [rbx+96] + vpaddq ymm5, ymm12, ymm5 + vpmuludq ymm11, ymm3, [rbx+96] + vpmuludq ymm12, ymm3, [rcx] + vpaddq ymm5, ymm13, ymm5 + vpmuludq ymm9, ymm4, [rcx] + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm13, ymm0, [rcx] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm10, ymm1, [rcx] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm11, ymm2, [rcx] + vpmuludq ymm12, ymm2, [rcx+32] + vpaddq ymm5, ymm13, ymm5 + vpmuludq ymm13, ymm3, [rcx+32] + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm10, ymm0, [rcx+32] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm11, ymm1, [rcx+32] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm12, ymm1, [rcx+64] + vpaddq ymm9, ymm13, ymm9 + vpmuludq ymm13, ymm2, [rcx+64] + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm10, ymm0, [rcx+64] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm11, ymm0, [rcx+96] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm12, ymm1, [rcx+96] + vpaddq ymm9, ymm13, ymm9 + vpaddq ymm7, ymm10, ymm7 + vpmuludq ymm13, ymm0, [rcx+128] + vpaddq ymm8, ymm11, ymm8 + vpaddq ymm9, ymm12, ymm9 + vpaddq ymm9, ymm13, ymm9 + vpsrlq ymm10, ymm5, 26 + vpsrlq ymm11, ymm8, 26 + vpand ymm5, ymm5, ymm14 + vpand ymm8, ymm8, ymm14 + vpaddq ymm6, ymm10, ymm6 + vpaddq ymm9, ymm11, ymm9 + vpsrlq ymm10, ymm6, 26 + vpsrlq ymm11, ymm9, 26 + vpand ymm1, ymm6, ymm14 + vpand ymm4, ymm9, ymm14 + vpaddq ymm7, ymm10, ymm7 + vpslld ymm12, ymm11, 2 + vpaddd ymm12, ymm11, ymm12 + vpsrlq ymm10, ymm7, 26 + vpaddq ymm5, ymm12, ymm5 + vpsrlq ymm11, ymm5, 26 + vpand ymm2, ymm7, ymm14 + vpand ymm0, ymm5, ymm14 + vpaddq ymm8, ymm10, ymm8 + vpaddq ymm1, ymm11, ymm1 + vpsrlq ymm10, ymm8, 26 + vpand ymm3, ymm8, ymm14 + vpaddq ymm4, ymm10, ymm4 + vpsrldq ymm5, ymm0, 8 + vpsrldq ymm6, ymm1, 8 + vpsrldq ymm7, ymm2, 8 + vpsrldq ymm8, ymm3, 8 + vpsrldq ymm9, ymm4, 8 + vpaddq ymm0, ymm5, ymm0 + vpaddq ymm1, ymm6, ymm1 + vpaddq ymm2, ymm7, ymm2 + vpaddq ymm3, ymm8, ymm3 + vpaddq ymm4, ymm9, ymm4 + vpermq ymm5, ymm0, 2 + vpermq ymm6, ymm1, 2 + vpermq ymm7, ymm2, 2 + vpermq ymm8, ymm3, 2 + vpermq ymm9, ymm4, 2 + vpaddq ymm0, ymm5, ymm0 + vpaddq ymm1, ymm6, ymm1 + vpaddq ymm2, ymm7, ymm2 + vpaddq ymm3, ymm8, ymm3 + vpaddq ymm4, ymm9, ymm4 + vmovd r8d, xmm0 + vmovd r9d, xmm1 + vmovd r10d, xmm2 + vmovd r11d, xmm3 + vmovd r12d, xmm4 + jmp L_poly1305_avx2_blocks_end_calc +L_poly1305_avx2_blocks_start: + vmovdqu ymm5, YMMWORD PTR [rsi] + vmovdqu ymm6, YMMWORD PTR [rsi+32] + vperm2i128 ymm7, ymm5, ymm6, 32 + vperm2i128 ymm5, ymm5, ymm6, 49 + vpunpckldq ymm6, ymm7, ymm5 + vpunpckhdq ymm8, ymm7, ymm5 + vpunpckldq ymm5, ymm6, ymm15 + vpunpckhdq ymm6, ymm6, ymm15 + vpunpckldq ymm7, ymm8, ymm15 + vpunpckhdq ymm8, ymm8, ymm15 + vmovdqu ymm9, YMMWORD PTR [r14] + vpsllq ymm6, ymm6, 6 + vpsllq ymm7, ymm7, 12 + vpsllq ymm8, ymm8, 18 + vpmuludq ymm10, ymm4, [rbx] + vpaddq ymm5, ymm10, ymm5 + vpmuludq ymm10, ymm3, [rbx+32] + vpmuludq ymm11, ymm4, [rbx+32] + vpaddq ymm6, ymm11, ymm6 + vpmuludq ymm11, ymm3, [rbx+64] + vpmuludq ymm12, ymm4, [rbx+64] + vpaddq ymm7, ymm12, ymm7 + vpaddq ymm5, ymm10, ymm5 + vpmuludq ymm12, ymm2, [rbx+64] + vpmuludq ymm13, ymm4, [rbx+96] + vpaddq ymm8, ymm13, ymm8 + vpaddq ymm6, ymm11, ymm6 + vpmuludq ymm13, ymm1, [rbx+96] + vpmuludq ymm10, ymm2, [rbx+96] + vpaddq ymm5, ymm12, ymm5 + vpmuludq ymm11, ymm3, [rbx+96] + vpmuludq ymm12, ymm3, [rcx] + vpaddq ymm5, ymm13, ymm5 + vpmuludq ymm13, ymm4, [rcx] + vpaddq ymm9, ymm13, ymm9 + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm13, ymm0, [rcx] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm10, ymm1, [rcx] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm11, ymm2, [rcx] + vpmuludq ymm12, ymm2, [rcx+32] + vpaddq ymm5, ymm13, ymm5 + vpmuludq ymm13, ymm3, [rcx+32] + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm10, ymm0, [rcx+32] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm11, ymm1, [rcx+32] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm12, ymm1, [rcx+64] + vpaddq ymm9, ymm13, ymm9 + vpmuludq ymm13, ymm2, [rcx+64] + vpaddq ymm6, ymm10, ymm6 + vpmuludq ymm10, ymm0, [rcx+64] + vpaddq ymm7, ymm11, ymm7 + vpmuludq ymm11, ymm0, [rcx+96] + vpaddq ymm8, ymm12, ymm8 + vpmuludq ymm12, ymm1, [rcx+96] + vpaddq ymm9, ymm13, ymm9 + vpaddq ymm7, ymm10, ymm7 + vpmuludq ymm13, ymm0, [rcx+128] + vpaddq ymm8, ymm11, ymm8 + vpaddq ymm9, ymm12, ymm9 + vpaddq ymm9, ymm13, ymm9 + vpsrlq ymm10, ymm5, 26 + vpsrlq ymm11, ymm8, 26 + vpand ymm5, ymm5, ymm14 + vpand ymm8, ymm8, ymm14 + vpaddq ymm6, ymm10, ymm6 + vpaddq ymm9, ymm11, ymm9 + vpsrlq ymm10, ymm6, 26 + vpsrlq ymm11, ymm9, 26 + vpand ymm1, ymm6, ymm14 + vpand ymm4, ymm9, ymm14 + vpaddq ymm7, ymm10, ymm7 + vpslld ymm12, ymm11, 2 + vpaddd ymm12, ymm11, ymm12 + vpsrlq ymm10, ymm7, 26 + vpaddq ymm5, ymm12, ymm5 + vpsrlq ymm11, ymm5, 26 + vpand ymm2, ymm7, ymm14 + vpand ymm0, ymm5, ymm14 + vpaddq ymm8, ymm10, ymm8 + vpaddq ymm1, ymm11, ymm1 + vpsrlq ymm10, ymm8, 26 + vpand ymm3, ymm8, ymm14 + vpaddq ymm4, ymm10, ymm4 + add rsi, 64 + sub rdx, 64 + jnz L_poly1305_avx2_blocks_start +L_poly1305_avx2_blocks_store: + ; Store four H values - state + vmovdqu YMMWORD PTR [rax], ymm0 + vmovdqu YMMWORD PTR [rax+32], ymm1 + vmovdqu YMMWORD PTR [rax+64], ymm2 + vmovdqu YMMWORD PTR [rax+96], ymm3 + vmovdqu YMMWORD PTR [rax+128], ymm4 +L_poly1305_avx2_blocks_end_calc: + cmp BYTE PTR [rdi+616], 0 + je L_poly1305_avx2_blocks_complete + mov rax, r8 + mov rdx, r10 + mov rcx, r12 + shr rdx, 12 + shr rcx, 24 + shl r9, 26 + shl r10, 52 + shl r11, 14 + shl r12, 40 + add rax, r9 + adc rax, r10 + adc rdx, r11 + adc rdx, r12 + adc rcx, 0 + mov r8, rcx + and rcx, 3 + shr r8, 2 + lea r8, QWORD PTR [r8+4*r8+0] + add rax, r8 + adc rdx, 0 + adc rcx, 0 + mov QWORD PTR [rdi+24], rax + mov QWORD PTR [rdi+32], rdx + mov QWORD PTR [rdi+40], rcx +L_poly1305_avx2_blocks_complete: + mov BYTE PTR [rdi+617], 1 + vzeroupper + vmovdqu xmm6, OWORD PTR [rsp+320] + vmovdqu xmm7, OWORD PTR [rsp+336] + vmovdqu xmm8, OWORD PTR [rsp+352] + vmovdqu xmm9, OWORD PTR [rsp+368] + vmovdqu xmm10, OWORD PTR [rsp+384] + vmovdqu xmm11, OWORD PTR [rsp+400] + vmovdqu xmm12, OWORD PTR [rsp+416] + vmovdqu xmm13, OWORD PTR [rsp+432] + vmovdqu xmm14, OWORD PTR [rsp+448] + vmovdqu xmm15, OWORD PTR [rsp+464] + add rsp, 480 + pop r14 + pop r13 + pop rbx + pop rsi + pop rdi + pop r12 + ret +poly1305_blocks_avx2 ENDP +_text ENDS +_text SEGMENT READONLY PARA +poly1305_final_avx2 PROC + push rdi + push rsi + mov rdi, rcx + mov rsi, rdx + mov BYTE PTR [rdi+616], 1 + mov cl, BYTE PTR [rdi+617] + cmp cl, 0 + je L_poly1305_avx2_final_done_blocks_X4 + push rsi + mov r8, 64 + xor rdx, rdx + mov rcx, rdi + call poly1305_blocks_avx2 + pop rsi +L_poly1305_avx2_final_done_blocks_X4: + mov rax, QWORD PTR [rdi+608] + mov rcx, rax + and rcx, -16 + cmp cl, 0 + je L_poly1305_avx2_final_done_blocks + push rcx + push rax + push rsi + mov r8, rcx + lea rdx, QWORD PTR [rdi+480] + mov rcx, rdi + call poly1305_blocks_avx + pop rsi + pop rax + pop rcx +L_poly1305_avx2_final_done_blocks: + sub QWORD PTR [rdi+608], rcx + xor rdx, rdx + jmp L_poly1305_avx2_final_cmp_copy +L_poly1305_avx2_final_start_copy: + mov r8b, BYTE PTR [rdi+rcx+480] + mov BYTE PTR [rdi+rdx+480], r8b + inc cl + inc dl +L_poly1305_avx2_final_cmp_copy: + cmp al, cl + jne L_poly1305_avx2_final_start_copy + mov rcx, rdi + mov rdx, rsi + call poly1305_final_avx + vpxor ymm0, ymm0, ymm0 + vmovdqu YMMWORD PTR [rdi+64], ymm0 + vmovdqu YMMWORD PTR [rdi+96], ymm0 + vmovdqu YMMWORD PTR [rdi+128], ymm0 + vmovdqu YMMWORD PTR [rdi+160], ymm0 + vmovdqu YMMWORD PTR [rdi+192], ymm0 + vmovdqu YMMWORD PTR [rdi+224], ymm0 + vmovdqu YMMWORD PTR [rdi+256], ymm0 + vmovdqu YMMWORD PTR [rdi+288], ymm0 + vmovdqu YMMWORD PTR [rdi+320], ymm0 + mov QWORD PTR [rdi+608], 0 + mov WORD PTR [rdi+616], 0 + vzeroupper + pop rsi + pop rdi + ret +poly1305_final_avx2 ENDP +_text ENDS +ENDIF +END diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index 5d2fa27e0c..40114f9fd9 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -70,6 +70,29 @@ To view disassembly, add `__attribute__((section(".iram1")))` decorator. Foe exa static int __attribute__((section(".iram1"))) memblock_peek(volatile u_int32_t mem_address) ``` +### VisualGDB + +Each project example has a `VisuaGDB` directory with sample project files for [Sysprogs VisualGDB](https://visualgdb.com). + +For installing multiple toolchains, see the [documentation](https://visualgdb.com/documentation/espidf/). + +The library naming format used at wolfSSL: + +``` +HKEY_CURRENT_USER\Software\Sysprogs\GNUToolchains +``` + +| Registry String Value Name | Value Data | +| -------------------------------- |----------------------- | +| `SysGCC-xtensa-lx106-elf-8.4.0` | `C:\SysGCC\esp8266` | +| `SysGCC-xtensa-esp32-elf-8.4.0` | `C:\SysGCC\esp32-8.4` | +| `SysGCC-xtensa-esp32-elf-13.2.0` | `C:\SysGCC\esp32` | +| `SysGCC-xtensa-esp32-elf-12.4.0` | `C:\SysGCC\esp32-12.4` | +| `SysGCC-xtensa-esp32-elf-11.2.0` | `C:\SysGCC\esp32-11.2` | + +Note the latest toolchain value is the default install name of `C:\SysGCC\esp32`. + + ### Benchmarks w/ `USE_FAST_MATH` and `WOLFSSL_SMALL_STACK` options diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c index 84211ee268..e8c917c9ae 100644 --- a/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -1,6 +1,6 @@ /* esp32_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,6 +48,9 @@ static const char* TAG = "wolf_hw_aes"; /* mutex */ static wolfSSL_Mutex aes_mutex; +/* Maximum time to wait for AES HW in FreeRTOS ticks */ +#define WOLFSSL_AES_MUTEX_WAIT 5000 + /* keep track as to whether esp aes is initialized */ static int espaes_CryptHwMutexInit = 0; @@ -86,7 +89,13 @@ static int esp_aes_hw_InUse(void) * of esp_CryptHwMutexLock(&aes_mutex ...) in code */ /* TODO - do we really want to wait? * probably not */ - ret = esp_CryptHwMutexLock(&aes_mutex, portMAX_DELAY); + ret = esp_CryptHwMutexLock(&aes_mutex, WOLFSSL_AES_MUTEX_WAIT); + if (ret == ESP_OK) { + ESP_LOGV(TAG, "esp_CryptHwMutexLock aes success"); + } + else { + ESP_LOGW(TAG, "esp_CryptHwMutexLock aes timeout! %d", ret); + } } else { ESP_LOGE(TAG, "aes engine lock failed."); @@ -597,9 +606,9 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) offset += AES_BLOCK_SIZE; } /* while (blocks--) */ + esp_aes_hw_Leave(); } /* if Set Mode was successful (ret == ESP_OK) */ - esp_aes_hw_Leave(); ESP_LOGV(TAG, "leave wc_esp32AesCbcDecrypt"); return ret; } /* wc_esp32AesCbcDecrypt */ diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 58925626bc..5c37592732 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -1,6 +1,6 @@ /* esp32_mp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,15 +23,15 @@ * See ESP32 Technical Reference Manual - RSA Accelerator Chapter * * esp_mp_exptmod() Large Number Modular Exponentiation Z = X^Y mod M - * esp_mp_mulmod() Large Number Modular Multiplication Z = X × Y mod M - * esp_mp_mul() Large Number Multiplication Z = X × Y + * esp_mp_mulmod() Large Number Modular Multiplication Z = X * Y mod M + * esp_mp_mul() Large Number Multiplication Z = X * Y * * The ESP32 RSA Accelerator supports operand lengths of: - * N ∈ {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits. The bit length + * N in {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits. The bit length * of arguments Z, X, Y , M, and r can be any one from the N set, but all * numbers in a calculation must be of the same length. * - * The bit length of M′ is always 32. + * The bit length of M' is always 32. * * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V" * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464 @@ -1285,8 +1285,8 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) Zs = Xs + Ys; /* RSA Accelerator only supports Large Number Multiplication - * with operand length N = 32 × x, - * where x ∈ {1, 2, 3, . . . , 64} */ + * with operand length N = 32 * x, + * where x in {1, 2, 3, . . . , 64} */ if (Xs > 64 || Ys > 64) { return MP_HW_FALLBACK; /* TODO add count metric on size fallback */ } @@ -1334,7 +1334,7 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) /* Y (left-extend) * Accelerator supports large-number multiplication with only - * four operand lengths of N ∈ {512, 1024, 1536, 2048} */ + * four operand lengths of N in {512, 1024, 1536, 2048} */ left_pad_offset = maxWords_sz << 2; if (left_pad_offset <= 512 >> 3) { left_pad_offset = 512 >> 3; /* 64 bytes (16 words) */ @@ -1583,10 +1583,10 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) * 0 => no interrupt; 1 => interrupt on completion. */ DPORT_REG_WRITE(RSA_INT_ENA_REG, 0); /* 2. Write number of words required for result. */ - /* see 21.3.3 Write (/N16 − 1) to the RSA_MODE_REG register */ + /* see 21.3.3 Write (/N16 - 1) to the RSA_MODE_REG register */ DPORT_REG_WRITE(RSA_MODE_REG, (hwWords_sz * 2 - 1)); - /* 3. Write Xi and Yi for ∈ {0, 1, . . . , n − 1} to memory blocks + /* 3. Write Xi and Yi for {0, 1, . . . , n - 1} to memory blocks * RSA_X_MEM and RSA_Z_MEM * Maximum is 64 words (64*8*4 = 2048 bits) */ esp_mpint_to_memblock(RSA_X_MEM, @@ -1796,7 +1796,7 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) * * See 24.3.3 of the ESP32 Technical Reference Manual * - * Z = X × Y mod M */ + * Z = X * Y mod M */ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) { struct esp_mp_helper mph[1]; /* we'll save some values in this mp helper */ @@ -1839,8 +1839,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* do we have an even moduli? */ if ((M->dp[0] & 1) == 0) { #ifndef NO_ESP_MP_MUL_EVEN_ALT_CALC - /* Z = X × Y mod M in mixed HW & SW*/ + /* Z = X * Y mod M in mixed HW & SW */ + #if defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL) + ret = mp_mul(X, Y, tmpZ); /* SW X * Y */ + #else ret = esp_mp_mul(X, Y, tmpZ); /* HW X * Y */ + #endif if (ret == MP_OKAY) { /* z = tmpZ mod M, 0 <= Z < M */ ret = mp_mod(tmpZ, M, Z); /* SW mod M */ @@ -1940,7 +1944,6 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* lock HW for use, enable peripheral clock */ if (ret == MP_OKAY) { - mulmod_lock_called = TRUE; /* Don't try to unlock unless we locked */ #ifdef WOLFSSL_HW_METRICS { /* Only track max values when using HW */ @@ -1954,6 +1957,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #endif ret = esp_mp_hw_lock(); + if (ret == ESP_OK) { + mulmod_lock_called = TRUE; /* Don't try to unlock unless locked */ + } + else { + ret = WC_HW_WAIT_E; + } } #if defined(CONFIG_IDF_TARGET_ESP32) @@ -1973,13 +1982,13 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) * or until the RSA_INTR interrupt is generated. * (Or until the INTER interrupt is generated.) * 6. Write 1 to RSA_INTERRUPT_REG to clear the interrupt. - * 7. Write Yi (i ∈ [0, n) ∩ N) to RSA_X_MEM + * 7. Write Yi (i in [0, n) intersect N) to RSA_X_MEM * Users need to write to the memory block only according to the length * of the number. Data beyond this length is ignored. * 8. Write 1 to RSA_MULT_START_REG * 9. Wait for the second operation to be completed. * Poll INTERRUPT_REG until it reads 1. - * 10. Read the Zi (i ∈ [0, n) ∩ N) from RSA_Z_MEM + * 10. Read the Zi (i in [0, n) intersect N) from RSA_Z_MEM * 11. Write 1 to RSA_INTERUPT_REG to clear the interrupt. * * post: Release the HW engine @@ -2441,14 +2450,14 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) esp_mp_mulmod_usage_ct); ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures", esp_mp_mulmod_error_ct); - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); esp_show_mp("HW Z", Z); /* this is the HW result */ esp_show_mp("SW Z2", Z2); /* this is the SW result */ ESP_LOGI(TAG, "esp_mp_mulmod_usage_ct = %lu tries", esp_mp_mulmod_usage_ct); ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures", esp_mp_mulmod_error_ct); - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); #ifndef NO_RECOVER_SOFTWARE_CALC @@ -2500,15 +2509,15 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) * ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf * * The operation is based on Montgomery multiplication. Aside from the - * arguments X, Y , and M, two additional ones are needed —r and M′ + * arguments X, Y , and M, two additional ones are needed -r and M' .* These arguments are calculated in advance by software. .* -.* The RSA Accelerator supports operand lengths of N ∈ {512, 1024, 1536, 2048, -.* 2560, 3072, 3584, 4096} bits on the ESP32 and N ∈ [32, 4096] bits +.* The RSA Accelerator supports operand lengths of N in {512, 1024, 1536, 2048, +.* 2560, 3072, 3584, 4096} bits on the ESP32 and N in [32, 4096] bits * on the ESP32s3. .* The bit length of arguments Z, X, Y , M, and r can be any one from * the N set, but all numbers in a calculation must be of the same length. -.* The bit length of M′ is always 32. +.* The bit length of M' is always 32. .* * Z = (X ^ Y) mod M : Espressif generic notation * Y = (G ^ X) mod P : wolfSSL DH reference notation */ @@ -2991,7 +3000,7 @@ int esp_hw_show_mp_metrics(void) "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL"); #else /* Metrics: esp_mp_mul() */ - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mul follows */ + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mul follows */ ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled."); ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu", esp_mp_mul_usage_ct); @@ -3010,7 +3019,7 @@ int esp_hw_show_mp_metrics(void) "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD"); #else /* Metrics: esp_mp_mulmod() */ - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mulmod follows */ + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mulmod follows */ ESP_LOGI(TAG, "esp_mp_mulmod HW acceleration enabled."); /* Metrics: esp_mp_mulmod() */ @@ -3052,7 +3061,7 @@ int esp_hw_show_mp_metrics(void) "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD"); #else /* Metrics: sp_mp_exptmod() */ - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* exptmod follows */ + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* exptmod follows */ ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu", esp_mp_exptmod_usage_ct); diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index a2244af173..bef77b09e4 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -1,6 +1,6 @@ /* esp32_sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,9 +43,6 @@ #if !defined(NO_SHA) || !defined(NO_SHA256) || defined(WC_SHA384) || \ defined(WC_SHA512) -#include "wolfssl/wolfcrypt/logging.h" - - /* this entire file content is excluded if not using HW hash acceleration */ #if defined(WOLFSSL_ESP32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) @@ -58,9 +55,16 @@ #include #include +#elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + #include #else #include /* ESP32-WROOM */ #endif + +/* wolfSSL */ +#include #include #include #include @@ -75,13 +79,18 @@ #include #endif +/* A value for an initialized, but not-yet-known SHA: */ +#define WC_UNKNOWN_SHA (-1) + +#define WC_ESP_MAX_IDLE_WAIT 10000 + static const char* TAG = "wolf_hw_sha"; #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) - /* keep track of the currently active SHA hash object for interleaving */ + /* Keep track of the currently active SHA hash object for interleaving. */ const static word32 ** _active_digest_address = 0; #endif @@ -90,7 +99,7 @@ static const char* TAG = "wolf_hw_sha"; #endif #if defined(DEBUG_WOLFSSL) - /* Only when debugging, we'll keep tracking of block numbers. */ + /* Only when debugging, we'll keep tracking of SHA block numbers. */ static int this_block_num = 0; #endif @@ -102,9 +111,12 @@ static const char* TAG = "wolf_hw_sha"; #endif #ifdef WOLFSSL_DEBUG_MUTEX - #ifndef WOLFSSL_TEST_STRAY + #ifdef WOLFSSL_TEST_STRAY + #define WOLFSSL_TEST_STRAY_INJECT (esp_sha_call_count() == 10) + #else /* unless turned on, we won't be testing for strays */ #define WOLFSSL_TEST_STRAY 0 + #define WOLFSSL_TEST_STRAY_INJECT 0 #endif #endif @@ -122,11 +134,30 @@ static const char* TAG = "wolf_hw_sha"; static unsigned long esp_byte_reversal_needed_ct = 0; #endif + static uintptr_t mutex_ctx_owner = NULLPTR; + static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; + #if defined(ESP_MONITOR_HW_TASK_LOCK) - static void * mutex_ctx_owner = 0; - static TaskHandle_t mutex_ctx_task = 0; + #ifdef SINGLE_THREADED + uintptr_t esp_sha_mutex_ctx_owner(void) + { + return mutex_ctx_owner; + } + #else + static TaskHandle_t mutex_ctx_task = NULL; + uintptr_t esp_sha_mutex_ctx_owner(void) + { + uintptr_t ret = 0; + taskENTER_CRITICAL(&sha_crit_sect); + { + ret = mutex_ctx_owner; + } + taskEXIT_CRITICAL(&sha_crit_sect); + return ret; + }; + #endif + #ifdef WOLFSSL_DEBUG_MUTEX - static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; WC_ESP32SHA* stray_ctx; /* each ctx keeps track of the initializer for HW. when debugging * we'll have a global variable to indicate which has the lock. */ @@ -143,40 +174,50 @@ static const char* TAG = "wolf_hw_sha"; return _sha_lock_count; } - void* esp_sha_mutex_ctx_owner(void) - { - void* ret = 0; - taskENTER_CRITICAL(&sha_crit_sect); - { - ret = mutex_ctx_owner; - } - taskEXIT_CRITICAL(&sha_crit_sect); - return ret; - }; - #else - int esp_sha_mutex_ctx_owner(void) - { - return (int)sha_mutex; - } #endif #endif +/* esp_set_hw - set hardware lock, but only if there's no other known + * current mutex owner. */ +int esp_set_hw(WC_ESP32SHA* ctx) +{ + int ret = ESP_FAIL; + if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) { + ESP_LOGV(TAG, "Initializing current mutext owner!"); + if (esp_sha_hw_islocked(ctx)) { + ESP_LOGV(TAG, "esp_set_hw already locked: 0x%x", (intptr_t)ctx); + } + ctx->mode = ESP32_SHA_HW; + mutex_ctx_owner = (uintptr_t)ctx; + ret = ESP_OK; + } + else { + ESP_LOGV(TAG, "esp_sha_init_ctx HW for non-owner 0x%x", (intptr_t)ctx); + } + return ret; +} + /* ** The wolfCrypt functions for LITTLE_ENDIAN_ORDER typically ** reverse the byte order. Except when the hardware doesn't expect it. ** +** For SoC devices with no HW (Hardware Acceleration) support: +** ctx->sha_type will be SHA_INVALID +** ctx->mode will be ESP32_SHA_SW +** ** Returns 0 (FALSE) or 1 (TRUE); see wolfSSL types.h */ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) { - int ret = TRUE; /* assume we'll need reversal, look for exceptions */ + int ret = 1; /* Assume we'll need reversal, look for exceptions. */ + CTX_STACK_CHECK(ctx); #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) if (ctx == NULL) { ESP_LOGE(TAG, " ctx is null"); - /* return true for bad params */ + /* Return true for bad params */ } else { #ifdef WOLFSSL_HW_METRICS @@ -186,12 +227,12 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) #endif if (ctx->mode == ESP32_SHA_HW) { ESP_LOGV(TAG, " No reversal, ESP32_SHA_HW"); - ret = FALSE; + ret = 0; } else { - ret = TRUE; + ret = 1; ESP_LOGV(TAG, " Need byte reversal, %d", ctx->mode); - /* return true for SW; only HW C3 skips reversal at this time. */ + /* Return true for SW; only HW C3 skips reversal at this time. */ #ifdef WOLFSSL_HW_METRICS { esp_byte_reversal_needed_ct++; @@ -204,8 +245,10 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) } } #else - /* other platforms always return true */ + /* Other platforms always return true. */ #endif + CTX_STACK_CHECK(ctx); + return ret; } @@ -218,20 +261,42 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) ** Active HW states, such as from during a copy operation, are demoted to SW. ** For hash_type not available in HW, set SW mode. ** -** See esp_sha_init_ctx(ctx) +** For ctx, mode will be +** ESP32_SHA_INIT - For initialized, hardware-ready +** ESP32_SHA_SW - Software only +** +** See esp_sha_init_ctx(ctx) for common initialization of ctx. */ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) { - int ret = 0; + int ret = ESP_OK; + +#ifdef DEBUG_WOLFSSL_SHA_MUTEX + ESP_LOGV(TAG, "\n\nesp_sha_init for ctx %p\n\n", ctx); +#endif + + if (ctx == NULL) { + return ESP_FAIL; + } + +#if defined(WOLFSSL_STACK_CHECK) + ctx->first_word = 0; + ctx->last_word = 0; +#endif + CTX_STACK_CHECK(ctx); + + ret = esp_sha_init_ctx(ctx); -#if defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) +#if defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + + /* ESP32 Xtensa Architecture SoC. Each has different features: */ switch (hash_type) { /* check each wolfSSL hash type WC_[n] */ #ifndef NO_SHA case WC_HASH_TYPE_SHA: ctx->sha_type = SHA1; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; #endif @@ -239,7 +304,6 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) #if defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); #else /* Don't call init, always SW as there's no HW. */ ctx->mode = ESP32_SHA_SW; @@ -248,32 +312,27 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) case WC_HASH_TYPE_SHA256: ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; #if defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) case WC_HASH_TYPE_SHA384: ctx->mode = ESP32_SHA_SW; - ctx->sha_type = SHA2_384; /* Espressif type, but we won't use HW */ break; #else case WC_HASH_TYPE_SHA384: ctx->sha_type = SHA2_384; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; #endif case WC_HASH_TYPE_SHA512: ctx->sha_type = SHA2_512; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: /* Don't call init, always SW as there's no HW. */ ctx->mode = ESP32_SHA_SW; - ctx->sha_type = SHA2_512; /* Espressif type, but we won't use HW */ break; #endif @@ -281,245 +340,84 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) case WC_HASH_TYPE_SHA512_256: /* Don't call init, always SW as there's no HW. */ ctx->mode = ESP32_SHA_SW; - ctx->sha_type = SHA2_512; /* Espressif type, but we won't use HW */ break; #endif default: - ret = esp_sha_init_ctx(ctx); - ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init"); - break; + ctx->mode = ESP32_SHA_SW; + ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init"); + break; } #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) + + /* ESP32 RISC-V Architecture SoC. Each has different features: */ + switch (hash_type) { /* check each wolfSSL hash type WC_[n] */ - #ifndef NO_SHA + #ifndef NO_SHA case WC_HASH_TYPE_SHA: ctx->sha_type = SHA1; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; - #endif + #endif case WC_HASH_TYPE_SHA224: ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; case WC_HASH_TYPE_SHA256: ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */ - ret = esp_sha_init_ctx(ctx); break; default: /* We fall through to SW when there's no enabled HW, above. */ ctx->mode = ESP32_SHA_SW; - ret = 0; - /* If there's no HW, the ctx reference should cause build error. - ** The type should be gated away when there's no HW at all! */ - ctx->isfirstblock = true; - ctx->sha_type = hash_type; ESP_LOGW(TAG, "Unsupported hash_type = %d in esp_sha_init, " "falling back to SW", hash_type); break; } #else - /* other chipsets will be implemented here */ + /* Other chipsets will be implemented here, fallback to SW for now: */ ESP_LOGW(TAG, "SW Fallback; CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); ctx->mode = ESP32_SHA_SW; -#endif /* CONFIG_IDF_TARGET_ESP32 || - * CONFIG_IDF_TARGET_ESP32S2 || - * CONFIG_IDF_TARGET_ESP32S3 */ +#endif /* CONFIG_IDF_TARGET_[nnn] */ + CTX_STACK_CHECK(ctx); return ret; } -/* we'll call a separate init as there's only 1 HW acceleration */ +/* we'll call a common init for non-chip-specific settings */ int esp_sha_init_ctx(WC_ESP32SHA* ctx) { - if (ctx->initializer == NULL) { - ESP_LOGV(TAG, "regular init of blank WC_ESP32SHA ctx"); + CTX_STACK_CHECK(ctx); - /* we'll keep track of who initialized this */ - ctx->initializer = ctx; /* save our address in the initializer */ - #ifdef ESP_MONITOR_HW_TASK_LOCK - { - /* Keep track of which freeRTOS task actually locks HW */ - ctx->task_owner = xTaskGetCurrentTaskHandle(); - } - #endif - ctx->mode = ESP32_SHA_INIT; - } - else { - /* things may be more interesting when previously initialized */ - if (ctx->initializer == ctx) { - /* We're likely re-using an existing object previously initialized. - ** There's of course a non-zero probability that garbage data is - ** the same pointer value, but that's highly unlikely; We'd need - ** to discard, then re-init to same memory location for a matching - ** initializer. */ - ESP_LOGV(TAG, "re-using existing WC_ESP32SHA ctx"); - - /* we should never have an unexpected mode in a known ctx */ - switch (ctx->mode) { - case ESP32_SHA_FREED: - ESP_LOGW(TAG, "Warning: ESP32_SHA_FREED status"); + ctx->mode = ESP32_SHA_INIT; - #ifdef ESP_MONITOR_HW_TASK_LOCK - if (ctx->task_owner == xTaskGetCurrentTaskHandle()) { - esp_sha_hw_unlock(ctx); - } - else { - ESP_LOGW(TAG, "Warning: unable to unlock ctx mutex "); - } - #else - esp_sha_hw_unlock(ctx); - #endif - ctx->mode = ESP32_SHA_INIT; - /* fall through to init */ - - case ESP32_SHA_INIT: - case ESP32_SHA_SW: - /* nothing interesting here */ - break; - - case ESP32_SHA_HW: - /* This will be dealt with below: likely demote to SW */ - break; - - case ESP32_SHA_HW_COPY: - /* This is an interesting mode, caller gave HW mode hint */ - ESP_LOGI(TAG, "ALERT: ESP32_SHA_HW_COPY?"); - break; - - default: - /* This should almost never occur. We'd need to have an - ** uninitialized ctx that just happens to include the - ** breadcrumb initializer with the same address. */ - ESP_LOGW(TAG, "ALERT: unexpected WC_ESP32SHA ctx mode: " - "%d. ", ctx->mode); - ctx->mode = ESP32_SHA_INIT; - break; - } - /* We don't need to do anything here, - ** this section for diagnostics only. - ** May need to unlock HW, below. */ - } /* ctx->initializer == ctx */ - else { - /* We may end up here with either dirty memory - ** or copied SHA ctx. - ** - ** Any copy function should have already set mode = ESP32_SHA_INIT. - ** - ** In either case, initialize: */ - ctx->initializer = ctx; /* set a new address */ - #ifdef ESP_MONITOR_HW_TASK_LOCK - { - /* not HW mode, so we are not interested in task owner */ - ctx->task_owner = 0; - } - #endif - - /* Always set to ESP32_SHA_INIT, but give debug info as to why: */ - switch (ctx->mode) { - case ESP32_SHA_FREED: - ESP_LOGE(TAG, "ERROR: unexpected ESP32_SHA_FREED"); - ctx->mode = ESP32_SHA_INIT; - break; - - case ESP32_SHA_INIT: - /* if we are already in init mode, nothing to do. */ - break; - - case ESP32_SHA_SW: - /* this should rarely, if ever occur */ - ESP_LOGW(TAG, "ALERT: unexpected SW WC_ESP32SHA ctx mode. " - "Copied? Revert to ESP32_SHA_INIT."); - ctx->mode = ESP32_SHA_INIT; - break; - - case ESP32_SHA_HW: - /* this should rarely, if ever occur. */ - ESP_LOGW(TAG, "ALERT: unexpected HW WC_ESP32SHA ctx mode. " - "Copied?"); - ctx->mode = ESP32_SHA_INIT; - break; - - case ESP32_SHA_HW_COPY: - /* This is an interesting but acceptable situation: - ** an anticipated active HW copy that will demote to SW. */ - ESP_LOGV(TAG, "HW WC_ESP32SHA ctx mode = " - "ESP32_SHA_HW_COPY."); - break; - - default: - /* this will frequently occur during new init */ - ESP_LOGV(TAG, "ALERT: unexpected WC_ESP32SHA ctx mode. " - "Uninitialized?"); - ctx->mode = ESP32_SHA_INIT; - break; - } /* switch */ - } /* ctx->initializer != ctx */ - } /* ctx->initializer != NULL */ - - /* - ** After possibly changing the mode (above) handle current mode: - */ - switch (ctx->mode) { - case ESP32_SHA_INIT: - /* Likely a fresh, new SHA, as desired. */ - ESP_LOGV(TAG, "Normal ESP32_SHA_INIT"); - break; + /* This is a generic init; we don't yet know SHA type. */ + ctx->sha_type = WC_UNKNOWN_SHA; - case ESP32_SHA_HW: - /* We're already in hardware mode, so release. */ - /* Interesting, but normal. */ - ESP_LOGV(TAG, ">> HW unlock."); + /* Reminder: always start isfirstblock = 1 (true) when using HW engine. */ + /* We're always on the first block at init time. (not zero-based!) */ + ctx->isfirstblock = 1; + ctx->lockDepth = 0; /* new objects will always start with lock depth = 0 */ - /* During init is the ONLY TIME we call unlock. - ** If there's a problem, likely some undesired operation - ** outside of wolfSSL. - */ - /* TODO debug check if HW actually locked; */ +#if defined(MUTEX_DURING_INIT) + if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) { + ESP_LOGV(TAG, "Initializing current mutext owner!"); + if (esp_sha_hw_islocked(ctx)) { esp_sha_hw_unlock(ctx); - ctx->mode = ESP32_SHA_INIT; - break; - - case ESP32_SHA_HW_COPY: - /* When we init during a known active HW copy, revert to SW. */ - ESP_LOGV(TAG, "Planned revert to SW during copy."); - ctx->mode = ESP32_SHA_SW; - break; - - case ESP32_SHA_SW: - /* This is an interesting situation: likely a call when - ** another SHA in progress, but copied. */ - ESP_LOGV(TAG, ">> SW Set to init."); - ctx->mode = ESP32_SHA_INIT; - break; - - case ESP32_SHA_FAIL_NEED_UNROLL: - /* Oh, how did we get here? likely uninitialized SHA memory. - ** User code logic may need attention. */ - ESP_LOGW(TAG, "ALERT: \nESP32_SHA_FAIL_NEED_UNROLL\n"); - ctx->mode = ESP32_SHA_INIT; - break; - - default: - /* Most likely corrupted memory. */ - ESP_LOGW(TAG, "ALERT: \nunexpected mode value: " - "%d \n", ctx->mode); - ctx->mode = ESP32_SHA_INIT; - break; - } /* switch (ctx->mode) */ - - /* reminder: always start isfirstblock = 1 (true) when using HW engine */ - /* we're always on the first block at init time (not zero-based!) */ - ctx->isfirstblock = true; - ctx->lockDepth = 0; /* new objects will always start with lock depth = 0 */ + } + mutex_ctx_owner = (uintptr_t)ctx; + } + else { + ESP_LOGI(TAG, "MUTEX_DURING_INIT esp_sha_init_ctx for non-owner: " + "0x%x", (intptr_t)ctx); + } +#endif + CTX_STACK_CHECK(ctx); return ESP_OK; /* Always return success. * We assume all issues handled, above. */ } /* esp_sha_init_ctx */ @@ -542,17 +440,14 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst) /* Get a copy of the HW digest, but don't process it. */ ret = esp_sha_digest_process(dst, 0); if (ret == 0) { - /* Note we arrived here only because - * the src is already in HW mode. - * provide init hint to SW revert: */ - dst->ctx.mode = ESP32_SHA_HW_COPY; - /* initializer will be set during init */ ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA); if (ret != 0) { ESP_LOGE(TAG, "Error during esp_sha_ctx_copy " "in esp_sha_init."); } + /* As src is HW, the copy will be SW. TODO: Future interleave. */ + dst->ctx.mode = ESP32_SHA_SW; } else { ESP_LOGE(TAG, "Error during esp_sha_ctx_copy " @@ -577,7 +472,7 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst) else { /* However NOT reverting to SW is not right. ** This should never happen. */ - ESP_LOGW(TAG, "SHA Copy NOT set to SW"); + ESP_LOGW(TAG, "SHA Copy NOT set to SW from %d", dst->ctx.mode); } } /* (src->ctx.mode == ESP32_SHA_HW */ else { /* src not in HW mode, ok to copy. */ @@ -585,8 +480,8 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst) ** reminder XMEMCOPY, above: dst->ctx = src->ctx; ** No special HW init needed in SW mode. ** but we need to set our initializer breadcrumb: */ - dst->ctx.initializer = &(dst->ctx); /* assign new breadcrumb to dst */ - #ifdef ESP_MONITOR_HW_TASK_LOCK + dst->ctx.initializer = (uintptr_t)&(dst->ctx); + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { /* not HW mode for copy, so we are not interested in task owner */ dst->ctx.task_owner = 0; @@ -600,18 +495,18 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst) } /* esp_sha_ctx_copy */ #endif - /* -** internal sha224 ctx copy (no ESP HW) +** Internal sha224 ctx copy (no ESP HW) */ #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) { - /* There's no 224 hardware on ESP32 */ - dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */ - #ifdef ESP_MONITOR_HW_TASK_LOCK + /* There's no 224 hardware on ESP32. + * Initializer for dst is this ctx address for use as a breadcrumb. */ + dst->ctx.initializer = (uintptr_t)&dst->ctx; + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { - /* not HW mode for copy, so we are not interested in task owner */ + /* not HW mode for copy, so we are not interested in task owner: */ dst->ctx.task_owner = 0; } #endif @@ -635,14 +530,16 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) ESP_LOGI(TAG, "esp_sha256_ctx_copy esp_sha512_digest_process"); } #endif - ret = esp_sha256_digest_process(dst, 0); /* TODO Use FALSE*/ - - if (ret == 0) { - /* provide init hint to possibly SW revert */ - dst->ctx.mode = ESP32_SHA_HW_COPY; + ret = esp_sha256_digest_process(dst, FALSE); + if (ret == ESP_OK) { /* initializer breadcrumb will be set during init */ - ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA256 ); + ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA256); + /* As src is HW, the copy will be SW. TODO: Future interleave. */ + dst->ctx.mode = ESP32_SHA_SW; + } + else { + ESP_LOGE(TAG, "Unexpected error during sha256 ctx copy: %d", ret); } if (dst->ctx.mode == ESP32_SHA_SW) { @@ -660,17 +557,19 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) ESP_LOGV(TAG, "Confirmed wc_Sha256 Copy set to SW"); } else { - ESP_LOGW(TAG, "wc_Sha256 Copy NOT set to SW"); + ESP_LOGW(TAG, "wc_Sha256 Copy (mode = %d) set to SW", + dst->ctx.mode); + dst->ctx.mode = ESP32_SHA_SW; } } /* (src->ctx.mode == ESP32_SHA_HW) */ else { - ret = 0; + ret = ESP_OK; /* ** reminder this happened in XMEMCOPY: dst->ctx = src->ctx; ** No special HW init needed in SW mode. - ** but we need to set our initializer: */ - dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */ - #ifdef ESP_MONITOR_HW_TASK_LOCK + ** but we need to set our initializer (helpful in multi-task RTOS) */ + dst->ctx.initializer = (uintptr_t)&(dst->ctx); + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { /* not HW mode, so we are not interested in task owner */ dst->ctx.task_owner = 0; @@ -705,7 +604,7 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) #else if (src->ctx.mode == ESP32_SHA_HW) { /* Get a copy of the HW digest, but don't process it. */ - ESP_LOGI(TAG, "esp_sha384_ctx_copy esp_sha512_digest_process"); + ESP_LOGV(TAG, "esp_sha384_ctx_copy esp_sha512_digest_process"); ret = esp_sha512_digest_process(dst, 0); if (ret == 0) { /* provide init hint to SW revert */ @@ -734,11 +633,11 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) else { ret = 0; /* - ** reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx; + ** Reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx; ** No special HW init needed in SW mode. - ** but we need to set our initializer: */ - dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */ - #ifdef ESP_MONITOR_HW_TASK_LOCK + ** But we need to set our initializer in dst as a breadcrumb: */ + dst->ctx.initializer = (uintptr_t)&(dst->ctx); + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { /* not HW mode for copy, so we are not interested in task owner */ dst->ctx.task_owner = 0; @@ -766,16 +665,17 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) - /* there's no SHA512 HW on the RISC-V SoC so there's nothing to do. */ + /* There's no SHA512 HW on these RISC-V SoC so there's nothing to do. + * (perhaps a future one will?) */ #elif defined(CONFIG_IDF_TARGET_ESP32) || \ defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) if (src->ctx.mode == ESP32_SHA_HW) { /* Get a copy of the HW digest, but don't process it. */ - ESP_LOGI(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process"); - ret = esp_sha512_digest_process(dst, 0); + ESP_LOGV(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process"); + ret = esp_sha512_digest_process(dst, FALSE); - if (ret == 0) { + if (ret == ESP_OK) { /* provide init hint to SW revert */ dst->ctx.mode = ESP32_SHA_HW_COPY; @@ -789,27 +689,27 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) ESP_LOGV(TAG, "Confirmed wc_Sha512 Copy set to SW"); } else { - ESP_LOGW(TAG, "wc_Sha512 Copy NOT set to SW"); + ESP_LOGW(TAG, "wc_Sha512 Copy set to SW"); + dst->ctx.mode = ESP32_SHA_SW; } } /* src->ctx.mode == ESP32_SHA_HW */ else { - ret = 0; + ret = ESP_OK; /* reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx; ** No special HW init needed when not in active HW mode. ** but we need to set our initializer breadcrumb: */ - /* TODO: instead of what is NOT supported, gate on what IS known to be supported */ #if !defined(CONFIG_IDF_TARGET_ESP32C2) && \ !defined(CONFIG_IDF_TARGET_ESP32C3) && \ !defined(CONFIG_IDF_TARGET_ESP32C6) - dst->ctx.initializer = &dst->ctx; /*breadcrumb is this ctx address */ + dst->ctx.initializer = (uintptr_t)&(dst->ctx); #endif - #ifdef ESP_MONITOR_HW_TASK_LOCK + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { /* not HW mode for copy, so we are not interested in task owner */ dst->ctx.task_owner = 0; } - #endif - } + #endif + } /* else src->ctx.mode != ESP32_SHA_HW */ #endif return ret; @@ -821,14 +721,14 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) ** ** See FIPS PUB 180-4, Instruction Section 1. ** -** See ESP32 shah.h for values: +** See ESP32 sha.h for values: ** ** enum SHA_TYPE { ** SHA1 = 0, ** SHA2_256, ** SHA2_384, ** SHA2_512, -** SHA_INVALID = -1, +** SHA_TYPE_MAX = -1, ** }; ** ** given the SHA_TYPE (see Espressif sha.h) return WC digest size. @@ -917,14 +817,14 @@ static word32 wc_esp_sha_digest_size(WC_ESP_SHA_TYPE type) static int wc_esp_wait_until_idle(void) { int ret = 0; /* assume success */ - int loop_ct = 10000; + int loop_ct = WC_ESP_MAX_IDLE_WAIT; #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) /* ESP32-C3 and ESP32-C6 RISC-V */ - while ((sha_ll_busy() == true) && (loop_ct > 0)) { + while ((sha_ll_busy() == 1) && (loop_ct > 0)) { loop_ct--; /* do nothing while waiting. */ } @@ -942,7 +842,7 @@ static int wc_esp_wait_until_idle(void) #endif if (loop_ct <= 0) { - ESP_LOGI(TAG, "too long to exit wc_esp_wait_until_idle"); + ESP_LOGW(TAG, "Too long to exit wc_esp_wait_until_idle"); } return ret; } /* wc_esp_wait_until_idle */ @@ -970,6 +870,7 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) #if defined(CONFIG_IDF_TARGET_ESP32) word32 this_sha_mask; /* this is the bit-mask for our SHA CLK_EN_REG */ #endif + CTX_STACK_CHECK(ctx); if (ctx == NULL) { ESP_LOGE(TAG, "esp_unroll_sha_module_enable called with null ctx."); @@ -1006,7 +907,7 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) periph_module_disable(PERIPH_SHA_MODULE); asm volatile("memw"); actual_unroll_count++; - ESP_LOGI(TAG, "unroll not yet successful. try #%d", + ESP_LOGW(TAG, "unroll not yet successful. try #%d", actual_unroll_count); /* we'll only try this some unreasonable number of times @@ -1025,7 +926,11 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) ** This should never happen unless someone else called ** periph_module_disable() or threading not working properly. **/ - ESP_LOGW(TAG, "warning lockDepth mismatch."); + ESP_LOGW(TAG, "warning lockDepth mismatch: %d", ctx->lockDepth); + if (actual_unroll_count == 0 && ctx->lockDepth > 2) { + ESP_LOGW(TAG, "Large lockDepth discrepancy often indicates " + "stack overflow or memory corruption"); + } } ctx->lockDepth = 0; ctx->mode = ESP32_SHA_INIT; @@ -1039,16 +944,36 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) ESP_LOGI(TAG, "Setting ctx->mode = ESP32_SHA_SW"); ctx->mode = ESP32_SHA_SW; } + CTX_STACK_CHECK(ctx); return ret; } /* esp_unroll_sha_module_enable */ -int esp_sha_set_stray(WC_ESP32SHA* ctx) +/* Set and return a stray ctx value stray_ctx. Useful for multi-task debugging. + * Returns zero if not debugging. */ +uintptr_t esp_sha_set_stray(WC_ESP32SHA* ctx) { - int ret = 0; + uintptr_t ret = 0; + CTX_STACK_CHECK(ctx); + #ifdef WOLFSSL_DEBUG_MUTEX stray_ctx = ctx; - ret= (int)stray_ctx; + ret = (uintptr_t)stray_ctx; #endif + CTX_STACK_CHECK(ctx); + return ret; +} + +/* Return 1 if the SHA HW is in use, 0 otherwise. */ +int esp_sha_hw_in_use() +{ + int ret; +#ifdef SINGLE_THREADED + ret = InUse; +#else + ret = (mutex_ctx_owner != NULLPTR); + ESP_LOGV(TAG, "mutex_ctx_owner is 0x%x", mutex_ctx_owner); +#endif + ESP_LOGV(TAG, "esp_sha_hw_in_use is %d", ret); return ret; } @@ -1058,18 +983,21 @@ int esp_sha_set_stray(WC_ESP32SHA* ctx) ** When WOLFSSL_DEBUG_MUTEX is defined, additional ** debugging capabilities are available. */ -int esp_sha_hw_islocked(WC_ESP32SHA* ctx) +uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx) { - int ret = 0; + TaskHandle_t mutexHolder; + uintptr_t ret = 0; + CTX_STACK_CHECK(ctx); + #ifdef WOLFSSL_DEBUG_MUTEX taskENTER_CRITICAL(&sha_crit_sect); { - ret = (int)mutex_ctx_owner; + ret = (uintptr_t)mutex_ctx_owner; if (ctx == 0) { /* we are not checking if a given ctx has the lock */ } else { - if (ret == (int)ctx->initializer) { + if (ret == (uintptr_t)ctx->initializer) { /* confirmed this object is the owner */ } else { @@ -1085,7 +1013,30 @@ int esp_sha_hw_islocked(WC_ESP32SHA* ctx) } #else { - ret = (int)sha_mutex; + if (sha_mutex == NULL) { + mutexHolder = NULL; + } + else { + mutexHolder = xSemaphoreGetMutexHolder(sha_mutex); + } + + if (mutexHolder == NULL) { + /* Mutex is not in use */ + ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = false"); + ret = 0; + } + else { + ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = true"); + ret = mutex_ctx_owner; + } + + /* Verbose debug diagnostics */ + if (NULLPTR == mutex_ctx_owner) { + ESP_LOGV(TAG, "not esp_sha_hw_islocked, mutex_ctx_owner is Null"); + } + else { + ESP_LOGV(TAG, "esp_sha_hw_islocked for 0x%x", mutex_ctx_owner); + } } #endif return ret; @@ -1101,57 +1052,92 @@ int esp_sha_hw_islocked(WC_ESP32SHA* ctx) (int)esp_sha_mutex_ctx_owner()); } #endif + CTX_STACK_CHECK(ctx); return ret; } /* * The HW is typically unlocked when the SHA hash wc_Sha[nn]Final() is called. - * However, in the case of TS connections, the in progress hash may at times be + * However, in the case of TLS connections the in-progress hash may at times be * abandoned. Thus this function should be called at free time. See internal.c + * + * Returns the owner of the current lock, typically used for debugging. + * Returns zero if there was no unfinished lock found to clean up. */ -int esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) +uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) { - int ret = 0; + uintptr_t ret = 0; + CTX_STACK_CHECK(ctx); + ret = esp_sha_hw_islocked(ctx); /* get the owner of the current lock */ if (ret == 0) { - /* no lock */ + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + ESP_LOGV(TAG, "No unfinished lock to clean up for ctx %p.", ctx); + #endif } else { - if (ret == (int)ctx) { + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + ESP_LOGI(TAG, "Unfinished lock clean up: %p.", ctx); + #endif + if (ret == (uintptr_t)ctx) { /* found a match for this object */ - if (ret == (int)(ctx->initializer)) { + if (ret == ctx->initializer) { /* confirmed match*/ + ESP_LOGW(TAG, "New mutex_ctx_owner = NULL"); + #ifdef ESP_MONITOR_HW_TASK_LOCK + { + mutex_ctx_owner = NULLPTR; + } + #endif } else { - /* the only mismatch expected may be in a mullti-thread RTOS */ - ESP_LOGE(TAG, "ERROR: esp_sha_release_unfinished_lock for %x" - " but found %x", ret, (int)(ctx->initializer)); + /* the only mismatch expected may be in a multi-thread RTOS */ + ESP_LOGE(TAG, "ERROR: Release unfinished lock for %x but " + "found %x", ret, ctx->initializer); } #ifdef WOLFSSL_DEBUG_MUTEX ESP_LOGE(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret); #endif + /* unlock only if this ctx is the initializer of the lock */ #ifdef SINGLE_THREADED { ret = esp_sha_hw_unlock(ctx); } #else - { - if (ctx->task_owner == xTaskGetCurrentTaskHandle()) { - ret = esp_sha_hw_unlock(ctx); - } - else { - /* We cannot free a SHA onbject locks from a different task. - * So give the ctx a hint for the other task to clean it up. */ - ctx->mode = ESP32_SHA_FREED; + #if defined(ESP_MONITOR_HW_TASK_LOCK) + { + if (ctx->task_owner == xTaskGetCurrentTaskHandle()) { + ESP_LOGV(TAG, "esp_sha_hw_unlock!"); + } + else { + /* We cannot free a SHA object lock from a different task. + * So give the ctx a hint for other task to clean it up. */ + ctx->mode = ESP32_SHA_FREED; + ESP_LOGV(TAG, "ESP32_SHA_FREED"); + } } - } - #endif + #else + /* Here we assume only 1 task, so no ESP32_SHA_FREED hint. */ + ret = esp_sha_hw_unlock(ctx); + #endif /* ESP_MONITOR_HW_TASK_LOCK */ + #endif /* SINGLE_THREADED or not */ + + } /* ret == ctx */ + } /* else not locked */ + CTX_STACK_CHECK(ctx); + if (ctx->mode != ESP32_SHA_INIT) { +#if defined(WOLFSSL_ESP32_HW_LOCK_DEBUG) + ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode); +#endif + if (ctx->mode == ESP32_SHA_HW) { + ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!"); } } return ret; -} +} /* esp_sha_release_unfinished_lock */ + /* ** lock HW engine. ** this should be called before using engine. @@ -1159,9 +1145,11 @@ int esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) { int ret = 0; + CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x", (int)ctx->initializer); + ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x", + (uintptr_t)ctx->initializer); #endif #ifdef WOLFSSL_DEBUG_MUTEX @@ -1180,22 +1168,28 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* Init mutex * - * Note that even single thread mode may calculate hashes - * concurrently, so we still need to keep track of the - * engine being busy or not. - **/ + * Note that even single thread mode may calculate separate hashes + * concurrently, so we still need to keep track of the engine being + * busy or not. + */ #if defined(SINGLE_THREADED) if (ctx->mode == ESP32_SHA_INIT) { - if (!InUse) { - ctx->mode = ESP32_SHA_HW; - InUse = 1; + if (InUse) { + /* Revert to SW when HW is busy */ + ctx->mode = ESP32_SHA_SW; } else { - ctx->mode = ESP32_SHA_SW; + /* Set single-threaded hardware mode. */ + ctx->mode = ESP32_SHA_HW; + InUse = 1; + #ifdef WOLFSSL_DEBUG_MUTEX + ESP_LOGW(TAG, "\n\nHW in use\n\n"); + #endif } + ret = ESP_OK; } else { - /* this should not happens */ + /* this should not happen */ ESP_LOGE(TAG, "unexpected error in esp_sha_try_hw_lock."); return ESP_FAIL; } @@ -1223,21 +1217,36 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* created, but not yet locked */ ret = esp_CryptHwMutexInit(&sha_mutex); if (ret == 0) { - #ifdef WOLFSSL_DEBUG_MUTEX - ESP_LOGI(TAG, "esp_CryptHwMutexInit sha_mutex init success."); - mutex_ctx_owner = 0; - #endif - } + ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success."); + mutex_ctx_owner = NULLPTR; /* No one has the mutex yet.*/ + #ifdef WOLFSSL_DEBUG_MUTEX + { + /* Take mutex for lock/unlock test drive to ensure it works: */ + ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0); + if (ret == ESP_OK) { + ret = esp_CryptHwMutexUnLock(&sha_mutex); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init lock."); + } + } + else { + ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init unlock."); + } + } + #endif + } /* ret == 0 for esp_CryptHwMutexInit */ else { ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed."); - sha_mutex = 0; + #ifdef WOLFSSL_DEBUG_MUTEX + { + ESP_LOGV(TAG, "Current mutext owner = %x", + (int)esp_sha_mutex_ctx_owner()); + } + #endif - ESP_LOGI(TAG, "Revert to ctx->mode = ESP32_SHA_SW."); + sha_mutex = NULL; - #ifdef WOLFSSL_DEBUG_MUTEX - ESP_LOGI(TAG, "Current mutext owner = %x", - (int)esp_sha_mutex_ctx_owner()); - #endif + ESP_LOGV(TAG, "Revert to ctx->mode = ESP32_SHA_SW."); ctx->mode = ESP32_SHA_SW; return ESP_OK; /* success, just not using HW */ @@ -1245,32 +1254,42 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } #ifdef ESP_MONITOR_HW_TASK_LOCK + /* Nothing happening here other than messages based on mutex states */ if (mutex_ctx_task == 0 || mutex_ctx_owner == 0) { /* no known stray mutex task owner */ } else { if (mutex_ctx_task == xTaskGetCurrentTaskHandle()) { - ESP_LOGI(TAG, "Found mutex_ctx_task"); + ESP_LOGV(TAG, "Found mutex_ctx_task"); if (((WC_ESP32SHA*)mutex_ctx_owner)->mode == ESP32_SHA_FREED) { ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking mutex_ctx_task = %x" " for mutex_ctx_owner = %x", - (int)mutex_ctx_task, (int)mutex_ctx_owner ); - esp_CryptHwMutexUnLock(&sha_mutex); - ((WC_ESP32SHA*)mutex_ctx_owner)->mode = ESP32_SHA_INIT; - mutex_ctx_task = 0; - mutex_ctx_owner = 0; + (int)mutex_ctx_task, + (int)mutex_ctx_owner); } else { if (ctx->mode == ESP32_SHA_FREED) { - ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking ctx = %x" - " for ctx.initializer = %x", - (int)ctx, (int)ctx->initializer ); - esp_CryptHwMutexUnLock(&sha_mutex); - ctx->mode = ESP32_SHA_INIT; - mutex_ctx_task = 0; - mutex_ctx_owner = 0; + ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking (disabled) " + "ctx = %x for ctx.initializer = %x", + (uintptr_t)ctx, + (uintptr_t)ctx->initializer); } - } + else { + /* Not very interesting during init. */ + if (ctx->mode == ESP32_SHA_INIT) { + ESP_LOGV(TAG, "mutex_ctx_owner = 0x%x", + mutex_ctx_owner); + ESP_LOGV(TAG, "This ctx = 0x%x is ESP32_SHA_INIT", + (uintptr_t)ctx); + } + else { + ESP_LOGW(TAG, "Not Freed!"); + } + } /* ctx ESP32_SHA_FREED check */ + } /* mutex owner ESP32_SHA_FREED check */ + } /* mutex_ctx_task is current task */ + else { + ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task"); } } #endif /* ESP_MONITOR_HW_TASK_LOCK */ @@ -1279,8 +1298,12 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) if (ctx->mode == ESP32_SHA_INIT) { /* try to lock the HW engine */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - ESP_LOGI(TAG, "ESP32_SHA_INIT for %x\n", (int)ctx->initializer); + ESP_LOGI(TAG, "ESP32_SHA_INIT for %x\n", (uintptr_t)ctx->initializer); #endif + ESP_LOGV(TAG, "Init; release unfinished ESP32_SHA_INIT lock " + "for ctx 0x%x", (uintptr_t)ctx); + esp_sha_release_unfinished_lock(ctx); + /* lock hardware; there should be exactly one instance * of esp_CryptHwMutexLock(&sha_mutex ...) in code. * @@ -1290,16 +1313,20 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) * TODO: allow for SHA interleave on chips that support it. */ - if (esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == 0) { + if ((mutex_ctx_owner == NULLPTR) && + esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) { /* we've successfully locked */ + mutex_ctx_owner = (uintptr_t)ctx; + ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", mutex_ctx_owner); #ifdef ESP_MONITOR_HW_TASK_LOCK mutex_ctx_task = xTaskGetCurrentTaskHandle(); #endif #ifdef WOLFSSL_DEBUG_MUTEX - if (esp_sha_call_count() == 8 && WOLFSSL_TEST_STRAY) { - /* Once we've locked 10 times here, - * we'll force a fallback to SW until other thread unlocks. */ + if (WOLFSSL_TEST_STRAY_INJECT) { + ESP_LOGW(TAG, "Introducing SHA stray for testing"); + /* Once we've locked [n] times here, + * we'll force a fallback to SW until other thread unlocks. */ taskENTER_CRITICAL(&sha_crit_sect); { (void)stray_ctx; @@ -1307,8 +1334,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* no peek task */ } else { - stray_ctx->initializer = stray_ctx; - mutex_ctx_owner = (void*)stray_ctx->initializer; + stray_ctx->initializer = (intptr_t)stray_ctx; + mutex_ctx_owner = (intptr_t)stray_ctx->initializer; } } taskEXIT_CRITICAL(&sha_crit_sect); @@ -1318,8 +1345,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) "set the stay test?"); } else { - ESP_LOGI(TAG, "%x", (int)stray_ctx->initializer); - ESP_LOGI(TAG, "%x", (int)&stray_ctx); + ESP_LOGI(TAG, "%x", (uintptr_t)stray_ctx->initializer); + ESP_LOGI(TAG, "%x", (uintptr_t)&stray_ctx); ESP_LOGW(TAG, "\n\nLocking with stray\n\n" "WOLFSSL_DEBUG_MUTEX call count 8, " @@ -1335,17 +1362,22 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* check to see if we had a prior fail and need to unroll enables */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGW(TAG, "Locking for ctx %x, current mutex_ctx_owner = %x", - (int)&ctx, (int)esp_sha_mutex_ctx_owner()); + (uintptr_t)&ctx, esp_sha_mutex_ctx_owner()); + ESP_LOGI(TAG, "ctx->lockDepth = %d", ctx->lockDepth); #endif - ret = esp_unroll_sha_module_enable(ctx); + if (ctx->mode == ESP32_SHA_INIT) { + /* Set non-single-threaded hardware mode */ + esp_set_hw(ctx); + } + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGI(TAG, "Hardware Mode Active, lock depth = %d, for %x", - ctx->lockDepth, (int)ctx->initializer); + ctx->lockDepth, (uintptr_t)ctx->initializer); #endif #ifdef WOLFSSL_DEBUG_MUTEX taskENTER_CRITICAL(&sha_crit_sect); { - mutex_ctx_owner = (void*)ctx->initializer; + mutex_ctx_owner = (uintptr_t)ctx->initializer; /* let's keep track of how many times we lock this */ _sha_lock_count++; } @@ -1357,23 +1389,42 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) ** as the mutex should be gate keeping */ ESP_LOGW(TAG, "WARNING: Hardware Mode " "interesting lock depth = %d, for this %x", - ctx->lockDepth, (int)ctx->initializer); + ctx->lockDepth, (uintptr_t)ctx->initializer); } } else { - /* We should have otherwise anticipated this; how did we get here? - ** This code should rarely, ideally never be reached. */ - #ifdef WOLFSSL_DEBUG_MUTEX - ESP_LOGI(TAG, "\nHardware in use by %x; " - "Mode REVERT to ESP32_SHA_SW for %x\n", - (int)esp_sha_mutex_ctx_owner(), - (int)ctx->initializer); - ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x", - ctx->lockDepth, (int)ctx->initializer); - ESP_LOGI(TAG, "Current mutext owner = %x", - (int)esp_sha_mutex_ctx_owner()); - #endif - ctx->mode = ESP32_SHA_SW; + /* When the lock is already in use: is it for this ctx? */ + if ((uintptr_t)ctx == esp_sha_mutex_ctx_owner()) { + ESP_LOGV(TAG, "I'm the owner! 0x%x", (uintptr_t)ctx); + ctx->mode = ESP32_SHA_SW; + } + else { + #ifdef WOLFSSL_DEBUG_MUTEX + ESP_LOGW(TAG, "\nHardware in use by %x; " + "Mode REVERT to ESP32_SHA_SW for %x\n", + esp_sha_mutex_ctx_owner(), + (uintptr_t)ctx->initializer); + ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x", + ctx->lockDepth, (uintptr_t)ctx->initializer); + ESP_LOGI(TAG, "Current mutext owner = %x", + esp_sha_mutex_ctx_owner()); + #endif + ESP_LOGV(TAG, "I'm not owner! 0x%x; owner = 0x%x", + (uintptr_t)ctx, mutex_ctx_owner); + if (mutex_ctx_owner) { + #ifdef WOLFSSL_DEBUG_MUTEX + ESP_LOGW(TAG, "revert to SW since mutex_ctx_owner = %x" + " but we are currently ctx = %x", + mutex_ctx_owner, (intptr_t)ctx); + #endif + } + else { + /* No ctx mutex owner, so hardware must be free. */ + } + ESP_LOGV(TAG, "Set update ctx->mode = SW (from %d) for 0x%x", + ctx->mode, (uintptr_t)ctx ); + ctx->mode = ESP32_SHA_SW; + } return ESP_OK; /* success, but revert to SW */ } } /* (ctx->mode == ESP32_SHA_INIT) */ @@ -1384,33 +1435,44 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } #endif /* not defined(SINGLE_THREADED) */ -#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32C6) - { - ESP_LOGV(TAG, "ets_sha_enable for RISC-V"); - ets_sha_enable(); - ctx->mode = ESP32_SHA_HW; - } -#else - if (ret == 0) { + ESP_LOGV(TAG, "ctx->mode = %d", ctx->mode); + if ((ret == ESP_OK) && (ctx->mode == ESP32_SHA_HW)) { ctx->lockDepth++; /* depth for THIS ctx (there could be others!) */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG { - printf("1) Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n", - __LINE__, ctx->lockDepth, (unsigned)ctx); + ESP_LOGI(TAG, "1) Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n", + __LINE__, ctx->lockDepth, (unsigned)ctx); } #endif - periph_module_enable(PERIPH_SHA_MODULE); - ctx->mode = ESP32_SHA_HW; + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + ESP_LOGV(TAG, "ets_sha_enable for RISC-V"); + ets_sha_enable(); + } + #else + ESP_LOGV(TAG, "ets_sha_enable for Xtensa"); + periph_module_enable(PERIPH_SHA_MODULE); + #endif } else { - ESP_LOGW(TAG, ">>>> Other problem; Mode REVERT to ESP32_SHA_SW"); + /* Set to SW */ + #ifdef WOLFSSL_ESP32_CRYPT_DEBUG + if (ret == ESP_OK) { + ESP_LOGW(TAG, "Normal SHA Software fallback mode."); + } + else { + ESP_LOGW(TAG, "Warning: Unexpected Mode REVERT to ESP32_SHA_SW" + ", err = %d", ret); + } + #endif ctx->mode = ESP32_SHA_SW; } -#endif + ESP_LOGV(TAG, "leave esp_sha_hw_lock"); + CTX_STACK_CHECK(ctx); return ret; } /* esp_sha_try_hw_lock */ @@ -1422,61 +1484,80 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) int esp_sha_hw_unlock(WC_ESP32SHA* ctx) { int ret = ESP_OK; /* assume success (zero) */ + CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "enter esp_sha_hw_unlock"); #endif -#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32C6) - ets_sha_disable(); /* disable also resets active, ongoing hash */ - ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()"); -#else - /* Disable AES hardware */ - periph_module_disable(PERIPH_SHA_MODULE); -#endif /* we'll keep track of our lock depth. * in case of unexpected results, all the periph_module_disable() calls * and periph_module_disable() need to be unwound. * * see ref_counts[periph] in file: periph_ctrl.c */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - printf("2) esp_sha_hw_unlock Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n", - __LINE__, ctx->lockDepth, (unsigned)ctx); + ESP_LOGI(TAG, "2) esp_sha_hw_unlock Lock depth @ %d = %d " + "for WC_ESP32SHA ctx @ %p\n", + __LINE__, ctx->lockDepth, ctx); #endif + + if (ctx->lockDepth > 0) { + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + ets_sha_disable(); /* disable also resets active, ongoing hash */ + ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()"); + #else + periph_module_disable(PERIPH_SHA_MODULE); + #endif ctx->lockDepth--; } else { + ESP_LOGW(TAG, "lockDepth <= 0; Disable SHA module skipped for %x", + (uintptr_t)ctx->initializer); ctx->lockDepth = 0; } #if defined(ESP_MONITOR_HW_TASK_LOCK) && defined(WOLFSSL_ESP32_HW_LOCK_DEBUG) - printf("3) esp_sha_hw_unlock Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n", - __LINE__, ctx->lockDepth, (unsigned)ctx); + ESP_LOGI(TAG, "3) esp_sha_hw_unlock Lock depth @ %d = %d " + "for WC_ESP32SHA @ %0x\n", + __LINE__, ctx->lockDepth, (uintptr_t)ctx); #endif - if (0 == ctx->lockDepth) - { + + if (0 != ctx->lockDepth) { + /* If the lockdepth is not zero, unlock success unknown. */ + ESP_LOGE(TAG, "ERROR Non-zero lockDepth. Stray code lock?"); + ret = ESP_FAIL; + } + else { #if defined(SINGLE_THREADED) + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + { + ESP_LOGW(TAG, "HW released, not in use."); + } + #endif InUse = 0; #else - /* unlock HW engine for next use */ + /* Hardware was unlocked above, now update semaphores. */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG { - ESP_LOGW(TAG, "Unlocking for %x, from ctx %x, & = %x, " - "mutex_ctx_owner = %x", - (int)esp_sha_mutex_ctx_owner(), - (int)ctx, - (int)&ctx, - (int)esp_sha_mutex_ctx_owner()); - ESP_LOGW(TAG, "&sha_mutex = %x", (int)&sha_mutex); + ESP_LOGW(TAG, "Unlocking for mutex_ctx_owner %x, from ctx 0x%x", + esp_sha_mutex_ctx_owner(), (uintptr_t)ctx); + ESP_LOGV(TAG, "&sha_mutex = %x", (intptr_t)&sha_mutex); } #endif /* WOLFSSL_ESP32_HW_LOCK_DEBUG */ + + /* There should be exactly 1 instance of SHA unlock, and it's here: */ esp_CryptHwMutexUnLock(&sha_mutex); + /* We don't set owner to zero here. The HW is not in use, + * but there may be a WIP hash calc (e.g. sha update). + * NO: mutex_ctx_owner = NULLPTR; */ + #ifdef ESP_MONITOR_HW_TASK_LOCK mutex_ctx_task = 0; #endif + #endif #ifdef WOLFSSL_DEBUG_MUTEX @@ -1487,14 +1568,12 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) taskEXIT_CRITICAL(&sha_crit_sect); #endif } - else - { - ESP_LOGE(TAG, "ERROR unlock lockDepth not zero"); - ret = ESP_FAIL; - } + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x", (int)ctx->initializer); + ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x", + (uintptr_t)ctx->initializer); #endif + CTX_STACK_CHECK(ctx); return ret; } /* esp_sha_hw_unlock */ @@ -1513,7 +1592,7 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) /* Everything else uses esp_sha_start_process() */ static int esp_sha_start_process(WC_ESP32SHA* sha) { - int ret = 0; + int ret = ESP_OK; #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) uint8_t HardwareAlgorithm; #endif @@ -1521,6 +1600,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) if (sha == NULL) { return BAD_FUNC_ARG; } + CTX_STACK_CHECK(sha); ESP_LOGV(TAG, " enter esp_sha_start_process"); @@ -1531,7 +1611,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) ESP_LOGV(TAG, "SHA1 SHA_START_REG"); if (sha->isfirstblock) { sha_ll_start_block(SHA2_256); - sha->isfirstblock = false; + sha->isfirstblock = 0; ESP_LOGV(TAG, " set sha->isfirstblock = 0"); @@ -1584,7 +1664,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) if (sha->isfirstblock) { REG_WRITE(SHA_START_REG, 1); - sha->isfirstblock = false; + sha->isfirstblock = 0; ESP_LOGV(TAG, " set sha->isfirstblock = 0"); @@ -1635,7 +1715,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) break; } - sha->isfirstblock = false; + sha->isfirstblock = 0; ESP_LOGV(TAG, " set sha->isfirstblock = 0"); #if defined(DEBUG_WOLFSSL) @@ -1687,9 +1767,10 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) ESP_LOGV(TAG, " continue block #%d", this_block_num); #endif - ESP_LOGV(TAG, " leave esp_sha_start_process"); + ESP_LOGV(TAG, " leave esp_sha_start_process"); + CTX_STACK_CHECK(sha); - return ret; + return ret; } #endif /* esp_sha_start_process !CONFIG_IDF_TARGET_ESP32C3/C6 */ @@ -1705,12 +1786,22 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) word32* MessageSource; word32* AcceleratorMessage; + #define MAX_SHA_VALUE SHA_TYPE_MAX #elif CONFIG_IDF_TARGET_ESP32 int i; + /* Only values 0 .. 3 are valid for ESP32; SHA_INVALID = -1 */ + #define MAX_SHA_VALUE 4 #else - /* not used */ + /* Newer SoC devices have a different value: SHA_TYPE_MAX */ + #define MAX_SHA_VALUE SHA_TYPE_MAX #endif ESP_LOGV(TAG, " enter esp_process_block"); + + if ((ctx->sha_type < 0) || (ctx->sha_type > MAX_SHA_VALUE)) { + ESP_LOGE(TAG, "Unexpected sha_type: %d", ctx->sha_type); + } + CTX_STACK_CHECK(ctx); + if (word32_to_save > 0x31) { word32_to_save = 0x31; ESP_LOGE(TAG, " ERROR esp_process_block length exceeds 0x31 words."); @@ -1722,10 +1813,10 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ #if defined(CONFIG_IDF_TARGET_ESP32) /* load [len] words of message data into HW */ for (i = 0; i < word32_to_save; i++) { - /* by using DPORT_REG_WRITE, we avoid the need + /* By using DPORT_REG_WRITE, we avoid the need * to call __builtin_bswap32 to address endianness. * - * a useful watch array cast to watch at runtime: + * A useful watch array cast to watch at runtime: * ((word32[32]) (*(volatile word32 *)(SHA_TEXT_BASE))) * * Write value to DPORT register (does not require protecting) @@ -1733,7 +1824,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ DPORT_REG_WRITE(SHA_TEXT_BASE + (i*sizeof(word32)), *(data + i)); /* memw confirmed auto inserted by compiler here */ } - /* notify HW to start process + /* Notify HW to start process * see ctx->sha_type * reg data does not change until we are ready to read */ ret = esp_sha_start_process(ctx); @@ -1759,7 +1850,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ * ((word32[16]) (*(volatile uint32_t *)(SHA_TEXT_BASE))) */ if (&data != _active_digest_address) { - ESP_LOGV(TAG, "TODO Moving alternate ctx->for_digest"); + ESP_LOGV(TAG, "Moving alternate ctx->for_digest"); /* move last known digest into HW reg during interleave */ /* sha_ll_write_digest(ctx->sha_type, ctx->for_digest, WC_SHA256_BLOCK_SIZE); */ @@ -1838,6 +1929,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ } #endif + CTX_STACK_CHECK(ctx); ESP_LOGV(TAG, " leave esp_process_block"); return ret; } /* wc_esp_process_block */ @@ -1857,6 +1949,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) #endif ESP_LOGV(TAG, "enter esp_digest_state"); + CTX_STACK_CHECK(ctx); if (ctx == NULL) { return BAD_FUNC_ARG; @@ -1871,7 +1964,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) - if (ctx->sha_type == SHA_TYPE_MAX) { + if (ctx->sha_type >= SHA_TYPE_MAX) { #else ESP_LOGE(TAG, "unexpected target for wc_esp_digest_state"); { @@ -1889,7 +1982,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) } #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) - if (ctx->isfirstblock == true) { + if (ctx->isfirstblock == 1) { /* no hardware use yet. Nothing to do yet */ return ESP_OK; } @@ -1937,7 +2030,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32) ); #else - /* not CONFIG_IDF_TARGET_ESP32S3 */ + /* Not CONFIG_IDF_TARGET_ESP32S3 */ /* wait until idle */ wc_esp_wait_until_idle(); @@ -1946,9 +2039,11 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) defined(CONFIG_IDF_TARGET_ESP8684) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* nothing here for S2 */ + #else + switch (ctx->sha_type) { case SHA1: DPORT_REG_WRITE(SHA_1_LOAD_REG, 1); @@ -1975,7 +2070,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) return ESP_FAIL; } - if (ctx->isfirstblock == true) { + if (ctx->isfirstblock == 1) { /* no hardware use yet. Nothing to do yet */ return ESP_OK; } @@ -1999,7 +2094,9 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) * example: * DPORT_SEQUENCE_REG_READ(address + i * 4); */ - + #ifdef WOLFSSL_ESP32_CRYPT_DEBUG + ESP_LOGW(TAG, "SHA HW read..."); + #endif esp_dport_access_read_buffer( #if ESP_IDF_VERSION_MAJOR >= 4 (uint32_t*)(hash), /* the result will be found in hash upon exit */ @@ -2024,6 +2121,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) } #endif /* SHA512 or SHA384*/ #endif /* not CONFIG_IDF_TARGET_ESP32S3, C3, else... */ + CTX_STACK_CHECK(ctx); ESP_LOGV(TAG, "leave esp_digest_state"); return ESP_OK; @@ -2061,13 +2159,19 @@ int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess) ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest); + if (blockprocess) { + ESP_LOGV(TAG, "esp_sha_digest_process NEW UNLOCK"); + esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */ + ESP_LOGV(TAG, "sha blockprocess mutex_ctx_owner = NULLPTR"); + mutex_ctx_owner = NULLPTR; + } + ESP_LOGV(TAG, "leave esp_sha_digest_process"); return ret; } /* esp_sha_digest_process */ #endif /* NO_SHA */ - #if !defined(NO_SHA256) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) /* ** sha256 process @@ -2078,8 +2182,6 @@ int esp_sha256_process(struct wc_Sha256* sha, const byte* data) { int ret = 0; - ESP_LOGV(TAG, " enter esp_sha256_process"); - switch ((&sha->ctx)->sha_type) { case SHA2_256: #if defined(DEBUG_WOLFSSL_VERBOSE) @@ -2131,6 +2233,13 @@ int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess) } wc_esp_digest_state(&sha->ctx, (byte*)sha->digest); + + if (blockprocess) { + ESP_LOGV(TAG, "esp_sha256_digest_process blockprocess UNLOCK"); + esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */ + ESP_LOGV(TAG, "blockprocess mutex_ctx_owner = NULLPTR"); + mutex_ctx_owner = NULLPTR; + } #else ESP_LOGE(TAG, "Call esp_sha256_digest_process with " "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 "); @@ -2198,7 +2307,7 @@ int esp_sha512_block(struct wc_Sha512* sha, const word32* data, byte isfinal) */ int esp_sha512_process(struct wc_Sha512* sha) { - int ret = 0; /* assume success */ + int ret = ESP_OK; /* assume success */ word32 *data = (word32*)sha->buffer; ESP_LOGV(TAG, "enter esp_sha512_process"); @@ -2230,6 +2339,7 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc) ret = esp_sha512_block(sha, data, 1); } + if (sha->ctx.mode == ESP32_SHA_HW) { ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest); } @@ -2237,6 +2347,12 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc) ESP_LOGW(TAG, "Call esp_sha512_digest_process in non-HW mode?"); } + if (blockproc) { + ESP_LOGV(TAG, "esp_sha512_digest_process NEW UNLOCK"); + esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */ + ESP_LOGV(TAG, "mutex_ctx_owner = NULLPTR"); + mutex_ctx_owner = NULLPTR; + } ESP_LOGV(TAG, "leave esp_sha512_digest_process"); #endif return ret; @@ -2289,6 +2405,24 @@ int esp_hw_show_sha_metrics(void) return ret; } + #endif /* WOLFSSL_ESP32_CRYPT and WOLFSSL_HW_METRICS */ -#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects */ +#if defined(WOLFSSL_STACK_CHECK) +int esp_sha_stack_check(WC_ESP32SHA* sha) { + int ret = ESP_OK; + + if (sha == NULL) { + ESP_LOGW(TAG, "esp_sha_stack_check; sha is NULL"); + } + else { + if (sha->first_word != 0 || sha->last_word != 0) { + ESP_LOGE(TAG, "esp_sha_stack_check warning"); + ret = ESP_FAIL; + } + } + return ret; +} +#endif /* WOLFSSL_STACK_CHECK */ + +#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects. */ diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c index 03e973ee34..793554a4a8 100644 --- a/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/wolfcrypt/src/port/Espressif/esp32_util.c @@ -1,6 +1,6 @@ /* esp32_util.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,7 @@ #include #if ESP_IDF_VERSION_MAJOR > 4 #include + #include #endif /* wolfSSL */ #include /* needed to print MATH_INT_T value */ @@ -118,7 +119,7 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { * call the ESP-IDF mutex UNlock; xSemaphoreGive * */ -int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { +esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; @@ -151,6 +152,13 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { #if defined(WOLFSSL_ESPIDF) static int ShowExtendedSystemInfo_platform_espressif(void) { +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGI(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG"); +#else + ESP_LOGW(TAG, "Watchdog active; " + "missing WOLFSSL_ESP_NO_WATCHDOG definition."); +#endif + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz", CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ); @@ -219,8 +227,10 @@ static int ShowExtendedSystemInfo_platform_espressif(void) /* not supported at this time */ #endif - /* check to see if we are using hardware encryption */ -#if defined(NO_ESP32_CRYPT) +/* check to see if we are using hardware encryption */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + WOLFSSL_VERSION_PRINTF("No HW acceleration on ESP8266."); +#elif defined(NO_ESP32_CRYPT) WOLFSSL_VERSION_PRINTF("NO_ESP32_CRYPT defined! " "HW acceleration DISABLED."); #else @@ -246,7 +256,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #error "ESP32_CRYPT not yet supported on this IDF TARGET" #endif - /* Even though enabled, some specifics may be disabled */ + /* Even though enabled, some specifics may be disabled */ #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH) WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_HASH is defined!" "(disabled HW SHA)."); @@ -385,11 +395,11 @@ int esp_current_boot_count(void) /* See macro helpers above; not_defined is macro name when *not* defined */ static int show_macro(char* s, char* not_defined) { - char hd1[] = "Macro Name Defined Not Defined"; - char hd2[] = "------------------------- --------- -------------"; - char msg[] = "......................... "; - /* 012345678901234567890123456789012345678901234567890 */ - /* 1 2 3 4 5 */ + const char hd1[] = "Macro Name Defined Not Defined"; + char hd2[] = "------------------------- --------- -------------"; + char msg[] = "......................... "; + /* 012345678901234567890123456789012345678901234567890 */ + /* 1 2 3 4 5 */ size_t i = 0; #define MAX_STATUS_NAME_LENGTH 25 #define ESP_SMS_ENA_POS 30 @@ -424,7 +434,7 @@ static int show_macro(char* s, char* not_defined) } /* Show some interesting settings */ -int ShowExtendedSystemInfo_config(void) +esp_err_t ShowExtendedSystemInfo_config(void) { esp_ShowMacroStatus_need_header = 1; @@ -454,6 +464,7 @@ int ShowExtendedSystemInfo_config(void) /* Optimizations */ show_macro("RSA_LOW_MEM", STR_IFNDEF(RSA_LOW_MEM)); + show_macro("SMALL_SESSION_CACHE", STR_IFNDEF(SMALL_SESSION_CACHE)); /* Security Hardening */ show_macro("WC_NO_HARDEN", STR_IFNDEF(WC_NO_HARDEN)); @@ -473,6 +484,8 @@ int ShowExtendedSystemInfo_config(void) show_macro("WOLFSSL_AES_NO_UNROLL", STR_IFNDEF(WOLFSSL_AES_NO_UNROLL)); show_macro("TFM_TIMING_RESISTANT", STR_IFNDEF(TFM_TIMING_RESISTANT)); show_macro("ECC_TIMING_RESISTANT", STR_IFNDEF(ECC_TIMING_RESISTANT)); + + /* WC_RSA_BLINDING takes up additional space: */ show_macro("WC_RSA_BLINDING", STR_IFNDEF(WC_RSA_BLINDING)); show_macro("NO_WRITEV", STR_IFNDEF(NO_WRITEV)); @@ -482,7 +495,7 @@ int ShowExtendedSystemInfo_config(void) show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR)); show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP)); - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT) ESP_LOGI(TAG, "Compiler Optimization: Default"); #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE) @@ -494,7 +507,7 @@ int ShowExtendedSystemInfo_config(void) #else ESP_LOGI(TAG, "Compiler Optimization: Unknown"); #endif - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); return ESP_OK; } @@ -629,7 +642,7 @@ int ShowExtendedSystemInfo(void) #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); #endif - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); ShowExtendedSystemInfo_config(); ShowExtendedSystemInfo_git(); @@ -643,29 +656,111 @@ int ShowExtendedSystemInfo(void) return ESP_OK; } -int esp_ShowExtendedSystemInfo(void) +esp_err_t esp_ShowExtendedSystemInfo(void) { /* Someday the ShowExtendedSystemInfo may be global. * See https://github.com/wolfSSL/wolfssl/pull/6149 */ return ShowExtendedSystemInfo(); } +/* + * Disable the watchdog timer (use with caution) + */ + +esp_err_t esp_DisableWatchdog(void) +{ + esp_err_t ret = ESP_OK; +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* magic bit twiddle to disable WDT on ESP8266 */ + *((volatile uint32_t*) 0x60000900) &= ~(1); +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGW(TAG, "esp_DisableWatchdog TODO S3"); +#else + #if ESP_IDF_VERSION_MAJOR >= 5 + { + #if defined(CONFIG_IDF_TARGET_ESP32) + rtc_wdt_protect_off(); + rtc_wdt_disable(); + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + #else + rtc_wdt_protect_off(); + rtc_wdt_disable(); + #endif + } + #else + ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d", + ESP_IDF_VERSION_MAJOR); + #endif +#endif + +#ifdef DEBUG_WOLFSSL + ESP_LOGI(TAG, "Watchdog disabled."); +#endif + + return ret; +} + +/* + * Enable the watchdog timer. + */ + +esp_err_t esp_EnabledWatchdog(void) +{ + esp_err_t ret = ESP_OK; +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* magic bit twiddle to enable WDT on ESP8266 */ + *((volatile uint32_t*) 0x60000900) |= 1; +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGW(TAG, "esp_EnableWatchdog TODO S3"); +#else + #if ESP_IDF_VERSION_MAJOR >= 5 + { + #if defined(CONFIG_IDF_TARGET_ESP32) + rtc_wdt_protect_on(); + rtc_wdt_enable(); + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + #else + rtc_wdt_protect_on(); + rtc_wdt_enable(); + #endif + } + #else + ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d", + ESP_IDF_VERSION_MAJOR); + #endif +#endif + +#ifdef DEBUG_WOLFSSL + ESP_LOGI(TAG, "Watchdog enabled."); +#endif + + return ret; +} + /* Print a MATH_INT_T attribute list. * * Note with the right string parameters, the result can be pasted as * initialization code. */ -int esp_show_mp_attributes(char* c, MATH_INT_T* X) +esp_err_t esp_show_mp_attributes(char* c, MATH_INT_T* X) { static const char* MP_TAG = "MATH_INT_T"; - int ret = ESP_OK; + esp_err_t ret = ESP_OK; if (X == NULL) { ret = ESP_FAIL; ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL"); } else { - ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used); #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH) ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign); @@ -679,10 +774,10 @@ int esp_show_mp_attributes(char* c, MATH_INT_T* X) * Note with the right string parameters, the result can be pasted as * initialization code. */ -int esp_show_mp(char* c, MATH_INT_T* X) +esp_err_t esp_show_mp(char* c, MATH_INT_T* X) { static const char* MP_TAG = "MATH_INT_T"; - int ret = MP_OKAY; + esp_err_t ret = ESP_OK; int words_to_show = 0; if (X == NULL) { @@ -717,16 +812,16 @@ int esp_show_mp(char* c, MATH_INT_T* X) i /* the index, again, for comment */ ); } - ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } return ret; } /* Perform a full mp_cmp and binary compare. * (typically only used during debugging) */ -int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) +esp_err_t esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) { - int ret = MP_OKAY; + esp_err_t ret = ESP_OK; int e = memcmp(A, B, sizeof(mp_int)); if (mp_cmp(A, B) == MP_EQ) { if (e == 0) { @@ -769,6 +864,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) } if (ret == MP_OKAY) { + ret = ESP_OK; ESP_LOGV(TAG, "esp_mp_cmp equal for %s and %s!", name_A, name_B); } @@ -779,7 +875,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) return ret; } -int esp_hw_show_metrics(void) +esp_err_t esp_hw_show_metrics(void) { #if defined(WOLFSSL_HW_METRICS) #if defined(WOLFSSL_ESP32_CRYPT) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c new file mode 100644 index 0000000000..8c5cd37082 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -0,0 +1,280 @@ +/* esp_sdk_mem_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include +#endif + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +#if defined(WOLFSSL_USER_SETTINGS) + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif + +#ifndef SINGLE_THREADED + #ifdef PLATFORMIO + #include + #else + #include "semphr.h" + #endif +#endif + +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include + +/* wolfSSL */ +#include + +static const char* TAG = "mem lib"; +static intptr_t _starting_stack_pointer = 0; +static int _stack_used = 0; + + +/* see + * C:\SysGCC\esp8266\rtos-sdk\v3.4\components\esp8266\ld\esp8266.project.ld.in + */ +extern wc_ptr_t _data_start[]; +extern wc_ptr_t _data_end[]; +extern wc_ptr_t _rodata_start[]; +extern wc_ptr_t _rodata_end[]; +extern wc_ptr_t _bss_start[]; +extern wc_ptr_t _bss_end[]; +extern wc_ptr_t _rtc_data_start[]; +extern wc_ptr_t _rtc_data_end[]; +extern wc_ptr_t _rtc_bss_start[]; +extern wc_ptr_t _rtc_bss_end[]; +extern wc_ptr_t _iram_start[]; +extern wc_ptr_t _iram_end[]; +#if defined(CONFIG_IDF_TARGET_ESP8266) +extern wc_ptr_t _init_start[]; +extern wc_ptr_t _init_end[]; +#endif +extern wc_ptr_t _iram_text_start[]; +extern wc_ptr_t _iram_text_end[]; +extern wc_ptr_t _iram_bss_start[]; +extern wc_ptr_t _iram_bss_end[]; +extern wc_ptr_t _noinit_start[]; +extern wc_ptr_t _noinit_end[]; +extern wc_ptr_t _text_start[]; +extern wc_ptr_t _text_end[]; +extern wc_ptr_t _heap_start[]; +extern wc_ptr_t _heap_end[]; +extern wc_ptr_t _rtc_data_start[]; +extern wc_ptr_t _rtc_data_end[]; +extern void* _thread_local_start; +extern void* _thread_local_end; + +/* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */ +#define MEM_MAP_IO_START ((void*)(0x3FF00000)) +#define MEM_MAP_IO_END ((void*)(0x3FF0FFFF)) +#define USER_DATA_START ((void*)(0x3FFE8000)) +#define USER_DATA_END ((void*)(0x3FFE8000 + 0x14000)) +#define ETS_SYS_START ((void*)(0x3FFFC000)) +#define ETS_SYS_END ((void*)(0x3FFFC000 + 0x4000)) +#define IRAM1_START ((void*)(0x40100000)) +#define IRAM1_END ((void*)(0x40100000 + 0x8000)) +#define IRAMF1_START ((void*)(0x40108000)) +#define IRAMF1_END ((void*)(0x40108000 + 0x4000)) +#define IRAMF2_START ((void*)(0x4010C000)) +#define IRAMF2_END ((void*)(0x4010C000 + 0x4000)) + +enum sdk_memory_segment +{ + /* Ensure this list exactly matches order in sdk_memory_segment_text */ + mem_map_io = 0, + thread_local, + data, + user_data_ram, + bss, + noinit, + ets_system, + iram1, + iramf1, + iramf2, + iram, + iram_text, + iram_bss, + init, + text, + rodata, + rtc_data, + SDK_MEMORY_SEGMENT_COUNT +}; + +static void* sdk_memory_segment_start[SDK_MEMORY_SEGMENT_COUNT + 1] = {}; +static void* sdk_memory_segment_end[SDK_MEMORY_SEGMENT_COUNT + 1] = {}; +static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = { + "C memory map io ", + "* thread_local ", + "C data ", + "* user data ram ", + "* bss ", + "* noinit ", + "C ets system ", + "C iram1 ", + "C iramf1 ", + "C iramf2 ", + "* iram ", + "* iram_text ", + "* iram_bss ", + "* init ", + "* text ", + "* rodata ", + "* rtc data ", + "last item", +}; + +/* Given a given memory segment [m]: assign text names, starting and ending + * addresses. See also sdk_var_whereis() that requires this initialization. */ +int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) +{ + const char* str; + int len = 0; + str = sdk_memory_segment_text[m]; + sdk_memory_segment_start[m] = start; + sdk_memory_segment_end[m] = end; + /* For ESP8266 See ./build/[Debug|Release]/esp8266/esp8266.project.ld */ + /* For ESP32 See ./build/VisualGDB/Debug/esp-idf/esp_system/ld/ */ + if (m == SDK_MEMORY_SEGMENT_COUNT) { + ESP_LOGI(TAG, " Linker Memory Map"); + ESP_LOGI(TAG, "-----------------------------------------------------"); + ESP_LOGI(TAG, " Start End Length"); + } + else { + len = (uint32_t)end - (uint32_t)start; + ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len ); + } + return ESP_OK; +} + +/* Show all known linker memory segment names, starting & ending addresses. */ +int sdk_init_meminfo(void) { + void* sample_heap_var; + int sample_stack_var = 0; + + sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */ + sdk_log_meminfo(mem_map_io, MEM_MAP_IO_START, MEM_MAP_IO_END); + sdk_log_meminfo(thread_local, _thread_local_start, _thread_local_end); + sdk_log_meminfo(data, _data_start, _data_end); + sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); + sdk_log_meminfo(bss, _bss_start, _bss_end); + sdk_log_meminfo(noinit, _noinit_start, _noinit_end); + sdk_log_meminfo(ets_system, ETS_SYS_START, ETS_SYS_END); + sdk_log_meminfo(rodata, _rodata_start, _rodata_end); + sdk_log_meminfo(iram1, IRAM1_START, IRAM1_END); + sdk_log_meminfo(iramf1, IRAMF1_START, IRAMF1_END); + sdk_log_meminfo(iramf2, IRAMF2_START, IRAMF2_END); + sdk_log_meminfo(iram, _iram_start, _iram_end); + sdk_log_meminfo(iram_text, _iram_text_start, _iram_text_end); + sdk_log_meminfo(iram_bss, _iram_bss_start, _iram_bss_end); +#if defined(CONFIG_IDF_TARGET_ESP8266) + sdk_log_meminfo(init, _init_start, _init_end); +#endif + sdk_log_meminfo(text, _text_start, _text_end); + sdk_log_meminfo(rtc_data, _rtc_data_start, _rtc_data_end); + ESP_LOGI(TAG, "-----------------------------------------------------"); + sample_heap_var = malloc(1); + if (sample_heap_var == NULL) { + ESP_LOGE(TAG, "Unable to allocate heap memory in sdk_var_whereis()."); + } + else { + sdk_var_whereis("sample_stack_var", (void*)&sample_stack_var); + sdk_var_whereis("sample_heap_var", sample_heap_var); + free(sample_heap_var); + } + return ESP_OK; +} + +/* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */ +esp_err_t sdk_var_whereis(const char* v_name, void* v) { + esp_err_t ret = ESP_FAIL; + + for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) { + if (v >= sdk_memory_segment_start[m] && + v <= sdk_memory_segment_end[m]) { + ret = ESP_OK; + ESP_LOGI(TAG, "Variable [%s] found at %p in %s", v_name, v, + sdk_memory_segment_text[m]); + if (m == user_data_ram) { + + } + } + } + + if (ret == ESP_FAIL) { + ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v); + } + return ret; +} + +intptr_t esp_sdk_stack_pointer(void) +{ + intptr_t sp = 0; +#if defined(CONFIG_IDF_TARGET_ARCH_RISCV) + if (CONFIG_IDF_TARGET_ARCH_RISCV == 1) { + __asm volatile("mv %0, sp" : "=r" (sp)); + } +#elif defined(CONFIG_IDF_TARGET_ARCH_XTENSA) + if (CONFIG_IDF_TARGET_ARCH_XTENSA == 1) { + __asm volatile("mov %0, sp" : "=r"(sp)); + } +#endif + if (_starting_stack_pointer == 0) { + _starting_stack_pointer = sp; + } + _stack_used = _starting_stack_pointer - sp; + return sp; +} + +esp_err_t esp_sdk_mem_lib_init(void) +{ + int ret = ESP_OK; + sdk_init_meminfo(); + ESP_LOGI(TAG, "esp_sdk_mem_lib_init Ver %d", ESP_SDK_MEM_LIB_VERSION); + return ret; +} + +void* wc_debug_pvPortMalloc(size_t size, + const char* file, int line, const char* fname) { + void* ret = NULL; + ret = pvPortMalloc(size); + if (ret == NULL) { + ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname); + ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size); + } + return ret; +} + +#endif diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c new file mode 100644 index 0000000000..1ef8de408b --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -0,0 +1,442 @@ +/* esp_sdk_time_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* Reminder: user_settings.h is needed and included from settings.h + * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ +#if defined(USE_WOLFSSL_ESP_SDK_TIME) +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include + +/* wolfSSL */ +#include + +#define ESP_SDK_TIME_LIB_VERSION 1 + +static const char* TAG = "time lib"; + +esp_err_t esp_sdk_time_lib_init(void) +{ + int ret = ESP_OK; + ESP_LOGI(TAG, "esp_sdk_time_lib_init Ver %d", ESP_SDK_TIME_LIB_VERSION); + return ret; +} + +#if defined(CONFIG_IDF_TARGET_ESP8266) + #include + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR == 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #elif (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR > 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #else + #include + #include + #endif + +#else + /* TODO Consider non ESP-IDF environments */ +#endif + +/* ESP-IDF uses a 64-bit signed integer to represent time_t + * starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ + +/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +#ifndef TIME_ZONE + /* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), + * indicating that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) + * of November (11) + */ + #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" +#endif /* not defined: TIME_ZONE, so we are setting our own */ + +#define NTP_RETRY_COUNT 10 + +/* NELEMS(x) number of elements + * To determine the number of elements in the array, we can divide the total + * size of the array by the size of the array element. + * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c + **/ +#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) + +/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */ +#define NTP_SERVER_LIST ( (char*[]) { \ + "pool.ntp.org", \ + "time.nist.gov", \ + "utcnist.colorado.edu" \ + } \ + ) +/* #define NTP_SERVER_COUNT using NELEMS: + * + * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) + */ +#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) + +#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS + /* We should find max value in sdkconfig, if not set it to our count:*/ + #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT +#endif + +/* our NTP server list is global info */ +extern char* ntpServerList[NTP_SERVER_COUNT]; + +char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; + +/* Show the current date and time */ +int esp_show_current_datetime(void) +{ + time_t now; + char strftime_buf[64]; + struct tm timeinfo; + + time(&now); + setenv("TZ", TIME_ZONE, 1); + tzset(); + + localtime_r(&now, &timeinfo); + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + return ESP_OK; +} + +/* the worst-case scenario is a hard-coded date/time */ +int set_fixed_default_time(void) +{ + /* ideally, we'd like to set time from network, + * but let's set a default time, just in case */ + struct tm timeinfo = { + .tm_year = 2024 - 1900, + .tm_mon = 1, + .tm_mday = 05, + .tm_hour = 13, + .tm_min = 01, + .tm_sec = 05 + }; + struct timeval now; + time_t interim_time; + int ret = -1; + + /* set interim static time */ + interim_time = mktime(&timeinfo); + + ESP_LOGI(TAG, "Adjusting time from fixed value"); + now = (struct timeval){ .tv_sec = interim_time }; +#if defined(CONFIG_IDF_TARGET_ESP8266) + (void)now; +#else + ret = settimeofday(&now, NULL); +#endif + ESP_LOGI(TAG, "settimeofday result = %d", ret); + return ret; +} + +/* probably_valid_time_string(s) + * + * some sanity checks on time string before calling sscanf() + * + * returns 0 == ESP_OK == Success if str is likely a valid time. + * -1 == ESP_FAIL otherwise + */ +int probably_valid_time_string(const char* str) +{ + int ret = ESP_OK; + size_t length = 0; + size_t spaces = 0; + size_t colons = 0; + + while (str[length] != '\0') { + if (str[length] == ' ') { + spaces++; + } + if (str[length] == ':') { + colons++; + } + length++; + } + + if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) { + ret = ESP_FAIL; + ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str); + } + return ret; +} + +#if defined(CONFIG_IDF_TARGET_ESP8266) +/* TODO implement time functions for ESP8266 */ +int set_time_from_string(const char* time_buffer) +{ + ESP_LOGE(TAG, "set_time_from_string not implemented for ESP8266"); + return ESP_FAIL; +} + +int set_time(void) +{ + ESP_LOGE(TAG, "set_time not implemented for ESP8266"); + return ESP_FAIL; +} + +int set_time_wait_for_ntp(void) +{ + ESP_LOGE(TAG, "set_time_wait_for_ntp not implemented for ESP8266"); + return ESP_FAIL; +} + +#else +/* ESP32 Time Helpers */ + +/* set_time_from_string(s) + * + * returns 0 = success if able to set the time from the provided string + * error for any other value, typically -1 */ +int set_time_from_string(const char* time_buffer) +{ + /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + char offset[28]; /* large arrays, just in case there's still bad data */ + char day_str[28]; + char month_str[28]; + const char *format = "%3s %3s %d %d:%d:%d %d %s"; + struct tm this_timeinfo; + struct timeval now; + time_t interim_time; + int day, year, hour, minute, second; + int quote_offset = 0; + int ret = 0; + + /* perform some basic sanity checks */ + ret = probably_valid_time_string(time_buffer); + if (ret == ESP_OK) { + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } + + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); + + if (ret == 8) { + /* we found a match for all components */ + + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } + } + + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ + + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", + time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded...."); + set_fixed_default_time(); + ret = ESP_FAIL; + } + } + + return ret; +} + +/* set time; returns 0 if succecssfully configured with NTP */ +int set_time(void) +{ +#ifndef NTP_SERVER_COUNT + ESP_LOGW(TAG, "Warning: no sntp server names defined. " + "Setting to empty list"); + #define NTP_SERVER_COUNT 0 + #warning "NTP not properly configured" +#endif /* not defined: NTP_SERVER_COUNT */ + +#ifdef HAS_ESP_NETIF_SNTP + #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1 + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE( + NTP_SERVER_COUNT, + ESP_SNTP_SERVER_LIST(ntpServerList[0]) + ); + #else + esp_sntp_config_t config = + ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]); + #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */ +#endif /* HAS_ESP_NETIF_SNTP */ + + int ret = 0; + int i = 0; /* counter for time servers */ + + ESP_LOGI(TAG, "Setting the time. Startup time:"); + esp_show_current_datetime(); + +#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE + /* initially set a default approximate time from recent git commit */ + ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s", + LIBWOLFSSL_VERSION_GIT_HASH_DATE); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0"); + esp_show_current_datetime(); + + ret = -4; +#else + /* otherwise set a fixed time that was hard coded */ + set_fixed_default_time(); + esp_show_current_datetime(); + ret = -3; +#endif + +#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH + config.smooth_sync = true; +#endif + + if (NTP_SERVER_COUNT) { + /* next, let's setup NTP time servers + * + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * + * WARNING: do not set operating mode while SNTP client is running! + */ + /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL); */ + sntp_setoperatingmode(SNTP_OPMODE_POLL); + if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) { + ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but " + "CONFIG_LWIP_SNTP_MAX_SERVERS = %d", + NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS); + } + ESP_LOGI(TAG, "sntp_setservername:"); + for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) { + const char* thisServer = ntpServerList[i]; + if (strncmp(thisServer, "\x00", 1) == 0) { + /* just in case we run out of NTP servers */ + break; + } + ESP_LOGI(TAG, "%s", thisServer); + sntp_setservername(i, thisServer); + ret = ESP_OK; + } + #ifdef HAS_ESP_NETIF_SNTP + ret = esp_netif_sntp_init(&config); + #else + ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage " + "of updated SNTP libraries"); + #endif + if (ret == ESP_OK) { + ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init"); + } + else { + ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret); + } + + sntp_init(); + switch (ret) { + case ESP_ERR_INVALID_STATE: + break; + default: + break; + } + ESP_LOGI(TAG, "sntp_init done."); + } + else { + ESP_LOGW(TAG, "No sntp time servers found."); + ret = -1; + } + + esp_show_current_datetime(); + ESP_LOGI(TAG, "time helper existing with result = %d", ret); + return ret; +} + +/* wait for NTP to actually set the time */ +int set_time_wait_for_ntp(void) +{ + int ret = 0; +#ifdef HAS_ESP_NETIF_SNTP + int ntp_retry = 0; + const int ntp_retry_count = NTP_RETRY_COUNT; + + ret = esp_netif_sntp_start(); + + ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#else + ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined"); +#endif /* HAS_ESP_NETIF_SNTP */ + esp_show_current_datetime(); + +#ifdef HAS_ESP_NETIF_SNTP + while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) { + ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)", + ntp_retry, + ntp_retry_count); + esp_show_current_datetime(); + } +#endif /* HAS_ESP_NETIF_SNTP */ + +#ifdef TIME_ZONE + setenv("TZ", TIME_ZONE, 1); + tzset(); +#endif + + if (ret == ESP_OK) { + ESP_LOGI(TAG, "Successfully set time via NTP servers."); + } + else { + ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " + "result = 0x%0x: %s", + ret, esp_err_to_name(ret)); + } + return ret; +} +#endif /* ESP32 or ESP8266 time helpers */ + +#endif /* USE_WOLFSSL_ESP_SDK_TIME */ +#endif /* WOLFSSL_ESPIDF*/ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c new file mode 100644 index 0000000000..06c9f81e8b --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -0,0 +1,468 @@ +/* esp_sdk_wifi_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* Reminder: user_settings.h is needed and included from settings.h + * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) + +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include +#include + + +/* wolfSSL */ +#include +#include + +#define ESP_SDK_WIFI_LIB_VERSION 1 + +static const char* TAG = "wifi lib"; + +esp_err_t esp_sdk_wifi_lib_init(void) +{ + int ret = ESP_OK; + ESP_LOGI(TAG, "esp_sdk_wifi_lib_init Ver %d", ESP_SDK_WIFI_LIB_VERSION); + return ret; +} + + +/* When there's too little heap, WiFi quietly refuses to connect */ +#define WIFI_LOW_HEAP_WARNING 21132 + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) + /* example path set in cmake file */ +#elif ESP_IDF_VERSION_MAJOR >= 4 + #include "protocol_examples_common.h" +#else + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; +#endif + +#if defined(CONFIG_IDF_TARGET_ESP8266) + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if ESP_IDF_VERSION_MAJOR >= 4 + /* likely using examples, see wifi_connect.h */ + #else + /* TODO - still supporting pre V4 ? */ + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; + #endif + #if (ESP_IDF_VERSION_MAJOR == 5) + #define HAS_WPA3_FEATURES + #else + #undef HAS_WPA3_FEATURES + #endif +#else + /* TODO Consider pre IDF v5? */ +#endif + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#ifndef CONFIG_ESP_MAX_STA_CONN + #define CONFIG_ESP_MAX_STA_CONN 4 +#endif +#define EXAMPLE_MAX_STA_CONN CONFIG_ESP_MAX_STA_CONN + +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 +#ifndef CONFIG_ESP_MAXIMUM_RETRY + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; +static int s_retry_num = 0; + +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +#if 0 +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG,"connect to the AP fail"); + } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} +#else +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT) { + if (event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + ESP_LOGV(TAG, "Connect event!!"); + } + else { + if (event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, ">> Retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, ">> Connect to the AP fail"); + } /* WIFI_EVENT_STA_DISCONNECTED */ + else if(event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } /* IP_EVENT_STA_GOT_IP */ + } /* not WIFI_EVENT_STA_START */ + } /* event_base == WIFI_EVENT */ +} /* event_handler */ + +#endif +esp_err_t esp_sdk_wifi_init_sta(void) +{ + word32 this_heap; + + s_wifi_event_group = xEventGroupCreate(); + + tcpip_adapter_init(); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, + &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, + &event_handler, NULL)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS + }, + }; + + /* Setting a password implies station will connect to all security modes + * including WEP/WPA. However these modes are deprecated and not advisable + * to be used. In case your Access point doesn't support WPA2, these mode + * can be enabled by commenting below line */ + if (strlen((char *)wifi_config.sta.password)) { + wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK; + } + + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished. Connecting..."); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "this heap = %d", this_heap); + if (this_heap < WIFI_LOW_HEAP_WARNING) { + ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING); + } + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() + * (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + ESP_LOGI(TAG, "xEventGroupWaitBits finished."); +#if 0 + /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually + * happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s", + EXAMPLE_ESP_WIFI_SSID); + } else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP SSID: %s", + EXAMPLE_ESP_WIFI_SSID); + } + else { + if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID: %s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } + } + +#endif + ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, + &event_handler)); + ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, + &event_handler)); + vEventGroupDelete(s_wifi_event_group); + return ESP_OK; +} + +#elif ESP_IDF_VERSION_MAJOR < 4 +/* event handler for wifi events */ +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch (event->event_id) + { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + #if ESP_IDF_VERSION_MAJOR >= 4 + ESP_LOGI(TAG, "got ip:" IPSTR "\n", + IP2STR(&event->event_info.got_ip.ip_info.ip)); + #else + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); + #endif + /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} +#else + +#ifdef CONFIG_ESP_MAXIMUM_RETRY + #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +#else + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif + +#if CONFIG_ESP_WIFI_AUTH_OPEN +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN +#elif CONFIG_ESP_WIFI_AUTH_WEP +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP +#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK +#endif + +#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD + #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1 + #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#endif + +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; + +/* The event group allows multiple bits for each event, + * but we only care about two events: + * - we are connected to the AP with an IP + * - we failed to connect after the maximum amount of retries */ +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 + + +static int s_retry_num = 0; +ip_event_got_ip_t* event; + + +static void event_handler(void* arg, + esp_event_base_t event_base, + int32_t event_id, + void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } + else if (event_base == WIFI_EVENT && + event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, "connect to the AP fail"); + } + else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + event = (ip_event_got_ip_t*) event_data; + /* wifi_show_ip(); */ + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +esp_err_t wc_wifi_init_sta(void) +{ + esp_err_t ret = ESP_OK; + + s_wifi_event_group = xEventGroupCreate(); + + ESP_ERROR_CHECK(esp_netif_init()); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + esp_netif_create_default_wifi_sta(); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + esp_event_handler_instance_t instance_any_id; + esp_event_handler_instance_t instance_got_ip; + ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT, + ESP_EVENT_ANY_ID, + &event_handler, + NULL, + &instance_any_id)); + ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT, + IP_EVENT_STA_GOT_IP, + &event_handler, + NULL, + &instance_got_ip)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS, + /* Authmode threshold resets to WPA2 as default if password matches + * WPA2 standards (password len => 8). If you want to connect the + * device to deprecated WEP/WPA networks, Please set the threshold + * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with + * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK + * standards. */ + .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, + #ifdef HAS_WPA3_FEATURES + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, + #endif + }, + }; + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished."); + + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ +#if defined(SHOW_SSID_AND_PASSWORD) + ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password"); + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP"); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to AP"); + ret = -1; + } + else { + ESP_LOGE(TAG, "AP UNEXPECTED EVENT"); + ret = -2; + } +#endif + return ret; +} + +esp_err_t wc_wifi_show_ip(void) +{ + /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR, + * IP2STR(&event->ip_info.ip)); */ + return ESP_OK; +} + +#endif + + +#endif /* USE_WOLFSSL_ESP_SDK_WIFI */ +#endif /* WOLFSSL_ESPIDF */ diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 00deff3df9..a55a01ad01 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -1,6 +1,6 @@ /* renesas_common.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,37 +21,44 @@ #include -#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \ - || defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \ - || defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ + defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - #include - #define cmn_hw_lock wc_fspsm_hw_lock - #define cmn_hw_unlock wc_fspsm_hw_unlock + + #include + #define cmn_hw_lock wc_fspsm_hw_lock + #define cmn_hw_unlock wc_fspsm_hw_unlock + #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - #include - #define cmn_hw_lock tsip_hw_lock - #define cmn_hw_unlock tsip_hw_unlock + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + + #include + #define cmn_hw_lock tsip_hw_lock + #define cmn_hw_unlock tsip_hw_unlock - #define FSPSM_ST TsipUserCtx; - #define MAX_FSPSM_CBINDEX 5 + #define FSPSM_ST TsipUserCtx; + #define MAX_FSPSM_CBINDEX 5 #endif #include #include #include +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include +#endif #include #include #include -#include +#include + +#define INITIAL_DEVID 7890 uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ -static int gdevId = 7890; /* initial dev Id for Crypt Callback */ +static int gdevId = INITIAL_DEVID; /* initial dev Id for Crypt Callback */ #ifdef WOLF_CRYPTO_CB /* store callback ctx by devId */ @@ -59,7 +66,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST *gCbCtx[MAX_FSPSM_CBINDEX]; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #define FSPSM_ST TsipUserCtx; #define MAX_FSPSM_CBINDEX 5 TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX]; @@ -68,7 +75,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX]; #include -WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl) +WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl) { int ret = 0; WOLFSSL_ENTER("Renesas_cmn_Cleanup"); @@ -89,7 +96,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); WOLFSSL_ENTER("Renesas_cmn_RsaSignCb"); /* This is just a stub function that provides no logic */ @@ -108,14 +115,12 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb"); - #if defined(WOLFSSL_RENESAS_TSIP) - - return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); - - #endif /* WOLFSSL_RENESAS_TSIP */ +#if defined(WOLFSSL_RENESAS_TSIP) + ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); +#endif /* WOLFSSL_RENESAS_TSIP */ WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret); return ret; @@ -127,7 +132,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); WOLFSSL_ENTER("Renesas_cmn_EccSignCb"); /* This is just a stub function that provides no logic */ @@ -147,33 +152,35 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl, */ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) { - int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and use SW */ WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb"); -#if defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; #endif if (info == NULL || ctx == NULL) return BAD_FUNC_ARG; -#ifdef DEBUG_WOLFSSL +#if defined(DEBUG_WOLFSSL) printf("CryptoDevCb: Algo Type %d session key set: %d\n", info->algo_type, cbInfo->session_key_set); #endif +#if defined(DEBUG_CRYPTOCB) + wc_CryptoCb_InfoString(info); +#endif -#if defined(WOLFSSL_RENESAS_TSIP) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_TSIP) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ret = CRYPTOCB_UNAVAILABLE; if (info->algo_type == WC_ALGO_TYPE_CIPHER) { - - #if !defined(NO_AES) || !defined(NO_DES3) + #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM #ifdef WOLFSSL_RENESAS_TSIP_TLS @@ -236,44 +243,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } } #endif /* HAVE_AES_CBC */ - #endif /* !NO_AES || !NO_DES3 */ - } - #if defined(WOLFSSL_KEY_GEN) - if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && - (info->pk.rsakg.size == 1024 || - info->pk.rsakg.size == 2048)) { - ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + #endif /* !NO_AES */ } - #endif - /* Is called for signing - * Can handle only RSA PkCS#1v1.5 padding scheme here. - */ if (info->algo_type == WC_ALGO_TYPE_PK) { - #if !defined(NO_RSA) - if (info->pk.type == WC_PK_TYPE_RSA) { - if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { - ret = tsip_SignRsaPkcs(info, ctx); - } - #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) { - ret = wc_tsip_RsaVerifyPkcs(info, ctx); - } - #endif + #if !defined(NO_RSA) + #if defined(WOLFSSL_KEY_GEN) + if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && + (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { + ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); } - #endif /* NO_RSA */ - #if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) - else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { - ret = tsip_SignEcdsa(info, ctx); + #endif + + /* RSA Signing + * Can handle only RSA PkCS#1v1.5 padding scheme here. + */ + if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { + ret = tsip_SignRsaPkcs(info, cbInfo); + } + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + /* RSA Verify */ + if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { + ret = wc_tsip_RsaVerifyPkcs(info, cbInfo); + } + #endif + #endif /* !NO_RSA */ + + #if defined(HAVE_ECC) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + ret = tsip_SignEcdsa(info, cbInfo); + } + #endif + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + ret = tsip_VerifyEcdsa(info, cbInfo); } - #endif /* HAVE_ECC */ + #endif + #endif /* HAVE_ECC */ } -#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - if (info->algo_type == WC_ALGO_TYPE_CIPHER) { +#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - #if !defined(NO_AES) || !defined(NO_DES3) + if (info->algo_type == WC_ALGO_TYPE_CIPHER) { + #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM) { @@ -342,27 +356,32 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } } #endif /* HAVE_AES_CBC */ - #endif /* !NO_AES || !NO_DES3 */ + #endif /* !NO_AES */ } - #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - else if (info->algo_type == WC_ALGO_TYPE_PK) { - #if !defined(NO_RSA) - #if defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + else if (info->algo_type == WC_ALGO_TYPE_PK) { + #if defined(WOLFSSL_KEY_GEN) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, (void*)ctx); } - #endif + #endif if (info->pk.type == WC_PK_TYPE_RSA) { /* to perform RSA on SCE, wrapped keys should be installed * in advance. SCE supports 1024 or 2048 bits key size. * otherwise, falls-through happens. */ - if (info->pk.rsa.key->ctx.keySz == 1024 || - info->pk.rsa.key->ctx.keySz == 2048) { + if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) { + + ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo); + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) @@ -370,7 +389,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaFunction(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - &info->pk.rsa.outLen, + info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); @@ -400,9 +419,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) "RSA operation falls through to SW operation."); } } - #endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ } - #endif /* NO_RSA */ + #endif /* !NO_RSA */ #endif /* TSIP or SCE */ (void)devIdArg; @@ -418,17 +436,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * session_key_generated : if session key has been generated * return 1 for usable, 0 for unusable */ -int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) +int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated) { - int ret; + int ret = 0; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) ret = wc_fspsm_usable(ssl, session_key_generated); #endif + (void)ssl; + (void)session_key_generated; + return ret; } @@ -441,8 +462,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) */ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) { - if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890)) - return gCbCtx[devId - 7890]; + if (devId >= INITIAL_DEVID && devId <= (MAX_FSPSM_CBINDEX + INITIAL_DEVID)) + return gCbCtx[devId - INITIAL_DEVID]; else return NULL; } @@ -456,13 +477,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) * device Id starts from 7890, and increases + 1 its number * when the method is successfully called. */ -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) +int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) { (void)ssl; (void)ctx; - #if defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) @@ -470,18 +491,21 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) #endif if (cbInfo == NULL - #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\ + #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ - !defined(HAVE_RENESAS_SYNC) - || ssl == NULL) { - #else - ) { + !defined(HAVE_RENESAS_SYNC) + || ssl == NULL #endif - printf("Invalid devId\n"); + ) { + WOLFSSL_MSG("Invalid devId\n"); return INVALID_DEVID; } /* need exclusive control because of static variable */ if ((cmn_hw_lock()) == 0) { + /* sanity check for overflow */ + if (gdevId < 0) { + gdevId = INITIAL_DEVID; + } cbInfo->devId = gdevId++; cmn_hw_unlock(); } @@ -503,12 +527,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) if (ssl) wolfSSL_SetDevId(ssl, cbInfo->devId); #endif - /* sanity check for overflow */ - if (gdevId < 0) { - gdevId = 7890; - } - gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo; + gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo; return cbInfo->devId; } @@ -526,8 +546,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id) } #endif /* WOLF_CRYPTO_CB */ -#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY - WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY + WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -799,7 +819,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); if (Renesas_cmn_usable(ssl, 0)) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId); + ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); #endif @@ -876,7 +896,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, */ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) { - int ret = WOLFSSL_NOT_IMPLEMENTED; + int ret = WC_NO_ERR_TRACE(WOLFSSL_NOT_IMPLEMENTED); (void) ret; (void) ctx; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index cb0535735f..0028786c57 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -1,6 +1,6 @@ /* renesas_fspsm_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,7 +72,7 @@ typedef fsp_err_t (*aesGcmDecFinalFn) #if defined(WOLFSSL_RENESAS_RSIP) /* wrapper for Gcm encrypt init */ -static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, +static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, FSPSM_AES_PWKEY k, uint8_t* iv, uint32_t iv_l) { @@ -81,8 +81,8 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, (uint8_t* const)iv, iv_l); } /* wrapper for Gcm encrypt update */ -static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, - uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length, +static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length, uint8_t* p_add, uint32_t add_len) { (void) h; @@ -93,8 +93,8 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, (uint32_t const) add_len); } /* wrapper for Gcm encrypt final */ -static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, - uint8_t* p_cipher, uint32_t* c_len, +static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_cipher, uint32_t* c_len, uint8_t* p_atag) { (void) h; @@ -103,7 +103,7 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, (uint8_t* const) p_atag); } /* wrapper for Gcm decrypt init */ -static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, +static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, FSPSM_AES_PWKEY k, uint8_t* iv, uint32_t iv_l) { (void) h; @@ -111,8 +111,8 @@ static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, (uint8_t* const)iv, iv_l); } /* wrapper for Gcm decrypt update */ -static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, - uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length, +static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length, uint8_t* p_add, uint32_t add_len) { (void) h; @@ -123,8 +123,8 @@ static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, (uint32_t const) add_len); } /* wrapper for Gcm decrypt final */ -static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h, - uint8_t* p_plain, uint32_t* plain_len, +static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_plain, uint32_t* plain_len, uint8_t* p_atag, uint32_t atag_len) { (void) h; @@ -241,7 +241,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, FSPSM_AES_PWKEY key_client_aes = NULL; FSPSM_AES_PWKEY key_server_aes = NULL; (void) key_server_aes; - + /* sanity check */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { return BAD_FUNC_ARG; @@ -282,7 +282,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); - if ((sz > 0 && plainBuf == NULL) || + if ((sz > 0 && plainBuf == NULL) || ((sz + delta) > 0 && cipherBuf == NULL) || aTagBuf == NULL) { WOLFSSL_MSG("wc_fspsm_AesGcmEncrypt: buffer allocation failed"); ret = -1; @@ -293,7 +293,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, XMEMSET((void*)cipherBuf, 0, sz + delta); XMEMSET((void*)authTag, 0, authTagSz); } - + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) if (ret == 0 && info->keyflgs_tls.bits.session_key_set == 1) { @@ -310,7 +310,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); return MEMORY_E; } - + ret = FSPSM_SESSIONKEY_GEN_FUNC( info->cipher, (uint32_t*)info->masterSecret, @@ -514,7 +514,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); return MEMORY_E; } - + ret = FSPSM_SESSIONKEY_GEN_FUNC( info->cipher, (uint32_t*)info->masterSecret, @@ -547,7 +547,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, ret = -1; } } - + if (ret == 0) { /* since key_index has iv and ivSz in it, no need to pass them init * func. Pass NULL and 0 as 3rd and 4th parameter respectively. @@ -769,7 +769,7 @@ WOLFSSL_LOCAL void wc_fspsm_Aesfree(Aes* aes) } #else if (aes->ctx.wrapped_key) { - /* aes ctx just points user created wrapped key + /* aes ctx just points user created wrapped key * in the case of CryptOnly Mode * therefore, it just sets pointing to NULL. * user key should be freed by owner(user) @@ -785,8 +785,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, { (void) userKey; (void) dir; - - if (aes == NULL || userKey == NULL || + + if (aes == NULL || userKey == NULL || !((keylen == 16) || (keylen == 32))) { return BAD_FUNC_ARG; } @@ -806,7 +806,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)userKey; aes->keylen = (int)keylen; aes->ctx.keySize = keylen; - + return wc_AesSetIV(aes, iv); } #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c index 5db4435d52..778e5fff6f 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c @@ -1,6 +1,6 @@ /* renesas_fspsm_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,7 @@ extern FSPSM_INSTANCE gFSPSM_ctrl; #endif -/* Set Ctx pointer to NULL. +/* Set Ctx pointer to NULL. * A created wrapped key should be freed by user * * key RsaKey object @@ -99,6 +99,33 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx) key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048; key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048; key->ctx.keySz = 2048; + } else if (size == 0) { + if((info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1)) { + WOLFSSL_MSG("Caller should create user key in advance."); + WOLFSSL_MSG("Caller also need to installedkey to 1."); + return BAD_FUNC_ARG; + } + + if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) { + key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024; + key->ctx.keySz = 1024; + } + if (info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) { + key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024; + key->ctx.keySz = 1024; + } + + if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) { + key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048; + key->ctx.keySz = 2048; + } + if (info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) { + key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048; + key->ctx.keySz = 2048; + } } else return CRYPTOCB_UNAVAILABLE; @@ -122,23 +149,22 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, struct WC_RNG* rng) { int ret; - + FSPSM_RSA_DATA plain; FSPSM_RSA_DATA cipher; - + int keySize; - + (void) key; (void) rng; - + /* sanity check */ - if (in == NULL || out == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || key == NULL){ return BAD_FUNC_ARG; } - + keySize = (int)key->ctx.keySz; - + if (keySize == 0) { WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " "1024 or 2048 bits."); @@ -147,7 +173,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, if ((ret = wc_fspsm_hw_lock()) == 0) { if (type == RSA_PUBLIC_ENCRYPT) { - + plain.pdata = (byte*)in; plain.data_length = inLen; cipher.pdata = out; @@ -169,7 +195,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, plain.data_length = *outLen; cipher.pdata = (byte*)in; cipher.data_length = inLen; - + if (keySize == 1024) { ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain, (FSPSM_RSA1024_WPI_KEY*) @@ -181,7 +207,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, key->ctx.wrapped_pri2048_key, &outLen); } } - + wc_fspsm_hw_unlock(); } return ret; @@ -189,7 +215,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, /* Perform Rsa sign by FSP SM * Assumes to be called by Crypt Callback - * + * * in Buffer to hold plaintext * inLen Length of plaintext in bytes * out Buffer to hold generated signature @@ -198,40 +224,40 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, * ctx The callback context * return FSP_SUCCESS(0) on Success, otherwise negative value */ - + WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, word32* outLen, struct RsaKey* key, void* ctx) { int ret; - + FSPSM_RSA_DATA message_hash; FSPSM_RSA_DATA signature; FSPSM_ST *info = (FSPSM_ST*)ctx; int keySize; - + /* sanity check */ - if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || *outLen <= 0 || info == NULL || + key == NULL){ return BAD_FUNC_ARG; } - + keySize = (int)key->ctx.keySz; - + message_hash.pdata = (byte *)in; message_hash.data_length = inLen; - message_hash.data_type = + message_hash.data_type = info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ signature.pdata = out; signature.data_length = (word32*)outLen; - + #if defined(WOLFSSL_RENESAS_RSIP) - message_hash.hash_type = signature.hash_type = + message_hash.hash_type = signature.hash_type = info->hash_type; /* hash type */ #endif - + if ((ret = wc_fspsm_hw_lock()) == 0) { if (keySize == 1024) { - + ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash, &signature, (FSPSM_RSA1024_WPI_KEY *) @@ -239,23 +265,23 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, HW_SCE_RSA_HASH_SHA256); } else { - + ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash, &signature, (FSPSM_RSA2048_WPI_KEY *) key->ctx.wrapped_pri2048_key, HW_SCE_RSA_HASH_SHA256); } - + wc_fspsm_hw_unlock(); } - + return ret; } /* Perform Rsa verify by FSP SM * Assumes to be called by Crypt Callback - * + * * in Buffer to hold plaintext * inLen Length of plaintext in bytes * out Buffer to hold generated signature @@ -264,40 +290,40 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, * ctx The callback context * return FSP_SUCCESS(0) on Success, otherwise negative value */ - + WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, word32* outLen,struct RsaKey* key, void* ctx) { int ret; - + FSPSM_RSA_DATA message_hash; FSPSM_RSA_DATA signature; FSPSM_ST *info = (FSPSM_ST*)ctx; int keySize; - + (void) key; - + /* sanity check */ - if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || *outLen <= 0 || info == NULL || + key == NULL){ return BAD_FUNC_ARG; } - + keySize = (int)key->ctx.keySz; - - + + message_hash.pdata =(byte*)in; message_hash.data_length = inLen; - message_hash.data_type = + message_hash.data_type = info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ - + signature.pdata = out; - signature.data_length = (word32*)outLen; + signature.data_length = (word32)*outLen; #if defined(WOLFSSL_RENESAS_RSIP) - message_hash.hash_type = signature.hash_type = + message_hash.hash_type = signature.hash_type = info->hash_type; /* hash type */ #endif - + if ((ret = wc_fspsm_hw_lock()) == 0) { if (keySize == 1024) { ret = FSPSM_RSA1024_VRY_FUNC(&signature, @@ -307,7 +333,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, HW_SCE_RSA_HASH_SHA256); } else { - ret = FSPSM_RSA2048_VRY_FUNC(&signature, + ret = FSPSM_RSA2048_VRY_FUNC(&signature, &message_hash, (FSPSM_RSA2048_WPB_KEY *) key->ctx.wrapped_pub2048_key, @@ -315,7 +341,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, } wc_fspsm_hw_unlock(); } - + return ret; } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c index 52df6da3dd..3ea643892d 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c @@ -1,6 +1,6 @@ /* renesas_fspsm_sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -100,10 +100,8 @@ static void FSPSM_HashFree(wolfssl_FSPSM_Hash* hash) return; #if defined(WOLFSSL_RENESAS_SCEPROTECT) - if (hash->msg != NULL) { - XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); - hash->msg = NULL; - } + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; #endif } @@ -149,14 +147,14 @@ static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId, XMEMSET(hash, 0, sizeof(wolfssl_FSPSM_Hash)); hash->sha_type = sha_type; hash->heap = heap; - + #if defined(WOLFSSL_RENESAS_SCEPROTECT) hash->len = 0; hash->used = 0; hash->msg = NULL; - + #elif defined(WOLFSSL_RENESAS_RSIP) - + switch(hash->sha_type) { case FSPSM_SHA1: Init = FSPSM_SHA1_Init; @@ -244,7 +242,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash, XMEMCPY(hash->msg + hash->used, data , sz); hash->used += sz; #elif defined(WOLFSSL_RENESAS_RSIP) - + switch(hash->sha_type) { case FSPSM_SHA1: Update = FSPSM_SHA1_Up; @@ -271,7 +269,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash, return BAD_FUNC_ARG; } wc_fspsm_hw_lock(); - ret = Update(&hash->handle, data, sz); + ret = Update(&hash->handle, (byte*)data, sz); wc_fspsm_hw_unlock(); return ret; #endif @@ -309,7 +307,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) Final = FSPSM_SHA256_Final; } else return BAD_FUNC_ARG; - + wc_fspsm_hw_lock(); if (Init(&handle) == FSP_SUCCESS) { @@ -328,7 +326,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) } } wc_fspsm_hw_unlock(); - + #elif defined(WOLFSSL_RENESAS_RSIP) switch(hash->sha_type) { case FSPSM_SHA1: @@ -355,7 +353,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) default: return BAD_FUNC_ARG; } - + wc_fspsm_hw_lock(); ret = Final(&hash->handle, out, (uint32_t*)&sz); if (ret != FSP_SUCCESS) { @@ -380,7 +378,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*); uint32_t sz = 0; (void) outSz; - + #if defined(WOLFSSL_RENESAS_SCEPROTECT) FSPSM_SHA_HANDLE handle; fsp_err_t (*Init)(FSPSM_SHA_HANDLE*); @@ -401,7 +399,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) Final = FSPSM_SHA256_Final; } else return BAD_FUNC_ARG; - + wc_fspsm_hw_lock(); if (Init(&handle) == FSP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); @@ -419,7 +417,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) } } wc_fspsm_hw_unlock(); - + #elif defined(WOLFSSL_RENESAS_RSIP) switch(hash->sha_type) { case FSPSM_SHA1: @@ -446,8 +444,8 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) default: return BAD_FUNC_ARG; } - - + + if(FSPSM_HashCopy(hash, &hashCopy) != 0) { WOLFSSL_MSG("ShaCopy operation failed"); WOLFSSL_ERROR(WC_HW_E); @@ -461,7 +459,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) ret = WC_HW_E; } wc_fspsm_hw_unlock(); - + #endif return ret; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index 1ecf750ead..50c34d266a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -1,6 +1,6 @@ /* renesas_fspsm_util.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -135,7 +135,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open() if (ret != FSP_SUCCESS) { WOLFSSL_MSG("RENESAS SCE Open failed"); } - + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { @@ -184,11 +184,11 @@ WOLFSSL_LOCAL void wc_fspsm_Close() } #define RANDGEN_WORDS 4 -WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) +WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) { /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */ int ret = 0; - word32 buffer[RANDGEN_WORDS]; + word32 fspbuf[RANDGEN_WORDS]; while (sz > 0) { word32 len = sizeof(buffer); @@ -197,9 +197,9 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) len = sz; } /* return 4 words random number*/ - ret = R_RANDOM_GEN(buffer); + ret = R_RANDOM_GEN((uint8_t* const)fspbuf); if(ret == FSP_SUCCESS) { - XMEMCPY(output, &buffer, len); + XMEMCPY(output, &fspbuf, len); output += len; sz -= len; } else { @@ -367,8 +367,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx); - if (sigforSCE) - XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP); + XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP); if (ret == WOLFSSL_SUCCESS) { *result = 1; @@ -384,7 +383,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - + /* Callback for ECC shared secret */ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, uint8_t* pubKeyDer, unsigned int* pubKeySz, @@ -723,7 +722,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, Ciphers *dec; FSPSM_HMAC_WKEY key_client_mac; FSPSM_HMAC_WKEY key_server_mac; - + FSPSM_AES_PWKEY key_client_aes = NULL; FSPSM_AES_PWKEY key_server_aes = NULL; @@ -752,7 +751,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, if (key_client_aes == NULL || key_server_aes == NULL) { return MEMORY_E; } - + ret = FSPSM_SESSIONKEY_GEN_FUNC( GetSceCipherSuite( ssl->options.cipherSuite0, @@ -802,7 +801,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, return MEMORY_E; } XMEMSET(dec->aes, 0, sizeof(Aes)); - + dec->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC (sizeof(FSPSM_AES_WKEY), aes->heap, DYNAMIC_TYPE_AE); @@ -853,15 +852,13 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, /* marked as session key is set */ cbInfo->keyflgs_tls.bits.session_key_set = 1; } - - if (key_client_aes) - XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); - if (key_server_aes) - XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); - + + XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); + XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); + /* unlock hw */ wc_fspsm_hw_unlock(); - + } else { WOLFSSL_LEAVE("hw lock failed", ret); @@ -1070,9 +1067,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( if (ret != FSP_SUCCESS) { WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed"); } - if (sigforSCE) { - XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP); - } + XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP); wc_fspsm_hw_unlock(); } else { diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c index 170ebb5e42..caee3c2a3e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Use of this Software is subject to the GPLv2 License + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -13,7 +13,7 @@ * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License @@ -159,10 +159,8 @@ static void RX64_HashFree(wolfssl_RX64_HW_Hash* hash) if (hash == NULL) return; - if (hash->msg != NULL) { - XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); - hash->msg = NULL; - } + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; } /** diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c index 2d995d99f4..72505868e2 100644 --- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Use of this Software is subject to the GPLv2 License + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -13,7 +13,7 @@ * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index d4f474195d..dc9bcd5f30 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -1,6 +1,6 @@ /* renesas_tsip_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -86,9 +86,9 @@ typedef e_tsip_err_t (*Tls13AesDecFinalFn) /* encrypt plain data. - * + * * return cipher data size on success, negative value on failure. - * CRYPTOCB_UNAVAILABLE may be returned. + * CRYPTOCB_UNAVAILABLE may be returned. */ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( struct WOLFSSL* ssl, @@ -166,7 +166,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( cs, key, sz); - + if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error"); ret = WC_HW_E; @@ -236,7 +236,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( /* decrypt encrypted handshake data for TLSv1.3 * AES-GCM or AES-CCM can be used * return 0 on success, otherwise on error. - */ + */ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( struct WOLFSSL* ssl, byte* output, @@ -384,7 +384,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; WOLFSSL_ENTER("wc_tsip_AesCipher"); @@ -627,7 +627,7 @@ int wc_tsip_AesGcmEncrypt( uint8_t* aadBuf = NULL; const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; - + tsip_aes_key_index_t key_client_aes; TsipUserCtx *userCtx; @@ -722,10 +722,10 @@ int wc_tsip_AesGcmEncrypt( XMEMCPY(&key_client_aes, &userCtx->user_aes128_key_index, sizeof(tsip_aes_key_index_t)); } - + iv_l = iv; ivSz_l = ivSz; - + } if (ret == 0) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index 1a77b4020d..13db2dba12 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -1,6 +1,6 @@ /* renesas_sce_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -18,7 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - + #include #if !defined(NO_RSA) && \ @@ -40,7 +40,7 @@ #include #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY -/* Make Rsa key for TSIP and set it to callback ctx +/* Make RSA key for TSIP and set it to callback ctx * Assumes to be called by Crypt Callback * * size desired keylenth, in bits. supports 1024 or 2048 bits @@ -59,132 +59,119 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) if (ctx == NULL) return BAD_FUNC_ARG; + if (size != 1024 && size != 2048) { + WOLFSSL_MSG("Failed to generate key pair by TSIP"); + return CRYPTOCB_UNAVAILABLE; + } + if ((ret = tsip_hw_lock()) == 0) { if (size == 1024) { tsip_pair1024_key = (tsip_rsa1024_key_pair_index_t*)XMALLOC( - sizeof(tsip_rsa1024_key_pair_index_t), NULL, + sizeof(tsip_rsa1024_key_pair_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); if (tsip_pair1024_key == NULL) return MEMORY_E; - + ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key); } else if (size == 2048) { tsip_pair2048_key = (tsip_rsa2048_key_pair_index_t*)XMALLOC( - sizeof(tsip_rsa2048_key_pair_index_t), NULL, + sizeof(tsip_rsa2048_key_pair_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); if (tsip_pair2048_key == NULL) return MEMORY_E; - + ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); } - else - return CRYPTOCB_UNAVAILABLE; - + if (ret == TSIP_SUCCESS) { if (size == 1024) { - if (info->rsa1024pri_keyIdx != NULL) { - XFREE(info->rsa1024pri_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - if (info->rsa1024pub_keyIdx != NULL) { - XFREE(info->rsa1024pub_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - info->rsa1024pri_keyIdx = + XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->rsa1024pri_keyIdx = (tsip_rsa1024_private_key_index_t*)XMALLOC( - sizeof(tsip_rsa1024_private_key_index_t), NULL, + sizeof(tsip_rsa1024_private_key_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); - + if (info->rsa1024pri_keyIdx == NULL) { - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } - + info->rsa1024pub_keyIdx = (tsip_rsa1024_public_key_index_t*)XMALLOC( - sizeof(tsip_rsa1024_public_key_index_t), NULL, + sizeof(tsip_rsa1024_public_key_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); - + if (info->rsa1024pub_keyIdx == NULL) { - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->rsa1024pri_keyIdx, 0, - DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } /* copy generated key pair and free malloced key */ XMEMCPY(info->rsa1024pri_keyIdx, &tsip_pair1024_key->private, sizeof(tsip_rsa1024_private_key_index_t)); - XMEMCPY(info->rsa1024pub_keyIdx, + XMEMCPY(info->rsa1024pub_keyIdx, &tsip_pair1024_key->public, sizeof(tsip_rsa1024_public_key_index_t)); - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1; } else if (size == 2048) { - if (info->rsa2048pri_keyIdx != NULL) { - XFREE(info->rsa2048pri_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - if (info->rsa2048pub_keyIdx != NULL) { - XFREE(info->rsa2048pub_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - info->rsa2048pri_keyIdx = + XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->rsa2048pri_keyIdx = (tsip_rsa2048_private_key_index_t*)XMALLOC( - sizeof(tsip_rsa2048_private_key_index_t), NULL, + sizeof(tsip_rsa2048_private_key_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); - + if (info->rsa2048pri_keyIdx == NULL) { - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } - + info->rsa2048pub_keyIdx = (tsip_rsa2048_public_key_index_t*)XMALLOC( - sizeof(tsip_rsa2048_public_key_index_t), NULL, + sizeof(tsip_rsa2048_public_key_index_t), NULL, DYNAMIC_TYPE_RSA_BUFFER); - + if (info->rsa2048pub_keyIdx == NULL) { - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->rsa2048pri_keyIdx, 0, + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } + /* copy generated key pair and free malloced key */ - XMEMCPY(info->rsa2048pri_keyIdx, + XMEMCPY(info->rsa2048pri_keyIdx, &tsip_pair2048_key->private, sizeof(tsip_rsa2048_private_key_index_t)); - XMEMCPY(info->rsa2048pub_keyIdx, + XMEMCPY(info->rsa2048pub_keyIdx, &tsip_pair2048_key->public, sizeof(tsip_rsa2048_public_key_index_t)); - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1; - } } - else { - WOLFSSL_MSG("Failed to generate key pair by TSIP"); - return CRYPTOCB_UNAVAILABLE; - } - + tsip_hw_unlock(); } + return 0; } /* Perform Rsa verify by TSIP * Assumes to be called by Crypt Callback - * + * * in Buffer to hold plaintext * inLen Length of plaintext in bytes * out Buffer to hold generated signature @@ -193,51 +180,47 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) * ctx The callback context * return FSP_SUCCESS(0) on Success, otherwise negative value */ - + WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; tsip_rsa_byte_data_t hashData, sigData; - uint8_t tsip_hash_type; - - + /* sanity check */ if (info == NULL || tuc == NULL){ return BAD_FUNC_ARG; } - + if (ret == 0) { - if (tuc->sing_hash_type == md5_mac) + if (tuc->sign_hash_type == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; - else if (tuc->sing_hash_type == sha_mac) + else if (tuc->sign_hash_type == sha_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA1; - else if (tuc->sing_hash_type == sha256_mac) + else if (tuc->sign_hash_type == sha256_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else ret = CRYPTOCB_UNAVAILABLE; } - + switch (tuc->wrappedKeyType) { case TSIP_KEY_TYPE_RSA1024: - if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) { ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); WOLFSSL_MSG("tsip rsa private key 1024 not set"); - if (ret != 0) + if (ret != 0) ret = CRYPTOCB_UNAVAILABLE; } break; case TSIP_KEY_TYPE_RSA2048: - if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) { ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); - WOLFSSL_MSG("tsip rsa private key 1024 not set"); - if (ret != 0) + WOLFSSL_MSG("tsip rsa private key 2048 not set"); + if (ret != 0) ret = CRYPTOCB_UNAVAILABLE; } break; @@ -294,7 +277,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) tsip_hw_unlock(); } } - + return ret; } #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index a1a02f3b45..a12c1ebcf8 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -1,6 +1,6 @@ /* renesas_tsip_sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,7 +64,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) isTLS13 = 1; @@ -136,8 +136,8 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac) -/* store handshake message for later hash or hmac operation. - * +/* store handshake message for later hash or hmac operation. + * */ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, int sz) @@ -154,7 +154,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) isTLS13 = 1; @@ -164,7 +164,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, ret = CRYPTOCB_UNAVAILABLE; } } - /* should work until handshake is done */ + /* should work until handshake is done */ if (ret == 0) { if (ssl->options.handShakeDone) { WOLFSSL_MSG("handshake is done."); @@ -195,12 +195,12 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, bag = &(tuc->messageBag); - if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || + if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || bag->buffIdx + sz > MSGBAG_SIZE) { WOLFSSL_MSG("Capacity over error in tsip_StoreMessage"); ret = MEMORY_E; } - + XMEMCPY(bag->buff + bag->buffIdx, data, sz); bag->msgTypes[bag->msgIdx++] = *data; /* store message type */ bag->buffIdx += sz; @@ -229,7 +229,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) isTLS13 = 1; @@ -246,14 +246,14 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, } bag = &(tuc->messageBag); } - + if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { err = R_TSIP_Sha256Init(&handle); if (err == TSIP_SUCCESS) { - err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff, + err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff, bag->buffIdx); } if (err == TSIP_SUCCESS) { @@ -287,10 +287,8 @@ static void TSIPHashFree(wolfssl_TSIP_Hash* hash) if (hash == NULL) return; - if (hash->msg != NULL) { - XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); - hash->msg = NULL; - } + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; } static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId, @@ -309,7 +307,7 @@ static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId, else { hash->heap = heap; } - + hash->len = 0; hash->used = 0; hash->msg = NULL; diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 8c98ffb781..df49012d9e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -1,6 +1,6 @@ /* renesas_tsip_util.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,11 +34,15 @@ #define WOLFSSL_MISC_INCLUDED #include #endif -#include -#include -#include + +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include + #include + #include +#endif #include #include + #include #define TSIP_SIGNING_DATA_PREFIX_SZ 64 @@ -171,6 +175,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, return ret; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) /* Set client encrypted public key data. @@ -189,8 +194,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); - if (uc == NULL - || keyBuf == NULL || keyBufLen == 0) { + if (uc == NULL || keyBuf == NULL || keyBufLen == 0) { ret = BAD_FUNC_ARG; } @@ -239,7 +243,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, /* Obsolete function. Use tsip_use_PrivateKey_buffer instead. * Set client encrypted private key data. * parameters: - * key Renesas Secure Flash Programmer generated key. + * key Renesas Secure Flash Programmer generated key. * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 * return 0 on success, others on failure. */ @@ -253,7 +257,7 @@ WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* encKey, int keyType) g_user_key_info.encrypted_user_private_key = (uint8_t*)encKey; g_user_key_info.encrypted_user_private_key_type = keyType; } - + WOLFSSL_LEAVE("tsip_set_clientPrivateKeyEnc", ret); return ret; } @@ -299,7 +303,7 @@ WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl) /* free stored messages */ tsipFlushMessages(ssl); - + return ret; } @@ -322,12 +326,12 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) TsipUserCtx* tuc = NULL; WOLFSSL_ENTER("tsip_Tls13GenEccKeyPair"); - + if (ssl == NULL || kse == NULL) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -383,7 +387,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) ecckey = (ecc_key*)kse->key; ret = wc_ecc_set_curve(ecckey, kse->keyLen, curveId); } - + kse->pubKey[0] = ECC_POINT_UNCOMP; /* generate ecc key pair with TSIP */ @@ -412,25 +416,21 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) } } - if (ret != 0) { - if (kse->key != NULL) - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (kse->pubKey != NULL) - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) { + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; } WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* generate shared secret(pre-master secret) * get peer's raw ECDHE public key from KeyShareEntry. - * The pre-master secret generated by TSIP is stored into + * The pre-master secret generated by TSIP is stored into * TsipUserCtx.sharedSecret13Idx as TSIP specific format. - * + * * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ @@ -448,7 +448,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -468,7 +468,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -514,11 +514,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) { int ret = 0; @@ -530,7 +526,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -539,20 +535,16 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) tuc->EarlySecret_set = 1; } } - + WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* derive handshake secret. * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx. * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx * as tsip specific format. - * + * * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ @@ -568,7 +560,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -580,7 +572,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -597,7 +589,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->HandshakeSecret_set = 0; err = R_TSIP_Tls13GenerateHandshakeSecret( @@ -621,11 +613,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -640,7 +628,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -651,7 +639,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -673,9 +661,9 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->HandshakeClientTrafficKey_set = 0; - + err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey( &(tuc->handle13), TSIP_TLS13_MODE_FULL_HANDSHAKE, @@ -687,7 +675,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) if (err != TSIP_SUCCESS) { WOLFSSL_MSG( "R_TSIP_Tls13GenerateClientHandshakeTrafficKey error"); - ret = WC_HW_E; + ret = WC_HW_E; } /* key derivation succeeded */ @@ -705,11 +693,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -724,7 +708,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -735,7 +719,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -757,7 +741,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->HandshakeServerTrafficKey_set = 0; err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey( @@ -773,7 +757,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) "R_TSIP_Tls13GenerateServerHandshakeTrafficKey error"); ret = WC_HW_E; } - + /* key derivation succeeded */ if (ret == 0) { tuc->HandshakeServerTrafficKey_set = 1; @@ -789,11 +773,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -808,7 +788,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -819,7 +799,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -841,7 +821,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->ServerTrafficSecret_set = 0; tuc->ClientTrafficSecret_set = 0; tuc->ServerWriteTrafficKey_set = 0; @@ -862,7 +842,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) "R_TSIP_Tls13GenerateApplicationTrafficKey error"); ret = WC_HW_E; } - + /* key derivation succeeded */ if (ret == 0) { tuc->ServerTrafficSecret_set = 1; @@ -881,11 +861,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -899,7 +875,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -910,7 +886,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -953,11 +929,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -971,7 +943,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -982,7 +954,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -1025,11 +997,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Derive the keys for TLS v1.3. * * ssl The WOLFSSL object. @@ -1042,7 +1010,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) * side ENCRYPT_SIDE_ONLY: when only encryption secret needs to be derived. * DECRYPT_SIDE_ONLY: when only decryption secret needs to be derived. * ENCRYPT_AND_DECRYPT_SIDE: when both secret needs to be derived. - * + * * returns 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ @@ -1124,11 +1092,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) { int ret = 0; @@ -1142,7 +1106,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -1152,7 +1116,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -1160,7 +1124,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { /* make sure handshake secret and verify data has been set by TSIP */ - if (!tuc->HandshakeSecret_set || + if (!tuc->HandshakeSecret_set || !tuc->HandshakeVerifiedData_set) { WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); ret = CRYPTOCB_UNAVAILABLE; @@ -1168,7 +1132,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) } if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->MasterSecret_set = 0; err = R_TSIP_Tls13GenerateMasterSecret( @@ -1183,7 +1147,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) "R_TSIP_Tls13GenerateMasterSecret( error"); ret = WC_HW_E; } - + if (ret == 0) { tuc->MasterSecret_set = 1; } @@ -1198,15 +1162,11 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* verify handshake * ssl WOLFSSL object * hash buffer holding decrypted finished message content from server. - * + * */ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, const byte* hash)/*finished message*/ @@ -1223,7 +1183,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, ret = BAD_FUNC_ARG; if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -1234,7 +1194,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -1255,7 +1215,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { - + tuc->HandshakeVerifiedData_set = 0; err = R_TSIP_Tls13ServerHandshakeVerification( @@ -1271,7 +1231,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, } else if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13ServerHandshakeVerification error"); - ret = WC_HW_E; + ret = WC_HW_E; } if (ret == 0) { WOLFSSL_MSG("Verified handshake"); @@ -1288,15 +1248,11 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* handles finished message from server. - * verify hmac in the message. Also output verify data to + * verify hmac in the message. Also output verify data to * TsipUserCtx.verifyDataIdx, which is used for deriving master secret. - * + * * ssl WOLFSSL object * input the buffer holding decrypted finished message, type and padding * inOutIdx On entry, the index into the message content of Finished. @@ -1334,11 +1290,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished( WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Build TLS v1.3 Message and make it encrypted with AEAD algorithm. * TSIP supports AES-GCM and AES-CCM. * ssl The WOLFSSL object. @@ -1348,7 +1300,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished( * inSz The size of the handshake message (including message header). * type The real content type being put after the message data. * hashOutput Whether to hash the unencrypted record data. - * returns the size of the record including header, CRYPTOCB_UNAVAILABLE + * returns the size of the record including header, CRYPTOCB_UNAVAILABLE * when tsip can not handle and is expecting to fallback to S/W, * other negative values on error. */ @@ -1365,7 +1317,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, int isTLS13 = 0; RecordLayerHeader* rl = NULL; (void)outSz; - + WOLFSSL_ENTER("tsip_Tls13BuildMessage"); if (ssl == NULL || output == NULL || input == NULL) { @@ -1373,7 +1325,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, } if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { isTLS13 = 1; } @@ -1421,7 +1373,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, /* The real record content type goes at the end of the data. */ output[RECORD_HEADER_SZ + inSz] = (byte)type; - ret = tsip_Tls13AesEncrypt(ssl, + ret = tsip_Tls13AesEncrypt(ssl, output + RECORD_HEADER_SZ, /* output */ output + RECORD_HEADER_SZ, /* plain message */ inSz + 1); /* plain data size(= inSz + 1 for type) */ @@ -1434,13 +1386,9 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Send finished message to the server. - * + * * ssl WOLFSSL object * output buffer to output packet, including packet header and finished message * outSz buffer size of output @@ -1466,7 +1414,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( if (ssl == NULL || output == NULL || input == NULL || outSz == 0) { ret = BAD_FUNC_ARG; } - + if (ret == 0) { finishedSz = ssl->specs.hash_size; @@ -1485,7 +1433,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( output, outSz, input, headerSz + finishedSz, handshake, hashOut); - + if (recordSz > 0) { ssl->options.clientState = CLIENT_FINISHED_COMPLETE; ssl->options.handShakeState = HANDSHAKE_DONE; @@ -1501,9 +1449,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Parse and handle a TLS v1.3 CertificateVerify message sent from a server. * * ssl WOLFSSL object @@ -1515,7 +1461,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( * return 0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle, * other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, +WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 totalSz) { @@ -1528,7 +1474,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, e_tsip_err_t err = TSIP_SUCCESS; TsipUserCtx* tuc = NULL; e_tsip_tls13_signature_scheme_type_t sig_scheme; - + WOLFSSL_ENTER("tsip_Tls13CertificateVerify"); @@ -1576,7 +1522,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, if (ret == 0) { /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx is not set to ssl."); ret = CRYPTOCB_UNAVAILABLE; @@ -1596,7 +1542,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, idx = 0; ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); - XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, + XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); idx += TSIP_SIGNING_DATA_PREFIX_SZ; @@ -1605,7 +1551,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, idx += TSIP_CERT_VFY_LABEL_SZ; ret = tsip_GetMessageSha256(ssl, &sigData[idx], &messageSz); } - + if (ret == 0) { if ((ret = tsip_hw_lock()) == 0) { @@ -1617,7 +1563,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, totalSz); if (err == TSIP_SUCCESS) { - + *inOutIdx += totalSz; *inOutIdx += ssl->keys.padSz; ssl->options.peerAuthGood = 1; @@ -1644,23 +1590,21 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Send the TLS v1.3 CertificateVerify message. A part of the message is * processed by TSIP for acceleration. * - * Prior to this function call, the appropriate key-pair should be set via - * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs. - * Those key pair can be generated by the tool named + * Prior to this function call, the appropriate key-pair should be set via + * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs. + * Those key pair can be generated by the tool named * "Renesas secure flash programmer". * When RSA certificate is used, both public and private keys should be set. * The public key is used for self-verify the generated certificateVerify * message. When ECC certificate is used, the self-verify will be performed only * WOLFSSL_CHECK_SIG_FAULTS is defined. - * - * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not - * provided or unsupported algo is specified and otherwise failure. + * + * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not + * provided or unsupported algo is specified and otherwise failure. */ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) { @@ -1693,7 +1637,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } if (ret == 0) { - if (ssl->version.major == SSLv3_MAJOR && + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) isTLS13 = 1; @@ -1702,7 +1646,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) ret = CRYPTOCB_UNAVAILABLE; } } - + if (ret == 0) { /* get user context for TSIP */ tuc = ssl->RenesasUserCtx; @@ -1712,10 +1656,10 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } if (ret == 0) { - #if !defined(NO_RSA) + #if !defined(NO_RSA) if (ssl->options.haveRSA) isRsa = 1; - else + else #endif #ifdef HAVE_ECC if (ssl->options.haveECC) @@ -1740,13 +1684,13 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } } else { - if (!tuc->ClientEccP256PrivKey_set) { + if (!tuc->ClientEccPrivKey_set) { ret = NO_PRIVATE_KEY; } } } - if (ret == 0) { + if (ret == 0) { /* get message hash */ ForceZero(hash, sizeof(hash)); ret = tsip_GetMessageSha256(ssl, hash, (int*)&hashSz); @@ -1777,15 +1721,15 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, hash, message + HANDSHAKE_HEADER_SZ, - &messageSz); + &messageSz); } else { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx), + (uint32_t*)&(tuc->EcdsaPrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, hash, message + HANDSHAKE_HEADER_SZ, - &messageSz); + &messageSz); } if (err != TSIP_SUCCESS) { WOLFSSL_MSG("failed to make certificate verify message"); @@ -1816,8 +1760,8 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } } else { -#if defined(WOLFSSL_CHECK_SIG_FAULTS) - if (!tuc->ClientEccP256PubKey_set) { +#if defined(WOLFSSL_CHECK_SIG_FAULTS) + if (!tuc->ClientEccPubKey_set) { ret = NO_PRIVATE_KEY; } #endif /* WOLFSSL_CHECK_SIG_FAULTS */ @@ -1829,7 +1773,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) idx = 0; ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); - XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, + XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, TSIP_SIGNING_DATA_PREFIX_SZ); idx += TSIP_SIGNING_DATA_PREFIX_SZ; @@ -1842,9 +1786,9 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) if (ret == 0) { /* extract signature data from generated CertificateVerify message */ if (!isRsa) { -#if defined(WOLFSSL_CHECK_SIG_FAULTS) - idx = 4; - derSig = message + +#if defined(WOLFSSL_CHECK_SIG_FAULTS) + idx = 4; + derSig = message + HANDSHAKE_HEADER_SZ + HASH_SIG_SIZE + VERIFY_HEADER; if (derSig[idx] == 0x00) idx++; @@ -1886,7 +1830,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) err = R_TSIP_EcdsaP256SignatureVerification( &ecdsa_sig, &ecdsa_hash, - &tuc->EcdsaP256PublicKeyIdx); + &tuc->EcdsaPublicKeyIdx); WOLFSSL_MSG("Perform self-verify for ecc signature"); #endif /* WOLFSSL_CHECK_SIG_FAULTS */ } @@ -1907,8 +1851,8 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) ((HandShakeHeader*)message)->type = certificate_verify; c32to24(messageSz, ((HandShakeHeader*)message)->length); - - recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message, + + recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message, messageSz + HANDSHAKE_HEADER_SZ, handshake, 1); @@ -1927,6 +1871,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) #endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) static uint32_t GetTsipCipherSuite( @@ -2072,7 +2017,7 @@ static int tsip_ServerKeyExVerify( WOLFSSL_MSG("Failed to lock tsip hw"); } - XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret); return ret; @@ -2114,8 +2059,8 @@ int wc_tsip_RsaVerify( * key buffer holding peer's public key (NOT used in this function) * keySz public key size((NOT used in this function)) * result address of the variable to output result - * ctx context - * return 0 on success, CRYPTOCB_UNAVAILABLE in case TSIP cannot handle + * ctx context + * return 0 on success, CRYPTOCB_UNAVAILABLE in case TSIP cannot handle */ int wc_tsip_EccVerify( WOLFSSL* ssl, @@ -2138,14 +2083,14 @@ int wc_tsip_EccVerify( return CRYPTOCB_UNAVAILABLE; } - /* in TLS1.3 */ - if (ssl->version.major == SSLv3_MAJOR && + /* in TLS1.3 */ + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE); return CRYPTOCB_UNAVAILABLE; } - /* concatenate r and s parts of the signature so that TSIP can handle it*/ + /* concatenate r and s parts of the signature so that TSIP can handle it */ /* r */ if (sig[offset] == 0x20) { XMEMCPY(sigforSCE, &sig[offset+1], rs_size); @@ -2261,7 +2206,7 @@ WOLFSSL_API void tsip_set_callbacks(WOLFSSL_CTX* ctx) #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); /* Set ssl-> options.sendVerify to SEND_CERT by the following two - * registrations. This will allow the client certificate to be sent to + * registrations. This will allow the client certificate to be sent to * the server even if the private key is empty. The two callbacks do * virtually nothing. */ @@ -2307,7 +2252,7 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) wolfSSL_SetRsaSignCtx(ssl, user_ctx); wolfSSL_SetGenPreMasterCtx(ssl, user_ctx); wolfSSL_SetEccSharedSecretCtx(ssl, NULL); -#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) wolfSSL_SetVerifyMacCtx(ssl, user_ctx); #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ /* set up crypt callback */ @@ -2346,8 +2291,10 @@ static byte _tls2tsipdef(byte cipher) * The target key should be set with tsip_use_PrivateKey_buffer in advance. * Acceptable key types are: * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key */ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) { @@ -2367,7 +2314,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { WOLFSSL_MSG("Missing some key materials used for import" ); return CRYPTOCB_UNAVAILABLE; - } + } if (ret == 0) { if (keyType != tuc->wrappedKeyType) { @@ -2381,7 +2328,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA2048: - + tuc->ClientRsa2048PrivKey_set = 0; err = R_TSIP_GenerateRsa2048PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, @@ -2396,19 +2343,19 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) #endif case TSIP_KEY_TYPE_RSA4096: - /* not supported as of TSIPv1.15 */ + /* not supported as of TSIPv1.15 */ ret = CRYPTOCB_UNAVAILABLE; break; #if defined(HAVE_ECC) case TSIP_KEY_TYPE_ECDSAP256: - tuc->ClientEccP256PrivKey_set = 0; + tuc->ClientEccPrivKey_set = 0; err = R_TSIP_GenerateEccP256PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->EcdsaP256PrivateKeyIdx)); + &(tuc->EcdsaPrivateKeyIdx)); if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PrivKey_set = 1; + tuc->ClientEccPrivKey_set = 1; } else { ret = WC_HW_E; @@ -2436,8 +2383,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) * The target key should be set with tsip_use_PublicKey_buffer in advance. * Acceptable key types are: * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key */ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) { @@ -2458,7 +2407,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) { WOLFSSL_MSG("Missing some key materials used for import" ); return CRYPTOCB_UNAVAILABLE; - } + } if (ret == 0) { if (keyType != tuc->wrappedKeyType) { @@ -2468,22 +2417,19 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) } if ((ret = tsip_hw_lock()) == 0) { - switch(keyType) { - + switch (keyType) { + #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA2048: #if defined(WOLFSSL_RENESAS_TSIP_TLS) tuc->ClientRsa2048PubKey_set = 0; #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - if (tuc->rsa2048pub_keyIdx != NULL) { - XFREE(tuc->rsa2048pub_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - + XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; tuc->rsa2048pub_keyIdx = - (tsip_rsa2048_public_key_index_t*)XMALLOC( - sizeof(tsip_rsa2048_public_key_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); + (tsip_rsa2048_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); if (tuc->rsa2048pub_keyIdx == NULL) { return MEMORY_E; } @@ -2507,25 +2453,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) ret = WC_HW_E; } break; - #endif - - #if !defined(NO_RSA) + case TSIP_KEY_TYPE_RSA4096: - /* not supported as of TSIPv1.15 */ + /* not supported as of TSIPv1.15 */ ret = CRYPTOCB_UNAVAILABLE; break; - #endif - - #if defined(HAVE_ECC) && \ - defined(WOLFSSL_RENESAS_TSIP_TLS) - case TSIP_KEY_TYPE_ECDSAP256: + #endif /* !NO_RSA */ - tuc->ClientEccP256PubKey_set = 0; - err = R_TSIP_GenerateEccP256PublicKeyIndex( + #if defined(HAVE_ECC) + case TSIP_KEY_TYPE_ECDSAP256: + case TSIP_KEY_TYPE_ECDSAP384: + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientEccPubKey_set = 0; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->keyflgs_crypt.bits.eccpub_key_set = 0; + #endif + if (keyType == TSIP_KEY_TYPE_ECDSAP256) { + err = R_TSIP_GenerateEccP256PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, - &(tuc->EcdsaP256PublicKeyIdx)); + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + &(tuc->EcdsaPublicKeyIdx) + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + &tuc->eccpub_keyIdx + #endif + ); + } + else if (keyType == TSIP_KEY_TYPE_ECDSAP384) { + err = R_TSIP_GenerateEccP384PublicKeyIndex( + provisioning_key, iv, (uint8_t*)encPubKey, + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + &(tuc->EcdsaPublicKeyIdx) + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + &tuc->eccpub_keyIdx + #endif + ); + } if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PubKey_set = 1; + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientEccPubKey_set = 1; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->keyflgs_crypt.bits.eccpub_key_set = 1; + #endif } else { ret = WC_HW_E; @@ -2545,41 +2513,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) WOLFSSL_LEAVE("tsipImportPublicKey", ret); return ret; } -/* -* lock hw engine. -* this should be called before using engine. -*/ -WOLFSSL_LOCAL int tsip_hw_lock(void) -{ - int ret = 0; - - if (tsip_CryptHwMutexInit_ == 0) { - - ret = tsip_CryptHwMutexInit(&tsip_mutex); - - if (ret == 0) { - tsip_CryptHwMutexInit_ = 1; - } - else { - WOLFSSL_MSG(" mutex initialization failed."); - return -1; - } - } - if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { - /* this should not happens */ - return -1; - } - - return ret; -} -/* -* release hw engine -*/ -WOLFSSL_LOCAL void tsip_hw_unlock(void) -{ - tsip_CryptHwMutexUnLock(&tsip_mutex); -} #if defined(WOLFSSL_RENESAS_TSIP_TLS) /* check if tsip tls functions can be used for the cipher */ /* return :1 when tsip can be used , 0 not be used. */ @@ -2678,6 +2612,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ +/* +* lock hw engine. +* this should be called before using engine. +*/ +WOLFSSL_LOCAL int tsip_hw_lock(void) +{ + int ret = 0; + + if (tsip_CryptHwMutexInit_ == 0) { + + ret = tsip_CryptHwMutexInit(&tsip_mutex); + + if (ret == 0) { + tsip_CryptHwMutexInit_ = 1; + } + else { + WOLFSSL_MSG(" mutex initialization failed."); + return -1; + } + } + if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { + /* this should not happens */ + return -1; + } + + return ret; +} + +/* +* release hw engine +*/ +WOLFSSL_LOCAL void tsip_hw_unlock(void) +{ + tsip_CryptHwMutexUnLock(&tsip_mutex); +} /* open TSIP driver * return 0 on success. @@ -2696,6 +2665,7 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } + #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { @@ -2722,11 +2692,13 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_(Re)Open: NG"); } - /* init vars */ + + /* init vars */ g_CAscm_Idx = (uint32_t)-1; } } #endif + #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106) ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); @@ -2756,7 +2728,8 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_(Re)Open failed"); } - /* init vars */ + + /* init vars */ g_CAscm_Idx = (uint32_t)-1; } } @@ -2832,7 +2805,8 @@ void tsip_inform_user_keys_ex( word32 encrypted_user_tls_key_type) { WOLFSSL_ENTER("tsip_inform_user_keys_ex"); - ForceZero(&g_user_key_info, sizeof(g_user_key_info)); + + XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info)); g_user_key_info.encrypted_provisioning_key = NULL; g_user_key_info.iv = NULL; @@ -3101,7 +3075,7 @@ int wc_tsip_generateVerifyData( WOLFSSL_LEAVE("tsip_generateVerifyData", BAD_FUNC_ARG); return BAD_FUNC_ARG; } - if (XSTRNCMP((const char*)side, (const char*)kTlsServerFinStr, + if (XSTRNCMP((const char*)side, (const char*)kTlsServerFinStr, FINISHED_LABEL_SZ) == 0) { l_side = R_TSIP_TLS_GENERATE_SERVER_VERIFY; } @@ -3567,9 +3541,7 @@ int wc_tsip_tls_CertVerify( if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed"); } - if (sigforSCE) { - XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC); tsip_hw_unlock(); } else { @@ -3667,14 +3639,14 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) WOLFSSL_ENTER("tsip_SignRsaPkcs"); - if (info == NULL || tuc == NULL + if (info == NULL || tuc == NULL #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY || tuc->ssl == NULL #endif ) { ret = BAD_FUNC_ARG; } - + #ifdef WOLFSSL_RENESAS_TSIP_TLS if (ret == 0) { ssl = tuc->ssl; @@ -3690,7 +3662,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); } - if (ret == 0) { if (ssl->options.hashAlgo == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; @@ -3703,29 +3674,27 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) } #else (void)ssl; - + if (ret == 0) { - if (tuc->sing_hash_type == md5_mac) + if (tuc->sign_hash_type == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; - else if (tuc->sing_hash_type == sha_mac) + else if (tuc->sign_hash_type == sha_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA1; - else if (tuc->sing_hash_type == sha256_mac) + else if (tuc->sign_hash_type == sha256_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else ret = CRYPTOCB_UNAVAILABLE; } - + switch (tuc->wrappedKeyType) { case TSIP_KEY_TYPE_RSA1024: - if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) - { - WOLFSSL_MSG("tsip rsa private key 2048 not set"); + if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) { + WOLFSSL_MSG("tsip rsa private key 1024 not set"); ret = CRYPTOCB_UNAVAILABLE; } break; case TSIP_KEY_TYPE_RSA2048: - if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) { WOLFSSL_MSG("tsip rsa private key 2048 not set"); ret = CRYPTOCB_UNAVAILABLE; } @@ -3735,9 +3704,8 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = CRYPTOCB_UNAVAILABLE; break; } - #endif - + if (ret == 0) { #ifdef WOLFSSL_RENESAS_TSIP_TLS hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer; @@ -3762,7 +3730,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) tsip_hash_type); if (err != TSIP_SUCCESS) { - ret = WC_HW_E; + ret = WC_HW_E; } break; #endif @@ -3779,7 +3747,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) tsip_hash_type); if (err != TSIP_SUCCESS) { - ret = WC_HW_E; + ret = WC_HW_E; } break; @@ -3807,7 +3775,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS) WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( - WOLFSSL* ssl, + WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, @@ -3842,7 +3810,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( /* import public key_index from wrapped key */ ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); } - + if (ret == 0) { if (ssl->options.hashAlgo == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; @@ -3852,7 +3820,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else { ret = CRYPTOCB_UNAVAILABLE; - } + } } if (ret == 0) { @@ -3863,7 +3831,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - + case TSIP_KEY_TYPE_RSA2048: sigData.data_length = 256; err = R_TSIP_RsassaPkcs2048SignatureVerification( @@ -3902,9 +3870,10 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( } #endif /* !NO_RSA && TSIP_TLS */ -#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(HAVE_ECC) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) /* Perform signing with the client's ECC private key on hash value of messages - * exchanged with server. + * exchanged with server. * * parameters * info->pk.eccsign.in : the buffer holding hash value of messages @@ -3922,7 +3891,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; - tsip_rsa_byte_data_t hashData, sigData; + tsip_ecdsa_byte_data_t hashData, sigData; byte offsetForWork; byte* out = NULL; byte* sig = NULL; @@ -3951,33 +3920,33 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) /* import private key_index from wrapped key */ ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); } - + if (ret == 0) { hashData.pdata = (uint8_t*)info->pk.eccsign.in; hashData.data_type = 1; sigData.pdata = (uint8_t*)info->pk.eccsign.out; sigData.data_length = 0; /* signature size will be returned here */ - if ((ret = tsip_hw_lock()) == 0) { + if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - #if defined(HAVE_ECC) + #if !defined(NO_ECC256) case TSIP_KEY_TYPE_ECDSAP256: offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32; - if (*(info->pk.eccsign.outlen) < + if (*(info->pk.eccsign.outlen) < R_TSIP_ECDSA_DATA_BYTE_SIZE + offsetForWork) { ret = BUFFER_E; break; } - sigData.pdata = (uint8_t*)info->pk.eccsign.out + + sigData.pdata = (uint8_t*)info->pk.eccsign.out + offsetForWork; err = R_TSIP_EcdsaP256SignatureGenerate( &hashData, &sigData, - &tuc->EcdsaP256PrivateKeyIdx); + &tuc->EcdsaPrivateKeyIdx); if (err != TSIP_SUCCESS) { ret = WC_HW_E; - break; + break; } out = info->pk.eccsign.out; @@ -3991,7 +3960,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) /* encode ASN sequence */ out[idx++] = ASN_SEQUENCE | ASN_CONSTRUCTED; out[idx++] = sz; - + /* copy r part */ out[idx++] = ASN_INTEGER; out[idx++] = rSz; @@ -4006,22 +3975,12 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) if (sSz > R_TSIP_ECDSA_DATA_BYTE_SIZE / 2) out[idx++] = 0x00; XMEMCPY(&out[idx], sig, R_TSIP_ECDSA_DATA_BYTE_SIZE / 2); - + /* out size */ *(info->pk.eccsign.outlen) = ASN_TAG_SZ + 1 + sz; break; #endif - #if defined(HAVE_ECC192) - case TSIP_KEY_TYPE_ECDSAP192: - ret = CRYPTOCB_UNAVAILABLE; - break; - #endif - #if defined(HAVE_ECC224) - case TSIP_KEY_TYPE_ECDSAP224: - ret = CRYPTOCB_UNAVAILABLE; - break; - #endif #if defined(HAVE_ECC384) case TSIP_KEY_TYPE_ECDSAP384: ret = CRYPTOCB_UNAVAILABLE; @@ -4042,25 +4001,134 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) WOLFSSL_LEAVE("tsip_SignEcdsa", ret); return ret; } -#endif /* HAVE_ECC && TSIP_TLS */ +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +/* zero pad or truncate hash */ +static int tsip_HashPad(int curveSz, uint8_t* hash, + const uint8_t* hashIn, int hashSz) +{ + if (hashSz > curveSz) + hashSz = curveSz; + XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz); + return curveSz; +} + +/* Perform verify with the wrapped public key, provided hash and signature r+s + * + * parameters + * info->pk.eccverify.in : the buffer holding hash value of messages + * info->pk.eccverify.inlen : hash data size + * info->pk.eccverify.out : the buffer where the signature data is output to + * info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out + * tuc: the pointer to the TsipUserCtx structure + * returns + * 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified. + */ +WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + tsip_ecdsa_byte_data_t hashData, sigData; + /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32 + * if using SHA2-256 with ECDSA SECP384R1 */ + uint8_t hash[TSIP_MAX_ECC_BYTES]; + + WOLFSSL_ENTER("tsip_VerifyEcdsa"); + + if (info == NULL || tuc == NULL) { + ret = CRYPTOCB_UNAVAILABLE; + } + + XMEMSET(hash, 0, sizeof(hash)); + + if (ret == 0) { + /* import public key_index from wrapped key */ + ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); + } + + if (ret == 0) { + int curveSz = info->pk.eccverify.key->dp->size; + hashData.pdata = (uint8_t*)hash; + hashData.data_type = tuc->keyflgs_crypt.bits.message_type; + sigData.pdata = (uint8_t*)info->pk.eccverify.sig; + sigData.data_length = info->pk.eccverify.siglen; + + if ((ret = tsip_hw_lock()) == 0) { + switch (tuc->wrappedKeyType) { + #if !defined(NO_ECC256) + case TSIP_KEY_TYPE_ECDSAP256: + /* zero pad or truncate */ + hashData.data_length = tsip_HashPad(curveSz, + hash, info->pk.eccverify.hash, + info->pk.eccverify.hashlen); + + err = R_TSIP_EcdsaP256SignatureVerification(&sigData, + &hashData, &tuc->eccpub_keyIdx); + if (err == TSIP_SUCCESS) { + *info->pk.eccverify.res = 1; /* success */ + } + else { + ret = WC_HW_E; + } + break; + break; + #endif + + #if defined(HAVE_ECC384) + case TSIP_KEY_TYPE_ECDSAP384: + /* zero pad or truncate */ + hashData.data_length = tsip_HashPad(curveSz, + hash, info->pk.eccverify.hash, + info->pk.eccverify.hashlen); + + err = R_TSIP_EcdsaP384SignatureVerification(&sigData, + &hashData, &tuc->eccpub_keyIdx); + if (err == TSIP_SUCCESS) { + *info->pk.eccverify.res = 1; /* success */ + } + else { + ret = WC_HW_E; + } + break; + #endif + + default: + WOLFSSL_MSG("ECDSA public key size not available"); + ret = CRYPTOCB_UNAVAILABLE; + break; + } + tsip_hw_unlock(); + } + else { + WOLFSSL_MSG("mutex locking error"); + } + } + WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret); + return ret; +} +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* HAVE_ECC */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG -/* err - * e_tsip_err +#if 0 + /* this is here for documentation purposes. */ + enum e_tsip_err { TSIP_SUCCESS = 0, - TSIP_ERR_SELF_CHECK1, // Self-check 1 fail or TSIP function internal err. - TSIP_ERR_RESOURCE_CONFLICT, // A resource conflict occurred. - TSIP_ERR_SELF_CHECK2, // Self-check 2 fail. - TSIP_ERR_KEY_SET, // setting the invalid key. - TSIP_ERR_AUTHENTICATION, // Authentication failed. - TSIP_ERR_CALLBACK_UNREGIST, // Callback function is not registered. - TSIP_ERR_PARAMETER, // Illegal Input data. - TSIP_ERR_PROHIBIT_FUNCTION, // An invalid function call occurred. - * TSIP_RESUME_FIRMWARE_GENERATE_MAC, - // There is a continuation of R_TSIP_GenerateFirmwareMAC. -*/ + TSIP_ERR_SELF_CHECK1, /* Self-check 1 fail or TSIP function internal err. */ + TSIP_ERR_RESOURCE_CONFLICT, /* A resource conflict occurred. */ + TSIP_ERR_SELF_CHECK2, /* Self-check 2 fail. */ + TSIP_ERR_KEY_SET, /* setting the invalid key. */ + TSIP_ERR_AUTHENTICATION, /* Authentication failed. */ + TSIP_ERR_CALLBACK_UNREGIST, /* Callback function is not registered. */ + TSIP_ERR_PARAMETER, /* Illegal Input data. */ + TSIP_ERR_PROHIBIT_FUNCTION, /* An invalid function call occurred. */ + TSIP_RESUME_FIRMWARE_GENERATE_MAC + /* There is a continuation of R_TSIP_GenerateFirmwareMAC. */ + }; +#endif static void hexdump(const uint8_t* in, uint32_t len) { diff --git a/wolfcrypt/src/port/af_alg/afalg_aes.c b/wolfcrypt/src/port/af_alg/afalg_aes.c index 27ee88f610..3fd9023604 100644 --- a/wolfcrypt/src/port/af_alg/afalg_aes.c +++ b/wolfcrypt/src/port/af_alg/afalg_aes.c @@ -1,6 +1,6 @@ /* afalg_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/af_alg/afalg_hash.c b/wolfcrypt/src/port/af_alg/afalg_hash.c index ee5599480f..c14dfb0ee7 100644 --- a/wolfcrypt/src/port/af_alg/afalg_hash.c +++ b/wolfcrypt/src/port/af_alg/afalg_hash.c @@ -1,6 +1,6 @@ /* afalg_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -53,10 +53,8 @@ static void AfalgHashFree(wolfssl_AFALG_Hash* hash) } #if defined(WOLFSSL_AFALG_HASH_KEEP) - if (hash->msg != NULL) { - XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); - hash->msg = NULL; - } + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; #endif } diff --git a/wolfcrypt/src/port/af_alg/wc_afalg.c b/wolfcrypt/src/port/af_alg/wc_afalg.c index 37ced88c81..b278d1f7d3 100644 --- a/wolfcrypt/src/port/af_alg/wc_afalg.c +++ b/wolfcrypt/src/port/af_alg/wc_afalg.c @@ -1,6 +1,6 @@ /* wc_afalg.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,7 @@ void wc_Afalg_SockAddr(struct sockaddr_alg* in, const char* type, const char* na int nameSz = (int)XSTRLEN(name) + 1; /* +1 for null terminator */ if (typeSz > (int)sizeof(in->salg_type) || - nameSz > (int)sizeof(in->salg_name)) { + nameSz > (int)sizeof(in->salg_name)) { WOLFSSL_MSG("type or name was too large"); return; } diff --git a/wolfcrypt/src/port/aria/aria-crypt.c b/wolfcrypt/src/port/aria/aria-crypt.c index d310c6eb1b..0dd20b0c87 100644 --- a/wolfcrypt/src/port/aria/aria-crypt.c +++ b/wolfcrypt/src/port/aria/aria-crypt.c @@ -1,6 +1,6 @@ /* aria-crypt.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c index e52c83387c..cd9ed74376 100644 --- a/wolfcrypt/src/port/aria/aria-cryptocb.c +++ b/wolfcrypt/src/port/aria/aria-cryptocb.c @@ -1,6 +1,6 @@ /* aria-cryptocb.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -447,7 +447,7 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, int wc_AriaCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* return this to bypass HW and use SW */ (void)ctx; if (info == NULL) @@ -544,15 +544,18 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, ret = wc_AriaInitSha(&(info->hash.sha256->hSession), MC_ALGID_SHA256); } - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) { + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) { ret = wc_AriaShaUpdate(info->hash.sha256->hSession, (byte *) info->hash.in, info->hash.inSz); } - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) { + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) { MC_UINT digestSz = 32; ret = wc_AriaShaFinal(info->hash.sha256->hSession, info->hash.digest, &digestSz); - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) ret = wc_AriaFree(&(info->hash.sha256->hSession),NULL); } if (ret != 0) @@ -571,16 +574,21 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, ret = wc_AriaInitSha(&(info->hash.sha384->hSession), MC_ALGID_SHA384); } - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) { + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) { ret = wc_AriaShaUpdate(info->hash.sha384->hSession, (byte *) info->hash.in, info->hash.inSz); } - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) { + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) { MC_UINT digestSz = 48; ret = wc_AriaShaFinal(info->hash.sha384->hSession, info->hash.digest, &digestSz); - if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) + if ((ret == 0) || + (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) + { ret = wc_AriaFree(&(info->hash.sha384->hSession),NULL); + } } if (ret != 0) ret = CRYPTOCB_UNAVAILABLE; /* reset devId */ diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index 12578411f6..345f19408e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -1,6 +1,6 @@ /* armv8-32-aes-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_AES #ifdef HAVE_AES_DECRYPT @@ -5304,7 +5304,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index fbc60fbdfb..f8ba89ac09 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -1,6 +1,6 @@ /* armv8-32-aes-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #include #ifdef HAVE_CONFIG_H #include @@ -41,7 +41,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -4786,9 +4786,9 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index 52cdcf41a7..69cb22e4e4 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -1,6 +1,6 @@ /* armv8-32-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifndef WOLFSSL_ARMASM_INLINE #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) @@ -8771,7 +8771,7 @@ sc_muladd: #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 8981d4f0e3..09ef2eb439 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -1,6 +1,6 @@ /* armv8-32-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #include #ifdef HAVE_CONFIG_H #include @@ -41,7 +41,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -8995,9 +8995,9 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index 65b4757737..14a1ec48f5 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -1,6 +1,6 @@ /* armv8-32-sha256-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_SHA256 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -2865,7 +2865,7 @@ L_SHA256_transform_neon_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 3a5e200e6e..391075340e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -1,6 +1,6 @@ /* armv8-32-sha256-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #include #ifdef HAVE_CONFIG_H #include @@ -41,7 +41,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -2802,9 +2802,9 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S new file mode 100644 index 0000000000..76629726f7 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -0,0 +1,2400 @@ +/* armv8-32-sha3-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE + .text + .type L_sha3_arm2_neon_rt, %object + .size L_sha3_arm2_neon_rt, 192 + .align 4 +L_sha3_arm2_neon_rt: + .word 0x1 + .word 0x0 + .word 0x8082 + .word 0x0 + .word 0x808a + .word 0x80000000 + .word 0x80008000 + .word 0x80000000 + .word 0x808b + .word 0x0 + .word 0x80000001 + .word 0x0 + .word 0x80008081 + .word 0x80000000 + .word 0x8009 + .word 0x80000000 + .word 0x8a + .word 0x0 + .word 0x88 + .word 0x0 + .word 0x80008009 + .word 0x0 + .word 0x8000000a + .word 0x0 + .word 0x8000808b + .word 0x0 + .word 0x8b + .word 0x80000000 + .word 0x8089 + .word 0x80000000 + .word 0x8003 + .word 0x80000000 + .word 0x8002 + .word 0x80000000 + .word 0x80 + .word 0x80000000 + .word 0x800a + .word 0x0 + .word 0x8000000a + .word 0x80000000 + .word 0x80008081 + .word 0x80000000 + .word 0x8080 + .word 0x80000000 + .word 0x80000001 + .word 0x0 + .word 0x80008008 + .word 0x80000000 + .text + .type L_sha3_arm2_rt, %object + .size L_sha3_arm2_rt, 192 + .align 4 +L_sha3_arm2_rt: + .word 0x1 + .word 0x0 + .word 0x8082 + .word 0x0 + .word 0x808a + .word 0x80000000 + .word 0x80008000 + .word 0x80000000 + .word 0x808b + .word 0x0 + .word 0x80000001 + .word 0x0 + .word 0x80008081 + .word 0x80000000 + .word 0x8009 + .word 0x80000000 + .word 0x8a + .word 0x0 + .word 0x88 + .word 0x0 + .word 0x80008009 + .word 0x0 + .word 0x8000000a + .word 0x0 + .word 0x8000808b + .word 0x0 + .word 0x8b + .word 0x80000000 + .word 0x8089 + .word 0x80000000 + .word 0x8003 + .word 0x80000000 + .word 0x8002 + .word 0x80000000 + .word 0x80 + .word 0x80000000 + .word 0x800a + .word 0x0 + .word 0x8000000a + .word 0x80000000 + .word 0x80008081 + .word 0x80000000 + .word 0x8080 + .word 0x80000000 + .word 0x80000001 + .word 0x0 + .word 0x80008008 + .word 0x80000000 +#ifndef WOLFSSL_ARMASM_NO_NEON + .text + .align 4 + .globl BlockSha3 + .type BlockSha3, %function +BlockSha3: + vpush {d8-d15} + sub sp, sp, #16 + adr r1, L_sha3_arm2_neon_rt + mov r2, #24 + mov r3, sp + vld1.8 {d0-d3}, [r0]! + vld1.8 {d4-d7}, [r0]! + vld1.8 {d8-d11}, [r0]! + vld1.8 {d12-d15}, [r0]! + vld1.8 {d16-d19}, [r0]! + vld1.8 {d20-d23}, [r0]! + vld1.8 {d24}, [r0] + sub r0, r0, #0xc0 +L_sha3_arm32_neon_begin: + # Calc b[0..4] + veor d26, d0, d5 + veor d27, d1, d6 + veor d28, d2, d7 + veor d29, d3, d8 + veor d25, d4, d9 + veor d26, d26, d10 + veor d27, d27, d11 + veor d28, d28, d12 + veor d29, d29, d13 + veor d25, d25, d14 + veor d26, d26, d15 + veor d27, d27, d16 + veor d28, d28, d17 + veor d29, d29, d18 + veor d25, d25, d19 + veor d26, d26, d20 + veor d27, d27, d21 + veor d28, d28, d22 + veor d29, d29, d23 + veor d25, d25, d24 + vst1.8 {d25, d26}, [r3] + # Calc t[0..4] and XOR into s[i*5..i*5+4] + # t[0] + vshr.u64 d30, d27, #63 + vshl.u64 d31, d27, #1 + veor d25, d25, d30 + veor d25, d25, d31 + # t[1] + vshr.u64 d30, d28, #63 + vshl.u64 d31, d28, #1 + veor d26, d26, d30 + veor d26, d26, d31 + # t[2] + vshr.u64 d30, d29, #63 + vshl.u64 d31, d29, #1 + veor d27, d27, d30 + veor d27, d27, d31 + # t[3] + vldr.8 d31, [r3] + vshr.u64 d30, d31, #63 + vshl.u64 d31, d31, #1 + veor d28, d28, d30 + veor d28, d28, d31 + # t[4] + vldr.8 d31, [r3, #8] + vshr.u64 d30, d31, #63 + vshl.u64 d31, d31, #1 + veor d29, d29, d30 + veor d29, d29, d31 + sub r3, r3, #16 + veor d0, d0, d25 + # s[1] => s[10] (tmp) + veor d30, d1, d26 + vshr.u64 d31, d30, #63 + vshl.u64 d30, d30, #1 + veor d30, d30, d31 + # s[6] => s[1] + veor d1, d6, d26 + vshr.u64 d31, d1, #20 + vshl.u64 d1, d1, #44 + veor d1, d1, d31 + # s[9] => s[6] + veor d6, d9, d29 + vshr.u64 d31, d6, #44 + vshl.u64 d6, d6, #20 + veor d6, d6, d31 + # s[22] => s[9] + veor d9, d22, d27 + vshr.u64 d31, d9, #3 + vshl.u64 d9, d9, #61 + veor d9, d9, d31 + # s[14] => s[22] + veor d22, d14, d29 + vshr.u64 d31, d22, #25 + vshl.u64 d22, d22, #39 + veor d22, d22, d31 + # s[20] => s[14] + veor d14, d20, d25 + vshr.u64 d31, d14, #46 + vshl.u64 d14, d14, #18 + veor d14, d14, d31 + # s[2] => s[20] + veor d20, d2, d27 + vshr.u64 d31, d20, #2 + vshl.u64 d20, d20, #62 + veor d20, d20, d31 + # s[12] => s[2] + veor d2, d12, d27 + vshr.u64 d31, d2, #21 + vshl.u64 d2, d2, #43 + veor d2, d2, d31 + # s[13] => s[12] + veor d12, d13, d28 + vshr.u64 d31, d12, #39 + vshl.u64 d12, d12, #25 + veor d12, d12, d31 + # s[19] => s[13] + veor d13, d19, d29 + vshr.u64 d31, d13, #56 + vshl.u64 d13, d13, #8 + veor d13, d13, d31 + # s[23] => s[19] + veor d19, d23, d28 + vshr.u64 d31, d19, #8 + vshl.u64 d19, d19, #56 + veor d19, d19, d31 + # s[15] => s[23] + veor d23, d15, d25 + vshr.u64 d31, d23, #23 + vshl.u64 d23, d23, #41 + veor d23, d23, d31 + # s[4] => s[15] + veor d15, d4, d29 + vshr.u64 d31, d15, #37 + vshl.u64 d15, d15, #27 + veor d15, d15, d31 + # s[24] => s[4] + veor d4, d24, d29 + vshr.u64 d31, d4, #50 + vshl.u64 d4, d4, #14 + veor d4, d4, d31 + # s[21] => s[24] + veor d24, d21, d26 + vshr.u64 d31, d24, #62 + vshl.u64 d24, d24, #2 + veor d24, d24, d31 + # s[8] => s[21] + veor d21, d8, d28 + vshr.u64 d31, d21, #9 + vshl.u64 d21, d21, #55 + veor d21, d21, d31 + # s[16] => s[8] + veor d8, d16, d26 + vshr.u64 d31, d8, #19 + vshl.u64 d8, d8, #45 + veor d8, d8, d31 + # s[5] => s[16] + veor d16, d5, d25 + vshr.u64 d31, d16, #28 + vshl.u64 d16, d16, #36 + veor d16, d16, d31 + # s[3] => s[5] + veor d5, d3, d28 + vshr.u64 d31, d5, #36 + vshl.u64 d5, d5, #28 + veor d5, d5, d31 + # s[18] => s[3] + veor d3, d18, d28 + vshr.u64 d31, d3, #43 + vshl.u64 d3, d3, #21 + veor d3, d3, d31 + # s[17] => s[18] + veor d18, d17, d27 + vshr.u64 d31, d18, #49 + vshl.u64 d18, d18, #15 + veor d18, d18, d31 + # s[11] => s[17] + veor d17, d11, d26 + vshr.u64 d31, d17, #54 + vshl.u64 d17, d17, #10 + veor d17, d17, d31 + # s[7] => s[11] + veor d11, d7, d27 + vshr.u64 d31, d11, #58 + vshl.u64 d11, d11, #6 + veor d11, d11, d31 + # s[10] => s[7] + veor d7, d10, d25 + vshr.u64 d31, d7, #61 + vshl.u64 d7, d7, #3 + veor d7, d7, d31 + # Row Mix + vmov d25, d0 + vmov d26, d1 + vbic d31, d2, d26 + veor d0, d25, d31 + vbic d31, d3, d2 + veor d1, d26, d31 + vbic d31, d4, d3 + veor d2, d2, d31 + vbic d31, d25, d4 + veor d3, d3, d31 + vbic d31, d26, d25 + veor d4, d4, d31 + vmov d25, d5 + vmov d26, d6 + vbic d31, d7, d26 + veor d5, d25, d31 + vbic d31, d8, d7 + veor d6, d26, d31 + vbic d31, d9, d8 + veor d7, d7, d31 + vbic d31, d25, d9 + veor d8, d8, d31 + vbic d31, d26, d25 + veor d9, d9, d31 + vmov d26, d11 + vbic d31, d12, d26 + veor d10, d30, d31 + vbic d31, d13, d12 + veor d11, d26, d31 + vbic d31, d14, d13 + veor d12, d12, d31 + vbic d31, d30, d14 + veor d13, d13, d31 + vbic d31, d26, d30 + veor d14, d14, d31 + vmov d25, d15 + vmov d26, d16 + vbic d31, d17, d26 + veor d15, d25, d31 + vbic d31, d18, d17 + veor d16, d26, d31 + vbic d31, d19, d18 + veor d17, d17, d31 + vbic d31, d25, d19 + veor d18, d18, d31 + vbic d31, d26, d25 + veor d19, d19, d31 + vmov d25, d20 + vmov d26, d21 + vbic d31, d22, d26 + veor d20, d25, d31 + vbic d31, d23, d22 + veor d21, d26, d31 + vbic d31, d24, d23 + veor d22, d22, d31 + vbic d31, d25, d24 + veor d23, d23, d31 + vbic d31, d26, d25 + veor d24, d24, d31 + vld1.8 {d30}, [r1]! + subs r2, r2, #1 + veor d0, d0, d30 + bne L_sha3_arm32_neon_begin + vst1.8 {d0-d3}, [r0]! + vst1.8 {d4-d7}, [r0]! + vst1.8 {d8-d11}, [r0]! + vst1.8 {d12-d15}, [r0]! + vst1.8 {d16-d19}, [r0]! + vst1.8 {d20-d23}, [r0]! + vst1.8 {d24}, [r0] + add sp, sp, #16 + vpop {d8-d15} + bx lr + .size BlockSha3,.-BlockSha3 +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#ifdef WOLFSSL_ARMASM_NO_NEON + .text + .align 4 + .globl BlockSha3 + .type BlockSha3, %function +BlockSha3: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #0xcc + adr r1, L_sha3_arm2_rt + mov r2, #12 +L_sha3_arm32_begin: + str r2, [sp, #200] + # Round even + # Calc b[4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #32] + ldr r5, [r0, #36] +#else + ldrd r4, r5, [r0, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #72] + ldr r7, [r0, #76] +#else + ldrd r6, r7, [r0, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #112] + ldr r9, [r0, #116] +#else + ldrd r8, r9, [r0, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #152] + ldr r11, [r0, #156] +#else + ldrd r10, r11, [r0, #152] +#endif + ldr r12, [r0, #192] + ldr lr, [r0, #196] + eor r2, r4, r6 + eor r3, r5, r7 + eor r2, r2, r8 + eor r3, r3, r9 + eor r2, r2, r10 + eor r3, r3, r11 + eor r2, r2, r12 + eor r3, r3, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r2, [sp, #32] + str r3, [sp, #36] +#else + strd r2, r3, [sp, #32] +#endif + # Calc b[1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #8] + ldr r5, [r0, #12] +#else + ldrd r4, r5, [r0, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #48] + ldr r7, [r0, #52] +#else + ldrd r6, r7, [r0, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #88] + ldr r9, [r0, #92] +#else + ldrd r8, r9, [r0, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #128] + ldr r11, [r0, #132] +#else + ldrd r10, r11, [r0, #128] +#endif + ldr r12, [r0, #168] + ldr lr, [r0, #172] + eor r4, r4, r6 + eor r5, r5, r7 + eor r4, r4, r8 + eor r5, r5, r9 + eor r4, r4, r10 + eor r5, r5, r11 + eor r4, r4, r12 + eor r5, r5, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #8] + str r5, [sp, #12] +#else + strd r4, r5, [sp, #8] +#endif + # Calc t[0] + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # Calc b[0] and XOR t[0] into s[x*5+0] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0] + ldr r5, [r0, #4] +#else + ldrd r4, r5, [r0] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #40] + ldr r7, [r0, #44] +#else + ldrd r6, r7, [r0, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #80] + ldr r9, [r0, #84] +#else + ldrd r8, r9, [r0, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #120] + ldr r11, [r0, #124] +#else + ldrd r10, r11, [r0, #120] +#endif + eor r12, r4, r6 + eor lr, r5, r7 + eor r12, r12, r8 + eor lr, lr, r9 + eor r12, r12, r10 + eor lr, lr, r11 + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0] + str r5, [r0, #4] +#else + strd r4, r5, [r0] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [r0, #40] + str r7, [r0, #44] +#else + strd r6, r7, [r0, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [r0, #80] + str r9, [r0, #84] +#else + strd r8, r9, [r0, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #120] + str r11, [r0, #124] +#else + strd r10, r11, [r0, #120] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #160] + ldr r11, [r0, #164] +#else + ldrd r10, r11, [r0, #160] +#endif + eor r12, r12, r10 + eor lr, lr, r11 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #160] + str r11, [r0, #164] +#else + strd r10, r11, [r0, #160] +#endif + str r12, [sp] + str lr, [sp, #4] + # Calc b[3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #24] + ldr r5, [r0, #28] +#else + ldrd r4, r5, [r0, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #64] + ldr r7, [r0, #68] +#else + ldrd r6, r7, [r0, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #104] + ldr r9, [r0, #108] +#else + ldrd r8, r9, [r0, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #144] + ldr r11, [r0, #148] +#else + ldrd r10, r11, [r0, #144] +#endif + ldr r12, [r0, #184] + ldr lr, [r0, #188] + eor r4, r4, r6 + eor r5, r5, r7 + eor r4, r4, r8 + eor r5, r5, r9 + eor r4, r4, r10 + eor r5, r5, r11 + eor r4, r4, r12 + eor r5, r5, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #24] + str r5, [sp, #28] +#else + strd r4, r5, [sp, #24] +#endif + # Calc t[2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #8] + ldr r3, [sp, #12] +#else + ldrd r2, r3, [sp, #8] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # Calc b[2] and XOR t[2] into s[x*5+2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #16] + ldr r5, [r0, #20] +#else + ldrd r4, r5, [r0, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #56] + ldr r7, [r0, #60] +#else + ldrd r6, r7, [r0, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #96] + ldr r9, [r0, #100] +#else + ldrd r8, r9, [r0, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #136] + ldr r11, [r0, #140] +#else + ldrd r10, r11, [r0, #136] +#endif + eor r12, r4, r6 + eor lr, r5, r7 + eor r12, r12, r8 + eor lr, lr, r9 + eor r12, r12, r10 + eor lr, lr, r11 + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #16] + str r5, [r0, #20] +#else + strd r4, r5, [r0, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [r0, #56] + str r7, [r0, #60] +#else + strd r6, r7, [r0, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [r0, #96] + str r9, [r0, #100] +#else + strd r8, r9, [r0, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #136] + str r11, [r0, #140] +#else + strd r10, r11, [r0, #136] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #176] + ldr r11, [r0, #180] +#else + ldrd r10, r11, [r0, #176] +#endif + eor r12, r12, r10 + eor lr, lr, r11 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #176] + str r11, [r0, #180] +#else + strd r10, r11, [r0, #176] +#endif + str r12, [sp, #16] + str lr, [sp, #20] + # Calc t[1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif + eor r2, r2, lr, lsr #31 + eor r3, r3, r12, lsr #31 + eor r2, r2, r12, lsl #1 + eor r3, r3, lr, lsl #1 + # XOR t[1] into s[x*5+1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #8] + ldr r5, [r0, #12] +#else + ldrd r4, r5, [r0, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #48] + ldr r7, [r0, #52] +#else + ldrd r6, r7, [r0, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #88] + ldr r9, [r0, #92] +#else + ldrd r8, r9, [r0, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #128] + ldr r11, [r0, #132] +#else + ldrd r10, r11, [r0, #128] +#endif + ldr r12, [r0, #168] + ldr lr, [r0, #172] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #8] + str r5, [r0, #12] +#else + strd r4, r5, [r0, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [r0, #48] + str r7, [r0, #52] +#else + strd r6, r7, [r0, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [r0, #88] + str r9, [r0, #92] +#else + strd r8, r9, [r0, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #128] + str r11, [r0, #132] +#else + strd r10, r11, [r0, #128] +#endif + str r12, [r0, #168] + str lr, [r0, #172] + # Calc t[3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #16] + ldr r3, [sp, #20] +#else + ldrd r2, r3, [sp, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #32] + ldr r5, [sp, #36] +#else + ldrd r4, r5, [sp, #32] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # XOR t[3] into s[x*5+3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #24] + ldr r5, [r0, #28] +#else + ldrd r4, r5, [r0, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #64] + ldr r7, [r0, #68] +#else + ldrd r6, r7, [r0, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #104] + ldr r9, [r0, #108] +#else + ldrd r8, r9, [r0, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #144] + ldr r11, [r0, #148] +#else + ldrd r10, r11, [r0, #144] +#endif + ldr r12, [r0, #184] + ldr lr, [r0, #188] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #24] + str r5, [r0, #28] +#else + strd r4, r5, [r0, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [r0, #64] + str r7, [r0, #68] +#else + strd r6, r7, [r0, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [r0, #104] + str r9, [r0, #108] +#else + strd r8, r9, [r0, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #144] + str r11, [r0, #148] +#else + strd r10, r11, [r0, #144] +#endif + str r12, [r0, #184] + str lr, [r0, #188] + # Calc t[4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #24] + ldr r3, [sp, #28] +#else + ldrd r2, r3, [sp, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp] + ldr r5, [sp, #4] +#else + ldrd r4, r5, [sp] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # XOR t[4] into s[x*5+4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #32] + ldr r5, [r0, #36] +#else + ldrd r4, r5, [r0, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #72] + ldr r7, [r0, #76] +#else + ldrd r6, r7, [r0, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #112] + ldr r9, [r0, #116] +#else + ldrd r8, r9, [r0, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #152] + ldr r11, [r0, #156] +#else + ldrd r10, r11, [r0, #152] +#endif + ldr r12, [r0, #192] + ldr lr, [r0, #196] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #32] + str r5, [r0, #36] +#else + strd r4, r5, [r0, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [r0, #72] + str r7, [r0, #76] +#else + strd r6, r7, [r0, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [r0, #112] + str r9, [r0, #116] +#else + strd r8, r9, [r0, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [r0, #152] + str r11, [r0, #156] +#else + strd r10, r11, [r0, #152] +#endif + str r12, [r0, #192] + str lr, [r0, #196] + # Row Mix + # Row 0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0] + ldr r3, [r0, #4] +#else + ldrd r2, r3, [r0] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #48] + ldr r5, [r0, #52] +#else + ldrd r4, r5, [r0, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #96] + ldr r7, [r0, #100] +#else + ldrd r6, r7, [r0, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #144] + ldr r9, [r0, #148] +#else + ldrd r8, r9, [r0, #144] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #192] + ldr r11, [r0, #196] +#else + ldrd r10, r11, [r0, #192] +#endif + # s[1] <<< 44 + mov lr, r4 + lsr r12, r5, #20 + lsr r4, r4, #20 + orr r4, r4, r5, lsl #12 + orr r5, r12, lr, lsl #12 + # s[2] <<< 43 + mov lr, r6 + lsr r12, r7, #21 + lsr r6, r6, #21 + orr r6, r6, r7, lsl #11 + orr r7, r12, lr, lsl #11 + # s[3] <<< 21 + lsr r12, r9, #11 + lsr lr, r8, #11 + orr r8, r12, r8, lsl #21 + orr r9, lr, r9, lsl #21 + # s[4] <<< 14 + lsr r12, r11, #18 + lsr lr, r10, #18 + orr r10, r12, r10, lsl #14 + orr r11, lr, r11, lsl #14 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [sp, #8] + str lr, [sp, #12] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [sp, #16] + str lr, [sp, #20] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [sp, #24] + str lr, [sp, #28] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp, #32] + str lr, [sp, #36] + # Get constant +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r1] + ldr r11, [r1, #4] +#else + ldrd r10, r11, [r1] +#endif + add r1, r1, #8 + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + # XOR in constant + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp] + str lr, [sp, #4] + # Row 1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #24] + ldr r3, [r0, #28] +#else + ldrd r2, r3, [r0, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #72] + ldr r5, [r0, #76] +#else + ldrd r4, r5, [r0, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #80] + ldr r7, [r0, #84] +#else + ldrd r6, r7, [r0, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #128] + ldr r9, [r0, #132] +#else + ldrd r8, r9, [r0, #128] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #176] + ldr r11, [r0, #180] +#else + ldrd r10, r11, [r0, #176] +#endif + # s[0] <<< 28 + lsr r12, r3, #4 + lsr lr, r2, #4 + orr r2, r12, r2, lsl #28 + orr r3, lr, r3, lsl #28 + # s[1] <<< 20 + lsr r12, r5, #12 + lsr lr, r4, #12 + orr r4, r12, r4, lsl #20 + orr r5, lr, r5, lsl #20 + # s[2] <<< 3 + lsr r12, r7, #29 + lsr lr, r6, #29 + orr r6, r12, r6, lsl #3 + orr r7, lr, r7, lsl #3 + # s[3] <<< 45 + mov lr, r8 + lsr r12, r9, #19 + lsr r8, r8, #19 + orr r8, r8, r9, lsl #13 + orr r9, r12, lr, lsl #13 + # s[4] <<< 61 + mov lr, r10 + lsr r12, r11, #3 + lsr r10, r10, #3 + orr r10, r10, r11, lsl #29 + orr r11, r12, lr, lsl #29 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [sp, #48] + str lr, [sp, #52] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [sp, #56] + str lr, [sp, #60] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [sp, #64] + str lr, [sp, #68] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp, #72] + str lr, [sp, #76] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [sp, #40] + str lr, [sp, #44] + # Row 2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #8] + ldr r3, [r0, #12] +#else + ldrd r2, r3, [r0, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #56] + ldr r5, [r0, #60] +#else + ldrd r4, r5, [r0, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #104] + ldr r7, [r0, #108] +#else + ldrd r6, r7, [r0, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #152] + ldr r9, [r0, #156] +#else + ldrd r8, r9, [r0, #152] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #160] + ldr r11, [r0, #164] +#else + ldrd r10, r11, [r0, #160] +#endif + # s[0] <<< 1 + lsr r12, r3, #31 + lsr lr, r2, #31 + orr r2, r12, r2, lsl #1 + orr r3, lr, r3, lsl #1 + # s[1] <<< 6 + lsr r12, r5, #26 + lsr lr, r4, #26 + orr r4, r12, r4, lsl #6 + orr r5, lr, r5, lsl #6 + # s[2] <<< 25 + lsr r12, r7, #7 + lsr lr, r6, #7 + orr r6, r12, r6, lsl #25 + orr r7, lr, r7, lsl #25 + # s[3] <<< 8 + lsr r12, r9, #24 + lsr lr, r8, #24 + orr r8, r12, r8, lsl #8 + orr r9, lr, r9, lsl #8 + # s[4] <<< 18 + lsr r12, r11, #14 + lsr lr, r10, #14 + orr r10, r12, r10, lsl #18 + orr r11, lr, r11, lsl #18 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [sp, #88] + str lr, [sp, #92] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [sp, #96] + str lr, [sp, #100] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [sp, #104] + str lr, [sp, #108] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp, #112] + str lr, [sp, #116] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [sp, #80] + str lr, [sp, #84] + # Row 3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #32] + ldr r3, [r0, #36] +#else + ldrd r2, r3, [r0, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #40] + ldr r5, [r0, #44] +#else + ldrd r4, r5, [r0, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #88] + ldr r7, [r0, #92] +#else + ldrd r6, r7, [r0, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #136] + ldr r9, [r0, #140] +#else + ldrd r8, r9, [r0, #136] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #184] + ldr r11, [r0, #188] +#else + ldrd r10, r11, [r0, #184] +#endif + # s[0] <<< 27 + lsr r12, r3, #5 + lsr lr, r2, #5 + orr r2, r12, r2, lsl #27 + orr r3, lr, r3, lsl #27 + # s[1] <<< 36 + mov lr, r4 + lsr r12, r5, #28 + lsr r4, r4, #28 + orr r4, r4, r5, lsl #4 + orr r5, r12, lr, lsl #4 + # s[2] <<< 10 + lsr r12, r7, #22 + lsr lr, r6, #22 + orr r6, r12, r6, lsl #10 + orr r7, lr, r7, lsl #10 + # s[3] <<< 15 + lsr r12, r9, #17 + lsr lr, r8, #17 + orr r8, r12, r8, lsl #15 + orr r9, lr, r9, lsl #15 + # s[4] <<< 56 + mov lr, r10 + lsr r12, r11, #8 + lsr r10, r10, #8 + orr r10, r10, r11, lsl #24 + orr r11, r12, lr, lsl #24 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [sp, #128] + str lr, [sp, #132] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [sp, #136] + str lr, [sp, #140] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [sp, #144] + str lr, [sp, #148] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp, #152] + str lr, [sp, #156] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [sp, #120] + str lr, [sp, #124] + # Row 4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #16] + ldr r3, [r0, #20] +#else + ldrd r2, r3, [r0, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #64] + ldr r5, [r0, #68] +#else + ldrd r4, r5, [r0, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [r0, #112] + ldr r7, [r0, #116] +#else + ldrd r6, r7, [r0, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [r0, #120] + ldr r9, [r0, #124] +#else + ldrd r8, r9, [r0, #120] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r0, #168] + ldr r11, [r0, #172] +#else + ldrd r10, r11, [r0, #168] +#endif + # s[0] <<< 62 + mov lr, r2 + lsr r12, r3, #2 + lsr r2, r2, #2 + orr r2, r2, r3, lsl #30 + orr r3, r12, lr, lsl #30 + # s[1] <<< 55 + mov lr, r4 + lsr r12, r5, #9 + lsr r4, r4, #9 + orr r4, r4, r5, lsl #23 + orr r5, r12, lr, lsl #23 + # s[2] <<< 39 + mov lr, r6 + lsr r12, r7, #25 + lsr r6, r6, #25 + orr r6, r6, r7, lsl #7 + orr r7, r12, lr, lsl #7 + # s[3] <<< 41 + mov lr, r8 + lsr r12, r9, #23 + lsr r8, r8, #23 + orr r8, r8, r9, lsl #9 + orr r9, r12, lr, lsl #9 + # s[4] <<< 2 + lsr r12, r11, #30 + lsr lr, r10, #30 + orr r10, r12, r10, lsl #2 + orr r11, lr, r11, lsl #2 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [sp, #168] + str lr, [sp, #172] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [sp, #176] + str lr, [sp, #180] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [sp, #184] + str lr, [sp, #188] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [sp, #192] + str lr, [sp, #196] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [sp, #160] + str lr, [sp, #164] + # Round odd + # Calc b[4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #32] + ldr r5, [sp, #36] +#else + ldrd r4, r5, [sp, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #72] + ldr r7, [sp, #76] +#else + ldrd r6, r7, [sp, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #112] + ldr r9, [sp, #116] +#else + ldrd r8, r9, [sp, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #152] + ldr r11, [sp, #156] +#else + ldrd r10, r11, [sp, #152] +#endif + ldr r12, [sp, #192] + ldr lr, [sp, #196] + eor r2, r4, r6 + eor r3, r5, r7 + eor r2, r2, r8 + eor r3, r3, r9 + eor r2, r2, r10 + eor r3, r3, r11 + eor r2, r2, r12 + eor r3, r3, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r2, [r0, #32] + str r3, [r0, #36] +#else + strd r2, r3, [r0, #32] +#endif + # Calc b[1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #8] + ldr r5, [sp, #12] +#else + ldrd r4, r5, [sp, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #48] + ldr r7, [sp, #52] +#else + ldrd r6, r7, [sp, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #88] + ldr r9, [sp, #92] +#else + ldrd r8, r9, [sp, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #128] + ldr r11, [sp, #132] +#else + ldrd r10, r11, [sp, #128] +#endif + ldr r12, [sp, #168] + ldr lr, [sp, #172] + eor r4, r4, r6 + eor r5, r5, r7 + eor r4, r4, r8 + eor r5, r5, r9 + eor r4, r4, r10 + eor r5, r5, r11 + eor r4, r4, r12 + eor r5, r5, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #8] + str r5, [r0, #12] +#else + strd r4, r5, [r0, #8] +#endif + # Calc t[0] + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # Calc b[0] and XOR t[0] into s[x*5+0] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp] + ldr r5, [sp, #4] +#else + ldrd r4, r5, [sp] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #40] + ldr r7, [sp, #44] +#else + ldrd r6, r7, [sp, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #80] + ldr r9, [sp, #84] +#else + ldrd r8, r9, [sp, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #120] + ldr r11, [sp, #124] +#else + ldrd r10, r11, [sp, #120] +#endif + eor r12, r4, r6 + eor lr, r5, r7 + eor r12, r12, r8 + eor lr, lr, r9 + eor r12, r12, r10 + eor lr, lr, r11 + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp] + str r5, [sp, #4] +#else + strd r4, r5, [sp] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #40] + str r7, [sp, #44] +#else + strd r6, r7, [sp, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [sp, #80] + str r9, [sp, #84] +#else + strd r8, r9, [sp, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #120] + str r11, [sp, #124] +#else + strd r10, r11, [sp, #120] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #160] + ldr r11, [sp, #164] +#else + ldrd r10, r11, [sp, #160] +#endif + eor r12, r12, r10 + eor lr, lr, r11 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #160] + str r11, [sp, #164] +#else + strd r10, r11, [sp, #160] +#endif + str r12, [r0] + str lr, [r0, #4] + # Calc b[3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #24] + ldr r5, [sp, #28] +#else + ldrd r4, r5, [sp, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #64] + ldr r7, [sp, #68] +#else + ldrd r6, r7, [sp, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #104] + ldr r9, [sp, #108] +#else + ldrd r8, r9, [sp, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #144] + ldr r11, [sp, #148] +#else + ldrd r10, r11, [sp, #144] +#endif + ldr r12, [sp, #184] + ldr lr, [sp, #188] + eor r4, r4, r6 + eor r5, r5, r7 + eor r4, r4, r8 + eor r5, r5, r9 + eor r4, r4, r10 + eor r5, r5, r11 + eor r4, r4, r12 + eor r5, r5, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [r0, #24] + str r5, [r0, #28] +#else + strd r4, r5, [r0, #24] +#endif + # Calc t[2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #8] + ldr r3, [r0, #12] +#else + ldrd r2, r3, [r0, #8] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # Calc b[2] and XOR t[2] into s[x*5+2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #16] + ldr r5, [sp, #20] +#else + ldrd r4, r5, [sp, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #56] + ldr r7, [sp, #60] +#else + ldrd r6, r7, [sp, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #96] + ldr r9, [sp, #100] +#else + ldrd r8, r9, [sp, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #136] + ldr r11, [sp, #140] +#else + ldrd r10, r11, [sp, #136] +#endif + eor r12, r4, r6 + eor lr, r5, r7 + eor r12, r12, r8 + eor lr, lr, r9 + eor r12, r12, r10 + eor lr, lr, r11 + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #16] + str r5, [sp, #20] +#else + strd r4, r5, [sp, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #56] + str r7, [sp, #60] +#else + strd r6, r7, [sp, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [sp, #96] + str r9, [sp, #100] +#else + strd r8, r9, [sp, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #136] + str r11, [sp, #140] +#else + strd r10, r11, [sp, #136] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #176] + ldr r11, [sp, #180] +#else + ldrd r10, r11, [sp, #176] +#endif + eor r12, r12, r10 + eor lr, lr, r11 + eor r10, r10, r2 + eor r11, r11, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #176] + str r11, [sp, #180] +#else + strd r10, r11, [sp, #176] +#endif + str r12, [r0, #16] + str lr, [r0, #20] + # Calc t[1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0] + ldr r3, [r0, #4] +#else + ldrd r2, r3, [r0] +#endif + eor r2, r2, lr, lsr #31 + eor r3, r3, r12, lsr #31 + eor r2, r2, r12, lsl #1 + eor r3, r3, lr, lsl #1 + # XOR t[1] into s[x*5+1] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #8] + ldr r5, [sp, #12] +#else + ldrd r4, r5, [sp, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #48] + ldr r7, [sp, #52] +#else + ldrd r6, r7, [sp, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #88] + ldr r9, [sp, #92] +#else + ldrd r8, r9, [sp, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #128] + ldr r11, [sp, #132] +#else + ldrd r10, r11, [sp, #128] +#endif + ldr r12, [sp, #168] + ldr lr, [sp, #172] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #8] + str r5, [sp, #12] +#else + strd r4, r5, [sp, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #48] + str r7, [sp, #52] +#else + strd r6, r7, [sp, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [sp, #88] + str r9, [sp, #92] +#else + strd r8, r9, [sp, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #128] + str r11, [sp, #132] +#else + strd r10, r11, [sp, #128] +#endif + str r12, [sp, #168] + str lr, [sp, #172] + # Calc t[3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #16] + ldr r3, [r0, #20] +#else + ldrd r2, r3, [r0, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0, #32] + ldr r5, [r0, #36] +#else + ldrd r4, r5, [r0, #32] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # XOR t[3] into s[x*5+3] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #24] + ldr r5, [sp, #28] +#else + ldrd r4, r5, [sp, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #64] + ldr r7, [sp, #68] +#else + ldrd r6, r7, [sp, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #104] + ldr r9, [sp, #108] +#else + ldrd r8, r9, [sp, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #144] + ldr r11, [sp, #148] +#else + ldrd r10, r11, [sp, #144] +#endif + ldr r12, [sp, #184] + ldr lr, [sp, #188] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #24] + str r5, [sp, #28] +#else + strd r4, r5, [sp, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #64] + str r7, [sp, #68] +#else + strd r6, r7, [sp, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [sp, #104] + str r9, [sp, #108] +#else + strd r8, r9, [sp, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #144] + str r11, [sp, #148] +#else + strd r10, r11, [sp, #144] +#endif + str r12, [sp, #184] + str lr, [sp, #188] + # Calc t[4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [r0, #24] + ldr r3, [r0, #28] +#else + ldrd r2, r3, [r0, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [r0] + ldr r5, [r0, #4] +#else + ldrd r4, r5, [r0] +#endif + eor r2, r2, r5, lsr #31 + eor r3, r3, r4, lsr #31 + eor r2, r2, r4, lsl #1 + eor r3, r3, r5, lsl #1 + # XOR t[4] into s[x*5+4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #32] + ldr r5, [sp, #36] +#else + ldrd r4, r5, [sp, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #72] + ldr r7, [sp, #76] +#else + ldrd r6, r7, [sp, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #112] + ldr r9, [sp, #116] +#else + ldrd r8, r9, [sp, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #152] + ldr r11, [sp, #156] +#else + ldrd r10, r11, [sp, #152] +#endif + ldr r12, [sp, #192] + ldr lr, [sp, #196] + eor r4, r4, r2 + eor r5, r5, r3 + eor r6, r6, r2 + eor r7, r7, r3 + eor r8, r8, r2 + eor r9, r9, r3 + eor r10, r10, r2 + eor r11, r11, r3 + eor r12, r12, r2 + eor lr, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #32] + str r5, [sp, #36] +#else + strd r4, r5, [sp, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #72] + str r7, [sp, #76] +#else + strd r6, r7, [sp, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r8, [sp, #112] + str r9, [sp, #116] +#else + strd r8, r9, [sp, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r10, [sp, #152] + str r11, [sp, #156] +#else + strd r10, r11, [sp, #152] +#endif + str r12, [sp, #192] + str lr, [sp, #196] + # Row Mix + # Row 0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #48] + ldr r5, [sp, #52] +#else + ldrd r4, r5, [sp, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #96] + ldr r7, [sp, #100] +#else + ldrd r6, r7, [sp, #96] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #144] + ldr r9, [sp, #148] +#else + ldrd r8, r9, [sp, #144] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #192] + ldr r11, [sp, #196] +#else + ldrd r10, r11, [sp, #192] +#endif + # s[1] <<< 44 + mov lr, r4 + lsr r12, r5, #20 + lsr r4, r4, #20 + orr r4, r4, r5, lsl #12 + orr r5, r12, lr, lsl #12 + # s[2] <<< 43 + mov lr, r6 + lsr r12, r7, #21 + lsr r6, r6, #21 + orr r6, r6, r7, lsl #11 + orr r7, r12, lr, lsl #11 + # s[3] <<< 21 + lsr r12, r9, #11 + lsr lr, r8, #11 + orr r8, r12, r8, lsl #21 + orr r9, lr, r9, lsl #21 + # s[4] <<< 14 + lsr r12, r11, #18 + lsr lr, r10, #18 + orr r10, r12, r10, lsl #14 + orr r11, lr, r11, lsl #14 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [r0, #8] + str lr, [r0, #12] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [r0, #16] + str lr, [r0, #20] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [r0, #24] + str lr, [r0, #28] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0, #32] + str lr, [r0, #36] + # Get constant +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [r1] + ldr r11, [r1, #4] +#else + ldrd r10, r11, [r1] +#endif + add r1, r1, #8 + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + # XOR in constant + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0] + str lr, [r0, #4] + # Row 1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #24] + ldr r3, [sp, #28] +#else + ldrd r2, r3, [sp, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #72] + ldr r5, [sp, #76] +#else + ldrd r4, r5, [sp, #72] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #80] + ldr r7, [sp, #84] +#else + ldrd r6, r7, [sp, #80] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #128] + ldr r9, [sp, #132] +#else + ldrd r8, r9, [sp, #128] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #176] + ldr r11, [sp, #180] +#else + ldrd r10, r11, [sp, #176] +#endif + # s[0] <<< 28 + lsr r12, r3, #4 + lsr lr, r2, #4 + orr r2, r12, r2, lsl #28 + orr r3, lr, r3, lsl #28 + # s[1] <<< 20 + lsr r12, r5, #12 + lsr lr, r4, #12 + orr r4, r12, r4, lsl #20 + orr r5, lr, r5, lsl #20 + # s[2] <<< 3 + lsr r12, r7, #29 + lsr lr, r6, #29 + orr r6, r12, r6, lsl #3 + orr r7, lr, r7, lsl #3 + # s[3] <<< 45 + mov lr, r8 + lsr r12, r9, #19 + lsr r8, r8, #19 + orr r8, r8, r9, lsl #13 + orr r9, r12, lr, lsl #13 + # s[4] <<< 61 + mov lr, r10 + lsr r12, r11, #3 + lsr r10, r10, #3 + orr r10, r10, r11, lsl #29 + orr r11, r12, lr, lsl #29 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [r0, #48] + str lr, [r0, #52] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [r0, #56] + str lr, [r0, #60] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [r0, #64] + str lr, [r0, #68] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0, #72] + str lr, [r0, #76] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [r0, #40] + str lr, [r0, #44] + # Row 2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #8] + ldr r3, [sp, #12] +#else + ldrd r2, r3, [sp, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #56] + ldr r5, [sp, #60] +#else + ldrd r4, r5, [sp, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #104] + ldr r7, [sp, #108] +#else + ldrd r6, r7, [sp, #104] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #152] + ldr r9, [sp, #156] +#else + ldrd r8, r9, [sp, #152] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #160] + ldr r11, [sp, #164] +#else + ldrd r10, r11, [sp, #160] +#endif + # s[0] <<< 1 + lsr r12, r3, #31 + lsr lr, r2, #31 + orr r2, r12, r2, lsl #1 + orr r3, lr, r3, lsl #1 + # s[1] <<< 6 + lsr r12, r5, #26 + lsr lr, r4, #26 + orr r4, r12, r4, lsl #6 + orr r5, lr, r5, lsl #6 + # s[2] <<< 25 + lsr r12, r7, #7 + lsr lr, r6, #7 + orr r6, r12, r6, lsl #25 + orr r7, lr, r7, lsl #25 + # s[3] <<< 8 + lsr r12, r9, #24 + lsr lr, r8, #24 + orr r8, r12, r8, lsl #8 + orr r9, lr, r9, lsl #8 + # s[4] <<< 18 + lsr r12, r11, #14 + lsr lr, r10, #14 + orr r10, r12, r10, lsl #18 + orr r11, lr, r11, lsl #18 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [r0, #88] + str lr, [r0, #92] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [r0, #96] + str lr, [r0, #100] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [r0, #104] + str lr, [r0, #108] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0, #112] + str lr, [r0, #116] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [r0, #80] + str lr, [r0, #84] + # Row 3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #32] + ldr r3, [sp, #36] +#else + ldrd r2, r3, [sp, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #40] + ldr r5, [sp, #44] +#else + ldrd r4, r5, [sp, #40] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #88] + ldr r7, [sp, #92] +#else + ldrd r6, r7, [sp, #88] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #136] + ldr r9, [sp, #140] +#else + ldrd r8, r9, [sp, #136] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #184] + ldr r11, [sp, #188] +#else + ldrd r10, r11, [sp, #184] +#endif + # s[0] <<< 27 + lsr r12, r3, #5 + lsr lr, r2, #5 + orr r2, r12, r2, lsl #27 + orr r3, lr, r3, lsl #27 + # s[1] <<< 36 + mov lr, r4 + lsr r12, r5, #28 + lsr r4, r4, #28 + orr r4, r4, r5, lsl #4 + orr r5, r12, lr, lsl #4 + # s[2] <<< 10 + lsr r12, r7, #22 + lsr lr, r6, #22 + orr r6, r12, r6, lsl #10 + orr r7, lr, r7, lsl #10 + # s[3] <<< 15 + lsr r12, r9, #17 + lsr lr, r8, #17 + orr r8, r12, r8, lsl #15 + orr r9, lr, r9, lsl #15 + # s[4] <<< 56 + mov lr, r10 + lsr r12, r11, #8 + lsr r10, r10, #8 + orr r10, r10, r11, lsl #24 + orr r11, r12, lr, lsl #24 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [r0, #128] + str lr, [r0, #132] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [r0, #136] + str lr, [r0, #140] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [r0, #144] + str lr, [r0, #148] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0, #152] + str lr, [r0, #156] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [r0, #120] + str lr, [r0, #124] + # Row 4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #16] + ldr r3, [sp, #20] +#else + ldrd r2, r3, [sp, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [sp, #64] + ldr r5, [sp, #68] +#else + ldrd r4, r5, [sp, #64] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [sp, #112] + ldr r7, [sp, #116] +#else + ldrd r6, r7, [sp, #112] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [sp, #120] + ldr r9, [sp, #124] +#else + ldrd r8, r9, [sp, #120] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [sp, #168] + ldr r11, [sp, #172] +#else + ldrd r10, r11, [sp, #168] +#endif + # s[0] <<< 62 + mov lr, r2 + lsr r12, r3, #2 + lsr r2, r2, #2 + orr r2, r2, r3, lsl #30 + orr r3, r12, lr, lsl #30 + # s[1] <<< 55 + mov lr, r4 + lsr r12, r5, #9 + lsr r4, r4, #9 + orr r4, r4, r5, lsl #23 + orr r5, r12, lr, lsl #23 + # s[2] <<< 39 + mov lr, r6 + lsr r12, r7, #25 + lsr r6, r6, #25 + orr r6, r6, r7, lsl #7 + orr r7, r12, lr, lsl #7 + # s[3] <<< 41 + mov lr, r8 + lsr r12, r9, #23 + lsr r8, r8, #23 + orr r8, r8, r9, lsl #9 + orr r9, r12, lr, lsl #9 + # s[4] <<< 2 + lsr r12, r11, #30 + lsr lr, r10, #30 + orr r10, r12, r10, lsl #2 + orr r11, lr, r11, lsl #2 + bic r12, r8, r6 + bic lr, r9, r7 + eor r12, r12, r4 + eor lr, lr, r5 + str r12, [r0, #168] + str lr, [r0, #172] + bic r12, r10, r8 + bic lr, r11, r9 + eor r12, r12, r6 + eor lr, lr, r7 + str r12, [r0, #176] + str lr, [r0, #180] + bic r12, r2, r10 + bic lr, r3, r11 + eor r12, r12, r8 + eor lr, lr, r9 + str r12, [r0, #184] + str lr, [r0, #188] + bic r12, r4, r2 + bic lr, r5, r3 + eor r12, r12, r10 + eor lr, lr, r11 + str r12, [r0, #192] + str lr, [r0, #196] + bic r12, r6, r4 + bic lr, r7, r5 + eor r12, r12, r2 + eor lr, lr, r3 + str r12, [r0, #160] + str lr, [r0, #164] + ldr r2, [sp, #200] + subs r2, r2, #1 + bne L_sha3_arm32_begin + add sp, sp, #0xcc + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size BlockSha3,.-BlockSha3 +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c new file mode 100644 index 0000000000..6d2efa1b0b --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -0,0 +1,2356 @@ +/* armv8-32-sha3-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#include +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +static const uint64_t L_sha3_arm2_neon_rt[] = { + 0x0000000000000001UL, 0x0000000000008082UL, + 0x800000000000808aUL, 0x8000000080008000UL, + 0x000000000000808bUL, 0x0000000080000001UL, + 0x8000000080008081UL, 0x8000000000008009UL, + 0x000000000000008aUL, 0x0000000000000088UL, + 0x0000000080008009UL, 0x000000008000000aUL, + 0x000000008000808bUL, 0x800000000000008bUL, + 0x8000000000008089UL, 0x8000000000008003UL, + 0x8000000000008002UL, 0x8000000000000080UL, + 0x000000000000800aUL, 0x800000008000000aUL, + 0x8000000080008081UL, 0x8000000000008080UL, + 0x0000000080000001UL, 0x8000000080008008UL, +}; + +static const uint64_t L_sha3_arm2_rt[] = { + 0x0000000000000001UL, 0x0000000000008082UL, + 0x800000000000808aUL, 0x8000000080008000UL, + 0x000000000000808bUL, 0x0000000080000001UL, + 0x8000000080008081UL, 0x8000000000008009UL, + 0x000000000000008aUL, 0x0000000000000088UL, + 0x0000000080008009UL, 0x000000008000000aUL, + 0x000000008000808bUL, 0x800000000000008bUL, + 0x8000000000008089UL, 0x8000000000008003UL, + 0x8000000000008002UL, 0x8000000000000080UL, + 0x000000000000800aUL, 0x800000008000000aUL, + 0x8000000080008081UL, 0x8000000000008080UL, + 0x0000000080000001UL, 0x8000000080008008UL, +}; + +#include + +#ifndef WOLFSSL_ARMASM_NO_NEON +void BlockSha3(word64* state_p) +{ + register word64* state asm ("r0") = (word64*)state_p; + register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt; + register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt; + + __asm__ __volatile__ ( + "sub sp, sp, #16\n\t" + "mov r2, #24\n\t" + "mov r3, sp\n\t" + "vld1.8 {d0-d3}, [%[state]]!\n\t" + "vld1.8 {d4-d7}, [%[state]]!\n\t" + "vld1.8 {d8-d11}, [%[state]]!\n\t" + "vld1.8 {d12-d15}, [%[state]]!\n\t" + "vld1.8 {d16-d19}, [%[state]]!\n\t" + "vld1.8 {d20-d23}, [%[state]]!\n\t" + "vld1.8 {d24}, [%[state]]\n\t" + "sub %[state], %[state], #0xc0\n\t" + "\n" + "L_sha3_arm32_neon_begin_%=: \n\t" + /* Calc b[0..4] */ + "veor d26, d0, d5\n\t" + "veor d27, d1, d6\n\t" + "veor d28, d2, d7\n\t" + "veor d29, d3, d8\n\t" + "veor d25, d4, d9\n\t" + "veor d26, d26, d10\n\t" + "veor d27, d27, d11\n\t" + "veor d28, d28, d12\n\t" + "veor d29, d29, d13\n\t" + "veor d25, d25, d14\n\t" + "veor d26, d26, d15\n\t" + "veor d27, d27, d16\n\t" + "veor d28, d28, d17\n\t" + "veor d29, d29, d18\n\t" + "veor d25, d25, d19\n\t" + "veor d26, d26, d20\n\t" + "veor d27, d27, d21\n\t" + "veor d28, d28, d22\n\t" + "veor d29, d29, d23\n\t" + "veor d25, d25, d24\n\t" + "vst1.8 {d25-d26}, [r3]\n\t" + /* Calc t[0..4] and XOR into s[i*5..i*5+4] */ + /* t[0] */ + "vshr.u64 d30, d27, #63\n\t" + "vshl.u64 d31, d27, #1\n\t" + "veor d25, d25, d30\n\t" + "veor d25, d25, d31\n\t" + /* t[1] */ + "vshr.u64 d30, d28, #63\n\t" + "vshl.u64 d31, d28, #1\n\t" + "veor d26, d26, d30\n\t" + "veor d26, d26, d31\n\t" + /* t[2] */ + "vshr.u64 d30, d29, #63\n\t" + "vshl.u64 d31, d29, #1\n\t" + "veor d27, d27, d30\n\t" + "veor d27, d27, d31\n\t" + /* t[3] */ + "vldr.8 d31, [r3]\n\t" + "vshr.u64 d30, d31, #63\n\t" + "vshl.u64 d31, d31, #1\n\t" + "veor d28, d28, d30\n\t" + "veor d28, d28, d31\n\t" + /* t[4] */ + "vldr.8 d31, [r3, #8]\n\t" + "vshr.u64 d30, d31, #63\n\t" + "vshl.u64 d31, d31, #1\n\t" + "veor d29, d29, d30\n\t" + "veor d29, d29, d31\n\t" + "sub r3, r3, #16\n\t" + "veor d0, d0, d25\n\t" + /* s[1] => s[10] (tmp) */ + "veor d30, d1, d26\n\t" + "vshr.u64 d31, d30, #63\n\t" + "vshl.u64 d30, d30, #1\n\t" + "veor d30, d30, d31\n\t" + /* s[6] => s[1] */ + "veor d1, d6, d26\n\t" + "vshr.u64 d31, d1, #20\n\t" + "vshl.u64 d1, d1, #44\n\t" + "veor d1, d1, d31\n\t" + /* s[9] => s[6] */ + "veor d6, d9, d29\n\t" + "vshr.u64 d31, d6, #44\n\t" + "vshl.u64 d6, d6, #20\n\t" + "veor d6, d6, d31\n\t" + /* s[22] => s[9] */ + "veor d9, d22, d27\n\t" + "vshr.u64 d31, d9, #3\n\t" + "vshl.u64 d9, d9, #61\n\t" + "veor d9, d9, d31\n\t" + /* s[14] => s[22] */ + "veor d22, d14, d29\n\t" + "vshr.u64 d31, d22, #25\n\t" + "vshl.u64 d22, d22, #39\n\t" + "veor d22, d22, d31\n\t" + /* s[20] => s[14] */ + "veor d14, d20, d25\n\t" + "vshr.u64 d31, d14, #46\n\t" + "vshl.u64 d14, d14, #18\n\t" + "veor d14, d14, d31\n\t" + /* s[2] => s[20] */ + "veor d20, d2, d27\n\t" + "vshr.u64 d31, d20, #2\n\t" + "vshl.u64 d20, d20, #62\n\t" + "veor d20, d20, d31\n\t" + /* s[12] => s[2] */ + "veor d2, d12, d27\n\t" + "vshr.u64 d31, d2, #21\n\t" + "vshl.u64 d2, d2, #43\n\t" + "veor d2, d2, d31\n\t" + /* s[13] => s[12] */ + "veor d12, d13, d28\n\t" + "vshr.u64 d31, d12, #39\n\t" + "vshl.u64 d12, d12, #25\n\t" + "veor d12, d12, d31\n\t" + /* s[19] => s[13] */ + "veor d13, d19, d29\n\t" + "vshr.u64 d31, d13, #56\n\t" + "vshl.u64 d13, d13, #8\n\t" + "veor d13, d13, d31\n\t" + /* s[23] => s[19] */ + "veor d19, d23, d28\n\t" + "vshr.u64 d31, d19, #8\n\t" + "vshl.u64 d19, d19, #56\n\t" + "veor d19, d19, d31\n\t" + /* s[15] => s[23] */ + "veor d23, d15, d25\n\t" + "vshr.u64 d31, d23, #23\n\t" + "vshl.u64 d23, d23, #41\n\t" + "veor d23, d23, d31\n\t" + /* s[4] => s[15] */ + "veor d15, d4, d29\n\t" + "vshr.u64 d31, d15, #37\n\t" + "vshl.u64 d15, d15, #27\n\t" + "veor d15, d15, d31\n\t" + /* s[24] => s[4] */ + "veor d4, d24, d29\n\t" + "vshr.u64 d31, d4, #50\n\t" + "vshl.u64 d4, d4, #14\n\t" + "veor d4, d4, d31\n\t" + /* s[21] => s[24] */ + "veor d24, d21, d26\n\t" + "vshr.u64 d31, d24, #62\n\t" + "vshl.u64 d24, d24, #2\n\t" + "veor d24, d24, d31\n\t" + /* s[8] => s[21] */ + "veor d21, d8, d28\n\t" + "vshr.u64 d31, d21, #9\n\t" + "vshl.u64 d21, d21, #55\n\t" + "veor d21, d21, d31\n\t" + /* s[16] => s[8] */ + "veor d8, d16, d26\n\t" + "vshr.u64 d31, d8, #19\n\t" + "vshl.u64 d8, d8, #45\n\t" + "veor d8, d8, d31\n\t" + /* s[5] => s[16] */ + "veor d16, d5, d25\n\t" + "vshr.u64 d31, d16, #28\n\t" + "vshl.u64 d16, d16, #36\n\t" + "veor d16, d16, d31\n\t" + /* s[3] => s[5] */ + "veor d5, d3, d28\n\t" + "vshr.u64 d31, d5, #36\n\t" + "vshl.u64 d5, d5, #28\n\t" + "veor d5, d5, d31\n\t" + /* s[18] => s[3] */ + "veor d3, d18, d28\n\t" + "vshr.u64 d31, d3, #43\n\t" + "vshl.u64 d3, d3, #21\n\t" + "veor d3, d3, d31\n\t" + /* s[17] => s[18] */ + "veor d18, d17, d27\n\t" + "vshr.u64 d31, d18, #49\n\t" + "vshl.u64 d18, d18, #15\n\t" + "veor d18, d18, d31\n\t" + /* s[11] => s[17] */ + "veor d17, d11, d26\n\t" + "vshr.u64 d31, d17, #54\n\t" + "vshl.u64 d17, d17, #10\n\t" + "veor d17, d17, d31\n\t" + /* s[7] => s[11] */ + "veor d11, d7, d27\n\t" + "vshr.u64 d31, d11, #58\n\t" + "vshl.u64 d11, d11, #6\n\t" + "veor d11, d11, d31\n\t" + /* s[10] => s[7] */ + "veor d7, d10, d25\n\t" + "vshr.u64 d31, d7, #61\n\t" + "vshl.u64 d7, d7, #3\n\t" + "veor d7, d7, d31\n\t" + /* Row Mix */ + "vmov d25, d0\n\t" + "vmov d26, d1\n\t" + "vbic d31, d2, d26\n\t" + "veor d0, d25, d31\n\t" + "vbic d31, d3, d2\n\t" + "veor d1, d26, d31\n\t" + "vbic d31, d4, d3\n\t" + "veor d2, d2, d31\n\t" + "vbic d31, d25, d4\n\t" + "veor d3, d3, d31\n\t" + "vbic d31, d26, d25\n\t" + "veor d4, d4, d31\n\t" + "vmov d25, d5\n\t" + "vmov d26, d6\n\t" + "vbic d31, d7, d26\n\t" + "veor d5, d25, d31\n\t" + "vbic d31, d8, d7\n\t" + "veor d6, d26, d31\n\t" + "vbic d31, d9, d8\n\t" + "veor d7, d7, d31\n\t" + "vbic d31, d25, d9\n\t" + "veor d8, d8, d31\n\t" + "vbic d31, d26, d25\n\t" + "veor d9, d9, d31\n\t" + "vmov d26, d11\n\t" + "vbic d31, d12, d26\n\t" + "veor d10, d30, d31\n\t" + "vbic d31, d13, d12\n\t" + "veor d11, d26, d31\n\t" + "vbic d31, d14, d13\n\t" + "veor d12, d12, d31\n\t" + "vbic d31, d30, d14\n\t" + "veor d13, d13, d31\n\t" + "vbic d31, d26, d30\n\t" + "veor d14, d14, d31\n\t" + "vmov d25, d15\n\t" + "vmov d26, d16\n\t" + "vbic d31, d17, d26\n\t" + "veor d15, d25, d31\n\t" + "vbic d31, d18, d17\n\t" + "veor d16, d26, d31\n\t" + "vbic d31, d19, d18\n\t" + "veor d17, d17, d31\n\t" + "vbic d31, d25, d19\n\t" + "veor d18, d18, d31\n\t" + "vbic d31, d26, d25\n\t" + "veor d19, d19, d31\n\t" + "vmov d25, d20\n\t" + "vmov d26, d21\n\t" + "vbic d31, d22, d26\n\t" + "veor d20, d25, d31\n\t" + "vbic d31, d23, d22\n\t" + "veor d21, d26, d31\n\t" + "vbic d31, d24, d23\n\t" + "veor d22, d22, d31\n\t" + "vbic d31, d25, d24\n\t" + "veor d23, d23, d31\n\t" + "vbic d31, d26, d25\n\t" + "veor d24, d24, d31\n\t" + "vld1.8 {d30}, [r1]!\n\t" + "subs r2, r2, #1\n\t" + "veor d0, d0, d30\n\t" + "bne L_sha3_arm32_neon_begin_%=\n\t" + "vst1.8 {d0-d3}, [%[state]]!\n\t" + "vst1.8 {d4-d7}, [%[state]]!\n\t" + "vst1.8 {d8-d11}, [%[state]]!\n\t" + "vst1.8 {d12-d15}, [%[state]]!\n\t" + "vst1.8 {d16-d19}, [%[state]]!\n\t" + "vst1.8 {d20-d23}, [%[state]]!\n\t" + "vst1.8 {d24}, [%[state]]\n\t" + "add sp, sp, #16\n\t" + : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) + : + : "memory", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc" + ); +} + +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#include + +#ifdef WOLFSSL_ARMASM_NO_NEON +void BlockSha3(word64* state_p) +{ + register word64* state asm ("r0") = (word64*)state_p; + register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt; + register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt; + + __asm__ __volatile__ ( + "sub sp, sp, #0xcc\n\t" + "mov r1, %[L_sha3_arm2_rt]\n\t" + "mov r2, #12\n\t" + "\n" + "L_sha3_arm32_begin_%=: \n\t" + "str r2, [sp, #200]\n\t" + /* Round even */ + /* Calc b[4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #32]\n\t" + "ldr r5, [%[state], #36]\n\t" +#else + "ldrd r4, r5, [%[state], #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #72]\n\t" + "ldr r7, [%[state], #76]\n\t" +#else + "ldrd r6, r7, [%[state], #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #112]\n\t" + "ldr r9, [%[state], #116]\n\t" +#else + "ldrd r8, r9, [%[state], #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #152]\n\t" + "ldr r11, [%[state], #156]\n\t" +#else + "ldrd r10, r11, [%[state], #152]\n\t" +#endif + "ldr r12, [%[state], #192]\n\t" + "ldr lr, [%[state], #196]\n\t" + "eor r2, r4, r6\n\t" + "eor r3, r5, r7\n\t" + "eor r2, r2, r8\n\t" + "eor r3, r3, r9\n\t" + "eor r2, r2, r10\n\t" + "eor r3, r3, r11\n\t" + "eor r2, r2, r12\n\t" + "eor r3, r3, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r2, [sp, #32]\n\t" + "str r3, [sp, #36]\n\t" +#else + "strd r2, r3, [sp, #32]\n\t" +#endif + /* Calc b[1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #8]\n\t" + "ldr r5, [%[state], #12]\n\t" +#else + "ldrd r4, r5, [%[state], #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #48]\n\t" + "ldr r7, [%[state], #52]\n\t" +#else + "ldrd r6, r7, [%[state], #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #88]\n\t" + "ldr r9, [%[state], #92]\n\t" +#else + "ldrd r8, r9, [%[state], #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #128]\n\t" + "ldr r11, [%[state], #132]\n\t" +#else + "ldrd r10, r11, [%[state], #128]\n\t" +#endif + "ldr r12, [%[state], #168]\n\t" + "ldr lr, [%[state], #172]\n\t" + "eor r4, r4, r6\n\t" + "eor r5, r5, r7\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r4, r4, r10\n\t" + "eor r5, r5, r11\n\t" + "eor r4, r4, r12\n\t" + "eor r5, r5, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #8]\n\t" + "str r5, [sp, #12]\n\t" +#else + "strd r4, r5, [sp, #8]\n\t" +#endif + /* Calc t[0] */ + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* Calc b[0] and XOR t[0] into s[x*5+0] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state]]\n\t" + "ldr r5, [%[state], #4]\n\t" +#else + "ldrd r4, r5, [%[state]]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #40]\n\t" + "ldr r7, [%[state], #44]\n\t" +#else + "ldrd r6, r7, [%[state], #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #80]\n\t" + "ldr r9, [%[state], #84]\n\t" +#else + "ldrd r8, r9, [%[state], #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #120]\n\t" + "ldr r11, [%[state], #124]\n\t" +#else + "ldrd r10, r11, [%[state], #120]\n\t" +#endif + "eor r12, r4, r6\n\t" + "eor lr, r5, r7\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state]]\n\t" + "str r5, [%[state], #4]\n\t" +#else + "strd r4, r5, [%[state]]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [%[state], #40]\n\t" + "str r7, [%[state], #44]\n\t" +#else + "strd r6, r7, [%[state], #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [%[state], #80]\n\t" + "str r9, [%[state], #84]\n\t" +#else + "strd r8, r9, [%[state], #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #120]\n\t" + "str r11, [%[state], #124]\n\t" +#else + "strd r10, r11, [%[state], #120]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #160]\n\t" + "ldr r11, [%[state], #164]\n\t" +#else + "ldrd r10, r11, [%[state], #160]\n\t" +#endif + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #160]\n\t" + "str r11, [%[state], #164]\n\t" +#else + "strd r10, r11, [%[state], #160]\n\t" +#endif + "str r12, [sp]\n\t" + "str lr, [sp, #4]\n\t" + /* Calc b[3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #24]\n\t" + "ldr r5, [%[state], #28]\n\t" +#else + "ldrd r4, r5, [%[state], #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #64]\n\t" + "ldr r7, [%[state], #68]\n\t" +#else + "ldrd r6, r7, [%[state], #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #104]\n\t" + "ldr r9, [%[state], #108]\n\t" +#else + "ldrd r8, r9, [%[state], #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #144]\n\t" + "ldr r11, [%[state], #148]\n\t" +#else + "ldrd r10, r11, [%[state], #144]\n\t" +#endif + "ldr r12, [%[state], #184]\n\t" + "ldr lr, [%[state], #188]\n\t" + "eor r4, r4, r6\n\t" + "eor r5, r5, r7\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r4, r4, r10\n\t" + "eor r5, r5, r11\n\t" + "eor r4, r4, r12\n\t" + "eor r5, r5, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #24]\n\t" + "str r5, [sp, #28]\n\t" +#else + "strd r4, r5, [sp, #24]\n\t" +#endif + /* Calc t[2] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #8]\n\t" + "ldr r3, [sp, #12]\n\t" +#else + "ldrd r2, r3, [sp, #8]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* Calc b[2] and XOR t[2] into s[x*5+2] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #16]\n\t" + "ldr r5, [%[state], #20]\n\t" +#else + "ldrd r4, r5, [%[state], #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #56]\n\t" + "ldr r7, [%[state], #60]\n\t" +#else + "ldrd r6, r7, [%[state], #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #96]\n\t" + "ldr r9, [%[state], #100]\n\t" +#else + "ldrd r8, r9, [%[state], #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #136]\n\t" + "ldr r11, [%[state], #140]\n\t" +#else + "ldrd r10, r11, [%[state], #136]\n\t" +#endif + "eor r12, r4, r6\n\t" + "eor lr, r5, r7\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #16]\n\t" + "str r5, [%[state], #20]\n\t" +#else + "strd r4, r5, [%[state], #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [%[state], #56]\n\t" + "str r7, [%[state], #60]\n\t" +#else + "strd r6, r7, [%[state], #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [%[state], #96]\n\t" + "str r9, [%[state], #100]\n\t" +#else + "strd r8, r9, [%[state], #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #136]\n\t" + "str r11, [%[state], #140]\n\t" +#else + "strd r10, r11, [%[state], #136]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #176]\n\t" + "ldr r11, [%[state], #180]\n\t" +#else + "ldrd r10, r11, [%[state], #176]\n\t" +#endif + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #176]\n\t" + "str r11, [%[state], #180]\n\t" +#else + "strd r10, r11, [%[state], #176]\n\t" +#endif + "str r12, [sp, #16]\n\t" + "str lr, [sp, #20]\n\t" + /* Calc t[1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif + "eor r2, r2, lr, lsr #31\n\t" + "eor r3, r3, r12, lsr #31\n\t" + "eor r2, r2, r12, lsl #1\n\t" + "eor r3, r3, lr, lsl #1\n\t" + /* XOR t[1] into s[x*5+1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #8]\n\t" + "ldr r5, [%[state], #12]\n\t" +#else + "ldrd r4, r5, [%[state], #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #48]\n\t" + "ldr r7, [%[state], #52]\n\t" +#else + "ldrd r6, r7, [%[state], #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #88]\n\t" + "ldr r9, [%[state], #92]\n\t" +#else + "ldrd r8, r9, [%[state], #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #128]\n\t" + "ldr r11, [%[state], #132]\n\t" +#else + "ldrd r10, r11, [%[state], #128]\n\t" +#endif + "ldr r12, [%[state], #168]\n\t" + "ldr lr, [%[state], #172]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #8]\n\t" + "str r5, [%[state], #12]\n\t" +#else + "strd r4, r5, [%[state], #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [%[state], #48]\n\t" + "str r7, [%[state], #52]\n\t" +#else + "strd r6, r7, [%[state], #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [%[state], #88]\n\t" + "str r9, [%[state], #92]\n\t" +#else + "strd r8, r9, [%[state], #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #128]\n\t" + "str r11, [%[state], #132]\n\t" +#else + "strd r10, r11, [%[state], #128]\n\t" +#endif + "str r12, [%[state], #168]\n\t" + "str lr, [%[state], #172]\n\t" + /* Calc t[3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #16]\n\t" + "ldr r3, [sp, #20]\n\t" +#else + "ldrd r2, r3, [sp, #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #32]\n\t" + "ldr r5, [sp, #36]\n\t" +#else + "ldrd r4, r5, [sp, #32]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* XOR t[3] into s[x*5+3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #24]\n\t" + "ldr r5, [%[state], #28]\n\t" +#else + "ldrd r4, r5, [%[state], #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #64]\n\t" + "ldr r7, [%[state], #68]\n\t" +#else + "ldrd r6, r7, [%[state], #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #104]\n\t" + "ldr r9, [%[state], #108]\n\t" +#else + "ldrd r8, r9, [%[state], #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #144]\n\t" + "ldr r11, [%[state], #148]\n\t" +#else + "ldrd r10, r11, [%[state], #144]\n\t" +#endif + "ldr r12, [%[state], #184]\n\t" + "ldr lr, [%[state], #188]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #24]\n\t" + "str r5, [%[state], #28]\n\t" +#else + "strd r4, r5, [%[state], #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [%[state], #64]\n\t" + "str r7, [%[state], #68]\n\t" +#else + "strd r6, r7, [%[state], #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [%[state], #104]\n\t" + "str r9, [%[state], #108]\n\t" +#else + "strd r8, r9, [%[state], #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #144]\n\t" + "str r11, [%[state], #148]\n\t" +#else + "strd r10, r11, [%[state], #144]\n\t" +#endif + "str r12, [%[state], #184]\n\t" + "str lr, [%[state], #188]\n\t" + /* Calc t[4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #24]\n\t" + "ldr r3, [sp, #28]\n\t" +#else + "ldrd r2, r3, [sp, #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp]\n\t" + "ldr r5, [sp, #4]\n\t" +#else + "ldrd r4, r5, [sp]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* XOR t[4] into s[x*5+4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #32]\n\t" + "ldr r5, [%[state], #36]\n\t" +#else + "ldrd r4, r5, [%[state], #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #72]\n\t" + "ldr r7, [%[state], #76]\n\t" +#else + "ldrd r6, r7, [%[state], #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #112]\n\t" + "ldr r9, [%[state], #116]\n\t" +#else + "ldrd r8, r9, [%[state], #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #152]\n\t" + "ldr r11, [%[state], #156]\n\t" +#else + "ldrd r10, r11, [%[state], #152]\n\t" +#endif + "ldr r12, [%[state], #192]\n\t" + "ldr lr, [%[state], #196]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #32]\n\t" + "str r5, [%[state], #36]\n\t" +#else + "strd r4, r5, [%[state], #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [%[state], #72]\n\t" + "str r7, [%[state], #76]\n\t" +#else + "strd r6, r7, [%[state], #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [%[state], #112]\n\t" + "str r9, [%[state], #116]\n\t" +#else + "strd r8, r9, [%[state], #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [%[state], #152]\n\t" + "str r11, [%[state], #156]\n\t" +#else + "strd r10, r11, [%[state], #152]\n\t" +#endif + "str r12, [%[state], #192]\n\t" + "str lr, [%[state], #196]\n\t" + /* Row Mix */ + /* Row 0 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state]]\n\t" + "ldr r3, [%[state], #4]\n\t" +#else + "ldrd r2, r3, [%[state]]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #48]\n\t" + "ldr r5, [%[state], #52]\n\t" +#else + "ldrd r4, r5, [%[state], #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #96]\n\t" + "ldr r7, [%[state], #100]\n\t" +#else + "ldrd r6, r7, [%[state], #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #144]\n\t" + "ldr r9, [%[state], #148]\n\t" +#else + "ldrd r8, r9, [%[state], #144]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #192]\n\t" + "ldr r11, [%[state], #196]\n\t" +#else + "ldrd r10, r11, [%[state], #192]\n\t" +#endif + /* s[1] <<< 44 */ + "mov lr, r4\n\t" + "lsr r12, r5, #20\n\t" + "lsr r4, r4, #20\n\t" + "orr r4, r4, r5, lsl #12\n\t" + "orr r5, r12, lr, lsl #12\n\t" + /* s[2] <<< 43 */ + "mov lr, r6\n\t" + "lsr r12, r7, #21\n\t" + "lsr r6, r6, #21\n\t" + "orr r6, r6, r7, lsl #11\n\t" + "orr r7, r12, lr, lsl #11\n\t" + /* s[3] <<< 21 */ + "lsr r12, r9, #11\n\t" + "lsr lr, r8, #11\n\t" + "orr r8, r12, r8, lsl #21\n\t" + "orr r9, lr, r9, lsl #21\n\t" + /* s[4] <<< 14 */ + "lsr r12, r11, #18\n\t" + "lsr lr, r10, #18\n\t" + "orr r10, r12, r10, lsl #14\n\t" + "orr r11, lr, r11, lsl #14\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [sp, #8]\n\t" + "str lr, [sp, #12]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [sp, #16]\n\t" + "str lr, [sp, #20]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [sp, #24]\n\t" + "str lr, [sp, #28]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp, #32]\n\t" + "str lr, [sp, #36]\n\t" + /* Get constant */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [r1]\n\t" + "ldr r11, [r1, #4]\n\t" +#else + "ldrd r10, r11, [r1]\n\t" +#endif + "add r1, r1, #8\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + /* XOR in constant */ + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp]\n\t" + "str lr, [sp, #4]\n\t" + /* Row 1 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #24]\n\t" + "ldr r3, [%[state], #28]\n\t" +#else + "ldrd r2, r3, [%[state], #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #72]\n\t" + "ldr r5, [%[state], #76]\n\t" +#else + "ldrd r4, r5, [%[state], #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #80]\n\t" + "ldr r7, [%[state], #84]\n\t" +#else + "ldrd r6, r7, [%[state], #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #128]\n\t" + "ldr r9, [%[state], #132]\n\t" +#else + "ldrd r8, r9, [%[state], #128]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #176]\n\t" + "ldr r11, [%[state], #180]\n\t" +#else + "ldrd r10, r11, [%[state], #176]\n\t" +#endif + /* s[0] <<< 28 */ + "lsr r12, r3, #4\n\t" + "lsr lr, r2, #4\n\t" + "orr r2, r12, r2, lsl #28\n\t" + "orr r3, lr, r3, lsl #28\n\t" + /* s[1] <<< 20 */ + "lsr r12, r5, #12\n\t" + "lsr lr, r4, #12\n\t" + "orr r4, r12, r4, lsl #20\n\t" + "orr r5, lr, r5, lsl #20\n\t" + /* s[2] <<< 3 */ + "lsr r12, r7, #29\n\t" + "lsr lr, r6, #29\n\t" + "orr r6, r12, r6, lsl #3\n\t" + "orr r7, lr, r7, lsl #3\n\t" + /* s[3] <<< 45 */ + "mov lr, r8\n\t" + "lsr r12, r9, #19\n\t" + "lsr r8, r8, #19\n\t" + "orr r8, r8, r9, lsl #13\n\t" + "orr r9, r12, lr, lsl #13\n\t" + /* s[4] <<< 61 */ + "mov lr, r10\n\t" + "lsr r12, r11, #3\n\t" + "lsr r10, r10, #3\n\t" + "orr r10, r10, r11, lsl #29\n\t" + "orr r11, r12, lr, lsl #29\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [sp, #48]\n\t" + "str lr, [sp, #52]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [sp, #56]\n\t" + "str lr, [sp, #60]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [sp, #64]\n\t" + "str lr, [sp, #68]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp, #72]\n\t" + "str lr, [sp, #76]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [sp, #40]\n\t" + "str lr, [sp, #44]\n\t" + /* Row 2 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #8]\n\t" + "ldr r3, [%[state], #12]\n\t" +#else + "ldrd r2, r3, [%[state], #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #56]\n\t" + "ldr r5, [%[state], #60]\n\t" +#else + "ldrd r4, r5, [%[state], #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #104]\n\t" + "ldr r7, [%[state], #108]\n\t" +#else + "ldrd r6, r7, [%[state], #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #152]\n\t" + "ldr r9, [%[state], #156]\n\t" +#else + "ldrd r8, r9, [%[state], #152]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #160]\n\t" + "ldr r11, [%[state], #164]\n\t" +#else + "ldrd r10, r11, [%[state], #160]\n\t" +#endif + /* s[0] <<< 1 */ + "lsr r12, r3, #31\n\t" + "lsr lr, r2, #31\n\t" + "orr r2, r12, r2, lsl #1\n\t" + "orr r3, lr, r3, lsl #1\n\t" + /* s[1] <<< 6 */ + "lsr r12, r5, #26\n\t" + "lsr lr, r4, #26\n\t" + "orr r4, r12, r4, lsl #6\n\t" + "orr r5, lr, r5, lsl #6\n\t" + /* s[2] <<< 25 */ + "lsr r12, r7, #7\n\t" + "lsr lr, r6, #7\n\t" + "orr r6, r12, r6, lsl #25\n\t" + "orr r7, lr, r7, lsl #25\n\t" + /* s[3] <<< 8 */ + "lsr r12, r9, #24\n\t" + "lsr lr, r8, #24\n\t" + "orr r8, r12, r8, lsl #8\n\t" + "orr r9, lr, r9, lsl #8\n\t" + /* s[4] <<< 18 */ + "lsr r12, r11, #14\n\t" + "lsr lr, r10, #14\n\t" + "orr r10, r12, r10, lsl #18\n\t" + "orr r11, lr, r11, lsl #18\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [sp, #88]\n\t" + "str lr, [sp, #92]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [sp, #96]\n\t" + "str lr, [sp, #100]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [sp, #104]\n\t" + "str lr, [sp, #108]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp, #112]\n\t" + "str lr, [sp, #116]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [sp, #80]\n\t" + "str lr, [sp, #84]\n\t" + /* Row 3 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #32]\n\t" + "ldr r3, [%[state], #36]\n\t" +#else + "ldrd r2, r3, [%[state], #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #40]\n\t" + "ldr r5, [%[state], #44]\n\t" +#else + "ldrd r4, r5, [%[state], #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #88]\n\t" + "ldr r7, [%[state], #92]\n\t" +#else + "ldrd r6, r7, [%[state], #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #136]\n\t" + "ldr r9, [%[state], #140]\n\t" +#else + "ldrd r8, r9, [%[state], #136]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #184]\n\t" + "ldr r11, [%[state], #188]\n\t" +#else + "ldrd r10, r11, [%[state], #184]\n\t" +#endif + /* s[0] <<< 27 */ + "lsr r12, r3, #5\n\t" + "lsr lr, r2, #5\n\t" + "orr r2, r12, r2, lsl #27\n\t" + "orr r3, lr, r3, lsl #27\n\t" + /* s[1] <<< 36 */ + "mov lr, r4\n\t" + "lsr r12, r5, #28\n\t" + "lsr r4, r4, #28\n\t" + "orr r4, r4, r5, lsl #4\n\t" + "orr r5, r12, lr, lsl #4\n\t" + /* s[2] <<< 10 */ + "lsr r12, r7, #22\n\t" + "lsr lr, r6, #22\n\t" + "orr r6, r12, r6, lsl #10\n\t" + "orr r7, lr, r7, lsl #10\n\t" + /* s[3] <<< 15 */ + "lsr r12, r9, #17\n\t" + "lsr lr, r8, #17\n\t" + "orr r8, r12, r8, lsl #15\n\t" + "orr r9, lr, r9, lsl #15\n\t" + /* s[4] <<< 56 */ + "mov lr, r10\n\t" + "lsr r12, r11, #8\n\t" + "lsr r10, r10, #8\n\t" + "orr r10, r10, r11, lsl #24\n\t" + "orr r11, r12, lr, lsl #24\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [sp, #128]\n\t" + "str lr, [sp, #132]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [sp, #136]\n\t" + "str lr, [sp, #140]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [sp, #144]\n\t" + "str lr, [sp, #148]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp, #152]\n\t" + "str lr, [sp, #156]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [sp, #120]\n\t" + "str lr, [sp, #124]\n\t" + /* Row 4 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #16]\n\t" + "ldr r3, [%[state], #20]\n\t" +#else + "ldrd r2, r3, [%[state], #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #64]\n\t" + "ldr r5, [%[state], #68]\n\t" +#else + "ldrd r4, r5, [%[state], #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [%[state], #112]\n\t" + "ldr r7, [%[state], #116]\n\t" +#else + "ldrd r6, r7, [%[state], #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [%[state], #120]\n\t" + "ldr r9, [%[state], #124]\n\t" +#else + "ldrd r8, r9, [%[state], #120]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [%[state], #168]\n\t" + "ldr r11, [%[state], #172]\n\t" +#else + "ldrd r10, r11, [%[state], #168]\n\t" +#endif + /* s[0] <<< 62 */ + "mov lr, r2\n\t" + "lsr r12, r3, #2\n\t" + "lsr r2, r2, #2\n\t" + "orr r2, r2, r3, lsl #30\n\t" + "orr r3, r12, lr, lsl #30\n\t" + /* s[1] <<< 55 */ + "mov lr, r4\n\t" + "lsr r12, r5, #9\n\t" + "lsr r4, r4, #9\n\t" + "orr r4, r4, r5, lsl #23\n\t" + "orr r5, r12, lr, lsl #23\n\t" + /* s[2] <<< 39 */ + "mov lr, r6\n\t" + "lsr r12, r7, #25\n\t" + "lsr r6, r6, #25\n\t" + "orr r6, r6, r7, lsl #7\n\t" + "orr r7, r12, lr, lsl #7\n\t" + /* s[3] <<< 41 */ + "mov lr, r8\n\t" + "lsr r12, r9, #23\n\t" + "lsr r8, r8, #23\n\t" + "orr r8, r8, r9, lsl #9\n\t" + "orr r9, r12, lr, lsl #9\n\t" + /* s[4] <<< 2 */ + "lsr r12, r11, #30\n\t" + "lsr lr, r10, #30\n\t" + "orr r10, r12, r10, lsl #2\n\t" + "orr r11, lr, r11, lsl #2\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [sp, #168]\n\t" + "str lr, [sp, #172]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [sp, #176]\n\t" + "str lr, [sp, #180]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [sp, #184]\n\t" + "str lr, [sp, #188]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [sp, #192]\n\t" + "str lr, [sp, #196]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [sp, #160]\n\t" + "str lr, [sp, #164]\n\t" + /* Round odd */ + /* Calc b[4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #32]\n\t" + "ldr r5, [sp, #36]\n\t" +#else + "ldrd r4, r5, [sp, #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #72]\n\t" + "ldr r7, [sp, #76]\n\t" +#else + "ldrd r6, r7, [sp, #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #112]\n\t" + "ldr r9, [sp, #116]\n\t" +#else + "ldrd r8, r9, [sp, #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #152]\n\t" + "ldr r11, [sp, #156]\n\t" +#else + "ldrd r10, r11, [sp, #152]\n\t" +#endif + "ldr r12, [sp, #192]\n\t" + "ldr lr, [sp, #196]\n\t" + "eor r2, r4, r6\n\t" + "eor r3, r5, r7\n\t" + "eor r2, r2, r8\n\t" + "eor r3, r3, r9\n\t" + "eor r2, r2, r10\n\t" + "eor r3, r3, r11\n\t" + "eor r2, r2, r12\n\t" + "eor r3, r3, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r2, [%[state], #32]\n\t" + "str r3, [%[state], #36]\n\t" +#else + "strd r2, r3, [%[state], #32]\n\t" +#endif + /* Calc b[1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #8]\n\t" + "ldr r5, [sp, #12]\n\t" +#else + "ldrd r4, r5, [sp, #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #48]\n\t" + "ldr r7, [sp, #52]\n\t" +#else + "ldrd r6, r7, [sp, #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #88]\n\t" + "ldr r9, [sp, #92]\n\t" +#else + "ldrd r8, r9, [sp, #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #128]\n\t" + "ldr r11, [sp, #132]\n\t" +#else + "ldrd r10, r11, [sp, #128]\n\t" +#endif + "ldr r12, [sp, #168]\n\t" + "ldr lr, [sp, #172]\n\t" + "eor r4, r4, r6\n\t" + "eor r5, r5, r7\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r4, r4, r10\n\t" + "eor r5, r5, r11\n\t" + "eor r4, r4, r12\n\t" + "eor r5, r5, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #8]\n\t" + "str r5, [%[state], #12]\n\t" +#else + "strd r4, r5, [%[state], #8]\n\t" +#endif + /* Calc t[0] */ + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* Calc b[0] and XOR t[0] into s[x*5+0] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp]\n\t" + "ldr r5, [sp, #4]\n\t" +#else + "ldrd r4, r5, [sp]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #40]\n\t" + "ldr r7, [sp, #44]\n\t" +#else + "ldrd r6, r7, [sp, #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #80]\n\t" + "ldr r9, [sp, #84]\n\t" +#else + "ldrd r8, r9, [sp, #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #120]\n\t" + "ldr r11, [sp, #124]\n\t" +#else + "ldrd r10, r11, [sp, #120]\n\t" +#endif + "eor r12, r4, r6\n\t" + "eor lr, r5, r7\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp]\n\t" + "str r5, [sp, #4]\n\t" +#else + "strd r4, r5, [sp]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #40]\n\t" + "str r7, [sp, #44]\n\t" +#else + "strd r6, r7, [sp, #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [sp, #80]\n\t" + "str r9, [sp, #84]\n\t" +#else + "strd r8, r9, [sp, #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #120]\n\t" + "str r11, [sp, #124]\n\t" +#else + "strd r10, r11, [sp, #120]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #160]\n\t" + "ldr r11, [sp, #164]\n\t" +#else + "ldrd r10, r11, [sp, #160]\n\t" +#endif + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #160]\n\t" + "str r11, [sp, #164]\n\t" +#else + "strd r10, r11, [sp, #160]\n\t" +#endif + "str r12, [%[state]]\n\t" + "str lr, [%[state], #4]\n\t" + /* Calc b[3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #24]\n\t" + "ldr r5, [sp, #28]\n\t" +#else + "ldrd r4, r5, [sp, #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #64]\n\t" + "ldr r7, [sp, #68]\n\t" +#else + "ldrd r6, r7, [sp, #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #104]\n\t" + "ldr r9, [sp, #108]\n\t" +#else + "ldrd r8, r9, [sp, #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #144]\n\t" + "ldr r11, [sp, #148]\n\t" +#else + "ldrd r10, r11, [sp, #144]\n\t" +#endif + "ldr r12, [sp, #184]\n\t" + "ldr lr, [sp, #188]\n\t" + "eor r4, r4, r6\n\t" + "eor r5, r5, r7\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r4, r4, r10\n\t" + "eor r5, r5, r11\n\t" + "eor r4, r4, r12\n\t" + "eor r5, r5, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [%[state], #24]\n\t" + "str r5, [%[state], #28]\n\t" +#else + "strd r4, r5, [%[state], #24]\n\t" +#endif + /* Calc t[2] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #8]\n\t" + "ldr r3, [%[state], #12]\n\t" +#else + "ldrd r2, r3, [%[state], #8]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* Calc b[2] and XOR t[2] into s[x*5+2] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #16]\n\t" + "ldr r5, [sp, #20]\n\t" +#else + "ldrd r4, r5, [sp, #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #56]\n\t" + "ldr r7, [sp, #60]\n\t" +#else + "ldrd r6, r7, [sp, #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #96]\n\t" + "ldr r9, [sp, #100]\n\t" +#else + "ldrd r8, r9, [sp, #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #136]\n\t" + "ldr r11, [sp, #140]\n\t" +#else + "ldrd r10, r11, [sp, #136]\n\t" +#endif + "eor r12, r4, r6\n\t" + "eor lr, r5, r7\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #16]\n\t" + "str r5, [sp, #20]\n\t" +#else + "strd r4, r5, [sp, #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #56]\n\t" + "str r7, [sp, #60]\n\t" +#else + "strd r6, r7, [sp, #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [sp, #96]\n\t" + "str r9, [sp, #100]\n\t" +#else + "strd r8, r9, [sp, #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #136]\n\t" + "str r11, [sp, #140]\n\t" +#else + "strd r10, r11, [sp, #136]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #176]\n\t" + "ldr r11, [sp, #180]\n\t" +#else + "ldrd r10, r11, [sp, #176]\n\t" +#endif + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #176]\n\t" + "str r11, [sp, #180]\n\t" +#else + "strd r10, r11, [sp, #176]\n\t" +#endif + "str r12, [%[state], #16]\n\t" + "str lr, [%[state], #20]\n\t" + /* Calc t[1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state]]\n\t" + "ldr r3, [%[state], #4]\n\t" +#else + "ldrd r2, r3, [%[state]]\n\t" +#endif + "eor r2, r2, lr, lsr #31\n\t" + "eor r3, r3, r12, lsr #31\n\t" + "eor r2, r2, r12, lsl #1\n\t" + "eor r3, r3, lr, lsl #1\n\t" + /* XOR t[1] into s[x*5+1] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #8]\n\t" + "ldr r5, [sp, #12]\n\t" +#else + "ldrd r4, r5, [sp, #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #48]\n\t" + "ldr r7, [sp, #52]\n\t" +#else + "ldrd r6, r7, [sp, #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #88]\n\t" + "ldr r9, [sp, #92]\n\t" +#else + "ldrd r8, r9, [sp, #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #128]\n\t" + "ldr r11, [sp, #132]\n\t" +#else + "ldrd r10, r11, [sp, #128]\n\t" +#endif + "ldr r12, [sp, #168]\n\t" + "ldr lr, [sp, #172]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #8]\n\t" + "str r5, [sp, #12]\n\t" +#else + "strd r4, r5, [sp, #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #48]\n\t" + "str r7, [sp, #52]\n\t" +#else + "strd r6, r7, [sp, #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [sp, #88]\n\t" + "str r9, [sp, #92]\n\t" +#else + "strd r8, r9, [sp, #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #128]\n\t" + "str r11, [sp, #132]\n\t" +#else + "strd r10, r11, [sp, #128]\n\t" +#endif + "str r12, [sp, #168]\n\t" + "str lr, [sp, #172]\n\t" + /* Calc t[3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #16]\n\t" + "ldr r3, [%[state], #20]\n\t" +#else + "ldrd r2, r3, [%[state], #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state], #32]\n\t" + "ldr r5, [%[state], #36]\n\t" +#else + "ldrd r4, r5, [%[state], #32]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* XOR t[3] into s[x*5+3] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #24]\n\t" + "ldr r5, [sp, #28]\n\t" +#else + "ldrd r4, r5, [sp, #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #64]\n\t" + "ldr r7, [sp, #68]\n\t" +#else + "ldrd r6, r7, [sp, #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #104]\n\t" + "ldr r9, [sp, #108]\n\t" +#else + "ldrd r8, r9, [sp, #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #144]\n\t" + "ldr r11, [sp, #148]\n\t" +#else + "ldrd r10, r11, [sp, #144]\n\t" +#endif + "ldr r12, [sp, #184]\n\t" + "ldr lr, [sp, #188]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #24]\n\t" + "str r5, [sp, #28]\n\t" +#else + "strd r4, r5, [sp, #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #64]\n\t" + "str r7, [sp, #68]\n\t" +#else + "strd r6, r7, [sp, #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [sp, #104]\n\t" + "str r9, [sp, #108]\n\t" +#else + "strd r8, r9, [sp, #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #144]\n\t" + "str r11, [sp, #148]\n\t" +#else + "strd r10, r11, [sp, #144]\n\t" +#endif + "str r12, [sp, #184]\n\t" + "str lr, [sp, #188]\n\t" + /* Calc t[4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [%[state], #24]\n\t" + "ldr r3, [%[state], #28]\n\t" +#else + "ldrd r2, r3, [%[state], #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [%[state]]\n\t" + "ldr r5, [%[state], #4]\n\t" +#else + "ldrd r4, r5, [%[state]]\n\t" +#endif + "eor r2, r2, r5, lsr #31\n\t" + "eor r3, r3, r4, lsr #31\n\t" + "eor r2, r2, r4, lsl #1\n\t" + "eor r3, r3, r5, lsl #1\n\t" + /* XOR t[4] into s[x*5+4] */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #32]\n\t" + "ldr r5, [sp, #36]\n\t" +#else + "ldrd r4, r5, [sp, #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #72]\n\t" + "ldr r7, [sp, #76]\n\t" +#else + "ldrd r6, r7, [sp, #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #112]\n\t" + "ldr r9, [sp, #116]\n\t" +#else + "ldrd r8, r9, [sp, #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #152]\n\t" + "ldr r11, [sp, #156]\n\t" +#else + "ldrd r10, r11, [sp, #152]\n\t" +#endif + "ldr r12, [sp, #192]\n\t" + "ldr lr, [sp, #196]\n\t" + "eor r4, r4, r2\n\t" + "eor r5, r5, r3\n\t" + "eor r6, r6, r2\n\t" + "eor r7, r7, r3\n\t" + "eor r8, r8, r2\n\t" + "eor r9, r9, r3\n\t" + "eor r10, r10, r2\n\t" + "eor r11, r11, r3\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #32]\n\t" + "str r5, [sp, #36]\n\t" +#else + "strd r4, r5, [sp, #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #72]\n\t" + "str r7, [sp, #76]\n\t" +#else + "strd r6, r7, [sp, #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r8, [sp, #112]\n\t" + "str r9, [sp, #116]\n\t" +#else + "strd r8, r9, [sp, #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r10, [sp, #152]\n\t" + "str r11, [sp, #156]\n\t" +#else + "strd r10, r11, [sp, #152]\n\t" +#endif + "str r12, [sp, #192]\n\t" + "str lr, [sp, #196]\n\t" + /* Row Mix */ + /* Row 0 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #48]\n\t" + "ldr r5, [sp, #52]\n\t" +#else + "ldrd r4, r5, [sp, #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #96]\n\t" + "ldr r7, [sp, #100]\n\t" +#else + "ldrd r6, r7, [sp, #96]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #144]\n\t" + "ldr r9, [sp, #148]\n\t" +#else + "ldrd r8, r9, [sp, #144]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #192]\n\t" + "ldr r11, [sp, #196]\n\t" +#else + "ldrd r10, r11, [sp, #192]\n\t" +#endif + /* s[1] <<< 44 */ + "mov lr, r4\n\t" + "lsr r12, r5, #20\n\t" + "lsr r4, r4, #20\n\t" + "orr r4, r4, r5, lsl #12\n\t" + "orr r5, r12, lr, lsl #12\n\t" + /* s[2] <<< 43 */ + "mov lr, r6\n\t" + "lsr r12, r7, #21\n\t" + "lsr r6, r6, #21\n\t" + "orr r6, r6, r7, lsl #11\n\t" + "orr r7, r12, lr, lsl #11\n\t" + /* s[3] <<< 21 */ + "lsr r12, r9, #11\n\t" + "lsr lr, r8, #11\n\t" + "orr r8, r12, r8, lsl #21\n\t" + "orr r9, lr, r9, lsl #21\n\t" + /* s[4] <<< 14 */ + "lsr r12, r11, #18\n\t" + "lsr lr, r10, #18\n\t" + "orr r10, r12, r10, lsl #14\n\t" + "orr r11, lr, r11, lsl #14\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [%[state], #8]\n\t" + "str lr, [%[state], #12]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [%[state], #16]\n\t" + "str lr, [%[state], #20]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [%[state], #24]\n\t" + "str lr, [%[state], #28]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state], #32]\n\t" + "str lr, [%[state], #36]\n\t" + /* Get constant */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [r1]\n\t" + "ldr r11, [r1, #4]\n\t" +#else + "ldrd r10, r11, [r1]\n\t" +#endif + "add r1, r1, #8\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + /* XOR in constant */ + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state]]\n\t" + "str lr, [%[state], #4]\n\t" + /* Row 1 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #24]\n\t" + "ldr r3, [sp, #28]\n\t" +#else + "ldrd r2, r3, [sp, #24]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #72]\n\t" + "ldr r5, [sp, #76]\n\t" +#else + "ldrd r4, r5, [sp, #72]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #80]\n\t" + "ldr r7, [sp, #84]\n\t" +#else + "ldrd r6, r7, [sp, #80]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #128]\n\t" + "ldr r9, [sp, #132]\n\t" +#else + "ldrd r8, r9, [sp, #128]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #176]\n\t" + "ldr r11, [sp, #180]\n\t" +#else + "ldrd r10, r11, [sp, #176]\n\t" +#endif + /* s[0] <<< 28 */ + "lsr r12, r3, #4\n\t" + "lsr lr, r2, #4\n\t" + "orr r2, r12, r2, lsl #28\n\t" + "orr r3, lr, r3, lsl #28\n\t" + /* s[1] <<< 20 */ + "lsr r12, r5, #12\n\t" + "lsr lr, r4, #12\n\t" + "orr r4, r12, r4, lsl #20\n\t" + "orr r5, lr, r5, lsl #20\n\t" + /* s[2] <<< 3 */ + "lsr r12, r7, #29\n\t" + "lsr lr, r6, #29\n\t" + "orr r6, r12, r6, lsl #3\n\t" + "orr r7, lr, r7, lsl #3\n\t" + /* s[3] <<< 45 */ + "mov lr, r8\n\t" + "lsr r12, r9, #19\n\t" + "lsr r8, r8, #19\n\t" + "orr r8, r8, r9, lsl #13\n\t" + "orr r9, r12, lr, lsl #13\n\t" + /* s[4] <<< 61 */ + "mov lr, r10\n\t" + "lsr r12, r11, #3\n\t" + "lsr r10, r10, #3\n\t" + "orr r10, r10, r11, lsl #29\n\t" + "orr r11, r12, lr, lsl #29\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [%[state], #48]\n\t" + "str lr, [%[state], #52]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [%[state], #56]\n\t" + "str lr, [%[state], #60]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [%[state], #64]\n\t" + "str lr, [%[state], #68]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state], #72]\n\t" + "str lr, [%[state], #76]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [%[state], #40]\n\t" + "str lr, [%[state], #44]\n\t" + /* Row 2 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #8]\n\t" + "ldr r3, [sp, #12]\n\t" +#else + "ldrd r2, r3, [sp, #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #56]\n\t" + "ldr r5, [sp, #60]\n\t" +#else + "ldrd r4, r5, [sp, #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #104]\n\t" + "ldr r7, [sp, #108]\n\t" +#else + "ldrd r6, r7, [sp, #104]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #152]\n\t" + "ldr r9, [sp, #156]\n\t" +#else + "ldrd r8, r9, [sp, #152]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #160]\n\t" + "ldr r11, [sp, #164]\n\t" +#else + "ldrd r10, r11, [sp, #160]\n\t" +#endif + /* s[0] <<< 1 */ + "lsr r12, r3, #31\n\t" + "lsr lr, r2, #31\n\t" + "orr r2, r12, r2, lsl #1\n\t" + "orr r3, lr, r3, lsl #1\n\t" + /* s[1] <<< 6 */ + "lsr r12, r5, #26\n\t" + "lsr lr, r4, #26\n\t" + "orr r4, r12, r4, lsl #6\n\t" + "orr r5, lr, r5, lsl #6\n\t" + /* s[2] <<< 25 */ + "lsr r12, r7, #7\n\t" + "lsr lr, r6, #7\n\t" + "orr r6, r12, r6, lsl #25\n\t" + "orr r7, lr, r7, lsl #25\n\t" + /* s[3] <<< 8 */ + "lsr r12, r9, #24\n\t" + "lsr lr, r8, #24\n\t" + "orr r8, r12, r8, lsl #8\n\t" + "orr r9, lr, r9, lsl #8\n\t" + /* s[4] <<< 18 */ + "lsr r12, r11, #14\n\t" + "lsr lr, r10, #14\n\t" + "orr r10, r12, r10, lsl #18\n\t" + "orr r11, lr, r11, lsl #18\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [%[state], #88]\n\t" + "str lr, [%[state], #92]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [%[state], #96]\n\t" + "str lr, [%[state], #100]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [%[state], #104]\n\t" + "str lr, [%[state], #108]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state], #112]\n\t" + "str lr, [%[state], #116]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [%[state], #80]\n\t" + "str lr, [%[state], #84]\n\t" + /* Row 3 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #32]\n\t" + "ldr r3, [sp, #36]\n\t" +#else + "ldrd r2, r3, [sp, #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #40]\n\t" + "ldr r5, [sp, #44]\n\t" +#else + "ldrd r4, r5, [sp, #40]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #88]\n\t" + "ldr r7, [sp, #92]\n\t" +#else + "ldrd r6, r7, [sp, #88]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #136]\n\t" + "ldr r9, [sp, #140]\n\t" +#else + "ldrd r8, r9, [sp, #136]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #184]\n\t" + "ldr r11, [sp, #188]\n\t" +#else + "ldrd r10, r11, [sp, #184]\n\t" +#endif + /* s[0] <<< 27 */ + "lsr r12, r3, #5\n\t" + "lsr lr, r2, #5\n\t" + "orr r2, r12, r2, lsl #27\n\t" + "orr r3, lr, r3, lsl #27\n\t" + /* s[1] <<< 36 */ + "mov lr, r4\n\t" + "lsr r12, r5, #28\n\t" + "lsr r4, r4, #28\n\t" + "orr r4, r4, r5, lsl #4\n\t" + "orr r5, r12, lr, lsl #4\n\t" + /* s[2] <<< 10 */ + "lsr r12, r7, #22\n\t" + "lsr lr, r6, #22\n\t" + "orr r6, r12, r6, lsl #10\n\t" + "orr r7, lr, r7, lsl #10\n\t" + /* s[3] <<< 15 */ + "lsr r12, r9, #17\n\t" + "lsr lr, r8, #17\n\t" + "orr r8, r12, r8, lsl #15\n\t" + "orr r9, lr, r9, lsl #15\n\t" + /* s[4] <<< 56 */ + "mov lr, r10\n\t" + "lsr r12, r11, #8\n\t" + "lsr r10, r10, #8\n\t" + "orr r10, r10, r11, lsl #24\n\t" + "orr r11, r12, lr, lsl #24\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [%[state], #128]\n\t" + "str lr, [%[state], #132]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [%[state], #136]\n\t" + "str lr, [%[state], #140]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [%[state], #144]\n\t" + "str lr, [%[state], #148]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state], #152]\n\t" + "str lr, [%[state], #156]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [%[state], #120]\n\t" + "str lr, [%[state], #124]\n\t" + /* Row 4 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp, #16]\n\t" + "ldr r3, [sp, #20]\n\t" +#else + "ldrd r2, r3, [sp, #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [sp, #64]\n\t" + "ldr r5, [sp, #68]\n\t" +#else + "ldrd r4, r5, [sp, #64]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [sp, #112]\n\t" + "ldr r7, [sp, #116]\n\t" +#else + "ldrd r6, r7, [sp, #112]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r8, [sp, #120]\n\t" + "ldr r9, [sp, #124]\n\t" +#else + "ldrd r8, r9, [sp, #120]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r10, [sp, #168]\n\t" + "ldr r11, [sp, #172]\n\t" +#else + "ldrd r10, r11, [sp, #168]\n\t" +#endif + /* s[0] <<< 62 */ + "mov lr, r2\n\t" + "lsr r12, r3, #2\n\t" + "lsr r2, r2, #2\n\t" + "orr r2, r2, r3, lsl #30\n\t" + "orr r3, r12, lr, lsl #30\n\t" + /* s[1] <<< 55 */ + "mov lr, r4\n\t" + "lsr r12, r5, #9\n\t" + "lsr r4, r4, #9\n\t" + "orr r4, r4, r5, lsl #23\n\t" + "orr r5, r12, lr, lsl #23\n\t" + /* s[2] <<< 39 */ + "mov lr, r6\n\t" + "lsr r12, r7, #25\n\t" + "lsr r6, r6, #25\n\t" + "orr r6, r6, r7, lsl #7\n\t" + "orr r7, r12, lr, lsl #7\n\t" + /* s[3] <<< 41 */ + "mov lr, r8\n\t" + "lsr r12, r9, #23\n\t" + "lsr r8, r8, #23\n\t" + "orr r8, r8, r9, lsl #9\n\t" + "orr r9, r12, lr, lsl #9\n\t" + /* s[4] <<< 2 */ + "lsr r12, r11, #30\n\t" + "lsr lr, r10, #30\n\t" + "orr r10, r12, r10, lsl #2\n\t" + "orr r11, lr, r11, lsl #2\n\t" + "bic r12, r8, r6\n\t" + "bic lr, r9, r7\n\t" + "eor r12, r12, r4\n\t" + "eor lr, lr, r5\n\t" + "str r12, [%[state], #168]\n\t" + "str lr, [%[state], #172]\n\t" + "bic r12, r10, r8\n\t" + "bic lr, r11, r9\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "str r12, [%[state], #176]\n\t" + "str lr, [%[state], #180]\n\t" + "bic r12, r2, r10\n\t" + "bic lr, r3, r11\n\t" + "eor r12, r12, r8\n\t" + "eor lr, lr, r9\n\t" + "str r12, [%[state], #184]\n\t" + "str lr, [%[state], #188]\n\t" + "bic r12, r4, r2\n\t" + "bic lr, r5, r3\n\t" + "eor r12, r12, r10\n\t" + "eor lr, lr, r11\n\t" + "str r12, [%[state], #192]\n\t" + "str lr, [%[state], #196]\n\t" + "bic r12, r6, r4\n\t" + "bic lr, r7, r5\n\t" + "eor r12, r12, r2\n\t" + "eor lr, lr, r3\n\t" + "str r12, [%[state], #160]\n\t" + "str lr, [%[state], #164]\n\t" + "ldr r2, [sp, #200]\n\t" + "subs r2, r2, #1\n\t" + "bne L_sha3_arm32_begin_%=\n\t" + "add sp, sp, #0xcc\n\t" + : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) + : + : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + ); +} + +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* WOLFSSL_ARMASM */ + +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index f06ae9284d..4dbfeafad9 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -1,6 +1,6 @@ /* armv8-32-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -9366,7 +9366,7 @@ L_SHA512_transform_neon_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index 32c54d102b..b59668d12a 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -1,6 +1,6 @@ /* armv8-32-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #include #ifdef HAVE_CONFIG_H #include @@ -41,7 +41,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -9159,9 +9159,9 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 871d6b38af..4a3e3dc24f 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -1,6 +1,6 @@ /* armv8-aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,14 +35,29 @@ #if !defined(NO_AES) && defined(WOLFSSL_ARMASM) -#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS) -#define FIPS_NO_WRAPPERS +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif #endif -#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - #include #include + +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000002 }; + int wolfCrypt_FIPS_AES_sanity(void) + { + return 0; + } +#endif + +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #ifdef NO_INLINE #include #else @@ -1517,6 +1532,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, "USHR v7.2d, v7.2d, #56 \n" "# AAD \n" + "CBZ %[a], 20f \n" "CBZ %w[aSz], 20f \n" "MOV w12, %w[aSz] \n" @@ -1687,6 +1703,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, "20: \n" "# Cipher Text \n" + "CBZ %[c], 120f \n" "CBZ %w[cSz], 120f \n" "MOV w12, %w[cSz] \n" @@ -16471,8 +16488,6 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, #else /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#include -#include #ifdef NO_INLINE #include #else diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c index 18dd9e596e..c7de0a265b 100644 --- a/wolfcrypt/src/port/arm/armv8-chacha.c +++ b/wolfcrypt/src/port/arm/armv8-chacha.c @@ -1,6 +1,6 @@ /* armv8-chacha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S index 3f04ce87ad..cf20f60809 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-curve25519.S @@ -1,6 +1,6 @@ /* armv8-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c index c9a98222e3..6af75a632b 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c @@ -1,6 +1,6 @@ /* armv8-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c index d0aab02348..49eec4d04c 100644 --- a/wolfcrypt/src/port/arm/armv8-poly1305.c +++ b/wolfcrypt/src/port/arm/armv8-poly1305.c @@ -1,6 +1,6 @@ /* armv8-poly1305.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,12 +49,12 @@ #include #endif -static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m, - size_t bytes) +static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx, + const unsigned char *m, size_t bytes) { __asm__ __volatile__ ( "CMP %[bytes], %[POLY1305_BLOCK_SIZE] \n\t" - "BLO L_poly1305_16_64_done_%= \n\t" + "BLO L_poly1305_aarch64_16_64_done_%= \n\t" /* Load r and h */ "LDP x21, x23, %[ctx_r] \n\t" "LDR w25, %[ctx_r_4] \n\t" @@ -83,7 +83,7 @@ static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m, "MUL w10, w25, w15 \n\t" "\n" ".align 2 \n\t" - "L_poly1305_16_64_loop_%=: \n\t" + "L_poly1305_aarch64_16_64_loop_%=: \n\t" /* t0 = U8TO64(&m[0]); */ /* t1 = U8TO64(&m[8]); */ "LDP x16, x17, [%[m]], #16 \n\t" @@ -162,7 +162,7 @@ static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m, "AND x5, x19, #0x3ffffff \n\t" "SUB %[bytes], %[bytes], %[POLY1305_BLOCK_SIZE] \n\t" "CMP %[bytes], %[POLY1305_BLOCK_SIZE] \n\t" - "BHS L_poly1305_16_64_loop_%= \n\t" + "BHS L_poly1305_aarch64_16_64_loop_%= \n\t" /* Store h */ "ORR x2, x2, x3, LSL #32 \n\t" "ORR x4, x4, x5, LSL #32 \n\t" @@ -170,7 +170,7 @@ static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m, "STR w6, %[ctx_h_4] \n\t" "\n" ".align 2 \n\t" - "L_poly1305_16_64_done_%=: \n\t" + "L_poly1305_aarch64_16_64_done_%=: \n\t" : [ctx_h] "+m" (ctx->h[0]), [ctx_h_4] "+m" (ctx->h[4]), [bytes] "+r" (bytes), @@ -187,13 +187,13 @@ static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m, ); } -void poly1305_blocks(Poly1305* ctx, const unsigned char *m, - size_t bytes) +void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, + size_t bytes) { __asm__ __volatile__ ( /* If less than 4 blocks to process then use regular method */ "CMP %[bytes], %[POLY1305_BLOCK_SIZE]*4 \n\t" - "BLO L_poly1305_64_done_%= \n\t" + "BLO L_poly1305_aarch64_64_done_%= \n\t" "MOV x9, #0x3ffffff \n\t" /* Load h */ "LDP x20, x22, [%[h]] \n\t" @@ -221,7 +221,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "MOV v26.D[1], x9 \n\t" "DUP v30.4S, v26.S[0] \n\t" "CMP %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t" - "BLO L_poly1305_64_start_block_size_64_%= \n\t" + "BLO L_poly1305_aarch64_64_start_block_size_64_%= \n\t" /* Load r^2 to NEON v0, v1, v2, v3, v4 */ "LD4 { v0.S-v3.S }[2], [%[r_2]], #16 \n\t" "LD1 { v4.S }[2], [%[r_2]] \n\t" @@ -284,7 +284,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "ADD v19.2S, v19.2S, v14.2S \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_loop_128_%=: \n\t" + "L_poly1305_aarch64_64_loop_128_%=: \n\t" /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */ /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */ /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */ @@ -395,7 +395,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "UMLAL2 v25.2D, v14.4S, v0.4S \n\t" /* If less than six message blocks left then leave loop */ "CMP %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t" - "BLS L_poly1305_64_loop_128_final_%= \n\t" + "BLS L_poly1305_aarch64_64_loop_128_final_%= \n\t" /* Load m */ /* Load four message blocks to NEON v10, v11, v12, v13, v14 */ "LD4 { v10.4S-v13.4S }, [%[m]], #64 \n\t" @@ -447,10 +447,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "MOV v17.S[1], v17.S[2] \n\t" "MOV v18.S[1], v18.S[2] \n\t" "MOV v19.S[1], v19.S[2] \n\t" - "B L_poly1305_64_loop_128_%= \n\t" + "B L_poly1305_aarch64_64_loop_128_%= \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_loop_128_final_%=: \n\t" + "L_poly1305_aarch64_64_loop_128_final_%=: \n\t" /* Load m */ /* Load two message blocks to NEON v10, v11, v12, v13, v14 */ "LD2 { v10.2D-v11.2D }, [%[m]], #32 \n\t" @@ -525,12 +525,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "MOV v19.S[1], v19.S[2] \n\t" /* If less than 2 blocks left go straight to final multiplication. */ "CMP %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t" - "BLO L_poly1305_64_last_mult_%= \n\t" - /* Else go to one loop of L_poly1305_64_loop_64 */ - "B L_poly1305_64_loop_64_%= \n\t" + "BLO L_poly1305_aarch64_64_last_mult_%= \n\t" + /* Else go to one loop of L_poly1305_aarch64_64_loop_64 */ + "B L_poly1305_aarch64_64_loop_64_%= \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_start_block_size_64_%=: \n\t" + "L_poly1305_aarch64_64_start_block_size_64_%=: \n\t" /* Load r^2 to NEON v0, v1, v2, v3, v4 */ "LD4R { v0.2S-v3.2S }, [%[r_2]], #16 \n\t" "LD1R { v4.2S }, [%[r_2]] \n\t" @@ -581,7 +581,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "ADD v19.2S, v19.2S, v14.2S \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_loop_64_%=: \n\t" + "L_poly1305_aarch64_64_loop_64_%=: \n\t" /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */ /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */ /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */ @@ -709,10 +709,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "MOV v19.S[1], v19.S[2] \n\t" /* If at least two message blocks left then loop_64 */ "CMP %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t" - "BHS L_poly1305_64_loop_64_%= \n\t" + "BHS L_poly1305_aarch64_64_loop_64_%= \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_last_mult_%=: \n\t" + "L_poly1305_aarch64_64_last_mult_%=: \n\t" /* Load r */ "LD4 { v0.S-v3.S }[1], [%[r]], #16 \n\t" /* Compute h*r^2 */ @@ -849,7 +849,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "SUB %[h], %[h], #16 \n\t" "\n" ".align 2 \n\t" - "L_poly1305_64_done_%=: \n\t" + "L_poly1305_aarch64_64_done_%=: \n\t" : [bytes] "+r" (bytes), [m] "+r" (m), [ctx] "+m" (ctx) @@ -869,12 +869,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "x30" ); - poly1305_blocks_16(ctx, m, bytes); + poly1305_blocks_aarch64_16(ctx, m, bytes); } -void poly1305_block(Poly1305* ctx, const unsigned char *m) +void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m) { - poly1305_blocks_16(ctx, m, POLY1305_BLOCK_SIZE); + poly1305_blocks_aarch64_16(ctx, m, POLY1305_BLOCK_SIZE); } #if defined(POLY130564) @@ -1092,7 +1092,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) for (; i < POLY1305_BLOCK_SIZE; i++) ctx->buffer[i] = 0; ctx->finished = 1; - poly1305_block(ctx, ctx->buffer); + poly1305_block_aarch64(ctx, ctx->buffer); } __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index 37380a3de3..45d4292a54 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -1,6 +1,6 @@ /* armv8-sha256.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,11 +29,24 @@ #ifdef WOLFSSL_ARMASM #if !defined(NO_SHA256) || defined(WOLFSSL_SHA224) -#ifdef HAVE_FIPS -#undef HAVE_FIPS +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif #endif #include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA256_sanity(void) + { + return 0; + } +#endif #include #include diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S index 209ee0cf48..1652f41b4c 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S @@ -1,6 +1,6 @@ /* armv8-sha3-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c index 1f2d040849..bb4114d42b 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c @@ -1,6 +1,6 @@ /* armv8-sha3-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S index 3ff015800b..5ff72c37b7 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S @@ -1,6 +1,6 @@ /* armv8-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c index 027dc8a133..ba7dc82e06 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c @@ -1,6 +1,6 @@ /* armv8-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c index 45806249a8..145f6b5ebb 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512.c +++ b/wolfcrypt/src/port/arm/armv8-sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,11 +28,25 @@ #ifdef WOLFSSL_ARMASM #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) -#ifdef HAVE_FIPS -#undef HAVE_FIPS +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif #endif + #include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000015 }; + int wolfCrypt_FIPS_SHA512_sanity(void) + { + return 0; + } +#endif #include #include @@ -614,7 +628,7 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, #ifdef WOLF_CRYPTO_CB if (sha512->devId != INVALID_DEVID) { ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -656,10 +670,8 @@ void wc_Sha512Free(wc_Sha512* sha512) return; #ifdef WOLFSSL_SMALL_STACK_CACHE - if (sha512->W != NULL) { - XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha512->W = NULL; - } + XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sha512->W = NULL; #endif } @@ -787,10 +799,8 @@ void wc_Sha384Free(wc_Sha384* sha384) return; #ifdef WOLFSSL_SMALL_STACK_CACHE - if (sha384->W != NULL) { - XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha384->W = NULL; - } + XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sha384->W = NULL; #endif } diff --git a/wolfcrypt/src/port/arm/cryptoCell.c b/wolfcrypt/src/port/arm/cryptoCell.c index 1c73349e11..0a9a7cdde5 100644 --- a/wolfcrypt/src/port/arm/cryptoCell.c +++ b/wolfcrypt/src/port/arm/cryptoCell.c @@ -1,6 +1,6 @@ /* cryptoCell.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/cryptoCellHash.c b/wolfcrypt/src/port/arm/cryptoCellHash.c index cf567c2870..bbcd208b05 100644 --- a/wolfcrypt/src/port/arm/cryptoCellHash.c +++ b/wolfcrypt/src/port/arm/cryptoCellHash.c @@ -1,6 +1,6 @@ /* cryptoCellHash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S index 68695a7ea8..34f860884c 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S @@ -1,6 +1,6 @@ /* thumb2-aes-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -670,7 +670,7 @@ L_AES_invert_key_mix_loop: EOR r8, r8, r9, ROR #24 STR r8, [r0], #4 SUBS r11, r11, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_invert_key_mix_loop #else BNE.W L_AES_invert_key_mix_loop @@ -703,13 +703,13 @@ AES_set_encrypt_key: LDR r10, L_AES_Thumb2_te ADR lr, L_AES_Thumb2_rcon CMP r1, #0x80 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_set_encrypt_key_start_128 #else BEQ.W L_AES_set_encrypt_key_start_128 #endif CMP r1, #0xc0 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_set_encrypt_key_start_192 #else BEQ.W L_AES_set_encrypt_key_start_192 @@ -1026,7 +1026,7 @@ L_AES_encrypt_block_nr: EOR r6, r6, r10 EOR r7, r7, r11 SUBS r1, r1, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_encrypt_block_nr #else BNE.W L_AES_encrypt_block_nr @@ -1154,13 +1154,13 @@ AES_ECB_encrypt: LDR r12, [sp, #36] PUSH {r3} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_encrypt_start_block_128 #else BEQ.W L_AES_ECB_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_encrypt_start_block_192 #else BEQ.W L_AES_ECB_encrypt_start_block_192 @@ -1196,7 +1196,7 @@ L_AES_ECB_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_256 #else BNE.W L_AES_ECB_encrypt_loop_block_256 @@ -1238,7 +1238,7 @@ L_AES_ECB_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_192 #else BNE.W L_AES_ECB_encrypt_loop_block_192 @@ -1280,7 +1280,7 @@ L_AES_ECB_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_128 #else BNE.W L_AES_ECB_encrypt_loop_block_128 @@ -1305,13 +1305,13 @@ AES_CBC_encrypt: LDM r9, {r4, r5, r6, r7} PUSH {r3, r9} CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_encrypt_start_block_128 #else BEQ.W L_AES_CBC_encrypt_start_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_encrypt_start_block_192 #else BEQ.W L_AES_CBC_encrypt_start_block_192 @@ -1351,7 +1351,7 @@ L_AES_CBC_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_256 #else BNE.W L_AES_CBC_encrypt_loop_block_256 @@ -1397,7 +1397,7 @@ L_AES_CBC_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_192 #else BNE.W L_AES_CBC_encrypt_loop_block_192 @@ -1443,7 +1443,7 @@ L_AES_CBC_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_128 #else BNE.W L_AES_CBC_encrypt_loop_block_128 @@ -1474,13 +1474,13 @@ AES_CTR_encrypt: STM r8, {r4, r5, r6, r7} PUSH {r3, r8} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CTR_encrypt_start_block_128 #else BEQ.W L_AES_CTR_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CTR_encrypt_start_block_192 #else BEQ.W L_AES_CTR_encrypt_start_block_192 @@ -1524,12 +1524,12 @@ L_AES_CTR_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_256 #else BNE.W L_AES_CTR_encrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CTR_encrypt_end #else B.W L_AES_CTR_encrypt_end @@ -1574,12 +1574,12 @@ L_AES_CTR_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_192 #else BNE.W L_AES_CTR_encrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CTR_encrypt_end #else B.W L_AES_CTR_encrypt_end @@ -1624,7 +1624,7 @@ L_AES_CTR_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_128 #else BNE.W L_AES_CTR_encrypt_loop_block_128 @@ -1750,7 +1750,7 @@ L_AES_decrypt_block_nr: EOR r6, r6, r10 EOR r7, r7, r11 SUBS r1, r1, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_decrypt_block_nr #else BNE.W L_AES_decrypt_block_nr @@ -2138,13 +2138,13 @@ AES_ECB_decrypt: MOV r12, r2 ADR r2, L_AES_Thumb2_td4 CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_decrypt_start_block_128 #else BEQ.W L_AES_ECB_decrypt_start_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_decrypt_start_block_192 #else BEQ.W L_AES_ECB_decrypt_start_block_192 @@ -2179,7 +2179,7 @@ L_AES_ECB_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_256 #else BNE.W L_AES_ECB_decrypt_loop_block_256 @@ -2220,7 +2220,7 @@ L_AES_ECB_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_192 #else BNE.W L_AES_ECB_decrypt_loop_block_192 @@ -2261,7 +2261,7 @@ L_AES_ECB_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_128 #else BNE.W L_AES_ECB_decrypt_loop_block_128 @@ -2286,13 +2286,13 @@ AES_CBC_decrypt: ADR r2, L_AES_Thumb2_td4 PUSH {r3, r4} CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_loop_block_128 #else BEQ.W L_AES_CBC_decrypt_loop_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_loop_block_192 #else BEQ.W L_AES_CBC_decrypt_loop_block_192 @@ -2337,7 +2337,7 @@ L_AES_CBC_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2382,12 +2382,12 @@ L_AES_CBC_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_256 #else BNE.W L_AES_CBC_decrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CBC_decrypt_end #else B.W L_AES_CBC_decrypt_end @@ -2432,7 +2432,7 @@ L_AES_CBC_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2477,12 +2477,12 @@ L_AES_CBC_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_192 #else BNE.W L_AES_CBC_decrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CBC_decrypt_end #else B.W L_AES_CBC_decrypt_end @@ -2527,7 +2527,7 @@ L_AES_CBC_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2572,7 +2572,7 @@ L_AES_CBC_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_128 #else BNE.W L_AES_CBC_decrypt_loop_block_128 @@ -3170,7 +3170,7 @@ L_GCM_gmult_len_start_block: POP {r3} SUBS r3, r3, #0x10 ADD r2, r2, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_GCM_gmult_len_start_block #else BNE.W L_GCM_gmult_len_start_block @@ -3202,13 +3202,13 @@ AES_GCM_encrypt: STM r8, {r4, r5, r6, r7} PUSH {r3, r8} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_GCM_encrypt_start_block_128 #else BEQ.W L_AES_GCM_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_GCM_encrypt_start_block_192 #else BEQ.W L_AES_GCM_encrypt_start_block_192 @@ -3249,12 +3249,12 @@ L_AES_GCM_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_256 #else BNE.W L_AES_GCM_encrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_GCM_encrypt_end #else B.W L_AES_GCM_encrypt_end @@ -3296,12 +3296,12 @@ L_AES_GCM_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_192 #else BNE.W L_AES_GCM_encrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_GCM_encrypt_end #else B.W L_AES_GCM_encrypt_end @@ -3343,7 +3343,7 @@ L_AES_GCM_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_128 #else BNE.W L_AES_GCM_encrypt_loop_block_128 diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c index fc4be05f8b..ddf9d11412 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -1,6 +1,6 @@ /* thumb2-aes-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,19 +28,12 @@ #include #endif /* HAVE_CONFIG_H */ #include +#include #ifdef WOLFSSL_ARMASM #if !defined(__aarch64__) && defined(__thumb__) -#include -#ifdef HAVE_CONFIG_H - #include -#endif /* HAVE_CONFIG_H */ -#include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -218,23 +211,33 @@ void AES_invert_key(unsigned char* ks, word32 rounds) "ADD r10, %[ks], %[rounds], LSL #4\n\t" "MOV r11, %[rounds]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_invert_key_loop:\n\t" +#else + "L_AES_invert_key_loop_%=:\n\t" +#endif "LDM %[ks], {r2, r3, r4, r5}\n\t" "LDM r10, {r6, r7, r8, r9}\n\t" "STM r10, {r2, r3, r4, r5}\n\t" "STM %[ks]!, {r6, r7, r8, r9}\n\t" "SUBS r11, r11, #0x2\n\t" "SUB r10, r10, #0x10\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_invert_key_loop\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_invert_key_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_AES_invert_key_loop\n\t" +#else + "BNE.N L_AES_invert_key_loop_%=\n\t" #endif "SUB %[ks], %[ks], %[rounds], LSL #3\n\t" "ADD %[ks], %[ks], #0x10\n\t" "SUB r11, %[rounds], #0x1\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_invert_key_mix_loop:\n\t" +#else + "L_AES_invert_key_mix_loop_%=:\n\t" +#endif "LDM %[ks], {r2, r3, r4, r5}\n\t" "UBFX r6, r2, #0, #8\n\t" "UBFX r7, r2, #8, #8\n\t" @@ -301,10 +304,12 @@ void AES_invert_key(unsigned char* ks, word32 rounds) "EOR r8, r8, r9, ROR #24\n\t" "STR r8, [%[ks]], #4\n\t" "SUBS r11, r11, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_invert_key_mix_loop\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_invert_key_mix_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_invert_key_mix_loop\n\t" +#else + "BNE.W L_AES_invert_key_mix_loop_%=\n\t" #endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [ks] "+r" (ks), [rounds] "+r" (rounds), @@ -346,16 +351,20 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "MOV r10, %[L_AES_Thumb2_te]\n\t" "MOV lr, %[L_AES_Thumb2_rcon]\n\t" "CMP %[len], #0x80\n\t" -#ifdef __GNUC__ - "BEQ L_AES_set_encrypt_key_start_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_set_encrypt_key_start_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_set_encrypt_key_start_128\n\t" +#else + "BEQ.W L_AES_set_encrypt_key_start_128_%=\n\t" #endif "CMP %[len], #0xc0\n\t" -#ifdef __GNUC__ - "BEQ L_AES_set_encrypt_key_start_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_set_encrypt_key_start_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_set_encrypt_key_start_192\n\t" +#else + "BEQ.W L_AES_set_encrypt_key_start_192_%=\n\t" #endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" @@ -378,7 +387,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "SUB %[ks], %[ks], #0x10\n\t" "MOV r12, #0x6\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_loop_256:\n\t" +#else + "L_AES_set_encrypt_key_loop_256_%=:\n\t" +#endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" "UBFX r6, r7, #16, #8\n\t" @@ -421,10 +434,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "STM %[ks], {r4, r5, r6, r7}\n\t" "SUB %[ks], %[ks], #0x10\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_AES_set_encrypt_key_loop_256\n\t" +#else + "BNE.N L_AES_set_encrypt_key_loop_256_%=\n\t" #endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" @@ -447,13 +462,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "ADD %[ks], %[ks], #0x10\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" "SUB %[ks], %[ks], #0x10\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_set_encrypt_key_end\n\t" -#else +#if defined(__GNUC__) + "B L_AES_set_encrypt_key_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_set_encrypt_key_end\n\t" +#else + "B.N L_AES_set_encrypt_key_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_start_192:\n\t" +#else + "L_AES_set_encrypt_key_start_192_%=:\n\t" +#endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" "LDR r6, [%[key], #8]\n\t" @@ -471,7 +492,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "MOV r7, r9\n\t" "MOV r12, #0x7\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_loop_192:\n\t" +#else + "L_AES_set_encrypt_key_loop_192_%=:\n\t" +#endif "UBFX r4, r9, #0, #8\n\t" "UBFX r5, r9, #8, #8\n\t" "UBFX r6, r9, #16, #8\n\t" @@ -494,10 +519,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r9, r9, r8\n\t" "STM %[ks], {r4, r5, r6, r7, r8, r9}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_AES_set_encrypt_key_loop_192\n\t" +#else + "BNE.N L_AES_set_encrypt_key_loop_192_%=\n\t" #endif "UBFX r4, r9, #0, #8\n\t" "UBFX r5, r9, #8, #8\n\t" @@ -518,13 +545,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r6, r6, r5\n\t" "EOR r7, r7, r6\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_set_encrypt_key_end\n\t" -#else +#if defined(__GNUC__) + "B L_AES_set_encrypt_key_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_set_encrypt_key_end\n\t" +#else + "B.N L_AES_set_encrypt_key_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_start_128:\n\t" +#else + "L_AES_set_encrypt_key_start_128_%=:\n\t" +#endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" "LDR r6, [%[key], #8]\n\t" @@ -536,7 +569,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "STM %[ks], {r4, r5, r6, r7}\n\t" "MOV r12, #0xa\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_loop_128:\n\t" +#else + "L_AES_set_encrypt_key_loop_128_%=:\n\t" +#endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" "UBFX r6, r7, #16, #8\n\t" @@ -557,13 +594,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r7, r7, r6\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_AES_set_encrypt_key_loop_128\n\t" +#else + "BNE.N L_AES_set_encrypt_key_loop_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_set_encrypt_key_end:\n\t" +#else + "L_AES_set_encrypt_key_end_%=:\n\t" +#endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c) @@ -593,7 +636,11 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) __asm__ __volatile__ ( "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_encrypt_block_nr:\n\t" +#else + "L_AES_encrypt_block_nr_%=:\n\t" +#endif "UBFX r8, r5, #16, #8\n\t" "LSR r11, r4, #24\n\t" "UBFX lr, r6, #8, #8\n\t" @@ -695,10 +742,12 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "SUBS %[nr], %[nr], #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_encrypt_block_nr\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_encrypt_block_nr_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_encrypt_block_nr\n\t" +#else + "BNE.W L_AES_encrypt_block_nr_%=\n\t" #endif "UBFX r8, r5, #16, #8\n\t" "LSR r11, r4, #24\n\t" @@ -837,19 +886,27 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ "PUSH {%[ks]}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_encrypt_start_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_ECB_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_ECB_encrypt_start_block_128\n\t" +#else + "BEQ.W L_AES_ECB_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_encrypt_start_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_ECB_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_ECB_encrypt_start_block_192\n\t" +#else + "BEQ.W L_AES_ECB_encrypt_start_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_loop_block_256:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_256_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -880,20 +937,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_encrypt_loop_block_256\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_encrypt_end\n\t" #else + "BNE.W L_AES_ECB_encrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_ECB_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_ECB_encrypt_end\n\t" +#else + "B.N L_AES_ECB_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_start_block_192:\n\t" +#else + "L_AES_ECB_encrypt_start_block_192_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_loop_block_192:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_192_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -924,20 +993,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_encrypt_loop_block_192\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_encrypt_end\n\t" #else + "BNE.W L_AES_ECB_encrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_ECB_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_ECB_encrypt_end\n\t" +#else + "B.N L_AES_ECB_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_start_block_128:\n\t" +#else + "L_AES_ECB_encrypt_start_block_128_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_loop_block_128:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_128_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -968,13 +1049,19 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_encrypt_loop_block_128\n\t" +#else + "BNE.W L_AES_ECB_encrypt_loop_block_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_encrypt_end:\n\t" +#else + "L_AES_ECB_encrypt_end_%=:\n\t" +#endif "POP {%[ks]}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), @@ -1028,19 +1115,27 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "LDM r9, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r9}\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_encrypt_start_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_encrypt_start_block_128\n\t" +#else + "BEQ.W L_AES_CBC_encrypt_start_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_encrypt_start_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_encrypt_start_block_192\n\t" +#else + "BEQ.W L_AES_CBC_encrypt_start_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_loop_block_256:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_256_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1075,20 +1170,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_encrypt_loop_block_256\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_encrypt_end\n\t" #else + "BNE.W L_AES_CBC_encrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CBC_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_CBC_encrypt_end\n\t" +#else + "B.N L_AES_CBC_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_start_block_192:\n\t" +#else + "L_AES_CBC_encrypt_start_block_192_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_loop_block_192:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_192_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1123,20 +1230,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_encrypt_loop_block_192\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_encrypt_end\n\t" #else + "BNE.W L_AES_CBC_encrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CBC_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_CBC_encrypt_end\n\t" +#else + "B.N L_AES_CBC_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_start_block_128:\n\t" +#else + "L_AES_CBC_encrypt_start_block_128_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_loop_block_128:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_128_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1171,13 +1290,19 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_encrypt_loop_block_128\n\t" +#else + "BNE.W L_AES_CBC_encrypt_loop_block_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_encrypt_end:\n\t" +#else + "L_AES_CBC_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r9}\n\t" "STM r9, {r4, r5, r6, r7}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1240,19 +1365,27 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "STM r8, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r8}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CTR_encrypt_start_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CTR_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CTR_encrypt_start_block_128\n\t" +#else + "BEQ.W L_AES_CTR_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CTR_encrypt_start_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CTR_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CTR_encrypt_start_block_192\n\t" +#else + "BEQ.W L_AES_CTR_encrypt_start_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_loop_block_256:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1291,20 +1424,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CTR_encrypt_loop_block_256\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_CTR_encrypt_end\n\t" #else + "BNE.W L_AES_CTR_encrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CTR_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_CTR_encrypt_end\n\t" +#else + "B.W L_AES_CTR_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_start_block_192:\n\t" +#else + "L_AES_CTR_encrypt_start_block_192_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_loop_block_192:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1343,20 +1488,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CTR_encrypt_loop_block_192\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_CTR_encrypt_end\n\t" #else + "BNE.W L_AES_CTR_encrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CTR_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_CTR_encrypt_end\n\t" +#else + "B.W L_AES_CTR_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_start_block_128:\n\t" +#else + "L_AES_CTR_encrypt_start_block_128_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_loop_block_128:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1395,13 +1552,19 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CTR_encrypt_loop_block_128\n\t" +#else + "BNE.W L_AES_CTR_encrypt_loop_block_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CTR_encrypt_end:\n\t" +#else + "L_AES_CTR_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r8}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -1445,7 +1608,11 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) __asm__ __volatile__ ( "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_decrypt_block_nr:\n\t" +#else + "L_AES_decrypt_block_nr_%=:\n\t" +#endif "UBFX r8, r7, #16, #8\n\t" "LSR r11, r4, #24\n\t" "UBFX r12, r6, #8, #8\n\t" @@ -1547,10 +1714,12 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "SUBS %[nr], %[nr], #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_decrypt_block_nr\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_decrypt_block_nr_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_decrypt_block_nr\n\t" +#else + "BNE.W L_AES_decrypt_block_nr_%=\n\t" #endif "UBFX r8, r7, #16, #8\n\t" "LSR r11, r4, #24\n\t" @@ -1724,19 +1893,27 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "MOV r12, %[len]\n\t" "MOV r2, %[L_AES_Thumb2_td4]\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_decrypt_start_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_ECB_decrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_ECB_decrypt_start_block_128\n\t" +#else + "BEQ.W L_AES_ECB_decrypt_start_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_decrypt_start_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_ECB_decrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_ECB_decrypt_start_block_192\n\t" +#else + "BEQ.W L_AES_ECB_decrypt_start_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_loop_block_256:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_256_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1766,20 +1943,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_decrypt_loop_block_256\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_decrypt_end\n\t" #else + "BNE.W L_AES_ECB_decrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_ECB_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_ECB_decrypt_end\n\t" +#else + "B.N L_AES_ECB_decrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_start_block_192:\n\t" +#else + "L_AES_ECB_decrypt_start_block_192_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_loop_block_192:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_192_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1809,20 +1998,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_decrypt_loop_block_192\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_decrypt_end\n\t" #else + "BNE.W L_AES_ECB_decrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_ECB_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_ECB_decrypt_end\n\t" +#else + "B.N L_AES_ECB_decrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_start_block_128:\n\t" +#else + "L_AES_ECB_decrypt_start_block_128_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_loop_block_128:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_128_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1852,13 +2053,19 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_ECB_decrypt_loop_block_128\n\t" +#else + "BNE.W L_AES_ECB_decrypt_loop_block_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_ECB_decrypt_end:\n\t" +#else + "L_AES_ECB_decrypt_end_%=:\n\t" +#endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c) @@ -1913,19 +2120,27 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "MOV r2, %[L_AES_Thumb2_td4]\n\t" "PUSH {%[ks], r4}\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_decrypt_loop_block_128\n\t" +#else + "BEQ.W L_AES_CBC_decrypt_loop_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_decrypt_loop_block_192\n\t" +#else + "BEQ.W L_AES_CBC_decrypt_loop_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_decrypt_loop_block_256:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -1965,10 +2180,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" +#else + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2010,18 +2227,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_decrypt_loop_block_256\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_CBC_decrypt_end\n\t" #else + "BNE.W L_AES_CBC_decrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_CBC_decrypt_end\n\t" +#else + "B.W L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_decrypt_loop_block_192:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -2061,10 +2286,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" +#else + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2106,18 +2333,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_decrypt_loop_block_192\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_CBC_decrypt_end\n\t" #else + "BNE.W L_AES_CBC_decrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_CBC_decrypt_end\n\t" +#else + "B.W L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_decrypt_loop_block_128:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -2157,10 +2392,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" +#else + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2202,25 +2439,37 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_CBC_decrypt_loop_block_128\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_decrypt_end\n\t" #else + "BNE.W L_AES_CBC_decrypt_loop_block_128_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_AES_CBC_decrypt_end\n\t" +#else + "B.N L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_decrypt_end_odd:\n\t" +#else + "L_AES_CBC_decrypt_end_odd_%=:\n\t" +#endif "LDR r4, [sp, #4]\n\t" "LDRD r8, r9, [r4, #16]\n\t" "LDRD r10, r11, [r4, #24]\n\t" "STRD r8, r9, [r4]\n\t" "STRD r10, r11, [r4, #8]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_CBC_decrypt_end:\n\t" +#else + "L_AES_CBC_decrypt_end_%=:\n\t" +#endif "POP {%[ks], r4}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), @@ -2271,7 +2520,11 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha __asm__ __volatile__ ( "MOV lr, %[L_GCM_gmult_len_r]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_GCM_gmult_len_start_block:\n\t" +#else + "L_GCM_gmult_len_start_block_%=:\n\t" +#endif "PUSH {r3}\n\t" "LDR r12, [r0, #12]\n\t" "LDR %[len], [r2, #12]\n\t" @@ -2816,10 +3069,12 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha "POP {r3}\n\t" "SUBS %[len], %[len], #0x10\n\t" "ADD %[data], %[data], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_GCM_gmult_len_start_block\n\t" -#else +#if defined(__GNUC__) + "BNE L_GCM_gmult_len_start_block_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_GCM_gmult_len_start_block\n\t" +#else + "BNE.W L_GCM_gmult_len_start_block_%=\n\t" #endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), @@ -2874,19 +3129,27 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "STM r8, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r8}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_GCM_encrypt_start_block_128\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_GCM_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_GCM_encrypt_start_block_128\n\t" +#else + "BEQ.W L_AES_GCM_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_GCM_encrypt_start_block_192\n\t" -#else +#if defined(__GNUC__) + "BEQ L_AES_GCM_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.W L_AES_GCM_encrypt_start_block_192\n\t" +#else + "BEQ.W L_AES_GCM_encrypt_start_block_192_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_loop_block_256:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -2922,20 +3185,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_256\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_GCM_encrypt_loop_block_256\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_GCM_encrypt_end\n\t" #else + "BNE.W L_AES_GCM_encrypt_loop_block_256_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_GCM_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_GCM_encrypt_end\n\t" +#else + "B.W L_AES_GCM_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_start_block_192:\n\t" +#else + "L_AES_GCM_encrypt_start_block_192_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_loop_block_192:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -2971,20 +3246,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_192\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_GCM_encrypt_loop_block_192\n\t" -#endif -#ifdef __GNUC__ - "B L_AES_GCM_encrypt_end\n\t" #else + "BNE.W L_AES_GCM_encrypt_loop_block_192_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_AES_GCM_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.W L_AES_GCM_encrypt_end\n\t" +#else + "B.W L_AES_GCM_encrypt_end_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_start_block_128:\n\t" +#else + "L_AES_GCM_encrypt_start_block_128_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_loop_block_128:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -3020,13 +3307,19 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_128\n\t" -#else +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_AES_GCM_encrypt_loop_block_128\n\t" +#else + "BNE.W L_AES_GCM_encrypt_loop_block_128_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_AES_GCM_encrypt_end:\n\t" +#else + "L_AES_GCM_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r8}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -3056,7 +3349,4 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* !NO_AES */ #endif /* !__aarch64__ && __thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__thumb__) */ -#endif /* WOLFSSL_ARMASM */ - #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S index e6b5dcf5d2..42da2f45f1 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519.S +++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S @@ -1,6 +1,6 @@ /* thumb2-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2741,7 +2741,7 @@ L_curve25519_bits: LDR r1, [sp, #180] SUBS r1, r1, #0x1 STR r1, [sp, #180] -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BGE L_curve25519_bits #else BGE.W L_curve25519_bits @@ -2750,7 +2750,7 @@ L_curve25519_bits: STR r1, [sp, #180] SUBS r2, r2, #0x4 STR r2, [sp, #176] -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BGE L_curve25519_words #else BGE.W L_curve25519_words diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index 0457266c09..21ad67bac3 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -1,6 +1,6 @@ /* thumb2-curve25519 * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,19 +28,12 @@ #include #endif /* HAVE_CONFIG_H */ #include +#include #ifdef WOLFSSL_ARMASM #if !defined(__aarch64__) && defined(__thumb__) -#include -#ifdef HAVE_CONFIG_H - #include -#endif /* HAVE_CONFIG_H */ -#include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -2796,9 +2789,17 @@ int curve25519(byte* r, const byte* n, const byte* a) "MOV %[a], #0x1c\n\t" "STR %[a], [sp, #176]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_words:\n\t" +#else + "L_curve25519_words_%=:\n\t" +#endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_bits:\n\t" +#else + "L_curve25519_bits_%=:\n\t" +#endif "LDR %[n], [sp, #164]\n\t" "LDR %[a], [%[n], r2]\n\t" "LDR %[n], [sp, #180]\n\t" @@ -2978,19 +2979,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "LDR %[n], [sp, #180]\n\t" "SUBS %[n], %[n], #0x1\n\t" "STR %[n], [sp, #180]\n\t" -#ifdef __GNUC__ - "BGE L_curve25519_bits\n\t" -#else +#if defined(__GNUC__) + "BGE L_curve25519_bits_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGE.W L_curve25519_bits\n\t" +#else + "BGE.W L_curve25519_bits_%=\n\t" #endif "MOV %[n], #0x1f\n\t" "STR %[n], [sp, #180]\n\t" "SUBS %[a], %[a], #0x4\n\t" "STR %[a], [sp, #176]\n\t" -#ifdef __GNUC__ - "BGE L_curve25519_words\n\t" -#else +#if defined(__GNUC__) + "BGE L_curve25519_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGE.W L_curve25519_words\n\t" +#else + "BGE.W L_curve25519_words_%=\n\t" #endif /* Invert */ "ADD r1, sp, #0x0\n\t" @@ -3022,17 +3027,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_1:\n\t" +#else + "L_curve25519_inv_1_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_1\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_1\n\t" +#else + "BNE.N L_curve25519_inv_1_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3043,17 +3054,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_2:\n\t" +#else + "L_curve25519_inv_2_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_2\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_2\n\t" +#else + "BNE.N L_curve25519_inv_2_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3064,17 +3081,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_3:\n\t" +#else + "L_curve25519_inv_3_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_3\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_3\n\t" +#else + "BNE.N L_curve25519_inv_3_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3082,17 +3105,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_4:\n\t" +#else + "L_curve25519_inv_4_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_4\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_4\n\t" +#else + "BNE.N L_curve25519_inv_4_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3103,17 +3132,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_5:\n\t" +#else + "L_curve25519_inv_5_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_5\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_5\n\t" +#else + "BNE.N L_curve25519_inv_5_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3124,17 +3159,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_6:\n\t" +#else + "L_curve25519_inv_6_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_6\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_6\n\t" +#else + "BNE.N L_curve25519_inv_6_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3142,17 +3183,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_7:\n\t" +#else + "L_curve25519_inv_7_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_7\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_7\n\t" +#else + "BNE.N L_curve25519_inv_7_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3160,17 +3207,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_8:\n\t" +#else + "L_curve25519_inv_8_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_8\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_8\n\t" +#else + "BNE.N L_curve25519_inv_8_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3234,7 +3287,11 @@ int curve25519(byte* r, const byte* n, const byte* a) "STM r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "MOV %[a], #0xfe\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_bits:\n\t" +#else + "L_curve25519_bits_%=:\n\t" +#endif "STR %[a], [sp, #168]\n\t" "LDR %[n], [sp, #160]\n\t" "AND r4, %[a], #0x1f\n\t" @@ -3319,10 +3376,12 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "LDR %[a], [sp, #168]\n\t" "SUBS %[a], %[a], #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGE L_curve25519_bits\n\t" -#else +#if defined(__GNUC__) + "BGE L_curve25519_bits_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGE.N L_curve25519_bits\n\t" +#else + "BGE.N L_curve25519_bits_%=\n\t" #endif /* Cycle Count: 171 */ "LDR %[n], [sp, #184]\n\t" @@ -3359,17 +3418,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_1:\n\t" +#else + "L_curve25519_inv_1_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_1\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_1\n\t" +#else + "BNE.N L_curve25519_inv_1_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3380,17 +3445,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_2:\n\t" +#else + "L_curve25519_inv_2_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_2\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_2\n\t" +#else + "BNE.N L_curve25519_inv_2_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3401,17 +3472,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_3:\n\t" +#else + "L_curve25519_inv_3_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_3\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_3\n\t" +#else + "BNE.N L_curve25519_inv_3_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3419,17 +3496,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_4:\n\t" +#else + "L_curve25519_inv_4_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_4\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_4\n\t" +#else + "BNE.N L_curve25519_inv_4_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3440,17 +3523,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_5:\n\t" +#else + "L_curve25519_inv_5_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_5\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_5\n\t" +#else + "BNE.N L_curve25519_inv_5_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3461,17 +3550,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_6:\n\t" +#else + "L_curve25519_inv_6_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_6\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_6\n\t" +#else + "BNE.N L_curve25519_inv_6_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3479,17 +3574,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_7:\n\t" +#else + "L_curve25519_inv_7_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_7\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_7\n\t" +#else + "BNE.N L_curve25519_inv_7_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3497,17 +3598,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_curve25519_inv_8:\n\t" +#else + "L_curve25519_inv_8_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_8\n\t" -#else +#if defined(__GNUC__) + "BNE L_curve25519_inv_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_curve25519_inv_8\n\t" +#else + "BNE.N L_curve25519_inv_8_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3589,17 +3696,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert1:\n\t" +#else + "L_fe_invert1_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert1\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert1\n\t" +#else + "BNE.N L_fe_invert1_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3610,17 +3723,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert2:\n\t" +#else + "L_fe_invert2_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert2\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert2\n\t" +#else + "BNE.N L_fe_invert2_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3631,17 +3750,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert3:\n\t" +#else + "L_fe_invert3_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert3\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert3\n\t" +#else + "BNE.N L_fe_invert3_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3649,17 +3774,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert4:\n\t" +#else + "L_fe_invert4_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert4\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert4\n\t" +#else + "BNE.N L_fe_invert4_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3670,17 +3801,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert5:\n\t" +#else + "L_fe_invert5_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert5\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert5\n\t" +#else + "BNE.N L_fe_invert5_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3691,17 +3828,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert6:\n\t" +#else + "L_fe_invert6_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert6\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert6\n\t" +#else + "BNE.N L_fe_invert6_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3709,17 +3852,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert7:\n\t" +#else + "L_fe_invert7_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert7\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert7\n\t" +#else + "BNE.N L_fe_invert7_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3727,17 +3876,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_invert8:\n\t" +#else + "L_fe_invert8_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert8\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_invert8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_invert8\n\t" +#else + "BNE.N L_fe_invert8_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4275,17 +4430,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_1:\n\t" +#else + "L_fe_pow22523_1_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_1\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_1\n\t" +#else + "BNE.N L_fe_pow22523_1_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4296,17 +4457,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_2:\n\t" +#else + "L_fe_pow22523_2_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_2\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_2\n\t" +#else + "BNE.N L_fe_pow22523_2_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4317,17 +4484,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_3:\n\t" +#else + "L_fe_pow22523_3_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_3\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_3\n\t" +#else + "BNE.N L_fe_pow22523_3_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -4335,17 +4508,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_4:\n\t" +#else + "L_fe_pow22523_4_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_4\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_4\n\t" +#else + "BNE.N L_fe_pow22523_4_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4356,17 +4535,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_5:\n\t" +#else + "L_fe_pow22523_5_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_5\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_5\n\t" +#else + "BNE.N L_fe_pow22523_5_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4377,17 +4562,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_6:\n\t" +#else + "L_fe_pow22523_6_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_6\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_6\n\t" +#else + "BNE.N L_fe_pow22523_6_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -4395,17 +4586,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_7:\n\t" +#else + "L_fe_pow22523_7_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_7\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_7\n\t" +#else + "BNE.N L_fe_pow22523_7_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4413,17 +4610,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x2\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_fe_pow22523_8:\n\t" +#else + "L_fe_pow22523_8_%=:\n\t" +#endif "MOV r1, sp\n\t" "MOV r0, sp\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_8\n\t" -#else +#if defined(__GNUC__) + "BNE L_fe_pow22523_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_fe_pow22523_8\n\t" +#else + "BNE.N L_fe_pow22523_8_%=\n\t" #endif "LDR r2, [sp, #100]\n\t" "MOV r1, sp\n\t" @@ -6904,7 +7107,4 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ #endif /* !__aarch64__ && __thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__thumb__) */ -#endif /* WOLFSSL_ARMASM */ - #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S index 30d8dc76b5..4809afbc7d 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S @@ -1,6 +1,6 @@ /* thumb2-sha256-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -925,7 +925,7 @@ L_SHA256_transform_len_start: STR r9, [sp, #60] ADD r3, r3, #0x40 SUBS r12, r12, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA256_transform_len_start #else BNE.W L_SHA256_transform_len_start @@ -1470,7 +1470,7 @@ L_SHA256_transform_len_start: SUBS r2, r2, #0x40 SUB r3, r3, #0xc0 ADD r1, r1, #0x40 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA256_transform_len_begin #else BNE.W L_SHA256_transform_len_begin diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c index 93f8078ad5..903b58e3d0 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c @@ -1,6 +1,6 @@ /* thumb2-sha256-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,19 +28,12 @@ #include #endif /* HAVE_CONFIG_H */ #include +#include #ifdef WOLFSSL_ARMASM #if !defined(__aarch64__) && defined(__thumb__) -#include -#ifdef HAVE_CONFIG_H - #include -#endif /* HAVE_CONFIG_H */ -#include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -101,7 +94,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "STRD r10, r11, [sp, #88]\n\t" /* Start of loop processing a block */ "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_SHA256_transform_len_begin:\n\t" +#else + "L_SHA256_transform_len_begin_%=:\n\t" +#endif /* Load, Reverse and Store W - 64 bytes */ "LDR r4, [%[data]]\n\t" "LDR r5, [%[data], #4]\n\t" @@ -149,7 +146,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "MOV r12, #0x3\n\t" /* Start of 16 rounds */ "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_SHA256_transform_len_start:\n\t" +#else + "L_SHA256_transform_len_start_%=:\n\t" +#endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" "LDR r6, [%[sha256], #20]\n\t" @@ -904,10 +905,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "STR r9, [sp, #60]\n\t" "ADD r3, r3, #0x40\n\t" "SUBS r12, r12, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_SHA256_transform_len_start\n\t" -#else +#if defined(__GNUC__) + "BNE L_SHA256_transform_len_start_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_SHA256_transform_len_start\n\t" +#else + "BNE.W L_SHA256_transform_len_start_%=\n\t" #endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" @@ -1449,10 +1452,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "SUBS %[len], %[len], #0x40\n\t" "SUB r3, r3, #0xc0\n\t" "ADD %[data], %[data], #0x40\n\t" -#ifdef __GNUC__ - "BNE L_SHA256_transform_len_begin\n\t" -#else +#if defined(__GNUC__) + "BNE L_SHA256_transform_len_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_SHA256_transform_len_begin\n\t" +#else + "BNE.W L_SHA256_transform_len_begin_%=\n\t" #endif "ADD sp, sp, #0xc0\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1472,7 +1477,4 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) #endif /* !NO_SHA256 */ #endif /* !__aarch64__ && __thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__thumb__) */ -#endif /* WOLFSSL_ARMASM */ - #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S new file mode 100644 index 0000000000..de12f723c0 --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S @@ -0,0 +1,1176 @@ +/* thumb2-sha3-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE + .thumb + .syntax unified +#ifdef WOLFSSL_SHA3 + .text + .type L_sha3_thumb2_rt, %object + .size L_sha3_thumb2_rt, 192 + .align 8 +L_sha3_thumb2_rt: + .word 0x1 + .word 0x0 + .word 0x8082 + .word 0x0 + .word 0x808a + .word 0x80000000 + .word 0x80008000 + .word 0x80000000 + .word 0x808b + .word 0x0 + .word 0x80000001 + .word 0x0 + .word 0x80008081 + .word 0x80000000 + .word 0x8009 + .word 0x80000000 + .word 0x8a + .word 0x0 + .word 0x88 + .word 0x0 + .word 0x80008009 + .word 0x0 + .word 0x8000000a + .word 0x0 + .word 0x8000808b + .word 0x0 + .word 0x8b + .word 0x80000000 + .word 0x8089 + .word 0x80000000 + .word 0x8003 + .word 0x80000000 + .word 0x8002 + .word 0x80000000 + .word 0x80 + .word 0x80000000 + .word 0x800a + .word 0x0 + .word 0x8000000a + .word 0x80000000 + .word 0x80008081 + .word 0x80000000 + .word 0x8080 + .word 0x80000000 + .word 0x80000001 + .word 0x0 + .word 0x80008008 + .word 0x80000000 + .text + .align 4 + .globl BlockSha3 + .type BlockSha3, %function +BlockSha3: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + SUB sp, sp, #0xcc + ADR r1, L_sha3_thumb2_rt + MOV r2, #0xc +L_sha3_thumb2_begin: + STR r2, [sp, #200] + /* Round even */ + /* Calc b[4] */ + LDRD r4, r5, [r0, #32] + LDRD r6, r7, [r0, #72] + LDRD r8, r9, [r0, #112] + LDRD r10, r11, [r0, #152] + LDR r12, [r0, #192] + LDR lr, [r0, #196] + EOR r2, r4, r6 + EOR r3, r5, r7 + EOR r2, r2, r8 + EOR r3, r3, r9 + EOR r2, r2, r10 + EOR r3, r3, r11 + EOR r2, r2, r12 + EOR r3, r3, lr + STRD r2, r3, [sp, #32] + /* Calc b[1] */ + LDRD r4, r5, [r0, #8] + LDRD r6, r7, [r0, #48] + LDRD r8, r9, [r0, #88] + LDRD r10, r11, [r0, #128] + LDR r12, [r0, #168] + LDR lr, [r0, #172] + EOR r4, r4, r6 + EOR r5, r5, r7 + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r4, r4, r10 + EOR r5, r5, r11 + EOR r4, r4, r12 + EOR r5, r5, lr + STRD r4, r5, [sp, #8] + /* Calc t[0] */ + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* Calc b[0] and XOR t[0] into s[x*5+0] */ + LDRD r4, r5, [r0] + LDRD r6, r7, [r0, #40] + LDRD r8, r9, [r0, #80] + LDRD r10, r11, [r0, #120] + EOR r12, r4, r6 + EOR lr, r5, r7 + EOR r12, r12, r8 + EOR lr, lr, r9 + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r4, r5, [r0] + STRD r6, r7, [r0, #40] + STRD r8, r9, [r0, #80] + STRD r10, r11, [r0, #120] + LDRD r10, r11, [r0, #160] + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r10, r11, [r0, #160] + STR r12, [sp] + STR lr, [sp, #4] + /* Calc b[3] */ + LDRD r4, r5, [r0, #24] + LDRD r6, r7, [r0, #64] + LDRD r8, r9, [r0, #104] + LDRD r10, r11, [r0, #144] + LDR r12, [r0, #184] + LDR lr, [r0, #188] + EOR r4, r4, r6 + EOR r5, r5, r7 + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r4, r4, r10 + EOR r5, r5, r11 + EOR r4, r4, r12 + EOR r5, r5, lr + STRD r4, r5, [sp, #24] + /* Calc t[2] */ + LDRD r2, r3, [sp, #8] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* Calc b[2] and XOR t[2] into s[x*5+2] */ + LDRD r4, r5, [r0, #16] + LDRD r6, r7, [r0, #56] + LDRD r8, r9, [r0, #96] + LDRD r10, r11, [r0, #136] + EOR r12, r4, r6 + EOR lr, r5, r7 + EOR r12, r12, r8 + EOR lr, lr, r9 + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r4, r5, [r0, #16] + STRD r6, r7, [r0, #56] + STRD r8, r9, [r0, #96] + STRD r10, r11, [r0, #136] + LDRD r10, r11, [r0, #176] + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r10, r11, [r0, #176] + STR r12, [sp, #16] + STR lr, [sp, #20] + /* Calc t[1] */ + LDRD r2, r3, [sp] + EOR r2, r2, lr, LSR #31 + EOR r3, r3, r12, LSR #31 + EOR r2, r2, r12, LSL #1 + EOR r3, r3, lr, LSL #1 + /* XOR t[1] into s[x*5+1] */ + LDRD r4, r5, [r0, #8] + LDRD r6, r7, [r0, #48] + LDRD r8, r9, [r0, #88] + LDRD r10, r11, [r0, #128] + LDR r12, [r0, #168] + LDR lr, [r0, #172] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [r0, #8] + STRD r6, r7, [r0, #48] + STRD r8, r9, [r0, #88] + STRD r10, r11, [r0, #128] + STR r12, [r0, #168] + STR lr, [r0, #172] + /* Calc t[3] */ + LDRD r2, r3, [sp, #16] + LDRD r4, r5, [sp, #32] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* XOR t[3] into s[x*5+3] */ + LDRD r4, r5, [r0, #24] + LDRD r6, r7, [r0, #64] + LDRD r8, r9, [r0, #104] + LDRD r10, r11, [r0, #144] + LDR r12, [r0, #184] + LDR lr, [r0, #188] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [r0, #24] + STRD r6, r7, [r0, #64] + STRD r8, r9, [r0, #104] + STRD r10, r11, [r0, #144] + STR r12, [r0, #184] + STR lr, [r0, #188] + /* Calc t[4] */ + LDRD r2, r3, [sp, #24] + LDRD r4, r5, [sp] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* XOR t[4] into s[x*5+4] */ + LDRD r4, r5, [r0, #32] + LDRD r6, r7, [r0, #72] + LDRD r8, r9, [r0, #112] + LDRD r10, r11, [r0, #152] + LDR r12, [r0, #192] + LDR lr, [r0, #196] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [r0, #32] + STRD r6, r7, [r0, #72] + STRD r8, r9, [r0, #112] + STRD r10, r11, [r0, #152] + STR r12, [r0, #192] + STR lr, [r0, #196] + /* Row Mix */ + /* Row 0 */ + LDRD r2, r3, [r0] + LDRD r4, r5, [r0, #48] + LDRD r6, r7, [r0, #96] + LDRD r8, r9, [r0, #144] + LDRD r10, r11, [r0, #192] + /* s[1] <<< 44 */ + MOV lr, r4 + LSR r12, r5, #20 + LSR r4, r4, #20 + ORR r4, r4, r5, LSL #12 + ORR r5, r12, lr, LSL #12 + /* s[2] <<< 43 */ + MOV lr, r6 + LSR r12, r7, #21 + LSR r6, r6, #21 + ORR r6, r6, r7, LSL #11 + ORR r7, r12, lr, LSL #11 + /* s[3] <<< 21 */ + LSR r12, r9, #11 + LSR lr, r8, #11 + ORR r8, r12, r8, LSL #21 + ORR r9, lr, r9, LSL #21 + /* s[4] <<< 14 */ + LSR r12, r11, #18 + LSR lr, r10, #18 + ORR r10, r12, r10, LSL #14 + ORR r11, lr, r11, LSL #14 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [sp, #8] + STR lr, [sp, #12] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [sp, #16] + STR lr, [sp, #20] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [sp, #24] + STR lr, [sp, #28] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp, #32] + STR lr, [sp, #36] + /* Get constant */ + LDRD r10, r11, [r1] + ADD r1, r1, #0x8 + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + /* XOR in constant */ + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp] + STR lr, [sp, #4] + /* Row 1 */ + LDRD r2, r3, [r0, #24] + LDRD r4, r5, [r0, #72] + LDRD r6, r7, [r0, #80] + LDRD r8, r9, [r0, #128] + LDRD r10, r11, [r0, #176] + /* s[0] <<< 28 */ + LSR r12, r3, #4 + LSR lr, r2, #4 + ORR r2, r12, r2, LSL #28 + ORR r3, lr, r3, LSL #28 + /* s[1] <<< 20 */ + LSR r12, r5, #12 + LSR lr, r4, #12 + ORR r4, r12, r4, LSL #20 + ORR r5, lr, r5, LSL #20 + /* s[2] <<< 3 */ + LSR r12, r7, #29 + LSR lr, r6, #29 + ORR r6, r12, r6, LSL #3 + ORR r7, lr, r7, LSL #3 + /* s[3] <<< 45 */ + MOV lr, r8 + LSR r12, r9, #19 + LSR r8, r8, #19 + ORR r8, r8, r9, LSL #13 + ORR r9, r12, lr, LSL #13 + /* s[4] <<< 61 */ + MOV lr, r10 + LSR r12, r11, #3 + LSR r10, r10, #3 + ORR r10, r10, r11, LSL #29 + ORR r11, r12, lr, LSL #29 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [sp, #48] + STR lr, [sp, #52] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [sp, #56] + STR lr, [sp, #60] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [sp, #64] + STR lr, [sp, #68] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp, #72] + STR lr, [sp, #76] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [sp, #40] + STR lr, [sp, #44] + /* Row 2 */ + LDRD r2, r3, [r0, #8] + LDRD r4, r5, [r0, #56] + LDRD r6, r7, [r0, #104] + LDRD r8, r9, [r0, #152] + LDRD r10, r11, [r0, #160] + /* s[0] <<< 1 */ + LSR r12, r3, #31 + LSR lr, r2, #31 + ORR r2, r12, r2, LSL #1 + ORR r3, lr, r3, LSL #1 + /* s[1] <<< 6 */ + LSR r12, r5, #26 + LSR lr, r4, #26 + ORR r4, r12, r4, LSL #6 + ORR r5, lr, r5, LSL #6 + /* s[2] <<< 25 */ + LSR r12, r7, #7 + LSR lr, r6, #7 + ORR r6, r12, r6, LSL #25 + ORR r7, lr, r7, LSL #25 + /* s[3] <<< 8 */ + LSR r12, r9, #24 + LSR lr, r8, #24 + ORR r8, r12, r8, LSL #8 + ORR r9, lr, r9, LSL #8 + /* s[4] <<< 18 */ + LSR r12, r11, #14 + LSR lr, r10, #14 + ORR r10, r12, r10, LSL #18 + ORR r11, lr, r11, LSL #18 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [sp, #88] + STR lr, [sp, #92] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [sp, #96] + STR lr, [sp, #100] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [sp, #104] + STR lr, [sp, #108] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp, #112] + STR lr, [sp, #116] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [sp, #80] + STR lr, [sp, #84] + /* Row 3 */ + LDRD r2, r3, [r0, #32] + LDRD r4, r5, [r0, #40] + LDRD r6, r7, [r0, #88] + LDRD r8, r9, [r0, #136] + LDRD r10, r11, [r0, #184] + /* s[0] <<< 27 */ + LSR r12, r3, #5 + LSR lr, r2, #5 + ORR r2, r12, r2, LSL #27 + ORR r3, lr, r3, LSL #27 + /* s[1] <<< 36 */ + MOV lr, r4 + LSR r12, r5, #28 + LSR r4, r4, #28 + ORR r4, r4, r5, LSL #4 + ORR r5, r12, lr, LSL #4 + /* s[2] <<< 10 */ + LSR r12, r7, #22 + LSR lr, r6, #22 + ORR r6, r12, r6, LSL #10 + ORR r7, lr, r7, LSL #10 + /* s[3] <<< 15 */ + LSR r12, r9, #17 + LSR lr, r8, #17 + ORR r8, r12, r8, LSL #15 + ORR r9, lr, r9, LSL #15 + /* s[4] <<< 56 */ + MOV lr, r10 + LSR r12, r11, #8 + LSR r10, r10, #8 + ORR r10, r10, r11, LSL #24 + ORR r11, r12, lr, LSL #24 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [sp, #128] + STR lr, [sp, #132] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [sp, #136] + STR lr, [sp, #140] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [sp, #144] + STR lr, [sp, #148] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp, #152] + STR lr, [sp, #156] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [sp, #120] + STR lr, [sp, #124] + /* Row 4 */ + LDRD r2, r3, [r0, #16] + LDRD r4, r5, [r0, #64] + LDRD r6, r7, [r0, #112] + LDRD r8, r9, [r0, #120] + LDRD r10, r11, [r0, #168] + /* s[0] <<< 62 */ + MOV lr, r2 + LSR r12, r3, #2 + LSR r2, r2, #2 + ORR r2, r2, r3, LSL #30 + ORR r3, r12, lr, LSL #30 + /* s[1] <<< 55 */ + MOV lr, r4 + LSR r12, r5, #9 + LSR r4, r4, #9 + ORR r4, r4, r5, LSL #23 + ORR r5, r12, lr, LSL #23 + /* s[2] <<< 39 */ + MOV lr, r6 + LSR r12, r7, #25 + LSR r6, r6, #25 + ORR r6, r6, r7, LSL #7 + ORR r7, r12, lr, LSL #7 + /* s[3] <<< 41 */ + MOV lr, r8 + LSR r12, r9, #23 + LSR r8, r8, #23 + ORR r8, r8, r9, LSL #9 + ORR r9, r12, lr, LSL #9 + /* s[4] <<< 2 */ + LSR r12, r11, #30 + LSR lr, r10, #30 + ORR r10, r12, r10, LSL #2 + ORR r11, lr, r11, LSL #2 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [sp, #168] + STR lr, [sp, #172] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [sp, #176] + STR lr, [sp, #180] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [sp, #184] + STR lr, [sp, #188] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [sp, #192] + STR lr, [sp, #196] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [sp, #160] + STR lr, [sp, #164] + /* Round odd */ + /* Calc b[4] */ + LDRD r4, r5, [sp, #32] + LDRD r6, r7, [sp, #72] + LDRD r8, r9, [sp, #112] + LDRD r10, r11, [sp, #152] + LDR r12, [sp, #192] + LDR lr, [sp, #196] + EOR r2, r4, r6 + EOR r3, r5, r7 + EOR r2, r2, r8 + EOR r3, r3, r9 + EOR r2, r2, r10 + EOR r3, r3, r11 + EOR r2, r2, r12 + EOR r3, r3, lr + STRD r2, r3, [r0, #32] + /* Calc b[1] */ + LDRD r4, r5, [sp, #8] + LDRD r6, r7, [sp, #48] + LDRD r8, r9, [sp, #88] + LDRD r10, r11, [sp, #128] + LDR r12, [sp, #168] + LDR lr, [sp, #172] + EOR r4, r4, r6 + EOR r5, r5, r7 + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r4, r4, r10 + EOR r5, r5, r11 + EOR r4, r4, r12 + EOR r5, r5, lr + STRD r4, r5, [r0, #8] + /* Calc t[0] */ + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* Calc b[0] and XOR t[0] into s[x*5+0] */ + LDRD r4, r5, [sp] + LDRD r6, r7, [sp, #40] + LDRD r8, r9, [sp, #80] + LDRD r10, r11, [sp, #120] + EOR r12, r4, r6 + EOR lr, r5, r7 + EOR r12, r12, r8 + EOR lr, lr, r9 + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r4, r5, [sp] + STRD r6, r7, [sp, #40] + STRD r8, r9, [sp, #80] + STRD r10, r11, [sp, #120] + LDRD r10, r11, [sp, #160] + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r10, r11, [sp, #160] + STR r12, [r0] + STR lr, [r0, #4] + /* Calc b[3] */ + LDRD r4, r5, [sp, #24] + LDRD r6, r7, [sp, #64] + LDRD r8, r9, [sp, #104] + LDRD r10, r11, [sp, #144] + LDR r12, [sp, #184] + LDR lr, [sp, #188] + EOR r4, r4, r6 + EOR r5, r5, r7 + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r4, r4, r10 + EOR r5, r5, r11 + EOR r4, r4, r12 + EOR r5, r5, lr + STRD r4, r5, [r0, #24] + /* Calc t[2] */ + LDRD r2, r3, [r0, #8] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* Calc b[2] and XOR t[2] into s[x*5+2] */ + LDRD r4, r5, [sp, #16] + LDRD r6, r7, [sp, #56] + LDRD r8, r9, [sp, #96] + LDRD r10, r11, [sp, #136] + EOR r12, r4, r6 + EOR lr, r5, r7 + EOR r12, r12, r8 + EOR lr, lr, r9 + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r4, r5, [sp, #16] + STRD r6, r7, [sp, #56] + STRD r8, r9, [sp, #96] + STRD r10, r11, [sp, #136] + LDRD r10, r11, [sp, #176] + EOR r12, r12, r10 + EOR lr, lr, r11 + EOR r10, r10, r2 + EOR r11, r11, r3 + STRD r10, r11, [sp, #176] + STR r12, [r0, #16] + STR lr, [r0, #20] + /* Calc t[1] */ + LDRD r2, r3, [r0] + EOR r2, r2, lr, LSR #31 + EOR r3, r3, r12, LSR #31 + EOR r2, r2, r12, LSL #1 + EOR r3, r3, lr, LSL #1 + /* XOR t[1] into s[x*5+1] */ + LDRD r4, r5, [sp, #8] + LDRD r6, r7, [sp, #48] + LDRD r8, r9, [sp, #88] + LDRD r10, r11, [sp, #128] + LDR r12, [sp, #168] + LDR lr, [sp, #172] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [sp, #8] + STRD r6, r7, [sp, #48] + STRD r8, r9, [sp, #88] + STRD r10, r11, [sp, #128] + STR r12, [sp, #168] + STR lr, [sp, #172] + /* Calc t[3] */ + LDRD r2, r3, [r0, #16] + LDRD r4, r5, [r0, #32] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* XOR t[3] into s[x*5+3] */ + LDRD r4, r5, [sp, #24] + LDRD r6, r7, [sp, #64] + LDRD r8, r9, [sp, #104] + LDRD r10, r11, [sp, #144] + LDR r12, [sp, #184] + LDR lr, [sp, #188] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [sp, #24] + STRD r6, r7, [sp, #64] + STRD r8, r9, [sp, #104] + STRD r10, r11, [sp, #144] + STR r12, [sp, #184] + STR lr, [sp, #188] + /* Calc t[4] */ + LDRD r2, r3, [r0, #24] + LDRD r4, r5, [r0] + EOR r2, r2, r5, LSR #31 + EOR r3, r3, r4, LSR #31 + EOR r2, r2, r4, LSL #1 + EOR r3, r3, r5, LSL #1 + /* XOR t[4] into s[x*5+4] */ + LDRD r4, r5, [sp, #32] + LDRD r6, r7, [sp, #72] + LDRD r8, r9, [sp, #112] + LDRD r10, r11, [sp, #152] + LDR r12, [sp, #192] + LDR lr, [sp, #196] + EOR r4, r4, r2 + EOR r5, r5, r3 + EOR r6, r6, r2 + EOR r7, r7, r3 + EOR r8, r8, r2 + EOR r9, r9, r3 + EOR r10, r10, r2 + EOR r11, r11, r3 + EOR r12, r12, r2 + EOR lr, lr, r3 + STRD r4, r5, [sp, #32] + STRD r6, r7, [sp, #72] + STRD r8, r9, [sp, #112] + STRD r10, r11, [sp, #152] + STR r12, [sp, #192] + STR lr, [sp, #196] + /* Row Mix */ + /* Row 0 */ + LDRD r2, r3, [sp] + LDRD r4, r5, [sp, #48] + LDRD r6, r7, [sp, #96] + LDRD r8, r9, [sp, #144] + LDRD r10, r11, [sp, #192] + /* s[1] <<< 44 */ + MOV lr, r4 + LSR r12, r5, #20 + LSR r4, r4, #20 + ORR r4, r4, r5, LSL #12 + ORR r5, r12, lr, LSL #12 + /* s[2] <<< 43 */ + MOV lr, r6 + LSR r12, r7, #21 + LSR r6, r6, #21 + ORR r6, r6, r7, LSL #11 + ORR r7, r12, lr, LSL #11 + /* s[3] <<< 21 */ + LSR r12, r9, #11 + LSR lr, r8, #11 + ORR r8, r12, r8, LSL #21 + ORR r9, lr, r9, LSL #21 + /* s[4] <<< 14 */ + LSR r12, r11, #18 + LSR lr, r10, #18 + ORR r10, r12, r10, LSL #14 + ORR r11, lr, r11, LSL #14 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [r0, #8] + STR lr, [r0, #12] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [r0, #16] + STR lr, [r0, #20] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [r0, #24] + STR lr, [r0, #28] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0, #32] + STR lr, [r0, #36] + /* Get constant */ + LDRD r10, r11, [r1] + ADD r1, r1, #0x8 + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + /* XOR in constant */ + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0] + STR lr, [r0, #4] + /* Row 1 */ + LDRD r2, r3, [sp, #24] + LDRD r4, r5, [sp, #72] + LDRD r6, r7, [sp, #80] + LDRD r8, r9, [sp, #128] + LDRD r10, r11, [sp, #176] + /* s[0] <<< 28 */ + LSR r12, r3, #4 + LSR lr, r2, #4 + ORR r2, r12, r2, LSL #28 + ORR r3, lr, r3, LSL #28 + /* s[1] <<< 20 */ + LSR r12, r5, #12 + LSR lr, r4, #12 + ORR r4, r12, r4, LSL #20 + ORR r5, lr, r5, LSL #20 + /* s[2] <<< 3 */ + LSR r12, r7, #29 + LSR lr, r6, #29 + ORR r6, r12, r6, LSL #3 + ORR r7, lr, r7, LSL #3 + /* s[3] <<< 45 */ + MOV lr, r8 + LSR r12, r9, #19 + LSR r8, r8, #19 + ORR r8, r8, r9, LSL #13 + ORR r9, r12, lr, LSL #13 + /* s[4] <<< 61 */ + MOV lr, r10 + LSR r12, r11, #3 + LSR r10, r10, #3 + ORR r10, r10, r11, LSL #29 + ORR r11, r12, lr, LSL #29 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [r0, #48] + STR lr, [r0, #52] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [r0, #56] + STR lr, [r0, #60] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [r0, #64] + STR lr, [r0, #68] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0, #72] + STR lr, [r0, #76] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [r0, #40] + STR lr, [r0, #44] + /* Row 2 */ + LDRD r2, r3, [sp, #8] + LDRD r4, r5, [sp, #56] + LDRD r6, r7, [sp, #104] + LDRD r8, r9, [sp, #152] + LDRD r10, r11, [sp, #160] + /* s[0] <<< 1 */ + LSR r12, r3, #31 + LSR lr, r2, #31 + ORR r2, r12, r2, LSL #1 + ORR r3, lr, r3, LSL #1 + /* s[1] <<< 6 */ + LSR r12, r5, #26 + LSR lr, r4, #26 + ORR r4, r12, r4, LSL #6 + ORR r5, lr, r5, LSL #6 + /* s[2] <<< 25 */ + LSR r12, r7, #7 + LSR lr, r6, #7 + ORR r6, r12, r6, LSL #25 + ORR r7, lr, r7, LSL #25 + /* s[3] <<< 8 */ + LSR r12, r9, #24 + LSR lr, r8, #24 + ORR r8, r12, r8, LSL #8 + ORR r9, lr, r9, LSL #8 + /* s[4] <<< 18 */ + LSR r12, r11, #14 + LSR lr, r10, #14 + ORR r10, r12, r10, LSL #18 + ORR r11, lr, r11, LSL #18 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [r0, #88] + STR lr, [r0, #92] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [r0, #96] + STR lr, [r0, #100] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [r0, #104] + STR lr, [r0, #108] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0, #112] + STR lr, [r0, #116] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [r0, #80] + STR lr, [r0, #84] + /* Row 3 */ + LDRD r2, r3, [sp, #32] + LDRD r4, r5, [sp, #40] + LDRD r6, r7, [sp, #88] + LDRD r8, r9, [sp, #136] + LDRD r10, r11, [sp, #184] + /* s[0] <<< 27 */ + LSR r12, r3, #5 + LSR lr, r2, #5 + ORR r2, r12, r2, LSL #27 + ORR r3, lr, r3, LSL #27 + /* s[1] <<< 36 */ + MOV lr, r4 + LSR r12, r5, #28 + LSR r4, r4, #28 + ORR r4, r4, r5, LSL #4 + ORR r5, r12, lr, LSL #4 + /* s[2] <<< 10 */ + LSR r12, r7, #22 + LSR lr, r6, #22 + ORR r6, r12, r6, LSL #10 + ORR r7, lr, r7, LSL #10 + /* s[3] <<< 15 */ + LSR r12, r9, #17 + LSR lr, r8, #17 + ORR r8, r12, r8, LSL #15 + ORR r9, lr, r9, LSL #15 + /* s[4] <<< 56 */ + MOV lr, r10 + LSR r12, r11, #8 + LSR r10, r10, #8 + ORR r10, r10, r11, LSL #24 + ORR r11, r12, lr, LSL #24 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [r0, #128] + STR lr, [r0, #132] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [r0, #136] + STR lr, [r0, #140] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [r0, #144] + STR lr, [r0, #148] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0, #152] + STR lr, [r0, #156] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [r0, #120] + STR lr, [r0, #124] + /* Row 4 */ + LDRD r2, r3, [sp, #16] + LDRD r4, r5, [sp, #64] + LDRD r6, r7, [sp, #112] + LDRD r8, r9, [sp, #120] + LDRD r10, r11, [sp, #168] + /* s[0] <<< 62 */ + MOV lr, r2 + LSR r12, r3, #2 + LSR r2, r2, #2 + ORR r2, r2, r3, LSL #30 + ORR r3, r12, lr, LSL #30 + /* s[1] <<< 55 */ + MOV lr, r4 + LSR r12, r5, #9 + LSR r4, r4, #9 + ORR r4, r4, r5, LSL #23 + ORR r5, r12, lr, LSL #23 + /* s[2] <<< 39 */ + MOV lr, r6 + LSR r12, r7, #25 + LSR r6, r6, #25 + ORR r6, r6, r7, LSL #7 + ORR r7, r12, lr, LSL #7 + /* s[3] <<< 41 */ + MOV lr, r8 + LSR r12, r9, #23 + LSR r8, r8, #23 + ORR r8, r8, r9, LSL #9 + ORR r9, r12, lr, LSL #9 + /* s[4] <<< 2 */ + LSR r12, r11, #30 + LSR lr, r10, #30 + ORR r10, r12, r10, LSL #2 + ORR r11, lr, r11, LSL #2 + BIC r12, r8, r6 + BIC lr, r9, r7 + EOR r12, r12, r4 + EOR lr, lr, r5 + STR r12, [r0, #168] + STR lr, [r0, #172] + BIC r12, r10, r8 + BIC lr, r11, r9 + EOR r12, r12, r6 + EOR lr, lr, r7 + STR r12, [r0, #176] + STR lr, [r0, #180] + BIC r12, r2, r10 + BIC lr, r3, r11 + EOR r12, r12, r8 + EOR lr, lr, r9 + STR r12, [r0, #184] + STR lr, [r0, #188] + BIC r12, r4, r2 + BIC lr, r5, r3 + EOR r12, r12, r10 + EOR lr, lr, r11 + STR r12, [r0, #192] + STR lr, [r0, #196] + BIC r12, r6, r4 + BIC lr, r7, r5 + EOR r12, r12, r2 + EOR lr, lr, r3 + STR r12, [r0, #160] + STR lr, [r0, #164] + LDR r2, [sp, #200] + SUBS r2, r2, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_sha3_thumb2_begin +#else + BNE.W L_sha3_thumb2_begin +#endif + ADD sp, sp, #0xcc + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 1505 */ + .size BlockSha3,.-BlockSha3 +#endif /* WOLFSSL_SHA3 */ +#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c new file mode 100644 index 0000000000..a22b9acc56 --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c @@ -0,0 +1,1168 @@ +/* thumb2-sha3-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#define WOLFSSL_NO_VAR_ASSIGN_REG +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#ifdef WOLFSSL_SHA3 +static const uint64_t L_sha3_thumb2_rt[] = { + 0x0000000000000001UL, 0x0000000000008082UL, + 0x800000000000808aUL, 0x8000000080008000UL, + 0x000000000000808bUL, 0x0000000080000001UL, + 0x8000000080008081UL, 0x8000000000008009UL, + 0x000000000000008aUL, 0x0000000000000088UL, + 0x0000000080008009UL, 0x000000008000000aUL, + 0x000000008000808bUL, 0x800000000000008bUL, + 0x8000000000008089UL, 0x8000000000008003UL, + 0x8000000000008002UL, 0x8000000000000080UL, + 0x000000000000800aUL, 0x800000008000000aUL, + 0x8000000080008081UL, 0x8000000000008080UL, + 0x0000000080000001UL, 0x8000000080008008UL, +}; + +#include + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void BlockSha3(word64* state_p) +#else +void BlockSha3(word64* state) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register word64* state __asm__ ("r0") = (word64*)state_p; + register uint64_t* L_sha3_thumb2_rt_c __asm__ ("r1") = (uint64_t*)&L_sha3_thumb2_rt; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "SUB sp, sp, #0xcc\n\t" + "MOV r1, %[L_sha3_thumb2_rt]\n\t" + "MOV r2, #0xc\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sha3_thumb2_begin:\n\t" +#else + "L_sha3_thumb2_begin_%=:\n\t" +#endif + "STR r2, [sp, #200]\n\t" + /* Round even */ + /* Calc b[4] */ + "LDRD r4, r5, [%[state], #32]\n\t" + "LDRD r6, r7, [%[state], #72]\n\t" + "LDRD r8, r9, [%[state], #112]\n\t" + "LDRD r10, r11, [%[state], #152]\n\t" + "LDR r12, [%[state], #192]\n\t" + "LDR lr, [%[state], #196]\n\t" + "EOR r2, r4, r6\n\t" + "EOR r3, r5, r7\n\t" + "EOR r2, r2, r8\n\t" + "EOR r3, r3, r9\n\t" + "EOR r2, r2, r10\n\t" + "EOR r3, r3, r11\n\t" + "EOR r2, r2, r12\n\t" + "EOR r3, r3, lr\n\t" + "STRD r2, r3, [sp, #32]\n\t" + /* Calc b[1] */ + "LDRD r4, r5, [%[state], #8]\n\t" + "LDRD r6, r7, [%[state], #48]\n\t" + "LDRD r8, r9, [%[state], #88]\n\t" + "LDRD r10, r11, [%[state], #128]\n\t" + "LDR r12, [%[state], #168]\n\t" + "LDR lr, [%[state], #172]\n\t" + "EOR r4, r4, r6\n\t" + "EOR r5, r5, r7\n\t" + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r4, r4, r10\n\t" + "EOR r5, r5, r11\n\t" + "EOR r4, r4, r12\n\t" + "EOR r5, r5, lr\n\t" + "STRD r4, r5, [sp, #8]\n\t" + /* Calc t[0] */ + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* Calc b[0] and XOR t[0] into s[x*5+0] */ + "LDRD r4, r5, [%[state]]\n\t" + "LDRD r6, r7, [%[state], #40]\n\t" + "LDRD r8, r9, [%[state], #80]\n\t" + "LDRD r10, r11, [%[state], #120]\n\t" + "EOR r12, r4, r6\n\t" + "EOR lr, r5, r7\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r4, r5, [%[state]]\n\t" + "STRD r6, r7, [%[state], #40]\n\t" + "STRD r8, r9, [%[state], #80]\n\t" + "STRD r10, r11, [%[state], #120]\n\t" + "LDRD r10, r11, [%[state], #160]\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r10, r11, [%[state], #160]\n\t" + "STR r12, [sp]\n\t" + "STR lr, [sp, #4]\n\t" + /* Calc b[3] */ + "LDRD r4, r5, [%[state], #24]\n\t" + "LDRD r6, r7, [%[state], #64]\n\t" + "LDRD r8, r9, [%[state], #104]\n\t" + "LDRD r10, r11, [%[state], #144]\n\t" + "LDR r12, [%[state], #184]\n\t" + "LDR lr, [%[state], #188]\n\t" + "EOR r4, r4, r6\n\t" + "EOR r5, r5, r7\n\t" + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r4, r4, r10\n\t" + "EOR r5, r5, r11\n\t" + "EOR r4, r4, r12\n\t" + "EOR r5, r5, lr\n\t" + "STRD r4, r5, [sp, #24]\n\t" + /* Calc t[2] */ + "LDRD r2, r3, [sp, #8]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* Calc b[2] and XOR t[2] into s[x*5+2] */ + "LDRD r4, r5, [%[state], #16]\n\t" + "LDRD r6, r7, [%[state], #56]\n\t" + "LDRD r8, r9, [%[state], #96]\n\t" + "LDRD r10, r11, [%[state], #136]\n\t" + "EOR r12, r4, r6\n\t" + "EOR lr, r5, r7\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r4, r5, [%[state], #16]\n\t" + "STRD r6, r7, [%[state], #56]\n\t" + "STRD r8, r9, [%[state], #96]\n\t" + "STRD r10, r11, [%[state], #136]\n\t" + "LDRD r10, r11, [%[state], #176]\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r10, r11, [%[state], #176]\n\t" + "STR r12, [sp, #16]\n\t" + "STR lr, [sp, #20]\n\t" + /* Calc t[1] */ + "LDRD r2, r3, [sp]\n\t" + "EOR r2, r2, lr, LSR #31\n\t" + "EOR r3, r3, r12, LSR #31\n\t" + "EOR r2, r2, r12, LSL #1\n\t" + "EOR r3, r3, lr, LSL #1\n\t" + /* XOR t[1] into s[x*5+1] */ + "LDRD r4, r5, [%[state], #8]\n\t" + "LDRD r6, r7, [%[state], #48]\n\t" + "LDRD r8, r9, [%[state], #88]\n\t" + "LDRD r10, r11, [%[state], #128]\n\t" + "LDR r12, [%[state], #168]\n\t" + "LDR lr, [%[state], #172]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [%[state], #8]\n\t" + "STRD r6, r7, [%[state], #48]\n\t" + "STRD r8, r9, [%[state], #88]\n\t" + "STRD r10, r11, [%[state], #128]\n\t" + "STR r12, [%[state], #168]\n\t" + "STR lr, [%[state], #172]\n\t" + /* Calc t[3] */ + "LDRD r2, r3, [sp, #16]\n\t" + "LDRD r4, r5, [sp, #32]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* XOR t[3] into s[x*5+3] */ + "LDRD r4, r5, [%[state], #24]\n\t" + "LDRD r6, r7, [%[state], #64]\n\t" + "LDRD r8, r9, [%[state], #104]\n\t" + "LDRD r10, r11, [%[state], #144]\n\t" + "LDR r12, [%[state], #184]\n\t" + "LDR lr, [%[state], #188]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [%[state], #24]\n\t" + "STRD r6, r7, [%[state], #64]\n\t" + "STRD r8, r9, [%[state], #104]\n\t" + "STRD r10, r11, [%[state], #144]\n\t" + "STR r12, [%[state], #184]\n\t" + "STR lr, [%[state], #188]\n\t" + /* Calc t[4] */ + "LDRD r2, r3, [sp, #24]\n\t" + "LDRD r4, r5, [sp]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* XOR t[4] into s[x*5+4] */ + "LDRD r4, r5, [%[state], #32]\n\t" + "LDRD r6, r7, [%[state], #72]\n\t" + "LDRD r8, r9, [%[state], #112]\n\t" + "LDRD r10, r11, [%[state], #152]\n\t" + "LDR r12, [%[state], #192]\n\t" + "LDR lr, [%[state], #196]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [%[state], #32]\n\t" + "STRD r6, r7, [%[state], #72]\n\t" + "STRD r8, r9, [%[state], #112]\n\t" + "STRD r10, r11, [%[state], #152]\n\t" + "STR r12, [%[state], #192]\n\t" + "STR lr, [%[state], #196]\n\t" + /* Row Mix */ + /* Row 0 */ + "LDRD r2, r3, [%[state]]\n\t" + "LDRD r4, r5, [%[state], #48]\n\t" + "LDRD r6, r7, [%[state], #96]\n\t" + "LDRD r8, r9, [%[state], #144]\n\t" + "LDRD r10, r11, [%[state], #192]\n\t" + /* s[1] <<< 44 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #20\n\t" + "LSR r4, r4, #20\n\t" + "ORR r4, r4, r5, LSL #12\n\t" + "ORR r5, r12, lr, LSL #12\n\t" + /* s[2] <<< 43 */ + "MOV lr, r6\n\t" + "LSR r12, r7, #21\n\t" + "LSR r6, r6, #21\n\t" + "ORR r6, r6, r7, LSL #11\n\t" + "ORR r7, r12, lr, LSL #11\n\t" + /* s[3] <<< 21 */ + "LSR r12, r9, #11\n\t" + "LSR lr, r8, #11\n\t" + "ORR r8, r12, r8, LSL #21\n\t" + "ORR r9, lr, r9, LSL #21\n\t" + /* s[4] <<< 14 */ + "LSR r12, r11, #18\n\t" + "LSR lr, r10, #18\n\t" + "ORR r10, r12, r10, LSL #14\n\t" + "ORR r11, lr, r11, LSL #14\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [sp, #8]\n\t" + "STR lr, [sp, #12]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [sp, #16]\n\t" + "STR lr, [sp, #20]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [sp, #24]\n\t" + "STR lr, [sp, #28]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp, #32]\n\t" + "STR lr, [sp, #36]\n\t" + /* Get constant */ + "LDRD r10, r11, [r1]\n\t" + "ADD r1, r1, #0x8\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + /* XOR in constant */ + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp]\n\t" + "STR lr, [sp, #4]\n\t" + /* Row 1 */ + "LDRD r2, r3, [%[state], #24]\n\t" + "LDRD r4, r5, [%[state], #72]\n\t" + "LDRD r6, r7, [%[state], #80]\n\t" + "LDRD r8, r9, [%[state], #128]\n\t" + "LDRD r10, r11, [%[state], #176]\n\t" + /* s[0] <<< 28 */ + "LSR r12, r3, #4\n\t" + "LSR lr, r2, #4\n\t" + "ORR r2, r12, r2, LSL #28\n\t" + "ORR r3, lr, r3, LSL #28\n\t" + /* s[1] <<< 20 */ + "LSR r12, r5, #12\n\t" + "LSR lr, r4, #12\n\t" + "ORR r4, r12, r4, LSL #20\n\t" + "ORR r5, lr, r5, LSL #20\n\t" + /* s[2] <<< 3 */ + "LSR r12, r7, #29\n\t" + "LSR lr, r6, #29\n\t" + "ORR r6, r12, r6, LSL #3\n\t" + "ORR r7, lr, r7, LSL #3\n\t" + /* s[3] <<< 45 */ + "MOV lr, r8\n\t" + "LSR r12, r9, #19\n\t" + "LSR r8, r8, #19\n\t" + "ORR r8, r8, r9, LSL #13\n\t" + "ORR r9, r12, lr, LSL #13\n\t" + /* s[4] <<< 61 */ + "MOV lr, r10\n\t" + "LSR r12, r11, #3\n\t" + "LSR r10, r10, #3\n\t" + "ORR r10, r10, r11, LSL #29\n\t" + "ORR r11, r12, lr, LSL #29\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [sp, #48]\n\t" + "STR lr, [sp, #52]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [sp, #56]\n\t" + "STR lr, [sp, #60]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [sp, #64]\n\t" + "STR lr, [sp, #68]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp, #72]\n\t" + "STR lr, [sp, #76]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [sp, #40]\n\t" + "STR lr, [sp, #44]\n\t" + /* Row 2 */ + "LDRD r2, r3, [%[state], #8]\n\t" + "LDRD r4, r5, [%[state], #56]\n\t" + "LDRD r6, r7, [%[state], #104]\n\t" + "LDRD r8, r9, [%[state], #152]\n\t" + "LDRD r10, r11, [%[state], #160]\n\t" + /* s[0] <<< 1 */ + "LSR r12, r3, #31\n\t" + "LSR lr, r2, #31\n\t" + "ORR r2, r12, r2, LSL #1\n\t" + "ORR r3, lr, r3, LSL #1\n\t" + /* s[1] <<< 6 */ + "LSR r12, r5, #26\n\t" + "LSR lr, r4, #26\n\t" + "ORR r4, r12, r4, LSL #6\n\t" + "ORR r5, lr, r5, LSL #6\n\t" + /* s[2] <<< 25 */ + "LSR r12, r7, #7\n\t" + "LSR lr, r6, #7\n\t" + "ORR r6, r12, r6, LSL #25\n\t" + "ORR r7, lr, r7, LSL #25\n\t" + /* s[3] <<< 8 */ + "LSR r12, r9, #24\n\t" + "LSR lr, r8, #24\n\t" + "ORR r8, r12, r8, LSL #8\n\t" + "ORR r9, lr, r9, LSL #8\n\t" + /* s[4] <<< 18 */ + "LSR r12, r11, #14\n\t" + "LSR lr, r10, #14\n\t" + "ORR r10, r12, r10, LSL #18\n\t" + "ORR r11, lr, r11, LSL #18\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [sp, #88]\n\t" + "STR lr, [sp, #92]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [sp, #96]\n\t" + "STR lr, [sp, #100]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [sp, #104]\n\t" + "STR lr, [sp, #108]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp, #112]\n\t" + "STR lr, [sp, #116]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [sp, #80]\n\t" + "STR lr, [sp, #84]\n\t" + /* Row 3 */ + "LDRD r2, r3, [%[state], #32]\n\t" + "LDRD r4, r5, [%[state], #40]\n\t" + "LDRD r6, r7, [%[state], #88]\n\t" + "LDRD r8, r9, [%[state], #136]\n\t" + "LDRD r10, r11, [%[state], #184]\n\t" + /* s[0] <<< 27 */ + "LSR r12, r3, #5\n\t" + "LSR lr, r2, #5\n\t" + "ORR r2, r12, r2, LSL #27\n\t" + "ORR r3, lr, r3, LSL #27\n\t" + /* s[1] <<< 36 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #28\n\t" + "LSR r4, r4, #28\n\t" + "ORR r4, r4, r5, LSL #4\n\t" + "ORR r5, r12, lr, LSL #4\n\t" + /* s[2] <<< 10 */ + "LSR r12, r7, #22\n\t" + "LSR lr, r6, #22\n\t" + "ORR r6, r12, r6, LSL #10\n\t" + "ORR r7, lr, r7, LSL #10\n\t" + /* s[3] <<< 15 */ + "LSR r12, r9, #17\n\t" + "LSR lr, r8, #17\n\t" + "ORR r8, r12, r8, LSL #15\n\t" + "ORR r9, lr, r9, LSL #15\n\t" + /* s[4] <<< 56 */ + "MOV lr, r10\n\t" + "LSR r12, r11, #8\n\t" + "LSR r10, r10, #8\n\t" + "ORR r10, r10, r11, LSL #24\n\t" + "ORR r11, r12, lr, LSL #24\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [sp, #128]\n\t" + "STR lr, [sp, #132]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [sp, #136]\n\t" + "STR lr, [sp, #140]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [sp, #144]\n\t" + "STR lr, [sp, #148]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp, #152]\n\t" + "STR lr, [sp, #156]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [sp, #120]\n\t" + "STR lr, [sp, #124]\n\t" + /* Row 4 */ + "LDRD r2, r3, [%[state], #16]\n\t" + "LDRD r4, r5, [%[state], #64]\n\t" + "LDRD r6, r7, [%[state], #112]\n\t" + "LDRD r8, r9, [%[state], #120]\n\t" + "LDRD r10, r11, [%[state], #168]\n\t" + /* s[0] <<< 62 */ + "MOV lr, r2\n\t" + "LSR r12, r3, #2\n\t" + "LSR r2, r2, #2\n\t" + "ORR r2, r2, r3, LSL #30\n\t" + "ORR r3, r12, lr, LSL #30\n\t" + /* s[1] <<< 55 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #9\n\t" + "LSR r4, r4, #9\n\t" + "ORR r4, r4, r5, LSL #23\n\t" + "ORR r5, r12, lr, LSL #23\n\t" + /* s[2] <<< 39 */ + "MOV lr, r6\n\t" + "LSR r12, r7, #25\n\t" + "LSR r6, r6, #25\n\t" + "ORR r6, r6, r7, LSL #7\n\t" + "ORR r7, r12, lr, LSL #7\n\t" + /* s[3] <<< 41 */ + "MOV lr, r8\n\t" + "LSR r12, r9, #23\n\t" + "LSR r8, r8, #23\n\t" + "ORR r8, r8, r9, LSL #9\n\t" + "ORR r9, r12, lr, LSL #9\n\t" + /* s[4] <<< 2 */ + "LSR r12, r11, #30\n\t" + "LSR lr, r10, #30\n\t" + "ORR r10, r12, r10, LSL #2\n\t" + "ORR r11, lr, r11, LSL #2\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [sp, #168]\n\t" + "STR lr, [sp, #172]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [sp, #176]\n\t" + "STR lr, [sp, #180]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [sp, #184]\n\t" + "STR lr, [sp, #188]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [sp, #192]\n\t" + "STR lr, [sp, #196]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [sp, #160]\n\t" + "STR lr, [sp, #164]\n\t" + /* Round odd */ + /* Calc b[4] */ + "LDRD r4, r5, [sp, #32]\n\t" + "LDRD r6, r7, [sp, #72]\n\t" + "LDRD r8, r9, [sp, #112]\n\t" + "LDRD r10, r11, [sp, #152]\n\t" + "LDR r12, [sp, #192]\n\t" + "LDR lr, [sp, #196]\n\t" + "EOR r2, r4, r6\n\t" + "EOR r3, r5, r7\n\t" + "EOR r2, r2, r8\n\t" + "EOR r3, r3, r9\n\t" + "EOR r2, r2, r10\n\t" + "EOR r3, r3, r11\n\t" + "EOR r2, r2, r12\n\t" + "EOR r3, r3, lr\n\t" + "STRD r2, r3, [%[state], #32]\n\t" + /* Calc b[1] */ + "LDRD r4, r5, [sp, #8]\n\t" + "LDRD r6, r7, [sp, #48]\n\t" + "LDRD r8, r9, [sp, #88]\n\t" + "LDRD r10, r11, [sp, #128]\n\t" + "LDR r12, [sp, #168]\n\t" + "LDR lr, [sp, #172]\n\t" + "EOR r4, r4, r6\n\t" + "EOR r5, r5, r7\n\t" + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r4, r4, r10\n\t" + "EOR r5, r5, r11\n\t" + "EOR r4, r4, r12\n\t" + "EOR r5, r5, lr\n\t" + "STRD r4, r5, [%[state], #8]\n\t" + /* Calc t[0] */ + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* Calc b[0] and XOR t[0] into s[x*5+0] */ + "LDRD r4, r5, [sp]\n\t" + "LDRD r6, r7, [sp, #40]\n\t" + "LDRD r8, r9, [sp, #80]\n\t" + "LDRD r10, r11, [sp, #120]\n\t" + "EOR r12, r4, r6\n\t" + "EOR lr, r5, r7\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r4, r5, [sp]\n\t" + "STRD r6, r7, [sp, #40]\n\t" + "STRD r8, r9, [sp, #80]\n\t" + "STRD r10, r11, [sp, #120]\n\t" + "LDRD r10, r11, [sp, #160]\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r10, r11, [sp, #160]\n\t" + "STR r12, [%[state]]\n\t" + "STR lr, [%[state], #4]\n\t" + /* Calc b[3] */ + "LDRD r4, r5, [sp, #24]\n\t" + "LDRD r6, r7, [sp, #64]\n\t" + "LDRD r8, r9, [sp, #104]\n\t" + "LDRD r10, r11, [sp, #144]\n\t" + "LDR r12, [sp, #184]\n\t" + "LDR lr, [sp, #188]\n\t" + "EOR r4, r4, r6\n\t" + "EOR r5, r5, r7\n\t" + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r4, r4, r10\n\t" + "EOR r5, r5, r11\n\t" + "EOR r4, r4, r12\n\t" + "EOR r5, r5, lr\n\t" + "STRD r4, r5, [%[state], #24]\n\t" + /* Calc t[2] */ + "LDRD r2, r3, [%[state], #8]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* Calc b[2] and XOR t[2] into s[x*5+2] */ + "LDRD r4, r5, [sp, #16]\n\t" + "LDRD r6, r7, [sp, #56]\n\t" + "LDRD r8, r9, [sp, #96]\n\t" + "LDRD r10, r11, [sp, #136]\n\t" + "EOR r12, r4, r6\n\t" + "EOR lr, r5, r7\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r4, r5, [sp, #16]\n\t" + "STRD r6, r7, [sp, #56]\n\t" + "STRD r8, r9, [sp, #96]\n\t" + "STRD r10, r11, [sp, #136]\n\t" + "LDRD r10, r11, [sp, #176]\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "STRD r10, r11, [sp, #176]\n\t" + "STR r12, [%[state], #16]\n\t" + "STR lr, [%[state], #20]\n\t" + /* Calc t[1] */ + "LDRD r2, r3, [%[state]]\n\t" + "EOR r2, r2, lr, LSR #31\n\t" + "EOR r3, r3, r12, LSR #31\n\t" + "EOR r2, r2, r12, LSL #1\n\t" + "EOR r3, r3, lr, LSL #1\n\t" + /* XOR t[1] into s[x*5+1] */ + "LDRD r4, r5, [sp, #8]\n\t" + "LDRD r6, r7, [sp, #48]\n\t" + "LDRD r8, r9, [sp, #88]\n\t" + "LDRD r10, r11, [sp, #128]\n\t" + "LDR r12, [sp, #168]\n\t" + "LDR lr, [sp, #172]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [sp, #8]\n\t" + "STRD r6, r7, [sp, #48]\n\t" + "STRD r8, r9, [sp, #88]\n\t" + "STRD r10, r11, [sp, #128]\n\t" + "STR r12, [sp, #168]\n\t" + "STR lr, [sp, #172]\n\t" + /* Calc t[3] */ + "LDRD r2, r3, [%[state], #16]\n\t" + "LDRD r4, r5, [%[state], #32]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* XOR t[3] into s[x*5+3] */ + "LDRD r4, r5, [sp, #24]\n\t" + "LDRD r6, r7, [sp, #64]\n\t" + "LDRD r8, r9, [sp, #104]\n\t" + "LDRD r10, r11, [sp, #144]\n\t" + "LDR r12, [sp, #184]\n\t" + "LDR lr, [sp, #188]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [sp, #24]\n\t" + "STRD r6, r7, [sp, #64]\n\t" + "STRD r8, r9, [sp, #104]\n\t" + "STRD r10, r11, [sp, #144]\n\t" + "STR r12, [sp, #184]\n\t" + "STR lr, [sp, #188]\n\t" + /* Calc t[4] */ + "LDRD r2, r3, [%[state], #24]\n\t" + "LDRD r4, r5, [%[state]]\n\t" + "EOR r2, r2, r5, LSR #31\n\t" + "EOR r3, r3, r4, LSR #31\n\t" + "EOR r2, r2, r4, LSL #1\n\t" + "EOR r3, r3, r5, LSL #1\n\t" + /* XOR t[4] into s[x*5+4] */ + "LDRD r4, r5, [sp, #32]\n\t" + "LDRD r6, r7, [sp, #72]\n\t" + "LDRD r8, r9, [sp, #112]\n\t" + "LDRD r10, r11, [sp, #152]\n\t" + "LDR r12, [sp, #192]\n\t" + "LDR lr, [sp, #196]\n\t" + "EOR r4, r4, r2\n\t" + "EOR r5, r5, r3\n\t" + "EOR r6, r6, r2\n\t" + "EOR r7, r7, r3\n\t" + "EOR r8, r8, r2\n\t" + "EOR r9, r9, r3\n\t" + "EOR r10, r10, r2\n\t" + "EOR r11, r11, r3\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STRD r4, r5, [sp, #32]\n\t" + "STRD r6, r7, [sp, #72]\n\t" + "STRD r8, r9, [sp, #112]\n\t" + "STRD r10, r11, [sp, #152]\n\t" + "STR r12, [sp, #192]\n\t" + "STR lr, [sp, #196]\n\t" + /* Row Mix */ + /* Row 0 */ + "LDRD r2, r3, [sp]\n\t" + "LDRD r4, r5, [sp, #48]\n\t" + "LDRD r6, r7, [sp, #96]\n\t" + "LDRD r8, r9, [sp, #144]\n\t" + "LDRD r10, r11, [sp, #192]\n\t" + /* s[1] <<< 44 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #20\n\t" + "LSR r4, r4, #20\n\t" + "ORR r4, r4, r5, LSL #12\n\t" + "ORR r5, r12, lr, LSL #12\n\t" + /* s[2] <<< 43 */ + "MOV lr, r6\n\t" + "LSR r12, r7, #21\n\t" + "LSR r6, r6, #21\n\t" + "ORR r6, r6, r7, LSL #11\n\t" + "ORR r7, r12, lr, LSL #11\n\t" + /* s[3] <<< 21 */ + "LSR r12, r9, #11\n\t" + "LSR lr, r8, #11\n\t" + "ORR r8, r12, r8, LSL #21\n\t" + "ORR r9, lr, r9, LSL #21\n\t" + /* s[4] <<< 14 */ + "LSR r12, r11, #18\n\t" + "LSR lr, r10, #18\n\t" + "ORR r10, r12, r10, LSL #14\n\t" + "ORR r11, lr, r11, LSL #14\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [%[state], #8]\n\t" + "STR lr, [%[state], #12]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [%[state], #16]\n\t" + "STR lr, [%[state], #20]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [%[state], #24]\n\t" + "STR lr, [%[state], #28]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state], #32]\n\t" + "STR lr, [%[state], #36]\n\t" + /* Get constant */ + "LDRD r10, r11, [r1]\n\t" + "ADD r1, r1, #0x8\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + /* XOR in constant */ + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state]]\n\t" + "STR lr, [%[state], #4]\n\t" + /* Row 1 */ + "LDRD r2, r3, [sp, #24]\n\t" + "LDRD r4, r5, [sp, #72]\n\t" + "LDRD r6, r7, [sp, #80]\n\t" + "LDRD r8, r9, [sp, #128]\n\t" + "LDRD r10, r11, [sp, #176]\n\t" + /* s[0] <<< 28 */ + "LSR r12, r3, #4\n\t" + "LSR lr, r2, #4\n\t" + "ORR r2, r12, r2, LSL #28\n\t" + "ORR r3, lr, r3, LSL #28\n\t" + /* s[1] <<< 20 */ + "LSR r12, r5, #12\n\t" + "LSR lr, r4, #12\n\t" + "ORR r4, r12, r4, LSL #20\n\t" + "ORR r5, lr, r5, LSL #20\n\t" + /* s[2] <<< 3 */ + "LSR r12, r7, #29\n\t" + "LSR lr, r6, #29\n\t" + "ORR r6, r12, r6, LSL #3\n\t" + "ORR r7, lr, r7, LSL #3\n\t" + /* s[3] <<< 45 */ + "MOV lr, r8\n\t" + "LSR r12, r9, #19\n\t" + "LSR r8, r8, #19\n\t" + "ORR r8, r8, r9, LSL #13\n\t" + "ORR r9, r12, lr, LSL #13\n\t" + /* s[4] <<< 61 */ + "MOV lr, r10\n\t" + "LSR r12, r11, #3\n\t" + "LSR r10, r10, #3\n\t" + "ORR r10, r10, r11, LSL #29\n\t" + "ORR r11, r12, lr, LSL #29\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [%[state], #48]\n\t" + "STR lr, [%[state], #52]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [%[state], #56]\n\t" + "STR lr, [%[state], #60]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [%[state], #64]\n\t" + "STR lr, [%[state], #68]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state], #72]\n\t" + "STR lr, [%[state], #76]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [%[state], #40]\n\t" + "STR lr, [%[state], #44]\n\t" + /* Row 2 */ + "LDRD r2, r3, [sp, #8]\n\t" + "LDRD r4, r5, [sp, #56]\n\t" + "LDRD r6, r7, [sp, #104]\n\t" + "LDRD r8, r9, [sp, #152]\n\t" + "LDRD r10, r11, [sp, #160]\n\t" + /* s[0] <<< 1 */ + "LSR r12, r3, #31\n\t" + "LSR lr, r2, #31\n\t" + "ORR r2, r12, r2, LSL #1\n\t" + "ORR r3, lr, r3, LSL #1\n\t" + /* s[1] <<< 6 */ + "LSR r12, r5, #26\n\t" + "LSR lr, r4, #26\n\t" + "ORR r4, r12, r4, LSL #6\n\t" + "ORR r5, lr, r5, LSL #6\n\t" + /* s[2] <<< 25 */ + "LSR r12, r7, #7\n\t" + "LSR lr, r6, #7\n\t" + "ORR r6, r12, r6, LSL #25\n\t" + "ORR r7, lr, r7, LSL #25\n\t" + /* s[3] <<< 8 */ + "LSR r12, r9, #24\n\t" + "LSR lr, r8, #24\n\t" + "ORR r8, r12, r8, LSL #8\n\t" + "ORR r9, lr, r9, LSL #8\n\t" + /* s[4] <<< 18 */ + "LSR r12, r11, #14\n\t" + "LSR lr, r10, #14\n\t" + "ORR r10, r12, r10, LSL #18\n\t" + "ORR r11, lr, r11, LSL #18\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [%[state], #88]\n\t" + "STR lr, [%[state], #92]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [%[state], #96]\n\t" + "STR lr, [%[state], #100]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [%[state], #104]\n\t" + "STR lr, [%[state], #108]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state], #112]\n\t" + "STR lr, [%[state], #116]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [%[state], #80]\n\t" + "STR lr, [%[state], #84]\n\t" + /* Row 3 */ + "LDRD r2, r3, [sp, #32]\n\t" + "LDRD r4, r5, [sp, #40]\n\t" + "LDRD r6, r7, [sp, #88]\n\t" + "LDRD r8, r9, [sp, #136]\n\t" + "LDRD r10, r11, [sp, #184]\n\t" + /* s[0] <<< 27 */ + "LSR r12, r3, #5\n\t" + "LSR lr, r2, #5\n\t" + "ORR r2, r12, r2, LSL #27\n\t" + "ORR r3, lr, r3, LSL #27\n\t" + /* s[1] <<< 36 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #28\n\t" + "LSR r4, r4, #28\n\t" + "ORR r4, r4, r5, LSL #4\n\t" + "ORR r5, r12, lr, LSL #4\n\t" + /* s[2] <<< 10 */ + "LSR r12, r7, #22\n\t" + "LSR lr, r6, #22\n\t" + "ORR r6, r12, r6, LSL #10\n\t" + "ORR r7, lr, r7, LSL #10\n\t" + /* s[3] <<< 15 */ + "LSR r12, r9, #17\n\t" + "LSR lr, r8, #17\n\t" + "ORR r8, r12, r8, LSL #15\n\t" + "ORR r9, lr, r9, LSL #15\n\t" + /* s[4] <<< 56 */ + "MOV lr, r10\n\t" + "LSR r12, r11, #8\n\t" + "LSR r10, r10, #8\n\t" + "ORR r10, r10, r11, LSL #24\n\t" + "ORR r11, r12, lr, LSL #24\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [%[state], #128]\n\t" + "STR lr, [%[state], #132]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [%[state], #136]\n\t" + "STR lr, [%[state], #140]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [%[state], #144]\n\t" + "STR lr, [%[state], #148]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state], #152]\n\t" + "STR lr, [%[state], #156]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [%[state], #120]\n\t" + "STR lr, [%[state], #124]\n\t" + /* Row 4 */ + "LDRD r2, r3, [sp, #16]\n\t" + "LDRD r4, r5, [sp, #64]\n\t" + "LDRD r6, r7, [sp, #112]\n\t" + "LDRD r8, r9, [sp, #120]\n\t" + "LDRD r10, r11, [sp, #168]\n\t" + /* s[0] <<< 62 */ + "MOV lr, r2\n\t" + "LSR r12, r3, #2\n\t" + "LSR r2, r2, #2\n\t" + "ORR r2, r2, r3, LSL #30\n\t" + "ORR r3, r12, lr, LSL #30\n\t" + /* s[1] <<< 55 */ + "MOV lr, r4\n\t" + "LSR r12, r5, #9\n\t" + "LSR r4, r4, #9\n\t" + "ORR r4, r4, r5, LSL #23\n\t" + "ORR r5, r12, lr, LSL #23\n\t" + /* s[2] <<< 39 */ + "MOV lr, r6\n\t" + "LSR r12, r7, #25\n\t" + "LSR r6, r6, #25\n\t" + "ORR r6, r6, r7, LSL #7\n\t" + "ORR r7, r12, lr, LSL #7\n\t" + /* s[3] <<< 41 */ + "MOV lr, r8\n\t" + "LSR r12, r9, #23\n\t" + "LSR r8, r8, #23\n\t" + "ORR r8, r8, r9, LSL #9\n\t" + "ORR r9, r12, lr, LSL #9\n\t" + /* s[4] <<< 2 */ + "LSR r12, r11, #30\n\t" + "LSR lr, r10, #30\n\t" + "ORR r10, r12, r10, LSL #2\n\t" + "ORR r11, lr, r11, LSL #2\n\t" + "BIC r12, r8, r6\n\t" + "BIC lr, r9, r7\n\t" + "EOR r12, r12, r4\n\t" + "EOR lr, lr, r5\n\t" + "STR r12, [%[state], #168]\n\t" + "STR lr, [%[state], #172]\n\t" + "BIC r12, r10, r8\n\t" + "BIC lr, r11, r9\n\t" + "EOR r12, r12, r6\n\t" + "EOR lr, lr, r7\n\t" + "STR r12, [%[state], #176]\n\t" + "STR lr, [%[state], #180]\n\t" + "BIC r12, r2, r10\n\t" + "BIC lr, r3, r11\n\t" + "EOR r12, r12, r8\n\t" + "EOR lr, lr, r9\n\t" + "STR r12, [%[state], #184]\n\t" + "STR lr, [%[state], #188]\n\t" + "BIC r12, r4, r2\n\t" + "BIC lr, r5, r3\n\t" + "EOR r12, r12, r10\n\t" + "EOR lr, lr, r11\n\t" + "STR r12, [%[state], #192]\n\t" + "STR lr, [%[state], #196]\n\t" + "BIC r12, r6, r4\n\t" + "BIC lr, r7, r5\n\t" + "EOR r12, r12, r2\n\t" + "EOR lr, lr, r3\n\t" + "STR r12, [%[state], #160]\n\t" + "STR lr, [%[state], #164]\n\t" + "LDR r2, [sp, #200]\n\t" + "SUBS r2, r2, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_sha3_thumb2_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_sha3_thumb2_begin\n\t" +#else + "BNE.W L_sha3_thumb2_begin_%=\n\t" +#endif + "ADD sp, sp, #0xcc\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [state] "+r" (state), + [L_sha3_thumb2_rt] "+r" (L_sha3_thumb2_rt_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [state] "+r" (state) + : [L_sha3_thumb2_rt] "r" (L_sha3_thumb2_rt) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#endif /* WOLFSSL_SHA3 */ +#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S index 6031b92404..9170e9457f 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S @@ -1,6 +1,6 @@ /* thumb2-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,7 +39,7 @@ .text .type L_SHA512_transform_len_k, %object .size L_SHA512_transform_len_k, 640 - .align 4 + .align 8 L_SHA512_transform_len_k: .word 0xd728ae22 .word 0x428a2f98 @@ -2319,7 +2319,7 @@ L_SHA512_transform_len_start: STRD r4, r5, [sp, #120] ADD r3, r3, #0x80 SUBS r12, r12, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA512_transform_len_start #else BNE.W L_SHA512_transform_len_start @@ -3656,7 +3656,7 @@ L_SHA512_transform_len_start: SUBS r2, r2, #0x80 SUB r3, r3, #0x200 ADD r1, r1, #0x80 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA512_transform_len_begin #else BNE.W L_SHA512_transform_len_begin diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c index ab154ada0a..bd998025ad 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c @@ -1,6 +1,6 @@ /* thumb2-sha512-asm * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,19 +28,12 @@ #include #endif /* HAVE_CONFIG_H */ #include +#include #ifdef WOLFSSL_ARMASM #if !defined(__aarch64__) && defined(__thumb__) -#include -#ifdef HAVE_CONFIG_H - #include -#endif /* HAVE_CONFIG_H */ -#include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -133,7 +126,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "STRD r10, r11, [sp, #184]\n\t" /* Start of loop processing a block */ "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_SHA512_transform_len_begin:\n\t" +#else + "L_SHA512_transform_len_begin_%=:\n\t" +#endif /* Load, Reverse and Store W */ "LDR r4, [%[data]]\n\t" "LDR r5, [%[data], #4]\n\t" @@ -239,7 +236,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "MOV r12, #0x4\n\t" /* Start of 16 rounds */ "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_SHA512_transform_len_start:\n\t" +#else + "L_SHA512_transform_len_start_%=:\n\t" +#endif /* Round 0 */ "LDRD r4, r5, [%[sha512], #32]\n\t" "LSRS r6, r4, #14\n\t" @@ -2226,10 +2227,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "STRD r4, r5, [sp, #120]\n\t" "ADD r3, r3, #0x80\n\t" "SUBS r12, r12, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_SHA512_transform_len_start\n\t" -#else +#if defined(__GNUC__) + "BNE L_SHA512_transform_len_start_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_SHA512_transform_len_start\n\t" +#else + "BNE.W L_SHA512_transform_len_start_%=\n\t" #endif /* Round 0 */ "LDRD r4, r5, [%[sha512], #32]\n\t" @@ -3563,10 +3566,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "SUBS %[len], %[len], #0x80\n\t" "SUB r3, r3, #0x200\n\t" "ADD %[data], %[data], #0x80\n\t" -#ifdef __GNUC__ - "BNE L_SHA512_transform_len_begin\n\t" -#else +#if defined(__GNUC__) + "BNE L_SHA512_transform_len_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.W L_SHA512_transform_len_begin\n\t" +#else + "BNE.W L_SHA512_transform_len_begin_%=\n\t" #endif "EOR r0, r0, r0\n\t" "ADD sp, sp, #0xc0\n\t" @@ -3587,7 +3592,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) #endif /* WOLFSSL_SHA512 */ #endif /* !__aarch64__ && __thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__thumb__) */ -#endif /* WOLFSSL_ARMASM */ - #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 9a404d8b3f..31ad98fb45 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -1,6 +1,6 @@ /* atmel.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -136,7 +136,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out) int atmel_get_random_block(unsigned char* output, unsigned int sz) { - return atmel_get_random_number((uint32_t)sz, (uint8_t*)output); + return atmel_get_random_number((uint32_t)sz, (uint8_t*)output); } #if defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME) @@ -148,12 +148,12 @@ long atmel_get_curr_time_and_date(long* tm) { long rt = 0; - /* Get current time */ + /* Get current time */ struct rtc_calendar_time rtcTime; const int monthDay[] = {0,31,59,90,120,151,181,212,243,273,304,334}; int month, year, yearLeap; - rtc_calendar_get_time(_rtc_instance[0], &rtcTime); + rtc_calendar_get_time(_rtc_instance[0], &rtcTime); /* Convert rtc_calendar_time to seconds since UTC */ month = rtcTime.month % 12; @@ -359,7 +359,7 @@ int atmel_get_enc_key_default(byte* enckey, word16 keysize) static int atmel_init_enc_key(void) { int ret; - uint8_t read_key[ATECC_KEY_SIZE]; + uint8_t read_key[ATECC_KEY_SIZE]; uint8_t writeBlock = 0; uint8_t writeOffset = 0; int slotId; @@ -388,7 +388,7 @@ static int atmel_init_enc_key(void) ForceZero(read_key, sizeof(read_key)); ret = atmel_ecc_translate_err(ret); - return ret; + return ret; } #endif @@ -497,7 +497,7 @@ int atmel_init(void) extern ATCAIfaceCfg atecc608_0_init_data; #endif #endif - + if (!mAtcaInitDone) { ATCA_STATUS status; int i; @@ -940,7 +940,7 @@ int atcatls_verify_signature_cb(WOLFSSL* ssl, const byte* sig, return ret; } -static int atcatls_set_certificates(WOLFSSL_CTX *ctx) +static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { #ifndef ATCATLS_SIGNER_CERT_MAX_SIZE #define ATCATLS_SIGNER_CERT_MAX_SIZE 0x250 @@ -966,7 +966,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) uint8_t signerPubKeyBuffer[ATCATLS_PUBKEY_BUFF_MAX_SIZE]; #endif -#ifdef WOLFSSL_ATECC_TNGTLS +#ifdef WOLFSSL_ATECC_TNGTLS ret = tng_atcacert_max_signer_cert_size(&signerCertSize); if (ret != ATCACERT_E_SUCCESS) { #ifdef WOLFSSL_ATECC_DEBUG diff --git a/wolfcrypt/src/port/autosar/cryif.c b/wolfcrypt/src/port/autosar/cryif.c index 0bd767b4b2..6fd9cc1a22 100644 --- a/wolfcrypt/src/port/autosar/cryif.c +++ b/wolfcrypt/src/port/autosar/cryif.c @@ -28,13 +28,15 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR +#ifndef NO_WOLFSSL_AUTOSAR_CRYIF + #include #include #include #include -#ifdef WOLFSSL_AUTOSAR -#ifndef NO_WOLFSSL_AUTOSAR_CRYIF #include diff --git a/wolfcrypt/src/port/autosar/crypto.c b/wolfcrypt/src/port/autosar/crypto.c index f7812f190c..d5a7509f6b 100644 --- a/wolfcrypt/src/port/autosar/crypto.c +++ b/wolfcrypt/src/port/autosar/crypto.c @@ -25,12 +25,12 @@ #endif #include -#include -#include #ifdef WOLFSSL_AUTOSAR #ifndef NO_WOLFSSL_AUTOSAR_CRYPTO +#include +#include #include #include #include diff --git a/wolfcrypt/src/port/autosar/csm.c b/wolfcrypt/src/port/autosar/csm.c index f5df124b9a..8fa6063a71 100644 --- a/wolfcrypt/src/port/autosar/csm.c +++ b/wolfcrypt/src/port/autosar/csm.c @@ -25,14 +25,15 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR +#ifndef NO_WOLFSSL_AUTOSAR_CSM + #include #include #include #include -#ifdef WOLFSSL_AUTOSAR -#ifndef NO_WOLFSSL_AUTOSAR_CSM - /* AutoSAR 4.4 */ /* basic shim layer to plug in wolfSSL crypto */ diff --git a/wolfcrypt/src/port/autosar/test.c b/wolfcrypt/src/port/autosar/test.c index 4c311f189f..29cd8fc3e2 100644 --- a/wolfcrypt/src/port/autosar/test.c +++ b/wolfcrypt/src/port/autosar/test.c @@ -24,6 +24,9 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR + #include #include #define BLOCK_SIZE 16 @@ -428,3 +431,5 @@ int main(int argc, char* argv[]) #endif /* REDIRECTION_CONFIG */ return ret; } + +#endif /* WOLFSSL_AUTOSAR */ diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c index 56efdacf10..b744c12447 100644 --- a/wolfcrypt/src/port/caam/caam_aes.c +++ b/wolfcrypt/src/port/caam/caam_aes.c @@ -1,6 +1,6 @@ /* caam_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c index 4698d7a520..c0c212fb91 100644 --- a/wolfcrypt/src/port/caam/caam_driver.c +++ b/wolfcrypt/src/port/caam/caam_driver.c @@ -1,6 +1,6 @@ /* caam_driver.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -129,7 +129,7 @@ static Error caamDebugDesc(struct DescStruct* desc) } - //D0JQCR_LS + /* D0JQCR_LS */ printf("Next command to be executed = 0x%08X\n", CAAM_READ(0x8804)); printf("Desc = 0x%08X\n", desc->caam->ring.Desc); diff --git a/wolfcrypt/src/port/caam/caam_error.c b/wolfcrypt/src/port/caam/caam_error.c index 00830520f3..d1ae990614 100644 --- a/wolfcrypt/src/port/caam/caam_error.c +++ b/wolfcrypt/src/port/caam/caam_error.c @@ -1,6 +1,6 @@ /* caam_error.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/caam_integrity.c b/wolfcrypt/src/port/caam/caam_integrity.c index b520d61464..bbe4dcef9f 100644 --- a/wolfcrypt/src/port/caam/caam_integrity.c +++ b/wolfcrypt/src/port/caam/caam_integrity.c @@ -1,6 +1,6 @@ /* caam_integrity.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c index d6e94e8d38..0c5e407a6a 100644 --- a/wolfcrypt/src/port/caam/caam_qnx.c +++ b/wolfcrypt/src/port/caam/caam_qnx.c @@ -1,6 +1,6 @@ /* caam_qnx.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1641,8 +1641,9 @@ int io_close_ocb(resmgr_context_t *ctp, void *reserved, RESMGR_OCB_T *ocb) #if 0 static int getSupported(char* in) { - //printf("CAAM Status [0x%8.8x] = 0x%8.8x\n", - // CAAM_STATUS, WC_CAAM_READ(CAAM_STATUS)); + /* printf("CAAM Status [0x%8.8x] = 0x%8.8x\n", + * CAAM_STATUS, WC_CAAM_READ(CAAM_STATUS)); + */ printf("CAAM Version MS Register [0x%8.8x] = 0x%8.8x\n", CAAM_VERSION_MS, CAAM_READ(CAAM_VERSION_MS)); printf("CAAM Version LS Register [0x%8.8x] = 0x%8.8x\n", diff --git a/wolfcrypt/src/port/caam/caam_sha.c b/wolfcrypt/src/port/caam/caam_sha.c index 03ef6e0c5e..6964a3c4cb 100644 --- a/wolfcrypt/src/port/caam/caam_sha.c +++ b/wolfcrypt/src/port/caam/caam_sha.c @@ -1,6 +1,6 @@ /* caam_sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_aes.c b/wolfcrypt/src/port/caam/wolfcaam_aes.c index 73b82426d2..02930c64bd 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_aes.c +++ b/wolfcrypt/src/port/caam/wolfcaam_aes.c @@ -1,6 +1,6 @@ /* wolfcaam_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c index 737f19da01..28a7e9821b 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c +++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c @@ -1,6 +1,6 @@ /* wolfcaam_cmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c index c84b0807af..e9f55f21e7 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c +++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c @@ -1,6 +1,6 @@ /* wolfcaam_ecdsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c index 848d682598..b0bf50d72c 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c +++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c @@ -1,6 +1,6 @@ /* wolfcaam_fsl_nxp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -160,9 +160,7 @@ static int wc_CAAM_CommonHash(caam_handle_t* hndl, caam_hash_ctx_t *ctx, } status = CAAM_HASH_Update(ctx, alignedIn, inSz); - if (tmpIn != NULL) { - XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (status != kStatus_Success) { return WC_HW_E; } @@ -339,9 +337,7 @@ static int DoAesCTR(unsigned int args[4], CAAM_BUFFER *buf, int sz) XMEMCPY((byte*)buf[3].TheAddress, alignedOut, buf[3].Length); XFREE(tmpOut, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (tmpIn != NULL) { - XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (status != kStatus_Success) { return -1; } @@ -491,9 +487,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, status = CAAM_ECC_Sign(CAAM, &hndl, k, kSz, alignedIn, inlen, r, rSz, s, sSz, ecdsel, enc); - if (tmpIn != NULL) { - XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (status != kStatus_Success) { ret = -1; @@ -604,9 +598,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash, status = CAAM_ECC_Verify(CAAM, &hndl, qxy, qxLen+qyLen, rbuf, keySz, sbuf, keySz, alignedIn, hashlen, ecdsel); - if (tmpIn != NULL) { - XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); *res = 0; if (status == kStatus_Success) { *res = 1; diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c index d3155468f0..c05b40b99d 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_hash.c +++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c @@ -1,6 +1,6 @@ /* wolfcaam_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,7 +26,7 @@ #include #if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CAAM_HASH) \ - && !defined(WOLFSSL_IMXRT1170_CAAM) + && !defined(WOLFSSL_IMXRT1170_CAAM) #include #include diff --git a/wolfcrypt/src/port/caam/wolfcaam_hmac.c b/wolfcrypt/src/port/caam/wolfcaam_hmac.c index 4a31291419..95d6a04eae 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_hmac.c +++ b/wolfcrypt/src/port/caam/wolfcaam_hmac.c @@ -1,6 +1,6 @@ /* wolfcaam_hmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,7 +59,7 @@ int wc_CAAM_Hmac(Hmac* hmac, int macType, const byte* msg, int msgSz, hmac->keyLen); if (ret != 0) { WOLFSSL_MSG("Error with set key"); - if (ret == HASH_TYPE_E) { + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) { ret = CRYPTOCB_UNAVAILABLE; /* that hash type is not supported*/ } } diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c index d6e93cf5a2..3abb4d9226 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_init.c +++ b/wolfcrypt/src/port/caam/wolfcaam_init.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -79,7 +79,7 @@ int wc_caamSetResource(IODevice ioDev) /* used to route crypto operations through crypto callback */ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx) { - int ret = CRYPTOCB_UNAVAILABLE; + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); (void)ctx; (void)devId; @@ -694,7 +694,7 @@ int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, word32* outSz) } #endif /* WOLFSSL_CAAM_BLOB */ -/* outSz gets set to key size plus 16 for mac and padding +/* outSz gets set to key size plus 16 for mac and padding * return 0 on success */ int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag) diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c index 23db33c965..a6bebbc6e2 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c +++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c @@ -1,6 +1,6 @@ /* wolfcaam_qnx.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_rsa.c b/wolfcrypt/src/port/caam/wolfcaam_rsa.c index f035a0b70b..ac824ecec2 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_rsa.c +++ b/wolfcrypt/src/port/caam/wolfcaam_rsa.c @@ -1,6 +1,6 @@ /* wolfcaam_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c index 8326f308f2..d7abc55da3 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_seco.c +++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c @@ -1,6 +1,6 @@ /* wolfcaam_seco.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1215,9 +1215,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv, } } - if (wrappedKey != NULL) { - XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (wc_TranslateHSMError(0, err) != Success) { return 0; diff --git a/wolfcrypt/src/port/caam/wolfcaam_x25519.c b/wolfcrypt/src/port/caam/wolfcaam_x25519.c index 6147380250..9ead7b4092 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_x25519.c +++ b/wolfcrypt/src/port/caam/wolfcaam_x25519.c @@ -1,6 +1,6 @@ /* wolfcaam_x25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c index b6c9542287..d16768796c 100644 --- a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c +++ b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c @@ -1,6 +1,6 @@ /* cavium_octeon_sync.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -775,7 +775,7 @@ static int Octeon_AesGcm_Decrypt(Aes* aes, byte* in, byte* out, word32 inSz, static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) { - int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and use SW */ if (info == NULL) return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/port/cuda/README.md b/wolfcrypt/src/port/cuda/README.md new file mode 100644 index 0000000000..e508b3d945 --- /dev/null +++ b/wolfcrypt/src/port/cuda/README.md @@ -0,0 +1,9 @@ +You will need to have the CUDA libraries and toolchains installed to be able to use this. For the simplest +setup, I used the 'nvidia/cuda:12.3.2-devel-ubuntu22.04' container with the '--gpus=all' flag. Note that +Docker must be set up to allow passing through the CUDA instructions to the host. The container only needs +'automake' and 'libtool' installed: `apt update && apt install -y automake libtool`. + +This code was tested with the following: + ./configure --enable-all --disable-shared --disable-crl-monitor --enable-cuda CC=nvcc && make check + +There are still things that can be done to optimize, but the basic functionality is there. diff --git a/wolfcrypt/src/port/cuda/aes-cuda.cu b/wolfcrypt/src/port/cuda/aes-cuda.cu new file mode 100644 index 0000000000..1fc462188c --- /dev/null +++ b/wolfcrypt/src/port/cuda/aes-cuda.cu @@ -0,0 +1,1096 @@ +/* aes.cu + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + +DESCRIPTION +This library provides the interfaces to the Advanced Encryption Standard (AES) +for encrypting and decrypting data. AES is the standard known for a symmetric +block cipher mechanism that uses n-bit binary string parameter key with 128-bits, +192-bits, and 256-bits of key sizes. + +*/ +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include + +#include + +#ifdef WOLFSSL_AESNI +#include +#include +#include +#endif /* WOLFSSL_AESNI */ + +#include + +#ifdef WOLF_CRYPTO_CB + #include +#endif + +#ifdef WOLFSSL_SECO_CAAM +#include +#endif + +#ifdef WOLFSSL_IMXRT_DCP + #include +#endif +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) + #include +#endif + +#if defined(WOLFSSL_AES_SIV) + #include +#endif /* WOLFSSL_AES_SIV */ + +#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) + #include +#endif + + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX +/* #include */ +#endif +/* This routine performs a left circular arithmetic shift of by value. */ + +extern "C" { + +#if !defined(WOLFSSL_TI_CRYPT) + +#define rotlFixed(x, y) ( (x << y) | (x >> (sizeof(x) * 8 - y)) ) + +/* This routine performs a right circular arithmetic shift of by value. */ +#define rotrFixed(x, y) ( (x >> y) | (x << (sizeof(x) * 8 - y)) ) + +#ifdef WC_RC2 + +/* This routine performs a left circular arithmetic shift of by value */ +static WC_INLINE word16 rotlFixed16(word16 x, word16 y) +{ + return (x << y) | (x >> (sizeof(x) * 8 - y)); +} + + +/* This routine performs a right circular arithmetic shift of by value */ +static WC_INLINE word16 rotrFixed16(word16 x, word16 y) +{ + return (x >> y) | (x << (sizeof(x) * 8 - y)); +} + +#endif /* WC_RC2 */ + +/* This routine performs a byte swap of 32-bit word value. */ +#if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */ + #define ByteReverseWord32(value, outRef) ( *outRef = _builtin_revl(value) ) +#else +__device__ +static WC_INLINE word32 ByteReverseWord32(word32 value) +{ +#ifdef PPC_INTRINSICS + /* PPC: load reverse indexed instruction */ + return (word32)__lwbrx(&value,0); +#elif defined(__ICCARM__) + return (word32)__REV(value); +#elif defined(KEIL_INTRINSICS) + return (word32)__rev(value); +#elif defined(__CCRX__) + return (word32)_builtin_revl(value); +#elif defined(WOLF_ALLOW_BUILTIN) && \ + defined(__GNUC_PREREQ) && __GNUC_PREREQ(4, 3) + return (word32)__builtin_bswap32(value); +#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \ + defined(__aarch64__) + __asm__ volatile ( + "REV32 %0, %0 \n" + : "+r" (value) + : + ); + return value; +#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \ + (defined(__thumb__) || defined(__arm__)) + __asm__ volatile ( + "REV %0, %0 \n" + : "+r" (value) + : + ); + return value; +#elif defined(FAST_ROTATE) + /* 5 instructions with rotate instruction, 9 without */ + return (rotrFixed(value, 8U) & 0xff00ff00) | + (rotlFixed(value, 8U) & 0x00ff00ff); +#else + /* 6 instructions with rotate instruction, 8 without */ + value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); + return rotlFixed(value, 16U); +#endif +} +#endif /* ! (__CCRX__ && !NO_INLINE) */ + +#if defined(STM32_CRYPTO) +#elif defined(HAVE_COLDFIRE_SEC) +#elif defined(FREESCALE_LTC) +#elif defined(FREESCALE_MMCAU) +#elif defined(WOLFSSL_PIC32MZ_CRYPT) +#elif defined(WOLFSSL_NRF51_AES) +#elif defined(WOLFSSL_ESP32_CRYPT) && \ + !defined(NO_WOLFSSL_ESP32_CRYPT_AES) +#elif defined(WOLFSSL_AESNI) +#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \ + && !defined(WOLFSSL_QNX_CAAM)) || \ + ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \ + defined(HAVE_AESCCM)) +#elif defined(WOLFSSL_AFALG) + /* implemented in wolfcrypt/src/port/af_alg/afalg_aes.c */ + +#elif defined(WOLFSSL_DEVCRYPTO_AES) + /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */ + +#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) +#elif defined(WOLFSSL_KCAPI_AES) +#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) +/* implemented in wolfcrypt/src/port/psa/psa_aes.c */ + +#else + + /* using wolfCrypt software implementation */ + #define NEED_AES_TABLES +#endif + +#if !defined(NO_AES) && !defined(WOLFSSL_TI_CRYPT) && !defined(WOLFSSL_ARMASM) && \ + defined(NEED_AES_TABLES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM)) && \ + defined(HAVE_CUDA) + +#define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y)))) + +#ifndef WC_CACHE_LINE_SZ + #if defined(__x86_64__) || defined(_M_X64) || \ + (defined(__ILP32__) && (__ILP32__ >= 1)) + #define WC_CACHE_LINE_SZ 64 + #else + /* default cache line size */ + #define WC_CACHE_LINE_SZ 32 + #endif +#endif + +#if WC_CACHE_LINE_SZ == 128 + #define WC_CACHE_LINE_BITS 5 + #define WC_CACHE_LINE_MASK_HI 0xe0 + #define WC_CACHE_LINE_MASK_LO 0x1f + #define WC_CACHE_LINE_ADD 0x20 +#elif WC_CACHE_LINE_SZ == 64 + #define WC_CACHE_LINE_BITS 4 + #define WC_CACHE_LINE_MASK_HI 0xf0 + #define WC_CACHE_LINE_MASK_LO 0x0f + #define WC_CACHE_LINE_ADD 0x10 +#elif WC_CACHE_LINE_SZ == 32 + #define WC_CACHE_LINE_BITS 3 + #define WC_CACHE_LINE_MASK_HI 0xf8 + #define WC_CACHE_LINE_MASK_LO 0x07 + #define WC_CACHE_LINE_ADD 0x08 +#elif WC_CACHE_LINE_SZ == 16 + #define WC_CACHE_LINE_BITS 2 + #define WC_CACHE_LINE_MASK_HI 0xfc + #define WC_CACHE_LINE_MASK_LO 0x03 + #define WC_CACHE_LINE_ADD 0x04 +#else + #error Cache line size not supported +#endif + +#ifndef WOLFSSL_AES_SMALL_TABLES +__device__ +const FLASH_QUALIFIER word32 Te_CUDA[4][256] = { +{ + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}, +{ + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}, +{ + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}, +{ + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +} +}; + + +__device__ +static word32 GetTable(const word32* t, byte o) +{ + word32 e = 0; +#if WC_CACHE_LINE_SZ == 64 + byte hi = o & 0xf0; + byte lo = o & 0x0f; + + e = t[lo + 0x00] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x10] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x20] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x30] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x40] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x50] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x60] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x70] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x80] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0x90] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xa0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xb0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xc0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xd0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xe0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10; + e |= t[lo + 0xf0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); +#else + int i; + byte hi = o & WC_CACHE_LINE_MASK_HI; + byte lo = o & WC_CACHE_LINE_MASK_LO; + + for (i = 0; i < 256; i += (1 << WC_CACHE_LINE_BITS)) { + e |= t[lo + i] & ((word32)0 - (((word32)hi - 0x01) >> 31)); + hi -= WC_CACHE_LINE_ADD; + } +#endif + return e; +} + +__device__ +static void GetTable_Multi(const word32* t, word32* t0, byte o0, + word32* t1, byte o1, word32* t2, byte o2, word32* t3, byte o3) +{ + word32 e0 = 0; + word32 e1 = 0; + word32 e2 = 0; + word32 e3 = 0; + byte hi0 = o0 & WC_CACHE_LINE_MASK_HI; + byte lo0 = o0 & WC_CACHE_LINE_MASK_LO; + byte hi1 = o1 & WC_CACHE_LINE_MASK_HI; + byte lo1 = o1 & WC_CACHE_LINE_MASK_LO; + byte hi2 = o2 & WC_CACHE_LINE_MASK_HI; + byte lo2 = o2 & WC_CACHE_LINE_MASK_LO; + byte hi3 = o3 & WC_CACHE_LINE_MASK_HI; + byte lo3 = o3 & WC_CACHE_LINE_MASK_LO; + int i; + + for (i = 0; i < 256; i += (1 << WC_CACHE_LINE_BITS)) { + e0 |= t[lo0 + i] & ((word32)0 - (((word32)hi0 - 0x01) >> 31)); + hi0 -= WC_CACHE_LINE_ADD; + e1 |= t[lo1 + i] & ((word32)0 - (((word32)hi1 - 0x01) >> 31)); + hi1 -= WC_CACHE_LINE_ADD; + e2 |= t[lo2 + i] & ((word32)0 - (((word32)hi2 - 0x01) >> 31)); + hi2 -= WC_CACHE_LINE_ADD; + e3 |= t[lo3 + i] & ((word32)0 - (((word32)hi3 - 0x01) >> 31)); + hi3 -= WC_CACHE_LINE_ADD; + } + *t0 = e0; + *t1 = e1; + *t2 = e2; + *t3 = e3; +} + +/* load 4 Te Tables into cache by cache line stride */ +__device__ +static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTe(void) +{ +#ifndef WOLFSSL_AES_TOUCH_LINES + word32 x = 0; + int i,j; + + for (i = 0; i < 4; i++) { + /* 256 elements, each one is 4 bytes */ + for (j = 0; j < 256; j += WC_CACHE_LINE_SZ/4) { + x &= Te_CUDA[i][j]; + } + } + return x; +#else + return 0; +#endif +} +#else +__device__ static const byte Tsbox[256] = { + 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, + 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, + 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, + 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, + 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, + 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, + 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, + 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, + 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, + 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, + 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, + 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, + 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, + 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, + 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, + 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, + 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, + 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, + 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, + 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, + 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, + 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, + 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, + 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, + 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, + 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, + 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, + 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, + 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, + 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, + 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, + 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U +}; + +#define AES_XTIME(x) ((byte)((byte)((x) << 1) ^ ((0 - ((x) >> 7)) & 0x1b))) + +#define col_mul(t, i2, i3, ia, ib) \ + ( GETBYTE(t, ia) ^ GETBYTE(t, ib) ^ GETBYTE(t, i3) ^ AES_XTIME(GETBYTE(t, i2) ^ GETBYTE(t, i3)) ) + +#define GetTable(t, o) t[o] +#define GetTable8(t, o) t[o] +#define GetTable_Multi(t, t0, o0, t1, o1, t2, o2, t3, o3) \ + *(t0) = (t)[o0]; *(t1) = (t)[o1]; *(t2) = (t)[o2]; *(t3) = (t)[o3] +#define XorTable_Multi(t, t0, o0, t1, o1, t2, o2, t3, o3) \ + *(t0) ^= (t)[o0]; *(t1) ^= (t)[o1]; *(t2) ^= (t)[o2]; *(t3) ^= (t)[o3] +#define GetTable8_4(t, o0, o1, o2, o3) \ + (((word32)(t)[o0] << 24) | ((word32)(t)[o1] << 16) | \ + ((word32)(t)[o2] << 8) | ((word32)(t)[o3] << 0)) + +/* load sbox into cache by cache line stride */ +#ifndef WOLFSSL_AES_TOUCH_LINES + #define PreFetchSBox(x) { \ + x = 0; \ + int i; \ + for (i = 0; i < 256; i += WC_CACHE_LINE_SZ/4) { \ + x &= Tsbox[i]; \ + } \ + } +#else + #define PreFetchSBox(x) ( x = 0 ) +#endif +#endif + +#if !defined(WC_AES_BITSLICED) +/* Encrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] inBlock Block to encrypt. + * @param [out] outBlock Encrypted block. + * @param [in] r Rounds divided by 2. + * @param [in] sz Number of blocks to encrypt + */ +__global__ void AesEncrypt_C_CUDA(word32* rkBase, const byte* inBlockBase, byte* outBlockBase, + word32 r, word32 sz) +{ + word32 s0, s1, s2, s3; + word32 t0, t1, t2, t3; + word32 sBox; + int index = blockIdx.x * blockDim.x + threadIdx.x; + int stride = blockDim.x * gridDim.x; + const byte* inBlock = inBlockBase; + byte* outBlock = outBlockBase; + word32* rk; + + for (int i = index; i < sz; i += stride) { + rk = rkBase; + inBlock = inBlockBase + i * 4 * sizeof(s0); + outBlock = outBlockBase + i * 4 * sizeof(s0); + + /* + * map byte array block to cipher state + * and add initial round key: + */ + XMEMCPY(&s0, inBlock, sizeof(s0)); + XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1)); + XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2)); + XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3)); + +#ifdef LITTLE_ENDIAN_ORDER + s0 = ByteReverseWord32(s0); + s1 = ByteReverseWord32(s1); + s2 = ByteReverseWord32(s2); + s3 = ByteReverseWord32(s3); +#endif + + /* AddRoundKey */ + s0 ^= rk[0]; + s1 ^= rk[1]; + s2 ^= rk[2]; + s3 ^= rk[3]; + +#ifndef WOLFSSL_AES_SMALL_TABLES +#ifndef WC_NO_CACHE_RESISTANT + s0 |= PreFetchTe(); +#endif + +#ifndef WOLFSSL_AES_TOUCH_LINES +#define ENC_ROUND_T_S(o) \ + t0 = GetTable(Te_CUDA[0], GETBYTE(s0, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s1, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(s2, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s3, 0)) ^ \ + rk[(o)+4]; \ + t1 = GetTable(Te_CUDA[0], GETBYTE(s1, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s2, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(s3, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s0, 0)) ^ \ + rk[(o)+5]; \ + t2 = GetTable(Te_CUDA[0], GETBYTE(s2, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s3, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(s0, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s1, 0)) ^ \ + rk[(o)+6]; \ + t3 = GetTable(Te_CUDA[0], GETBYTE(s3, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s0, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(s1, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s2, 0)) ^ \ + rk[(o)+7] +#define ENC_ROUND_S_T(o) \ + s0 = GetTable(Te_CUDA[0], GETBYTE(t0, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t1, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(t2, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t3, 0)) ^ \ + rk[(o)+0]; \ + s1 = GetTable(Te_CUDA[0], GETBYTE(t1, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t2, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(t3, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t0, 0)) ^ \ + rk[(o)+1]; \ + s2 = GetTable(Te_CUDA[0], GETBYTE(t2, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t3, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(t0, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t1, 0)) ^ \ + rk[(o)+2]; \ + s3 = GetTable(Te_CUDA[0], GETBYTE(t3, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t0, 2)) ^ \ + GetTable(Te_CUDA[2], GETBYTE(t1, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t2, 0)) ^ \ + rk[(o)+3] +#else +#define ENC_ROUND_T_S(o) \ + GetTable_Multi(Te_CUDA[0], &t0, GETBYTE(s0, 3), &t1, GETBYTE(s1, 3), \ + &t2, GETBYTE(s2, 3), &t3, GETBYTE(s3, 3)); \ + XorTable_Multi(Te_CUDA[1], &t0, GETBYTE(s1, 2), &t1, GETBYTE(s2, 2), \ + &t2, GETBYTE(s3, 2), &t3, GETBYTE(s0, 2)); \ + XorTable_Multi(Te_CUDA[2], &t0, GETBYTE(s2, 1), &t1, GETBYTE(s3, 1), \ + &t2, GETBYTE(s0, 1), &t3, GETBYTE(s1, 1)); \ + XorTable_Multi(Te_CUDA[3], &t0, GETBYTE(s3, 0), &t1, GETBYTE(s0, 0), \ + &t2, GETBYTE(s1, 0), &t3, GETBYTE(s2, 0)); \ + t0 ^= rk[(o)+4]; t1 ^= rk[(o)+5]; t2 ^= rk[(o)+6]; t3 ^= rk[(o)+7]; + +#define ENC_ROUND_S_T(o) \ + GetTable_Multi(Te_CUDA[0], &s0, GETBYTE(t0, 3), &s1, GETBYTE(t1, 3), \ + &s2, GETBYTE(t2, 3), &s3, GETBYTE(t3, 3)); \ + XorTable_Multi(Te_CUDA[1], &s0, GETBYTE(t1, 2), &s1, GETBYTE(t2, 2), \ + &s2, GETBYTE(t3, 2), &s3, GETBYTE(t0, 2)); \ + XorTable_Multi(Te_CUDA[2], &s0, GETBYTE(t2, 1), &s1, GETBYTE(t3, 1), \ + &s2, GETBYTE(t0, 1), &s3, GETBYTE(t1, 1)); \ + XorTable_Multi(Te_CUDA[3], &s0, GETBYTE(t3, 0), &s1, GETBYTE(t0, 0), \ + &s2, GETBYTE(t1, 0), &s3, GETBYTE(t2, 0)); \ + s0 ^= rk[(o)+0]; s1 ^= rk[(o)+1]; s2 ^= rk[(o)+2]; s3 ^= rk[(o)+3]; +#endif + +#ifndef WOLFSSL_AES_NO_UNROLL + /* Unroll the loop. */ + ENC_ROUND_T_S( 0); + ENC_ROUND_S_T( 8); ENC_ROUND_T_S( 8); + ENC_ROUND_S_T(16); ENC_ROUND_T_S(16); + ENC_ROUND_S_T(24); ENC_ROUND_T_S(24); + ENC_ROUND_S_T(32); ENC_ROUND_T_S(32); + if (r > 5) { + ENC_ROUND_S_T(40); ENC_ROUND_T_S(40); + if (r > 6) { + ENC_ROUND_S_T(48); ENC_ROUND_T_S(48); + } + } + rk += r * 8; +#else + /* + * Nr - 1 full rounds: + */ + + for (;;) { + ENC_ROUND_T_S(0); + + rk += 8; + if (--r == 0) { + break; + } + + ENC_ROUND_S_T(0); + } +#endif + + /* + * apply last round and + * map cipher state to byte array block: + */ + +#ifndef WOLFSSL_AES_TOUCH_LINES + s0 = + (GetTable(Te_CUDA[2], GETBYTE(t0, 3)) & 0xff000000) ^ + (GetTable(Te_CUDA[3], GETBYTE(t1, 2)) & 0x00ff0000) ^ + (GetTable(Te_CUDA[0], GETBYTE(t2, 1)) & 0x0000ff00) ^ + (GetTable(Te_CUDA[1], GETBYTE(t3, 0)) & 0x000000ff) ^ + rk[0]; + s1 = + (GetTable(Te_CUDA[2], GETBYTE(t1, 3)) & 0xff000000) ^ + (GetTable(Te_CUDA[3], GETBYTE(t2, 2)) & 0x00ff0000) ^ + (GetTable(Te_CUDA[0], GETBYTE(t3, 1)) & 0x0000ff00) ^ + (GetTable(Te_CUDA[1], GETBYTE(t0, 0)) & 0x000000ff) ^ + rk[1]; + s2 = + (GetTable(Te_CUDA[2], GETBYTE(t2, 3)) & 0xff000000) ^ + (GetTable(Te_CUDA[3], GETBYTE(t3, 2)) & 0x00ff0000) ^ + (GetTable(Te_CUDA[0], GETBYTE(t0, 1)) & 0x0000ff00) ^ + (GetTable(Te_CUDA[1], GETBYTE(t1, 0)) & 0x000000ff) ^ + rk[2]; + s3 = + (GetTable(Te_CUDA[2], GETBYTE(t3, 3)) & 0xff000000) ^ + (GetTable(Te_CUDA[3], GETBYTE(t0, 2)) & 0x00ff0000) ^ + (GetTable(Te_CUDA[0], GETBYTE(t1, 1)) & 0x0000ff00) ^ + (GetTable(Te_CUDA[1], GETBYTE(t2, 0)) & 0x000000ff) ^ + rk[3]; +#else + { + word32 u0; + word32 u1; + word32 u2; + word32 u3; + + s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; + GetTable_Multi(Te_CUDA[2], &u0, GETBYTE(t0, 3), &u1, GETBYTE(t1, 3), + &u2, GETBYTE(t2, 3), &u3, GETBYTE(t3, 3)); + s0 ^= u0 & 0xff000000; s1 ^= u1 & 0xff000000; + s2 ^= u2 & 0xff000000; s3 ^= u3 & 0xff000000; + GetTable_Multi(Te_CUDA[3], &u0, GETBYTE(t1, 2), &u1, GETBYTE(t2, 2), + &u2, GETBYTE(t3, 2), &u3, GETBYTE(t0, 2)); + s0 ^= u0 & 0x00ff0000; s1 ^= u1 & 0x00ff0000; + s2 ^= u2 & 0x00ff0000; s3 ^= u3 & 0x00ff0000; + GetTable_Multi(Te_CUDA[0], &u0, GETBYTE(t2, 1), &u1, GETBYTE(t3, 1), + &u2, GETBYTE(t0, 1), &u3, GETBYTE(t1, 1)); + s0 ^= u0 & 0x0000ff00; s1 ^= u1 & 0x0000ff00; + s2 ^= u2 & 0x0000ff00; s3 ^= u3 & 0x0000ff00; + GetTable_Multi(Te_CUDA[1], &u0, GETBYTE(t3, 0), &u1, GETBYTE(t0, 0), + &u2, GETBYTE(t1, 0), &u3, GETBYTE(t2, 0)); + s0 ^= u0 & 0x000000ff; s1 ^= u1 & 0x000000ff; + s2 ^= u2 & 0x000000ff; s3 ^= u3 & 0x000000ff; + } +#endif +#else +#ifndef WC_NO_CACHE_RESISTANT + s0 |= PreFetchSBox(); +#endif + + r *= 2; + /* Two rounds at a time */ + for (rk += 4; r > 1; r--, rk += 4) { + t0 = + ((word32)GetTable8(Tsbox, GETBYTE(s0, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 0))); + t1 = + ((word32)GetTable8(Tsbox, GETBYTE(s1, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 0))); + t2 = + ((word32)GetTable8(Tsbox, GETBYTE(s2, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 0))); + t3 = + ((word32)GetTable8(Tsbox, GETBYTE(s3, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 0))); + + s0 = + (col_mul(t0, 3, 2, 0, 1) << 24) ^ + (col_mul(t0, 2, 1, 0, 3) << 16) ^ + (col_mul(t0, 1, 0, 2, 3) << 8) ^ + (col_mul(t0, 0, 3, 2, 1) ) ^ + rk[0]; + s1 = + (col_mul(t1, 3, 2, 0, 1) << 24) ^ + (col_mul(t1, 2, 1, 0, 3) << 16) ^ + (col_mul(t1, 1, 0, 2, 3) << 8) ^ + (col_mul(t1, 0, 3, 2, 1) ) ^ + rk[1]; + s2 = + (col_mul(t2, 3, 2, 0, 1) << 24) ^ + (col_mul(t2, 2, 1, 0, 3) << 16) ^ + (col_mul(t2, 1, 0, 2, 3) << 8) ^ + (col_mul(t2, 0, 3, 2, 1) ) ^ + rk[2]; + s3 = + (col_mul(t3, 3, 2, 0, 1) << 24) ^ + (col_mul(t3, 2, 1, 0, 3) << 16) ^ + (col_mul(t3, 1, 0, 2, 3) << 8) ^ + (col_mul(t3, 0, 3, 2, 1) ) ^ + rk[3]; + } + + t0 = + ((word32)GetTable8(Tsbox, GETBYTE(s0, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 0))); + t1 = + ((word32)GetTable8(Tsbox, GETBYTE(s1, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 0))); + t2 = + ((word32)GetTable8(Tsbox, GETBYTE(s2, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s3, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 0))); + t3 = + ((word32)GetTable8(Tsbox, GETBYTE(s3, 3)) << 24) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s0, 2)) << 16) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s1, 1)) << 8) ^ + ((word32)GetTable8(Tsbox, GETBYTE(s2, 0))); + s0 = t0 ^ rk[0]; + s1 = t1 ^ rk[1]; + s2 = t2 ^ rk[2]; + s3 = t3 ^ rk[3]; +#endif + + /* write out */ +#ifdef LITTLE_ENDIAN_ORDER + s0 = ByteReverseWord32(s0); + s1 = ByteReverseWord32(s1); + s2 = ByteReverseWord32(s2); + s3 = ByteReverseWord32(s3); +#endif + + XMEMCPY(outBlock, &s0, sizeof(s0)); + XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1)); + XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2)); + XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); + } +} + +void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, + word32 r) +{ + byte *inBlock_GPU = NULL; + byte *outBlock_GPU = NULL; + word32* rk_GPU = NULL; + cudaError_t ret = cudaSuccess; + +#ifdef WC_C_DYNAMIC_FALLBACK + if ( ret == cudaSuccess ) + ret = cudaMalloc(&rk_GPU, sizeof(aes->key_C_fallback)); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(rk_GPU, aes->key_C_fallback, sizeof(aes->key_C_fallback), cudaMemcpyDefault); +#else + if ( ret == cudaSuccess ) + ret = cudaMalloc(&rk_GPU, sizeof(aes->key)); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(rk_GPU, aes->key, sizeof(aes->key), cudaMemcpyDefault); +#endif + + if ( ret == cudaSuccess ) + ret = cudaMalloc(&inBlock_GPU, AES_BLOCK_SIZE); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(inBlock_GPU, inBlock, AES_BLOCK_SIZE, cudaMemcpyDefault); + + if ( ret == cudaSuccess ) + ret = cudaMalloc(&outBlock_GPU, AES_BLOCK_SIZE); + + if ( ret == cudaSuccess ) + AesEncrypt_C_CUDA<<<1,1>>>(rk_GPU, inBlock_GPU, outBlock_GPU, r, 1); + + if ( ret == cudaSuccess ) + ret = cudaMemcpy(outBlock, outBlock_GPU, AES_BLOCK_SIZE, cudaMemcpyDefault); + + cudaFree(inBlock_GPU); + cudaFree(outBlock_GPU); + cudaFree(rk_GPU); +} + +#if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) +/* Encrypt a number of blocks using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to encrypt. + * @param [out] out Encrypted block. + * @param [in] sz Number of blocks to encrypt. + */ +void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) +{ + byte *in_GPU = NULL; + byte *out_GPU = NULL; + word32* rk_GPU = NULL; + cudaError_t ret = cudaSuccess; + +#ifdef WC_C_DYNAMIC_FALLBACK + if ( ret == cudaSuccess ) + ret = cudaMalloc(&rk_GPU, sizeof(aes->key_C_fallback)); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(rk_GPU, aes->key_C_fallback, sizeof(aes->key_C_fallback), cudaMemcpyDefault); +#else + if ( ret == cudaSuccess ) + ret = cudaMalloc(&rk_GPU, sizeof(aes->key)); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(rk_GPU, aes->key, sizeof(aes->key), cudaMemcpyDefault); +#endif + + if ( ret == cudaSuccess ) + ret = cudaMalloc(&in_GPU, sz); + if ( ret == cudaSuccess ) + ret = cudaMemcpy(in_GPU, in, sz, cudaMemcpyDefault); + + if ( ret == cudaSuccess ) + ret = cudaMalloc(&out_GPU, sz); + + if ( ret == cudaSuccess ) { + int blockSize = 256; + int numBlocks = (sz / AES_BLOCK_SIZE + blockSize - 1) / blockSize; + AesEncrypt_C_CUDA<<>>(rk_GPU, in_GPU, out_GPU, aes->rounds >> 1, sz / AES_BLOCK_SIZE); + } + + if ( ret == cudaSuccess ) + ret = cudaMemcpy(out, out_GPU, sz, cudaMemcpyDefault); + + cudaFree(in_GPU); + cudaFree(out_GPU); + cudaFree(rk_GPU); +} +#endif + +#else + +/* Encrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] inBlock Block to encrypt. + * @param [out] outBlock Encrypted block. + * @param [in] r Rounds divided by 2. + */ +__global__ +void AesEncrypt_C_CUDA(Aes* aes, const byte* inBlock, byte* outBlock, + word32 r) +{ + bs_word state[AES_BLOCK_BITS]; + + (void)r; + + XMEMCPY(state, inBlock, AES_BLOCK_SIZE); + XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE); + + bs_encrypt(state, aes->bs_key, aes->rounds); + + XMEMCPY(outBlock, state, AES_BLOCK_SIZE); +} + +void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, + word32 r) +{ + AesEncrypt_C_CUDA<<<1,1>>>(aes, inBlock, outBlock, r); +} + +#if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) +/* Encrypt a number of blocks using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to encrypt. + * @param [out] out Encrypted block. + * @param [in] sz Number of blocks to encrypt. + */ +void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) +{ + bs_word state[AES_BLOCK_BITS]; + + while (sz >= BS_BLOCK_SIZE) { + XMEMCPY(state, in, BS_BLOCK_SIZE); + bs_encrypt(state, aes->bs_key, aes->rounds); + XMEMCPY(out, state, BS_BLOCK_SIZE); + sz -= BS_BLOCK_SIZE; + in += BS_BLOCK_SIZE; + out += BS_BLOCK_SIZE; + } + if (sz > 0) { + XMEMCPY(state, in, sz); + XMEMSET(((byte*)state) + sz, 0, sizeof(state) - sz); + bs_encrypt(state, aes->bs_key, aes->rounds); + XMEMCPY(out, state, sz); + } +} +#endif + +#endif /* !WC_AES_BITSLICED */ + +#endif /* HAVE_CUDA */ + +#endif /* !WOLFSSL_TI_CRYPT */ + +} /* extern "C" */ diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c index 15f3d207cc..d9fc620305 100644 --- a/wolfcrypt/src/port/cypress/psoc6_crypto.c +++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c @@ -1,6 +1,6 @@ /* psoc6_crypto.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c index 18f5cd7a34..ba12d2583b 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c @@ -1,6 +1,6 @@ /* devcrypto_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c index 7a8c1d174e..b2c07a2ddb 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c @@ -1,6 +1,6 @@ /* devcrypto_ecdsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c index e3268a5e6e..6b8f5a86fa 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c @@ -1,6 +1,6 @@ /* devcrypto_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c index 70d428a969..e1044372ec 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c @@ -1,6 +1,6 @@ /* devcrypto_hmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c index f1239959e7..0949c74a0b 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c @@ -1,6 +1,6 @@ /* devcrypto_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -244,20 +244,13 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out, } } - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (q != NULL) - XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (dp != NULL) - XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (dq != NULL) - XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (n != NULL) - XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_DevCryptoFree(dev); return ret; @@ -311,10 +304,8 @@ static int _PublicOperation(const byte* in, word32 inlen, byte* out, } wc_DevCryptoFree(&key->ctx); - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (e != NULL) - XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -322,7 +313,7 @@ static int _PublicOperation(const byte* in, word32 inlen, byte* out, int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen, byte* out, word32 outlen, RsaKey* key, int type) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (type) { case RSA_PUBLIC_DECRYPT: @@ -332,6 +323,9 @@ int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen, case RSA_PRIVATE_DECRYPT: ret = _PrivateOperation(in, inlen, out, outlen, key); break; + default: + ret = BAD_FUNC_ARG; + break; } return ret; @@ -341,7 +335,7 @@ int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen, int wc_DevCrypto_RsaEncrypt(const byte* in, word32 inlen, byte* out, word32* outlen, RsaKey *key, int type) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); switch (type) { case RSA_PUBLIC_ENCRYPT: @@ -351,6 +345,9 @@ int wc_DevCrypto_RsaEncrypt(const byte* in, word32 inlen, byte* out, case RSA_PRIVATE_ENCRYPT: ret = _PrivateOperation(in, inlen, out, *outlen, key); break; + default: + ret = BAD_FUNC_ARG; + break; } if (ret == 0) { *outlen = inlen; @@ -550,21 +547,13 @@ int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif } - if (p != NULL) - XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (q != NULL) - XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dp != NULL) - XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dq != NULL) - XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (c != NULL) - XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (n != NULL) - XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (d != NULL) { - XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER); (void)rng; return ret; diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c index 66e3bdc398..3e2a525642 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c @@ -1,6 +1,6 @@ /* devcrypto_x25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c index 0b3eedbf73..950e6c26c4 100644 --- a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c +++ b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c @@ -1,6 +1,6 @@ /* wc_devcrypto.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/intel/quickassist_sync.c b/wolfcrypt/src/port/intel/quickassist_sync.c index 4a68b337cb..e92dde6323 100644 --- a/wolfcrypt/src/port/intel/quickassist_sync.c +++ b/wolfcrypt/src/port/intel/quickassist_sync.c @@ -1,6 +1,6 @@ /* quickassist_sync.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -144,9 +144,9 @@ typedef void (*IntelQaFreeFunc)(struct IntelQaDev*); /* QuickAssist device */ typedef struct IntelQaDev { - CpaInstanceHandle handle; + CpaInstanceHandle handle; int devId; - void* heap; + void* heap; /* callback return info */ int ret; @@ -220,7 +220,7 @@ static int IntelQaGetCyInstanceCount(void); #ifdef WOLF_CRYPTO_CB static int IntelQaSymSync_CryptoDevCb(int, struct wc_CryptoInfo*, - void*); + void*); #endif /* WOLF_CRYPTO_CB */ @@ -359,21 +359,15 @@ void IntelQaHardwareStop(void) status); } - if (g_cyInstMap) { - XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC); - g_cyInstMap = NULL; - } + XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC); + g_cyInstMap = NULL; - if (g_cyInstanceInfo) { - XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC); - g_cyInstanceInfo = NULL; - } + XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC); + g_cyInstanceInfo = NULL; #ifdef QAT_USE_POLLING_CHECK - if (g_cyPolling) { - XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC); - g_cyPolling = NULL; - } + XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC); + g_cyPolling = NULL; if (g_PollLock) { for (i=0; iret != WC_PENDING_E) { + if (dev->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { /* perform cleanup */ IntelQaFreeFunc freeFunc = dev->freeFunc; QLOG("IntelQaOpFree: Dev %p, FreeFunc %p\n", dev, freeFunc); @@ -881,31 +875,20 @@ static void IntelQaSymCipherFree(IntelQaDev* dev) CpaBufferList* pDstBuffer = &dev->op.cipher.bufferList; if (opData) { - if (opData->pAdditionalAuthData) { - XFREE(opData->pAdditionalAuthData, dev->heap, - DYNAMIC_TYPE_ASYNC_NUMA); - opData->pAdditionalAuthData = NULL; - } - if (opData->pIv) { - XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); - opData->pIv = NULL; - } + XFREE(opData->pAdditionalAuthData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->pAdditionalAuthData = NULL; + XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->pIv = NULL; XMEMSET(opData, 0, sizeof(CpaCySymOpData)); } if (pDstBuffer) { if (pDstBuffer->pBuffers) { - if (pDstBuffer->pBuffers->pData) { - XFREE(pDstBuffer->pBuffers->pData, dev->heap, - DYNAMIC_TYPE_ASYNC_NUMA); - pDstBuffer->pBuffers->pData = NULL; - } + XFREE(pDstBuffer->pBuffers->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pDstBuffer->pBuffers->pData = NULL; XMEMSET(pDstBuffer->pBuffers, 0, sizeof(CpaFlatBuffer)); } - if (pDstBuffer->pPrivateMetaData) { - XFREE(pDstBuffer->pPrivateMetaData, dev->heap, - DYNAMIC_TYPE_ASYNC_NUMA); - pDstBuffer->pPrivateMetaData = NULL; - } + XFREE(pDstBuffer->pPrivateMetaData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pDstBuffer->pPrivateMetaData = NULL; XMEMSET(pDstBuffer, 0, sizeof(CpaBufferList)); } diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c index 8a7ec2e635..19879cff47 100644 --- a/wolfcrypt/src/port/iotsafe/iotsafe.c +++ b/wolfcrypt/src/port/iotsafe/iotsafe.c @@ -1,6 +1,6 @@ /* iotsafe.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -612,7 +612,7 @@ static int iotsafe_parse_public_key(char* resp, int len, ecc_key *key) /* Execute GEN_KEYPAIR on the IoT-SAFE applet. * * Return -1 on error; 0 if the operation is successful, but - * the generated public key was not yet stored in `key`; 1 if + * the generated public key was not yet stored in `key`; 1 if * the operation is successful and the public key was found in the * command response and copied to the `key` structure, if not NULL. */ @@ -620,7 +620,7 @@ static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size, ecc_key *key) { char *resp; - int ret = WC_HW_E; + int ret = WC_NO_ERR_TRACE(WC_HW_E); iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_GEN_KEYPAIR, 0, 0); iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PRIVKEY_ID, id_size, wr_slot); iotsafe_cmd_complete(csim_cmd); @@ -822,7 +822,7 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size, { byte mode_of_operation = IOTSAFE_MOO_SIGN_ONLY; uint16_t hash_algo_be = XHTONS(hash_algo); - int ret = WC_HW_E; + int ret = WC_NO_ERR_TRACE(WC_HW_E); char *resp; char R[2 * IOTSAFE_ECC_KSIZE + 1]; char S[2 * IOTSAFE_ECC_KSIZE + 1]; @@ -1089,11 +1089,11 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, localSalt = tmp; } } - - ret = iotsafe_hkdf_extract(prk, localSalt, saltLen, ikm, ikmLen, digest); + + ret = iotsafe_hkdf_extract(prk, localSalt, saltLen, ikm, ikmLen, digest); (void)ctx; return ret; -} +} #endif static int wolfIoT_ecc_sign(WOLFSSL* ssl, @@ -1573,7 +1573,7 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx) WOLFSSL_MSG("ECC callbacks set to IoT_safe interface"); #endif #ifndef NO_RSA - /* wolfSSL_CTX_SetRsaSignCb(wolfIoT_rsa_sign); // TODO: RSA callbacks */ + /* wolfSSL_CTX_SetRsaSignCb(wolfIoT_rsa_sign); */ /* TODO: RSA callbacks */ #endif #else (void)ctx; diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c index bf87340a3b..4ed6f9e3bd 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_aes.c +++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c @@ -1,6 +1,6 @@ /* kcapi_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,8 +39,8 @@ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$g") - #pragma const_seg(".fipsB$g") + #pragma code_seg(".fipsA$ba") + #pragma const_seg(".fipsB$ba") #endif #endif diff --git a/wolfcrypt/src/port/kcapi/kcapi_dh.c b/wolfcrypt/src/port/kcapi/kcapi_dh.c index cceaf2521f..9b69abc193 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_dh.c +++ b/wolfcrypt/src/port/kcapi/kcapi_dh.c @@ -1,6 +1,6 @@ /* kcapi_dh.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,7 +52,7 @@ static int KcapiDh_SetParams(DhKey* key) word32 len; ret = wc_DhParamsToDer(key, NULL, &len); - if (ret == LENGTH_ONLY_E) { + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { ret = 0; pkcs3 = (unsigned char*)XMALLOC(len, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -70,9 +70,7 @@ static int KcapiDh_SetParams(DhKey* key) } } - if (pkcs3 != NULL) { - XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c index 1f66b5222a..3be5b76bbf 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c +++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c @@ -1,6 +1,6 @@ /* kcapi_ecc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/kcapi/kcapi_hash.c b/wolfcrypt/src/port/kcapi/kcapi_hash.c index f4a3b43c09..c6fca932aa 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_hash.c +++ b/wolfcrypt/src/port/kcapi/kcapi_hash.c @@ -1,6 +1,6 @@ /* kcapi_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -51,10 +51,8 @@ void KcapiHashFree(wolfssl_KCAPI_Hash* hash) } #if defined(WOLFSSL_KCAPI_HASH_KEEP) - if (hash->msg != NULL) { - XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); - hash->msg = NULL; - } + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; #endif } } diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c index 0a5d467515..7cdba82541 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c +++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c @@ -1,6 +1,6 @@ /* kcapi_hmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/kcapi/kcapi_rsa.c b/wolfcrypt/src/port/kcapi/kcapi_rsa.c index cafca14e70..a989141354 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_rsa.c +++ b/wolfcrypt/src/port/kcapi/kcapi_rsa.c @@ -1,6 +1,6 @@ /* kcapi_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,9 +76,7 @@ static int KcapiRsa_SetPrivKey(RsaKey* key) } } - if (priv != NULL) { - XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -167,9 +165,7 @@ static int KcapiRsa_SetPubKey(RsaKey* key) } } - if (pub != NULL) { - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfcrypt/src/port/liboqs/liboqs.c b/wolfcrypt/src/port/liboqs/liboqs.c index 46733cbbf3..2b2de87731 100644 --- a/wolfcrypt/src/port/liboqs/liboqs.c +++ b/wolfcrypt/src/port/liboqs/liboqs.c @@ -1,6 +1,6 @@ /* liboqs.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -119,14 +119,14 @@ int wolfSSL_liboqsRngMutexLock(WC_RNG* rng) int wolfSSL_liboqsRngMutexUnlock(void) { - int ret = BAD_MUTEX_E; - liboqsCurrentRNG = &liboqsDefaultRNG; if (liboqs_init) { - ret = wc_UnLockMutex(&liboqsRNGMutex); + return wc_UnLockMutex(&liboqsRNGMutex); + } + else { + return BAD_MUTEX_E; } - return ret; } #endif /* HAVE_LIBOQS */ diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c index c0375fc519..370a170a8d 100644 --- a/wolfcrypt/src/port/maxim/maxq10xx.c +++ b/wolfcrypt/src/port/maxim/maxq10xx.c @@ -1,6 +1,6 @@ /* maxq10xx.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,11 @@ #include #include #include +#ifdef USS_API +#include +#else #include +#endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ @@ -56,7 +60,7 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen); #endif /* MAXQ_DEBUG */ #if defined(USE_WINDOWS_API) -# define maxq_CryptHwMutexTryLock() (0) +# define maxq_CryptHwMutexTryLock() 0 #endif #define AES_KEY_ID_START (0x2000) @@ -72,9 +76,17 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen); #endif #define PUBKEY_IMPORT_OBJID 0x1000 + +#if defined (TEST_SETUP) +#define ROOT_CA_CERT_OBJ_ID 0x1006 +#define DEVICE_CERT_OBJ_ID 0x1005 +#define DEVICE_KEY_PAIR_OBJ_ID 0x1007 +#else #define ROOT_CA_CERT_OBJ_ID 0x1003 #define DEVICE_CERT_OBJ_ID 0x1002 #define DEVICE_KEY_PAIR_OBJ_ID 0x1004 +#endif + #define PSK_OBJ_ID 0x1236 #define K_CHUNKSIZE 2032 #define K_CIPHER_BLOCKSIZE 16 @@ -120,7 +132,7 @@ static int tls13_server_key_len = -1; /* Please define MAXQ10XX_PRODUCTION_KEY in your build scripts once you have a * production key. */ -#if defined(MAXQ10XX_PRODUCTION_KEY) || !defined(DEBUG_WOLFSSL) +#if defined(MAXQ10XX_PRODUCTION_KEY) #include "maxq10xx_key.h" #else /* TEST KEY. This must be changed for production environments!! */ @@ -568,12 +580,14 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen) return BAD_FUNC_ARG; } + #if defined(MAXQ10XX_MUTEX) rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired"); rc = NOT_COMPILED_IN; return rc; } + #endif if (aes->maxq_ctx.key_obj_id) { wc_MAXQ10XX_AesFree(aes); @@ -694,12 +708,14 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen) objtype = MXQ_OBJTYPE_KEYPAIR; } + #if defined(MAXQ10XX_MUTEX) rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired"); rc = NOT_COMPILED_IN; return rc; } + #endif if (key->maxq_ctx.key_obj_id) { wc_MAXQ10XX_EccFree(key); @@ -1074,24 +1090,20 @@ static int maxq10xx_ecc_verify_local( #endif /* MAXQ_ECC */ #ifdef MAXQ_RNG -static int maxq10xx_random(byte* output, unsigned short sz) +int maxq10xx_random(byte* output, unsigned short sz) { -#if defined(WOLFSSL_MAXQ108X) - if (!tls13active) { - return NOT_COMPILED_IN; - } -#endif - if (output == NULL) { return BUFFER_E; } + #if defined(MAXQ10XX_MUTEX) int ret = maxq_CryptHwMutexTryLock(); if (ret != 0) { WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_random() lock could not be acquired"); ret = NOT_COMPILED_IN; return ret; } + #endif if (MXQ_Get_Random_Ext(output, sz, 0)) { WOLFSSL_ERROR_MSG("MAXQ: MXQ_Get_Random_Ext() failed"); @@ -1222,6 +1234,7 @@ static int do_sha256(wc_CryptoInfo* info) return WC_HW_E; } + #if defined(MAXQ10XX_MUTEX) if (info->hash.sha256->maxq_ctx.hash_running == 0) { rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { @@ -1229,6 +1242,7 @@ static int do_sha256(wc_CryptoInfo* info) return CRYPTOCB_UNAVAILABLE; } } + #endif if (info->hash.in != NULL) { /* wc_Sha256Update */ @@ -1450,7 +1464,7 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) } #endif /* WOLFSSL_MAXQ108X */ - if (rc != 0 && rc != CRYPTOCB_UNAVAILABLE) { + if (rc != 0 && rc != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { rc = WC_HW_E; } @@ -1981,12 +1995,14 @@ int maxq10xx_port_init(void) } #endif + #if defined(MAXQ10XX_MUTEX) ret = maxq_CryptHwMutexTryLock(); if (ret) { WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_port_init() -> device is busy " "(switching to soft mode)"); return 0; } + #endif mxq_rc = MXQ_Module_Init(); if (mxq_rc) { @@ -3290,7 +3306,7 @@ static int maxq10xx_perform_tls13_record_processing(WOLFSSL* ssl, { int rc; mxq_err_t mxq_rc; - mxq_u2 key_id; + mxq_u2 key_id = 0xFFFF; if (!tls13active) { return NOT_COMPILED_IN; diff --git a/wolfcrypt/src/port/mynewt/mynewt_port.c b/wolfcrypt/src/port/mynewt/mynewt_port.c index 0467773c4b..06d28ddc9c 100644 --- a/wolfcrypt/src/port/mynewt/mynewt_port.c +++ b/wolfcrypt/src/port/mynewt/mynewt_port.c @@ -1,6 +1,6 @@ /* mynewt_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/nrf51.c b/wolfcrypt/src/port/nrf51.c index 1ab5b7dfe9..04da175584 100644 --- a/wolfcrypt/src/port/nrf51.c +++ b/wolfcrypt/src/port/nrf51.c @@ -1,6 +1,6 @@ /* nrf51.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c index f78f1d697c..ac4554ff7c 100644 --- a/wolfcrypt/src/port/nxp/dcp_port.c +++ b/wolfcrypt/src/port/nxp/dcp_port.c @@ -1,6 +1,6 @@ /* dcp_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c index 7cfa04771b..f8460488da 100644 --- a/wolfcrypt/src/port/nxp/ksdk_port.c +++ b/wolfcrypt/src/port/nxp/ksdk_port.c @@ -1,6 +1,6 @@ /* ksdk_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,7 +105,7 @@ static int ltc_get_lsb_bin_from_mp_int(uint8_t *dst, mp_int *A, uint16_t *psz) #else res = mp_to_unsigned_bin(A, dst); if (res == MP_OKAY) { - ltc_reverse_array(dst, sz); + ltc_reverse_array(dst, sz); } #endif *psz = sz; @@ -134,7 +134,7 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C) szA = mp_unsigned_bin_size(A); szB = mp_unsigned_bin_size(B); - /* if unsigned mul can fit into LTC PKHA let's use it, otherwise call + /* if unsigned mul can fit into LTC PKHA let's use it, otherwise call * software mul */ if ((szA <= LTC_MAX_INT_BYTES / 2) && (szB <= LTC_MAX_INT_BYTES / 2)) { uint8_t *ptrA = (uint8_t*)XMALLOC(LTC_MAX_INT_BYTES, NULL, @@ -186,18 +186,10 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C) } } - if (ptrA) { - XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrB) { - XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrN) { - XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrC) { - XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); } else { #ifdef WOLFSSL_SP_MATH @@ -264,7 +256,7 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c) { ltc_reverse_array(ptrC, sizeC); res = mp_read_unsigned_bin(c, ptrC, sizeC); - + #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ defined(WOLFSSL_SP_INT_NEGATIVE) /* fix sign */ @@ -280,15 +272,9 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c) res = MP_MEM; } - if (ptrA) { - XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrB) { - XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrC) { - XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); } else { #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE) @@ -341,10 +327,10 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c) res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA); if (res == MP_OKAY) res = ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB); - + /* if a >= b then reduce */ /* TODO: Perhaps always do mod reduce depending on hardware performance */ - if (res == MP_OKAY && + if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrB, sizeB) >= 0) { if (LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrA, &sizeA, kLTC_PKHA_IntegerArith) != kStatus_Success) { @@ -372,15 +358,9 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c) res = MP_MEM; } - if (ptrA) { - XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrB) { - XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrC) { - XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); } else { #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE) @@ -411,7 +391,7 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d) int res = MP_OKAY; status_t status; int szA, szB, szC; - + #ifdef ENABLE_NXPLTC_TESTS mp_int t; mp_init(&t); @@ -491,18 +471,10 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d) res = MP_MEM; } - if (ptrA) { - XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrB) { - XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrC) { - XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrD) { - XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT); } else { #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE) @@ -543,8 +515,8 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime) szX = mp_unsigned_bin_size(X); szP = mp_unsigned_bin_size(P); - if ((szG <= LTC_MAX_INT_BYTES) && - (szX <= LTC_MAX_INT_BYTES) && + if ((szG <= LTC_MAX_INT_BYTES) && + (szX <= LTC_MAX_INT_BYTES) && (szP <= LTC_MAX_INT_BYTES)) { uint16_t sizeG, sizeX, sizeP, sizeY; @@ -563,9 +535,9 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime) /* if G >= P then reduce */ /* TODO: Perhaps always do mod reduce depending on hardware performance */ - if (res == MP_OKAY && + if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) { - res = LTC_PKHA_ModRed(LTC_BASE, + res = LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrG, &sizeG, kLTC_PKHA_IntegerArith); @@ -591,18 +563,10 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime) res = MP_MEM; } - if (ptrY) { - XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrP) { - XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrX) { - XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrG) { - XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT); } else { #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE) @@ -678,7 +642,7 @@ int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng) res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA); } if (res == MP_OKAY) { - if (LTC_PKHA_PrimalityTest(LTC_BASE, + if (LTC_PKHA_PrimalityTest(LTC_BASE, ptrB, sizeB, /* seed */ (uint8_t*)&t, sizeof(t), /* trials */ ptrA, sizeA, /* candidate */ @@ -687,12 +651,8 @@ int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng) } } - if (ptrB) { - XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); - } - if (ptrA) { - XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); } else { #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE) @@ -726,7 +686,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result) #if defined(HAVE_ECC) && defined(FREESCALE_LTC_ECC) /* convert from mp_int to LTC integer, as array of bytes of size sz. - * if mp_int has less bytes than sz, add zero bytes at most significant byte + * if mp_int has less bytes than sz, add zero bytes at most significant byte * positions. * This is when for example modulus is 32 bytes (P-256 curve) * and mp_int has only 31 bytes, we add leading zeros @@ -763,7 +723,7 @@ static int ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz) return res; } -/* ECC specs in lsbyte at lowest address format for direct use by LTC PKHA +/* ECC specs in lsbyte at lowest address format for direct use by LTC PKHA * driver functions */ #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) #define ECC192 @@ -1196,7 +1156,7 @@ static const uint8_t invThree[32] = { /* * * finds square root in finite field when modulus congruent to 5 modulo 8 - * this is fixed to curve25519 modulus 2^255 - 19 which is congruent to + * this is fixed to curve25519 modulus 2^255 - 19 which is congruent to * 5 modulo 8. * * This function solves equation: res^2 = a mod (2^255 - 19) @@ -1914,7 +1874,7 @@ status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, return status; } -/* LSByte first of Ed25519 parameter l = 2^252 + +/* LSByte first of Ed25519 parameter l = 2^252 + * 27742317777372353535851937790883648493 */ static const uint8_t l_coefEdDSA[] = { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index b2ada57737..a514ecce7f 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -1,6 +1,6 @@ /* se050_port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -266,7 +266,7 @@ int se050_hash_copy(SE050_HASH_Context* src, SE050_HASH_Context* dst) int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len) { - byte* tmp = NULL; + byte* tmp = NULL; if (se050Ctx == NULL || (len > 0 && data == NULL)) { return BAD_FUNC_ARG; @@ -738,9 +738,7 @@ int se050_rsa_use_key_id(struct RsaKey* key, word32 keyId) status = kStatus_SSS_Fail; } } - if (derBuf != NULL) { - XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (status == kStatus_SSS_Success) { key->keyId = keyId; @@ -884,9 +882,7 @@ int se050_rsa_create_key(struct RsaKey* key, int size, long e) status = kStatus_SSS_Fail; } } - if (derBuf != NULL) { - XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (status == kStatus_SSS_Success) { key->keyId = keyId; @@ -1228,9 +1224,7 @@ int se050_rsa_sign(const byte* in, word32 inLen, byte* out, derSz, (keySz * 8), NULL, 0); } - if (derBuf != NULL) { - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } else { status = sss_key_object_get_handle(&newKey, keyId); @@ -1392,9 +1386,7 @@ int se050_rsa_verify(const byte* in, word32 inLen, byte* out, word32 outLen, derSz, (keySz * 8), NULL, 0); } - if (derBuf != NULL) { - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } else { status = sss_key_object_get_handle(&newKey, keyId); @@ -1579,9 +1571,7 @@ int se050_rsa_public_encrypt(const byte* in, word32 inLen, byte* out, status = sss_key_object_get_handle(&newKey, keyId); } - if (derBuf != NULL) { - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (status == kStatus_SSS_Success) { @@ -1746,9 +1736,7 @@ int se050_rsa_private_decrypt(const byte* in, word32 inLen, byte* out, status = sss_key_object_get_handle(&newKey, keyId); } - if (derBuf != NULL) { - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (status == kStatus_SSS_Success) { diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c index 32cf02ed05..b9cdb7c551 100644 --- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c +++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c @@ -1,6 +1,6 @@ /* pic32mz-crypt.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -365,7 +365,7 @@ static void reset_engine(int algo) static void update_engine(const byte *input, word32 len, word32 *hash) { int total; - + gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash); /* Add the data to the current buffer. If the buffer fills, start processing it diff --git a/wolfcrypt/src/port/psa/psa.c b/wolfcrypt/src/port/psa/psa.c index 860f5c4891..737083f6af 100644 --- a/wolfcrypt/src/port/psa/psa.c +++ b/wolfcrypt/src/port/psa/psa.c @@ -1,6 +1,6 @@ /* psa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/psa/psa_aes.c b/wolfcrypt/src/port/psa/psa_aes.c index a0881d4516..37f9952e80 100644 --- a/wolfcrypt/src/port/psa/psa_aes.c +++ b/wolfcrypt/src/port/psa/psa_aes.c @@ -1,6 +1,6 @@ /* psa_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/psa/psa_hash.c b/wolfcrypt/src/port/psa/psa_hash.c index 7de9776fba..c45ccda284 100644 --- a/wolfcrypt/src/port/psa/psa_hash.c +++ b/wolfcrypt/src/port/psa/psa_hash.c @@ -1,6 +1,6 @@ /* psa_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/psa/psa_pkcbs.c b/wolfcrypt/src/port/psa/psa_pkcbs.c index 6a7452cb39..a634b52a01 100644 --- a/wolfcrypt/src/port/psa/psa_pkcbs.c +++ b/wolfcrypt/src/port/psa/psa_pkcbs.c @@ -1,6 +1,6 @@ /* psa_pkcbs.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c new file mode 100644 index 0000000000..292c854d18 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -0,0 +1,9283 @@ +/* riscv-64-aes.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include + +#if !defined(NO_AES) + +#include + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef WOLFSSL_RISCV_ASM + +/* Copy a 16-byte value from in to out. + * + * @param [out] out 16-byte value destination. + * @param [in] in 16-byte value source. + */ +static WC_INLINE void memcpy16(byte* out, const byte* in) +{ + word64* out64 = (word64*)out; + word64* in64 = (word64*)in; + + out64[0] = in64[0]; + out64[1] = in64[1]; +} + +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + +/* Reverse bits in each byte of 64-bit register. */ +#define BREV8(rd, rs) \ + ASM_WORD(0b01101000011100000101000000010011 | \ + (rs << 15) | (rd << 7)) + +#endif /* WOLFSSL_RISCV_BIT_MANIPULATION */ + +#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +/* Reverse bits in each byte of 128-bit vector register. */ +#define VBREV8(vd, vs2) \ + ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b1000 << 15) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vd << 7)) +#endif + + +/* Vector register set if equal: vd[i] = vs1[i] == vs2[i] ? 1 : 0 */ +#define VMSEQ_VV(vd, vs1, vs2) \ + ASM_WORD((0b011000 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vs1 << 15) | (vd << 7)) +/* Vector register set if equal: vd[i] = vs1[i] != vs2[i] ? 1 : 0 */ +#define VMSNE_VV(vd, vs1, vs2) \ + ASM_WORD((0b011001 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vs1 << 15) | (vd << 7)) + +/* rd = Count of vs2[i] that has a value of 1. */ +#define VCPOP_M(rd, vs2) \ + ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ + (0b10000 << 15) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (rd << 7)) + +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + +/* + * Vector crypto instruction implementation of base operations. + */ + +/* Vector AES-128 forward key schedule computation. */ +#define VAESKF1_VI(rd, rs2, rnum) \ + ASM_WORD((0b100010 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (rd << 7) | (rnum << 15) | (rs2 << 20)) +/* Vector AES-256 forward key schedule computation. */ +#define VAESKF2_VI(rd, rs2, rnum) \ + ASM_WORD((0b101010 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (rd << 7) | (rnum << 15) | (rs2 << 20)) + +/* Vector AES round zero encryption/decryption. */ +#define VAESZ_VS(rd, rs2) \ + ASM_WORD((0b101001 << 26) | (0b1 << 25) | \ + (0b00111 << 15) | (0b010 << 12) | \ + (0b1110111 << 0) | \ + (rd << 7) | (rs2 << 20)) +/* Vector AES middle-round encryption. */ +#define VAESEM_VS(rd, rs2) \ + ASM_WORD((0b101001 << 26) | (0b1 << 25) | \ + (0b00010 << 15) | (0b010 << 12) | \ + (0b1110111 << 0) | \ + (rd << 7) | (rs2 << 20)) +/* Vector AES final-round encryption. */ +#define VAESEF_VS(rd, rs2) \ + ASM_WORD((0b101001 << 26) | (0b1 << 25) | \ + (0b00011 << 15) | (0b010 << 12) | \ + (0b1110111 << 0) | \ + (rd << 7) | (rs2 << 20)) +/* Vector AES middle-round decryption. */ +#define VAESDM_VS(rd, rs2) \ + ASM_WORD((0b101001 << 26) | (0b1 << 25) | \ + (0b00000 << 15) | (0b010 << 12) | \ + (0b1110111 << 0) | \ + (rd << 7) | (rs2 << 20)) +/* Vector AES final-round decryption. */ +#define VAESDF_VS(rd, rs2) \ + ASM_WORD((0b101001 << 26) | (0b1 << 25) | \ + (0b00001 << 15) | (0b010 << 12) | \ + (0b1110111 << 0) | \ + (rd << 7) | (rs2 << 20)) + +/* Set the key and/or IV into the AES object. + * + * Creates the key schedule from the key. + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv Initialization Vector (IV) to use. May be NULL. + * @param [in] dir Direction of crypt: AES_ENCRYPT, AES_DECRYPT. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when keyLen/dir is not supported or valid. + */ +int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, + int dir) +{ + int ret = 0; + + /* Validate parameters. */ + if ((aes == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } +#ifdef WOLFSSL_AES_128 + else if ((keyLen == 16) && (dir == AES_ENCRYPTION)) { + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL1RE32_V(REG_V0, REG_T0) + "mv t0, %[ks]\n\t" + VAESKF1_VI(REG_V1, REG_V0, 1) + VAESKF1_VI(REG_V2, REG_V1, 2) + VAESKF1_VI(REG_V3, REG_V2, 3) + VAESKF1_VI(REG_V4, REG_V3, 4) + VAESKF1_VI(REG_V5, REG_V4, 5) + VAESKF1_VI(REG_V6, REG_V5, 6) + VAESKF1_VI(REG_V7, REG_V6, 7) + VAESKF1_VI(REG_V8, REG_V7, 8) + VAESKF1_VI(REG_V9, REG_V8, 9) + VAESKF1_VI(REG_V10, REG_V9, 10) + VS8R_V(REG_V0, REG_T0) + "add t0, t0, 128\n\t" + VS2R_V(REG_V8, REG_T0) + "add t0, t0, 96\n\t" + VS1R_V(REG_V10, REG_T0) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2" + ); + aes->rounds = 10; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 16) && (dir == AES_DECRYPTION)) { + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL1RE32_V(REG_V10, REG_T0) + "mv t0, %[ks]\n\t" + VAESKF1_VI(REG_V9, REG_V10, 1) + VAESKF1_VI(REG_V8, REG_V9 , 2) + VAESKF1_VI(REG_V7, REG_V8 , 3) + VAESKF1_VI(REG_V6, REG_V7 , 4) + VAESKF1_VI(REG_V5, REG_V6 , 5) + VAESKF1_VI(REG_V4, REG_V5 , 6) + VAESKF1_VI(REG_V3, REG_V4 , 7) + VAESKF1_VI(REG_V2, REG_V3 , 8) + VAESKF1_VI(REG_V1, REG_V2 , 9) + VAESKF1_VI(REG_V0, REG_V1 , 10) + VS8R_V(REG_V0, REG_T0) + "add t0, t0, 128\n\t" + VS2R_V(REG_V8, REG_T0) + "add t0, t0, 96\n\t" + VS1R_V(REG_V10, REG_T0) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2" + ); + aes->rounds = 10; + } +#endif +#endif +#ifdef WOLFSSL_AES_192 + +/* One round of computing key schedule for AES-192. */ +#define AES_192_ROUND(d, s, r) \ + /* Place key[3] in v16[3] */ \ + VSLIDEDOWN_VI(REG_V17, s, 3) \ + VSLIDEUP_VI(REG_V16, REG_V17, 3) \ + /* Place key[5] in s[3] */ \ + VSLIDEUP_VI(s, REG_V14, 3) \ + /* key'[0] = key[0] ^ ks1(key[5]) */ \ + /* key'[1] = key[1] ^ key'[0] */ \ + /* key'[2] = key[2] ^ key'[1] */ \ + /* key'[3] = key[5] ^ key'[2] */ \ + VAESKF1_VI(d, s, r) \ + /* key'[3] = key[3] ^ key[5] ^ key'[2] */ \ + VXOR_VV(d, d, REG_V16) \ + /* key'[3] = key[3] ^ key'[2] */ \ + VSLIDEUP_VI(REG_V16, REG_V14, 3) \ + VXOR_VV(d, d, REG_V16) \ + /* key'[4] = key[4] ^ key'[3] */ \ + VSLIDEDOWN_VI(REG_V15, d, 3) \ + VXOR_VV(REG_V13, REG_V13, REG_V15) \ + /* key'[5] = key[5] ^ key'[4] */ \ + VXOR_VV(REG_V14, REG_V14, REG_V13) \ + +/* Store 6 words. + * V13[0] and V14[0] contain last two words. */ +#define AES_192_STORE(d) \ + VS1R_V(d, REG_T0) \ + "addi t0, t0, 16\n\t" \ + VSLIDEUP_VI(REG_V13, REG_V14, 1) \ + VSETIVLI(REG_X0, 2, 1, 1, 0b010, 0b000) \ + VS1R_V(REG_V13, REG_T0) \ + "addi t0, t0, 8\n\t" \ + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + else if ((keyLen == 24) && (dir == AES_ENCRYPTION)) { + /* Not supported with specific instructions - make it work anyway! */ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL1RE32_V(REG_V0, REG_T0) + VSETIVLI(REG_X0, 1, 1, 1, 0b010, 0b000) + "addi t0, t0, 16\n\t" + VL1RE32_V(REG_V13, REG_T0) + "addi t0, t0, 4\n\t" + VL1RE32_V(REG_V14, REG_T0) + VXOR_VV(REG_V16, REG_V16, REG_V16) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + "mv t0, %[ks]\n\t" + + /* Round 0 */ + AES_192_STORE(REG_V0) + /* Round 1 */ + AES_192_ROUND(REG_V1, REG_V0, 1) + AES_192_STORE(REG_V1) + /* Round 2 */ + AES_192_ROUND(REG_V0, REG_V1, 2) + AES_192_STORE(REG_V0) + /* Round 3 */ + AES_192_ROUND(REG_V1, REG_V0, 3) + AES_192_STORE(REG_V1) + /* Round 4 */ + AES_192_ROUND(REG_V0, REG_V1, 4) + AES_192_STORE(REG_V0) + /* Round 5 */ + AES_192_ROUND(REG_V1, REG_V0, 5) + AES_192_STORE(REG_V1) + /* Round 6 */ + AES_192_ROUND(REG_V0, REG_V1, 6) + AES_192_STORE(REG_V0) + /* Round 7 */ + AES_192_ROUND(REG_V1, REG_V0, 7) + AES_192_STORE(REG_V1) + /* Round 8 */ + AES_192_ROUND(REG_V0, REG_V1, 8) + "addi t0, t0, 32\n\t" + VS1R_V(REG_V0, REG_T0) + /* Only need 52 32-bit words - 13 rounds x 4 32-bit words. */ + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0" + ); + aes->rounds = 12; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 24) && (dir == AES_DECRYPTION)) { + /* Not supported with specific instructions - make it work anyway! */ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL1RE32_V(REG_V0, REG_T0) + VSETIVLI(REG_X0, 1, 1, 1, 0b010, 0b000) + "addi t0, t0, 16\n\t" + VL1RE32_V(REG_V13, REG_T0) + "addi t0, t0, 4\n\t" + VL1RE32_V(REG_V14, REG_T0) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VXOR_VV(REG_V16, REG_V16, REG_V16) + + "addi t0, %[ks], 224\n\t" + VS1R_V(REG_V0, REG_T0) + + "mv t0, %[ks]\n\t" + + /* Round 0 */ + AES_192_STORE(REG_V0) + /* Round 1 */ + AES_192_ROUND(REG_V1, REG_V0, 1) + AES_192_STORE(REG_V1) + /* Round 2 */ + AES_192_ROUND(REG_V0, REG_V1, 2) + AES_192_STORE(REG_V0) + /* Round 3 */ + AES_192_ROUND(REG_V1, REG_V0, 3) + AES_192_STORE(REG_V1) + /* Round 4 */ + AES_192_ROUND(REG_V0, REG_V1, 4) + AES_192_STORE(REG_V0) + /* Round 5 */ + AES_192_ROUND(REG_V1, REG_V0, 5) + AES_192_STORE(REG_V1) + /* Round 6 */ + AES_192_ROUND(REG_V0, REG_V1, 6) + AES_192_STORE(REG_V0) + /* Round 7 */ + AES_192_ROUND(REG_V1, REG_V0, 7) + AES_192_STORE(REG_V1) + /* Round 8 */ + AES_192_ROUND(REG_V0, REG_V1, 8) + VS1R_V(REG_V0, REG_T0) + /* Only need 52 32-bit words - 13 rounds x 4 32-bit words. */ + + /* Invert the order of the round keys. */ + "mv t0, %[ks]\n\t" + VL4RE32_V(REG_V0, REG_T0) + "addi t0, %[ks], 64\n\t" + VL2RE32_V(REG_V4, REG_T0) + "addi t1, %[ks], 112\n\t" + VL4RE32_V(REG_V8, REG_T1) + "addi t1, %[ks], 176\n\t" + VL2RE32_V(REG_V12, REG_T1) + VMV_V_V(REG_V21, REG_V0 ) + VMV_V_V(REG_V20, REG_V1 ) + VMV_V_V(REG_V19, REG_V2 ) + VMV_V_V(REG_V18, REG_V3 ) + VMV_V_V(REG_V17, REG_V4 ) + VMV_V_V(REG_V16, REG_V5 ) + VMV_V_V(REG_V5 , REG_V8 ) + VMV_V_V(REG_V4 , REG_V9 ) + VMV_V_V(REG_V3 , REG_V10) + VMV_V_V(REG_V2 , REG_V11) + VMV_V_V(REG_V1 , REG_V12) + VMV_V_V(REG_V0 , REG_V13) + "mv t0, %[ks]\n\t" + VS4R_V(REG_V0, REG_T0) + "addi t0, %[ks], 64\n\t" + VS2R_V(REG_V4, REG_T0) + "addi t1, %[ks], 112\n\t" + VS4R_V(REG_V16, REG_T1) + "addi t1, %[ks], 176\n\t" + VS2R_V(REG_V20, REG_T1) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1" + ); + aes->rounds = 12; + } +#endif +#endif +#ifdef WOLFSSL_AES_256 + else if ((keyLen == 32) && (dir == AES_ENCRYPTION)) { + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL2RE32_V(REG_V0, REG_T0) + "mv t0, %[ks]\n\t" + VMV_V_V(REG_V14, REG_V0) + VMV_V_V(REG_V13, REG_V1) + VAESKF2_VI(REG_V14, REG_V13, 2) + VMV_V_V(REG_V2, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 3) + VMV_V_V(REG_V3, REG_V13) + VAESKF2_VI(REG_V14, REG_V13, 4) + VMV_V_V(REG_V4, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 5) + VMV_V_V(REG_V5, REG_V13) + VAESKF2_VI(REG_V14, REG_V13, 6) + VMV_V_V(REG_V6, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 7) + VMV_V_V(REG_V7, REG_V13) + VAESKF2_VI(REG_V14, REG_V13, 8) + VMV_V_V(REG_V8, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 9) + VMV_V_V(REG_V9, REG_V13) + VAESKF2_VI(REG_V14, REG_V13, 10) + VMV_V_V(REG_V10, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 11) + VMV_V_V(REG_V11, REG_V13) + VAESKF2_VI(REG_V14, REG_V13, 12) + VMV_V_V(REG_V12, REG_V14) + VAESKF2_VI(REG_V13, REG_V14, 13) + VAESKF2_VI(REG_V14, REG_V13, 14) + VS8R_V(REG_V0, REG_T0) + "add t0, t0, 128\n\t" + VSR_V(REG_V8, REG_T0, 4) + "add t0, t0, 64\n\t" + VSR_V(REG_V12, REG_T0, 2) + "add t0, t0, 32\n\t" + VSR_V(REG_V14, REG_T0, 1) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2" + ); + aes->rounds = 14; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 32) && (dir == AES_DECRYPTION)) { + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "mv t0, %[key]\n\t" + VL2RE32_V(REG_V0, REG_T0) + VMV_V_V(REG_V13, REG_V1) + VMV_V_V(REG_V14, REG_V0) + "mv t0, %[ks]\n\t" + VAESKF2_VI(REG_V0, REG_V1, 2) + VMV_V_V(REG_V12, REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 3) + VMV_V_V(REG_V11, REG_V1) + VAESKF2_VI(REG_V0, REG_V1, 4) + VMV_V_V(REG_V10, REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 5) + VMV_V_V(REG_V9 , REG_V1) + VAESKF2_VI(REG_V0, REG_V1, 6) + VMV_V_V(REG_V8 , REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 7) + VMV_V_V(REG_V7 , REG_V1) + VAESKF2_VI(REG_V0, REG_V1, 8) + VMV_V_V(REG_V6 , REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 9) + VMV_V_V(REG_V5 , REG_V1) + VAESKF2_VI(REG_V0, REG_V1, 10) + VMV_V_V(REG_V4 , REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 11) + VMV_V_V(REG_V3 , REG_V1) + VAESKF2_VI(REG_V0, REG_V1, 12) + VMV_V_V(REG_V2 , REG_V0) + VAESKF2_VI(REG_V1, REG_V0, 13) + VAESKF2_VI(REG_V0, REG_V1, 14) + VS8R_V(REG_V0, REG_T0) + "add t0, t0, 128\n\t" + VSR_V(REG_V8, REG_T0, 4) + "add t0, t0, 64\n\t" + VSR_V(REG_V12, REG_T0, 2) + "add t0, t0, 32\n\t" + VSR_V(REG_V14, REG_T0, 1) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2" + ); + aes->rounds = 14; + } +#endif +#endif + else { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Set the IV. */ + ret = wc_AesSetIV(aes, iv); + } + if (ret == 0) { + /* Finish setting the AES object. */ + aes->keylen = keyLen; +#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_OFB) + aes->left = 0; +#endif + } + + return ret; +} + +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +/* Encrypt a block using AES. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [in] in Block to encrypt. + * @param [out] out Encrypted block. + */ +static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out) +{ + word32* key = aes->key; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Check for 11 rounds. */ + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_encrypt_loaded\n\t" + /* Load key[10..11]. */ + "addi t0, t0, 32\n\t" + VL2RE32_V(REG_V10, REG_T0) + /* Check for 13 rounds. */ + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_encrypt_loaded\n\t" + /* Load key[12..13]. */ + "addi t0, t0, 32\n\t" + VL2RE32_V(REG_V12, REG_T0) + "L_aes_encrypt_loaded:\n\t" + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + + /* Load block. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + + /* Encrypt 10 rounds. */ + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + /* Check for 11 rounds. */ + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_encrypt_done\n\t" + VAESEM_VS(REG_V15, REG_V10) + VAESEM_VS(REG_V15, REG_V11) + /* Check for 13 rounds. */ + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_encrypt_done\n\t" + VAESEM_VS(REG_V15, REG_V12) + VAESEM_VS(REG_V15, REG_V13) + "L_aes_encrypt_done:\n\t" + /* Last round. */ + VAESEF_VS(REG_V15, REG_V14) + + /* Store encrypted block. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + + : + : [in] "r" (in), [out] "r" (out), [key] "r" (key), + [rounds] "r" (aes->rounds) + : "memory", "t0", "t1", "t2", "t4" + ); +} +#endif + +#ifdef HAVE_AES_DECRYPT +#ifdef WOLFSSL_AES_DIRECT +/* Decrypt a block using AES. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [in] in Block to decrypt. + * @param [out] out Decrypted block. + */ +static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out) +{ + word32* key = aes->key; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Check for 11 rounds. */ + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_decrypt_loaded\n\t" + /* Load key[10..11]. */ + "addi t0, t0, 32\n\t" + VL2RE32_V(REG_V10, REG_T0) + /* Check for 13 rounds. */ + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_decrypt_loaded\n\t" + /* Load key[12..13]. */ + "addi t0, t0, 32\n\t" + VL2RE32_V(REG_V12, REG_T0) + "L_aes_decrypt_loaded:\n\t" + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + + /* Load block. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + + /* Decrypt 10 rounds. */ + VAESZ_VS(REG_V15, REG_V0) + VAESDM_VS(REG_V15, REG_V1) + VAESDM_VS(REG_V15, REG_V2) + VAESDM_VS(REG_V15, REG_V3) + VAESDM_VS(REG_V15, REG_V4) + VAESDM_VS(REG_V15, REG_V5) + VAESDM_VS(REG_V15, REG_V6) + VAESDM_VS(REG_V15, REG_V7) + VAESDM_VS(REG_V15, REG_V8) + VAESDM_VS(REG_V15, REG_V9) + /* Check for 11 rounds. */ + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_decrypt_done\n\t" + VAESDM_VS(REG_V15, REG_V10) + VAESDM_VS(REG_V15, REG_V11) + /* Check for 13 rounds. */ + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_decrypt_done\n\t" + VAESDM_VS(REG_V15, REG_V12) + VAESDM_VS(REG_V15, REG_V13) + "L_aes_decrypt_done:\n\t" + /* Last round. */ + VAESDF_VS(REG_V15, REG_V14) + + /* Store decrypted block. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + + : + : [in] "r" (in), [out] "r" (out), [key] "r" (key), + [rounds] "r" (aes->rounds) + : "memory", "t0", "t1", "t2", "t4" + ); +} +#endif /* WOLFSSL_AES_DIRECT */ +#endif /* HAVE_AES_DECRYPT */ + +/* AES-CBC */ +#ifdef HAVE_AES_CBC +/* Encrypt blocks of data using AES-CBC. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param pin] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + /* Ensure a multiple of blocks is to be encrypted. */ + if ((ret == 0) && (sz % AES_BLOCK_SIZE)) { + ret = BAD_LENGTH_E; + } +#endif + + if ((ret == 0) && (sz > 0)) { + switch (aes->rounds) { +#ifdef WOLFSSL_AES_128 + case 10: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V10, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V11, REG_T0) + + "L_aes_cbc_128_encrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V11) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEF_VS(REG_V15, REG_V10) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V11, REG_V15) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_128_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V11, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_192 + case 12: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V12, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V13, REG_T0) + + "L_aes_cbc_192_encrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V13) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEM_VS(REG_V15, REG_V10) + VAESEM_VS(REG_V15, REG_V11) + VAESEF_VS(REG_V15, REG_V12) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V13, REG_V15) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_192_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V13, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_256 + case 14: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load key[12..13]. */ + "addi t0, t0, 64\n\t" + VL2RE32_V(REG_V12, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V16, REG_T0) + + "L_aes_cbc_256_encrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V16) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEM_VS(REG_V15, REG_V10) + VAESEM_VS(REG_V15, REG_V11) + VAESEM_VS(REG_V15, REG_V12) + VAESEM_VS(REG_V15, REG_V13) + VAESEF_VS(REG_V15, REG_V14) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V16, REG_V15) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_256_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V16, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif + } + } + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt blocks of data using AES-CBC. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [out] out Decrypted blocks. + * @param [in] in Blocks to decrypt. + * @param pin] sz Number of bytes to decrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_FUNC_ARG when sz is not a multiple of AES_BLOCK_SIZE. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Ensure a multiple of blocks is being decrypted. */ + if ((ret == 0) && (sz % AES_BLOCK_SIZE)) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ret = BAD_LENGTH_E; +#else + ret = BAD_FUNC_ARG; +#endif + } + + if ((ret == 0) && (sz > 0)) { + switch (aes->rounds) { +#ifdef WOLFSSL_AES_128 + case 10: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V10, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V11, REG_T0) + + "L_aes_cbc_128_decrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VMV_V_V(REG_V14, REG_V15) + + VAESZ_VS(REG_V15, REG_V0) + VAESDM_VS(REG_V15, REG_V1) + VAESDM_VS(REG_V15, REG_V2) + VAESDM_VS(REG_V15, REG_V3) + VAESDM_VS(REG_V15, REG_V4) + VAESDM_VS(REG_V15, REG_V5) + VAESDM_VS(REG_V15, REG_V6) + VAESDM_VS(REG_V15, REG_V7) + VAESDM_VS(REG_V15, REG_V8) + VAESDM_VS(REG_V15, REG_V9) + VAESDF_VS(REG_V15, REG_V10) + VXOR_VV(REG_V15, REG_V15, REG_V11) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V11, REG_V14) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_128_decrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V11, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_192 + case 12: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V12, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V13, REG_T0) + + "L_aes_cbc_192_decrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VMV_V_V(REG_V14, REG_V15) + + VAESZ_VS(REG_V15, REG_V0) + VAESDM_VS(REG_V15, REG_V1) + VAESDM_VS(REG_V15, REG_V2) + VAESDM_VS(REG_V15, REG_V3) + VAESDM_VS(REG_V15, REG_V4) + VAESDM_VS(REG_V15, REG_V5) + VAESDM_VS(REG_V15, REG_V6) + VAESDM_VS(REG_V15, REG_V7) + VAESDM_VS(REG_V15, REG_V8) + VAESDM_VS(REG_V15, REG_V9) + VAESDM_VS(REG_V15, REG_V10) + VAESDM_VS(REG_V15, REG_V11) + VAESDF_VS(REG_V15, REG_V12) + VXOR_VV(REG_V15, REG_V15, REG_V13) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V13, REG_V14) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_192_decrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V13, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_256 + case 14: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load key[12..13]. */ + "addi t0, t0, 64\n\t" + VL2RE32_V(REG_V12, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + /* Load the IV. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V16, REG_T0) + + "L_aes_cbc_256_decrypt_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V15, REG_T0) + VMV_V_V(REG_V17, REG_V15) + + VAESZ_VS(REG_V15, REG_V0) + VAESDM_VS(REG_V15, REG_V1) + VAESDM_VS(REG_V15, REG_V2) + VAESDM_VS(REG_V15, REG_V3) + VAESDM_VS(REG_V15, REG_V4) + VAESDM_VS(REG_V15, REG_V5) + VAESDM_VS(REG_V15, REG_V6) + VAESDM_VS(REG_V15, REG_V7) + VAESDM_VS(REG_V15, REG_V8) + VAESDM_VS(REG_V15, REG_V9) + VAESDM_VS(REG_V15, REG_V10) + VAESDM_VS(REG_V15, REG_V11) + VAESDM_VS(REG_V15, REG_V12) + VAESDM_VS(REG_V15, REG_V13) + VAESDF_VS(REG_V15, REG_V14) + VXOR_VV(REG_V15, REG_V15, REG_V16) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + VMV_V_V(REG_V16, REG_V17) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_cbc_256_decrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V16, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif + } + } + + return ret; +} +#endif /* HAVE_AES_DECRYPT */ + +/* Don't need generic implementation. */ +#define HAVE_AES_CBC_ENC_DEC + +#endif /* HAVE_AES_CBC */ + +/* AES-CTR */ +#ifdef WOLFSSL_AES_COUNTER +/* Encrypt blocks using AES-CTR. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param [in] blocks Number of blocks to encrypt. + */ +static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, + word32 blocks) +{ + switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 + case 10: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V10, REG_T0) + /* Load the counter. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V16, REG_T0) + "li t2, 1 \n\t" + + "L_aes_ctr_128_encrypt_block_loop:\n\t" + VMV_V_V(REG_V15, REG_V16) + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) + VREV8(REG_V16, REG_V16) + VSLIDEDOWN_VI(REG_V17, REG_V16, 1) + VXOR_VV(REG_V18, REG_V18, REG_V18) + VADD_VI(REG_V17, REG_V17, 1) + VMSEQ_VV(REG_V18, REG_V18, REG_V17) + VSLIDEUP_VI(REG_V16, REG_V17, 1) + VADD_VV(REG_V16, REG_V16, REG_V18) + VREV8(REG_V16, REG_V16) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEF_VS(REG_V15, REG_V10) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V17) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_ctr_128_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V16, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_192 + case 12: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V12, REG_T0) + /* Load the counter. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V16, REG_T0) + "li t2, 1 \n\t" + + "L_aes_ctr_192_encrypt_block_loop:\n\t" + VMV_V_V(REG_V15, REG_V16) + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) + VREV8(REG_V16, REG_V16) + VSLIDEDOWN_VI(REG_V17, REG_V16, 1) + VXOR_VV(REG_V18, REG_V18, REG_V18) + VADD_VI(REG_V17, REG_V17, 1) + VMSEQ_VV(REG_V18, REG_V18, REG_V17) + VSLIDEUP_VI(REG_V16, REG_V17, 1) + VADD_VV(REG_V16, REG_V16, REG_V18) + VREV8(REG_V16, REG_V16) + VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEM_VS(REG_V15, REG_V10) + VAESEM_VS(REG_V15, REG_V11) + VAESEF_VS(REG_V15, REG_V12) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V17) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_ctr_192_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V16, REG_T0) + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif +#ifdef WOLFSSL_AES_256 + case 14: + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000) + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load key[12..13]. */ + "addi t0, t0, 64\n\t" + VL2RE32_V(REG_V12, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + /* Load the counter. */ + "mv t0, %[reg]\n\t" + VL1RE32_V(REG_V16, REG_T0) + "li t2, 1 \n\t" + + "L_aes_ctr_256_encrypt_block_loop:\n\t" + VMV_V_V(REG_V15, REG_V16) + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) + VREV8(REG_V16, REG_V16) + VSLIDEDOWN_VI(REG_V17, REG_V16, 1) + VXOR_VV(REG_V18, REG_V18, REG_V18) + VADD_VI(REG_V17, REG_V17, 1) + VMSEQ_VV(REG_V18, REG_V18, REG_V17) + VSLIDEUP_VI(REG_V16, REG_V17, 1) + VADD_VV(REG_V16, REG_V16, REG_V18) + VREV8(REG_V16, REG_V16) + VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000) + + VAESZ_VS(REG_V15, REG_V0) + VAESEM_VS(REG_V15, REG_V1) + VAESEM_VS(REG_V15, REG_V2) + VAESEM_VS(REG_V15, REG_V3) + VAESEM_VS(REG_V15, REG_V4) + VAESEM_VS(REG_V15, REG_V5) + VAESEM_VS(REG_V15, REG_V6) + VAESEM_VS(REG_V15, REG_V7) + VAESEM_VS(REG_V15, REG_V8) + VAESEM_VS(REG_V15, REG_V9) + VAESEM_VS(REG_V15, REG_V10) + VAESEM_VS(REG_V15, REG_V11) + VAESEM_VS(REG_V15, REG_V12) + VAESEM_VS(REG_V15, REG_V13) + VAESEF_VS(REG_V15, REG_V14) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V15, REG_V15, REG_V17) + + "mv t0, %[out]\n\t" + VS1R_V(REG_V15, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_aes_ctr_256_encrypt_block_loop\n\t" + + "mv t0, %[reg]\n\t" + VS1R_V(REG_V16, REG_T0) + "mv t0, %[reg]\n\t" + : [blocks] "+r" (blocks) + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [reg] "r" (aes->reg) + : "memory", "t0", "t1", "t2", "t4" + ); + break; +#endif + } +} + +/* Encrypt blocks of data using AES-CTR. + * + * Uses Vector Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param [in] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_FUNC_ARG when key size in AES object is not supported. + */ +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + word32 processed; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Check key size is supported. */ + switch (aes->rounds) { + #ifdef WOLFSSL_AES_128 + case 10: /* AES 128 BLOCK */ + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + case 12: /* AES 192 BLOCK */ + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + case 14: /* AES 256 BLOCK */ + #endif /* WOLFSSL_AES_256 */ + break; + default: + WOLFSSL_MSG("Bad AES-CTR round value"); + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { + /* Use up any unused bytes left in aes->tmp */ + processed = min(aes->left, sz); + if (processed > 0) { + /* XOR in encrypted counter. */ + xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, + processed); + out += processed; + in += processed; + aes->left -= processed; + sz -= processed; + } + + /* Do whole blocks of data. */ + while (sz >= AES_BLOCK_SIZE) { + word32 blocks = sz / AES_BLOCK_SIZE; + + wc_aes_ctr_encrypt_asm(aes, out, in, blocks); + + processed = blocks * AES_BLOCK_SIZE; + out += processed; + in += processed; + sz -= processed; + aes->left = 0; + } + + if (sz > 0) { + /* Encrypt counter and store in aes->tmp. + * Use up aes->tmp to encrypt data less than a block. + */ + static const byte zeros[AES_BLOCK_SIZE] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + + wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1); + /* XOR in encrypted counter. */ + xorbufout(out, in, aes->tmp, sz); + aes->left = AES_BLOCK_SIZE - sz; + } + } + + return ret; +} + +/* Don't need generic implementation. */ +#define HAVE_AES_COUNTER_ENC + +#endif /* WOLFSSL_AES_COUNTER */ + +#elif defined(WOLFSSL_RISCV_SCALAR_CRYPTO_ASM) + +/* + * Scalar crypto instruction implementation of base operations. + */ + +/* AES key schedule SBox operation. */ +#define AES64KS1I(rd, rs1, rnum) \ + ASM_WORD(0b00110001000000000001000000010011 | \ + (((rd) << 7) | ((rs1) << 15) | (rnum) << 20)) +/* AES key schedule operation. */ +#define AES64KS2(rd, rs1, rs2) \ + ASM_WORD(0b01111110000000000000000000110011 | \ + (((rd) << 7) | ((rs1) << 15) | (rs2) << 20)) +/* AES inverse MixColums step. */ +#define AES64IM(rd, rs1) \ + ASM_WORD(0b00110000000000000001000000010011 | \ + ((rd) << 7) | ((rs1) << 15)) + +/* Perform computation of one round of key schedule for AES-128 encryption. */ +#define AES64_128_KS_RND_INS(rnum, o1, o2) \ + AES64KS1I(REG_T2, REG_T1, rnum) \ + AES64KS2(REG_T0, REG_T2, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + "sd t0, " #o1 "(%[ks])\n\t" \ + "sd t1, " #o2 "(%[ks])\n\t" +/* Perform computation of one round of key schedule for AES-128 decryption. */ +#define AES64_128_INV_KS_RND_INS(rnum, o1, o2) \ + AES64KS1I(REG_T2, REG_T1, rnum) \ + AES64KS2(REG_T0, REG_T2, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + AES64IM(REG_T2, REG_T0) \ + AES64IM(REG_T3, REG_T1) \ + "sd t2, " #o1 "(%[ks])\n\t" \ + "sd t3, " #o2 "(%[ks])\n\t" + +/* Perform computation of numbered round of key schedule for AES-128 encryption. + */ +#define AES64_128_KS_RND(rnum) \ + AES64_128_KS_RND_INS((rnum), ((rnum) + 1) * 16, \ + ((rnum) + 1) * 16 + 8) +/* Perform computation of numbered round of key schedule for AES-128 decryption. + */ +#define AES64_128_INV_KS_RND(rnum, o) \ + AES64_128_INV_KS_RND_INS((rnum), (o) * 16, (o) * 16 + 8) +/* Perform computation of numbered last round of key schedule for AES-128 + * decryption. */ +#define AES64_128_INV_KS_LRND(rnum, o) \ + AES64_128_KS_RND_INS((rnum), (o) * 16, (o) * 16 + 8) + + +/* Perform computation of one round of key schedule for AES-192 encryption. */ +#define AES64_192_KS_RND_INS(rnum, o1, o2, o3) \ + AES64KS1I(REG_T3, REG_T2, rnum) \ + AES64KS2(REG_T0, REG_T3, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + AES64KS2(REG_T2, REG_T1, REG_T2) \ + "sd t0, " #o1 "(%[ks])\n\t" \ + "sd t1, " #o2 "(%[ks])\n\t" \ + "sd t2, " #o3 "(%[ks])\n\t" +/* Perform computation of one round of key schedule for AES-192 decryption. */ +#define AES64_192_INV_KS_RND_INS(rnum, o1, o2, o3) \ + AES64KS1I(REG_T3, REG_T2, rnum) \ + AES64KS2(REG_T0, REG_T3, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + AES64KS2(REG_T2, REG_T1, REG_T2) \ + AES64IM(REG_T3, REG_T0) \ + AES64IM(REG_T4, REG_T1) \ + AES64IM(REG_T5, REG_T2) \ + "sd t3, " #o1 "(%[ks])\n\t" \ + "sd t4, " #o2 "(%[ks])\n\t" \ + "sd t5, " #o3 "(%[ks])\n\t" +/* Perform computation of last round of key schedule for AES-192 decryption. */ +#define AES64_192_KS_LRND_INS(rnum, o1, o2) \ + AES64KS1I(REG_T3, REG_T2, rnum) \ + AES64KS2(REG_T0, REG_T3, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + "sd t0, " #o1 "(%[ks])\n\t" \ + "sd t1, " #o2 "(%[ks])\n\t" \ + +/* Perform computation of numbered round of key schedule for AES-192 encryption. + */ +#define AES64_192_KS_RND(rnum) \ + AES64_192_KS_RND_INS((rnum), ((rnum) + 1) * 24, \ + ((rnum) + 1) * 24 + 8, ((rnum) + 1) * 24 + 16) +/* Perform computation of numbered round of key schedule for AES-192 decryption. + */ +#define AES64_192_INV_KS_RND(rnum, o1, o2, o3) \ + AES64_192_INV_KS_RND_INS((rnum), (o1) * 8, (o2) * 8, \ + (o3) * 8) +/* Perform computation of numbered last round of key schedule for AES-192 + * encryption. */ +#define AES64_192_KS_LRND(rnum) \ + AES64_192_KS_LRND_INS((rnum), ((rnum) + 1) * 24, \ + ((rnum) + 1) * 24 + 8) +/* Perform computation of numbered last round of key schedule for AES-192 + * decryption. */ +#define AES64_192_INV_KS_LRND(rnum) \ + AES64_192_KS_LRND_INS((rnum), 0, 8) + + +/* Perform computation of one round of key schedule for AES-256 encryption. */ +#define AES64_256_KS_RND_INS(rnum, o1, o2, o3, o4) \ + AES64KS1I(REG_T4, REG_T3, rnum) \ + AES64KS2(REG_T0, REG_T4, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + AES64KS1I(REG_T4, REG_T1, 10) \ + AES64KS2(REG_T2, REG_T4, REG_T2) \ + AES64KS2(REG_T3, REG_T2, REG_T3) \ + "sd t0, " #o1 "(%[ks])\n\t" \ + "sd t1, " #o2 "(%[ks])\n\t" \ + "sd t2, " #o3 "(%[ks])\n\t" \ + "sd t3, " #o4 "(%[ks])\n\t" +/* Perform computation of one round of key schedule for AES-256 decryption. */ +#define AES64_256_INV_KS_RND_INS(rnum, o1, o2, o3, o4) \ + AES64KS1I(REG_T4, REG_T3, rnum) \ + AES64KS2(REG_T0, REG_T4, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + AES64KS1I(REG_T4, REG_T1, 10) \ + AES64KS2(REG_T2, REG_T4, REG_T2) \ + AES64KS2(REG_T3, REG_T2, REG_T3) \ + AES64IM(REG_T4, REG_T0) \ + AES64IM(REG_T5, REG_T1) \ + "sd t4, " #o1 "(%[ks])\n\t" \ + "sd t5, " #o2 "(%[ks])\n\t" \ + AES64IM(REG_T4, REG_T2) \ + AES64IM(REG_T5, REG_T3) \ + "sd t4, " #o3 "(%[ks])\n\t" \ + "sd t5, " #o4 "(%[ks])\n\t" +/* Perform computation of last round of key schedule for AES-256 decryption. */ +#define AES64_256_KS_LRND_INS(rnum, o1, o2) \ + AES64KS1I(REG_T4, REG_T3, rnum) \ + AES64KS2(REG_T0, REG_T4, REG_T0) \ + AES64KS2(REG_T1, REG_T0, REG_T1) \ + "sd t0, " #o1 "(%[ks])\n\t" \ + "sd t1, " #o2 "(%[ks])\n\t" \ + +/* Perform computation of numbered round of key schedule for AES-256 encryption. + */ +#define AES64_256_KS_RND(rnum) \ + AES64_256_KS_RND_INS((rnum), ((rnum) + 1) * 32, \ + ((rnum) + 1) * 32 + 8, ((rnum) + 1) * 32 + 16, \ + ((rnum) + 1) * 32 + 24) +/* Perform computation of numbered round of key schedule for AES-256 decryption. + */ +#define AES64_256_INV_KS_RND(rnum, o) \ + AES64_256_INV_KS_RND_INS((rnum), (o) * 32, \ + (o) * 32 + 8, (o) * 32 - 16, (o) * 32 - 8) +/* Perform computation of numbered last round of key schedule for AES-256 + * encryption. */ +#define AES64_256_KS_LRND(rnum) \ + AES64_256_KS_LRND_INS((rnum), ((rnum) + 1) * 32, \ + ((rnum) + 1) * 32 + 8) +/* Perform computation of numbered last round of key schedule for AES-256 + * decryption. */ +#define AES64_256_INV_KS_LRND(rnum) \ + AES64_256_KS_LRND_INS((rnum), 0, 8) + +/* Set the key and/or IV into the AES object. + * + * Creates the key schedule from the key. + * Uses Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv Initialization Vector (IV) to use. May be NULL. + * @param [in] dir Direction of crypt: AES_ENCRYPT, AES_DECRYPT. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when keyLen/dir is not supported or valid. + */ +int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, + int dir) +{ + int ret = 0; + + /* Validate parameters. */ + if ((aes == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } +#ifdef WOLFSSL_AES_128 + else if ((keyLen == 16) && (dir == AES_ENCRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "sd t0, 0(%[ks])\n\t" + "sd t1, 8(%[ks])\n\t" + AES64_128_KS_RND(0) + AES64_128_KS_RND(1) + AES64_128_KS_RND(2) + AES64_128_KS_RND(3) + AES64_128_KS_RND(4) + AES64_128_KS_RND(5) + AES64_128_KS_RND(6) + AES64_128_KS_RND(7) + AES64_128_KS_RND(8) + AES64_128_KS_RND(9) + "sd t0, 224(%[ks])\n\t" + "sd t1, 232(%[ks])\n\t" + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2" + ); + aes->rounds = 10; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 16) && (dir == AES_DECRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "sd t0, 160(%[ks])\n\t" + "sd t1, 168(%[ks])\n\t" + AES64_128_INV_KS_RND(0, 9) + AES64_128_INV_KS_RND(1, 8) + AES64_128_INV_KS_RND(2, 7) + AES64_128_INV_KS_RND(3, 6) + AES64_128_INV_KS_RND(4, 5) + AES64_128_INV_KS_RND(5, 4) + AES64_128_INV_KS_RND(6, 3) + AES64_128_INV_KS_RND(7, 2) + AES64_128_INV_KS_RND(8, 1) + AES64_128_INV_KS_LRND(9, 0) + "sd t4, 224(%[ks])\n\t" + "sd t5, 232(%[ks])\n\t" + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2", "t3" + ); + aes->rounds = 10; + } +#endif +#endif +#ifdef WOLFSSL_AES_192 + else if ((keyLen == 24) && (dir == AES_ENCRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "ld t2, 16(%[key])\n\t" + "sd t0, 0(%[ks])\n\t" + "sd t1, 8(%[ks])\n\t" + "sd t2, 16(%[ks])\n\t" + AES64_192_KS_RND(0) + AES64_192_KS_RND(1) + AES64_192_KS_RND(2) + AES64_192_KS_RND(3) + AES64_192_KS_RND(4) + AES64_192_KS_RND(5) + AES64_192_KS_RND(6) + AES64_192_KS_LRND(7) + "sd t0, 224(%[ks])\n\t" + "sd t1, 232(%[ks])\n\t" + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2", "t3" + ); + aes->rounds = 12; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 24) && (dir == AES_DECRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "ld t2, 16(%[key])\n\t" + AES64IM(REG_T3, REG_T2) + "sd t0, 192(%[ks])\n\t" + "sd t1, 200(%[ks])\n\t" + "sd t3, 176(%[ks])\n\t" + AES64_192_INV_KS_RND(0, 23, 20, 21) + AES64_192_INV_KS_RND(1, 18, 19, 16) + AES64_192_INV_KS_RND(2, 17, 14, 15) + AES64_192_INV_KS_RND(3, 12, 13, 10) + AES64_192_INV_KS_RND(4, 11, 8, 9) + AES64_192_INV_KS_RND(5, 6, 7, 4) + AES64_192_INV_KS_RND(6, 5, 2, 3) + AES64_192_INV_KS_LRND(7) + "sd t4, 224(%[ks])\n\t" + "sd t5, 232(%[ks])\n\t" + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5" + ); + aes->rounds = 12; + } +#endif +#endif +#ifdef WOLFSSL_AES_256 + else if ((keyLen == 32) && (dir == AES_ENCRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "ld t2, 16(%[key])\n\t" + "ld t3, 24(%[key])\n\t" + "sd t0, 0(%[ks])\n\t" + "sd t1, 8(%[ks])\n\t" + "sd t2, 16(%[ks])\n\t" + "sd t3, 24(%[ks])\n\t" + AES64_256_KS_RND(0) + AES64_256_KS_RND(1) + AES64_256_KS_RND(2) + AES64_256_KS_RND(3) + AES64_256_KS_RND(4) + AES64_256_KS_RND(5) + AES64_256_KS_LRND(6) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + aes->rounds = 14; + } +#ifdef HAVE_AES_DECRYPT + else if ((keyLen == 32) && (dir == AES_DECRYPTION)) { + __asm__ __volatile__ ( + "ld t0, 0(%[key])\n\t" + "ld t1, 8(%[key])\n\t" + "ld t2, 16(%[key])\n\t" + "ld t3, 24(%[key])\n\t" + "sd t0, 224(%[ks])\n\t" + "sd t1, 232(%[ks])\n\t" + AES64IM(REG_T4, REG_T2) + AES64IM(REG_T5, REG_T3) + "sd t4, 208(%[ks])\n\t" + "sd t5, 216(%[ks])\n\t" + AES64_256_INV_KS_RND(0, 6) + AES64_256_INV_KS_RND(1, 5) + AES64_256_INV_KS_RND(2, 4) + AES64_256_INV_KS_RND(3, 3) + AES64_256_INV_KS_RND(4, 2) + AES64_256_INV_KS_RND(5, 1) + AES64_256_INV_KS_LRND(6) + : + : [ks] "r" (aes->key), [key] "r" (key) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5" + ); + aes->rounds = 14; + } +#endif +#endif + else { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Set the IV. */ + ret = wc_AesSetIV(aes, iv); + } + if (ret == 0) { + /* Finish setting the AES object. */ + aes->keylen = keyLen; +#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_OFB) + aes->left = 0; +#endif + } + + return ret; +} + + +/* AES middle round encryption with 64-bit registers. */ +#define AES64ESM(rd, rs1, rs2) \ + ASM_WORD(0b00110110000000000000000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) +/* AES final round encryption with 64-bit registers. */ +#define AES64ES(rd, rs1, rs2) \ + ASM_WORD(0b00110010000000000000000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) + +/* Two rounds of encryption. + * kr01 - offset of first half of key for second round. + * kr02 - offset of second half of key for second round. + * kr03 - offset of first half of key for next round. + * kr04 - offset of second half of key for next round. + */ +#define AESENC_2_ROUNDS(kro1, kro2, kro3, kro4) \ + "ld a5, " #kro1 " (%[key])\n\t" \ + "ld a6, " #kro2 " (%[key])\n\t" \ + AES64ESM(REG_T2, REG_T0, REG_T1) \ + AES64ESM(REG_T3, REG_T1, REG_T0) \ + "xor t2, t2, a3\n\t" \ + "xor t3, t3, a4\n\t" \ + AES64ESM(REG_T0, REG_T2, REG_T3) \ + AES64ESM(REG_T1, REG_T3, REG_T2) \ + "xor t0, t0, a5\n\t" \ + "xor t1, t1, a6\n\t" \ + "ld a3, " #kro3 " (%[key])\n\t" \ + "ld a4, " #kro4 " (%[key])\n\t" + +/* Last round of encryption. */ +#define AESENC_LAST_ROUND() \ + AES64ES(REG_T2, REG_T0, REG_T1) \ + AES64ES(REG_T3, REG_T1, REG_T0) \ + "xor t2, t2, a3\n\t" \ + "xor t3, t3, a4\n\t" + +/* AES middle round decryption with 64-bit registers. */ +#define AES64DSM(rd, rs1, rs2) \ + ASM_WORD(0b00111110000000000000000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) +/* AES final round decryption with 64-bit registers. */ +#define AES64DS(rd, rs1, rs2) \ + ASM_WORD(0b00111010000000000000000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) + +/* Two rounds of decryption. + * kr01 - offset of first half of key for second round. + * kr02 - offset of second half of key for second round. + * kr03 - offset of first half of key for next round. + * kr04 - offset of second half of key for next round. + */ +#define AESDEC_2_ROUNDS(kro1, kro2, kro3, kro4) \ + "ld a5, " #kro1 " (%[key])\n\t" \ + "ld a6, " #kro2 " (%[key])\n\t" \ + AES64DSM(REG_T2, REG_T0, REG_T1) \ + AES64DSM(REG_T3, REG_T1, REG_T0) \ + "xor t2, t2, a3\n\t" \ + "xor t3, t3, a4\n\t" \ + AES64DSM(REG_T0, REG_T2, REG_T3) \ + AES64DSM(REG_T1, REG_T3, REG_T2) \ + "xor t0, t0, a5\n\t" \ + "xor t1, t1, a6\n\t" \ + "ld a3, " #kro3 " (%[key])\n\t" \ + "ld a4, " #kro4 " (%[key])\n\t" + +/* Last round of decryption. */ +#define AESDEC_LAST_ROUND() \ + AES64DS(REG_T2, REG_T0, REG_T1) \ + AES64DS(REG_T3, REG_T1, REG_T0) \ + "xor t2, t2, a3\n\t" \ + "xor t3, t3, a4\n\t" \ + +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +/* Encrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to encrypt. + * @param [out] out Encrypted block. + */ +static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out) +{ + __asm__ __volatile__ ( + "ld t2, 0(%[in])\n\t" + "ld t3, 8(%[in])\n\t" + "ld a3, 0(%[key])\n\t" + "ld a4, 8(%[key])\n\t" + "ld a5, 16(%[key])\n\t" + "ld a6, 24(%[key])\n\t" + "xor t2, t2, a3\n\t" + "xor t3, t3, a4\n\t" + AES64ESM(REG_T0, REG_T2, REG_T3) + AES64ESM(REG_T1, REG_T3, REG_T2) + "xor t0, t0, a5\n\t" + "xor t1, t1, a6\n\t" + "ld a3, 32(%[key])\n\t" + "ld a4, 40(%[key])\n\t" + AESENC_2_ROUNDS(48, 56, 64, 72) + AESENC_2_ROUNDS(80, 88, 96, 104) + AESENC_2_ROUNDS(112, 120, 128, 136) + AESENC_2_ROUNDS(144, 152, 160, 168) + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_encrypt_done\n\t" + AESENC_2_ROUNDS(176, 184, 192, 200) + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_encrypt_done\n\t" + AESENC_2_ROUNDS(208, 216, 224, 232) + "L_aes_encrypt_done:\n\t" + AESENC_LAST_ROUND() + "sd t2, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" + : + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [rounds] "r" (aes->rounds) + : "memory", "t0", "t1", "t2", "t3", "t4", "a3", "a4", "a5", "a6" + ); +} +#endif + +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) +/* Decrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to decrypt. + * @param [out] out Decrypted block. + */ +static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out) +{ + __asm__ __volatile__ ( + "ld t2, 0(%[in])\n\t" + "ld t3, 8(%[in])\n\t" + "ld a3, 0(%[key])\n\t" + "ld a4, 8(%[key])\n\t" + "ld a5, 16(%[key])\n\t" + "ld a6, 24(%[key])\n\t" + "xor t2, t2, a3\n\t" + "xor t3, t3, a4\n\t" + AES64DSM(REG_T0, REG_T2, REG_T3) + AES64DSM(REG_T1, REG_T3, REG_T2) + "xor t0, t0, a5\n\t" + "xor t1, t1, a6\n\t" + "ld a3, 32(%[key])\n\t" + "ld a4, 40(%[key])\n\t" + AESDEC_2_ROUNDS(48, 56, 64, 72) + AESDEC_2_ROUNDS(80, 88, 96, 104) + AESDEC_2_ROUNDS(112, 120, 128, 136) + AESDEC_2_ROUNDS(144, 152, 160, 168) + "li t4, 11\n\t" + "ble %[rounds], t4, L_aes_decrypt_done\n\t" + AESDEC_2_ROUNDS(176, 184, 192, 200) + "li t4, 13\n\t" + "ble %[rounds], t4, L_aes_decrypt_done\n\t" + AESDEC_2_ROUNDS(208, 216, 224, 232) + "L_aes_decrypt_done:\n\t" + AESDEC_LAST_ROUND() + "sd t2, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" + : + : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key), + [rounds] "r" (aes->rounds) + : "memory", "t0", "t1", "t2", "t3", "t4", "a3", "a4", "a5", "a6" + ); +} +#endif +#endif /* HAVE_AES_DECRYPT */ + +#else + +/* + * Standard instructions implementation of base operations. + */ + +/* Load a word with bytes reversed. */ +#define LOAD_WORD_REV(r, o, p) \ + "lbu t4, " #o "(" #p ")\n\t" \ + "lbu t5, " #o "+1(" #p ")\n\t" \ + "lbu t6, " #o "+2(" #p ")\n\t" \ + "lbu " #r ", " #o "+3(" #p ")\n\t" \ + "slli t4, t4, 24\n\t" \ + "slli t5, t5, 16\n\t" \ + "slli t6, t6, 8\n\t" \ + "or " #r ", " #r ", t4\n\t" \ + "or " #r ", " #r ", t5\n\t" \ + "or " #r ", " #r ", t6\n\t" + +/* Store a word with bytes reversed. */ +#define STORE_WORD_REV(r, o, p) \ + "srli t0, " #r ", 24\n\t" \ + "srli t1, " #r ", 16\n\t" \ + "srli t2, " #r ", 8\n\t" \ + "sb t0, " #o "+0(" #p ")\n\t" \ + "sb t1, " #o "+1(" #p ")\n\t" \ + "sb t2, " #o "+2(" #p ")\n\t" \ + "sb " #r ", " #o "+3(" #p ")\n\t" + +/* AES encryption table. */ +static const FLASH_QUALIFIER word32 Te[4][256] = { +{ + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}, +{ + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}, +{ + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}, +{ + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +} +}; + +/* Round constant used in computing key schedule. */ +static const FLASH_QUALIFIER word32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, + /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +#ifdef HAVE_AES_DECRYPT +/* AES decryption table. */ +static const FLASH_QUALIFIER word32 Td[4][256] = { +{ + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}, +{ + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}, +{ + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}, +{ + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +} +}; + +#endif /* HAVE_AES_DECRYPT */ + +/* AES substitute rotated word with round constant application. */ +#define AES_SUB_ROT_WORD_RCON(s) \ + "andi t5, " #s ", 0xff\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[te]\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0x0000ff00\n\t" \ + "and t5, t5, t6\n\t" \ + "xor t0, t0, t5\n\t" \ + \ + "srli t5, " #s ", 22\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "addi t5, t5, 0x400\n\t" \ + "lbu t5, (t5)\n\t" \ + "xor t0, t0, t5\n\t" \ + \ + "srli t5, " #s ", 14\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "li t6, 0x800\n\t" \ + "add t5, t5, t6\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0xff000000\n\t" \ + "and t5, t5, t6\n\t" \ + "xor t0, t0, t5\n\t" \ + \ + "srli t5, " #s ", 6\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "li t6, 0xc00\n\t" \ + "add t5, t5, t6\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0x00ff0000\n\t" \ + "and t5, t5, t6\n\t" \ + "xor t0, t0, t5\n\t" \ + \ + "add t5, %[rcon], a5\n\t" \ + "lw t5, (t5)\n\t" \ + "xor t0, t0, t5\n\t" + +/* AES substitute word. */ +#define AES_SUB_WORD(s) \ + "srli t5, " #s ", 6\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0x0000ff00\n\t" \ + "and t5, t5, t6\n\t" \ + "xor a6, a6, t5\n\t" \ + \ + "andi t5, " #s ", 0xff\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[te]\n\t" \ + "addi t5, t5, 0x400\n\t" \ + "lbu t5, (t5)\n\t" \ + "xor a6, a6, t5\n\t" \ + \ + "srli t5, " #s ", 22\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "li t6, 0x800\n\t" \ + "add t5, t5, t6\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0xff000000\n\t" \ + "and t5, t5, t6\n\t" \ + "xor a6, a6, t5\n\t" \ + \ + "srli t5, " #s ", 14\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te]\n\t" \ + "li t6, 0xc00\n\t" \ + "add t5, t5, t6\n\t" \ + "lw t5, (t5)\n\t" \ + "li t6, 0x00ff0000\n\t" \ + "and t5, t5, t6\n\t" \ + "xor a6, a6, t5\n\t" + +/* Set the AES key and expand. + * + * @param [in] aes AES object. + * @param [in] key Block to encrypt. + * @param [in] keySz Number of bytes in key. + * @param [in] dir Direction of crypt: AES_ENCRYPTION or AES_DECRYPTION. + */ +static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) +{ + word32* rk = aes->key; + + switch (keySz) { +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \ + defined(WOLFSSL_AES_128) + case 16: + __asm__ __volatile__ ( +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* Load 4 32-bit words in reverse byte order. */ + LOAD_WORD_REV(t0, 0, %[key]) + LOAD_WORD_REV(t1, 4, %[key]) + LOAD_WORD_REV(t2, 8, %[key]) + LOAD_WORD_REV(t3, 12, %[key]) +#else + "ld t1, 0(%[key])\n\t" + "ld t3, 8(%[key])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" +#endif + /* Store round 0 key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + + "li a4, 10\n\t" + "mv a5, x0\n\t" + "L_aes_set_key_c_16_loop:\n\t" + "addi %[rk], %[rk], 16\n\t" + /* Permute key. */ + AES_SUB_ROT_WORD_RCON(t3) + "xor t1, t1, t0\n\t" + "xor t2, t2, t1\n\t" + "xor t3, t3, t2\n\t" + /* Store round key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + + "addi a4, a4, -1\n\t" + "addi a5, a5, 4\n\t" + "bnez a4, L_aes_set_key_c_16_loop\n\t" + : [rk] "+r" (rk) + : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5" + ); + break; +#endif /* 128 */ + +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \ + defined(WOLFSSL_AES_192) + case 24: + __asm__ __volatile__ ( +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* Load 6 32-bit words in reverse byte order. */ + LOAD_WORD_REV(t0, 0, %[key]) + LOAD_WORD_REV(t1, 4, %[key]) + LOAD_WORD_REV(t2, 8, %[key]) + LOAD_WORD_REV(t3, 12, %[key]) + LOAD_WORD_REV(a6, 16, %[key]) + LOAD_WORD_REV(a7, 20, %[key]) +#else + "ld t1, 0(%[key])\n\t" + "ld t3, 8(%[key])\n\t" + "ld a7, 16(%[key])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + REV8(REG_A7, REG_A7) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" + "srli a6, a7, 32\n\t" +#endif + /* Store round 0 key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + "sw a6, 16(%[rk])\n\t" + "sw a7, 20(%[rk])\n\t" + + "li a4, 8\n\t" + "mv a5, x0\n\t" + "L_aes_set_key_c_24_loop:\n\t" + "addi %[rk], %[rk], 24\n\t" + /* Permute key. */ + AES_SUB_ROT_WORD_RCON(a7) + "xor t1, t1, t0\n\t" + "xor t2, t2, t1\n\t" + "xor t3, t3, t2\n\t" + "xor a6, a6, t3\n\t" + "xor a7, a7, a6\n\t" + /* Store round key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + "sw a6, 16(%[rk])\n\t" + "sw a7, 20(%[rk])\n\t" + + "addi a4, a4, -1\n\t" + "addi a5, a5, 4\n\t" + "bnez a4, L_aes_set_key_c_24_loop\n\t" + + : [rk] "+r" (rk) + : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5", + "a6", "a7" + ); + break; +#endif /* 192 */ + +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \ + defined(WOLFSSL_AES_256) + case 32: + __asm__ __volatile__ ( +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* Load 8 32-bit words in reverse byte order. */ + LOAD_WORD_REV(t0, 0, %[key]) + LOAD_WORD_REV(t1, 4, %[key]) + LOAD_WORD_REV(t2, 8, %[key]) + LOAD_WORD_REV(t3, 12, %[key]) + LOAD_WORD_REV(a6, 16, %[key]) + LOAD_WORD_REV(a7, 20, %[key]) + LOAD_WORD_REV(s1, 24, %[key]) + LOAD_WORD_REV(s2, 28, %[key]) +#else + "ld t1, 0(%[key])\n\t" + "ld t3, 8(%[key])\n\t" + "ld a7, 16(%[key])\n\t" + "ld s2, 24(%[key])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + REV8(REG_A7, REG_A7) + REV8(REG_S2, REG_S2) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" + "srli a6, a7, 32\n\t" + "srli s1, s2, 32\n\t" +#endif + /* Store round 0 key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + "sw a6, 16(%[rk])\n\t" + "sw a7, 20(%[rk])\n\t" + "sw s1, 24(%[rk])\n\t" + "sw s2, 28(%[rk])\n\t" + + "li a4, 7\n\t" + "mv a5, x0\n\t" + "L_aes_set_key_c_32_loop:\n\t" + "addi %[rk], %[rk], 32\n\t" + /* Permute key. */ + AES_SUB_ROT_WORD_RCON(s2) + "xor t1, t1, t0\n\t" + "xor t2, t2, t1\n\t" + "xor t3, t3, t2\n\t" + /* Store half round key. */ + "sw t0, 0(%[rk])\n\t" + "sw t1, 4(%[rk])\n\t" + "sw t2, 8(%[rk])\n\t" + "sw t3, 12(%[rk])\n\t" + + "addi a5, a5, 4\n\t" + "addi a4, a4, -1\n\t" + "beqz a4, L_aes_set_key_c_32_done\n\t" + + AES_SUB_WORD(t3) + "xor a7, a7, a6\n\t" + "xor s1, s1, a7\n\t" + "xor s2, s2, s1\n\t" + /* Store second half round key. */ + "sw a6, 16(%[rk])\n\t" + "sw a7, 20(%[rk])\n\t" + "sw s1, 24(%[rk])\n\t" + "sw s2, 28(%[rk])\n\t" + + "beqz x0, L_aes_set_key_c_32_loop\n\t" + "L_aes_set_key_c_32_done:\n\t" + + : [rk] "+r" (rk) + : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5", + "a6", "a7", "s1", "s2" + ); + break; +#endif /* 256 */ + } + +#if defined(HAVE_AES_DECRYPT) + +#define INV_MIXCOL(rki) \ + "srli t5, " #rki ", 22\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te1]\n\t" \ + "lbu t5, (t5)\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[td]\n\t" \ + "lw t6, (t5)\n\t" \ + "srli t5, " #rki ", 14\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te1]\n\t" \ + "lbu t5, (t5)\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[td]\n\t" \ + "addi t5, t5, 0x400\n\t" \ + "lw t5, (t5)\n\t" \ + "xor t6, t6, t5\n\t" \ + "srli t5, " #rki ", 6\n\t" \ + "andi t5, t5, 0x3fc\n\t" \ + "add t5, t5, %[te1]\n\t" \ + "lbu t5, (t5)\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[td]\n\t" \ + "li t4, 0x800\n\t" \ + "add t5, t5, t4\n\t" \ + "lw t5, (t5)\n\t" \ + "xor t6, t6, t5\n\t" \ + "andi t5, " #rki ", 0xff\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[te1]\n\t" \ + "lbu t5, (t5)\n\t" \ + "slli t5, t5, 2\n\t" \ + "add t5, t5, %[td]\n\t" \ + "li t4, 0xc00\n\t" \ + "add t5, t5, t4\n\t" \ + "lw t5, (t5)\n\t" \ + "xor " #rki ", t6, t5\n\t" + + if (dir == AES_DECRYPTION) { + int r = aes->rounds; + rk = aes->key; + + __asm__ __volatile__ ( + /* Change key schedule for decryption. */ + "slli s1, %[r], 4\n\t" + "add s1, s1, %[rk]\n\t" + "srli %[r], %[r], 1\n\t" + "addi %[r], %[r], -1\n\t" + + /* Swap first two rounds. */ + "ld t0, 0(%[rk])\n\t" + "ld t1, 8(%[rk])\n\t" + "ld t2, 0(s1)\n\t" + "ld t3, 8(s1)\n\t" + "sd t0, 0(s1)\n\t" + "sd t1, 8(s1)\n\t" + "sd t2, 0(%[rk])\n\t" + "sd t3, 8(%[rk])\n\t" + + "L_aes_set_key_inv_mixcol_loop:\n\t" + "addi %[rk], %[rk], 16\n\t" + "addi s1, s1, -16\n\t" + + "lw t0, 0(%[rk])\n\t" + "lw t1, 4(%[rk])\n\t" + "lw t2, 8(%[rk])\n\t" + "lw t3, 12(%[rk])\n\t" + "lw a4, 0(s1)\n\t" + "lw a5, 4(s1)\n\t" + "lw a6, 8(s1)\n\t" + "lw a7, 12(s1)\n\t" + + INV_MIXCOL(t0) + INV_MIXCOL(t1) + INV_MIXCOL(t2) + INV_MIXCOL(t3) + INV_MIXCOL(a4) + INV_MIXCOL(a5) + INV_MIXCOL(a6) + INV_MIXCOL(a7) + + "sw t0, 0(s1)\n\t" + "sw t1, 4(s1)\n\t" + "sw t2, 8(s1)\n\t" + "sw t3, 12(s1)\n\t" + "sw a4, 0(%[rk])\n\t" + "sw a5, 4(%[rk])\n\t" + "sw a6, 8(%[rk])\n\t" + "sw a7, 12(%[rk])\n\t" + + "addi %[r], %[r], -1\n\t" + "bnez %[r], L_aes_set_key_inv_mixcol_loop\n\t" + + "lw t0, 16(%[rk])\n\t" + "lw t1, 20(%[rk])\n\t" + "lw t2, 24(%[rk])\n\t" + "lw t3, 28(%[rk])\n\t" + + INV_MIXCOL(t0) + INV_MIXCOL(t1) + INV_MIXCOL(t2) + INV_MIXCOL(t3) + + "sw t0, 16(%[rk])\n\t" + "sw t1, 20(%[rk])\n\t" + "sw t2, 24(%[rk])\n\t" + "sw t3, 28(%[rk])\n\t" + + : [rk] "+r" (rk), [r] "+r" (r) + : [td] "r" (Td), [te1] "r" (Te[1]) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5", + "a6", "a7", "s1" + ); + } +#endif /* HAVE_AES_DECRYPT */ +} + +/* Set the key and/or IV into the AES object. + * + * Creates the key schedule from the key. + * Uses Cryptographic instructions. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv Initialization Vector (IV) to use. May be NULL. + * @param [in] dir Direction of crypt: AES_ENCRYPT, AES_DECRYPT. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when keyLen/dir is not supported or valid. + */ +int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, + int dir) +{ + int ret = 0; + + /* Validate parameters. */ + if (aes == NULL) { + ret = BAD_FUNC_ARG; + } + /* Check key size is supported by AES object. */ + if ((ret == 0) && (keyLen > (word32)sizeof(aes->key))) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Check key length is supported. */ + switch (keyLen) { + #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 128) && \ + defined(WOLFSSL_AES_128) + case 16: + #endif + #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 192) && \ + defined(WOLFSSL_AES_192) + case 24: + #endif + #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 256) && \ + defined(WOLFSSL_AES_256) + case 32: + #endif + break; + default: + ret = BAD_FUNC_ARG; + } + } +#ifndef HAVE_AES_DECRYPT + if ((ret == 0) && (dir == AES_DECRYPTION)) { + ret = BAD_FUNC_ARG; + } +#endif + + if (ret == 0) { + /* Initialize fields. */ + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_OFB) + aes->left = 0; + #endif + aes->keylen = (int)keyLen; + aes->rounds = (keyLen / 4) + 6; + + /* Compute the key schedule. */ + AesSetKey_C(aes, key, keyLen, dir); + + /* Set the IV. */ + ret = wc_AesSetIV(aes, iv); + } + + return ret; +} + +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +/* Encrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to encrypt. + * @param [out] out Encrypted block. + */ +static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out) +{ +/* A round of encryption from set 2 to 1 registers. */ +#define ENC_ROUND_T_S_ASM(o) \ + "srliw t0, a4, 24\n\t" \ + "srliw t1, a5, 24\n\t" \ + "srliw t2, a6, 24\n\t" \ + "srliw t3, a7, 24\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, %[te]\n\t" \ + "add t1, t1, %[te]\n\t" \ + "add t2, t2, %[te]\n\t" \ + "add t3, t3, %[te]\n\t" \ + "lw t5, (t0)\n\t" \ + "lw t6, (t1)\n\t" \ + "lw s1, (t2)\n\t" \ + "lw s2, (t3)\n\t" \ + \ + "addi t4, %[te], 0x400\n\t" \ + "srliw t0, a5, 14\n\t" \ + "srliw t1, a6, 14\n\t" \ + "srliw t2, a7, 14\n\t" \ + "srliw t3, a4, 14\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "srliw t0, a6, 6\n\t" \ + "srliw t1, a7, 6\n\t" \ + "srliw t2, a4, 6\n\t" \ + "srliw t3, a5, 6\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "andi t0, a7, 0xff\n\t" \ + "andi t1, a4, 0xff\n\t" \ + "andi t2, a5, 0xff\n\t" \ + "andi t3, a6, 0xff\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "lw t0, " #o "(%[rk])\n\t" \ + "lw t1, " #o "+4(%[rk])\n\t" \ + "lw t2, " #o "+8(%[rk])\n\t" \ + "lw t3, " #o "+12(%[rk])\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" + +/* A round of encryption from set 1 to 2 registers. */ +#define ENC_ROUND_S_T_ASM(o) \ + "srliw t0, t5, 24\n\t" \ + "srliw t1, t6, 24\n\t" \ + "srliw t2, s1, 24\n\t" \ + "srliw t3, s2, 24\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, %[te]\n\t" \ + "add t1, t1, %[te]\n\t" \ + "add t2, t2, %[te]\n\t" \ + "add t3, t3, %[te]\n\t" \ + "lw a4, (t0)\n\t" \ + "lw a5, (t1)\n\t" \ + "lw a6, (t2)\n\t" \ + "lw a7, (t3)\n\t" \ + \ + "addi t4, %[te], 0x400\n\t" \ + "srliw t0, t6, 14\n\t" \ + "srliw t1, s1, 14\n\t" \ + "srliw t2, s2, 14\n\t" \ + "srliw t3, t5, 14\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "srliw t0, s1, 6\n\t" \ + "srliw t1, s2, 6\n\t" \ + "srliw t2, t5, 6\n\t" \ + "srliw t3, t6, 6\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "andi t0, s2, 0xff\n\t" \ + "andi t1, t5, 0xff\n\t" \ + "andi t2, t6, 0xff\n\t" \ + "andi t3, s1, 0xff\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "lw t0, " #o "(%[rk])\n\t" \ + "lw t1, " #o "+4(%[rk])\n\t" \ + "lw t2, " #o "+8(%[rk])\n\t" \ + "lw t3, " #o "+12(%[rk])\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" + + __asm__ __volatile__ ( +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* Load 4 32-bit words in reverse byte order. */ + LOAD_WORD_REV(t0, 0, %[in]) + LOAD_WORD_REV(t1, 4, %[in]) + LOAD_WORD_REV(t2, 8, %[in]) + LOAD_WORD_REV(t3, 12, %[in]) +#else + "ld t1, 0(%[in])\n\t" + "ld t3, 8(%[in])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" +#endif + "lw a4, 0(%[rk])\n\t" + "lw a5, 4(%[rk])\n\t" + "lw a6, 8(%[rk])\n\t" + "lw a7, 12(%[rk])\n\t" + /* AddRoundKey */ + "xor a4, t0, a4\n\t" + "xor a5, t1, a5\n\t" + "xor a6, t2, a6\n\t" + "xor a7, t3, a7\n\t" + + ENC_ROUND_T_S_ASM(16) + ENC_ROUND_S_T_ASM(32) + ENC_ROUND_T_S_ASM(48) + ENC_ROUND_S_T_ASM(64) + ENC_ROUND_T_S_ASM(80) + ENC_ROUND_S_T_ASM(96) + ENC_ROUND_T_S_ASM(112) + ENC_ROUND_S_T_ASM(128) + ENC_ROUND_T_S_ASM(144) + + "li t4, 5\n\t" + "ble %[r], t4, L_aes_encrypt_done\n\t" + ENC_ROUND_S_T_ASM(160) + ENC_ROUND_T_S_ASM(176) + + "li t4, 6\n\t" + "ble %[r], t4, L_aes_encrypt_done\n\t" + ENC_ROUND_S_T_ASM(192) + ENC_ROUND_T_S_ASM(208) + "L_aes_encrypt_done:\n\t" + + /* Last round. */ + "srliw t0, s1, 6\n\t" + "srliw t1, s2, 6\n\t" + "srliw t2, t5, 6\n\t" + "srliw t3, t6, 6\n\t" + "andi t0, t0, 0x3fc\n\t" + "andi t1, t1, 0x3fc\n\t" + "andi t2, t2, 0x3fc\n\t" + "andi t3, t3, 0x3fc\n\t" + "add t0, t0, %[te]\n\t" + "add t1, t1, %[te]\n\t" + "add t2, t2, %[te]\n\t" + "add t3, t3, %[te]\n\t" + "lw a4, (t0)\n\t" + "lw a5, (t1)\n\t" + "lw a6, (t2)\n\t" + "lw a7, (t3)\n\t" + "li t4, 0x0000ff00\n\t" + "and a4, a4, t4\n\t" + "and a5, a5, t4\n\t" + "and a6, a6, t4\n\t" + "and a7, a7, t4\n\t" + + "addi t4, %[te], 0x400\n\t" + "andi t0, s2, 0xff\n\t" + "andi t1, t5, 0xff\n\t" + "andi t2, t6, 0xff\n\t" + "andi t3, s1, 0xff\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "slli t2, t2, 2\n\t" + "slli t3, t3, 2\n\t" + "add t0, t0, t4\n\t" + "add t1, t1, t4\n\t" + "add t2, t2, t4\n\t" + "add t3, t3, t4\n\t" + "lbu t0, (t0)\n\t" + "lbu t1, (t1)\n\t" + "lbu t2, (t2)\n\t" + "lbu t3, (t3)\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "addi t4, t4, 0x400\n\t" + "srliw t0, t5, 24\n\t" + "srliw t1, t6, 24\n\t" + "srliw t2, s1, 24\n\t" + "srliw t3, s2, 24\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "slli t2, t2, 2\n\t" + "slli t3, t3, 2\n\t" + "add t0, t0, t4\n\t" + "add t1, t1, t4\n\t" + "add t2, t2, t4\n\t" + "add t3, t3, t4\n\t" + "lw t0, (t0)\n\t" + "lw t1, (t1)\n\t" + "lw t2, (t2)\n\t" + "lw t3, (t3)\n\t" + "li t4, 0xff000000\n\t" + "and t0, t0, t4\n\t" + "and t1, t1, t4\n\t" + "and t2, t2, t4\n\t" + "and t3, t3, t4\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "li t4, 0xc00\n\t" + "add t4, %[te], t4\n\t" + "srliw t0, t6, 14\n\t" + "srliw t1, s1, 14\n\t" + "srliw t2, s2, 14\n\t" + "srliw t3, t5, 14\n\t" + "andi t0, t0, 0x3fc\n\t" + "andi t1, t1, 0x3fc\n\t" + "andi t2, t2, 0x3fc\n\t" + "andi t3, t3, 0x3fc\n\t" + "add t0, t0, t4\n\t" + "add t1, t1, t4\n\t" + "add t2, t2, t4\n\t" + "add t3, t3, t4\n\t" + "lw t0, (t0)\n\t" + "lw t1, (t1)\n\t" + "lw t2, (t2)\n\t" + "lw t3, (t3)\n\t" + "li t4, 0x00ff0000\n\t" + "and t0, t0, t4\n\t" + "and t1, t1, t4\n\t" + "and t2, t2, t4\n\t" + "and t3, t3, t4\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "slli t4, %[r], 5\n\t" + "add t4, %[rk], t4\n\t" + "lw t0, 0(t4)\n\t" + "lw t1, 4(t4)\n\t" + "lw t2, 8(t4)\n\t" + "lw t3, 12(t4)\n\t" + "xor a4, a4, t0\n\t" + "xor a5, a5, t1\n\t" + "xor a6, a6, t2\n\t" + "xor a7, a7, t3\n\t" + + /* Reverse byte in 32-bit words. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + STORE_WORD_REV(a4, 0, %[out]) + STORE_WORD_REV(a5, 4, %[out]) + STORE_WORD_REV(a6, 8, %[out]) + STORE_WORD_REV(a7, 12, %[out]) +#elif !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + "slli t0, a4, 32\n\t" + "slli t1, a5, 32\n\t" + "slli t2, a6, 32\n\t" + "slli t3, a7, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t3, t3, 32\n\t" + "or t1, t1, t0\n\t" + "or t3, t3, t2\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + /* Write encrypted block to output. */ + "sd t1, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" +#else + PACK(REG_T1, REG_A5, REG_A4) + PACK(REG_T3, REG_A7, REG_A6) + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + /* Write encrypted block to output. */ + "sd t1, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" +#endif + + : + : [in] "r" (in), [rk] "r" (aes->key), [te] "r" (Te), + [r] "r" (aes->rounds >> 1), [out] "r" (out) + : "memory", "t0", "t1", "t2", "t3", "t4", + "a4", "a5", "a6", "a7", + "t5", "t6", "s1", "s2" + ); +} +#endif /* WOLFSSL_AES_DIRECT || HAVE_AES_CBC || HAVE_AESGCM || HAVE_AESCCM */ + +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) +#ifdef HAVE_AES_DECRYPT +/* AES byte decryption table. */ +static const FLASH_QUALIFIER byte Td4[256] = +{ + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, +}; + +/* Decrypt a block using AES. + * + * @param [in] aes AES object. + * @param [in] in Block to decrypt. + * @param [out] out Decrypted block. + */ +static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out) +{ +/* A round of decryption from set 2 to 1 registers. */ +#define DEC_ROUND_T_S_ASM(o) \ + "srliw t0, a4, 24\n\t" \ + "srliw t1, a5, 24\n\t" \ + "srliw t2, a6, 24\n\t" \ + "srliw t3, a7, 24\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, %[td]\n\t" \ + "add t1, t1, %[td]\n\t" \ + "add t2, t2, %[td]\n\t" \ + "add t3, t3, %[td]\n\t" \ + "lw t5, (t0)\n\t" \ + "lw t6, (t1)\n\t" \ + "lw s1, (t2)\n\t" \ + "lw s2, (t3)\n\t" \ + \ + "addi t4, %[td], 0x400\n\t" \ + "srliw t0, a7, 14\n\t" \ + "srliw t1, a4, 14\n\t" \ + "srliw t2, a5, 14\n\t" \ + "srliw t3, a6, 14\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "srliw t0, a6, 6\n\t" \ + "srliw t1, a7, 6\n\t" \ + "srliw t2, a4, 6\n\t" \ + "srliw t3, a5, 6\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "andi t0, a5, 0xff\n\t" \ + "andi t1, a6, 0xff\n\t" \ + "andi t2, a7, 0xff\n\t" \ + "andi t3, a4, 0xff\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" \ + \ + "lw t0, " #o "(%[rk])\n\t" \ + "lw t1, " #o "+4(%[rk])\n\t" \ + "lw t2, " #o "+8(%[rk])\n\t" \ + "lw t3, " #o "+12(%[rk])\n\t" \ + "xor t5, t5, t0\n\t" \ + "xor t6, t6, t1\n\t" \ + "xor s1, s1, t2\n\t" \ + "xor s2, s2, t3\n\t" + +/* A round of decryption from set 1 to 2 registers. */ +#define DEC_ROUND_S_T_ASM(o) \ + "srliw t0, t5, 24\n\t" \ + "srliw t1, t6, 24\n\t" \ + "srliw t2, s1, 24\n\t" \ + "srliw t3, s2, 24\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, %[td]\n\t" \ + "add t1, t1, %[td]\n\t" \ + "add t2, t2, %[td]\n\t" \ + "add t3, t3, %[td]\n\t" \ + "lw a4, (t0)\n\t" \ + "lw a5, (t1)\n\t" \ + "lw a6, (t2)\n\t" \ + "lw a7, (t3)\n\t" \ + \ + "addi t4, %[td], 0x400\n\t" \ + "srliw t0, s2, 14\n\t" \ + "srliw t1, t5, 14\n\t" \ + "srliw t2, t6, 14\n\t" \ + "srliw t3, s1, 14\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "srliw t0, s1, 6\n\t" \ + "srliw t1, s2, 6\n\t" \ + "srliw t2, t5, 6\n\t" \ + "srliw t3, t6, 6\n\t" \ + "andi t0, t0, 0x3fc\n\t" \ + "andi t1, t1, 0x3fc\n\t" \ + "andi t2, t2, 0x3fc\n\t" \ + "andi t3, t3, 0x3fc\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "addi t4, t4, 0x400\n\t" \ + "andi t0, t6, 0xff\n\t" \ + "andi t1, s1, 0xff\n\t" \ + "andi t2, s2, 0xff\n\t" \ + "andi t3, t5, 0xff\n\t" \ + "slliw t0, t0, 2\n\t" \ + "slliw t1, t1, 2\n\t" \ + "slliw t2, t2, 2\n\t" \ + "slliw t3, t3, 2\n\t" \ + "add t0, t0, t4\n\t" \ + "add t1, t1, t4\n\t" \ + "add t2, t2, t4\n\t" \ + "add t3, t3, t4\n\t" \ + "lw t0, (t0)\n\t" \ + "lw t1, (t1)\n\t" \ + "lw t2, (t2)\n\t" \ + "lw t3, (t3)\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" \ + \ + "lw t0, " #o "(%[rk])\n\t" \ + "lw t1, " #o "+4(%[rk])\n\t" \ + "lw t2, " #o "+8(%[rk])\n\t" \ + "lw t3, " #o "+12(%[rk])\n\t" \ + "xor a4, a4, t0\n\t" \ + "xor a5, a5, t1\n\t" \ + "xor a6, a6, t2\n\t" \ + "xor a7, a7, t3\n\t" + + __asm__ __volatile__ ( +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* Load 4 32-bit words in reverse byte order. */ + LOAD_WORD_REV(t0, 0, %[in]) + LOAD_WORD_REV(t1, 4, %[in]) + LOAD_WORD_REV(t2, 8, %[in]) + LOAD_WORD_REV(t3, 12, %[in]) +#else + "ld t1, 0(%[in])\n\t" + "ld t3, 8(%[in])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" +#endif + "lw a4, 0(%[rk])\n\t" + "lw a5, 4(%[rk])\n\t" + "lw a6, 8(%[rk])\n\t" + "lw a7, 12(%[rk])\n\t" + /* AddRoundKey */ + "xor a4, t0, a4\n\t" + "xor a5, t1, a5\n\t" + "xor a6, t2, a6\n\t" + "xor a7, t3, a7\n\t" + + DEC_ROUND_T_S_ASM(16) + DEC_ROUND_S_T_ASM(32) + DEC_ROUND_T_S_ASM(48) + DEC_ROUND_S_T_ASM(64) + DEC_ROUND_T_S_ASM(80) + DEC_ROUND_S_T_ASM(96) + DEC_ROUND_T_S_ASM(112) + DEC_ROUND_S_T_ASM(128) + DEC_ROUND_T_S_ASM(144) + + "li t4, 5\n\t" + "ble %[r], t4, L_aes_decrypt_done\n\t" + DEC_ROUND_S_T_ASM(160) + DEC_ROUND_T_S_ASM(176) + + "li t4, 6\n\t" + "ble %[r], t4, L_aes_decrypt_done\n\t" + DEC_ROUND_S_T_ASM(192) + DEC_ROUND_T_S_ASM(208) + "L_aes_decrypt_done:\n\t" + + /* Last round. */ + "srliw t0, t5, 24\n\t" + "srliw t1, t6, 24\n\t" + "srliw t2, s1, 24\n\t" + "srliw t3, s2, 24\n\t" + "add t0, t0, %[td4]\n\t" + "add t1, t1, %[td4]\n\t" + "add t2, t2, %[td4]\n\t" + "add t3, t3, %[td4]\n\t" + "lbu a4, (t0)\n\t" + "lbu a5, (t1)\n\t" + "lbu a6, (t2)\n\t" + "lbu a7, (t3)\n\t" + "slli a4, a4, 24\n\t" + "slli a5, a5, 24\n\t" + "slli a6, a6, 24\n\t" + "slli a7, a7, 24\n\t" + + "srliw t0, s2, 16\n\t" + "srliw t1, t5, 16\n\t" + "srliw t2, t6, 16\n\t" + "srliw t3, s1, 16\n\t" + "andi t0, t0, 0xff\n\t" + "andi t1, t1, 0xff\n\t" + "andi t2, t2, 0xff\n\t" + "andi t3, t3, 0xff\n\t" + "add t0, t0, %[td4]\n\t" + "add t1, t1, %[td4]\n\t" + "add t2, t2, %[td4]\n\t" + "add t3, t3, %[td4]\n\t" + "lbu t0, (t0)\n\t" + "lbu t1, (t1)\n\t" + "lbu t2, (t2)\n\t" + "lbu t3, (t3)\n\t" + "slli t0, t0, 16\n\t" + "slli t1, t1, 16\n\t" + "slli t2, t2, 16\n\t" + "slli t3, t3, 16\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "srliw t0, s1, 8\n\t" + "srliw t1, s2, 8\n\t" + "srliw t2, t5, 8\n\t" + "srliw t3, t6, 8\n\t" + "andi t0, t0, 0xff\n\t" + "andi t1, t1, 0xff\n\t" + "andi t2, t2, 0xff\n\t" + "andi t3, t3, 0xff\n\t" + "add t0, t0, %[td4]\n\t" + "add t1, t1, %[td4]\n\t" + "add t2, t2, %[td4]\n\t" + "add t3, t3, %[td4]\n\t" + "lbu t0, (t0)\n\t" + "lbu t1, (t1)\n\t" + "lbu t2, (t2)\n\t" + "lbu t3, (t3)\n\t" + "slli t0, t0, 8\n\t" + "slli t1, t1, 8\n\t" + "slli t2, t2, 8\n\t" + "slli t3, t3, 8\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "andi t0, t6, 0xff\n\t" + "andi t1, s1, 0xff\n\t" + "andi t2, s2, 0xff\n\t" + "andi t3, t5, 0xff\n\t" + "add t0, t0, %[td4]\n\t" + "add t1, t1, %[td4]\n\t" + "add t2, t2, %[td4]\n\t" + "add t3, t3, %[td4]\n\t" + "lbu t0, (t0)\n\t" + "lbu t1, (t1)\n\t" + "lbu t2, (t2)\n\t" + "lbu t3, (t3)\n\t" + "or a4, a4, t0\n\t" + "or a5, a5, t1\n\t" + "or a6, a6, t2\n\t" + "or a7, a7, t3\n\t" + + "slli t4, %[r], 5\n\t" + "add t4, %[rk], t4\n\t" + "lw t0, 0(t4)\n\t" + "lw t1, 4(t4)\n\t" + "lw t2, 8(t4)\n\t" + "lw t3, 12(t4)\n\t" + "xor a4, a4, t0\n\t" + "xor a5, a5, t1\n\t" + "xor a6, a6, t2\n\t" + "xor a7, a7, t3\n\t" + + /* Reverse byte in 32-bit words. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + STORE_WORD_REV(a4, 0, %[out]) + STORE_WORD_REV(a5, 4, %[out]) + STORE_WORD_REV(a6, 8, %[out]) + STORE_WORD_REV(a7, 12, %[out]) +#elif !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + "slli t0, a4, 32\n\t" + "slli t1, a5, 32\n\t" + "slli t2, a6, 32\n\t" + "slli t3, a7, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t3, t3, 32\n\t" + "or t1, t1, t0\n\t" + "or t3, t3, t2\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + /* Write encrypted block to output. */ + "sd t1, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" +#else + PACK(REG_T1, REG_A5, REG_A4) + PACK(REG_T3, REG_A7, REG_A6) + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + /* Write encrypted block to output. */ + "sd t1, 0(%[out])\n\t" + "sd t3, 8(%[out])\n\t" +#endif + + : + : [in] "r" (in), [rk] "r" (aes->key), [td] "r" (Td), + [r] "r" (aes->rounds >> 1), [out] "r" (out), [td4] "r" (Td4) + : "memory", "t0", "t1", "t2", "t3", "t4", + "a4", "a5", "a6", "a7", + "t5", "t6", "s1", "s2" + ); +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_DIRECT || HAVE_AES_CBC */ + +#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */ + +/* AES-CBC */ +#if (defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC)) || \ + (defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_AES_COUNTER_ENC)) || \ + (defined(HAVE_AESGCM) && !defined(WOLFSSL_RISCV_VECTOR_GCM)) || \ + defined(HAVE_AESCCM) +/* XOR two 16-byte values, out and in, into out. + * + * @param [in, out] out 16-byte value. + * @param [in] in 16-byte value. + */ +static WC_INLINE void xorbuf16(byte* out, const byte* in) +{ + word64* out64 = (word64*)out; + word64* in64 = (word64*)in; + + out64[0] ^= in64[0]; + out64[1] ^= in64[1]; +} +#endif + +#if (defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC)) || \ + (defined(HAVE_AESGCM) && (!defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) || \ + !defined(WOLFSSL_RISCV_VECTOR_GCM))) +/* XOR two 16-byte values into out. + * + * @param [out] out 16-byte value. + * @param [in] a 16-byte value. + * @param [in] b 16-byte value. + */ +static WC_INLINE void xorbufout16(byte* out, const byte* a, const byte* b) +{ + word64* out64 = (word64*)out; + word64* a64 = (word64*)a; + word64* b64 = (word64*)b; + + out64[0] = a64[0] ^ b64[0]; + out64[1] = a64[1] ^ b64[1]; +} +#endif + +#if defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC) +/* Encrypt blocks of data using AES-CBC. + * + * Implementation using wc_AesEncrypt(). + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param pin] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + /* Ensure a multiple of blocks is to be encrypted. */ + if ((ret == 0) && (sz % AES_BLOCK_SIZE)) { + ret = BAD_LENGTH_E; + } +#endif + + if ((ret == 0) && (blocks > 0)) { + if (in != out) { + /* Encrypt first block with IV. */ + xorbufout16(out, (byte*)aes->reg, in); + wc_AesEncrypt(aes, out, out); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + for (blocks--; blocks > 0; blocks--) { + /* Encrypt a block with previous output block as IV. */ + xorbufout16(out, out - AES_BLOCK_SIZE, in); + wc_AesEncrypt(aes, out, out); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + /* Copy last output block into AES object as next IV. */ + memcpy16((byte*)aes->reg, out - AES_BLOCK_SIZE); + } + /* in and out are same buffer. */ + else { + byte* data = out; + /* Encrypt first block with IV. */ + xorbuf16(data, (byte*)aes->reg); + wc_AesEncrypt(aes, data, data); + data += AES_BLOCK_SIZE; + for (blocks--; blocks > 0; blocks--) { + /* Encrypt a block with previous output block as IV. */ + xorbuf16(data, data - AES_BLOCK_SIZE); + wc_AesEncrypt(aes, data, data); + data += AES_BLOCK_SIZE; + } + /* Copy last output block into AES object as next IV. */ + memcpy16((byte*)aes->reg, data - AES_BLOCK_SIZE); + } + } + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt blocks of data using AES-CBC. + * + * Implementation using wc_AesDecrypt(). + * + * @param [in] aes AES object. + * @param [out] out Decrypted blocks. + * @param [in] in Blocks to decrypt. + * @param pin] sz Number of bytes to decrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_FUNC_ARG when sz is not a multiple of AES_BLOCK_SIZE. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Ensure a multiple of blocks is being decrypted. */ + if ((ret == 0) && (sz % AES_BLOCK_SIZE)) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ret = BAD_LENGTH_E; +#else + ret = BAD_FUNC_ARG; +#endif + } + + if ((ret == 0) && (blocks > 0)) { + if (in != out) { + /* Decrypt first block with the IV. */ + wc_AesDecrypt(aes, in, out); + xorbuf16(out, (byte*)aes->reg); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + for (blocks--; blocks > 0; blocks--) { + /* Decrypt a block with previous input block as IV. */ + wc_AesDecrypt(aes, in, out); + xorbuf16(out, in - AES_BLOCK_SIZE); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + /* Copy last output block into AES object as next IV. */ + memcpy16((byte*)aes->reg, in - AES_BLOCK_SIZE); + } + /* in and out are same buffer. */ + else { + byte* data = out; + for (; blocks > 0; blocks -= 2) { + /* Decrypt block with the IV in aes->reg. */ + memcpy16((byte*)aes->tmp, data); + wc_AesDecrypt(aes, data, data); + xorbuf16(data, (byte*)aes->reg); + if (blocks == 1) { + memcpy16((byte*)aes->reg, (byte*)aes->tmp); + break; + } + data += AES_BLOCK_SIZE; + /* Decrypt block with the IV in aes->tmp. */ + memcpy16((byte*)aes->reg, data); + wc_AesDecrypt(aes, data, data); + xorbuf16(data, (byte*)aes->tmp); + data += AES_BLOCK_SIZE; + } + } + } + + return ret; +} +#endif +#endif + +/* AES-ECB */ +#ifdef HAVE_AES_ECB +/* Encrypt blocks of data using AES-ECB. + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param pin] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Ensure a multiple of blocks is to be encrypted. */ + if ((ret == 0) && ((sz % AES_BLOCK_SIZE) != 0)) { + ret = BAD_LENGTH_E; + } + + if (ret == 0) { + /* Encrypt block by block. */ + while (sz > 0) { + wc_AesEncrypt(aes, in, out); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + } + } + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt blocks of data using AES-ECB. + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param pin] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE. + */ +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Ensure a multiple of blocks is to be decrypted. */ + if ((ret == 0) && ((sz % AES_BLOCK_SIZE) != 0)) { + ret = BAD_LENGTH_E; + } + + if (ret == 0) { + /* Decrypt block by block. */ + while (sz > 0) { + wc_AesDecrypt(aes, in, out); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + } + } + + return ret; +} +#endif +#endif /* HAVE_AES_ECB */ + +/* AES-CTR */ +#if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_AES_COUNTER_ENC) +/* Increment AES counter. + * + * Big-endian byte ordering. + * + * @param [in, out] inOutCtr Counter value to be incremented. + */ +static WC_INLINE void IncrementAesCounter(byte* inOutCtr) +{ + int i; + + /* Big-endian aray - start at last element and move back. */ + for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { + /* Result not zero means no carry. */ + if ((++inOutCtr[i]) != 0) { + return; + } + } +} + +/* Encrypt blocks of data using AES-CTR. + * + * Implemenation uses wc_AesEncrypt(). + * + * @param [in] aes AES object. + * @param [out] out Encrypted blocks. + * @param [in] in Blocks to encrypt. + * @param [in] sz Number of bytes to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out or in is NULL. + * @return BAD_FUNC_ARG when key size in AES object is not supported. + */ +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + byte scratch[AES_BLOCK_SIZE]; + word32 processed; + int ret = 0; + + /* Validate parameters. */ + if (aes == NULL || out == NULL || in == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Check key size is supported. */ + switch(aes->rounds) { + #ifdef WOLFSSL_AES_128 + case 10: /* AES 128 BLOCK */ + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + case 12: /* AES 192 BLOCK */ + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + case 14: /* AES 256 BLOCK */ + #endif /* WOLFSSL_AES_256 */ + break; + default: + WOLFSSL_MSG("Bad AES-CTR round value"); + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { + /* Use up any unused bytes left in aes->tmp */ + processed = min(aes->left, sz); + if (processed > 0) { + /* XOR in encrypted counter. */ + xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, + processed); + out += processed; + in += processed; + aes->left -= processed; + sz -= processed; + } + + /* Do whole blocks of data. */ + while (sz >= AES_BLOCK_SIZE) { + wc_AesEncrypt(aes, (byte*)aes->reg, scratch); + xorbuf16(scratch, in); + memcpy16(out, scratch); + IncrementAesCounter((byte*)aes->reg); + + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + aes->left = 0; + } + ForceZero(scratch, AES_BLOCK_SIZE); + + if (sz > 0) { + /* Encrypt counter and store in aes->tmp. + * Use up aes->tmp to encrypt data less than a block. + */ + wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); + IncrementAesCounter((byte*)aes->reg); + aes->left = AES_BLOCK_SIZE - sz; + /* XOR in encrypted counter. */ + xorbufout(out, in, aes->tmp, sz); + } + } + + return ret; +} + +#endif /* WOLFSSL_AES_COUNTER */ + +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +/* Set AES key directly. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv Initialization Vector (IV) to use. May be NULL. + * @param [in] dir Direction of crypt: AES_ENCRYPT, AES_DECRYPT. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when keyLen/dir is not supported or valid. + */ +int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 keyLen, const byte* iv, + int dir) +{ + return wc_AesSetKey(aes, key, keyLen, iv, dir); +} +#endif + +/* Set the IV. + * + * @param [in] aes AES object. + * @param [in] iv Initialization Vector (IV) to set. + * When NULL, an IV of all zeros is set. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL. + */ +int wc_AesSetIV(Aes* aes, const byte* iv) +{ + int ret = 0; + + if (aes == NULL) { + ret = BAD_FUNC_ARG; + } + else if (iv != NULL) { + memcpy16((byte*)aes->reg, iv); + } + else { + XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); + } + + return ret; +} + +/* AES-DIRECT */ +#ifdef WOLFSSL_AES_DIRECT +/* Direct encryption of a block. + * + * @param [in] aes AES object. + * @param [out] out Encrypted block. + * @param [in] in Block to encrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out, or in is NULL. + */ +int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) +{ + int ret = 0; + + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + WOLFSSL_MSG("Invalid input to wc_AesEncryptDirect"); + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + wc_AesEncrypt(aes, in, out); + } + + return ret; +} +#ifdef HAVE_AES_DECRYPT +/* Direct decryption of a block. + * + * @param [in] aes AES object. + * @param [out] out Decrypted block. + * @param [in] in Block to decrypt. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, out, or in is NULL. + */ +int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) +{ + int ret = 0; + + if ((aes == NULL) || (out == NULL) || (in == NULL)) { + WOLFSSL_MSG("Invalid input to wc_AesDecryptDirect"); + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + wc_AesDecrypt(aes, in, out); + } + + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef WOLFSSL_AES_COUNTER + +/* Set the key for AES-CTR. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv Initialization Vector (IV) to use. May be NULL. + * @param [in] dir Direction of crypt: AES_ENCRYPT, AES_DECRYPT. + * For CTR mode, underlying key is always for encryption. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when keyLen is not supported or valid. + */ +int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, + int dir) +{ + (void)dir; + return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); +} + +#endif /* WOLFSSL_AES_COUNTER */ + +#ifdef HAVE_AESGCM + +#if !defined(WOLFSSL_RISCV_VECTOR_GCM) && \ + !defined(WOLFSSL_RISCV_VECTOR_CARRYLESS) && \ + !defined(WOLFSSL_RISCV_CARRYLESS) +/* Shift x in GF2 + * + * @param [in, out] x 128-bit value to shift. + */ +static WC_INLINE void RIGHTSHIFTX(byte* x) +{ + int i; + int carryIn = 0; + byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1; + + for (i = 0; i < AES_BLOCK_SIZE; i++) { + int carryOut = (x[i] & 0x01) << 7; + x[i] = (byte) ((x[i] >> 1) | carryIn); + carryIn = carryOut; + } + x[0] ^= borrow; +} + +/* Shift right by 4 a big-endian value in little-endian. + * + * @param [out] r8 Result of shift. + * @param [in] z8 128-bit value to shift. + */ +static WC_INLINE void Shift4_M0(byte *r8, byte *z8) +{ + int i; + for (i = 15; i > 0; i--) + r8[i] = (byte)(z8[i-1] << 4) | (byte)(z8[i] >> 4); + r8[0] = (byte)(z8[0] >> 4); +} + +/* Generate 4-bit table. + * + * @param [in, out] gcm GCM object. + */ +void GenerateM0(Gcm* gcm) +{ + int i; + byte (*m)[AES_BLOCK_SIZE] = gcm->M0; + + /* 0 times -> 0x0 */ + XMEMSET(m[0x0], 0, AES_BLOCK_SIZE); + /* 1 times -> 0x8 */ + memcpy16(m[0x8], gcm->H); + /* 2 times -> 0x4 */ + memcpy16(m[0x4], m[0x8]); + RIGHTSHIFTX(m[0x4]); + /* 4 times -> 0x2 */ + memcpy16(m[0x2], m[0x4]); + RIGHTSHIFTX(m[0x2]); + /* 8 times -> 0x1 */ + memcpy16(m[0x1], m[0x2]); + RIGHTSHIFTX(m[0x1]); + + /* 0x3 */ + memcpy16(m[0x3], m[0x2]); + xorbuf16(m[0x3], m[0x1]); + + /* 0x5 -> 0x7 */ + memcpy16(m[0x5], m[0x4]); + xorbuf16(m[0x5], m[0x1]); + memcpy16(m[0x6], m[0x4]); + xorbuf16(m[0x6], m[0x2]); + memcpy16(m[0x7], m[0x4]); + xorbuf16(m[0x7], m[0x3]); + + /* 0x9 -> 0xf */ + memcpy16(m[0x9], m[0x8]); + xorbuf16(m[0x9], m[0x1]); + memcpy16(m[0xa], m[0x8]); + xorbuf16(m[0xa], m[0x2]); + memcpy16(m[0xb], m[0x8]); + xorbuf16(m[0xb], m[0x3]); + memcpy16(m[0xc], m[0x8]); + xorbuf16(m[0xc], m[0x4]); + memcpy16(m[0xd], m[0x8]); + xorbuf16(m[0xd], m[0x5]); + memcpy16(m[0xe], m[0x8]); + xorbuf16(m[0xe], m[0x6]); + memcpy16(m[0xf], m[0x8]); + xorbuf16(m[0xf], m[0x7]); + + for (i = 0; i < 16; i++) { + Shift4_M0(m[16+i], m[i]); + } +} +#endif + +/* Setup the AES-GCM operation with the key. + * + * @param [in] aes AES object. + * @param [in] key Secret key to use. + * @param [in] ken Length of key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes or key is NULL. + * @return BAD_FUNC_ARG when the key length is not supported. + */ +int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) +{ + int ret = 0; + byte iv[AES_BLOCK_SIZE]; + + if (aes == NULL) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (len != 16) && (len != 24) && (len != 32)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + XMEMSET(iv, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); + } + if (ret == 0) { + wc_AesEncrypt(aes, (byte*)aes->reg, aes->gcm.H); +#ifdef WOLFSSL_RISCV_VECTOR_GCM + /* Vector crypto instructions do bit reversal. */ +#elif defined(WOLFSSL_RISCV_VECTOR_CARRYLESS) + /* Vector crypto instructions do bit reversal. */ +#elif defined(WOLFSSL_RISCV_CARRYLESS) + /* Reverse bits in aes->gcm.H. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + __asm__ __volatile__ ( + "ld t0, 0(%[data])\n\t" + "ld t1, 8(%[data])\n\t" + BREV8(REG_T0, REG_T0) + BREV8(REG_T1, REG_T1) + "sd t0, 0(%[data])\n\t" + "sd t1, 8(%[data])\n\t" + : + : [data] "r" (aes->gcm.H) + : "memory", "t0", "t1" + ); +#else + __asm__ __volatile__ ( + "ld t0, 0(%[data])\n\t" + "ld t1, 8(%[data])\n\t" + + /* Swap odd-even bits. */ + "li t4, 0x5555555555555555\n\t" + "srli t2, t0, 1\n\t" + "srli t3, t1, 1\n\t" + "and t0, t0, t4\n\t" + "and t1, t1, t4\n\t" + "and t2, t2, t4\n\t" + "and t3, t3, t4\n\t" + "slli t0, t0, 1\n\t" + "slli t1, t1, 1\n\t" + "or t0, t0, t2\n\t" + "or t1, t1, t3\n\t" + /* Swap pairs. */ + "li t4, 0x3333333333333333\n\t" + "srli t2, t0, 2\n\t" + "srli t3, t1, 2\n\t" + "and t0, t0, t4\n\t" + "and t1, t1, t4\n\t" + "and t2, t2, t4\n\t" + "and t3, t3, t4\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "or t0, t0, t2\n\t" + "or t1, t1, t3\n\t" + /* Swap nibbles. */ + "li t4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli t2, t0, 4\n\t" + "srli t3, t1, 4\n\t" + "and t0, t0, t4\n\t" + "and t1, t1, t4\n\t" + "and t2, t2, t4\n\t" + "and t3, t3, t4\n\t" + "slli t0, t0, 4\n\t" + "slli t1, t1, 4\n\t" + "or t0, t0, t2\n\t" + "or t1, t1, t3\n\t" + + "sd t0, 0(%[data])\n\t" + "sd t1, 8(%[data])\n\t" + : + : [data] "r" (aes->gcm.H) + : "memory", "t0", "t1", "t2", "t3", "t4" + ); +#endif /* WOLFSSL_RISCV_BIT_MANIPULATION */ +#else + GenerateM0(&aes->gcm); +#endif + } + + return ret; +} + +#ifndef WOLFSSL_RISCV_VECTOR_GCM +/* Encode sz in bytes into array as big-endian number of bits. + * + * @param [out] buf Buffer to encode size into. + * @param [in] sz Size in bytes. + */ +static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz) +{ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + __asm__ __volatile__ ( + /* sz is only 32-bits */ + /* Multiply by 8 to get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[buf])\n\t" + "sb x0 , 2(%[buf])\n\t" + "sb t0 , 3(%[buf])\n\t" + "sb t1 , 4(%[buf])\n\t" + "sb t2 , 5(%[buf])\n\t" + "sb t3 , 6(%[buf])\n\t" + "sb %[sz], 7(%[buf])\n\t" + : [sz] "+r" (sz) + : [buf] "r" (buf) + : "memory", "t0", "t1", "t2", "t3" + ); +#else + __asm__ __volatile__ ( + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[buf])\n\t" + : + : [sz] "r" (sz), [buf] "r" (buf) + : "memory", "t0" + ); +#endif +} +#endif + +#if defined(WOLFSSL_RISCV_VECTOR_GCM) + +/* Vector GHASH: vd = (vd ^ vs1) * vs2 */ +#define VGHSH_VV(vd, vs1, vs2) \ + ASM_WORD((0b101100 << 26) | (0b1 << 25) | (0b010 << 12) | \ + (0b1110111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7)) +/* Vector GMULT: vd = vd * vs2 */ +#define VGMUL_VV(vd, vs2) \ + ASM_WORD((0b101000 << 26) | (0b1 << 25) | (0b010 << 12) | \ + (0b1110111 << 0) | (vs2 << 20) | (0b10001 << 15) | (vd << 7)) + +/* GHASH Additional Authentication Data (AAD) and cipher text. + * + * @param [in] gcm GCM object. + * @param [in] a Additional Authentication Data (AAD). + * @param [in] aSz Size of AAD in bytes. + * @param [in] c Cipher text. + * @param [in] cSz Size of cipher text in bytes. + * @param [out] s Hash result. + * @param [in] sSz Number of bytes to put into hash result. + */ +void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, + byte* s, word32 sSz) +{ + if (gcm != NULL) { + byte x[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + byte* h = gcm->H; + + __asm__ __volatile__ ( + VXOR_VV(REG_V0, REG_V0, REG_V0) + + /* Hash in A, the Additional Authentication Data */ + "beqz %[aSz], L_ghash_aad_done\n\t" + "beqz %[a], L_ghash_aad_done\n\t" + + "srli t3, %[aSz], 4\n\t" + VSETIVLI(REG_T0, 4, 0, 0, 0b010, 0b000) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V1, REG_T0) + + "beqz t3, L_ghash_aad_blocks_done\n\t" + "L_ghash_aad_loop:\n\t" + "mv t0, %[a]\n\t" + VL1RE32_V(REG_V2, REG_T0) + VGHSH_VV(REG_V0, REG_V2, REG_V1) + "addi %[a], %[a], 16\n\t" + "addi t3, t3, -1\n\t" + "bnez t3, L_ghash_aad_loop\n\t" + "L_ghash_aad_blocks_done:\n\t" + "andi t3, %[aSz], 0xf\n\t" + "beqz t3, L_ghash_aad_done\n\t" + VXOR_VV(REG_V2, REG_V2, REG_V2) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V2, REG_T0) + "mv t2, t3\n\t" + "L_ghash_aad_load_byte:\n\t" + "lb t0, (%[a])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[a], %[a], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t3\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V2, REG_T0) + VGHSH_VV(REG_V0, REG_V2, REG_V1) + "L_ghash_aad_done:\n\t" + + /* Hash in C, the Ciphertext */ + "beqz %[cSz], L_ghash_ct_done\n\t" + "beqz %[c], L_ghash_ct_done\n\t" + + "srli t3, %[cSz], 4\n\t" + VSETIVLI(REG_T0, 4, 0, 0, 0b010, 0b000) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V1, REG_T0) + + "beqz t3, L_ghash_ct_blocks_done\n\t" + "L_ghash_ct_loop:\n\t" + "mv t0, %[c]\n\t" + VL1RE32_V(REG_V2, REG_T0) + VGHSH_VV(REG_V0, REG_V2, REG_V1) + "addi %[c], %[c], 16\n\t" + "addi t3, t3, -1\n\t" + "bnez t3, L_ghash_ct_loop\n\t" + "L_ghash_ct_blocks_done:\n\t" + "andi t3, %[cSz], 0xf\n\t" + "beqz t3, L_ghash_ct_done\n\t" + VXOR_VV(REG_V2, REG_V2, REG_V2) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V2, REG_T0) + "mv t2, t3\n\t" + "L_ghash_ct_load_byte:\n\t" + "lb t0, (%[c])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[c], %[c], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_ghash_ct_load_byte\n\t" + "sub %[scratch], %[scratch], t3\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V2, REG_T0) + VGHSH_VV(REG_V0, REG_V2, REG_V1) + "L_ghash_ct_done:\n\t" + + /* Hash in the lengths of A and C in bits */ + #ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* cSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[cSz], %[cSz], 3\n\t" + "srli t0, %[cSz], 32\n\t" + "srli t1, %[cSz], 24\n\t" + "srli t2, %[cSz], 16\n\t" + "srli t3, %[cSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[cSz], 15(%[scratch])\n\t" + #else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[cSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" + #endif + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V2, REG_T0) + VGHSH_VV(REG_V0, REG_V2, REG_V1) + + "mv t1, %[x]\n\t" + VS1R_V(REG_V0, REG_T1) + + : [a] "+r" (a), [c] "+r" (c) , [aSz] "+r" (aSz), [cSz] "+r" (cSz) + : [x] "r" (x), [h] "r" (h), [scratch] "r" (scratch) + : "memory", "t0", "t1", "t2", "t3" + ); + + /* Copy the result into s. */ + XMEMCPY(s, x, sSz); + } +} + +#define HAVE_GHASH + +#elif defined(WOLFSSL_RISCV_VECTOR_CARRYLESS) + +#define VCLMUL_VV(vd, vs1, vs2) \ + ASM_WORD((0b001100 << 26) | (0b1 << 25) | (0b010 << 12) | \ + (0b1010111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7)) +#define VCLMULH_VV(vd, vs1, vs2) \ + ASM_WORD((0b001101 << 26) | (0b1 << 25) | (0b010 << 12) | \ + (0b1010111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7)) + +/* GMULT, multiply in GF2, x and y into x. + * + * @param [in, out] x On in, value to GMULT. + * On out, result of GMULT. + * @param [in] y Value to GMULT. + */ +static void GMULT(byte* x, byte* y) +{ + static byte red[16] = { + 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) + + /* 0x87 into both 64-bit elements of v7. */ + "mv t1, %[red]\n\t" + VL1RE64_V(REG_V8, REG_T1) + + "mv t1, %[x]\n\t" + VL1RE64_V(REG_V0, REG_T1) + "mv t0, %[y]\n\t" + VL1RE64_V(REG_V1, REG_T0) + /* Reverse x and y. */ +#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VBREV8(REG_V0, REG_V0) + VBREV8(REG_V1, REG_V1) +#else + VSETIVLI(REG_X0, 16, 0, 0, 0b000, 0b000) + + /* Swap odd/even bits. */ + "li t0, 0x55\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V2, REG_V0, 1) + VSRL_VI(REG_V3, REG_V1, 1) + VAND_VV(REG_V0, REG_V0, REG_V4) + VAND_VV(REG_V1, REG_V1, REG_V4) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V3, REG_V3, REG_V4) + VSLL_VI(REG_V0, REG_V0, 1) + VSLL_VI(REG_V1, REG_V1, 1) + VOR_VV(REG_V0, REG_V0, REG_V2) + VOR_VV(REG_V1, REG_V1, REG_V3) + /* Swap pairs of bits. */ + "li t0, 0x33\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V2, REG_V0, 2) + VSRL_VI(REG_V3, REG_V1, 2) + VAND_VV(REG_V0, REG_V0, REG_V4) + VAND_VV(REG_V1, REG_V1, REG_V4) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V3, REG_V3, REG_V4) + VSLL_VI(REG_V0, REG_V0, 2) + VSLL_VI(REG_V1, REG_V1, 2) + VOR_VV(REG_V0, REG_V0, REG_V2) + VOR_VV(REG_V1, REG_V1, REG_V3) + /* Swap nibbles. */ + "li t0, 0x0f\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V2, REG_V0, 4) + VSRL_VI(REG_V3, REG_V1, 4) + VAND_VV(REG_V0, REG_V0, REG_V4) + VAND_VV(REG_V1, REG_V1, REG_V4) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V3, REG_V3, REG_V4) + VSLL_VI(REG_V0, REG_V0, 4) + VSLL_VI(REG_V1, REG_V1, 4) + VOR_VV(REG_V0, REG_V0, REG_V2) + VOR_VV(REG_V1, REG_V1, REG_V3) + + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) +#endif + + /* v2 = (x[1] * y[1])[0] | (x[0] * y[0])[0] */ + VCLMUL_VV(REG_V2, REG_V0, REG_V1) + /* v3 = (x[1] * y[1])[1] | (x[0] * y[0])[1] */ + VCLMULH_VV(REG_V3, REG_V0, REG_V1) + /* V2 = R[2] | R[0], V3 = R[3] | R[1] */ + + /* SWAP 64-bit values from V1 into V6. V6 = V1[0] | V1[1] */ + VSLIDEDOWN_VI(REG_V6, REG_V1, 1) + VSLIDEUP_VI(REG_V6, REG_V1, 1) + /* (x[1] * y[0])[0] | (x[0] * y[1])[0] */ + VCLMUL_VV(REG_V4, REG_V0, REG_V6) + /* (x[1] * y[0])[1] | (x[0] * y[1])[1] */ + VCLMULH_VV(REG_V5, REG_V0, REG_V6) + /* V4 = R[1] | R[1], V5 = R[2] | R[2] */ + + VMV_V_V(REG_V1, REG_V3) + VSLIDEDOWN_VI(REG_V0, REG_V2, 1) + VSLIDEUP_VI(REG_V1, REG_V0, 1) + /* V2 = ---- | R[0], V3 = R[3] | ----, V1 = R[2] | R[1] */ + + VMV_V_V(REG_V6, REG_V4) + /* V7 = ---- | ----, V6 = ---- | R[1] */ + VSLIDEDOWN_VI(REG_V7, REG_V4, 1) + /* V7 = ---- | R[1], V6 = ---- | R[1] */ + VSLIDEUP_VI(REG_V6, REG_V5, 1) + /* V7 = ---- | R[1], V6 = R[2] | R[1] */ + VSLIDEDOWN_VI(REG_V0, REG_V5, 1) + VSLIDEUP_VI(REG_V7, REG_V0, 1) + /* V7 = R[2] | R[1], V6 = R[2] | R[1] */ + VXOR_VV(REG_V1, REG_V1, REG_V6) + VXOR_VV(REG_V1, REG_V1, REG_V7) + /* V2 = ---- | R[0], V3 = R[3] | ----, V1 = R[2] | R[1] */ + VSLIDEUP_VI(REG_V2, REG_V1, 1) + VSLIDEDOWN_VI(REG_V5, REG_V3, 1) + VSLIDEDOWN_VI(REG_V3, REG_V1, 1) + VSLIDEUP_VI(REG_V3, REG_V5, 1) + /* V2 = R[1] | R[0], V3 = R[3] | R[2] */ + + /* Reduce */ + /* v0 = (R[3] * 0x87)[0] | (R[2] * 0x87)[0] */ + VCLMUL_VV(REG_V0, REG_V3, REG_V8) + /* v1 = (R[3] * 0x87)[1] | (R[2] * 0x87)[1] */ + VCLMULH_VV(REG_V1, REG_V3, REG_V8) + /* V0 = r[1] | r[0], V1 = r[2] | r[1] */ + VXOR_VV(REG_V4, REG_V4, REG_V4) + VXOR_VV(REG_V2, REG_V2, REG_V0) + VSLIDEUP_VI(REG_V4, REG_V1, 1) + VXOR_VV(REG_V2, REG_V2, REG_V4) + VSLIDEDOWN_VI(REG_V3, REG_V1, 1) + /* v0 = ---- | (r[2] * 0x87)[0] */ + VCLMUL_VV(REG_V0, REG_V3, REG_V8) + /* v1 = ---- | (r[2] * 0x87)[1] */ + VCLMULH_VV(REG_V1, REG_V3, REG_V8) + /* V0 = ---- | r[0] , V1 = ---- | r[1] */ + VSLIDEUP_VI(REG_V0, REG_V1, 1) + /* V1 = R[1] | R[0] */ + VXOR_VV(REG_V2, REG_V2, REG_V0) + + /* Reverse x. */ +#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VBREV8(REG_V2, REG_V2) +#else + VSETIVLI(REG_X0, 16, 0, 0, 0b000, 0b000) + + /* Swap odd/even bits. */ + "li t0, 0x55\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V0, REG_V2, 1) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V0, REG_V0, REG_V4) + VSLL_VI(REG_V2, REG_V2, 1) + VOR_VV(REG_V2, REG_V2, REG_V0) + /* Swap pairs of bits. */ + "li t0, 0x33\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V0, REG_V2, 2) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V0, REG_V0, REG_V4) + VSLL_VI(REG_V2, REG_V2, 2) + VOR_VV(REG_V2, REG_V2, REG_V0) + /* Swap nibbles. */ + "li t0, 0x0f\n\t" + VMV_V_X(REG_V4, REG_T0) + VSRL_VI(REG_V0, REG_V2, 4) + VAND_VV(REG_V2, REG_V2, REG_V4) + VAND_VV(REG_V0, REG_V0, REG_V4) + VSLL_VI(REG_V2, REG_V2, 4) + VOR_VV(REG_V2, REG_V2, REG_V0) + + VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000) +#endif + VS1R_V(REG_V2, REG_T1) + : + : [x] "r" (x), [y] "r" (y), [red] "r" (red) + : "memory", "t0", "t1", "t2" + ); +} + +/* GHASH Additional Authentication Data (AAD) and cipher text. + * + * @param [in] gcm GCM object. + * @param [in] a Additional Authentication Data (AAD). + * @param [in] aSz Size of AAD in bytes. + * @param [in] c Cipher text. + * @param [in] cSz Size of cipher text in bytes. + * @param [out] s Hash result. + * @param [in] sSz Number of bytes to put into hash result. + */ +void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, + byte* s, word32 sSz) +{ + byte x[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + word32 blocks, partial; + byte* h; + + if (gcm == NULL) { + return; + } + + h = gcm->H; + XMEMSET(x, 0, AES_BLOCK_SIZE); + + /* Hash in A, the Additional Authentication Data */ + if (aSz != 0 && a != NULL) { + blocks = aSz / AES_BLOCK_SIZE; + partial = aSz % AES_BLOCK_SIZE; + while (blocks--) { + xorbuf16(x, a); + GMULT(x, h); + a += AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, a, partial); + xorbuf16(x, scratch); + GMULT(x, h); + } + } + + /* Hash in C, the Ciphertext */ + if (cSz != 0 && c != NULL) { + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + while (blocks--) { + xorbuf16(x, c); + GMULT(x, h); + c += AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, c, partial); + xorbuf16(x, scratch); + GMULT(x, h); + } + } + + /* Hash in the lengths of A and C in bits */ + FlattenSzInBits(&scratch[0], aSz); + FlattenSzInBits(&scratch[8], cSz); + xorbuf16(x, scratch); + GMULT(x, h); + + /* Copy the result into s. */ + XMEMCPY(s, x, sSz); +} + +#define HAVE_GHASH + +#elif defined(WOLFSSL_RISCV_CARRYLESS) + +/* Bottom half of carryless-multiplication: rd = (rs1 * rs2)[0..63]. */ +#define CLMUL(rd, rs1, rs2) \ + ASM_WORD(0b00001010000000000001000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) +/* Top half of carryless-multiplication: rd = (rs1 * rs2)[64..127]. */ +#define CLMULH(rd, rs1, rs2) \ + ASM_WORD(0b00001010000000000011000000110011 | \ + (rd << 7) | (rs1 << 15) | (rs2 << 20)) + +/* GMULT, multiply in GF2, x and y into x. + * + * @param [in, out] x On in, value to GMULT. + * On out, result of GMULT. + * @param [in] y Value to GMULT. + */ +static void GMULT(byte* x, byte* y) +{ + __asm__ __volatile__ ( + "ld t0, 0(%[x])\n\t" + "ld t1, 8(%[x])\n\t" + "ld t2, 0(%[y])\n\t" + "ld t3, 8(%[y])\n\t" + /* Load reduction value into t6 */ + "li t6, 0x87\n\t" + /* Reverse x. y was reversed in wc_AesGcmSetKey. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + BREV8(REG_T0, REG_T0) + BREV8(REG_T1, REG_T1) +#else + /* Swap odd-even bits. */ + "li a4, 0x5555555555555555\n\t" + "srli a2, t0, 1\n\t" + "srli a3, t1, 1\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 1\n\t" + "slli t1, t1, 1\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap pairs. */ + "li a4, 0x3333333333333333\n\t" + "srli a2, t0, 2\n\t" + "srli a3, t1, 2\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap nibbles. */ + "li a4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli a2, t0, 4\n\t" + "srli a3, t1, 4\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 4\n\t" + "slli t1, t1, 4\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" +#endif + + /* r[0..1] = x[0] * y[0] */ + CLMUL(REG_A2, REG_T0, REG_T2) + CLMULH(REG_A3, REG_T0, REG_T2) + /* r[2..3] = x[1] * y[1] */ + CLMUL(REG_A4, REG_T1, REG_T3) + CLMULH(REG_A5, REG_T1, REG_T3) + /* r[1..2] ^= x[1] * y[0] */ + CLMUL(REG_T4, REG_T1, REG_T2) + CLMULH(REG_T5, REG_T1, REG_T2) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + /* r[1..2] ^= x[0] * y[1] */ + CLMUL(REG_T4, REG_T0, REG_T3) + CLMULH(REG_T5, REG_T0, REG_T3) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + + /* Reduce */ + CLMUL(REG_T4, REG_A5, REG_T6) + CLMULH(REG_T5, REG_A5, REG_T6) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + CLMUL(REG_T4, REG_A4, REG_T6) + CLMULH(REG_T5, REG_A4, REG_T6) + "xor t0, a2, t4\n\t" + "xor t1, a3, t5\n\t" + + /* Reverse x. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + BREV8(REG_T0, REG_T0) + BREV8(REG_T1, REG_T1) +#else + /* Swap odd-even bits. */ + "li a4, 0x5555555555555555\n\t" + "srli a2, t0, 1\n\t" + "srli a3, t1, 1\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 1\n\t" + "slli t1, t1, 1\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap pairs. */ + "li a4, 0x3333333333333333\n\t" + "srli a2, t0, 2\n\t" + "srli a3, t1, 2\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap nibbles. */ + "li a4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli a2, t0, 4\n\t" + "srli a3, t1, 4\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 4\n\t" + "slli t1, t1, 4\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" +#endif + "sd t0, 0(%[x])\n\t" + "sd t1, 8(%[x])\n\t" + : + : [x] "r" (x), [y] "r" (y) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a2", "a3", "a4", "a5" + ); +} + +/* GHASH blocks of data. + * + * @param [in, out] x On in, value to GMULT. + * On out, result of GMULT. + * @param [in] y Value to GMULT. + * @param [in] in Blocks of data to GHASH. + * @param [in] blocks Number of blocks to GHASH. + */ +static void ghash_blocks(byte* x, byte* y, const byte* in, word32 blocks) +{ + __asm__ __volatile__ ( + "ld t0, 0(%[x])\n\t" + "ld t1, 8(%[x])\n\t" + "ld t2, 0(%[y])\n\t" + "ld t3, 8(%[y])\n\t" + /* Load reduction value into t6 */ + "li t6, 0x87\n\t" + /* Reverse x. y was reversed in wc_AesGcmSetKey. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + BREV8(REG_T0, REG_T0) + BREV8(REG_T1, REG_T1) +#else + /* Swap odd-even bits. */ + "li a4, 0x5555555555555555\n\t" + "srli a2, t0, 1\n\t" + "srli a3, t1, 1\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 1\n\t" + "slli t1, t1, 1\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap pairs. */ + "li a4, 0x3333333333333333\n\t" + "srli a2, t0, 2\n\t" + "srli a3, t1, 2\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap nibbles. */ + "li a4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli a2, t0, 4\n\t" + "srli a3, t1, 4\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 4\n\t" + "slli t1, t1, 4\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" +#endif + + "L_ghash_loop:\n\t" + /* Load input block. */ + "ld t5, 0(%[in])\n\t" + "ld a5, 8(%[in])\n\t" + /* Reverse bits to match x. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + BREV8(REG_T5, REG_T5) + BREV8(REG_A5, REG_A5) +#else + /* Swap odd-even bits. */ + "li a4, 0x5555555555555555\n\t" + "srli a2, t5, 1\n\t" + "srli a3, a5, 1\n\t" + "and t5, t5, a4\n\t" + "and a5, a5, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t5, t5, 1\n\t" + "slli a5, a5, 1\n\t" + "or t5, t5, a2\n\t" + "or a5, a5, a3\n\t" + /* Swap pairs. */ + "li a4, 0x3333333333333333\n\t" + "srli a2, t5, 2\n\t" + "srli a3, a5, 2\n\t" + "and t5, t5, a4\n\t" + "and a5, a5, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t5, t5, 2\n\t" + "slli a5, a5, 2\n\t" + "or t5, t5, a2\n\t" + "or a5, a5, a3\n\t" + /* Swap nibbles. */ + "li a4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli a2, t5, 4\n\t" + "srli a3, a5, 4\n\t" + "and t5, t5, a4\n\t" + "and a5, a5, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t5, t5, 4\n\t" + "slli a5, a5, 4\n\t" + "or t5, t5, a2\n\t" + "or a5, a5, a3\n\t" +#endif + /* XOR input into x. */ + "xor t0, t0, t5\n\t" + "xor t1, t1, a5\n\t" + + /* r[0..1] = x[0] * y[0] */ + CLMUL(REG_A2, REG_T0, REG_T2) + CLMULH(REG_A3, REG_T0, REG_T2) + /* r[2..3] = x[1] * y[1] */ + CLMUL(REG_A4, REG_T1, REG_T3) + CLMULH(REG_A5, REG_T1, REG_T3) + /* r[1..2] ^= x[1] * y[0] */ + CLMUL(REG_T4, REG_T1, REG_T2) + CLMULH(REG_T5, REG_T1, REG_T2) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + /* r[1..2] ^= x[0] * y[1] */ + CLMUL(REG_T4, REG_T0, REG_T3) + CLMULH(REG_T5, REG_T0, REG_T3) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + + /* Reduce */ + CLMUL(REG_T4, REG_A5, REG_T6) + CLMULH(REG_T5, REG_A5, REG_T6) + "xor a3, a3, t4\n\t" + "xor a4, a4, t5\n\t" + CLMUL(REG_T4, REG_A4, REG_T6) + CLMULH(REG_T5, REG_A4, REG_T6) + "xor t0, a2, t4\n\t" + "xor t1, a3, t5\n\t" + + "addi %[in], %[in], 16\n\t" + "addi %[blocks], %[blocks], -1\n\t" + "bnez %[blocks], L_ghash_loop\n\t" + + /* Reverse x. */ +#ifdef WOLFSSL_RISCV_BIT_MANIPULATION + BREV8(REG_T0, REG_T0) + BREV8(REG_T1, REG_T1) +#else + /* Swap odd-even bits. */ + "li a4, 0x5555555555555555\n\t" + "srli a2, t0, 1\n\t" + "srli a3, t1, 1\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 1\n\t" + "slli t1, t1, 1\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap pairs. */ + "li a4, 0x3333333333333333\n\t" + "srli a2, t0, 2\n\t" + "srli a3, t1, 2\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 2\n\t" + "slli t1, t1, 2\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" + /* Swap nibbles. */ + "li a4, 0x0f0f0f0f0f0f0f0f\n\t" + "srli a2, t0, 4\n\t" + "srli a3, t1, 4\n\t" + "and t0, t0, a4\n\t" + "and t1, t1, a4\n\t" + "and a2, a2, a4\n\t" + "and a3, a3, a4\n\t" + "slli t0, t0, 4\n\t" + "slli t1, t1, 4\n\t" + "or t0, t0, a2\n\t" + "or t1, t1, a3\n\t" +#endif + "sd t0, 0(%[x])\n\t" + "sd t1, 8(%[x])\n\t" + : [in] "+r" (in), [blocks] "+r" (blocks) + : [x] "r" (x), [y] "r" (y) + : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a2", "a3", "a4", "a5" + ); +} + +/* GHASH Additional Authentication Data (AAD) and cipher text. + * + * @param [in] gcm GCM object. + * @param [in] a Additional Authentication Data (AAD). + * @param [in] aSz Size of AAD in bytes. + * @param [in] c Cipher text. + * @param [in] cSz Size of cipher text in bytes. + * @param [out] s Hash result. + * @param [in] sSz Number of bytes to put into hash result. + */ +void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, + byte* s, word32 sSz) +{ + if (gcm != NULL) { + byte x[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + word32 blocks, partial; + byte* h = gcm->H; + + XMEMSET(x, 0, AES_BLOCK_SIZE); + + /* Hash in A, the Additional Authentication Data */ + if (aSz != 0 && a != NULL) { + blocks = aSz / AES_BLOCK_SIZE; + partial = aSz % AES_BLOCK_SIZE; + if (blocks > 0) { + ghash_blocks(x, h, a, blocks); + a += blocks * AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, a, partial); + xorbuf16(x, scratch); + GMULT(x, h); + } + } + + /* Hash in C, the Ciphertext */ + if (cSz != 0 && c != NULL) { + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + if (blocks > 0) { + ghash_blocks(x, h, c, blocks); + c += blocks * AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, c, partial); + xorbuf16(x, scratch); + GMULT(x, h); + } + } + + /* Hash in the lengths of A and C in bits */ + FlattenSzInBits(&scratch[0], aSz); + FlattenSzInBits(&scratch[8], cSz); + xorbuf16(x, scratch); + GMULT(x, h); + + /* Copy the result into s. */ + XMEMCPY(s, x, sSz); + } +} + +#define HAVE_GHASH + +#endif /* !WOLFSSL_RISCV_VECTOR_GCM */ + +#ifdef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM +#ifdef WOLFSSL_RISCV_VECTOR_GCM +/* START script replace AES-GCM RISC-V 64 with hardware vector crypto */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION +static const word32 rev_idx[4] = { + 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f +}; +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + +#ifdef WOLFSSL_AES_128 +/* Encrypt data using AES-128-GCM. + * + * @param [in] aes AES object. + * @param [out] out Encrypted data. + * @param [in] in Data to encrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + */ +static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_128_encrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_128_encrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_128_encrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_128_encrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_encrypt_ghash_aad_loop\n\t" + "L_aes_gcm_128_encrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_128_encrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_128_encrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_128_encrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_128_encrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V10, REG_T0) + + "beqz %[sz], L_aes_gcm_128_encrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_128_encrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_128_encrypt_x4_block_loop:\n\t" + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VMV_V_V(REG_V24, REG_V16) + VMV_V_V(REG_V25, REG_V16) + VMV_V_V(REG_V26, REG_V16) + VMV_V_V(REG_V27, REG_V16) + VADD_VI(REG_V28, REG_V20, 1) + VADD_VI(REG_V29, REG_V20, 2) + VADD_VI(REG_V30, REG_V20, 3) + VADD_VI(REG_V20, REG_V20, 4) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V28) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V28, REG_V17) +#else + VREV8(REG_V28, REG_V28) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V29) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V29, REG_V17) +#else + VREV8(REG_V29, REG_V29) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V30) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V30, REG_V17) +#else + VREV8(REG_V30, REG_V30) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V31, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V31, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "addi t2, t3, 3\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + "slli t1, t1, 32\n\t" + "slli t2, t2, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + REV8(REG_T2, REG_T2) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V28, REG_T0) + "slli t0, t3, 32\n\t" + VMV_V_X(REG_V29, REG_T1) + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V30, REG_T2) + VMV_V_X(REG_V31, REG_T0) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V28, 3) + VSLIDEUP_VI(REG_V25, REG_V29, 3) + VSLIDEUP_VI(REG_V26, REG_V30, 3) + VSLIDEUP_VI(REG_V27, REG_V31, 3) + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V24, REG_V10) + VAESEF_VS(REG_V25, REG_V10) + VAESEF_VS(REG_V26, REG_V10) + VAESEF_VS(REG_V27, REG_V10) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + VGMUL_VV(REG_V28, REG_V23) + VGMUL_VV(REG_V29, REG_V22) + VGMUL_VV(REG_V30, REG_V21) + VGMUL_VV(REG_V31, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V28) + VXOR_VV(REG_V18, REG_V18, REG_V29) + VXOR_VV(REG_V18, REG_V18, REG_V30) + VXOR_VV(REG_V18, REG_V18, REG_V31) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_128_encrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_128_encrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_128_encrypt_blocks_done\n\t" + + "L_aes_gcm_128_encrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V27, REG_V10) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + VGHSH_VV(REG_V18, REG_V27, REG_V19) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_128_encrypt_block_loop\n\t" + + "L_aes_gcm_128_encrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_128_encrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_128_encrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_encrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V27, REG_V10) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_128_encrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_encrypt_store_byte\n\t" + "li t1, 16\n\t" + "sub t1, t1, t2\n\t" + "L_aes_gcm_128_encrypt_zero_byte:\n\t" + "sb x0, (%[scratch])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_encrypt_zero_byte\n\t" + "addi %[scratch], %[scratch], -16\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + "L_aes_gcm_128_encrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEF_VS(REG_V16, REG_V10) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_128_encrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VS1R_V(REG_V18, REG_T0) + "beqz x0, L_aes_gcm_128_encrypt_tag_done\n\t" + "L_aes_gcm_128_encrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "L_aes_gcm_128_encrypt_store_tag_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[tag])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_encrypt_store_tag_byte\n\t" + "L_aes_gcm_128_encrypt_tag_done:\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif +} +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 +/* Encrypt data using AES-192-GCM. + * + * @param [in] aes AES object. + * @param [out] out Encrypted data. + * @param [in] in Data to encrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + */ +static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_192_encrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_192_encrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_192_encrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_192_encrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_encrypt_ghash_aad_loop\n\t" + "L_aes_gcm_192_encrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_192_encrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_192_encrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_192_encrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_192_encrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V12, REG_T0) + + "beqz %[sz], L_aes_gcm_192_encrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_192_encrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_192_encrypt_x4_block_loop:\n\t" + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VMV_V_V(REG_V24, REG_V16) + VMV_V_V(REG_V25, REG_V16) + VMV_V_V(REG_V26, REG_V16) + VMV_V_V(REG_V27, REG_V16) + VADD_VI(REG_V28, REG_V20, 1) + VADD_VI(REG_V29, REG_V20, 2) + VADD_VI(REG_V30, REG_V20, 3) + VADD_VI(REG_V20, REG_V20, 4) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V28) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V28, REG_V17) +#else + VREV8(REG_V28, REG_V28) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V29) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V29, REG_V17) +#else + VREV8(REG_V29, REG_V29) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V30) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V30, REG_V17) +#else + VREV8(REG_V30, REG_V30) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V31, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V31, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "addi t2, t3, 3\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + "slli t1, t1, 32\n\t" + "slli t2, t2, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + REV8(REG_T2, REG_T2) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V28, REG_T0) + "slli t0, t3, 32\n\t" + VMV_V_X(REG_V29, REG_T1) + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V30, REG_T2) + VMV_V_X(REG_V31, REG_T0) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V28, 3) + VSLIDEUP_VI(REG_V25, REG_V29, 3) + VSLIDEUP_VI(REG_V26, REG_V30, 3) + VSLIDEUP_VI(REG_V27, REG_V31, 3) + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V24, REG_V10) + VAESEM_VS(REG_V24, REG_V11) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V25, REG_V10) + VAESEM_VS(REG_V25, REG_V11) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V26, REG_V10) + VAESEM_VS(REG_V26, REG_V11) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V24, REG_V12) + VAESEF_VS(REG_V25, REG_V12) + VAESEF_VS(REG_V26, REG_V12) + VAESEF_VS(REG_V27, REG_V12) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + VGMUL_VV(REG_V28, REG_V23) + VGMUL_VV(REG_V29, REG_V22) + VGMUL_VV(REG_V30, REG_V21) + VGMUL_VV(REG_V31, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V28) + VXOR_VV(REG_V18, REG_V18, REG_V29) + VXOR_VV(REG_V18, REG_V18, REG_V30) + VXOR_VV(REG_V18, REG_V18, REG_V31) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_192_encrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_192_encrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_192_encrypt_blocks_done\n\t" + + "L_aes_gcm_192_encrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V27, REG_V12) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + VGHSH_VV(REG_V18, REG_V27, REG_V19) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_192_encrypt_block_loop\n\t" + + "L_aes_gcm_192_encrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_192_encrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_192_encrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_encrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V27, REG_V12) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_192_encrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_encrypt_store_byte\n\t" + "li t1, 16\n\t" + "sub t1, t1, t2\n\t" + "L_aes_gcm_192_encrypt_zero_byte:\n\t" + "sb x0, (%[scratch])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_encrypt_zero_byte\n\t" + "addi %[scratch], %[scratch], -16\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + "L_aes_gcm_192_encrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEM_VS(REG_V16, REG_V10) + VAESEM_VS(REG_V16, REG_V11) + VAESEF_VS(REG_V16, REG_V12) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_192_encrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VS1R_V(REG_V18, REG_T0) + "beqz x0, L_aes_gcm_192_encrypt_tag_done\n\t" + "L_aes_gcm_192_encrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "L_aes_gcm_192_encrypt_store_tag_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[tag])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_encrypt_store_tag_byte\n\t" + "L_aes_gcm_192_encrypt_tag_done:\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif +} +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 +/* Encrypt data using AES-256-GCM. + * + * @param [in] aes AES object. + * @param [out] out Encrypted data. + * @param [in] in Data to encrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + */ +static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_256_encrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_256_encrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_256_encrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_256_encrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_encrypt_ghash_aad_loop\n\t" + "L_aes_gcm_256_encrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_256_encrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_256_encrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_256_encrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_256_encrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load key[12..13]. */ + "addi t0, t0, 64\n\t" + VL2RE32_V(REG_V12, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + + "beqz %[sz], L_aes_gcm_256_encrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_256_encrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_256_encrypt_x4_block_loop:\n\t" + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VMV_V_V(REG_V24, REG_V16) + VMV_V_V(REG_V25, REG_V16) + VMV_V_V(REG_V26, REG_V16) + VMV_V_V(REG_V27, REG_V16) + VADD_VI(REG_V28, REG_V20, 1) + VADD_VI(REG_V29, REG_V20, 2) + VADD_VI(REG_V30, REG_V20, 3) + VADD_VI(REG_V20, REG_V20, 4) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V28) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V28, REG_V17) +#else + VREV8(REG_V28, REG_V28) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V29) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V29, REG_V17) +#else + VREV8(REG_V29, REG_V29) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V30) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V30, REG_V17) +#else + VREV8(REG_V30, REG_V30) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V31, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V31, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "addi t2, t3, 3\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + "slli t1, t1, 32\n\t" + "slli t2, t2, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + REV8(REG_T2, REG_T2) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V28, REG_T0) + "slli t0, t3, 32\n\t" + VMV_V_X(REG_V29, REG_T1) + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V30, REG_T2) + VMV_V_X(REG_V31, REG_T0) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V28, 3) + VSLIDEUP_VI(REG_V25, REG_V29, 3) + VSLIDEUP_VI(REG_V26, REG_V30, 3) + VSLIDEUP_VI(REG_V27, REG_V31, 3) + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V24, REG_V10) + VAESEM_VS(REG_V24, REG_V11) + VAESEM_VS(REG_V24, REG_V12) + VAESEM_VS(REG_V24, REG_V13) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V25, REG_V10) + VAESEM_VS(REG_V25, REG_V11) + VAESEM_VS(REG_V25, REG_V12) + VAESEM_VS(REG_V25, REG_V13) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V26, REG_V10) + VAESEM_VS(REG_V26, REG_V11) + VAESEM_VS(REG_V26, REG_V12) + VAESEM_VS(REG_V26, REG_V13) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V24, REG_V14) + VAESEF_VS(REG_V25, REG_V14) + VAESEF_VS(REG_V26, REG_V14) + VAESEF_VS(REG_V27, REG_V14) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + VGMUL_VV(REG_V28, REG_V23) + VGMUL_VV(REG_V29, REG_V22) + VGMUL_VV(REG_V30, REG_V21) + VGMUL_VV(REG_V31, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V28) + VXOR_VV(REG_V18, REG_V18, REG_V29) + VXOR_VV(REG_V18, REG_V18, REG_V30) + VXOR_VV(REG_V18, REG_V18, REG_V31) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_256_encrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_256_encrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_256_encrypt_blocks_done\n\t" + + "L_aes_gcm_256_encrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V27, REG_V14) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + VGHSH_VV(REG_V18, REG_V27, REG_V19) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_256_encrypt_block_loop\n\t" + + "L_aes_gcm_256_encrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_256_encrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_256_encrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_encrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V27, REG_V14) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_256_encrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_encrypt_store_byte\n\t" + "li t1, 16\n\t" + "sub t1, t1, t2\n\t" + "L_aes_gcm_256_encrypt_zero_byte:\n\t" + "sb x0, (%[scratch])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_encrypt_zero_byte\n\t" + "addi %[scratch], %[scratch], -16\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + "L_aes_gcm_256_encrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEM_VS(REG_V16, REG_V10) + VAESEM_VS(REG_V16, REG_V11) + VAESEM_VS(REG_V16, REG_V12) + VAESEM_VS(REG_V16, REG_V13) + VAESEF_VS(REG_V16, REG_V14) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_256_encrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VS1R_V(REG_V18, REG_T0) + "beqz x0, L_aes_gcm_256_encrypt_tag_done\n\t" + "L_aes_gcm_256_encrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "L_aes_gcm_256_encrypt_store_tag_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[tag])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_encrypt_store_tag_byte\n\t" + "L_aes_gcm_256_encrypt_tag_done:\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif +} +#endif /* WOLFSSL_AES_256 */ + +/* Encrypt data using AES-GCM. + * + * @param [in] aes AES object. + * @param [out] out Encrypted data. + * @param [in] in Data to encrypt. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, nonce or tag is NULL. + * @return BAD_FUNC_ARG when nonceSz is zero. + * @return BAD_FUNC_ARG when aad is NULL but aadSz is not zero. + * @return BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or + * greater than AES_BLOCK_SIZE. + * @return BAD_FUNC_ARG when sz is not zero but in or out is NULL. + */ +int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, const byte* aad, + word32 aadSz) +{ + int ret = 0; + + /* sanity checks */ + if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) || + ((aad == NULL) && (aadSz > 0)) || ((sz != 0) && ((in == NULL) || + (out == NULL)))) { + WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0"); + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || + (tagSz > AES_BLOCK_SIZE))) { + WOLFSSL_MSG("GcmEncrypt tagSz error"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + switch (aes->rounds) { + #ifdef WOLFSSL_AES_128 + case 10: + Aes128GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz, + aad, aadSz); + break; + #endif + #ifdef WOLFSSL_AES_192 + case 12: + Aes192GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz, + aad, aadSz); + break; + #endif + #ifdef WOLFSSL_AES_256 + case 14: + Aes256GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz, + aad, aadSz); + break; + #endif + default: + WOLFSSL_MSG("AES-GCM invalid round number"); + ret = BAD_FUNC_ARG; + } + } + + return ret; +} + + +#ifdef HAVE_AES_DECRYPT + +#ifdef WOLFSSL_AES_128 +/* Decrypt data using AES-128-GCM. + * + * @param [in] aes AES object. + * @param [out] out Decrypted data. + * @param [in] in Data to decrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return AES_GCM_AUTH_E when authentication tag computed doesn't match + * tag passed in. + */ +static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_128_decrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_128_decrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_128_decrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_128_decrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_decrypt_ghash_aad_loop\n\t" + "L_aes_gcm_128_decrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_128_decrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_128_decrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_128_decrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_128_decrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..9]. */ + "addi t0, t0, 128\n\t" + VL2RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V10, REG_T0) + + "beqz %[sz], L_aes_gcm_128_decrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_128_decrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_128_decrypt_x4_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VMVR_V(REG_V24, REG_V28, 4) + VGMUL_VV(REG_V24, REG_V23) + VGMUL_VV(REG_V25, REG_V22) + VGMUL_VV(REG_V26, REG_V21) + VGMUL_VV(REG_V27, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V24) + VXOR_VV(REG_V18, REG_V18, REG_V25) + VXOR_VV(REG_V18, REG_V18, REG_V26) + VXOR_VV(REG_V18, REG_V18, REG_V27) + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V24, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V25, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V25, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V26, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V26, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V27, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t1, t1, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + "addi t0, t3, 3\n\t" + VSLIDEUP_VI(REG_V24, REG_V20, 3) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V20, REG_T1) + "slli t0, t0, 32\n\t" + VSLIDEUP_VI(REG_V25, REG_V20, 3) + "slli t1, t3, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + VSLIDEUP_VI(REG_V26, REG_V20, 3) + VMV_V_X(REG_V20, REG_T1) + VSLIDEUP_VI(REG_V27, REG_V20, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V24, REG_V10) + VAESEF_VS(REG_V25, REG_V10) + VAESEF_VS(REG_V26, REG_V10) + VAESEF_VS(REG_V27, REG_V10) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_128_decrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_128_decrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_128_decrypt_blocks_done\n\t" + + "L_aes_gcm_128_decrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V27, REG_V10) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_128_decrypt_block_loop\n\t" + + "L_aes_gcm_128_decrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_128_decrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_128_decrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_decrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEF_VS(REG_V27, REG_V10) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_128_decrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_decrypt_store_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + "L_aes_gcm_128_decrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEF_VS(REG_V16, REG_V10) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_128_decrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V19, REG_V19, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V17) + VMSNE_VV(REG_V19, REG_V19, REG_V18) + VCPOP_M(REG_T0, REG_V19) + "beqz x0, L_aes_gcm_128_decrypt_tag_done\n\t" + "L_aes_gcm_128_decrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "xor t0, t0, t0\n\t" + "L_aes_gcm_128_decrypt_store_tag_byte:\n\t" + "lb t2, (%[scratch])\n\t" + "lb t3, (%[tag])\n\t" + "xor t0, t0, t2\n\t" + "xor t0, t0, t3\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_128_decrypt_store_tag_byte\n\t" + "L_aes_gcm_128_decrypt_tag_done:\n\t" + "negw t0, t0\n\t" + "sraiw t0, t0, 31\n\t" + "andi %[ret], t0, -180\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret), + [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 +/* Decrypt data using AES-192-GCM. + * + * @param [in] aes AES object. + * @param [out] out Decrypted data. + * @param [in] in Data to decrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return AES_GCM_AUTH_E when authentication tag computed doesn't match + * tag passed in. + */ +static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_192_decrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_192_decrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_192_decrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_192_decrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_decrypt_ghash_aad_loop\n\t" + "L_aes_gcm_192_decrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_192_decrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_192_decrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_192_decrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_192_decrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V12, REG_T0) + + "beqz %[sz], L_aes_gcm_192_decrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_192_decrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_192_decrypt_x4_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VMVR_V(REG_V24, REG_V28, 4) + VGMUL_VV(REG_V24, REG_V23) + VGMUL_VV(REG_V25, REG_V22) + VGMUL_VV(REG_V26, REG_V21) + VGMUL_VV(REG_V27, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V24) + VXOR_VV(REG_V18, REG_V18, REG_V25) + VXOR_VV(REG_V18, REG_V18, REG_V26) + VXOR_VV(REG_V18, REG_V18, REG_V27) + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V24, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V25, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V25, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V26, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V26, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V27, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t1, t1, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + "addi t0, t3, 3\n\t" + VSLIDEUP_VI(REG_V24, REG_V20, 3) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V20, REG_T1) + "slli t0, t0, 32\n\t" + VSLIDEUP_VI(REG_V25, REG_V20, 3) + "slli t1, t3, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + VSLIDEUP_VI(REG_V26, REG_V20, 3) + VMV_V_X(REG_V20, REG_T1) + VSLIDEUP_VI(REG_V27, REG_V20, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V24, REG_V10) + VAESEM_VS(REG_V24, REG_V11) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V25, REG_V10) + VAESEM_VS(REG_V25, REG_V11) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V26, REG_V10) + VAESEM_VS(REG_V26, REG_V11) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V24, REG_V12) + VAESEF_VS(REG_V25, REG_V12) + VAESEF_VS(REG_V26, REG_V12) + VAESEF_VS(REG_V27, REG_V12) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_192_decrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_192_decrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_192_decrypt_blocks_done\n\t" + + "L_aes_gcm_192_decrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V27, REG_V12) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_192_decrypt_block_loop\n\t" + + "L_aes_gcm_192_decrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_192_decrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_192_decrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_decrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEF_VS(REG_V27, REG_V12) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_192_decrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_decrypt_store_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + "L_aes_gcm_192_decrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEM_VS(REG_V16, REG_V10) + VAESEM_VS(REG_V16, REG_V11) + VAESEF_VS(REG_V16, REG_V12) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_192_decrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V19, REG_V19, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V17) + VMSNE_VV(REG_V19, REG_V19, REG_V18) + VCPOP_M(REG_T0, REG_V19) + "beqz x0, L_aes_gcm_192_decrypt_tag_done\n\t" + "L_aes_gcm_192_decrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "xor t0, t0, t0\n\t" + "L_aes_gcm_192_decrypt_store_tag_byte:\n\t" + "lb t2, (%[scratch])\n\t" + "lb t3, (%[tag])\n\t" + "xor t0, t0, t2\n\t" + "xor t0, t0, t3\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_192_decrypt_store_tag_byte\n\t" + "L_aes_gcm_192_decrypt_tag_done:\n\t" + "negw t0, t0\n\t" + "sraiw t0, t0, 31\n\t" + "andi %[ret], t0, -180\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret), + [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif + + return ret; +} +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 +/* Decrypt data using AES-256-GCM. + * + * @param [in] aes AES object. + * @param [out] out Decrypted data. + * @param [in] in Data to decrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return AES_GCM_AUTH_E when authentication tag computed doesn't match + * tag passed in. + */ +static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + byte counter[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + /* Noticed different optimization levels treated head of array different. + * Some cases was stack pointer plus offset others was a register containing + * address. To make uniform for passing in to inline assembly code am using + * pointers to the head of each local array. + */ + byte* ctr = counter; + byte* key = (byte*)aes->key; + + XMEMSET(counter, 0, AES_BLOCK_SIZE); + if (nonceSz == GCM_NONCE_MID_SZ) { + XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { +#ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; +#endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); +#ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; +#endif + } + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + + /* X=0, get H */ + VXOR_VV(REG_V18, REG_V18, REG_V18) + "mv t0, %[h]\n\t" + VL1RE32_V(REG_V19, REG_T0) + + /* Hash in AAD, the Additional Authentication Data */ + "beqz %[aSz], L_aes_gcm_256_decrypt_ghash_aad_done\n\t" + "beqz %[aad], L_aes_gcm_256_decrypt_ghash_aad_done\n\t" + + "srli t1, %[aSz], 4\n\t" + "beqz t1, L_aes_gcm_256_decrypt_ghash_aad_blocks_done\n\t" + + "L_aes_gcm_256_decrypt_ghash_aad_loop:\n\t" + "mv t0, %[aad]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "addi %[aad], %[aad], 16\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_decrypt_ghash_aad_loop\n\t" + "L_aes_gcm_256_decrypt_ghash_aad_blocks_done:\n\t" + "andi t1, %[aSz], 0xf\n\t" + "beqz t1, L_aes_gcm_256_decrypt_ghash_aad_done\n\t" + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t2, t1\n\t" + "L_aes_gcm_256_decrypt_ghash_aad_load_byte:\n\t" + "lb t0, (%[aad])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[aad], %[aad], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_256_decrypt_ghash_aad_load_byte\n\t" + "sub %[scratch], %[scratch], t1\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + "L_aes_gcm_256_decrypt_ghash_aad_done:\n\t" + /* Done Hash in AAD */ + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + "mv t0, %[rev_idx]\n\t" + VL1RE32_V(REG_V15, REG_T0) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + /* Load the counter. */ + "mv t0, %[ctr]\n\t" + VL1RE32_V(REG_V16, REG_T0) +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VSLIDEDOWN_VI(REG_V20, REG_V16, 3) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V21, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + VMV_V_V(REG_V20, REG_V21) +#else + VREV8(REG_V20, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ +#else + "lw t3, 12(%[ctr])\n\t" + "slli t3, t3, 32\n\t" + REV8(REG_T3, REG_T3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + /* Load key[0..7]. */ + "mv t0, %[key]\n\t" + VL8RE32_V(REG_V0, REG_T0) + /* Load key[8..11]. */ + "addi t0, t0, 128\n\t" + VL4RE32_V(REG_V8, REG_T0) + /* Load key[12..13]. */ + "addi t0, t0, 64\n\t" + VL2RE32_V(REG_V12, REG_T0) + /* Load last round's key */ + "addi t0, %[key], 224\n\t" + VL1RE32_V(REG_V14, REG_T0) + + "beqz %[sz], L_aes_gcm_256_decrypt_blocks_done\n\t" + "srli t4, %[sz], 6\n\t" + "beqz t4, L_aes_gcm_256_decrypt_x4_blocks_done\n\t" + + /* Calculate H^[1-4] - GMULT partials */ + VMV_V_V(REG_V21, REG_V19) + VMV_V_V(REG_V22, REG_V19) + /* Multiply H * H => H^2 */ + VGMUL_VV(REG_V21, REG_V19) + VMV_V_V(REG_V23, REG_V21) + /* Multiply H * H => H^3 */ + VGMUL_VV(REG_V22, REG_V21) + /* Multiply H^2 * H^2 => H^4 */ + VGMUL_VV(REG_V23, REG_V21) + + "L_aes_gcm_256_decrypt_x4_block_loop:\n\t" + /* Load input. */ + "mv t0, %[in]\n\t" + VL4RE32_V(REG_V28, REG_T0) + VMVR_V(REG_V24, REG_V28, 4) + VGMUL_VV(REG_V24, REG_V23) + VGMUL_VV(REG_V25, REG_V22) + VGMUL_VV(REG_V26, REG_V21) + VGMUL_VV(REG_V27, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V24) + VXOR_VV(REG_V18, REG_V18, REG_V25) + VXOR_VV(REG_V18, REG_V18, REG_V26) + VXOR_VV(REG_V18, REG_V18, REG_V27) + /* Calculate next 4 counters (+1-4) */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V24, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V24, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V25, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V25, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V26, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V26, REG_V17, 3) + VADD_VI(REG_V20, REG_V20, 1) + VMV_V_V(REG_V27, REG_V16) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t0, t3, 1\n\t" + VMV_V_V(REG_V24, REG_V16) + "addi t1, t3, 2\n\t" + VMV_V_V(REG_V25, REG_V16) + "slli t0, t0, 32\n\t" + VMV_V_V(REG_V26, REG_V16) + "slli t1, t1, 32\n\t" + VMV_V_V(REG_V27, REG_V16) + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + "addi t0, t3, 3\n\t" + VSLIDEUP_VI(REG_V24, REG_V20, 3) + "addi t3, t3, 4\n\t" + VMV_V_X(REG_V20, REG_T1) + "slli t0, t0, 32\n\t" + VSLIDEUP_VI(REG_V25, REG_V20, 3) + "slli t1, t3, 32\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + VMV_V_X(REG_V20, REG_T0) + VSLIDEUP_VI(REG_V26, REG_V20, 3) + VMV_V_X(REG_V20, REG_T1) + VSLIDEUP_VI(REG_V27, REG_V20, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V24, REG_V0) + VAESZ_VS(REG_V25, REG_V0) + VAESZ_VS(REG_V26, REG_V0) + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V24, REG_V1) + VAESEM_VS(REG_V24, REG_V2) + VAESEM_VS(REG_V24, REG_V3) + VAESEM_VS(REG_V24, REG_V4) + VAESEM_VS(REG_V24, REG_V5) + VAESEM_VS(REG_V24, REG_V6) + VAESEM_VS(REG_V24, REG_V7) + VAESEM_VS(REG_V24, REG_V8) + VAESEM_VS(REG_V24, REG_V9) + VAESEM_VS(REG_V24, REG_V10) + VAESEM_VS(REG_V24, REG_V11) + VAESEM_VS(REG_V24, REG_V12) + VAESEM_VS(REG_V24, REG_V13) + VAESEM_VS(REG_V25, REG_V1) + VAESEM_VS(REG_V25, REG_V2) + VAESEM_VS(REG_V25, REG_V3) + VAESEM_VS(REG_V25, REG_V4) + VAESEM_VS(REG_V25, REG_V5) + VAESEM_VS(REG_V25, REG_V6) + VAESEM_VS(REG_V25, REG_V7) + VAESEM_VS(REG_V25, REG_V8) + VAESEM_VS(REG_V25, REG_V9) + VAESEM_VS(REG_V25, REG_V10) + VAESEM_VS(REG_V25, REG_V11) + VAESEM_VS(REG_V25, REG_V12) + VAESEM_VS(REG_V25, REG_V13) + VAESEM_VS(REG_V26, REG_V1) + VAESEM_VS(REG_V26, REG_V2) + VAESEM_VS(REG_V26, REG_V3) + VAESEM_VS(REG_V26, REG_V4) + VAESEM_VS(REG_V26, REG_V5) + VAESEM_VS(REG_V26, REG_V6) + VAESEM_VS(REG_V26, REG_V7) + VAESEM_VS(REG_V26, REG_V8) + VAESEM_VS(REG_V26, REG_V9) + VAESEM_VS(REG_V26, REG_V10) + VAESEM_VS(REG_V26, REG_V11) + VAESEM_VS(REG_V26, REG_V12) + VAESEM_VS(REG_V26, REG_V13) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V24, REG_V14) + VAESEF_VS(REG_V25, REG_V14) + VAESEF_VS(REG_V26, REG_V14) + VAESEF_VS(REG_V27, REG_V14) + VXOR_VV(REG_V28, REG_V24, REG_V28) + VXOR_VV(REG_V29, REG_V25, REG_V29) + VXOR_VV(REG_V30, REG_V26, REG_V30) + VXOR_VV(REG_V31, REG_V27, REG_V31) + /* Store output. */ + "mv t0, %[out]\n\t" + VS4R_V(REG_V28, REG_T0) + "addi %[in], %[in], 64\n\t" + "addi %[out], %[out], 64\n\t" + /* Loop if more elements to process. */ + "addi t4, t4, -1\n\t" + "bnez t4, L_aes_gcm_256_decrypt_x4_block_loop\n\t" + "andi %[sz], %[sz], 0x3f\n\t" + + "L_aes_gcm_256_decrypt_x4_blocks_done:\n\t" + "srli t2, %[sz], 4\n\t" + "beqz t2, L_aes_gcm_256_decrypt_blocks_done\n\t" + + "L_aes_gcm_256_decrypt_block_loop:\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V27, REG_V14) + + /* Load input. */ + "mv t0, %[in]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store output. */ + "mv t0, %[out]\n\t" + VS1R_V(REG_V27, REG_T0) + + "addi %[in], %[in], 16\n\t" + "addi %[out], %[out], 16\n\t" + /* Loop if more elements to process. */ + "addi t2, t2, -1\n\t" + "bnez t2, L_aes_gcm_256_decrypt_block_loop\n\t" + + "L_aes_gcm_256_decrypt_blocks_done:\n\t" + "andi t2, %[sz], 0xf\n\t" + "beqz t2, L_aes_gcm_256_decrypt_done\n\t" + + VXOR_VV(REG_V17, REG_V17, REG_V17) + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V17, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_256_decrypt_load_byte:\n\t" + "lb t0, (%[in])\n\t" + "sb t0, (%[scratch])\n\t" + "addi %[in], %[in], 1\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_decrypt_load_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + /* Encrypt counter for partial block. */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + VADD_VI(REG_V20, REG_V20, 1) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000) + VRGATHER_VV(REG_V17, REG_V15, REG_V20) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) +#else + VREV8(REG_V17, REG_V20) +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#else + "addi t3, t3, 1\n\t" + "slli t0, t3, 32\n\t" + REV8(REG_T0, REG_T0) + VMV_V_X(REG_V17, REG_T0) + VMV_V_V(REG_V27, REG_V16) + VSLIDEUP_VI(REG_V27, REG_V17, 3) +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + + VAESZ_VS(REG_V27, REG_V0) + VAESEM_VS(REG_V27, REG_V1) + VAESEM_VS(REG_V27, REG_V2) + VAESEM_VS(REG_V27, REG_V3) + VAESEM_VS(REG_V27, REG_V4) + VAESEM_VS(REG_V27, REG_V5) + VAESEM_VS(REG_V27, REG_V6) + VAESEM_VS(REG_V27, REG_V7) + VAESEM_VS(REG_V27, REG_V8) + VAESEM_VS(REG_V27, REG_V9) + VAESEM_VS(REG_V27, REG_V10) + VAESEM_VS(REG_V27, REG_V11) + VAESEM_VS(REG_V27, REG_V12) + VAESEM_VS(REG_V27, REG_V13) + VAESEF_VS(REG_V27, REG_V14) + + /* Load scratch. */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V27, REG_V27, REG_V17) + /* Store scratch. */ + VS1R_V(REG_V27, REG_T0) + "mv t1, t2\n\t" + "L_aes_gcm_256_decrypt_store_byte:\n\t" + "lb t0, (%[scratch])\n\t" + "sb t0, (%[out])\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[out], %[out], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_decrypt_store_byte\n\t" + "sub %[scratch], %[scratch], t2\n\t" + + "L_aes_gcm_256_decrypt_done:\n\t" + + /* Hash in the lengths of A and C in bits */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + /* aSz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[aSz], %[aSz], 3\n\t" + "srli t0, %[aSz], 32\n\t" + "srli t1, %[aSz], 24\n\t" + "srli t2, %[aSz], 16\n\t" + "srli t3, %[aSz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 0(%[scratch])\n\t" + "sb x0 , 2(%[scratch])\n\t" + "sb t0 , 3(%[scratch])\n\t" + "sb t1 , 4(%[scratch])\n\t" + "sb t2 , 5(%[scratch])\n\t" + "sb t3 , 6(%[scratch])\n\t" + "sb %[aSz], 7(%[scratch])\n\t" + /* sz is only 32-bits */ + /* Multiply by 8 do get size in bits. */ + "slli %[sz], %[sz], 3\n\t" + "srli t0, %[sz], 32\n\t" + "srli t1, %[sz], 24\n\t" + "srli t2, %[sz], 16\n\t" + "srli t3, %[sz], 8\n\t" + /* Top 3 bytes are 0. */ + "sh x0 , 8(%[scratch])\n\t" + "sb x0 , 10(%[scratch])\n\t" + "sb t0 , 11(%[scratch])\n\t" + "sb t1 , 12(%[scratch])\n\t" + "sb t2 , 13(%[scratch])\n\t" + "sb t3 , 14(%[scratch])\n\t" + "sb %[sz], 15(%[scratch])\n\t" +#else + "slli t0, %[aSz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 0(%[scratch])\n\t" + "slli t0, %[sz], 3\n\t" + REV8(REG_T0, REG_T0) + "sd t0, 8(%[scratch])\n\t" +#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + "mv t0, %[scratch]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VGHSH_VV(REG_V18, REG_V17, REG_V19) + + VAESZ_VS(REG_V16, REG_V0) + VAESEM_VS(REG_V16, REG_V1) + VAESEM_VS(REG_V16, REG_V2) + VAESEM_VS(REG_V16, REG_V3) + VAESEM_VS(REG_V16, REG_V4) + VAESEM_VS(REG_V16, REG_V5) + VAESEM_VS(REG_V16, REG_V6) + VAESEM_VS(REG_V16, REG_V7) + VAESEM_VS(REG_V16, REG_V8) + VAESEM_VS(REG_V16, REG_V9) + VAESEM_VS(REG_V16, REG_V10) + VAESEM_VS(REG_V16, REG_V11) + VAESEM_VS(REG_V16, REG_V12) + VAESEM_VS(REG_V16, REG_V13) + VAESEF_VS(REG_V16, REG_V14) + VXOR_VV(REG_V18, REG_V18, REG_V16) + + "li t1, 16\n\t" + "blt %[tagSz], t1, L_aes_gcm_256_decrypt_tag_small\n\t" + "mv t0, %[tag]\n\t" + VL1RE32_V(REG_V17, REG_T0) + VXOR_VV(REG_V19, REG_V19, REG_V19) + VXOR_VV(REG_V18, REG_V18, REG_V17) + VMSNE_VV(REG_V19, REG_V19, REG_V18) + VCPOP_M(REG_T0, REG_V19) + "beqz x0, L_aes_gcm_256_decrypt_tag_done\n\t" + "L_aes_gcm_256_decrypt_tag_small:\n\t" + "mv t0, %[scratch]\n\t" + VS1R_V(REG_V18, REG_T0) + "mv t1, %[tagSz]\n\t" + "xor t0, t0, t0\n\t" + "L_aes_gcm_256_decrypt_store_tag_byte:\n\t" + "lb t2, (%[scratch])\n\t" + "lb t3, (%[tag])\n\t" + "xor t0, t0, t2\n\t" + "xor t0, t0, t3\n\t" + "addi %[scratch], %[scratch], 1\n\t" + "addi %[tag], %[tag], 1\n\t" + "addi t1, t1, -1\n\t" + "bnez t1, L_aes_gcm_256_decrypt_store_tag_byte\n\t" + "L_aes_gcm_256_decrypt_tag_done:\n\t" + "negw t0, t0\n\t" + "sraiw t0, t0, 31\n\t" + "andi %[ret], t0, -180\n\t" + + : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key), + [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret), + [sz] "+r" (sz) + : [ctr] "r" (ctr), [scratch] "r" (scratch), + [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "memory", "t0", "t1", "t2", "t3", "t4" + ); + +#ifdef OPENSSL_EXTRA + if ((tag != NULL) && (in != NULL) && (sz != 0)) { + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } +#endif + + return ret; +} +#endif /* WOLFSSL_AES_256 */ + +/* Decrypt data using AES-GCM. + * + * @param [in] aes AES object. + * @param [out] out Decrypted data. + * @param [in] in Data to decrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, nonce or tag is NULL. + * @return BAD_FUNC_ARG when nonceSz is zero. + * @return BAD_FUNC_ARG when aad is NULL but aadSz is not zero. + * @return BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or + * greater than AES_BLOCK_SIZE. + * @return BAD_FUNC_ARG when sz is not zero but in or out is NULL. + * @return AES_GCM_AUTH_E when authentication tag computed doesn't match + * tag passed in. + */ +int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + + /* sanity checks */ + if ((aes == NULL) || (nonce == NULL) || (tag == NULL) || + (tagSz > AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || + ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) || + ((sz != 0) && ((in == NULL) || (out == NULL)))) { + WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0"); + return BAD_FUNC_ARG; + } + + if (ret == 0) { + switch (aes->rounds) { + #ifdef WOLFSSL_AES_128 + case 10: + ret = Aes128GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag, + tagSz, aad, aadSz); + break; + #endif + #ifdef WOLFSSL_AES_192 + case 12: + ret = Aes192GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag, + tagSz, aad, aadSz); + break; + #endif + #ifdef WOLFSSL_AES_256 + case 14: + ret = Aes256GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag, + tagSz, aad, aadSz); + break; + #endif + default: + WOLFSSL_MSG("AES-GCM invalid round number"); + ret = BAD_FUNC_ARG; + } + } + + return ret; + +} + +#endif /* HAVE_AES_DECRYPT */ + +/* END script replace AES-GCM RISC-V 64 with hardware vector crypto */ + +#define HAVE_AES_GCM_ENC_DEC + +#endif /* !WOLFSSL_RISCV_VECTOR_GCM */ + +#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +/* Implement GHASH if we haven't already. */ +#ifndef HAVE_GHASH +/* Remainder values. */ +static const word16 R[32] = { + 0x0000, 0x201c, 0x4038, 0x6024, + 0x8070, 0xa06c, 0xc048, 0xe054, + 0x00e1, 0x20fd, 0x40d9, 0x60c5, + 0x8091, 0xa08d, 0xc0a9, 0xe0b5, + + 0x0000, 0xc201, 0x8403, 0x4602, + 0x0807, 0xca06, 0x8c04, 0x4e05, + 0x100e, 0xd20f, 0x940d, 0x560c, + 0x1809, 0xda08, 0x9c0a, 0x5e0b, +}; + +/* GMULT, multiply in GF2, x and y into x. + * + * @param [in, out] x On in, value to GMULT. + * On out, result of GMULT. + * @param [in] y Value to GMULT. + */ +static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) +{ + int i; + word64 z8[2] = {0, 0}; + byte a; + word64* x8 = (word64*)x; + word64* m8; + word64 n0, n1, n2, n3; + byte xi; + + for (i = 15; i > 0; i--) { + xi = x[i]; + + /* XOR in (msn * H) */ + m8 = (word64*)m[xi & 0xf]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (byte)(z8[1] >> 56); + + /* Rotate Z by 8-bits */ + z8[1] = (z8[0] >> 56) | (z8[1] << 8); + z8[0] <<= 8; + + /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */ + m8 = (word64*)m[16 + (xi >> 4)]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* XOR in (msn * remainder) [pre-rotated by 4 bits] */ + z8[0] ^= (word64)R[16 + (a & 0xf)]; + /* XOR in next significant nibble (XORed with H) * remainder */ + m8 = (word64*)m[xi >> 4]; + a ^= (byte)(m8[1] >> 52); + z8[0] ^= (word64)R[a >> 4]; + } + + xi = x[0]; + + /* XOR in most significant nibble * H */ + m8 = (word64*)m[xi & 0xf]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (z8[1] >> 56) & 0xf; + + /* Rotate z by 4-bits */ + n3 = z8[1] & W64LIT(0xf0f0f0f0f0f0f0f0); + n2 = z8[1] & W64LIT(0x0f0f0f0f0f0f0f0f); + n1 = z8[0] & W64LIT(0xf0f0f0f0f0f0f0f0); + n0 = z8[0] & W64LIT(0x0f0f0f0f0f0f0f0f); + z8[1] = (n3 >> 4) | (n2 << 12) | (n0 >> 52); + z8[0] = (n1 >> 4) | (n0 << 12); + + /* XOR in next significant nibble * H */ + m8 = (word64*)m[xi >> 4]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + /* XOR in most significant nibble * remainder */ + z8[0] ^= (word64)R[a]; + + /* Write back result. */ + x8[0] = z8[0]; + x8[1] = z8[1]; +} + +/* GHASH Additional Authentication Data (AAD) and cipher text. + * + * @param [in] gcm GCM object. + * @param [in] a Additional Authentication Data (AAD). + * @param [in] aSz Size of AAD in bytes. + * @param [in] c Cipher text. + * @param [in] cSz Size of cipher text in bytes. + * @param [out] s Hash result. + * @param [in] sSz Number of bytes to put into hash result. + */ +void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, + byte* s, word32 sSz) +{ + if (gcm != NULL) { + byte x[AES_BLOCK_SIZE]; + byte scratch[AES_BLOCK_SIZE]; + word32 blocks, partial; + + XMEMSET(x, 0, AES_BLOCK_SIZE); + + /* Hash in A, the Additional Authentication Data */ + if (aSz != 0 && a != NULL) { + blocks = aSz / AES_BLOCK_SIZE; + partial = aSz % AES_BLOCK_SIZE; + while (blocks--) { + xorbuf16(x, a); + GMULT(x, gcm->M0); + a += AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, a, partial); + xorbuf16(x, scratch); + GMULT(x, gcm->M0); + } + } + + /* Hash in C, the Ciphertext */ + if (cSz != 0 && c != NULL) { + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + while (blocks--) { + xorbuf16(x, c); + GMULT(x, gcm->M0); + c += AES_BLOCK_SIZE; + } + if (partial != 0) { + XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMCPY(scratch, c, partial); + xorbuf16(x, scratch); + GMULT(x, gcm->M0); + } + } + + /* Hash in the lengths of A and C in bits */ + FlattenSzInBits(&scratch[0], aSz); + FlattenSzInBits(&scratch[8], cSz); + xorbuf16(x, scratch); + GMULT(x, gcm->M0); + + /* Copy the result into s. */ + XMEMCPY(s, x, sSz); + } +} +#endif /* !HAVE_GHASH */ + +#ifndef HAVE_AES_GCM_ENC_DEC +/* Increment AES-GCM counter. + * + * Big-endian byte ordering. + * + * @param [in, out] inOutCtr Counter value to be incremented. + */ +static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) +{ + int i; + + /* Big-endian aray - start at last element and move back. */ + for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) { + /* Result not zero means no carry. */ + if ((++inOutCtr[i]) != 0) { + return; + } + } +} + +/* Encrypt data using AES-GCM. + * + * @param [in] aes AES object. + * @param [out] out Encrypted data. + * @param [in] in Data to encrypt. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, nonce or tag is NULL. + * @return BAD_FUNC_ARG when nonceSz is zero. + * @return BAD_FUNC_ARG when aad is NULL but aadSz is not zero. + * @return BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or + * greater than AES_BLOCK_SIZE. + * @return BAD_FUNC_ARG when sz is not zero but in or out is NULL. + */ +int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + word32 partial = sz % AES_BLOCK_SIZE; + const byte* p = in; + byte* c = out; + ALIGN16 byte counter[AES_BLOCK_SIZE]; + ALIGN16 byte initialCounter[AES_BLOCK_SIZE]; + ALIGN16 byte scratch[AES_BLOCK_SIZE]; + + /* Validate parameters. */ + if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) || + ((aad == NULL) && (aadSz > 0)) || ((sz != 0) && ((in == NULL) || + (out == NULL)))) { + WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0"); + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || + (tagSz > AES_BLOCK_SIZE))) { + WOLFSSL_MSG("GcmEncrypt tagSz error"); + ret = BAD_FUNC_ARG; + } + + + if (ret == 0) { + if (nonceSz == GCM_NONCE_MID_SZ) { + /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ + XMEMCPY(counter, nonce, nonceSz); + XMEMSET(counter + GCM_NONCE_MID_SZ, 0, + AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { + /* Counter is GHASH of IV. */ + #ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; + #endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); + #ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; + #endif + } + memcpy16(initialCounter, counter); + + while (blocks--) { + IncrementGcmCounter(counter); + wc_AesEncrypt(aes, counter, scratch); + xorbufout16(c, scratch, p); + p += AES_BLOCK_SIZE; + c += AES_BLOCK_SIZE; + } + + if (partial != 0) { + IncrementGcmCounter(counter); + wc_AesEncrypt(aes, counter, scratch); + xorbufout(c, scratch, p, partial); + } + if (tag) { + GHASH(&aes->gcm, aad, aadSz, out, sz, tag, tagSz); + wc_AesEncrypt(aes, initialCounter, scratch); + xorbuf(tag, scratch, tagSz); + #ifdef OPENSSL_EXTRA + if (!in && !sz) + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + #endif + } + } + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt data using AES-GCM. + * + * @param [in] aes AES object. + * @param [out] out Decrypted data. + * @param [in] in Data to decrypt and GHASH. + * @param [in] sz Number of bytes of data. + * @param [in] nonce Nonce used to calculate first IV. + * @param [in] nonceSz Length of nonce in bytes. + * @param [out] tag Authentication tag. + * @param [in] tagSz Length of authentication tag in bytes. + * @param [in] aad Additional Authentication Data (AAD). + * @param [in] aadSz Length of AAD in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes, nonce or tag is NULL. + * @return BAD_FUNC_ARG when nonceSz is zero. + * @return BAD_FUNC_ARG when aad is NULL but aadSz is not zero. + * @return BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or + * greater than AES_BLOCK_SIZE. + * @return BAD_FUNC_ARG when sz is not zero but in or out is NULL. + * @return AES_GCM_AUTH_E when authentication tag computed doesn't match + * tag passed in. + */ +int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz, + const byte* aad, word32 aadSz) +{ + int ret = 0; + word32 blocks = sz / AES_BLOCK_SIZE; + word32 partial = sz % AES_BLOCK_SIZE; + const byte* c = in; + byte* p = out; + ALIGN16 byte counter[AES_BLOCK_SIZE]; + ALIGN16 byte scratch[AES_BLOCK_SIZE]; + ALIGN16 byte Tprime[AES_BLOCK_SIZE]; + ALIGN16 byte EKY0[AES_BLOCK_SIZE]; + sword32 res; + + /* Validate parameters. */ + if ((aes == NULL) || (nonce == NULL) || (tag == NULL) || + (tagSz > AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || + ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) || + ((sz != 0) && ((in == NULL) || (out == NULL)))) { + WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + if (nonceSz == GCM_NONCE_MID_SZ) { + /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ + XMEMCPY(counter, nonce, nonceSz); + XMEMSET(counter + GCM_NONCE_MID_SZ, 0, + AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { + /* Counter is GHASH of IV. */ + #ifdef OPENSSL_EXTRA + word32 aadTemp = aes->gcm.aadLen; + aes->gcm.aadLen = 0; + #endif + GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE); + #ifdef OPENSSL_EXTRA + aes->gcm.aadLen = aadTemp; + #endif + } + + /* Calc the tag again using received auth data and the cipher text */ + GHASH(&aes->gcm, aad, aadSz, in, sz, Tprime, sizeof(Tprime)); + wc_AesEncrypt(aes, counter, EKY0); + xorbuf(Tprime, EKY0, sizeof(Tprime)); + #ifdef WC_AES_GCM_DEC_AUTH_EARLY + /* ConstantCompare returns the cumulative bitwise or of the bitwise xor + * of the pairwise bytes in the strings. + */ + res = ConstantCompare(tag, Tprime, tagSz); + /* convert positive retval from ConstantCompare() to all-1s word, in + * constant time. + */ + res = 0 - (sword32)(((word32)(0 - res)) >> 31U); + ret = res & AES_GCM_AUTH_E; + } + if (ret == 0) { + #endif + + #ifdef OPENSSL_EXTRA + if (!out) { + /* authenticated, non-confidential data */ + /* store AAD size for next call */ + aes->gcm.aadLen = aadSz; + } + #endif + + while (blocks--) { + IncrementGcmCounter(counter); + wc_AesEncrypt(aes, counter, scratch); + xorbufout16(p, scratch, c); + p += AES_BLOCK_SIZE; + c += AES_BLOCK_SIZE; + } + + if (partial != 0) { + IncrementGcmCounter(counter); + wc_AesEncrypt(aes, counter, scratch); + xorbuf(scratch, c, partial); + XMEMCPY(p, scratch, partial); + } + + #ifndef WC_AES_GCM_DEC_AUTH_EARLY + /* ConstantCompare returns the cumulative bitwise or of the bitwise xor + * of the pairwise bytes in the strings. + */ + res = ConstantCompare(tag, Tprime, (int)tagSz); + /* convert positive retval from ConstantCompare() to all-1s word, in + * constant time. + */ + res = 0 - (sword32)(((word32)(0 - res)) >> 31U); + /* now use res as a mask for constant time return of ret, unless tag + * mismatch, whereupon AES_GCM_AUTH_E is returned. + */ + ret = (ret & ~res) | (res & AES_GCM_AUTH_E); + #endif + } + + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* !HAVE_AES_GCM_ENC_DEC */ + +#endif /* HAVE_AESGCM */ + +#ifdef HAVE_AESCCM + +static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out) +{ + /* process the bulk of the data */ + while (inSz >= AES_BLOCK_SIZE) { + xorbuf16(out, in); + in += AES_BLOCK_SIZE; + inSz -= AES_BLOCK_SIZE; + + wc_AesEncrypt(aes, out, out); + } + + /* process remainder of the data */ + if (inSz > 0) { + xorbuf(out, in, inSz); + wc_AesEncrypt(aes, out, out); + } +} + + +static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) +{ + word32 authLenSz; + word32 remainder; + + /* encode the length in */ + if (inSz <= 0xFEFF) { + authLenSz = 2; + out[0] ^= ((inSz & 0xFF00) >> 8); + out[1] ^= (inSz & 0x00FF); + } + else { + authLenSz = 6; + out[0] ^= 0xFF; out[1] ^= 0xFE; + out[2] ^= ((inSz & 0xFF000000) >> 24); + out[3] ^= ((inSz & 0x00FF0000) >> 16); + out[4] ^= ((inSz & 0x0000FF00) >> 8); + out[5] ^= (inSz & 0x000000FF); + } + /* Note, the protocol handles auth data up to 2^64, but we are + * using 32-bit sizes right now, so the bigger data isn't handled. + */ + + /* start fill out the rest of the first block */ + remainder = AES_BLOCK_SIZE - authLenSz; + if (inSz >= remainder) { + /* plenty of bulk data to fill the remainder of this block */ + xorbuf(out + authLenSz, in, remainder); + inSz -= remainder; + in += remainder; + } + else { + /* not enough bulk data, copy what is available, and pad zero */ + xorbuf(out + authLenSz, in, inSz); + inSz = 0; + } + wc_AesEncrypt(aes, out, out); + + if (inSz > 0) + roll_x(aes, in, inSz, out); +} + + +static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz) +{ + word32 i; + + for (i = 0; i < lenSz; i++) { + if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return; + } +} + +/* return 0 on success */ +int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = 0; + + /* sanity check on arguments */ + if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) || + (nonce == NULL) || (authTag == NULL) || (nonceSz < 7) || + (nonceSz > 13)) { + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + byte A[AES_BLOCK_SIZE]; + byte B[AES_BLOCK_SIZE]; + byte lenSz; + byte i; + + XMEMCPY(B+1, nonce, nonceSz); + lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; + B[0] = (authInSz > 0 ? 64 : 0) + + (8 * (((byte)authTagSz - 2) / 2)) + + (lenSz - 1); + for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) { + B[AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i); + } + for (; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + + wc_AesEncrypt(aes, B, A); + + if (authInSz > 0) { + roll_auth(aes, authIn, authInSz, A); + } + if (inSz > 0) { + roll_x(aes, in, inSz, A); + } + XMEMCPY(authTag, A, authTagSz); + + B[0] = lenSz - 1; + for (i = 0; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + wc_AesEncrypt(aes, B, A); + xorbuf(authTag, A, authTagSz); + + B[15] = 1; + while (inSz >= AES_BLOCK_SIZE) { + wc_AesEncrypt(aes, B, A); + xorbuf16(A, in); + memcpy16(out, A); + + AesCcmCtrInc(B, lenSz); + inSz -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (inSz > 0) { + wc_AesEncrypt(aes, B, A); + xorbuf(A, in, inSz); + XMEMCPY(out, A, inSz); + } + + ForceZero(A, AES_BLOCK_SIZE); + ForceZero(B, AES_BLOCK_SIZE); + } + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = 0; + + /* sanity check on arguments */ + if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) || + (nonce == NULL) || (authTag == NULL) || (nonceSz < 7) || + (nonceSz > 13)) { + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + byte A[AES_BLOCK_SIZE]; + byte B[AES_BLOCK_SIZE]; + byte lenSz; + byte i; + byte* o = out; + word32 oSz = inSz; + + XMEMCPY(B+1, nonce, nonceSz); + lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; + + B[0] = lenSz - 1; + for (i = 0; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + B[15] = 1; + + while (oSz >= AES_BLOCK_SIZE) { + wc_AesEncrypt(aes, B, A); + xorbuf16(A, in); + memcpy16(o, A); + + AesCcmCtrInc(B, lenSz); + oSz -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + o += AES_BLOCK_SIZE; + } + if (inSz > 0) { + wc_AesEncrypt(aes, B, A); + xorbuf(A, in, oSz); + XMEMCPY(o, A, oSz); + } + + for (i = 0; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + wc_AesEncrypt(aes, B, A); + + B[0] = (authInSz > 0 ? 64 : 0) + + (8 * (((byte)authTagSz - 2) / 2)) + + (lenSz - 1); + for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) { + B[AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i); + } + for (; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + + wc_AesEncrypt(aes, B, A); + + if (authInSz > 0) { + roll_auth(aes, authIn, authInSz, A); + } + if (inSz > 0) { + roll_x(aes, out, inSz, A); + } + + B[0] = lenSz - 1; + for (i = 0; i < lenSz; i++) { + B[AES_BLOCK_SIZE - 1 - i] = 0; + } + wc_AesEncrypt(aes, B, B); + xorbuf(A, B, authTagSz); + + if (ConstantCompare(A, authTag, authTagSz) != 0) { + /* If the authTag check fails, don't keep the decrypted data. + * Unfortunately, you need the decrypted data to calculate the + * check value. */ + XMEMSET(out, 0, inSz); + ret = AES_CCM_AUTH_E; + } + + ForceZero(A, AES_BLOCK_SIZE); + ForceZero(B, AES_BLOCK_SIZE); + o = NULL; + } + + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AESCCM */ + +#endif /* WOLFSSL_RISCV_ASM */ + +#endif /* !NO_AES */ + diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c new file mode 100644 index 0000000000..a1195713d1 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c @@ -0,0 +1,2374 @@ +/* riscv-64-chacha.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to + * optimize for ARM: + * https://cryptojedi.org/papers/veccrypto-20120320.pdf + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include + +#ifdef WOLFSSL_RISCV_ASM +#ifdef HAVE_CHACHA + +#include +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef CHACHA_AEAD_TEST + #include +#endif + +#ifdef CHACHA_TEST + #include +#endif + +/* Number of rounds */ +#define ROUNDS 20 + +#define U32C(v) (v##U) +#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) +#define U8TO32_LITTLE(p) (((word32*)(p))[0]) + +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define ARM_SIMD_LEN_BYTES 16 + +/** + * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version + * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. + */ +int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) +{ + word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */ + + if (ctx == NULL) + return BAD_FUNC_ARG; + + XMEMCPY(temp, inIv, CHACHA_IV_BYTES); + + ctx->left = 0; + ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */ + ctx->X[CHACHA_IV_BYTES+1] = temp[0]; /* fixed variable from nonce */ + ctx->X[CHACHA_IV_BYTES+2] = temp[1]; /* counter from nonce */ + ctx->X[CHACHA_IV_BYTES+3] = temp[2]; /* counter from nonce */ + + return 0; +} + +/* "expand 32-byte k" as unsigned 32 byte */ +static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; +/* "expand 16-byte k" as unsigned 16 byte */ +static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; + +/** + * Key setup. 8 word iv (nonce) + */ +int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) +{ + const word32* constants; + const byte* k; + +#ifdef XSTREAM_ALIGN + word32 alignKey[8]; +#endif + + if (ctx == NULL) + return BAD_FUNC_ARG; + + if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ) + return BAD_FUNC_ARG; + +#ifdef XSTREAM_ALIGN + if ((wc_ptr_t)key % 4) { + WOLFSSL_MSG("wc_ChachaSetKey unaligned key"); + XMEMCPY(alignKey, key, keySz); + k = (byte*)alignKey; + } + else { + k = key; + } +#else + k = key; +#endif /* XSTREAM_ALIGN */ + + ctx->X[4] = U8TO32_LITTLE(k + 0); + ctx->X[5] = U8TO32_LITTLE(k + 4); + ctx->X[6] = U8TO32_LITTLE(k + 8); + ctx->X[7] = U8TO32_LITTLE(k + 12); + if (keySz == CHACHA_MAX_KEY_SZ) { + k += 16; + constants = sigma; + } + else { + constants = tau; + } + ctx->X[ 8] = U8TO32_LITTLE(k + 0); + ctx->X[ 9] = U8TO32_LITTLE(k + 4); + ctx->X[10] = U8TO32_LITTLE(k + 8); + ctx->X[11] = U8TO32_LITTLE(k + 12); + ctx->X[ 0] = constants[0]; + ctx->X[ 1] = constants[1]; + ctx->X[ 2] = constants[2]; + ctx->X[ 3] = constants[3]; + ctx->left = 0; + + return 0; +} + + +#define CC_A0 "a4" +#define CC_A1 "a5" +#define CC_A2 "a6" +#define CC_A3 "a7" +#define CC_B0 "t3" +#define CC_B1 "t4" +#define CC_B2 "t5" +#define CC_B3 "t6" +#define CC_C0 "s2" +#define CC_C1 "s3" +#define CC_C2 "s4" +#define CC_C3 "s5" +#define CC_D0 "s6" +#define CC_D1 "s7" +#define CC_D2 "s8" +#define CC_D3 "s9" +#define CC_T0 "t0" +#define CC_T1 "t1" +#define CC_T2 "t2" +#define CC_T3 "s1" + +#if defined(WOLFSSL_RISCV_VECTOR) + +static const word32 L_chacha20_vec_inc_first_word[] = { + 0x1, + 0x0, + 0x0, + 0x0, +}; + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VSLL_VI(REG_V20, REG_V3, s) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V15, s) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V19, s) \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VSRL_VI(REG_V15, REG_V15, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VSRL_VI(REG_V19, REG_V19, sr) \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V15, REG_V15, REG_V23) \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V19, REG_V19, REG_V24) + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VSLL_VI(REG_V20, REG_V1, s) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V13, s) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V17, s) \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VSRL_VI(REG_V13, REG_V13, sr) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VSRL_VI(REG_V17, REG_V17, sr) \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V13, REG_V13, REG_V23) \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V17, REG_V17, REG_V24) + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VSLL_VI(REG_V20, REG_V3, s) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V15, s) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V19, s) \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VSRL_VI(REG_V15, REG_V15, sr) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VSRL_VI(REG_V19, REG_V19, sr) \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V15, REG_V15, REG_V23) \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V19, REG_V19, REG_V24) + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VSLL_VI(REG_V20, REG_V1, s) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V13, s) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V17, s) \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VSRL_VI(REG_V13, REG_V13, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VSRL_VI(REG_V17, REG_V17, sr) \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V13, REG_V13, REG_V23) \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V17, REG_V17, REG_V24) + +#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION ) + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VROR_VI(REG_V15, sr, REG_V15) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VROR_VI(REG_V19, sr, REG_V19) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VROR_VI(REG_V13, sr, REG_V13) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VROR_VI(REG_V17, sr, REG_V17) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VROR_VI(REG_V15, sr, REG_V15) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VROR_VI(REG_V19, sr, REG_V19) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VROR_VI(REG_V13, sr, REG_V13) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VROR_VI(REG_V17, sr, REG_V17) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VROR_VI(REG_V3, sr, REG_V3) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S7, REG_S7, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S8, REG_S8, sr) \ + VROR_VI(REG_V15, sr, REG_V15) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V19, sr, REG_V19) + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VROR_VI(REG_V1, sr, REG_V1) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T5, REG_T5, sr) \ + VROR_VI(REG_V13, sr, REG_V13) \ + RORIW(REG_T6, REG_T6, sr) \ + VROR_VI(REG_V17, sr, REG_V17) + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VROR_VI(REG_V3, sr, REG_V3) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S7, REG_S7, sr) \ + VROR_VI(REG_V15, sr, REG_V15) \ + RORIW(REG_S8, REG_S8, sr) \ + VROR_VI(REG_V19, sr, REG_V19) + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VROR_VI(REG_V1, sr, REG_V1) \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T5, REG_T5, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T6, REG_T6, sr) \ + VROR_VI(REG_V13, sr, REG_V13) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V17, sr, REG_V17) + +#endif + +#define QUARTER_ROUND_ODD_5() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD_5(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB_5(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD_5( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB_5( 7, 25) + +#define QUARTER_ROUND_EVEN_5() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD_5(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB_5(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD_5( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB_5( 7, 25) + +#define SHUFFLE_5(r, t, i) \ + VRGATHER_VV(t + 0, i, r + 0) \ + VRGATHER_VV(t + 1, i, r + 4) \ + VRGATHER_VV(t + 2, i, r + 8) \ + VRGATHER_VV(t + 3, i, r + 12) \ + VRGATHER_VV(t + 4, i, r + 16) \ + VMV_V_V(r + 0, t + 0) \ + VMV_V_V(r + 4, t + 1) \ + VMV_V_V(r + 8, t + 2) \ + VMV_V_V(r + 12, t + 3) \ + VMV_V_V(r + 16, t + 4) + +#define ODD_SHUFFLE_5() \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + SHUFFLE_5(REG_V3, REG_V20, REG_V27) \ + SHUFFLE_5(REG_V1, REG_V20, REG_V25) \ + SHUFFLE_5(REG_V2, REG_V20, REG_V26) + +#define EVEN_SHUFFLE_5() \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + SHUFFLE_5(REG_V3, REG_V20, REG_V25) \ + SHUFFLE_5(REG_V1, REG_V20, REG_V27) \ + SHUFFLE_5(REG_V2, REG_V20, REG_V26) + +static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m, + byte* c, word32 bytes) +{ + word64 bytes64 = (word64)bytes; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v8-v11 - third block + * v12-v15 - fourth block + * v16-v19 - fifth block + * v20-v24 - temp/message + * v25-v27 - indeces for rotating words in vector + * v28-v31 - input + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V28, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V25, REG_V20, 1) + VSLIDEUP_VI(REG_V25, REG_V20, 3) + VSLIDEDOWN_VI(REG_V26, REG_V20, 2) + VSLIDEUP_VI(REG_V26, REG_V20, 2) + VSLIDEDOWN_VI(REG_V27, REG_V20, 3) + VSLIDEUP_VI(REG_V27, REG_V20, 1) + "\n" + "L_chacha20_riscv_384_outer:\n\t" + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "lw s7, 52(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s9, s8, 32\n\t" + VMV_X_S(REG_S6, REG_V31) + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V28, 4) + VMVR_V(REG_V4, REG_V28, 4) + VMVR_V(REG_V8, REG_V28, 4) + VMVR_V(REG_V12, REG_V28, 4) + VMVR_V(REG_V16, REG_V28, 4) + /* Set counter word */ + "addi t1, s6, 1\n\t" + VMV_S_X(REG_V7, REG_T1) + "addi t1, s6, 2\n\t" + VMV_S_X(REG_V11, REG_T1) + "addi t1, s6, 3\n\t" + VMV_S_X(REG_V15, REG_T1) + "addi t1, s6, 4\n\t" + VMV_S_X(REG_V19, REG_T1) + "addi s6, s6, 5\n\t" + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_384_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD_5() + ODD_SHUFFLE_5() + /* Even Round */ + QUARTER_ROUND_EVEN_5() + EVEN_SHUFFLE_5() + "addi a3, a3, -1\n\t" + "bnez a3, L_chacha20_riscv_384_loop\n\t" + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Add back state, XOR in message and store (load next block) */ + /* BLOCK 1 */ + VADD_VV(REG_V0, REG_V0, REG_V28) + VADD_VV(REG_V1, REG_V1, REG_V29) + VADD_VV(REG_V2, REG_V2, REG_V30) + VADD_VV(REG_V3, REG_V3, REG_V31) + VXOR_VV(REG_V0, REG_V0, REG_V20) + VXOR_VV(REG_V1, REG_V1, REG_V21) + VXOR_VV(REG_V2, REG_V2, REG_V22) + VXOR_VV(REG_V3, REG_V3, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + VMV_X_S(REG_T0, REG_V31) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 2 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V4, REG_V4, REG_V28) + VADD_VV(REG_V5, REG_V5, REG_V29) + VADD_VV(REG_V6, REG_V6, REG_V30) + VADD_VV(REG_V7, REG_V7, REG_V31) + VXOR_VV(REG_V4, REG_V4, REG_V20) + VXOR_VV(REG_V5, REG_V5, REG_V21) + VXOR_VV(REG_V6, REG_V6, REG_V22) + VXOR_VV(REG_V7, REG_V7, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 3 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V8, REG_V8, REG_V28) + VADD_VV(REG_V9, REG_V9, REG_V29) + VADD_VV(REG_V10, REG_V10, REG_V30) + VADD_VV(REG_V11, REG_V11, REG_V31) + VXOR_VV(REG_V8, REG_V8, REG_V20) + VXOR_VV(REG_V9, REG_V9, REG_V21) + VXOR_VV(REG_V10, REG_V10, REG_V22) + VXOR_VV(REG_V11, REG_V11, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V8, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 4 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V12, REG_V12, REG_V28) + VADD_VV(REG_V13, REG_V13, REG_V29) + VADD_VV(REG_V14, REG_V14, REG_V30) + VADD_VV(REG_V15, REG_V15, REG_V31) + VXOR_VV(REG_V12, REG_V12, REG_V20) + VXOR_VV(REG_V13, REG_V13, REG_V21) + VXOR_VV(REG_V14, REG_V14, REG_V22) + VXOR_VV(REG_V15, REG_V15, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V12, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 5 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V16, REG_V16, REG_V28) + VADD_VV(REG_V17, REG_V17, REG_V29) + VADD_VV(REG_V18, REG_V18, REG_V30) + VADD_VV(REG_V19, REG_V19, REG_V31) + VXOR_VV(REG_V16, REG_V16, REG_V20) + VXOR_VV(REG_V17, REG_V17, REG_V21) + VXOR_VV(REG_V18, REG_V18, REG_V22) + VXOR_VV(REG_V19, REG_V19, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V16, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 6 */ + /* Move regular registers into vector registers for adding and xor */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V0, REG_A4) + VMV_S_X(REG_V1, REG_T3) + VMV_S_X(REG_V2, REG_S2) + VMV_S_X(REG_V3, REG_S6) + VMV_S_X(REG_V4, REG_A5) + VMV_S_X(REG_V5, REG_T4) + VMV_S_X(REG_V6, REG_S3) + VMV_S_X(REG_V7, REG_S7) + VSLIDEUP_VI(REG_V0, REG_V4, 1) + VSLIDEUP_VI(REG_V1, REG_V5, 1) + VSLIDEUP_VI(REG_V2, REG_V6, 1) + VSLIDEUP_VI(REG_V3, REG_V7, 1) + VMV_S_X(REG_V4, REG_A6) + VMV_S_X(REG_V5, REG_T5) + VMV_S_X(REG_V6, REG_S4) + VMV_S_X(REG_V7, REG_S8) + VSLIDEUP_VI(REG_V0, REG_V4, 2) + VSLIDEUP_VI(REG_V1, REG_V5, 2) + VSLIDEUP_VI(REG_V2, REG_V6, 2) + VSLIDEUP_VI(REG_V3, REG_V7, 2) + VMV_S_X(REG_V4, REG_A7) + VMV_S_X(REG_V5, REG_T6) + VMV_S_X(REG_V6, REG_S5) + VMV_S_X(REG_V7, REG_S9) + VSLIDEUP_VI(REG_V0, REG_V4, 3) + VSLIDEUP_VI(REG_V1, REG_V5, 3) + VSLIDEUP_VI(REG_V2, REG_V6, 3) + VSLIDEUP_VI(REG_V3, REG_V7, 3) + VMV_S_X(REG_V31, REG_T0) + /* Add back state, XOR in message and store */ + VADD_VV(REG_V0, REG_V0, REG_V28) + VADD_VV(REG_V1, REG_V1, REG_V29) + VADD_VV(REG_V2, REG_V2, REG_V30) + VADD_VV(REG_V3, REG_V3, REG_V31) + VXOR_VV(REG_V0, REG_V0, REG_V20) + VXOR_VV(REG_V1, REG_V1, REG_V21) + VXOR_VV(REG_V2, REG_V2, REG_V22) + VXOR_VV(REG_V3, REG_V3, REG_V23) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + "addi %[bytes], %[bytes], -384\n\t" + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + "bnez %[bytes], L_chacha20_riscv_384_outer\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VSLL_VI(REG_V20, REG_V3, s) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VSLL_VI(REG_V20, REG_V1, s) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VSLL_VI(REG_V20, REG_V3, s) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VSLL_VI(REG_V20, REG_V1, s) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION ) + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) \ + RORIW(REG_S9, REG_S9, sr) + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) \ + RORIW(REG_T3, REG_T3, sr) + +#endif + +#define QUARTER_ROUND_ODD_4() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB( 7, 25) + +#define QUARTER_ROUND_EVEN_4() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB( 7, 25) + +#define SHUFFLE_4(r, t, i) \ + VRGATHER_VV(t + 0, i, r + 0) \ + VRGATHER_VV(t + 1, i, r + 4) \ + VRGATHER_VV(t + 2, i, r + 8) \ + VMV_V_V(r + 0, t + 0) \ + VMV_V_V(r + 4, t + 1) \ + VMV_V_V(r + 8, t + 2) + +#define ODD_SHUFFLE_4() \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + SHUFFLE_4(REG_V3, REG_V20, REG_V25) \ + SHUFFLE_4(REG_V1, REG_V20, REG_V23) \ + SHUFFLE_4(REG_V2, REG_V20, REG_V24) + +#define EVEN_SHUFFLE_4() \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + SHUFFLE_4(REG_V3, REG_V20, REG_V23) \ + SHUFFLE_4(REG_V1, REG_V20, REG_V25) \ + SHUFFLE_4(REG_V2, REG_V20, REG_V24) + +/** + * Converts word into bytes with rotations having been done. + */ +static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m, + byte* c) +{ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v8-v11 - third block + * v12-v15 - message + * v16-v19 - input + * v20-v22 - temp + * v23-v25 - indeces for rotating words in vector + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V16, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V23, REG_V20, 1) + VSLIDEUP_VI(REG_V23, REG_V20, 3) + VSLIDEDOWN_VI(REG_V24, REG_V20, 2) + VSLIDEUP_VI(REG_V24, REG_V20, 2) + VSLIDEDOWN_VI(REG_V25, REG_V20, 3) + VSLIDEUP_VI(REG_V25, REG_V20, 1) + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "ld s6, 48(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s7, s6, 32\n\t" + "srli s9, s8, 32\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V16, 4) + "addi t0, s6, 1\n\t" + VMVR_V(REG_V4, REG_V16, 4) + "addi t1, s6, 2\n\t" + VMVR_V(REG_V8, REG_V16, 4) + "addi s6, s6, 3\n\t" + /* Set counter word */ + VMV_S_X(REG_V7, REG_T0) + VMV_S_X(REG_V11, REG_T1) + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_256_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD_4() + ODD_SHUFFLE_4() + "addi a3, a3, -1\n\t" + /* Even Round */ + QUARTER_ROUND_EVEN_4() + EVEN_SHUFFLE_4() + "bnez a3, L_chacha20_riscv_256_loop\n\t" + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Add back state, XOR in message and store (load next block) */ + /* BLOCK 1 */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + VMV_X_S(REG_T0, REG_V19) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 2 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V19, REG_T0) + VADD_VV(REG_V4, REG_V4, REG_V16) + VADD_VV(REG_V5, REG_V5, REG_V17) + VADD_VV(REG_V6, REG_V6, REG_V18) + VADD_VV(REG_V7, REG_V7, REG_V19) + VXOR_VV(REG_V4, REG_V4, REG_V12) + VXOR_VV(REG_V5, REG_V5, REG_V13) + VXOR_VV(REG_V6, REG_V6, REG_V14) + VXOR_VV(REG_V7, REG_V7, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 3 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V19, REG_T0) + VADD_VV(REG_V8, REG_V8, REG_V16) + VADD_VV(REG_V9, REG_V9, REG_V17) + VADD_VV(REG_V10, REG_V10, REG_V18) + VADD_VV(REG_V11, REG_V11, REG_V19) + VXOR_VV(REG_V8, REG_V8, REG_V12) + VXOR_VV(REG_V9, REG_V9, REG_V13) + VXOR_VV(REG_V10, REG_V10, REG_V14) + VXOR_VV(REG_V11, REG_V11, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "mv t2, %[c]\n\t" + VS4R_V(REG_V8, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 4 */ + /* Move regular registers into vector registers for adding and xor */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V0, REG_A4) + VMV_S_X(REG_V1, REG_T3) + VMV_S_X(REG_V2, REG_S2) + VMV_S_X(REG_V3, REG_S6) + VMV_S_X(REG_V4, REG_A5) + VMV_S_X(REG_V5, REG_T4) + VMV_S_X(REG_V6, REG_S3) + VMV_S_X(REG_V7, REG_S7) + VSLIDEUP_VI(REG_V0, REG_V4, 1) + VSLIDEUP_VI(REG_V1, REG_V5, 1) + VSLIDEUP_VI(REG_V2, REG_V6, 1) + VSLIDEUP_VI(REG_V3, REG_V7, 1) + VMV_S_X(REG_V4, REG_A6) + VMV_S_X(REG_V5, REG_T5) + VMV_S_X(REG_V6, REG_S4) + VMV_S_X(REG_V7, REG_S8) + VSLIDEUP_VI(REG_V0, REG_V4, 2) + VSLIDEUP_VI(REG_V1, REG_V5, 2) + VSLIDEUP_VI(REG_V2, REG_V6, 2) + VSLIDEUP_VI(REG_V3, REG_V7, 2) + VMV_S_X(REG_V4, REG_A7) + VMV_S_X(REG_V5, REG_T6) + VMV_S_X(REG_V6, REG_S5) + VMV_S_X(REG_V7, REG_S9) + VSLIDEUP_VI(REG_V0, REG_V4, 3) + VSLIDEUP_VI(REG_V1, REG_V5, 3) + VSLIDEUP_VI(REG_V2, REG_V6, 3) + VSLIDEUP_VI(REG_V3, REG_V7, 3) + VMV_S_X(REG_V19, REG_T0) + /* Add back state, XOR in message and store */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + : [m] "+r" (m), [c] "+r" (c) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); + return CHACHA_CHUNK_BYTES * 4; +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr) \ + VADD_VV(a, a, b) \ + VADD_VV(a2, a2, b2) \ + VXOR_VV(d, d, a) \ + VXOR_VV(d2, d2, a2) \ + VSLL_VI(t, d, sl) \ + VSLL_VI(t2, d2, sl) \ + VSRL_VI(d, d, sr) \ + VSRL_VI(d2, d2, sr) \ + VOR_VV(d, d, t) \ + VOR_VV(d2, d2, t2) + +#else + +#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr) \ + VADD_VV(a, a, b) \ + VADD_VV(a2, a2, b2) \ + VXOR_VV(d, d, a) \ + VXOR_VV(d2, d2, a2) \ + VROR_VI(d, sr, d) \ + VROR_VI(d2, sr, d2) + +#endif + +#define QUARTER_ROUND_2(a, b, c, d, t, a2, b2, c2, d2, t2) \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 7, 25) + +#define ODD_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2) \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + VRGATHER_VV(t, REG_V25, d) \ + VRGATHER_VV(t2, REG_V25, d2) \ + VMV_V_V(d, t) \ + VMV_V_V(d2, t2) \ + VRGATHER_VV(t, REG_V23, b) \ + VRGATHER_VV(t2, REG_V23, b2) \ + VMV_V_V(b, t) \ + VMV_V_V(b2, t2) \ + VRGATHER_VV(t, REG_V24, c) \ + VRGATHER_VV(t2, REG_V24, c2) \ + VMV_V_V(c, t) \ + VMV_V_V(c2, t2) + +#define EVEN_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2) \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + VRGATHER_VV(t, REG_V23, d) \ + VRGATHER_VV(t2, REG_V23, d2) \ + VMV_V_V(d, t) \ + VMV_V_V(d2, t2) \ + VRGATHER_VV(t, REG_V25, b) \ + VRGATHER_VV(t2, REG_V25, b2) \ + VMV_V_V(b, t) \ + VMV_V_V(b2, t2) \ + VRGATHER_VV(t, REG_V24, c) \ + VRGATHER_VV(t2, REG_V24, c2) \ + VMV_V_V(c, t) \ + VMV_V_V(c2, t2) + + +static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m, + byte* c) +{ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v12-v15 - message + * v16-v19 - input + * v20-v22 - temp + * v23-v25 - indeces for rotating words in vector + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load incrementer register to modify counter */ + "mv t2, %[L_chacha20_vec_inc_first_word]\n\t" + VL1RE32_V(REG_V22, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V23, REG_V20, 1) + VSLIDEUP_VI(REG_V23, REG_V20, 3) + VSLIDEDOWN_VI(REG_V24, REG_V20, 2) + VSLIDEUP_VI(REG_V24, REG_V20, 2) + VSLIDEDOWN_VI(REG_V25, REG_V20, 3) + VSLIDEUP_VI(REG_V25, REG_V20, 1) + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V16, REG_T2) + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V16, 4) + VMVR_V(REG_V4, REG_V16, 4) + /* Add counter word */ + VADD_VV(REG_V7, REG_V7, REG_V22) + /* Set number of odd+even rounds to perform */ + "li t0, 10\n\t" + "\n" + "L_chacha20_riscv_128_loop:\n\t" + QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20, + REG_V4, REG_V5, REG_V6, REG_V7, REG_V21) + ODD_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20, + REG_V5, REG_V6, REG_V7, REG_V21) + QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20, + REG_V4, REG_V5, REG_V6, REG_V7, REG_V21) + EVEN_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20, + REG_V5, REG_V6, REG_V7, REG_V21) + "addi t0, t0, -1\n\t" + "bnez t0, L_chacha20_riscv_128_loop\n\t" + /* Add back state, XOR in message and store (load next block) */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + VADD_VV(REG_V19, REG_V19, REG_V22) + VADD_VV(REG_V4, REG_V4, REG_V16) + VADD_VV(REG_V5, REG_V5, REG_V17) + VADD_VV(REG_V6, REG_V6, REG_V18) + VADD_VV(REG_V7, REG_V7, REG_V19) + VXOR_VV(REG_V4, REG_V4, REG_V12) + VXOR_VV(REG_V5, REG_V5, REG_V13) + VXOR_VV(REG_V6, REG_V6, REG_V14) + VXOR_VV(REG_V7, REG_V7, REG_V15) + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + : [m] "+r" (m), [c] "+r" (c) + : [input] "r" (input), + [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word) + : "memory", "t0", "t1", "t2" + ); + return CHACHA_CHUNK_BYTES * 2; +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND(a, b, d, t, sl, sr) \ + VADD_VV(a, a, b) \ + VXOR_VV(d, d, a) \ + VSLL_VI(t, d, sl) \ + VSRL_VI(d, d, sr) \ + VOR_VV(d, d, t) + +#else + +#define PART_ROUND(a, b, d, t, sl, sr) \ + VADD_VV(a, a, b) \ + VXOR_VV(d, d, a) \ + VROR_VI(d, sr, d) + +#endif + +#define QUARTER_ROUND(a, b, c, d, t) \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND(a, b, d, t, 16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND(c, d, b, t, 12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND(a, b, d, t, 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND(c, d, b, t, 7, 25) + +#define ODD_SHUFFLE(b, c, d, t) \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + VSLIDEDOWN_VI(t, d, 3) \ + VSLIDEUP_VI(t, d, 1) \ + VMV_V_V(d, t) \ + VSLIDEDOWN_VI(t, b, 1) \ + VSLIDEUP_VI(t, b, 3) \ + VMV_V_V(b, t) \ + VSLIDEDOWN_VI(t, c, 2) \ + VSLIDEUP_VI(t, c, 2) \ + VMV_V_V(c, t) + +#define EVEN_SHUFFLE(b, c, d, t) \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + VSLIDEDOWN_VI(t, d, 1) \ + VSLIDEUP_VI(t, d, 3) \ + VMV_V_V(d, t) \ + VSLIDEDOWN_VI(t, b, 3) \ + VSLIDEUP_VI(t, b, 1) \ + VMV_V_V(b, t) \ + VSLIDEDOWN_VI(t, c, 2) \ + VSLIDEUP_VI(t, c, 2) \ + VMV_V_V(c, t) + +#define EIGHT_QUARTER_ROUNDS(a, b, c, d, t) \ + /* Odd Round */ \ + QUARTER_ROUND(a, b, c, d, t) \ + ODD_SHUFFLE(b, c, d, t) \ + /* Even Round */ \ + QUARTER_ROUND(a, b, c, d, t) \ + EVEN_SHUFFLE(b, c, d, t) + +static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m, + byte* c, word32 bytes, byte* over) +{ + word64 bytes64 = (word64)bytes; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - block + * v4-v7 - message + * v8-v11 - input + * v12 - temp + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load incrementer register to modify counter */ + "mv t2, %[L_chacha20_vec_inc_first_word]\n\t" + VL1RE32_V(REG_V13, REG_T2) + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V8, REG_T2) + "\n" + "L_chacha20_riscv_64_loop:\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V8, 4) + /* Add counter word */ + /* Odd Round */ + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + "addi t1, %[bytes], -64\n\t" + /* Add back state */ + VADD_VV(REG_V0, REG_V0, REG_V8) + VADD_VV(REG_V1, REG_V1, REG_V9) + VADD_VV(REG_V2, REG_V2, REG_V10) + VADD_VV(REG_V3, REG_V3, REG_V11) + "bltz t1, L_chacha20_riscv_64_lt_64\n\t" + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + VXOR_VV(REG_V5, REG_V5, REG_V1) + VXOR_VV(REG_V6, REG_V6, REG_V2) + VXOR_VV(REG_V7, REG_V7, REG_V3) + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -64\n\t" + "addi %[c], %[c], 64\n\t" + "addi %[m], %[m], 64\n\t" + VADD_VV(REG_V11, REG_V11, REG_V13) + "bnez %[bytes], L_chacha20_riscv_64_loop\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + "\n" + "L_chacha20_riscv_64_lt_64:\n\t" + "mv t2, %[over]\n\t" + "addi t1, %[bytes], -32\n\t" + VS4R_V(REG_V0, REG_T2) + + "bltz t1, L_chacha20_riscv_64_lt_32\n\t" + "mv t2, %[m]\n\t" + VL2RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + VXOR_VV(REG_V5, REG_V5, REG_V1) + "mv t2, %[c]\n\t" + VS2R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -32\n\t" + "addi %[c], %[c], 32\n\t" + "addi %[m], %[m], 32\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VMVR_V(REG_V0, REG_V2, 2) + "\n" + "L_chacha20_riscv_64_lt_32:\n\t" + "addi t1, %[bytes], -16\n\t" + "bltz t1, L_chacha20_riscv_64_lt_16\n\t" + "mv t2, %[m]\n\t" + VL1RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + "mv t2, %[c]\n\t" + VS1R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -16\n\t" + "addi %[c], %[c], 16\n\t" + "addi %[m], %[m], 16\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VMV_V_V(REG_V0, REG_V1) + "\n" + "L_chacha20_riscv_64_lt_16:\n\t" + "addi t1, %[bytes], -8\n\t" + "bltz t1, L_chacha20_riscv_64_lt_8\n\t" + VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) + VMV_X_S(REG_T0, REG_V0) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "ld t1, (%[m])\n\t" + "xor t1, t1, t0\n\t" + "sd t1, (%[c])\n\t" + "addi %[bytes], %[bytes], -8\n\t" + "addi %[c], %[c], 8\n\t" + "addi %[m], %[m], 8\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VSLIDEDOWN_VI(REG_V0, REG_V0, 2) + "\n" + "L_chacha20_riscv_64_lt_8:\n\t" + "addi %[bytes], %[bytes], -1\n\t" + VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) + VMV_X_S(REG_T0, REG_V0) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "\n" + "L_chacha20_riscv_64_loop_lt_8:\n\t" + "addi %[bytes], %[bytes], -1\n\t" + "lb t1, (%[m])\n\t" + "addi %[m], %[m], 1\n\t" + "xor t1, t1, t0\n\t" + "sb t1, (%[c])\n\t" + "addi %[c], %[c], 1\n\t" + "srli t0, t0, 8\n\t" + "bgez %[bytes], L_chacha20_riscv_64_loop_lt_8\n\t" + "\n" + "L_chacha20_riscv_64_done:\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64) + : [input] "r" (input), [over] "r" (over), + [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word) + : "memory", "t0", "t1", "t2" + ); +} + +/** + * Encrypt a stream of bytes + */ +static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, + word32 bytes) +{ + int processed; + + if (bytes >= CHACHA_CHUNK_BYTES * 6) { + processed = (bytes / (CHACHA_CHUNK_BYTES * 6)) * CHACHA_CHUNK_BYTES * 6; + wc_chacha_encrypt_384(ctx->X, m, c, processed); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes >= CHACHA_CHUNK_BYTES * 4) { + processed = wc_chacha_encrypt_256(ctx->X, m, c); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes >= CHACHA_CHUNK_BYTES * 2) { + processed = wc_chacha_encrypt_128(ctx->X, m, c); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes > 0) { + wc_chacha_encrypt_64(ctx->X, m, c, bytes, (byte*)ctx->over); + if (bytes > CHACHA_CHUNK_BYTES) + ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); + ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1)); + ctx->left &= CHACHA_CHUNK_BYTES - 1; + ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); + } +} + +#else + +#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + +#define PART_ROUND_ODD_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + "slli " CC_T0 ", " CC_D0 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_D1 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_D2 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_D3 ", " #sl "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(sl, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + "slli " CC_T0 ", " CC_B0 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_B1 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_B2 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_B3 ", " #sl "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + "slli " CC_T0 ", " CC_D3 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_D0 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_D1 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_D2 ", " #sl "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(sl, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + "slli " CC_T0 ", " CC_B1 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_B2 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_B3 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_B0 ", " #sl "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) \ + RORIW(REG_S9, REG_S9, sr) + +#define PART_ROUND_ODD_CDB(sl, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + RORIW(REG_T3, REG_T3, sr) \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) + +#define PART_ROUND_EVEN_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + RORIW(REG_S9, REG_S9, sr) \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) + +#define PART_ROUND_EVEN_CDB(sl, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) \ + RORIW(REG_T3, REG_T3, sr) + +#endif + +#define QUARTER_ROUND_ODD() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB( 7, 25) + +#define QUARTER_ROUND_EVEN() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB( 7, 25) + + +static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, + byte* c, word32 bytes, word32* over) +{ + __asm__ __volatile__ ( + /* Ensure 64-bit bytes has top bits clear. */ + "slli %[bytes], %[bytes], 32\n\t" + "srli %[bytes], %[bytes], 32\n\t" + + "L_chacha20_riscv_outer:\n\t" + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "ld s6, 48(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s7, s6, 32\n\t" + "srli s9, s8, 32\n\t" + + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD() + "addi a3, a3, -1\n\t" + /* Even Round */ + QUARTER_ROUND_EVEN() + "bnez a3, L_chacha20_riscv_loop\n\t" + + "addi %[bytes], %[bytes], -64\n\t" + + "ld t0, 0(%[input])\n\t" + "ld t1, 8(%[input])\n\t" + "ld t2, 16(%[input])\n\t" + "ld s1, 24(%[input])\n\t" + "add a4, a4, t0\n\t" + "add a6, a6, t1\n\t" + "add t3, t3, t2\n\t" + "add t5, t5, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "add a5, a5, t0\n\t" + "add a7, a7, t1\n\t" + "add t4, t4, t2\n\t" + "add t6, t6, s1\n\t" + "ld t0, 32(%[input])\n\t" + "ld t1, 40(%[input])\n\t" + "ld t2, 48(%[input])\n\t" + "ld s1, 56(%[input])\n\t" + "add s2, s2, t0\n\t" + "add s4, s4, t1\n\t" + "add s6, s6, t2\n\t" + "addi t2, t2, 1\n\t" + "add s8, s8, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "sw t2, 48(%[input])\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "add s3, s3, t0\n\t" + "add s5, s5, t1\n\t" + "add s7, s7, t2\n\t" + "add s9, s9, s1\n\t" + + "bltz %[bytes], L_chacha20_riscv_over\n\t" + +#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + "ld t0, 0(%[m])\n\t" + "ld t1, 8(%[m])\n\t" + "ld t2, 16(%[m])\n\t" + "ld s1, 24(%[m])\n\t" + "xor a4, a4, t0\n\t" + "xor a6, a6, t1\n\t" + "xor t3, t3, t2\n\t" + "xor t5, t5, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "xor a5, a5, t0\n\t" + "xor a7, a7, t1\n\t" + "xor t4, t4, t2\n\t" + "xor t6, t6, s1\n\t" + "ld t0, 32(%[m])\n\t" + "ld t1, 40(%[m])\n\t" + "ld t2, 48(%[m])\n\t" + "ld s1, 56(%[m])\n\t" + "xor s2, s2, t0\n\t" + "xor s4, s4, t1\n\t" + "xor s6, s6, t2\n\t" + "xor s8, s8, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "xor s3, s3, t0\n\t" + "xor s5, s5, t1\n\t" + "xor s7, s7, t2\n\t" + "xor s9, s9, s1\n\t" + "sw a4, 0(%[c])\n\t" + "sw a5, 4(%[c])\n\t" + "sw a6, 8(%[c])\n\t" + "sw a7, 12(%[c])\n\t" + "sw t3, 16(%[c])\n\t" + "sw t4, 20(%[c])\n\t" + "sw t5, 24(%[c])\n\t" + "sw t6, 28(%[c])\n\t" + "sw s2, 32(%[c])\n\t" + "sw s3, 36(%[c])\n\t" + "sw s4, 40(%[c])\n\t" + "sw s5, 44(%[c])\n\t" + "sw s6, 48(%[c])\n\t" + "sw s7, 52(%[c])\n\t" + "sw s8, 56(%[c])\n\t" + "sw s9, 60(%[c])\n\t" +#else + PACK(REG_A4, REG_A4, REG_A5) + PACK(REG_A6, REG_A6, REG_A7) + PACK(REG_T3, REG_T3, REG_T4) + PACK(REG_T5, REG_T5, REG_T6) + PACK(REG_S2, REG_S2, REG_S3) + PACK(REG_S4, REG_S4, REG_S5) + PACK(REG_S6, REG_S6, REG_S7) + PACK(REG_S8, REG_S8, REG_S9) + "ld a5, 0(%[m])\n\t" + "ld a7, 8(%[m])\n\t" + "ld t4, 16(%[m])\n\t" + "ld t6, 24(%[m])\n\t" + "ld s3, 32(%[m])\n\t" + "ld s5, 40(%[m])\n\t" + "ld s7, 48(%[m])\n\t" + "ld s9, 56(%[m])\n\t" + "xor a4, a4, a5\n\t" + "xor a6, a6, a7\n\t" + "xor t3, t3, t4\n\t" + "xor t5, t5, t6\n\t" + "xor s2, s2, s3\n\t" + "xor s4, s4, s5\n\t" + "xor s6, s6, s7\n\t" + "xor s8, s8, s9\n\t" + "sd a4, 0(%[c])\n\t" + "sd a6, 8(%[c])\n\t" + "sd t3, 16(%[c])\n\t" + "sd t5, 24(%[c])\n\t" + "sd s2, 32(%[c])\n\t" + "sd s4, 40(%[c])\n\t" + "sd s6, 48(%[c])\n\t" + "sd s8, 56(%[c])\n\t" +#endif + + "addi %[m], %[m], 64\n\t" + "addi %[c], %[c], 64\n\t" + + "bnez %[bytes], L_chacha20_riscv_outer\n\t" + "beqz %[bytes], L_chacha20_riscv_done\n\t" + + "L_chacha20_riscv_over:\n\t" + "addi a3, %[bytes], 64\n\t" + + "sw a4, 0(%[over])\n\t" + "sw a5, 4(%[over])\n\t" + "sw a6, 8(%[over])\n\t" + "sw a7, 12(%[over])\n\t" + "sw t3, 16(%[over])\n\t" + "sw t4, 20(%[over])\n\t" + "sw t5, 24(%[over])\n\t" + "sw t6, 28(%[over])\n\t" + "sw s2, 32(%[over])\n\t" + "sw s3, 36(%[over])\n\t" + "sw s4, 40(%[over])\n\t" + "sw s5, 44(%[over])\n\t" + "sw s6, 48(%[over])\n\t" + "sw s7, 52(%[over])\n\t" + "sw s8, 56(%[over])\n\t" + "sw s9, 60(%[over])\n\t" + + "addi t0, a3, -8\n\t" + "bltz t0, L_chacha20_riscv_32bit\n\t" + "addi a3, a3, -1\n\t" + "L_chacha20_riscv_64bit_loop:\n\t" + "ld t0, (%[m])\n\t" + "ld t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sd t0, (%[c])\n\t" + "addi %[m], %[m], 8\n\t" + "addi %[c], %[c], 8\n\t" + "addi %[over], %[over], 8\n\t" + "addi a3, a3, -8\n\t" + "bgez a3, L_chacha20_riscv_64bit_loop\n\t" + "addi a3, a3, 1\n\t" + + "L_chacha20_riscv_32bit:\n\t" + "addi t0, a3, -4\n\t" + "bltz t0, L_chacha20_riscv_16bit\n\t" + "lw t0, (%[m])\n\t" + "lw t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sw t0, (%[c])\n\t" + "addi %[m], %[m], 4\n\t" + "addi %[c], %[c], 4\n\t" + "addi %[over], %[over], 4\n\t" + + "L_chacha20_riscv_16bit:\n\t" + "addi t0, a3, -2\n\t" + "bltz t0, L_chacha20_riscv_8bit\n\t" + "lh t0, (%[m])\n\t" + "lh t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sh t0, (%[c])\n\t" + "addi %[m], %[m], 2\n\t" + "addi %[c], %[c], 2\n\t" + "addi %[over], %[over], 2\n\t" + + "L_chacha20_riscv_8bit:\n\t" + "addi t0, a3, -1\n\t" + "bltz t0, L_chacha20_riscv_done\n\t\n\t" + "lb t0, (%[m])\n\t" + "lb t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sb t0, (%[c])\n\t" + "bltz %[bytes], L_chacha20_riscv_done\n\t" + + "L_chacha20_riscv_done:\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes), [over] "+r" (over) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); +} + +/** + * Encrypt a stream of bytes + */ +static WC_INLINE void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, + byte* c, word32 bytes) +{ + wc_chacha_encrypt(ctx->X, m, c, bytes, ctx->over); + ctx->left = (CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1))) & + (CHACHA_CHUNK_BYTES - 1); +} +#endif + +/** + * API to encrypt/decrypt a message of any size. + */ +int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, + word32 msglen) +{ + int ret = 0; + + if ((ctx == NULL) || (output == NULL) || (input == NULL)) { + ret = BAD_FUNC_ARG; + } + else if (msglen > 0) { + if (ctx->left > 0) { + word32 processed = min(msglen, ctx->left); + byte* out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; + + xorbufout(output, input, out, processed); + + ctx->left -= processed; + msglen -= processed; + output += processed; + input += processed; + } + + if (msglen > 0) { + wc_chacha_encrypt_bytes(ctx, input, output, msglen); + } + } + + return ret; +} + +#endif /* HAVE_CHACHA */ +#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */ diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c new file mode 100644 index 0000000000..00fbc1ee5b --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c @@ -0,0 +1,1417 @@ +/* riscv-sha256.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_RISCV_ASM +#if !defined(NO_SHA256) || defined(WOLFSSL_SHA224) + +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif +#endif + +#include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA256_sanity(void) + { + return 0; + } +#endif +#include +#include + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +/* Constants to add in each round. */ +static const FLASH_QUALIFIER ALIGN32 word32 K[64] = { + 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, + 0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L, + 0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L, + 0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL, + 0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L, + 0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L, + 0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL, + 0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L, + 0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L, + 0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L, + 0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL, + 0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L, + 0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L +}; + +/* Initialze SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + */ +static void InitSha256(wc_Sha256* sha256) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha256->digest[0] = 0x6A09E667L; + sha256->digest[1] = 0xBB67AE85L; + sha256->digest[2] = 0x3C6EF372L; + sha256->digest[3] = 0xA54FF53AL; + sha256->digest[4] = 0x510E527FL; + sha256->digest[5] = 0x9B05688CL; + sha256->digest[6] = 0x1F83D9ABL; + sha256->digest[7] = 0x5BE0CD19L; +#else + /* f, e, b, a, h, g, d, c */ + sha256->digest[0] = 0x9B05688CL; + sha256->digest[1] = 0x510E527FL; + sha256->digest[2] = 0xBB67AE85L; + sha256->digest[3] = 0x6A09E667L; + sha256->digest[4] = 0x5BE0CD19L; + sha256->digest[5] = 0x1F83D9ABL; + sha256->digest[6] = 0xA54FF53AL; + sha256->digest[7] = 0x3C6EF372L; +#endif + + /* No hashed data. */ + sha256->buffLen = 0; + /* No data hashed. */ + sha256->loLen = 0; + sha256->hiLen = 0; + +#ifdef WOLFSSL_HASH_FLAGS + sha256->flags = 0; +#endif +} + +/* More data hashed, add length to 64-bit cumulative total. + * + * @param [in, out] sha256 SHA-256 object. Assumed not NULL. + * @param [in] len Length to add. + */ +static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len) +{ + word32 tmp = sha256->loLen; + if ((sha256->loLen += len) < tmp) + sha256->hiLen++; /* carry low to high */ +} + +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Load a word with bytes reversed. */ +#define LOAD_WORD_REV(r, o, p, t0, t1, t2) \ + "lbu " #t0 ", " #o "(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #r ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" + +/* Load a word with bytes reversed. */ +#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \ + "lbu " #t0 ", " #o "(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #r ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "lbu " #t0 ", " #o "+4(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+5(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+6(" #p ")\n\t" \ + "lbu " #t3 ", " #o "+7(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 56\n\t" \ + "slli " #t1 ", " #t1 ", 48\n\t" \ + "slli " #t2 ", " #t2 ", 40\n\t" \ + "slli " #t3 ", " #t3 ", 32\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "or " #r ", " #r ", " #t3 "\n\t" + +#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2) \ + "slli " #rd ", " #rs1 ", 32\n\t" \ + "slli " #rs2 ", " #rs2 ", 32\n\t" \ + "srli " #rd ", " #rs1 ", 32\n\t" \ + "or " #rd ", " #rd ", " #rs2 "\n\t" + +#else + +#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2) \ + PACK(rrd, rrs1, rrs2) + +#endif + +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + +#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM + +/* SHA-256 SUM0 operation. */ +#define SHA256SUM0(rd, rs1) \ + ASM_WORD((0b000100000000 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SUM1 operation. */ +#define SHA256SUM1(rd, rs1) \ + ASM_WORD((0b000100000001 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SIGMA0 operation. */ +#define SHA256SIG0(rd, rs1) \ + ASM_WORD((0b000100000010 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SIGMA1 operation. */ +#define SHA256SIG1(rd, rs1) \ + ASM_WORD((0b000100000011 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Get e and a */ \ + "mv a4, " #e "\n\t" \ + "mv a5, " #a "\n\t" \ + /* Sigma1(e) */ \ + SHA256SUM1(REG_A4, REG_A4) \ + /* Sigma0(a) */ \ + SHA256SUM0(REG_A5, REG_A5) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* h + sigma1 */ \ + "addw " #h ", " #h ", a4\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* K + W */ \ + "addw t4, " #k ", " #w "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* h + sigma1 + Ch */ \ + "addw " #h ", " #h ", t6\n\t" \ + /* 't0' = h + sigma1 + Ch + K + W */ \ + "addw " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "addw t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "addw " #d ", " #d ", " #h "\n\t" \ + /* 't0' += 't1' */ \ + "addw " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7) \ + /* W[i-15] = W[1] */ \ + "srli t4, " #w0 ", 32\n\t" \ + /* W[i-7] = W[9] */ \ + "srli t6, " #w4 ", 32\n\t" \ + /* Gamma0(W[1]) */ \ + SHA256SIG0(REG_A4, REG_T4) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA256SIG1(REG_A5, reg_w7) \ + /* Gamma1(W[14]) + W[9] */ \ + "addw a5, a5, t6\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", " #w0 ", a4\n\t" \ + /* W[i+1-2] = W[15] */ \ + "srli t5, " #w7 ", 32\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", a5, " #w0 "\n\t" \ + \ + /* W[i+1-16] = W[1] = t4 */ \ + /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */ \ + SHA256SIG0(REG_A6, reg_w1) \ + /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */ \ + SHA256SIG1(REG_A7, REG_T5) \ + /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */ \ + "addw a7, a7, " #w5 "\n\t" \ + /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */ \ + "addw t5, a6, t4\n\t" \ + /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */ \ + "addw a7, a7, t5\n\t" \ + /* Place in W[i+1-16] = W[1] */ \ + PACK_BB(w0, w0, a7, reg_w0, reg_w0, REG_A7) + +#else + +/* SHA-256 SIGMA1 operation. */ +#define SHA256SIG1(rd, rs1) \ + "slliw t6, " #rs1 ", 15\n\t" \ + "srliw t5, " #rs1 ", 17\n\t" \ + "slliw t4, " #rs1 ", 13\n\t" \ + "srliw " #rd ", " #rs1 ", 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, " #rs1 ", 10\n\t" \ + "xor " #rd ", "#rd ", t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" \ + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* a4 = Sigma1(e) */ \ + "slliw t5, " #e ", 26\n\t" \ + "srliw t4, " #e ", 6\n\t" \ + "slliw t6, " #e ", 21\n\t" \ + "srliw a4, " #e ", 11\n\t" \ + "slliw a5, " #e ", 7\n\t" \ + "or t4, t4, t5\n\t" \ + "xor a4, a4, t6\n\t" \ + "srliw t5, " #e ", 25\n\t" \ + "xor t4, t4, a5\n\t" \ + "xor a4, a4, t5\n\t" \ + /* a5 = Sigma0(a) */ \ + "slliw t5, " #a ", 30\n\t" \ + "xor a4, a4, t4\n\t" \ + "srliw t4, " #a ", 2\n\t" \ + "slliw t6, " #a ", 19\n\t" \ + /* h + sigma1 */ \ + "addw " #h ", " #h ", a4\n\t" \ + "srliw a5, " #a ", 13\n\t" \ + "slliw a4, " #a ", 10\n\t" \ + "or t4, t4, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + "srliw t6, " #a ", 22\n\t" \ + "xor t4, t4, a4\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* a ^ b */ \ + "xor t5, " #a ", " #b "\n\t" \ + /* b ^ c */ \ + "xor a4, " #b ", " #c "\n\t" \ + "xor a5, a5, t4\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, a4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* K + W */ \ + "addw a4, " #k ", " #w "\n\t" \ + /* h + sigma1 + Ch */ \ + "addw " #h ", " #h ", t6\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* 't0' = h + sigma1 + Ch + K + W */ \ + "addw " #h ", " #h ", a4\n\t" \ + /* 't1' = Sigma0(a) + Maj */ \ + "addw t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "addw " #d ", " #d ", " #h "\n\t" \ + /* h = 't0' + 't1' */ \ + "addw " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7) \ + /* W[i-15] = W[1] */ \ + "srli a7, " #w0 ", 32\n\t" \ + /* W[i-7] = W[9] */ \ + "srli a6, " #w4 ", 32\n\t" \ + /* Gamma0(W[1]) */ \ + "slliw t4, a7, 25\n\t" \ + "srliw t5, a7, 7\n\t" \ + "slliw t6, a7, 14\n\t" \ + "srliw a4, a7, 18\n\t" \ + "or t4, t4, t5\n\t" \ + "srliw t5, a7, 3\n\t" \ + "xor a4, a4, t6\n\t" \ + "xor t4, t4, t5\n\t" \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + "slliw t6, " #w7 ", 15\n\t" \ + "srliw t5, " #w7 ", 17\n\t" \ + "xor a4, a4, t4\n\t" \ + "slliw t4, " #w7 ", 13\n\t" \ + "srliw a5, " #w7 ", 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, " #w7 ", 10\n\t" \ + "xor a5, a5, t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", " #w0 ", a4\n\t" \ + /* Gamma1(W[14]) + W[9] */ \ + "addw a5, a5, a6\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", a5, " #w0 "\n\t" \ + \ + /* W[i+1-16] = W[1] = a7 */ \ + /* W[i+1-2] = W[15] */ \ + "srli a4, " #w7 ", 32\n\t" \ + /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */ \ + "slliw t4, " #w1 ", 25\n\t" \ + "srliw t5, " #w1 ", 7\n\t" \ + "slliw t6, " #w1 ", 14\n\t" \ + "srliw a6, " #w1 ", 18\n\t" \ + "or t4, t4, t5\n\t" \ + "srliw t5, " #w1 ", 3\n\t" \ + "xor a6, a6, t6\n\t" \ + "xor t4, t4, t5\n\t" \ + /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */ \ + "slliw t6, a4, 15\n\t" \ + "srliw t5, a4, 17\n\t" \ + "xor a6, a6, t4\n\t" \ + "slliw t4, a4, 13\n\t" \ + "srliw a5, a4, 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, a4, 10\n\t" \ + "xor a5, a5, t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */ \ + "addw t5, a6, a7\n\t" \ + /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */ \ + "addw a5, a5, " #w5 "\n\t" \ + /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */ \ + "addw a5, a5, t5\n\t" \ + /* Place in W[i+1-16] = W[1] */ \ + PACK_BB(w0, w0, a5, reg_w0, reg_w0, REG_A5) + +#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */ + +/* Two rounds of compression. */ +#define RND2(a, b, c, d, e, f, g, h, w, o) \ + /* Get k[i], k[i+1] */ \ + "ld a6, " #o "(%[k])\n\t" \ + RND(a, b, c, d, e, f, g, h, w, a6) \ + /* Move k[i+1] down */ \ + "srli a6, a6, 32\n\t" \ + /* Move W[i] down */ \ + "srli a7, " #w ", 32\n\t" \ + RND(h, a, b, c, d, e, f, g, a7, a6) + +/* Sixteen rounds of compression with message scheduling. */ +#define RND16() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0, 0) \ + W_UPDATE_2(s0, s1, s4, s5, s7, REG_S0, REG_S1, REG_S7) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1, 8) \ + W_UPDATE_2(s1, s2, s5, s6, s0, REG_S1, REG_S2, REG_S0) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16) \ + W_UPDATE_2(s2, s3, s6, s7, s1, REG_S2, REG_S3, REG_S1) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24) \ + W_UPDATE_2(s3, s4, s7, s0, s2, REG_S3, REG_S4, REG_S2) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32) \ + W_UPDATE_2(s4, s5, s0, s1, s3, REG_S4, REG_S5, REG_S3) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40) \ + W_UPDATE_2(s5, s6, s1, s2, s4, REG_S5, REG_S6, REG_S4) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48) \ + W_UPDATE_2(s6, s7, s2, s3, s5, REG_S6, REG_S7, REG_S5) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56) \ + W_UPDATE_2(s7, s0, s3, s4, s6, REG_S7, REG_S0, REG_S6) + +/* Sixteen rounds of compression only. */ +#define RND16_LAST() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0, 0) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1, 8) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56) + +/* Transform the message data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 blocks) +{ + word32* k = (word32*)K; + + __asm__ __volatile__ ( + /* Load digest. */ + "ld t0, 0(%[digest])\n\t" + "ld t2, 8(%[digest])\n\t" + "ld s8, 16(%[digest])\n\t" + "ld s10, 24(%[digest])\n\t" + "srli t1, t0, 32\n\t" + "srli t3, t2, 32\n\t" + "srli s9, s8, 32\n\t" + "srli s11, s10, 32\n\t" + + /* 4 rounds of 16 per block. */ + "slli %[blocks], %[blocks], 2\n\t" + + "\n1:\n\t" + /* beginning of SHA256 block operation */ + /* Load W */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(s0, 0, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 8, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7) +#else + "lwu a4, 0(%[data])\n\t" + "lwu s0, 4(%[data])\n\t" + "lwu a5, 8(%[data])\n\t" + "lwu s1, 12(%[data])\n\t" + "lwu a6, 16(%[data])\n\t" + "lwu s2, 20(%[data])\n\t" + "lwu a7, 24(%[data])\n\t" + "lwu s3, 28(%[data])\n\t" + PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4) + PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5) + PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6) + PACK_BB(s3, s3, a7, REG_S3, REG_S3, REG_A7) + REV8(REG_S0, REG_S0) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + "lwu a4, 32(%[data])\n\t" + "lwu s4, 36(%[data])\n\t" + "lwu a5, 40(%[data])\n\t" + "lwu s5, 44(%[data])\n\t" + "lwu a6, 48(%[data])\n\t" + "lwu s6, 52(%[data])\n\t" + "lwu a7, 56(%[data])\n\t" + "lwu s7, 60(%[data])\n\t" + PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4) + PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5) + PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6) + PACK_BB(s7, s7, a7, REG_S7, REG_S7, REG_A7) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + + /* Subtract one as there are only 3 loops. */ + "addi %[blocks], %[blocks], -1\n\t" + "\n2:\n\t" + RND16() + "addi %[blocks], %[blocks], -1\n\t" + "add %[k], %[k], 64\n\t" + "andi a4, %[blocks], 3\n\t" + "bnez a4, 2b \n\t" + RND16_LAST() + "addi %[k], %[k], -192\n\t" + + "# Add working vars back into digest state.\n\t" + "ld a4, 0(%[digest])\n\t" + "ld a5, 8(%[digest])\n\t" + "ld a6, 16(%[digest])\n\t" + "ld a7, 24(%[digest])\n\t" + "addw t0, t0, a4\n\t" + "addw t2, t2, a5\n\t" + "addw s8, s8, a6\n\t" + "addw s10, s10, a7\n\t" + "srli a4, a4, 32\n\t" + "srli a5, a5, 32\n\t" + "srli a6, a6, 32\n\t" + "srli a7, a7, 32\n\t" + "addw t1, t1, a4\n\t" + "addw t3, t3, a5\n\t" + "addw s9, s9, a6\n\t" + "addw s11, s11, a7\n\t" + + /* Store digest. */ + "sw t0, 0(%[digest])\n\t" + "sw t1, 4(%[digest])\n\t" + "sw t2, 8(%[digest])\n\t" + "sw t3, 12(%[digest])\n\t" + "sw s8, 16(%[digest])\n\t" + "sw s9, 20(%[digest])\n\t" + "sw s10, 24(%[digest])\n\t" + "sw s11, 28(%[digest])\n\t" + + "add %[data], %[data], 64\n\t" + "bnez %[blocks], 1b \n\t" + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha256->digest) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s0", "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", + "s11" + ); +} + +#else + +/* Two rounds of compression using low two 32-bit W values. + * Assumes K has been added into W values. + */ +#define VSHA2CL_VV(vd, vs1, vs2) \ + ASM_WORD((0b101111 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Two rounds of compression using upper two 32-bit W values. + * Assumes K has been added into W values. + */ +#define VSHA2CH_VV(vd, vs1, vs2) \ + ASM_WORD((0b101110 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Update 4 W values - message scheduling. */ +#define VSHA2MS_VV(vd, vs1, vs2) \ + ASM_WORD((0b101101 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +#define RND4(w0, w1, w2, w3, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V7, w0, k) \ + VMV_X_S(REG_T1, w1) \ + VSHA2CL_VV(REG_V5, REG_V7, REG_V4) \ + VMV_V_V(REG_V6, w2) \ + VSHA2CH_VV(REG_V4, REG_V7, REG_V5) \ + /* Update 4 W values - message schedule. */ \ + VMV_S_X(REG_V6, REG_T1) \ + VSHA2MS_VV(w0, w3, REG_V6) + +#define RND4_LAST(w, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V7, w, k) \ + VSHA2CL_VV(REG_V5, REG_V7, REG_V4) \ + VSHA2CH_VV(REG_V4, REG_V7, REG_V5) + +#define RND16(k) \ + RND4(REG_V0, REG_V1, REG_V2, REG_V3, (k + 0)) \ + RND4(REG_V1, REG_V2, REG_V3, REG_V0, (k + 1)) \ + RND4(REG_V2, REG_V3, REG_V0, REG_V1, (k + 2)) \ + RND4(REG_V3, REG_V0, REG_V1, REG_V2, (k + 3)) + +#define RND16_LAST(k) \ + RND4_LAST(REG_V0, (k + 0)) \ + RND4_LAST(REG_V1, (k + 1)) \ + RND4_LAST(REG_V2, (k + 2)) \ + RND4_LAST(REG_V3, (k + 3)) + +/* Transform the message data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 blocks) +{ + word32* k = (word32*)K; + + __asm__ __volatile__ ( + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + + /* Load: a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 + */ + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V4, REG_T0) + + "mv t0, %[k]\n\t" + VL8RE32_V(REG_V8, REG_T0) + "addi t0, %[k], 128\n\t" + VL8RE32_V(REG_V16, REG_T0) + + "\n1:\n\t" + VMV_V_V(REG_V30, REG_V4) + VMV_V_V(REG_V31, REG_V5) + + /* Load 16 W into 4 vectors of 4 32-bit words. */ + "mv t0, %[data]\n\t" + VL4RE32_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V1, REG_V1) + VREV8(REG_V2, REG_V2) + VREV8(REG_V3, REG_V3) + + RND16(REG_V8) + RND16(REG_V12) + RND16(REG_V16) + RND16_LAST(REG_V20) + + VADD_VV(REG_V4, REG_V4, REG_V30) + VADD_VV(REG_V5, REG_V5, REG_V31) + + "addi %[blocks], %[blocks], -1\n\t" + "add %[data], %[data], 64\n\t" + "bnez %[blocks], 1b \n\t" + + "mv t0, %[digest]\n\t" + VS2R_V(REG_V4, REG_T0) + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha256->digest) + : "cc", "memory", "t0", "t1" + ); +} + +#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +/* Update the hash with data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + */ +static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, + word32 len) +{ + word32 add; + word32 blocks; + + /* only perform actions if a buffer is passed in */ + if (len > 0) { + AddLength(sha256, len); + + if (sha256->buffLen > 0) { + /* fill leftover buffer with data */ + add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen); + XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add); + sha256->buffLen += add; + data += add; + len -= add; + if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) { + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + sha256->buffLen = 0; + } + } + + /* number of blocks in a row to complete */ + blocks = len / WC_SHA256_BLOCK_SIZE; + + if (blocks > 0) { + Sha256Transform(sha256, data, blocks); + data += blocks * WC_SHA256_BLOCK_SIZE; + len -= blocks * WC_SHA256_BLOCK_SIZE; + } + + if (len > 0) { + /* copy over any remaining data leftover */ + XMEMCPY(sha256->buffer, data, len); + sha256->buffLen = len; + } + } + + /* account for possibility of not used if len = 0 */ + (void)add; + (void)blocks; + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + */ +static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash) +{ + byte* local; + + local = (byte*)sha256->buffer; + local[sha256->buffLen++] = 0x80; /* add 1 */ + + /* pad with zeros */ + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(&local[sha256->buffLen], 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + sha256->buffLen = 0; + } + XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_PAD_SIZE - sha256->buffLen); + + /* put lengths in bits */ + sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) + + (sha256->hiLen << 3); + sha256->loLen = sha256->loLen << 3; + + XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32)); + XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen, + sizeof(word32)); + + /* store lengths */ + __asm__ __volatile__ ( + /* Reverse byte order of 32-bit words. */ +#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t1, 56(%[buff])\n\t" + REV8(REG_T1, REG_T1) + "srli t0, t1, 32\n\t" + "sw t0, 56(%[buff])\n\t" + "sw t1, 60(%[buff])\n\t" +#else + LOAD_WORD_REV(t0, 56, %[buff], t2, t3, t4) + LOAD_WORD_REV(t1, 60, %[buff], t2, t3, t4) + "sw t0, 56(%[buff])\n\t" + "sw t1, 60(%[buff])\n\t" +#endif + : + : [buff] "r" (sha256->buffer) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4" + ); + + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + + __asm__ __volatile__ ( + /* Reverse byte order of 32-bit words. */ +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V8, REG_T0) + VREV8(REG_V8, REG_V8) + VREV8(REG_V9, REG_V9) + /* a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 */ + VSLIDEDOWN_VI(REG_V0, REG_V8, 3) /* a */ + VSLIDEDOWN_VI(REG_V2, REG_V8, 2) /* b */ + VSLIDEDOWN_VI(REG_V1, REG_V8, 1) /* e */ + VSLIDEDOWN_VI(REG_V3, REG_V9, 3) /* c */ + VSLIDEDOWN_VI(REG_V4, REG_V9, 2) /* d */ + VSLIDEDOWN_VI(REG_V5, REG_V9, 1) /* g */ + /* -|-|-|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V2, 1) + /* -|-|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V3, 2) + /* -|c|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V4, 3) + /* d|c|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V1, REG_V8, 1) + /* d|c|b|a, -|-|f|e */ + VSLIDEUP_VI(REG_V1, REG_V5, 2) + /* d|c|b|a, -|g|f|e */ + VSLIDEUP_VI(REG_V1, REG_V9, 3) + /* d|c|b|a, h|g|f|e */ + "mv t0, %[hash]\n\t" + VS2R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V1, REG_V1) + "mv t0, %[hash]\n\t" + VS2R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t1, 0(%[digest])\n\t" + "ld t3, 8(%[digest])\n\t" + "ld a5, 16(%[digest])\n\t" + "ld a7, 24(%[digest])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + REV8(REG_A5, REG_A5) + REV8(REG_A7, REG_A7) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" + "srli a4, a5, 32\n\t" + "srli a6, a7, 32\n\t" + "sw t0, 0(%[hash])\n\t" + "sw t1, 4(%[hash])\n\t" + "sw t2, 8(%[hash])\n\t" + "sw t3, 12(%[hash])\n\t" + "sw a4, 16(%[hash])\n\t" + "sw a5, 20(%[hash])\n\t" + "sw a6, 24(%[hash])\n\t" + "sw a7, 28(%[hash])\n\t" +#else + LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4) + LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4) + LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4) + LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4) + "sw t0, 0(%[hash])\n\t" + "sw t1, 4(%[hash])\n\t" + "sw a4, 8(%[hash])\n\t" + "sw a5, 12(%[hash])\n\t" + LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4) + LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4) + LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4) + LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4) + "sw t0, 16(%[hash])\n\t" + "sw t1, 20(%[hash])\n\t" + "sw a4, 24(%[hash])\n\t" + "sw a5, 28(%[hash])\n\t" +#endif + : + : [digest] "r" (sha256->digest), [hash] "r" (hash) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7" + ); +} + + +#ifndef NO_SHA256 + +/* Initialize SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + */ +int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + int ret = 0; + + /* Validate parameters. */ + if (sha256 == NULL) { + ret = BAD_FUNC_ARG; + } + else { + sha256->heap = heap; + #ifdef WOLF_CRYPTO_CB + sha256->devId = devId; + #endif + (void)devId; + + InitSha256(sha256); + } + + return ret; +} + +/* Initialize SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + */ +int wc_InitSha256(wc_Sha256* sha256) +{ + return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID); +} + +/* Free the SHA-256 hash. + * + * @param [in] sha256 SHA-256 object. + */ +void wc_Sha256Free(wc_Sha256* sha256) +{ + /* No dynamic memory allocated. */ + (void)sha256; +} + +/* Update the hash with data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha256 == NULL) || ((data == NULL) && (len != 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha256Update(sha256, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256Final(wc_Sha256* sha256, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha256Final(sha256, hash); + /* Restart SHA-256 object for next hash. */ + InitSha256(sha256); + } + + return ret; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha256 tmpSha256; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha256Copy(sha256, &tmpSha256); + if (ret == 0) { + /* Finalize copy. */ + Sha256Final(&tmpSha256, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-256 object. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags) +{ + /* Check we have an object to use. */ + if (sha256 != NULL) { + sha256->flags = flags; + } + return 0; +} +/* Get flags of SHA-256 object. + * + * @param [in] sha256 SHA-256 object. + * @param [out] flags Flags from SHA-256 object. + * @return 0 on success. + */ +int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha256 != NULL) && (flags != NULL)) { + *flags = sha256->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-256 object. + * + * @param [in] src SHA-256 object to copy. + * @param [out] dst SHA-256 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha256)); + } + + return ret; +} + +#ifdef OPENSSL_EXTRA +/* Update the hash with one block of data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or data is NULL. + */ +int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE); + #else + XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE); + #endif + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) +/* Update the hash with one block of data and optionally get hash. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [out] hash Buffer to hold hash. May be NULL. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or data is NULL. + */ +int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data, + unsigned char* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Hash block. */ + Sha256Transform(sha256, data, 1); + + if (hash != NULL) { + /* Reverse bytes in digest. */ + #ifdef LITTLE_ENDIAN_ORDER + word32* hash32 = (word32*)hash; + word32* digest = (word32*)sha256->digest; + hash32[0] = ByteReverseWord32(digest[0]); + hash32[1] = ByteReverseWord32(digest[1]); + hash32[2] = ByteReverseWord32(digest[2]); + hash32[3] = ByteReverseWord32(digest[3]); + hash32[4] = ByteReverseWord32(digest[4]); + hash32[5] = ByteReverseWord32(digest[5]); + hash32[6] = ByteReverseWord32(digest[6]); + hash32[7] = ByteReverseWord32(digest[7]); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + /* Reset state. */ + #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha256->digest[0] = 0x6A09E667L; + sha256->digest[1] = 0xBB67AE85L; + sha256->digest[2] = 0x3C6EF372L; + sha256->digest[3] = 0xA54FF53AL; + sha256->digest[4] = 0x510E527FL; + sha256->digest[5] = 0x9B05688CL; + sha256->digest[6] = 0x1F83D9ABL; + sha256->digest[7] = 0x5BE0CD19L; + #else + /* f, e, b, a, h, g, d, c */ + sha256->digest[0] = 0x9B05688CL; + sha256->digest[1] = 0x510E527FL; + sha256->digest[2] = 0xBB67AE85L; + sha256->digest[3] = 0x6A09E667L; + sha256->digest[4] = 0x5BE0CD19L; + sha256->digest[5] = 0x1F83D9ABL; + sha256->digest[6] = 0xA54FF53AL; + sha256->digest[7] = 0x3C6EF372L; + #endif + } + } + + return ret; +} +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */ + +#endif /* !NO_SHA256 */ + + +#ifdef WOLFSSL_SHA224 + +/* Initialze SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + */ +static void InitSha224(wc_Sha224* sha224) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha224->digest[0] = 0xc1059ed8; + sha224->digest[1] = 0x367cd507; + sha224->digest[2] = 0x3070dd17; + sha224->digest[3] = 0xf70e5939; + sha224->digest[4] = 0xffc00b31; + sha224->digest[5] = 0x68581511; + sha224->digest[6] = 0x64f98fa7; + sha224->digest[7] = 0xbefa4fa4; +#else + /* f, e, b, a, h, g, d, c */ + sha224->digest[0] = 0x68581511; + sha224->digest[1] = 0xffc00b31; + sha224->digest[2] = 0x367cd507; + sha224->digest[3] = 0xc1059ed8; + sha224->digest[4] = 0xbefa4fa4; + sha224->digest[5] = 0x64f98fa7; + sha224->digest[6] = 0xf70e5939; + sha224->digest[7] = 0x3070dd17; +#endif + + /* No hashed data. */ + sha224->buffLen = 0; + /* No data hashed. */ + sha224->loLen = 0; + sha224->hiLen = 0; + +#ifdef WOLFSSL_HASH_FLAGS + sha224->flags = 0; +#endif +} + +/* Initialize SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + */ +int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) +{ + int ret = 0; + + /* Validate parameters. */ + if (sha224 == NULL) { + ret = BAD_FUNC_ARG; + } + else { + sha224->heap = heap; + (void)devId; + + InitSha224(sha224); + } + + return ret; +} + +/* Initialize SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + */ +int wc_InitSha224(wc_Sha224* sha224) +{ + return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID); +} + +/* Update the hash with data. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha224 == NULL) || ((data == NULL) && (len > 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha256Update((wc_Sha256 *)sha224, data, len); + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha224 SHA-224 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 or hash is NULL. + */ +int wc_Sha224Final(wc_Sha224* sha224, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha224 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + word32 hashTmp[WC_SHA256_DIGEST_SIZE/sizeof(word32)]; + /* Finalize hash. */ + Sha256Final((wc_Sha256*)sha224, (byte*)hashTmp); + /* Return only 224 bits. */ + XMEMCPY(hash, hashTmp, WC_SHA224_DIGEST_SIZE); + /* Restart SHA-256 object for next hash. */ + InitSha224(sha224); + } + + return ret; +} + +/* Free the SHA-224 hash. + * + * @param [in] sha224 SHA-224 object. + */ +void wc_Sha224Free(wc_Sha224* sha224) +{ + /* No dynamic memory allocated. */ + (void)sha224; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha224 SHA-224 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 or hash is NULL. + */ +int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha224 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha224 tmpSha224; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha224Copy(sha224, &tmpSha224); + if (ret == 0) { + /* Finalize copy. */ + ret = wc_Sha224Final(&tmpSha224, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-224 object. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags) +{ + /* Check we have an object to use. */ + if (sha224 != NULL) { + sha224->flags = flags; + } + return 0; +} +/* Get flags of SHA-224 object. + * + * @param [in] sha224 SHA-224 object. + * @param [out] flags Flags from SHA-224 object. + * @return 0 on success. + */ +int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha224 != NULL) && (flags != NULL)) { + *flags = sha224->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-224 object. + * + * @param [in] src SHA-224 object to copy. + * @param [out] dst SHA-224 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha224)); + } + + return ret; +} + +#endif /* WOLFSSL_SHA224 */ + +#endif /* !NO_SHA256 || WOLFSSL_SHA224 */ +#endif /* WOLFSSL_RISCV_ASM */ diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c new file mode 100644 index 0000000000..b5b7f213d5 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c @@ -0,0 +1,1724 @@ +/* riscv-sha512.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_RISCV_ASM +#if !defined(NO_SHA512) || defined(WOLFSSL_SHA384) + +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif +#endif + +#include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA512_sanity(void) + { + return 0; + } +#endif +#include +#include + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +/* Constants to add in each round. */ +static const word64 K512[80] = { + W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), + W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), + W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), + W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), + W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), + W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), + W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), + W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), + W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), + W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), + W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), + W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), + W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), + W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), + W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), + W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), + W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), + W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), + W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), + W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), + W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), + W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), + W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), + W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), + W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), + W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), + W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), + W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), + W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), + W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), + W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), + W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), + W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), + W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), + W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), + W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), + W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), + W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), + W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), + W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) +}; + +static int InitSha512(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = 0; + + if (sha512 == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + sha512->heap = heap; + #ifdef WOLF_CRYPTO_CB + sha512->devId = devId; + #endif + (void)devId; + #ifdef WOLFSSL_SMALL_STACK_CACHE + sha512->W = NULL; + #endif + + #ifdef WOLFSSL_HASH_FLAGS + sha512->flags = 0; + #endif + } + + return ret; +} + +/* Initialze SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + */ +static void InitSha512_State(wc_Sha512* sha512) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x6a09e667f3bcc908); + sha512->digest[1] = W64LIT(0xbb67ae8584caa73b); + sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b); + sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1); + sha512->digest[4] = W64LIT(0x510e527fade682d1); + sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f); + sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b); + sha512->digest[7] = W64LIT(0x5be0cd19137e2179); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0x9b05688c2b3e6c1f); + sha512->digest[1] = W64LIT(0x510e527fade682d1); + sha512->digest[2] = W64LIT(0xbb67ae8584caa73b); + sha512->digest[3] = W64LIT(0x6a09e667f3bcc908); + sha512->digest[4] = W64LIT(0x5be0cd19137e2179); + sha512->digest[5] = W64LIT(0x1f83d9abfb41bd6b); + sha512->digest[6] = W64LIT(0xa54ff53a5f1d36f1); + sha512->digest[7] = W64LIT(0x3c6ef372fe94f82b); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_NOSHA512_224) +/** + * Initialize given wc_Sha512 structure with value specific to sha512/224. + * Note that sha512/224 has different initial hash value from sha512. + * The initial hash value consists of eight 64bit words. They are given + * in FIPS180-4. + */ +static void InitSha512_224_State(wc_Sha512* sha512) +{ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x8c3d37c819544da2); + sha512->digest[1] = W64LIT(0x73e1996689dcd4d6); + sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82); + sha512->digest[3] = W64LIT(0x679dd514582f9fcf); + sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8); + sha512->digest[5] = W64LIT(0x77e36f7304c48942); + sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8); + sha512->digest[7] = W64LIT(0x1112e6ad91d692a1); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0x77e36f7304c48942); + sha512->digest[1] = W64LIT(0x0f6d2b697bd44da8); + sha512->digest[2] = W64LIT(0x73e1996689dcd4d6); + sha512->digest[3] = W64LIT(0x8c3d37c819544da2); + sha512->digest[4] = W64LIT(0x1112e6ad91d692a1); + sha512->digest[5] = W64LIT(0x3f9d85a86a1d36c8); + sha512->digest[6] = W64LIT(0x679dd514582f9fcf); + sha512->digest[7] = W64LIT(0x1dfab7ae32ff9c82); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} +#endif /* !WOLFSSL_NOSHA512_224 */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_NOSHA512_256) +/** + * Initialize given wc_Sha512 structure with value specific to sha512/256. + * Note that sha512/256 has different initial hash value from sha512. + * The initial hash value consists of eight 64bit words. They are given + * in FIPS180-4. + */ +static void InitSha512_256_State(wc_Sha512* sha512) +{ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x22312194fc2bf72c); + sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2); + sha512->digest[2] = W64LIT(0x2393b86b6f53b151); + sha512->digest[3] = W64LIT(0x963877195940eabd); + sha512->digest[4] = W64LIT(0x96283ee2a88effe3); + sha512->digest[5] = W64LIT(0xbe5e1e2553863992); + sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa); + sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0xbe5e1e2553863992); + sha512->digest[1] = W64LIT(0x96283ee2a88effe3); + sha512->digest[2] = W64LIT(0x9f555fa3c84c64c2); + sha512->digest[3] = W64LIT(0x22312194fc2bf72c); + sha512->digest[4] = W64LIT(0x0eb72ddc81c52ca2); + sha512->digest[5] = W64LIT(0x2b0199fc2c85b8aa); + sha512->digest[6] = W64LIT(0x963877195940eabd); + sha512->digest[7] = W64LIT(0x2393b86b6f53b151); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} +#endif /* !WOLFSSL_NOSHA512_256 */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +/* More data hashed, add length to 64-bit cumulative total. + * + * @param [in, out] sha512 SHA-512 object. Assumed not NULL. + * @param [in] len Length to add. + */ +static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len) +{ + word32 tmp = sha512->loLen; + if ((sha512->loLen += len) < tmp) + sha512->hiLen++; /* carry low to high */ +} + +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Load a word with bytes reversed. */ +#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \ + "lbu " #t0 ", " #o "+4(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+5(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+6(" #p ")\n\t" \ + "lbu " #r ", " #o "+7(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "lbu " #t0 ", " #o "+0(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #t3 ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 56\n\t" \ + "slli " #t1 ", " #t1 ", 48\n\t" \ + "slli " #t2 ", " #t2 ", 40\n\t" \ + "slli " #t3 ", " #t3 ", 32\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "or " #r ", " #r ", " #t3 "\n\t" + +#endif + +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + +#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM + +/* SHA-512 SUM0 operation. */ +#define SHA512SUM0(rd, rs1) \ + ASM_WORD((0b000100000100 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SUM1 operation. */ +#define SHA512SUM1(rd, rs1) \ + ASM_WORD((0b000100000101 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SIGMA0 operation. */ +#define SHA512SIG0(rd, rs1) \ + ASM_WORD((0b000100000110 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SIGMA1 operation. */ +#define SHA512SIG1(rd, rs1) \ + ASM_WORD((0b000100000111 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Get e and a */ \ + "mv a4, " #e "\n\t" \ + "mv a5, " #a "\n\t" \ + /* Sigma1(e) */ \ + SHA512SUM1(REG_A4, REG_A4) \ + /* Sigma0(a) */ \ + SHA512SUM0(REG_A5, REG_A5) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* sigma1 + Ch */ \ + "add t4, a4, t6\n\t" \ + /* K + W */ \ + "add t6, " #k ", " #w "\n\t" \ + /* sigma1 + Ch + K + W = 't0'-h */ \ + "add t4, t4, t6\n\t" \ + /* h + sigma1 + Ch + K + W = 't0' = h */ \ + "add " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "add t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "add " #d ", " #d ", " #h "\n\t" \ + /* h += 't1' */ \ + "add " #h ", " #h ", t5\n\t" + +#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_w14) \ + /* Gamma0(W[1]) */ \ + SHA512SIG0(REG_A4, reg_w1) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA512SIG1(REG_A5, reg_w14) \ + /* Gamma1(W[14]) + W[9] */ \ + "add a5, a5, " #w9 "\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", " #w0 ", a4\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", a5, " #w0 "\n\t" + +#else + +/* SHA-512 SUM0 operation. */ +#define SHA512SUM0(rd, rs1) \ + "slli t5, " #rs1 ", 36\n\t" \ + "srli t4, " #rs1 ", 28\n\t" \ + "slli t6, " #rs1 ", 30\n\t" \ + "or t4, t4, t5\n\t" \ + "srli t5, " #rs1 ", 34\n\t" \ + "xor t4, t4, t6\n\t" \ + "slli t6, " #rs1 ", 25\n\t" \ + "xor t4, t4, t5\n\t" \ + "srli " #rd ", " #rs1 ", 39\n\t" \ + "xor t4, t4, t6\n\t" \ + "xor " #rd ", " #rd ", t4\n\t" + +/* SHA-512 SUM1 operation. */ +#define SHA512SUM1(rd, rs1) \ + "slli t5, " #rs1 ", 50\n\t" \ + "srli t4, " #rs1 ", 14\n\t" \ + "slli t6, " #rs1 ", 46\n\t" \ + "or t4, t4, t5\n\t" \ + "srli t5, " #rs1 ", 18\n\t" \ + "xor t4, t4, t6\n\t" \ + "slli t6, " #rs1 ", 23\n\t" \ + "xor t4, t4, t5\n\t" \ + "srli " #rd ", " #rs1 ", 41\n\t" \ + "xor t4, t4, t6\n\t" \ + "xor " #rd ", " #rd ", t4\n\t" + +/* SHA-512 SIGMA0 operation. */ +#define SHA512SIG0(rd, rs1) \ + "slli t5, " #rs1 ", 63\n\t" \ + "srli t6, " #rs1 ", 1\n\t" \ + "slli t4, " #rs1 ", 56\n\t" \ + "or t6, t6, t5\n\t" \ + "srli t5, " #rs1 ", 8\n\t" \ + "xor t6, t6, t4\n\t" \ + "srli " #rd ", " #rs1 ", 7\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" + +/* SHA-512 SIGMA1 operation. */ +#define SHA512SIG1(rd, rs1) \ + "slli t5, " #rs1 ", 45\n\t" \ + "srli t6, " #rs1 ", 19\n\t" \ + "slli t4, " #rs1 ", 3\n\t" \ + "or t6, t6, t5\n\t" \ + "srli t5, " #rs1 ", 61\n\t" \ + "xor t6, t6, t4\n\t" \ + "srli " #rd ", " #rs1 ", 6\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Sigma1(e) */ \ + SHA512SUM1(a4, e) \ + /* Sigma0(a) */ \ + SHA512SUM0(a5, a) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* sigma1 + Ch */ \ + "add t4, a4, t6\n\t" \ + /* K + W */ \ + "add t6, " #k ", " #w "\n\t" \ + /* sigma1 + Ch + K + W = 't0'-h */ \ + "add t4, t4, t6\n\t" \ + /* h + sigma1 + Ch + K + W = 't0' = h */ \ + "add " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "add t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "add " #d ", " #d ", " #h "\n\t" \ + /* h += 't1' */ \ + "add " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_14) \ + /* Gamma0(W[1]) */ \ + SHA512SIG0(a4, w1) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA512SIG1(a5, w14) \ + /* Gamma1(W[14]) + W[9] */ \ + "add a5, a5, " #w9 "\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", " #w0 ", a4\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", a5, " #w0 "\n\t" + + +#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */ + +#define RND2_W(a, b, c, d, e, f, g, h, o, w2o, w9o, w10o) \ + /* Get k[i] */ \ + "ld a6, " #o "(%[k])\n\t" \ + /* Get k[i+1] */ \ + "ld a7, " #o "+8(%[k])\n\t" \ + RND(a, b, c, d, e, f, g, h, s1, a6) \ + /* Get W[1] */ \ + "ld s2, " #o "+8(sp)\n\t" \ + /* Get W[9] */ \ + "ld s3, " #w9o "(sp)\n\t" \ + W_UPDATE(s1, s2, s3, s4, REG_S1, REG_S2, REG_S3, REG_S4) \ + RND(h, a, b, c, d, e, f, g, s2, a7) \ + "mv s4, s1\n\t" \ + /* Get W[2] */ \ + "ld s1, " #w2o "(sp)\n\t" \ + /* Get W[10] */ \ + "ld s3, " #w10o "(sp)\n\t" \ + W_UPDATE(s2, s1, s3, s5, REG_S2, REG_S1, REG_S3, REG_S5) \ + "sd s4, " #o "(sp)\n\t" \ + "mv s5, s2\n\t" \ + "sd s2, " #o "+8(sp)\n\t" + +/* Sixteen rounds of compression with message scheduling. */ +#define RND16() \ + RND2_W(t0, t1, t2, t3, s8, s9, s10, s11, 0, 16, 72, 80) \ + RND2_W(s10, s11, t0, t1, t2, t3, s8, s9, 16, 32, 88, 96) \ + RND2_W(s8, s9, s10, s11, t0, t1, t2, t3, 32, 48, 104, 112) \ + RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 48, 64, 120, 0) \ + RND2_W(t0, t1, t2, t3, s8, s9, s10, s11, 64, 80, 8, 16) \ + RND2_W(s10, s11, t0, t1, t2, t3, s8, s9, 80, 96, 24, 32) \ + RND2_W(s8, s9, s10, s11, t0, t1, t2, t3, 96, 112, 40, 48) \ + RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 112, 0, 56, 64) + +#define RND2(a, b, c, d, e, f, g, h, o) \ + /* Get k[i] */ \ + "ld a6, " #o "(%[k])\n\t" \ + /* Get W[0] */ \ + "ld s1, " #o "(sp)\n\t" \ + RND(a, b, c, d, e, f, g, h, s1, a6) \ + /* Get k[i] */ \ + "ld a6, " #o "+8(%[k])\n\t" \ + /* Get W[1] */ \ + "ld s1, " #o "+8(sp)\n\t" \ + RND(h, a, b, c, d, e, f, g, s1, a6) + +/* Sixteen rounds of compression only. */ +#define RND16_LAST() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, 0) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, 16) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, 32) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, 48) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, 64) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, 80) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, 96) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, 112) + +/* Transform the message data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static WC_INLINE void Sha512Transform(wc_Sha512* sha512, const byte* data, + word32 blocks) +{ + word64* k = (word64*)K512; + + __asm__ __volatile__ ( + "addi sp, sp, -128\n\t" + + /* Load digest. */ + "ld t0, 0(%[digest])\n\t" + "ld t1, 8(%[digest])\n\t" + "ld t2, 16(%[digest])\n\t" + "ld t3, 24(%[digest])\n\t" + "ld s8, 32(%[digest])\n\t" + "ld s9, 40(%[digest])\n\t" + "ld s10, 48(%[digest])\n\t" + "ld s11, 56(%[digest])\n\t" + + /* 5 rounds of 16 per block - 4 loops of 16 and 1 final 16. */ + "slli %[blocks], %[blocks], 2\n\t" + + "\n1:\n\t" + /* beginning of SHA512 block operation */ + /* Load W */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(t4, 0, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 8, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7) +#else + "ld t4, 0(%[data])\n\t" + "ld s1, 8(%[data])\n\t" + "ld s2, 16(%[data])\n\t" + "ld s3, 24(%[data])\n\t" + "ld s4, 32(%[data])\n\t" + "ld s5, 40(%[data])\n\t" + "ld s6, 48(%[data])\n\t" + "ld s7, 56(%[data])\n\t" + REV8(REG_T4, REG_T4) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + "sd t4, 0(sp)\n\t" + "sd s1, 8(sp)\n\t" + "sd s2, 16(sp)\n\t" + "sd s3, 24(sp)\n\t" + "sd s4, 32(sp)\n\t" + "sd s5, 40(sp)\n\t" + "sd s6, 48(sp)\n\t" + "sd s7, 56(sp)\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(t4, 64, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 72, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 80, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 88, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 96, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 104, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 112, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 120, %[data], a4, a5, a6, a7) +#else + "ld t4, 64(%[data])\n\t" + "ld s1, 72(%[data])\n\t" + "ld s2, 80(%[data])\n\t" + "ld s3, 88(%[data])\n\t" + "ld s4, 96(%[data])\n\t" + "ld s5, 104(%[data])\n\t" + "ld s6, 112(%[data])\n\t" + "ld s7, 120(%[data])\n\t" + REV8(REG_T4, REG_T4) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + "sd t4, 64(sp)\n\t" + "sd s1, 72(sp)\n\t" + "sd s2, 80(sp)\n\t" + "sd s3, 88(sp)\n\t" + "sd s4, 96(sp)\n\t" + "sd s5, 104(sp)\n\t" + "sd s6, 112(sp)\n\t" + "sd s7, 120(sp)\n\t" + + "\n2:\n\t" + /* Get W[0] */ + "ld s1, 0(sp)\n\t" + /* Get W[14] */ + "ld s4, 112(sp)\n\t" + /* Get W[15] */ + "ld s5, 120(sp)\n\t" + "addi %[blocks], %[blocks], -1\n\t" + RND16() + "andi a4, %[blocks], 3\n\t" + "add %[k], %[k], 128\n\t" + "bnez a4, 2b \n\t" + RND16_LAST() + "addi %[k], %[k], -512\n\t" + + "# Add working vars back into digest state.\n\t" + "ld t4, 0(%[digest])\n\t" + "ld s1, 8(%[digest])\n\t" + "ld s2, 16(%[digest])\n\t" + "ld s3, 24(%[digest])\n\t" + "ld s4, 32(%[digest])\n\t" + "ld s5, 40(%[digest])\n\t" + "ld s6, 48(%[digest])\n\t" + "ld s7, 56(%[digest])\n\t" + "add t0, t0, t4\n\t" + "add t1, t1, s1\n\t" + "add t2, t2, s2\n\t" + "add t3, t3, s3\n\t" + "add s8, s8, s4\n\t" + "add s9, s9, s5\n\t" + "add s10, s10, s6\n\t" + "add s11, s11, s7\n\t" + + /* Store digest. */ + "sd t0, 0(%[digest])\n\t" + "sd t1, 8(%[digest])\n\t" + "sd t2, 16(%[digest])\n\t" + "sd t3, 24(%[digest])\n\t" + "sd s8, 32(%[digest])\n\t" + "sd s9, 40(%[digest])\n\t" + "sd s10, 48(%[digest])\n\t" + "sd s11, 56(%[digest])\n\t" + + "add %[data], %[data], 128\n\t" + "bnez %[blocks], 1b \n\t" + + "addi sp, sp, 128\n\t" + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha512->digest) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", + "s11" + ); +} + +#else + +/* Two rounds of compression using low two W values. + * Assumes K has been added into W values. + */ +#define VSHA2CL_VV(vd, vs1, vs2) \ + ASM_WORD((0b101111 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Two rounds of compression using upper two W values. + * Assumes K has been added into W values. + */ +#define VSHA2CH_VV(vd, vs1, vs2) \ + ASM_WORD((0b101110 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Update 4 W values - message scheduling. */ +#define VSHA2MS_VV(vd, vs1, vs2) \ + ASM_WORD((0b101101 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +#define RND4(w0, w2, w4, w6, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V14, w0, k) \ + VMV_X_S(REG_T1, w2) \ + VSHA2CL_VV(REG_V10, REG_V14, REG_V8) \ + VMV_V_V(REG_V12, w4) \ + VSHA2CH_VV(REG_V8, REG_V14, REG_V10) \ + /* Update 4 W values - message schedule. */ \ + VMV_S_X(REG_V12, REG_T1) \ + VSHA2MS_VV(w0, w6, REG_V12) + +#define RND4_LAST(w, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V14, w, k) \ + VSHA2CL_VV(REG_V10, REG_V14, REG_V8) \ + VSHA2CH_VV(REG_V8, REG_V14, REG_V10) + +#define RND16(k) \ + RND4(REG_V0, REG_V2, REG_V4, REG_V6, (k + 0)) \ + RND4(REG_V2, REG_V4, REG_V6, REG_V0, (k + 2)) \ + RND4(REG_V4, REG_V6, REG_V0, REG_V2, (k + 4)) \ + RND4(REG_V6, REG_V0, REG_V2, REG_V4, (k + 6)) + +#define RND16_LAST(k) \ + RND4_LAST(REG_V0, (k + 0)) \ + RND4_LAST(REG_V2, (k + 2)) \ + RND4_LAST(REG_V4, (k + 4)) \ + RND4_LAST(REG_V6, (k + 6)) + +/* Transform the message data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static void Sha512Transform(wc_Sha512* sha512, const byte* data, + word32 blocks) +{ + word64* k = (word64*)K512; + + __asm__ __volatile__ ( + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + + /* Load: a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 + */ + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V8, REG_T0) + + "\n1:\n\t" + VMVR_V(REG_V28, REG_V8, 4) + + /* Load 16 W into 8 vectors of 2 64-bit words. */ + "mv t0, %[data]\n\t" + VL8RE64_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V2, REG_V2) + VREV8(REG_V4, REG_V4) + VREV8(REG_V6, REG_V6) + + "mv t0, %[k]\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 128\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 256\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 384\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 512\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16_LAST(REG_V16) + + VADD_VV(REG_V8, REG_V8, REG_V28) + VADD_VV(REG_V10, REG_V10, REG_V30) + + "addi %[blocks], %[blocks], -1\n\t" + "add %[data], %[data], 128\n\t" + "bnez %[blocks], 1b \n\t" + + "mv t0, %[digest]\n\t" + VS4R_V(REG_V8, REG_T0) + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha512->digest) + : "cc", "memory", "t0", "t1" + ); +} + +#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +/* Update the hash with data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + */ +static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, + word32 len) +{ + word32 add; + word32 blocks; + + /* only perform actions if a buffer is passed in */ + if (len > 0) { + AddLength(sha512, len); + + if (sha512->buffLen > 0) { + /* fill leftover buffer with data */ + add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen); + XMEMCPY((byte*)(sha512->buffer) + sha512->buffLen, data, add); + sha512->buffLen += add; + data += add; + len -= add; + if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) { + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + sha512->buffLen = 0; + } + } + + /* number of blocks in a row to complete */ + blocks = len / WC_SHA512_BLOCK_SIZE; + + if (blocks > 0) { + Sha512Transform(sha512, data, blocks); + data += blocks * WC_SHA512_BLOCK_SIZE; + len -= blocks * WC_SHA512_BLOCK_SIZE; + } + + if (len > 0) { + /* copy over any remaining data leftover */ + XMEMCPY(sha512->buffer, data, len); + sha512->buffLen = len; + } + } + + /* account for possibility of not used if len = 0 */ + (void)add; + (void)blocks; + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Length of hash to write out. + */ +static WC_INLINE void Sha512Final(wc_Sha512* sha512, byte* hash, int hashLen) +{ + byte* local; + byte hashBuf[WC_SHA512_DIGEST_SIZE]; + byte* hashRes = hash; + + if (hashLen < WC_SHA512_DIGEST_SIZE) { + hashRes = hashBuf; + } + + local = (byte*)sha512->buffer; + local[sha512->buffLen++] = 0x80; /* add 1 */ + + /* pad with zeros */ + if (sha512->buffLen > WC_SHA512_PAD_SIZE) { + XMEMSET(&local[sha512->buffLen], 0, + WC_SHA512_BLOCK_SIZE - sha512->buffLen); + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + sha512->buffLen = 0; + } + XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen); + + /* put lengths in bits */ + sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) + + (sha512->hiLen << 3); + sha512->loLen = sha512->loLen << 3; + + sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen; + sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; + + /* store lengths */ + __asm__ __volatile__ ( + /* Reverse byte order of 64-bit words. */ +#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t0, 112(%[buff])\n\t" + "ld t1, 120(%[buff])\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) +#else + LOAD_DWORD_REV(t0, 112, %[buff], t2, t3, t4, t5) + LOAD_DWORD_REV(t1, 120, %[buff], t2, t3, t4, t5) +#endif + "sd t0, 112(%[buff])\n\t" + "sd t1, 120(%[buff])\n\t" + : + : [buff] "r" (sha512->buffer) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5" + ); + + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + + __asm__ __volatile__ ( + /* Reverse byte order of 64-bit words. */ +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V4, REG_T0) + VREV8(REG_V4, REG_V4) + VREV8(REG_V6, REG_V6) + VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000) + /* e|f, a|b, g|h, c|d + * 1 0 1 0 1 0 1 0 */ + VSLIDEDOWN_VI(REG_V0, REG_V5, 1) /* a */ + VSLIDEDOWN_VI(REG_V1, REG_V7, 1) /* c */ + VSLIDEDOWN_VI(REG_V2, REG_V4, 1) /* e */ + VSLIDEDOWN_VI(REG_V3, REG_V6, 1) /* g */ + VSLIDEUP_VI(REG_V0, REG_V5, 1) + VSLIDEUP_VI(REG_V1, REG_V7, 1) + VSLIDEUP_VI(REG_V2, REG_V4, 1) + VSLIDEUP_VI(REG_V3, REG_V6, 1) + "mv t0, %[hash]\n\t" + VS4R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V2, REG_V2) + "mv t0, %[hash]\n\t" + VS4R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t0, 0(%[digest])\n\t" + "ld t1, 8(%[digest])\n\t" + "ld t2, 16(%[digest])\n\t" + "ld t3, 24(%[digest])\n\t" + "ld s8, 32(%[digest])\n\t" + "ld s9, 40(%[digest])\n\t" + "ld s10, 48(%[digest])\n\t" + "ld s11, 56(%[digest])\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + REV8(REG_T2, REG_T2) + REV8(REG_T3, REG_T3) + REV8(REG_S8, REG_S8) + REV8(REG_S9, REG_S9) + REV8(REG_S10, REG_S10) + REV8(REG_S11, REG_S11) + "sd t0, 0(%[hash])\n\t" + "sd t1, 8(%[hash])\n\t" + "sd t2, 16(%[hash])\n\t" + "sd t3, 24(%[hash])\n\t" + "sd s8, 32(%[hash])\n\t" + "sd s9, 40(%[hash])\n\t" + "sd s10, 48(%[hash])\n\t" + "sd s11, 56(%[hash])\n\t" +#else + LOAD_DWORD_REV(t0, 0, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t1, 8, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t2, 16, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t3, 24, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s8, 32, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s9, 40, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s10, 48, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s11, 56, %[digest], a4, a5, a6, a7) + "sd t0, 0(%[hash])\n\t" + "sd t1, 8(%[hash])\n\t" + "sd t2, 16(%[hash])\n\t" + "sd t3, 24(%[hash])\n\t" + "sd s8, 32(%[hash])\n\t" + "sd s9, 40(%[hash])\n\t" + "sd s10, 48(%[hash])\n\t" + "sd s11, 56(%[hash])\n\t" +#endif + : + : [digest] "r" (sha512->digest), [hash] "r" (hashRes) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "s8", "s9", "s10", "s11", "a4", "a5", "a6", "a7" + ); + + if (hashRes == hashBuf) { + XMEMCPY(hash, hashBuf, hashLen); + } +} + + +#ifndef NO_SHA512 + +/* Initialize SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + */ +int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_State(sha512); + } + return ret; +} + +/* Initialize SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + */ +int wc_InitSha512(wc_Sha512* sha512) +{ + return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID); +} + +/* Free the SHA-512 hash. + * + * @param [in] sha512 SHA-512 object. + */ +void wc_Sha512Free(wc_Sha512* sha512) +{ + /* No dynamic memory allocated. */ + (void)sha512; +} + +/* Update the hash with data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || ((data == NULL) && (len != 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha512Update(sha512, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Length of hash to write out. + */ +static void Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int hashLen) +{ + word32 digest[WC_SHA512_DIGEST_SIZE / sizeof(word32)]; + + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, hashLen); +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE); + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_State(sha512); + } + + return ret; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-512 object. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags) +{ + /* Check we have an object to use. */ + if (sha512 != NULL) { + sha512->flags = flags; + } + return 0; +} +/* Get flags of SHA-512 object. + * + * @param [in] sha512 SHA-512 object. + * @param [out] flags Flags from SHA-512 object. + * @return 0 on success. + */ +int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha512 != NULL) && (flags != NULL)) { + *flags = sha512->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-512 object. + * + * @param [in] src SHA-512 object to copy. + * @param [out] dst SHA-512 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha512)); + } + + return ret; +} + +#ifdef OPENSSL_EXTRA +/* Update the hash with one block of data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or data is NULL. + */ +int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + ByteReverseWords(sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE); + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) +/* Update the hash with one block of data and optionally get hash. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [out] hash Buffer to hold hash. May be NULL. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or data is NULL. + */ +int wc_Sha512HashBlock(wc_Sha512* sha512, const unsigned char* data, + unsigned char* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Hash block. */ + Sha512Transform(sha512, data, 1); + + if (hash != NULL) { + /* Reverse bytes in digest. */ + word32* hash32 = (word32*)hash; + word32* digest = (word32*)sha512->digest; + hash32[0] = ByteReverseWord32(digest[0]); + hash32[1] = ByteReverseWord32(digest[1]); + hash32[2] = ByteReverseWord32(digest[2]); + hash32[3] = ByteReverseWord32(digest[3]); + hash32[4] = ByteReverseWord32(digest[4]); + hash32[5] = ByteReverseWord32(digest[5]); + hash32[6] = ByteReverseWord32(digest[6]); + hash32[7] = ByteReverseWord32(digest[7]); + /* Reset state. */ + #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = 0x6A09E667L; + sha512->digest[1] = 0xBB67AE85L; + sha512->digest[2] = 0x3C6EF372L; + sha512->digest[3] = 0xA54FF53AL; + sha512->digest[4] = 0x510E527FL; + sha512->digest[5] = 0x9B05688CL; + sha512->digest[6] = 0x1F83D9ABL; + sha512->digest[7] = 0x5BE0CD19L; + #else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = 0x9B05688CL; + sha512->digest[1] = 0x510E527FL; + sha512->digest[2] = 0xBB67AE85L; + sha512->digest[3] = 0x6A09E667L; + sha512->digest[4] = 0x5BE0CD19L; + sha512->digest[5] = 0x1F83D9ABL; + sha512->digest[6] = 0xA54FF53AL; + sha512->digest[7] = 0x3C6EF372L; + #endif + } + } + + return ret; +} +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + +#if !defined(WOLFSSL_NOSHA512_224) + +int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_224_State(sha512); + } + return ret; +} +int wc_InitSha512_224(wc_Sha512* sha512) +{ + return wc_InitSha512_224_ex(sha512, NULL, INVALID_DEVID); +} +int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + return wc_Sha512Update(sha512, data, len); +} +int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_224_DIGEST_SIZE); + } + + return ret; +} +int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_224_State(sha512); + } + + return ret; +} +void wc_Sha512_224Free(wc_Sha512* sha512) +{ + wc_Sha512Free(sha512); +} +int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_224_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} +int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return wc_Sha512Copy(src, dst); +} + +#ifdef WOLFSSL_HASH_FLAGS +int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags) +{ + return wc_Sha512SetFlags(sha512, flags); +} +int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags) +{ + return wc_Sha512GetFlags(sha512, flags); +} +#endif /* WOLFSSL_HASH_FLAGS */ + +#if defined(OPENSSL_EXTRA) +int wc_Sha512_224Transform(wc_Sha512* sha512, const unsigned char* data) +{ + return wc_Sha512Transform(sha512, data); +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) + +int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_256_State(sha512); + } + return ret; +} +int wc_InitSha512_256(wc_Sha512* sha512) +{ + return wc_InitSha512_256_ex(sha512, NULL, INVALID_DEVID); +} +int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + return wc_Sha512Update(sha512, data, len); +} +int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_256_DIGEST_SIZE); + } + + return ret; +} +int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_256_State(sha512); + } + + return ret; +} +void wc_Sha512_256Free(wc_Sha512* sha512) +{ + wc_Sha512Free(sha512); +} +int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_256_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} +int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return wc_Sha512Copy(src, dst); +} + +#ifdef WOLFSSL_HASH_FLAGS +int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags) +{ + return wc_Sha512SetFlags(sha512, flags); +} +int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags) +{ + return wc_Sha512GetFlags(sha512, flags); +} +#endif /* WOLFSSL_HASH_FLAGS */ + +#if defined(OPENSSL_EXTRA) +int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data) +{ + return wc_Sha512Transform(sha512, data); +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !WOLFSSL_NOSHA512_224 */ + +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +#endif /* !NO_SHA512 */ + + +#ifdef WOLFSSL_SHA384 + +/* Initialze SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + */ +static void InitSha384(wc_Sha384* sha384) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8); + sha384->digest[1] = W64LIT(0x629a292a367cd507); + sha384->digest[2] = W64LIT(0x9159015a3070dd17); + sha384->digest[3] = W64LIT(0x152fecd8f70e5939); + sha384->digest[4] = W64LIT(0x67332667ffc00b31); + sha384->digest[5] = W64LIT(0x8eb44a8768581511); + sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7); + sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4); +#else + /* f, e, b, a, h, g, d, c */ + sha384->digest[0] = W64LIT(0x8eb44a8768581511); + sha384->digest[1] = W64LIT(0x67332667ffc00b31); + sha384->digest[2] = W64LIT(0x629a292a367cd507); + sha384->digest[3] = W64LIT(0xcbbb9d5dc1059ed8); + sha384->digest[4] = W64LIT(0x47b5481dbefa4fa4); + sha384->digest[5] = W64LIT(0xdb0c2e0d64f98fa7); + sha384->digest[6] = W64LIT(0x152fecd8f70e5939); + sha384->digest[7] = W64LIT(0x9159015a3070dd17); +#endif + + /* No hashed data. */ + sha384->buffLen = 0; + /* No data hashed. */ + sha384->loLen = 0; + sha384->hiLen = 0; +} + +/* Initialize SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + */ +int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) +{ + int ret = InitSha512(sha384, heap, devId); + if (ret == 0) { + InitSha384(sha384); + } + return ret; +} + +/* Initialize SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + */ +int wc_InitSha384(wc_Sha384* sha384) +{ + return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID); +} + +/* Update the hash with data. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha384 == NULL) || ((data == NULL) && (len > 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha512Update((wc_Sha512 *)sha384, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384Final(wc_Sha384* sha384, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha384 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final((wc_Sha512*)sha384, hash, WC_SHA384_DIGEST_SIZE); + /* Restart SHA-384 object for next hash. */ + InitSha384(sha384); + } + + return ret; +} + +/* Free the SHA-384 hash. + * + * @param [in] sha384 SHA-384 object. + */ +void wc_Sha384Free(wc_Sha384* sha384) +{ + /* No dynamic memory allocated. */ + (void)sha384; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha384 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha384 tmpSha384; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha384Copy(sha384, &tmpSha384); + if (ret == 0) { + /* Finalize copy. */ + ret = wc_Sha384Final(&tmpSha384, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-384 object. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags) +{ + /* Check we have an object to use. */ + if (sha384 != NULL) { + sha384->flags = flags; + } + return 0; +} +/* Get flags of SHA-384 object. + * + * @param [in] sha384 SHA-384 object. + * @param [out] flags Flags from SHA-384 object. + * @return 0 on success. + */ +int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha384 != NULL) && (flags != NULL)) { + *flags = sha384->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-384 object. + * + * @param [in] src SHA-384 object to copy. + * @param [out] dst SHA-384 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha384)); + } + + return ret; +} + +#endif /* WOLFSSL_SHA384 */ + +#endif /* !NO_SHA512 || WOLFSSL_SHA384 */ +#endif /* WOLFSSL_RISCV_ASM */ diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c index 63e633d73f..db4f0701eb 100644 --- a/wolfcrypt/src/port/silabs/silabs_aes.c +++ b/wolfcrypt/src/port/silabs/silabs_aes.c @@ -1,6 +1,6 @@ /* silabs_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c index 6dbb28589e..2c59137ceb 100644 --- a/wolfcrypt/src/port/silabs/silabs_ecc.c +++ b/wolfcrypt/src/port/silabs/silabs_ecc.c @@ -1,6 +1,6 @@ /* silabs_ecc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/silabs/silabs_hash.c b/wolfcrypt/src/port/silabs/silabs_hash.c index f0bb1110a1..093bae9bbb 100644 --- a/wolfcrypt/src/port/silabs/silabs_hash.c +++ b/wolfcrypt/src/port/silabs/silabs_hash.c @@ -1,6 +1,6 @@ /* silabs_hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/silabs/silabs_random.c b/wolfcrypt/src/port/silabs/silabs_random.c index c66ef67c39..26bfad6e72 100644 --- a/wolfcrypt/src/port/silabs/silabs_random.c +++ b/wolfcrypt/src/port/silabs/silabs_random.c @@ -1,6 +1,6 @@ /* silabs_random.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index 83497af2cc..343e3a7f35 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -1,6 +1,6 @@ /* stm32.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -303,12 +303,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, int ret = 0; byte* local = (byte*)stmCtx->buffer; int wroteToFifo = 0; - const word32 fifoSz = (STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE); word32 chunkSz; #ifdef DEBUG_STM32_HASH - printf("STM Hash Update: algo %x, len %d, blockSz %d\n", - algo, len, blockSize); + printf("STM Hash Update: algo %x, len %d, buffLen %d, fifoBytes %d\n", + algo, len, stmCtx->buffLen, stmCtx->fifoBytes); #endif (void)blockSize; @@ -323,40 +322,27 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, /* restore hash context or init as new hash */ wc_Stm32_Hash_RestoreContext(stmCtx, algo); - chunkSz = fifoSz; -#ifdef STM32_HASH_FIFO_WORKAROUND - /* if FIFO already has bytes written then fill remainder first */ - if (stmCtx->fifoBytes > 0) { - chunkSz -= stmCtx->fifoBytes; - stmCtx->fifoBytes = 0; - } -#endif - /* write blocks to FIFO */ while (len) { - word32 add = min(len, chunkSz - stmCtx->buffLen); + word32 add; + + /* fill the FIFO plus one additional to flush the block */ + chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE); + /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */ + chunkSz -= (stmCtx->fifoBytes & + ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1)); + + add = min(len, chunkSz - stmCtx->buffLen); XMEMCPY(&local[stmCtx->buffLen], data, add); stmCtx->buffLen += add; data += add; len -= add; - #ifdef STM32_HASH_FIFO_WORKAROUND - /* We cannot leave the FIFO full and do save/restore - * the last must be large enough to flush block from FIFO */ - if (stmCtx->buffLen + len <= fifoSz * 2) { - chunkSz = fifoSz + STM32_HASH_REG_SIZE; - } - #endif - if (stmCtx->buffLen == chunkSz) { wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen); wroteToFifo = 1; - #ifdef STM32_HASH_FIFO_WORKAROUND - if (chunkSz > fifoSz) - stmCtx->fifoBytes = chunkSz - fifoSz; - chunkSz = fifoSz; - #endif + stmCtx->fifoBytes += chunkSz; } } @@ -380,7 +366,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, int ret = 0; #ifdef DEBUG_STM32_HASH - printf("STM Hash Final: algo %x, digestSz %d\n", algo, digestSize); + printf("STM Hash Final: algo %x, digestSz %d, buffLen %d, fifoBytes %d\n", + algo, digestSize, stmCtx->buffLen, stmCtx->fifoBytes); #endif /* turn on hash clock */ diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c index ebe0727332..fad4e8ee5c 100644 --- a/wolfcrypt/src/port/st/stsafe.c +++ b/wolfcrypt/src/port/st/stsafe.c @@ -1,6 +1,6 @@ /* stsafe.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -539,7 +539,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) &otherKeyY[0], (word32*)&otherKeyY_len); if (rc == 0) { /* Compute shared secret */ - *info->pk.ecdh.outlen = 0; + *info->pk.ecdh.outlen = 0; rc = stsafe_interface_shared_secret( #ifdef WOLFSSL_STSAFE_TAKES_SLOT STSAFE_A_SLOT_0, @@ -559,7 +559,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_ECC */ /* need to return negative here for error */ - if (rc != 0 && rc != CRYPTOCB_UNAVAILABLE) { + if (rc != 0 && rc != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { WOLFSSL_MSG("STSAFE: CryptoCb failed"); #ifdef USE_STSAFE_VERBOSE STSAFE_INTERFACE_PRINTF("STSAFE: CryptoCb failed %d\n", rc); diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 18feb969ef..8dcd10abce 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -1,6 +1,6 @@ /* port/ti/ti-aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -465,7 +465,7 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, &M, &L); - if (ret == BAD_FUNC_ARG) { + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { return ret; } @@ -545,9 +545,9 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } exit: - if (in_save) XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (out_save) XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -565,7 +565,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, &M, &L); - if (ret == BAD_FUNC_ARG) { + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { return ret; } @@ -645,9 +645,9 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } exit: - if (in_save) XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (out_save) XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c index 1b4a26590c..a8692e86f4 100644 --- a/wolfcrypt/src/port/ti/ti-ccm.c +++ b/wolfcrypt/src/port/ti/ti-ccm.c @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c index 47ef04a4b1..de343ebce1 100644 --- a/wolfcrypt/src/port/ti/ti-des3.c +++ b/wolfcrypt/src/port/ti/ti-des3.c @@ -1,6 +1,6 @@ /* port/ti/ti-des.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c index 0077e96dab..16be736384 100644 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -1,6 +1,6 @@ /* port/ti/ti-hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -203,7 +203,7 @@ WOLFSSL_API int wc_Md5GetHash(Md5* md5, byte* hash) WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst) { - return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); + return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); } WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte* hash) @@ -249,7 +249,7 @@ WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash) WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst) { - return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); + return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst); } WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte* hash) diff --git a/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/wolfcrypt/src/port/xilinx/xil-aesgcm.c index e2dfc8af43..6fdea35459 100644 --- a/wolfcrypt/src/port/xilinx/xil-aesgcm.c +++ b/wolfcrypt/src/port/xilinx/xil-aesgcm.c @@ -1,6 +1,6 @@ /* xil-aesgcm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -87,9 +87,9 @@ static WC_INLINE int aligned_xmalloc(byte** buf, byte** aligned, void* heap, wor static WC_INLINE void aligned_xfree(void* buf, void* heap) { - if (buf == NULL) - return; - XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) + return; + XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); } static WC_INLINE int check_keysize(word32 len) diff --git a/wolfcrypt/src/port/xilinx/xil-sha3.c b/wolfcrypt/src/port/xilinx/xil-sha3.c index 0d440916b2..8c9bbb921f 100644 --- a/wolfcrypt/src/port/xilinx/xil-sha3.c +++ b/wolfcrypt/src/port/xilinx/xil-sha3.c @@ -1,6 +1,6 @@ /* xil-sha3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/xilinx/xil-versal-glue.c b/wolfcrypt/src/port/xilinx/xil-versal-glue.c index ed90fd4fc8..3ee87e1749 100644 --- a/wolfcrypt/src/port/xilinx/xil-versal-glue.c +++ b/wolfcrypt/src/port/xilinx/xil-versal-glue.c @@ -1,6 +1,6 @@ /* xil-versal-glue.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,7 +78,7 @@ int wc_InitXsecure(wc_Xsecure* xsec) /** Convert Xilinx specific error to string - err The error to convert + err The error to convert Returns a pointer to a string (always, never returns NULL). */ diff --git a/wolfcrypt/src/port/xilinx/xil-versal-trng.c b/wolfcrypt/src/port/xilinx/xil-versal-trng.c index a8a7c2a565..9aac5bcd81 100644 --- a/wolfcrypt/src/port/xilinx/xil-versal-trng.c +++ b/wolfcrypt/src/port/xilinx/xil-versal-trng.c @@ -1,6 +1,6 @@ /* xil-versal-trng.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -134,7 +134,7 @@ int wc_VersalTrngInit(byte* nonce, word32 nonceSz) .PersStrPresent = XTRNGPSV_FALSE }; #endif - int ret = WC_HW_E; + int ret = WC_NO_ERR_TRACE(WC_HW_E); XTrngpsv_Config *cfg; sword32 xret = 0; if (trng.State == XTRNGPSV_HEALTHY) { @@ -142,22 +142,29 @@ int wc_VersalTrngInit(byte* nonce, word32 nonceSz) } cfg = XTrngpsv_LookupConfig(WOLFSSL_PSV_TRNG_DEV_ID); if (!cfg) { + ret = WC_HW_E; WOLFSSL_MSG("Could not lookup TRNG config"); goto out; } xret = XTrngpsv_CfgInitialize(&trng, cfg, cfg->BaseAddress); - if (xret) + if (xret) { + ret = WC_HW_E; goto out; + } xret = versal_trng_selftest(); - if (xret) + if (xret) { + ret = WC_HW_E; goto out; + } #if !defined(HAVE_HASHDRBG) if (nonce) usercfg_add_nonce(&user_cfg, nonce, nonceSz); #endif xret = XTrngpsv_Instantiate(&trng, &user_cfg); - if (xret) + if (xret) { + ret = WC_HW_E; goto out; + } ret = 0; diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 8be0c64e82..fb06dcef6e 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,6 +28,16 @@ #ifndef NO_PWDBASED +#if FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + + #ifdef USE_WINDOWS_API + #pragma code_seg(".fipsA$h") + #pragma const_seg(".fipsB$h") + #endif +#endif + #include #include #include @@ -41,6 +51,17 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + #ifdef DEBUG_WOLFSSL + #include + #endif + const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000010 }; + int wolfCrypt_FIPS_PBKDF_sanity(void) + { + return 0; + } +#endif #ifdef HAVE_PBKDF1 @@ -165,6 +186,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int hashType) { + return wc_PBKDF1_ex(output, kLen, NULL, 0, passwd, pLen, salt, sLen, iterations, hashType, NULL); } @@ -191,6 +213,24 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt, return BAD_FUNC_ARG; } +#if FIPS_VERSION3_GE(6,0,0) + /* Per SP800-132 section 5 "The kLen value shall be at least 112 bits in + * length", ensure the returned bits for the derived master key are at a + * minimum 14-bytes or 112-bits after stretching and strengthening + * (iterations) */ + if (kLen < HMAC_FIPS_MIN_KEY) + return BAD_LENGTH_E; +#endif + +#if FIPS_VERSION3_GE(6,0,0) && defined(DEBUG_WOLFSSL) + /* SP800-132 section 5.2 recommends an iteration count of 1000 but this is + * not strictly enforceable and is listed in Appendix B Table 1 as a + * non-testable requirement. wolfCrypt will log it when appropriate but + * take no action */ + if (iterations < 1000) { + WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 section 5.2"); + } +#endif if (iterations <= 0) iterations = 1; @@ -214,7 +254,17 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt, if (ret == 0) { word32 i = 1; /* use int hashType here, since HMAC FIPS uses the old unique value */ + #if FIPS_VERSION3_GE(6,0,0) + { + /* Allow passwords that are less than 14-bytes for compatibility + * / interoperability, only since module v6.0.0 */ + int allowShortPasswd = 1; + ret = wc_HmacSetKey_ex(hmac, hashType, passwd, (word32)pLen, + allowShortPasswd); + } + #else ret = wc_HmacSetKey(hmac, hashType, passwd, (word32)pLen); + #endif while (ret == 0 && kLen) { int currentLen; @@ -538,16 +588,11 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, #ifdef WOLFSSL_SMALL_STACK out: - if (Ai != NULL) - XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B != NULL) - XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B1 != NULL) - XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (i1 != NULL) - XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (res != NULL) - XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (dynamic) @@ -809,12 +854,9 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen, WC_SHA256); end: - if (blocks != NULL) - XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (v != NULL) - XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (y != NULL) - XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 5e97e91048..822f069f7f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,8 +50,8 @@ This library contains implementation for the random number generator. #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$c") - #pragma const_seg(".fipsB$c") + #pragma code_seg(".fipsA$i") + #pragma const_seg(".fipsB$i") #endif #endif @@ -110,7 +110,7 @@ This library contains implementation for the random number generator. #include #include #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) -#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" + #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" #elif defined(NO_DEV_RANDOM) #elif defined(CUSTOM_RAND_GENERATE) #elif defined(CUSTOM_RAND_GENERATE_BLOCK) @@ -126,6 +126,9 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_PB) #elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_TELIT_M2MB) +#elif defined(WOLFSSL_RENESAS_TSIP) + /* for wc_tsip_GenerateRandBlock */ + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) @@ -153,6 +156,15 @@ This library contains implementation for the random number generator. #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000011 }; + int wolfCrypt_FIPS_DRBG_sanity(void) + { + return 0; + } +#endif + #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) || \ defined(HAVE_AMD_RDSEED) static word32 intel_flags = 0; @@ -582,7 +594,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen dIdx = (int)dLen - 1; for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)(d[dIdx] + s[sIdx]); + carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]); d[dIdx] = (byte)carry; carry >>= 8; dIdx--; @@ -613,6 +625,9 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz) } if (drbg->reseedCtr == RESEED_INTERVAL) { +#if FIPS_VERSION3_GE(6,0,0) + printf("Reseed triggered\n"); +#endif return DRBG_NEED_RESEED; } else { @@ -1458,7 +1473,7 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) Entropy_StopThread(); #endif - if (ret != BAD_MUTEX_E) { + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { /* Unlock mutex now we are done. */ wc_UnLockMutex(&entropy_mutex); } @@ -1474,7 +1489,7 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. * @return BAD_MUTEX_E when unable to lock mutex. */ -int wc_Entropy_OnDemandTest() +int wc_Entropy_OnDemandTest(void) { int ret = 0; @@ -1490,7 +1505,7 @@ int wc_Entropy_OnDemandTest() ret = Entropy_HealthTest_Startup(); } - if (ret != BAD_MUTEX_E) { + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { /* Unlock mutex now we are done. */ wc_UnLockMutex(&entropy_mutex); } @@ -1502,7 +1517,7 @@ int wc_Entropy_OnDemandTest() * @return 0 on success. * @return Negative on failure. */ -int Entropy_Init() +int Entropy_Init(void) { int ret = 0; @@ -1539,7 +1554,7 @@ int Entropy_Init() /* Finalize the data associated with the MemUse Entropy source. */ -void Entropy_Final() +void Entropy_Final(void) { /* Only finalize when initialized. */ if (entropy_memuse_initialized) { @@ -1856,7 +1871,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) #endif { ret = wc_CryptoCb_RandomBlock(rng, output, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -2664,7 +2679,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif { ret = wc_CryptoCb_RandomSeed(os, output, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -3464,7 +3479,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } /* driver could be waiting for entropy */ - if (ret != RAN_BLOCK_E && ret != 0) { + if (ret != WC_NO_ERR_TRACE(RAN_BLOCK_E) && ret != 0) { return ret; } #ifndef WOLFSSL_IMXRT1170_CAAM @@ -3640,6 +3655,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_RENESAS_TSIP) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_tsip_GenerateRandBlock(output, sz); + } + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #include "hal_data.h" @@ -3719,25 +3742,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(WOLFSSL_ZEPHYR) - #include + #include #if KERNEL_VERSION_NUMBER >= 0x30500 #include #else - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #endif #ifndef _POSIX_C_SOURCE - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #else #include #endif - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - sys_rand_get(output, sz); - return 0; - } + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + sys_rand_get(output, sz); + return 0; + } #elif defined(WOLFSSL_TELIT_M2MB) @@ -3889,14 +3920,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { - int ret = WC_HW_E; + int ret = WC_NO_ERR_TRACE(WC_HW_E); #ifndef WOLF_CRYPTO_CB_FIND if (os->devId != INVALID_DEVID) #endif { ret = wc_CryptoCb_RandomSeed(os, output, sz); - if (ret == CRYPTOCB_UNAVAILABLE) { + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { ret = WC_HW_E; } } @@ -3934,7 +3965,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif { ret = wc_CryptoCb_RandomSeed(os, output, sz); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; /* reset error code */ diff --git a/wolfcrypt/src/rc2.c b/wolfcrypt/src/rc2.c index 3839d4941e..67dc7d68f3 100644 --- a/wolfcrypt/src/rc2.c +++ b/wolfcrypt/src/rc2.c @@ -1,6 +1,6 @@ /* rc2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c index 9402c70bea..36cca1b3e6 100644 --- a/wolfcrypt/src/ripemd.c +++ b/wolfcrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index cca20c0d3b..4c7d3a0e89 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,15 +35,13 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #ifndef NO_RSA -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - +#if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$e") - #pragma const_seg(".fipsB$e") + #pragma code_seg(".fipsA$j") + #pragma const_seg(".fipsB$j") #endif #endif @@ -108,6 +106,14 @@ RSA Key Size Configuration: #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_rsa_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000012 }; + int wolfCrypt_FIPS_RSA_sanity(void) + { + return 0; + } +#endif enum { RSA_STATE_NONE = 0, @@ -121,22 +127,25 @@ enum { RSA_STATE_DECRYPT_RES }; - static void wc_RsaCleanup(RsaKey* key) { -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC) - if (key && key->data) { +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) + if (key != NULL) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY + /* if private operation zero temp buffer */ + if ((key->data != NULL && key->dataLen > 0) && + (key->type == RSA_PRIVATE_DECRYPT || + key->type == RSA_PRIVATE_ENCRYPT)) { + ForceZero(key->data, key->dataLen); + } + #endif /* make sure any allocated memory is free'd */ if (key->dataIsAlloc) { - #ifndef WOLFSSL_RSA_PUBLIC_ONLY - if (key->type == RSA_PRIVATE_DECRYPT || - key->type == RSA_PRIVATE_ENCRYPT) { - ForceZero(key->data, key->dataLen); - } - #endif XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT); key->dataIsAlloc = 0; } + key->data = NULL; key->dataLen = 0; } @@ -148,29 +157,21 @@ static void wc_RsaCleanup(RsaKey* key) int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { int ret = 0; -#if defined(HAVE_PKCS11) - int isPkcs11 = 0; -#endif if (key == NULL) { return BAD_FUNC_ARG; } -#if defined(HAVE_PKCS11) - if (key->isPkcs11) { - isPkcs11 = 1; - } -#endif - XMEMSET(key, 0, sizeof(RsaKey)); key->type = RSA_TYPE_UNKNOWN; key->state = RSA_STATE_NONE; key->heap = heap; -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC) +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) key->dataIsAlloc = 0; - key->data = NULL; #endif + key->data = NULL; key->dataLen = 0; #ifdef WC_RSA_BLINDING key->rng = NULL; @@ -188,19 +189,18 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) #endif #ifdef WC_ASYNC_ENABLE_RSA - #if defined(HAVE_PKCS11) - if (!isPkcs11) + #ifdef WOLF_CRYPTO_CB + /* prefer crypto callback */ + if (key->devId != INVALID_DEVID) #endif - { - /* handle as async */ - ret = wolfAsync_DevCtxInit(&key->asyncDev, - WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId); - if (ret != 0) - return ret; - } + { + /* handle as async */ + ret = wolfAsync_DevCtxInit(&key->asyncDev, + WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId); + if (ret != 0) + return ret; + } #endif /* WC_ASYNC_ENABLE_RSA */ -#elif defined(HAVE_PKCS11) - (void)isPkcs11; #endif /* WOLFSSL_ASYNC_CRYPT */ #ifndef WOLFSSL_RSA_PUBLIC_ONLY @@ -273,14 +273,6 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, ret = BAD_FUNC_ARG; if (ret == 0 && (len < 0 || len > RSA_MAX_ID_LEN)) ret = BUFFER_E; - -#if defined(HAVE_PKCS11) - if (ret == 0) { - XMEMSET(key, 0, sizeof(RsaKey)); - key->isPkcs11 = 1; - } -#endif - if (ret == 0) ret = wc_InitRsaKey_ex(key, heap, devId); if (ret == 0 && id != NULL && len != 0) { @@ -310,14 +302,6 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId) if (labelLen == 0 || labelLen > RSA_MAX_LABEL_LEN) ret = BUFFER_E; } - -#if defined(HAVE_PKCS11) - if (ret == 0) { - XMEMSET(key, 0, sizeof(RsaKey)); - key->isPkcs11 = 1; - } -#endif - if (ret == 0) ret = wc_InitRsaKey_ex(key, heap, devId); if (ret == 0) { @@ -389,9 +373,7 @@ int wc_InitRsaHw(RsaKey* key) } /* check for existing mod buffer to avoid memory leak */ - if (key->mod != NULL) { - XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); - } + XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); key->pubExp = e; key->mod = m; @@ -648,13 +630,13 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) #ifdef WOLFSSL_ASYNC_CRYPT /* Do blocking async calls here, caller does not support WC_PENDING_E */ do { - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); if (ret >= 0) #endif ret = wc_RsaSSL_Sign((const byte*)msg, msgLen, sig, sigLen, key, rng); #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif if (ret > 0) { @@ -662,13 +644,13 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) #ifdef WOLFSSL_ASYNC_CRYPT /* Do blocking async calls here, caller does not support WC_PENDING_E */ do { - if (ret == WC_PENDING_E) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); if (ret >= 0) #endif ret = wc_RsaSSL_VerifyInline(sig, sigLen, &plain, key); #ifdef WOLFSSL_ASYNC_CRYPT - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif } @@ -689,13 +671,17 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) int wc_CheckRsaKey(RsaKey* key) { - DECL_MP_INT_SIZE_DYN(tmp, mp_bitsused(&key->n), RSA_MAX_SIZE); #ifdef WOLFSSL_SMALL_STACK WC_RNG *rng = NULL; #else WC_RNG rng[1]; #endif int ret = 0; + DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE); + + if (key == NULL) { + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_CAAM /* can not perform these checks on an encrypted key */ @@ -727,11 +713,6 @@ int wc_CheckRsaKey(RsaKey* key) ret = MP_INIT_E; } - if (ret == 0) { - if (key == NULL) - ret = BAD_FUNC_ARG; - } - if (ret == 0) ret = _ifc_pairwise_consistency_test(key, rng); @@ -1805,7 +1786,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, byte padValue) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); word16 i; if (output == NULL || pkcsBlockLen < 2 || pkcsBlockLen > 0xFFFF) { @@ -2161,9 +2142,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #endif } - if (d != NULL) { - XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); - } + XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); } #endif break; @@ -2794,7 +2773,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #ifdef WOLFSSL_HAVE_SP_RSA ret = RsaFunction_SP(in, inLen, out, outLen, type, key, rng); - if (ret != WC_KEY_SIZE_E) + if (ret != WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) return ret; #endif /* WOLFSSL_HAVE_SP_RSA */ @@ -2948,7 +2927,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, key->dataLen = *outSz; ret = wc_RsaFunction(in, inLen, out, &key->dataLen, type, key, rng); - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { key->state = (type == RSA_PRIVATE_ENCRYPT || type == RSA_PUBLIC_ENCRYPT) ? RSA_STATE_ENCRYPT_RES: RSA_STATE_DECRYPT_RES; @@ -3146,12 +3125,12 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, { ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng); #ifndef WOLF_CRYPTO_CB_ONLY_RSA - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable and try using software */ #endif #ifdef WOLF_CRYPTO_CB_ONLY_RSA - if (ret == CRYPTOCB_UNAVAILABLE) { + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { return NO_VALID_DEVID; } return ret; @@ -3203,7 +3182,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, && ret != FP_WOULDBLOCK #endif ) { - if (ret == MP_EXPTMOD_E) { + if (ret == WC_NO_ERR_TRACE(MP_EXPTMOD_E)) { /* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */ WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem"); } @@ -3339,8 +3318,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, if (key->devId != INVALID_DEVID) { /* SCE supports 1024 and 2048 bits */ ret = wc_CryptoCb_Rsa(in, inLen, out, - outLen, rsa_type, key, rng); - if (ret != CRYPTOCB_UNAVAILABLE) + &outLen, rsa_type, key, rng); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; /* reset error code and try using software */ @@ -3365,7 +3344,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, ret = wc_RsaFunction(out, (word32)sz, out, &key->dataLen, rsa_type, key, rng); - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { key->state = RSA_STATE_ENCRYPT_RES; } if (ret < 0) { @@ -3425,7 +3404,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, byte* label, word32 labelSz, int saltLen, WC_RNG* rng) { - int ret = RSA_WRONG_TYPE_E; + int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E); byte* pad = NULL; if (in == NULL || inLen == 0 || out == NULL || key == NULL) { @@ -3496,8 +3475,8 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Rsa(in, inLen, out, - outLen, rsa_type, key, rng); - if (ret != CRYPTOCB_UNAVAILABLE) + &outLen, rsa_type, key, rng); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; /* reset error code and try using software */ @@ -3525,6 +3504,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, break; } XMEMCPY(key->data, in, inLen); + key->dataLen = inLen; } else { key->dataIsAlloc = 0; @@ -3546,7 +3526,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, rng, pad_type != WC_RSA_OAEP_PAD); #endif - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { key->state = RSA_STATE_DECRYPT_UNPAD; } if (ret < 0) { @@ -3558,13 +3538,13 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, case RSA_STATE_DECRYPT_UNPAD: #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ !defined(WOLFSSL_NO_MALLOC) - ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type, - hash, mgf, label, labelSz, saltLen, - mp_count_bits(&key->n), key->heap); + ret = wc_RsaUnPad_ex(key->data, + key->dataLen, &pad, pad_value, pad_type, hash, mgf, + label, labelSz, saltLen, mp_count_bits(&key->n), key->heap); #else - ret = wc_RsaUnPad_ex(out, key->dataLen, &pad, pad_value, pad_type, hash, - mgf, label, labelSz, saltLen, - mp_count_bits(&key->n), key->heap); + ret = wc_RsaUnPad_ex(out, + key->dataLen, &pad, pad_value, pad_type, hash, mgf, label, + labelSz, saltLen, mp_count_bits(&key->n), key->heap); #endif if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen) { ret = RSA_BUFFER_E; @@ -4033,7 +4013,10 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig, /* Sig = Salt | Exp Hash */ if (ret == 0) { - if (sigSz != inSz + (word32)saltLen) { + word32 totalSz; + if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) || + (sigSz != totalSz)) + { ret = PSS_SALTLEN_E; } } @@ -4259,7 +4242,7 @@ int wc_RsaEncryptSize(const RsaKey* key) #ifdef WOLF_CRYPTO_CB if (ret == 0 && key->devId != INVALID_DEVID) { - if (wc_CryptoCb_RsaGetSize(key, &ret) == CRYPTOCB_UNAVAILABLE) { + if (wc_CryptoCb_RsaGetSize(key, &ret) == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { ret = 2048/8; /* hardware handles, use 2048-bit as default */ } } @@ -4326,7 +4309,7 @@ int wc_RsaExportKey(RsaKey* key, byte* d, word32* dSz, byte* p, word32* pSz, byte* q, word32* qSz) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key && e && eSz && n && nSz && d && dSz && p && pSz && q && qSz) ret = 0; @@ -4531,7 +4514,8 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, if (q != NULL) { int valid = 0; - /* 5.4 - check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */ + /* 5.4 (186-4) 5.5 (186-5) - + * check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */ ret = wc_CompareDiffPQ(p, q, nlen, &valid); if ((ret != MP_OKAY) || (!valid)) goto notOkay; prime = q; @@ -4539,14 +4523,15 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, else prime = p; - /* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1)) + /* 4.4,5.5 (186-4) 4.4,5.4 (186-5) - + * Check that prime >= (2^(1/2))(2^((nlen/2)-1)) * This is a comparison against lowerBound */ ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16); if (ret != MP_OKAY) goto notOkay; ret = mp_cmp(prime, tmp1); if (ret == MP_LT) goto exit; - /* 4.5,5.6 - Check that GCD(p-1, e) == 1 */ + /* 4.5,5.6 (186-4 & 186-5) - Check that GCD(p-1, e) == 1 */ ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */ if (ret != MP_OKAY) goto notOkay; #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -4785,12 +4770,12 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); #ifndef WOLF_CRYPTO_CB_ONLY_RSA - if (err != CRYPTOCB_UNAVAILABLE) + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) goto out; /* fall-through when unavailable */ #endif #ifdef WOLF_CRYPTO_CB_ONLY_RSA - if (err == CRYPTOCB_UNAVAILABLE) + if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) err = NO_VALID_DEVID; goto out; } @@ -5096,16 +5081,13 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) #ifdef WOLFSSL_SMALL_STACK - if (p) + if (key != NULL) { XFREE(p, key->heap, DYNAMIC_TYPE_RSA); - if (q) XFREE(q, key->heap, DYNAMIC_TYPE_RSA); - if (tmp1) XFREE(tmp1, key->heap, DYNAMIC_TYPE_RSA); - if (tmp2) XFREE(tmp2, key->heap, DYNAMIC_TYPE_RSA); - if (tmp3) XFREE(tmp3, key->heap, DYNAMIC_TYPE_RSA); + } #elif defined(WOLFSSL_CHECK_MEM_ZERO) mp_memzero_check(p); mp_memzero_check(q); @@ -5167,4 +5149,115 @@ int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, word32 cpuMHz) #endif /* WC_RSA_NONBLOCK_TIME */ #endif /* WC_RSA_NONBLOCK */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) +/* + * Calculate y = d mod(x-1) + */ +static int CalcDX(mp_int* y, mp_int* x, mp_int* d) +{ + int err; +#ifndef WOLFSSL_SMALL_STACK + mp_int m[1]; +#else + mp_int* m = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_WOLF_BIGINT); + if (m == NULL) + return MEMORY_E; +#endif + + err = mp_init(m); + if (err == MP_OKAY) { + err = mp_sub_d(x, 1, m); + if (err == MP_OKAY) + err = mp_mod(d, m, y); + mp_forcezero(m); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_WOLF_BIGINT); +#endif + + return err; +} +#endif + +int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz, + const byte* e, word32 eSz, const byte* d, word32 dSz, + const byte* u, word32 uSz, const byte* p, word32 pSz, + const byte* q, word32 qSz, const byte* dP, word32 dPSz, + const byte* dQ, word32 dQSz, RsaKey* key) +{ + int err = MP_OKAY; + + if (n == NULL || nSz == 0 || e == NULL || eSz == 0 + || d == NULL || dSz == 0 || p == NULL || pSz == 0 + || q == NULL || qSz == 0 || key == NULL) { + err = BAD_FUNC_ARG; + } + +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + if (err == MP_OKAY) { + if ((u == NULL || uSz == 0) + || (dP != NULL && dPSz == 0) + || (dQ != NULL && dQSz == 0)) { + err = BAD_FUNC_ARG; + } + } +#else + (void)u; + (void)uSz; + (void)dP; + (void)dPSz; + (void)dQ; + (void)dQSz; +#endif + + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->n, n, nSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->e, e, eSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->d, d, dSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->p, p, pSz); + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->q, q, qSz); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + if (err == MP_OKAY) + err = mp_read_unsigned_bin(&key->u, u, uSz); + if (err == MP_OKAY) { + if (dP != NULL) + err = mp_read_unsigned_bin(&key->dP, dP, dPSz); + else + err = CalcDX(&key->dP, &key->p, &key->d); + } + if (err == MP_OKAY) { + if (dQ != NULL) + err = mp_read_unsigned_bin(&key->dQ, dQ, dQSz); + else + err = CalcDX(&key->dQ, &key->q, &key->d); + } +#endif + + if (err == MP_OKAY) { + key->type = RSA_PRIVATE; + } + else { + mp_clear(&key->n); + mp_clear(&key->e); + mp_clear(&key->d); + mp_clear(&key->p); + mp_clear(&key->q); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + mp_clear(&key->u); + mp_clear(&key->dP); + mp_clear(&key->dQ); +#endif + } + + return err; +} +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + #endif /* NO_RSA */ diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index eb0f932f1d..a3407ed737 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -1,6 +1,6 @@ /* sakke.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -327,14 +327,18 @@ static int sakke_load_base_point(SakkeKey* key) static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res, int map) { - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SP_1024 if ((key->ecc.idx != ECC_CUSTOM_IDX) && (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) { err = sp_ecc_mulmod_base_1024(n, res, map, key->heap); } + else #endif + { + err = NOT_COMPILED_IN; + } return err; } @@ -353,14 +357,18 @@ static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res, static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n, const ecc_point* a, ecc_point* res, int map) { - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SP_1024 if ((key->ecc.idx != ECC_CUSTOM_IDX) && (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) { err = sp_ecc_mulmod_base_add_1024(n, a, 0, res, map, key->heap); } + else #endif + { + err = NOT_COMPILED_IN; + } return err; } @@ -440,7 +448,7 @@ static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n, ecc_point* a, static int sakke_mulmod_point(SakkeKey* key, const mp_int* n, const ecc_point* p, byte* table, ecc_point* res, int map) { - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SP_1024 if ((key->ecc.idx != ECC_CUSTOM_IDX) && @@ -452,7 +460,11 @@ static int sakke_mulmod_point(SakkeKey* key, const mp_int* n, err = sp_ecc_mulmod_table_1024(n, p, table, res, map, key->heap); } } + else #endif + { + err = NOT_COMPILED_IN; + } return err; } @@ -1351,7 +1363,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk, static int sakke_pairing(const SakkeKey* key, const ecc_point* p, const ecc_point* q, mp_int* r, const byte* table, word32 len) { - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SP_1024 if ((key->ecc.idx != ECC_CUSTOM_IDX) && @@ -1363,6 +1375,9 @@ static int sakke_pairing(const SakkeKey* key, const ecc_point* p, err = sp_Pairing_precomp_1024(p, q, r, table, len); } } + else { + err = NOT_COMPILED_IN; + } #else (void)key; (void)p; @@ -1370,6 +1385,7 @@ static int sakke_pairing(const SakkeKey* key, const ecc_point* p, (void)r; (void)table; (void)len; + err = NOT_COMPILED_IN; #endif return err; @@ -2523,14 +2539,18 @@ int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz) static int sakke_modexp(const SakkeKey* key, const mp_int* b, mp_int* e, mp_int* r) { - int err = NOT_COMPILED_IN; + int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SP_1024 if ((key->ecc.idx != ECC_CUSTOM_IDX) && (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) { err = sp_ModExp_Fp_star_1024(b, e, r); } + else #endif + { + err = NOT_COMPILED_IN; + } return err; } @@ -6551,7 +6571,7 @@ int wc_SetSakkePointITable(SakkeKey* key, byte* table, word32 len) #ifdef WOLFSSL_HAVE_SP_ECC if (err == 0) { err = sp_ecc_gen_table_1024(key->i.i, NULL, &sz, NULL); - if (err == LENGTH_ONLY_E) { + if (err == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { err = 0; } } diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 69990791fd..44db748225 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,13 +36,13 @@ #if !defined(NO_SHA) -#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$j") - #pragma const_seg(".fipsB$j") + #pragma code_seg(".fipsA$k") + #pragma const_seg(".fipsB$k") #endif #endif @@ -118,6 +118,14 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000013 }; + int wolfCrypt_FIPS_SHA_sanity(void) + { + return 0; + } +#endif /* Hardware Acceleration */ #if defined(WOLFSSL_PIC32MZ_HASH) @@ -433,7 +441,7 @@ static WC_INLINE void AddLength(wc_Sha* sha, word32 len) #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y)))) #define f4(x,y,z) ((x)^(y)^(z)) - #ifdef WOLFSSL_NUCLEUS_1_2 + #if defined(WOLFSSL_NUCLEUS_1_2) || defined(NUCLEUS_PLUS_2_3) /* nucleus.h also defines R1-R4 */ #undef R1 #undef R2 @@ -598,7 +606,7 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) #ifdef WOLF_CRYPTO_CB if (sha->devId != INVALID_DEVID) { ret = wc_CryptoCb_ShaHash(sha, data, len, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; ret = 0; /* reset ret */ /* fall-through when unavailable */ @@ -817,7 +825,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) #ifdef WOLF_CRYPTO_CB if (sha->devId != INVALID_DEVID) { ret = wc_CryptoCb_ShaHash(sha, NULL, 0, hash); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1050,10 +1058,8 @@ void wc_ShaFree(wc_Sha* sha) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \ defined(WOLFSSL_RENESAS_RX64_HASH) - if (sha->msg != NULL) { - XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); - sha->msg = NULL; - } + XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); + sha->msg = NULL; #endif #ifdef WOLFSSL_IMXRT_DCP DCPShaFree(sha); diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 8c9b10ea6e..180a6c044b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -63,16 +63,16 @@ on the specific device platform. #endif -#if !defined(NO_SHA256) && (!defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_NEON)) +#if !defined(NO_SHA256) && !(defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_ARMASM_NO_NEON)) && !defined(WOLFSSL_RISCV_ASM) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$d") - #pragma const_seg(".fipsB$d") + #pragma code_seg(".fipsA$l") + #pragma const_seg(".fipsB$l") #endif #endif @@ -141,6 +141,14 @@ on the specific device platform. #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA256_sanity(void) + { + return 0; + } +#endif #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) #if defined(__GNUC__) && ((__GNUC__ < 4) || \ @@ -195,8 +203,12 @@ on the specific device platform. #if defined(LITTLE_ENDIAN_ORDER) && \ defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) - #define SHA256_UPDATE_REV_BYTES(ctx) \ - (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA256_UPDATE_REV_BYTES(ctx) (sha256->sha_method == SHA256_C) + #else + #define SHA256_UPDATE_REV_BYTES(ctx) \ + (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif #elif defined(FREESCALE_MMCAU_SHA) #define SHA256_UPDATE_REV_BYTES(ctx) 0 /* reverse not needed on update */ #else @@ -220,6 +232,15 @@ on the specific device platform. (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \ !defined(WOLFSSL_RENESAS_RX64_HASH) +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + #define SHA256_SETTRANSFORM_ARGS int *sha_method +#else + #define SHA256_SETTRANSFORM_ARGS void +#endif +static void Sha256_SetTransform(SHA256_SETTRANSFORM_ARGS); +#endif static int InitSha256(wc_Sha256* sha256) { @@ -245,6 +266,17 @@ static int InitSha256(wc_Sha256* sha256) sha256->used = 0; #endif +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + /* choose best Transform function under this runtime environment */ +#ifdef WC_C_DYNAMIC_FALLBACK + sha256->sha_method = 0; + Sha256_SetTransform(&sha256->sha_method); +#else + Sha256_SetTransform(); +#endif +#endif + #ifdef WOLF_CRYPTO_CB sha256->devId = wc_CryptoCb_DefaultDevID(); #endif @@ -363,25 +395,205 @@ static int InitSha256(wc_Sha256* sha256) } /* extern "C" */ #endif + static word32 intel_flags = 0; + +#if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS) + #define WC_NO_INTERNAL_FUNCTION_POINTERS +#endif + +#ifdef WC_NO_INTERNAL_FUNCTION_POINTERS + + enum sha_methods { SHA256_UNSET = 0, SHA256_AVX1_SHA, SHA256_AVX2, + SHA256_AVX1_RORX, SHA256_AVX1_NOSHA, SHA256_AVX2_RORX, + SHA256_SSE2, SHA256_C }; + +#ifndef WC_C_DYNAMIC_FALLBACK + static enum sha_methods sha_method = SHA256_UNSET; +#endif + + static void Sha256_SetTransform(SHA256_SETTRANSFORM_ARGS) + { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (*sha_method) + #else + #define SHA_METHOD sha_method + #endif + if (SHA_METHOD != SHA256_UNSET) + return; + + #ifdef WC_C_DYNAMIC_FALLBACK + if (! CAN_SAVE_VECTOR_REGISTERS()) { + SHA_METHOD = SHA256_C; + return; + } + #endif + + if (intel_flags == 0) + intel_flags = cpuid_get_flags(); + + if (IS_INTEL_SHA(intel_flags)) { + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + SHA_METHOD = SHA256_AVX1_SHA; + } + else + #endif + { + SHA_METHOD = SHA256_SSE2; + } + } + else + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + #ifdef HAVE_INTEL_RORX + if (IS_INTEL_BMI2(intel_flags)) { + SHA_METHOD = SHA256_AVX2_RORX; + } + else + #endif + { + SHA_METHOD = SHA256_AVX2; + } + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + #ifdef HAVE_INTEL_RORX + if (IS_INTEL_BMI2(intel_flags)) { + SHA_METHOD = SHA256_AVX1_RORX; + } + else + #endif + { + SHA_METHOD = SHA256_AVX1_NOSHA; + } + } + else + #endif + { + SHA_METHOD = SHA256_C; + } + #undef SHA_METHOD + } + + static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (S->sha_method) + #else + #define SHA_METHOD sha_method + #endif + int ret; + + if (SHA_METHOD == SHA256_C) + return Transform_Sha256(S, D); + SAVE_VECTOR_REGISTERS(return _svr_ret;); + switch (SHA_METHOD) { + case SHA256_AVX2: + ret = Transform_Sha256_AVX2(S, D); + break; + case SHA256_AVX2_RORX: + ret = Transform_Sha256_AVX2_RORX(S, D); + break; + case SHA256_AVX1_SHA: + ret = Transform_Sha256_AVX1_Sha(S, D); + break; + case SHA256_AVX1_NOSHA: + ret = Transform_Sha256_AVX1(S, D); + break; + case SHA256_AVX1_RORX: + ret = Transform_Sha256_AVX1_RORX(S, D); + break; + case SHA256_SSE2: + ret = Transform_Sha256_SSE2_Sha(S, D); + break; + case SHA256_C: + case SHA256_UNSET: + default: + ret = Transform_Sha256(S, D); + break; + } + RESTORE_VECTOR_REGISTERS(); + return ret; + #undef SHA_METHOD + } +#define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__) + + static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (S->sha_method) + #else + #define SHA_METHOD sha_method + #endif + int ret; + SAVE_VECTOR_REGISTERS(return _svr_ret;); + switch (SHA_METHOD) { + case SHA256_AVX2: + ret = Transform_Sha256_AVX2_Len(S, D, L); + break; + case SHA256_AVX2_RORX: + ret = Transform_Sha256_AVX2_RORX_Len(S, D, L); + break; + case SHA256_AVX1_SHA: + ret = Transform_Sha256_AVX1_Sha_Len(S, D, L); + break; + case SHA256_AVX1_NOSHA: + ret = Transform_Sha256_AVX1_Len(S, D, L); + break; + case SHA256_AVX1_RORX: + ret = Transform_Sha256_AVX1_RORX_Len(S, D, L); + break; + case SHA256_SSE2: + ret = Transform_Sha256_SSE2_Sha_Len(S, D, L); + break; + case SHA256_C: + case SHA256_UNSET: + default: + ret = 0; + break; + } + RESTORE_VECTOR_REGISTERS(); + return ret; + #undef SHA_METHOD + } +#define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__) + +#else /* !WC_NO_INTERNAL_FUNCTION_POINTERS */ + static int (*Transform_Sha256_p)(wc_Sha256* sha256, const byte* data); /* = _Transform_Sha256 */ static int (*Transform_Sha256_Len_p)(wc_Sha256* sha256, const byte* data, word32 len); /* = NULL */ static int transform_check = 0; - static word32 intel_flags; static int Transform_Sha256_is_vectorized = 0; static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) { int ret; + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha256_is_vectorized) + SAVE_VECTOR_REGISTERS(return _svr_ret;); + #endif ret = (*Transform_Sha256_p)(S, D); + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha256_is_vectorized) + RESTORE_VECTOR_REGISTERS(); + #endif return ret; } #define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__) static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) { int ret; + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha256_is_vectorized) + SAVE_VECTOR_REGISTERS(return _svr_ret;); + #endif ret = (*Transform_Sha256_Len_p)(S, D, L); + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha256_is_vectorized) + RESTORE_VECTOR_REGISTERS(); + #endif return ret; } #define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__) @@ -455,6 +667,8 @@ static int InitSha256(wc_Sha256* sha256) transform_check = 1; } +#endif /* !WC_NO_INTERNAL_FUNCTION_POINTERS */ + #if !defined(WOLFSSL_KCAPI_HASH) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { @@ -475,9 +689,6 @@ static int InitSha256(wc_Sha256* sha256) if (ret != 0) return ret; - /* choose best Transform function under this runtime environment */ - Sha256_SetTransform(); - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) ret = wolfAsync_DevCtxInit(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256, sha256->heap, devId); @@ -620,7 +831,14 @@ static int InitSha256(wc_Sha256* sha256) { int ret = 0; - if (sha256 == NULL || (data == NULL && len > 0)) { + if (sha256 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { return BAD_FUNC_ARG; } @@ -671,6 +889,17 @@ static int InitSha256(wc_Sha256* sha256) int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) { + if (sha256 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + return se050_hash_update(&sha256->se050Ctx, data, len); } @@ -1154,7 +1383,15 @@ static int InitSha256(wc_Sha256* sha256) #ifdef XTRANSFORM_LEN #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha256->sha_method != SHA256_C) + #elif defined(WC_NO_INTERNAL_FUNCTION_POINTERS) + if (sha_method != SHA256_C) + #else if (Transform_Sha256_Len_p != NULL) + #endif + #endif { if (len >= WC_SHA256_BLOCK_SIZE) { @@ -1262,7 +1499,7 @@ static int InitSha256(wc_Sha256* sha256) #endif { int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1390,8 +1627,12 @@ static int InitSha256(wc_Sha256* sha256) /* Kinetis requires only these bytes reversed */ #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha256->sha_method != SHA256_C) + #else if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) #endif + #endif { ByteReverseWords( &sha256->buffer[WC_SHA256_PAD_SIZE / sizeof(word32)], @@ -1459,7 +1700,7 @@ static int InitSha256(wc_Sha256* sha256) #endif { ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1735,11 +1976,19 @@ static int InitSha256(wc_Sha256* sha256) sha224->loLen = 0; sha224->hiLen = 0; + #ifdef WC_C_DYNAMIC_FALLBACK + sha224->sha_method = 0; + #endif + #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) /* choose best Transform function under this runtime environment */ + #ifdef WC_C_DYNAMIC_FALLBACK + Sha256_SetTransform(&sha224->sha_method); + #else Sha256_SetTransform(); #endif + #endif #ifdef WOLFSSL_HASH_FLAGS sha224->flags = 0; #endif @@ -2247,7 +2496,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) ret = wc_Sha256Copy(sha256, tmpSha256); if (ret == 0) { ret = wc_Sha256Final(tmpSha256, hash); - wc_Sha256Free(tmpSha256); /* TODO move outside brackets? */ + wc_Sha256Free(tmpSha256); } diff --git a/wolfcrypt/src/sha256_asm.S b/wolfcrypt/src/sha256_asm.S index 3f7f6cf24a..2f2bfde578 100644 --- a/wolfcrypt/src/sha256_asm.S +++ b/wolfcrypt/src/sha256_asm.S @@ -1,6 +1,6 @@ /* sha256_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -92,6 +92,7 @@ Transform_Sha256_SSE2_Sha: .p2align 4 _Transform_Sha256_SSE2_Sha: #endif /* __APPLE__ */ + leaq L_sse2_sha256_sha_k(%rip), %rdx movdqa L_sse2_sha256_shuf_mask(%rip), %xmm10 movq (%rdi), %xmm1 movq 8(%rdi), %xmm2 @@ -108,14 +109,14 @@ _Transform_Sha256_SSE2_Sha: movdqa %xmm2, %xmm9 # Rounds: 0-3 movdqa %xmm3, %xmm0 - paddd 0+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd (%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 # Rounds: 4-7 pshufb %xmm10, %xmm4 movdqa %xmm4, %xmm0 - paddd 16+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 16(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256msg1 %xmm4, %xmm3 @@ -123,7 +124,7 @@ _Transform_Sha256_SSE2_Sha: # Rounds: 8-11 pshufb %xmm10, %xmm5 movdqa %xmm5, %xmm0 - paddd 32+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 32(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256msg1 %xmm5, %xmm4 @@ -131,7 +132,7 @@ _Transform_Sha256_SSE2_Sha: # Rounds: 12-15 pshufb %xmm10, %xmm6 movdqa %xmm6, %xmm0 - paddd 48+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 48(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -142,7 +143,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 16-19 movdqa %xmm3, %xmm0 - paddd 64+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 64(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -153,7 +154,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 20-23 movdqa %xmm4, %xmm0 - paddd 80+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 80(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -164,7 +165,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 24-27 movdqa %xmm5, %xmm0 - paddd 96+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 96(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -175,7 +176,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 28-31 movdqa %xmm6, %xmm0 - paddd 112+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 112(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -186,7 +187,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 32-35 movdqa %xmm3, %xmm0 - paddd 128+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 128(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -197,7 +198,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 36-39 movdqa %xmm4, %xmm0 - paddd 144+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 144(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -208,7 +209,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 40-43 movdqa %xmm5, %xmm0 - paddd 160+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 160(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -219,7 +220,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 44-47 movdqa %xmm6, %xmm0 - paddd 176+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 176(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -230,7 +231,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 48-51 movdqa %xmm3, %xmm0 - paddd 192+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 192(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -241,7 +242,7 @@ _Transform_Sha256_SSE2_Sha: sha256rnds2 %xmm2, %xmm1 # Rounds: 52-63 movdqa %xmm4, %xmm0 - paddd 208+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 208(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -250,7 +251,7 @@ _Transform_Sha256_SSE2_Sha: pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 movdqa %xmm5, %xmm0 - paddd 224+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 224(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -259,7 +260,7 @@ _Transform_Sha256_SSE2_Sha: pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 movdqa %xmm6, %xmm0 - paddd 240+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 240(%rdx), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 @@ -289,6 +290,7 @@ Transform_Sha256_SSE2_Sha_Len: .p2align 4 _Transform_Sha256_SSE2_Sha_Len: #endif /* __APPLE__ */ + leaq L_sse2_sha256_sha_k(%rip), %rax movdqa L_sse2_sha256_shuf_mask(%rip), %xmm10 movq (%rdi), %xmm1 movq 8(%rdi), %xmm2 @@ -307,14 +309,14 @@ L_sha256_sha_len_sse2_start: movdqa %xmm2, %xmm9 # Rounds: 0-3 movdqa %xmm3, %xmm0 - paddd 0+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd (%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 # Rounds: 4-7 pshufb %xmm10, %xmm4 movdqa %xmm4, %xmm0 - paddd 16+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 16(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256msg1 %xmm4, %xmm3 @@ -322,7 +324,7 @@ L_sha256_sha_len_sse2_start: # Rounds: 8-11 pshufb %xmm10, %xmm5 movdqa %xmm5, %xmm0 - paddd 32+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 32(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256msg1 %xmm5, %xmm4 @@ -330,7 +332,7 @@ L_sha256_sha_len_sse2_start: # Rounds: 12-15 pshufb %xmm10, %xmm6 movdqa %xmm6, %xmm0 - paddd 48+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 48(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -341,7 +343,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 16-19 movdqa %xmm3, %xmm0 - paddd 64+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 64(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -352,7 +354,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 20-23 movdqa %xmm4, %xmm0 - paddd 80+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 80(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -363,7 +365,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 24-27 movdqa %xmm5, %xmm0 - paddd 96+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 96(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -374,7 +376,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 28-31 movdqa %xmm6, %xmm0 - paddd 112+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 112(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -385,7 +387,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 32-35 movdqa %xmm3, %xmm0 - paddd 128+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 128(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -396,7 +398,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 36-39 movdqa %xmm4, %xmm0 - paddd 144+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 144(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -407,7 +409,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 40-43 movdqa %xmm5, %xmm0 - paddd 160+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 160(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -418,7 +420,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 44-47 movdqa %xmm6, %xmm0 - paddd 176+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 176(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm6, %xmm7 palignr $4, %xmm5, %xmm7 @@ -429,7 +431,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 48-51 movdqa %xmm3, %xmm0 - paddd 192+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 192(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm3, %xmm7 palignr $4, %xmm6, %xmm7 @@ -440,7 +442,7 @@ L_sha256_sha_len_sse2_start: sha256rnds2 %xmm2, %xmm1 # Rounds: 52-63 movdqa %xmm4, %xmm0 - paddd 208+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 208(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm4, %xmm7 palignr $4, %xmm3, %xmm7 @@ -449,7 +451,7 @@ L_sha256_sha_len_sse2_start: pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 movdqa %xmm5, %xmm0 - paddd 224+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 224(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 movdqa %xmm5, %xmm7 palignr $4, %xmm4, %xmm7 @@ -458,7 +460,7 @@ L_sha256_sha_len_sse2_start: pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 movdqa %xmm6, %xmm0 - paddd 240+L_sse2_sha256_sha_k(%rip), %xmm0 + paddd 240(%rax), %xmm0 sha256rnds2 %xmm1, %xmm2 pshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 @@ -555,7 +557,9 @@ _Transform_Sha256_AVX1: pushq %r13 pushq %r14 pushq %r15 + pushq %rbp subq $0x40, %rsp + leaq L_avx1_sha256_k(%rip), %rbp vmovdqa L_avx1_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx1_sha256_shuf_00BA(%rip), %xmm11 vmovdqa L_avx1_sha256_shuf_DC00(%rip), %xmm12 @@ -580,12 +584,12 @@ _Transform_Sha256_AVX1: movl %r12d, %edx xorl %r10d, %ebx # set_w_k_xfer_4: 0 - vpaddd 0+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 16+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd (%rbp), %xmm0, %xmm4 + vpaddd 16(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 32+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 48+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 32(%rbp), %xmm2, %xmm6 + vpaddd 48(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -1213,12 +1217,12 @@ _Transform_Sha256_AVX1: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 4 - vpaddd 64+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 80+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 64(%rbp), %xmm0, %xmm4 + vpaddd 80(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 96+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 112+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 96(%rbp), %xmm2, %xmm6 + vpaddd 112(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -1846,12 +1850,12 @@ _Transform_Sha256_AVX1: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 8 - vpaddd 128+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 144+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 128(%rbp), %xmm0, %xmm4 + vpaddd 144(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 160+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 176+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 160(%rbp), %xmm2, %xmm6 + vpaddd 176(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -2479,12 +2483,12 @@ _Transform_Sha256_AVX1: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 12 - vpaddd 192+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 208+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 192(%rbp), %xmm0, %xmm4 + vpaddd 208(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 224+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 240+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 224(%rbp), %xmm2, %xmm6 + vpaddd 240(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # rnd_all_4: 0-3 @@ -2918,6 +2922,7 @@ _Transform_Sha256_AVX1: xorq %rax, %rax vzeroupper addq $0x40, %rsp + popq %rbp popq %r15 popq %r14 popq %r13 @@ -2946,7 +2951,9 @@ _Transform_Sha256_AVX1_Len: pushq %r15 pushq %rbp movq %rdx, %rbp - subq $0x40, %rsp + subq $0x44, %rsp + movl %ebp, 64(%rsp) + leaq L_avx1_sha256_k(%rip), %rbp vmovdqa L_avx1_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx1_sha256_shuf_00BA(%rip), %xmm11 vmovdqa L_avx1_sha256_shuf_DC00(%rip), %xmm12 @@ -2973,12 +2980,12 @@ L_sha256_len_avx1_start: movl %r12d, %edx xorl %r10d, %ebx # set_w_k_xfer_4: 0 - vpaddd 0+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 16+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd (%rbp), %xmm0, %xmm4 + vpaddd 16(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 32+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 48+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 32(%rbp), %xmm2, %xmm6 + vpaddd 48(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -3606,12 +3613,12 @@ L_sha256_len_avx1_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 4 - vpaddd 64+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 80+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 64(%rbp), %xmm0, %xmm4 + vpaddd 80(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 96+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 112+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 96(%rbp), %xmm2, %xmm6 + vpaddd 112(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -4239,12 +4246,12 @@ L_sha256_len_avx1_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 8 - vpaddd 128+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 144+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 128(%rbp), %xmm0, %xmm4 + vpaddd 144(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 160+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 176+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 160(%rbp), %xmm2, %xmm6 + vpaddd 176(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -4872,12 +4879,12 @@ L_sha256_len_avx1_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 12 - vpaddd 192+L_avx1_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 208+L_avx1_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 192(%rbp), %xmm0, %xmm4 + vpaddd 208(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 224+L_avx1_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 240+L_avx1_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 224(%rbp), %xmm2, %xmm6 + vpaddd 240(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # rnd_all_4: 0-3 @@ -5309,7 +5316,7 @@ L_sha256_len_avx1_start: addl 24(%rdi), %r14d addl 28(%rdi), %r15d addq $0x40, %rsi - subl $0x40, %ebp + subl $0x40, 64(%rsp) movl %r8d, (%rdi) movl %r9d, 4(%rdi) movl %r10d, 8(%rdi) @@ -5321,7 +5328,7 @@ L_sha256_len_avx1_start: jnz L_sha256_len_avx1_start xorq %rax, %rax vzeroupper - addq $0x40, %rsp + addq $0x44, %rsp popq %rbp popq %r15 popq %r14 @@ -5407,7 +5414,9 @@ _Transform_Sha256_AVX1_RORX: pushq %r13 pushq %r14 pushq %r15 + pushq %rbp subq $0x40, %rsp + leaq L_avx1_rorx_sha256_k(%rip), %rbp vmovdqa L_avx1_rorx_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11 vmovdqa L_avx1_rorx_sha256_shuf_DC00(%rip), %xmm12 @@ -5429,12 +5438,12 @@ _Transform_Sha256_AVX1_RORX: movl 24(%rdi), %r14d movl 28(%rdi), %r15d # set_w_k_xfer_4: 0 - vpaddd 0+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 16+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd (%rbp), %xmm0, %xmm4 + vpaddd 16(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 32+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 48+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 32(%rbp), %xmm2, %xmm6 + vpaddd 48(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) movl %r9d, %ebx @@ -6061,12 +6070,12 @@ _Transform_Sha256_AVX1_RORX: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 4 - vpaddd 64+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 80+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 64(%rbp), %xmm0, %xmm4 + vpaddd 80(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 96+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 112+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 96(%rbp), %xmm2, %xmm6 + vpaddd 112(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -6690,12 +6699,12 @@ _Transform_Sha256_AVX1_RORX: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 8 - vpaddd 128+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 144+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 128(%rbp), %xmm0, %xmm4 + vpaddd 144(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 160+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 176+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 160(%rbp), %xmm2, %xmm6 + vpaddd 176(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -7319,12 +7328,12 @@ _Transform_Sha256_AVX1_RORX: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 12 - vpaddd 192+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 208+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 192(%rbp), %xmm0, %xmm4 + vpaddd 208(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 224+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 240+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 224(%rbp), %xmm2, %xmm6 + vpaddd 240(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) xorl %eax, %eax @@ -7728,6 +7737,7 @@ _Transform_Sha256_AVX1_RORX: xorq %rax, %rax vzeroupper addq $0x40, %rsp + popq %rbp popq %r15 popq %r14 popq %r13 @@ -7756,7 +7766,9 @@ _Transform_Sha256_AVX1_RORX_Len: pushq %r15 pushq %rbp movq %rdx, %rbp - subq $0x40, %rsp + subq $0x44, %rsp + movl %ebp, 64(%rsp) + leaq L_avx1_rorx_sha256_k(%rip), %rbp vmovdqa L_avx1_rorx_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11 vmovdqa L_avx1_rorx_sha256_shuf_DC00(%rip), %xmm12 @@ -7780,12 +7792,12 @@ L_sha256_len_avx1_len_rorx_start: vpshufb %xmm13, %xmm2, %xmm2 vpshufb %xmm13, %xmm3, %xmm3 # set_w_k_xfer_4: 0 - vpaddd 0+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 16+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd (%rbp), %xmm0, %xmm4 + vpaddd 16(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 32+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 48+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 32(%rbp), %xmm2, %xmm6 + vpaddd 48(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) movl %r9d, %ebx @@ -8412,12 +8424,12 @@ L_sha256_len_avx1_len_rorx_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 4 - vpaddd 64+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 80+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 64(%rbp), %xmm0, %xmm4 + vpaddd 80(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 96+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 112+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 96(%rbp), %xmm2, %xmm6 + vpaddd 112(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -9041,12 +9053,12 @@ L_sha256_len_avx1_len_rorx_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 8 - vpaddd 128+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 144+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 128(%rbp), %xmm0, %xmm4 + vpaddd 144(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 160+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 176+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 160(%rbp), %xmm2, %xmm6 + vpaddd 176(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) # msg_sched: 0-3 @@ -9670,12 +9682,12 @@ L_sha256_len_avx1_len_rorx_start: vpaddd %xmm4, %xmm9, %xmm3 # msg_sched done: 12-15 # set_w_k_xfer_4: 12 - vpaddd 192+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4 - vpaddd 208+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5 + vpaddd 192(%rbp), %xmm0, %xmm4 + vpaddd 208(%rbp), %xmm1, %xmm5 vmovdqu %xmm4, (%rsp) vmovdqu %xmm5, 16(%rsp) - vpaddd 224+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6 - vpaddd 240+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7 + vpaddd 224(%rbp), %xmm2, %xmm6 + vpaddd 240(%rbp), %xmm3, %xmm7 vmovdqu %xmm6, 32(%rsp) vmovdqu %xmm7, 48(%rsp) xorl %eax, %eax @@ -10078,7 +10090,7 @@ L_sha256_len_avx1_len_rorx_start: addl 24(%rdi), %r14d addl 28(%rdi), %r15d addq $0x40, %rsi - subl $0x40, %ebp + subl $0x40, 64(%rsp) movl %r8d, (%rdi) movl %r9d, 4(%rdi) movl %r10d, 8(%rdi) @@ -10090,7 +10102,7 @@ L_sha256_len_avx1_len_rorx_start: jnz L_sha256_len_avx1_len_rorx_start xorq %rax, %rax vzeroupper - addq $0x40, %rsp + addq $0x44, %rsp popq %rbp popq %r15 popq %r14 @@ -10147,6 +10159,7 @@ Transform_Sha256_AVX1_Sha: .p2align 4 _Transform_Sha256_AVX1_Sha: #endif /* __APPLE__ */ + leaq L_avx1_sha256_sha_k(%rip), %rdx vmovdqa L_avx1_sha256_shuf_mask(%rip), %xmm10 vmovq (%rdi), %xmm1 vmovq 8(%rdi), %xmm2 @@ -10162,27 +10175,27 @@ _Transform_Sha256_AVX1_Sha: vmovdqa %xmm1, %xmm8 vmovdqa %xmm2, %xmm9 # Rounds: 0-3 - vpaddd 0+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd (%rdx), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 # Rounds: 4-7 vpshufb %xmm10, %xmm4, %xmm4 - vpaddd 16+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 16(%rdx), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 8-11 vpshufb %xmm10, %xmm5, %xmm5 - vpaddd 32+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 32(%rdx), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 12-15 vpshufb %xmm10, %xmm6, %xmm6 - vpaddd 48+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 48(%rdx), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10191,7 +10204,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 16-19 - vpaddd 64+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 64(%rdx), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10200,7 +10213,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 20-23 - vpaddd 80+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 80(%rdx), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 @@ -10209,7 +10222,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 24-27 - vpaddd 96+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 96(%rdx), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 @@ -10218,7 +10231,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 28-31 - vpaddd 112+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 112(%rdx), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10227,7 +10240,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 32-35 - vpaddd 128+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 128(%rdx), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10236,7 +10249,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 36-39 - vpaddd 144+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 144(%rdx), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 @@ -10245,7 +10258,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 40-43 - vpaddd 160+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 160(%rdx), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 @@ -10254,7 +10267,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 44-47 - vpaddd 176+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 176(%rdx), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10263,7 +10276,7 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 48-51 - vpaddd 192+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 192(%rdx), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10272,21 +10285,21 @@ _Transform_Sha256_AVX1_Sha: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 52-63 - vpaddd 208+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 208(%rdx), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 sha256msg2 %xmm4, %xmm5 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 - vpaddd 224+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 224(%rdx), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 sha256msg2 %xmm5, %xmm6 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 - vpaddd 240+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 240(%rdx), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 @@ -10316,6 +10329,7 @@ Transform_Sha256_AVX1_Sha_Len: .p2align 4 _Transform_Sha256_AVX1_Sha_Len: #endif /* __APPLE__ */ + leaq L_avx1_sha256_sha_k(%rip), %rax vmovdqa L_avx1_sha256_shuf_mask(%rip), %xmm10 vmovq (%rdi), %xmm1 vmovq 8(%rdi), %xmm2 @@ -10333,27 +10347,27 @@ L_sha256_sha_len_avx1_start: vmovdqa %xmm1, %xmm8 vmovdqa %xmm2, %xmm9 # Rounds: 0-3 - vpaddd 0+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd (%rax), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 # Rounds: 4-7 vpshufb %xmm10, %xmm4, %xmm4 - vpaddd 16+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 16(%rax), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 8-11 vpshufb %xmm10, %xmm5, %xmm5 - vpaddd 32+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 32(%rax), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 12-15 vpshufb %xmm10, %xmm6, %xmm6 - vpaddd 48+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 48(%rax), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10362,7 +10376,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 16-19 - vpaddd 64+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 64(%rax), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10371,7 +10385,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 20-23 - vpaddd 80+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 80(%rax), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 @@ -10380,7 +10394,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 24-27 - vpaddd 96+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 96(%rax), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 @@ -10389,7 +10403,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 28-31 - vpaddd 112+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 112(%rax), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10398,7 +10412,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 32-35 - vpaddd 128+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 128(%rax), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10407,7 +10421,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 36-39 - vpaddd 144+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 144(%rax), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 @@ -10416,7 +10430,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm4, %xmm3 sha256rnds2 %xmm2, %xmm1 # Rounds: 40-43 - vpaddd 160+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 160(%rax), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 @@ -10425,7 +10439,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm5, %xmm4 sha256rnds2 %xmm2, %xmm1 # Rounds: 44-47 - vpaddd 176+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 176(%rax), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm5, %xmm6, %xmm7 vpaddd %xmm7, %xmm3, %xmm3 @@ -10434,7 +10448,7 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm6, %xmm5 sha256rnds2 %xmm2, %xmm1 # Rounds: 48-51 - vpaddd 192+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0 + vpaddd 192(%rax), %xmm3, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm6, %xmm3, %xmm7 vpaddd %xmm7, %xmm4, %xmm4 @@ -10443,21 +10457,21 @@ L_sha256_sha_len_avx1_start: sha256msg1 %xmm3, %xmm6 sha256rnds2 %xmm2, %xmm1 # Rounds: 52-63 - vpaddd 208+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0 + vpaddd 208(%rax), %xmm4, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm3, %xmm4, %xmm7 vpaddd %xmm7, %xmm5, %xmm5 sha256msg2 %xmm4, %xmm5 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 - vpaddd 224+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0 + vpaddd 224(%rax), %xmm5, %xmm0 sha256rnds2 %xmm1, %xmm2 vpalignr $4, %xmm4, %xmm5, %xmm7 vpaddd %xmm7, %xmm6, %xmm6 sha256msg2 %xmm5, %xmm6 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 - vpaddd 240+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0 + vpaddd 240(%rax), %xmm6, %xmm0 sha256rnds2 %xmm1, %xmm2 vpshufd $14, %xmm0, %xmm0 sha256rnds2 %xmm2, %xmm1 @@ -10574,7 +10588,9 @@ _Transform_Sha256_AVX2: pushq %r13 pushq %r14 pushq %r15 + pushq %rbp subq $0x200, %rsp + leaq L_avx2_sha256_k(%rip), %rbp vmovdqa L_avx2_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx2_sha256_shuf_00BA(%rip), %ymm11 vmovdqa L_avx2_sha256_shuf_DC00(%rip), %ymm12 @@ -10599,12 +10615,12 @@ _Transform_Sha256_AVX2: movl %r12d, %edx xorl %r10d, %ebx # set_w_k_xfer_4: 0 - vpaddd 0+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 32+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd (%rbp), %ymm0, %ymm4 + vpaddd 32(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, (%rsp) vmovdqu %ymm5, 32(%rsp) - vpaddd 64+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 96+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 64(%rbp), %ymm2, %ymm4 + vpaddd 96(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 64(%rsp) vmovdqu %ymm5, 96(%rsp) # msg_sched: 0-3 @@ -11232,12 +11248,12 @@ _Transform_Sha256_AVX2: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 24-27 # set_w_k_xfer_4: 4 - vpaddd 128+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 160+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 128(%rbp), %ymm0, %ymm4 + vpaddd 160(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 128(%rsp) vmovdqu %ymm5, 160(%rsp) - vpaddd 192+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 224+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 192(%rbp), %ymm2, %ymm4 + vpaddd 224(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 192(%rsp) vmovdqu %ymm5, 224(%rsp) # msg_sched: 32-35 @@ -11865,12 +11881,12 @@ _Transform_Sha256_AVX2: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 56-59 # set_w_k_xfer_4: 8 - vpaddd 256+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 288+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 256(%rbp), %ymm0, %ymm4 + vpaddd 288(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 256(%rsp) vmovdqu %ymm5, 288(%rsp) - vpaddd 320+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 352+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 320(%rbp), %ymm2, %ymm4 + vpaddd 352(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 320(%rsp) vmovdqu %ymm5, 352(%rsp) # msg_sched: 64-67 @@ -12498,12 +12514,12 @@ _Transform_Sha256_AVX2: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 88-91 # set_w_k_xfer_4: 12 - vpaddd 384+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 416+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 384(%rbp), %ymm0, %ymm4 + vpaddd 416(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 384(%rsp) vmovdqu %ymm5, 416(%rsp) - vpaddd 448+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 480+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 448(%rbp), %ymm2, %ymm4 + vpaddd 480(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 448(%rsp) vmovdqu %ymm5, 480(%rsp) # rnd_all_4: 24-27 @@ -12937,6 +12953,7 @@ _Transform_Sha256_AVX2: xorq %rax, %rax vzeroupper addq $0x200, %rsp + popq %rbp popq %r15 popq %r14 popq %r13 @@ -12965,8 +12982,9 @@ _Transform_Sha256_AVX2_Len: pushq %r15 pushq %rbp movq %rdx, %rbp - subq $0x200, %rsp + subq $0x204, %rsp testb $0x40, %bpl + movl %ebp, 512(%rsp) je L_sha256_len_avx2_block vmovdqu (%rsi), %ymm0 vmovdqu 32(%rsi), %ymm1 @@ -12978,9 +12996,10 @@ _Transform_Sha256_AVX2_Len: call _Transform_Sha256_AVX2 #endif /* __APPLE__ */ addq $0x40, %rsi - subl $0x40, %ebp + subl $0x40, 512(%rsp) jz L_sha256_len_avx2_done L_sha256_len_avx2_block: + leaq L_avx2_sha256_k(%rip), %rbp vmovdqa L_avx2_sha256_flip_mask(%rip), %ymm13 vmovdqa L_avx2_sha256_shuf_00BA(%rip), %ymm11 vmovdqa L_avx2_sha256_shuf_DC00(%rip), %ymm12 @@ -13015,12 +13034,12 @@ L_sha256_len_avx2_start: movl %r12d, %edx xorl %r10d, %ebx # set_w_k_xfer_4: 0 - vpaddd 0+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 32+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd (%rbp), %ymm0, %ymm4 + vpaddd 32(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, (%rsp) vmovdqu %ymm5, 32(%rsp) - vpaddd 64+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 96+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 64(%rbp), %ymm2, %ymm4 + vpaddd 96(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 64(%rsp) vmovdqu %ymm5, 96(%rsp) # msg_sched: 0-3 @@ -13648,12 +13667,12 @@ L_sha256_len_avx2_start: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 24-27 # set_w_k_xfer_4: 4 - vpaddd 128+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 160+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 128(%rbp), %ymm0, %ymm4 + vpaddd 160(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 128(%rsp) vmovdqu %ymm5, 160(%rsp) - vpaddd 192+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 224+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 192(%rbp), %ymm2, %ymm4 + vpaddd 224(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 192(%rsp) vmovdqu %ymm5, 224(%rsp) # msg_sched: 32-35 @@ -14281,12 +14300,12 @@ L_sha256_len_avx2_start: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 56-59 # set_w_k_xfer_4: 8 - vpaddd 256+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 288+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 256(%rbp), %ymm0, %ymm4 + vpaddd 288(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 256(%rsp) vmovdqu %ymm5, 288(%rsp) - vpaddd 320+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 352+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 320(%rbp), %ymm2, %ymm4 + vpaddd 352(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 320(%rsp) vmovdqu %ymm5, 352(%rsp) # msg_sched: 64-67 @@ -14914,12 +14933,12 @@ L_sha256_len_avx2_start: vpaddd %ymm4, %ymm9, %ymm3 # msg_sched done: 88-91 # set_w_k_xfer_4: 12 - vpaddd 384+L_avx2_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 416+L_avx2_sha256_k(%rip), %ymm1, %ymm5 + vpaddd 384(%rbp), %ymm0, %ymm4 + vpaddd 416(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, 384(%rsp) vmovdqu %ymm5, 416(%rsp) - vpaddd 448+L_avx2_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 480+L_avx2_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 448(%rbp), %ymm2, %ymm4 + vpaddd 480(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 448(%rsp) vmovdqu %ymm5, 480(%rsp) # rnd_all_4: 24-27 @@ -17050,7 +17069,7 @@ L_sha256_len_avx2_start: addl 24(%rdi), %r14d addl 28(%rdi), %r15d addq $0x80, %rsi - subl $0x80, %ebp + subl $0x80, 512(%rsp) movl %r8d, (%rdi) movl %r9d, 4(%rdi) movl %r10d, 8(%rdi) @@ -17063,7 +17082,7 @@ L_sha256_len_avx2_start: L_sha256_len_avx2_done: xorq %rax, %rax vzeroupper - addq $0x200, %rsp + addq $0x204, %rsp popq %rbp popq %r15 popq %r14 @@ -17168,7 +17187,9 @@ _Transform_Sha256_AVX2_RORX: pushq %r13 pushq %r14 pushq %r15 + pushq %rbp subq $0x200, %rsp + leaq L_avx2_rorx_sha256_k(%rip), %rbp vmovdqa L_avx2_rorx_sha256_flip_mask(%rip), %xmm13 vmovdqa L_avx2_rorx_sha256_shuf_00BA(%rip), %ymm11 vmovdqa L_avx2_rorx_sha256_shuf_DC00(%rip), %ymm12 @@ -17177,16 +17198,16 @@ _Transform_Sha256_AVX2_RORX: vmovdqu 16(%rsi), %xmm1 vpshufb %xmm13, %xmm0, %xmm0 vpshufb %xmm13, %xmm1, %xmm1 - vpaddd 0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5 + vpaddd (%rbp), %ymm0, %ymm4 + vpaddd 32(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, (%rsp) vmovdqu %ymm5, 32(%rsp) vmovdqu 32(%rsi), %xmm2 vmovdqu 48(%rsi), %xmm3 vpshufb %xmm13, %xmm2, %xmm2 vpshufb %xmm13, %xmm3, %xmm3 - vpaddd 64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 96+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 64(%rbp), %ymm2, %ymm4 + vpaddd 96(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 64(%rsp) vmovdqu %ymm5, 96(%rsp) movl (%rdi), %r8d @@ -17349,7 +17370,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 128+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 128(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -17508,7 +17529,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 160+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 160(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -17667,7 +17688,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 192+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 192(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -17826,7 +17847,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 224+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 224(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -17985,7 +18006,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 256+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 256(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -18144,7 +18165,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 288+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 288(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -18303,7 +18324,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 320+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 320(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -18462,7 +18483,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 352+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 352(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -18621,7 +18642,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 384+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 384(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -18780,7 +18801,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 416+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 416(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -18939,7 +18960,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 448+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 448(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -19098,7 +19119,7 @@ _Transform_Sha256_AVX2_RORX: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 480+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 480(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -19506,6 +19527,7 @@ _Transform_Sha256_AVX2_RORX: xorq %rax, %rax vzeroupper addq $0x200, %rsp + popq %rbp popq %r15 popq %r14 popq %r13 @@ -19534,8 +19556,9 @@ _Transform_Sha256_AVX2_RORX_Len: pushq %r15 pushq %rbp movq %rdx, %rbp - subq $0x200, %rsp + subq $0x204, %rsp testb $0x40, %bpl + movl %ebp, 512(%rsp) je L_sha256_len_avx2_rorx_block vmovdqu (%rsi), %ymm0 vmovdqu 32(%rsi), %ymm1 @@ -19547,9 +19570,10 @@ _Transform_Sha256_AVX2_RORX_Len: call _Transform_Sha256_AVX2_RORX #endif /* __APPLE__ */ addq $0x40, %rsi - subl $0x40, %ebp + subl $0x40, 512(%rsp) jz L_sha256_len_avx2_rorx_done L_sha256_len_avx2_rorx_block: + leaq L_avx2_rorx_sha256_k(%rip), %rbp vmovdqa L_avx2_rorx_sha256_flip_mask(%rip), %ymm13 vmovdqa L_avx2_rorx_sha256_shuf_00BA(%rip), %ymm11 vmovdqa L_avx2_rorx_sha256_shuf_DC00(%rip), %ymm12 @@ -19570,8 +19594,8 @@ L_sha256_len_avx2_rorx_start: vinserti128 $0x01, 80(%rsi), %ymm1, %ymm1 vpshufb %ymm13, %ymm0, %ymm0 vpshufb %ymm13, %ymm1, %ymm1 - vpaddd 0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 - vpaddd 32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5 + vpaddd (%rbp), %ymm0, %ymm4 + vpaddd 32(%rbp), %ymm1, %ymm5 vmovdqu %ymm4, (%rsp) vmovdqu %ymm5, 32(%rsp) vmovdqu 32(%rsi), %xmm2 @@ -19580,8 +19604,8 @@ L_sha256_len_avx2_rorx_start: vinserti128 $0x01, 112(%rsi), %ymm3, %ymm3 vpshufb %ymm13, %ymm2, %ymm2 vpshufb %ymm13, %ymm3, %ymm3 - vpaddd 64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 - vpaddd 96+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm5 + vpaddd 64(%rbp), %ymm2, %ymm4 + vpaddd 96(%rbp), %ymm3, %ymm5 vmovdqu %ymm4, 64(%rsp) vmovdqu %ymm5, 96(%rsp) movl %r9d, %ebx @@ -19736,7 +19760,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 128+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 128(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -19895,7 +19919,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 160+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 160(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -20054,7 +20078,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 192+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 192(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -20213,7 +20237,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 224+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 224(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -20372,7 +20396,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 256+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 256(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -20531,7 +20555,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 288+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 288(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -20690,7 +20714,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 320+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 320(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -20849,7 +20873,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 352+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 352(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -21008,7 +21032,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 384+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4 + vpaddd 384(%rbp), %ymm0, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -21167,7 +21191,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 416+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4 + vpaddd 416(%rbp), %ymm1, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -21326,7 +21350,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r12d, %r8d movl %r14d, %ebx - vpaddd 448+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4 + vpaddd 448(%rbp), %ymm2, %ymm4 # rnd_1: 6 - 6 xorl %r13d, %ebx addl %edx, %r12d @@ -21485,7 +21509,7 @@ L_sha256_len_avx2_rorx_start: xorl %ecx, %edx addl %r8d, %r12d movl %r10d, %ebx - vpaddd 480+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4 + vpaddd 480(%rbp), %ymm3, %ymm4 # rnd_1: 6 - 6 xorl %r9d, %ebx addl %edx, %r8d @@ -23448,7 +23472,7 @@ L_sha256_len_avx2_rorx_start: addl 20(%rdi), %r13d addl 24(%rdi), %r14d addl 28(%rdi), %r15d - subl $0x80, %ebp + subl $0x80, 512(%rsp) movl %r8d, (%rdi) movl %r9d, 4(%rdi) movl %r10d, 8(%rdi) @@ -23461,7 +23485,7 @@ L_sha256_len_avx2_rorx_start: L_sha256_len_avx2_rorx_done: xorq %rax, %rax vzeroupper - addq $0x200, %rsp + addq $0x204, %rsp popq %rbp popq %r15 popq %r14 diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 096566d282..6346173199 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -1,6 +1,6 @@ /* sha3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,13 +29,13 @@ #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_AFALG_XILINX_SHA3) -#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$l") - #pragma const_seg(".fipsB$l") + #pragma code_seg(".fipsA$n") + #pragma const_seg(".fipsB$n") #endif #endif @@ -43,6 +43,9 @@ #include #include +#ifdef WOLF_CRYPTO_CB + #include +#endif #ifdef NO_INLINE #include #else @@ -50,17 +53,33 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha3_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000016 }; + int wolfCrypt_FIPS_SHA3_sanity(void) + { + return 0; + } +#endif -#if !defined(WOLFSSL_ARMASM) || !defined(WOLFSSL_ARMASM_CRYPTO_SHA3) +#if !defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \ + !defined(WOLFSSL_ARMASM_CRYPTO_SHA3)) #ifdef USE_INTEL_SPEEDUP #include word32 cpuid_flags; int cpuid_flags_set = 0; +#ifdef WC_C_DYNAMIC_FALLBACK + #define SHA3_BLOCK (sha3->sha3_block) + #define SHA3_BLOCK_N (sha3->sha3_block_n) +#else void (*sha3_block)(word64 *s) = NULL; void (*sha3_block_n)(word64 *s, const byte* data, word32 n, word64 c) = NULL; + #define SHA3_BLOCK sha3_block + #define SHA3_BLOCK_N sha3_block_n +#endif #endif #ifdef WOLFSSL_SHA3_SMALL @@ -614,15 +633,26 @@ static int InitSha3(wc_Sha3* sha3) if (!cpuid_flags_set) { cpuid_flags = cpuid_get_flags(); cpuid_flags_set = 1; +#ifdef WC_C_DYNAMIC_FALLBACK + } + { + if (! CAN_SAVE_VECTOR_REGISTERS()) { + SHA3_BLOCK = BlockSha3; + SHA3_BLOCK_N = NULL; + } + else +#endif if (IS_INTEL_BMI1(cpuid_flags) && IS_INTEL_BMI2(cpuid_flags)) { - sha3_block = sha3_block_bmi2; - sha3_block_n = sha3_block_n_bmi2; + SHA3_BLOCK = sha3_block_bmi2; + SHA3_BLOCK_N = sha3_block_n_bmi2; } else if (IS_INTEL_AVX2(cpuid_flags)) { - sha3_block = sha3_block_avx2; + SHA3_BLOCK = sha3_block_avx2; + SHA3_BLOCK_N = NULL; } else { - sha3_block = BlockSha3; + SHA3_BLOCK = BlockSha3; + SHA3_BLOCK_N = NULL; } } #endif @@ -643,6 +673,10 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) word32 i; word32 blocks; +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#endif if (sha3->i > 0) { byte *t; byte l = (byte)(p * 8 - sha3->i); @@ -663,7 +697,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); } #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(sha3->s); + (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); #endif @@ -672,8 +706,8 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) } blocks = len / (p * 8); #ifdef USE_INTEL_SPEEDUP - if ((sha3_block_n != NULL) && (blocks > 0)) { - (*sha3_block_n)(sha3->s, data, blocks, p * 8); + if ((SHA3_BLOCK_N != NULL) && (blocks > 0)) { + (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8); len -= blocks * (p * 8); data += blocks * (p * 8); blocks = 0; @@ -684,13 +718,17 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) sha3->s[i] ^= Load64Unaligned(data + 8 * i); } #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(sha3->s); + (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); #endif len -= p * 8; data += p * 8; } +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + RESTORE_VECTOR_REGISTERS(); +#endif XMEMCPY(sha3->t, data, len); sha3->i += (byte)len; @@ -724,9 +762,15 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) for (i = 0; i < p; i++) { sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); } + +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#endif + for (j = 0; l - j >= rate; j += rate) { #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(sha3->s); + (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); #endif @@ -738,7 +782,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) } if (j != l) { #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(sha3->s); + (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); #endif @@ -747,6 +791,11 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) #endif XMEMCPY(hash + j, sha3->s, l - j); } +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + RESTORE_VECTOR_REGISTERS(); +#endif + return 0; } @@ -772,10 +821,12 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) ret = wolfAsync_DevCtxInit(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId); -#else - (void)devId; +#elif defined(WOLF_CRYPTO_CB) + sha3->devId = devId; #endif /* WOLFSSL_ASYNC_CRYPT */ + (void)devId; + return ret; } @@ -800,13 +851,32 @@ static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) return 0; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha3->devId != INVALID_DEVID) + #endif + { + int hash_type = WC_HASH_TYPE_NONE; + switch (p) { + case WC_SHA3_224_COUNT: hash_type = WC_HASH_TYPE_SHA3_224; break; + case WC_SHA3_256_COUNT: hash_type = WC_HASH_TYPE_SHA3_256; break; + case WC_SHA3_384_COUNT: hash_type = WC_HASH_TYPE_SHA3_384; break; + case WC_SHA3_512_COUNT: hash_type = WC_HASH_TYPE_SHA3_512; break; + default: return BAD_FUNC_ARG; + } + ret = wc_CryptoCb_Sha3Hash(sha3, hash_type, data, len, NULL); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) { #if defined(HAVE_INTEL_QA) && defined(QAT_V2) /* QAT only supports SHA3_256 */ if (p == WC_SHA3_256_COUNT) { ret = IntelQaSymSha3(&sha3->asyncDev, NULL, data, len); - if (ret != NOT_COMPILED_IN) + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) return ret; /* fall-through when unavailable */ } @@ -835,6 +905,25 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha3->devId != INVALID_DEVID) + #endif + { + int hash_type = WC_HASH_TYPE_NONE; + switch (p) { + case WC_SHA3_224_COUNT: hash_type = WC_HASH_TYPE_SHA3_224; break; + case WC_SHA3_256_COUNT: hash_type = WC_HASH_TYPE_SHA3_256; break; + case WC_SHA3_384_COUNT: hash_type = WC_HASH_TYPE_SHA3_384; break; + case WC_SHA3_512_COUNT: hash_type = WC_HASH_TYPE_SHA3_512; break; + default: return BAD_FUNC_ARG; + } + ret = wc_CryptoCb_Sha3Hash(sha3, hash_type, NULL, 0, hash); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) { #if defined(HAVE_INTEL_QA) && defined(QAT_V2) @@ -842,7 +931,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) /* QAT SHA-3 only supported on v2 (8970 or later cards) */ if (len == WC_SHA3_256_DIGEST_SIZE) { ret = IntelQaSymSha3(&sha3->asyncDev, hash, NULL, len); - if (ret != NOT_COMPILED_IN) + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) return ret; /* fall-through when unavailable */ } @@ -1311,6 +1400,13 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len) return ret; } +#ifdef WC_C_DYNAMIC_FALLBACK + #undef SHA3_BLOCK + #undef SHA3_BLOCK_N + #define SHA3_BLOCK (shake->sha3_block) + #define SHA3_BLOCK_N (shake->sha3_block_n) +#endif + /* Squeeze the state to produce pseudo-random output. * * shake wc_Shake object holding state. @@ -1320,9 +1416,13 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len) */ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) { +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#endif for (; (blockCnt > 0); blockCnt--) { #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(shake->s); + (*SHA3_BLOCK)(shake->s); #else BlockSha3(shake->s); #endif @@ -1333,6 +1433,10 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) #endif out += WC_SHA3_128_COUNT * 8; } +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + RESTORE_VECTOR_REGISTERS(); +#endif return 0; } @@ -1450,9 +1554,13 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len) */ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) { +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + SAVE_VECTOR_REGISTERS(return _svr_ret;); +#endif for (; (blockCnt > 0); blockCnt--) { #ifdef USE_INTEL_SPEEDUP - (*sha3_block)(shake->s); + (*SHA3_BLOCK)(shake->s); #else BlockSha3(shake->s); #endif @@ -1463,6 +1571,10 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) #endif out += WC_SHA3_256_COUNT * 8; } +#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) + if (SHA3_BLOCK == sha3_block_avx2) + RESTORE_VECTOR_REGISTERS(); +#endif return 0; } diff --git a/wolfcrypt/src/sha3_asm.S b/wolfcrypt/src/sha3_asm.S index 07a0b140bf..a67002073e 100644 --- a/wolfcrypt/src/sha3_asm.S +++ b/wolfcrypt/src/sha3_asm.S @@ -1,6 +1,6 @@ /* sha3_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 91bf1e5b3f..203267163a 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,7 @@ #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \ - !defined(WOLFSSL_PSOC6_CRYPTO) + !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM) /* determine if we are using Espressif SHA hardware acceleration */ #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW @@ -50,8 +50,8 @@ #define FIPS_NO_WRAPPERS #ifdef USE_WINDOWS_API - #pragma code_seg(".fipsA$k") - #pragma const_seg(".fipsB$k") + #pragma code_seg(".fipsA$m") + #pragma const_seg(".fipsB$m") #endif #endif @@ -82,11 +82,20 @@ #include #endif +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000015 }; + int wolfCrypt_FIPS_SHA512_sanity(void) + { + return 0; + } +#endif + + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #include #endif - #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) #if defined(__GNUC__) && ((__GNUC__ < 4) || \ (__GNUC__ == 4 && __GNUC_MINOR__ <= 8)) @@ -157,6 +166,17 @@ } int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) { + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + return se050_hash_update(&sha512->se050Ctx, data, len); } int wc_Sha512Final(wc_Sha512* sha512, byte* hash) @@ -196,6 +216,16 @@ #ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + #define SHA512_SETTRANSFORM_ARGS int *sha_method +#else + #define SHA512_SETTRANSFORM_ARGS void +#endif +static void Sha512_SetTransform(SHA512_SETTRANSFORM_ARGS); +#endif + static int InitSha512(wc_Sha512* sha512) { if (sha512 == NULL) @@ -214,6 +244,16 @@ static int InitSha512(wc_Sha512* sha512) sha512->loLen = 0; sha512->hiLen = 0; +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + sha512->sha_method = 0; + Sha512_SetTransform(&sha512->sha_method); +#else + Sha512_SetTransform(); +#endif +#endif + #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) @@ -255,6 +295,16 @@ static int InitSha512_224(wc_Sha512* sha512) sha512->loLen = 0; sha512->hiLen = 0; +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + sha512->sha_method = 0; + Sha512_SetTransform(&sha512->sha_method); +#else + Sha512_SetTransform(); +#endif +#endif + #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) /* HW needs to be carefully initialized, taking into account soft copy. @@ -298,6 +348,16 @@ static int InitSha512_256(wc_Sha512* sha512) sha512->loLen = 0; sha512->hiLen = 0; +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + sha512->sha_method = 0; + Sha512_SetTransform(&sha512->sha_method); +#else + Sha512_SetTransform(); +#endif +#endif + #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) /* HW needs to be carefully initialized, taking into account soft copy. @@ -415,21 +475,174 @@ static int InitSha512_256(wc_Sha512* sha512) } /* extern "C" */ #endif + static word32 intel_flags = 0; + +#if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS) + #define WC_NO_INTERNAL_FUNCTION_POINTERS +#endif + static int _Transform_Sha512(wc_Sha512 *sha512); + +#ifdef WC_NO_INTERNAL_FUNCTION_POINTERS + + enum sha_methods { SHA512_UNSET = 0, SHA512_AVX1, SHA512_AVX2, + SHA512_AVX1_RORX, SHA512_AVX2_RORX, SHA512_C }; + +#ifndef WC_C_DYNAMIC_FALLBACK + static enum sha_methods sha_method = SHA512_UNSET; +#endif + + static void Sha512_SetTransform(SHA512_SETTRANSFORM_ARGS) + { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (*sha_method) + #else + #define SHA_METHOD sha_method + #endif + if (SHA_METHOD != SHA512_UNSET) + return; + + #ifdef WC_C_DYNAMIC_FALLBACK + if (! CAN_SAVE_VECTOR_REGISTERS()) { + SHA_METHOD = SHA512_C; + return; + } + #endif + + if (intel_flags == 0) + intel_flags = cpuid_get_flags(); + + #if defined(HAVE_INTEL_AVX2) + if (IS_INTEL_AVX2(intel_flags)) { + #ifdef HAVE_INTEL_RORX + if (IS_INTEL_BMI2(intel_flags)) { + SHA_METHOD = SHA512_AVX2_RORX; + } + else + #endif + { + SHA_METHOD = SHA512_AVX2; + } + } + else + #endif + #if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + #ifdef HAVE_INTEL_RORX + if (IS_INTEL_BMI2(intel_flags)) { + SHA_METHOD = SHA512_AVX1_RORX; + } + else + #endif + { + SHA_METHOD = SHA512_AVX1; + } + } + else + #endif + { + SHA_METHOD = SHA512_C; + } + #undef SHA_METHOD + } + + static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (sha512->sha_method) + #else + #define SHA_METHOD sha_method + #endif + int ret; + if (SHA_METHOD == SHA512_C) + return _Transform_Sha512(sha512); + SAVE_VECTOR_REGISTERS(return _svr_ret;); + switch (SHA_METHOD) { + case SHA512_AVX2: + ret = Transform_Sha512_AVX2(sha512); + break; + case SHA512_AVX2_RORX: + ret = Transform_Sha512_AVX2_RORX(sha512); + break; + case SHA512_AVX1: + ret = Transform_Sha512_AVX1(sha512); + break; + case SHA512_AVX1_RORX: + ret = Transform_Sha512_AVX1_RORX(sha512); + break; + case SHA512_C: + case SHA512_UNSET: + default: + ret = _Transform_Sha512(sha512); + break; + } + RESTORE_VECTOR_REGISTERS(); + return ret; + #undef SHA_METHOD + } + + static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) { + #ifdef WC_C_DYNAMIC_FALLBACK + #define SHA_METHOD (sha512->sha_method) + #else + #define SHA_METHOD sha_method + #endif + int ret; + SAVE_VECTOR_REGISTERS(return _svr_ret;); + switch (SHA_METHOD) { + case SHA512_AVX2: + ret = Transform_Sha512_AVX2_Len(sha512, len); + break; + case SHA512_AVX2_RORX: + ret = Transform_Sha512_AVX2_RORX_Len(sha512, len); + break; + case SHA512_AVX1: + ret = Transform_Sha512_AVX1_Len(sha512, len); + break; + case SHA512_AVX1_RORX: + ret = Transform_Sha512_AVX1_RORX_Len(sha512, len); + break; + case SHA512_C: + case SHA512_UNSET: + default: + ret = 0; + break; + } + RESTORE_VECTOR_REGISTERS(); + return ret; + #undef SHA_METHOD + } + +#else /* !WC_NO_INTERNAL_FUNCTION_POINTERS */ + static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512; static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL; static int transform_check = 0; - static word32 intel_flags; static int Transform_Sha512_is_vectorized = 0; static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) { int ret; + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha512_is_vectorized) + SAVE_VECTOR_REGISTERS(return _svr_ret;); + #endif ret = (*Transform_Sha512_p)(sha512); + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha512_is_vectorized) + RESTORE_VECTOR_REGISTERS(); + #endif return ret; } static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) { int ret; + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha512_is_vectorized) + SAVE_VECTOR_REGISTERS(return _svr_ret;); + #endif ret = (*Transform_Sha512_Len_p)(sha512, len); + #ifdef WOLFSSL_LINUXKM + if (Transform_Sha512_is_vectorized) + RESTORE_VECTOR_REGISTERS(); + #endif return ret; } @@ -485,6 +698,8 @@ static int InitSha512_256(wc_Sha512* sha512) transform_check = 1; } +#endif /* !WC_NO_INTERNAL_FUNCTION_POINTERS */ + #else #define Transform_Sha512(sha512) _Transform_Sha512(sha512) @@ -495,7 +710,7 @@ static int InitSha512_256(wc_Sha512* sha512) static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, int (*initfp)(wc_Sha512*)) { - int ret = 0; + int ret = 0; if (sha512 == NULL) { return BAD_FUNC_ARG; @@ -516,10 +731,6 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, if (ret != 0) return ret; -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ - (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) - Sha512_SetTransform(); -#endif #ifdef WOLFSSL_HASH_KEEP sha512->msg = NULL; sha512->len = 0; @@ -759,7 +970,11 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le #if defined(LITTLE_ENDIAN_ORDER) #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method == SHA512_C) + #else if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif #endif { #if !defined(WOLFSSL_ESP32_CRYPT) || \ @@ -775,15 +990,17 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) ret = Transform_Sha512(sha512); #else - if(sha512->ctx.mode == ESP32_SHA_INIT) { + if (sha512->ctx.mode == ESP32_SHA_INIT) { esp_sha_try_hw_lock(&sha512->ctx); } - ret = esp_sha512_process(sha512); - if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){ + if (sha512->ctx.mode == ESP32_SHA_SW) { ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_BLOCK_SIZE); ret = Transform_Sha512(sha512); } + else { + ret = esp_sha512_process(sha512); + } #endif if (ret == 0) sha512->buffLen = 0; @@ -794,7 +1011,16 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) - if (Transform_Sha512_Len_p != NULL) { + + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method != SHA512_C) + #elif defined(WC_NO_INTERNAL_FUNCTION_POINTERS) + if (sha_method != SHA512_C) + #else + if (Transform_Sha512_Len_p != NULL) + #endif + + { word32 blocksLen = len & ~((word32)WC_SHA512_BLOCK_SIZE-1); if (blocksLen > 0) { @@ -819,7 +1045,11 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method == SHA512_C) + #else if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif { ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_BLOCK_SIZE); @@ -879,7 +1109,14 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) { - if (sha512 == NULL || (data == NULL && len > 0)) { + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { return BAD_FUNC_ARG; } @@ -889,7 +1126,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) #endif { int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -949,7 +1186,11 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #if defined(LITTLE_ENDIAN_ORDER) #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method == SHA512_C) + #else if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif #endif { @@ -995,7 +1236,11 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #if defined(LITTLE_ENDIAN_ORDER) #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method == SHA512_C) + #else if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif #endif #if !defined(WOLFSSL_ESP32_CRYPT) || \ defined(NO_WOLFSSL_ESP32_CRYPT_HASH) || \ @@ -1014,7 +1259,11 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha512->sha_method != SHA512_C) + #else if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) + #endif ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE); @@ -1109,7 +1358,7 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz, { byte localHash[WC_SHA512_DIGEST_SIZE]; ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash); - if (ret != CRYPTOCB_UNAVAILABLE) { + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { XMEMCPY(hash, localHash, digestSz); return ret; } @@ -1217,15 +1466,14 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) return MEMORY_E; #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ - (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) - Sha512_SetTransform(); -#endif - #if defined(LITTLE_ENDIAN_ORDER) #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) + #ifdef WC_C_DYNAMIC_FALLBACK + if (sha->sha_method == SHA512_C) + #else if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + #endif #endif { ByteReverseWords64((word64*)data, (word64*)data, @@ -1269,6 +1517,17 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) } int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) { + if (sha384 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + return se050_hash_update(&sha384->se050Ctx, data, len); } @@ -1318,6 +1577,16 @@ static int InitSha384(wc_Sha384* sha384) sha384->loLen = 0; sha384->hiLen = 0; +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ + (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) +#ifdef WC_C_DYNAMIC_FALLBACK + sha384->sha_method = 0; + Sha512_SetTransform(&sha384->sha_method); +#else + Sha512_SetTransform(); +#endif +#endif + #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) /* HW needs to be carefully initialized, taking into account soft copy. @@ -1344,7 +1613,15 @@ static int InitSha384(wc_Sha384* sha384) int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) { - if (sha384 == NULL || (data == NULL && len > 0)) { + + if (sha384 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { return BAD_FUNC_ARG; } @@ -1354,7 +1631,7 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) #endif { int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1406,7 +1683,7 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash) #endif { ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash); - if (ret != CRYPTOCB_UNAVAILABLE) + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } @@ -1460,11 +1737,6 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) return ret; } -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \ - (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) - Sha512_SetTransform(); -#endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384, sha384->heap, devId); @@ -1614,7 +1886,8 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); #endif -#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) +#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ + !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) #if defined(CONFIG_IDF_TARGET_ESP32) if (ret == 0) { ret = esp_sha512_ctx_copy(src, dst); @@ -1899,7 +2172,8 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); #endif -#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) +#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \ + !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) #if defined(CONFIG_IDF_TARGET_ESP32) esp_sha384_ctx_copy(src, dst); #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ diff --git a/wolfcrypt/src/sha512_asm.S b/wolfcrypt/src/sha512_asm.S index 47789e83aa..2c6a06b976 100644 --- a/wolfcrypt/src/sha512_asm.S +++ b/wolfcrypt/src/sha512_asm.S @@ -1,6 +1,6 @@ /* sha512_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index efcbd88782..4c4f47ee8a 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -1,6 +1,6 @@ /* signature.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -169,7 +169,7 @@ int wc_SignatureVerifyHash( if (ret >= 0) ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, &is_valid_sig, (ecc_key*)key); - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret != 0 || is_valid_sig != 1) { ret = SIG_VERIFY_E; } @@ -226,7 +226,7 @@ int wc_SignatureVerifyHash( #endif if (ret >= 0) ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key); - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret >= 0 && plain_ptr) { if ((word32)ret == hash_len && XMEMCMP(plain_ptr, hash_data, hash_len) == 0) { @@ -395,7 +395,7 @@ int wc_SignatureGenerateHash_ex( if (ret >= 0) ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key); - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #else ret = SIG_TYPE_E; #endif @@ -426,7 +426,7 @@ int wc_SignatureGenerateHash_ex( if (ret >= 0) ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, (RsaKey*)key, rng); - } while (ret == WC_PENDING_E); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif /* WOLFSSL_CRYPTOCELL */ if (ret >= 0) { *sig_len = (word32)ret; diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c index 173b914824..4a219f08c6 100644 --- a/wolfcrypt/src/siphash.c +++ b/wolfcrypt/src/siphash.c @@ -1,6 +1,6 @@ /* siphash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sm2.c b/wolfcrypt/src/sm2.c index 829d5e5b28..24b8df96f8 100644 --- a/wolfcrypt/src/sm2.c +++ b/wolfcrypt/src/sm2.c @@ -1,6 +1,6 @@ /* sm2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sm3.c b/wolfcrypt/src/sm3.c index 1339037b75..dfbef2ec9e 100644 --- a/wolfcrypt/src/sm3.c +++ b/wolfcrypt/src/sm3.c @@ -1,6 +1,6 @@ /* sm3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sm3_asm.S b/wolfcrypt/src/sm3_asm.S index 2c368f1ff3..7c53a6fa68 100644 --- a/wolfcrypt/src/sm3_asm.S +++ b/wolfcrypt/src/sm3_asm.S @@ -1,6 +1,6 @@ /* sm3_asm.S * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sm4.c b/wolfcrypt/src/sm4.c index 1e4f31760c..c29cc2bd29 100644 --- a/wolfcrypt/src/sm4.c +++ b/wolfcrypt/src/sm4.c @@ -1,6 +1,6 @@ /* sm4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 8529e41926..34e771b6ea 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -12027,8 +12027,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12196,8 +12195,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16788,8 +16786,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16940,8 +16937,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17104,8 +17100,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -18122,8 +18117,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -37404,8 +37398,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -37573,8 +37566,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44035,8 +44027,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44187,8 +44178,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44351,8 +44341,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -45617,8 +45606,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -59454,8 +59442,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -59606,8 +59593,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -59770,8 +59756,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -61284,8 +61269,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -73563,15 +73547,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -73875,8 +73859,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74040,10 +74023,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74299,8 +74280,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74464,10 +74444,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74685,10 +74663,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74765,10 +74741,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76235,10 +76209,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76313,10 +76285,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76399,6 +76369,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -76415,6 +76386,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -76493,12 +76469,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76656,10 +76629,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -78976,10 +78947,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79186,8 +79155,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79226,8 +79194,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79335,10 +79302,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79417,10 +79382,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79485,10 +79448,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79549,10 +79510,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79618,8 +79577,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79684,8 +79642,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -88876,8 +88833,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -91316,15 +91272,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -91628,8 +91584,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -91809,10 +91764,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92068,8 +92021,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92249,10 +92201,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92470,10 +92420,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92550,10 +92498,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94020,10 +93966,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94098,10 +94042,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94190,6 +94132,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -94206,6 +94149,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -94284,12 +94232,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94447,10 +94392,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97060,10 +97003,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97270,8 +97211,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97310,8 +97250,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97419,10 +97358,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97501,10 +97438,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97569,10 +97504,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97633,10 +97566,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97732,8 +97663,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97798,8 +97728,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -118499,15 +118428,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -118811,8 +118740,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119012,10 +118940,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119271,8 +119197,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119472,10 +119397,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119693,10 +119616,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119773,10 +119694,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121787,10 +121706,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121865,10 +121782,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121966,6 +121881,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -121983,6 +121899,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -122061,12 +121982,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122226,10 +122144,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126015,10 +125931,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126228,8 +126142,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126268,8 +126181,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126377,10 +126289,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126459,10 +126369,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126527,10 +126435,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126591,10 +126497,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126644,8 +126548,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126710,8 +126613,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -144661,16 +144563,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -148604,8 +148506,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -148704,10 +148605,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -148963,8 +148862,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -149063,10 +148961,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -149284,10 +149180,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -152922,10 +152816,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153000,10 +152892,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153068,10 +152958,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153164,10 +153052,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153314,9 +153200,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -155212,9 +155096,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -155582,9 +155464,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156009,9 +155889,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156377,9 +156255,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -156572,9 +156448,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156675,8 +156549,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -156715,8 +156588,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -156824,10 +156696,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index ea3ce39218..196146c163 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -4169,8 +4169,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4338,8 +4337,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5795,8 +5793,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5997,8 +5994,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6161,8 +6157,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6842,8 +6837,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13360,8 +13354,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13529,8 +13522,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15352,8 +15344,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15504,8 +15495,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15668,8 +15658,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16445,8 +16434,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20463,8 +20451,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20615,8 +20602,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20779,8 +20765,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -21652,8 +21637,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -24486,10 +24470,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24731,8 +24713,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24902,10 +24883,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25164,8 +25143,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25335,10 +25313,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25557,10 +25533,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25637,10 +25611,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39494,8 +39466,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39562,10 +39533,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39640,10 +39609,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39796,6 +39763,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -39812,6 +39780,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -39890,12 +39863,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40059,10 +40029,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41930,10 +41898,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42184,8 +42150,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42224,8 +42189,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42333,10 +42297,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42415,10 +42377,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42483,10 +42443,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42547,10 +42505,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42616,8 +42572,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42682,8 +42637,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43465,8 +43419,7 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -45483,10 +45436,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -45688,8 +45639,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -45859,10 +45809,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46121,8 +46069,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46292,10 +46239,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46514,10 +46459,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46594,10 +46537,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66265,8 +66206,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66333,10 +66273,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66411,10 +66349,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66571,6 +66507,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -66587,6 +66524,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -66665,12 +66607,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66834,10 +66773,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68062,10 +67999,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68272,8 +68207,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68312,8 +68246,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68421,10 +68354,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68503,10 +68434,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68571,10 +68500,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68635,10 +68562,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68734,8 +68659,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68800,8 +68724,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -73897,10 +73820,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74102,8 +74023,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74291,10 +74211,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74553,8 +74471,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74742,10 +74659,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74964,10 +74879,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -75044,10 +74957,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111429,8 +111340,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111497,10 +111407,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111575,10 +111483,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111743,6 +111649,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -111760,6 +111667,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -111838,12 +111750,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112009,10 +111918,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113011,10 +112918,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113224,8 +113129,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113264,8 +113168,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113373,10 +113276,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113455,10 +113356,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113523,10 +113422,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113587,10 +113484,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113640,8 +113535,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113706,8 +113600,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -115642,16 +115535,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -117918,10 +117811,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118122,8 +118013,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118222,10 +118112,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118442,10 +118330,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121843,10 +121729,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121921,10 +121805,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121989,10 +121871,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122085,10 +121965,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122235,9 +122113,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -123877,9 +123753,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -124247,9 +124121,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -124674,9 +124546,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -125042,9 +124912,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -125237,9 +125105,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -125415,8 +125281,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -125455,8 +125320,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -125564,10 +125428,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index c7cb418c26..48831471d6 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24139,8 +24139,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -24308,8 +24307,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27720,8 +27718,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27872,8 +27869,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -28036,8 +28032,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -30137,8 +30132,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -75601,8 +75595,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -75770,8 +75763,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80013,8 +80005,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80165,8 +80156,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80329,8 +80319,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -83228,8 +83217,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92562,8 +92550,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92714,8 +92701,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92878,8 +92864,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -96570,8 +96555,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -101065,15 +101049,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -101377,8 +101361,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101542,10 +101525,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101801,8 +101782,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101966,10 +101946,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -102187,10 +102165,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -102267,10 +102243,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103737,10 +103711,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103815,10 +103787,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103959,6 +103929,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -103975,6 +103946,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -104053,12 +104029,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -104216,10 +104189,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107521,10 +107492,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107731,8 +107700,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107771,8 +107739,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -107880,10 +107847,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107962,10 +107927,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108030,10 +107993,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108094,10 +108055,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108163,8 +108122,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108229,8 +108187,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -109286,8 +109243,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -111925,15 +111881,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -112237,8 +112193,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112418,10 +112373,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112677,8 +112630,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112858,10 +112810,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113079,10 +113029,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113159,10 +113107,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114629,10 +114575,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114707,10 +114651,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114887,6 +114829,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -114903,6 +114846,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -114981,12 +114929,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -115144,10 +115089,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118725,10 +118668,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118935,8 +118876,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118975,8 +118915,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119084,10 +119023,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119166,10 +119103,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119234,10 +119169,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119298,10 +119231,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119397,8 +119328,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119463,8 +119393,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -125556,15 +125485,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -125868,8 +125797,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126069,10 +125997,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126328,8 +126254,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126529,10 +126454,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126750,10 +126673,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126830,10 +126751,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -128844,10 +128763,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -128922,10 +128839,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -129147,6 +129062,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -129164,6 +129080,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -129242,12 +129163,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -129407,10 +129325,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135672,10 +135588,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135885,8 +135799,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135925,8 +135838,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136034,10 +135946,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -136116,10 +136026,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136184,10 +136092,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136248,10 +136154,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136301,8 +136205,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136367,8 +136270,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -202512,16 +202414,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -210595,8 +210497,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -210695,10 +210596,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -210954,8 +210853,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -211054,10 +210952,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -211275,10 +211171,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -214913,10 +214807,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -214991,10 +214883,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215059,10 +214949,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215155,10 +215043,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215305,9 +215191,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -217203,9 +217087,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -217573,9 +217455,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218000,9 +217880,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218368,9 +218246,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -218563,9 +218439,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218666,8 +218540,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -218706,8 +218579,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -218815,10 +218687,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 21a9e0efa6..557ded06d6 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2105,8 +2105,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2224,8 +2223,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2314,8 +2312,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2460,8 +2457,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3167,8 +3163,7 @@ static int sp_2048_div_72(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3289,8 +3284,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3379,8 +3373,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3508,8 +3501,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3630,8 +3622,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -3742,8 +3733,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -4113,7 +4103,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 36 * 13); @@ -4615,8 +4605,7 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5790,8 +5779,7 @@ static int sp_3072_div_53(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5909,8 +5897,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5999,8 +5986,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6145,8 +6131,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6629,8 +6614,7 @@ static int sp_3072_div_106(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6749,8 +6733,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6839,8 +6822,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6968,8 +6950,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7088,8 +7069,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7200,8 +7180,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7571,7 +7550,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 53 * 13); @@ -7923,8 +7902,7 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9824,8 +9802,7 @@ static int sp_3072_div_56(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9943,8 +9920,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10033,8 +10009,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10179,8 +10154,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10743,8 +10717,7 @@ static int sp_3072_div_112(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10865,8 +10838,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10955,8 +10927,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11084,8 +11055,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11206,8 +11176,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -11318,8 +11287,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -11689,7 +11657,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 56 * 13); @@ -12262,8 +12230,7 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13447,8 +13414,7 @@ static int sp_4096_div_71(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13566,8 +13532,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13656,8 +13621,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13802,8 +13766,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14287,8 +14250,7 @@ static int sp_4096_div_142(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14407,8 +14369,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14497,8 +14458,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14626,8 +14586,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14746,8 +14705,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -14858,8 +14816,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -15229,7 +15186,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 71 * 13); @@ -15581,8 +15538,7 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17362,8 +17318,7 @@ static int sp_4096_div_81(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17481,8 +17436,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17571,8 +17525,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17717,8 +17670,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18268,8 +18220,7 @@ static int sp_4096_div_162(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18390,8 +18341,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18480,8 +18430,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18609,8 +18558,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18731,8 +18679,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -18843,8 +18790,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -19214,7 +19160,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 81 * 13); @@ -19887,8 +19833,7 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -21907,8 +21852,7 @@ static int sp_256_mod_mul_norm_9(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -22717,10 +22661,8 @@ static int sp_256_ecc_mulmod_win_add_sub_9(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -22915,8 +22857,7 @@ static int sp_256_gen_stripe_table_9(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23084,10 +23025,8 @@ static int sp_256_ecc_mulmod_stripe_9(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23305,10 +23244,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23385,10 +23322,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24774,10 +24709,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24852,10 +24785,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24919,6 +24850,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -24935,6 +24867,11 @@ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -25013,12 +24950,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25201,10 +25135,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25449,8 +25381,7 @@ static int sp_256_div_9(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -26175,8 +26106,7 @@ static int sp_256_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 9); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26384,10 +26314,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26594,8 +26522,7 @@ static int sp_256_ecc_is_point_9(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26634,8 +26561,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26743,10 +26669,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26825,10 +26749,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26893,10 +26815,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26957,10 +26877,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27026,8 +26944,7 @@ static int sp_256_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27092,8 +27009,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -29393,8 +29309,7 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -30251,10 +30166,8 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30449,8 +30362,7 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30642,10 +30554,8 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30863,10 +30773,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30943,10 +30851,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32844,10 +32750,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32922,10 +32826,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32989,6 +32891,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -33005,6 +32908,11 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -33083,12 +32991,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33271,10 +33176,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33561,8 +33464,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -34254,8 +34156,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 15); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34469,10 +34370,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34679,8 +34578,7 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34719,8 +34617,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34828,10 +34725,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34910,10 +34805,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34978,10 +34871,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35042,10 +34933,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35141,8 +35030,7 @@ static int sp_384_mont_sqrt_15(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35207,8 +35095,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -37834,10 +37721,8 @@ static int sp_521_ecc_mulmod_win_add_sub_21(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38032,8 +37917,7 @@ static int sp_521_gen_stripe_table_21(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38249,10 +38133,8 @@ static int sp_521_ecc_mulmod_stripe_21(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38470,10 +38352,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38550,10 +38430,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40961,10 +40839,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41039,10 +40915,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41106,6 +40980,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -41123,6 +40998,11 @@ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -41201,12 +41081,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41389,10 +41266,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41699,8 +41574,7 @@ static int sp_521_div_21(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -42417,8 +42291,7 @@ static int sp_521_mod_inv_21(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 21); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42643,10 +42516,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42857,8 +42728,7 @@ static int sp_521_ecc_is_point_21(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42897,8 +42767,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43006,10 +42875,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -43088,10 +42955,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43156,10 +43021,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43220,10 +43083,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43273,8 +43134,7 @@ static int sp_521_mont_sqrt_21(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43339,8 +43199,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -44382,8 +44241,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44462,16 +44320,16 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -46540,10 +46398,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46738,8 +46594,7 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46838,10 +46693,8 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -47059,10 +46912,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51004,10 +50855,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51082,10 +50931,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51150,10 +50997,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51246,10 +51091,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51396,9 +51239,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -53294,9 +53135,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -53664,9 +53503,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54091,9 +53928,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54459,9 +54294,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(neg, 1, NULL); sp_1024_point_free_42(c, 1, NULL); @@ -54654,9 +54487,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54754,8 +54585,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -54794,8 +54624,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -54903,10 +54732,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 93fd140ba8..cd55ca3aed 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1017,8 +1017,7 @@ static int sp_2048_div_17(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1136,8 +1135,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1226,8 +1224,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1372,8 +1369,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1842,8 +1838,7 @@ static int sp_2048_div_34(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1962,8 +1957,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2052,8 +2046,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2181,8 +2174,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2301,8 +2293,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2413,8 +2404,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2784,7 +2774,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 17 * 13); @@ -3137,8 +3127,7 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4552,8 +4541,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4671,8 +4659,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4761,8 +4748,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4907,8 +4893,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5438,8 +5423,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5560,8 +5544,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5650,8 +5633,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5779,8 +5761,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5901,8 +5882,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6013,8 +5993,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6384,7 +6363,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 18 * 13); @@ -6806,8 +6785,7 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7894,8 +7872,7 @@ static int sp_3072_div_26(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8013,8 +7990,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8103,8 +8079,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8249,8 +8224,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8725,8 +8699,7 @@ static int sp_3072_div_52(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8845,8 +8818,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8935,8 +8907,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9064,8 +9035,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9184,8 +9154,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -9296,8 +9265,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -9667,7 +9635,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 26 * 13); @@ -10020,8 +9988,7 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11573,8 +11540,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11692,8 +11658,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11782,8 +11747,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11928,8 +11892,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12470,8 +12433,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12592,8 +12554,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12682,8 +12643,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12811,8 +12771,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12933,8 +12892,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -13045,8 +13003,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -13416,7 +13373,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 27 * 13); @@ -13874,8 +13831,7 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14968,8 +14924,7 @@ static int sp_4096_div_35(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15087,8 +15042,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15177,8 +15131,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15323,8 +15276,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15794,8 +15746,7 @@ static int sp_4096_div_70(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15914,8 +15865,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16004,8 +15954,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16133,8 +16082,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16253,8 +16201,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16365,8 +16312,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16736,7 +16682,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 35 * 13); @@ -17089,8 +17035,7 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18697,8 +18642,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18816,8 +18760,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18906,8 +18849,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19052,8 +18994,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19595,8 +19536,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19717,8 +19657,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19807,8 +19746,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19936,8 +19874,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20058,8 +19995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20170,8 +20106,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20541,7 +20476,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 39 * 13); @@ -21047,8 +20982,7 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -22862,8 +22796,7 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -23640,10 +23573,8 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23838,8 +23769,7 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23991,10 +23921,8 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24212,10 +24140,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24292,10 +24218,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25681,10 +25605,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25759,10 +25681,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25826,6 +25746,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -25842,6 +25763,11 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -25920,12 +25846,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26108,10 +26031,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26342,8 +26263,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27073,8 +26993,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 5); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27278,10 +27197,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27488,8 +27405,7 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27528,8 +27444,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27637,10 +27552,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27719,10 +27632,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27787,10 +27698,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27851,10 +27760,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27920,8 +27827,7 @@ static int sp_256_mont_sqrt_5(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27986,8 +27892,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -29823,8 +29728,7 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -30617,10 +30521,8 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30815,8 +30717,7 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30976,10 +30877,8 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31197,10 +31096,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31277,10 +31174,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33176,10 +33071,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33254,10 +33147,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33321,6 +33212,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -33337,6 +33229,11 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -33415,12 +33312,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33603,10 +33497,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33845,8 +33737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -34543,8 +34434,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 7); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34750,10 +34640,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34960,8 +34848,7 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -35000,8 +34887,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35109,10 +34995,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -35191,10 +35075,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35259,10 +35141,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35323,10 +35203,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35422,8 +35300,7 @@ static int sp_384_mont_sqrt_7(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35488,8 +35365,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -38054,10 +37930,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38252,8 +38126,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38421,10 +38294,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38642,10 +38513,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38722,10 +38591,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40621,10 +40488,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40699,10 +40564,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40766,6 +40629,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -40783,6 +40647,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -40861,12 +40730,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41049,10 +40915,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41297,8 +41161,7 @@ static int sp_521_div_9(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -42020,8 +41883,7 @@ static int sp_521_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 9); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42234,10 +42096,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42448,8 +42308,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42488,8 +42347,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42597,10 +42455,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42679,10 +42535,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42747,10 +42601,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42811,10 +42663,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42864,8 +42714,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42930,8 +42779,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43847,8 +43695,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -43927,16 +43774,16 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -45894,10 +45741,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46092,8 +45937,7 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46192,10 +46036,8 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46413,10 +46255,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49844,10 +49684,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49922,10 +49760,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49990,10 +49826,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50086,10 +49920,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50236,9 +50068,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -51878,9 +51708,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -52248,9 +52076,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -52675,9 +52501,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -53043,9 +52867,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(neg, 1, NULL); sp_1024_point_free_18(c, 1, NULL); @@ -53238,9 +53060,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -53338,8 +53158,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -53378,8 +53197,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -53487,10 +53305,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 07a3112bbc..f664cf2d30 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2211,7 +2211,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_add_64_word:\n\t" +#else + "L_sp_2048_add_64_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2223,10 +2227,12 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_64_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_2048_add_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_2048_add_64_word\n\t" +#else + "BNE.N L_sp_2048_add_64_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2258,7 +2264,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x100\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sub_in_pkace_64_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_64_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2269,10 +2279,12 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_64_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_2048_sub_in_pkace_64_word\n\t" +#else + "BNE.N L_sp_2048_sub_in_pkace_64_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2312,13 +2324,21 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_64_outer:\n\t" +#else + "L_sp_2048_mul_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_64_inner:\n\t" +#else + "L_sp_2048_mul_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2334,15 +2354,19 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_mul_64_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_64_inner\n\t" #else + "BGT.N L_sp_2048_mul_64_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_2048_mul_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mul_64_inner\n\t" +#else + "BLT.N L_sp_2048_mul_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2351,17 +2375,23 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_64_inner_done:\n\t" +#else + "L_sp_2048_mul_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_64_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_2048_mul_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_2048_mul_64_outer\n\t" +#else + "BLE.N L_sp_2048_mul_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "LDR r11, [%[b], #252]\n\t" @@ -2370,14 +2400,20 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_64_store:\n\t" +#else + "L_sp_2048_mul_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_mul_64_store\n\t" +#else + "BGT.N L_sp_2048_mul_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2410,13 +2446,21 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_64_outer:\n\t" +#else + "L_sp_2048_sqr_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_64_inner:\n\t" +#else + "L_sp_2048_sqr_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2429,15 +2473,19 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_sqr_64_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_64_inner\n\t" #else + "BGT.N L_sp_2048_sqr_64_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_sqr_64_inner\n\t" +#else + "BLT.N L_sp_2048_sqr_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2445,17 +2493,23 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_64_inner_done:\n\t" +#else + "L_sp_2048_sqr_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_64_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_2048_sqr_64_outer\n\t" +#else + "BLE.N L_sp_2048_sqr_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2463,14 +2517,20 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_64_store:\n\t" +#else + "L_sp_2048_sqr_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_sqr_64_store\n\t" +#else + "BGT.N L_sp_2048_sqr_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2520,7 +2580,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_add_32_word:\n\t" +#else + "L_sp_2048_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2532,10 +2596,12 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_32_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_2048_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_2048_add_32_word\n\t" +#else + "BNE.N L_sp_2048_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2567,7 +2633,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sub_in_pkace_32_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2578,10 +2648,12 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_32_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_2048_sub_in_pkace_32_word\n\t" +#else + "BNE.N L_sp_2048_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2621,13 +2693,21 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_32_outer:\n\t" +#else + "L_sp_2048_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_32_inner:\n\t" +#else + "L_sp_2048_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2643,15 +2723,19 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_mul_32_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_32_inner\n\t" #else + "BGT.N L_sp_2048_mul_32_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_2048_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mul_32_inner\n\t" +#else + "BLT.N L_sp_2048_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2660,17 +2744,23 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_32_inner_done:\n\t" +#else + "L_sp_2048_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_32_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_2048_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_2048_mul_32_outer\n\t" +#else + "BLE.N L_sp_2048_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -2679,14 +2769,20 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_32_store:\n\t" +#else + "L_sp_2048_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_mul_32_store\n\t" +#else + "BGT.N L_sp_2048_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2719,13 +2815,21 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_32_outer:\n\t" +#else + "L_sp_2048_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_32_inner:\n\t" +#else + "L_sp_2048_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2738,15 +2842,19 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_sqr_32_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_32_inner\n\t" #else + "BGT.N L_sp_2048_sqr_32_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_sqr_32_inner\n\t" +#else + "BLT.N L_sp_2048_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2754,17 +2862,23 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_32_inner_done:\n\t" +#else + "L_sp_2048_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_32_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_2048_sqr_32_outer\n\t" +#else + "BLE.N L_sp_2048_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2772,14 +2886,20 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sqr_32_store:\n\t" +#else + "L_sp_2048_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_2048_sqr_32_store\n\t" +#else + "BGT.N L_sp_2048_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2838,7 +2958,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_d_64_word:\n\t" +#else + "L_sp_2048_mul_d_64_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -2851,10 +2975,12 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_64_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mul_d_64_word\n\t" +#else + "BLT.N L_sp_2048_mul_d_64_word_%=\n\t" #endif "STR r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -3252,7 +3378,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_cond_sub_32_words:\n\t" +#else + "L_sp_2048_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -3262,10 +3392,12 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_32_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_cond_sub_32_words\n\t" +#else + "BLT.N L_sp_2048_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -3448,7 +3580,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -3710,10 +3846,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_2048_mont_reduce_32_word\n\t" +#else + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -3752,7 +3890,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -3760,7 +3902,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -3802,10 +3948,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -3818,10 +3966,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_32_word\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -3863,7 +4013,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -4030,10 +4184,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_2048_mont_reduce_32_word\n\t" +#else + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -4075,7 +4231,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -4083,7 +4243,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -4113,10 +4277,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -4129,10 +4295,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_32_word\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -4203,7 +4371,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mul_d_32_word:\n\t" +#else + "L_sp_2048_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -4216,10 +4388,12 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mul_d_32_word\n\t" +#else + "BLT.N L_sp_2048_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -4517,7 +4691,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_2048_word_32_bit:\n\t" +#else + "L_div_2048_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -4527,7 +4705,13 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_32_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_32_bit\n\t" +#else + "BPL.N L_div_2048_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -4579,7 +4763,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_cmp_32_words:\n\t" +#else + "L_sp_2048_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -4592,7 +4780,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_2048_cmp_32_words\n\t" +#else + "bcs L_sp_2048_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -5158,8 +5350,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5327,8 +5518,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5380,7 +5570,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_cond_sub_64_words:\n\t" +#else + "L_sp_2048_cond_sub_64_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -5390,10 +5584,12 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_64_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_cond_sub_64_words\n\t" +#else + "BLT.N L_sp_2048_cond_sub_64_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -5688,7 +5884,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -6206,10 +6406,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_2048_mont_reduce_64_word\n\t" +#else + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -6248,7 +6450,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6256,7 +6462,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6298,10 +6508,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6314,10 +6526,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_64_word\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6359,7 +6573,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -6686,10 +6904,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_2048_mont_reduce_64_word\n\t" +#else + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -6731,7 +6951,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6739,7 +6963,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6769,10 +6997,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6785,10 +7015,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_mont_reduce_64_word\n\t" +#else + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6854,7 +7086,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_sub_64_word:\n\t" +#else + "L_sp_2048_sub_64_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -6865,10 +7101,12 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_64_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_2048_sub_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_2048_sub_64_word\n\t" +#else + "BNE.N L_sp_2048_sub_64_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -7121,7 +7359,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_2048_word_64_bit:\n\t" +#else + "L_div_2048_word_64_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -7131,7 +7373,13 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_64_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_64_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_64_bit\n\t" +#else + "BPL.N L_div_2048_word_64_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -7286,7 +7534,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xfc\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_cmp_64_words:\n\t" +#else + "L_sp_2048_cmp_64_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -7299,7 +7551,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_2048_cmp_64_words\n\t" +#else + "bcs L_sp_2048_cmp_64_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #252]\n\t" @@ -8211,8 +8467,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8363,8 +8618,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8527,8 +8781,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -8562,7 +8815,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_2048_cond_add_32_words:\n\t" +#else + "L_sp_2048_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -8572,10 +8829,12 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_add_32_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_2048_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_2048_cond_add_32_words\n\t" +#else + "BLT.N L_sp_2048_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -9567,8 +9826,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12948,7 +13206,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_add_96_word:\n\t" +#else + "L_sp_3072_add_96_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -12960,10 +13222,12 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_96_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_3072_add_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_3072_add_96_word\n\t" +#else + "BNE.N L_sp_3072_add_96_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -12995,7 +13259,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x180\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sub_in_pkace_96_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_96_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13006,10 +13274,12 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_96_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_3072_sub_in_pkace_96_word\n\t" +#else + "BNE.N L_sp_3072_sub_in_pkace_96_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13049,13 +13319,21 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_96_outer:\n\t" +#else + "L_sp_3072_mul_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_96_inner:\n\t" +#else + "L_sp_3072_mul_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13071,15 +13349,19 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_mul_96_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_96_inner\n\t" #else + "BGT.N L_sp_3072_mul_96_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_3072_mul_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mul_96_inner\n\t" +#else + "BLT.N L_sp_3072_mul_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13088,17 +13370,23 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_96_inner_done:\n\t" +#else + "L_sp_3072_mul_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_96_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_3072_mul_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_3072_mul_96_outer\n\t" +#else + "BLE.N L_sp_3072_mul_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "LDR r11, [%[b], #380]\n\t" @@ -13107,14 +13395,20 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_96_store:\n\t" +#else + "L_sp_3072_mul_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_mul_96_store\n\t" +#else + "BGT.N L_sp_3072_mul_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13147,13 +13441,21 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_96_outer:\n\t" +#else + "L_sp_3072_sqr_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_96_inner:\n\t" +#else + "L_sp_3072_sqr_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13166,15 +13468,19 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_sqr_96_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_96_inner\n\t" #else + "BGT.N L_sp_3072_sqr_96_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_sqr_96_inner\n\t" +#else + "BLT.N L_sp_3072_sqr_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13182,17 +13488,23 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_96_inner_done:\n\t" +#else + "L_sp_3072_sqr_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_96_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_3072_sqr_96_outer\n\t" +#else + "BLE.N L_sp_3072_sqr_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13200,14 +13512,20 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_96_store:\n\t" +#else + "L_sp_3072_sqr_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_sqr_96_store\n\t" +#else + "BGT.N L_sp_3072_sqr_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13257,7 +13575,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0xc0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_add_48_word:\n\t" +#else + "L_sp_3072_add_48_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -13269,10 +13591,12 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_48_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_3072_add_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_3072_add_48_word\n\t" +#else + "BNE.N L_sp_3072_add_48_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -13304,7 +13628,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0xc0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sub_in_pkace_48_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_48_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13315,10 +13643,12 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_48_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_3072_sub_in_pkace_48_word\n\t" +#else + "BNE.N L_sp_3072_sub_in_pkace_48_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13358,13 +13688,21 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_48_outer:\n\t" +#else + "L_sp_3072_mul_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_48_inner:\n\t" +#else + "L_sp_3072_mul_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13380,15 +13718,19 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_mul_48_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_48_inner\n\t" #else + "BGT.N L_sp_3072_mul_48_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_3072_mul_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mul_48_inner\n\t" +#else + "BLT.N L_sp_3072_mul_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13397,17 +13739,23 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_48_inner_done:\n\t" +#else + "L_sp_3072_mul_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_48_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_3072_mul_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_3072_mul_48_outer\n\t" +#else + "BLE.N L_sp_3072_mul_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "LDR r11, [%[b], #188]\n\t" @@ -13416,14 +13764,20 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_48_store:\n\t" +#else + "L_sp_3072_mul_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_mul_48_store\n\t" +#else + "BGT.N L_sp_3072_mul_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13456,13 +13810,21 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_48_outer:\n\t" +#else + "L_sp_3072_sqr_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_48_inner:\n\t" +#else + "L_sp_3072_sqr_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13475,15 +13837,19 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_sqr_48_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_48_inner\n\t" #else + "BGT.N L_sp_3072_sqr_48_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_sqr_48_inner\n\t" +#else + "BLT.N L_sp_3072_sqr_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13491,17 +13857,23 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_48_inner_done:\n\t" +#else + "L_sp_3072_sqr_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_48_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_3072_sqr_48_outer\n\t" +#else + "BLE.N L_sp_3072_sqr_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13509,14 +13881,20 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sqr_48_store:\n\t" +#else + "L_sp_3072_sqr_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_3072_sqr_48_store\n\t" +#else + "BGT.N L_sp_3072_sqr_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13575,7 +13953,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_d_96_word:\n\t" +#else + "L_sp_3072_mul_d_96_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -13588,10 +13970,12 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_96_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mul_d_96_word\n\t" +#else + "BLT.N L_sp_3072_mul_d_96_word_%=\n\t" #endif "STR r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -14149,7 +14533,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_cond_sub_48_words:\n\t" +#else + "L_sp_3072_cond_sub_48_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -14159,10 +14547,12 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_48_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_cond_sub_48_words\n\t" +#else + "BLT.N L_sp_3072_cond_sub_48_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -14401,7 +14791,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -14791,10 +15185,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_3072_mont_reduce_48_word\n\t" +#else + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -14833,7 +15229,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -14841,7 +15241,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -14883,10 +15287,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -14899,10 +15305,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_48_word\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -14944,7 +15352,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -15191,10 +15603,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_3072_mont_reduce_48_word\n\t" +#else + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -15236,7 +15650,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -15244,7 +15662,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -15274,10 +15696,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -15290,10 +15714,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_48_word\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -15364,7 +15790,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mul_d_48_word:\n\t" +#else + "L_sp_3072_mul_d_48_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -15377,10 +15807,12 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_48_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mul_d_48_word\n\t" +#else + "BLT.N L_sp_3072_mul_d_48_word_%=\n\t" #endif "STR r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -15758,7 +16190,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_3072_word_48_bit:\n\t" +#else + "L_div_3072_word_48_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -15768,7 +16204,13 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_48_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_48_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_48_bit\n\t" +#else + "BPL.N L_div_3072_word_48_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -15820,7 +16262,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xbc\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_cmp_48_words:\n\t" +#else + "L_sp_3072_cmp_48_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -15833,7 +16279,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_3072_cmp_48_words\n\t" +#else + "bcs L_sp_3072_cmp_48_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #188]\n\t" @@ -16575,8 +17025,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16744,8 +17193,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16797,7 +17245,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_cond_sub_96_words:\n\t" +#else + "L_sp_3072_cond_sub_96_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -16807,10 +17259,12 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_96_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_96_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_cond_sub_96_words\n\t" +#else + "BLT.N L_sp_3072_cond_sub_96_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -17217,7 +17671,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -17991,10 +18449,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_3072_mont_reduce_96_word\n\t" +#else + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -18033,7 +18493,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18041,7 +18505,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18083,10 +18551,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18099,10 +18569,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_96_word\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18144,7 +18616,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -18631,10 +19107,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_3072_mont_reduce_96_word\n\t" +#else + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -18676,7 +19154,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18684,7 +19166,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18714,10 +19200,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18730,10 +19218,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_mont_reduce_96_word\n\t" +#else + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18799,7 +19289,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_sub_96_word:\n\t" +#else + "L_sp_3072_sub_96_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -18810,10 +19304,12 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_96_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_3072_sub_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_3072_sub_96_word\n\t" +#else + "BNE.N L_sp_3072_sub_96_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -19122,7 +19618,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_3072_word_96_bit:\n\t" +#else + "L_div_3072_word_96_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -19132,7 +19632,13 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_96_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_96_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_96_bit\n\t" +#else + "BPL.N L_div_3072_word_96_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -19287,7 +19793,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x17c\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_cmp_96_words:\n\t" +#else + "L_sp_3072_cmp_96_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -19300,7 +19810,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_3072_cmp_96_words\n\t" +#else + "bcs L_sp_3072_cmp_96_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #380]\n\t" @@ -20564,8 +21078,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20716,8 +21229,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20880,8 +21392,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20915,7 +21426,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_3072_cond_add_48_words:\n\t" +#else + "L_sp_3072_cond_add_48_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -20925,10 +21440,12 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_add_48_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_3072_cond_add_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_3072_cond_add_48_words\n\t" +#else + "BLT.N L_sp_3072_cond_add_48_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -22168,8 +22685,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -23059,7 +23575,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_add_128_word:\n\t" +#else + "L_sp_4096_add_128_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -23071,10 +23591,12 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_add_128_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_4096_add_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_4096_add_128_word\n\t" +#else + "BNE.N L_sp_4096_add_128_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -23106,7 +23628,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x200\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sub_in_pkace_128_word:\n\t" +#else + "L_sp_4096_sub_in_pkace_128_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -23117,10 +23643,12 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_in_pkace_128_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_4096_sub_in_pkace_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_4096_sub_in_pkace_128_word\n\t" +#else + "BNE.N L_sp_4096_sub_in_pkace_128_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -23160,13 +23688,21 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mul_128_outer:\n\t" +#else + "L_sp_4096_mul_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mul_128_inner:\n\t" +#else + "L_sp_4096_mul_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23182,15 +23718,19 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_4096_mul_128_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_128_inner\n\t" #else + "BGT.N L_sp_4096_mul_128_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_4096_mul_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mul_128_inner\n\t" +#else + "BLT.N L_sp_4096_mul_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -23199,17 +23739,23 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mul_128_inner_done:\n\t" +#else + "L_sp_4096_mul_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_mul_128_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_4096_mul_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_4096_mul_128_outer\n\t" +#else + "BLE.N L_sp_4096_mul_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "LDR r11, [%[b], #508]\n\t" @@ -23218,14 +23764,20 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mul_128_store:\n\t" +#else + "L_sp_4096_mul_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_4096_mul_128_store\n\t" +#else + "BGT.N L_sp_4096_mul_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -23258,13 +23810,21 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sqr_128_outer:\n\t" +#else + "L_sp_4096_sqr_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sqr_128_inner:\n\t" +#else + "L_sp_4096_sqr_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23277,15 +23837,19 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_4096_sqr_128_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_sqr_128_inner\n\t" #else + "BGT.N L_sp_4096_sqr_128_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_4096_sqr_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_sqr_128_inner\n\t" +#else + "BLT.N L_sp_4096_sqr_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -23293,17 +23857,23 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sqr_128_inner_done:\n\t" +#else + "L_sp_4096_sqr_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_sqr_128_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_4096_sqr_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_4096_sqr_128_outer\n\t" +#else + "BLE.N L_sp_4096_sqr_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -23311,14 +23881,20 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sqr_128_store:\n\t" +#else + "L_sp_4096_sqr_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_4096_sqr_128_store\n\t" +#else + "BGT.N L_sp_4096_sqr_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -23375,7 +23951,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mul_d_128_word:\n\t" +#else + "L_sp_4096_mul_d_128_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -23388,10 +23968,12 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_d_128_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mul_d_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mul_d_128_word\n\t" +#else + "BLT.N L_sp_4096_mul_d_128_word_%=\n\t" #endif "STR r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -24110,7 +24692,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_cond_sub_128_words:\n\t" +#else + "L_sp_4096_cond_sub_128_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -24120,10 +24706,12 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_sub_128_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_cond_sub_128_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_cond_sub_128_words\n\t" +#else + "BLT.N L_sp_4096_cond_sub_128_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -24642,7 +25230,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -25672,10 +26264,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_4096_mont_reduce_128_word\n\t" +#else + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -25714,7 +26308,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -25722,7 +26320,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -25764,10 +26366,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" +#else + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -25780,10 +26384,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mont_reduce_128_word\n\t" +#else + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -25825,7 +26431,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -26472,10 +27082,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_4096_mont_reduce_128_word\n\t" +#else + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -26517,7 +27129,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -26525,7 +27141,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -26555,10 +27175,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" +#else + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -26571,10 +27193,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_mont_reduce_128_word\n\t" +#else + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -26640,7 +27264,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_sub_128_word:\n\t" +#else + "L_sp_4096_sub_128_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -26651,10 +27279,12 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_128_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_4096_sub_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_4096_sub_128_word\n\t" +#else + "BNE.N L_sp_4096_sub_128_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -27019,7 +27649,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_4096_word_128_bit:\n\t" +#else + "L_div_4096_word_128_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -27029,7 +27663,13 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_4096_word_128_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_4096_word_128_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_4096_word_128_bit\n\t" +#else + "BPL.N L_div_4096_word_128_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -27184,7 +27824,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1fc\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_cmp_128_words:\n\t" +#else + "L_sp_4096_cmp_128_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -27197,7 +27841,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_4096_cmp_128_words\n\t" +#else + "bcs L_sp_4096_cmp_128_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #508]\n\t" @@ -28813,8 +29461,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -28965,8 +29612,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -29129,8 +29775,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -29164,7 +29809,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_4096_cond_add_64_words:\n\t" +#else + "L_sp_4096_cond_add_64_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -29174,10 +29823,12 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_add_64_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_4096_cond_add_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_4096_cond_add_64_words\n\t" +#else + "BLT.N L_sp_4096_cond_add_64_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -30665,8 +31316,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -30857,13 +31507,21 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mul_8_outer:\n\t" +#else + "L_sp_256_mul_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mul_8_inner:\n\t" +#else + "L_sp_256_mul_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -30879,15 +31537,19 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_256_mul_8_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_8_inner\n\t" #else + "BGT.N L_sp_256_mul_8_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_256_mul_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_256_mul_8_inner\n\t" +#else + "BLT.N L_sp_256_mul_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -30896,17 +31558,23 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mul_8_inner_done:\n\t" +#else + "L_sp_256_mul_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_mul_8_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_256_mul_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_256_mul_8_outer\n\t" +#else + "BLE.N L_sp_256_mul_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "LDR r11, [%[b], #28]\n\t" @@ -30915,14 +31583,20 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mul_8_store:\n\t" +#else + "L_sp_256_mul_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_256_mul_8_store\n\t" +#else + "BGT.N L_sp_256_mul_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -31455,13 +32129,21 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sqr_8_outer:\n\t" +#else + "L_sp_256_sqr_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sqr_8_inner:\n\t" +#else + "L_sp_256_sqr_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -31474,15 +32156,19 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_256_sqr_8_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_sqr_8_inner\n\t" #else + "BGT.N L_sp_256_sqr_8_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_256_sqr_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_256_sqr_8_inner\n\t" +#else + "BLT.N L_sp_256_sqr_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -31490,17 +32176,23 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sqr_8_inner_done:\n\t" +#else + "L_sp_256_sqr_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_sqr_8_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_256_sqr_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_256_sqr_8_outer\n\t" +#else + "BLE.N L_sp_256_sqr_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -31508,14 +32200,20 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sqr_8_store:\n\t" +#else + "L_sp_256_sqr_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_256_sqr_8_store\n\t" +#else + "BGT.N L_sp_256_sqr_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -31915,7 +32613,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_add_8_word:\n\t" +#else + "L_sp_256_add_8_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -31927,10 +32629,12 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_add_8_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_256_add_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_256_add_8_word\n\t" +#else + "BNE.N L_sp_256_add_8_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -33938,7 +34642,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1c\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_cmp_8_words:\n\t" +#else + "L_sp_256_cmp_8_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -33951,7 +34659,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_256_cmp_8_words\n\t" +#else + "bcs L_sp_256_cmp_8_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #28]\n\t" @@ -34085,7 +34797,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_cond_sub_8_words:\n\t" +#else + "L_sp_256_cond_sub_8_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -34095,10 +34811,12 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_cond_sub_8_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_cond_sub_8_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_256_cond_sub_8_words\n\t" +#else + "BLT.N L_sp_256_cond_sub_8_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -34199,7 +34917,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34269,10 +34991,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_256_mont_reduce_8_word\n\t" +#else + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34314,7 +35038,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34361,10 +35089,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_256_mont_reduce_8_word\n\t" +#else + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -34573,7 +35303,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34643,10 +35377,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" +#else + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34688,7 +35424,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34735,10 +35475,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" +#else + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -35890,15 +36632,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -36202,8 +36944,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36367,10 +37108,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36626,8 +37365,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36791,10 +37529,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37012,10 +37748,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37092,10 +37826,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38562,10 +39294,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38640,10 +39370,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38732,6 +39460,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -38748,6 +39477,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -38826,12 +39560,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38989,10 +39720,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39075,7 +39804,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x20\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sub_in_pkace_8_word:\n\t" +#else + "L_sp_256_sub_in_pkace_8_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -39086,10 +39819,12 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_in_pkace_8_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_256_sub_in_pkace_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_256_sub_in_pkace_8_word\n\t" +#else + "BNE.N L_sp_256_sub_in_pkace_8_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -39168,7 +39903,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_mul_d_8_word:\n\t" +#else + "L_sp_256_mul_d_8_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -39181,10 +39920,12 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_d_8_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_256_mul_d_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_256_mul_d_8_word\n\t" +#else + "BLT.N L_sp_256_mul_d_8_word_%=\n\t" #endif "STR r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -39362,7 +40103,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_256_word_8_bit:\n\t" +#else + "L_div_256_word_8_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -39372,7 +40117,13 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_256_word_8_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_256_word_8_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_256_word_8_bit\n\t" +#else + "BPL.N L_div_256_word_8_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -40066,7 +40817,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_sub_8_word:\n\t" +#else + "L_sp_256_sub_8_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -40077,10 +40832,12 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_8_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_256_sub_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_256_sub_8_word\n\t" +#else + "BNE.N L_sp_256_sub_8_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -40199,10 +40956,12 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "MOV r12, #0x0\n\t" "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_div2_mod_8_even\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_div2_mod_8_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_div2_mod_8_even\n\t" +#else + "BEQ.N L_sp_256_div2_mod_8_even_%=\n\t" #endif "LDM %[a]!, {r5, r6, r7}\n\t" "LDM %[m]!, {r8, r9, r10, r11}\n\t" @@ -40218,17 +40977,27 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "ADCS r6, r6, r10\n\t" "ADCS r7, r7, r11\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_div2_mod_8_div2\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_div2_mod_8_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_div2_mod_8_div2\n\t" +#else + "B.N L_sp_256_div2_mod_8_div2_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_div2_mod_8_even:\n\t" +#else + "L_sp_256_div2_mod_8_even_%=:\n\t" +#endif "LDRD r4, r5, [%[a], #12]\n\t" "LDRD r6, r7, [%[a], #20]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_div2_mod_8_div2:\n\t" +#else + "L_sp_256_div2_mod_8_div2_%=:\n\t" +#endif "LSR r8, r4, #1\n\t" "AND r4, r4, #0x1\n\t" "LSR r9, r5, #1\n\t" @@ -40270,129 +41039,189 @@ static int sp_256_num_bits_8(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_7\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_7\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_7:\n\t" +#else + "L_sp_256_num_bits_8_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_6\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_6\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_6:\n\t" +#else + "L_sp_256_num_bits_8_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_5\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_5\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_5:\n\t" +#else + "L_sp_256_num_bits_8_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_4\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_4\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_4:\n\t" +#else + "L_sp_256_num_bits_8_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_3\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_3\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_3:\n\t" +#else + "L_sp_256_num_bits_8_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_2\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_2\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_2:\n\t" +#else + "L_sp_256_num_bits_8_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_1\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_256_num_bits_8_1\n\t" +#else + "BEQ.N L_sp_256_num_bits_8_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9\n\t" -#else +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_256_num_bits_8_9\n\t" +#else + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_1:\n\t" +#else + "L_sp_256_num_bits_8_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_256_num_bits_8_9:\n\t" +#else + "L_sp_256_num_bits_8_9_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -40684,10 +41513,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40894,8 +41721,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40934,8 +41760,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41043,10 +41868,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41125,10 +41948,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41193,10 +42014,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41257,10 +42076,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41326,8 +42143,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41392,8 +42208,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41515,13 +42330,21 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mul_12_outer:\n\t" +#else + "L_sp_384_mul_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mul_12_inner:\n\t" +#else + "L_sp_384_mul_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -41537,15 +42360,19 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_384_mul_12_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_12_inner\n\t" #else + "BGT.N L_sp_384_mul_12_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_384_mul_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_384_mul_12_inner\n\t" +#else + "BLT.N L_sp_384_mul_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -41554,17 +42381,23 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mul_12_inner_done:\n\t" +#else + "L_sp_384_mul_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_mul_12_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_384_mul_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_384_mul_12_outer\n\t" +#else + "BLE.N L_sp_384_mul_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "LDR r11, [%[b], #44]\n\t" @@ -41573,14 +42406,20 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mul_12_store:\n\t" +#else + "L_sp_384_mul_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_384_mul_12_store\n\t" +#else + "BGT.N L_sp_384_mul_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -42643,13 +43482,21 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sqr_12_outer:\n\t" +#else + "L_sp_384_sqr_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sqr_12_inner:\n\t" +#else + "L_sp_384_sqr_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -42662,15 +43509,19 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_384_sqr_12_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_sqr_12_inner\n\t" #else + "BGT.N L_sp_384_sqr_12_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_384_sqr_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_384_sqr_12_inner\n\t" +#else + "BLT.N L_sp_384_sqr_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -42678,17 +43529,23 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sqr_12_inner_done:\n\t" +#else + "L_sp_384_sqr_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_sqr_12_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_384_sqr_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_384_sqr_12_outer\n\t" +#else + "BLE.N L_sp_384_sqr_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -42696,14 +43553,20 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sqr_12_store:\n\t" +#else + "L_sp_384_sqr_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_384_sqr_12_store\n\t" +#else + "BGT.N L_sp_384_sqr_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -43436,7 +44299,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_add_12_word:\n\t" +#else + "L_sp_384_add_12_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -43448,10 +44315,12 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_add_12_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_384_add_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_384_add_12_word\n\t" +#else + "BNE.N L_sp_384_add_12_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -43607,8 +44476,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43836,7 +44704,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_cond_sub_12_words:\n\t" +#else + "L_sp_384_cond_sub_12_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -43846,10 +44718,12 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_sub_12_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_384_cond_sub_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_384_cond_sub_12_words\n\t" +#else + "BLT.N L_sp_384_cond_sub_12_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -43963,7 +44837,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -44065,10 +44943,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_384_mont_reduce_12_word\n\t" +#else + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -44110,7 +44990,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -44177,10 +45061,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_384_mont_reduce_12_word\n\t" +#else + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -44365,7 +45251,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x2c\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_cmp_12_words:\n\t" +#else + "L_sp_384_cmp_12_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -44378,7 +45268,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_384_cmp_12_words\n\t" +#else + "bcs L_sp_384_cmp_12_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #44]\n\t" @@ -44668,7 +45562,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sub_12_word:\n\t" +#else + "L_sp_384_sub_12_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -44679,10 +45577,12 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_12_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_384_sub_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_384_sub_12_word\n\t" +#else + "BNE.N L_sp_384_sub_12_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -44769,7 +45669,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_cond_add_12_words:\n\t" +#else + "L_sp_384_cond_add_12_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -44779,10 +45683,12 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_add_12_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_384_cond_add_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_384_cond_add_12_words\n\t" +#else + "BLT.N L_sp_384_cond_add_12_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -45751,15 +46657,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -46063,8 +46969,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46244,10 +47149,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46503,8 +47406,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46684,10 +47586,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46905,10 +47805,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46985,10 +47883,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48455,10 +49351,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48533,10 +49427,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48631,6 +49523,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -48647,6 +49540,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -48725,12 +49623,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48888,10 +49783,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48974,7 +49867,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x30\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_sub_in_pkace_12_word:\n\t" +#else + "L_sp_384_sub_in_pkace_12_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -48985,10 +49882,12 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_in_pkace_12_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_384_sub_in_pkace_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_384_sub_in_pkace_12_word\n\t" +#else + "BNE.N L_sp_384_sub_in_pkace_12_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -49074,7 +49973,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_mul_d_12_word:\n\t" +#else + "L_sp_384_mul_d_12_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -49087,10 +49990,12 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_d_12_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_384_mul_d_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_384_mul_d_12_word\n\t" +#else + "BLT.N L_sp_384_mul_d_12_word_%=\n\t" #endif "STR r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -49288,7 +50193,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_384_word_12_bit:\n\t" +#else + "L_div_384_word_12_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -49298,7 +50207,13 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_384_word_12_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_384_word_12_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_384_word_12_bit\n\t" +#else + "BPL.N L_div_384_word_12_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -49961,10 +50876,12 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_div2_mod_12_even\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_div2_mod_12_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_div2_mod_12_even\n\t" +#else + "BEQ.N L_sp_384_div2_mod_12_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -49989,13 +50906,19 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r7, r7, r11\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_div2_mod_12_div2\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_div2_mod_12_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_div2_mod_12_div2\n\t" +#else + "B.N L_sp_384_div2_mod_12_div2_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_div2_mod_12_even:\n\t" +#else + "L_sp_384_div2_mod_12_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -50003,7 +50926,11 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4, r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_div2_mod_12_div2:\n\t" +#else + "L_sp_384_div2_mod_12_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x30\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -50071,197 +50998,289 @@ static int sp_384_num_bits_12(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_11\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_11\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_11:\n\t" +#else + "L_sp_384_num_bits_12_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_10\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_10\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_10:\n\t" +#else + "L_sp_384_num_bits_12_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_9\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_9\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_9:\n\t" +#else + "L_sp_384_num_bits_12_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_8\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_8\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_8:\n\t" +#else + "L_sp_384_num_bits_12_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_7\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_7\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_7:\n\t" +#else + "L_sp_384_num_bits_12_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_6\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_6\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_6:\n\t" +#else + "L_sp_384_num_bits_12_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_5\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_5\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_5:\n\t" +#else + "L_sp_384_num_bits_12_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_4\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_4\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_4:\n\t" +#else + "L_sp_384_num_bits_12_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_3\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_3\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_3:\n\t" +#else + "L_sp_384_num_bits_12_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_2\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_2\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_2:\n\t" +#else + "L_sp_384_num_bits_12_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_1\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_384_num_bits_12_1\n\t" +#else + "BEQ.N L_sp_384_num_bits_12_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13\n\t" -#else +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_384_num_bits_12_13\n\t" +#else + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_1:\n\t" +#else + "L_sp_384_num_bits_12_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_384_num_bits_12_13:\n\t" +#else + "L_sp_384_num_bits_12_13_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -50557,10 +51576,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50767,8 +51784,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50807,8 +51823,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -50916,10 +51931,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50998,10 +52011,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51066,10 +52077,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51130,10 +52139,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51229,8 +52236,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51295,8 +52301,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51430,13 +52435,21 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mul_17_outer:\n\t" +#else + "L_sp_521_mul_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mul_17_inner:\n\t" +#else + "L_sp_521_mul_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -51452,15 +52465,19 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_521_mul_17_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_17_inner\n\t" #else + "BGT.N L_sp_521_mul_17_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_521_mul_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_521_mul_17_inner\n\t" +#else + "BLT.N L_sp_521_mul_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -51469,17 +52486,23 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mul_17_inner_done:\n\t" +#else + "L_sp_521_mul_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_mul_17_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_521_mul_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_521_mul_17_outer\n\t" +#else + "BLE.N L_sp_521_mul_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "LDR r11, [%[b], #64]\n\t" @@ -51491,14 +52514,20 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mul_17_store:\n\t" +#else + "L_sp_521_mul_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_521_mul_17_store\n\t" +#else + "BGT.N L_sp_521_mul_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -53575,13 +54604,21 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sqr_17_outer:\n\t" +#else + "L_sp_521_sqr_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sqr_17_inner:\n\t" +#else + "L_sp_521_sqr_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -53594,15 +54631,19 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_521_sqr_17_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_sqr_17_inner\n\t" #else + "BGT.N L_sp_521_sqr_17_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_521_sqr_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_521_sqr_17_inner\n\t" +#else + "BLT.N L_sp_521_sqr_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -53610,17 +54651,23 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sqr_17_inner_done:\n\t" +#else + "L_sp_521_sqr_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_sqr_17_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_521_sqr_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_521_sqr_17_outer\n\t" +#else + "BLE.N L_sp_521_sqr_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -53631,14 +54678,20 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sqr_17_store:\n\t" +#else + "L_sp_521_sqr_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_521_sqr_17_store\n\t" +#else + "BGT.N L_sp_521_sqr_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -54955,7 +56008,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_add_17_word:\n\t" +#else + "L_sp_521_add_17_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -54967,10 +56024,12 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_add_17_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_521_add_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_521_add_17_word\n\t" +#else + "BNE.N L_sp_521_add_17_word_%=\n\t" #endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a], {r4}\n\t" @@ -55288,7 +56347,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_cond_sub_17_words:\n\t" +#else + "L_sp_521_cond_sub_17_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -55298,10 +56361,12 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_cond_sub_17_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_521_cond_sub_17_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_521_cond_sub_17_words\n\t" +#else + "BLT.N L_sp_521_cond_sub_17_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -55568,19 +56633,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" "CMP r11, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" +#else + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r9, #0x1ff\n\t" "AND r10, r10, r9\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "MOV r7, #0x0\n\t" "UMLAL r4, r7, r10, lr\n\t" @@ -55721,10 +56796,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" +#else + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -55836,19 +56913,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" "CMP r4, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" +#else + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r12, #0x1ff\n\t" "AND lr, lr, r12\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "LDR r12, [%[m]]\n\t" "MOV r3, #0x0\n\t" @@ -55939,10 +57026,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" +#else + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -56194,7 +57283,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x40\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_cmp_17_words:\n\t" +#else + "L_sp_521_cmp_17_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -56207,7 +57300,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_521_cmp_17_words\n\t" +#else + "bcs L_sp_521_cmp_17_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #64]\n\t" @@ -57729,15 +58826,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -58041,8 +59138,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58242,10 +59338,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58501,8 +59595,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58702,10 +59795,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58923,10 +60014,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -59003,10 +60092,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61017,10 +62104,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61095,10 +62180,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61202,6 +62285,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -61219,6 +62303,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -61297,12 +62386,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61462,10 +62548,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61995,7 +63079,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x40\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sub_in_pkace_17_word:\n\t" +#else + "L_sp_521_sub_in_pkace_17_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -62006,10 +63094,12 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_in_pkace_17_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_521_sub_in_pkace_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_521_sub_in_pkace_17_word\n\t" +#else + "BNE.N L_sp_521_sub_in_pkace_17_word_%=\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2}\n\t" @@ -62111,7 +63201,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_mul_d_17_word:\n\t" +#else + "L_sp_521_mul_d_17_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -62124,10 +63218,12 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_d_17_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_521_mul_d_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_521_mul_d_17_word\n\t" +#else + "BLT.N L_sp_521_mul_d_17_word_%=\n\t" #endif "STR r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -62350,7 +63446,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_521_word_17_bit:\n\t" +#else + "L_div_521_word_17_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -62360,7 +63460,13 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_521_word_17_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_521_word_17_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_521_word_17_bit\n\t" +#else + "BPL.N L_div_521_word_17_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -63055,7 +64161,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_sub_17_word:\n\t" +#else + "L_sp_521_sub_17_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -63066,10 +64176,12 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_17_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_521_sub_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_521_sub_17_word\n\t" +#else + "BNE.N L_sp_521_sub_17_word_%=\n\t" #endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3}\n\t" @@ -63166,10 +64278,12 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_div2_mod_17_even\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_div2_mod_17_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_div2_mod_17_even\n\t" +#else + "BEQ.N L_sp_521_div2_mod_17_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -63205,13 +64319,19 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r4, r4, r8\n\t" "STM %[r]!, {r4}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_div2_mod_17_div2\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_div2_mod_17_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_div2_mod_17_div2\n\t" +#else + "B.N L_sp_521_div2_mod_17_div2_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_div2_mod_17_even:\n\t" +#else + "L_sp_521_div2_mod_17_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -63223,7 +64343,11 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4}\n\t" "STM %[r]!, {r4}\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_div2_mod_17_div2:\n\t" +#else + "L_sp_521_div2_mod_17_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x44\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -63311,282 +64435,414 @@ static int sp_521_num_bits_17(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #64]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_16\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_16_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_16\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_16_%=\n\t" #endif "MOV r2, #0x220\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_16:\n\t" +#else + "L_sp_521_num_bits_17_16_%=:\n\t" +#endif "LDR r1, [%[a], #60]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_15\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_15_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_15\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_15_%=\n\t" #endif "MOV r2, #0x200\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_15:\n\t" +#else + "L_sp_521_num_bits_17_15_%=:\n\t" +#endif "LDR r1, [%[a], #56]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_14\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_14_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_14\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_14_%=\n\t" #endif "MOV r2, #0x1e0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_14:\n\t" +#else + "L_sp_521_num_bits_17_14_%=:\n\t" +#endif "LDR r1, [%[a], #52]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_13\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_13\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_13_%=\n\t" #endif "MOV r2, #0x1c0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_13:\n\t" +#else + "L_sp_521_num_bits_17_13_%=:\n\t" +#endif "LDR r1, [%[a], #48]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_12\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_12_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_12\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_12_%=\n\t" #endif "MOV r2, #0x1a0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_12:\n\t" +#else + "L_sp_521_num_bits_17_12_%=:\n\t" +#endif "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_11\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_11\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_11:\n\t" +#else + "L_sp_521_num_bits_17_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_10\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_10\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_10:\n\t" +#else + "L_sp_521_num_bits_17_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_9\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_9\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_9:\n\t" +#else + "L_sp_521_num_bits_17_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_8\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_8\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_8:\n\t" +#else + "L_sp_521_num_bits_17_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_7\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_7\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_7:\n\t" +#else + "L_sp_521_num_bits_17_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_6\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_6\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_6:\n\t" +#else + "L_sp_521_num_bits_17_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_5\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_5\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_5:\n\t" +#else + "L_sp_521_num_bits_17_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_4\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_4\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_4:\n\t" +#else + "L_sp_521_num_bits_17_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_3\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_3\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_3:\n\t" +#else + "L_sp_521_num_bits_17_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_2\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_2\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_2:\n\t" +#else + "L_sp_521_num_bits_17_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_1\n\t" -#else +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BEQ.N L_sp_521_num_bits_17_1\n\t" +#else + "BEQ.N L_sp_521_num_bits_17_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18\n\t" -#else +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "B.N L_sp_521_num_bits_17_18\n\t" +#else + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_1:\n\t" +#else + "L_sp_521_num_bits_17_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_521_num_bits_17_18:\n\t" +#else + "L_sp_521_num_bits_17_18_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -63891,10 +65147,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64104,8 +65358,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64144,8 +65397,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64253,10 +65505,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64335,10 +65585,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64403,10 +65651,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64467,10 +65713,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64520,8 +65764,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64586,8 +65829,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -67981,13 +69223,21 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mul_32_outer:\n\t" +#else + "L_sp_1024_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mul_32_inner:\n\t" +#else + "L_sp_1024_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68003,15 +69253,19 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_1024_mul_32_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_32_inner\n\t" #else + "BGT.N L_sp_1024_mul_32_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_1024_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_1024_mul_32_inner\n\t" +#else + "BLT.N L_sp_1024_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -68020,17 +69274,23 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mul_32_inner_done:\n\t" +#else + "L_sp_1024_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_mul_32_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_1024_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_1024_mul_32_outer\n\t" +#else + "BLE.N L_sp_1024_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -68039,14 +69299,20 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mul_32_store:\n\t" +#else + "L_sp_1024_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_1024_mul_32_store\n\t" +#else + "BGT.N L_sp_1024_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -68079,13 +69345,21 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_sqr_32_outer:\n\t" +#else + "L_sp_1024_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_sqr_32_inner:\n\t" +#else + "L_sp_1024_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68098,15 +69372,19 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_inner_done\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_1024_sqr_32_inner_done\n\t" -#endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_sqr_32_inner\n\t" #else + "BGT.N L_sp_1024_sqr_32_inner_done_%=\n\t" +#endif +#if defined(__GNUC__) + "BLT L_sp_1024_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_1024_sqr_32_inner\n\t" +#else + "BLT.N L_sp_1024_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -68114,17 +69392,23 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_sqr_32_inner_done:\n\t" +#else + "L_sp_1024_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_sqr_32_outer\n\t" -#else +#if defined(__GNUC__) + "BLE L_sp_1024_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLE.N L_sp_1024_sqr_32_outer\n\t" +#else + "BLE.N L_sp_1024_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -68132,14 +69416,20 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_sqr_32_store:\n\t" +#else + "L_sp_1024_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_store\n\t" -#else +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BGT.N L_sp_1024_sqr_32_store\n\t" +#else + "BGT.N L_sp_1024_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -68254,7 +69544,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_sub_in_pkace_32_word:\n\t" +#else + "L_sp_1024_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -68265,10 +69559,12 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_sub_in_pkace_32_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_1024_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_1024_sub_in_pkace_32_word\n\t" +#else + "BNE.N L_sp_1024_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -68306,7 +69602,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_cond_sub_32_words:\n\t" +#else + "L_sp_1024_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -68316,10 +69616,12 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_sub_32_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_1024_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_1024_cond_sub_32_words\n\t" +#else + "BLT.N L_sp_1024_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -68497,7 +69799,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_add_32_word:\n\t" +#else + "L_sp_1024_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -68509,10 +69815,12 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_add_32_word\n\t" -#else +#if defined(__GNUC__) + "BNE L_sp_1024_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BNE.N L_sp_1024_add_32_word\n\t" +#else + "BNE.N L_sp_1024_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68551,7 +69859,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mul_d_32_word:\n\t" +#else + "L_sp_1024_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -68564,10 +69876,12 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_d_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_1024_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_1024_mul_d_32_word\n\t" +#else + "BLT.N L_sp_1024_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68865,7 +70179,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_div_1024_word_32_bit:\n\t" +#else + "L_div_1024_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -68875,7 +70193,13 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_1024_word_32_bit\n\t" +#if defined(__GNUC__) + "BPL L_div_1024_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_1024_word_32_bit\n\t" +#else + "BPL.N L_div_1024_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -68957,7 +70281,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_cmp_32_words:\n\t" +#else + "L_sp_1024_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -68970,7 +70298,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_1024_cmp_32_words\n\t" +#else + "bcs L_sp_1024_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -69451,16 +70783,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -69690,7 +71022,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -69952,10 +71288,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_1024_mont_reduce_32_word\n\t" +#else + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -70002,7 +71340,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -70169,10 +71511,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.W L_sp_1024_mont_reduce_32_word\n\t" +#else + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -71187,7 +72531,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "L_sp_1024_cond_add_32_words:\n\t" +#else + "L_sp_1024_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -71197,10 +72545,12 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_add_32_words\n\t" -#else +#if defined(__GNUC__) + "BLT L_sp_1024_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "BLT.N L_sp_1024_cond_add_32_words\n\t" +#else + "BLT.N L_sp_1024_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -72475,8 +73825,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72575,10 +73924,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72834,8 +74181,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72934,10 +74280,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -73155,10 +74499,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76793,10 +78135,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76871,10 +78211,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76939,10 +78277,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -77035,10 +78371,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -77185,9 +78519,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -79083,9 +80415,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -79453,9 +80783,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -79880,9 +81208,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -80248,9 +81574,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -80443,9 +81767,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -80546,8 +81868,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -80586,8 +81907,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -80695,10 +82015,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c index d3b1745df5..f14e1ab37f 100644 --- a/wolfcrypt/src/sp_dsp32.c +++ b/wolfcrypt/src/sp_dsp32.c @@ -1,6 +1,6 @@ /* sp_cdsp_signed.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -296,9 +296,7 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(td, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -2592,9 +2590,7 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point* r, const sp_point* g, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (t != NULL) { - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, heap); sp_ecc_point_free(rt, 0, heap); @@ -4233,9 +4229,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_digit* m, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4530,8 +4524,7 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32* } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); + XFREE(d, heap, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p1, 0, heap); sp_ecc_point_free(p2, 0, heap); @@ -4631,9 +4624,7 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(q, 0, NULL); sp_ecc_point_free(p, 0, NULL); @@ -4696,9 +4687,7 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, NULL); @@ -4754,9 +4743,7 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, NULL); @@ -4831,9 +4818,7 @@ static int sp_256_mont_sqrt_10(sp_digit* y) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(d, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -4906,9 +4891,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(d, NULL, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 83a1306b59..a25ddab4ab 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -1,6 +1,6 @@ /* sp_int.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -210,9 +210,10 @@ This library provides single precision (SP) integer math functions. /* Declare a variable that will be assigned a value on XMALLOC. */ -#define DECL_DYN_SP_INT_ARRAY(n, s, c) \ - sp_int* n##d = NULL; \ - sp_int* (n)[c] = { NULL, } +#define DECL_DYN_SP_INT_ARRAY(n, s, c) \ + sp_int* n##d = NULL; \ + sp_int* (n)[c]; \ + void *n ## _dummy_var = XMEMSET(n, 0, sizeof(n)) /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */ #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ @@ -240,6 +241,7 @@ This library provides single precision (SP) integer math functions. */ #define ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h) \ do { \ + (void)n ## _dummy_var; \ if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ (err) = MP_VAL; \ } \ @@ -8097,6 +8099,27 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) } #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */ +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) && \ + defined(WOLFSSL_ECC_BLIND_K) +void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r) +{ + if ((a != NULL) && (b != NULL) && (r != NULL)) { + unsigned int i; + + r->used = (len * 8 + SP_WORD_SIZE - 1) / SP_WORD_SIZE; + for (i = 0; i < r->used; i++) { + r->dp[i] = a->dp[i] ^ b->dp[i]; + } + i = (len * 8) % SP_WORD_SIZE; + if (i > 0) { + r->dp[r->used - 1] &= ((sp_int_digit)1 << i) - 1; + } + /* Remove leading zeros. */ + sp_clamp_ct(r); + } +} +#endif + /******************** * Shifting functoins ********************/ @@ -8941,9 +8964,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -9019,9 +9040,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -9103,9 +9122,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -9229,9 +9246,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (w != NULL) { - XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -10228,9 +10243,7 @@ static int _sp_mul_16(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -11036,9 +11049,7 @@ static int _sp_mul_24(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -14684,9 +14695,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -14791,9 +14800,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -14905,9 +14912,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (w != NULL) { - XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -15732,9 +15737,7 @@ static int _sp_sqr_16(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -16307,9 +16310,7 @@ static int _sp_sqr_24(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } diff --git a/wolfcrypt/src/sp_sm2_arm32.c b/wolfcrypt/src/sp_sm2_arm32.c index 211b143920..4dc5377509 100644 --- a/wolfcrypt/src/sp_sm2_arm32.c +++ b/wolfcrypt/src/sp_sm2_arm32.c @@ -1,6 +1,6 @@ /* sp_sm2_arm32.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_arm64.c b/wolfcrypt/src/sp_sm2_arm64.c index 5c84948a01..8f87711903 100644 --- a/wolfcrypt/src/sp_sm2_arm64.c +++ b/wolfcrypt/src/sp_sm2_arm64.c @@ -1,6 +1,6 @@ /* sp_sm2_arm64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_armthumb.c b/wolfcrypt/src/sp_sm2_armthumb.c index 5d26e27be9..0be6685723 100644 --- a/wolfcrypt/src/sp_sm2_armthumb.c +++ b/wolfcrypt/src/sp_sm2_armthumb.c @@ -1,6 +1,6 @@ /* sp_sm2_armthumb.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_c32.c b/wolfcrypt/src/sp_sm2_c32.c index 41c40d1ef3..754b80a563 100644 --- a/wolfcrypt/src/sp_sm2_c32.c +++ b/wolfcrypt/src/sp_sm2_c32.c @@ -1,6 +1,6 @@ /* sp_sm2_c32.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_c64.c b/wolfcrypt/src/sp_sm2_c64.c index ee38016544..861bfe3ed4 100644 --- a/wolfcrypt/src/sp_sm2_c64.c +++ b/wolfcrypt/src/sp_sm2_c64.c @@ -1,6 +1,6 @@ /* sp_sm2_c64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_cortexm.c b/wolfcrypt/src/sp_sm2_cortexm.c index 3bda85f026..4b1083fc80 100644 --- a/wolfcrypt/src/sp_sm2_cortexm.c +++ b/wolfcrypt/src/sp_sm2_cortexm.c @@ -1,6 +1,6 @@ /* sp_sm2_cortexm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_x86_64.c b/wolfcrypt/src/sp_sm2_x86_64.c index f73e408344..24a5b9e581 100644 --- a/wolfcrypt/src/sp_sm2_x86_64.c +++ b/wolfcrypt/src/sp_sm2_x86_64.c @@ -1,6 +1,6 @@ /* sp_sm2_x86_64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_sm2_x86_64_asm.S b/wolfcrypt/src/sp_sm2_x86_64_asm.S index 6ddc3c77ec..a725c8ef8a 100644 --- a/wolfcrypt/src/sp_sm2_x86_64_asm.S +++ b/wolfcrypt/src/sp_sm2_x86_64_asm.S @@ -1,6 +1,6 @@ /* sp_sm2_x86_64_asm.S * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index b57f5a3a30..cef7ffb54e 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -811,8 +811,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1052,8 +1051,7 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1623,8 +1621,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1899,8 +1896,7 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2105,8 +2101,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2531,14 +2526,12 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 32); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -2687,8 +2680,7 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2826,8 +2818,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2932,14 +2923,12 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 32); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -3023,14 +3012,12 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 16); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -3813,8 +3800,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4054,8 +4040,7 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4573,8 +4558,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4797,8 +4781,7 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5003,8 +4986,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -5429,14 +5411,12 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 48); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -5585,8 +5565,7 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5724,8 +5703,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5830,14 +5808,12 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 48); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -5921,14 +5897,12 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 24); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -6697,8 +6671,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6921,8 +6894,7 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7127,8 +7099,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7553,14 +7524,12 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 64); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -7709,8 +7678,7 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7848,8 +7816,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7954,14 +7921,12 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 64); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -9575,10 +9540,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -10610,10 +10573,8 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -10812,8 +10773,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -10942,10 +10902,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11304,8 +11262,7 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11420,10 +11377,8 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11555,10 +11510,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11653,10 +11606,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24183,8 +24134,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24317,8 +24267,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24394,10 +24343,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24490,10 +24437,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24554,6 +24499,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -24570,6 +24516,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -24663,12 +24614,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24850,10 +24798,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26237,10 +26183,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26447,8 +26391,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26487,8 +26430,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26609,10 +26551,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26699,10 +26639,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26775,10 +26713,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26847,10 +26783,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26953,8 +26887,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27029,8 +26962,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27272,8 +27204,7 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -28713,10 +28644,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -29801,10 +29730,8 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30006,8 +29933,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30136,10 +30062,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30501,8 +30425,7 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30617,10 +30540,8 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30752,10 +30673,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30850,10 +30769,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49194,8 +49111,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49328,8 +49244,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49405,10 +49320,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49501,10 +49414,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49565,6 +49476,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -49581,6 +49493,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -49674,12 +49591,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49861,10 +49775,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51190,10 +51102,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51400,8 +51310,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51440,8 +51349,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51562,10 +51470,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51652,10 +51558,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51728,10 +51632,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51800,10 +51702,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51961,8 +51861,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -52037,8 +51936,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -53620,10 +53518,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -54685,10 +54581,8 @@ static int sp_521_ecc_mulmod_win_add_sub_avx2_9(sp_point_521* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -54890,8 +54784,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55020,10 +54913,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55385,8 +55276,7 @@ static int sp_521_gen_stripe_table_avx2_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55501,10 +55391,8 @@ static int sp_521_ecc_mulmod_stripe_avx2_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55636,10 +55524,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55734,10 +55620,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90264,8 +90148,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90398,8 +90281,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90475,10 +90357,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90571,10 +90451,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90635,6 +90513,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -90652,6 +90531,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -90745,12 +90629,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90932,10 +90813,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92331,10 +92210,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92544,8 +92421,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92584,8 +92460,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92706,10 +92581,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92796,10 +92669,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92872,10 +92743,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92944,10 +92813,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -93014,8 +92881,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -93090,8 +92956,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -93499,16 +93364,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -94881,10 +94746,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -95922,10 +95785,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96127,8 +95988,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96227,10 +96087,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96591,8 +96449,7 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96691,10 +96548,8 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96825,10 +96680,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100258,10 +100111,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100354,10 +100205,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100431,10 +100280,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100536,10 +100383,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100686,9 +100531,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102328,9 +102171,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102478,9 +102319,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102577,9 +102416,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102978,9 +102815,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -103405,9 +103240,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -103779,9 +103612,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -104179,9 +104010,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -104583,9 +104412,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -104778,9 +104605,7 @@ static int sp_Pairing_precomp_x64_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -105120,9 +104945,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -105315,9 +105138,7 @@ static int sp_Pairing_precomp_avx2_1024(const ecc_point* pm, const ecc_point* qm #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -105485,8 +105306,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -105525,8 +105345,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -105647,10 +105466,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/wolfcrypt/src/sp_x86_64_asm.S b/wolfcrypt/src/sp_x86_64_asm.S index 6879391de3..d5ebdba634 100644 --- a/wolfcrypt/src/sp_x86_64_asm.S +++ b/wolfcrypt/src/sp_x86_64_asm.S @@ -1,6 +1,6 @@ /* sp_x86_64_asm.S */ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59047,15 +59047,23 @@ _sp_256_mod_inv_avx2_4: movq 8(%rsi), %r11 movq 16(%rsi), %r12 movq 24(%rsi), %r13 - vmovupd 0+L_sp256_mod_inv_avx2_4_order(%rip), %ymm6 - vmovupd 32+L_sp256_mod_inv_avx2_4_order(%rip), %ymm7 - vmovupd 0+L_sp256_mod_inv_avx2_4_one(%rip), %ymm8 - vmovupd 0+L_sp256_mod_inv_avx2_4_mask01111(%rip), %ymm9 - vmovupd 0+L_sp256_mod_inv_avx2_4_all_one(%rip), %ymm10 - vmovupd 0+L_sp256_mod_inv_avx2_4_down_one_dword(%rip), %ymm11 - vmovupd 0+L_sp256_mod_inv_avx2_4_neg(%rip), %ymm12 - vmovupd 0+L_sp256_mod_inv_avx2_4_up_one_dword(%rip), %ymm13 - vmovupd 0+L_sp256_mod_inv_avx2_4_mask26(%rip), %ymm14 + leaq L_sp256_mod_inv_avx2_4_order(%rip), %rbx + vmovupd (%rbx), %ymm6 + vmovupd 32(%rbx), %ymm7 + leaq L_sp256_mod_inv_avx2_4_one(%rip), %rbx + vmovupd (%rbx), %ymm8 + leaq L_sp256_mod_inv_avx2_4_mask01111(%rip), %rbx + vmovupd (%rbx), %ymm9 + leaq L_sp256_mod_inv_avx2_4_all_one(%rip), %rbx + vmovupd (%rbx), %ymm10 + leaq L_sp256_mod_inv_avx2_4_down_one_dword(%rip), %rbx + vmovupd (%rbx), %ymm11 + leaq L_sp256_mod_inv_avx2_4_neg(%rip), %rbx + vmovupd (%rbx), %ymm12 + leaq L_sp256_mod_inv_avx2_4_up_one_dword(%rip), %rbx + vmovupd (%rbx), %ymm13 + leaq L_sp256_mod_inv_avx2_4_mask26(%rip), %rbx + vmovupd (%rbx), %ymm14 vpxor %xmm0, %xmm0, %xmm0 vpxor %xmm1, %xmm1, %xmm1 vmovdqu %ymm8, %ymm2 diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm index fa6558cc95..784bf9c5f5 100644 --- a/wolfcrypt/src/sp_x86_64_asm.asm +++ b/wolfcrypt/src/sp_x86_64_asm.asm @@ -1,6 +1,6 @@ ; /* sp_x86_64_asm.asm */ ; /* -; * Copyright (C) 2006-2023 wolfSSL Inc. +; * Copyright (C) 2006-2024 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * @@ -9712,14 +9712,14 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_2048_get_from_table_16 PROC sub rsp, 128 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 mov rax, 1 movd xmm10, r8 movd xmm11, rax @@ -9736,10 +9736,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9753,10 +9753,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+8] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9770,10 +9770,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+16] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9787,10 +9787,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+24] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9804,10 +9804,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+32] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9821,10 +9821,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+40] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9838,10 +9838,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+48] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9855,10 +9855,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+56] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9872,10 +9872,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+64] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9889,10 +9889,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+72] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9906,10 +9906,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+80] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9923,10 +9923,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+88] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9940,10 +9940,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+96] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9957,10 +9957,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+104] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9974,10 +9974,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+112] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -9991,10 +9991,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+120] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10008,10 +10008,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+128] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10025,10 +10025,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+136] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10042,10 +10042,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+144] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10059,10 +10059,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+152] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10076,10 +10076,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+160] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10093,10 +10093,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+168] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10110,10 +10110,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+176] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10127,10 +10127,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+184] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10144,10 +10144,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+192] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10161,10 +10161,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+200] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10178,10 +10178,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+208] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10195,10 +10195,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+216] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10212,10 +10212,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+224] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10229,10 +10229,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+232] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10246,10 +10246,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+240] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10263,10 +10263,10 @@ sp_2048_get_from_table_16 PROC mov r9, QWORD PTR [rdx+248] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10276,10 +10276,10 @@ sp_2048_get_from_table_16 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 0-7 ; START: 8-15 @@ -10293,10 +10293,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10311,10 +10311,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10329,10 +10329,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10347,10 +10347,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10365,10 +10365,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10383,10 +10383,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10401,10 +10401,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10419,10 +10419,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10437,10 +10437,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10455,10 +10455,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10473,10 +10473,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10491,10 +10491,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10509,10 +10509,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10527,10 +10527,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10545,10 +10545,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10563,10 +10563,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10581,10 +10581,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10599,10 +10599,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10617,10 +10617,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10635,10 +10635,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10653,10 +10653,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10671,10 +10671,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10689,10 +10689,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10707,10 +10707,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10725,10 +10725,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10743,10 +10743,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10761,10 +10761,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10779,10 +10779,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10797,10 +10797,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10815,10 +10815,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10833,10 +10833,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10851,10 +10851,10 @@ sp_2048_get_from_table_16 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -10864,19 +10864,19 @@ sp_2048_get_from_table_16 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 ; END: 8-15 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] add rsp, 128 ret sp_2048_get_from_table_16 ENDP @@ -13169,14 +13169,14 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_2048_get_from_table_32 PROC sub rsp, 128 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 mov rax, 1 movd xmm10, r8 movd xmm11, rax @@ -13193,10 +13193,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13210,10 +13210,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+8] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13227,10 +13227,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+16] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13244,10 +13244,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+24] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13261,10 +13261,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+32] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13278,10 +13278,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+40] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13295,10 +13295,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+48] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13312,10 +13312,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+56] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13329,10 +13329,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+64] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13346,10 +13346,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+72] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13363,10 +13363,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+80] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13380,10 +13380,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+88] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13397,10 +13397,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+96] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13414,10 +13414,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+104] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13431,10 +13431,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+112] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13448,10 +13448,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+120] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13465,10 +13465,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+128] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13482,10 +13482,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+136] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13499,10 +13499,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+144] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13516,10 +13516,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+152] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13533,10 +13533,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+160] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13550,10 +13550,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+168] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13567,10 +13567,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+176] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13584,10 +13584,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+184] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13601,10 +13601,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+192] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13618,10 +13618,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+200] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13635,10 +13635,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+208] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13652,10 +13652,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+216] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13669,10 +13669,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+224] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13686,10 +13686,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+232] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13703,10 +13703,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+240] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13720,10 +13720,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+248] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13737,10 +13737,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+256] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13754,10 +13754,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+264] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13771,10 +13771,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+272] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13788,10 +13788,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+280] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13805,10 +13805,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+288] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13822,10 +13822,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+296] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13839,10 +13839,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+304] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13856,10 +13856,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+312] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13873,10 +13873,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+320] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13890,10 +13890,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+328] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13907,10 +13907,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+336] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13924,10 +13924,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+344] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13941,10 +13941,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+352] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13958,10 +13958,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+360] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13975,10 +13975,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+368] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -13992,10 +13992,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+376] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14009,10 +14009,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+384] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14026,10 +14026,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+392] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14043,10 +14043,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+400] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14060,10 +14060,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+408] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14077,10 +14077,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+416] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14094,10 +14094,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+424] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14111,10 +14111,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+432] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14128,10 +14128,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+440] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14145,10 +14145,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+448] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14162,10 +14162,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+456] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14179,10 +14179,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+464] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14196,10 +14196,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+472] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14213,10 +14213,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+480] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14230,10 +14230,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+488] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14247,10 +14247,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+496] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14264,10 +14264,10 @@ sp_2048_get_from_table_32 PROC mov r9, QWORD PTR [rdx+504] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14277,10 +14277,10 @@ sp_2048_get_from_table_32 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 0-7 ; START: 8-15 @@ -14294,10 +14294,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14312,10 +14312,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14330,10 +14330,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14348,10 +14348,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14366,10 +14366,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14384,10 +14384,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14402,10 +14402,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14420,10 +14420,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14438,10 +14438,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14456,10 +14456,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14474,10 +14474,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14492,10 +14492,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14510,10 +14510,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14528,10 +14528,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14546,10 +14546,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14564,10 +14564,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14582,10 +14582,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14600,10 +14600,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14618,10 +14618,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14636,10 +14636,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14654,10 +14654,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14672,10 +14672,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14690,10 +14690,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14708,10 +14708,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14726,10 +14726,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14744,10 +14744,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14762,10 +14762,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14780,10 +14780,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14798,10 +14798,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14816,10 +14816,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14834,10 +14834,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14852,10 +14852,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14870,10 +14870,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14888,10 +14888,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14906,10 +14906,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14924,10 +14924,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14942,10 +14942,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14960,10 +14960,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14978,10 +14978,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -14996,10 +14996,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15014,10 +15014,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15032,10 +15032,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15050,10 +15050,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15068,10 +15068,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15086,10 +15086,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15104,10 +15104,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15122,10 +15122,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15140,10 +15140,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15158,10 +15158,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15176,10 +15176,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15194,10 +15194,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15212,10 +15212,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15230,10 +15230,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15248,10 +15248,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15266,10 +15266,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15284,10 +15284,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15302,10 +15302,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15320,10 +15320,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15338,10 +15338,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15356,10 +15356,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15374,10 +15374,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15392,10 +15392,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15410,10 +15410,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15428,10 +15428,10 @@ sp_2048_get_from_table_32 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15441,10 +15441,10 @@ sp_2048_get_from_table_32 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 8-15 ; START: 16-23 @@ -15458,10 +15458,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15476,10 +15476,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15494,10 +15494,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15512,10 +15512,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15530,10 +15530,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15548,10 +15548,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15566,10 +15566,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15584,10 +15584,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15602,10 +15602,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15620,10 +15620,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15638,10 +15638,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15656,10 +15656,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15674,10 +15674,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15692,10 +15692,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15710,10 +15710,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15728,10 +15728,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15746,10 +15746,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15764,10 +15764,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15782,10 +15782,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15800,10 +15800,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15818,10 +15818,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15836,10 +15836,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15854,10 +15854,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15872,10 +15872,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15890,10 +15890,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15908,10 +15908,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15926,10 +15926,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15944,10 +15944,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15962,10 +15962,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15980,10 +15980,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -15998,10 +15998,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16016,10 +16016,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16034,10 +16034,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16052,10 +16052,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16070,10 +16070,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16088,10 +16088,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16106,10 +16106,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16124,10 +16124,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16142,10 +16142,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16160,10 +16160,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16178,10 +16178,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16196,10 +16196,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16214,10 +16214,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16232,10 +16232,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16250,10 +16250,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16268,10 +16268,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16286,10 +16286,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16304,10 +16304,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16322,10 +16322,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16340,10 +16340,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16358,10 +16358,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16376,10 +16376,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16394,10 +16394,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16412,10 +16412,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16430,10 +16430,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16448,10 +16448,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16466,10 +16466,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16484,10 +16484,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16502,10 +16502,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16520,10 +16520,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16538,10 +16538,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16556,10 +16556,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16574,10 +16574,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16592,10 +16592,10 @@ sp_2048_get_from_table_32 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16605,10 +16605,10 @@ sp_2048_get_from_table_32 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 16-23 ; START: 24-31 @@ -16622,10 +16622,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16640,10 +16640,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16658,10 +16658,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16676,10 +16676,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16694,10 +16694,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16712,10 +16712,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16730,10 +16730,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16748,10 +16748,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16766,10 +16766,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16784,10 +16784,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16802,10 +16802,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16820,10 +16820,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16838,10 +16838,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16856,10 +16856,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16874,10 +16874,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16892,10 +16892,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16910,10 +16910,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16928,10 +16928,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16946,10 +16946,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16964,10 +16964,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -16982,10 +16982,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17000,10 +17000,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17018,10 +17018,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17036,10 +17036,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17054,10 +17054,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17072,10 +17072,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17090,10 +17090,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17108,10 +17108,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17126,10 +17126,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17144,10 +17144,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17162,10 +17162,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17180,10 +17180,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17198,10 +17198,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17216,10 +17216,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17234,10 +17234,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17252,10 +17252,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17270,10 +17270,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17288,10 +17288,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17306,10 +17306,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17324,10 +17324,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17342,10 +17342,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17360,10 +17360,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17378,10 +17378,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17396,10 +17396,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17414,10 +17414,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17432,10 +17432,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17450,10 +17450,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17468,10 +17468,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17486,10 +17486,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17504,10 +17504,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17522,10 +17522,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17540,10 +17540,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17558,10 +17558,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17576,10 +17576,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17594,10 +17594,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17612,10 +17612,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17630,10 +17630,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17648,10 +17648,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17666,10 +17666,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17684,10 +17684,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17702,10 +17702,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17720,10 +17720,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17738,10 +17738,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17756,10 +17756,10 @@ sp_2048_get_from_table_32 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -17769,19 +17769,19 @@ sp_2048_get_from_table_32 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 ; END: 24-31 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] add rsp, 128 ret sp_2048_get_from_table_32 ENDP @@ -20598,8 +20598,8 @@ _text SEGMENT READONLY PARA sp_2048_lshift_32 PROC push r12 push r13 - mov cl, r8b mov rax, rcx + mov cl, r8b mov r12, 0 mov r13, QWORD PTR [rdx+216] mov r8, QWORD PTR [rdx+224] @@ -31837,14 +31837,14 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_3072_get_from_table_24 PROC sub rsp, 128 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 mov rax, 1 movd xmm10, r8 movd xmm11, rax @@ -31861,10 +31861,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31878,10 +31878,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+8] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31895,10 +31895,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+16] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31912,10 +31912,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+24] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31929,10 +31929,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+32] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31946,10 +31946,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+40] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31963,10 +31963,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+48] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31980,10 +31980,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+56] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -31997,10 +31997,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+64] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32014,10 +32014,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+72] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32031,10 +32031,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+80] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32048,10 +32048,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+88] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32065,10 +32065,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+96] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32082,10 +32082,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+104] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32099,10 +32099,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+112] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32116,10 +32116,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+120] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32133,10 +32133,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+128] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32150,10 +32150,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+136] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32167,10 +32167,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+144] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32184,10 +32184,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+152] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32201,10 +32201,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+160] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32218,10 +32218,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+168] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32235,10 +32235,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+176] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32252,10 +32252,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+184] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32269,10 +32269,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+192] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32286,10 +32286,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+200] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32303,10 +32303,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+208] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32320,10 +32320,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+216] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32337,10 +32337,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+224] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32354,10 +32354,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+232] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32371,10 +32371,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+240] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32388,10 +32388,10 @@ sp_3072_get_from_table_24 PROC mov r9, QWORD PTR [rdx+248] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32401,10 +32401,10 @@ sp_3072_get_from_table_24 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 0-7 ; START: 8-15 @@ -32418,10 +32418,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32436,10 +32436,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32454,10 +32454,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32472,10 +32472,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32490,10 +32490,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32508,10 +32508,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32526,10 +32526,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32544,10 +32544,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32562,10 +32562,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32580,10 +32580,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32598,10 +32598,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32616,10 +32616,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32634,10 +32634,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32652,10 +32652,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32670,10 +32670,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32688,10 +32688,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32706,10 +32706,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32724,10 +32724,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32742,10 +32742,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32760,10 +32760,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32778,10 +32778,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32796,10 +32796,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32814,10 +32814,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32832,10 +32832,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32850,10 +32850,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32868,10 +32868,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32886,10 +32886,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32904,10 +32904,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32922,10 +32922,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32940,10 +32940,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32958,10 +32958,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32976,10 +32976,10 @@ sp_3072_get_from_table_24 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -32989,10 +32989,10 @@ sp_3072_get_from_table_24 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 8-15 ; START: 16-23 @@ -33006,10 +33006,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33024,10 +33024,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33042,10 +33042,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33060,10 +33060,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33078,10 +33078,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33096,10 +33096,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33114,10 +33114,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33132,10 +33132,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33150,10 +33150,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33168,10 +33168,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33186,10 +33186,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33204,10 +33204,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33222,10 +33222,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33240,10 +33240,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33258,10 +33258,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33276,10 +33276,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33294,10 +33294,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33312,10 +33312,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33330,10 +33330,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33348,10 +33348,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33366,10 +33366,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33384,10 +33384,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33402,10 +33402,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33420,10 +33420,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33438,10 +33438,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33456,10 +33456,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33474,10 +33474,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33492,10 +33492,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33510,10 +33510,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33528,10 +33528,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33546,10 +33546,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33564,10 +33564,10 @@ sp_3072_get_from_table_24 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -33577,19 +33577,19 @@ sp_3072_get_from_table_24 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 ; END: 16-23 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] add rsp, 128 ret sp_3072_get_from_table_24 ENDP @@ -36853,14 +36853,14 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_3072_get_from_table_48 PROC sub rsp, 128 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 mov rax, 1 movd xmm10, r8 movd xmm11, rax @@ -36877,10 +36877,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36894,10 +36894,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+8] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36911,10 +36911,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+16] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36928,10 +36928,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+24] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36945,10 +36945,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+32] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36962,10 +36962,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+40] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36979,10 +36979,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+48] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -36996,10 +36996,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+56] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37013,10 +37013,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+64] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37030,10 +37030,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+72] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37047,10 +37047,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+80] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37064,10 +37064,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+88] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37081,10 +37081,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+96] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37098,10 +37098,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+104] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37115,10 +37115,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+112] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37132,10 +37132,10 @@ sp_3072_get_from_table_48 PROC mov r9, QWORD PTR [rdx+120] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37145,10 +37145,10 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 0-7 ; START: 8-15 @@ -37162,10 +37162,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37180,10 +37180,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37198,10 +37198,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37216,10 +37216,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37234,10 +37234,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37252,10 +37252,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37270,10 +37270,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37288,10 +37288,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37306,10 +37306,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37324,10 +37324,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37342,10 +37342,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37360,10 +37360,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37378,10 +37378,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37396,10 +37396,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37414,10 +37414,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37432,10 +37432,10 @@ sp_3072_get_from_table_48 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37445,10 +37445,10 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 8-15 ; START: 16-23 @@ -37462,10 +37462,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37480,10 +37480,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37498,10 +37498,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37516,10 +37516,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37534,10 +37534,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37552,10 +37552,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37570,10 +37570,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37588,10 +37588,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37606,10 +37606,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37624,10 +37624,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37642,10 +37642,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37660,10 +37660,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37678,10 +37678,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37696,10 +37696,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37714,10 +37714,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37732,10 +37732,10 @@ sp_3072_get_from_table_48 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37745,10 +37745,10 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 16-23 ; START: 24-31 @@ -37762,10 +37762,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37780,10 +37780,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37798,10 +37798,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37816,10 +37816,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37834,10 +37834,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37852,10 +37852,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37870,10 +37870,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37888,10 +37888,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37906,10 +37906,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37924,10 +37924,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37942,10 +37942,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37960,10 +37960,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37978,10 +37978,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -37996,10 +37996,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38014,10 +38014,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38032,10 +38032,10 @@ sp_3072_get_from_table_48 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38045,10 +38045,10 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 24-31 ; START: 32-39 @@ -38062,10 +38062,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38080,10 +38080,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38098,10 +38098,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38116,10 +38116,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38134,10 +38134,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38152,10 +38152,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38170,10 +38170,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38188,10 +38188,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38206,10 +38206,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38224,10 +38224,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38242,10 +38242,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38260,10 +38260,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38278,10 +38278,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38296,10 +38296,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38314,10 +38314,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38332,10 +38332,10 @@ sp_3072_get_from_table_48 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38345,10 +38345,10 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 32-39 ; START: 40-47 @@ -38362,10 +38362,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38380,10 +38380,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38398,10 +38398,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38416,10 +38416,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38434,10 +38434,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38452,10 +38452,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38470,10 +38470,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38488,10 +38488,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38506,10 +38506,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38524,10 +38524,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38542,10 +38542,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38560,10 +38560,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38578,10 +38578,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38596,10 +38596,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38614,10 +38614,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38632,10 +38632,10 @@ sp_3072_get_from_table_48 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -38645,19 +38645,19 @@ sp_3072_get_from_table_48 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 ; END: 40-47 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] add rsp, 128 ret sp_3072_get_from_table_48 ENDP @@ -40446,8 +40446,8 @@ _text SEGMENT READONLY PARA sp_3072_lshift_48 PROC push r12 push r13 - mov cl, r8b mov rax, rcx + mov cl, r8b mov r12, 0 mov r13, QWORD PTR [rdx+344] mov r8, QWORD PTR [rdx+352] @@ -49224,14 +49224,14 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_4096_get_from_table_64 PROC sub rsp, 128 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 mov rax, 1 movd xmm10, r8 movd xmm11, rax @@ -49248,10 +49248,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49265,10 +49265,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+8] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49282,10 +49282,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+16] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49299,10 +49299,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+24] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49316,10 +49316,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+32] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49333,10 +49333,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+40] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49350,10 +49350,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+48] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49367,10 +49367,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+56] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49384,10 +49384,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+64] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49401,10 +49401,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+72] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49418,10 +49418,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+80] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49435,10 +49435,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+88] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49452,10 +49452,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+96] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49469,10 +49469,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+104] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49486,10 +49486,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+112] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49503,10 +49503,10 @@ sp_4096_get_from_table_64 PROC mov r9, QWORD PTR [rdx+120] movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49516,10 +49516,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 0-7 ; START: 8-15 @@ -49533,10 +49533,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49551,10 +49551,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49569,10 +49569,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49587,10 +49587,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49605,10 +49605,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49623,10 +49623,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49641,10 +49641,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49659,10 +49659,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49677,10 +49677,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49695,10 +49695,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49713,10 +49713,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49731,10 +49731,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49749,10 +49749,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49767,10 +49767,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49785,10 +49785,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49803,10 +49803,10 @@ sp_4096_get_from_table_64 PROC add r9, 64 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49816,10 +49816,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 8-15 ; START: 16-23 @@ -49833,10 +49833,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49851,10 +49851,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49869,10 +49869,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49887,10 +49887,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49905,10 +49905,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49923,10 +49923,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49941,10 +49941,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49959,10 +49959,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49977,10 +49977,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -49995,10 +49995,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50013,10 +50013,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50031,10 +50031,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50049,10 +50049,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50067,10 +50067,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50085,10 +50085,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50103,10 +50103,10 @@ sp_4096_get_from_table_64 PROC add r9, 128 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50116,10 +50116,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 16-23 ; START: 24-31 @@ -50133,10 +50133,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50151,10 +50151,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50169,10 +50169,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50187,10 +50187,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50205,10 +50205,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50223,10 +50223,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50241,10 +50241,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50259,10 +50259,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50277,10 +50277,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50295,10 +50295,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50313,10 +50313,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50331,10 +50331,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50349,10 +50349,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50367,10 +50367,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50385,10 +50385,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50403,10 +50403,10 @@ sp_4096_get_from_table_64 PROC add r9, 192 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50416,10 +50416,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 24-31 ; START: 32-39 @@ -50433,10 +50433,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50451,10 +50451,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50469,10 +50469,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50487,10 +50487,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50505,10 +50505,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50523,10 +50523,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50541,10 +50541,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50559,10 +50559,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50577,10 +50577,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50595,10 +50595,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50613,10 +50613,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50631,10 +50631,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50649,10 +50649,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50667,10 +50667,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50685,10 +50685,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50703,10 +50703,10 @@ sp_4096_get_from_table_64 PROC add r9, 256 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50716,10 +50716,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 32-39 ; START: 40-47 @@ -50733,10 +50733,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50751,10 +50751,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50769,10 +50769,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50787,10 +50787,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50805,10 +50805,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50823,10 +50823,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50841,10 +50841,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50859,10 +50859,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50877,10 +50877,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50895,10 +50895,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50913,10 +50913,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50931,10 +50931,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50949,10 +50949,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50967,10 +50967,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -50985,10 +50985,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51003,10 +51003,10 @@ sp_4096_get_from_table_64 PROC add r9, 320 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51016,10 +51016,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 40-47 ; START: 48-55 @@ -51033,10 +51033,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51051,10 +51051,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51069,10 +51069,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51087,10 +51087,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51105,10 +51105,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51123,10 +51123,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51141,10 +51141,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51159,10 +51159,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51177,10 +51177,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51195,10 +51195,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51213,10 +51213,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51231,10 +51231,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51249,10 +51249,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51267,10 +51267,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51285,10 +51285,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51303,10 +51303,10 @@ sp_4096_get_from_table_64 PROC add r9, 384 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51316,10 +51316,10 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 add rcx, 64 ; END: 48-55 ; START: 56-63 @@ -51333,10 +51333,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51351,10 +51351,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51369,10 +51369,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51387,10 +51387,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51405,10 +51405,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51423,10 +51423,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51441,10 +51441,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51459,10 +51459,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51477,10 +51477,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51495,10 +51495,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51513,10 +51513,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51531,10 +51531,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51549,10 +51549,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51567,10 +51567,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51585,10 +51585,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51603,10 +51603,10 @@ sp_4096_get_from_table_64 PROC add r9, 448 movdqu xmm12, xmm13 pcmpeqd xmm12, xmm10 - movdqu xmm0, [r9] - movdqu xmm1, [r9+16] - movdqu xmm2, [r9+32] - movdqu xmm3, [r9+48] + movdqu xmm0, OWORD PTR [r9] + movdqu xmm1, OWORD PTR [r9+16] + movdqu xmm2, OWORD PTR [r9+32] + movdqu xmm3, OWORD PTR [r9+48] pand xmm0, xmm12 pand xmm1, xmm12 pand xmm2, xmm12 @@ -51616,19 +51616,19 @@ sp_4096_get_from_table_64 PROC por xmm6, xmm2 por xmm7, xmm3 paddd xmm13, xmm11 - movdqu [rcx], xmm4 - movdqu [rcx+16], xmm5 - movdqu [rcx+32], xmm6 - movdqu [rcx+48], xmm7 + movdqu OWORD PTR [rcx], xmm4 + movdqu OWORD PTR [rcx+16], xmm5 + movdqu OWORD PTR [rcx+32], xmm6 + movdqu OWORD PTR [rcx+48], xmm7 ; END: 56-63 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] add rsp, 128 ret sp_4096_get_from_table_64 ENDP @@ -53973,8 +53973,8 @@ _text SEGMENT READONLY PARA sp_4096_lshift_64 PROC push r12 push r13 - mov cl, r8b mov rax, rcx + mov cl, r8b mov r12, 0 mov r13, QWORD PTR [rdx+472] mov r8, QWORD PTR [rdx+480] @@ -55726,16 +55726,16 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_256_get_point_33_4 PROC sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 mov rax, 1 movd xmm13, r8d add rdx, 200 @@ -55755,12 +55755,12 @@ L_256_get_point_33_4_start_1: movdqa xmm12, xmm14 paddd xmm14, xmm15 pcmpeqd xmm12, xmm13 - movdqu xmm6, [rdx] - movdqu xmm7, [rdx+16] - movdqu xmm8, [rdx+64] - movdqu xmm9, [rdx+80] - movdqu xmm10, [rdx+128] - movdqu xmm11, [rdx+144] + movdqu xmm6, OWORD PTR [rdx] + movdqu xmm7, OWORD PTR [rdx+16] + movdqu xmm8, OWORD PTR [rdx+64] + movdqu xmm9, OWORD PTR [rdx+80] + movdqu xmm10, OWORD PTR [rdx+128] + movdqu xmm11, OWORD PTR [rdx+144] add rdx, 200 pand xmm6, xmm12 pand xmm7, xmm12 @@ -55776,22 +55776,22 @@ L_256_get_point_33_4_start_1: por xmm5, xmm11 dec rax jnz L_256_get_point_33_4_start_1 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+64], xmm2 - movdqu [rcx+80], xmm3 - movdqu [rcx+128], xmm4 - movdqu [rcx+144], xmm5 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+64], xmm2 + movdqu OWORD PTR [rcx+80], xmm3 + movdqu OWORD PTR [rcx+128], xmm4 + movdqu OWORD PTR [rcx+144], xmm5 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 ret sp_256_get_point_33_4 ENDP @@ -56442,12 +56442,12 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_256_get_entry_64_4 PROC sub rsp, 96 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 ; From entry 1 mov rax, 1 movd xmm9, r8d @@ -56466,10 +56466,10 @@ L_256_get_entry_64_4_start_0: movdqa xmm8, xmm10 paddd xmm10, xmm11 pcmpeqd xmm8, xmm9 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] add rdx, 64 pand xmm4, xmm8 pand xmm5, xmm8 @@ -56481,16 +56481,16 @@ L_256_get_entry_64_4_start_0: por xmm3, xmm7 dec rax jnz L_256_get_entry_64_4_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+64], xmm2 - movdqu [rcx+80], xmm3 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+64], xmm2 + movdqu OWORD PTR [rcx+80], xmm3 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] add rsp, 96 ret sp_256_get_entry_64_4 ENDP @@ -56550,12 +56550,12 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_256_get_entry_65_4 PROC sub rsp, 96 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 ; From entry 1 mov rax, 1 movd xmm9, r8d @@ -56574,10 +56574,10 @@ L_256_get_entry_65_4_start_0: movdqa xmm8, xmm10 paddd xmm10, xmm11 pcmpeqd xmm8, xmm9 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] add rdx, 64 pand xmm4, xmm8 pand xmm5, xmm8 @@ -56589,16 +56589,16 @@ L_256_get_entry_65_4_start_0: por xmm3, xmm7 dec rax jnz L_256_get_entry_65_4_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+64], xmm2 - movdqu [rcx+80], xmm3 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+64], xmm2 + movdqu OWORD PTR [rcx+80], xmm3 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] add rsp, 96 ret sp_256_get_entry_65_4 ENDP @@ -57715,22 +57715,22 @@ sp_256_mod_inv_avx2_4 PROC mov r13, QWORD PTR [rdx+8] mov r14, QWORD PTR [rdx+16] mov r15, QWORD PTR [rdx+24] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_order + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_order] vmovupd ymm6, YMMWORD PTR [rbx] vmovupd ymm7, YMMWORD PTR [rbx+32] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_one + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_one] vmovupd ymm8, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_mask01111 + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_mask01111] vmovupd ymm9, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_all_one + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_all_one] vmovupd ymm10, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_down_one_dword + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_down_one_dword] vmovupd ymm11, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_neg + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_neg] vmovupd ymm12, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_up_one_dword + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_up_one_dword] vmovupd ymm13, YMMWORD PTR [rbx] - mov rbx, ptr_L_sp256_mod_inv_avx2_4_mask26 + mov rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_mask26] vmovupd ymm14, YMMWORD PTR [rbx] vpxor xmm0, xmm0, xmm0 vpxor xmm1, xmm1, xmm1 @@ -59734,16 +59734,16 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_384_get_point_33_6 PROC sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 mov rax, 1 movd xmm13, r8d add rdx, 296 @@ -59763,12 +59763,12 @@ L_384_get_point_33_6_start_1: movdqa xmm12, xmm14 paddd xmm14, xmm15 pcmpeqd xmm12, xmm13 - movdqu xmm6, [rdx] - movdqu xmm7, [rdx+16] - movdqu xmm8, [rdx+32] - movdqu xmm9, [rdx+96] - movdqu xmm10, [rdx+112] - movdqu xmm11, [rdx+128] + movdqu xmm6, OWORD PTR [rdx] + movdqu xmm7, OWORD PTR [rdx+16] + movdqu xmm8, OWORD PTR [rdx+32] + movdqu xmm9, OWORD PTR [rdx+96] + movdqu xmm10, OWORD PTR [rdx+112] + movdqu xmm11, OWORD PTR [rdx+128] add rdx, 296 pand xmm6, xmm12 pand xmm7, xmm12 @@ -59784,12 +59784,12 @@ L_384_get_point_33_6_start_1: por xmm5, xmm11 dec rax jnz L_384_get_point_33_6_start_1 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+96], xmm3 - movdqu [rcx+112], xmm4 - movdqu [rcx+128], xmm5 + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+96], xmm3 + movdqu OWORD PTR [rcx+112], xmm4 + movdqu OWORD PTR [rcx+128], xmm5 mov rax, 1 movd xmm13, r8d sub rdx, 9472 @@ -59806,9 +59806,9 @@ L_384_get_point_33_6_start_2: movdqa xmm12, xmm14 paddd xmm14, xmm15 pcmpeqd xmm12, xmm13 - movdqu xmm6, [rdx+192] - movdqu xmm7, [rdx+208] - movdqu xmm8, [rdx+224] + movdqu xmm6, OWORD PTR [rdx+192] + movdqu xmm7, OWORD PTR [rdx+208] + movdqu xmm8, OWORD PTR [rdx+224] add rdx, 296 pand xmm6, xmm12 pand xmm7, xmm12 @@ -59818,19 +59818,19 @@ L_384_get_point_33_6_start_2: por xmm2, xmm8 dec rax jnz L_384_get_point_33_6_start_2 - movdqu [rcx+192], xmm0 - movdqu [rcx+208], xmm1 - movdqu [rcx+224], xmm2 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu OWORD PTR [rcx+192], xmm0 + movdqu OWORD PTR [rcx+208], xmm1 + movdqu OWORD PTR [rcx+224], xmm2 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 ret sp_384_get_point_33_6 ENDP @@ -60368,16 +60368,16 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_384_get_entry_64_6 PROC sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 ; From entry 1 mov rax, 1 movd xmm13, r8d @@ -60398,12 +60398,12 @@ L_384_get_entry_64_6_start_0: movdqa xmm12, xmm14 paddd xmm14, xmm15 pcmpeqd xmm12, xmm13 - movdqu xmm6, [rdx] - movdqu xmm7, [rdx+16] - movdqu xmm8, [rdx+32] - movdqu xmm9, [rdx+48] - movdqu xmm10, [rdx+64] - movdqu xmm11, [rdx+80] + movdqu xmm6, OWORD PTR [rdx] + movdqu xmm7, OWORD PTR [rdx+16] + movdqu xmm8, OWORD PTR [rdx+32] + movdqu xmm9, OWORD PTR [rdx+48] + movdqu xmm10, OWORD PTR [rdx+64] + movdqu xmm11, OWORD PTR [rdx+80] add rdx, 96 pand xmm6, xmm12 pand xmm7, xmm12 @@ -60419,22 +60419,22 @@ L_384_get_entry_64_6_start_0: por xmm5, xmm11 dec rax jnz L_384_get_entry_64_6_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+96], xmm3 - movdqu [rcx+112], xmm4 - movdqu [rcx+128], xmm5 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+96], xmm3 + movdqu OWORD PTR [rcx+112], xmm4 + movdqu OWORD PTR [rcx+128], xmm5 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 ret sp_384_get_entry_64_6 ENDP @@ -60512,16 +60512,16 @@ IFNDEF WC_NO_CACHE_RESISTANT _text SEGMENT READONLY PARA sp_384_get_entry_65_6 PROC sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 ; From entry 1 mov rax, 1 movd xmm13, r8d @@ -60542,12 +60542,12 @@ L_384_get_entry_65_6_start_0: movdqa xmm12, xmm14 paddd xmm14, xmm15 pcmpeqd xmm12, xmm13 - movdqu xmm6, [rdx] - movdqu xmm7, [rdx+16] - movdqu xmm8, [rdx+32] - movdqu xmm9, [rdx+48] - movdqu xmm10, [rdx+64] - movdqu xmm11, [rdx+80] + movdqu xmm6, OWORD PTR [rdx] + movdqu xmm7, OWORD PTR [rdx+16] + movdqu xmm8, OWORD PTR [rdx+32] + movdqu xmm9, OWORD PTR [rdx+48] + movdqu xmm10, OWORD PTR [rdx+64] + movdqu xmm11, OWORD PTR [rdx+80] add rdx, 96 pand xmm6, xmm12 pand xmm7, xmm12 @@ -60563,22 +60563,22 @@ L_384_get_entry_65_6_start_0: por xmm5, xmm11 dec rax jnz L_384_get_entry_65_6_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+96], xmm3 - movdqu [rcx+112], xmm4 - movdqu [rcx+128], xmm5 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+96], xmm3 + movdqu OWORD PTR [rcx+112], xmm4 + movdqu OWORD PTR [rcx+128], xmm5 + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 ret sp_384_get_entry_65_6 ENDP @@ -65054,16 +65054,16 @@ sp_521_get_point_33_9 PROC push r13 push r14 sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 mov r14, 1 mov rax, 1 movd xmm13, r8d @@ -65091,13 +65091,13 @@ L_521_get_point_33_9_start_1: sete r9b neg r9 inc r14 - movdqu xmm6, [rdx] - movdqu xmm7, [rdx+16] - movdqu xmm8, [rdx+32] - movdqu xmm9, [rdx+48] + movdqu xmm6, OWORD PTR [rdx] + movdqu xmm7, OWORD PTR [rdx+16] + movdqu xmm8, OWORD PTR [rdx+32] + movdqu xmm9, OWORD PTR [rdx+48] mov r10, QWORD PTR [rdx+64] - movdqu xmm10, [rdx+144] - movdqu xmm11, [rdx+160] + movdqu xmm10, OWORD PTR [rdx+144] + movdqu xmm11, OWORD PTR [rdx+160] add rdx, 440 pand xmm6, xmm12 pand xmm7, xmm12 @@ -65115,13 +65115,13 @@ L_521_get_point_33_9_start_1: or r12, r10 dec rax jnz L_521_get_point_33_9_start_1 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+48], xmm3 + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+48], xmm3 mov QWORD PTR [rcx+64], r12 - movdqu [rcx+144], xmm4 - movdqu [rcx+160], xmm5 + movdqu OWORD PTR [rcx+144], xmm4 + movdqu OWORD PTR [rcx+160], xmm5 mov r14, 1 mov rax, 1 movd xmm13, r8d @@ -65149,13 +65149,13 @@ L_521_get_point_33_9_start_2: sete r9b neg r9 inc r14 - movdqu xmm6, [rdx+176] - movdqu xmm7, [rdx+192] + movdqu xmm6, OWORD PTR [rdx+176] + movdqu xmm7, OWORD PTR [rdx+192] mov r10, QWORD PTR [rdx+208] - movdqu xmm8, [rdx+288] - movdqu xmm9, [rdx+304] - movdqu xmm10, [rdx+320] - movdqu xmm11, [rdx+336] + movdqu xmm8, OWORD PTR [rdx+288] + movdqu xmm9, OWORD PTR [rdx+304] + movdqu xmm10, OWORD PTR [rdx+320] + movdqu xmm11, OWORD PTR [rdx+336] mov r11, QWORD PTR [rdx+352] add rdx, 440 pand xmm6, xmm12 @@ -65176,24 +65176,24 @@ L_521_get_point_33_9_start_2: or r13, r11 dec rax jnz L_521_get_point_33_9_start_2 - movdqu [rcx+176], xmm0 - movdqu [rcx+192], xmm1 + movdqu OWORD PTR [rcx+176], xmm0 + movdqu OWORD PTR [rcx+192], xmm1 mov QWORD PTR [rcx+208], r12 - movdqu [rcx+288], xmm2 - movdqu [rcx+304], xmm3 - movdqu [rcx+320], xmm4 - movdqu [rcx+336], xmm5 + movdqu OWORD PTR [rcx+288], xmm2 + movdqu OWORD PTR [rcx+304], xmm3 + movdqu OWORD PTR [rcx+320], xmm4 + movdqu OWORD PTR [rcx+336], xmm5 mov QWORD PTR [rcx+352], r13 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 pop r14 pop r13 @@ -66817,16 +66817,16 @@ _text SEGMENT READONLY PARA sp_521_get_entry_64_9 PROC push r12 sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 ; From entry 1 mov r12, 1 mov rax, 1 @@ -66852,10 +66852,10 @@ L_521_get_entry_64_9_start_0: sete r9b neg r9 inc r12 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] mov r10, QWORD PTR [rdx+64] add rdx, 144 pand xmm4, xmm12 @@ -66870,10 +66870,10 @@ L_521_get_entry_64_9_start_0: or r11, r10 dec rax jnz L_521_get_entry_64_9_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+48], xmm3 + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+48], xmm3 mov QWORD PTR [rcx+64], r11 ; From entry 1 mov r12, 1 @@ -66900,10 +66900,10 @@ L_521_get_entry_64_9_start_1: sete r9b neg r9 inc r12 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] mov r10, QWORD PTR [rdx+64] add rdx, 144 pand xmm4, xmm12 @@ -66918,21 +66918,21 @@ L_521_get_entry_64_9_start_1: or r11, r10 dec rax jnz L_521_get_entry_64_9_start_1 - movdqu [rcx+144], xmm0 - movdqu [rcx+160], xmm1 - movdqu [rcx+176], xmm2 - movdqu [rcx+192], xmm3 + movdqu OWORD PTR [rcx+144], xmm0 + movdqu OWORD PTR [rcx+160], xmm1 + movdqu OWORD PTR [rcx+176], xmm2 + movdqu OWORD PTR [rcx+192], xmm3 mov QWORD PTR [rcx+208], r11 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 pop r12 ret @@ -67034,16 +67034,16 @@ _text SEGMENT READONLY PARA sp_521_get_entry_65_9 PROC push r12 sub rsp, 160 - vmovdqu OWORD PTR [rsp], xmm6 - vmovdqu OWORD PTR [rsp+16], xmm7 - vmovdqu OWORD PTR [rsp+32], xmm8 - vmovdqu OWORD PTR [rsp+48], xmm9 - vmovdqu OWORD PTR [rsp+64], xmm10 - vmovdqu OWORD PTR [rsp+80], xmm11 - vmovdqu OWORD PTR [rsp+96], xmm12 - vmovdqu OWORD PTR [rsp+112], xmm13 - vmovdqu OWORD PTR [rsp+128], xmm14 - vmovdqu OWORD PTR [rsp+144], xmm15 + movdqu OWORD PTR [rsp], xmm6 + movdqu OWORD PTR [rsp+16], xmm7 + movdqu OWORD PTR [rsp+32], xmm8 + movdqu OWORD PTR [rsp+48], xmm9 + movdqu OWORD PTR [rsp+64], xmm10 + movdqu OWORD PTR [rsp+80], xmm11 + movdqu OWORD PTR [rsp+96], xmm12 + movdqu OWORD PTR [rsp+112], xmm13 + movdqu OWORD PTR [rsp+128], xmm14 + movdqu OWORD PTR [rsp+144], xmm15 ; From entry 1 mov r12, 1 mov rax, 1 @@ -67069,10 +67069,10 @@ L_521_get_entry_65_9_start_0: sete r9b neg r9 inc r12 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] mov r10, QWORD PTR [rdx+64] add rdx, 144 pand xmm4, xmm12 @@ -67087,10 +67087,10 @@ L_521_get_entry_65_9_start_0: or r11, r10 dec rax jnz L_521_get_entry_65_9_start_0 - movdqu [rcx], xmm0 - movdqu [rcx+16], xmm1 - movdqu [rcx+32], xmm2 - movdqu [rcx+48], xmm3 + movdqu OWORD PTR [rcx], xmm0 + movdqu OWORD PTR [rcx+16], xmm1 + movdqu OWORD PTR [rcx+32], xmm2 + movdqu OWORD PTR [rcx+48], xmm3 mov QWORD PTR [rcx+64], r11 ; From entry 1 mov r12, 1 @@ -67117,10 +67117,10 @@ L_521_get_entry_65_9_start_1: sete r9b neg r9 inc r12 - movdqu xmm4, [rdx] - movdqu xmm5, [rdx+16] - movdqu xmm6, [rdx+32] - movdqu xmm7, [rdx+48] + movdqu xmm4, OWORD PTR [rdx] + movdqu xmm5, OWORD PTR [rdx+16] + movdqu xmm6, OWORD PTR [rdx+32] + movdqu xmm7, OWORD PTR [rdx+48] mov r10, QWORD PTR [rdx+64] add rdx, 144 pand xmm4, xmm12 @@ -67135,21 +67135,21 @@ L_521_get_entry_65_9_start_1: or r11, r10 dec rax jnz L_521_get_entry_65_9_start_1 - movdqu [rcx+144], xmm0 - movdqu [rcx+160], xmm1 - movdqu [rcx+176], xmm2 - movdqu [rcx+192], xmm3 + movdqu OWORD PTR [rcx+144], xmm0 + movdqu OWORD PTR [rcx+160], xmm1 + movdqu OWORD PTR [rcx+176], xmm2 + movdqu OWORD PTR [rcx+192], xmm3 mov QWORD PTR [rcx+208], r11 - vmovdqu xmm6, OWORD PTR [rsp] - vmovdqu xmm7, OWORD PTR [rsp+16] - vmovdqu xmm8, OWORD PTR [rsp+32] - vmovdqu xmm9, OWORD PTR [rsp+48] - vmovdqu xmm10, OWORD PTR [rsp+64] - vmovdqu xmm11, OWORD PTR [rsp+80] - vmovdqu xmm12, OWORD PTR [rsp+96] - vmovdqu xmm13, OWORD PTR [rsp+112] - vmovdqu xmm14, OWORD PTR [rsp+128] - vmovdqu xmm15, OWORD PTR [rsp+144] + movdqu xmm6, OWORD PTR [rsp] + movdqu xmm7, OWORD PTR [rsp+16] + movdqu xmm8, OWORD PTR [rsp+32] + movdqu xmm9, OWORD PTR [rsp+48] + movdqu xmm10, OWORD PTR [rsp+64] + movdqu xmm11, OWORD PTR [rsp+80] + movdqu xmm12, OWORD PTR [rsp+96] + movdqu xmm13, OWORD PTR [rsp+112] + movdqu xmm14, OWORD PTR [rsp+128] + movdqu xmm15, OWORD PTR [rsp+144] add rsp, 160 pop r12 ret @@ -67504,8 +67504,8 @@ ENDIF _text SEGMENT READONLY PARA sp_521_rshift_9 PROC push r12 - mov rcx, r8 mov rax, rcx + mov rcx, r8 mov r8, QWORD PTR [rdx] mov r9, QWORD PTR [rdx+8] mov r10, QWORD PTR [rdx+16] @@ -67547,8 +67547,8 @@ _text SEGMENT READONLY PARA sp_521_lshift_9 PROC push r12 push r13 - mov cl, r8b mov rax, rcx + mov cl, r8b mov r12, 0 mov r13, QWORD PTR [rdx+32] mov r8, QWORD PTR [rdx+40] @@ -67594,8 +67594,8 @@ _text SEGMENT READONLY PARA sp_521_lshift_18 PROC push r12 push r13 - mov cl, r8b mov rax, rcx + mov cl, r8b mov r12, 0 mov r13, QWORD PTR [rdx+104] mov r8, QWORD PTR [rdx+112] diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c index 6556fdb5dc..5fc054d882 100644 --- a/wolfcrypt/src/sphincs.c +++ b/wolfcrypt/src/sphincs.c @@ -1,6 +1,6 @@ /* sphincs.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -431,7 +431,8 @@ static int parse_private_key(const byte* priv, word32 privSz, /* At this point, it is still a PKCS8 private key. */ if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) { - return ret; + /* ignore error, did not have PKCS8 header */ + (void)ret; } /* Now it is a octet_string(concat(priv,pub)) */ diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index e32c35313f..717a93822e 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -1,6 +1,6 @@ /* srp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -903,32 +903,30 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, } #ifdef WOLFSSL_SMALL_STACK - if (hash) - XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP); - if (digest) - XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP); + XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP); + XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP); if (u) { - if (r != MP_INIT_E) + if (r != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(u); XFREE(u, srp->heap, DYNAMIC_TYPE_SRP); } if (s) { - if (r != MP_INIT_E) + if (r != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(s); XFREE(s, srp->heap, DYNAMIC_TYPE_SRP); } if (temp1) { - if (r != MP_INIT_E) + if (r != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(temp1); XFREE(temp1, srp->heap, DYNAMIC_TYPE_SRP); } if (temp2) { - if (r != MP_INIT_E) + if (r != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(temp2); XFREE(temp2, srp->heap, DYNAMIC_TYPE_SRP); } #else - if (r != MP_INIT_E) { + if (r != WC_NO_ERR_TRACE(MP_INIT_E)) { mp_clear(u); mp_clear(s); mp_clear(temp1); diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 07cd1fedc1..ccf15a5f43 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/wc_dsp.c b/wolfcrypt/src/wc_dsp.c index c31c62b15c..c6c76c28c1 100644 --- a/wolfcrypt/src/wc_dsp.c +++ b/wolfcrypt/src/wc_dsp.c @@ -1,6 +1,6 @@ /* wc_dsp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 506ac11e0d..9393a6974c 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -1,6 +1,6 @@ /* wc_encrypt.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -244,7 +244,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, const byte* password, int passwordSz, int hashType) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SMALL_STACK byte* key = NULL; #else @@ -318,7 +318,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, const byte* password, int passwordSz, int hashType) { - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifdef WOLFSSL_SMALL_STACK byte* key = NULL; #else @@ -545,9 +545,15 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, iterations, (int)derivedLen, typeH, 1); + if (ret < 0) + break; if (id != PBE_SHA1_RC4_128) { - ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, + i = ret; + ret = wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); + if (ret < 0) + break; + ret += i; } break; } @@ -658,15 +664,21 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, AES_ENCRYPTION); } else { + #ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(aes, key, derivedLen, cbcIv, AES_DECRYPTION); + #else + ret = NOT_COMPILED_IN; + #endif } } if (ret == 0) { if (enc) ret = wc_AesCbcEncrypt(aes, input, input, (word32)length); + #ifdef HAVE_AES_DECRYPT else ret = wc_AesCbcDecrypt(aes, input, input, (word32)length); + #endif } if (free_aes) wc_AesFree(aes); diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c index 5493c9e617..a32d0916b5 100644 --- a/wolfcrypt/src/wc_kyber.c +++ b/wolfcrypt/src/wc_kyber.c @@ -59,6 +59,11 @@ /******************************************************************************/ +/* Declare variable to make compiler not optimize code in kyber_from_msg(). */ +volatile sword16 kyber_opt_blocker = 0; + +/******************************************************************************/ + /** * Initialize the Kyber key. * @@ -281,7 +286,9 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, } /* Free dynamic memory allocated in function. */ - XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (key != NULL) { + XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } @@ -528,7 +535,9 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, byte msg[2 * KYBER_SYM_SZ]; byte kr[2 * KYBER_SYM_SZ + 1]; int ret = 0; +#ifndef WOLFSSL_ML_KEM unsigned int ctSz = 0; +#endif /* Validate parameters. */ if ((key == NULL) || (ct == NULL) || (ss == NULL) || (rand == NULL)) { @@ -538,6 +547,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, ret = BUFFER_E; } +#ifndef WOLFSSL_ML_KEM if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { @@ -562,6 +572,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, break; } } +#endif /* If public hash (h) is not stored against key, calculate it. */ if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) { @@ -591,8 +602,12 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, } if (ret == 0) { +#ifndef WOLFSSL_ML_KEM /* Hash random to anonymize as seed data. */ ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg); +#else + XMEMCPY(msg, rand, KYBER_SYM_SZ); +#endif } if (ret == 0) { /* Copy the hash of the public key into msg. */ @@ -607,6 +622,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); } +#ifndef WOLFSSL_ML_KEM if (ret == 0) { /* Hash the cipher text after the seed. */ ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ); @@ -615,6 +631,11 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, /* Derive the secret from the seed and hash of cipher text. */ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); } +#else + if (ret == 0) { + XMEMCPY(ss, kr, KYBER_SS_SZ); + } +#endif return ret; } @@ -720,6 +741,39 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, return ret; } +#ifdef WOLFSSL_ML_KEM +/* Derive the secret from z and cipher text. + * + * @param [in] z Implicit rejection value. + * @param [in] ct Cipher text. + * @param [in] ctSz Length of cipher text in bytes. + * @param [out] ss Shared secret. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation failed. + * @return Other negative when a hash error occurred. + */ +static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz, + byte* ss) +{ + int ret; + wc_Shake shake; + + ret = wc_InitShake256(&shake, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_Shake256_Update(&shake, z, KYBER_SYM_SZ); + if (ret == 0) { + ret = wc_Shake256_Update(&shake, ct, ctSz); + } + if (ret == 0) { + ret = wc_Shake256_Final(&shake, ss, KYBER_SS_SZ); + } + wc_Shake256_Free(&shake); + } + + return ret; +} +#endif + /** * Decapsulate the cipher text to calculate the shared secret. * @@ -813,6 +867,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, /* Compare generated cipher text with that passed in. */ fail = kyber_cmp(ct, cmp, ctSz); +#ifndef WOLFSSL_ML_KEM /* Hash the cipher text after the seed. */ ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ); } @@ -824,11 +879,22 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, /* Derive the secret from the seed and hash of cipher text. */ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); +#else + ret = kyber_derive_secret(key->z, ct, ctSz, msg); + } + if (ret == 0) { + /* Change seed to z on comparison failure. */ + for (i = 0; i < KYBER_SYM_SZ; i++) { + ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); + } +#endif } #ifndef USE_INTEL_SPEEDUP /* Dispose of dynamic memory allocated in function. */ - XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (key != NULL) { + XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #endif return ret; @@ -849,13 +915,14 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, * @return NOT_COMPILED_IN when key type is not supported. * @return BUFFER_E when len is not the correct size. */ -int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len) +int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + word32 len) { int ret = 0; word32 privLen = 0; word32 pubLen = 0; unsigned int k = 0; - unsigned char* p = in; + const unsigned char* p = in; /* Validate parameters. */ if ((key == NULL) || (in == NULL)) { @@ -933,12 +1000,13 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len) * @return NOT_COMPILED_IN when key type is not supported. * @return BUFFER_E when len is not the correct size. */ -int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len) +int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + word32 len) { int ret = 0; word32 pubLen = 0; unsigned int k = 0; - unsigned char* p = in; + const unsigned char* p = in; if ((key == NULL) || (in == NULL)) { ret = BAD_FUNC_ARG; diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index a95d812db8..aed437c29f 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -28,12 +28,44 @@ * polynomials. */ +/* Possible Kyber options: + * + * WOLFSSL_WC_KYBER Default: OFF + * Enables this code, wolfSSL implementation, to be built. + * + * WOLFSSL_KYBER512 Default: OFF + * Enables the KYBER512 parameter implementations. + * WOLFSSL_KYBER768 Default: OFF + * Enables the KYBER768 parameter implementations. + * WOLFSSL_KYBER1024 Default: OFF + * Enables the KYBER1024 parameter implementations. + * + * USE_INTEL_SPEEDUP Default: OFF + * Compiles in Intel x64 specific implementations that are faster. + * WOLFSSL_KYBER_NO_LARGE_CODE Default: OFF + * Compiles smaller, fast code size with a speed trade-off. + * WOLFSSL_KYBER_SMALL Default: OFF + * Compiles to small code size with a speed trade-off. + * WOLFSSL_SMALL_STACK Default: OFF + * Use less stack by dynamically allocating local variables. + * + * WOLFSSL_KYBER_NTT_UNROLL Defualt: OFF + * Enable an alternative NTT implementation that may be faster on some + * platforms and is smaller in code size. + * WOLFSSL_KYBER_INVNTT_UNROLL Default: OFF + * Enables an alternative inverse NTT implementation that may be faster on + * some platforms and is smaller in code size. + */ + #include #include #include #ifdef WOLFSSL_WC_KYBER +/* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */ +extern volatile sword16 kyber_opt_blocker; + #ifdef USE_INTEL_SPEEDUP static word32 cpuid_flags = 0; #endif @@ -161,7 +193,7 @@ static void kyber_ntt(sword16* r) for (j = 0; j < KYBER_N; ++j) { r[j] = KYBER_BARRETT_RED(r[j]); } -#else +#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) unsigned int len; unsigned int k = 1; unsigned int j; @@ -192,6 +224,256 @@ static void kyber_ntt(sword16* r) for (j = 0; j < KYBER_N; ++j) { r[j] = KYBER_BARRETT_RED(r[j]); } +#elif defined(WOLFSSL_KYBER_NTT_UNROLL) + unsigned int k = 1; + unsigned int j; + unsigned int start; + sword16 zeta = zetas[k++]; + + for (j = 0; j < KYBER_N / 2; ++j) { + sword32 p = (sword32)zeta * r[j + KYBER_N / 2]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[j]; + r[j + KYBER_N / 2] = rj - t; + r[j] = rj + t; + } + for (start = 0; start < KYBER_N; start += 2 * 64) { + zeta = zetas[k++]; + for (j = 0; j < 64; ++j) { + sword32 p = (sword32)zeta * r[start + j + 64]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 64] = rj - t; + r[start + j] = rj + t; + } + } + for (start = 0; start < KYBER_N; start += 2 * 32) { + zeta = zetas[k++]; + for (j = 0; j < 32; ++j) { + sword32 p = (sword32)zeta * r[start + j + 32]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 32] = rj - t; + r[start + j] = rj + t; + } + } + for (start = 0; start < KYBER_N; start += 2 * 16) { + zeta = zetas[k++]; + for (j = 0; j < 16; ++j) { + sword32 p = (sword32)zeta * r[start + j + 16]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 16] = rj - t; + r[start + j] = rj + t; + } + } + for (start = 0; start < KYBER_N; start += 2 * 8) { + zeta = zetas[k++]; + for (j = 0; j < 8; ++j) { + sword32 p = (sword32)zeta * r[start + j + 8]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 8] = rj - t; + r[start + j] = rj + t; + } + } + for (start = 0; start < KYBER_N; start += 2 * 4) { + zeta = zetas[k++]; + for (j = 0; j < 4; ++j) { + sword32 p = (sword32)zeta * r[start + j + 4]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 4] = rj - t; + r[start + j] = rj + t; + } + } + for (start = 0; start < KYBER_N; start += 2 * 2) { + zeta = zetas[k++]; + for (j = 0; j < 2; ++j) { + sword32 p = (sword32)zeta * r[start + j + 2]; + sword16 t = KYBER_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 2] = rj - t; + r[start + j] = rj + t; + } + } + /* Reduce coefficients with quick algorithm. */ + for (j = 0; j < KYBER_N; ++j) { + r[j] = KYBER_BARRETT_RED(r[j]); + } +#else + unsigned int j; + sword16 t0; + sword16 t1; + sword16 t2; + sword16 t3; + + sword16 zeta128 = zetas[1]; + sword16 zeta64_0 = zetas[2]; + sword16 zeta64_1 = zetas[3]; + for (j = 0; j < KYBER_N / 8; j++) { + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 32]; + sword16 r2 = r[j + 64]; + sword16 r3 = r[j + 96]; + sword16 r4 = r[j + 128]; + sword16 r5 = r[j + 160]; + sword16 r6 = r[j + 192]; + sword16 r7 = r[j + 224]; + + t0 = KYBER_MONT_RED((sword32)zeta128 * r4); + t1 = KYBER_MONT_RED((sword32)zeta128 * r5); + t2 = KYBER_MONT_RED((sword32)zeta128 * r6); + t3 = KYBER_MONT_RED((sword32)zeta128 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = KYBER_MONT_RED((sword32)zeta64_0 * r2); + t1 = KYBER_MONT_RED((sword32)zeta64_0 * r3); + t2 = KYBER_MONT_RED((sword32)zeta64_1 * r6); + t3 = KYBER_MONT_RED((sword32)zeta64_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } + + for (j = 0; j < KYBER_N; j += 64) { + int i; + sword16 zeta32 = zetas[ 4 + j / 64 + 0]; + sword16 zeta16_0 = zetas[ 8 + j / 32 + 0]; + sword16 zeta16_1 = zetas[ 8 + j / 32 + 1]; + sword16 zeta8_0 = zetas[16 + j / 16 + 0]; + sword16 zeta8_1 = zetas[16 + j / 16 + 1]; + sword16 zeta8_2 = zetas[16 + j / 16 + 2]; + sword16 zeta8_3 = zetas[16 + j / 16 + 3]; + for (i = 0; i < 8; i++) { + sword16 r0 = r[j + i + 0]; + sword16 r1 = r[j + i + 8]; + sword16 r2 = r[j + i + 16]; + sword16 r3 = r[j + i + 24]; + sword16 r4 = r[j + i + 32]; + sword16 r5 = r[j + i + 40]; + sword16 r6 = r[j + i + 48]; + sword16 r7 = r[j + i + 56]; + + t0 = KYBER_MONT_RED((sword32)zeta32 * r4); + t1 = KYBER_MONT_RED((sword32)zeta32 * r5); + t2 = KYBER_MONT_RED((sword32)zeta32 * r6); + t3 = KYBER_MONT_RED((sword32)zeta32 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = KYBER_MONT_RED((sword32)zeta16_0 * r2); + t1 = KYBER_MONT_RED((sword32)zeta16_0 * r3); + t2 = KYBER_MONT_RED((sword32)zeta16_1 * r6); + t3 = KYBER_MONT_RED((sword32)zeta16_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = KYBER_MONT_RED((sword32)zeta8_0 * r1); + t1 = KYBER_MONT_RED((sword32)zeta8_1 * r3); + t2 = KYBER_MONT_RED((sword32)zeta8_2 * r5); + t3 = KYBER_MONT_RED((sword32)zeta8_3 * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + for (j = 0; j < KYBER_N; j += 8) { + sword16 zeta4 = zetas[32 + j / 8 + 0]; + sword16 zeta2_0 = zetas[64 + j / 4 + 0]; + sword16 zeta2_1 = zetas[64 + j / 4 + 1]; + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 1]; + sword16 r2 = r[j + 2]; + sword16 r3 = r[j + 3]; + sword16 r4 = r[j + 4]; + sword16 r5 = r[j + 5]; + sword16 r6 = r[j + 6]; + sword16 r7 = r[j + 7]; + + t0 = KYBER_MONT_RED((sword32)zeta4 * r4); + t1 = KYBER_MONT_RED((sword32)zeta4 * r5); + t2 = KYBER_MONT_RED((sword32)zeta4 * r6); + t3 = KYBER_MONT_RED((sword32)zeta4 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = KYBER_MONT_RED((sword32)zeta2_0 * r2); + t1 = KYBER_MONT_RED((sword32)zeta2_0 * r3); + t2 = KYBER_MONT_RED((sword32)zeta2_1 * r6); + t3 = KYBER_MONT_RED((sword32)zeta2_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = KYBER_BARRETT_RED(r0); + r[j + 1] = KYBER_BARRETT_RED(r1); + r[j + 2] = KYBER_BARRETT_RED(r2); + r[j + 3] = KYBER_BARRETT_RED(r3); + r[j + 4] = KYBER_BARRETT_RED(r4); + r[j + 5] = KYBER_BARRETT_RED(r5); + r[j + 6] = KYBER_BARRETT_RED(r6); + r[j + 7] = KYBER_BARRETT_RED(r7); + } #endif } @@ -230,7 +512,49 @@ static void kyber_invntt(sword16* r) sword32 p = (sword32)zeta * r[j]; r[j] = KYBER_MONT_RED(p); } -#else +#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int len; + unsigned int k; + unsigned int j; + sword16 zeta; + sword16 zeta2; + + k = 0; + for (len = 2; len <= KYBER_N / 4; len <<= 1) { + unsigned int start; + for (start = 0; start < KYBER_N; start = j + len) { + zeta = zetas_inv[k++]; + for (j = start; j < start + len; ++j) { + sword32 p; + sword16 rj = r[j]; + sword16 rjl = r[j + len]; + sword16 t = rj + rjl; + r[j] = KYBER_BARRETT_RED(t); + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j + len] = KYBER_MONT_RED(p); + } + } + } + + zeta = zetas_inv[126]; + zeta2 = zetas_inv[127]; + for (j = 0; j < KYBER_N / 2; ++j) { + sword32 p; + sword16 rj = r[j]; + sword16 rjl = r[j + KYBER_N / 2]; + sword16 t = rj + rjl; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j] = t; + r[j + KYBER_N / 2] = KYBER_MONT_RED(p); + + p = (sword32)zeta2 * r[j]; + r[j] = KYBER_MONT_RED(p); + p = (sword32)zeta2 * r[j + KYBER_N / 2]; + r[j + KYBER_N / 2] = KYBER_MONT_RED(p); + } +#elif defined(WOLFSSL_KYBER_INVNTT_UNROLL) unsigned int k; unsigned int j; unsigned int start; @@ -335,6 +659,230 @@ static void kyber_invntt(sword16* r) p = (sword32)zeta2 * r[j + KYBER_N / 2]; r[j + KYBER_N / 2] = KYBER_MONT_RED(p); } +#else + unsigned int j; + sword16 t0; + sword16 t1; + sword16 t2; + sword16 t3; + sword16 zeta64_0; + sword16 zeta64_1; + sword16 zeta128; + sword16 zeta256; + sword32 p; + + for (j = 0; j < KYBER_N; j += 8) { + sword16 zeta2_0 = zetas_inv[ 0 + j / 4 + 0]; + sword16 zeta2_1 = zetas_inv[ 0 + j / 4 + 1]; + sword16 zeta4 = zetas_inv[64 + j / 8 + 0]; + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 1]; + sword16 r2 = r[j + 2]; + sword16 r3 = r[j + 3]; + sword16 r4 = r[j + 4]; + sword16 r5 = r[j + 5]; + sword16 r6 = r[j + 6]; + sword16 r7 = r[j + 7]; + + p = (sword32)zeta2_0 * (sword16)(r0 - r2); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta2_0 * (sword16)(r1 - r3); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta2_1 * (sword16)(r4 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta2_1 * (sword16)(r5 - r7); + t3 = KYBER_MONT_RED(p); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta4 * (sword16)(r0 - r4); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r1 - r5); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r2 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r3 - r7); + t3 = KYBER_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + 0] = r0; + r[j + 1] = r1; + r[j + 2] = r2; + r[j + 3] = r3; + r[j + 4] = r4; + r[j + 5] = r5; + r[j + 6] = r6; + r[j + 7] = r7; + } + + for (j = 0; j < KYBER_N; j += 64) { + int i; + sword16 zeta8_0 = zetas_inv[ 96 + j / 16 + 0]; + sword16 zeta8_1 = zetas_inv[ 96 + j / 16 + 1]; + sword16 zeta8_2 = zetas_inv[ 96 + j / 16 + 2]; + sword16 zeta8_3 = zetas_inv[ 96 + j / 16 + 3]; + sword16 zeta16_0 = zetas_inv[112 + j / 32 + 0]; + sword16 zeta16_1 = zetas_inv[112 + j / 32 + 1]; + sword16 zeta32 = zetas_inv[120 + j / 64 + 0]; + for (i = 0; i < 8; i++) { + sword16 r0 = r[j + i + 0]; + sword16 r1 = r[j + i + 8]; + sword16 r2 = r[j + i + 16]; + sword16 r3 = r[j + i + 24]; + sword16 r4 = r[j + i + 32]; + sword16 r5 = r[j + i + 40]; + sword16 r6 = r[j + i + 48]; + sword16 r7 = r[j + i + 56]; + + p = (sword32)zeta8_0 * (sword16)(r0 - r1); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta8_1 * (sword16)(r2 - r3); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta8_2 * (sword16)(r4 - r5); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta8_3 * (sword16)(r6 - r7); + t3 = KYBER_MONT_RED(p); + r0 = KYBER_BARRETT_RED(r0 + r1); + r2 = KYBER_BARRETT_RED(r2 + r3); + r4 = KYBER_BARRETT_RED(r4 + r5); + r6 = KYBER_BARRETT_RED(r6 + r7); + r1 = t0; + r3 = t1; + r5 = t2; + r7 = t3; + + p = (sword32)zeta16_0 * (sword16)(r0 - r2); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta16_0 * (sword16)(r1 - r3); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta16_1 * (sword16)(r4 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta16_1 * (sword16)(r5 - r7); + t3 = KYBER_MONT_RED(p); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta32 * (sword16)(r0 - r4); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r1 - r5); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r2 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r3 - r7); + t3 = KYBER_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + zeta64_0 = zetas_inv[124]; + zeta64_1 = zetas_inv[125]; + zeta128 = zetas_inv[126]; + zeta256 = zetas_inv[127]; + for (j = 0; j < KYBER_N / 8; j++) { + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 32]; + sword16 r2 = r[j + 64]; + sword16 r3 = r[j + 96]; + sword16 r4 = r[j + 128]; + sword16 r5 = r[j + 160]; + sword16 r6 = r[j + 192]; + sword16 r7 = r[j + 224]; + + p = (sword32)zeta64_0 * (sword16)(r0 - r2); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta64_0 * (sword16)(r1 - r3); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta64_1 * (sword16)(r4 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta64_1 * (sword16)(r5 - r7); + t3 = KYBER_MONT_RED(p); + r0 = KYBER_BARRETT_RED(r0 + r2); + r1 = KYBER_BARRETT_RED(r1 + r3); + r4 = KYBER_BARRETT_RED(r4 + r6); + r5 = KYBER_BARRETT_RED(r5 + r7); + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta128 * (sword16)(r0 - r4); + t0 = KYBER_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r1 - r5); + t1 = KYBER_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r2 - r6); + t2 = KYBER_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r3 - r7); + t3 = KYBER_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta256 * r0; + r0 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r1; + r1 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r2; + r2 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r3; + r3 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r4; + r4 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r5; + r5 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r6; + r6 = KYBER_MONT_RED(p); + p = (sword32)zeta256 * r7; + r7 = KYBER_MONT_RED(p); + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } #endif } @@ -387,13 +935,24 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); } -#else +#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) for (i = 0; i < KYBER_N; i += 8, zeta += 2) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); kyber_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); } +#else + for (i = 0; i < KYBER_N; i += 16, zeta += 4) { + kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); + kyber_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); + kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); + kyber_basemul(r + i + 8, a + i + 8, b + i + 8, zeta[2]); + kyber_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]); + kyber_basemul(r + i + 12, a + i + 12, b + i + 12, zeta[3]); + kyber_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]); + } #endif } @@ -422,7 +981,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 2] += t2[0]; r[i + 3] += t2[1]; } -#else +#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) for (i = 0; i < KYBER_N; i += 8, zeta += 2) { sword16 t0[2]; sword16 t2[2]; @@ -443,6 +1002,43 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 6] += t6[0]; r[i + 7] += t6[1]; } +#else + for (i = 0; i < KYBER_N; i += 16, zeta += 4) { + sword16 t0[2]; + sword16 t2[2]; + sword16 t4[2]; + sword16 t6[2]; + sword16 t8[2]; + sword16 t10[2]; + sword16 t12[2]; + sword16 t14[2]; + + kyber_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); + kyber_basemul(t4, a + i + 4, b + i + 4, zeta[1]); + kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]); + kyber_basemul(t8, a + i + 8, b + i + 8, zeta[2]); + kyber_basemul(t10, a + i + 10, b + i + 10, -zeta[2]); + kyber_basemul(t12, a + i + 12, b + i + 12, zeta[3]); + kyber_basemul(t14, a + i + 14, b + i + 14, -zeta[3]); + + r[i + 0] += t0[0]; + r[i + 1] += t0[1]; + r[i + 2] += t2[0]; + r[i + 3] += t2[1]; + r[i + 4] += t4[0]; + r[i + 5] += t4[1]; + r[i + 6] += t6[0]; + r[i + 7] += t6[1]; + r[i + 8] += t8[0]; + r[i + 9] += t8[1]; + r[i + 10] += t10[0]; + r[i + 11] += t10[1]; + r[i + 12] += t12[0]; + r[i + 13] += t12[1]; + r[i + 14] += t14[0]; + r[i + 15] += t14[1]; + } #endif } @@ -1460,6 +2056,8 @@ static void kyber_cbd_eta3(sword16* p, const byte* r) { unsigned int i; +#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \ + defined(BIG_ENDIAN_ORDER) #ifndef WORD64_AVAILABLE /* Calculate four integer coefficients at a time. */ for (i = 0; i < KYBER_N; i += 4) { @@ -1533,7 +2131,59 @@ static void kyber_cbd_eta3(sword16* p, const byte* r) /* Move over used bytes. */ r += 6; } -#endif +#endif /* WORD64_AVAILABLE */ +#else + /* Calculate eight integer coefficients at a time. */ + for (i = 0; i < KYBER_N; i += 16) { + const word32* r32 = (const word32*)r; + /* Take the next 12 bytes, little endian, as 24 bit values. */ + word32 t0 = r32[0] & 0xffffff; + word32 t1 = ((r32[0] >> 24) | (r32[1] << 8)) & 0xffffff; + word32 t2 = ((r32[1] >> 16) | (r32[2] << 16)) & 0xffffff; + word32 t3 = r32[2] >> 8 ; + word32 d0; + word32 d1; + word32 d2; + word32 d3; + + /* Add second and third bits to first. */ + d0 = (t0 >> 0) & 0x00249249; + d0 += (t0 >> 1) & 0x00249249; + d0 += (t0 >> 2) & 0x00249249; + d1 = (t1 >> 0) & 0x00249249; + d1 += (t1 >> 1) & 0x00249249; + d1 += (t1 >> 2) & 0x00249249; + d2 = (t2 >> 0) & 0x00249249; + d2 += (t2 >> 1) & 0x00249249; + d2 += (t2 >> 2) & 0x00249249; + d3 = (t3 >> 0) & 0x00249249; + d3 += (t3 >> 1) & 0x00249249; + d3 += (t3 >> 2) & 0x00249249; + /* Values 0, 1, 2 or 3 in consecutive 3 bits. + * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */ + + p[i + 0] = ETA3_SUB(d0, 0); + p[i + 1] = ETA3_SUB(d0, 1); + p[i + 2] = ETA3_SUB(d0, 2); + p[i + 3] = ETA3_SUB(d0, 3); + p[i + 4] = ETA3_SUB(d1, 0); + p[i + 5] = ETA3_SUB(d1, 1); + p[i + 6] = ETA3_SUB(d1, 2); + p[i + 7] = ETA3_SUB(d1, 3); + p[i + 8] = ETA3_SUB(d2, 0); + p[i + 9] = ETA3_SUB(d2, 1); + p[i + 10] = ETA3_SUB(d2, 2); + p[i + 11] = ETA3_SUB(d2, 3); + p[i + 12] = ETA3_SUB(d3, 0); + p[i + 13] = ETA3_SUB(d3, 1); + p[i + 14] = ETA3_SUB(d3, 2); + p[i + 15] = ETA3_SUB(d3, 3); + /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */ + + /* Move over used bytes. */ + r += 12; + } +#endif /* WOLFSSL_SMALL_STACK || WOLFSSL_KYBER_NO_LARGE_CODE || BIG_ENDIAN_ORDER */ } #endif @@ -2069,9 +2719,6 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp) { unsigned int i; unsigned int j; -#ifdef WOLFSSL_KYBER_SMALL - unsigned int k; -#endif for (i = 0; i < kp; i++) { /* Reduce each coefficient to mod q. */ @@ -2081,9 +2728,12 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp) /* Each polynomial. */ for (i = 0; i < kp; i++) { +#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \ + defined(BIG_ENDIAN_ORDER) /* Each 4 polynomial coefficients. */ for (j = 0; j < KYBER_N; j += 4) { #ifdef WOLFSSL_KYBER_SMALL + unsigned int k; sword16 t[4]; /* Compress four polynomial values to 10 bits each. */ for (k = 0; k < 4; k++) { @@ -2114,6 +2764,44 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp) /* Move over set bytes. */ r += 5; } +#else + /* Each 16 polynomial coefficients. */ + for (j = 0; j < KYBER_N; j += 16) { + /* Compress four polynomial values to 10 bits each. */ + sword16 t0 = TO_COMP_WORD_10(v, i, j, 0); + sword16 t1 = TO_COMP_WORD_10(v, i, j, 1); + sword16 t2 = TO_COMP_WORD_10(v, i, j, 2); + sword16 t3 = TO_COMP_WORD_10(v, i, j, 3); + sword16 t4 = TO_COMP_WORD_10(v, i, j, 4); + sword16 t5 = TO_COMP_WORD_10(v, i, j, 5); + sword16 t6 = TO_COMP_WORD_10(v, i, j, 6); + sword16 t7 = TO_COMP_WORD_10(v, i, j, 7); + sword16 t8 = TO_COMP_WORD_10(v, i, j, 8); + sword16 t9 = TO_COMP_WORD_10(v, i, j, 9); + sword16 t10 = TO_COMP_WORD_10(v, i, j, 10); + sword16 t11 = TO_COMP_WORD_10(v, i, j, 11); + sword16 t12 = TO_COMP_WORD_10(v, i, j, 12); + sword16 t13 = TO_COMP_WORD_10(v, i, j, 13); + sword16 t14 = TO_COMP_WORD_10(v, i, j, 14); + sword16 t15 = TO_COMP_WORD_10(v, i, j, 15); + + word32* r32 = (word32*)r; + /* Pack sixteen 10-bit values into byte array. */ + r32[0] = t0 | ((word32)t1 << 10) | ((word32)t2 << 20) | + ((word32)t3 << 30); + r32[1] = (t3 >> 2) | ((word32)t4 << 8) | ((word32)t5 << 18) | + ((word32)t6 << 28); + r32[2] = (t6 >> 4) | ((word32)t7 << 6) | ((word32)t8 << 16) | + ((word32)t9 << 26); + r32[3] = (t9 >> 6) | ((word32)t10 << 4) | ((word32)t11 << 14) | + ((word32)t12 << 24); + r32[4] = (t12 >> 8) | ((word32)t13 << 2) | ((word32)t14 << 12) | + ((word32)t15 << 22); + + /* Move over set bytes. */ + r += 20; + } +#endif } } @@ -2773,6 +3461,8 @@ void kyber_decompress_5(sword16* p, const unsigned char* b) /* Convert bit from byte to 0 or (KYBER_Q + 1) / 2. * * Constant time implementation. + * XOR in kyber_opt_blocker to ensure optimizer doesn't know what will be ANDed + * with KYBER_Q_1_HALF and can't optimize to non-constant time code. * * @param [out] p Polynomial to hold converted value. * @param [in] msg Message to get bit from byte from. @@ -2780,7 +3470,8 @@ void kyber_decompress_5(sword16* p, const unsigned char* b) * @param [in] j Index of bit in byte. */ #define FROM_MSG_BIT(p, msg, i, j) \ - p[8 * (i) + (j)] = ((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) & KYBER_Q_1_HALF + ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \ + kyber_opt_blocker) & KYBER_Q_1_HALF) /* Convert message to polynomial. * diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index cdc732f6e4..cbe9d1f7b2 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -19,8 +19,1127 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifdef HAVE_CONFIG_H + #include +#endif + #include +#include +#include + +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + + +/* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8. + * + * @param [in] w Winternitz width. + */ +#define LMS_U(w) \ + (8 * WC_SHA256_DIGEST_SIZE / (w)) +/* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8. + * + * @param [in] w Winternitz width. + * @param [in] wb Winternitz width length in bits. + */ +#define LMS_V(w, wb) \ + (2 + (8 - (wb)) / (w)) +/* Calculate ls. Appendix B. Works for w of 1, 2, 4, or 8. + * + * @param [in] w Winternitz width. + * @param [in] wb Winternitz width length in bits. + */ +#define LMS_LS(w, wb) \ + (16 - LMS_V(w, wb) * (w)) +/* Calculate p. Appendix B. Works for w of 1, 2, 4, or 8. + * + * @param [in] w Winternitz width. + * @param [in] wb Winternitz width length in bits. + */ +#define LMS_P(w, wb) \ + (LMS_U(w) + LMS_V(w, wb)) +/* Calculate signature length. + * + * @param [in] l Number of levels. + * @param [in] h Height of the trees. + * @param [in] p Number of n-byte string elements in signature for a tree. + */ +#define LMS_PARAMS_SIG_LEN(l, h, p) \ + (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) + \ + ((l) - 1) * LMS_PUBKEY_LEN) + +#ifndef WOLFSSL_WC_LMS_SMALL + /* Root levels and leaf cache bits. */ + #define LMS_PARAMS_CACHE(h) \ + (((h) < LMS_ROOT_LEVELS) ? (h) : LMS_ROOT_LEVELS), \ + (((h) < LMS_CACHE_BITS ) ? (h) : LMS_CACHE_BITS ) +#else + /* Root levels and leaf cache bits aren't in structure. */ + #define LMS_PARAMS_CACHE(h) /* null expansion */ +#endif + +/* Define parameters entry for LMS. + * + * @param [in] l Number of levels. + * @param [in] h Height of the trees. + * @param [in] w Winternitz width. + * @param [in] wb Winternitz width length in bits. + * @param [in] t LMS type. + * @param [in] t2 LM-OTS type. + */ +#define LMS_PARAMS(l, h, w, wb, t, t2) \ + { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2, \ + LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) } + + +/* Initialize the working state for LMS operations. + * + * @param [in, out] state LMS state. + * @param [in] params LMS parameters. + */ +static int wc_lmskey_state_init(LmsState* state, const LmsParams* params) +{ + int ret; -#ifdef WOLFSSL_HAVE_LMS - #error "Contact wolfSSL to get the implementation of this file" + /* Zero out every field. */ + XMEMSET(state, 0, sizeof(LmsState)); + + /* Keep a reference to the parameters for use in operations. */ + state->params = params; + + /* Initialize the two hash algorithms. */ + ret = wc_InitSha256(&state->hash); + if (ret == 0) { + ret = wc_InitSha256(&state->hash_k); + if (ret != 0) { + wc_Sha256Free(&state->hash); + } + } + + return ret; +} + +/* Free the working state for LMS operations. + * + * @param [in] state LMS state. + */ +static void wc_lmskey_state_free(LmsState* state) +{ + wc_Sha256Free(&state->hash_k); + wc_Sha256Free(&state->hash); +} + +/* Supported LMS parameters. */ +static const wc_LmsParamsMap wc_lms_map[] = { +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_NONE , "LMS_NONE" , + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2", + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4", + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, +#endif +#if LMS_MAX_LEVELS >= 2 +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2", + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4", + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8", + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 3 + { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" , + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" , + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" , + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4", + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 4 + { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" , + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, +#endif + + /* For when user sets L, H, W explicitly. */ + { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" , + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) }, + { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" , + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" , + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" , + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2", + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4", + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8", + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, +#endif +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8", + LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, +#endif +#if LMS_MAX_HEIGHT >= 20 + { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2", + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4", + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8", + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, +#endif +#if LMS_MAX_LEVELS >= 2 + { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" , + LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" , + LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" , + LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2", + LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4", + LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8", + LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, +#endif +#if LMS_MAX_HEIGHT >= 20 + { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2", + LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4", + LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8", + LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 3 +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8", + LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, #endif +#endif +#if LMS_MAX_LEVELS >= 4 + { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" , + LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" , + LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4", + LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8", + LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, +#endif +#endif +}; +/* Number of parameter sets supported. */ +#define WC_LMS_MAP_LEN ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map))) + +/* Initialize LMS key. + * + * Call this before setting the params of an LMS key. + * + * @param [out] key LMS key to initialize. + * @param [in] heap Heap hint. + * @param [in] devId Device identifier. + * Use INVALID_DEVID when not using a device. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL. + */ +int wc_LmsKey_Init(LmsKey* key, void* heap, int devId) +{ + int ret = 0; + + (void)heap; + (void)devId; + + /* Validate parameters. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Zeroize the key data. */ + ForceZero(key, sizeof(LmsKey)); + + #ifndef WOLFSSL_LMS_VERIFY_ONLY + /* Initialize other fields. */ + key->write_private_key = NULL; + key->read_private_key = NULL; + key->context = NULL; + key->heap = heap; + #endif + #ifdef WOLF_CRYPTO_CB + key->devId = devId; + #endif + /* Start in initialized state. */ + key->state = WC_LMS_STATE_INITED; + } + + return ret; +} + +/* Get the string representation of the LMS parameter set. + * + * @param [in] lmsParm LMS parameter set identifier. + * @return String representing LMS parameter set on success. + * @return NULL when parameter set not supported. + */ +const char* wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm) +{ + const char* str = NULL; + int i; + + /* Search through table for matching numeric identifier. */ + for (i = 0; i < WC_LMS_MAP_LEN; i++) { + if (lmsParm == wc_lms_map[i].id) { + /* Get string corresponding to numeric identifier. */ + str = wc_lms_map[i].str; + break; + } + } + + /* Return the string or NULL. */ + return str; +} + +/* Set the wc_LmsParm of an LMS key. + * + * Use this if you wish to set a key with a predefined parameter set, + * such as WC_LMS_PARM_L2_H10_W8. + * + * Key must be inited before calling this. + * + * @param [in, out] key LMS key to set parameters on. + * @param [in] lmsParm Identifier of parameters. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL. + * @return BAD_FUNC_ARG when parameters not supported. + */ +int wc_LmsKey_SetLmsParm(LmsKey* key, enum wc_LmsParm lmsParm) +{ + int ret = 0; + + /* Validate parameters. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + /* Check state is valid. */ + if ((ret == 0) && (key->state != WC_LMS_STATE_INITED)) { + WOLFSSL_MSG("error: LmsKey needs init"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + int i; + + ret = BAD_FUNC_ARG; + /* Search through table for matching numeric identifier. */ + for (i = 0; i < WC_LMS_MAP_LEN; i++) { + if (lmsParm == wc_lms_map[i].id) { + /* Set the parameters into the key. */ + key->params = &wc_lms_map[i].params; + ret = 0; + break; + } + } + } + + if (ret == 0) { + /* Move the state to params set. + * Key is ready for MakeKey or Reload. */ + key->state = WC_LMS_STATE_PARMSET; + } + + return ret; +} + +/* Set the parameters of an LMS key. + * + * Use this if you wish to set specific parameters not found in the + * wc_LmsParm predefined sets. See comments in lms.h for allowed + * parameters. + * + * Key must be inited before calling this. + * + * @param [in, out] key LMS key to set parameters on. + * @param [in] levels Number of tree levels. + * @param [in] height Height of each tree. + * @param [in] winternitz Width or Winternitz coefficient. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL. + * @return BAD_FUNC_ARG when parameters not supported. + * */ +int wc_LmsKey_SetParameters(LmsKey* key, int levels, int height, + int winternitz) +{ + int ret = 0; + + /* Validate parameters. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + /* Check state is valid. */ + if ((ret == 0) && (key->state != WC_LMS_STATE_INITED)) { + WOLFSSL_MSG("error: LmsKey needs init"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + int i; + + ret = BAD_FUNC_ARG; + /* Search through table for matching levels, height and width. */ + for (i = 0; i < WC_LMS_MAP_LEN; i++) { + if ((levels == wc_lms_map[i].params.levels) && + (height == wc_lms_map[i].params.height) && + (winternitz == wc_lms_map[i].params.width)) { + /* Set the parameters into the key. */ + key->params = &wc_lms_map[i].params; + ret = 0; + break; + } + } + } + + if (ret == 0) { + /* Move the state to params set. + * Key is ready for MakeKey or Reload. */ + key->state = WC_LMS_STATE_PARMSET; + } + + return ret; +} + +/* Get the parameters of an LMS key. + * + * Key must be inited and parameters set before calling this. + * + * @param [in] key LMS key. + * @param [out] levels Number of levels of trees. + * @param [out] height Height of the trees. + * @param [out] winternitz Winternitz width. + * Returns 0 on success. + * */ +int wc_LmsKey_GetParameters(const LmsKey* key, int* levels, int* height, + int* winternitz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (levels == NULL) || (height == NULL) || + (winternitz == NULL)) { + ret = BAD_FUNC_ARG; + } + + /* Validate the parameters are available. */ + if ((ret == 0) && (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Set the levels, height and Winternitz width from parameters. */ + *levels = key->params->levels; + *height = key->params->height; + *winternitz = key->params->width; + } + + return ret; +} + +/* Frees the LMS key from memory. + * + * This does not affect the private key saved to non-volatile storage. + * + * @param [in, out] key LMS key to free. + */ +void wc_LmsKey_Free(LmsKey* key) +{ + if (key != NULL) { + #ifndef WOLFSSL_LMS_VERIFY_ONLY + if (key->priv_data != NULL) { + const LmsParams* params = key->params; + + ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels, + params->height, params->p, params->rootLevels, + params->cacheBits)); + + XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); + } + #endif + + ForceZero(key, sizeof(LmsKey)); + + key->state = WC_LMS_STATE_FREED; + } +} + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Set the write private key callback to the LMS key structure. + * + * The callback must be able to write/update the private key to + * non-volatile storage. + * + * @param [in, out] key LMS key. + * @param [in] write_cb Callback function that stores private key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or write_cb is NULL. + * @return BAD_STATE_E when key state is invalid. + */ +int wc_LmsKey_SetWriteCb(LmsKey* key, wc_lms_write_private_key_cb write_cb) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (write_cb == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Changing the write callback of an already working key is forbidden. */ + if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) { + WOLFSSL_MSG("error: wc_LmsKey_SetWriteCb: key in use"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Set the callback into the key. */ + key->write_private_key = write_cb; + } + + return ret; +} + +/* Set the read private key callback to the LMS key structure. + * + * The callback must be able to read the private key from + * non-volatile storage. + * + * @param [in, out] key LMS key. + * @param [in] read_cb Callback function that loads private key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or read_cb is NULL. + * @return BAD_STATE_E when key state is invalid. + * */ +int wc_LmsKey_SetReadCb(LmsKey* key, wc_lms_read_private_key_cb read_cb) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (read_cb == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Changing the read callback of an already working key is forbidden. */ + if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) { + WOLFSSL_MSG("error: wc_LmsKey_SetReadCb: key in use"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Set the callback into the key. */ + key->read_private_key = read_cb; + } + + return ret; +} + +/* Sets the context to be used by write and read callbacks. + * + * E.g. this could be a filename if the callbacks write/read to file. + * + * @param [in, out] key LMS key. + * @param [in] context Pointer to data for read/write callbacks. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or context is NULL. + * @return BAD_STATE_E when key state is invalid. + * */ +int wc_LmsKey_SetContext(LmsKey* key, void* context) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (context == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Setting context of an already working key is forbidden. */ + if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) { + WOLFSSL_MSG("error: wc_LmsKey_SetContext: key in use"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Set the callback context into the key. */ + key->context = context; + } + + return ret; +} + +/* Make the LMS private/public key pair. The key must have its parameters + * set before calling this. + * + * Write/read callbacks, and context data, must be set prior. + * Key must have parameters set. + * + * @param [in, out] key LMS key. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or rng is NULL. + * @return BAD_STATE_E when key is in an invalid state. + * @return BAD_FUNC_ARG when write callback or callback context not set. + * @return BAD_STATE_E when no more signatures can be created. + */ +int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check state. */ + if ((ret == 0) && (key->state != WC_LMS_STATE_PARMSET)) { + WOLFSSL_MSG("error: LmsKey not ready for generation"); + ret = BAD_STATE_E; + } + /* Check write callback set. */ + if ((ret == 0) && (key->write_private_key == NULL)) { + WOLFSSL_MSG("error: LmsKey write callback is not set"); + ret = BAD_FUNC_ARG; + } + /* Check callback context set. */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: LmsKey context is not set"); + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && (key->priv_data == NULL)) { + const LmsParams* params = key->params; + + /* Allocate memory for the private key data. */ + key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, + params->height, params->p, params->rootLevels, params->cacheBits), + key->heap, DYNAMIC_TYPE_LMS); + /* Check pointer is valid. */ + if (key->priv_data == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + LmsState* state; + #else + LmsState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for working state. */ + state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize working state for use. */ + ret = wc_lmskey_state_init(state, key->params); + if (ret == 0) { + /* Make the HSS key. */ + ret = wc_hss_make_key(state, rng, key->priv_raw, &key->priv, + key->priv_data, key->pub); + wc_lmskey_state_free(state); + } + ForceZero(state, sizeof(LmsState)); + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + if (ret == 0) { + /* Write private key to storage. */ + int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, + key->context); + if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { + ret = IO_FAILED_E; + } + } + + /* This should not happen, but check whether signatures can be created. */ + if ((ret == 0) && (wc_LmsKey_SigsLeft(key) == 0)) { + WOLFSSL_MSG("error: generated LMS key signatures exhausted"); + key->state = WC_LMS_STATE_NOSIGS; + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Update state. */ + key->state = WC_LMS_STATE_OK; + } + + return ret; +} + +/* Reload a key that has been prepared with the appropriate params and + * data. Use this if you wish to resume signing with an existing key. + * + * Write/read callbacks, and context data, must be set prior. + * Key must have parameters set. + * + * @param [in, out] key LMS key. + * + * Returns 0 on success. */ +int wc_LmsKey_Reload(LmsKey* key) +{ + int ret = 0; + + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + /* Check state. */ + if ((ret == 0) && (key->state != WC_LMS_STATE_PARMSET)) { + WOLFSSL_MSG("error: LmsKey not ready for reload"); + ret = BAD_STATE_E; + } + /* Check read callback present. */ + if ((ret == 0) && (key->read_private_key == NULL)) { + WOLFSSL_MSG("error: LmsKey read callback is not set"); + ret = BAD_FUNC_ARG; + } + /* Check context for callback set */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: LmsKey context is not set"); + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && (key->priv_data == NULL)) { + const LmsParams* params = key->params; + + /* Allocate memory for the private key data. */ + key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, + params->height, params->p, params->rootLevels, params->cacheBits), + key->heap, DYNAMIC_TYPE_LMS); + /* Check pointer is valid. */ + if (key->priv_data == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + /* Load private key. */ + int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, + key->context); + if (rv != WC_LMS_RC_READ_TO_MEMORY) { + ret = IO_FAILED_E; + } + } + + /* Double check the key actually has signatures left. */ + if ((ret == 0) && (wc_LmsKey_SigsLeft(key) == 0)) { + WOLFSSL_MSG("error: reloaded LMS key signatures exhausted"); + key->state = WC_LMS_STATE_NOSIGS; + ret = BAD_STATE_E; + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + LmsState* state; + #else + LmsState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for working state. */ + state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize working state for use. */ + ret = wc_lmskey_state_init(state, key->params); + if (ret == 0) { + /* Reload the key ready for signing. */ + ret = wc_hss_reload_key(state, key->priv_raw, &key->priv, + key->priv_data, NULL); + } + ForceZero(state, sizeof(LmsState)); + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + + if (ret == 0) { + /* Update state. */ + key->state = WC_LMS_STATE_OK; + } + + return ret; +} + +/* Get the private key length based on parameter set of key. + * + * @param [in] key LMS key. + * @param [out] len Length of private key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL or parameters not set. + */ +int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Return private key length from parameter set. */ + *len = HSS_PRIVATE_KEY_LEN; + } + + return ret; +} + +/* Sign a message. + * + * @param [in, out] key LMS key to sign with. + * @param [out] sig Signature data. Buffer must be big enough to hold + * signature data. + * @param [out] sigSz Length of signature data. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, sig, sigSz or msg is NULL. + * @return BAD_FUNC_ARG when msgSz is not greater than 0. + */ +int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, + int msgSz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (sigSz == NULL) || (msg == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (msgSz <= 0)) { + ret = BAD_FUNC_ARG; + } + /* Check state. */ + if ((ret == 0) && (key->state == WC_LMS_STATE_NOSIGS)) { + WOLFSSL_MSG("error: LMS signatures exhausted"); + ret = BAD_STATE_E; + } + if ((ret == 0) && (key->state != WC_LMS_STATE_OK)) { + /* The key had an error the last time it was used, and we + * can't guarantee its state. */ + WOLFSSL_MSG("error: can't sign, LMS key not in good state"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + LmsState* state; + #else + LmsState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for working state. */ + state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize working state for use. */ + ret = wc_lmskey_state_init(state, key->params); + if (ret == 0) { + /* Sign message. */ + ret = wc_hss_sign(state, key->priv_raw, &key->priv, + key->priv_data, msg, msgSz, sig); + wc_lmskey_state_free(state); + } + ForceZero(state, sizeof(LmsState)); + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + if (ret == 0) { + *sigSz = (word32)key->params->sig_len; + } + if (ret == 0) { + /* Write private key to storage. */ + int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, + key->context); + if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { + ret = IO_FAILED_E; + } + } + + return ret; +} + +/* Returns whether signatures can be created with key. + * + * @param [in] key LMS key. + * + * @return 1 if there are signatures remaining. + * @return 0 if available signatures are exhausted. + */ +int wc_LmsKey_SigsLeft(LmsKey* key) +{ + int ret = 0; + + /* NULL keys have no signatures remaining. */ + if (key != NULL) { + ret = wc_hss_sigsleft(key->params, key->priv_raw); + } + + return ret; +} + +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/ + +/* Get the public key length based on parameter set of key. + * + * @param [in] key LMS key. + * @param [out] len Length of public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL or parameters not set. + */ +int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters */ + if ((key == NULL) || (len == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + *len = HSS_PUBLIC_KEY_LEN; + } + + return ret; +} + +/* Export a generated public key and parameter set from one LmsKey + * to another. Use this to prepare a signature verification LmsKey + * that is pub only. + * + * Though the public key is all that is used to verify signatures, + * the parameter set is needed to calculate the signature length + * before hand. + * + * @param [out] keyDst LMS key to copy into. + * @param [in] keySrc LMS key to copy. + * @return 0 on success. + * @return BAD_FUNC_ARG when keyDst or keySrc is NULL. + */ +int wc_LmsKey_ExportPub(LmsKey* keyDst, const LmsKey* keySrc) +{ + int ret = 0; + + if ((keyDst == NULL) || (keySrc == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ForceZero(keyDst, sizeof(LmsKey)); + + keyDst->params = keySrc->params; + XMEMCPY(keyDst->pub, keySrc->pub, sizeof(keySrc->pub)); + + /* Mark this key as verify only, to prevent misuse. */ + keyDst->state = WC_LMS_STATE_VERIFYONLY; + } + + return ret; +} + +/* Exports the raw LMS public key buffer from key to out buffer. + * The out buffer should be large enough to hold the public key, and + * outLen should indicate the size of the buffer. + * + * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. + * + * @param [in] key LMS key. + * @param [out] out Buffer to hold encoded public key. + * @param [in, out] outLen On in, length of out in bytes. + * On out, the length of the public key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, out or outLen is NULL. + * @return BUFFER_E when outLen is too small to hold encoded public key. + */ +int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (out == NULL) || (outLen == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check size of out is sufficient. */ + if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) { + ret = BUFFER_E; + } + + if (ret == 0) { + /* Return encoded public key. */ + XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN); + *outLen = HSS_PUBLIC_KEY_LEN; + } + + return ret; +} + +/* Imports a raw public key buffer from in array to LmsKey key. + * + * The LMS parameters must be set first with wc_LmsKey_SetLmsParm or + * wc_LmsKey_SetParameters, and inLen must match the length returned + * by wc_LmsKey_GetPubLen. + * + * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. + * + * @param [in, out] key LMS key to put public key in. + * @param [in] in Buffer holding encoded public key. + * @param [in] inLen Length of encoded public key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or in is NULL. + * @return BUFFER_E when inLen does not match public key length by parameters. + */ +int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) { + /* Something inconsistent. Parameters weren't set, or input + * pub key is wrong.*/ + return BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(key->pub, in, inLen); + + key->state = WC_LMS_STATE_VERIFYONLY; + } + + return ret; +} + +/* Given a levels, height, winternitz parameter set, determine + * the signature length. + * + * Call this before wc_LmsKey_Sign so you know the length of + * the required signature buffer. + * + * @param [in] key LMS key. + * @param [out] len Length of a signature in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + */ +int wc_LmsKey_GetSigLen(const LmsKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + *len = key->params->sig_len; + } + + return ret; +} + +/* Verify the signature of the message with public key. + * + * @param [in] key LMS key. + * @param [in] sig Signature to verify. + * @param [in] sigSz Size of signature in bytes. + * @param [in] msg Message to verify. + * @param [in] msgSz Length of the message in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when a key, sig or msg is NULL. + * @return SIG_VERIFY_E when signature did not verify message. + * @return BAD_STATE_E when wrong state for operation. + * @return BUFFER_E when sigSz is invalid for parameters. + */ +int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, + const byte* msg, int msgSz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (msg == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check state. */ + if ((ret == 0) && (key->state != WC_LMS_STATE_OK) && + (key->state != WC_LMS_STATE_VERIFYONLY)) { + /* LMS key not ready for verification. Param str must be + * set first, and Reload() called. */ + WOLFSSL_MSG("error: LMS key not ready for verification"); + ret = BAD_STATE_E; + } + /* Check signature length. */ + if ((ret == 0) && (sigSz != key->params->sig_len)) { + ret = BUFFER_E; + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + LmsState* state; + #else + LmsState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for working state. */ + state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize working state for use. */ + ret = wc_lmskey_state_init(state, key->params); + if (ret == 0) { + /* Verify signature of message with public key. */ + ret = wc_hss_verify(state, key->pub, msg, msgSz, sig); + wc_lmskey_state_free(state); + } + ForceZero(state, sizeof(LmsState)); + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + + return ret; +} + +#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index dbd5ed68b0..3f48420b4a 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -19,8 +19,3074 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include +/* Implementation based on: + * RFC 8554: Leighton-Micali Hash-Based Signatures + * https://datatracker.ietf.org/doc/html/rfc8554 + * Implementation by Sean Parkinson. + */ + +/* Possible LMS options: + * + * WC_LMS_FULL_HASH Default: OFF + * Performs a full hash instead of assuming internals. + * Enable when using hardware SHA-256. + * WOLFSSL_LMS_VERIFY_ONLY Default: OFF + * Only compiles in verification code. + * WOLFSSL_WC_LMS_SMALL Default: OFF + * Implementation is smaller code size with slow signing. + * Enable when memory is limited. + */ + +#include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) + +/* Length of R in bytes. */ +#define LMS_R_LEN 4 +/* Length of D in bytes. */ +#define LMS_D_LEN 2 +/* Length of checksum in bytes. */ +#define LMS_CKSM_LEN 2 + +/* Predefined values used in hashes to make them unique. */ +/* Fixed value for calculating x. */ +#define LMS_D_FIXED 0xff +/* D value when computing public key. */ +#define LMS_D_PBLC 0x8080 +/* D value when computing message. */ +#define LMS_D_MESG 0x8181 +/* D value when computing leaf node. */ +#define LMS_D_LEAF 0x8282 +/* D value when computing interior node. */ +#define LMS_D_INTR 0x8383 +/* D value when computing C, randomizer value. */ +#define LMS_D_C 0xfffd +/* D value when computing child SEED for private key. */ +#define LMS_D_CHILD_SEED 0xfffe +/* D value when computing child I for private key. */ +#define LMS_D_CHILD_I 0xffff + +/* Length of data to hash when computing seed: + * 16 + 4 + 2 + 32 = 54 */ +#define LMS_SEED_HASH_LEN \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN) + +/* Length of data to hash when computing a node: + * 16 + 4 + 2 + 32 + 32 = 86 */ +#define LMS_NODE_HASH_LEN \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN) + +/* Length of data to hash when computing most results: + * 16 + 4 + 2 + 1 + 32 = 55 */ +#define LMS_HASH_BUFFER_LEN \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN) + +/* Length of data to hash when computing Q: + * 16 + 4 + 2 + 32 = 54 */ +#define LMS_Q_BUFFER_LEN \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN) + +/* Length of preliminary data to hash when computing K: + * 16 + 4 + 2 = 22 */ +#define LMS_K_PRE_LEN (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN) + +/* Length of preliminary data to hash when computing message hash: + * 16 + 4 + 2 = 22 */ +#define LMS_MSG_PRE_LEN (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN) + + +#ifdef WC_LMS_DEBUG_PRINT_DATA +/* Print data when dubgging implementation. + * + * @param [in] name String to print before data. + * @param [in] data Array of bytes. + * @param [in] len Length of data in array. + */ +static void print_data(const char* name, const byte* data, int len) +{ + int i; + + fprintf(stderr, "%6s: ", name); + for (i = 0; i < len; i++) { + fprintf(stderr, "%02x", data[i]); + } + fprintf(stderr, "\n"); +} +#endif + +/*************************************** + * Index APIs + **************************************/ + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Zero index. + * + * @param [out] a Byte array. Big-endian encoding. + * @param [in] len Length of array in bytes. + */ +static WC_INLINE void wc_lms_idx_zero(unsigned char* a, int len) +{ + XMEMSET(a, 0, len); +} + +/* Increment big-endian value. + * + * @param [in, out] a Byte array. Big-endian encoding. + * @param [in] len Length of array in bytes. + */ +static WC_INLINE void wc_lms_idx_inc(unsigned char* a, int len) +{ + int i; + + /* Starting at least-significant byte up to most. */ + for (i = len - 1; i >= 0; i--) { + /* Add one/carry to byte. */ + if ((++a[i]) != 0) { + /* No more carry. */ + break; + } + } +} +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + +/*************************************** + * Hash APIs + **************************************/ + +/* Set hash data and length into SHA-256 digest. + * + * @param [in, out] state SHA-256 digest object. + * @param [in] data Data to add to hash. + * @param [in] len Number of bytes in data. Must be less than a block. + */ +#define LMS_SHA256_SET_DATA(sha256, data, len) \ +do { \ + XMEMCPY((sha256)->buffer, (data), (len)); \ + (sha256)->buffLen = (len); \ + (sha256)->loLen = (len); \ +} while (0) + +/* Add hash data and length into SHA-256 digest. + * + * @param [in, out] state SHA-256 digest object. + * @param [in] data Data to add to hash. + * @param [in] len Number of bytes in data. Must be less than a block. + */ +#define LMS_SHA256_ADD_DATA(sha256, data, len) \ +do { \ + XMEMCPY((byte*)(sha256)->buffer + (sha256)->buffLen, (data), (len)); \ + (sha256)->buffLen += (len); \ + (sha256)->loLen += (len); \ +} while (0) + +/* Set the length of 54 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_54(buffer) \ +do { \ + (buffer)[54] = 0x80; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0xb0; \ +} while (0) + +/* Set the length of 55 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_55(buffer) \ +do { \ + (buffer)[55] = 0x80; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0xb8; \ +} while (0) + +#ifndef WC_LMS_FULL_HASH +/* Hash one full block of data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_block(wc_Sha256* sha256, const byte* data, + byte* hash) +{ + /* Hash the block and reset SHA-256 state. */ + return wc_Sha256HashBlock(sha256, data, hash); +} +#endif /* !WC_LMS_FULL_HASH */ + +/* Hash data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len, + byte* hash) +{ + int ret; + +#ifndef WC_LMS_FULL_HASH + if (len < WC_SHA256_BLOCK_SIZE) { + /* Store data into SHA-256 object's buffer. */ + LMS_SHA256_SET_DATA(sha256, data, len); + ret = wc_Sha256Final(sha256, hash); + } + else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) { + ret = wc_Sha256HashBlock(sha256, data, NULL); + if (ret == 0) { + byte* buffer = (byte*)sha256->buffer; + int rem = len - WC_SHA256_BLOCK_SIZE; + + XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem); + buffer[rem++] = 0x80; + XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem); + buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5); + buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3); + ret = wc_Sha256HashBlock(sha256, buffer, hash); + } + } + else { + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, hash); + } + } +#else + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, hash); + } +#endif /* !WC_LMS_FULL_HASH */ + + return ret; +} + +/* Update hash with first data. + * + * Sets the data directly into SHA-256's buffer if valid. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_first(wc_Sha256* sha256, const byte* data, + word32 len) +{ + int ret = 0; + +#ifndef WC_LMS_FULL_HASH + if (len < WC_SHA256_BLOCK_SIZE) { + /* Store data into SHA-256 object's buffer. */ + LMS_SHA256_SET_DATA(sha256, data, len); + } + else +#endif /* !WC_LMS_FULL_HASH */ + { + ret = wc_Sha256Update(sha256, data, len); + } + + return ret; +} + +/* Update hash with further data. + * + * Adds the data directly into SHA-256's buffer if valid. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data, + word32 len) +{ + int ret = 0; + +#ifndef WC_LMS_FULL_HASH + if (sha256->buffLen + len < WC_SHA256_BLOCK_SIZE) { + /* Add data to SHA-256 object's buffer. */ + LMS_SHA256_ADD_DATA(sha256, data, len); + } + else if (sha256->buffLen + len < 2 * WC_SHA256_BLOCK_SIZE) { + byte* buffer = (byte*)sha256->buffer; + + XMEMCPY(buffer + sha256->buffLen, data, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + ret = wc_Sha256HashBlock(sha256, buffer, NULL); + if (ret == 0) { + int rem = len - (WC_SHA256_BLOCK_SIZE - sha256->buffLen); + XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE - sha256->buffLen, rem); + sha256->buffLen = rem; + sha256->loLen += len; + } + } + else { + ret = wc_Sha256Update(sha256, data, len); + } +#else + ret = wc_Sha256Update(sha256, data, len); +#endif /* !WC_LMS_FULL_HASH */ + + return ret; +} + +/* Finalize hash. + * + * @param [in] sha256 SHA-256 hash object. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash) +{ +#ifndef WC_LMS_FULL_HASH + int ret = 0; + byte* buffer = (byte*)sha256->buffer; + + buffer[sha256->buffLen++] = 0x80; + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + ret = wc_Sha256HashBlock(sha256, buffer, NULL); + sha256->buffLen = 0; + } + if (ret == 0) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen); + sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29); + sha256->loLen = sha256->loLen << 3; + #ifdef LITTLE_ENDIAN_ORDER + sha256->buffer[14] = ByteReverseWord32(sha256->hiLen); + sha256->buffer[15] = ByteReverseWord32(sha256->loLen); + #else + sha256->buffer[14] = sha256->hiLen; + sha256->buffer[15] = sha256->loLen; + #endif + ret = wc_Sha256HashBlock(sha256, buffer, hash); + sha256->buffLen = 0; + sha256->hiLen = 0; + sha256->loLen = 0; + } + + return ret; +#else + return wc_Sha256Final(sha256, hash); +#endif +} + +/*************************************** + * LM-OTS APIs + **************************************/ + +/* Expand Q to and array of Winternitz width bits values plus checksum. + * + * Supported Winternitz widths: 8, 4, 2, 1. + * + * Algorithm 2: Checksum Calculation + * sum = 0 + * for ( i = 0; i < (n*8/w); i = i + 1 ) { + * sum = sum + (2^w - 1) - coef(S, i, w) + * } + * return (sum << ls) + * Section 3.1.3: Strings of w-Bit Elements + * coef(S, i, w) = (2^w - 1) AND + * ( byte(S, floor(i * w / 8)) >> + * (8 - (w * (i % (8 / w)) + w)) ) + * Combine coefficient expansion with checksum calculation. + * + * @param [in] q Q array of bytes. + * @param [in] n Number of bytes in Q. + * @param [in] w Winternitz width in bits. + * @param [in] ls Left shift of checksum. + * @param [out] qe Expanded Q with checksum. + * @return 0 on success. + * @return BAD_FUNC_ARG when Winternitz width is not supported. + */ +static WC_INLINE int wc_lmots_q_expand(byte* q, word8 n, word8 w, word8 ls, + byte* qe) +{ + int ret = 0; + word16 sum; + unsigned int i; + +#ifndef WOLFSSL_WC_LMS_SMALL + switch (w) { + /* Winternitz width of 8. */ + case 8: + /* No expansion required, just copy. */ + XMEMCPY(qe, q, n); + /* Start sum with all 2^w - 1s and subtract from that. */ + sum = 0xff * n; + /* For each byte of the hash. */ + for (i = 0; i < n; i++) { + /* Subtract coefficient from sum. */ + sum -= q[i]; + } + /* Put coefficients of checksum on the end. */ + qe[n + 0] = (word8)(sum >> 8); + qe[n + 1] = (word8)(sum ); + break; + /* Winternitz width of 4. */ + case 4: + sum = 2 * 0xf * n; + /* For each byte of the hash. */ + for (i = 0; i < n; i++) { + /* Get coefficient. */ + qe[0] = (q[i] >> 4) ; + qe[1] = (q[i] ) & 0xf; + /* Subtract coefficients from sum. */ + sum -= qe[0]; + sum -= qe[1]; + /* Move to next coefficients. */ + qe += 2; + } + /* Put coefficients of checksum on the end. */ + qe[0] = (word8)((sum >> 8) & 0xf); + qe[1] = (word8)((sum >> 4) & 0xf); + qe[2] = (word8)((sum ) & 0xf); + break; + /* Winternitz width of 2. */ + case 2: + sum = 4 * 0x3 * n; + /* For each byte of the hash. */ + for (i = 0; i < n; i++) { + /* Get coefficients. */ + qe[0] = (q[i] >> 4) ; + qe[0] = (q[i] >> 6) ; + qe[1] = (q[i] >> 4) & 0x3; + qe[2] = (q[i] >> 2) & 0x3; + qe[3] = (q[i] ) & 0x3; + /* Subtract coefficients from sum. */ + sum -= qe[0]; + sum -= qe[1]; + sum -= qe[2]; + sum -= qe[3]; + /* Move to next coefficients. */ + qe += 4; + } + /* Put coefficients of checksum on the end. */ + qe[0] = (word8)((sum >> 8) & 0x3); + qe[1] = (word8)((sum >> 6) & 0x3); + qe[2] = (word8)((sum >> 4) & 0x3); + qe[3] = (word8)((sum >> 2) & 0x3); + qe[4] = (word8)((sum ) & 0x3); + break; + /* Winternitz width of 1. */ + case 1: + sum = 8 * 0x01 * n; + /* For each byte of the hash. */ + for (i = 0; i < n; i++) { + /* Get coefficients. */ + qe[0] = (q[i] >> 4) ; + qe[0] = (q[i] >> 7) ; + qe[1] = (q[i] >> 6) & 0x1; + qe[2] = (q[i] >> 5) & 0x1; + qe[3] = (q[i] >> 4) & 0x1; + qe[4] = (q[i] >> 3) & 0x1; + qe[5] = (q[i] >> 2) & 0x1; + qe[6] = (q[i] >> 1) & 0x1; + qe[7] = (q[i] ) & 0x1; + /* Subtract coefficients from sum. */ + sum -= qe[0]; + sum -= qe[1]; + sum -= qe[2]; + sum -= qe[3]; + sum -= qe[4]; + sum -= qe[5]; + sum -= qe[6]; + sum -= qe[7]; + /* Move to next coefficients. */ + qe += 8; + } + /* Put coefficients of checksum on the end. */ + qe[0] = (word8)((sum >> 8) ); + qe[1] = (word8)((sum >> 7) & 0x1); + qe[2] = (word8)((sum >> 6) & 0x1); + qe[3] = (word8)((sum >> 5) & 0x1); + qe[4] = (word8)((sum >> 4) & 0x1); + qe[5] = (word8)((sum >> 3) & 0x1); + qe[6] = (word8)((sum >> 2) & 0x1); + qe[7] = (word8)((sum >> 1) & 0x1); + qe[8] = (word8)((sum ) & 0x1); + break; + default: + ret = BAD_FUNC_ARG; + break; + } + + (void)ls; +#else + int j; + + if ((w != 8) && (w != 4) && (w != 2) && (w != 1)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Start sum with all 2^w - 1s and subtract from that. */ + sum = ((1 << w) - 1) * ((n * 8) / w); + /* For each byte of the hash. */ + for (i = 0; i < n; i++) { + /* Get next byte. */ + byte a = *(q++); + /* For each width bits of byte. */ + for (j = 8 - w; j >= 0; j -= w) { + /* Get coefficient. */ + *qe = a >> (8 - w); + /* Subtract coefficient from sum. */ + sum -= *qe; + /* Move to next coefficient. */ + qe++; + /* Remove width bits. */ + a <<= w; + } + } + /* Shift sum up as required to pack it on the end of hash. */ + sum <<= ls; + /* For each width buts of checksum. */ + for (j = 16 - w; j >= ls; j--) { + /* Get coefficient. */ + *(qe++) = sum >> (16 - w); + /* Remove width bits. */ + sum <<= w; + } + } +#endif /* !WOLFSSL_WC_LMS_SMALL */ + + return ret; +} + +/* Calculate the hash for the message. + * + * Algorithm 3: Generating a One-Time Signature From a Private Key and a + * Message + * ... + * 5. Compute the array y as follows: + * Q = H(I || u32str(q) || u16str(D_MESG) || C || message) + * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature, + * Message, Signature Typecode pubtype, and Identifiers I, q + * ... + * 3. Compute the string Kc as follows: + * Q = H(I || u32str(q) || u16str(D_MESG) || C || message) + * + * @param [in, out] state LMS state. + * @param [in] msg Message to hash. + * @param [in] msgSz Length of message in bytes. + * @param [in] c C or randomizer value. + * @param [out] q Computed Q value. + * @return 0 on success. + */ +static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz, + const byte* c, byte* q) +{ + int ret; + byte* buffer = state->buffer; + byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN; + + /* I || u32str(q) || u16str(D_MESG) */ + c16toa(LMS_D_MESG, ip); + /* H(I || u32str(q) || u16str(D_MESG) || ...) */ + ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN); + if (ret == 0) { + /* H(... || C || ...) */ + ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN); + } + if (ret == 0) { + /* H(... || message) */ + ret = wc_lms_hash_update(&state->hash, msg, msgSz); + } + if (ret == 0) { + /* Q = H(...) */ + ret = wc_lms_hash_final(&state->hash, q); + } + + return ret; +} + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Compute array y, intermediates of public key calculation, for signature. + * + * Verification will perform the remaining iterations of hashing. + * + * Algorithm 3: Generating a One-Time Signature From a Private Key and a + * Message + * ... + * 5. Compute the array y as follows: + * Q = H(I || u32str(q) || u16str(D_MESG) || C || message) + * for ( i = 0; i < p; i = i + 1 ) { + * a = coef(Q || Cksm(Q), i, w) + * tmp = x[i] + * for ( j = 0; j < a; j = j + 1 ) { + * tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) + * } + * y[i] = tmp + * } + * x[i] can be calculated on the fly using psueodo key generation in Appendix A. + * Appendix A, The elements of the LM-OTS private keys are computed as: + * x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). + * + * @param [in, out] state LMS state. + * @param [in] seed Seed to hash. + * @param [in] msg Message to sign. + * @param [in] msgSZ Length of message in bytes. + * @param [in] c C or randomizer value to hash. + * @param [out] y Calculated intermediate hashes. + * @return 0 on success. + */ +static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, + const byte* msg, word32 msgSz, const byte* c, byte* y) +{ + const LmsParams* params = state->params; + int ret = 0; + word16 i; + byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN]; +#ifdef WOLFSSL_SMALL_STACK + byte* a = state->a; +#else + byte a[LMS_MAX_P]; +#endif /* WOLFSSL_SMALL_STACK */ + byte* buffer = state->buffer; + byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN; + byte* jp = ip + LMS_P_LEN; + byte* tmp = jp + LMS_W_LEN; + + /* Q = H(I || u32str(q) || u16str(D_MESG) || C || message) */ + ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); + if (ret == 0) { + /* Calculate checksum list all coefficients. */ + ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + a); + } + #ifndef WC_LMS_FULL_HASH + if (ret == 0) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + } + #endif /* !WC_LMS_FULL_HASH */ + + /* Compute y for each coefficient. */ + for (i = 0; (ret == 0) && (i < params->p); i++) { + unsigned int j; + + /* tmp = x[i] + * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ + c16toa(i, ip); + *jp = LMS_D_FIXED; + XMEMCPY(tmp, seed, LMS_SEED_LEN); + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + + /* Apply the hash function coefficient number of times. */ + for (j = 0; (ret == 0) && (j < a[i]); j++) { + /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ + *jp = j; + /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + } + + if (ret == 0) { + /* y[i] = tmp */ + XMEMCPY(y, tmp, LMS_MAX_NODE_LEN); + y += LMS_MAX_NODE_LEN; + } + } + + return ret; +} +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + +/* Compute public key candidate K from signature. + * + * Signing performed the first coefficient number of iterations of hashing. + * + * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature, + * Message, Signature Typecode pubtype, and Identifiers I, q + * ... + * 3. Compute the string Kc as follows: + * Q = H(I || u32str(q) || u16str(D_MESG) || C || message) + * for ( i = 0; i < p; i = i + 1 ) { + * a = coef(Q || Cksm(Q), i, w) + * tmp = y[i] + * for ( j = a; j < 2^w - 1; j = j + 1 ) { + * tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) + * } + * z[i] = tmp + * } + * Kc = H(I || u32str(q) || u16str(D_PBLC) || + * z[0] || z[1] || ... || z[p-1]) + * 4, Return Kc. + * + * @param [in, out] state LMS state. + * @param [in] msg Message to compute Kc for. + * @param [in] msgSz Length of message in bytes. + * @param [in] c C or randomizer value from signature. + * @param [in] sig_y Part of signature containing array y. + * @param [out] kc Kc or public key candidate K. + * @return 0 on success. + */ +static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, + word32 msgSz, const byte* c, const byte* sig_y, byte* kc) +{ + const LmsParams* params = state->params; + int ret; + word16 i; + byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN]; +#ifdef WOLFSSL_SMALL_STACK + byte* a = state->a; +#else + byte a[LMS_MAX_P]; +#endif /* WOLFSSL_SMALL_STACK */ + byte* buffer = state->buffer; + byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN; + byte* jp = ip + LMS_P_LEN; + byte* tmp = jp + LMS_W_LEN; + unsigned int max = ((unsigned int)1 << params->width) - 1; + + /* I || u32str(q) || u16str(D_PBLC). */ + c16toa(LMS_D_PBLC, ip); + /* H(I || u32str(q) || u16str(D_PBLC) || ...). */ + ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN); + if (ret == 0) { + /* Q = H(I || u32str(q) || u16str(D_MESG) || C || message) */ + ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); + } + if (ret == 0) { + /* Calculate checksum list all coefficients. */ + ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + a); + } + #ifndef WC_LMS_FULL_HASH + if (ret == 0) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + } + #endif /* !WC_LMS_FULL_HASH */ + + /* Compute z for each coefficient. */ + for (i = 0; (ret == 0) && (i < params->p); i++) { + unsigned int j; + + /* I || u32(str) || u16str(i) || ... */ + c16toa(i, ip); + + /* tmp = y[i]. + * I || u32(str) || u16str(i) || ... || tmp */ + XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN); + sig_y += LMS_MAX_NODE_LEN; + + /* Finish iterations of hash from coefficient to max. */ + for (j = a[i]; (ret == 0) && (j < max); j++) { + /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ + *jp = (word8)j; + /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + } + + if (ret == 0) { + /* H(... || z[i] || ...) (for calculating Kc). */ + ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + } + } + + if (ret == 0) { + /* Kc = H(...) */ + ret = wc_lms_hash_final(&state->hash_k, kc); + } + + return ret; +} + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Generate LM-OTS public key. + * + * Caller set: state->buffer = I || u32str(q) + * + * Algorithm 1: Generating a One-Time Signature Public Key From a Private Key + * ... + * 4. Compute the string K as follows: + * for ( i = 0; i < p; i = i + 1 ) { + * tmp = x[i] + * for ( j = 0; j < 2^w - 1; j = j + 1 ) { + * tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) + * } + * y[i] = tmp + * } + * K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) + * ... + * x[i] can be calculated on the fly using psueodo key generation in Appendix A. + * Appendix A, The elements of the LM-OTS private keys are computed as: + * x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). + * + * @param [in, out] state LMS state. + * @param [in] seed Seed to hash. + * @param [out] k K, the public key hash, or OTS_PUB_HASH + */ +static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) +{ + const LmsParams* params = state->params; + int ret; + word16 i; + byte* buffer = state->buffer; + byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN; + byte* jp = ip + LMS_P_LEN; + byte* tmp = jp + LMS_W_LEN; + unsigned int max = ((unsigned int)1 << params->width) - 1; + + /* I || u32str(q) || u16str(D_PBLC). */ + c16toa(LMS_D_PBLC, ip); + /* K = H(I || u32str(q) || u16str(D_PBLC) || ...) */ + ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN); + +#ifndef WC_LMS_FULL_HASH + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); +#endif /* !WC_LMS_FULL_HASH */ + + for (i = 0; (ret == 0) && (i < params->p); i++) { + unsigned int j; + + /* tmp = x[i] + * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ + c16toa(i, ip); + *jp = LMS_D_FIXED; + XMEMCPY(tmp, seed, LMS_SEED_LEN); + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + /* Do all iterations to calculate y. */ + for (j = 0; (ret == 0) && (j < max); j++) { + /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ + *jp = (word8)j; + /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + } + if (ret == 0) { + /* K = H(... || y[i] || ...) */ + ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + } + } + if (ret == 0) { + /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ + ret = wc_lms_hash_final(&state->hash_k, k); + } + + return ret; +} + +/* Encode the LM-OTS public key. + * + * Encoded into public key and signature if more than one level. + * T[1] is already in place. Putting in: type, ostype and I. + * + * Section 4.3: + * u32str(type) || u32str(otstype) || I || T[1] + * + * @param [in] params LMS parameters. + * @param [in] priv LMS private ley. + * @param [out] pub LMS public key. + */ +static void wc_lmots_public_key_encode(const LmsParams* params, + const byte* priv, byte* pub) +{ + const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN; + + /* u32str(type) || ... || T(1) */ + c32toa(params->lmsType, pub); + pub += 4; + /* u32str(type) || u32str(otstype) || ... || T(1) */ + c32toa(params->lmOtsType, pub); + pub += 4; + /* u32str(type) || u32str(otstype) || I || T(1) */ + XMEMCPY(pub, priv_i, LMS_I_LEN); +} +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + +/* Check the public key matches the parameters. + * + * @param [in] params LMS parameters. + * @param [in] pub Public key. + * @return 0 on success. + * @return PUBLIC_KEY_E when LMS or LM-OTS type doesn't match. + */ +static int wc_lmots_public_key_check(const LmsParams* params, const byte* pub) +{ + int ret = 0; + word32 type; + + /* Get message hash and height type. */ + ato32(pub, &type); + pub += 4; + /* Compare with parameters. */ + if (type != params->lmsType) { + ret = PUBLIC_KEY_E; + } + if (ret == 0) { + /* Get node hash and Winternitz width type. */ + ato32(pub, &type); + /* Compare with parameters. */ + if (type != params->lmOtsType) { + ret = PUBLIC_KEY_E; + } + } + + return ret; +} + +/* Calculate public key candidate K from signature. + * + * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature, + * Message, Signature Typecode pubtype, and Identifiers I, q + * ... + * 2. Parse sigtype, C, and y from the signature as follows: + * a. sigtype = strTou32(first 4 bytes of signature) + * b. If sigtype is not equal to pubtype, return INVALID. + * ... + * d. C = next n bytes of signature + * e. y[0] = next n bytes of signature + * y[1] = next n bytes of signature + * ... + * y[p-1] = next n bytes of signature + * 3. Compute the string Kc as follows: + * ... + * + * @param [in, out] state LMS state. + * @param [in] pub LMS public key. + * @param [in] msg Message/next private key to verify. + * @param [in] msgSz Length of message in bytes. + * @param [in] sig Signature including type, C and y[0..p-1]. + * @param [out] kc Public key candidate Kc. + */ +static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, + word32 msgSz, const byte* sig, byte* kc) +{ + int ret = 0; + + /* Check signature type. */ + if (XMEMCMP(pub, sig, LMS_TYPE_LEN) != 0) { + ret = SIG_TYPE_E; + } + if (ret == 0) { + /* Get C or randomizer value from signature. */ + const byte* c = sig + LMS_TYPE_LEN; + /* Get array y from signature. */ + const byte* y = c + LMS_MAX_NODE_LEN; + + /* Compute the public key candidate Kc from the signature. */ + ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc); + } + + return ret; +} + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Generate LM-OTS private key. + * + * Algorithm 5: Computing an LMS Private Key + * But use Appendix A to generate x on the fly. + * PRIV = SEED | I + * + * @param [in] rng Random number generator. + * @param [out] priv Private key data. + */ +static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv) +{ + return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN); +} + +/* Generate LM-OTS signature. + * + * Algorithm 3: Generating a One-Time Signature From a Private Key and a + * Message + * ... + * 4. Set C to a uniformly random n-byte string + * 5. Compute the array y as follows: + * ... + * 6. Return u32str(type) || C || y[0] || ... || y[p-1] + * + * @param [in, out] state LMS state. + * @param [in] seed Private key seed. + * @param [in] msg Message to be signed. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Signature buffer. + * @return 0 on success. + */ +static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg, + word32 msgSz, byte* sig) +{ + int ret; + byte* buffer = state->buffer; + byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN; + byte* jp = ip + LMS_P_LEN; + byte* tmp = jp + LMS_W_LEN; + byte* sig_c = sig; + + /* I || u32str(q) || u16str(0xFFFD) || ... */ + c16toa(LMS_D_C, ip); + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */ + *jp = LMS_D_FIXED; + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, LMS_SEED_LEN); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ +#ifndef WC_LMS_FULL_HASH + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, sig_c); +#else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c); +#endif /* !WC_LMS_FULL_HASH */ + + if (ret == 0) { + byte* sig_y = sig_c + LMS_MAX_NODE_LEN; + + /* Compute array y. + * sig = u32str(type) || C || y[0] || ... || y[p-1] */ + ret = wc_lmots_compute_y_from_seed(state, seed, msg, msgSz, sig_c, + sig_y); + } + + return ret; +} +#endif /* WOLFSSL_LMS_VERIFY_ONLY */ + +/*************************************** + * LMS APIs + **************************************/ + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +#ifndef WOLFSSL_WC_LMS_SMALL +/* Load the LMS private state from data. + * + * @param [in] params LMS parameters. + * @param [out] state Private key state. + * @param [in] priv_data Private key data. + */ +static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state, + byte* priv_data) +{ + /* Authentication path data. */ + state->auth_path = priv_data; + priv_data += params->height * LMS_MAX_NODE_LEN; + + /* Stack of nodes. */ + state->stack.stack = priv_data; + priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + ato32(priv_data, &state->stack.offset); + priv_data += 4; + + /* Cached root nodes. */ + state->root = priv_data; + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + + /* Cached leaf nodes. */ + state->leaf.cache = priv_data; + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + ato32(priv_data, &state->leaf.idx); + priv_data += 4; + ato32(priv_data, &state->leaf.offset); + /* priv_data += 4; */ +} + +/* Store the LMS private state into data. + * + * @param [in] params LMS parameters. + * @param [in] state Private key state. + * @param [in, out] priv_data Private key data. + */ +static void wc_lms_priv_state_store(const LmsParams* params, + LmsPrivState* state, byte* priv_data) +{ + /* Authentication path data. */ + priv_data += params->height * LMS_MAX_NODE_LEN; + + /* Stack of nodes. */ + priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + c32toa(state->stack.offset, priv_data); + priv_data += 4; + + /* Cached root nodes. */ + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + + /* Cached leaf nodes. */ + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + c32toa(state->leaf.idx, priv_data); + priv_data += 4; + c32toa(state->leaf.offset, priv_data); + /* priv_data += 4; */ +} + +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING +/* Copy LMS private key state. + * + * @param [in] params LMS parameters. + * @param [out] dst LMS private state destination. + * @param [in] src LMS private state source. + */ +static void wc_lms_priv_state_copy(const LmsParams* params, + LmsPrivState* dst, const LmsPrivState* src) +{ + XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height, + params->rootLevels, params->cacheBits)); + dst->stack.offset = src->stack.offset; + dst->leaf.idx = src->leaf.idx; + dst->leaf.offset = src->leaf.offset; +} +#endif /* !WOLFSSL_LMS_NO_SIGN_SMOOTHING */ +#endif /* !WOLFSSL_WC_LMS_SMALL */ + +/* Calculate the leaf node hash. + * + * Assumes buffer already contains : I + * + * Appendix C. + * ... + * temp = H(I || u32str(r)|| u16str(D_LEAF) || OTS_PUB_HASH[i]) + * ... + * Section 5.3. LMS Public Key + * ... where we denote the public + * key final hash value (namely, the K value computed in Algorithm 1) + * associated with the i-th LM-OTS private key as OTS_PUB_HASH[i], ... + * Algorithm 1: Generating a One-Time Signature Public Key From a + * Private Key + * ... + * K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) + * ... + * Therefore: + * OTS_PUB_HASH[i] = H(I || u32str(i) || u16str(D_PBLC) || + * y[0] || ... || y[p-1]) + * + * @param [in, out] state LMS state. + * @param [in] seed Private seed to generate x. + * @param [in] i Index of leaf. + * @param [in] r Leaf hash index. + * @param [out] leaf Leaf node hash. + */ +static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, + word32 r, byte* leaf) +{ + int ret; + byte* buffer = state->buffer; + byte* rp = buffer + LMS_I_LEN; + byte* dp = rp + LMS_R_LEN; + byte* ots_pub_hash = dp + LMS_D_LEN; + + /* I || u32str(i) || ... */ + c32toa(i, rp); + /* OTS_PUB_HASH[i] = H(I || u32str(i) || u16str(D_PBLC) || + * y[0] || ... || y[p-1]) + */ + ret = wc_lmots_make_public_hash(state, seed, ots_pub_hash); + if (ret == 0) { + /* I || u32str(r) || ... || OTS_PUB_HASH[i] */ + c32toa(r, rp); + /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */ + c16toa(LMS_D_LEAF, dp); + /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */ + #ifndef WC_LMS_FULL_HASH + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, leaf); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf); + #endif /* !WC_LMS_FULL_HASH */ + } + + return ret; +} + +/* Calculate interior node hash. + * + * Appendix C. n Iterative Algorithm for Computing an LMS Public Key + * Generating an LMS Public Key from an LMS Private Key + * ... + * left_side = pop(data stack); + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + * ... + * Popping the stack is done in the caller. + * + * @param [in, out] state LMS state. + * @param [in] sp Stack pointer to left nodes. + * @param [in] r Node hash index. + * @param [out] node Interior node hash. + */ +static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r, + byte* node) +{ + byte* buffer = state->buffer; + byte* rp = buffer + LMS_I_LEN; + byte* left = rp + LMS_R_LEN + LMS_D_LEN; + + /* I || u32str(r) || u16str(D_INTR) || ... || temp */ + c32toa(r, rp); + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, LMS_MAX_NODE_LEN); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node); +} + +#ifdef WOLFSSL_WC_LMS_SMALL +/* Computes hash of the Merkle tree and gets the authentication path for q. + * + * Appendix C: An Iterative Algorithm for Computing an LMS Public Key + * for ( i = 0; i < 2^h; i = i + 1 ) { + * r = i + num_lmots_keys; + * temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) + * j = i; + * while (j % 2 == 1) { + * r = (r - 1)/2; + * j = (j-1) / 2; + * left_side = pop(data stack); + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + * } + * push temp onto the data stack + * } + * public_key = pop(data stack) + * + * @param [in, out] state LMS state. + * @param [in] id Unique tree identifier, I. + * @param [in] seed Private seed to generate x. + * @param [in] max Count of leaf nodes to calculate. Must be greater + * than q. Must be a power of 2. + * @param [in] q Index for authentication path. + * @param [out] auth_path Authentication path for index. + * @param [out] pub LMS public key. + * @param [out] stack_d Where to store stack data. + * @return 0 on success. + */ +static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, + word32 q, byte* auth_path, byte* pub) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte* rp = buffer + LMS_I_LEN; + byte* dp = rp + LMS_R_LEN; + byte* left = dp + LMS_D_LEN; + byte* temp = left + LMS_MAX_NODE_LEN; +#ifdef WOLFSSL_SMALL_STACK + byte* stack = NULL; +#else + byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN]; +#endif /* WOLFSSL_SMALL_STACK */ + byte* sp; + word32 i; + + /* I || ... */ + XMEMCPY(buffer, id, LMS_I_LEN); + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate stack of left side hashes. */ + stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (stack == NULL) { + ret = MEMORY_E; + } +#endif /* WOLFSSL_SMALL_STACK */ + sp = stack; + + /* Compute all nodes requested. */ + for (i = 0; (ret == 0) && (i < ((word32)1 << params->height)); i++) { + word32 j = i; + word16 h = 0; + /* r = i + num_lmots_keys */ + word32 r = i + ((word32)1 << (params->height)); + + /* Calculate leaf node hash. */ + ret = wc_lms_leaf_hash(state, seed, i, r, temp); + + /* Store the node if on the authentication path. */ + if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { + XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + } + + /* I || ... || u16str(D_INTR) || ... || temp */ + c16toa(LMS_D_INTR, dp); + /* Calculate parent node is we have both left and right. */ + while ((ret == 0) && ((j & 0x1) == 1)) { + /* Get parent node index. r and j are odd. */ + r >>= 1; + j >>= 1; + h++; + + /* Calculate interior node hash. + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + */ + sp -= LMS_MAX_NODE_LEN; + ret = wc_lms_interior_hash(state, sp, r, temp); + + /* Copy out node to authentication path if on path. */ + if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { + XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, + LMS_MAX_NODE_LEN); + } + } + /* Push temp onto the data stack. */ + XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); + sp += LMS_MAX_NODE_LEN; + } + + if ((ret == 0) && (pub != NULL)) { + /* Public key, root node, is top of data stack. */ + XMEMCPY(pub, stack, LMS_MAX_NODE_LEN); + } +#ifdef WOLFSSL_SMALL_STACK + XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ + return ret; +} + +/* Compute the LMS public key - root node of tree. + * + * @param [in, out] state LMS state. + * @param [in] id Unique tree identifier, I. + * @param [in] seed Private seed to generate x. + * @param [out] pub LMS public key. + * @return 0 on success. + */ +static int wc_lms_make_public_key(LmsState* state, const byte* id, + const byte* seed, byte* pub) +{ + return wc_lms_treehash(state, id, seed, 0, NULL, pub); +} + +/* Calculate the authentication path. + * + * @param [in, out] state LMS state. + * @param [in] id Public random: I. + * @param [in] seed Private random: SEED. + * @param [in] q Index of leaf. + * @param [out] sig Signature buffer to place authentication path into. + * @param [out] root Root node of tree. + * @return 0 on success. + */ +static int wc_lms_auth_path(LmsState* state, const byte* id, const byte* seed, + word32 q, byte* sig, byte* root) +{ + return wc_lms_treehash(state, id, seed, q, sig, root); +} +#else +/* Computes hash of the Merkle tree and gets the authentication path for q. + * + * Appendix C: An Iterative Algorithm for Computing an LMS Public Key + * for ( i = 0; i < 2^h; i = i + 1 ) { + * r = i + num_lmots_keys; + * temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) + * j = i; + * while (j % 2 == 1) { + * r = (r - 1)/2; + * j = (j-1) / 2; + * left_side = pop(data stack); + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + * } + * push temp onto the data stack + * } + * public_key = pop(data stack) + * + * @param [in, out] state LMS state. + * @param [in, out] privState LMS state of the private key. + * @param [in] id Unique tree identifier, I. + * @param [in] seed Private seed to generate x. + * @param [in] q Index for authentication path. + * @return 0 on success. + */ +static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, + const byte* id, const byte* seed, word32 q) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte* auth_path = privState->auth_path; + byte* root = privState->root; + HssLeafCache* leaf = &privState->leaf; + byte* rp = buffer + LMS_I_LEN; + byte* dp = rp + LMS_R_LEN; + byte* left = dp + LMS_D_LEN; + byte* temp = left + LMS_MAX_NODE_LEN; +#ifdef WOLFSSL_SMALL_STACK + byte* stack = NULL; +#else + byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN]; +#endif /* WOLFSSL_SMALL_STACK */ + word32 spi = 0; + word32 i; + word32 max_h = (word32)1 << params->height; + word32 max_cb = (word32)1 << params->cacheBits; + + privState->stack.offset = 0; + /* Reset the cached stack. */ + leaf->offset = 0; + leaf->idx = q; + if ((q + max_cb) > max_h) { + leaf->idx = max_h - max_cb; + } + + /* I || ... */ + XMEMCPY(buffer, id, LMS_I_LEN); + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate stack of left side hashes. */ + stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (stack == NULL) { + ret = MEMORY_E; + } +#endif /* WOLFSSL_SMALL_STACK */ + + /* Compute all nodes requested. */ + for (i = 0; (ret == 0) && (i < max_h); i++) { + word32 j = i; + word16 h = 0; + /* r = i + num_lmots_keys */ + word32 r = i + max_h; + + /* Calculate leaf node hash. */ + ret = wc_lms_leaf_hash(state, seed, i, r, temp); + + /* Cache leaf node if in range. */ + if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) { + XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + } + + /* Store the node if on the authentication path. */ + if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { + XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + } + + /* I || ... || u16str(D_INTR) || ... || temp */ + c16toa(LMS_D_INTR, dp); + /* Calculate parent node is we have both left and right. */ + while ((ret == 0) && ((j & 0x1) == 1)) { + /* Get parent node index. r and j are odd. */ + r >>= 1; + j >>= 1; + h++; + + /* Calculate interior node hash. + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + */ + spi -= LMS_MAX_NODE_LEN; + ret = wc_lms_interior_hash(state, stack + spi, r, temp); -#ifdef WOLFSSL_HAVE_LMS - #error "Contact wolfSSL to get the implementation of this file" + /* Copy out top root nodes. */ + if ((h > params->height - params->rootLevels) && + ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { + int off = (1 << (params->height - h)) + (i >> h) - 1; + XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + } + + /* Copy out node to authentication path if on path. */ + if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { + XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, + LMS_MAX_NODE_LEN); + } + } + /* Push temp onto the data stack. */ + XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN); + spi += LMS_MAX_NODE_LEN; + + if (i == q - 1) { + XMEMCPY(privState->stack.stack, stack, spi); + privState->stack.offset = spi; + } + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ + return ret; +} + +/* Computes hash of the Merkle tree and gets the authentication path for q. + * + * Appendix C: An Iterative Algorithm for Computing an LMS Public Key + * for ( i = 0; i < 2^h; i = i + 1 ) { + * r = i + num_lmots_keys; + * temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) + * j = i; + * while (j % 2 == 1) { + * r = (r - 1)/2; + * j = (j-1) / 2; + * left_side = pop(data stack); + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) + * } + * push temp onto the data stack + * } + * public_key = pop(data stack) + * + * @param [in, out] state LMS state. + * @param [in, out] privState LMS state of the private key. + * @param [in] id Unique tree identifier, I. + * @param [in] seed Private seed to generate x. + * @param [in] min_idx Minimum leaf index to process. + * @param [in] max_idx Maximum leaf index to process. + * @param [in] q Index for authentication path. + * @param [in] useRoot Whether to use nodes from root cache. + * @return 0 on success. + */ +static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, + const byte* id, const byte* seed, word32 min_idx, word32 max_idx, word32 q, + int useRoot) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte* auth_path = privState->auth_path; + LmsStack* stackCache = &privState->stack; + HssLeafCache* leaf = &privState->leaf; + byte* rp = buffer + LMS_I_LEN; + byte* dp = rp + LMS_R_LEN; + byte* left = dp + LMS_D_LEN; + byte* temp = left + LMS_MAX_NODE_LEN; +#ifdef WOLFSSL_SMALL_STACK + byte* stack = NULL; +#else + byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN]; +#endif /* WOLFSSL_SMALL_STACK */ + byte* sp; + word32 max_cb = (word32)1 << params->cacheBits; + word32 i; + + /* I || ... */ + XMEMCPY(buffer, id, LMS_I_LEN); + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate stack of left side hashes. */ + stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (stack == NULL) { + ret = MEMORY_E; + } +#endif /* WOLFSSL_SMALL_STACK */ + + /* Public key, root node, is top of data stack. */ + XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN); + sp = stack + stackCache->offset; + + /* Compute all nodes requested. */ + for (i = min_idx; (ret == 0) && (i <= max_idx); i++) { + word32 j = i; + word16 h = 0; + /* r = i + num_lmots_keys */ + word32 r = i + ((word32)1 << (params->height)); + + if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) { + /* Calculate offset of node in cache. */ + word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) * + LMS_MAX_NODE_LEN; + /* Copy cached node into working buffer. */ + XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN); + /* I || u32str(i) || ... */ + c32toa(i, rp); + } + else { + /* Calculate leaf node hash. */ + ret = wc_lms_leaf_hash(state, seed, i, r, temp); + + /* Check if this is at the end of the cache and not beyond q plus + * the number of leaf nodes. */ + if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) { + /* Copy working node into cache over old first node. */ + XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp, + LMS_MAX_NODE_LEN); + /* Increase start index as first node replaced. */ + leaf->idx++; + /* Update offset of first leaf node. */ + leaf->offset = (leaf->offset + 1) & (max_cb - 1); + } + } + + /* Store the node if on the authentication path. */ + if ((ret == 0) && ((q ^ 0x1) == i)) { + XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + } + + /* I || ... || u16str(D_INTR) || ... || temp */ + c16toa(LMS_D_INTR, dp); + /* Calculate parent node if we have both left and right. */ + while ((ret == 0) && ((j & 0x1) == 1)) { + /* Get parent node index. r and j are odd. */ + r >>= 1; + j >>= 1; + h++; + + sp -= LMS_MAX_NODE_LEN; + if (useRoot && (h > params->height - params->rootLevels) && + (h <= params->height)) { + /* Calculate offset of cached root node. */ + word32 off = ((word32)1U << (params->height - h)) + + (i >> h) - 1; + XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN), + LMS_MAX_NODE_LEN); + } + else { + /* Calculate interior node hash. + * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || + * temp) + */ + ret = wc_lms_interior_hash(state, sp, r, temp); + } + + /* Copy out top root nodes. */ + if ((ret == 0) && (q == 0) && (!useRoot) && + (h > params->height - params->rootLevels) && + ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { + int off = (1 << (params->height - h)) + (i >> h) - 1; + XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp, + LMS_MAX_NODE_LEN); + } + + /* Copy out node to authentication path if on path. */ + if ((ret == 0) && (((q >> h) ^ 0x1) == j)) { + XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, + LMS_MAX_NODE_LEN); + } + } + if (ret == 0) { + /* Push temp onto the data stack. */ + XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); + sp += LMS_MAX_NODE_LEN; + + /* Save stack after updating first node. */ + if (i == min_idx) { + /* Copy stack back. */ + stackCache->offset = (word32)((size_t)sp - (size_t)stack); + XMEMCPY(stackCache->stack, stack, stackCache->offset); + } + } + } + + if (!useRoot) { + /* Copy stack back. */ + XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN); + stackCache->offset = (word32)((size_t)sp - (size_t)stack); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ + return ret; +} +#endif /* WOLFSSL_WC_LMS_SMALL */ + +/* Sign message using LMS. + * + * Appendix D. Method for Deriving Authentication Path for a Signature. + * Generating an LMS Signature + * ... + * 3. Create the LM-OTS signature for the message: + * ots_signature = lmots_sign(message, LMS_PRIV[q]) + * 4. Compute the array path as follows: + * ... + * 5. S = u32str(q) || ots_signature || u32str(type) || + * path[0] || path[1] || ... || path[h-1] + * ... + * path[] added by caller as it can come from cache. + * + * @param [in, out] state LMS state. + * @param [in] priv LMS private key. + * @param [in] msg Message/public key to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig LMS signature. + * @return 0 on success. + */ +static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, + word32 msgSz, byte* sig) +{ + int ret; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte* s = sig; + const byte* priv_q = priv; + const byte* priv_seed = priv_q + LMS_Q_LEN; + const byte* priv_i = priv_seed + LMS_SEED_LEN; + + /* Setup for hashing: I || Q */ + XMEMCPY(buffer, priv_i, LMS_I_LEN); + XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN); + + /* Copy q from private key. + * S = u32str(q) || ... */ + XMEMCPY(s, priv_q, LMS_Q_LEN); + s += LMS_Q_LEN; + + /* ots_signature = sig = u32str(type) || ... */ + c32toa(state->params->lmOtsType, s); + s += LMS_TYPE_LEN; + /* Sign this level. + * S = u32str(q) || ots_signature || ... */ + ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s); + if (ret == 0) { + /* Skip over ots_signature. */ + s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + /* S = u32str(q) || ots_signature || u32str(type) || ... */ + c32toa(params->lmsType, s); + } + + return ret; +} + +#if !defined(WOLFSSL_WC_LMS_SMALL) && !defined(WOLFSSL_LMS_NO_SIG_CACHE) +/* Copy in the cached signature data. + * + * @param [in] params LMS parameters. + * @param [in] y y cache. + * @param [in] priv Private key data. + * @param [out] sig Signature data. + */ +static void wc_lms_sig_copy(const LmsParams* params, const byte* y, + const byte* priv, byte* sig) +{ + /* Put in q. */ + XMEMCPY(sig, priv, LMS_Q_LEN); + sig += LMS_Q_LEN; + /* S = u32str(q) || ... */ + c32toa(params->lmOtsType, sig); + sig += LMS_TYPE_LEN; + /* S = u32str(q) || ots_signature || ... */ + XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN); + sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + /* S = u32str(q) || ots_signature || u32str(type) || ... */ + c32toa(params->lmsType, sig); +} +#endif /* !WOLFSSL_WC_LMS_SMALL && !WOLFSSL_LMS_NO_SIG_CACHE */ +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + +/* Compute the root node of the LMS tree. + * + * Algorithm 6a: Computing an LMS Public Key Candidate from a Signature, + * Message, Identifier, and Algorithm Typecodes + * ... + * 4. Compute the candidate LMS root value Tc as follows: + * node_num = 2^h + q + * tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) + * i = 0 + * while (node_num > 1) { + * if (node_num is odd): + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * else: + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * node_num = node_num/2 + * i = i + 1 + * } + * Tc = tmp + * 5. Return Tc. + * + * @param [in, out] state LMS state. + * @param [in] q Index of node. + * @param [in] kc K candidate. + * @param [in] path Authentication path from signature. + * @param [out] tc T candidate. + * @return 0 on success. + */ +static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, + const byte* path, byte* tc) +{ + int ret; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte* rp = buffer + LMS_I_LEN; + byte* ip = rp + LMS_Q_LEN; + byte* node = ip + LMS_P_LEN; + byte* b[2][2] = { { node, node + LMS_MAX_NODE_LEN }, + { node + LMS_MAX_NODE_LEN, node } }; + /* node_num = 2^h + q */ + word32 r = (1 << params->height) + q; + + /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */ + c32toa(r, rp); + c16toa(LMS_D_LEAF, ip); + XMEMCPY(node, kc, LMS_MAX_NODE_LEN); + /* Put tmp into offset required for first iteration. */ +#ifndef WC_LMS_FULL_HASH + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); +#else + ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]); +#endif /* !WC_LMS_FULL_HASH */ + + if (ret == 0) { + int i; + + /* I||...||u16str(D_INT)||... */ + c16toa(LMS_D_INTR, ip); + + /* Do all but last height. */ + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); + path += LMS_MAX_NODE_LEN; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, + b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc); + } + } + + return ret; +} + +/* LMS verify message using public key and signature. + * + * Algorithm 6a: Computing an LMS Public Key Candidate from a Signature, + * Message, Identifier, and Algorithm Typecodes + * ... + * 2. Parse sigtype, q, lmots_signature, and path from the signature + * as follows: + * a. q = strTou32(first 4 bytes of signature) + * ... + * e. lmots_signature = bytes 4 through 7 + n * (p + 1) + * of signature + * ... + * j. Set path as follows: + * path[0] = next m bytes of signature + * path[1] = next m bytes of signature + * ... + * path[h-1] = next m bytes of signature + * 3. Kc = candidate public key computed by applying Algorithm 4b + * to the signature lmots_signature, the message, and the + * identifiers I, q + * 4. Compute the candidate LMS root value Tc as follows: + * ... + * 5. Return Tc + * Algorithm 6: LMS Signature Verification + * ... + * 3. Compute the LMS Public Key Candidate Tc from the signature, + * message, identifier, pubtype, and ots_typecode, using + * Algorithm 6a. + * 4. If Tc is equal to T[1], return VALID; otherwise, return INVALID. + * + * @param [in, out] state LMS state. + * @param [in] pub LMS public key. + * @param [in] msg Message/public key to verify. + * @param [in] msgSz Length of message in bytes. + * @param [in] sig LMS signature. + */ +static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, + word32 msgSz, const byte* sig) +{ + int ret; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + const byte* pub_i = pub + LMS_TYPE_LEN + LMS_TYPE_LEN; + const byte* pub_k = pub_i + LMS_I_LEN; + const byte* sig_q = sig; + byte tc[LMS_MAX_NODE_LEN]; + byte* kc = tc; + + /* Algorithm 6. Step 3. */ + /* Check the public key LMS type matches parameters. */ + ret = wc_lmots_public_key_check(params, pub); + if (ret == 0) { + /* Algorithm 6a. Step 2.e. */ + const byte* sig_lmots = sig + LMS_Q_LEN; + + /* Setup buffer with I || Q. */ + XMEMCPY(buffer, pub_i, LMS_I_LEN); + XMEMCPY(buffer + LMS_I_LEN, sig_q, LMS_Q_LEN); + + /* Algorithm 6a. Step 3. */ + ret = wc_lmots_calc_kc(state, pub + LMS_TYPE_LEN, msg, msgSz, + sig_lmots, kc); + } + if (ret == 0) { + /* Algorithm 6a. Step 2.j. */ + const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN + + LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + word32 q; + + /* Algorithm 6a. Step 2.a. */ + ato32(sig_q, &q); + + /* Algorithm 6a. Steps 4-5. */ + ret = wc_lms_compute_root(state, q, kc, sig_path, tc); + } + /* Algorithm 6. Step 4. */ + if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) { + ret = SIG_VERIFY_E; + } + + return ret; +} + +/*************************************** + * HSS APIs + **************************************/ + +#ifndef WOLFSSL_LMS_VERIFY_ONLY +/* Derive the seed and i for child. + * + * @param [in, out] state LMS state. + * @param [in] id Parent's I. + * @param [in] seed Parent's SEED. + * @param [in] q Parent's q. + * @param [out] seed_i Derived SEED and I. + * @return 0 on success. + */ +static int wc_hss_derive_seed_i(LmsState* state, const byte* id, + const byte* seed, const byte* q, byte* seed_i) +{ + int ret = 0; + byte buffer[WC_SHA256_BLOCK_SIZE]; + byte* idp = buffer; + byte* qp = idp + LMS_I_LEN; + byte* ip = qp + LMS_Q_LEN; + byte* jp = ip + LMS_P_LEN; + byte* tmp = jp + LMS_W_LEN; + + /* parent's I || ... */ + XMEMCPY(idp, id, LMS_I_LEN); + /* parent's I || q || ... */ + XMEMCPY(qp, q, LMS_Q_LEN); + /* parent's I || q || D_CHILD_SEED || ... */ + c16toa(LMS_D_CHILD_SEED, ip); + /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */ + *jp = LMS_D_FIXED; + /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */ + XMEMCPY(tmp, seed, LMS_SEED_LEN); + /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */ +#ifndef WC_LMS_FULL_HASH + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, seed_i); +#else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i); +#endif /* !WC_LMS_FULL_HASH */ + + if (ret == 0) { + seed_i += LMS_SEED_LEN; + /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */ + c16toa(LMS_D_CHILD_I, ip); + /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */ + #ifndef WC_LMS_FULL_HASH + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); + #endif /* !WC_LMS_FULL_HASH */ + /* Copy part of hash as new I into private key. */ + XMEMCPY(seed_i, tmp, LMS_I_LEN); + } + + return ret; +} + +/* Get q, index, of leaf at the specified level. */ +#define LMS_Q_AT_LEVEL(q, ls, l, h) \ + (w64GetLow32(w64ShiftRight((q), (((ls) - 1 - (l)) * (h)))) & \ + (((word32)1 << (h)) - 1)) + +/* Expand the seed and I for further levels and set q for each level. + * + * @param [in, out] state LMS state. + * @param [in, out] priv Private key for use in signing. + * @param [in] priv_raw Private key read. + * @param [in] inc Whether this is an incremental expansion. + * @return 0 on success. + */ +static int wc_hss_expand_private_key(LmsState* state, byte* priv, + const byte* priv_raw, int inc) +{ + const LmsParams* params = state->params; + int ret = 0; + w64wrapper q; + w64wrapper qm1; + word32 q32; + byte* priv_q; + byte* priv_seed_i; + int i; + + /* Get the 64-bit q value from the raw private key. */ + ato64(priv_raw, &q); + /* Step over q and parameter set. */ + priv_raw += HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN; + + /* Get q of highest level. */ + q32 = LMS_Q_AT_LEVEL(q, params->levels, 0, params->height); + /* Set q of highest tree. */ + c32toa(q32, priv); + + /* Incremental expansion needs q-1. */ + if (inc) { + /* Calculate q-1 for comparison. */ + qm1 = q; + w64Decrement(&qm1); + } + else { + /* Copy out SEED and I into private key. */ + XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN); + } + + /* Compute SEED and I for rest of levels. */ + for (i = 1; (ret == 0) && (i < params->levels); i++) { + /* Don't skip calculating SEED and I. */ + int skip = 0; + + /* Incremental means q, SEED and I already present if q unchanged. */ + if (inc) { + /* Calculate previous levels q for previous 64-bit q value. */ + word32 qm1_32 = LMS_Q_AT_LEVEL(qm1, params->levels, i - 1, + params->height); + /* Same q at previous level means no need to re-compute. */ + if (q32 == qm1_32) { + /* Do skip calculating SEED and I. */ + skip = 1; + } + } + + /* Get pointers into private q to write q and seed + I. */ + priv_q = priv; + priv += LMS_Q_LEN; + priv_seed_i = priv; + priv += LMS_SEED_I_LEN; + + /* Get q for level from 64-bit composite. */ + q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) * + params->height)) & (((word32)1 << params->height) - 1); + /* Set q of tree. */ + c32toa(q32, priv); + + if (!skip) { + /* Derive SEED and I into private key. */ + ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN, + priv_seed_i, priv_q, priv + LMS_Q_LEN); + } + } + + return ret; +} + +#ifndef WOLFSSL_WC_LMS_SMALL +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING +/* Initialize the next subtree. + * + * @param [in] state LMS state. + * @param [in] privState LMS private state. + * @param [in] curr Current private key. + * @param [in] priv Next private key. + * @param [in] q q for this level. + * @return 0 on success. + */ +static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, + byte* curr, byte* priv, word32 q) +{ + int ret; + const LmsParams* params = state->params; + byte* priv_q; + byte* priv_seed; + byte* priv_i; + word32 pq; + + priv_q = priv; + priv += LMS_Q_LEN; + priv_seed = curr + LMS_Q_LEN; + priv += LMS_SEED_LEN; + priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN; + priv += LMS_I_LEN; + + ato32(curr, &pq); + pq = (pq + 1) & ((1 << params->height) - 1); + c32toa(pq, priv_q); + + privState->stack.offset = 0; + privState->leaf.idx = (word32)-(1 << params->cacheBits); + privState->leaf.offset = 0; + + /* Derive SEED and I for next tree. */ + ret = wc_hss_derive_seed_i(state, priv_i, priv_seed, priv_q, + priv + LMS_Q_LEN); + if (ret == 0) { + /* Update treehash for first leaf. */ + ret = wc_lms_treehash_update(state, privState, + priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0); + } + + return ret; +} + +/* Increment count on next subtree. + * + * @param [in] state LMS state. + * @param [in] priv_key HSS private key. + * @param [in] q64 64-bit q for all levels. + * @return 0 on success. + */ +static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, + w64wrapper q64) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* curr = priv_key->priv; + byte* priv = priv_key->next_priv; + int i; + w64wrapper p64 = q64; + byte tmp_priv[LMS_PRIV_LEN]; + int use_tmp = 0; + int lastQMax = 0; + w64wrapper p64_hi; + w64wrapper q64_hi; + + /* Get previous index. */ + w64Decrement(&p64); + /* Get index of previous and current parent. */ + p64_hi = w64ShiftRight(p64, (params->levels - 1) * params->height); + q64_hi = w64ShiftRight(q64, (params->levels - 1) * params->height); + for (i = 1; (ret == 0) && (i < params->levels); i++) { + word32 qc; + w64wrapper cp64_hi; + w64wrapper cq64_hi; + + /* Get index of previous and current child. */ + cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height); + cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height); + /* Get the q for the child. */ + ato32(curr + LMS_PRIV_LEN, &qc); + + /* Compare index of parent node with previous value. */ + if (w64LT(p64_hi, q64_hi)) { + wc_lms_priv_state_copy(params, &priv_key->state[i], + &priv_key->next_state[i-1]); + ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1], + use_tmp ? tmp_priv : curr, priv, 0); + use_tmp = 0; + } + /* Check whether the child is in a new subtree. */ + else if ((qc == ((word32)1 << params->height) - 1) && + w64LT(cp64_hi, cq64_hi)) { + XMEMSET(tmp_priv, 0, LMS_Q_LEN); + /* Check whether the node at the previous level is also in a new + * subtree. */ + if (lastQMax) { + /* Calculate new SEED and I based on new subtree. */ + ret = wc_hss_derive_seed_i(state, + priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv, + tmp_priv + LMS_Q_LEN); + } + else { + /* Calculate new SEED and I based on parent. */ + ret = wc_hss_derive_seed_i(state, + curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv, + tmp_priv + LMS_Q_LEN); + } + /* Values not stored so note that they are in temporary. */ + use_tmp = 1; + + /* Set the the q. */ + XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN); + } + + lastQMax = (qc == ((word32)1 << params->height) - 1); + curr += LMS_PRIV_LEN; + priv += LMS_PRIV_LEN; + p64_hi = cp64_hi; + q64_hi = cq64_hi; + } + + return ret; +} + +/* Initialize the next subtree for each level bar the highest. + * + * @param [in, out] state LMS state. + * @param [out] priv_key Private key data. + * @return 0 on success. + */ +static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* curr = priv_key->priv; + byte* priv = priv_key->next_priv; + int i; + + XMEMCPY(priv, curr, LMS_PRIV_LEN); + wc_lms_idx_inc(priv, LMS_Q_LEN); + + for (i = 1; (ret == 0) && (i < params->levels); i++) { + word32 q; + + ato32(curr + LMS_PRIV_LEN, &q); + ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1], + curr, priv, q); + + curr += LMS_PRIV_LEN; + priv += LMS_PRIV_LEN; + } + + return ret; +} #endif + +/* Update the authentication path and caches. + * + * @param [in, out] state LMS state. + * @param [in, out] priv_key Private key information. + * @param [in] levels Number of level to start at. + * @param [out] pub_root Public root. + * @return 0 on success. + */ +static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, + byte* pub_root) +{ + int ret = 0; + int levels = state->params->levels; + byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + int l; + + for (l = levels - 1; (ret == 0) && (l >= 0); l--) { + word32 q; + const byte* priv_q = priv; + const byte* priv_seed = priv_q + LMS_Q_LEN; + const byte* priv_i = priv_seed + LMS_SEED_LEN; + + /* Get current q for tree at level. */ + ato32(priv_q, &q); + /* Set cache start to a value that indicates no numbers available. */ + ret = wc_lms_treehash_init(state, &priv_key->state[l], priv_i, + priv_seed, q); + + /* Move onto next level's data. */ + priv -= LMS_PRIV_LEN; + } + + if ((ret == 0) && (pub_root != NULL)) { + XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN); + } + + return ret; +} + +/* Calculate the corresponding authentication path index at that height. + * + * @param [in] i Leaf node index. + * @param [in] h Height to calculate for. + * @return Index on authentication path. + */ +#define LMS_AUTH_PATH_IDX(i, h) \ + (((i) ^ ((word32)1U << (h))) | (((word32)1U << (h)) - 1)) + +/* Update the authentication path. + * + * @param [in, out] state LMS state. + * @param [in, out] priv_key Private key information. + * @param [in] levels Number of level to start at. + * @return 0 on success. + */ +static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, + byte* priv_raw, int levels) +{ + const LmsParams* params = state->params; + int ret = 0; + byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + int i; +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + w64wrapper q64; +#endif + + (void)priv_raw; +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + ato64(priv_raw, &q64); +#endif + + for (i = levels - 1; (ret == 0) && (i >= 0); i--) { + word32 q; + const byte* priv_q = priv; + const byte* priv_seed = priv_q + LMS_Q_LEN; + const byte* priv_i = priv_seed + LMS_SEED_LEN; + LmsPrivState* privState = &priv_key->state[i]; + + /* Get q for tree at level. */ + ato32(priv_q, &q); + #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + + if ((levels > 1) && (i == levels - 1) && (q == 0)) { + /* New sub-tree. */ + ret = wc_hss_next_subtree_inc(state, priv_key, q64); + } + if ((ret == 0) && (q != 0)) + #else + if (q == 0) { + /* New sub-tree. */ + ret = wc_lms_treehash_init(state, privState, priv_i, priv_seed, 0); + } + else + #endif + { + word32 maxq = q - 1; + int h; + int maxh = params->height; + + /* Check each index at each height needed for the auth path. */ + for (h = 0; (h < maxh) && (h <= maxh - params->rootLevels); h++) { + /* Calculate the index for current q and q-1. */ + word32 qa = LMS_AUTH_PATH_IDX(q, h); + word32 qm1a = LMS_AUTH_PATH_IDX(q - 1, h); + /* If different then needs to be computed so keep highest. */ + if ((qa != qm1a) && (qa > maxq)) { + maxq = qa; + } + } + for (; h < maxh; h++) { + /* Calculate the index for current q and q-1. */ + word32 qa = LMS_AUTH_PATH_IDX(q, h); + word32 qm1a = LMS_AUTH_PATH_IDX(q - 1, h); + /* If different then copy in cached hash. */ + if ((qa != qm1a) && (qa > maxq)) { + int off = (1 << (params->height - h)) + (qa >> h) - 1; + XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN, + privState->root + off * LMS_MAX_NODE_LEN, + LMS_MAX_NODE_LEN); + } + } + /* Update the treehash and calculate the extra indices for + * authentication path. */ + ret = wc_lms_treehash_update(state, privState, priv_i, priv_seed, + q - 1, maxq, q, 1); + #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + if ((ret == 0) && (i > 0)) { + w64wrapper tmp64 = w64ShiftRight(q64, + (levels - i) * params->height); + w64Increment(&tmp64); + tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height)); + if (!w64IsZero(tmp64)) { + priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN + + LMS_Q_LEN; + priv_i = priv_seed + LMS_SEED_LEN; + privState = &priv_key->next_state[i - 1]; + + ret = wc_lms_treehash_update(state, privState, priv_i, + priv_seed, q, q, 0, 0); + } + } + #endif + break; + } + + /* Move onto next level's data. */ + priv -= LMS_PRIV_LEN; + } + + return ret; +} + +#if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1) +/* Pre-sign for current q so that it isn't needed in signing. + * + * @param [in, out] state LMS state. + * @param [in, out] priv_key Private key. + */ +static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) +{ + int ret = 0; + const LmsParams* params = state->params; + byte* buffer = state->buffer; + byte pub[LMS_PUBKEY_LEN]; + byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN; + byte* priv = priv_key->priv; + int i; + + for (i = params->levels - 2; i >= 0; i--) { + const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + const byte* priv_q = p; + const byte* priv_seed = priv_q + LMS_Q_LEN; + const byte* priv_i = priv_seed + LMS_SEED_LEN; + + /* ... || T(1) */ + XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN); + /* u32str(type) || u32str(otstype) || I || T(1) */ + p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + wc_lmots_public_key_encode(params, p, pub); + + /* Setup for hashing: I || Q || ... */ + XMEMCPY(buffer, priv_i, LMS_I_LEN); + XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN); + + /* LM-OTS Sign this level. */ + ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN, + priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p)); + } + + return ret; +} +#endif /* !WOLFSSL_LMS_NO_SIG_CACHE && LMS_MAX_LEVELS > 1 */ +#endif /* !WOLFSSL_WC_LMS_SMALL */ + +/* Load the private key data into HSS private key structure. + * + * @param [in] params LMS parameters. + * @param [in, out] key HSS private key. + * @param [in] priv_data Private key data. + */ +static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key, + byte* priv_data) +{ +#ifndef WOLFSSL_WC_LMS_SMALL + int l; +#endif + + /* Expanded private keys. */ + key->priv = priv_data; + priv_data += LMS_PRIV_KEY_LEN(params->levels); + +#ifndef WOLFSSL_WC_LMS_SMALL + for (l = 0; l < params->levels; l++) { + /* Caches for subtree. */ + wc_lms_priv_state_load(params, &key->state[l], priv_data); + priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, + params->cacheBits); + } + +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + /* Next subtree's expanded private keys. */ + key->next_priv = priv_data; + priv_data += LMS_PRIV_KEY_LEN(params->levels); + for (l = 0; l < params->levels - 1; l++) { + /* Next subtree's caches. */ + wc_lms_priv_state_load(params, &key->next_state[l], priv_data); + priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, + params->cacheBits); + } +#endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ + +#ifndef WOLFSSL_LMS_NO_SIG_CACHE + /* Signature cache. */ + key->y = priv_data; +#endif /* WOLFSSL_LMS_NO_SIG_CACHE */ +#endif /* WOLFSSL_WC_LMS_SMALL */ +} + +#ifndef WOLFSSL_WC_LMS_SMALL +/* Store the private key data from HSS private key structure. + * + * @param [in] params LMS parameters. + * @param [in] key HSS private key. + * @param [in, out] priv_data Private key data. + */ +static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key, + byte* priv_data) +{ + int l; + + (void)key; + + /* Expanded private keys. */ + priv_data += LMS_PRIV_KEY_LEN(params->levels); + + for (l = 0; l < params->levels; l++) { + /* Caches for subtrees. */ + wc_lms_priv_state_store(params, &key->state[l], priv_data); + priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, + params->cacheBits); + } +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + /* Next subtree's expanded private keys. */ + priv_data += LMS_PRIV_KEY_LEN(params->levels); + for (l = 0; l < params->levels - 1; l++) { + /* Next subtree's caches. */ + wc_lms_priv_state_store(params, &key->next_state[l], priv_data); + priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, + params->cacheBits); + } +#endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ + +#ifndef WOLFSSL_LMS_NO_SIG_CACHE + /* Signature cache. */ +#endif /* WOLFSSL_LMS_NO_SIG_CACHE */ +} +#endif /* WOLFSSL_WC_LMS_SMALL */ + +/* Expand private key for each level and calculating auth path.. + * + * @param [in, out] state LMS state. + * @param [in] priv_raw Raw private key bytes. + * @param [out] priv_key Private key data. + * @param [out] priv_data Private key data. + * @param [out] pub_root Public key root node. + * @return 0 on success. + */ +int wc_hss_reload_key(LmsState* state, const byte* priv_raw, + HssPrivKey* priv_key, byte* priv_data, byte* pub_root) +{ + int ret; + + (void)pub_root; + + wc_hss_priv_data_load(state->params, priv_key, priv_data); +#ifndef WOLFSSL_WC_LMS_SMALL + priv_key->inited = 0; +#endif + + /* Expand the raw private key into the private key data. */ + ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0); +#ifndef WOLFSSL_WC_LMS_SMALL + if ((ret == 0) && (!priv_key->inited)) { + /* Initialize the authentication paths and caches for all trees. */ + ret = wc_hss_init_auth_path(state, priv_key, pub_root); + #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + if (ret == 0) { + ret = wc_hss_next_subtrees_init(state, priv_key); + } + #endif + #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1) + if (ret == 0) { + /* Calculate signatures for trees not at bottom. */ + ret = wc_hss_presign(state, priv_key); + } + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + /* Set initialized flag. */ + priv_key->inited = (ret == 0); + } +#endif /* WOLFSSL_WC_LMS_SMALL */ + + return ret; +} + +/* Make an HSS key pair. + * + * @param [in, out] state LMS state. + * @param [in] rng Random number generator. + * @param [out] priv_raw Private key to write. + * @param [out] priv_key Private key. + * @param [out] priv_data Private key data. + * @param [out] pub Public key. + * @return 0 on success. + */ +int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, + HssPrivKey* priv_key, byte* priv_data, byte* pub) +{ + const LmsParams* params = state->params; + int ret = 0; + int i; + byte* p = priv_raw; + byte* pub_root = pub + LMS_L_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN; + + /* The 64-bit q starts at 0 - set into raw private key. */ + wc_lms_idx_zero(p, HSS_Q_LEN); + p += HSS_Q_LEN; + + /* Set the LMS and LM-OTS types for each level. */ + for (i = 0; i < params->levels; i++) { + p[i] = (params->lmsType << 4) + params->lmOtsType; + } + /* Set rest of levels to an invalid value. */ + for (; i < HSS_MAX_LEVELS; i++) { + p[i] = 0xff; + } + p += HSS_PRIV_KEY_PARAM_SET_LEN; + + /* Make the private key. */ + ret = wc_lmots_make_private_key(rng, p); + + if (ret == 0) { + /* Set the levels into the public key data. */ + c32toa(params->levels, pub); + pub += LMS_L_LEN; + + ret = wc_hss_reload_key(state, priv_raw, priv_key, priv_data, pub_root); + } + #ifdef WOLFSSL_WC_LMS_SMALL + if (ret == 0) { + byte* priv_seed = priv_key->priv + LMS_Q_LEN; + byte* priv_i = priv_seed + LMS_SEED_LEN; + + /* Compute the root of the highest tree to get the root for public key. + */ + ret = wc_lms_make_public_key(state, priv_i, priv_seed, pub_root); + } + #endif /* !WOLFSSL_WC_LMS_SMALL */ + if (ret == 0) { + /* Encode the public key with remaining fields from the private key. */ + wc_lmots_public_key_encode(params, priv_key->priv, pub); + } + + return ret; +} + +#ifdef WOLFSSL_WC_LMS_SMALL +/* Sign message using HSS. + * + * Algorithm 8: Generating an HSS signature + * 1. If the message-signing key prv[L-1] is exhausted, regenerate + * that key pair, together with any parent key pairs that might + * be necessary. + * If the root key pair is exhausted, then the HSS key pair is + * exhausted and MUST NOT generate any more signatures. + * d = L + * while (prv[d-1].q == 2^(prv[d-1].h)) { + * d = d - 1 + * if (d == 0) + * return FAILURE + * } + * while (d < L) { + * create lms key pair pub[d], prv[d] + * sig[d-1] = lms_signature( pub[d], prv[d-1] ) + * d = d + 1 + * } + * 2. Sign the message. + * sig[L-1] = lms_signature( msg, prv[L-1] ) + * 3. Create the list of signed public keys. + * i = 0; + * while (i < L-1) { + * signed_pub_key[i] = sig[i] || pub[i+1] + * i = i + 1 + * } + * 4. Return u32str(L-1) || signed_pub_key[0] || ... + * || signed_pub_key[L-2] || sig[L-1] + * + * @param [in, out] state LMS state. + * @param [in, out] priv_raw Raw private key bytes. + * @param [in, out] priv_key Private key data. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Signature of message. + * @return 0 on success. + */ +int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, + byte* priv_data, const byte* msg, word32 msgSz, byte* sig) +{ + const LmsParams* params = state->params; + int ret = 0; + byte* priv = priv_key->priv; + + (void)priv_data; + + /* Step 1. Part 2: Check for total key exhaustion. */ + if (!wc_hss_sigsleft(params, priv_raw)) { + ret = KEY_EXHAUSTED_E; + } + + if (ret == 0) { + /* Expand the raw private key into the private key data. */ + ret = wc_hss_expand_private_key(state, priv, priv_raw, 0); + } + if (ret == 0) { + int i; + w64wrapper q; + w64wrapper qm1; + + /* Get 64-bit q from raw private key. */ + ato64(priv_raw, &q); + /* Calculate q-1 for comparison. */ + qm1 = q; + w64Decrement(&qm1); + + /* Set number of signed public keys. */ + c32toa(params->levels - 1, sig); + sig += params->sig_len; + + /* Build from bottom up. */ + for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { + byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* root = NULL; + + /* Move to start of next signature at this level. */ + sig -= LMS_SIG_LEN(params->height, params->p); + if (i != 0) { + /* Put root node into signature at this index. */ + root = sig - LMS_MAX_NODE_LEN; + } + + /* Sign using LMS for this level. */ + ret = wc_lms_sign(state, p, msg, msgSz, sig); + if (ret == 0) { + byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + byte* priv_q = p; + byte* priv_seed = priv_q + LMS_Q_LEN; + byte* priv_i = priv_seed + LMS_SEED_LEN; + word32 q32; + + /* Get Q from private key as a number. */ + ato32(priv_q, &q32); + /* Calculate authentication path. */ + ret = wc_lms_auth_path(state, priv_i, priv_seed, q32, s, root); + } + if ((ret == 0) && (i != 0)) { + /* Create public data for this level if there is another. */ + sig -= LMS_PUBKEY_LEN; + msg = sig; + msgSz = LMS_PUBKEY_LEN; + wc_lmots_public_key_encode(params, p, sig); + } + } + } + if (ret == 0) { + /* Increment index of leaf node to sign with in raw data. */ + wc_lms_idx_inc(priv_raw, HSS_Q_LEN); + } + + return ret; +} +#else +/* Build signature for HSS signed message. + * + * Algorithm 8: Generating an HSS signature + * 1. ... + * while (prv[d-1].q == 2^(prv[d-1].h)) { + * d = d - 1 + * if (d == 0) + * return FAILURE + * } + * while (d < L) { + * create lms key pair pub[d], prv[d] + * sig[d-1] = lms_signature( pub[d], prv[d-1] ) + * d = d + 1 + * } + * 2. Sign the message. + * sig[L-1] = lms_signature( msg, prv[L-1] ) + * 3. Create the list of signed public keys. + * i = 0; + * while (i < L-1) { + * signed_pub_key[i] = sig[i] || pub[i+1] + * i = i + 1 + * } + * 4. Return u32str(L-1) || signed_pub_key[0] || ... + * || signed_pub_key[L-2] || sig[L-1] + * + * @param [in, out] state LMS state. + * @param [in, out] priv_raw Raw private key bytes. + * @param [in, out] priv_key Private key data. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Signature of message. + * @return 0 on success. + */ +static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, + HssPrivKey* priv_key, const byte* msg, word32 msgSz, byte* sig) +{ + const LmsParams* params = state->params; + int ret = 0; + int i; + w64wrapper q; + w64wrapper qm1; + byte* priv = priv_key->priv; + + /* Get 64-bit q from raw private key. */ + ato64(priv_raw, &q); + /* Calculate q-1 for comparison. */ + qm1 = q; + w64Decrement(&qm1); + + /* Set number of signed public keys. */ + c32toa(params->levels - 1, sig); + sig += params->sig_len; + + /* Build from bottom up. */ + for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { + byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* root = NULL; + #ifndef WOLFSSL_LMS_NO_SIG_CACHE + int store_p = 0; + word32 q_32 = LMS_Q_AT_LEVEL(q, params->levels, i, + params->height); + word32 qm1_32 = LMS_Q_AT_LEVEL(qm1, params->levels, i, + params->height); + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + + /* Move to start of next signature at this level. */ + sig -= LMS_SIG_LEN(params->height, params->p); + if (i != 0) { + /* Put root node into signature at this index. */ + root = sig - LMS_MAX_NODE_LEN; + } + + #ifndef WOLFSSL_LMS_NO_SIG_CACHE + /* Check if we have a cached version of C and the p hashes that we + * can reuse. */ + if ((i < params->levels - 1) && (q_32 == qm1_32)) { + wc_lms_sig_copy(params, priv_key->y + + i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig); + } + else + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + { + /* Sign using LMS for this level. */ + ret = wc_lms_sign(state, p, msg, msgSz, sig); + #ifndef WOLFSSL_LMS_NO_SIG_CACHE + store_p = (i < params->levels - 1); + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + } + if (ret == 0) { + byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN; + + #ifndef WOLFSSL_LMS_NO_SIG_CACHE + /* Check if we computed new C and p hashes. */ + if (store_p) { + /* Cache the C and p hashes. */ + XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s, + LMS_PRIV_Y_TREE_LEN(params->p)); + } + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + + LMS_TYPE_LEN; + + /* Copy the authentication path out of the private key. */ + XMEMCPY(s, priv_key->state[i].auth_path, + params->height * LMS_MAX_NODE_LEN); + /* Copy the root node into signature unless at top. */ + if (i != 0) { + XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN); + } + } + if ((ret == 0) && (i != 0)) { + /* Create public data for this level if there is another. */ + sig -= LMS_PUBKEY_LEN; + msg = sig; + msgSz = LMS_PUBKEY_LEN; + wc_lmots_public_key_encode(params, p, sig); + } + } + + return ret; +} + +/* Sign message using HSS. + * + * Algorithm 8: Generating an HSS signature + * 1. If the message-signing key prv[L-1] is exhausted, regenerate + * that key pair, together with any parent key pairs that might + * be necessary. + * If the root key pair is exhausted, then the HSS key pair is + * exhausted and MUST NOT generate any more signatures. + * d = L + * while (prv[d-1].q == 2^(prv[d-1].h)) { + * d = d - 1 + * if (d == 0) + * return FAILURE + * } + * while (d < L) { + * create lms key pair pub[d], prv[d] + * sig[d-1] = lms_signature( pub[d], prv[d-1] ) + * d = d + 1 + * } + * 2. Sign the message. + * sig[L-1] = lms_signature( msg, prv[L-1] ) + * 3. Create the list of signed public keys. + * i = 0; + * while (i < L-1) { + * signed_pub_key[i] = sig[i] || pub[i+1] + * i = i + 1 + * } + * 4. Return u32str(L-1) || signed_pub_key[0] || ... + * || signed_pub_key[L-2] || sig[L-1] + * + * @param [in, out] state LMS state. + * @param [in, out] priv_raw Raw private key bytes. + * @param [in, out] priv_key Private key data. + * @param [in, out] priv_data Private key data. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Signature of message. + * @return 0 on success. + */ +int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, + byte* priv_data, const byte* msg, word32 msgSz, byte* sig) +{ + const LmsParams* params = state->params; + int ret = 0; + + /* Validate fixed parameters for static code analyzers. */ + if ((params->rootLevels == 0) || (params->rootLevels > params->height)) { + ret = BAD_FUNC_ARG; + } + + /* Step 1. Part 2: Check for total key exhaustion. */ + if ((ret == 0) && (!wc_hss_sigsleft(params, priv_raw))) { + ret = KEY_EXHAUSTED_E; + } + + if ((ret == 0) && (!priv_key->inited)) { + /* Initialize the authentication paths and caches for all trees. */ + ret = wc_hss_init_auth_path(state, priv_key, NULL); + #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1) + if (ret == 0) { + ret = wc_hss_presign(state, priv_key); + } + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ + /* Set initialized flag. */ + priv_key->inited = (ret == 0); + } + if (ret == 0) { + ret = wc_hss_sign_build_sig(state, priv_raw, priv_key, msg, msgSz, sig); + } + if (ret == 0) { + /* Increment index of leaf node to sign with in raw data. */ + wc_lms_idx_inc(priv_raw, HSS_Q_LEN); + } + /* Check we will produce another signature. */ + if ((ret == 0) && wc_hss_sigsleft(params, priv_raw)) { + /* Update the expanded private key data. */ + ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 1); + if (ret == 0) { + /* Update authentication path and caches for all trees. */ + ret = wc_hss_update_auth_path(state, priv_key, priv_raw, + params->levels); + } + } + if (ret == 0) { + /* Store the updated private key data. */ + wc_hss_priv_data_store(state->params, priv_key, priv_data); + } + + return ret; +} +#endif + +/* Check whether key is exhausted. + * + * First 8 bytes of raw key is the index. + * Check index is less than count of leaf nodes. + * + * @param [in] params LMS parameters. + * @param [in] priv_raw HSS raw private key. + * @return 1 when signature possible. + * @return 0 when private key exhausted. + */ +int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw) +{ + w64wrapper q; + w64wrapper cnt; + + /* Get current q - next leaf index to sign with. */ + ato64(priv_raw, &q); + /* 1 << total_height = total leaf nodes. */ + cnt = w64ShiftLeft(w64From32(0, 1), params->levels * params->height); + /* Check q is less than total leaf node count. */ + return w64LT(q, cnt); +} +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + +/* Verify message using HSS. + * + * Section 6.3. Signature Verification + * 1. Nspk = strTou32(first four bytes of S) + * 2. if Nspk+1 is not equal to the number of levels L in pub: + * 3. return INVALID + * 4. key = pub + * 5. for (i = 0; i < Nspk; i = i + 1) { + * 6. sig = siglist[i] + * 7. msg = publist[i] + * 8. if (lms_verify(msg, key, sig) != VALID): + * 9. return INVALID + * 10. key = msg + * 11. } + * 12. return lms_verify(message, key, siglist[Nspk]) + * + * @param [in, out] state LMS state. + * @param [in] pub HSS public key. + * @param [in] msg Message to rifyn. + * @param [in] msgSz Length of message in bytes. + * @param [in] sig Signature of message. + * @return 0 on success. + * @return SIG_VERFIY_E on failure. + */ +int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, + word32 msgSz, const byte* sig) +{ + const LmsParams* params = state->params; + int ret = 0; + word32 nspk; + const byte* key = pub + LMS_L_LEN; + word32 levels; + + /* Get number of levels from public key. */ + ato32(pub, &levels); + /* Line 1: Get number of signed public keys from signature. */ + ato32(sig, &nspk); + /* Line 6 (First iteration): Move to start of next signature. */ + sig += LMS_L_LEN; + + /* Line 2: Verify that pub and signature match in levels. */ + if (nspk + 1 != levels) { + /* Line 3: Return invalid signature. */ + ret = SIG_VERIFY_E; + } + if (ret == 0) { + word32 i; + + /* Line 5: For all but last LMS signature. */ + for (i = 0; (ret == 0) && (i < nspk); i++) { + /* Line 7: Get start of public key in signature. */ + const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN + + LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN + + params->height * LMS_MAX_NODE_LEN; + /* Line 8: Verify the LMS signature with public key as message. */ + ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig); + /* Line 10: Next key is from signature. */ + key = pubList; + /* Line 6: Move to start of next signature. */ + sig = pubList + LMS_PUBKEY_LEN; + } + } + if (ret == 0) { + /* Line 12: Verify bottom tree with real message. */ + ret = wc_lms_verify(state, key, msg, msgSz, sig); + } + + return ret; +} + +#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ + diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index 0d7bd6e211..78d78dc1a9 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -1,6 +1,6 @@ /* wc_pkcs11.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -531,22 +531,36 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev) static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev, const char* tokenName, size_t tokenNameSz) { + int ret = -1; CK_RV rv; CK_ULONG slotCnt = 0; CK_TOKEN_INFO tinfo; - int slotId = -1; + int index = -1; + CK_SLOT_ID* slot = NULL; + rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt); if (rv == CKR_OK) { - for (slotId = 0; slotId < (int)slotCnt; slotId++) { - rv = dev->func->C_GetTokenInfo(slotId, &tinfo); + slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (slot == NULL) + goto out; + rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt); + if (rv != CKR_OK) + goto out; + for (index = 0; index < (int)slotCnt; index++) { + rv = dev->func->C_GetTokenInfo(slot[index], &tinfo); PKCS11_RV("C_GetTokenInfo", rv); if (rv == CKR_OK && XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) { - return slotId; + ret = slot[index]; + break; } } } - return -1; + +out: + XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; } /* lookup by slotId or tokenName */ @@ -613,9 +627,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, token->userPinLogin = 0; } - if (slot != NULL) { - XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -947,7 +959,7 @@ static int Pkcs11CreateSecretKey(CK_OBJECT_HANDLE* key, Pkcs11Session* session, } #endif -#ifndef NO_RSA +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /** * Create a PKCS#11 object containing the RSA private key data. * @@ -1024,7 +1036,7 @@ static int Pkcs11CreateRsaPrivateKey(CK_OBJECT_HANDLE* privateKey, return ret; } -#endif +#endif /* !NO_RSA && WOLFSSL_KEY_GEN */ #ifdef HAVE_ECC /** @@ -1138,8 +1150,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey, } } - if (ecPoint != NULL) - XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC); + XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -1355,7 +1366,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) int keyType; ret = Pkcs11HmacTypes(hmac->macType, &mechType, &keyType); - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) break; if (ret == 0) @@ -1367,7 +1378,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) (unsigned char*)hmac->id, hmac->idLen, hmac->label, hmac->labelLen, CKA_SIGN); - if (ret == WC_HW_E) { + if (ret == WC_NO_ERR_TRACE(WC_HW_E)) { ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_GENERIC_SECRET, (unsigned char*)hmac->keyRaw, @@ -1380,7 +1391,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) break; } #endif - #ifndef NO_RSA + #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) case PKCS11_KEY_TYPE_RSA: { RsaKey* rsaKey = (RsaKey*)key; @@ -1414,7 +1425,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) } } #endif - if (ret == 0 || ret == NOT_COMPILED_IN) { + if (ret == 0 || ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { /* Try ECDSA mechanism next. */ ret2 = Pkcs11MechAvail(&session, CKM_ECDSA); if (ret2 == 0) { @@ -1428,7 +1439,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) } } /* OK for this to fail if set for ECDH. */ - if (ret == NOT_COMPILED_IN) + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) ret = ret2; } if (ret == 0 && clear) @@ -1716,10 +1727,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session, if (ret == 0) ret = wc_RsaPublicKeyDecodeRaw(mod, modSz, exp, expSz, key); - if (exp != NULL) - XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mod != NULL) - XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -1774,7 +1783,12 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey, int ret; if (sessionKey) { + #ifdef WOLFSSL_KEY_GEN ret = Pkcs11CreateRsaPrivateKey(privateKey, session, rsaKey, 0); + #else + /* RSA Key Generation support not compiled in */ + ret = NOT_COMPILED_IN; + #endif } else if (rsaKey->labelLen > 0) { ret = Pkcs11FindKeyByLabel(privateKey, CKO_PRIVATE_KEY, CKK_RSA, @@ -1996,7 +2010,8 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) /* Make a handle to a private key. */ ret = Pkcs11RsaPrivateKey(session, rsaKey, sessionKey, &key); } - + } + if (ret == 0) { if (type == RSA_PUBLIC_ENCRYPT) { WOLFSSL_MSG("PKCS#11: Public Encrypt"); if ((mechInfo.flags & CKF_ENCRYPT) != 0) { @@ -2216,8 +2231,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, } } - if (ecPoint != NULL) - XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC); + XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -2300,8 +2314,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session, key->type = ECC_PUBLICKEY; } - if (point != NULL) - XFREE(point, key->heap, DYNAMIC_TYPE_ECC); + XFREE(point, key->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -2514,7 +2527,7 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info) PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(info->pk.ecdh.public_key, NULL, &pointLen); PRIVATE_KEY_LOCK(); - if (ret == LENGTH_ONLY_E) { + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { point = (unsigned char*)XMALLOC(pointLen, info->pk.ecdh.public_key->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -2986,9 +2999,7 @@ static int wc_Pkcs11CheckPrivKey_Rsa(RsaKey* priv, wc_FreeRsaKey(pub); } #ifdef WOLFSSL_SMALL_STACK - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_RSA); - } + XFREE(pub, NULL, DYNAMIC_TYPE_RSA); #endif return ret; @@ -3133,9 +3144,7 @@ static int wc_Pkcs11CheckPrivKey_Ecc(ecc_key* priv, wc_ecc_free(pub); } #ifdef WOLFSSL_SMALL_STACK - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return ret; @@ -3604,7 +3613,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info) ret = Pkcs11CreateSecretKey(&key, session, keyType, (unsigned char*)hmac->keyRaw, hmac->keyLen, NULL, 0, NULL, 0, CKA_SIGN); - if (ret == WC_HW_E) { + if (ret == WC_NO_ERR_TRACE(WC_HW_E)) { ret = Pkcs11CreateSecretKey(&key, session, CKK_GENERIC_SECRET, (unsigned char*)hmac->keyRaw, hmac->keyLen, NULL, 0, NULL, 0, CKA_SIGN); @@ -3614,7 +3623,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info) else if (ret == 0 && hmac->labelLen != 0) { ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, keyType, session, hmac->label, hmac->labelLen); - if (ret == WC_HW_E) { + if (ret == WC_NO_ERR_TRACE(WC_HW_E)) { ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, CKK_GENERIC_SECRET, session, hmac->label, hmac->labelLen); @@ -3623,7 +3632,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info) else if (ret == 0) { ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, keyType, session, hmac->id, hmac->idLen); - if (ret == WC_HW_E) { + if (ret == WC_NO_ERR_TRACE(WC_HW_E)) { ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, CKK_GENERIC_SECRET, session, hmac->id, hmac->idLen); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index a21cc2b9d2..32571585ec 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1,6 +1,6 @@ /* port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -132,6 +132,13 @@ #include #endif +#if defined(WOLFSSL_ZEPHYR) +#if defined(CONFIG_BOARD_NATIVE_POSIX) +#include "native_rtc.h" +#define CONFIG_RTC +#endif +#endif + /* prevent multiple mutex initializations */ static volatile int initRefCount = 0; @@ -1170,6 +1177,23 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) } #endif /* USE_WOLF_STRNCASECMP */ +#ifdef USE_WOLF_STRDUP +char* wc_strdup_ex(const char *src, int memType) { + char *ret = NULL; + word32 len = 0; + + if (src) { + len = (word32)XSTRLEN(src); + ret = (char*)XMALLOC(len, NULL, memType); + if (ret != NULL) { + XMEMCPY(ret, src, len); + } + } + + return ret; +} +#endif + #ifdef WOLFSSL_ATOMIC_OPS #ifdef HAVE_C___ATOMIC @@ -1303,9 +1327,8 @@ int wolfSSL_CryptHwMutexInit(void) } int wolfSSL_CryptHwMutexLock(void) { - int ret = BAD_MUTEX_E; /* Make sure HW Mutex has been initialized */ - ret = wolfSSL_CryptHwMutexInit(); + int ret = wolfSSL_CryptHwMutexInit(); if (ret == 0) { ret = wc_LockMutex(&wcCryptHwMutex); } @@ -1313,11 +1336,12 @@ int wolfSSL_CryptHwMutexLock(void) } int wolfSSL_CryptHwMutexUnLock(void) { - int ret = BAD_MUTEX_E; if (wcCryptHwMutexInit) { - ret = wc_UnLockMutex(&wcCryptHwMutex); + return wc_UnLockMutex(&wcCryptHwMutex); + } + else { + return BAD_MUTEX_E; } - return ret; } #endif /* WOLFSSL_CRYPT_HW_MUTEX */ @@ -1699,9 +1723,8 @@ int wolfSSL_CryptHwMutexUnLock(void) int maxq_CryptHwMutexTryLock() { - int ret = BAD_MUTEX_E; /* Make sure HW Mutex has been initialized */ - ret = wolfSSL_CryptHwMutexInit(); + int ret = wolfSSL_CryptHwMutexInit(); if (ret == 0) { ret = maxq_LockMutex(&wcCryptHwMutex, 1); } @@ -3174,6 +3197,21 @@ time_t z_time(time_t * timer) #if defined(CONFIG_RTC) && \ (defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC)) + + #if defined(CONFIG_BOARD_NATIVE_POSIX) + + /* When using native sim, get time from simulator rtc */ + uint32_t nsec = 0; + uint64_t sec = 0; + native_rtc_gettime(RTC_CLOCK_PSEUDOHOSTREALTIME, &nsec, &sec); + + if (timer != NULL) + *timer = sec; + + return sec; + + #else + /* Try to obtain the actual time from an RTC */ static const struct device *rtc = DEVICE_DT_GET(DT_NODELABEL(rtc)); @@ -3192,6 +3230,7 @@ time_t z_time(time_t * timer) return epochTime; } } + #endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */ #endif /* Fallback to uptime since boot. This works for relative times, but @@ -3431,7 +3470,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) #ifndef SINGLE_THREADED /* Environment-specific multi-thread implementation check */ -#if defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) +#if defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) && \ + !defined(_WIN32_WCE) int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg) { @@ -3646,7 +3686,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) "wolfSSL thread", (entry_functionType)cb, (ULONG)arg, thread->threadStack, - TESTSUITE_THREAD_STACK_SZ, + WOLFSSL_NETOS_STACK_SZ, 2, 2, 1, TX_AUTO_START); if (result != TX_SUCCESS) { @@ -3668,11 +3708,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) #elif defined(WOLFSSL_ZEPHYR) + void* wolfsslThreadHeapHint = NULL; + int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg) { #ifndef WOLFSSL_ZEPHYR_STACK_SZ - #define WOLFSSL_ZEPHYR_STACK_SZ (24*1024) + #define WOLFSSL_ZEPHYR_STACK_SZ (48*1024) #endif if (thread == NULL || cb == NULL) @@ -3686,10 +3728,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) * 0); */ thread->threadStack = (void*)XMALLOC( - Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), 0, - DYNAMIC_TYPE_TMP_BUFFER); - if (thread->threadStack == NULL) + Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), + wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER); + if (thread->threadStack == NULL) { + WOLFSSL_MSG("error: XMALLOC failed"); return MEMORY_E; + } /* k_thread_create does not return any error codes */ /* Casting to k_thread_entry_t should be fine since we just ignore the @@ -3716,7 +3760,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) * if (err != 0) * ret = MEMORY_E; */ - XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(thread.threadStack, wolfsslThreadHeapHint, + DYNAMIC_TYPE_TMP_BUFFER); thread.threadStack = NULL; /* No thread resources to free. Everything is stored in thread.tid */ diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c index 545b531ce2..5c016dbac2 100644 --- a/wolfcrypt/src/wc_xmss.c +++ b/wolfcrypt/src/wc_xmss.c @@ -1,6 +1,6 @@ /* wc_xmss.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,8 +19,1654 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifdef HAVE_CONFIG_H + #include +#endif + #include +#include +#include #ifdef WOLFSSL_HAVE_XMSS - #error "Contact wolfSSL to get the implementation of this file" +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + + +/*************************** + * DIGEST init and free. + ***************************/ + +/* Initialize the digest algorithm to use. + * + * @param [in, out] state XMSS/MT state including digest and parameters. + * @return 0 on success. + * @return NOT_COMPILED_IN when digest algorithm not supported. + * @return Other negative when digest algorithm initialization failed. + */ +static int wc_xmss_digest_init(XmssState* state) +{ + int ret; + word8 hash = state->params->hash; + +#ifdef WC_XMSS_SHA256 + if (hash == WC_HASH_TYPE_SHA256) { + ret = wc_InitSha256(&state->digest.sha256); + } + else +#endif +#ifdef WC_XMSS_SHA512 + if (hash == WC_HASH_TYPE_SHA512) { + ret = wc_InitSha512(&state->digest.sha512); + } + else +#endif +#ifdef WC_XMSS_SHAKE128 + if (hash == WC_HASH_TYPE_SHAKE128) { + ret = wc_InitShake128(&state->digest.shake, NULL, INVALID_DEVID); + } + else +#endif +#ifdef WC_XMSS_SHAKE256 + if (hash == WC_HASH_TYPE_SHAKE256) { + ret = wc_InitShake256(&state->digest.shake, NULL, INVALID_DEVID); + } + else +#endif + { + ret = NOT_COMPILED_IN; + } + + return ret; +} +/* Free the digest algorithm. + * + * @param [in, out] state XMSS/MT state including digest and parameters. + */ +static void wc_xmss_digest_free(XmssState* state) +{ + word8 hash = state->params->hash; + +#ifdef WC_XMSS_SHA256 + if (hash == WC_HASH_TYPE_SHA256) { + wc_Sha256Free(&state->digest.sha256); + } + else +#endif +#ifdef WC_XMSS_SHA512 + if (hash == WC_HASH_TYPE_SHA512) { + wc_Sha512Free(&state->digest.sha512); + } + else +#endif +#ifdef WC_XMSS_SHAKE128 + if (hash == WC_HASH_TYPE_SHAKE128) { + wc_Shake128_Free(&state->digest.shake); + } + else +#endif +#ifdef WC_XMSS_SHAKE256 + if (hash == WC_HASH_TYPE_SHAKE256) { + wc_Shake256_Free(&state->digest.shake); + } + else +#endif + { + /* Do nothing. */ + } +} + +/* Initialize the XMSS/MT state. + * + * @param [in, out] state XMSS/MT state including digest and parameters. + * @param [in] params Parameters for key. + * @return 0 on success. + * @return NOT_COMPILED_IN when digest algorithm not supported. + * @return Other negative when digest algorithm initialization failed. + */ +static WC_INLINE int wc_xmss_state_init(XmssState* state, + const XmssParams* params) +{ + state->params = params; + state->ret = 0; + return wc_xmss_digest_init(state); +} + +/* Free the XMSS/MT state. + * + * @param [in, out] state XMSS/MT state including digest and parameters. + */ +static WC_INLINE void wc_xmss_state_free(XmssState* state) +{ + wc_xmss_digest_free(state); +} + + +/*************************** + * XMSS PARAMS + ***************************/ + +/* Map of XMSS/MT string name to OID. + */ +typedef struct wc_XmssString { + /* Name of algorithm as a string. */ + const char* str; + /* OID for algorithm. */ + word32 oid; + /* XMSS parameters. */ + XmssParams params; +} wc_XmssString; + +#ifndef WOLFSSL_WC_XMSS_SMALL + +/* Size of BDS State encoded numbers - offset=1, next=3. */ +#define XMSS_BDS_NUMS_SZ 4 +/* Size of treehash encoding - nextIdx=3, completed|used=1. */ +#define XMSS_TREEHASH_SZ 4 + +/* Calculate Secret key length. + * + * See wc_xmss_bds_state_save() and wc_xmss_bds_state_load(). + * + * SK = idx || wots_sk || SK_PRF || root || SEED || BDSs || OTHER + * BDSs = (2 * depth - 1) * BDS + * BDS = stack || height || authPath || keep || nodes || retain || + * offset || next || TREEHASHes + * TREEHASHes = (Subtree height - BDS k param) * TREEHASH + * TREEHASH = nextIdx || completed || used + * + * @param [in] n Number of bytes to hash output. + * @param [in] h Height of full tree. + * @param [in] d Depth of trees (number of subtrees). + * @param [in] s Subtree height. + * @param [in] i Length of index encoding in bytes. + * @param [in] k BDS k parameter. + * @return Secret key length in bytes. + */ +#define XMSS_SK_LEN(n, h, d, s, i, k) \ + (((i) + 4 * (n)) + \ + (2 * (d) - 1) * (((s) + 1) * (n) + \ + (s) + 1 + \ + (s) * (n) + \ + ((s) >> 1) * (n) + \ + ((s) - (k)) * XMSS_TREEHASH_SZ + \ + ((s) - (k)) * (n) + \ + XMSS_RETAIN_LEN(k, n) + \ + XMSS_BDS_NUMS_SZ) + \ + ((d) - 1) * (n) * ((n) * 2 + 3)) + +#else + +/* Calculate Secret key length. + * + * SK = idx || wots_sk || SK_PRF || root || SEED + * + * @param [in] n Number of bytes to hash output. + * @param [in] h Height of full tree. Unused. + * @param [in] d Depth of trees (number of subtrees). Unused. + * @param [in] s Subtree height. Unused. + * @param [in] i Length of index encoding in bytes. + * @param [in] k BDS k parameter. Unused. + * @return Secret key length. + */ +#define XMSS_SK_LEN(n, h, d, s, i, k) \ + ((i) + 4 * (n)) + +#endif + +#ifndef WOLFSSL_XMSS_LARGE_SECRET_KEY +/* Choose the smaller BDS K parameter. */ +#define XMSS_K(k, kl) (k) +#else +/* Choose the larger BDS K parameter. */ +#define XMSS_K(k, kl) (kl) +#endif + +/* Calculate all fixed parameter values and output an array declaration. + * + * @param [in] hash Hash algorithm to use. + * @param [in] n Number of bytes to hash output. + * @param [in] p Number of bytes of padding. + * @param [in] h Height of full tree. + * @param [in] d Depth of trees (number of subtrees). + * @param [in] i Length of index encoding in bytes. + * @param [in] k BDS k parameter. 0 or >= 2 but (h/d - k) is even. + * @param [in] kl BDS k parameter when large signatures. + * @return XMSS/XMSS^MT parameters array declaration. + */ +#define XMSS_PARAMS(hash, n, p, h, d, i, k, kl) \ + { hash, n, p, (n) * 2 + 3, (n) * ((n) * 2 + 3), h, (h) / (d), (d), (i), \ + (i) + (n) + (d) * (((n) * 2 + 3) * (n)) + (h) * (n), \ + XMSS_SK_LEN(n, h, d, ((h) / (d)), i, XMSS_K(k, kl)), (n) * 2, \ + XMSS_K(k, kl) } + /* hash, d, pad_len, wots_len, wots_sig_len, h, sub_h, d, idx_len, + * sig_len, + * sk_len, pk_len, + * bds_k */ + +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 +/* List of known XMSS algorithm strings and their OIDs. */ +static const wc_XmssString wc_xmss_alg[] = { +#ifdef WC_XMSS_SHA256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHA2_10_256", WC_XMSS_OID_SHA2_10_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHA2_16_256", WC_XMSS_OID_SHA2_16_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHA2_20_256", WC_XMSS_OID_SHA2_20_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHA256 */ +#ifdef WC_XMSS_SHA512 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHA2_10_512", WC_XMSS_OID_SHA2_10_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHA2_16_512", WC_XMSS_OID_SHA2_16_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHA2_20_512", WC_XMSS_OID_SHA2_20_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 512 */ +#endif /* WC_XMSS_SHA512 */ + +#ifdef WC_XMSS_SHAKE128 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHAKE_10_256", WC_XMSS_OID_SHAKE_10_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHAKE_16_256", WC_XMSS_OID_SHAKE_16_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHAKE_20_256", WC_XMSS_OID_SHAKE_20_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHAKE128 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHAKE_10_512", WC_XMSS_OID_SHAKE_10_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHAKE_16_512", WC_XMSS_OID_SHAKE_16_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHAKE_20_512", WC_XMSS_OID_SHAKE_20_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 512 */ +#endif /* WC_XMSS_SHAKE256 */ + +#ifdef WC_XMSS_SHA256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHA2_10_192", WC_XMSS_OID_SHA2_10_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHA2_16_192", WC_XMSS_OID_SHA2_16_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHA2_20_192", WC_XMSS_OID_SHA2_20_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 192 */ +#endif /* WC_XMSS_SHA256 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHAKE256_10_256", WC_XMSS_OID_SHAKE256_10_256, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHAKE256_16_256", WC_XMSS_OID_SHAKE256_16_256, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHAKE256_20_256", WC_XMSS_OID_SHAKE256_20_256, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHAKE256 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + { "XMSS-SHAKE256_10_192", WC_XMSS_OID_SHAKE256_10_192, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 10, 1, 4, 0, 4), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 + { "XMSS-SHAKE256_16_192", WC_XMSS_OID_SHAKE256_16_192, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 16, 1, 4, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSS-SHAKE256_20_192", WC_XMSS_OID_SHAKE256_20_192, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 20, 1, 4, 0, 0), }, +#endif +#endif /* HASH_SIZE 192 */ +#endif /* WC_XMSS_SHAKE256 */ +}; +/* Length of array of known XMSS algorithms. */ +#define WC_XMSS_ALG_LEN (sizeof(wc_xmss_alg) / sizeof(*wc_xmss_alg)) +#endif + +/* Convert XMSS algorithm string to an OID - object identifier. + * + * @param [out] oid OID value corresponding to string. + * @param [in] s String to convert. + * @param [out] params XMSS/MT parameters. + * @return 0 on success. + * @return NOT_COMPILED_IN on failure. + */ +static int wc_xmss_str_to_params(const char *s, word32* oid, + const XmssParams** params) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 + unsigned int i; + + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + for (i = 0; i < WC_XMSS_ALG_LEN; i++) { + if (XSTRCMP(s, wc_xmss_alg[i].str) == 0) { + *oid = wc_xmss_alg[i].oid; + *params = &wc_xmss_alg[i].params; + ret = 0; + break; + } + } +#else + (void)s; + (void)oid; + (void)params; + ret = NOT_COMPILED_IN; +#endif + + return ret; +} + +#if WOLFSSL_XMSS_MAX_HEIGHT >= 20 +/* List of known XMSS^MT algorithm strings and their OIDs. */ +static const wc_XmssString wc_xmssmt_alg[] = { +#ifdef WC_XMSS_SHA256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHA2_20/2_256", WC_XMSSMT_OID_SHA2_20_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHA2_20/4_256", WC_XMSSMT_OID_SHA2_20_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHA2_40/2_256", WC_XMSSMT_OID_SHA2_40_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHA2_40/4_256", WC_XMSSMT_OID_SHA2_40_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHA2_40/8_256", WC_XMSSMT_OID_SHA2_40_8_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHA2_60/3_256", WC_XMSSMT_OID_SHA2_60_3_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHA2_60/6_256", WC_XMSSMT_OID_SHA2_60_6_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHA2_60/12_256", WC_XMSSMT_OID_SHA2_60_12_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 32, 32, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHA256 */ +#ifdef WC_XMSS_SHA512 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHA2_20/2_512", WC_XMSSMT_OID_SHA2_20_2_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHA2_20/4_512", WC_XMSSMT_OID_SHA2_20_4_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHA2_40/2_512", WC_XMSSMT_OID_SHA2_40_2_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHA2_40/4_512", WC_XMSSMT_OID_SHA2_40_4_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHA2_40/8_512", WC_XMSSMT_OID_SHA2_40_8_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHA2_60/3_512", WC_XMSSMT_OID_SHA2_60_3_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHA2_60/6_512", WC_XMSSMT_OID_SHA2_60_6_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHA2_60/12_512", WC_XMSSMT_OID_SHA2_60_12_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHA512, 64, 64, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 512 */ +#endif /* WC_XMSS_SHA512 */ + +#ifdef WC_XMSS_SHAKE128 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHAKE_20/2_256", WC_XMSSMT_OID_SHAKE_20_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHAKE_20/4_256", WC_XMSSMT_OID_SHAKE_20_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHAKE_40/2_256", WC_XMSSMT_OID_SHAKE_40_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHAKE_40/4_256", WC_XMSSMT_OID_SHAKE_40_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHAKE_40/8_256", WC_XMSSMT_OID_SHAKE_40_8_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHAKE_60/3_256", WC_XMSSMT_OID_SHAKE_60_3_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHAKE_60/6_256", WC_XMSSMT_OID_SHAKE_60_6_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHAKE_60/12_256", WC_XMSSMT_OID_SHAKE_60_12_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHAKE128 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHAKE_20/2_512", WC_XMSSMT_OID_SHAKE_20_2_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHAKE_20/4_512", WC_XMSSMT_OID_SHAKE_20_4_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHAKE_40/2_512", WC_XMSSMT_OID_SHAKE_40_2_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHAKE_40/4_512", WC_XMSSMT_OID_SHAKE_40_4_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHAKE_40/8_512", WC_XMSSMT_OID_SHAKE_40_8_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHAKE_60/3_512", WC_XMSSMT_OID_SHAKE_60_3_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHAKE_60/6_512", WC_XMSSMT_OID_SHAKE_60_6_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHAKE_60/12_512", WC_XMSSMT_OID_SHAKE_60_12_512 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 512 */ +#endif /* WC_XMSS_SHAKE256 */ + +#ifdef WC_XMSS_SHA256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHA2_20/2_192", WC_XMSSMT_OID_SHA2_20_2_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHA2_20/4_192", WC_XMSSMT_OID_SHA2_20_4_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHA2_40/2_192", WC_XMSSMT_OID_SHA2_40_2_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHA2_40/4_192", WC_XMSSMT_OID_SHA2_40_4_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHA2_40/8_192", WC_XMSSMT_OID_SHA2_40_8_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHA2_60/3_192", WC_XMSSMT_OID_SHA2_60_3_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHA2_60/6_192", WC_XMSSMT_OID_SHA2_60_6_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHA2_60/12_192", WC_XMSSMT_OID_SHA2_60_12_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHA256, 24, 4, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 192 */ +#endif /* WC_XMSS_SHA256 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHAKE256_20/2_256", WC_XMSSMT_OID_SHAKE256_20_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHAKE256_20/4_256", WC_XMSSMT_OID_SHAKE256_20_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHAKE256_40/2_256", WC_XMSSMT_OID_SHAKE256_40_2_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHAKE256_40/4_256", WC_XMSSMT_OID_SHAKE256_40_4_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHAKE256_40/8_256", WC_XMSSMT_OID_SHAKE256_40_8_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHAKE256_60/3_256", WC_XMSSMT_OID_SHAKE256_60_3_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHAKE256_60/6_256", WC_XMSSMT_OID_SHAKE256_60_6_256 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHAKE256_60/12_256", WC_XMSSMT_OID_SHAKE256_60_12_256, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60, 12, 8, 0, 0), }, +#endif +#endif /* HASH_SIZE 256 */ +#endif /* WC_XMSS_SHAKE256 */ + +#ifdef WC_XMSS_SHAKE256 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + { "XMSSMT-SHAKE256_20/2_192", WC_XMSSMT_OID_SHAKE256_20_2_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 20, 2, 3, 2, 4), }, + { "XMSSMT-SHAKE256_20/4_192", WC_XMSSMT_OID_SHAKE256_20_4_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 20, 4, 3, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 + { "XMSSMT-SHAKE256_40/2_192", WC_XMSSMT_OID_SHAKE256_40_2_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 40, 2, 5, 2, 4), }, + { "XMSSMT-SHAKE256_40/4_192", WC_XMSSMT_OID_SHAKE256_40_4_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 40, 4, 5, 2, 4), }, + { "XMSSMT-SHAKE256_40/8_192", WC_XMSSMT_OID_SHAKE256_40_8_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 40, 8, 5, 0, 0), }, +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 + { "XMSSMT-SHAKE256_60/3_192", WC_XMSSMT_OID_SHAKE256_60_3_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 60, 3, 8, 2, 4), }, + { "XMSSMT-SHAKE256_60/6_192", WC_XMSSMT_OID_SHAKE256_60_6_192 , + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 60, 6, 8, 2, 4), }, + { "XMSSMT-SHAKE256_60/12_192", WC_XMSSMT_OID_SHAKE256_60_12_192, + XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24, 4, 60, 12, 8, 0, 0), }, #endif +#endif /* HASH_SIZE 192 */ +#endif /* WC_XMSS_SHAKE256 */ +}; +/* Length of array of known XMSS^MT algorithms. */ +#define WC_XMSSMT_ALG_LEN (sizeof(wc_xmssmt_alg) / sizeof(*wc_xmssmt_alg)) +#endif + +/* Convert XMSS^MT algorithm string to an OID - object identifier. + * + * @param [out] oid OID value corresponding to string. + * @param [in] s String to convert. + * @param [out] params XMSS/MT parameters. + * @return 0 on success. + * @return NOT_COMPILED_IN on failure. + */ +static int wc_xmssmt_str_to_params(const char *s, word32* oid, + const XmssParams** params) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); +#if WOLFSSL_XMSS_MAX_HEIGHT >= 20 + unsigned int i; + + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + for (i = 0; i < WC_XMSSMT_ALG_LEN; i++) { + if (XSTRCMP(s, wc_xmssmt_alg[i].str) == 0) { + *oid = wc_xmssmt_alg[i].oid; + *params = &wc_xmssmt_alg[i].params; + ret = 0; + break; + } + } +#else + (void)s; + (void)oid; + (void)params; + ret = NOT_COMPILED_IN; +#endif + + return ret; +} + +/*************************** + * OTHER Internal APIs + ***************************/ + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY +/* Allocates the XMSS secret key (sk) array. + * + * The XMSS/XMSS^MT secret key length is a function of the + * parameters, and can't be allocated until the param string + * has been set with SetParamStr. + * + * This is only called by MakeKey() and Reload(). + * + * Note: the XMSS sk array is force zeroed after every use. + * + * @param [in] key The XMSS key. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_FUNC_ARG when private key already allocated. + * @return MEMORY_E when allocating dynamic memory fails. + */ +static int wc_xmsskey_alloc_sk(XmssKey* key) +{ + int ret = 0; + + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + /* Ensure the private key doesn't exist. */ + else if (key->sk != NULL) { + WOLFSSL_MSG("error: XMSS secret key already exists"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* The XMSS/XMSS^MT secret key length is a function of the + * parameters. Therefore can't allocate this until param + * string has been set. */ + ret = wc_XmssKey_GetPrivLen(key, &key->sk_len); + } + if (ret == 0) { + /* Allocate a buffer to hold secret key. */ + key->sk = (unsigned char *)XMALLOC(key->sk_len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (key->sk == NULL) { + WOLFSSL_MSG("error: malloc XMSS key->sk failed"); + ret = MEMORY_E; + } + } + + if (ret == 0) { + /* Zeroize private key buffer. */ + ForceZero(key->sk, key->sk_len); + } + + return ret; +} + +/* Signs the message using the XMSS secret key, and + * updates the secret key on NV storage. + * + * Both operations must succeed to be considered + * successful. + * + * On success: sets key state to WC_XMSS_STATE_OK. + * On failure: sets key state to WC_XMSS_STATE_BAD + * + * If no signatures are left, sets state to WC_XMSS_STATE_NOSIGS. + * + * @return IO_FAILED_E when reading or writing private key failed. + * @return KEY_EXHAUSTED_E when no more keys in private key available. + * @return BAD_COND_E when generated signature length is invalid. + */ +static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig, + const byte* msg, int msgLen) +{ + int ret = 0; + enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; + + /* Set the key state to bad by default. State is presumed bad unless a + * correct sign and update operation happen together. */ + key->state = WC_XMSS_STATE_BAD; + + /* Read the current secret key from NV storage.*/ + cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); + if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) { + /* Read from NV storage failed. */ + WOLFSSL_MSG("error: XMSS read_private_key failed"); + ret = IO_FAILED_E; + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + XmssState* state; + #else + XmssState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize state for use in signing. */ + ret = wc_xmss_state_init(state, key->params); + if (ret == 0) { + /* Read was good. Now sign and update the secret key in memory. + */ + #ifndef WOLFSSL_WC_XMSS_SMALL + if (key->is_xmssmt) { + ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig); + } + else { + ret = wc_xmss_sign(state, msg, msgLen, key->sk, sig); + } + #else + ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig); + #endif + if (ret == WC_NO_ERR_TRACE(KEY_EXHAUSTED_E)) { + /* Signature space exhausted. */ + key->state = WC_XMSS_STATE_NOSIGS; + WOLFSSL_MSG("error: no XMSS signatures remaining"); + } + else if (ret != 0) { + /* Something failed or inconsistent in signature. Erase the + * signature just to be safe. */ + ForceZero(sig, key->params->sig_len); + WOLFSSL_MSG("error: XMSS sign failed"); + } + /* Free state after use. */ + wc_xmss_state_free(state); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + + if (ret == 0) { + /* The signature succeeded. key->sk is now updated and must be + * committed to NV storage. */ + cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); + if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) { + /* Write to NV storage failed. Erase the signature from + * memory. */ + ForceZero(sig, key->params->sig_len); + WOLFSSL_MSG("error: XMSS write_private_key failed"); + ret = IO_FAILED_E; + } + } + if (ret == 0) { + /* key->sk was successfully committed to NV storage. Set the + * key state to OK, and set the sigLen. */ + key->state = WC_XMSS_STATE_OK; + } + + /* Force zero the secret key from memory always. */ + ForceZero(key->sk, key->sk_len); + + return ret; +} +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + +/*************************** + * PUBLIC API + ***************************/ + +/* Init an XMSS key. + * + * Call this before setting the parms of an XMSS key. + * + * @param [in] key The XMSS key to init. + * @param [in] heap Unused. + * @param [in] devId Unused. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + */ +int wc_XmssKey_Init(XmssKey* key, void* heap, int devId) +{ + int ret = 0; + + (void) heap; + (void) devId; + + /* Validate parameters. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Zeroize key and set state to initialized. */ + ForceZero(key, sizeof(XmssKey)); + key->state = WC_XMSS_STATE_INITED; + } + + return ret; +} + +/* Set the XMSS key parameter string. + * + * The input string must be one of the supported parm set names in + * the "Name" section from the table in wolfssl/wolfcrypt/xmss.h, + * e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256". + * + * @param [in] key The XMSS key to set. + * @param [in] str The XMSS/XMSS^MT parameter string. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_FUNC_ARG when string not recognized. + * @return BAD_STATE_E when wrong state for operation. + * @return NOT_COMPILED_IN when string not supported. + */ +int wc_XmssKey_SetParamStr(XmssKey* key, const char* str) +{ + int ret = 0; + word32 oid = 0; + int is_xmssmt = 0; + + /* Validate parameters. */ + if ((key == NULL) || (str == NULL)) { + ret = BAD_FUNC_ARG; + } + + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_INITED)) { + WOLFSSL_MSG("error: XMSS key needs init"); + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Check which type of algorithm the string is for. */ + is_xmssmt = (XMEMCMP(str, "XMSS-", 5) != 0); + + /* Convert XMSS param string to OID. */ + if (is_xmssmt) { + ret = wc_xmssmt_str_to_params(str, &oid, &key->params); + } + else { + ret = wc_xmss_str_to_params(str, &oid, &key->params); + } + if (ret != 0) { + WOLFSSL_MSG("error: xmssmt_str_to_params failed"); + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { + /* Set key info. */ + key->oid = oid; + key->is_xmssmt = is_xmssmt; + key->state = WC_XMSS_STATE_PARMSET; + } + + return ret; +} + +/* Force zeros and frees the XMSS key from memory. + * + * This does not touch the private key saved to non-volatile storage. + * + * This is the only function that frees the key->sk array. + * + * @param [in] key XMSS key. + */ +void wc_XmssKey_Free(XmssKey* key) +{ + /* Validate parameter. */ + if (key != NULL) { + #ifndef WOLFSSL_XMSS_VERIFY_ONLY + if (key->sk != NULL) { + /* Zeroize private key. */ + ForceZero(key->sk, key->sk_len); + XFREE(key->sk, NULL, DYNAMIC_TYPE_TMP_BUFFER); + key->sk = NULL; + key->sk_len = 0; + } + #endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + + /* Ensure all data is zeroized. */ + ForceZero(key, sizeof(XmssKey)); + + /* Set the state to freed. */ + key->state = WC_XMSS_STATE_FREED; + } +} + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY +/* Sets the XMSS write private key callback. + * + * The callback must be able to write/update the private key to + * non-volatile storage. + * + * @param [in] key The XMSS key. + * @param [in] write_cb The write private key callback. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + */ +int wc_XmssKey_SetWriteCb(XmssKey* key, wc_xmss_write_private_key_cb write_cb) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (write_cb == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Changing the write callback of an already working key is forbidden. */ + else if (key->state == WC_XMSS_STATE_OK) { + WOLFSSL_MSG("error: wc_XmssKey_SetWriteCb: key in use"); + ret = BAD_STATE_E; + } + else { + /* Set write callback for storing private key. */ + key->write_private_key = write_cb; + } + + return ret; +} + +/* Sets the XMSS read private key callback. + * + * The callback must be able to read the private key from + * non-volatile storage. + * + * @param [in] key The XMSS key. + * @param [in] read_cb The read private key callback. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + */ +int wc_XmssKey_SetReadCb(XmssKey* key, wc_xmss_read_private_key_cb read_cb) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (read_cb == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Changing the read callback of an already working key is forbidden. */ + else if (key->state == WC_XMSS_STATE_OK) { + WOLFSSL_MSG("error: wc_XmssKey_SetReadCb: key in use"); + ret = BAD_STATE_E; + } + else { + /* Set write callback for getting private key. */ + key->read_private_key = read_cb; + } + + return ret; +} + +/* Sets the XMSS context to be used by write and read callbacks. + * + * E.g. this could be a filename if the callbacks write/read to file. + * + * @param [in] key The XMSS key. + * @param [in] context The context pointer. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + */ +int wc_XmssKey_SetContext(XmssKey* key, void* context) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (context == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Setting context of an already working key is forbidden. */ + else if (key->state == WC_XMSS_STATE_OK) { + WOLFSSL_MSG("error: wc_XmssKey_SetContext: key in use"); + ret = BAD_STATE_E; + } + else { + /* Set read/write callback context for accessing the private key. */ + key->context = context; + } + + return ret; +} + +/* Make the XMSS/XMSS^MT private/public key pair. The key must have its + * parameters set before calling this. + * + * Write/read callbacks, and context data, must be set prior. + * Key must have parameters set. + * + * This function and Reload() are the only functions that allocate + * key->sk array. wc_XmssKey_FreeKey is the only function that + * deallocates key->sk. + * + * @param [in] key The XMSS key to make. + * @param [in] rng Initialized WC_RNG pointer. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_FUNC_ARG when a write private key is not set. + * @return BAD_FUNC_ARG when a read/write private key context is not set. + * @return BAD_FUNC_ARG when private key already allocated. + * @return MEMORY_E when allocating dynamic memory fails. + * @return BAD_STATE_E when wrong state for operation. + * @return IO_FAILED_E when writing private key failed. + * @return Other negative when random number generation failed. + */ +int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng) +{ + int ret = 0; + enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; +#ifdef WOLFSSL_SMALL_STACK + unsigned char* seed = NULL; +#else + unsigned char seed[3 * WC_XMSS_MAX_N]; +#endif + + /* Validate parameters */ + if ((key == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) { + WOLFSSL_MSG("error: XmssKey not ready for generation"); + ret = BAD_STATE_E; + } + /* Ensure write callback available. */ + if ((ret == 0) && (key->write_private_key == NULL)) { + WOLFSSL_MSG("error: XmssKey write callback is not set"); + ret = BAD_FUNC_ARG; + } + /* Ensure read/write callback context available. */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: XmssKey context is not set"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Allocate sk array. */ + ret = wc_xmsskey_alloc_sk(key); + } +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + seed = (unsigned char*)XMALLOC(3 * key->params->n, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (seed == NULL) { + ret = MEMORY_E; + } + } +#endif + + if (ret == 0) { + /* Generate three random seeds. */ + ret = wc_RNG_GenerateBlock(rng, seed, 3 * key->params->n); + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + XmssState* state; + #else + XmssState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize state for use in key generation. */ + ret = wc_xmss_state_init(state, key->params); + if (ret == 0) { + /* Finally make the private/public key pair. Immediately write + * it to NV storage and then clear from memory. */ + #ifndef WOLFSSL_WC_XMSS_SMALL + if (key->is_xmssmt) { + ret = wc_xmssmt_keygen(state, seed, key->sk, key->pk); + } + else { + ret = wc_xmss_keygen(state, seed, key->sk, key->pk); + } + #else + ret = wc_xmssmt_keygen(state, seed, key->sk, key->pk); + #endif + if (ret != 0) { + WOLFSSL_MSG("error: XMSS keygen failed"); + key->state = WC_XMSS_STATE_BAD; + } + /* Free state after use. */ + wc_xmss_state_free(state); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + + if (ret == 0) { + /* Write out private key. */ + cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); + /* Zeroize private key data whether it was saved or not. */ + ForceZero(key->sk, key->sk_len); + /* Check writing succeeded. */ + if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) { + WOLFSSL_MSG("error: XMSS write to NV storage failed"); + key->state = WC_XMSS_STATE_BAD; + ret = IO_FAILED_E; + } + } + + if (ret == 0) { + key->state = WC_XMSS_STATE_OK; + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; +} + +/* This function allocates the secret key buffer, and does a + * quick sanity check to verify the secret key is readable + * from NV storage, and then force zeros the key from memory. + * + * On success it sets the key state to OK. + * + * Use this function to resume signing with an already existing + * XMSS key pair. + * + * Write/read callbacks, and context data, must be set prior. + * Key must have parameters set. + * + * This function and MakeKey are the only functions that allocate + * key->sk array. wc_XmssKey_FreeKey is the only function that + * deallocates key->sk. + * + * @params [in] key XMSS key to load. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_FUNC_ARG when a read or write function is not set. + * @return BAD_FUNC_ARG when a read/write function context is not set. + * @return BAD_FUNC_ARG when private key already allocated. + * @return MEMORY_E when allocating dynamic memory fails. + * @return BAD_STATE_E when wrong state for operation. + * @return IO_FAILED_E when reading private key failed. + */ +int wc_XmssKey_Reload(XmssKey* key) +{ + int ret = 0; + enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; + + /* Validate parameter. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) { + WOLFSSL_MSG("error: XmssKey not ready for reload"); + ret = BAD_STATE_E; + } + /* Ensure read and write callbacks are available. */ + if ((ret == 0) && ((key->write_private_key == NULL) || + (key->read_private_key == NULL))) { + WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); + ret = BAD_FUNC_ARG; + } + /* Ensure read and write callback context is available. */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: XmssKey context is not set"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Allocate sk array. */ + ret = wc_xmsskey_alloc_sk(key); + } + + if (ret == 0) { + /* Read the current secret key from NV storage. Force clear it + * immediately. This is just to sanity check the secret key + * is readable from permanent storage. */ + cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); + ForceZero(key->sk, key->sk_len); + /* Check reading succeeded. */ + if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) { + WOLFSSL_MSG("error: XMSS read from NV storage failed"); + key->state = WC_XMSS_STATE_BAD; + ret = IO_FAILED_E; + } + } + if (ret == 0) { + key->state = WC_XMSS_STATE_OK; + } + + return ret; +} + +/* Gets the XMSS/XMSS^MT private key length. + * + * Parameters must be set before calling this, as the key size (sk_len) + * is a function of the parameters. + * + * Note: the XMSS/XMSS^MT private key format is implementation specific, + * and not standardized. Interoperability of XMSS private keys should + * not be expected. + * + * @param [in] key XMSS key. + * @param [out] len Length of the private key in bytes. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + * */ +int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && ((key->state != WC_XMSS_STATE_OK) && + (key->state != WC_XMSS_STATE_PARMSET))) { + /* params->sk_len not set yet. */ + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Calculate private key length: OID + private key bytes. */ + *len = XMSS_OID_LEN + (word32)key->params->sk_len; + } + + return ret; +} + +/* Sign the message using the XMSS secret key. + * + * @param [in] key XMSS key to use to sign. + * @param [in] sig Buffer to write signature into. + * @param [in, out] sigLen On in, size of buffer. + * On out, the length of the signature in bytes. + * @param [in] msg Message to sign. + * @param [in] msgLen Length of the message in bytes. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_FUNC_ARG when a write private key is not set. + * @return BAD_FUNC_ARG when a read/write private key context is not set. + * @return BAD_STATE_E when wrong state for operation. + * @return BUFFER_E when sigLen is too small. + * @return IO_FAILED_E when reading or writing private key failed. + * @return KEY_EXHAUSTED_E when no more keys in private key available. + * @return BAD_COND_E when generated signature length is invalid. + */ +int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigLen, const byte* msg, + int msgLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (sigLen == NULL) || (msg == NULL) || + (msgLen <= 0)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state == WC_XMSS_STATE_NOSIGS)) { + WOLFSSL_MSG("error: XMSS signatures exhausted"); + ret = BAD_STATE_E; + } + if ((ret == 0) && (key->state != WC_XMSS_STATE_OK)) { + /* The key had an error the last time it was used, and we + * can't guarantee its state. */ + WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); + ret = BAD_STATE_E; + } + /* Check signature buffer size. */ + if ((ret == 0) && (*sigLen < key->params->sig_len)) { + /* Signature buffer too small. */ + WOLFSSL_MSG("error: XMSS sig buffer too small"); + ret = BUFFER_E; + } + /* Check read and write callbacks available. */ + if ((ret == 0) && ((key->write_private_key == NULL) || + (key->read_private_key == NULL))) { + WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); + ret = BAD_FUNC_ARG; + } + /* Check read/write callback context available. */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: XmssKey context is not set"); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + *sigLen = key->params->sig_len; + /* Finally, sign and update the secret key. */ + ret = wc_xmsskey_signupdate(key, sig, msg, msgLen); + } + + return ret; +} + +/* Check if more signatures are possible with key. + * + * @param [in] key XMSS key to check. + * @return 1 when signatures possible. + * @return 0 when key exhausted. + */ +int wc_XmssKey_SigsLeft(XmssKey* key) +{ + int ret; + + /* Validate parameter. */ + if (key == NULL) { + ret = 0; + } + /* Validate state. */ + else if (key->state == WC_XMSS_STATE_NOSIGS) { + WOLFSSL_MSG("error: XMSS signatures exhausted"); + ret = 0; + } + else if (key->state != WC_XMSS_STATE_OK) { + WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); + ret = 0; + } + /* Read the current secret key from NV storage.*/ + else if (key->read_private_key(key->sk, key->sk_len, key->context) != + WC_XMSS_RC_READ_TO_MEMORY) { + WOLFSSL_MSG("error: XMSS read_private_key failed"); + ret = 0; + } + else { + /* Ask implementation to check index in private key. */ + ret = wc_xmss_sigsleft(key->params, key->sk); + } + + return ret; +} +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY*/ + +/* Get the XMSS/XMSS^MT public key length. + * + * The public key is static in size and does not depend on parameters, + * other than the choice of SHA256 as hashing function. + * + * @param [in] key XMSS key. + * @param [out] len Length of the public key. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return NOT_COMPILED_IN when a hash algorithm not supported. + */ +int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + *len = XMSS_OID_LEN + key->params->pk_len; + } + + return ret; +} + +/* Export public key and parameters from one XmssKey to another. + * + * Use this to prepare a signature verification XmssKey that is pub only. + * + * @param [out] keyDst Destination key for copy. + * @param [in] keySrc Source key for copy. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a key is NULL. + * @return Other negative when digest algorithm initialization failed. + */ +int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc) +{ + int ret = 0; + + /* Validate parameters. */ + if ((keyDst == NULL) || (keySrc == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Zeroize the new key. */ + ForceZero(keyDst, sizeof(XmssKey)); + + /* Copy over the public key. */ + XMEMCPY(keyDst->pk, keySrc->pk, sizeof(keySrc->pk)); + + /* Copy over the key info. */ + keyDst->oid = keySrc->oid; + keyDst->is_xmssmt = keySrc->is_xmssmt; + keyDst->params = keySrc->params; + } + if (ret == 0) { + /* Mark keyDst as verify only, to prevent misuse. */ + keyDst->state = WC_XMSS_STATE_VERIFYONLY; + } + + return 0; +} + +/* Exports the raw XMSS public key buffer from key to out buffer. + * + * The out buffer should be large enough to hold the public key, and + * outLen should indicate the size of the buffer. + * + * @param [in] key XMSS key. + * @param [out] out Array holding public key. + * @param [in, out] outLen On in, size of buffer. + * On out, the length of the public key. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BUFFER_E if array is too small. + */ +int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out, word32* outLen) +{ + int ret = 0; + word32 pubLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (out == NULL) || (outLen == NULL)) { + ret = BAD_FUNC_ARG; + } + + /* Get the public key length. */ + if (ret == 0) { + ret = wc_XmssKey_GetPubLen(key, &pubLen); + } + /* Check the output buffer is large enough. */ + if ((ret == 0) && (*outLen < pubLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + int i = 0; + /* First copy the oid into buffer. */ + for (; i < XMSS_OID_LEN; i++) { + out[XMSS_OID_LEN - i - 1] = (key->oid >> (8 * i)) & 0xFF; + } + /* Copy the public key data into buffer after oid. */ + XMEMCPY(out + XMSS_OID_LEN, key->pk, pubLen - XMSS_OID_LEN); + /* Return actual public key length. */ + *outLen = pubLen; + } + + return ret; +} + +/* Imports a raw public key buffer from in array to XmssKey key. + * + * The XMSS parameters must be set first with wc_XmssKey_SetParamStr, + * and inLen must match the length returned by wc_XmssKey_GetPubLen. + * + * @param [in, out] key XMSS key. + * @param [in] in Array holding public key. + * @param [in] inLen Length of array in bytes. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BUFFER_E if array is incorrect size. + * @return BAD_STATE_E when wrong state for operation. + * */ +int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in, word32 inLen) +{ + int ret = 0; + word32 pubLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) { + /* XMSS key not ready for import. Param str must be set first. */ + WOLFSSL_MSG("error: XMSS key not ready for import"); + ret = BAD_STATE_E; + } + + /* Get the public key length. */ + if (ret == 0) { + ret = wc_XmssKey_GetPubLen(key, &pubLen); + } + /* Check the input buffer is the right size. */ + if ((ret == 0) && (inLen != pubLen)) { + /* Something inconsistent. Parameters weren't set, or input + * pub key is wrong.*/ + ret = BUFFER_E; + } + + if (ret == 0) { + /* Copy the public key data into key. */ + XMEMCPY(key->pk, in + XMSS_OID_LEN, pubLen - XMSS_OID_LEN); + + /* Update state to verify-only as we don't have a private key. */ + key->state = WC_XMSS_STATE_VERIFYONLY; + } + + return ret; +} + +/* Gets the XMSS/XMSS^MT signature length. + * + * Parameters must be set before calling this, as the signature size + * is a function of the parameters. + * + * Note: call this before wc_XmssKey_Sign or Verify so you know the + * length of the required signature buffer. + * + * @param [in] key XMSS key to use to sign. + * @param [out] len The length of the signature in bytes. + * + * @return 0 on success. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + * */ +int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_OK) && + (key->state != WC_XMSS_STATE_PARMSET)) { + ret = BAD_STATE_E; + } + + if (ret == 0) { + /* Return the calculated signature length. */ + *len = key->params->sig_len; + } + + return ret; +} + +/* Verify the signature using the XMSS public key. + * + * Requires that XMSS parameters have been set with + * wc_XmssKey_SetParamStr, and that a public key is available + * from importing or MakeKey(). + * + * Call wc_XmssKey_GetSigLen() before this function to determine + * length of the signature buffer. + * + * @param [in] key XMSS key to use to verify. + * @param [in] sig Signature to verify. + * @param [in] sigLen Size of signature in bytes. + * @param [in] m Message to verify. + * @param [in] mLen Length of the message in bytes. + * + * @return 0 on success. + * @return SIG_VERIFY_E when signature did not verify message. + * @return BAD_FUNC_ARG when a parameter is NULL. + * @return BAD_STATE_E when wrong state for operation. + * @return BUFFER_E when sigLen is too small. + */ +int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen, + const byte* m, int mLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (m == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Validate state. */ + if ((ret == 0) && (key->state != WC_XMSS_STATE_OK) && + (key->state != WC_XMSS_STATE_VERIFYONLY)) { + /* XMSS key not ready for verification. Param str must be + * set first, and Reload() called. */ + WOLFSSL_MSG("error: XMSS key not ready for verification"); + ret = BAD_STATE_E; + } + /* Check the signature is the big enough. */ + if ((ret == 0) && (sigLen < key->params->sig_len)) { + /* Signature buffer too small. */ + ret = BUFFER_E; + } + + if (ret == 0) { + #ifdef WOLFSSL_SMALL_STACK + XmssState* state; + #else + XmssState state[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (state == NULL) { + ret = MEMORY_E; + } + if (ret == 0) + #endif + { + /* Initialize state for use in verification. */ + ret = wc_xmss_state_init(state, key->params); + if (ret == 0) { + /* Verify using either XMSS^MT function as it works for both. */ + ret = wc_xmssmt_verify(state, m, mLen, sig, key->pk); + /* Free state after use. */ + wc_xmss_state_free(state); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + } + + return ret; +} + +#endif /* WOLFSSL_HAVE_XMSS */ diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c index 4a91f9969a..80ca9672e5 100644 --- a/wolfcrypt/src/wc_xmss_impl.c +++ b/wolfcrypt/src/wc_xmss_impl.c @@ -1,6 +1,6 @@ /* wc_xmss_impl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,8 +19,4321 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* Based on: + * o RFC 8391 - XMSS: eXtended Merkle Signature Scheme + * o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo + * from "Post Quantum Cryptography", Springer 2009. + * o [OPX] "Optimal Parameters for XMSS^MT", Hulsing, Rausch and Buchmann + * + * TODO: "Simple and Memory-efficient Signature Generation of XMSS^MT" + * (https://ece.engr.uvic.ca/~raltawy/SAC2021/9.pdf) + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + #include +#include +#include + +#include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(WOLFSSL_HAVE_XMSS) + +/* Indices into Hash Address. */ +#define XMSS_ADDR_LAYER 0 +#define XMSS_ADDR_TREE_HI 1 +#define XMSS_ADDR_TREE 2 +#define XMSS_ADDR_TYPE 3 +#define XMSS_ADDR_OTS 4 +#define XMSS_ADDR_LTREE 4 +#define XMSS_ADDR_TREE_ZERO 4 +#define XMSS_ADDR_CHAIN 5 +#define XMSS_ADDR_TREE_HEIGHT 5 +#define XMSS_ADDR_HASH 6 +#define XMSS_ADDR_TREE_INDEX 6 +#define XMSS_ADDR_KEY_MASK 7 + +/* Types of hash addresses. */ +#define WC_XMSS_ADDR_TYPE_OTS 0 +#define WC_XMSS_ADDR_TYPE_LTREE 1 +#define WC_XMSS_ADDR_TYPE_TREE 2 + +/* Byte to include in hash to create unique sequence. */ +#define XMSS_HASH_PADDING_F 0 +#define XMSS_HASH_PADDING_H 1 +#define XMSS_HASH_PADDING_HASH 2 +#define XMSS_HASH_PADDING_PRF 3 +#define XMSS_HASH_PADDING_PRF_KEYGEN 4 + +/* Fixed parameter values. */ +#define XMSS_WOTS_W 16 +#define XMSS_WOTS_LOG_W 4 +#define XMSS_WOTS_LEN2 3 +#define XMSS_CSUM_SHIFT 4 +#define XMSS_CSUM_LEN 2 + +/* Length of the message to the PRF. */ +#define XMSS_PRF_M_LEN 32 + +/* Length of index encoding when doing XMSS. */ +#define XMSS_IDX_LEN 4 + +/* Size of the N when using SHA-256 and 32 byte padding. */ +#define XMSS_SHA256_32_N WC_SHA256_DIGEST_SIZE +/* Size of the padding when using SHA-256 and 32 byte padding. */ +#define XMSS_SHA256_32_PAD_LEN 32 + +/* Calculate PRF data length for parameters. */ +#define XMSS_HASH_PRF_DATA_LEN(params) \ + ((params)->pad_len + (params)->n + WC_XMSS_ADDR_LEN) +/* PRF data length when using SHA-256 with 32 byte padding. */ +#define XMSS_HASH_PRF_DATA_LEN_SHA256_32 \ + (XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN) + +/* Calculate chain hash data length for parameters. */ +#define XMSS_CHAIN_HASH_DATA_LEN(params) \ + ((params)->pad_len + 2 * (params)->n) +/* Chain hash data length when using SHA-256 with 32 byte padding. */ +#define XMSS_CHAIN_HASH_DATA_LEN_SHA256_32 \ + (XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N) + +/* Calculate rand hash data length for parameters. */ +#define XMSS_RAND_HASH_DATA_LEN(params) \ + ((params)->pad_len + 3 * (params)->n) +/* Rand hash data length when using SHA-256 with 32 byte padding. */ +#define XMSS_RAND_HASH_DATA_LEN_SHA256_32 \ + (XMSS_SHA256_32_PAD_LEN + 3 * XMSS_SHA256_32_N) + +/* Encode pad value into byte array. Front fill with 0s. + * + * RFC 8391: 2.4 + * + * @param [in] n Number to encode. + * @param [out] a Array to hold encoding. + * @param [in] l Length of array. + */ +#define XMSS_PAD_ENC(n, a, l) \ +do { \ + XMEMSET(a, 0, l); \ + (a)[(l) - 1] = (n); \ +} while (0) + + +/******************************************** + * Index 32/64 bits + ********************************************/ + +/* Index of 32 or 64 bits. */ +typedef union wc_Idx { +#if WOLFSSL_XMSS_MAX_HEIGHT > 32 + /* 64-bit representation. */ + w64wrapper u64; +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 32 + /* 32-bit representation. */ + word32 u32; +#endif +} wc_Idx; + +#if WOLFSSL_XMSS_MAX_HEIGHT > 32 +/* Set index to zero. + * + * Index is up to 64-bits. + * + * @param [out] idx 32/64-bit index to zero. + */ +#define WC_IDX_ZERO(idx) w64Zero(&(idx).u64) +#else +/* Set index to zero. + * + * Index is no more than 32-bits. + * + * @param [out] idx 32/64-bit index to zero. + */ +#define WC_IDX_ZERO(idx) idx.u32 = 0 +#endif + +#if WOLFSSL_XMSS_MAX_HEIGHT > 32 +/* Decode 64-bit index. + * + * @param [out] i Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define IDX64_DECODE(i, c, a, ret) \ + if ((c) == 5) { \ + word32 t; \ + ato32((a) + 1, &t); \ + (i) = w64From32((a)[0], t); \ + } \ + else if ((c) == 8) { \ + ato64(a, &(i)); \ + } + +/* Decode 64-bit index. + * + * @param [out] i Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define XMSS_IDX64_DECODE(i, c, a, ret) \ +do { \ + IDX64_DECODE(i, c, a, ret) \ + else { \ + (ret) = NOT_COMPILED_IN; \ + } \ +} while (0) + +/* Check whether index is valid. + * + * @param [in] i Index to check. + * @param [in] c Count of bytes i was encoded in. + * @param [in] h Full tree Height. + */ +#define IDX64_INVALID(i, c, h) \ + ((w64GetHigh32(w64Add32(i, 1, NULL)) >> ((h) - 32)) != 0) + +/* Set 64-bit index as hash address value for tree. + * + * @param [in] i Index to set. + * @param [in] c Count of bytes to encode into. + * @param [in] h Height of tree. + * @param [out] a Hash address to encode into. + * @param [out] l Index of leaf. + */ +#define IDX64_SET_ADDR_TREE(i, c, h, a, l) \ + if ((c) > 4) { \ + (l) = w64GetLow32(i) & (((word32)1 << (h)) - 1);\ + (i) = w64ShiftRight(i, h); \ + (a)[XMSS_ADDR_TREE_HI] = w64GetHigh32(i); \ + (a)[XMSS_ADDR_TREE] = w64GetLow32(i); \ + } +#endif /* WOLFSSL_XMSS_MAX_HEIGHT > 32 */ + +#if WOLFSSL_XMSS_MIN_HEIGHT <= 32 +/* Decode 32-bit index. + * + * @param [out] i Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define IDX32_DECODE(i, c, a, ret) \ + if ((c) == 4) { \ + ato32(a, &(i)); \ + } \ + else if ((c) == 3) { \ + ato24(a, &(i)); \ + } + +/* Decode 32-bit index. + * + * @param [out] i Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define XMSS_IDX32_DECODE(i, c, a, ret) \ +do { \ + IDX32_DECODE(i, c, a, ret) \ + else { \ + (ret) = NOT_COMPILED_IN; \ + } \ +} while (0) + +/* Check whether 32-bit index is valid. + * + * @param [in] i Index to check. + * @param [in] c Count of bytes i was encoded in. + * @param [in] h Full tree Height. + */ +#define IDX32_INVALID(i, c, h) \ + ((((i) + 1) >> (h)) != 0) + +/* Set 32-bit index as hash address value for tree. + * + * @param [in] i Index to set. + * @param [in] c Count of bytes to encode into. + * @param [in] h Height of tree. + * @param [out] a Hash address to encode into. + * @param [out] l Index of leaf. + */ +#define IDX32_SET_ADDR_TREE(i, c, h, a, l) \ + if ((c) <= 4) { \ + (l) = ((i) & ((1 << (h)) - 1)); \ + (i) >>= params->sub_h; \ + (a)[XMSS_ADDR_TREE] = (i); \ + } + +#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */ + +#if (WOLFSSL_XMSS_MAX_HEIGHT > 32) && (WOLFSSL_XMSS_MIN_HEIGHT <= 32) + +/* Decode 32/64-bit index. + * + * @param [out] idx Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define WC_IDX_DECODE(idx, c, a, ret) \ +do { \ + IDX64_DECODE((idx).u64, c, a, ret) \ + else \ + IDX32_DECODE((idx).u32, c, a, ret) \ + else { \ + (ret) = NOT_COMPILED_IN; \ + } \ +} while (0) + +/* Check whether index is valid. + * + * @param [in] i Index to check. + * @param [in] c Count of bytes i was encoded in. + * @param [in] h Full tree Height. + */ +#define WC_IDX_INVALID(i, c, h) \ + ((((c) > 4) && IDX64_INVALID((i).u64, c, h)) || \ + (((c) <= 4) && IDX32_INVALID((i).u32, c, h))) + +/* Set 32/64-bit index as hash address value for tree. + * + * @param [in] i Index to set. + * @param [in] c Count of bytes to encode into. + * @param [in] h Height of tree. + * @param [out] a Hash address to encode into. + * @param [out] l Index of leaf. + */ +#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l) \ +do { \ + IDX64_SET_ADDR_TREE((idx).u64, c, h, a, l) \ + else \ + IDX32_SET_ADDR_TREE((idx).u32, c, h, a, l) \ +} while (0) + +#elif WOLFSSL_XMSS_MAX_HEIGHT > 32 + +/* Decode 64-bit index. + * + * @param [out] idx Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define WC_IDX_DECODE(idx, c, a, ret) \ +do { \ + IDX64_DECODE((idx).u64, c, a, ret) \ +} while (0) + +/* Check whether index is valid. + * + * @param [in] i Index to check. + * @param [in] c Count of bytes i was encoded in. + * @param [in] h Full tree Height. + */ +#define WC_IDX_INVALID(i, c, h) \ + IDX64_INVALID((i).u64, c, h) + +/* Set 64-bit index as hash address value for tree. + * + * @param [in] i Index to set. + * @param [in] c Count of bytes to encode into. + * @param [in] h Height of tree. + * @param [out] a Hash address to encode into. + * @param [out] l Index of leaf. + */ +#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l) \ +do { \ + IDX64_SET_ADDR_TREE((idx).u64, c, h, a, l) \ +} while (0) + +#else + +/* Decode 32-bit index. + * + * @param [out] idx Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + * @param [out] ret Return value. + */ +#define WC_IDX_DECODE(idx, c, a, ret) \ +do { \ + IDX32_DECODE((idx).u32, c, a, ret) \ + else { \ + (ret) = NOT_COMPILED_IN; \ + } \ +} while (0) + +/* Check whether index is valid. + * + * @param [in] i Index to check. + * @param [in] c Count of bytes i was encoded in. + * @param [in] h Full tree Height. + */ +#define WC_IDX_INVALID(i, c, h) \ + IDX32_INVALID((i).u32, c, h) + +/* Set 32-bit index as hash address value for tree. + * + * @param [in] i Index to set. + * @param [in] c Count of bytes to encode into. + * @param [in] h Height of tree. + * @param [out] a Hash address to encode into. + * @param [out] l Index of leaf. + */ +#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l) \ +do { \ + IDX32_SET_ADDR_TREE(idx.u32, c, h, a, l) \ +} while (0) + +#endif /* (WOLFSSL_XMSS_MAX_HEIGHT > 32) && (WOLFSSL_XMSS_MIN_HEIGHT <= 32) */ + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY +/* Update index by adding one to big-endian encoded value. + * + * @param [in, out] a Array index is encoded in. + * @param [in] l Length of encoded index. + */ +static void wc_idx_update(unsigned char* a, word8 l) +{ + sword8 i; + + for (i = l - 1; i >= 0; i--) { + if ((++a[i]) != 0) { + break; + } + } +} + +/* Copy index from source buffer to destination buffer. + * + * Index is put into the front of the destination buffer with the length of the + * source. + * + * @param [in] s Source buffer. + * @param [in] sl Length of index in source. + * @param [in, out] d Destination buffer. + * @param [in] dl Length of destination buffer. + */ +static void wc_idx_copy(const unsigned char* s, word8 sl, unsigned char* d, + word8 dl) +{ + XMEMCPY(d, s, sl); + XMEMSET(d + sl, 0, dl - sl); +} +#endif + +/******************************************** + * Hash Address. + ********************************************/ + +/* Set the hash address based on subtree. + * + * @param [out] a Hash address. + * @param [in] s Subtree hash address. + * @param [in] t Type of hash address. + */ +#define XMSS_ADDR_SET_SUBTREE(a, s, t) \ +do { \ + (a)[XMSS_ADDR_LAYER] = (s)[XMSS_ADDR_LAYER]; \ + (a)[XMSS_ADDR_TREE_HI] = (s)[XMSS_ADDR_TREE_HI]; \ + (a)[XMSS_ADDR_TREE] = (s)[XMSS_ADDR_TREE]; \ + (a)[XMSS_ADDR_TYPE] = (t); \ + XMEMSET((a) + 4, 0, sizeof(a) - 4 * sizeof(*(a)));\ +} while (0) + +/* Set the OTS hash address based on subtree. + * + * @param [out] a Hash address. + * @param [in] s Subtree hash address. + */ +#define XMSS_ADDR_OTS_SET_SUBTREE(a, s) \ + XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_OTS) +/* Set the L-tree address based on subtree. + * + * @param [out] a Hash address. + * @param [in] s Subtree hash address. + */ +#define XMSS_ADDR_LTREE_SET_SUBTREE(a, s) \ + XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_LTREE) +/* Set the hash tree address based on subtree. + * + * @param [out] a Hash address. + * @param [in] s Subtree hash address. + */ +#define XMSS_ADDR_TREE_SET_SUBTREE(a, s) \ + XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_TREE) + +#ifdef LITTLE_ENDIAN_ORDER + +/* Set a byte value into a word of an encoded address. + * + * @param [in, out] a Encoded hash address. + * @param [in] i Index of word. + * @param [in] b Byte to set. + */ +#define XMSS_ADDR_SET_BYTE(a, i, b) \ + ((word32*)(a))[i] = (word32)(b) << 24 + +#else + +/* Set a byte value into a word of an encoded address. + * + * @param [in, out] a Encoded hash address. + * @param [in] i Index of word. + * @param [in] b Byte to set. + */ +#define XMSS_ADDR_SET_BYTE(a, i, b) \ + ((word32*)(a))[i] = (b) + +#endif /* LITTLE_ENDIAN_ORDER */ + +/* Convert hash address to bytes. + * + * @param [out] bytes Array to encode into. + * @param [in] addr Hash address. + */ +static void wc_xmss_addr_encode(const HashAddress addr, byte* bytes) +{ + c32toa((addr)[0], (bytes) + (0 * 4)); + c32toa((addr)[1], (bytes) + (1 * 4)); + c32toa((addr)[2], (bytes) + (2 * 4)); + c32toa((addr)[3], (bytes) + (3 * 4)); + c32toa((addr)[4], (bytes) + (4 * 4)); + c32toa((addr)[5], (bytes) + (5 * 4)); + c32toa((addr)[6], (bytes) + (6 * 4)); + c32toa((addr)[7], (bytes) + (7 * 4)); +} + +/******************************************** + * HASHING + ********************************************/ + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \ + !defined(WC_XMSS_FULL_HASH) + +/* Set hash data and length into SHA-256 digest. + * + * @param [in, out] state XMSS/MT state with SHA-256 digest. + * @param [in] data Data to add to hash. + * @param [in] len Number of bytes in data. + * Must be less than a block. + * @param [in] total_len Number of bytes updated so far. + */ +#define XMSS_SHA256_SET_DATA(state, data, len, total_len) \ +do { \ + XMEMCPY((state)->digest.sha256.buffer, data, len); \ + (state)->digest.sha256.buffLen = (len); \ + (state)->digest.sha256.loLen = (total_len); \ +} while (0) + +/* Save the SHA-256 state to cache. + * + * @param [in, out] state XMSS/MT state with SHA-256 digest and state cache. + */ +#define XMSS_SHA256_STATE_CACHE(state) \ + (state)->dgst_state[0] = (state)->digest.sha256.digest[0]; \ + (state)->dgst_state[1] = (state)->digest.sha256.digest[1]; \ + (state)->dgst_state[2] = (state)->digest.sha256.digest[2]; \ + (state)->dgst_state[3] = (state)->digest.sha256.digest[3]; \ + (state)->dgst_state[4] = (state)->digest.sha256.digest[4]; \ + (state)->dgst_state[5] = (state)->digest.sha256.digest[5]; \ + (state)->dgst_state[6] = (state)->digest.sha256.digest[6]; \ + (state)->dgst_state[7] = (state)->digest.sha256.digest[7]; \ + +/* Restore the SHA-256 state from cache and set length. + * + * @param [in, out] state XMSS/MT state with SHA-256 digest and state cache. + * @param [in] len Number of bytes of data hashed so far. + */ +#define XMSS_SHA256_STATE_RESTORE(state, len) \ +do { \ + (state)->digest.sha256.digest[0] = (state)->dgst_state[0]; \ + (state)->digest.sha256.digest[1] = (state)->dgst_state[1]; \ + (state)->digest.sha256.digest[2] = (state)->dgst_state[2]; \ + (state)->digest.sha256.digest[3] = (state)->dgst_state[3]; \ + (state)->digest.sha256.digest[4] = (state)->dgst_state[4]; \ + (state)->digest.sha256.digest[5] = (state)->dgst_state[5]; \ + (state)->digest.sha256.digest[6] = (state)->dgst_state[6]; \ + (state)->digest.sha256.digest[7] = (state)->dgst_state[7]; \ + (state)->digest.sha256.loLen = (len); \ +} while (0) + +/* Restore the SHA-256 state from cache and set data and length. + * + * @param [in, out] state XMSS/MT state with SHA-256 digest and cache. + * @param [in] data Data to add to hash. + * @param [in] len Number of bytes in data. + * Must be less than a block. + * @param [in] total_len Number of bytes updated so far. + */ +#define XMSS_SHA256_STATE_RESTORE_DATA(state, data, len, total_len) \ +do { \ + (state)->digest.sha256.digest[0] = (state)->dgst_state[0]; \ + (state)->digest.sha256.digest[1] = (state)->dgst_state[1]; \ + (state)->digest.sha256.digest[2] = (state)->dgst_state[2]; \ + (state)->digest.sha256.digest[3] = (state)->dgst_state[3]; \ + (state)->digest.sha256.digest[4] = (state)->dgst_state[4]; \ + (state)->digest.sha256.digest[5] = (state)->dgst_state[5]; \ + (state)->digest.sha256.digest[6] = (state)->dgst_state[6]; \ + (state)->digest.sha256.digest[7] = (state)->dgst_state[7]; \ + XMSS_SHA256_SET_DATA(state, data, len, total_len); \ +} while (0) + +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 && !WC_XMSS_FULL_HASH */ + +/* Hash the data into output buffer. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] in Data to digest. + * @param [in] inlen Length of data to digest in bytes. + * @param [out] out Buffer to put digest into. + */ +static WC_INLINE void wc_xmss_hash(XmssState* state, const byte* in, + word32 inlen, byte* out) +{ + int ret; + const XmssParams* params = state->params; -#ifdef WOLFSSL_HAVE_XMSS - #error "Contact wolfSSL to get the implementation of this file" +#ifdef WC_XMSS_SHA256 + /* Full SHA-256 digest. */ + if ((params->hash == WC_HASH_TYPE_SHA256) && + (params->n == WC_SHA256_DIGEST_SIZE)) { + ret = wc_Sha256Update(&state->digest.sha256, in, inlen); + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, out); + } + } +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 + /* Partial SHA-256 digest. */ + else if (params->hash == WC_HASH_TYPE_SHA256) { + byte buf[WC_SHA256_DIGEST_SIZE]; + ret = wc_Sha256Update(&state->digest.sha256, in, inlen); + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, buf); + } + if (ret == 0) { + XMEMCPY(out, buf, params->n); + } + } #endif + else +#endif /* WC_XMSS_SHA256 */ +#ifdef WC_XMSS_SHA512 + /* Full SHA-512 digest. */ + if (params->hash == WC_HASH_TYPE_SHA512) { + ret = wc_Sha512Update(&state->digest.sha512, in, inlen); + if (ret == 0) { + ret = wc_Sha512Final(&state->digest.sha512, out); + } + } + else +#endif /* WC_XMSS_SHA512 */ +#ifdef WC_XMSS_SHAKE128 + /* Digest with SHAKE-128. */ + if (params->hash == WC_HASH_TYPE_SHAKE128) { + ret = wc_Shake128_Update(&state->digest.shake, in, inlen); + if (ret == 0) { + ret = wc_Shake128_Final(&state->digest.shake, out, params->n); + } + } + else +#endif /* WC_XMSS_SHAKE128 */ +#ifdef WC_XMSS_SHAKE256 + /* Digest with SHAKE-256. */ + if (params->hash == WC_HASH_TYPE_SHAKE256) { + ret = wc_Shake256_Update(&state->digest.shake, in, inlen); + if (ret == 0) { + ret = wc_Shake256_Final(&state->digest.shake, out, params->n); + } + } + else +#endif /* WC_XMSS_SHAKE256 */ + { + /* Unsupported digest function. */ + ret = NOT_COMPILED_IN; + } + + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +} + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) +#ifndef WC_XMSS_FULL_HASH +/* Chain hashing. + * + * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM = PRF(SEED, ADRS); + * tmp = F(KEY, tmp XOR BM); + * return tmp; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] tmp Temporary buffer holding chain data. + * @param [in] addr Hash address as a byte array. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_chain_hash_sha256_32(XmssState* state, const byte* tmp, + byte* addr, byte* hash) +{ + /* Offsets into chain hash data. */ + byte* pad = state->buf; + byte* key = pad + XMSS_SHA256_32_PAD_LEN; + byte* bm = key + XMSS_SHA256_32_N; + int ret; + + /* Calculate n-byte key - KEY. */ + ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, key); + + if (ret == 0) { + /* Calculate n-byte bit mask - BM. */ + addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm); + } + + if (ret == 0) { + /* Function padding set in caller. */ + xorbuf(bm, tmp, XMSS_SHA256_32_N); + ret = wc_Sha256Update(&state->digest.sha256, state->buf, + XMSS_CHAIN_HASH_DATA_LEN_SHA256_32); + } + if (ret == 0) { + /* Calculate the chain hash. */ + ret = wc_Sha256Final(&state->digest.sha256, hash); + } + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +} +#else +/* Chain hashing. + * + * Padding, seed, addr for PRF set by caller into prf_buf. + * + * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM = PRF(SEED, ADRS); + * tmp = F(KEY, tmp XOR BM); + * return tmp; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] tmp Temporary buffer holding chain data. + * @param [out] out Buffer to hold hash. + */ +static void wc_xmss_chain_hash_sha256_32(XmssState* state, const byte* tmp, + byte* hash) +{ + byte* addr = state->prf_buf + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N; + /* Offsets into chain hash data. */ + byte* pad = state->buf; + byte* key = pad + XMSS_SHA256_32_PAD_LEN; + byte* bm = key + XMSS_SHA256_32_N; + + /* Calculate n-byte key - KEY. */ + ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key); + /* Calculate the n-byte mask. */ + addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm); + + /* Function padding set in caller. */ + xorbuf(bm, tmp, XMSS_SHA256_32_N); + /* Calculate the chain hash. */ + wc_xmss_hash(state, state->buf, XMSS_CHAIN_HASH_DATA_LEN_SHA256_32, hash); +} +#endif /* !WC_XMSS_FULL_HASH */ +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + +/* Chain hashing. + * + * Padding, seed, addr for PRF set by caller into prf_buf. + * + * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM = PRF(SEED, ADRS); + * tmp = F(KEY, tmp XOR BM); + * return tmp; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] tmp Temporary buffer holding chain data. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_chain_hash(XmssState* state, const byte* tmp, byte* hash) +{ + const XmssParams* params = state->params; + byte* addr = state->prf_buf + params->pad_len + params->n; + /* Offsets into chain hash data. */ + byte* pad = state->buf; + byte* key = pad + params->pad_len; + byte* bm = key + params->n; + + /* Calculate n-byte key - KEY. */ + ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN(params), key); + /* Calculate n-byte bit mask - BM. */ + addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN(params), bm); + + /* Function padding set in caller. */ + xorbuf(bm, tmp, params->n); + /* Calculate the chain hash. */ + wc_xmss_hash(state, state->buf, XMSS_CHAIN_HASH_DATA_LEN(params), hash); +} + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) +#ifndef WC_XMSS_FULL_HASH +/* Randomized tree hashing. + * + * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM_0 = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(2); + * BM_1 = PRF(SEED, ADRS); + * return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1)); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] data Input data. + * @param [in] addr Hash address. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_rand_hash_sha256_32_prehash(XmssState* state, + const byte* data, HashAddress addr, byte* hash) +{ + int ret; + /* Offsets into rand hash data. */ + byte* pad = state->buf; + byte* key = pad + XMSS_SHA256_32_PAD_LEN; + byte* bm0 = key + XMSS_SHA256_32_N; + byte* bm1 = bm0 + XMSS_SHA256_32_N; + byte addr_buf[WC_XMSS_ADDR_LEN]; + + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, key); + + /* Calculate n-byte mask - BM_0. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm0); + } + + /* Calculate n-byte mask - BM_1. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm1); + } + + if (ret == 0) { + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN); + /* XOR into bm0 and bm1. */ + xorbuf(bm0, data, XMSS_SHA256_32_N * 2); + ret = wc_Sha256Update(&state->digest.sha256, state->buf, + XMSS_RAND_HASH_DATA_LEN_SHA256_32); + } + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, hash); + } + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +} +#endif /* !WC_XMSS_FULL_HASH */ + +/* Randomized tree hashing. + * + * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM_0 = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(2); + * BM_1 = PRF(SEED, ADRS); + * return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1)); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] data Input data. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_rand_hash_sha256_32(XmssState* state, const byte* data, + const byte* pk_seed, HashAddress addr, byte* hash) +{ + byte* addr_buf = state->prf_buf + XMSS_SHA256_32_PAD_LEN + + XMSS_SHA256_32_N; + /* Offsets into rand hash data. */ + byte* pad = state->buf; + byte* key = pad + XMSS_SHA256_32_PAD_LEN; + byte* bm0 = key + XMSS_SHA256_32_N; + byte* bm1 = bm0 + XMSS_SHA256_32_N; +#ifndef WC_XMSS_FULL_HASH + int ret; + + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed, + XMSS_SHA256_32_N); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf, + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N); + if (ret == 0) { + /* Copy state after first 64 bytes. */ + XMSS_SHA256_STATE_CACHE(state); + /* Copy in remaining 32 bytes to buffer. */ + XMSS_SHA256_SET_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, key); + } + + /* Calculate n-byte mask - BM_0. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm0); + } + + /* Calculate n-byte mask - BM_1. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm1); + } + + if (ret == 0) { + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN); + /* XOR into bm0 and bm1. */ + xorbuf(bm0, data, 2 * XMSS_SHA256_32_N); + ret = wc_Sha256Update(&state->digest.sha256, state->buf, + XMSS_RAND_HASH_DATA_LEN_SHA256_32); + } + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, hash); + } + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +#else + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed, + XMSS_SHA256_32_N); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key); + /* Calculate n-byte mask - BM_0. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm0); + /* Calculate n-byte mask - BM_1. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm1); + + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, state->buf, XMSS_SHA256_32_PAD_LEN); + xorbuf(bm0, data, 2 * XMSS_SHA256_32_N); + wc_xmss_hash(state, state->buf, XMSS_RAND_HASH_DATA_LEN_SHA256_32, hash); +#endif /* WC_XMSS_FULL_HASH */ +} +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + +/* Randomized tree hashing. + * + * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM_0 = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(2); + * BM_1 = PRF(SEED, ADRS); + * return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1)); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] data Input data. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_rand_hash(XmssState* state, const byte* data, + const byte* pk_seed, HashAddress addr, byte* hash) +{ + const XmssParams* params = state->params; + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + wc_xmss_rand_hash_sha256_32(state, data, pk_seed, addr, hash); + } + else +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + { + byte* addr_buf = state->prf_buf + params->pad_len + params->n; + /* Offsets into rand hash data. */ + byte* pad = state->buf; + byte* key = pad + params->pad_len; + byte* bm0 = key + params->n; + byte* bm1 = bm0 + params->n; + const word32 len = params->pad_len + params->n + WC_XMSS_ADDR_LEN; + + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, params->pad_len); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + params->pad_len, pk_seed, params->n); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + wc_xmss_hash(state, state->prf_buf, len, key); + /* Calculate n-byte mask - BM_0. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, len, bm0); + /* Calculate n-byte mask - BM_1. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + wc_xmss_hash(state, state->prf_buf, len, bm1); + + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, params->pad_len); + xorbuf(bm0, data, 2 * params->n); + wc_xmss_hash(state, state->buf, params->pad_len + 3 * params->n, + hash); + } +} + +#if !defined(WOLFSSL_WC_XMSS_SMALL) || defined(WOLFSSL_XMSS_VERIFY_ONLY) +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) +/* Randomized tree hashing. + * + * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM_0 = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(2); + * BM_1 = PRF(SEED, ADRS); + * return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1)); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] left First half of data. + * @param [in] right Second half of data. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_rand_hash_lr_sha256_32(XmssState* state, const byte* left, + const byte* right, const byte* pk_seed, HashAddress addr, byte* hash) +{ + byte* addr_buf = state->prf_buf + XMSS_SHA256_32_PAD_LEN + + XMSS_SHA256_32_N; + /* Offsets into rand hash data. */ + byte* pad = state->buf; + byte* key = pad + XMSS_SHA256_32_PAD_LEN; + byte* bm0 = key + XMSS_SHA256_32_N; + byte* bm1 = bm0 + XMSS_SHA256_32_N; +#ifndef WC_XMSS_FULL_HASH + int ret; + + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed, + XMSS_SHA256_32_N); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf, + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N); + if (ret == 0) { + /* Copy state after first 64 bytes. */ + XMSS_SHA256_STATE_CACHE(state); + /* Copy in remaining 32 bytes to buffer. */ + XMSS_SHA256_SET_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, key); + } + + /* Calculate n-byte mask - BM_0. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm0); + } + + /* Calculate n-byte mask - BM_1. */ + if (ret == 0) { + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + /* Copy back state after first 64 bytes. */ + XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN, + XMSS_HASH_PRF_DATA_LEN_SHA256_32); + /* Calculate hash. */ + ret = wc_Sha256Final(&state->digest.sha256, bm1); + } + + if (ret == 0) { + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN); + /* XOR into bm0 and bm1. */ + XMEMCPY(state->prf_buf, left, XMSS_SHA256_32_N); + XMEMCPY(state->prf_buf + XMSS_SHA256_32_N, right, XMSS_SHA256_32_N); + xorbuf(bm0, state->prf_buf, 2 * XMSS_SHA256_32_N); + ret = wc_Sha256Update(&state->digest.sha256, state->buf, + XMSS_RAND_HASH_DATA_LEN_SHA256_32); + } + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, hash); + } + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +#else + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed, XMSS_SHA256_32_N); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key); + /* Calculate n-byte mask - BM_0. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm0); + /* Calculate n-byte mask - BM_1. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm1); + + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, state->buf, XMSS_SHA256_32_PAD_LEN); + XMEMCPY(state->prf_buf, left, XMSS_SHA256_32_N); + XMEMCPY(state->prf_buf + XMSS_SHA256_32_N, right, XMSS_SHA256_32_N); + xorbuf(bm0, state->prf_buf, 2 * XMSS_SHA256_32_N); + wc_xmss_hash(state, state->buf, XMSS_RAND_HASH_DATA_LEN_SHA256_32, hash); +#endif /* WC_XMSS_FULL_HASH */ +} +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ +/* Randomized tree hashing - left and right separate parameters. + * + * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH + * ... + * ADRS.setKeyAndMask(0); + * KEY = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(1); + * BM_0 = PRF(SEED, ADRS); + * ADRS.setKeyAndMask(2); + * BM_1 = PRF(SEED, ADRS); + * return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1)); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] left First half of data. + * @param [in] right Second half of data. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_rand_hash_lr(XmssState* state, const byte* left, + const byte* right, const byte* pk_seed, HashAddress addr, byte* hash) +{ + const XmssParams* params = state->params; + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + wc_xmss_rand_hash_lr_sha256_32(state, left, right, pk_seed, addr, hash); + } + else +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + { + byte* addr_buf = state->prf_buf + params->pad_len + params->n; + /* Offsets into rand hash data. */ + byte* pad = state->buf; + byte* key = pad + params->pad_len; + byte* bm0 = key + params->n; + byte* bm1 = bm0 + params->n; + const word32 len = params->pad_len + params->n + WC_XMSS_ADDR_LEN; + + /* Encode padding byte for PRF. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, params->pad_len); + /* Append public seed for PRF. */ + XMEMCPY(state->prf_buf + params->pad_len, pk_seed, params->n); + + /* Set key mask to initial value and append encoding. */ + addr[XMSS_ADDR_KEY_MASK] = 0; + wc_xmss_addr_encode(addr, addr_buf); + + /* Calculate n-byte key - KEY. */ + wc_xmss_hash(state, state->prf_buf, len, key); + /* Calculate n-byte mask - BM_0. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1; + wc_xmss_hash(state, state->prf_buf, len, bm0); + /* Calculate n-byte mask - BM_1. */ + addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2; + wc_xmss_hash(state, state->prf_buf, len, bm1); + + XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, params->pad_len); + XMEMCPY(state->prf_buf, left, params->n); + XMEMCPY(state->prf_buf + params->n, right, params->n); + xorbuf(bm0, state->prf_buf, 2 * params->n); + wc_xmss_hash(state, state->buf, params->pad_len + 3 * params->n, + hash); + } +} +#endif /* !WOLFSSL_WC_XMSS_SMALL || WOLFSSL_XMSS_VERIFY_ONLY */ + +/* Compute message hash from the random r, root, index and message. + * + * RFC 8391: 4.1.9, Algorithm 12: XMSS_sign + * ... + * byte[n] M' = H_msg(r || getRoot(SK) || (toByte(idx_sig, n)), M); + * RFC 8391: 5.1 + * H_msg: SHA2-256(toByte(2, 32) || KEY || M) + * H_msg: SHA2-512(toByte(2, 64) || KEY || M) + * H_msg: SHAKE128(toByte(2, 32) || KEY || M, 256) + * H_msg: SHAKE256(toByte(2, 64) || KEY || M, 512) + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] random Random value of n bytes. + * @param [in] root Public root. + * @param [in] idx Buffer holding encoded index. + * @param [in] idx_len Length of encoded index in bytes. + * @param [in] m Message to hash. + * @param [in] mlen Length of message. + * @param [out] hash Buffer to hold hash. + */ +static void wc_xmss_hash_message(XmssState* state, const byte* random, + const byte* root, const byte* idx, word8 idx_len, const byte* m, + word32 mlen, byte* hash) +{ + int ret; + const XmssParams* params = state->params; + word32 padKeyLen = params->pad_len + 3 * params->n; + /* Offsets into message hash data. */ + byte* padKey = state->buf; + byte* pad = padKey; + byte* key = pad + params->pad_len; + byte* root_sk = key + params->n; + byte* idx_sig = root_sk + params->n; + + /* Set prefix data before message. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_HASH, pad, params->pad_len); + XMEMCPY(key, random, params->n); + XMEMCPY(root_sk, root, params->n); + XMEMSET(idx_sig, 0, params->n - idx_len); + XMEMCPY(idx_sig + params->n - idx_len, idx, idx_len); + + /* Hash the padding and key first. */ +#ifdef WC_XMSS_SHA256 + if (params->hash == WC_HASH_TYPE_SHA256) { + ret = wc_Sha256Update(&state->digest.sha256, padKey, padKeyLen); + } + else +#endif /* WC_XMSS_SHA256 */ +#ifdef WC_XMSS_SHA512 + if (params->hash == WC_HASH_TYPE_SHA512) { + ret = wc_Sha512Update(&state->digest.sha512, padKey, padKeyLen); + } + else +#endif /* WC_XMSS_SHA512 */ +#ifdef WC_XMSS_SHAKE128 + if (params->hash == WC_HASH_TYPE_SHAKE128) { + ret = wc_Shake128_Update(&state->digest.shake, padKey, padKeyLen); + } + else +#endif /* WC_XMSS_SHAKE128 */ +#ifdef WC_XMSS_SHAKE256 + if (params->hash == WC_HASH_TYPE_SHAKE256) { + ret = wc_Shake256_Update(&state->digest.shake, padKey, padKeyLen); + } + else +#endif /* WC_XMSS_SHAKE256 */ + { + /* Unsupported digest function. */ + ret = NOT_COMPILED_IN; + } + if (ret == 0) { + /* Generate hash of message - M'. */ + wc_xmss_hash(state, m, mlen, hash); + } + else if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +} + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + +/* Compute PRF with key and message. + * + * RFC 8391: 5.1 + * PRF: SHA2-256(toByte(3, 32) || KEY || M) + * PRF: SHA2-512(toByte(3, 64) || KEY || M) + * PRF: SHAKE128(toByte(3, 32) || KEY || M, 256) + * PRF: SHAKE256(toByte(3, 64) || KEY || M, 512) + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] key Key used to derive pseudo-random from. + * @param [in] m 32 bytes of data to derive pseudo-random from. + * @param [out] prf Buffer to hold pseudo-random data. + */ +static void wc_xmss_prf(XmssState* state, const byte* key, const byte* m, + byte* prf) +{ + const XmssParams* params = state->params; + byte* pad = state->prf_buf; + byte* key_buf = pad + params->pad_len; + byte* m_buf = key_buf + params->n; + + /* 00[0..pl-1] || 03 || key[0..n-1] || m[0..31] */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, params->pad_len); + XMEMCPY(key_buf, key, params->n); + XMEMCPY(m_buf, m, XMSS_PRF_M_LEN); + + /* Hash the PRF data. */ + wc_xmss_hash(state, state->prf_buf, params->pad_len + params->n + + XMSS_PRF_M_LEN, prf); +} + +#ifdef XMSS_CALL_PRF_KEYGEN +/* Compute PRF for keygen with key and message. + * + * NIST SP 800-208: 5.1, 5.2, 5.3, 5.4 + * PRFkeygen (KEY, M): SHA-256(toByte(4, 32) || KEY || M) + * PRFkeygen (KEY, M): T192(SHA-256(toByte(4, 4) || KEY || M)) + * PRFkeygen (KEY, M): SHAKE256(toByte(4, 32) || KEY || M, 256) + * PRFkeygen (KEY, M): SHAKE256(toByte(4, 4) || KEY || M, 192) + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] key Key of n bytes used to derive pseudo-random from. + * @param [in] m n + 32 bytes of data to derive pseudo-random from. + * @param [out] prf Buffer to hold pseudo-random data. + */ +static void wc_xmss_prf_keygen(XmssState* state, const byte* key, + const byte* m, byte* prf) +{ + const XmssParams* params = state->params; + byte* pad = state->prf_buf; + byte* key_buf = pad + params->pad_len; + byte* m_buf = key_buf + params->n; + + /* 00[0..pl-1] || 04 || key[0..n-1] || m[0..n+31] */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, params->pad_len); + XMEMCPY(key_buf, key, params->n); + XMEMCPY(m_buf, m, params->n + XMSS_PRF_M_LEN); + + /* Hash the PRF keygen data. */ + wc_xmss_hash(state, state->prf_buf, params->pad_len + 2 * params->n + + XMSS_PRF_M_LEN, prf); +} +#endif /* XMSS_CALL_PRF_KEYGEN */ + +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + +/******************************************** + * WOTS + ********************************************/ + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) +/* Expand private seed with PRF keygen. + * + * RFC 8391: 4.1.3 + * "the existence of a method getWOTS_SK(SK, i) is assumed" + * NIST SP 800-208: 7.2.1, Algorithm 10' + * ... + * for ( j=0; j < len; j++) { + * ADRS.setChainAddress(j); + * sk[j] = PRFkeygen(S_XMSS, SEED || ADRS); + * } + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk_seed Buffer holding private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address as a byte array. + * @param [out] gen_seed Buffer to hold seeds. + */ +static void wc_xmss_wots_get_wots_sk_sha256_32(XmssState* state, + const byte* sk_seed, const byte* pk_seed, byte* addr, byte* gen_seed) +{ + const XmssParams* params = state->params; + word32 i; + byte* pad = state->prf_buf; + byte* s_xmss = pad + XMSS_SHA256_32_PAD_LEN; + byte* seed = s_xmss + XMSS_SHA256_32_N; + byte* addr_buf = seed + XMSS_SHA256_32_N; + int ret; + + ((word32*)addr)[XMSS_ADDR_CHAIN] = 0; + ((word32*)addr)[XMSS_ADDR_HASH] = 0; + ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0; + + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, XMSS_SHA256_32_PAD_LEN); + XMEMCPY(s_xmss, sk_seed, XMSS_SHA256_32_N); + XMEMCPY(seed, pk_seed, XMSS_SHA256_32_N); + XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN); + +#ifndef WC_XMSS_FULL_HASH + ret = wc_Sha256Update(&state->digest.sha256, pad, XMSS_SHA256_32_PAD_LEN + + XMSS_SHA256_32_N); + if (ret == 0) { + /* Copy state after first 64 bytes. */ + XMSS_SHA256_STATE_CACHE(state); + ret = wc_Sha256Update(&state->digest.sha256, seed, XMSS_SHA256_32_N + + WC_XMSS_ADDR_LEN); + } + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, gen_seed); + } + for (i = 1; (ret == 0) && (i < params->wots_len); i++) { + gen_seed += XMSS_SHA256_32_N; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + XMSS_SHA256_STATE_RESTORE(state, 64); + ret = wc_Sha256Update(&state->digest.sha256, seed, XMSS_SHA256_32_N + + WC_XMSS_ADDR_LEN); + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, gen_seed); + } + } +#else + ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf, + XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN); + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, gen_seed); + } + for (i = 1; (ret == 0) && i < params->wots_len; i++) { + gen_seed += XMSS_SHA256_32_N; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf, + XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN); + if (ret == 0) { + ret = wc_Sha256Final(&state->digest.sha256, gen_seed); + } + } +#endif /* WC_XMSS_FULL_HASH*/ + + if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +} +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + +/* Expand private seed with PRF keygen. + * + * RFC 8391: 4.1.3 + * "the existence of a method getWOTS_SK(SK, i) is assumed" + * NIST SP 800-208: 7.2.1 + * Algorithm 10' + * ... + * for ( j=0; j < len; j++) { + * ADRS.setChainAddress(j); + * sk[j] = PRFkeygen(S_XMSS, SEED || ADRS); + * } + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk_seed Buffer holding private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address as a byte array. + * @param [out] gen_seed Buffer to hold seeds. + */ +static void wc_xmss_wots_get_wots_sk(XmssState* state, const byte* sk_seed, + const byte* pk_seed, byte* addr, byte* gen_seed) +{ + const XmssParams* params = state->params; + word32 i; +#ifdef XMSS_CALL_PRF_KEYGEN + byte* seed = state->buf; + byte* addr_buf = seed + params->n; +#else + byte* pad = state->prf_buf; + byte* s_xmss = pad + params->pad_len; + byte* seed = s_xmss + params->n; + byte* addr_buf = seed + params->n; + const word32 len = params->pad_len + params->n * 2 + WC_XMSS_ADDR_LEN; +#endif /* XMSS_CALL_PRF_KEYGEN */ + + /* Ensure hash address fields are 0. */ + ((word32*)addr)[XMSS_ADDR_CHAIN] = 0; + ((word32*)addr)[XMSS_ADDR_HASH] = 0; + ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0; + +#ifdef XMSS_CALL_PRF_KEYGEN + /* Copy the seed and address into PRF keygen message buffer. */ + XMEMCPY(seed, pk_seed, params->n); + XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN); + + wc_xmss_prf_keygen(state, sk_seed, state->buf, gen_seed); + for (i = 1; i < params->wots_len; i++) { + gen_seed += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_prf_keygen(state, sk_seed, state->buf, gen_seed); + } +#else + /* Copy the PRF keygen fields into one buffer. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, params->pad_len); + XMEMCPY(s_xmss, sk_seed, params->n); + XMEMCPY(seed, pk_seed, params->n); + XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN); + + /* Fill output with hashes of different chain hash addresses. */ + wc_xmss_hash(state, state->prf_buf, len, gen_seed); + for (i = 1; i < params->wots_len; i++) { + gen_seed += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_hash(state, state->prf_buf, len, gen_seed); + } +#endif /* XMSS_CALL_PRF_KEYGEN */ +} + +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) +/* Chain hashing to calculate node hash. + * + * RFC 8391: 3.1.2, Algorithm 2 - recursive. + * This function is an iterative version. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] data Initial data to hash. + * @param [in] start Starting hash value in hash address. + * @param [in] steps Size of step. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address as a byte array. + * @param [out] hash Chained hash. + */ +static void wc_xmss_chain_sha256_32(XmssState* state, const byte* data, + unsigned int start, unsigned int steps, const byte* pk_seed, byte* addr, + byte* hash) +{ + if (steps > 0) { + word32 i; + byte* pad = state->prf_buf; + byte* seed = pad + XMSS_SHA256_32_PAD_LEN; +#ifndef WC_XMSS_FULL_HASH + int ret; + + /* Set data for PRF hash. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, XMSS_SHA256_32_PAD_LEN); + XMEMCPY(seed, pk_seed, XMSS_SHA256_32_N); + + /* Hash first 64 bytes. */ + ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf, + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N); + if (ret == 0) { + /* Copy state after first 64 bytes. */ + XMSS_SHA256_STATE_CACHE(state); + /* Only do this once for all chain hash calls. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf, + state->params->pad_len); + + /* Set address. */ + XMSS_ADDR_SET_BYTE(addr, XMSS_ADDR_HASH, start); + wc_xmss_chain_hash_sha256_32(state, data, addr, hash); + /* Iterate 'steps' calls to the hash function. */ + for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) { + addr[XMSS_ADDR_HASH * 4 + 3] = i; + wc_xmss_chain_hash_sha256_32(state, hash, addr, hash); + } + } + else if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } +#else + const XmssParams* params = state->params; + byte* addr_buf = seed + XMSS_SHA256_32_N; + + /* Set data for PRF hash. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, XMSS_SHA256_32_PAD_LEN); + XMEMCPY(seed, pk_seed, params->n); + XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN); + + /* Only do this once for all chain hash calls. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf, params->pad_len); + + /* Set address. */ + XMSS_ADDR_SET_BYTE(addr_buf, XMSS_ADDR_HASH, start); + wc_xmss_chain_hash_sha256_32(state, data, hash); + /* Iterate 'steps' calls to the hash function. */ + for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) { + addr_buf[XMSS_ADDR_HASH * 4 + 3] = i; + wc_xmss_chain_hash_sha256_32(state, hash, hash); + } +#endif /* !WC_XMSS_FULL_HASH */ + } + else if (hash != data) { + XMEMCPY(hash, data, XMSS_SHA256_32_N); + } +} +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + +/* Chain hashing to calculate node hash. + * + * RFC 8391: 3.1.2, Algorithm 2 - recursive. + * This function is an iterative version. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] data Initial data to hash. + * @param [in] start Starting hash value in hash address. + * @param [in] steps Size of step. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address as a byte array. + * @param [out] hash Chained hash. + */ +static void wc_xmss_chain(XmssState* state, const byte* data, + unsigned int start, unsigned int steps, const byte* pk_seed, byte* addr, + byte* hash) +{ + const XmssParams* params = state->params; + + if (steps > 0) { + word32 i; + byte* pad = state->prf_buf; + byte* seed = pad + params->pad_len; + byte* addr_buf = seed + params->n; + + /* Set data for PRF hash. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, params->pad_len); + XMEMCPY(seed, pk_seed, params->n); + XMEMCPY(addr_buf, addr, 32); + + /* Only do this once for all chain hash calls. */ + XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf, params->pad_len); + + /* Set address. */ + XMSS_ADDR_SET_BYTE(addr_buf, XMSS_ADDR_HASH, start); + wc_xmss_chain_hash(state, data, hash); + /* Iterate 'steps' calls to the hash function. */ + for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) { + addr_buf[XMSS_ADDR_HASH * 4 + 3] = i; + wc_xmss_chain_hash(state, hash, hash); + } + } + else if (hash != data) { + XMEMCPY(hash, data, params->n); + } +} + +/* Convert base on message and add checksum. + * + * RFC 8391:, 2.6, Algorithm 1: base_w + * int in = 0; + * int out = 0; + * unsigned int total = 0; + * int bits = 0; + * int consumed; + * + * for ( consumed = 0; consumed < out_len; consumed++ ) { + * if ( bits == 0 ) { + * total = X[in]; + * in++; + * bits += 8; + * } + * bits -= lg(w); + * basew[out] = (total >> bits) AND (w - 1); + * out++; + * } + * return basew; + * + * base_w implemented for w == 16 (lg(w) == 4). + * + * RFC 8391: 3.1.5, Algorithm 5: + * ... + * csum = 0; + * + * # Convert message to base w + * msg = base_w(M, w, len_1); + * # Compute checksum + * for ( i = 0; i < len_1; i++ ) { + * csum = csum + w - 1 - msg[i]; + * } + * + * # Convert csum to base w + * csum = csum << ( 8 - ( ( len_2 * lg(w) ) % 8 )); + * len_2_bytes = ceil( ( len_2 * lg(w) ) / 8 ); + * msg = msg || base_w(toByte(csum, len_2_bytes), w, len_2); + * + * len_1 == 8 * n / 4 = n * 2 + * Implemented for len_2 == 3 + * + * @param [in] m Message data. + * @param [in] n Number of bytes in hash. + * @param [out] msg Message in new base. + */ +static void wc_xmss_msg_convert(const byte* m, word8 n, word8* msg) +{ + word8 i; + word16 csum = 0; + + /* Split each full byte of m into two bytes of msg. */ + for (i = 0; i < n; i++) { + msg[0] = m[i] >> 4; + msg[1] = m[i] & 0xf; + csum += XMSS_WOTS_W - 1 - msg[0]; + csum += XMSS_WOTS_W - 1 - msg[1]; + msg += 2; + } + + /* Append checksum to message. (Maximum value: 1920 = 64 * 2 * 15) */ + msg[0] = (csum >> 8) ; + msg[1] = (csum >> 4) & 0x0f; + msg[2] = (csum ) & 0x0f; +} + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + +/* WOTS+ generate public key with private seed. + * + * RFC 8391: 4.1.6, Algorithm 9: + * ... + * pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS); + * RFC 8391, 3.1.4, Algorithm 4: WOTS_genPK + * ... + * for ( i = 0; i < len; i++ ) { + * ADRS.setChainAddress(i); + * pk[i] = chain(sk[i], 0, w - 1, SEED, ADRS); + * } + * return pk; + * + * WOTS_genPK only used in Algorithm 9 and it is convenient to combine with + * getWOTS_SK due to parameter specific implementations. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk Random private seed. + * @param [in] seed Random public seed. + * @param [in] addr Hashing address. + * @param [out] pk Public key. + */ +static void wc_xmss_wots_gen_pk(XmssState* state, const byte* sk, + const byte* seed, HashAddress addr, byte* pk) +{ + const XmssParams* params = state->params; + byte* addr_buf = state->encMsg; + word32 i; + + /* Ensure chain address is 0 and encode into a buffer. */ + addr[XMSS_ADDR_CHAIN] = 0; + wc_xmss_addr_encode(addr, addr_buf); + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + /* Expand the private seed - getWOTS_SK */ + wc_xmss_wots_get_wots_sk_sha256_32(state, sk, seed, addr_buf, + pk); + + /* Calculate chain hash. */ + wc_xmss_chain_sha256_32(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf, + pk); + for (i = 1; i < params->wots_len; i++) { + pk += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain_sha256_32(state, pk, 0, XMSS_WOTS_W - 1, seed, + addr_buf, pk); + } + } + else +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + { + /* Expand the private seed - getWOTS_SK */ + wc_xmss_wots_get_wots_sk(state, sk, seed, addr_buf, pk); + + /* Calculate chain hash. */ + wc_xmss_chain(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf, pk); + for (i = 1; i < params->wots_len; i++) { + pk += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf, pk); + } + } +} +/* Generate a signature from a privatge key and message. + * + * RFC 8391: 4.1.9, Algorithm 11: treeSig + * sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig), + * M', getSEED(SK), ADRS); + * RFC 8391: 3.1.5, Algorithm 5: WOTS_sign + * (Convert message to base w and append checksum in base w) + * ... + * for ( i = 0; i < len; i++ ) { + * ADRS.setChainAddress(i); + * sig[i] = chain(sk[i], 0, msg[i], SEED, ADRS); + * } + * return sig; + * + * WOTS_sign only used in Algorithm 11 and convenient to do getWOTS_SK due to + * hash address reuse and parameter specific implementations. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] m Message hash to sign. + * @param [in] sk Random private seed. + * @param [in] seed Random public seed. + * @param [in] addr Hashing address. + * @param [out] sig Calculated XMSS/MT signature. + */ +static void wc_xmss_wots_sign(XmssState* state, const byte* m, + const byte* sk, const byte* seed, HashAddress addr, byte* sig) +{ + const XmssParams* params = state->params; + byte* addr_buf = state->pk; + word32 i; + + /* Convert message to base w and append checksum in base w. */ + wc_xmss_msg_convert(m, params->n, state->encMsg); + + /* Set initial chain value and encode hash address. */ + addr[XMSS_ADDR_CHAIN] = 0; + wc_xmss_addr_encode(addr, addr_buf); + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + /* Expand the private seed - getWOTS_SK */ + wc_xmss_wots_get_wots_sk_sha256_32(state, sk, seed, addr_buf, sig); + + /* Calculate chain hash. */ + wc_xmss_chain_sha256_32(state, sig, 0, state->encMsg[0], seed, addr_buf, + sig); + for (i = 1; i < params->wots_len; i++) { + sig += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain_sha256_32(state, sig, 0, state->encMsg[i], seed, + addr_buf, sig); + } + } + else +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + { + /* Expand the private seed - getWOTS_SK */ + wc_xmss_wots_get_wots_sk(state, sk, seed, addr_buf, sig); + + /* Calculate chain hash. */ + wc_xmss_chain(state, sig, 0, state->encMsg[0], seed, addr_buf, sig); + for (i = 1; i < params->wots_len; i++) { + sig += params->n; + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain(state, sig, 0, state->encMsg[i], seed, addr_buf, sig); + } + } +} + +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + +/* Compute WOTS+ public key value from signature and message. + * + * RFC 8319: 3.1.6 + * Algorithm 6: WOTS_pkFromSig + * (Convert message to base w and append checksum in base w) + * ... + * for ( i = 0; i < len; i++ ) { + * ADRS.setChainAddress(i); + * tmp_pk[i] = chain(sig[i], msg[i], w - 1 - msg[i], SEED, ADRS); + * } + * return tmp_pk; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sig XMSS/MT Signature. + * @param [in] m Message to verify. + * @param [in] seed Random public seed. + * @param [in] addr Hashing address. + * @param [out] pk Public key. + */ +static void wc_xmss_wots_pk_from_sig(XmssState* state, const byte* sig, + const byte* m, const byte* seed, HashAddress addr, byte* pk) +{ + const XmssParams* params = state->params; + byte* addr_buf = state->stack; + word32 i; + + /* Convert message to base w and append checksum in base w. */ + wc_xmss_msg_convert(m, params->n, state->encMsg); + + /* Start with address with chain value of 0. */ + addr[XMSS_ADDR_CHAIN] = 0; + wc_xmss_addr_encode(addr, addr_buf); + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + /* Calculate chain hash. */ + wc_xmss_chain_sha256_32(state, sig, state->encMsg[0], + XMSS_WOTS_W - 1 - state->encMsg[0], seed, addr_buf, pk); + for (i = 1; i < params->wots_len; i++) { + sig += params->n; + pk += params->n; + /* Update chain. */ + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain_sha256_32(state, sig, state->encMsg[i], + XMSS_WOTS_W - 1 - state->encMsg[i], seed, addr_buf, pk); + } + } + else +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */ + { + /* Calculate chain hash. */ + wc_xmss_chain(state, sig, state->encMsg[0], + XMSS_WOTS_W - 1 - state->encMsg[0], seed, addr_buf, pk); + for (i = 1; i < params->wots_len; i++) { + sig += params->n; + pk += params->n; + /* Update chain. */ + addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i; + wc_xmss_chain(state, sig, state->encMsg[i], + XMSS_WOTS_W - 1 - state->encMsg[i], seed, addr_buf, pk); + } + } +} + +/******************************************** + * L-TREE - unbalanced binary hash tree + ********************************************/ + +/* Compute leaves of L-tree from WOTS+ public key and compress to single value. + * + * RFC 8391: 4.1.5, Algorithm 8: ltree + * unsigned int len' = len; + * ADRS.setTreeHeight(0); + * while ( len' > 1 ) { + * for ( i = 0; i < floor(len' / 2); i++ ) { + * ADRS.setTreeIndex(i); + * pk[i] = RAND_HASH(pk[2i], pk[2i + 1], SEED, ADRS); + * } + * if ( len' % 2 == 1 ) { + * pk[floor(len' / 2)] = pk[len' - 1]; + * } + * len' = ceil(len' / 2); + * ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + * } + * return pk[0]; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] pk WOTS+ public key. + * @param [in] seed Random public seed. + * @param [in] addr Hashing address. + * @param [out] pk0 N-byte compressed public key value pk[0]. + */ +static void wc_xmss_ltree(XmssState* state, byte* pk, const byte* seed, + HashAddress addr, byte* pk0) +{ + const XmssParams* params = state->params; + word8 len = params->wots_len; + word32 h = 0; + +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \ + !defined(WC_XMSS_FULL_HASH) + /* Precompute hash state after first 64 bytes (common to all hashes). */ + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + byte* prf_buf = state->prf_buf; + int ret; + + XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, prf_buf, XMSS_SHA256_32_PAD_LEN); + XMEMCPY(prf_buf + XMSS_SHA256_32_PAD_LEN, seed, XMSS_SHA256_32_N); + + ret = wc_Sha256Update(&state->digest.sha256, prf_buf, + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N); + if (ret == 0) { + /* Copy state after first 64 bytes. */ + XMSS_SHA256_STATE_CACHE(state); + } + else if (state->ret == 0) { + /* Store any digest failures for public APIs to return. */ + state->ret = ret; + } + } +#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 && !WC_XMSS_FULL_HASH */ + while (len > 1) { + word8 i; + word8 len2 = len >> 1; + + addr[XMSS_ADDR_TREE_HEIGHT] = h++; + + for (i = 0; i < len2; i++) { + addr[XMSS_ADDR_TREE_INDEX] = i; + #if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \ + !defined(WC_XMSS_FULL_HASH) + if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) && + (params->n == XMSS_SHA256_32_N) && + (params->hash == WC_HASH_TYPE_SHA256)) { + wc_xmss_rand_hash_sha256_32_prehash(state, + pk + i * 2 * XMSS_SHA256_32_N, addr, + pk + i * XMSS_SHA256_32_N); + } + else + #endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 && + * !WC_XMSS_FULL_HASH */ + { + wc_xmss_rand_hash(state, pk + i * 2 * params->n, + seed, addr, pk + i * params->n); + } + } + if (len & 1) { + XMEMCPY(pk + len2 * params->n, pk + (len - 1) * params->n, + params->n); + } + len = len2 + (len & 1); + } + /* Return compressed public key value pk[0]. */ + XMEMCPY(pk0, pk, params->n); +} + +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + +#ifdef WOLFSSL_WC_XMSS_SMALL + +/******************************************** + * TREE HASH + ********************************************/ + +#ifndef WOLFSSL_SMALL_STACK +/* Compute internal nodes of Merkle tree. + * + * Implementation always starts at index 0. (s = 0) + * + * Build authentication path, if required, rather than duplicating work. + * When node is generated, copy out to authentication path array of nodes. + * + * RFC 8391: 4.1.6, Algorithm 9: treeHash + * if( s % (1 << t) != 0 ) return -1; + * for ( i = 0; i < 2^t; i++ ) { + * SEED = getSEED(SK); + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(s + i); + * pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS); + * ADRS.setType(1); # Type = L-tree address + * ADRS.setLTreeAddress(s + i); + * node = ltree(pk, SEED, ADRS); + * ADRS.setType(2); # Type = hash tree address + * ADRS.setTreeHeight(0); + * ADRS.setTreeIndex(i + s); + * while ( Top node on Stack has same height t' as node ) { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node = RAND_HASH(Stack.pop(), node, SEED, ADRS); + * ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + * } + * Stack.push(node); + * } + * return Stack.pop(); + * RFC 8391: 4.1.9, (Example) buildAuth + * for ( j = 0; j < h; j++ ) { + * k = floor(i / (2^j)) XOR 1; + * auth[j] = treeHash(SK, k * 2^j, j, ADRS); + * } + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk_seed Random private seed. + * @param [in] pk_seed Random public seed. + * @param [in] leafIdx Index of lead node. + * @param [in] subtree_addr Address of subtree. + * @param [out] root Root node of the tree. + * @param [out] auth_path Nodes of the authentication path. + */ +static void wc_xmss_treehash(XmssState* state, const byte* sk_seed, + const byte* pk_seed, word32 leafIdx, const word32* subtree, byte* root, + byte* auth_path) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + byte* node = state->stack; + HashAddress ots; + HashAddress ltree; + HashAddress tree; + word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1]; + word8 offset = 0; + word32 max = (word32)1 << params->sub_h; + word32 i; + + /* Copy hash address into one for each purpose. */ + XMSS_ADDR_OTS_SET_SUBTREE(ots, subtree); + XMSS_ADDR_LTREE_SET_SUBTREE(ltree, subtree); + XMSS_ADDR_TREE_SET_SUBTREE(tree, subtree); + + for (i = 0; i < max; i++) { + word8 h; + + /* Calculate WOTS+ public key. */ + ots[XMSS_ADDR_OTS] = i; + wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, ots, state->pk); + /* Calculate public value. */ + ltree[XMSS_ADDR_LTREE] = i; + wc_xmss_ltree(state, state->pk, pk_seed, ltree, node); + + /* Initial height at this offset is 0. */ + h = height[offset] = 0; + /* Copy node, at height 0, out if on authentication path. */ + if ((auth_path != NULL) && ((leafIdx ^ 0x1) == i)) { + XMEMCPY(auth_path, node, n); + } + + /* Top node on Stack has same height t' as node. */ + while ((offset >= 1) && (h == height[offset - 1])) { + word32 tree_idx = i >> (h + 1); + + node -= n; + /* Calculate hash of node. */ + tree[XMSS_ADDR_TREE_HEIGHT] = h; + tree[XMSS_ADDR_TREE_INDEX] = tree_idx; + wc_xmss_rand_hash(state, node, pk_seed, tree, node); + + /* Update offset and height. */ + offset--; + h = ++height[offset]; + + /* Copy node out if on authentication path. */ + if ((auth_path != NULL) && (((leafIdx >> h) ^ 0x1) == tree_idx)) { + XMEMCPY(auth_path + h * n, node, n); + } + } + offset++; + node += n; + } + + /* Copy the root node. */ + XMEMCPY(root, state->stack, n); +} +#else +/* Compute internal nodes of Merkle tree. + * + * Implementation always starts at index 0. (s = 0) + * + * Build authentication path, if required, rather than duplicating work. + * When node is generated, copy out to authentication path array of nodes. + * + * RFC 8391: 4.1.6, Algorithm 9: treeHash + * if( s % (1 << t) != 0 ) return -1; + * for ( i = 0; i < 2^t; i++ ) { + * SEED = getSEED(SK); + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(s + i); + * pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS); + * ADRS.setType(1); # Type = L-tree address + * ADRS.setLTreeAddress(s + i); + * node = ltree(pk, SEED, ADRS); + * ADRS.setType(2); # Type = hash tree address + * ADRS.setTreeHeight(0); + * ADRS.setTreeIndex(i + s); + * while ( Top node on Stack has same height t' as node ) { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node = RAND_HASH(Stack.pop(), node, SEED, ADRS); + * ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + * } + * Stack.push(node); + * } + * return Stack.pop(); + * RFC 8391: 4.1.9, (Example) buildAuth + * for ( j = 0; j < h; j++ ) { + * k = floor(i / (2^j)) XOR 1; + * auth[j] = treeHash(SK, k * 2^j, j, ADRS); + * } + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk_seed Random private seed. + * @param [in] pk_seed Random public seed. + * @param [in] leafIdx Index of lead node. + * @param [in] subtree_addr Address of subtree. + * @param [out] root Root node of the tree. + * @param [out] auth_path Nodes of the authentication path. + */ +static void wc_xmss_treehash(XmssState* state, const byte* sk_seed, + const byte* pk_seed, word32 leafIdx, const word32* subtree, byte* root, + byte* auth_path) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + byte* node = state->stack; + HashAddress addr; + word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1]; + word8 offset = 0; + word32 max = (word32)1 << params->sub_h; + word32 i; + + XMSS_ADDR_SET_SUBTREE(addr, subtree, 0); + + for (i = 0; i < max; i++) { + word8 h; + + /* Calculate WOTS+ public key. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + addr[XMSS_ADDR_LTREE] = i; + wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk); + /* Calculate public value. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE; + wc_xmss_ltree(state, state->pk, pk_seed, addr, node); + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE; + addr[XMSS_ADDR_TREE_ZERO] = 0; + + /* Initial height at this offset is 0. */ + h = height[offset] = 0; + /* Copy node out if on authentication path. */ + if ((auth_path != NULL) && ((leafIdx ^ 0x1) == i)) { + XMEMCPY(auth_path, node, n); + } + + /* Top node on Stack has same height t' as node. */ + while ((offset >= 1) && (h == height[offset - 1])) { + word32 tree_idx = i >> (h + 1); + + node -= n; + /* Calculate hash of node. */ + addr[XMSS_ADDR_TREE_HEIGHT] = h; + addr[XMSS_ADDR_TREE_INDEX] = tree_idx; + wc_xmss_rand_hash(state, node, pk_seed, addr, node); + + /* Update offset and height. */ + offset--; + h = ++height[offset]; + + /* Copy node out if on authentication path. */ + if ((auth_path != NULL) && (((leafIdx >> h) ^ 0x1) == tree_idx)) { + XMEMCPY(auth_path + h * n, node, n); + } + } + offset++; + node += n; + /* Reset hash address ready for use as OTS and LTREE. */ + addr[XMSS_ADDR_TREE_HEIGHT] = 0; + addr[XMSS_ADDR_TREE_INDEX] = 0; + } + + /* Copy the root node. */ + XMEMCPY(root, state->stack, n); +} +#endif /* !WOLFSSL_SMALL_STACK */ + +/******************************************** + * MAKE KEY + ********************************************/ + +/* Derives XMSSMT (and XMSS) key pair from seeds. + * + * RFC 8391: 4.1.7, Algorithm 10: XMSS_keyGen. + * ... + * initialize SK_PRF with a uniformly random n-byte string; + * setSK_PRF(SK, SK_PRF); + * + * # Initialization for common contents + * initialize SEED with a uniformly random n-byte string; + * setSEED(SK, SEED); + * setWOTS_SK(SK, wots_sk)); + * ADRS = toByte(0, 32); + * root = treeHash(SK, 0, h, ADRS); + * + * SK = idx || wots_sk || SK_PRF || root || SEED; + * PK = OID || root || SEED; + * return (SK || PK); + * + * wots_sk, SK_PRF and SEED passed in as seed. + * Store seed for wots_sk instead of generated wots_sk. + * OID not stored in PK this is handled in upper layer. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] seed Random seeds. + * @param [out] sk Secret/Private key. + * @param [out] pk Public key. + * @return 0 on success. + * @return <0 on digest failure. + */ +int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, + unsigned char* sk, unsigned char* pk) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + const byte* seed_priv = seed; + const byte* seed_pub = seed + 2 * n; + /* Offsets into secret/private key. */ + byte* sk_idx = sk; + byte* sk_seed = sk_idx + params->idx_len; + byte* sk_pub = sk_seed + 2 * n; + /* Offsets into public key. */ + byte* pk_root = pk; + byte* pk_seed = pk_root + n; + + /* Set first index to 0 in private key. */ + XMEMSET(sk_idx, 0, params->idx_len); + /* Set private key seed and private key for PRF in to private key. */ + XMEMCPY(sk_seed, seed_priv, 2 * n); + /* Set public key seed into public key. */ + XMEMCPY(pk_seed, seed_pub, n); + + /* Set all address values to zero. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + /* Set depth into address. */ + state->addr[XMSS_ADDR_LAYER] = params->d - 1; + /* Compute root node into public key. */ + wc_xmss_treehash(state, sk_seed, pk_seed, 0, state->addr, pk_root, NULL); + + /* Append public key (root node and public seed) to private key. */ + XMEMCPY(sk_pub, pk_root, 2 * n); + + /* Return any errors that occurred during hashing. */ + return state->ret; +} + +/******************************************** + * SIGN + ********************************************/ + +/** + * Sign message using XMSS/XMSS^MT. + * + * RFC 8391: 4.1.9, Algorithm 11: treeSig + * auth = buildAuth(SK, idx_sig, ADRS); + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(idx_sig); + * sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig), + * M', getSEED(SK), ADRS); + * Sig = sig_ots || auth; + * return Sig; + * RFC 8391: 4.2.4, Algorithm 16: XMSSMT_sign + * # Init + * ADRS = toByte(0, 32); + * SEED = getSEED(SK_MT); + * SK_PRF = getSK_PRF(SK_MT); + * idx_sig = getIdx(SK_MT); + * + * # Update SK_MT + * setIdx(SK_MT, idx_sig + 1); + * + * # Message compression + * byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); + * byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M); + * + * # Sign + * Sig_MT = idx_sig; + * unsigned int idx_tree + * = (h - h / d) most significant bits of idx_sig; + * unsigned int idx_leaf = (h / d) least significant bits of idx_sig; + * SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, 0) || SK_PRF + * || toByte(0, n) || SEED; + * ADRS.setLayerAddress(0); + * ADRS.setTreeAddress(idx_tree); + * Sig_tmp = treeSig(M', SK, idx_leaf, ADRS); + * Sig_MT = Sig_MT || r || Sig_tmp; + * for ( j = 1; j < d; j++ ) { + * root = treeHash(SK, 0, h / d, ADRS); + * idx_leaf = (h / d) least significant bits of idx_tree; + * idx_tree = (h - j * (h / d)) most significant bits of idx_tree; + * SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, j) || SK_PRF + * || toByte(0, n) || SEED; + * ADRS.setLayerAddress(j); + * ADRS.setTreeAddress(idx_tree); + * Sig_tmp = treeSig(root, SK, idx_leaf, ADRS); + * Sig_MT = Sig_MT || Sig_tmp; + * } + * return SK_MT || Sig_MT + * + * buildAuth from treeSig done inside treeHash as this is more efficient. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] m Buffer holding message. + * @param [in] mlen Length of message in buffer. + * @param [in, out] sk Secret/Private key. + * @param [out] sig Signature. + * @return 0 on success. + * @return <0 on digest failure. + */ +int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, + unsigned char* sk, unsigned char* sig) +{ + int ret = 0; + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 hs = params->sub_h; + const word16 hsn = (word16)hs * n; + const byte* sk_seed = sk + params->idx_len; + const byte* pk_seed = sk + params->idx_len + 3 * n; + wc_Idx idx; + byte* sig_r = sig + params->idx_len; + byte root[WC_XMSS_MAX_N]; + unsigned int i; + + WC_IDX_ZERO(idx); + /* Set all address values to zero and set type to OTS. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + + /* Copy the index into the signature data: Sig_MT = idx_sig. */ + XMEMCPY(sig, sk, params->idx_len); + + /* Read index from the secret key. */ + WC_IDX_DECODE(idx, params->idx_len, sk, ret); + /* Validate index in secret key. */ + if ((ret == 0) && (WC_IDX_INVALID(idx, params->idx_len, params->h))) { + /* Set index to maximum value to distinguish from valid value. */ + XMEMSET(sk, 0xFF, params->idx_len); + /* Zeroize the secret key. */ + ForceZero(sk + params->idx_len, params->sk_len - params->idx_len); + ret = KEY_EXHAUSTED_E; + } + + /* Update SK_MT */ + if (ret == 0) { + /* Increment the index in the secret key. */ + wc_idx_update(sk, params->idx_len); + } + + /* Message compression */ + if (ret == 0) { + const byte* sk_prf = sk + params->idx_len + n; + + /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */ + wc_idx_copy(sig, params->idx_len, state->buf, XMSS_PRF_M_LEN); + wc_xmss_prf(state, sk_prf, state->buf, sig_r); + ret = state->ret; + } + if (ret == 0) { + const byte* pub_root = sk + params->idx_len + 2 * n; + /* byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M); + */ + wc_xmss_hash_message(state, sig_r, pub_root, sig, params->idx_len, m, + mlen, root); + ret = state->ret; + /* Place WOTS+ signatures after index and 'r'. */ + sig += params->idx_len + n; + } + + /* Sign. */ + for (i = 0; (ret == 0) && (i < params->d); i++) { + word32 idx_leaf = 0; + + /* Set layer, tree and OTS leaf index into hash address. */ + state->addr[XMSS_ADDR_LAYER] = i; + WC_IDX_SET_ADDR_TREE(idx, params->idx_len, hs, state->addr, idx_leaf); + /* treeSig || treeHash = sig_ots || auth */ + state->addr[XMSS_ADDR_OTS] = idx_leaf; + /* Create WOTS+ signature for tree into signature (sig_ots). */ + wc_xmss_wots_sign(state, root, sk_seed, pk_seed, state->addr, sig); + ret = state->ret; + if (ret == 0) { + sig += params->wots_sig_len; + /* Add authentication path (auth) and calc new root. */ + wc_xmss_treehash(state, sk_seed, pk_seed, idx_leaf, state->addr, + root, sig); + ret = state->ret; + sig += hsn; + } + } + + return ret; +} + +#else + +/******************************************** + * Fast C implementation + ********************************************/ + +/* Tree hash data - needs to be unpacked from binary. */ +typedef struct TreeHash { + /* Next index to update in tree - max 20 bits. */ + word32 nextIdx; + /* Number of stack entries used by tree - 0... */ + word8 used; + /* Tree is finished. */ + word8 completed; +} TreeHash; + +/* BDS state. */ +typedef struct BdsState { + /* Stack of nodes - subtree height + 1 nodes. */ + byte* stack; + /* Height of stack node - subtree height + 1 of 0... */ + byte* height; + /* Authentication path for next index - subtree height nodes. */ + byte* authPath; + /* Hashes of nodes kept - subtree height / 2 nodes. */ + byte* keep; + /* Tree hash instances - subtree height minus K instances. */ + byte* treeHash; + /* Hashes of nodes for tree hash - one for each tree hash instance. */ + byte* treeHashNode; + /* Hashes of nodes to retain - based on K parameter. */ + byte* retain; + /* Next leaf to calculate - max 20 bits. */ + word32 next; + /* Current offset into stack - 0... */ + word8 offset; +} BdsState; + +/* Index to BDS state accounting for swapping. + * + * @param [in] idx Index of node. + * @param [in] i Depth of tree. + * @param [in] hs Height of subtree. + * @param [in] d Depth/number of trees. + * @return Index of working BDS state. + */ +#define BDS_IDX(idx, i, hs, d) \ + (((((idx) >> ((hs) * ((i) + 1))) & 1) == 0) ? (i) : ((d) + (i))) +/* Index to alternate BDS state accounting for swapping. + * + * @param [in] idx Index of node. + * @param [in] i Depth of tree. + * @param [in] hs Height of subtree. + * @param [in] d Depth/number of trees. + * @return Index of alternate BDS state. + */ +#define BDS_ALT_IDX(idx, i, hs, d) \ + (((((idx) >> ((hs) * ((i) + 1))) & 1) == 0) ? ((d) + (i)) : (i)) + +/******************************************** + * Tree Hash APIs + ********************************************/ + +/* Initialize the tree hash data at specified index for the BDS state. + * + * @param [in, out] bds BDS state. + * @param [in] i Index of tree hash. + */ +static void wc_xmss_bds_state_treehash_init(BdsState* bds, int i) +{ + byte* sk = bds->treeHash + i * 4; + c32to24(0, sk); + sk[3] = 0 | (1 << 7); +} + +/* Set next index into tree hash data at specified index for the BDS state. + * + * @param [in, out] bds BDS state. + * @param [in] i Index of tree hash. + * @param [in] nextIdx Next index for tree hash. + */ +static void wc_xmss_bds_state_treehash_set_next_idx(BdsState* bds, int i, + word32 nextIdx) +{ + byte* sk = bds->treeHash + i * 4; + c32to24(nextIdx, sk); + sk[3] = 0 | (0 << 7); +} + +/* Mark tree hash, at specified index for the BDS state, as complete. + * + * @param [in, out] bds BDS state. + * @param [in] i Index of tree hash. + */ +static void wc_xmss_bds_state_treehash_complete(BdsState* bds, int i) +{ + byte* sk = bds->treeHash + i * 4; + sk[3] |= 1 << 7; +} + +/* Get the tree hash data at specified index for the BDS state. + * + * @param [in] bds BDS state. + * @param [in] i Index of tree hash. + * @param [out] treeHash Tree hash instance to fill out. + */ +static void wc_xmss_bds_state_treehash_get(BdsState* bds, int i, + TreeHash* treeHash) +{ + byte* sk = bds->treeHash + i * 4; + ato24(sk, &treeHash->nextIdx); + treeHash->used = sk[3] & 0x7f; + treeHash->completed = sk[3] >> 7; +} + +/* Set the tree hash data at specified index for the BDS state. + * + * @param [in, out] bds BDS state. + * @param [in] i Index of tree hash. + * @param [in] treeHash Tree hash data. + */ +static void wc_xmss_bds_state_treehash_set(BdsState* bds, int i, + TreeHash* treeHash) +{ + byte* sk = bds->treeHash + i * 4; + c32to24(treeHash->nextIdx, sk); + sk[3] = treeHash->used | (treeHash->completed << 7); +} + +/******************************************** + * BDS State APIs + ********************************************/ + +/* Allocate memory for BDS state. + * + * When using a static BDS state (XMSS) then pass in handle to data for bds. + * + * @param [in] params XMSS/MT parameters. + * @param [in, out] bds Handle to BDS state. May be NULL if not allocated. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int wc_xmss_bds_state_alloc(const XmssParams* params, BdsState** bds) +{ + const word8 cnt = 2 * params->d - 1; + int ret = 0; + + if (*bds == NULL) { + /* Allocate memory for BDS states. */ + *bds = (BdsState*)XMALLOC(sizeof(BdsState) * cnt, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (*bds == NULL) { + ret = MEMORY_E; + } + } + + return ret; +} + +/* Dispose of allocated memory associated with BDS state. + * + * @param [in] bds BDS state. + */ +static void wc_xmss_bds_state_free(BdsState* bds) +{ + /* BDS states was allocated - must free. */ + XFREE(bds, NULL, DYNAMIC_TYPE_TMP_BUFFER); +} + +/* Load the BDS state from the secret/private key. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] sk Secret/private key. + * @param [out] bds BDS states. + * @param [out] wots_sigs WOTS signatures when XMSS^MT. + */ +static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, + BdsState* bds, byte** wots_sigs) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + const word8 k = params->bds_k; + const word32 retainLen = XMSS_RETAIN_LEN(k, n); + int i; + + /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */ + sk += params->idx_len + 4 * n; + + for (i = 0; i < 2 * (int)params->d - 1; i++) { + /* Set pointers into SK. */ + bds[i].stack = sk; + sk += (hs + 1) * n; + bds[i].height = sk; + sk += hs + 1; + bds[i].authPath = sk; + sk += hs * n; + bds[i].keep = sk; + sk += (hs >> 1) * n; + bds[i].treeHash = sk; + sk += hsk * 4; + bds[i].treeHashNode = sk; + sk += hsk * n; + bds[i].retain = sk; + sk += retainLen; + /* Load values - big-endian encoded. */ + ato24(sk, &bds[i].next); + sk += 3; + bds[i].offset = sk[0]; + sk += 1; + } + + if (wots_sigs != NULL) { + *wots_sigs = sk; + } +} + +/* Store the BDS state into the secret/private key. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] sk Secret/private key. + * @param [in] bds BDS states. + */ +static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, + BdsState* bds) +{ + int i; + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + const word8 k = params->bds_k; + const word32 skip = (hs + 1) * n + /* BdsState.stack */ + hs + 1 + /* BdsState.height */ + hs * n + /* BdsState.authPath */ + (hs >> 1) * n + /* BdsState.keep */ + hsk * 4 + /* BdsState.treeHash */ + hsk * n + /* BdsState.treeHashNode */ + XMSS_RETAIN_LEN(k, n); /* BdsState.retain */ + + /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */ + sk += params->idx_len + 4 * n; + + for (i = 0; i < 2 * (int)params->d - 1; i++) { + /* Skip pointers into sk. */ + sk += skip; + /* Save values - big-endian encoded. */ + c32to24(bds[i].next, sk); + sk += 3; + sk[0] = bds[i].offset; + sk += 1; + } +} + +/******************************************** + * BDS + ********************************************/ + +/* Compute node at next index. + * + * RFC 8391: 4.1.6, Algorithm 9: treeHash + * ... + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(s + i); + * pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS); + * ADRS.setType(1); # Type = L-tree address + * ADRS.setLTreeAddress(s + i); + * node = ltree(pk, SEED, ADRS); + * ADRS.setType(2); # Type = hash tree address + * ADRS.setTreeHeight(0); + * ADRS.setTreeIndex(i + s); + * while ( Top node on Stack has same height t' as node ) { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node = RAND_HASH(Stack.pop(), node, SEED, ADRS); + * ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + * } + * Stack.push(node); + * ... + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] bds BDS state. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] root Root node. + */ +static void wc_xmss_bds_next_idx(XmssState* state, BdsState* bds, + const byte* sk_seed, const byte* pk_seed, HashAddress addr, int i, + word8* height, word8* offset, word8** sp) +{ + const XmssParams* params = state->params; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + const word8 n = params->n; + word8 o = *offset; + word8* node = *sp; + word8 h; + + /* Calculate WOTS+ public key. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + addr[XMSS_ADDR_OTS] = i; + wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk); + /* Calculate public value. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE; + wc_xmss_ltree(state, state->pk, pk_seed, addr, node); + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE; + addr[XMSS_ADDR_TREE_ZERO] = 0; + + /* Initial height at this offset is 0. */ + h = height[o] = 0; + /* HDSS, Section 4.5, 2: TREEHASH[h].push(v[h][3]) + * Copy right node to tree hash nodes if second right node. */ + if ((hsk > 0) && (i == 3)) { + XMEMCPY(bds->treeHashNode, node + n, n); + } + + /* Top node on Stack has same height t' as node. */ + while ((o >= 1) && (h == height[o - 1])) { + /* HDSS, Section 4.5, 1: AUTH[h] = v[h][1], h = 0,...,H-1. + * Cache left node if on authentication path. */ + if ((i >> h) == 1) { + XMEMCPY(bds->authPath + h * n, node, n); + } + /* This is a right node. */ + else if (h < hsk) { + /* HDSS, Section 4.5, 2: TREEHASH[h].push(v[h][3]) + * Copy right node to tree hash if second right node. */ + if ((i >> h) == 3) { + XMEMCPY(bds->treeHashNode + h * n, node, n); + } + } + else { + /* HDSS, Section 4.5, 3: RETAIN[h].push(v[j][2j+3] for + * h = H-K,...,H-2 and j = 2^(H-h-1)-2,...,0. + * Retain high right nodes. + */ + word32 ro = (1 << (hs - 1 - h)) + h - hs + (((i >> h) - 3) >> 1); + XMEMCPY(bds->retain + ro * n, node, n); + } + + node -= n; + /* Calculate hash of node. */ + addr[XMSS_ADDR_TREE_HEIGHT] = h; + addr[XMSS_ADDR_TREE_INDEX] = i >> (h + 1); + wc_xmss_rand_hash(state, node, pk_seed, addr, node); + + /* Update offset and height. */ + o--; + h = ++height[o]; + } + + *offset = o; + *sp = node; +} + +/* Compute initial Merkle tree and store nodes. + * + * HDSS, Section 4.5, The algorithm, Initialization. + * 1. We store the authentication path for the first leaf (s = 0): + * AUTH[h] = v[h][1], h = 0,...,H-1. + * 2. Depending on the parameter K, we store the next right authentication + * node for each height h = 0,...,H-K-1 in the treehash instances: + * TREEHASH[h].push(v[h][3]). + * 3. Finally we store the right authentication nodes clode to the root using + * the stacks RETAIN[h]: + * RETAIN[h].push(v[j][2j+3] for h = H-K,...,H-2 and j = 2^(H-h-1)-2,...,0. + * + * RFC 8391: 4.1.6, Algorithm 9: treeHash + * if( s % (1 << t) != 0 ) return -1; + * for ( i = 0; i < 2^t; i++ ) { + * SEED = getSEED(SK); + * [Compute node at next index] + * } + * return Stack.pop(); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] bds BDS state. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [out] root Root node. + */ +static void wc_xmss_bds_treehash_initial(XmssState* state, BdsState* bds, + const byte* sk_seed, const byte* pk_seed, const HashAddress addr, + byte* root) +{ + const XmssParams* params = state->params; + const word8 hsk = params->sub_h - params->bds_k; + const word8 n = params->n; + word8* node = state->stack; + HashAddress addrCopy; + word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1]; + word8 offset = 0; + word32 maxIdx = (word32)1 << params->sub_h; + word32 i; + + /* First signing index will be 0 - setup BDS state. */ + bds->offset = 0; + bds->next = 0; + /* Reset the hash tree status. */ + for (i = 0; i < hsk; i++) { + wc_xmss_bds_state_treehash_init(bds, i); + } + + /* Copy hash address into local. */ + XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr); + + /* Compute each node in tree. */ + for (i = 0; i < maxIdx; i++) { + wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, i, height, + &offset, &node); + offset++; + node += n; + /* Rest the hash address for reuse. */ + addrCopy[XMSS_ADDR_TREE_HEIGHT] = 0; + addrCopy[XMSS_ADDR_TREE_INDEX] = 0; + } + + /* Copy the root node. */ + XMEMCPY(root, state->stack, n); +} + +/* Update internal nodes of Merkle tree at next index. + * + * RFC 8391: 4.1.6, Algorithm 9: treeHash + * ... + * SEED = getSEED(SK); + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(s + i); + * pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS); + * ADRS.setType(1); # Type = L-tree address + * ADRS.setLTreeAddress(s + i); + * node = ltree(pk, SEED, ADRS); + * ADRS.setType(2); # Type = hash tree address + * ADRS.setTreeHeight(0); + * ADRS.setTreeIndex(i + s); + * while ( Top node on Stack has same height t' as node ) { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node = RAND_HASH(Stack.pop(), node, SEED, ADRS); + * ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + * } + * Stack.push(node); + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] height Height of nodes to update. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + */ +static void wc_xmss_bds_treehash_update(XmssState* state, BdsState* bds, + word8 height, const byte* sk_seed, const byte* pk_seed, + const HashAddress addr) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + HashAddress addrLocal; + TreeHash treeHash[1]; + byte* sp = bds->stack + bds->offset * n; + byte* node = state->stack + WC_XMSS_MAX_STACK_LEN - n; + word8 h; + + /* Get the tree hash data. */ + wc_xmss_bds_state_treehash_get(bds, height, treeHash); + /* Copy hash address into local as OTS type. */ + XMSS_ADDR_OTS_SET_SUBTREE(addrLocal, addr); + /* Calculate WOTS+ public key. */ + addrLocal[XMSS_ADDR_OTS] = treeHash->nextIdx; + wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addrLocal, state->pk); + /* Calculate public value. */ + addrLocal[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE; + wc_xmss_ltree(state, state->pk, pk_seed, addrLocal, node); + addrLocal[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE; + addrLocal[XMSS_ADDR_TREE_ZERO] = 0; + + /* Initial height is 0. */ + h = 0; + + /* Top node on Stack has same height t' as node. */ + while ((treeHash->used > 0) && (h == bds->height[bds->offset - 1])) { + sp -= n; + /* Copy from stack to before last calculated node. */ + node -= n; + XMEMCPY(node, sp, n); + + /* Calculate hash of node. */ + addrLocal[XMSS_ADDR_TREE_HEIGHT] = h; + addrLocal[XMSS_ADDR_TREE_INDEX] = treeHash->nextIdx >> (h + 1); + wc_xmss_rand_hash(state, node, pk_seed, addrLocal, node); + + /* Update used, offset and height. */ + treeHash->used--; + bds->offset--; + h++; + } + + /* Check whether we reached the height we wanted to update. */ + if (h == height) { + /* Cache node. */ + XMEMCPY(bds->treeHashNode + height * n, node, n); + treeHash->completed = 1; + } + else { + /* Push calculated node onto stack. */ + XMEMCPY(sp, node, n); + treeHash->used++; + /* Update BDS state. */ + bds->height[bds->offset] = h; + bds->offset++; + treeHash->nextIdx++; + } + + /* Set the tree hash data back. */ + wc_xmss_bds_state_treehash_set(bds, height, treeHash); +} + +/* Updates hash trees that need it most. + * + * Algorithm 4.6: Authentication path computation, Step 5. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] updates Current number of updates. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @return Number of available updates. + */ +static word8 wc_xmss_bds_treehash_updates(XmssState* state, BdsState* bds, + word8 updates, const byte* sk_seed, const byte* pk_seed, + const HashAddress addr) +{ + const XmssParams* params = state->params; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + + while (updates > 0) { + word8 minH = hs; + word8 h = hsk; + word8 i; + + /* Step 5.a. k <- min{ h: TREEHASH(h).height() = + min[j=0..H-K-1]{TREEHASH(j.height()} } */ + for (i = 0; i < hsk; i++) { + TreeHash treeHash[1]; + + wc_xmss_bds_state_treehash_get(bds, i, treeHash); + + if (treeHash->completed) { + /* Finished - ignore. */ + } + else if (treeHash->used == 0) { + /* None used, low height. */ + if (i < minH) { + h = i; + minH = i; + } + } + /* Find the height of lowest in cache. */ + else { + word8 j; + word8 lowH = hs; + byte* height = bds->height + bds->offset - treeHash->used; + + for (j = 0; j < treeHash->used; j++) { + lowH = min(height[j], lowH); + } + if (lowH < minH) { + /* New lowest height. */ + h = i; + minH = lowH; + } + } + } + /* If none lower, then stop. */ + if (h == hsk) { + break; + } + + /* Step 5.b. TREEHASH(k).update() */ + /* Update tree to the lowest height. */ + wc_xmss_bds_treehash_update(state, bds, h, sk_seed, pk_seed, addr); + updates--; + } + return updates; +} + +/* Update BDS at next leaf. + * + * Don't do anything if processed all leaves. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + */ +static void wc_xmss_bds_update(XmssState* state, BdsState* bds, + const byte* sk_seed, const byte* pk_seed, const HashAddress addr) +{ + if (bds->next < ((word32)1 << state->params->sub_h)) { + const XmssParams* params = state->params; + byte* sp = bds->stack + bds->offset * params->n; + HashAddress addrCopy; + + XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr); + wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, bds->next, + bds->height, &bds->offset, &sp); + bds->offset++; + bds->next++; + } +} + +/* Find index of lowest zero bit. + * + * Supports max up to 31. + * + * @param [in] n Number to evaluate. + * @param [in] max Max number of bits. + * @param [out] b Next bit above first zero bit. + * @return Index of lowest bit that is zero. + */ +static word8 wc_xmss_lowest_zero_bit_index(word32 n, word8 max, word8* b) +{ + word8 i; + + /* Check each bit from lowest for a zero bit. */ + for (i = 0; i < max; i++) { + if ((n & 1) == 0) { + break; + } + n >>= 1; + } + + /* Return next bit after 0 bit. */ + *b = (n >> 1) & 1; + return i; +} + +/* Returns auth path for node leafIdx and computes for next leaf node. + * + * HDSS, Algorithm 4.6: Authentication path computation, Steps 1-4. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] leafIdx Current leaf index. + * @param [in] sk_seed Random secret/private seed. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + */ +static void wc_xmss_bds_auth_path(XmssState* state, BdsState* bds, + const word32 leafIdx, const byte* sk_seed, const byte* pk_seed, + HashAddress addr) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + word8 tau; + byte* node = state->encMsg; + word8 parent; + + /* Step 1. Find the height of first left node in authentication path. */ + tau = wc_xmss_lowest_zero_bit_index(leafIdx, hs, &parent); + if (tau == 0) { + /* Step 2. Keep node if parent is a left node. + * if s/(2^tau+1) is even and tau < H-1 then KEEP[tau] <- AUTH[tau] + */ + if (parent == 0) { + XMEMCPY(bds->keep, bds->authPath, n); + } + + /* Step 3. if tau = 0 then AUTH[0] <- LEAFCALC(s) */ + /* Calculate WOTS+ public key. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + addr[XMSS_ADDR_OTS] = leafIdx; + wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk); + /* Calculate public value. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE; + wc_xmss_ltree(state, state->pk, pk_seed, addr, bds->authPath); + } + else { + byte* authPath; + byte* nodes; + word8 i; + + authPath = bds->authPath + tau * n; + /* Step 4.a. = AUTH[tau-1] || KEEP[tau-1] + * Only keeping half of nodes, so need to copy out before updating. + */ + XMEMCPY(node, authPath - n, n); + XMEMCPY(node + n, bds->keep + ((tau - 1) >> 1) * n, n); + + /* Step 2. Keep node if parent is a left node. + * if s/(2^tau+1) is even and tau < H-1 then KEEP[tau] <- AUTH[tau] + */ + if ((tau < hs - 1) && (parent == 0)) { + XMEMCPY(bds->keep + (tau >> 1) * n, authPath, n); + } + + /* Step 4.a. AUTH[tau] <- g() */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE; + addr[XMSS_ADDR_TREE_ZERO] = 0; + addr[XMSS_ADDR_TREE_HEIGHT] = tau - 1; + addr[XMSS_ADDR_TREE_INDEX] = leafIdx >> tau; + wc_xmss_rand_hash(state, node, pk_seed, addr, authPath); + + /* Step 4.b. */ + authPath = bds->authPath; + nodes = bds->treeHashNode; + /* for h = 0 to tau - 1 do */ + for (i = 0; i < tau; i++) { + /* if h < H - K then AUTH[h] <- TREEHASH[h].pop()*/ + if (i < hsk) { + XMEMCPY(authPath, nodes, n); + nodes += n; + } + /* if h >= H - K then AUTH[h] <- RETAIN[h].pop()*/ + else { + word32 o = (1 << (hs - 1 - i)) + i - hs + + (((leafIdx >> i) - 1) >> 1); + XMEMCPY(authPath, bds->retain + o * n, n); + } + authPath += n; + } + + /* Step 4.c. Initialize treehash instances for heights: + * 0, ..., min{tau-1, H - K - 1} */ + tau = min(tau, hsk); + for (i = 0; i < tau; i++) { + word32 startIdx = leafIdx + 1 + 3 * (1 << i); + if (startIdx < ((word32)1 << hs)) { + wc_xmss_bds_state_treehash_set_next_idx(bds, i, startIdx); + } + } + } +} + +/******************************************** + * XMSS + ********************************************/ + +/* Derives XMSS key pair from seeds. + * + * RFC 8391: 4.1.7, Algorithm 10: XMSS_keyGen. + * ... + * initialize SK_PRF with a uniformly random n-byte string; + * setSK_PRF(SK, SK_PRF); + * + * # Initialization for common contents + * initialize SEED with a uniformly random n-byte string; + * setSEED(SK, SEED); + * setWOTS_SK(SK, wots_sk)); + * ADRS = toByte(0, 32); + * root = treeHash(SK, 0, h, ADRS); + * + * SK = idx || wots_sk || SK_PRF || root || SEED; + * PK = OID || root || SEED; + * return (SK || PK); + * + * HDSS, Section 4.5, The algorithm, Initialization. + * + * wots_sk, SK_PRF and SEED passed in as seed. + * Store seed for wots_sk instead of generated wots_sk. + * OID not stored in PK this is handled in upper layer. + * BDS state is appended to SK: + * SK = idx || wots_sk || SK_PRF || root || SEED || BDS_STATE; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] seed Secret/Private and public seed. + * @param [out] sk Secret key. + * @param [out] pk Public key. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return <0 on digest failure. + */ +int wc_xmss_keygen(XmssState* state, const unsigned char* seed, + unsigned char* sk, unsigned char* pk) +{ +#if WOLFSSL_XMSS_MIN_HEIGHT <= 32 + int ret = 0; + const XmssParams* params = state->params; + const word8 n = params->n; + /* Offset of root node in public key. */ + byte* pk_root = pk; +#ifdef WOLFSSL_SMALL_STACK + BdsState* bds = NULL; +#else + BdsState bds[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for tree hash instances and put in BDS state. */ + ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) +#endif + { + /* Offsets into seed. */ + const byte* seed_priv = seed; + const byte* seed_pub = seed + 2 * n; + /* Offsets into secret/private key. */ + word32* sk_idx = (word32*)sk; + byte* sk_seeds = sk + params->idx_len; + /* Offsets into public key. */ + byte* pk_seed = pk + n; + + /* Setup pointers into sk - assumes sk is initialized to zeros. */ + wc_xmss_bds_state_load(state, sk, bds, NULL); + + /* Set first index to 0 in private key. idx_len always 4. */ + *sk_idx = 0; + /* Set private key seed and private key for PRF in to private key. */ + XMEMCPY(sk_seeds, seed_priv, 2 * n); + /* Set public key seed into public key. */ + XMEMCPY(pk_seed, seed_pub, n); + + /* Set all address values to zero. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + /* Hash address layer is 0. */ + /* Compute root node into public key. */ + wc_xmss_bds_treehash_initial(state, bds, sk_seeds, pk_seed, + state->addr, pk_root); + /* Return any errors that occurred during hashing. */ + ret = state->ret; + } + if (ret == 0) { + /* Offset of root node in private key. */ + byte* sk_root = sk + params->idx_len + 2 * n; + + /* Append public key (root node and public seed) to private key. */ + XMEMCPY(sk_root, pk_root, 2 * n); + + /* Store BDS state back into secret/private key. */ + wc_xmss_bds_state_store(state, sk, bds); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated data of BDS states. */ + wc_xmss_bds_state_free(bds); +#endif + return ret; +#else + (void)state; + (void)pk; + (void)sk; + (void)seed; + + return NOT_COMPILED_IN; +#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */ +} + +/* Sign a message with XMSS. + * + * RFC 8391: 4.1.9, Algorithm 11: treeSig + * ... + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(idx_sig); + * sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig), + * M', getSEED(SK), ADRS); + * Sig = sig_ots || auth; + * return Sig; + * RFC 8391: 4.1.9, Algorithm 12: XMSS_sign + * idx_sig = getIdx(SK); + * setIdx(SK, idx_sig + 1); + * ADRS = toByte(0, 32); + * byte[n] r = PRF(getSK_PRF(SK), toByte(idx_sig, 32)); + * byte[n] M' = H_msg(r || getRoot(SK) || (toByte(idx_sig, n)), M); + * Sig = idx_sig || r || treeSig(M', SK, idx_sig, ADRS); + * return (SK || Sig); + * + * HDSS, Section 4.5, The algorithm, Update and output phase. + * + * 'auth' was built at key generation or after computing previous signature. + * Build next authentication path after signature created. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] m Buffer holding message. + * @param [in] mlen Length of message in buffer. + * @param [in, out] sk Secret/Private key. + * @param [out] sm Signature and message data. + * @param [in, out] smlen On in, length of signature and message buffer. + * On out, length of signature and message data. + * @return 0 on success. + * @return <0 on digest failure. + */ +int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, + unsigned char* sk, unsigned char* sig) +{ +#if WOLFSSL_XMSS_MIN_HEIGHT <= 32 + int ret = 0; + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 h = params->h; + const word8 hk = params->h - params->bds_k; + const byte* sk_seed = sk + XMSS_IDX_LEN; + const byte* pk_seed = sk + XMSS_IDX_LEN + 3 * n; + byte node[WC_XMSS_MAX_N]; + word32 idx; + byte* sig_r = sig + XMSS_IDX_LEN; +#ifdef WOLFSSL_SMALL_STACK + BdsState* bds = NULL; +#else + BdsState bds[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate memory for tree hash instances and put in BDS state. */ + ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) +#endif + { + /* Load the BDS state from secret/private key. */ + wc_xmss_bds_state_load(state, sk, bds, NULL); + + /* Copy the index into the signature data: Sig = idx_sig || ... */ + *((word32*)sig) = *((word32*)sk); + /* Read index from the secret key. */ + ato32(sk, &idx); + + /* Check index is valid. */ + if (IDX32_INVALID(idx, XMSS_IDX_LEN, h)) { + /* Set index to maximum value to distinguish from valid value. */ + XMEMSET(sk, 0xFF, XMSS_IDX_LEN); + /* Zeroize the secret key. */ + ForceZero(sk + XMSS_IDX_LEN, params->sk_len - XMSS_IDX_LEN); + ret = KEY_EXHAUSTED_E; + } + } + + /* Update SK_MT */ + if (ret == 0) { + /* Increment the index in the secret key. */ + c32toa(idx + 1, sk); + } + + /* Message compression */ + if (ret == 0) { + const byte* sk_prf = sk + XMSS_IDX_LEN + n; + + /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */ + wc_idx_copy(sig, params->idx_len, state->buf, XMSS_PRF_M_LEN); + wc_xmss_prf(state, sk_prf, state->buf, sig_r); + ret = state->ret; + } + if (ret == 0) { + const byte* pub_root = sk + XMSS_IDX_LEN + 2 * n; + + /* Compute the message hash. */ + wc_xmss_hash_message(state, sig_r, pub_root, sig, XMSS_IDX_LEN, m, mlen, + node); + ret = state->ret; + /* Place new signature data after index and 'r'. */ + sig += XMSS_IDX_LEN + n; + } + + if (ret == 0) { + /* Set all address values to zero and set type to OTS. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + /* treeSig || treeHash = sig_ots || auth */ + state->addr[XMSS_ADDR_OTS] = idx; + /* Create WOTS+ signature for tree into signature (sig_ots). */ + wc_xmss_wots_sign(state, node, sk_seed, pk_seed, state->addr, sig); + ret = state->ret; + } + if (ret == 0) { + sig += params->wots_sig_len; + /* Add authentication path (auth) and calc new root. */ + XMEMCPY(sig, bds->authPath, h * n); + ret = state->ret; + } + + if (ret == 0) { + /* Update BDS state - update authentication path for next index. */ + /* Check not last node. */ + if (idx < ((word32)1 << h) - 1) { + /* Calculate next authentication path node. */ + wc_xmss_bds_auth_path(state, bds, idx, sk_seed, pk_seed, + state->addr); + ret = state->ret; + if (ret == 0) { + /* Algorithm 4.6: Step 5. */ + wc_xmss_bds_treehash_updates(state, bds, hk >> 1, sk_seed, + pk_seed, state->addr); + ret = state->ret; + } + } + } + if (ret == 0) { + /* Store BDS state back into secret/private key. */ + wc_xmss_bds_state_store(state, sk, bds); + } + +#ifdef WOLFSSL_SMALL_STACK + /* Dispose of allocated data of BDS states. */ + wc_xmss_bds_state_free(bds); +#endif + return ret; +#else + (void)state; + (void)m; + (void)mlen; + (void)sk; + (void)sig; + + return NOT_COMPILED_IN; +#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */ +} + +/******************************************** + * XMSS^MT + ********************************************/ + +/* Generate a XMSS^MT key pair from seeds. + * + * RFC 8391: 4.2.2, Algorithm 15: XMSS^MT_keyGen. + * ... + * # Example initialization + * idx_MT = 0; + * setIdx(SK_MT, idx_MT); + * initialize SK_PRF with a uniformly random n-byte string; + * setSK_PRF(SK_MT, SK_PRF); + * initialize SEED with a uniformly random n-byte string; + * setSEED(SK_MT, SEED); + * + * # Generate reduced XMSS private keys + * ADRS = toByte(0, 32); + * for ( layer = 0; layer < d; layer++ ) { + * ADRS.setLayerAddress(layer); + * for ( tree = 0; tree < + * (1 << ((d - 1 - layer) * (h / d))); + * tree++ ) { + * ADRS.setTreeAddress(tree); + * for ( i = 0; i < 2^(h / d); i++ ) { + * wots_sk[i] = WOTS_genSK(); + * } + * setXMSS_SK(SK_MT, wots_sk, tree, layer); + * } + * } + * + * SK = getXMSS_SK(SK_MT, 0, d - 1); + * setSEED(SK, SEED); + * root = treeHash(SK, 0, h / d, ADRS); + * setRoot(SK_MT, root); + * + * PK_MT = OID || root || SEED; + * return (SK_MT || PK_MT); + * + * HDSS, Section 4.5, The algorithm, Initialization. + * OPX, Section 2, Key Generation. + * + * wots_sk, SK_PRF and SEED passed in as seed. + * Store seed for wots_sk instead of generated wots_sk. + * OID not stored in PK this is handled in upper layer. + * BDS state is appended to SK: + * SK = idx || wots_sk || SK_PRF || root || SEED || BDS_STATE; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] seed Secret/Private and public seed. + * @param [out] sk Secret key. + * @param [out] pk Public key. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return <0 on digest failure. + */ +int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, + unsigned char* sk, unsigned char* pk) +{ + int ret = 0; + const XmssParams* params = state->params; + const word8 n = params->n; + unsigned char* sk_seed = sk + params->idx_len; + unsigned char* pk_root = pk; + unsigned char* pk_seed = pk + n; + word8 i; + byte* wots_sigs; + BdsState* bds = NULL; + + /* Allocate memory for BDS states and tree hash instances. */ + ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) { + /* Offsets into seed. */ + const byte* seed_priv = seed; + const byte* seed_pub = seed + 2 * params->n; + + /* Load the BDS state from secret/private key. */ + wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + + /* Set first index to 0 in private key. */ + XMEMSET(sk, 0, params->idx_len); + /* Set private key seed and private key for PRF in to private key. */ + XMEMCPY(sk_seed, seed_priv, 2 * n); + /* Set public key seed into public key. */ + XMEMCPY(pk_seed, seed_pub, n); + + /* Set all address values to zero. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + /* Hash address layer is 0 = bottom-most layer. */ + } + + /* Setup state and compute WOTS+ signatures for all but top-most subtree. */ + for (i = 0; (ret == 0) && (i < params->d - 1); i++) { + /* Compute root for subtree. */ + wc_xmss_bds_treehash_initial(state, bds + i, sk_seed, pk_seed, + state->addr, pk_root); + ret = state->ret; + if (ret == 0) { + /* Create signature for subtree for first index. */ + state->addr[XMSS_ADDR_LAYER] = i+1; + wc_xmss_wots_sign(state, pk_root, sk_seed, pk_seed, state->addr, + wots_sigs + i * params->wots_sig_len); + ret = state->ret; + } + } + if (ret == 0) { + /* Compute root for top-most subtree. */ + wc_xmss_bds_treehash_initial(state, bds + i, sk_seed, pk_seed, + state->addr, pk_root); + /* Return any errors that occurred during hashing. */ + ret = state->ret; + } + + if (ret == 0) { + /* Offset of root node in private key. */ + unsigned char* sk_root = sk_seed + 2 * n; + + /* Append public key (root node and public seed) to private key. */ + XMEMCPY(sk_root, pk_root, 2 * n); + + /* Store BDS state back into secret/private key. */ + wc_xmss_bds_state_store(state, sk, bds); + } + + /* Dispose of allocated data of BDS states. */ + wc_xmss_bds_state_free(bds); + return ret; +} + + +#if !defined(WORD64_AVAILABLE) && (WOLFSSL_XMSS_MAX_HEIGHT > 32) + #error "Support not available - use XMSS small code option" +#endif + +#if (WOLFSSL_XMSS_MAX_HEIGHT > 32) + typedef word64 XmssIdx; + #define IDX_MAX_BITS 64 +#else + typedef word32 XmssIdx; + #define IDX_MAX_BITS 32 +#endif + +/* Decode index into word. + * + * @param [out] idx Index from encoding. + * @param [in] c Count of bytes to decode to index. + * @param [in] a Array to decode from. + */ +static void xmss_idx_decode(XmssIdx* idx, word8 c, const unsigned char* a) +{ + word8 i; + XmssIdx n = 0; + + for (i = 0; i < c; i++) { + n <<= 8; + n += a[i]; + } + + *idx = n; +} + +/* Check whether index is valid. + * + * @param [in] i Index to check. + * @param [in] h Full tree Height. + */ +static int xmss_idx_invalid(XmssIdx i, word8 h) +{ + return ((i + 1) >> h) != 0; +} + +/* Get tree and leaf index from index. + * + * @param [in] i Index to split. + * @param [in] h Tree height. + * @param [out] t Tree index. + * @param [out] l Leaf index. + */ +static void xmss_idx_get_tree_leaf(XmssIdx i, word8 h, XmssIdx* t, word32* l) +{ + *l = (word32)i & (((word32)1 << h) - 1); + *t = i >> h; +} + +/* Set the index into address as the tree index. + * + * @param [in] i Tree index. + * @param [in, out] a Hash address. + */ +static void xmss_idx_set_addr_tree(XmssIdx i, HashAddress a) +{ +#if IDX_MAX_BITS == 32 + a[XMSS_ADDR_TREE_HI] = 0; + a[XMSS_ADDR_TREE] = i; +#else + a[XMSS_ADDR_TREE_HI] = (word32)(i >> 32); + a[XMSS_ADDR_TREE] = (word32)(i ); +#endif +} + +/* Sign message with XMSS^MT. + * + * RFC 8391: 4.1.9, Algorithm 11: treeSig + * ... + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(idx_sig); + * sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig), + * M', getSEED(SK), ADRS); + * Sig = sig_ots || auth; + * return Sig; + * RFC 8391: 4.2.4, Algorithm 16: XMSS^MT_sign. + * ... + * # Init + * ADRS = toByte(0, 32); + * SEED = getSEED(SK_MT); + * SK_PRF = getSK_PRF(SK_MT); + * idx_sig = getIdx(SK_MT); + * + * # Update SK_MT + * setIdx(SK_MT, idx_sig + 1); + * + * # Message compression + * byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); + * byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M); + * + * # Sign + * Sig_MT = idx_sig; + * unsigned int idx_tree + * = (h - h / d) most significant bits of idx_sig; + * unsigned int idx_leaf = (h / d) least significant bits of idx_sig; + * SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, 0) || SK_PRF + * || toByte(0, n) || SEED; + * ADRS.setLayerAddress(0); + * ADRS.setTreeAddress(idx_tree); + * Sig_tmp = treeSig(M', SK, idx_leaf, ADRS); + * Sig_MT = Sig_MT || r || Sig_tmp; + * for ( j = 1; j < d; j++ ) { + * root = treeHash(SK, 0, h / d, ADRS); + * idx_leaf = (h / d) least significant bits of idx_tree; + * idx_tree = (h - j * (h / d)) most significant bits of idx_tree; + * SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, j) || SK_PRF + * || toByte(0, n) || SEED; + * ADRS.setLayerAddress(j); + * ADRS.setTreeAddress(idx_tree); + * Sig_tmp = treeSig(root, SK, idx_leaf, ADRS); + * Sig_MT = Sig_MT || Sig_tmp; + * } + * return SK_MT || Sig_MT; + * + * 'auth' was built at key generation or after computing previous signature. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] idx Index to sign with. + * @param [in] wots_sigs Pre-computed WOTS+ signatures. + * @param [in] m Buffer holding message. + * @param [in] mlen Length of message in buffer. + * @param [in, out] sk Secret/Private key. + * @param [out] sig Signature and message data. + * @return 0 on success. + * @return <0 on digest failure. + */ +static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx, + byte* wots_sigs, const unsigned char* m, word32 mlen, unsigned char* sk, + unsigned char* sig) +{ + int ret; + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 hs = params->sub_h; + const word8 idx_len = params->idx_len; + const byte* sk_prf = sk + idx_len + n; + byte* sig_mt = sig; + byte* sig_r = sig + idx_len; + byte node[WC_XMSS_MAX_N]; + + /* Message compression */ + /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */ + wc_idx_copy(sig_mt, idx_len, state->buf, XMSS_PRF_M_LEN); + wc_xmss_prf(state, sk_prf, state->buf, sig_r); + ret = state->ret; + if (ret == 0) { + const byte* pub_root = sk + idx_len + 2 * n; + /* byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M); + */ + wc_xmss_hash_message(state, sig_r, pub_root, sig, idx_len, m, mlen, + node); + ret = state->ret; + /* Place new signature data after index and 'r'. */ + sig += idx_len + n; + } + + /* Sign */ + if (ret == 0) { + const byte* sk_seed = sk + idx_len; + const byte* pk_seed = sk + idx_len + 3 * n; + XmssIdx idx_tree; + word32 idx_leaf; + + /* Set all address values to zero and set type to OTS. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + + /* Fist iteration - calculate signature. */ + /* Set layer, tree and OTS leaf index into hash address. */ + state->addr[XMSS_ADDR_LAYER] = 0; + xmss_idx_get_tree_leaf(idx, hs, &idx_tree, &idx_leaf); + xmss_idx_set_addr_tree(idx_tree, state->addr); + /* treeSig || treeHash = sig_ots || auth */ + state->addr[XMSS_ADDR_OTS] = idx_leaf; + /* Create WOTS+ signature for tree into signature (sig_ots). */ + wc_xmss_wots_sign(state, node, sk_seed, pk_seed, state->addr, sig); + ret = state->ret; + } + if (ret == 0) { + word8 i; + + sig += params->wots_sig_len; + /* Add authentication path. */ + XMEMCPY(sig, bds[BDS_IDX(idx, 0, hs, params->d)].authPath, hs * n); + sig += hs * n; + + /* Remaining iterations from storage. */ + for (i = 1; i < params->d; i++) { + /* Copy out precomputed signature into signature (sig_ots). */ + XMEMCPY(sig, wots_sigs + (i - 1) * params->wots_sig_len, + params->wots_sig_len); + sig += params->wots_sig_len; + /* Add authentication path (auth) and calc new root. */ + XMEMCPY(sig, bds[BDS_IDX(idx, i, hs, params->d)].authPath, hs * n); + sig += hs * n; + } + ret = state->ret; + } + + return ret; +} + +/* Compute BDS state for signing next index. + * + * HDSS, Section 4.5, The algorithm, Update and output phase. + * OPX, Section 2, Signature Generation. Para 2 and 3. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in, out] bds BDS state. + * @param [in] idx Index to sign with. + * @param [in] wots_sigs Pre-computed WOTS+ signatures. + * @param [in] m Buffer holding message. + * @param [in] mlen Length of message in buffer. + * @param [in, out] sk Secret/Private key. + * @param [out] sig Signature and message data. + * @return 0 on success. + * @return <0 on digest failure. + */ +static int wc_xmssmt_sign_next_idx(XmssState* state, BdsState* bds, XmssIdx idx, + byte* wots_sigs, unsigned char* sk) +{ + int ret = 0; + const XmssParams* params = state->params; + const word8 n = params->n; + const word8 h = params->h; + const word8 hs = params->sub_h; + const word8 hsk = params->sub_h - params->bds_k; + const byte* sk_seed = sk + params->idx_len; + const byte* pk_seed = sk + params->idx_len + 3 * n; + XmssIdx idx_tree; + int computeAuthPath = 1; + unsigned int updates; + word8 i; + + /* Update BDS state - update authentication path for next index. */ + /* HDSS, Algorithm 4.6, Step 5: repeat (H - K) / 2 times. */ + updates = hsk >> 1; + + idx_tree = (idx >> hs) + 1; + /* Check whether last tree. */ + if (idx_tree < ((XmssIdx)1 << (h - hs))) { + /* Set hash address to next tree. */ + state->addr[XMSS_ADDR_LAYER] = 0; + xmss_idx_set_addr_tree(idx_tree, state->addr); + /* Update BDS state. */ + wc_xmss_bds_update(state, &bds[BDS_ALT_IDX(idx, 0, hs, params->d)], + sk_seed, pk_seed, state->addr); + ret = state->ret; + } + + for (i = 0; (ret == 0) && (i < params->d); i++) { + word32 idx_leaf; + word8 bds_i = BDS_IDX(idx, i, hs, params->d); + word8 alt_i = BDS_ALT_IDX(idx, i, hs, params->d); + + /* Check not last at height. */ + if (((idx + 1) << (IDX_MAX_BITS - ((i + 1) * hs))) != 0) { + state->addr[XMSS_ADDR_LAYER] = i; + xmss_idx_get_tree_leaf(idx >> (hs * i), hs, &idx_tree, &idx_leaf); + xmss_idx_set_addr_tree(idx_tree, state->addr); + idx_tree++; + + if (computeAuthPath) { + /* Compute authentication path for tree. */ + wc_xmss_bds_auth_path(state, &bds[bds_i], idx_leaf, sk_seed, + pk_seed, state->addr); + ret = state->ret; + computeAuthPath = 0; + } + + if (ret == 0) { + /* HDSS, Algorithm 4.6: Step 5. */ + updates = wc_xmss_bds_treehash_updates(state, &bds[bds_i], + updates, sk_seed, pk_seed, state->addr); + ret = state->ret; + } + + /* Check tree not first, updates to do, tree not last at height and + * next leaf in alt state is not last. */ + if ((ret == 0) && (i > 0) && (updates > 0) && + (idx_tree < ((XmssIdx)1 << (h - (hs * (i + 1))))) && + (bds[alt_i].next < ((XmssIdx)1 << h))) { + xmss_idx_set_addr_tree(idx_tree, state->addr); + /* Update alternative BDS state. */ + wc_xmss_bds_update(state, &bds[alt_i], sk_seed, pk_seed, + state->addr); + ret = state->ret; + updates--; + } + } + /* Last at height. */ + else { + /* Set layer, tree and OTS leaf index into hash address. */ + state->addr[XMSS_ADDR_LAYER] = i + 1; + idx_tree = (idx + 1) >> ((i + 1) * hs); + xmss_idx_get_tree_leaf(idx_tree, hs, &idx_tree, &idx_leaf); + xmss_idx_set_addr_tree(idx_tree, state->addr); + /* Cache WOTS+ signature for new tree. */ + state->addr[XMSS_ADDR_OTS] = idx_leaf; + wc_xmss_wots_sign(state, bds[alt_i].stack, sk_seed, pk_seed, + state->addr, wots_sigs + i * params->wots_sig_len); + ret = state->ret; + + if (ret == 0) { + word8 d; + + /* Reset old BDS state. */ + bds[bds_i].offset = 0; + bds[bds_i].next = 0; + + /* Done an update. */ + updates--; + /* Need to compute authentication path in next tree up. */ + computeAuthPath = 1; + /* Mark the tree hashes as complete in new BDS state. */ + for (d = 0; d < hsk; d++) { + wc_xmss_bds_state_treehash_complete(&bds[alt_i], d); + } + } + } + } + + return ret; +} + +/* Sign a message with XMSS^MT and update BDS state for signing next index. + * + * RFC 8391: 4.2.4, Algorithm 16: XMSS^MT_sign. + * HDSS, Section 4.5, The algorithm, Update and output phase. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] m Buffer holding message. + * @param [in] mlen Length of message in buffer. + * @param [in, out] sk Secret/Private key. + * @param [out] sig Signature and message data. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return <0 on digest failure. + */ +int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, + unsigned char* sk, unsigned char* sig) +{ + int ret = 0; + const XmssParams* params = state->params; + const word8 h = params->h; + const word8 idx_len = params->idx_len; + XmssIdx idx = 0; + byte* sig_mt = sig; + byte* wots_sigs; + BdsState* bds = NULL; + + /* Allocate memory for BDS states and tree hash instances. */ + ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) { + /* Load the BDS state from secret/private key. */ + wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + + /* Copy the index into the signature data: Sig_MT = idx_sig. */ + XMEMCPY(sig_mt, sk, idx_len); + + /* Read index from the secret key. */ + xmss_idx_decode(&idx, idx_len, sk); + } + if ((ret == 0) && xmss_idx_invalid(idx, h)) { + /* Set index to maximum value to distinguish from valid value. */ + XMEMSET(sk, 0xFF, idx_len); + /* Zeroize the secret key. */ + ForceZero(sk + idx_len, params->sk_len - idx_len); + ret = KEY_EXHAUSTED_E; + } + + if (ret == 0) { + /* Increment the index in the secret key. */ + wc_idx_update(sk, idx_len); + + /* Compute signature. */ + ret = wc_xmssmt_sign_msg(state, bds, idx, wots_sigs, m, mlen, sk, sig); + } + + /* Only update if not last index. */ + if ((ret == 0) && (idx < (((XmssIdx)1 << h) - 1))) { + /* Update BDS state for signing next index. */ + ret = wc_xmssmt_sign_next_idx(state, bds, idx, wots_sigs, sk); + } + + if (ret == 0) { + /* Store BDS state back into secret/private key. */ + wc_xmss_bds_state_store(state, sk, bds); + } + + /* Dispose of allocated data of BDS states. */ + wc_xmss_bds_state_free(bds); + return ret; +} + +#endif /* WOLFSSL_WC_XMSS_SMALL */ + +/* Check if more signatures are possible with secret/private key. + * + * @param [in] params XMSS parameters + * @param [in] sk Secret/private key. + * @return 1 when signatures possible. + * @return 0 when key exhausted. + */ + +int wc_xmss_sigsleft(const XmssParams* params, unsigned char* sk) +{ + int ret = 0; + wc_Idx idx; + + WC_IDX_ZERO(idx); + /* Read index from the secret key. */ + WC_IDX_DECODE(idx, params->idx_len, sk, ret); + /* Check validity of index. */ + if ((ret == 0) && (WC_IDX_INVALID(idx, params->idx_len, params->h))) { + ret = KEY_EXHAUSTED_E; + } + + return ret == 0; +} +#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */ + +/******************************************** + * SIGN OPEN - Verify + ********************************************/ + +#if !defined(WOLFSSL_WC_XMSS_SMALL) || defined(WOLFSSL_XMSS_VERIFY_ONLY) +/* Compute root node with leaf and authentication path. + * + * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig + * ... + * for ( k = 0; k < h; k++ ) { + * ADRS.setTreeHeight(k); + * if ( (floor(idx_sig / (2^k)) % 2) == 0 ) { + * ADRS.setTreeIndex(ADRS.getTreeIndex() / 2); + * node[1] = RAND_HASH(node[0], auth[k], SEED, ADRS); + * } else { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node[1] = RAND_HASH(auth[k], node[0], SEED, ADRS); + * } + * node[0] = node[1]; + * } + * return node[0]; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] idx_leaf Index of leaf node. + * @param [in] auth_path Authentication path. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [in, out] root On in, leaf node. On out, root node. + */ +static void wc_xmss_compute_root(XmssState* state, word32 idx_leaf, + const byte* auth_path, const byte* pk_seed, HashAddress addr, byte* root) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + const byte* b[2][2] = { { root, auth_path }, { auth_path, root } }; + word8 i; + + for (i = 0; i < params->sub_h; i++) { + /* Get which side the leaf is on. */ + word8 s = idx_leaf & 1; + /* Set tree height and index. */ + addr[XMSS_ADDR_TREE_HEIGHT] = i; + idx_leaf >>= 1; + addr[XMSS_ADDR_TREE_INDEX] = idx_leaf; + + /* Put the result into buffer position for next RAND_HASH. */ + wc_xmss_rand_hash_lr(state, b[s][0], b[s][1], pk_seed, addr, root); + /* Move to next auth path node. */ + b[0][1] += n; + b[1][0] += n; + } +} +#else +/* Compute root node with leaf and authentication path. + * + * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig + * ... + * for ( k = 0; k < h; k++ ) { + * ADRS.setTreeHeight(k); + * if ( (floor(idx_sig / (2^k)) % 2) == 0 ) { + * ADRS.setTreeIndex(ADRS.getTreeIndex() / 2); + * node[1] = RAND_HASH(node[0], auth[k], SEED, ADRS); + * } else { + * ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2); + * node[1] = RAND_HASH(auth[k], node[0], SEED, ADRS); + * } + * node[0] = node[1]; + * } + * return node[0]; + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] idx_leaf Index of leaf node. + * @param [in] auth_path Authentication path. + * @param [in] pk_seed Random public seed. + * @param [in] addr Hash address. + * @param [in, out] node On in, leaf node. On out, root node. + */ +static void wc_xmss_compute_root(XmssState* state, word32 idx_leaf, + const byte* auth_path, const byte* pk_seed, HashAddress addr, byte* node) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + byte buffer[2 * WC_XMSS_MAX_N]; + byte* b[2][2] = { { buffer, buffer + n }, { buffer + n, buffer } }; + word8 i; + + /* Setup buffer for first RAND_HASH. */ + XMEMCPY(b[idx_leaf & 1][0], node, n); + XMEMCPY(b[idx_leaf & 1][1], auth_path, n); + auth_path += n; + + for (i = 0; i < params->sub_h - 1; i++) { + /* Set tree height and index. */ + addr[XMSS_ADDR_TREE_HEIGHT] = i; + idx_leaf >>= 1; + addr[XMSS_ADDR_TREE_INDEX] = idx_leaf; + + /* Put the result into buffer position for next RAND_HASH. */ + wc_xmss_rand_hash(state, buffer, pk_seed, addr, b[idx_leaf & 1][0]); + /* Put auth path node into other half of buffer. */ + XMEMCPY(b[idx_leaf & 1][1], auth_path, n); + /* Move to next auth path node. */ + auth_path += n; + } + + addr[XMSS_ADDR_TREE_HEIGHT] = i; + idx_leaf >>= 1; + addr[XMSS_ADDR_TREE_INDEX] = idx_leaf; + /* Last iteration into output node. */ + wc_xmss_rand_hash(state, buffer, pk_seed, addr, node); +} +#endif /* !WOLFSSL_WC_XMSS_SMALL || WOLFSSL_XMSS_VERIFY_ONLY */ + +/* Compute a root node from a tree signature. + * + * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig + * ADRS.setType(0); # Type = OTS hash address + * ADRS.setOTSAddress(idx_sig); + * pk_ots = WOTS_pkFromSig(sig_ots, M', SEED, ADRS); + * ADRS.setType(1); # Type = L-tree address + * ADRS.setLTreeAddress(idx_sig); + * byte[n][2] node; + * node[0] = ltree(pk_ots, SEED, ADRS); + * ADRS.setType(2); # Type = hash tree address + * ADRS.setTreeIndex(idx_sig); + * [Compute root with leaf and authentication path] + * + * Computing the root from the leaf and authentication path can be implemented + * in different ways and is therefore extracted to its own function. + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] pk_seed Random public seed. + * @param [in] sig WOTS+ signature for this tree. + * @param [in] idx_sig Index of signature leaf in this tree. + * @param [in, out] addr Hash address. + * @param [in, out] node On in, previous root node. + * On out, root node of this subtree. + */ +static void wc_xmss_root_from_sig(XmssState* state, const byte* pk_seed, + const byte* sig, word32 idx_sig, HashAddress addr, byte* node) +{ + const XmssParams* params = state->params; + byte* wots_pk = state->pk; + const byte* auth_path = sig + params->wots_sig_len; + + /* Compute WOTS+ public key value from signature. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS; + addr[XMSS_ADDR_OTS] = idx_sig; + wc_xmss_wots_pk_from_sig(state, sig, node, pk_seed, addr, wots_pk); + + /* Compute leaves of L-tree from WOTS+ public key. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE; + /* XMSS_ADDR_LTREE is same as XMSS_ADDR_OTS in index and value. */ + wc_xmss_ltree(state, wots_pk, pk_seed, addr, node); + + /* Compute root node from leaf and authentication path. */ + addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE; + addr[XMSS_ADDR_TREE_ZERO] = 0; + wc_xmss_compute_root(state, idx_sig, auth_path, pk_seed, addr, node); +} + +/* Verify message with signature using XMSS/MT. + * + * RFC 8391: 4.2.5, Algorithm 17: XMSSMT_verify + * idx_sig = getIdx(Sig_MT); + * SEED = getSEED(PK_MT); + * ADRS = toByte(0, 32); + * + * byte[n] M' = H_msg(getR(Sig_MT) || getRoot(PK_MT) + * || (toByte(idx_sig, n)), M); + * + * unsigned int idx_leaf + * = (h / d) least significant bits of idx_sig; + * unsigned int idx_tree + * = (h - h / d) most significant bits of idx_sig; + * Sig' = getXMSSSignature(Sig_MT, 0); + * ADRS.setLayerAddress(0); + * ADRS.setTreeAddress(idx_tree); + * byte[n] node = XMSS_rootFromSig(idx_leaf, getSig_ots(Sig'), + * getAuth(Sig'), M', SEED, ADRS); + * for ( j = 1; j < d; j++ ) { + * idx_leaf = (h / d) least significant bits of idx_tree; + * idx_tree = (h - j * h / d) most significant bits of idx_tree; + * Sig' = getXMSSSignature(Sig_MT, j); + * ADRS.setLayerAddress(j); + * ADRS.setTreeAddress(idx_tree); + * node = XMSS_rootFromSig(idx_leaf, getSig_ots(Sig'), + * getAuth(Sig'), node, SEED, ADRS); + * } + * if ( node == getRoot(PK_MT) ) { + * return true; + * } else { + * return false; + * } + * + * @param [in] state XMSS/MT state including digest and parameters. + * @param [in] m Message buffer. + * @param [in] mlen Length of message in bytes. + * @param [in] sig Buffer holding signature. + * @param [in] pk Public key. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SIG_VERIFY_E on verification failure. + * @return <0 on digest failure. + */ +int wc_xmssmt_verify(XmssState* state, const unsigned char* m, word32 mlen, + const unsigned char* sig, const unsigned char* pk) +{ + const XmssParams* params = state->params; + const word8 n = params->n; + int ret = 0; + const byte* pub_root = pk; + const byte* pk_seed = pk + n; + byte node[WC_XMSS_MAX_N]; + wc_Idx idx; + word32 idx_leaf = 0; + unsigned int i; + + /* Set 32/64-bit index to 0. */ + WC_IDX_ZERO(idx); + /* Set all address values to zero. */ + XMEMSET(state->addr, 0, sizeof(HashAddress)); + + if (ret == 0) { + /* Convert the index bytes from the signature to an integer. */ + WC_IDX_DECODE(idx, params->idx_len, sig, ret); + } + + if (ret == 0) { + const byte* sig_r = sig + params->idx_len; + /* byte[n] M' = H_msg(getR(Sig_MT) || getRoot(PK_MT) || + * (toByte(idx_sig, n)), M); + */ + wc_xmss_hash_message(state, sig_r, pub_root, sig, params->idx_len, m, + mlen, node); + ret = state->ret; + } + + if (ret == 0) { + /* Set tree of hash address. */ + WC_IDX_SET_ADDR_TREE(idx, params->idx_len, params->sub_h, state->addr, + idx_leaf); + + /* Skip to first WOTS+ signature and derive root. */ + sig += params->idx_len + n; + wc_xmss_root_from_sig(state, pk_seed, sig, idx_leaf, state->addr, + node); + ret = state->ret; + } + /* Calculate root of remaining subtrees up to top. */ + for (i = 1; (ret == 0) && (i < params->d); i++) { + /* Set layer and tree. */ + state->addr[XMSS_ADDR_LAYER] = i; + WC_IDX_SET_ADDR_TREE(idx, params->idx_len, params->sub_h, state->addr, + idx_leaf); + /* Skip to next WOTS+ signature and derive root. */ + sig += params->wots_sig_len + params->sub_h * n; + wc_xmss_root_from_sig(state, pk_seed, sig, idx_leaf, state->addr, + node); + ret = state->ret; + } + /* Compare calculated node with public key root. */ + if ((ret == 0) && (XMEMCMP(node, pub_root, n) != 0)) { + ret = SIG_VERIFY_E; + } + + return ret; +} +#endif /* WOLFSSL_HAVE_XMSS */ + diff --git a/wolfcrypt/src/wolfevent.c b/wolfcrypt/src/wolfevent.c index 01ddd11312..bf155c1293 100644 --- a/wolfcrypt/src/wolfevent.c +++ b/wolfcrypt/src/wolfevent.c @@ -1,6 +1,6 @@ /* wolfevent.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,7 +55,7 @@ int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context) int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags) { - int ret = BAD_COND_E; + int ret = WC_NO_ERR_TRACE(BAD_COND_E); /* Check hardware */ #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index 11e85cd74b..b7853dd8fd 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -1,6 +1,6 @@ /* wolfmath.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -167,7 +167,8 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d) return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); } -#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE) +#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE) || \ + defined(WOLFSSL_ECC_BLIND_K) int mp_rand(mp_int* a, int digits, WC_RNG* rng) { int ret = 0; @@ -221,7 +222,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) return ret; } -#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE */ +#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE || WOLFSSL_ECC_BLIND_K */ #endif /* !WC_NO_RNG */ #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT) @@ -357,9 +358,7 @@ void wc_bigint_zero(WC_BIGINT* a) void wc_bigint_free(WC_BIGINT* a) { if (a) { - if (a->buf) { - XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); - } + XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); a->buf = NULL; a->len = 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 80e4e49fe8..b0a56c224b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -257,6 +257,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #include #include #include +#include #include #include #if !defined(WC_NO_RNG) @@ -313,6 +314,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #include #endif #endif +#ifdef HAVE_DILITHIUM + #include +#endif #if defined(WOLFSSL_HAVE_XMSS) #include #ifdef HAVE_LIBXMSS @@ -353,6 +357,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef HAVE_PKCS7 #include #endif +#ifdef HAVE_PKCS12 + #include +#endif #ifdef HAVE_FIPS #include #endif @@ -518,6 +525,16 @@ static wc_test_ret_t hkdf_test(void); #else WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void); #endif +#endif /* HAVE_HKDF && ! NO_HMAC */ +#ifdef WOLFSSL_HAVE_PRF +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#ifdef WOLFSSL_BASE16 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void); +#endif /* WOLFSSL_BASE16 */ +#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF */ +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); #ifdef WOLFSSL_TLS13 @@ -573,6 +590,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); #endif /* WC_NO_RNG */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ @@ -584,7 +602,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void); -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void); #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void); #endif @@ -618,6 +636,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #ifdef WOLFSSL_HAVE_KYBER WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void); #endif +#ifdef HAVE_DILITHIUM + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void); +#endif #if defined(WOLFSSL_HAVE_XMSS) #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void); @@ -628,7 +649,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ + defined(HAVE_LIBLMS) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif @@ -689,9 +711,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); #endif -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) +#ifdef ASN_BER_TO_DER WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); @@ -926,6 +946,340 @@ static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx) } #endif +#if defined(WC_KDF_NIST_SP_800_56C) +#define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \ + { \ + .z = (const byte*)_z, .zSz = sizeof(_z) - 1, \ + .fixedInfo = (const byte*)_fixedInfo, \ + .fixedInfoSz = sizeof(_fixedInfo) - 1, \ + .derivedKey = (const byte*)_derivedKey, \ + .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = _hashType, \ + } + +#define SP800_56C_MAX_OUT 128 +static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void) +{ + struct sp800_56c_test_vector { + const byte* z; + word32 zSz; + const byte* fixedInfo; + word32 fixedInfoSz; + const byte* derivedKey; + word32 derivedKeySz; + enum wc_HashType hashType; + }; + struct sp800_56c_test_vector* v; + byte output[SP800_56C_MAX_OUT]; + word32 i; + int ret; + /* vectors from + * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values + * + * (KeyManagement) */ + struct sp800_56c_test_vector vctors[] = { +#if !defined(NO_SHA) + /* SHA-1 */ + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a" + "\xa3\x6d\xb6\x14\x29\xea\x55\x21", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7" + "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51" + "\xba\x22\x62\xbd\x1e\x28\xe5\x6b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92" + "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa" + "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd" + "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4" + "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d" + "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed" + "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46" + "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8" + "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c" + "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd" + "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3" + "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9" + "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43" + "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd" + "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42" + "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03" + "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87" + "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e" + "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1" + "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9" + "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9" + "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77" + "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16" + "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed" + "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4" + "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02" + "\x91\x79\x0a\x1d\xc8\x31\x4e\x28", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91" + "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9" + "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8" + "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0" + "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb" + "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83" + "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25" + "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14" + "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87" + "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), +#endif +#if defined(WOLFSSL_SHA224) + /* SHA-224*/ + INIT_SP80056C_TEST_VECTOR( + "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64" + "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e" + "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11" + "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b" + "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84" + "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1" + "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34" + "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50" + "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa" + "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f" + "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71" + "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e" + "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d" + "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b" + "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf" + "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe" + "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d" + "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb" + "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f" + "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32" + "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab" + "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71" + "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26" + "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37" + "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c" + "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe" + "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54" + "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58" + "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13" + "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3" + "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1" + "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56" + "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54" + "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef" + "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51", + WC_HASH_TYPE_SHA224), + INIT_SP80056C_TEST_VECTOR( + "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2" + "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54" + "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee" + "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01" + "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a" + "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d" + "\xc9\x6d\x70\x09\x99\x16\xf1\x6b", + WC_HASH_TYPE_SHA224), +#endif +#if !defined(NO_SHA256) + /* SHA-256 */ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6", + WC_HASH_TYPE_SHA256), + INIT_SP80056C_TEST_VECTOR( + "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8" + "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5" + "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97" + "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d" + "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2" + "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf" + "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45" + "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c" + "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67" + "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55" + "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36" + "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7" + "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1" + "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34" + "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba" + "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b" + "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27" + "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8" + "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a" + "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b" + "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d" + "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe" + "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82" + "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8" + "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c" + "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55" + "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0" + "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c" + "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07" + "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b" + "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e" + "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76" + "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67" + "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a" + "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b", + WC_HASH_TYPE_SHA256), + /* slightly modified vector to test generation when derivedKeySz % + * hashOutSz != 0*/ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc", + WC_HASH_TYPE_SHA256), + +#endif +#if defined(WOLFSSL_SHA384) + /* SHA-384 */ + INIT_SP80056C_TEST_VECTOR( + "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8" + "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4" + "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e" + "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a" + "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0" + "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24" + "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda" + "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee" + "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c" + "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8" + "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40", + WC_HASH_TYPE_SHA384), +#endif +#if defined(WOLFSSL_SHA512) + /* SHA-512 */ + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae" + "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c" + "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26" + "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24" + "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15" + "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5" + "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0" + "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38", + WC_HASH_TYPE_SHA512), +#endif + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a", + WC_HASH_TYPE_SHA512), + + }; + + for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) { + v = &vctors[i]; + ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz, + v->derivedKeySz, v->hashType, output, + /* use derivedKeySz to force the function to use a temporary buff + for the last block */ + v->derivedKeySz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0) + return WC_TEST_RET_ENC_NC; + } + + /* negative tests */ + ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info", + sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16); + if (ret != BAD_FUNC_ARG) + return WC_TEST_RET_ENC_NC; + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != BAD_FUNC_ARG) + return WC_TEST_RET_ENC_NC; + + /* allow empty FixedInfo */ + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* WC_KDF_NIST_SP_800_56C */ + /* optional macro to add sleep between tests */ #ifndef TEST_SLEEP #define TEST_SLEEP() WC_DO_NOTHING @@ -985,6 +1339,10 @@ wc_test_ret_t wolfcrypt_test(void* args) heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); #endif +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(wc_GenerateSeed); +#endif + printf("------------------------------------------------------------------------------\n"); printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); #ifdef WOLF_CRYPTO_CB @@ -1039,6 +1397,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ printf("unable to load static memory.\n"); return(EXIT_FAILURE); } + #ifndef OPENSSL_EXTRA + wolfSSL_SetGlobalHeapHint(HEAP_HINT); + #endif #endif #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) @@ -1051,6 +1412,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM) wolfCrypt_SetCb_fips(myFipsCb); + #if FIPS_VERSION3_GE(6,0,0) + printf("FIPS module version in use: %s\n", + wolfCrypt_GetVersion_fips()); + #endif #endif #if !defined(NO_BIG_INT) @@ -1361,6 +1726,28 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ PRIVATE_KEY_LOCK(); #endif /* WOLFSSL_WOLFSSH */ +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + PRIVATE_KEY_UNLOCK(); + if ( (ret = prf_test()) != 0) + TEST_FAIL("PRF test failed!\n", ret); + else + TEST_PASS("PRF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#ifdef WOLFSSL_HAVE_PRF +#if defined (HAVE_HKDF) && !defined(NO_HMAC) +#ifdef WOLFSSL_BASE16 + PRIVATE_KEY_UNLOCK(); + if ( (ret = tls12_kdf_test()) != 0) + TEST_FAIL("TLSv1.2 KDF test failed!\n", ret); + else + TEST_PASS("TLSv1.2 KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif /* WOLFSSL_BASE16 */ +#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF */ + #ifdef WOLFSSL_TLS13 PRIVATE_KEY_UNLOCK(); if ( (ret = tls13_kdf_test()) != 0) @@ -1378,17 +1765,28 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) + PRIVATE_KEY_UNLOCK(); if ( (ret = hpke_test()) != 0) TEST_FAIL("HPKE test failed!\n", ret); else TEST_PASS("HPKE test passed!\n"); + PRIVATE_KEY_LOCK(); #endif #if defined(WC_SRTP_KDF) + PRIVATE_KEY_UNLOCK(); if ( (ret = srtpkdf_test()) != 0) TEST_FAIL("SRTP KDF test failed!\n", ret); else TEST_PASS("SRTP KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#if defined(WC_KDF_NIST_SP_800_56C) + if ( (ret = nist_sp80056c_kdf_test()) != 0) + TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret); + else + TEST_PASS("NIST SP 800-56C KDF test passed!\n"); #endif #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ @@ -1620,10 +2018,22 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifndef NO_PWDBASED + PRIVATE_KEY_UNLOCK(); if ( (ret = pwdbased_test()) != 0) TEST_FAIL("PWDBASED test failed!\n", ret); else TEST_PASS("PWDBASED test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) + if ( (ret = pkcs12_test()) != 0) + TEST_FAIL("PKCS12 test failed!\n", ret); + else + TEST_PASS("PKCS12 test passed!\n"); #endif #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) @@ -1713,10 +2123,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifdef HAVE_ED25519 + PRIVATE_KEY_UNLOCK(); if ( (ret = ed25519_test()) != 0) TEST_FAIL("ED25519 test failed!\n", ret); else TEST_PASS("ED25519 test passed!\n"); + PRIVATE_KEY_LOCK(); #endif #ifdef HAVE_CURVE448 @@ -1727,10 +2139,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifdef HAVE_ED448 + PRIVATE_KEY_UNLOCK(); if ( (ret = ed448_test()) != 0) TEST_FAIL("ED448 test failed!\n", ret); else TEST_PASS("ED448 test passed!\n"); + PRIVATE_KEY_LOCK(); #endif #ifdef WOLFSSL_HAVE_KYBER @@ -1740,6 +2154,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("KYBER test passed!\n"); #endif +#ifdef HAVE_DILITHIUM + if ( (ret = dilithium_test()) != 0) + TEST_FAIL("DILITHIUM test failed!\n", ret); + else + TEST_PASS("DILITHIUM test passed!\n"); +#endif + #if defined(WOLFSSL_HAVE_XMSS) #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 if ( (ret = xmss_test_verify_only()) != 0) @@ -1758,7 +2179,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ + defined(HAVE_LIBLMS) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS Vfy test failed!\n", ret); else @@ -1948,6 +2370,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #endif +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA) + wolfSSL_SetGlobalHeapHint(NULL); +#endif TEST_PASS("Test complete\n"); EXIT_TEST(ret); @@ -2049,10 +2474,6 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ printf("Math: %s\n", wc_GetMathInfo()); #endif -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif - #ifdef HAVE_STACK_SIZE StackSizeCheck(&args, wolfcrypt_test); #else @@ -2113,7 +2534,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, if (!derFile) { return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I); } - ret = (int)XFWRITE(der, 1, derSz, derFile); + ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile); XFCLOSE(derFile); if (ret != derSz) { return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I); @@ -2133,7 +2554,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, int pemSz; /* calculate PEM size */ - pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType); + pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType); if (pemSz < 0) { return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I); } @@ -2147,7 +2568,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, return BAD_FUNC_ARG; #endif /* Convert to PEM */ - pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); + pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType); if (pemSz < 0) { XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); @@ -2158,7 +2579,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); } - ret = (int)XFWRITE(pem, 1, pemSz, pemFile); + ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -2202,9 +2623,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void) int i; int j = 0; /* Values that are not or no longer error codes. */ - int missing[] = { -124, -128, -129, -159, -163, -164, - -165, -166, -167, -168, -169, -233, 0 }; - WOLFSSL_ENTER("error_test !NO_ERROR_STRINGS"); + int missing[] = { -124, -166, -167, -168, -169, 0 }; /* Check that all errors have a string and it's the same through the two * APIs. Check that the values that are not errors map to the unknown @@ -3045,7 +3464,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void) if (ret != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_Blake2bUpdate(&b2b, input, i); + ret = wc_Blake2bUpdate(&b2b, input, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_I(i); @@ -3107,7 +3526,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void) if (ret != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_Blake2sUpdate(&b2s, input, i); + ret = wc_Blake2sUpdate(&b2s, input, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_I(i); @@ -3410,31 +3829,26 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void) #endif /* NO_LARGE_HASH_TEST */ #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) - unsigned char data_hb[WC_SHA256_BLOCK_SIZE] = { - 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 - }; + { + WOLFSSL_SMALL_STACK_STATIC const unsigned char + data_hb[WC_SHA256_BLOCK_SIZE] = { + 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 + }; - ret = wc_Sha256HashBlock(&sha, data_hb, hash); - if (ret != 0) { - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); - } - if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) { -{ - for (int ii = 0; ii < WC_SHA256_DIGEST_SIZE; ii++) - fprintf(stderr, " %02x", hash[ii]); - fprintf(stderr, "\n"); - for (int ii = 0; ii < WC_SHA256_DIGEST_SIZE; ii++) - fprintf(stderr, " %02x", b.output[ii]); - fprintf(stderr, "\n"); -} - ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + ret = wc_Sha256HashBlock(&sha, data_hb, hash); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } } #endif @@ -4922,8 +5336,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void) wc_Shake128_Free(&sha); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (large_input != NULL) - XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -5261,8 +5674,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void) wc_Shake256_Free(&sha); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (large_input != NULL) - XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -5560,7 +5972,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) if (ret != BUFFER_E) return WC_TEST_RET_ENC_I(i); } - ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) @@ -5753,16 +6165,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void) { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; wc_test_ret_t ret; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_md5_test"); + /* Following test vectors are from RFC 2202 section 2 */ a.input = "Hi There"; a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" "\x9d"; @@ -5784,9 +6202,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_MD5_DIGEST_SIZE; + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0" + "\xcd"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD5_DIGEST_SIZE; + + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -5817,7 +6243,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); #endif @@ -5838,16 +6264,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) "\x0b\x0b\x0b", "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" }; - testVector a, b, c; - testVector test_hmac[3]; + testVector a, b, c, d; + testVector test_hmac[4]; wc_test_ret_t ret; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha_test"); + /* Following test vectors are from RFC 2202 section 3 */ a.input = "Hi There"; a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" "\x8e\xf1\x46\xbe\x00"; @@ -5869,12 +6301,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA_DIGEST_SIZE; + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b" + "\x55\xed\x40\x21\x12"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; + test_hmac[3] = d; +#if FIPS_VERSION3_GE(6,0,0) + int allowShortKeyWithFips = 1; +#endif for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) +#if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) if (i == 1) continue; /* cavium can't handle short keys, fips not allowed */ #endif @@ -5884,6 +6326,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i])); +#if FIPS_VERSION3_GE(6,0,0) + if (i == 1) { + if (ret != HMAC_MIN_KEYLEN_E) + return WC_TEST_RET_ENC_EC(ret); + /* Now use the ex and allow short keys with FIPS option */ + ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i], + (word32)XSTRLEN(keys[i]), allowShortKeyWithFips); + } +#endif if (ret != 0) return WC_TEST_RET_ENC_EC(ret); ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, @@ -5900,7 +6351,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); #endif @@ -5923,11 +6374,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" }; testVector a, b, c, d; @@ -5937,6 +6392,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha224_test"); + /* Following test vectors are from RFC 4231 section 4 */ a.input = "Hi There"; a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; @@ -5958,9 +6414,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA224_DIGEST_SIZE; - d.input = "Big Key Input"; - d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" - "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e"; d.inLen = XSTRLEN(d.input); d.outLen = WC_SHA224_DIGEST_SIZE; @@ -5996,7 +6451,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); #endif @@ -6021,15 +6476,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void) "\xAA\xAA\xAA", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" }; - testVector a, b, c, d; - testVector test_hmac[4]; + testVector a, b, c, d, e; + testVector test_hmac[5]; wc_test_ret_t ret; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha256_test"); + /* Following test vectors are from RFC 4231 section 4 */ a.input = "Hi There"; a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" @@ -6061,10 +6526,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void) d.inLen = 0; d.outLen = WC_SHA256_DIGEST_SIZE; + e.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7" + "\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3" + "\x7f\x54"; + e.inLen = XSTRLEN(e.input);; + e.outLen = WC_SHA256_DIGEST_SIZE; + test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; test_hmac[3] = d; + test_hmac[4] = e; for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) @@ -6099,11 +6572,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); +#if FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E) +#else if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG) +#endif + { return WC_TEST_RET_ENC_EC(ret); + } #endif if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); @@ -6126,15 +6605,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" }; testVector a, b, c, d; @@ -6144,6 +6623,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha384_test"); + /* Following test vectors are from RFC 4231 section 4 */ a.input = "Hi There"; a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" @@ -6171,11 +6651,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA384_DIGEST_SIZE; - d.input = "Big Key Input"; - d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" - "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" - "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" - "\x57\x41\x69"; + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5" + "\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a" + "\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63" + "\xf4\x49\x52"; d.inLen = XSTRLEN(d.input); d.outLen = WC_SHA384_DIGEST_SIZE; @@ -6211,7 +6691,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); #endif @@ -6234,15 +6714,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) "Jefe", "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" }; testVector a, b, c, d; @@ -6252,6 +6732,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha512_test"); + /* Following test vectors are from RFC 4231 section 4 */ a.input = "Hi There"; a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c" "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1" @@ -6282,12 +6763,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) c.inLen = XSTRLEN(c.input); c.outLen = WC_SHA512_DIGEST_SIZE; - d.input = "Big Key Input"; - d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" - "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" - "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" - "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" - "\x1e\x18\xfe\xfa"; + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8" + "\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8" + "\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d" + "\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98" + "\x5d\x78\x65\x98"; d.inLen = XSTRLEN(d.input); d.outLen = WC_SHA512_DIGEST_SIZE; @@ -6323,7 +6804,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) wc_HmacFree(&hmac); } -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); #endif @@ -6487,7 +6968,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void) ret = wc_HmacFinal(&hmac, hash); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) + if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0) return WC_TEST_RET_ENC_NC; wc_HmacFree(&hmac); @@ -6495,7 +6976,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void) if (i > 0) continue; - #ifndef HAVE_FIPS + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) ret = wc_HmacSizeByType(hashType[j]); if (ret != hashSz[j]) return WC_TEST_RET_ENC_EC(ret); @@ -6905,10 +7386,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); + ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); + ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -7256,8 +7737,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void) if (ret != 0) return ret; - ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , block_size); - ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, block_size); + ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size); + ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size); if (ret != 0) return ret; @@ -7287,27 +7768,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void) return WC_TEST_RET_ENC_EC(ret); for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) { - ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i); + ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i); + ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); } rem = CHACHA_BIG_TEST_SIZE - j; - ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem); + ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem); + ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(i); if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(i); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -8299,7 +8780,8 @@ static const int fiducial1 = WC_TEST_RET_LN; /* source code reference point -- #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \ defined(WOLFSSL_AES_XTS) #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ - && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) /* pass in the function, key, iv, plain text and expected and this function * tests that the encryption and decryption is successful */ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, @@ -8387,8 +8869,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, } EVP_TEST_END: - if (cipher) - XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); (void)cipherSz; if (ctx_inited) { @@ -8403,7 +8884,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, return ret; } -#endif /* OPENSSL_EXTRA */ +#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */ +#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */ #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB @@ -8538,9 +9020,11 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); if (ret != 0) @@ -8766,13 +9250,13 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #ifdef HAVE_AES_DECRYPT - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -9095,22 +9579,22 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (enc_inited) wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT if (dec_inited) wc_AesFree(dec); +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #ifdef HAVE_AES_DECRYPT - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif return ret; } -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) static wc_test_ret_t aescfb1_test(void) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -9152,6 +9636,11 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, { 0xC0 }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] = + { + 0x1C + }; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = { @@ -9252,6 +9741,15 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7); + + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (cipher[0] != cipher1_7bit[0]) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #ifdef OPENSSL_EXTRA ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) @@ -9350,11 +9848,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #ifdef HAVE_AES_DECRYPT - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -9565,11 +10061,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #ifdef HAVE_AES_DECRYPT - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -9712,7 +10206,7 @@ static wc_test_ret_t aes_key_size_test(void) return ret; } -#if defined(WOLFSSL_AES_XTS) +#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ #ifdef WOLFSSL_AES_128 @@ -9727,6 +10221,18 @@ static wc_test_ret_t aes_xts_128_test(void) wc_test_ret_t ret = 0; unsigned char buf[AES_BLOCK_SIZE * 2 + 8]; unsigned char cipher[AES_BLOCK_SIZE * 2 + 8]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif /* 128 key tests */ WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { @@ -9851,7 +10357,34 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(c2, buf, sizeof(c2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -9878,7 +10411,34 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -9902,7 +10462,34 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(cp2, cipher, sizeof(cp2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cp2, buf, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); @@ -9934,7 +10521,27 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(pp, buf, sizeof(pp))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(buf, 0, sizeof(buf)); ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); @@ -9964,10 +10571,30 @@ static wc_test_ret_t aes_xts_128_test(void) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); XMEMSET(buf, 0, sizeof(buf)); ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); @@ -10035,6 +10662,32 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(c3, buf, sizeof(c3))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -10051,21 +10704,745 @@ static wc_test_ret_t aes_xts_128_test(void) if (XMEMCMP(p3, buf, sizeof(p3))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + #endif /* !HAVE_FIPS */ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ !defined(WOLFSSL_AFALG) { - #define LARGE_XTS_SZ 1024 + int i; + int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte* large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + #endif + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } +#endif /* WOLFSSL_AESXTS_STREAM */ + } +#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && + * !WOLFSSL_AFALG + */ + + out: + + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 +static wc_test_ret_t aes_xts_192_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret = 0; + unsigned char buf[AES_BLOCK_SIZE * 2 + 8]; + unsigned char cipher[AES_BLOCK_SIZE * 2 + 8]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif + + /* 192 bit key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, + 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, + 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, + 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, + 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, + 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = { + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4, + 0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = { + 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, + 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, + 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, + 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, + 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, + 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = { + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = { + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = { + 0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa, + 0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2, + 0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb, + 0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = { + 0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79, + 0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac, + 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4 + }; + +#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = { + 0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0, + 0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e, + 0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f, + 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba, + 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde + }; +#endif /* HAVE_FIPS */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + XMEMSET(buf, 0, sizeof(buf)); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cp2, buf, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* fail case with decrypting using wrong key */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* set correct key and retest */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifndef HAVE_FIPS + + /* Test ciphertext stealing in-place. */ + XMEMCPY(buf, p3, sizeof(p3)); + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); #else - byte large_input[LARGE_XTS_SZ]; + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#endif /* !HAVE_FIPS */ + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + { int i; int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (large_input == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); #endif @@ -10106,9 +11483,112 @@ static wc_test_ret_t aes_xts_128_test(void) } } } - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } +#endif /* WOLFSSL_AESXTS_STREAM */ } #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && * !WOLFSSL_AFALG @@ -10116,17 +11596,22 @@ static wc_test_ret_t aes_xts_128_test(void) out: + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + if (aes_inited) wc_AesXtsFree(aes); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (aes) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; } -#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -10141,6 +11626,18 @@ static wc_test_ret_t aes_xts_256_test(void) wc_test_ret_t ret = 0; unsigned char buf[AES_BLOCK_SIZE * 3]; unsigned char cipher[AES_BLOCK_SIZE * 3]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif /* 256 key tests */ WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { @@ -10248,6 +11745,32 @@ static wc_test_ret_t aes_xts_256_test(void) if (XMEMCMP(c2, buf, sizeof(c2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + XMEMSET(buf, 0, sizeof(buf)); ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) @@ -10261,6 +11784,32 @@ static wc_test_ret_t aes_xts_256_test(void) if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); @@ -10300,9 +11849,28 @@ static wc_test_ret_t aes_xts_256_test(void) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + if (XMEMCMP(p1, buf, sizeof(p1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + XMEMSET(buf, 0, sizeof(buf)); ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); if (ret != 0) @@ -10320,14 +11888,180 @@ static wc_test_ret_t aes_xts_256_test(void) if (XMEMCMP(p2, buf, sizeof(p2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + { + int i; + int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + #endif + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += AES_BLOCK_SIZE) { + if ((j - k) < AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } +#endif /* WOLFSSL_AESXTS_STREAM */ + } +#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && + * !WOLFSSL_AFALG + */ + out: + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + if (aes_inited) wc_AesXtsFree(aes); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (aes) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -10631,8 +12365,7 @@ static wc_test_ret_t aes_xts_sector_test(void) wc_AesXtsFree(aes); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (aes) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -10741,8 +12474,7 @@ static wc_test_ret_t aes_xts_args_test(void) wc_AesXtsFree(aes); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (aes) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -10798,6 +12530,8 @@ static wc_test_ret_t aes_cbc_test(void) #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) static wc_test_ret_t aesecb_test(void) { + wc_test_ret_t ret = 0; +#if defined(WOLFSSL_AES_256) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); #else @@ -10812,11 +12546,9 @@ static wc_test_ret_t aesecb_test(void) Aes dec[1]; #endif int dec_inited = 0; - byte plain [AES_BLOCK_SIZE * 4]; + byte plain[AES_BLOCK_SIZE * 4]; #endif /* HAVE_AES_DECRYPT */ - wc_test_ret_t ret = 0; -#if defined(WOLFSSL_AES_256) { WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = { @@ -10858,7 +12590,7 @@ static wc_test_ret_t aesecb_test(void) if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) XMEMSET(cipher, 0, AES_BLOCK_SIZE); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); @@ -10891,6 +12623,7 @@ static wc_test_ret_t aesecb_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif +#ifdef HAVE_AES_DECRYPT XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); if (ret != 0) @@ -10900,7 +12633,7 @@ static wc_test_ret_t aesecb_test(void) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) XMEMSET(plain, 0, AES_BLOCK_SIZE); WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); @@ -10934,6 +12667,7 @@ static wc_test_ret_t aesecb_test(void) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif +#endif /* HAVE_AES_DECRYPT */ } out: @@ -10991,7 +12725,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] = { 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff, @@ -11028,7 +12762,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, @@ -11061,7 +12795,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] = { 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78, @@ -11145,7 +12879,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f, 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] = { 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67, @@ -11178,7 +12912,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] = { 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf, @@ -11262,7 +12996,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f, 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] = { 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0, @@ -11295,7 +13029,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] = { 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c, @@ -11379,7 +13113,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a, 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05 }; -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] = { 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94, @@ -11414,7 +13148,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, - #ifdef WOLFSSL_ARMASM + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), ctr128Wrap128_2CipherLong }, @@ -11456,7 +13190,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), ctr192Wrap128CipherLong }, - #ifdef WOLFSSL_ARMASM + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), ctr192Wrap128_2CipherLong }, @@ -11498,7 +13232,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, - #ifdef WOLFSSL_ARMASM + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), ctr256Wrap128_2CipherLong }, @@ -11533,39 +13267,39 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { - ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz, + ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, testVec[i].iv, AES_ENCRYPTION); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz, + ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz, testVec[i].iv, AES_ENCRYPTION); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } } - ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len); + ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } - ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len); + ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } - if (XMEMCMP(plain, ctrPlain, testVec[i].len)) { + if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM)) - if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) { + if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } #endif } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz, @@ -11642,7 +13376,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) #endif } -#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */ +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ out: @@ -11650,6 +13384,89 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) } #endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_ECB +static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef "; + WOLFSSL_SMALL_STACK_STATIC const byte key_192[] = + "0123456789abcdef01234567 "; + WOLFSSL_SMALL_STACK_STATIC const byte key_256[] = + "0123456789abcdef0123456789abcdef "; + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[AES_BLOCK_SIZE] = { + 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, + 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[AES_BLOCK_SIZE] = { + 0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1, + 0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[AES_BLOCK_SIZE] = { + 0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33, + 0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82 + }; + + int i; + struct { + const byte* key; + int keySz; + const byte* iv; + const byte* verify; + } testVec[] = { + { key_128, 16, iv, verify_ecb_128 }, + { key_192, 24, iv, verify_ecb_192 }, + { key_256, 32, iv, verify_ecb_256 }, + }; + #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + + for (i = 0; i < AES_ECB_TEST_LEN; i++) { + ret = wc_AesSetKey(enc, testVec[i].key, testVec[i].keySz, testVec[i].iv, + AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, testVec[i].key, testVec[i].keySz, testVec[i].iv, + AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); + ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, testVec[i].verify, AES_BLOCK_SIZE)) { + WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!"); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + #ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); + ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + #endif /* HAVE_AES_DECRYPT */ + (void)dec; + (void)plain; + } + +out: + return ret; +} +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) { @@ -11661,7 +13478,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif int enc_inited = 0; byte cipher[AES_BLOCK_SIZE * 4]; -#ifdef HAVE_AES_DECRYPT +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); #else @@ -11669,7 +13486,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif int dec_inited = 0; byte plain [AES_BLOCK_SIZE * 4]; -#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ wc_test_ret_t ret = 0; @@ -11697,15 +13514,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) WOLFSSL_ENTER("aes_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_DIRECT) if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif -#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) @@ -11718,46 +13536,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) dec_inited = 1; #endif +#ifdef HAVE_AES_ECB + ret = aes_ecb_test(enc, dec, cipher, plain); + if (ret != 0) + return ret; +#endif + ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif -#ifdef HAVE_AES_ECB - { - WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[AES_BLOCK_SIZE] = { - 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, - 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 - }; - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE)) { - WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!"); - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - } - #ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif /* HAVE_AES_DECRYPT */ - } -#endif - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -11851,8 +13644,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) if ((bigCipher == NULL) || (bigPlain == NULL)) { - if (bigCipher != NULL) - XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #else @@ -11907,7 +13699,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) break; } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole * message by AES_BLOCK_SIZE for each size of AES key. */ WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); @@ -11956,7 +13748,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) break; } WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); -#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */ +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -12100,6 +13892,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef HAVE_AES_DECRYPT XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); if (ret != 0) @@ -12116,6 +13909,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ @@ -12152,7 +13946,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) wc_AesFree(enc); #endif (void)cipher; -#ifdef HAVE_AES_DECRYPT +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (dec) { if (dec_inited) @@ -12164,7 +13958,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) wc_AesFree(dec); #endif (void)plain; -#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ return ret; @@ -12203,6 +13997,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void) if (ret != 0) return ret; #endif + + #ifdef WOLFSSL_AES_192 + ret = aes_xts_192_test(); + if (ret != 0) + return ret; + #endif + #ifdef WOLFSSL_AES_256 ret = aes_xts_256_test(); if (ret != 0) @@ -12225,6 +14026,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void) #ifdef WOLFSSL_AES_192 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) { + wc_test_ret_t ret = 0; #ifdef HAVE_AES_CBC #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = NULL; @@ -12239,13 +14041,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #else Aes dec[1]; #endif - int dec_inited = 0; byte plain[AES_BLOCK_SIZE]; #endif -#endif /* HAVE_AES_CBC */ - wc_test_ret_t ret = 0; +#ifdef HAVE_AES_DECRYPT + int dec_inited = 0; +#endif -#ifdef HAVE_AES_CBC /* Test vectors from NIST Special Publication 800-38A, 2001 Edition * Appendix F.2.3 */ @@ -12288,8 +14089,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif dec_inited = 1; +#endif ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) @@ -12341,9 +14142,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ if (enc_inited) wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT if (dec_inited) wc_AesFree(dec); #endif +#endif #endif /* HAVE_AES_CBC */ return ret; @@ -12422,14 +14225,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif dec_inited = 1; +#endif - ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION); + ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -12458,7 +14261,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -12533,7 +14336,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif -#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */ +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ out: @@ -12553,9 +14356,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ if (enc_inited) wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT if (dec_inited) wc_AesFree(dec); -#endif +#endif /* HAVE_AES_DECRYPT */ +#endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ #endif /* HAVE_AES_CBC */ return ret; @@ -12606,13 +14411,13 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, else dec_inited = 1; - ret = wc_AesGcmSetKey(enc, key, keySz); + ret = wc_AesGcmSetKey(enc, key, (word32)keySz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz, - resultT, tagSz, aad, aadSz); + ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz, + resultT, (word32)tagSz, aad, aadSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -12625,7 +14430,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, if (XMEMCMP(tag, resultT, tagSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz, resultT, tagSz, aad, aadSz); @@ -12644,12 +14449,12 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, #endif #ifdef HAVE_AES_DECRYPT - ret = wc_AesGcmSetKey(dec, key, keySz); + ret = wc_AesGcmSetKey(dec, key, (word32)keySz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz, - iv, ivSz, resultT, tagSz, aad, aadSz); + ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz, + iv, (word32)ivSz, resultT, tagSz, aad, aadSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -12660,7 +14465,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, ERROR_OUT(WC_TEST_RET_ENC_NC, out); } -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK) +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E); ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz, iv, ivSz, resultT, tagSz, aad, aadSz); @@ -12838,14 +14643,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) 0xba, 0x63, 0x7b, 0x39 }; -#if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192) WOLFSSL_SMALL_STACK_STATIC const byte a[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; -#endif #ifdef WOLFSSL_AES_256 #ifdef HAVE_RENESAS_SYNC @@ -12861,12 +14664,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) }; int k1Sz = (int)sizeof(k1); #endif +#endif /* WOLFSSL_AES_256 */ WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; -#endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192) WOLFSSL_SMALL_STACK_STATIC const byte c1[] = @@ -12992,14 +14795,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) byte resultC[sizeof(p) + AES_BLOCK_SIZE]; wc_test_ret_t ret = 0; -#ifdef WOLFSSL_AES_256 - #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC)) int alen; - #endif - #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) int plen; - #endif -#endif #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) byte buf[sizeof(p) + AES_BLOCK_SIZE]; byte bufA[sizeof(a) + 1]; @@ -13016,6 +14813,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + (void)alen; + (void)plen; + if ((! large_input) || (! large_output) || (! large_outdec)) ERROR_OUT(MEMORY_E, out); @@ -13050,7 +14850,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef WOLFSSL_AES_256 - ret = wc_AesGcmSetKey(enc, k1, k1Sz); + ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -13070,7 +14870,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif #ifdef HAVE_AES_DECRYPT - ret = wc_AesGcmSetKey(dec, k1, k1Sz); + ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -13216,7 +15016,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) for (plen=1; plenasyncDev, WC_ASYNC_FLAG_NONE); @@ -13226,7 +15026,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #ifdef HAVE_AES_DECRYPT ret = wc_AesGcmDecrypt(dec, large_outdec, large_output, - plen, iv1, sizeof(iv1), resultT, + (word32)plen, iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); @@ -13295,8 +15095,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) /* Large buffer test */ #ifdef BENCH_AESGCM_LARGE - wc_AesGcmSetKey(enc, k2, k3Sz); - wc_AesGcmSetKey(dec, k2, k3Sz); + wc_AesGcmSetKey(enc, k2, (word32)sizeof(k2)); + wc_AesGcmSetKey(dec, k2, (word32)sizeof(k2)); /* setup test buffer */ for (alen=0; alen alen) len = alen; - ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len); + ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -13546,7 +15346,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) for (plen = 0; plen < (int)sizeof(p); plen += alen) { int len = sizeof(p) - plen; if (len > alen) len = alen; - ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len, + ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len, NULL, 0); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -13570,7 +15370,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) for (plen = 0; plen < (int)sizeof(a); plen += alen) { int len = sizeof(a) - plen; if (len > alen) len = alen; - ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len); + ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -13578,7 +15378,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) for (plen = 0; plen < (int)sizeof(c1); plen += alen) { int len = sizeof(c1) - plen; if (len > alen) len = alen; - ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len, + ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len, NULL, 0); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -13630,20 +15430,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ !defined(WOLFSSL_NO_MALLOC) - if (large_input) - XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (large_output) - XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (large_outdec) - XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -13847,6 +15642,7 @@ static wc_test_ret_t aesccm_256_test(void) ret = WC_TEST_RET_ENC_NC; } +#ifdef HAVE_AES_DECRYPT if (ret == 0) { /* decrypt inline */ ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output), @@ -13860,6 +15656,7 @@ static wc_test_ret_t aesccm_256_test(void) XMEMCMP(output, in_plaintext, sizeof(output))) { ret = WC_TEST_RET_ENC_NC; } +#endif wc_AesFree(aes); @@ -14000,6 +15797,7 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(t, t2, sizeof(t2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef HAVE_AES_DECRYPT ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a)); if (ret != 0) @@ -14019,6 +15817,7 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(c2, 0, sizeof(c2)); if (XMEMCMP(p2, c2, sizeof(p2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif wc_AesFree(enc); XMEMSET(enc, 0, sizeof(Aes)); /* clear context */ @@ -14077,12 +15876,14 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(tl, tl2, sizeof(tl2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef HAVE_AES_DECRYPT ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv), tl2, sizeof(tl2), a, sizeof(a)); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(pl, pl2, sizeof(pl2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* test empty message as null input or output with nonzero inSz. */ ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */, @@ -14095,6 +15896,7 @@ static wc_test_ret_t aesccm_128_test(void) a, sizeof(a)); if (ret != BAD_FUNC_ARG) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */, iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, sizeof(a)); @@ -14105,6 +15907,7 @@ static wc_test_ret_t aesccm_128_test(void) sizeof(a)); if (ret != BAD_FUNC_ARG) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* test empty message as null input and output with zero inSz -- * must either succeed, or fail early with BAD_FUNC_ARG. @@ -14118,11 +15921,13 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef HAVE_AES_DECRYPT ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */, iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, sizeof(a)); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif } /* test empty message as zero-length string -- must work. */ @@ -14134,11 +15939,13 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#ifdef HAVE_AES_DECRYPT ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, sizeof(a)); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif wc_AesFree(enc); @@ -14280,18 +16087,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void) XMEMSET(ciphertext, 0, sizeof(ciphertext)); len = sizeof(authtag); - ret = wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length, + ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length, ciphertext, - vectors[i].msg, vectors[i].msg_length, - vectors[i].iv, vectors[i].iv_length, - authtag, len, - vectors[i].aad, vectors[i].aad_length); + vectors[i].msg, (word32)vectors[i].msg_length, + vectors[i].iv, (word32)vectors[i].iv_length, + authtag, (word32)len, + vectors[i].aad, (word32)vectors[i].aad_length); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } /* check ciphertext matches vector */ - if (XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length)) { + if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) { return WC_TEST_RET_ENC_NC; } @@ -14306,18 +16113,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void) XMEMSET(ciphertext, 0, sizeof(ciphertext)); - ret = wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length, + ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length, ciphertext, - vectors[i].ct, vectors[i].ct_length, - vectors[i].iv, vectors[i].iv_length, - authtag, len, - vectors[i].aad, vectors[i].aad_length); + vectors[i].ct, (word32)vectors[i].ct_length, + vectors[i].iv, (word32)vectors[i].iv_length, + authtag, (word32)len, + vectors[i].aad, (word32)vectors[i].aad_length); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } /* check decrypted ciphertext matches vector plaintext */ - if (XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length)) { + if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) { return WC_TEST_RET_ENC_NC; } @@ -14520,7 +16327,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void) return WC_TEST_RET_ENC_NC; plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, - output, wrapSz, + output, (word32)wrapSz, plain, sizeof(plain), NULL); if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) @@ -15269,7 +17076,7 @@ static int sm4_ccm_test(void) ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID); if (ret != 0) - return -6720; + return WC_TEST_RET_ENC_EC(ret); /* Encrypt and decrypt using encrypt with CCM. */ ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); @@ -15452,12 +17259,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) { out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (chacha) - XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER); - if (buf1) - XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (buf2) - XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER); + XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -15548,10 +17352,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) { out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (buf1 != NULL) - XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (buf2 != NULL) - XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -15934,7 +17736,7 @@ static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ) ret = in[j]; /* The big test: can we actually access the `in` data? */ } else { - ret = -1; + ret = WC_TEST_RET_ENC_I(j); } return ret; @@ -15960,27 +17762,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef WOLFSSL_STATIC_MEMORY /* check macro settings */ - if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) { + return WC_TEST_RET_ENC_NC; + } + + if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) { return WC_TEST_RET_ENC_NC; } - if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) { return WC_TEST_RET_ENC_NC; } - for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) { if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { /* each element in array should be divisible by alignment size */ return WC_TEST_RET_ENC_NC; } } - for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { + for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) { if (size[i - 1] >= size[i]) { return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */ } } +#ifndef WOLFSSL_STATIC_MEMORY_LEAN /* check that padding size returned is possible */ if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */ @@ -16045,7 +17852,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) return WC_TEST_RET_ENC_NC; /* should round to 0 since struct + bucket will not fit */ } +#endif + (void)pad; (void)dist; /* avoid static analysis warning of variable not used */ #endif @@ -16079,11 +17888,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) b = c; } #endif - if (b) - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((b == NULL) + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL #ifndef WOLFSSL_NO_REALLOC - || (c == NULL) + || c == NULL #endif ) { return WC_TEST_RET_ENC_ERRNO; @@ -16237,7 +18045,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif static const char* certBadOid = CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der"; -#ifndef WOLFSSL_NO_ASN_STRICT +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) static const char* certBadUtf8 = CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der"; #endif @@ -16485,8 +18293,7 @@ static wc_test_ret_t cert_asn1_test(void) ret = 0; done: - if (badCert != NULL) - XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -16542,7 +18349,7 @@ static wc_test_ret_t cert_bad_asn1_test(void) /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */ ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E); } -#ifndef WOLFSSL_NO_ASN_STRICT +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) if (ret == 0) { /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set. */ @@ -17746,7 +19553,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); - digestSz = wc_HashGetDigestSize(hash[j]); + digestSz = (word32)wc_HashGetDigestSize(hash[j]); #ifdef WOLFSSL_SE050 /* SE050 only supports MGF matched to same hash type */ @@ -17833,7 +19640,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) /* SE050 generates salts internally only of hash length */ #ifndef WOLFSSL_SE050 /* Test that a salt length of zero works. */ - digestSz = wc_HashGetDigestSize(hash[0]); + digestSz = (word32)wc_HashGetDigestSize(hash[0]); outSz = RSA_TEST_BYTES; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -17919,7 +19726,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); /* Test bad salt lengths in various APIs. */ - digestSz = wc_HashGetDigestSize(hash[0]); + digestSz = (word32)wc_HashGetDigestSize(hash[0]); outSz = RSA_TEST_BYTES; #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER len = -2; @@ -18000,9 +19807,9 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) if (ret != PSS_SALTLEN_E) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); #ifndef WOLFSSL_PSS_LONG_SALT - len = digestSz + 1; + len = (int)(digestSz + 1); #else - len = plainSz - digestSz - 1; + len = (int)(plainSz - digestSz - 1); #endif #if defined(HAVE_SELFTEST) && \ (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) @@ -18134,7 +19941,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void) } #ifndef WOLFSSL_RSA_VERIFY_ONLY - inLen = wc_RsaEncryptSize(key); + inLen = (word32)wc_RsaEncryptSize(key); outSz = inLen; plainSz = inLen; XMEMSET(tmp, 7, inLen); @@ -18196,7 +20003,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng, + ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng, WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); } } while (ret == WC_PENDING_E); @@ -18212,7 +20019,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key, + ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key, WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); } } while (ret == WC_PENDING_E); @@ -18558,7 +20365,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, if (ret < 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); } - certSz = (word32)ret; + certSz = (int)ret; #ifdef WOLFSSL_TEST_CERT InitDecodedCert(decode, der, certSz, HEAP_HINT); @@ -18718,7 +20525,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, } while (ret == WC_PENDING_E); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); - certSz = (word32)ret; + certSz = (int)ret; #ifdef WOLFSSL_TEST_CERT InitDecodedCert(decode, der, certSz, HEAP_HINT); @@ -18744,8 +20551,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #ifdef WOLFSSL_TEST_CERT - if (decode != NULL) - XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #else wc_FreeRsaKey(caKey); @@ -18947,7 +20753,7 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) } while (ret == WC_PENDING_E); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); - certSz = (word32)ret; + certSz = (int)ret; #ifdef WOLFSSL_TEST_CERT InitDecodedCert(decode, der, certSz, 0); @@ -18981,8 +20787,7 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #ifdef WOLFSSL_TEST_CERT - if (decode != NULL) - XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #else wc_FreeRsaKey(caKey); @@ -19084,7 +20889,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) #ifndef WOLFSSL_CRYPTOCELL idx = 0; /* The private key part of the key gen pairs from cryptocell can't be exported */ - ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz); + ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif /* WOLFSSL_CRYPTOCELL */ @@ -19101,10 +20906,8 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) #endif #ifndef WOLFSSL_NO_MALLOC - if (der != NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; #endif return ret; @@ -20025,7 +21828,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) } while (ret == WC_PENDING_E); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); - derSz = (word32)ret; + derSz = (int)ret; ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, CERTREQ_TYPE); @@ -20086,8 +21889,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) } #endif #ifdef WOLFSSL_TEST_CERT - if (cert != NULL) - XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -20436,6 +22238,11 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + /* should fail since modSz is 16 and group size is 20 */ + ret = wc_DhGenerateParams(rng, 128, smallKey); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateParams(rng, 2056, smallKey); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); @@ -20457,8 +22264,7 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng) wc_FreeDhKey(smallKey); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (smallKey != NULL) - XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -20697,18 +22503,12 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \ !defined(WC_NO_RNG) - if (priv) - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub) - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv2) - XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub2) - XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (agree) - XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (agree2) - XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key) { wc_FreeDhKey(key); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -21131,20 +22931,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void) wc_FreeDhKey(key2); XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (tmp) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv) - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub) - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv2) - XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub2) - XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (agree) - XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (agree2) - XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else if (keyInit) wc_FreeDhKey(key); @@ -21312,7 +23105,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void) derIn_inited = 1; idx = 0; - ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz); + ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -21321,13 +23114,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void) out: #ifdef WOLFSSL_KEY_GEN - if (der) - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (tmp) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (key) { if (key_inited) wc_FreeDsaKey(key); @@ -21518,14 +23309,10 @@ static wc_test_ret_t srp_test_digest(SrpType dgstType) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) out: - if (cli) - XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (srv) - XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (clientProof) - XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (serverProof) - XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return r; @@ -22532,9 +24319,19 @@ static wc_test_ret_t openssl_aes_test(void) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) { wc_test_ret_t ret; - EVP_MD_CTX md_ctx; +#ifdef WOLFSSL_SMALL_STACK + EVP_MD_CTX *md_ctx = (EVP_MD_CTX *)XMALLOC(sizeof(EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL); +#else + EVP_MD_CTX md_ctx[1]; +#endif testVector a, b, c, d, e, f; byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */ + +#ifdef WOLFSSL_SMALL_STACK + if (md_ctx == NULL) + return WC_TEST_RET_ENC_EC(MEMORY_E); +#endif + WOLFSSL_ENTER("openssl_test"); a.inLen = 0; @@ -22568,15 +24365,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) a.inLen = XSTRLEN(a.input); a.outLen = WC_MD5_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_md5()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_md5()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); + ret = EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen); } if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS) return WC_TEST_RET_ENC_NC; if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) @@ -22592,14 +24389,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) b.inLen = XSTRLEN(b.input); b.outLen = WC_SHA_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha1()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha1()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); + ret = EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS) return WC_TEST_RET_ENC_NC; if (XMEMCMP(hash, b.output, b.outLen) != 0) @@ -22614,14 +24411,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) e.inLen = XSTRLEN(e.input); e.outLen = WC_SHA224_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha224()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha224()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22635,14 +24432,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) d.inLen = XSTRLEN(d.input); d.outLen = WC_SHA256_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha256()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha256()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22658,14 +24455,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) e.inLen = XSTRLEN(e.input); e.outLen = WC_SHA384_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha384()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha384()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22682,14 +24479,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) f.inLen = XSTRLEN(f.input); f.outLen = WC_SHA512_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha512()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha512()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22704,14 +24501,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) f.inLen = XSTRLEN(f.input); f.outLen = WC_SHA512_224_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha512_224()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha512_224()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22727,14 +24524,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) f.inLen = XSTRLEN(f.input); f.outLen = WC_SHA512_256_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha512_256()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha512_256()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22750,14 +24547,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) e.inLen = XSTRLEN(e.input); e.outLen = WC_SHA3_224_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha3_224()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha3_224()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22772,14 +24569,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) d.inLen = XSTRLEN(d.input); d.outLen = WC_SHA3_256_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha3_256()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha3_256()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22794,14 +24591,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) e.inLen = XSTRLEN(e.input); e.outLen = WC_SHA3_384_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha3_384()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha3_384()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -22817,14 +24614,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) f.inLen = XSTRLEN(f.input); f.outLen = WC_SHA3_512_DIGEST_SIZE; - EVP_MD_CTX_init(&md_ctx); - ret = EVP_DigestInit(&md_ctx, EVP_sha3_512()); + EVP_MD_CTX_init(md_ctx); + ret = EVP_DigestInit(md_ctx, EVP_sha3_512()); if (ret == WOLFSSL_SUCCESS) { - ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + ret = EVP_DigestFinal(md_ctx, hash, 0); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(md_ctx); if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; @@ -22832,6 +24629,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) #endif /* WOLFSSL_NOSHA3_512 */ #endif /* WOLFSSL_SHA3 */ +#ifdef WOLFSSL_SMALL_STACK + XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL); + md_ctx = NULL; +#endif + #ifndef WC_NO_RNG if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS) return WC_TEST_RET_ENC_NC; @@ -24196,7 +25998,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void) #endif XMEMSET(cipher, 0, RSA_TEST_BYTES); - outlen = keyLenBits/8; + outlen = (size_t)(keyLenBits/8); if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { ret = WC_TEST_RET_ENC_EC(ret); goto openssl_pkey1_test_done; @@ -24226,12 +26028,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (cipher != NULL) - XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (plain != NULL) - XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #endif @@ -24559,7 +26358,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void) #endif #ifdef HAVE_PKCS12 -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00 }; @@ -24586,7 +26385,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) int kLen = 24; int iterations = 1; wc_test_ret_t ret; - WOLFSSL_ENTER("pkcs12_test"); + WOLFSSL_ENTER("pkcs12_pbkdf_test"); ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations, kLen, WC_SHA256, id); @@ -24618,7 +26417,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void) { char passwd[] = "passwordpassword"; - WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, + 0x5d, 0x63, 0xcb, 0x06 }; int iterations = 2048; int kLen = 24; byte derived[64]; @@ -24635,7 +26435,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void) salt, (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId); if (ret != 0) - return ret; + return WC_TEST_RET_ENC_EC(ret); if (XMEMCMP(derived, verify, sizeof(verify)) != 0) return WC_TEST_RET_ENC_NC; @@ -24691,7 +26491,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void) return ret; #endif #ifdef HAVE_PKCS12 - ret = pkcs12_test(); + ret = pkcs12_pbkdf_test(); if (ret != 0) return ret; #endif @@ -24705,6 +26505,110 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void) #endif /* NO_PWDBASED */ +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) +{ + wc_test_ret_t ret = 0; + WC_PKCS12* pkcs12 = NULL; + /* Gen vars */ + byte* pkcs12der = NULL; + int pkcs12derSz = 0; + WC_DerCertList derCaList = { + (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL + }; + char* pass = (char*)"wolfSSL test"; + /* Parsing vars */ + WC_DerCertList* derCaListOut = NULL; + byte* keyDer = NULL; + byte* certDer = NULL; + word32 keySz; + word32 certSz; + + WOLFSSL_ENTER("pkcs12_test"); + + pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass), + (char*)"friendlyName" /* not used currently */, + (byte*)server_key_der_2048, sizeof_server_key_der_2048, + (byte*)server_cert_der_2048, sizeof_server_cert_der_2048, + &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100, + 0 /* not used currently */, HEAP_HINT); + if (pkcs12 == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz); + if (ret != LENGTH_ONLY_E) { + if (ret == 0) + ret = WC_TEST_RET_ENC_NC; + else + ret = WC_TEST_RET_ENC_I(ret); + goto out; + } + + pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS); + if (pkcs12der == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + { + /* Use tmp pointer to avoid advancing pkcs12der */ + byte* tmp = pkcs12der; + ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz); + if (ret <= 0) { + if (ret == 0) + ret = WC_TEST_RET_ENC_NC; + else + ret = WC_TEST_RET_ENC_I(ret); + goto out; + } + } + + wc_PKCS12_free(pkcs12); + pkcs12 = wc_PKCS12_new_ex(HEAP_HINT); + if (pkcs12 == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + /* convert the DER file into an internal structure */ + ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + + /* parse the internal structure into its parts */ + ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz, + &certDer, &certSz, &derCaListOut); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) { + ret = WC_TEST_RET_ENC_NC; + goto out; + } + +out: + + if (derCaListOut) + wc_FreeCertList(derCaListOut, HEAP_HINT); + XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + if (pkcs12) + wc_PKCS12_free(pkcs12); + XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS); + + return ret; +} +#endif + + #if defined(HAVE_HKDF) && !defined(NO_HMAC) #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ @@ -24769,7 +26673,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) #ifndef NO_SHA ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, - okm1, L); + okm1, (word32)L); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -24780,7 +26684,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) /* fips can't have key size under 14 bytes, salt is key too */ L = (int)sizeof(okm1); ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), - info1, (word32)sizeof(info1), okm1, L); + info1, (word32)sizeof(info1), okm1, (word32)L); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -24791,7 +26695,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) #ifndef NO_SHA256 ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, - okm1, L); + okm1, (word32)L); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -24801,7 +26705,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), - salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, L); + salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -24978,6 +26882,113 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void) #endif /* WOLFSSL_WOLFSSH */ +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +#define DIGL 12 +#define SECL 48 +#define LBSL 63 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void) +{ + int ret; + byte dig[DIGL] = {0}; + byte secret[SECL] = { + 0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, + 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, + 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, + 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, + 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, + 0x9d, 0xfc, 0x47 + }; + byte lablSd[LBSL] = { + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, + 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, + 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, + 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, + 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, + 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, + 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43 + }; + byte expected[DIGL] = { + 0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a, + 0xbe, 0xda, 0xc1, 0xf6 + }; + int digL = DIGL; + int secL = SECL; + int lblsdL = LBSL; + int hash_type = sha384_mac; + + ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type, + HEAP_HINT, INVALID_DEVID); + if (ret != 0) { + printf("Failed w/ code: %d\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(expected, dig, DIGL) != 0) { + printf("Got unexpected digest\n"); + return WC_TEST_RET_ENC_NC; + } + + return 0; +} +#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */ + +#ifdef WOLFSSL_HAVE_PRF +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#ifdef WOLFSSL_BASE16 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void) +{ + const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089" + "4E6C2E6C34A165B24540E2970875D641" + "2AA6515871B389B4C199BB8389C71CED"; + const char* helloRandom = "162B81EDFBEAE4F25240320B87E7651C" + "865564191DD782DB0B9ECA275FBA1BB9" + "5A1DA3DF436D68DA86C5E7B4B4A36E46" + "B977C61767983A31BE270D74517BD0F6"; + const char* masterSecret = "EB38B8D89B98B1C266DE44BB3CA14E83" + "C32F009F9955B1D994E61D3C51EE8760" + "90B4EF89CC7AF42F46E72201BFCC7977"; + const char* label = "master secret"; + + byte pms[48] = {0}; + byte seed[64] = {0}; + byte ms[48] = {0}; + byte result[48] = {0}; + + word32 pmsSz = (word32)sizeof(pms); + word32 seedSz = (word32)sizeof(seed); + word32 msSz = (word32)sizeof(ms); + int ret; + + ret = Base16_Decode((const byte*)preMasterSecret, + (word32)XSTRLEN(preMasterSecret), pms, &pmsSz); + if (ret != 0) + return ret; + ret = Base16_Decode((const byte*)helloRandom, + (word32)XSTRLEN(helloRandom), seed, &seedSz); + if (ret != 0) + return ret; + ret = Base16_Decode((const byte*)masterSecret, + (word32)XSTRLEN(masterSecret), ms, &msSz); + if (ret != 0) + return ret; + + ret = wc_PRF_TLS(result, msSz, pms, pmsSz, + (const byte*)label, (word32)XSTRLEN(label), seed, seedSz, + 1, sha256_mac, NULL, INVALID_DEVID); + if (ret != 0) { + if (ret == FIPS_PRIVATE_KEY_LOCKED_E) { + printf(" wc_PRF_TLSv12: Private key locked.\n"); + } + return WC_TEST_RET_ENC_NC; + } + + if (XMEMCMP(result, ms, msSz) != 0) + return WC_TEST_RET_ENC_NC; + return 0; +} +#endif /* WOLFSSL_BASE16 */ +#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF */ #ifdef WOLFSSL_TLS13 @@ -25551,7 +27562,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void) hashAlgSz = wc_HashGetDigestSize(tv->hashAlg); if (hashAlgSz == BAD_FUNC_ARG) break; - ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, hashAlgSz); + ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Extract(secret, NULL, 0, @@ -25559,105 +27570,105 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void) tv->pskSz, tv->hashAlg); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel), - tv->hashHello1, hashAlgSz, tv->hashAlg); + tv->hashHello1, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel), - tv->hashHello1, hashAlgSz, tv->hashAlg); + tv->hashHello1, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), - hashZero, hashAlgSz, tv->hashAlg); + hashZero, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; - ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz, + ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe, tv->dheSz, tv->hashAlg); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel), - tv->hashHello2, hashAlgSz, tv->hashAlg); + tv->hashHello2, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->clientHandshakeTrafficSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel), - tv->hashHello2, hashAlgSz, tv->hashAlg); + tv->hashHello2, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), - hashZero, hashAlgSz, tv->hashAlg); + hashZero, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; - ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz, - zeroes, hashAlgSz, tv->hashAlg); + ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, + zeroes, (word32)(word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel), - tv->hashFinished1, hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel), - tv->hashFinished1, hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel), - tv->hashFinished1, hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz); if (ret != 0) break; - ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz, - secret, hashAlgSz, + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel), - tv->hashFinished2, hashAlgSz, tv->hashAlg); + tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz); @@ -25820,7 +27831,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void) #endif /* HAVE_X963_KDF */ -#if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ defined(HAVE_AESGCM) static wc_test_ret_t hpke_test_single(Hpke* hpke) @@ -25905,6 +27917,31 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke) ret = WC_TEST_RET_ENC_NC; } + /* Negative test case with NULL argument */ + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng); + if (ret != BAD_FUNC_ARG) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng); + if (ret != BAD_FUNC_ARG) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL); + if (ret != BAD_FUNC_ARG) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + if (ephemeralKey != NULL) wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap); @@ -25912,8 +27949,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke) wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap); #ifdef WOLFSSL_SMALL_STACK - if (pubKey != NULL) - XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif if (rngRet == 0) @@ -25977,7 +28013,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) #if defined(HAVE_CURVE25519) /* test with curve25519 and aes256 */ ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, - HPKE_AES_256_GCM, NULL); + HPKE_AES_256_GCM, NULL); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -25988,8 +28024,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) return ret; #endif + +#if defined(HAVE_CURVE448) && \ + (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) + /* test with curve448 and aes256 */ + ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512, + HPKE_AES_256_GCM, NULL); + + /* HPKE does not support X448 yet, so expect failure */ + if (ret != BAD_FUNC_ARG) + return WC_TEST_RET_ENC_EC(ret); + + ret = hpke_test_single(hpke); + + /* HPKE does not support X448 yet, so expect failure */ + if (WC_TEST_RET_DEC_EC(ret) != BAD_FUNC_ARG) + return ret; + ret = 0; /* reset error code */ +#endif + + /* TODO: HPKE chacha20 is not implemented */ + return ret; -/* x448 and chacha20 are unimplemented */ } #endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */ @@ -26189,6 +28245,61 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void) 0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46, 0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6 }; + + /* SRTCP w/ 48-bit idx - KDR 0 (-1) */ + WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = { + 0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D, + 0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = { + 0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF, + 0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = { + 0x00, 0x00, 0x08, 0x56, 0xBC, 0x39 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = { + 0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F, + 0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = { + 0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB, + 0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75, + 0x81, 0x2A, 0xE2, 0xCB + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = { + 0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79, + 0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03 + }; + + /* SRTCP w/ 48-bit idx - KDR 19 */ + WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = { + 0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC, + 0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = { + 0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69, + 0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = { + 0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = { + 0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92, + 0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = { + 0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15, + 0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5, + 0xB7, 0x44, 0x54, 0xBD + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = { + 0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65, + 0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7 + }; + int kdr_48_1 = -1; + int kdr_48_2 = 19; + #define SRTP_TV_CNT 4 Srtp_Kdf_Tv tv[SRTP_TV_CNT] = { { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1, @@ -26423,6 +28534,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void) return WC_TEST_RET_ENC_NC; for (i = 0; i < 32; i++) { word32 kdr = 1U << i; + + /* SRTCP w/ 48-bit IDX, 128-bit key test */ + if (i == 0) { + ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1), + ms48_1, (word32)sizeof(ms48_1), + kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz, + keyA, tv[i].kaSz, keyS, tv[i].ksSz, + WC_SRTCP_48BIT_IDX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2), + ms48_2, (word32)sizeof(ms48_2), + kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz, + keyA, tv[i].kaSz, keyS, tv[i].ksSz, + WC_SRTCP_48BIT_IDX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + } idx = wc_SRTP_KDF_kdr_to_idx(kdr); if (idx != i) return WC_TEST_RET_ENC_NC; @@ -26484,12 +28626,10 @@ typedef struct eccVector { const char* curveName; word32 msgLen; word32 keySize; -#ifndef NO_ASN const byte* r; word32 rSz; const byte* s; word32 sSz; -#endif } eccVector; #if !defined(WOLF_CRYPTO_CB_ONLY_ECC) @@ -26541,13 +28681,14 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) if (ret != 0) goto done; +#if !defined(NO_ASN) XMEMSET(sig, 0, ECC_SIG_SIZE); sigSz = ECC_SIG_SIZE; ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); if (ret != 0) goto done; -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_SELFTEST) XMEMSET(sigRaw, 0, ECC_SIG_SIZE); sigRawSz = ECC_SIG_SIZE; ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, @@ -26567,7 +28708,17 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) ret = WC_TEST_RET_ENC_NC; goto done; } -#endif +#endif /* !HAVE_SELFTEST */ +#else + /* Signature will be R+S directly */ + /* Make sure and zero pad if r or s is less than key size */ + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = vector->keySize * 2; + XMEMCPY(sig + (vector->keySize - vector->rSz), + vector->r, vector->rSz); + XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz), + vector->s, vector->sSz); +#endif /* !NO_ASN */ #ifdef HAVE_ECC_VERIFY do { @@ -26655,14 +28806,12 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; vec.curveName = "SECP192R1"; - #ifndef NO_ASN vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; vec.rSz = 24; vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; vec.sSz = 24; - #endif break; #endif /* HAVE_ECC192 */ @@ -26691,7 +28840,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; vec.curveName = "SECP224R1"; - #ifndef NO_ASN vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" "\xbc\x16\x71\xa7"; @@ -26700,7 +28848,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" "\x6a\xf3\xad\x5b"; vec.sSz = 28; - #endif break; #endif /* HAVE_ECC224 */ @@ -26733,7 +28880,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; - #ifndef NO_ASN vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; @@ -26742,7 +28888,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; vec.sSz = 32; - #endif vec.curveName = "SECP256R1"; break; #endif /* !NO_ECC256 */ @@ -26777,7 +28922,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; vec.curveName = "SECP384R1"; - #ifndef NO_ASN vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" @@ -26788,7 +28932,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; vec.sSz = 48; - #endif break; #endif /* HAVE_ECC384 */ @@ -26822,7 +28965,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; vec.curveName = "SECP521R1"; - #ifndef NO_ASN vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78" "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b" "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f" @@ -26837,7 +28979,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c" "\x3d\x22\xf2\x48\x0c"; vec.sSz = 65; - #endif break; #endif /* HAVE_ECC521 */ default: @@ -26853,10 +28994,74 @@ static wc_test_ret_t ecc_test_vector(int keySize) } #endif /* WOLF_CRYPTO_CB_ONLY_ECC */ -#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ - defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \ - && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3)) -#if defined(HAVE_ECC256) +#if defined(HAVE_ECC_SIGN) && \ + (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + +static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key, + enum wc_HashType hashType, const char* msg, WC_RNG* rng, const byte* expSig, + size_t expSigSz) +{ + wc_test_ret_t ret; + int verify; + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigSz; + unsigned char hash[WC_MAX_DIGEST_SIZE]; + + ret = wc_Hash(hashType, + (byte*)msg, (word32)XSTRLEN(msg), + hash, sizeof(hash)); + if (ret != 0) { + goto done; + } + + /* Sign test */ + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType), + sig, &sigSz, rng, key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + /* Compare test vector */ + if (sigSz != expSigSz) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + if (XMEMCMP(sig, expSig, sigSz) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + + /* Verificiation */ + verify = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, + hash, wc_HashGetDigestSize(hashType), &verify, key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + if (verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +done: + return ret; +} + static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) { wc_test_ret_t ret; @@ -26866,27 +29071,61 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) ecc_key key[1]; #endif int key_inited = 0; - byte sig[72]; - word32 sigSz; - WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; - unsigned char hash[32]; + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"; WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6"; WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299"; - WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = { - 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B, - 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD, - 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, - 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E, - 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00, - 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41, - 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65, - 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06, - 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8 +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const byte expSig256[] = { + 0x30, 0x46, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, + 0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81, + 0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, + 0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37, + 0x16, + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x00, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, + 0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, + 0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, + 0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, + 0xA8 + }; +#endif +#ifdef WOLFSSL_SHA384 + WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = { + 0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x0e, 0xaf, 0xea, 0x03, 0x9b, 0x20, 0xe9, 0xb4, + 0x23, 0x09, 0xfb, 0x1d, 0x89, 0xe2, 0x13, 0x05, + 0x7c, 0xbf, 0x97, 0x3d, 0xc0, 0xcf, 0xc8, 0xf1, + 0x29, 0xed, 0xdd, 0xc8, 0x00, 0xef, 0x77, 0x19, + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x48, 0x61, 0xf0, 0x49, 0x1e, 0x69, 0x98, 0xb9, + 0x45, 0x51, 0x93, 0xe3, 0x4e, 0x7b, 0x0d, 0x28, + 0x4d, 0xdd, 0x71, 0x49, 0xa7, 0x4b, 0x95, 0xb9, + 0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54 + }; +#endif +#ifdef WOLFSSL_SHA512 + WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = { + 0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x00, 0x84, 0x96, 0xa6, 0x0b, 0x5e, 0x9b, 0x47, + 0xc8, 0x25, 0x48, 0x88, 0x27, 0xe0, 0x49, 0x5b, + 0x0e, 0x3f, 0xa1, 0x09, 0xec, 0x45, 0x68, 0xfd, + 0x3f, 0x8d, 0x10, 0x97, 0x67, 0x8e, 0xb9, 0x7f, + 0x00, + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x23, 0x62, 0xab, 0x1a, 0xdb, 0xe2, 0xb8, 0xad, + 0xf9, 0xcb, 0x9e, 0xda, 0xb7, 0x40, 0xea, 0x60, + 0x49, 0xc0, 0x28, 0x11, 0x4f, 0x24, 0x60, 0xf9, + 0x65, 0x54, 0xf6, 0x1f, 0xae, 0x33, 0x02, 0xfe }; +#endif #ifdef WOLFSSL_SMALL_STACK key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -26904,51 +29143,37 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, - (word32)XSTRLEN((const char*)msg), hash, sizeof(hash)); - if (ret != 0) { - goto done; - } - ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); - } while (ret == WC_PENDING_E); +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng, + expSig256, sizeof(expSig256)); if (ret != 0) { goto done; } - TEST_SLEEP(); +#endif /* !NO_SHA256 */ - if (sigSz != sizeof(expSig)) { - ret = WC_TEST_RET_ENC_NC; - goto done; - } - if (XMEMCMP(sig, expSig, sigSz) != 0) { - ret = WC_TEST_RET_ENC_NC; +#ifdef WOLFSSL_SHA384 + /* Test for SHA2-384 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng, + expSig384, sizeof(expSig384)); + if (ret != 0) { goto done; } +#endif /* WOLFSSL_SHA384 */ - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); - } while (ret == WC_PENDING_E); +#ifdef WOLFSSL_SHA512 + /* Test for SHA2-512 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng, + expSig512, sizeof(expSig512)); if (ret != 0) { goto done; } - TEST_SLEEP(); +#endif /* WOLFSSL_SHA512 */ done: if (key_inited) @@ -26958,10 +29183,59 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) #endif return ret; } -#endif +#endif /* NO_ECC256 || HAVE_ALL_CURVES */ + #ifdef WOLFSSL_PUBLIC_MP -#if defined(HAVE_ECC384) + +static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key, + enum wc_HashType hashType, const char* msg, WC_RNG* rng, + mp_int* r, mp_int* s, + mp_int* expR, mp_int* expS) +{ + wc_test_ret_t ret; + unsigned char hash[WC_MAX_DIGEST_SIZE]; + int verify; + + ret = wc_Hash(hashType, + (byte*)msg, (word32)XSTRLEN(msg), + hash, sizeof(hash)); + if (ret != 0) { + goto done; + } + + ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key, + r, s); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* Verificiation */ + verify = 0; + ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType), + &verify, key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + goto done; + } + if (verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +done: + return ret; +} + +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 /* KAT from RFC6979 */ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) { @@ -26973,9 +29247,10 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) ecc_key key[1]; mp_int r[1], s[1], expR[1], expS[1]; #endif - int key_inited = 0; - WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; - unsigned char hash[32]; + int key_inited = 0, + tmp_mp_ints_inited = 0; + + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8" "96D5724E4C70A825F872C9EA60D2EDF5"; @@ -26985,12 +29260,30 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1" "288B231C3AE0D4FE7344FD2533264720"; - WOLFSSL_SMALL_STACK_STATIC const char* expRstr = +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 = "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33" "BDE1E888E63355D92FA2B3C36D8FB2CD"; - WOLFSSL_SMALL_STACK_STATIC const char* expSstr = + WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 = "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" "EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; +#endif +#ifdef WOLFSSL_SHA384 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = + "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C" + "81A648152E44ACF96E36DD1E80FABE46"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 = + "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F" + "A329C145786E679E7B82C71A38628AC8"; +#endif +#ifdef WOLFSSL_SHA512 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = + "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C" + "FE30F35CC900056D7C99CD7882433709"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 = + "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112" + "DC7CC3EF3446DEFCEB01A45C2667FDD5"; +#endif #ifdef WOLFSSL_SMALL_STACK key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -27014,6 +29307,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) if (ret != MP_OKAY) { goto done; } + tmp_mp_ints_inited = 1; ret = wc_ecc_init_ex(key, HEAP_HINT, devId); if (ret != 0) { goto done; @@ -27025,56 +29319,66 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, - (word32)XSTRLEN((const char*)msg), hash, sizeof(hash)); + ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } - ret = wc_ecc_set_deterministic(key, 1); +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + mp_read_radix(expR, expRstr256, MP_RADIX_HEX); + mp_read_radix(expS, expSstr256, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, + r, s, expR, expS); if (ret != 0) { goto done; } +#endif /* NO_SHA256 */ - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s); - } while (ret == WC_PENDING_E); +#ifdef WOLFSSL_SHA384 + /* Test for SHA2-384 */ + mp_read_radix(expR, expRstr384, MP_RADIX_HEX); + mp_read_radix(expS, expSstr384, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, + r, s, expR, expS); if (ret != 0) { goto done; } - TEST_SLEEP(); +#endif /* WOLFSSL_SHA384 */ - mp_read_radix(expR, expRstr, MP_RADIX_HEX); - mp_read_radix(expS, expSstr, MP_RADIX_HEX); - if (mp_cmp(r, expR) != MP_EQ) { - ret = WC_TEST_RET_ENC_NC; +#ifdef WOLFSSL_SHA512 + /* Test for SHA2-512 */ + mp_read_radix(expR, expRstr512, MP_RADIX_HEX); + mp_read_radix(expS, expSstr512, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, + r, s, expR, expS); + if (ret != 0) { + goto done; } +#endif /* WOLFSSL_SHA512 */ done: if (key_inited) wc_ecc_free(key); + if (tmp_mp_ints_inited) { + mp_free(r); + mp_free(s); + mp_free(expR); + mp_free(expS); + } #ifdef WOLFSSL_SMALL_STACK - if (key != NULL) - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (r != NULL) - XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (s != NULL) - XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (expR != NULL) - XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (expS != NULL) - XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } #endif /* HAVE_ECC384 */ -#if defined(HAVE_ECC521) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 /* KAT from RFC6979 */ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) { @@ -27086,10 +29390,9 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) ecc_key key[1]; mp_int r[1], s[1], expR[1], expS[1]; #endif - int key_inited = 0; - WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; - unsigned char hash[32]; - + int key_inited = 0, + tmp_mp_ints_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C" "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83" @@ -27102,14 +29405,36 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2" "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF" "CF5"; - WOLFSSL_SMALL_STACK_STATIC const char* expRstr = +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 = "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659" "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E" "1A7"; - WOLFSSL_SMALL_STACK_STATIC const char* expSstr = + WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 = "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916" "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" "CFC"; +#endif +#ifdef WOLFSSL_SHA384 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = + "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4" + "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67" + "451"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 = + "1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5" + "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65" + "D61"; +#endif +#ifdef WOLFSSL_SHA512 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = + "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1" + "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37" + "7FA"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 = + "0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2" + "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A" + "67A"; +#endif #ifdef WOLFSSL_SMALL_STACK key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -27133,6 +29458,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) if (ret != MP_OKAY) { goto done; } + tmp_mp_ints_inited = 1; ret = wc_ecc_init_ex(key, HEAP_HINT, devId); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); @@ -27144,49 +29470,59 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, - (word32)XSTRLEN((const char*)msg), hash, sizeof(hash)); + ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } - ret = wc_ecc_set_deterministic(key, 1); +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + mp_read_radix(expR, expRstr256, MP_RADIX_HEX); + mp_read_radix(expS, expSstr256, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, + r, s, expR, expS); if (ret != 0) { goto done; } +#endif /* NO_SHA256 */ - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s); - } while (ret == WC_PENDING_E); +#ifdef WOLFSSL_SHA384 + /* Test for SHA2-384 */ + mp_read_radix(expR, expRstr384, MP_RADIX_HEX); + mp_read_radix(expS, expSstr384, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, + r, s, expR, expS); if (ret != 0) { goto done; } - TEST_SLEEP(); +#endif /* WOLFSSL_SHA384 */ - mp_read_radix(expR, expRstr, MP_RADIX_HEX); - mp_read_radix(expS, expSstr, MP_RADIX_HEX); - if (mp_cmp(r, expR) != MP_EQ) { - ret = WC_TEST_RET_ENC_NC; +#ifdef WOLFSSL_SHA512 + /* Test for SHA2-512 */ + mp_read_radix(expR, expRstr512, MP_RADIX_HEX); + mp_read_radix(expS, expSstr512, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, + r, s, expR, expS); + if (ret != 0) { + goto done; } +#endif /* WOLFSSL_SHA512 */ done: if (key_inited) wc_ecc_free(key); + if (tmp_mp_ints_inited) { + mp_free(r); + mp_free(s); + mp_free(expR); + mp_free(expS); + } #ifdef WOLFSSL_SMALL_STACK - if (key != NULL) - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (r != NULL) - XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (s != NULL) - XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (expR != NULL) - XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (expS != NULL) - XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -27195,7 +29531,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) #endif /* WOLFSSL_PUBLIC_MP */ #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K || WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) - && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */ + && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */ #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ @@ -27430,6 +29766,15 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #ifdef HAVE_ECC_VERIFY int verify = 0; #endif +#ifdef NO_ASN + /* private d for eccKeyDerFile / ecc_key_der_256 */ + const byte keyPriv[] = { + 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, + 0xA1, 0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, + 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C, + 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C + }; +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if ((key == NULL) || @@ -27484,6 +29829,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_NC, done); } +#ifndef NO_ASN x = 0; ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz); if (ret != 0) @@ -27509,6 +29855,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) } #endif /* HAVE_ECC_KEY_EXPORT */ +#else + /* Load raw private d directly */ + ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key); +#endif /* !NO_ASN */ ret = wc_ecc_make_pub(NULL, NULL); if (ret == 0) { @@ -27528,7 +29878,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#endif +#endif /* !WOLFSSL_CRYPTOCELL */ TEST_SLEEP(); #ifdef HAVE_ECC_KEY_EXPORT @@ -27671,13 +30021,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) - if (pub != NULL) - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (exportBuf != NULL) - XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else wc_ecc_free(key); #endif @@ -27756,8 +30103,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) wc_ecc_free(eccKey); XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (tmpBuf != NULL) - XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else wc_ecc_free(eccKey); #endif @@ -27861,8 +30207,7 @@ static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) done: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (der != NULL) - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (userA != NULL) { wc_ecc_free(userA); XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -28337,6 +30682,15 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) wc_test_ret_t ret; WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize); +#if FIPS_VERSION3_GE(6,0,0) + #ifdef DEBUG_WOLFSSL + printf("keySize is %d\n", keySize); + #endif + if (keySize < WC_ECC_FIPS_GEN_MIN) { + goto skip_A; + } +#endif + ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id, NULL); if (ret < 0) { @@ -28352,7 +30706,9 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) } } #ifndef WOLF_CRYPTO_CB_ONLY_ECC - +#if FIPS_VERSION3_GE(6,0,0) + skip_A: +#endif #ifdef HAVE_ECC_VECTOR_TEST ret = ecc_test_vector(keySize); if (ret < 0) { @@ -28361,6 +30717,12 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) } #endif +#if FIPS_VERSION3_GE(6,0,0) + if (keySize < WC_ECC_FIPS_GEN_MIN) { + goto skip_B; + } +#endif + #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) ret = ecc_test_key_decode(rng, keySize); @@ -28387,6 +30749,9 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) } } #endif +#if FIPS_VERSION3_GE(6,0,0) + skip_B: +#endif #endif /* WOLF_CRYPTO_CB_ONLY_ECC */ return 0; } @@ -28832,6 +31197,9 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1) ecc_key key2[1]; ecc_key key3[1]; #endif +#ifdef WOLFSSL_PUBLIC_MP + mp_int* priv; +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if ((key2 == NULL) || (key3 == NULL)) @@ -28866,6 +31234,26 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1) goto done; } +#ifdef WOLFSSL_PUBLIC_MP + priv = wc_ecc_key_get_priv(key1); + mp_zero(priv); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey, + wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3), + 1); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (mp_cmp_d(key3->pubkey.z, 1) != MP_EQ) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } +#endif + done: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -28945,7 +31333,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) #else ecc_key key[1]; #endif -#if !defined(NO_ECC_SECP) && \ +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) word32 idx = 0; @@ -28998,7 +31386,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) (void)rng; #endif /* !WC_NO_RNG */ -#if !defined(NO_ECC_SECP) && \ +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) /* Use test ECC key - ensure real private "d" exists */ @@ -29052,9 +31440,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) wc_ecc_free(key); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (key != NULL) { - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -29380,21 +31766,19 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng) #ifdef WOLFSSL_SM2 #ifdef HAVE_ECC_VERIFY #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES) - #ifdef WOLFSSL_SM2 - #ifdef HAVE_OID_ENCODING - #define CODED_SM2P256V1 {1,2,156,10197,1,301} - #define CODED_SM2P256V1_SZ 6 - #else - #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D} - #define CODED_SM2P256V1_SZ 10 - #endif - #ifndef WOLFSSL_ECC_CURVE_STATIC - static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1; - #else - #define ecc_oid_sm2p256v1 CODED_SM2P256V1 - #endif - #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ - #endif /* WOLFSSL_SM2 */ + #ifdef HAVE_OID_ENCODING + #define CODED_SM2P256V1 {1,2,156,10197,1,301} + #define CODED_SM2P256V1_SZ 6 + #else + #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D} + #define CODED_SM2P256V1_SZ 10 + #endif + #ifndef WOLFSSL_ECC_CURVE_STATIC + static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1; + #else + #define ecc_oid_sm2p256v1 CODED_SM2P256V1 + #endif + #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ #define ECC_SM2P256V1_TEST 102 static int test_sm2_verify_caseA2(void) { @@ -29571,9 +31955,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); int i; -#ifdef HAVE_ECC_VERIFY int verify; -#endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_SIGN */ int ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -29769,7 +32151,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#ifdef HAVE_ECC_VERIFY for (i = 0; i < testVerifyCount; i++) { verify = 0; ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, @@ -29779,7 +32160,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) if (verify != 1) ERROR_OUT(WC_TEST_RET_ENC_NC, done); } -#endif /* HAVE_ECC_VERIFY */ #endif /* ECC_SHAMIR */ /* test DSA sign hash with sequence (0,1,2,3,4,...) */ @@ -29792,7 +32172,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#ifdef HAVE_ECC_VERIFY for (i = 0; i < testVerifyCount; i++) { verify = 0; ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, @@ -29802,7 +32181,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) if (verify != 1) ERROR_OUT(WC_TEST_RET_ENC_NC, done); } -#endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_SIGN */ #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */ @@ -29858,6 +32236,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) static int test_sm2_create_digest(void) { +#ifndef WOLFSSL_SM3 const byte msg[] = "message to sign"; const byte id[] = "0123456789"; const byte badId[] = "0123556789"; @@ -29877,7 +32256,32 @@ static int test_sm2_create_digest(void) "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805"; const char d[] = "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a"; + int hash_type = WC_HASH_TYPE_SHA256; byte digest[WC_SHA256_DIGEST_SIZE]; +#else + ecc_key key; + int ret; + const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, + 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x00 }; + const byte id[] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x00 }; + const byte badId[] = "0123556789"; + const char qx[] = + "09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020"; + const char qy[] = + "CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13"; + const char d[] = + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8"; + byte expected[] = { + 0xf0, 0xb4, 0x3e, 0x94, 0xba, 0x45, 0xac, 0xca, + 0xac, 0xe6, 0x92, 0xed, 0x53, 0x43, 0x82, 0xeb, + 0x17, 0xe6, 0xab, 0x5a, 0x19, 0xce, 0x7b, 0x31, + 0xf4, 0x48, 0x6f, 0xdf, 0xc0, 0xd2, 0x86, 0x40 + }; + int hash_type = WC_HASH_TYPE_SM3; + byte digest[WC_SM3_DIGEST_SIZE]; +#endif ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); if (ret != 0) @@ -29888,8 +32292,8 @@ static int test_sm2_create_digest(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id), - msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest, - WC_SHA256_DIGEST_SIZE, &key); + msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest), + &key); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -29897,8 +32301,8 @@ static int test_sm2_create_digest(void) ERROR_OUT(WC_TEST_RET_ENC_NC, done); ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId), - msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest, - WC_SHA256_DIGEST_SIZE, &key); + msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest), + &key); if (ret != 0) goto done; @@ -30131,7 +32535,7 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) } while (ret == WC_PENDING_E); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); - certSz = (word32)ret; + certSz = (int)ret; TEST_SLEEP(); #ifdef WOLFSSL_TEST_CERT @@ -30157,11 +32561,9 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (myCert != NULL) - XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_TEST_CERT - if (decode != NULL) - XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif if (caEccKey != NULL) { wc_ecc_free(caEccKey); @@ -30635,9 +33037,7 @@ static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz, sigSz, curveSz, curveId); } - if (sig != NULL) { - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE); - } + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE); return ret; } @@ -30803,11 +33203,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) } #endif /* HAVE_ECC160 */ #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 +#if !FIPS_VERSION3_GE(6,0,0) ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF); if (ret < 0) { printf("keySize=24, Default\n"); goto done; } +#endif #endif /* HAVE_ECC192 */ #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF); @@ -30912,25 +33314,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) } #endif -#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ - defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \ - && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3)) - #ifdef HAVE_ECC256 +#if defined(HAVE_ECC_SIGN) && \ + (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) + + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 ret = ecc_test_deterministic_k(&rng); if (ret != 0) { printf("ecc_test_deterministic_k failed!\n"); goto done; } #endif + #ifdef WOLFSSL_PUBLIC_MP - #if defined(HAVE_ECC384) + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 ret = ecc384_test_deterministic_k(&rng); if (ret != 0) { printf("ecc384_test_deterministic_k failed!\n"); goto done; } #endif - #if defined(HAVE_ECC521) + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 521 ret = ecc521_test_deterministic_k(&rng); if (ret != 0) { printf("ecc512_test_deterministic_k failed!\n"); @@ -31349,13 +33756,9 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) wc_ecc_free(userA); #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (userB != NULL) { - XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_ECIES_OLD - if (userA != NULL) { - XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #endif @@ -32198,11 +34601,11 @@ static wc_test_ret_t curve25519_check_public_test(void) for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) { if (i == CURVE25519_KEYSIZE) continue; - if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) != + if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) != ECC_BAD_ARG_E) { return WC_TEST_RET_ENC_I(i); } - if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) != + if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) != ECC_BAD_ARG_E) { return WC_TEST_RET_ENC_I(i); } @@ -32631,8 +35034,7 @@ static wc_test_ret_t ed25519_test_cert(void) #endif /* HAVE_ED25519_VERIFY */ done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef HAVE_ED25519_VERIFY wc_ed25519_free(pubKey); #endif /* HAVE_ED25519_VERIFY */ @@ -32705,14 +35107,95 @@ static wc_test_ret_t ed25519_test_make_cert(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ed25519_free(privKey); wc_FreeRng(&rng); return ret; } #endif /* WOLFSSL_TEST_CERT */ +#if defined(HAVE_ED25519_KEY_IMPORT) +static wc_test_ret_t ed25519_test_check_key(void) +{ + /* Fails to find x-ordinate from this y-ordinate. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = { + 0x40, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + }; + /* Y-ordinate value larger than prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + /* Y-ordinate value equal to prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = { + 0x40, + 0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + /* Y-ordinate value equal to prime - 1. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = { + 0x40, + 0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + ed25519_key key; + int ret; + int res = 0; + + /* Initialize key for use. */ + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1, + &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1, + &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load good public key only and perform checks. */ + ret = wc_ed25519_import_public(key_y_is_p_minus_1, + ED25519_PUB_KEY_SIZE + 1, &key); + if (ret != 0) { + res = WC_TEST_RET_ENC_NC; + } + } + + /* Dispose of key. */ + wc_ed25519_free(&key); + + return res; +} +#endif + #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ defined(HAVE_ED25519_KEY_IMPORT) static wc_test_ret_t ed25519ctx_test(void) @@ -33384,8 +35867,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* helper functions for signature and key size */ - keySz = wc_ed25519_size(&key); - sigSz = wc_ed25519_sig_size(&key); + keySz = (word32)wc_ed25519_size(&key); + sigSz = (word32)wc_ed25519_sig_size(&key); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ defined(HAVE_ED25519_KEY_IMPORT) @@ -33462,6 +35945,79 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* HAVE_ED25519_VERIFY */ } + { + /* Run tests for some rare code paths */ + /* sig is exactly equal to the order */ + static const byte rareEd1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + /* sig is larger than the order before we get to the low part */ + static const byte rareEd2[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10 + }; + /* sig is larger than the order in the low part */ + static const byte rareEd3[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + /* sig is smaller than the order */ + static const byte rareEd4[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + + ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, + pKeys[0], pKeySz[0], &key); + if (ret != 0) + return ret; + + ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], + &verify, &key); + if (ret != BAD_FUNC_ARG) + return ret; + + ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], + &verify, &key); + if (ret != BAD_FUNC_ARG) + return ret; + + ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], + &verify, &key); + if (ret != BAD_FUNC_ARG) + return ret; + + ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], + &verify, &key); + if (ret != SIG_VERIFY_E) + return ret; + } + ret = ed25519ctx_test(); if (ret != 0) return ret; @@ -33546,6 +36102,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) (void)keySz; (void)sigSz; + ret = ed25519_test_check_key(); + if (ret < 0) + return ret; #ifdef WOLFSSL_TEST_CERT ret = ed25519_test_cert(); if (ret < 0) @@ -33645,11 +36204,11 @@ static wc_test_ret_t curve448_check_public_test(void) for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) { if (i == CURVE448_KEY_SIZE) continue; - if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) != + if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) != ECC_BAD_ARG_E) { return WC_TEST_RET_ENC_I(i); } - if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) != + if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) != ECC_BAD_ARG_E) { return WC_TEST_RET_ENC_I(i); } @@ -33989,8 +36548,7 @@ static wc_test_ret_t ed448_test_cert(void) #endif /* HAVE_ED448_VERIFY */ done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef HAVE_ED448_VERIFY wc_ed448_free(pubKey); #endif /* HAVE_ED448_VERIFY */ @@ -34063,14 +36621,111 @@ static wc_test_ret_t ed448_test_make_cert(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ed448_free(privKey); wc_FreeRng(&rng); return ret; } #endif /* WOLFSSL_TEST_CERT */ +#if defined(HAVE_ED448_KEY_IMPORT) +static wc_test_ret_t ed448_test_check_key(void) +{ + /* Fails to find x-ordinate from this y-ordinate. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = { + 0x40, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00 + }; + /* Y-ordinate value larger than prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + /* Y-ordinate value equal to prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + /* Y-ordinate value equal to prime - 1. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = { + 0x40, + 0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + ed448_key key; + int ret; + int res = 0; + + /* Initialize key for use. */ + ret = wc_ed448_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != PUBLIC_KEY_E) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load good public key only and perform checks. */ + ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != 0) { + res = WC_TEST_RET_ENC_NC; + } + } + + /* Dispose of key. */ + wc_ed448_free(&key); + + return res; +} +#endif + #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ defined(HAVE_ED448_KEY_IMPORT) static wc_test_ret_t ed448_ctx_test(void) @@ -34622,7 +37277,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; #define SIGSZ sizeof(sig1) - PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { }; + PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { 0 }; WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 }; WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, 0x81, 0x1e, 0x29, 0x15 }; @@ -34861,8 +37516,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); /* helper functions for signature and key size */ - keySz = wc_ed448_size(key); - sigSz = wc_ed448_sig_size(key); + keySz = (word32)wc_ed448_size(key); + sigSz = (word32)wc_ed448_sig_size(key); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ defined(HAVE_ED448_KEY_IMPORT) @@ -35069,6 +37724,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) (void)keySz; (void)sigSz; + ret = ed448_test_check_key(); + if (ret < 0) + return ret; #ifdef WOLFSSL_TEST_CERT ret = ed448_test_cert(); if (ret < 0) @@ -35089,14 +37747,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) #ifdef WOLFSSL_KYBER512 static wc_test_ret_t kyber512_kat(void) { - KyberKey key; wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key = NULL; + byte *priv = NULL; + byte *pub = NULL; + byte *ct = NULL; + byte *ss = NULL; + byte *ss_dec = NULL; +#else + KyberKey key[1]; byte priv[KYBER512_PRIVATE_KEY_SIZE]; byte pub[KYBER512_PUBLIC_KEY_SIZE]; byte ct[KYBER512_CIPHER_TEXT_SIZE]; byte ss[KYBER_SS_SZ]; byte ss_dec[KYBER_SS_SZ]; - const byte kyber512_rand[] = { +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = { 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, @@ -35106,13 +37774,13 @@ static wc_test_ret_t kyber512_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber512enc_rand[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = { 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 }; - const byte kyber512_pk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB, 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05, 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA, @@ -35214,7 +37882,7 @@ static wc_test_ret_t kyber512_kat(void) 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 }; - const byte kyber512_sk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64, 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE, 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33, @@ -35420,7 +38088,8 @@ static wc_test_ret_t kyber512_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber512_ct[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { +#ifndef WOLFSSL_ML_KEM 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D, 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA, 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9, @@ -35517,72 +38186,219 @@ static wc_test_ret_t kyber512_kat(void) 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23, 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81, 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D - }; - const byte kyber512_ss[] = { +#else + 0x75, 0x49, 0x99, 0x8d, 0x46, 0x9e, 0x2e, 0x47, + 0x90, 0x02, 0x30, 0x5b, 0x09, 0xb4, 0x4d, 0xba, + 0xdb, 0xc2, 0x45, 0x7f, 0xfd, 0x31, 0x25, 0xf6, + 0xd3, 0x1b, 0x0f, 0x27, 0xb8, 0x03, 0xd5, 0x81, + 0x07, 0x1c, 0x1d, 0xc6, 0x18, 0x11, 0x96, 0xfe, + 0x76, 0xdf, 0x78, 0xde, 0x20, 0xdd, 0xa6, 0x09, + 0xcf, 0x1b, 0x7c, 0xb7, 0xa3, 0x52, 0xc4, 0xdd, + 0x9c, 0x2c, 0xfc, 0x18, 0x80, 0x1f, 0x03, 0x6f, + 0xe4, 0x0f, 0x8f, 0x7e, 0x6f, 0x3d, 0xd7, 0x3f, + 0x38, 0x71, 0x30, 0xbe, 0x38, 0x7b, 0x17, 0x13, + 0x41, 0x8f, 0x83, 0xd9, 0x3d, 0xc7, 0xf8, 0x07, + 0x4a, 0x03, 0x24, 0x55, 0xc4, 0x6f, 0x85, 0x7c, + 0x6b, 0x6b, 0x35, 0x42, 0x9c, 0x79, 0x00, 0x65, + 0x42, 0x0d, 0x74, 0x22, 0x52, 0xee, 0x53, 0xf5, + 0x3f, 0x6e, 0x64, 0xa9, 0xb7, 0x8a, 0x49, 0xbc, + 0x29, 0xb8, 0xce, 0x84, 0x83, 0x1a, 0x01, 0xc3, + 0x42, 0x9e, 0x34, 0x69, 0x60, 0xdc, 0x55, 0x95, + 0x26, 0xd9, 0x78, 0x53, 0xc3, 0x66, 0x31, 0xb4, + 0x77, 0x32, 0x85, 0xfa, 0xfe, 0x8e, 0x3c, 0xa4, + 0x25, 0x5a, 0x87, 0x23, 0xae, 0x4f, 0x02, 0xdd, + 0xd8, 0x5a, 0x47, 0x81, 0xb9, 0xf4, 0x18, 0x6d, + 0x67, 0xa8, 0x3b, 0x5d, 0x9e, 0xdd, 0xc3, 0xae, + 0x7c, 0xd4, 0x09, 0x6c, 0x33, 0xf4, 0xd9, 0x7f, + 0xe0, 0x20, 0x30, 0xec, 0xb6, 0xa1, 0xa8, 0xad, + 0x9b, 0x19, 0xd3, 0xeb, 0x32, 0xf1, 0xb8, 0xf2, + 0x71, 0xb3, 0x03, 0x53, 0xe9, 0xe1, 0x9d, 0xd1, + 0x83, 0xf0, 0x6b, 0x54, 0xc3, 0xcb, 0x02, 0xef, + 0x16, 0x62, 0x82, 0x75, 0x2a, 0xa1, 0x1c, 0x81, + 0x58, 0xe4, 0x8b, 0xbc, 0x68, 0x30, 0x17, 0x1c, + 0xa7, 0xdd, 0xb7, 0x5a, 0x35, 0xe4, 0x6c, 0x35, + 0x32, 0x1a, 0xbe, 0x6a, 0x74, 0x20, 0x32, 0xc7, + 0x72, 0xa1, 0x6b, 0x3d, 0x1c, 0xdd, 0xfc, 0x6f, + 0x28, 0x01, 0xe2, 0xb8, 0x17, 0x30, 0x2d, 0xbc, + 0x94, 0xf3, 0x33, 0xc0, 0xcb, 0x91, 0xe1, 0xce, + 0xbd, 0x5e, 0xc6, 0x1e, 0x49, 0xfa, 0x5a, 0x14, + 0xaa, 0xa3, 0x93, 0x75, 0x5f, 0xc3, 0xe6, 0xf4, + 0xb8, 0xc5, 0xc4, 0xfa, 0x4b, 0xaa, 0x07, 0xa0, + 0x8c, 0x4f, 0x33, 0x94, 0x62, 0x63, 0x58, 0xa1, + 0x5e, 0x69, 0x0e, 0xe1, 0xe4, 0x82, 0x9b, 0x11, + 0x1c, 0x17, 0x24, 0x1a, 0xee, 0x37, 0xd5, 0xc8, + 0x32, 0xf4, 0x84, 0x76, 0x88, 0xfe, 0x5b, 0x5d, + 0x1b, 0x19, 0xe8, 0xe0, 0x4d, 0x9d, 0x19, 0x37, + 0x00, 0x19, 0x87, 0xf3, 0xb4, 0xb8, 0x35, 0x49, + 0xc3, 0xe5, 0x30, 0xe4, 0x11, 0x9d, 0x16, 0x4b, + 0x20, 0xef, 0x9d, 0x3a, 0x72, 0xf7, 0x4c, 0x04, + 0x4a, 0x97, 0x45, 0x91, 0x22, 0x8b, 0x41, 0xe6, + 0x80, 0xec, 0x56, 0x40, 0xa9, 0x72, 0x34, 0xc2, + 0xc6, 0x01, 0x7c, 0x95, 0xe9, 0x1b, 0xe2, 0xbd, + 0x49, 0x85, 0x47, 0xd5, 0x7a, 0x52, 0x22, 0xb8, + 0x16, 0x2a, 0x35, 0x46, 0x65, 0x6d, 0x59, 0x98, + 0x0d, 0x51, 0xaf, 0x59, 0x5b, 0xf5, 0xf2, 0x3a, + 0x63, 0x2f, 0x6d, 0x85, 0x44, 0xb8, 0x10, 0x74, + 0xae, 0xd3, 0x4c, 0x03, 0x52, 0xba, 0x56, 0x0d, + 0xea, 0xfb, 0x07, 0x44, 0x1a, 0x55, 0xa9, 0x37, + 0x63, 0x42, 0xe5, 0x0a, 0x0e, 0xc2, 0x53, 0x72, + 0x28, 0x25, 0x5a, 0x4b, 0x5d, 0x03, 0xc9, 0x29, + 0x57, 0xf4, 0xea, 0x35, 0x07, 0xb4, 0xba, 0xad, + 0xce, 0x53, 0xcc, 0xdf, 0xb7, 0x36, 0x4f, 0xfc, + 0x18, 0x17, 0xb5, 0x8c, 0x50, 0xef, 0x28, 0xe3, + 0x22, 0xe1, 0xb9, 0x45, 0xe0, 0xeb, 0x9b, 0x12, + 0x33, 0x97, 0x5c, 0x30, 0xa5, 0x54, 0x53, 0x68, + 0x68, 0x27, 0x14, 0xbf, 0x50, 0x2b, 0x61, 0xe1, + 0xd0, 0x45, 0x7a, 0x97, 0x53, 0xe1, 0x0d, 0xe0, + 0xf1, 0xbf, 0x35, 0xec, 0x3a, 0x3f, 0x47, 0x0a, + 0x3c, 0x69, 0xcc, 0xb0, 0x4d, 0x2d, 0x98, 0xfa, + 0xb3, 0xa0, 0xb6, 0x72, 0x9a, 0x98, 0x75, 0xe1, + 0xdb, 0x53, 0x3c, 0x96, 0xb4, 0x1e, 0x3d, 0x98, + 0x62, 0x8a, 0x6f, 0x8c, 0xf6, 0x68, 0x40, 0x6c, + 0x5f, 0x03, 0x8e, 0x6b, 0x7b, 0x24, 0x2f, 0xdf, + 0x86, 0xa7, 0xf1, 0xe6, 0x97, 0xae, 0xb1, 0x36, + 0x11, 0x41, 0x67, 0xb1, 0x3f, 0x89, 0xf2, 0x31, + 0xbc, 0xec, 0x7a, 0x41, 0x66, 0xb3, 0x9e, 0xab, + 0x4a, 0x37, 0x09, 0x23, 0x78, 0x22, 0x05, 0x0c, + 0x49, 0xc9, 0x25, 0x95, 0xa2, 0x37, 0xf2, 0xeb, + 0x48, 0x3b, 0x9e, 0x1d, 0xd6, 0x12, 0x4b, 0xed, + 0x5e, 0xb9, 0xb7, 0xb5, 0x12, 0x12, 0x96, 0x37, + 0x6b, 0x7d, 0x20, 0x14, 0xa7, 0x75, 0x60, 0xca, + 0x65, 0x83, 0x3d, 0x8b, 0xeb, 0x4d, 0x6a, 0xe6, + 0x8e, 0xfd, 0x7a, 0x11, 0xac, 0xc7, 0xde, 0x87, + 0xd8, 0x2b, 0xe1, 0xad, 0x57, 0x3a, 0xe9, 0xf6, + 0xf0, 0x76, 0x6f, 0xd7, 0x86, 0x38, 0x7d, 0x1a, + 0x8c, 0x12, 0xd1, 0xc8, 0xa2, 0x96, 0xb4, 0xf7, + 0x26, 0x34, 0xf7, 0x05, 0x77, 0x68, 0x88, 0x48, + 0xe5, 0x76, 0x85, 0x1f, 0x13, 0xbe, 0x48, 0xdf, + 0x33, 0x5d, 0x4a, 0xcd, 0x89, 0x79, 0x3a, 0x6c, + 0x6c, 0x06, 0x55, 0xfc, 0x39, 0xbc, 0x9e, 0x1e, + 0x27, 0xb4, 0xa5, 0x00, 0xf7, 0x08, 0xcd, 0x4a, + 0x9f, 0x2e, 0xc6, 0x72, 0xba, 0x5b, 0xf8, 0xad, + 0x23, 0x99, 0x8d, 0x4c, 0x0c, 0x95, 0x8f, 0x29, + 0x0f, 0x2a, 0x6c, 0x4e, 0x6c, 0xd8, 0xc0, 0xcd, + 0xc8, 0x5f, 0x57, 0x16, 0xec, 0x98, 0xa4, 0xc8, + 0x99, 0x5d, 0x37, 0x8c, 0xc6, 0xe2, 0xa1, 0xe8, + 0xb8, 0x28, 0x00, 0xdd, 0xf0, 0x3b, 0x32, 0x26, + 0xa2, 0xe7, 0x81, 0x77, 0x71, 0xe5, 0x09, 0xb4, + 0x95, 0x5e, 0xe2, 0xbe, 0xd4, 0x21, 0x7b, 0xdf, + 0x06, 0x30, 0xb5, 0x84, 0x0f, 0x25, 0x24, 0xab +#endif + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { +#ifndef WOLFSSL_ML_KEM 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C, 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC, 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02, 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F +#else + 0xc6, 0x08, 0x77, 0x70, 0x86, 0xed, 0x9f, 0xfd, + 0xf9, 0x2c, 0xd4, 0xf1, 0xc9, 0x99, 0xae, 0xdd, + 0x0b, 0x42, 0xe5, 0xe8, 0xef, 0x67, 0x32, 0xf4, + 0x11, 0x12, 0x46, 0x48, 0x1e, 0x26, 0x04, 0x63 +#endif }; - ret = wc_KyberKey_Init(KYBER512, &key, HEAP_HINT, INVALID_DEVID); +#ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if (! (key && priv && pub && ct && ss && ss_dec)) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; - ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber512_rand, + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand, sizeof(kyber512_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub)); + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv)); + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber512enc_rand, + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand, sizeof(kyber512enc_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber512_ct)); + ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - wc_KyberKey_Free(&key); +out: - return 0; + if (key_inited) + wc_KyberKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* WOLFSSL_KYBER512 */ #ifdef WOLFSSL_KYBER768 static wc_test_ret_t kyber768_kat(void) { - KyberKey key; wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key = NULL; + byte *priv = NULL; + byte *pub = NULL; + byte *ct = NULL; + byte *ss = NULL; + byte *ss_dec = NULL; +#else + KyberKey key[1]; byte priv[KYBER768_PRIVATE_KEY_SIZE]; byte pub[KYBER768_PUBLIC_KEY_SIZE]; byte ct[KYBER768_CIPHER_TEXT_SIZE]; byte ss[KYBER_SS_SZ]; byte ss_dec[KYBER_SS_SZ]; - const byte kyber768_rand[] = { +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = { 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, @@ -35592,14 +38408,14 @@ static wc_test_ret_t kyber768_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber768enc_rand[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = { 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 }; - const byte kyber768_pk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8, 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D, 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E, @@ -35749,7 +38565,7 @@ static wc_test_ret_t kyber768_kat(void) 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 }; - const byte kyber768_sk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, @@ -36051,7 +38867,8 @@ static wc_test_ret_t kyber768_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber768_ct[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { +#ifndef WOLFSSL_ML_KEM 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9, 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67, 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A, @@ -36188,72 +39005,259 @@ static wc_test_ret_t kyber768_kat(void) 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10, 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D, 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69 - }; - const byte kyber768_ss[] = { +#else + 0xa4, 0x13, 0xbe, 0x81, 0x04, 0x72, 0x59, 0x20, + 0x24, 0x01, 0xee, 0x35, 0x98, 0x9d, 0x25, 0xa3, + 0x85, 0x6c, 0xd1, 0xc0, 0x26, 0x0c, 0xe2, 0x39, + 0x1d, 0xe3, 0x23, 0x73, 0x6b, 0x67, 0x8f, 0x32, + 0x80, 0x05, 0xc8, 0x21, 0xad, 0x09, 0x21, 0x80, + 0xb4, 0x49, 0x6f, 0x21, 0x29, 0x28, 0x0f, 0x4f, + 0x29, 0x94, 0x04, 0x36, 0x2b, 0x9d, 0x14, 0x19, + 0x48, 0xb6, 0xbb, 0x02, 0xac, 0xd5, 0x73, 0x65, + 0x59, 0xfc, 0x90, 0x39, 0x01, 0x8c, 0x96, 0x1d, + 0xdd, 0xd9, 0x4e, 0xe5, 0x59, 0x19, 0x84, 0x71, + 0xd4, 0xa0, 0x49, 0xe5, 0x47, 0xb5, 0x63, 0x6c, + 0xf8, 0xbb, 0xf7, 0xdb, 0x1a, 0x90, 0xc7, 0x2b, + 0x87, 0x09, 0x23, 0xdc, 0xd5, 0x4b, 0x14, 0x8c, + 0x60, 0xc9, 0xc8, 0xee, 0x60, 0x4d, 0x30, 0xee, + 0xbb, 0x69, 0x01, 0xe6, 0xdf, 0x25, 0x96, 0x12, + 0x18, 0x26, 0x05, 0x8d, 0x25, 0x02, 0x9a, 0xe3, + 0x99, 0xc9, 0x5f, 0x6a, 0xac, 0xba, 0xaf, 0xe3, + 0x4f, 0x11, 0x8d, 0xdb, 0xa7, 0xa6, 0x9d, 0x7c, + 0xd8, 0x99, 0xb5, 0xf4, 0xd5, 0x8d, 0x3d, 0xf2, + 0xa8, 0x89, 0xb0, 0x30, 0xce, 0x9a, 0x7e, 0xa6, + 0x44, 0x6d, 0x41, 0xa6, 0x0a, 0x17, 0x5f, 0x12, + 0x7d, 0xa9, 0x4c, 0x27, 0x6b, 0xaa, 0x1e, 0xdf, + 0xb3, 0x57, 0xd4, 0x1b, 0x28, 0x57, 0xad, 0x46, + 0x2c, 0x83, 0xd8, 0xff, 0x00, 0x23, 0x6d, 0x9b, + 0xac, 0x59, 0x32, 0x5e, 0x0c, 0x3b, 0xdd, 0xcb, + 0x37, 0xbf, 0xe0, 0xfd, 0xa4, 0xe1, 0x67, 0xfc, + 0xf6, 0xae, 0xc1, 0x49, 0xfe, 0x5f, 0x9f, 0x63, + 0x93, 0xfc, 0x47, 0x15, 0xc6, 0x99, 0x5d, 0x67, + 0xf2, 0xb4, 0xdd, 0xb0, 0xc7, 0x67, 0x8e, 0xe1, + 0x40, 0xbc, 0xfd, 0xd2, 0x36, 0x5e, 0x81, 0x22, + 0xca, 0x92, 0xcb, 0xba, 0x1a, 0xc7, 0x03, 0x35, + 0x7e, 0xdf, 0x15, 0x21, 0x0c, 0x68, 0x92, 0x66, + 0x9f, 0x1a, 0x2b, 0x88, 0xd7, 0x92, 0xbe, 0x7d, + 0x9a, 0xa5, 0x6c, 0x5e, 0x8d, 0xf7, 0x58, 0xab, + 0xb4, 0xbb, 0xae, 0x83, 0x14, 0x1d, 0x27, 0x59, + 0xdf, 0xc4, 0xea, 0x8f, 0x2c, 0xf0, 0x0d, 0xd8, + 0x6a, 0x73, 0x12, 0xfb, 0xae, 0xa9, 0xcf, 0xe6, + 0xd7, 0xfd, 0x3f, 0x13, 0xfc, 0x8c, 0xb7, 0x5d, + 0x25, 0x2c, 0xb3, 0xec, 0x7e, 0x7b, 0x37, 0xcd, + 0x81, 0xd8, 0x8f, 0x38, 0xae, 0x59, 0x3e, 0xde, + 0x6f, 0x8a, 0x81, 0xd5, 0x11, 0x83, 0xd7, 0xdc, + 0x7f, 0x57, 0xab, 0xb2, 0x1c, 0xe2, 0xc5, 0x93, + 0xdb, 0x72, 0xf0, 0xbf, 0x77, 0x9c, 0xcc, 0xc8, + 0x24, 0x20, 0xf5, 0x3c, 0x2f, 0xe3, 0x64, 0xb1, + 0xfd, 0x3c, 0xd2, 0xec, 0x54, 0xb9, 0x24, 0xa6, + 0x2a, 0xfa, 0x4c, 0x31, 0x95, 0x57, 0x8e, 0x48, + 0xaa, 0x5f, 0x50, 0x7e, 0x79, 0x28, 0xd7, 0x52, + 0x7d, 0x65, 0x77, 0xd3, 0xfc, 0xa8, 0x7e, 0x7b, + 0x7b, 0x19, 0xa8, 0x9f, 0x69, 0xf0, 0x01, 0x8e, + 0xeb, 0x36, 0x87, 0x1b, 0xaa, 0xdf, 0xcc, 0x70, + 0x94, 0xe3, 0x44, 0xfb, 0x36, 0x48, 0x1f, 0xb1, + 0x4a, 0x5c, 0x53, 0xc3, 0x08, 0x67, 0xcf, 0x1c, + 0x5c, 0x02, 0xcf, 0x62, 0x27, 0xf9, 0xaa, 0xe8, + 0xd8, 0xa1, 0x2b, 0x24, 0xc5, 0xac, 0x2b, 0x8e, + 0xb9, 0x12, 0xb8, 0x7d, 0xe8, 0x32, 0x54, 0x09, + 0xe4, 0x40, 0xa4, 0x7b, 0x5c, 0x74, 0x23, 0x71, + 0x79, 0xa6, 0xce, 0x55, 0x58, 0xee, 0x09, 0x10, + 0x1c, 0xa4, 0xe6, 0x45, 0xe2, 0x4b, 0xdc, 0x28, + 0x77, 0x87, 0x35, 0xab, 0xf9, 0x8b, 0x06, 0x88, + 0xf6, 0x28, 0x9d, 0x50, 0x32, 0x51, 0x58, 0x2a, + 0xab, 0x6e, 0x81, 0xce, 0xd0, 0x17, 0x98, 0x29, + 0xf7, 0x31, 0x17, 0x31, 0xd0, 0x61, 0x5d, 0x0a, + 0x0d, 0x95, 0x59, 0x78, 0xaa, 0xfb, 0xf8, 0xaa, + 0x44, 0x0a, 0x5c, 0x85, 0x87, 0x0c, 0x58, 0xb3, + 0xe5, 0xc1, 0xff, 0x92, 0x67, 0xf0, 0x94, 0xb7, + 0x42, 0xf5, 0x16, 0xe8, 0xe9, 0x75, 0x9d, 0x0f, + 0x88, 0x02, 0x1d, 0x99, 0xa7, 0xfd, 0x65, 0xbb, + 0xee, 0x80, 0x12, 0x17, 0x27, 0x66, 0x56, 0xd2, + 0x1f, 0x37, 0x34, 0xde, 0x0a, 0x55, 0x89, 0xb3, + 0x3f, 0xe9, 0x96, 0xec, 0xb9, 0x9c, 0x0d, 0x8a, + 0x52, 0xd5, 0x4b, 0x39, 0xdc, 0xfe, 0x70, 0x7f, + 0xc1, 0x1e, 0x35, 0x63, 0x8a, 0x69, 0xd9, 0x08, + 0xcc, 0xb0, 0xed, 0xac, 0xfb, 0x2a, 0xa4, 0x35, + 0xe3, 0xbe, 0xb9, 0x81, 0xd3, 0xfd, 0xef, 0x59, + 0xca, 0xde, 0x6f, 0x63, 0xcd, 0xa0, 0x56, 0xc5, + 0x26, 0xcd, 0xc5, 0x5b, 0x87, 0xa3, 0xef, 0x26, + 0x38, 0xbc, 0xae, 0xed, 0xf4, 0x06, 0x71, 0x10, + 0x53, 0xa0, 0x9d, 0x31, 0x06, 0x99, 0xdc, 0x8e, + 0x3d, 0x07, 0xac, 0xc1, 0x0e, 0x1e, 0xa8, 0xec, + 0x8d, 0x51, 0xab, 0x31, 0xc0, 0x4c, 0xa8, 0x8c, + 0x21, 0x77, 0xa5, 0x11, 0x93, 0xb4, 0x18, 0xcc, + 0xc4, 0xb2, 0x54, 0x8e, 0xcd, 0xa8, 0x61, 0x59, + 0x8f, 0xfa, 0xa8, 0xb1, 0x6e, 0xaf, 0x89, 0xd5, + 0x9c, 0x84, 0x03, 0xc3, 0x9c, 0x8d, 0x94, 0xc4, + 0x28, 0xcf, 0x19, 0x18, 0x0e, 0x14, 0x20, 0x28, + 0x7b, 0x45, 0x5f, 0xb6, 0xe4, 0xe5, 0xbf, 0xbd, + 0x38, 0x3a, 0xef, 0x18, 0xca, 0x99, 0xf8, 0x10, + 0xf6, 0xce, 0xa7, 0x03, 0xbe, 0x4b, 0x9b, 0xf0, + 0xcb, 0x6f, 0x0c, 0x53, 0x83, 0xe8, 0x3e, 0xd3, + 0xa7, 0x23, 0xa2, 0x7d, 0x8e, 0x39, 0x91, 0x06, + 0x76, 0x56, 0x72, 0x69, 0x25, 0xb2, 0x0f, 0xb7, + 0x35, 0xb1, 0x27, 0x52, 0xfa, 0xcf, 0x68, 0x4e, + 0x5c, 0x03, 0xdc, 0x5b, 0xe7, 0xa6, 0x3a, 0xf4, + 0xbd, 0x93, 0x07, 0x54, 0xfd, 0xb5, 0xf7, 0x49, + 0x30, 0x6c, 0x2c, 0xfa, 0x6e, 0x39, 0x89, 0x25, + 0xc3, 0x46, 0xd9, 0xd5, 0x72, 0x92, 0x4b, 0x15, + 0x3b, 0x76, 0x73, 0xb7, 0xa5, 0x02, 0x21, 0x40, + 0x26, 0x4f, 0xd5, 0xa0, 0xab, 0xe0, 0x0b, 0x5d, + 0x85, 0xc6, 0x86, 0xf2, 0x96, 0xfb, 0xc4, 0x9d, + 0xd3, 0x15, 0x5a, 0xd2, 0xf7, 0x48, 0x25, 0x55, + 0x06, 0x90, 0x9b, 0x35, 0x5c, 0x70, 0x60, 0xdd, + 0xed, 0x4d, 0xd2, 0xfa, 0x21, 0xc7, 0xbf, 0x68, + 0x12, 0x51, 0xe7, 0xd6, 0x32, 0x89, 0xe1, 0x5f, + 0x85, 0x85, 0x4a, 0x25, 0xb4, 0xfb, 0x08, 0x5e, + 0xf0, 0x3a, 0x03, 0xcd, 0x05, 0x0f, 0x4f, 0x50, + 0x21, 0xd1, 0x12, 0xf3, 0x29, 0x1a, 0x9f, 0xd6, + 0x0a, 0xd0, 0x1e, 0x0b, 0x57, 0x97, 0xe7, 0x8d, + 0x9b, 0x94, 0xbe, 0xfe, 0x97, 0x46, 0xd7, 0x54, + 0xe6, 0xce, 0x41, 0xda, 0x34, 0xc5, 0x7d, 0xa3, + 0xd7, 0xde, 0xda, 0x6b, 0x23, 0x30, 0x82, 0xc4, + 0x13, 0x76, 0x14, 0xe9, 0x64, 0xff, 0xf0, 0xe3, + 0x84, 0x72, 0xe3, 0x6e, 0x49, 0x5f, 0x54, 0xe2, + 0xd2, 0x37, 0x1a, 0x75, 0x81, 0xb6, 0x94, 0xcb, + 0x26, 0x3d, 0xdf, 0x80, 0xbd, 0xd4, 0x3f, 0x63, + 0x83, 0x57, 0x8b, 0x5e, 0x18, 0x24, 0x4a, 0x69, + 0xca, 0xc9, 0xcd, 0xab, 0xea, 0x3d, 0x05, 0x71, + 0x8f, 0x5c, 0x23, 0xb1, 0xd4, 0xce, 0x66, 0x84, + 0x45, 0x75, 0x97, 0xd0, 0x12, 0x84, 0xb3, 0x8b, + 0x9d, 0x3e, 0xb1, 0xeb, 0xa4, 0xf5, 0xbe, 0xff, + 0x99, 0x0b, 0xb7, 0x49, 0xf0, 0x96, 0xa3, 0x0f, + 0x1b, 0xde, 0x72, 0x4a, 0xde, 0x37, 0x89, 0xde, + 0x5e, 0xf1, 0x83, 0xa6, 0x01, 0x63, 0xe2, 0x8f, + 0x15, 0x84, 0x50, 0x09, 0x84, 0xca, 0x51, 0x53, + 0x55, 0x5c, 0x38, 0xc6, 0x16, 0x49, 0x68, 0x3a, + 0x72, 0x79, 0x21, 0xff, 0xcc, 0xe3, 0x00, 0x7c, + 0x26, 0x77, 0x83, 0xbd, 0xdb, 0xdb, 0x9d, 0xe4, + 0x88, 0x80, 0xc4, 0xe8, 0x45, 0x2d, 0xab, 0x29, + 0xe7, 0xc4, 0xf8, 0xd1, 0xd5, 0xdf, 0xd3, 0x03, + 0xa9, 0x08, 0xb1, 0xce, 0x08, 0xbe, 0x0b, 0x9f, + 0xae, 0x98, 0x89, 0x4d, 0xcb, 0x26, 0x92, 0xd0, + 0xb3, 0x2f, 0xa3, 0x9d, 0xa9, 0x8b, 0xd4, 0xff, + 0x0e, 0xa1, 0x0f, 0x0b, 0x43, 0x8a, 0x49, 0x71, + 0xa7, 0xfc, 0x47, 0x18, 0x2f, 0xbe, 0x52, 0xd6, + 0xde, 0x71, 0xfe, 0xe3, 0xe8, 0x24, 0xa3, 0x9f, + 0x19, 0xc2, 0x7f, 0x51, 0xae, 0xc6, 0xd9, 0x2b, + 0xc7, 0xf8, 0xb8, 0xf0, 0x71, 0x84, 0x7b, 0xca +#endif + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { +#ifndef WOLFSSL_ML_KEM 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73, 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28, 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7, 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29 +#else + 0x72, 0x9f, 0xa0, 0x6a, 0xc9, 0x3c, 0x5e, 0xfd, + 0xfb, 0xf1, 0x27, 0x2a, 0x96, 0xce, 0xf1, 0x67, + 0xa3, 0x93, 0x94, 0x7a, 0xb7, 0xdc, 0x2d, 0x11, + 0xed, 0x7d, 0xe8, 0xac, 0x3c, 0x94, 0x7f, 0xa8 +#endif }; - ret = wc_KyberKey_Init(KYBER768, &key, HEAP_HINT, INVALID_DEVID); +#ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if (! (key && priv && pub && ct && ss && ss_dec)) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; - ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber768_rand, + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand, sizeof(kyber768_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub)); + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv)); + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber768enc_rand, + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand, sizeof(kyber768enc_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber768_ct)); + ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - wc_KyberKey_Free(&key); +out: - return 0; + if (key_inited) + wc_KyberKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* WOLFSSL_KYBER768 */ #ifdef WOLFSSL_KYBER1024 static wc_test_ret_t kyber1024_kat(void) { - KyberKey key; wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key = NULL; + byte *priv = NULL; + byte *pub = NULL; + byte *ct = NULL; + byte *ss = NULL; + byte *ss_dec = NULL; +#else + KyberKey key[1]; byte priv[KYBER1024_PRIVATE_KEY_SIZE]; byte pub[KYBER1024_PUBLIC_KEY_SIZE]; byte ct[KYBER1024_CIPHER_TEXT_SIZE]; byte ss[KYBER_SS_SZ]; byte ss_dec[KYBER_SS_SZ]; - const byte kyber1024_rand[] = { +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = { 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, @@ -36263,13 +39267,13 @@ static wc_test_ret_t kyber1024_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber1024enc_rand[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = { 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 }; - const byte kyber1024_pk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC, 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB, 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78, @@ -36467,7 +39471,7 @@ static wc_test_ret_t kyber1024_kat(void) 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 }; - const byte kyber1024_sk[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, @@ -36865,7 +39869,8 @@ static wc_test_ret_t kyber1024_kat(void) 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F }; - const byte kyber1024_ct[] = { + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { +#ifndef WOLFSSL_ML_KEM 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1, 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1, 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE, @@ -37062,58 +40067,295 @@ static wc_test_ret_t kyber1024_kat(void) 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4, 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7, 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13 - }; - const byte kyber1024_ss[] = { +#else + 0xb1, 0x56, 0x96, 0xac, 0xab, 0xf3, 0xf5, 0xc7, + 0x1c, 0x09, 0x60, 0x5d, 0xf3, 0x50, 0xf9, 0x8e, + 0xf9, 0x89, 0x74, 0x74, 0xf2, 0x41, 0xc7, 0xf7, + 0xd1, 0x6f, 0x7a, 0x69, 0x60, 0x43, 0x58, 0x50, + 0x84, 0x58, 0x91, 0x6d, 0x2c, 0x85, 0x52, 0xc7, + 0x04, 0xcb, 0x6e, 0x0d, 0xa4, 0x30, 0x5a, 0x11, + 0x72, 0x0a, 0x2b, 0x59, 0xa6, 0xd8, 0x19, 0x0f, + 0xc3, 0xe3, 0x89, 0xe6, 0x55, 0x1e, 0x7c, 0x59, + 0x57, 0x8f, 0xe2, 0xb0, 0x5d, 0x75, 0x91, 0xba, + 0xb3, 0x26, 0xd8, 0x94, 0xe2, 0x36, 0x56, 0xc6, + 0xb5, 0xfe, 0x4b, 0x7a, 0xbd, 0x65, 0x05, 0xa8, + 0xc2, 0x6d, 0x1d, 0xf8, 0xb4, 0x4a, 0x0e, 0xd5, + 0x3a, 0xff, 0xff, 0x9a, 0x58, 0x5f, 0xce, 0x86, + 0xda, 0x3b, 0x3f, 0xf2, 0x2b, 0x1f, 0xda, 0xe2, + 0xf6, 0xd2, 0x55, 0xc2, 0x65, 0x35, 0xf6, 0x16, + 0x94, 0xd5, 0x04, 0x71, 0xf1, 0xd8, 0x4d, 0x17, + 0x67, 0x3e, 0x48, 0x1f, 0x4e, 0x82, 0x4c, 0x82, + 0x81, 0x0c, 0xe8, 0xf2, 0xec, 0xc9, 0xbb, 0x3f, + 0x5f, 0x07, 0xbf, 0x14, 0x30, 0xe7, 0xbf, 0xd9, + 0x9f, 0xb9, 0x8f, 0x3d, 0x2f, 0x94, 0x1e, 0xdf, + 0x64, 0x2d, 0x7b, 0x9e, 0x73, 0xbc, 0x15, 0x95, + 0xa0, 0x4c, 0xd9, 0x49, 0xfa, 0x76, 0x64, 0x68, + 0x48, 0x9f, 0x40, 0x2f, 0x92, 0x32, 0x5f, 0x6d, + 0x9e, 0xc5, 0xd6, 0x96, 0xe0, 0xfa, 0xc2, 0xc6, + 0xa3, 0x79, 0x83, 0xa6, 0x45, 0x13, 0x84, 0xce, + 0x9d, 0x9d, 0xe4, 0x48, 0xf1, 0x58, 0x74, 0xe5, + 0x30, 0x94, 0x3e, 0x8e, 0x0f, 0xe2, 0x99, 0x60, + 0x58, 0x7a, 0x89, 0xb8, 0x05, 0x2c, 0x9d, 0x0e, + 0x6b, 0x0e, 0xa5, 0xdb, 0xb7, 0x34, 0xd2, 0xa9, + 0xc0, 0x5c, 0xbb, 0x6d, 0x0c, 0x79, 0xf4, 0xa5, + 0x7d, 0xb5, 0xaf, 0xde, 0xd6, 0xa7, 0xdf, 0x0e, + 0xcf, 0x47, 0xb7, 0xa3, 0x1d, 0xea, 0xf3, 0x7d, + 0xfa, 0x1d, 0xc8, 0x97, 0x22, 0xa4, 0x7b, 0x40, + 0xb4, 0xa5, 0x0c, 0x7a, 0x2f, 0x32, 0xe8, 0xab, + 0x3d, 0xa9, 0x73, 0xaa, 0x68, 0x3c, 0x0a, 0x69, + 0x82, 0x94, 0xca, 0x3a, 0x04, 0x54, 0x83, 0x17, + 0x5d, 0x87, 0x78, 0x6b, 0x47, 0xf7, 0x8a, 0xb0, + 0x29, 0x5b, 0x82, 0x67, 0xed, 0xfe, 0xed, 0xa4, + 0x42, 0xc3, 0x51, 0xa3, 0x8e, 0x95, 0xcf, 0x43, + 0xb0, 0x83, 0x42, 0xc6, 0x7d, 0x0b, 0xc5, 0xdd, + 0x59, 0x74, 0xf6, 0xc5, 0xc0, 0x03, 0xea, 0x31, + 0xb5, 0x80, 0x4a, 0x31, 0x1c, 0x29, 0xeb, 0xa1, + 0x7b, 0xdb, 0x54, 0x7a, 0x62, 0x9e, 0xc8, 0x39, + 0x74, 0x04, 0x3b, 0xd0, 0x3a, 0x37, 0xd0, 0xec, + 0x7f, 0xf3, 0x9d, 0xe1, 0xdf, 0xb8, 0xe6, 0x32, + 0xa8, 0x6b, 0x26, 0x02, 0x1e, 0x75, 0x3e, 0x7d, + 0xc7, 0x31, 0xbc, 0x4e, 0xd7, 0xe7, 0xfe, 0xce, + 0x78, 0xb0, 0x7d, 0xff, 0x5e, 0x87, 0x75, 0xb2, + 0x22, 0x3e, 0x19, 0xdf, 0xb3, 0xa0, 0x6a, 0x18, + 0x65, 0xed, 0x4f, 0x08, 0xa8, 0x45, 0x44, 0x49, + 0x25, 0x04, 0xf2, 0x96, 0x2e, 0x00, 0x5f, 0xde, + 0x5d, 0xe6, 0xe4, 0xff, 0x48, 0x99, 0x4d, 0x4f, + 0xf8, 0x11, 0xce, 0x31, 0xe3, 0x90, 0x98, 0x03, + 0xc3, 0x53, 0x4c, 0x1c, 0x6c, 0x6d, 0xdc, 0x9e, + 0x1a, 0x43, 0xc8, 0x45, 0xe7, 0xe7, 0xe2, 0xa1, + 0x08, 0x11, 0x86, 0xbe, 0xde, 0x4b, 0x5b, 0xcf, + 0x1b, 0x80, 0xb1, 0x3d, 0x21, 0x8a, 0x4a, 0xb4, + 0x46, 0xf4, 0x79, 0xe3, 0x8c, 0x1d, 0xe4, 0xa5, + 0x94, 0xe0, 0xf2, 0x0c, 0xdc, 0x23, 0xa9, 0xea, + 0x58, 0x77, 0x8c, 0xb2, 0xfb, 0x10, 0x4f, 0x1d, + 0xc9, 0x1b, 0xa5, 0xc1, 0x7e, 0x74, 0x00, 0x4c, + 0x43, 0x0a, 0xab, 0x1a, 0x3d, 0x16, 0x79, 0xda, + 0xeb, 0x50, 0x82, 0xe5, 0x17, 0xaf, 0x6a, 0x4e, + 0x28, 0xf5, 0x64, 0x44, 0x1b, 0x73, 0x23, 0x5d, + 0x08, 0x4a, 0x58, 0x31, 0xcb, 0xb3, 0x94, 0xce, + 0xcd, 0x99, 0x7f, 0xe0, 0x8b, 0x1b, 0x4a, 0xa9, + 0x95, 0xbd, 0xd9, 0x72, 0x6c, 0x04, 0x61, 0x58, + 0x59, 0xff, 0xfd, 0x1c, 0x99, 0x06, 0xfb, 0x2d, + 0x04, 0x01, 0xed, 0x6f, 0x59, 0x1e, 0x13, 0xc6, + 0xe7, 0x9e, 0xc5, 0xe8, 0x62, 0x07, 0x9e, 0x6d, + 0xfd, 0x3c, 0xa6, 0x88, 0xfa, 0x5a, 0xc7, 0xf8, + 0xd2, 0x79, 0x07, 0x53, 0x05, 0x49, 0xac, 0x71, + 0xfd, 0xeb, 0x5f, 0x86, 0x9d, 0x2a, 0x9b, 0x23, + 0x5a, 0x0e, 0x54, 0xb3, 0xb8, 0x66, 0x02, 0x1d, + 0x6b, 0x5c, 0x98, 0xd1, 0xc6, 0xc0, 0xc0, 0x04, + 0x89, 0x99, 0x5e, 0x3c, 0x34, 0x96, 0xb6, 0x9c, + 0x76, 0x33, 0x8a, 0xc4, 0x22, 0xc9, 0xf9, 0x41, + 0x58, 0xed, 0x5c, 0xf9, 0xcc, 0x6b, 0xe9, 0x38, + 0x46, 0x03, 0x4d, 0x4b, 0xa5, 0x33, 0xa3, 0x42, + 0x2c, 0x29, 0xd6, 0x75, 0x40, 0x5a, 0xe8, 0x53, + 0xb8, 0x49, 0x7d, 0xc9, 0x12, 0xf4, 0xa8, 0x35, + 0x00, 0xc8, 0x9d, 0xb7, 0x6b, 0xcd, 0xd7, 0x04, + 0x6d, 0x98, 0x32, 0xfa, 0x3d, 0x2b, 0xf3, 0xd0, + 0x24, 0x65, 0xeb, 0xb4, 0x16, 0x80, 0x35, 0x11, + 0x8f, 0x08, 0x7d, 0xdd, 0x47, 0x64, 0x3d, 0x2d, + 0xb7, 0x1f, 0x47, 0x41, 0x9a, 0xed, 0x97, 0x3e, + 0xc4, 0x38, 0x48, 0x66, 0xd4, 0x5e, 0x1d, 0xf2, + 0x16, 0xed, 0xa5, 0xbf, 0x61, 0x33, 0xf8, 0x4a, + 0x32, 0x8c, 0x11, 0x29, 0x62, 0x1e, 0xc1, 0x50, + 0x1f, 0xc4, 0x6f, 0xe3, 0xed, 0xa4, 0x60, 0x68, + 0x0b, 0x39, 0x7a, 0x42, 0xa4, 0x36, 0x8e, 0xb3, + 0xdc, 0x88, 0x45, 0x1b, 0x2b, 0x61, 0x6e, 0xec, + 0x5f, 0x1e, 0xc0, 0x5e, 0x5b, 0xd2, 0x08, 0x4b, + 0x49, 0x45, 0xd2, 0x0e, 0xa8, 0x63, 0x0d, 0x81, + 0x49, 0x2c, 0x78, 0xcf, 0x06, 0xa7, 0x8e, 0xc5, + 0x08, 0xa0, 0xc5, 0x71, 0x3b, 0x48, 0x60, 0x21, + 0x64, 0x32, 0x66, 0xa6, 0x0d, 0x99, 0x74, 0x46, + 0x78, 0xe5, 0x98, 0xb1, 0x52, 0xcf, 0x18, 0x29, + 0x89, 0x7a, 0xf7, 0x20, 0xc1, 0x8e, 0xb6, 0x89, + 0x3d, 0x8b, 0x1f, 0x81, 0xc8, 0xbb, 0xc5, 0x5c, + 0x80, 0x47, 0x39, 0x1a, 0x90, 0x51, 0xa6, 0xd0, + 0xd6, 0x54, 0x71, 0x89, 0x1a, 0xc2, 0xdf, 0xd8, + 0xac, 0x98, 0x4a, 0xa7, 0xaf, 0xf3, 0x97, 0x44, + 0x92, 0xb7, 0x51, 0xfd, 0xc5, 0xde, 0xa1, 0x39, + 0x68, 0x86, 0xe8, 0xc9, 0x4b, 0x94, 0x48, 0xe1, + 0xee, 0x63, 0x3f, 0x6c, 0x21, 0x43, 0x55, 0x2e, + 0xb8, 0x49, 0xc6, 0xd7, 0xe7, 0x2b, 0x6a, 0x7c, + 0x81, 0x21, 0x46, 0x15, 0x44, 0x51, 0x5e, 0x34, + 0x6d, 0x69, 0x97, 0x31, 0x11, 0xc9, 0x24, 0xac, + 0xda, 0x06, 0x47, 0x0b, 0x5d, 0xf2, 0x32, 0x0e, + 0x06, 0xb8, 0xf1, 0xaf, 0xf4, 0x13, 0xf9, 0xe8, + 0x88, 0x43, 0x6c, 0x31, 0x37, 0x80, 0x25, 0xbe, + 0x66, 0x72, 0x6a, 0x0b, 0xa5, 0x59, 0x17, 0x7b, + 0x11, 0x37, 0xc4, 0x31, 0xcc, 0xe1, 0xa6, 0xfb, + 0x00, 0xde, 0x36, 0xc6, 0xaf, 0xce, 0x92, 0xf1, + 0x1b, 0xc7, 0x5a, 0x88, 0x5f, 0xbb, 0xd9, 0xb1, + 0x08, 0xe6, 0xea, 0xd4, 0x3f, 0xee, 0x47, 0xda, + 0x31, 0x12, 0x30, 0xf9, 0x22, 0xba, 0xb9, 0x3a, + 0x76, 0x77, 0x71, 0x1e, 0x97, 0xea, 0x41, 0x29, + 0x80, 0x2c, 0x5d, 0xff, 0x20, 0xd0, 0xd9, 0xdb, + 0x97, 0xf8, 0x82, 0xc6, 0x33, 0x79, 0xfc, 0x27, + 0xd0, 0x8a, 0x6f, 0xec, 0xc2, 0x88, 0xcc, 0x06, + 0xe2, 0x57, 0x65, 0x4b, 0x38, 0x8e, 0x50, 0x18, + 0x80, 0x1f, 0xf1, 0x9b, 0xac, 0x2c, 0x94, 0x87, + 0xa5, 0xf4, 0x7e, 0x07, 0x31, 0x01, 0xdd, 0x37, + 0xb1, 0x0d, 0x43, 0xc9, 0x35, 0x11, 0x9b, 0x6f, + 0x70, 0xed, 0xdf, 0x9b, 0xa5, 0x14, 0x9e, 0xd6, + 0x4e, 0x8c, 0x12, 0x9d, 0x97, 0x8c, 0xbf, 0x2c, + 0x1a, 0x30, 0x6f, 0x83, 0xa6, 0x34, 0x7b, 0xfc, + 0x44, 0x5e, 0x8f, 0xd6, 0x45, 0xab, 0x0e, 0x4b, + 0x2a, 0x93, 0x93, 0x28, 0xcb, 0x55, 0xa7, 0x95, + 0x1a, 0x3a, 0x93, 0x8a, 0x06, 0xae, 0xd2, 0x4e, + 0xf3, 0x25, 0x62, 0x14, 0x9c, 0x8b, 0x7f, 0x2d, + 0xad, 0xd7, 0x5d, 0x2d, 0xb3, 0x78, 0x2b, 0x64, + 0xf4, 0xcb, 0x1f, 0x56, 0xa0, 0x94, 0x52, 0x77, + 0xc9, 0xc5, 0xe1, 0x60, 0x5a, 0x0c, 0x0e, 0xb6, + 0x5d, 0x7f, 0xe3, 0x42, 0x1c, 0x90, 0x87, 0x4b, + 0xb9, 0xcc, 0xb9, 0x45, 0xea, 0x74, 0xc9, 0x97, + 0xec, 0xa7, 0x3c, 0x94, 0x05, 0x9b, 0x77, 0xc7, + 0xc3, 0xf0, 0x8d, 0xd6, 0xe5, 0xe4, 0x94, 0xe3, + 0xf2, 0x33, 0x99, 0xf2, 0xfc, 0xe0, 0x56, 0xe9, + 0xf1, 0x30, 0xfe, 0xb6, 0xce, 0xcb, 0xb3, 0xe8, + 0xde, 0xce, 0x49, 0xe5, 0x67, 0x37, 0x57, 0x51, + 0x57, 0x42, 0x09, 0x4a, 0xc3, 0x82, 0x56, 0x38, + 0x57, 0xb5, 0xd4, 0x12, 0xd7, 0x19, 0x1c, 0xdc, + 0x5d, 0xe0, 0x68, 0x1c, 0x72, 0xc5, 0xda, 0xf8, + 0x33, 0xbe, 0xed, 0xcd, 0x88, 0xe4, 0x01, 0x23, + 0xa6, 0x17, 0xd2, 0xbd, 0x0d, 0x75, 0x95, 0x91, + 0x6a, 0x68, 0x94, 0xb9, 0x26, 0x3b, 0x6e, 0xb9, + 0x1e, 0x23, 0x80, 0x15, 0x4e, 0x0c, 0xfc, 0x52, + 0x78, 0x42, 0x58, 0xcf, 0x73, 0x20, 0xc4, 0xf0, + 0x2e, 0xad, 0x0b, 0x44, 0x71, 0xea, 0x0d, 0xd0, + 0xab, 0xeb, 0x5e, 0x63, 0x62, 0x8f, 0x48, 0x36, + 0xa2, 0x3d, 0xb2, 0x69, 0xce, 0xe0, 0x9e, 0x46, + 0xf3, 0x5b, 0x9d, 0xe8, 0x7e, 0xcb, 0x04, 0x22, + 0xad, 0x8e, 0xc6, 0xcb, 0x60, 0xb7, 0x17, 0xee, + 0xc2, 0x12, 0x16, 0xf0, 0xb7, 0x91, 0xc8, 0x52, + 0xa9, 0xf8, 0xa4, 0xc2, 0x61, 0x67, 0xd7, 0x35, + 0x0e, 0x17, 0xfa, 0x3e, 0xc7, 0x45, 0xb4, 0x63, + 0x11, 0xa6, 0x71, 0xcb, 0x8d, 0x7f, 0x14, 0x88, + 0x5f, 0xf0, 0x1b, 0xab, 0x0e, 0xf4, 0x69, 0xd0, + 0x85, 0x0f, 0xe8, 0x07, 0xe7, 0x0d, 0x36, 0xa4, + 0xb7, 0x36, 0xb2, 0xc3, 0x2c, 0x67, 0x62, 0x58, + 0xae, 0x7d, 0x55, 0x3d, 0xca, 0xb8, 0xad, 0xe6, + 0x36, 0x8a, 0xa2, 0x31, 0x79, 0x77, 0x8a, 0xdd, + 0x21, 0x4d, 0xd9, 0x15, 0x4f, 0x51, 0x0f, 0x50, + 0xe5, 0x56, 0x0c, 0x65, 0xfc, 0xec, 0x35, 0xe8, + 0x78, 0x82, 0x53, 0x0e, 0xdc, 0x65, 0xbe, 0xe6, + 0x6b, 0x25, 0xa5, 0x35, 0xda, 0x21, 0x46, 0xe1, + 0x4f, 0x83, 0x90, 0xbc, 0xf5, 0x79, 0xc3, 0x37, + 0xba, 0xd9, 0x74, 0x57, 0x5d, 0x5f, 0x09, 0xa8, + 0x76, 0x88, 0x83, 0xf9, 0x39, 0x3a, 0x14, 0x41, + 0x71, 0xfe, 0xb3, 0xfc, 0x66, 0x3e, 0xee, 0xf1, + 0x38, 0xb2, 0x1b, 0xd5, 0x57, 0xab, 0xbb, 0xad, + 0x2c, 0x02, 0x24, 0x34, 0x1f, 0xab, 0xfb, 0x6c, + 0x6f, 0xde, 0xa6, 0xf3, 0xc2, 0x65, 0xe5, 0xd8, + 0xaf, 0x16, 0x9a, 0x96, 0x4a, 0x7a, 0x86, 0xa1, + 0xa0, 0xe2, 0x22, 0xdd, 0x63, 0x71, 0x38, 0x20, + 0x79, 0xf8, 0x38, 0x23, 0x4a, 0xea, 0x8f, 0xf6, + 0xe2, 0xb8, 0x94, 0xe0, 0x4a, 0x9a, 0x34, 0xcf, + 0xac, 0xab, 0x81, 0xb0, 0x70, 0x4b, 0x14, 0xd7, + 0xd1, 0x09, 0x94, 0x9c, 0x68, 0x64, 0x4c, 0x01, + 0x5b, 0xc2, 0xf2, 0x6a, 0x9c, 0x29, 0x42, 0x87, + 0xec, 0xf1, 0x52, 0xd8, 0x46, 0xf9, 0x14, 0xc0, + 0x74, 0x5c, 0xeb, 0x7e, 0xc3, 0xd3, 0x6a, 0xd9, + 0xd7, 0x23, 0xc1, 0x5f, 0x89, 0xe2, 0xd8, 0xfe, + 0x2c, 0x18, 0xe1, 0x11, 0x80, 0xd0, 0x70, 0x9d, + 0x70, 0x02, 0xa5, 0x0f, 0x87, 0xd1, 0xc7, 0x3d, + 0xbb, 0x61, 0x6f, 0xd8, 0xde, 0x30, 0x33, 0x9d, + 0x83, 0xda, 0x5a, 0x8e, 0xd5, 0x03, 0x21, 0xcc, + 0x12, 0xf9, 0x4d, 0xff, 0x84, 0xd9, 0xe5, 0x44, + 0xf1, 0x7e, 0xc3, 0x4a, 0x60, 0xeb, 0x41, 0x4b, + 0x28, 0x78, 0xcc, 0x1a, 0x05, 0xc2, 0x64, 0xa0, + 0x66, 0xdd, 0xd3, 0x7f, 0x0c, 0x50, 0x4f, 0x0e, + 0x6c, 0xcd, 0x0f, 0x31, 0x1e, 0xb5, 0x21, 0x2d, + 0xe3, 0x2e, 0x9d, 0x65, 0x51, 0x25, 0xe4, 0xf4 +#endif + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { +#ifndef WOLFSSL_ML_KEM 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4, 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5, 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55, 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19 +#else + 0x63, 0xa1, 0x03, 0x90, 0x74, 0xf0, 0x1f, 0x26, + 0x51, 0x21, 0x3a, 0xd9, 0x35, 0x0d, 0x65, 0x61, + 0xcb, 0x03, 0xa6, 0x04, 0x00, 0xe7, 0x41, 0x18, + 0xbb, 0x44, 0x64, 0xd8, 0x7b, 0x9d, 0xb2, 0x05 +#endif }; - ret = wc_KyberKey_Init(KYBER1024, &key, HEAP_HINT, INVALID_DEVID); +#ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if (! (key && priv && pub && ct && ss && ss_dec)) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; - ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber1024_rand, + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand, sizeof(kyber1024_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub)); + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv)); + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber1024enc_rand, + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand, sizeof(kyber1024enc_rand)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber1024_ct)); + ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); - wc_KyberKey_Free(&key); +out: - return 0; + if (key_inited) + wc_KyberKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* WOLFSSL_KYBER1024 */ #endif /* WOLFSSL_WC_KYBER */ @@ -37121,9 +40363,19 @@ static wc_test_ret_t kyber1024_kat(void) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) { wc_test_ret_t ret; - KyberKey key; WC_RNG rng; int i; +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key = NULL; + byte *priv = NULL; + byte *pub = NULL; + byte *priv2 = NULL; + byte *pub2 = NULL; + byte *ct = NULL; + byte *ss = NULL; + byte *ss_dec = NULL; +#else + KyberKey key[1]; byte priv[KYBER_MAX_PRIVATE_KEY_SIZE]; byte pub[KYBER_MAX_PUBLIC_KEY_SIZE]; byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE]; @@ -37131,7 +40383,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) byte ct[KYBER_MAX_CIPHER_TEXT_SIZE]; byte ss[KYBER_SS_SZ]; byte ss_dec[KYBER_SS_SZ]; - int testData[][4] = { +#endif + int key_inited = 0; + static const int testData[][4] = { #ifdef WOLFSSL_KYBER512 { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE, KYBER512_CIPHER_TEXT_SIZE }, @@ -37147,73 +40401,95 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) }; WOLFSSL_ENTER("kyber_test"); +#ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec)) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); #else ret = wc_InitRng(&rng); #endif if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { - ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID); + ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + else + key_inited = 1; - ret = wc_KyberKey_MakeKey(&key, &rng); + ret = wc_KyberKey_MakeKey(key, &rng); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_EncodePublicKey(&key, pub, testData[i][2]); + ret = wc_KyberKey_EncodePublicKey(key, pub, testData[i][2]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_EncodePrivateKey(&key, priv, testData[i][1]); + ret = wc_KyberKey_EncodePrivateKey(key, priv, testData[i][1]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID); + ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_DecodePublicKey(&key, pub, testData[i][2]); + ret = wc_KyberKey_DecodePublicKey(key, pub, testData[i][2]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_Encapsulate(&key, ct, ss, &rng); + ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_EncodePublicKey(&key, pub2, testData[i][2]); + ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); if (XMEMCMP(pub, pub2, testData[i][2]) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID); + ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_DecodePrivateKey(&key, priv, testData[i][1]); + ret = wc_KyberKey_DecodePrivateKey(key, priv, testData[i][1]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, testData[i][3]); + ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - if (XMEMCMP(ss, ss_dec, sizeof(ss)) != 0) - return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_KyberKey_EncodePrivateKey(&key, priv2, testData[i][1]); + ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); if (XMEMCMP(priv, priv2, testData[i][2]) != 0) - return WC_TEST_RET_ENC_I(i); - - wc_KyberKey_Free(&key); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } wc_FreeRng(&rng); @@ -37222,24 +40498,1883 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) #ifdef WOLFSSL_KYBER512 ret = kyber512_kat(); if (ret != 0) - return ret; + goto out; #endif #ifdef WOLFSSL_KYBER768 ret = kyber768_kat(); if (ret != 0) - return ret; + goto out; #endif #ifdef WOLFSSL_KYBER1024 ret = kyber1024_kat(); if (ret != 0) - return ret; + goto out; #endif #endif /* WOLFSSL_WC_KYBER */ - return 0; +out: + + if (key_inited) + wc_KyberKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* WOLFSSL_HAVE_KYBER */ +#ifdef HAVE_DILITHIUM +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, + word32 pubKeyLen, const byte* sig, word32 sigLen) +{ + byte msg[512]; + dilithium_key* key; + wc_test_ret_t ret; + int i; + int res = 0; + + key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) { + msg[i] = (byte)i; + } + + ret = wc_dilithium_init(key); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + return ret; + } + + ret = wc_dilithium_set_level(key, param); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, + key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); +out: + wc_dilithium_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +#ifndef WOLFSSL_NO_ML_DSA_44 +static wc_test_ret_t dilithium_param_44_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = { + 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, + 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, + 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, + 0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b, + 0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81, + 0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31, + 0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a, + 0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79, + 0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7, + 0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8, + 0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c, + 0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02, + 0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26, + 0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a, + 0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38, + 0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d, + 0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4, + 0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb, + 0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8, + 0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c, + 0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72, + 0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe, + 0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa, + 0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92, + 0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5, + 0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2, + 0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b, + 0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e, + 0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77, + 0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58, + 0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad, + 0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55, + 0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f, + 0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc, + 0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27, + 0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d, + 0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51, + 0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18, + 0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21, + 0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79, + 0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b, + 0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f, + 0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50, + 0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d, + 0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83, + 0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46, + 0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5, + 0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19, + 0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b, + 0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc, + 0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20, + 0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45, + 0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff, + 0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07, + 0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a, + 0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e, + 0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5, + 0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00, + 0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d, + 0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34, + 0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3, + 0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12, + 0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1, + 0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37, + 0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde, + 0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9, + 0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee, + 0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f, + 0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b, + 0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4, + 0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf, + 0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3, + 0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75, + 0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87, + 0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45, + 0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f, + 0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39, + 0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf, + 0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d, + 0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55, + 0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0, + 0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49, + 0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3, + 0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6, + 0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71, + 0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d, + 0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a, + 0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac, + 0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9, + 0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe, + 0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e, + 0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2, + 0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7, + 0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9, + 0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f, + 0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d, + 0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa, + 0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60, + 0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef, + 0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82, + 0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83, + 0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61, + 0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e, + 0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2, + 0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37, + 0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f, + 0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3, + 0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34, + 0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9, + 0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12, + 0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e, + 0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a, + 0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5, + 0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7, + 0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9, + 0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76, + 0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7, + 0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66, + 0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99, + 0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a, + 0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1, + 0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68, + 0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39, + 0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a, + 0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81, + 0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42, + 0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d, + 0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6, + 0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42, + 0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77, + 0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1, + 0xfe, 0x4b, + }; + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = { + 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, + 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, + 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, + 0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f, + 0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74, + 0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd, + 0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0, + 0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3, + 0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e, + 0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47, + 0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0, + 0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4, + 0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64, + 0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a, + 0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59, + 0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b, + 0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8, + 0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32, + 0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb, + 0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28, + 0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c, + 0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71, + 0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77, + 0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65, + 0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17, + 0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d, + 0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3, + 0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e, + 0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61, + 0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb, + 0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3, + 0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12, + 0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d, + 0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57, + 0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34, + 0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0, + 0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57, + 0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e, + 0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d, + 0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea, + 0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3, + 0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57, + 0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd, + 0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07, + 0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f, + 0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83, + 0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa, + 0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c, + 0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e, + 0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b, + 0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a, + 0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d, + 0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0, + 0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48, + 0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9, + 0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84, + 0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b, + 0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad, + 0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb, + 0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63, + 0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6, + 0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb, + 0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45, + 0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6, + 0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29, + 0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f, + 0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25, + 0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95, + 0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44, + 0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5, + 0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17, + 0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59, + 0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda, + 0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1, + 0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a, + 0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46, + 0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1, + 0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36, + 0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc, + 0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde, + 0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4, + 0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21, + 0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91, + 0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f, + 0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29, + 0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf, + 0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3, + 0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6, + 0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f, + 0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53, + 0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6, + 0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19, + 0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e, + 0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58, + 0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8, + 0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5, + 0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66, + 0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7, + 0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65, + 0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad, + 0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13, + 0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba, + 0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e, + 0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde, + 0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a, + 0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f, + 0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56, + 0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac, + 0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48, + 0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25, + 0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93, + 0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38, + 0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2, + 0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c, + 0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad, + 0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e, + 0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9, + 0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51, + 0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea, + 0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3, + 0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37, + 0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54, + 0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06, + 0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae, + 0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89, + 0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62, + 0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb, + 0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a, + 0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31, + 0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f, + 0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5, + 0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6, + 0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0, + 0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a, + 0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86, + 0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4, + 0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a, + 0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69, + 0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7, + 0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2, + 0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a, + 0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12, + 0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6, + 0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4, + 0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02, + 0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61, + 0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5, + 0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a, + 0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82, + 0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60, + 0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd, + 0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a, + 0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3, + 0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61, + 0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba, + 0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05, + 0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68, + 0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe, + 0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56, + 0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87, + 0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37, + 0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76, + 0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09, + 0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66, + 0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57, + 0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67, + 0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b, + 0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10, + 0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00, + 0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac, + 0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2, + 0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13, + 0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda, + 0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c, + 0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd, + 0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9, + 0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d, + 0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56, + 0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc, + 0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc, + 0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34, + 0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57, + 0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98, + 0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d, + 0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86, + 0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5, + 0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98, + 0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2, + 0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3, + 0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90, + 0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6, + 0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d, + 0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40, + 0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b, + 0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f, + 0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28, + 0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37, + 0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f, + 0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1, + 0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd, + 0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81, + 0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae, + 0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61, + 0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72, + 0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97, + 0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa, + 0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f, + 0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51, + 0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80, + 0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc, + 0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32, + 0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1, + 0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81, + 0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8, + 0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61, + 0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf, + 0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32, + 0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35, + 0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59, + 0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d, + 0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44, + 0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d, + 0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a, + 0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67, + 0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b, + 0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d, + 0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47, + 0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45, + 0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78, + 0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48, + 0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b, + 0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6, + 0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d, + 0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b, + 0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4, + 0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67, + 0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25, + 0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2, + 0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32, + 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, + 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46, + }; + + return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, + (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig, + (word32)sizeof(ml_dsa_44_sig)); +} +#endif + +#ifndef WOLFSSL_NO_ML_DSA_65 +static wc_test_ret_t dilithium_param_65_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = { + 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, + 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, + 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, + 0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d, + 0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92, + 0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24, + 0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e, + 0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4, + 0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc, + 0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4, + 0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6, + 0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc, + 0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49, + 0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71, + 0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09, + 0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1, + 0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00, + 0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46, + 0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85, + 0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9, + 0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7, + 0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0, + 0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc, + 0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb, + 0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f, + 0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a, + 0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d, + 0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40, + 0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e, + 0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea, + 0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd, + 0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea, + 0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b, + 0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9, + 0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc, + 0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3, + 0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce, + 0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1, + 0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac, + 0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e, + 0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b, + 0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9, + 0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d, + 0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda, + 0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9, + 0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86, + 0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4, + 0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b, + 0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32, + 0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf, + 0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca, + 0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15, + 0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2, + 0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14, + 0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3, + 0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0, + 0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a, + 0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e, + 0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75, + 0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40, + 0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40, + 0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75, + 0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64, + 0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a, + 0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91, + 0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8, + 0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19, + 0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35, + 0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d, + 0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9, + 0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c, + 0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69, + 0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34, + 0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f, + 0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee, + 0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30, + 0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4, + 0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5, + 0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63, + 0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63, + 0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14, + 0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10, + 0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97, + 0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12, + 0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac, + 0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7, + 0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4, + 0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30, + 0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a, + 0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62, + 0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4, + 0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c, + 0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5, + 0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c, + 0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d, + 0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3, + 0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca, + 0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed, + 0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca, + 0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c, + 0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97, + 0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3, + 0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6, + 0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4, + 0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c, + 0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7, + 0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04, + 0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06, + 0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3, + 0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9, + 0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4, + 0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c, + 0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71, + 0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc, + 0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd, + 0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c, + 0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7, + 0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d, + 0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4, + 0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f, + 0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69, + 0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7, + 0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0, + 0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24, + 0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84, + 0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22, + 0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e, + 0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f, + 0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a, + 0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f, + 0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e, + 0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57, + 0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70, + 0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62, + 0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48, + 0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75, + 0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f, + 0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc, + 0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c, + 0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5, + 0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2, + 0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52, + 0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b, + 0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72, + 0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63, + 0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a, + 0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7, + 0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b, + 0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2, + 0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58, + 0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78, + 0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06, + 0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f, + 0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98, + 0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f, + 0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8, + 0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75, + 0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee, + 0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5, + 0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d, + 0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24, + 0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b, + 0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7, + 0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58, + 0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b, + 0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91, + 0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a, + 0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c, + 0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1, + 0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b, + 0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc, + 0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23, + 0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58, + 0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82, + 0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63, + 0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac, + 0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81, + 0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52, + 0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2, + 0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e, + 0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34, + 0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff, + 0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5, + 0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea, + 0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6, + 0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77, + 0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab, + 0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d, + 0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09, + 0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe, + 0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e, + 0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08, + 0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69, + 0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27, + 0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14, + 0x1b, 0x10, + }; + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = { + 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, + 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, + 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, + 0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04, + 0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca, + 0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7, + 0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99, + 0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66, + 0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2, + 0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb, + 0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a, + 0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74, + 0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd, + 0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b, + 0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13, + 0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47, + 0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b, + 0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3, + 0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0, + 0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46, + 0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35, + 0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1, + 0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73, + 0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87, + 0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe, + 0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa, + 0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10, + 0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1, + 0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8, + 0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde, + 0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f, + 0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12, + 0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e, + 0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e, + 0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2, + 0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9, + 0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89, + 0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf, + 0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9, + 0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45, + 0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a, + 0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33, + 0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad, + 0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd, + 0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8, + 0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25, + 0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd, + 0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8, + 0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a, + 0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd, + 0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d, + 0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84, + 0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba, + 0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90, + 0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49, + 0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c, + 0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05, + 0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a, + 0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5, + 0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75, + 0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f, + 0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61, + 0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e, + 0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72, + 0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e, + 0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9, + 0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6, + 0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4, + 0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1, + 0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99, + 0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6, + 0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e, + 0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c, + 0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea, + 0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62, + 0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca, + 0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b, + 0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78, + 0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab, + 0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4, + 0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20, + 0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92, + 0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80, + 0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb, + 0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3, + 0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5, + 0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74, + 0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7, + 0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20, + 0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7, + 0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02, + 0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4, + 0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6, + 0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf, + 0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94, + 0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76, + 0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f, + 0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74, + 0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88, + 0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08, + 0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57, + 0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04, + 0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16, + 0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07, + 0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45, + 0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5, + 0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5, + 0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7, + 0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d, + 0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16, + 0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1, + 0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82, + 0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d, + 0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47, + 0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11, + 0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f, + 0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc, + 0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69, + 0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50, + 0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1, + 0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74, + 0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8, + 0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92, + 0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5, + 0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d, + 0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7, + 0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f, + 0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42, + 0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4, + 0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2, + 0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36, + 0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30, + 0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68, + 0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41, + 0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0, + 0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce, + 0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce, + 0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c, + 0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83, + 0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9, + 0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca, + 0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec, + 0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15, + 0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e, + 0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab, + 0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34, + 0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03, + 0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0, + 0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea, + 0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7, + 0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32, + 0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8, + 0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9, + 0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce, + 0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee, + 0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe, + 0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e, + 0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8, + 0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7, + 0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a, + 0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98, + 0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47, + 0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe, + 0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5, + 0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74, + 0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e, + 0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92, + 0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12, + 0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab, + 0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25, + 0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80, + 0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55, + 0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0, + 0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20, + 0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda, + 0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76, + 0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b, + 0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e, + 0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7, + 0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1, + 0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5, + 0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f, + 0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15, + 0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94, + 0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7, + 0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12, + 0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd, + 0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7, + 0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b, + 0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68, + 0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e, + 0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98, + 0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61, + 0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6, + 0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5, + 0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89, + 0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7, + 0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7, + 0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd, + 0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37, + 0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e, + 0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff, + 0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e, + 0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb, + 0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8, + 0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2, + 0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20, + 0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73, + 0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e, + 0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1, + 0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1, + 0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c, + 0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3, + 0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42, + 0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21, + 0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f, + 0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb, + 0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76, + 0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66, + 0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36, + 0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8, + 0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee, + 0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10, + 0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1, + 0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec, + 0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f, + 0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61, + 0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9, + 0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0, + 0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06, + 0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b, + 0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07, + 0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31, + 0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12, + 0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab, + 0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73, + 0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6, + 0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe, + 0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7, + 0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12, + 0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8, + 0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69, + 0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43, + 0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26, + 0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0, + 0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61, + 0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45, + 0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83, + 0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63, + 0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e, + 0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9, + 0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad, + 0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52, + 0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9, + 0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f, + 0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4, + 0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d, + 0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73, + 0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a, + 0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe, + 0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd, + 0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24, + 0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf, + 0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3, + 0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38, + 0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e, + 0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b, + 0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38, + 0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c, + 0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3, + 0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb, + 0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2, + 0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44, + 0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33, + 0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25, + 0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27, + 0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a, + 0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2, + 0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d, + 0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d, + 0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd, + 0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d, + 0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01, + 0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91, + 0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86, + 0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d, + 0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69, + 0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f, + 0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21, + 0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4, + 0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89, + 0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05, + 0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c, + 0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf, + 0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3, + 0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d, + 0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42, + 0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7, + 0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20, + 0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0, + 0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6, + 0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5, + 0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9, + 0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8, + 0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f, + 0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a, + 0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a, + 0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16, + 0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33, + 0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76, + 0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8, + 0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde, + 0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7, + 0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00, + 0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92, + 0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d, + 0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4, + 0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7, + 0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a, + 0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef, + 0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba, + 0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12, + 0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1, + 0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46, + 0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2, + 0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5, + 0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d, + 0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e, + 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28, + }; + + return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, + (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig, + (word32)sizeof(ml_dsa_65_sig)); +} +#endif + +#ifndef WOLFSSL_NO_ML_DSA_87 +static wc_test_ret_t dilithium_param_87_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = { + 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, + 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, + 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, + 0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0, + 0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c, + 0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75, + 0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6, + 0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0, + 0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d, + 0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f, + 0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1, + 0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31, + 0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23, + 0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13, + 0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23, + 0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b, + 0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4, + 0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d, + 0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6, + 0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a, + 0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a, + 0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6, + 0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41, + 0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21, + 0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55, + 0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d, + 0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35, + 0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27, + 0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9, + 0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9, + 0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18, + 0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4, + 0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf, + 0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79, + 0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57, + 0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68, + 0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67, + 0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac, + 0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68, + 0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7, + 0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08, + 0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5, + 0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0, + 0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9, + 0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88, + 0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6, + 0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff, + 0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68, + 0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde, + 0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5, + 0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02, + 0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f, + 0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90, + 0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51, + 0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d, + 0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e, + 0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0, + 0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb, + 0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a, + 0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41, + 0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6, + 0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c, + 0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f, + 0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec, + 0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7, + 0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02, + 0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8, + 0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13, + 0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54, + 0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23, + 0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb, + 0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13, + 0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c, + 0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa, + 0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb, + 0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae, + 0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64, + 0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7, + 0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75, + 0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2, + 0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00, + 0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd, + 0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86, + 0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67, + 0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43, + 0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f, + 0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20, + 0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b, + 0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7, + 0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68, + 0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9, + 0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84, + 0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98, + 0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35, + 0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81, + 0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e, + 0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc, + 0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c, + 0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45, + 0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd, + 0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20, + 0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab, + 0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69, + 0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99, + 0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4, + 0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a, + 0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba, + 0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50, + 0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae, + 0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2, + 0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62, + 0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e, + 0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c, + 0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a, + 0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70, + 0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d, + 0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72, + 0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb, + 0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a, + 0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99, + 0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c, + 0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39, + 0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2, + 0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf, + 0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69, + 0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17, + 0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6, + 0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b, + 0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5, + 0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1, + 0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31, + 0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76, + 0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81, + 0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35, + 0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73, + 0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d, + 0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3, + 0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74, + 0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8, + 0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68, + 0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa, + 0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08, + 0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b, + 0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93, + 0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb, + 0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88, + 0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc, + 0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3, + 0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b, + 0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34, + 0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92, + 0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c, + 0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3, + 0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a, + 0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1, + 0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15, + 0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe, + 0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a, + 0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61, + 0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf, + 0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d, + 0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a, + 0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38, + 0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4, + 0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6, + 0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72, + 0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78, + 0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52, + 0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3, + 0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b, + 0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55, + 0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1, + 0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa, + 0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66, + 0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45, + 0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45, + 0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a, + 0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40, + 0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3, + 0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77, + 0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53, + 0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90, + 0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37, + 0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5, + 0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10, + 0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc, + 0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f, + 0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f, + 0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f, + 0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce, + 0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25, + 0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac, + 0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7, + 0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad, + 0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97, + 0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88, + 0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba, + 0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b, + 0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d, + 0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b, + 0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5, + 0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2, + 0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a, + 0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49, + 0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c, + 0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99, + 0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47, + 0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde, + 0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc, + 0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6, + 0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58, + 0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c, + 0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e, + 0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5, + 0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71, + 0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf, + 0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00, + 0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9, + 0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5, + 0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd, + 0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3, + 0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e, + 0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51, + 0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3, + 0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d, + 0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a, + 0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71, + 0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37, + 0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58, + 0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6, + 0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25, + 0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64, + 0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6, + 0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f, + 0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4, + 0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc, + 0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25, + 0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18, + 0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1, + 0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d, + 0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce, + 0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34, + 0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9, + 0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18, + 0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88, + 0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e, + 0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30, + 0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f, + 0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64, + 0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32, + 0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa, + 0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d, + 0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d, + 0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5, + 0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8, + 0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25, + 0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61, + 0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40, + 0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95, + 0x0a, 0x93, + }; + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = { + 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, + 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, + 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, + 0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57, + 0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35, + 0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70, + 0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94, + 0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d, + 0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47, + 0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e, + 0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4, + 0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37, + 0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d, + 0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84, + 0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a, + 0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41, + 0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe, + 0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c, + 0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8, + 0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3, + 0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8, + 0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a, + 0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb, + 0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f, + 0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe, + 0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28, + 0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80, + 0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51, + 0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65, + 0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d, + 0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95, + 0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae, + 0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4, + 0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f, + 0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0, + 0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1, + 0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19, + 0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21, + 0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd, + 0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0, + 0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f, + 0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e, + 0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab, + 0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70, + 0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e, + 0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88, + 0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff, + 0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14, + 0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc, + 0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6, + 0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f, + 0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34, + 0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0, + 0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1, + 0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e, + 0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e, + 0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44, + 0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba, + 0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3, + 0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6, + 0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c, + 0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c, + 0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a, + 0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc, + 0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6, + 0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba, + 0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b, + 0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00, + 0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f, + 0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71, + 0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf, + 0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7, + 0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75, + 0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f, + 0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d, + 0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85, + 0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0, + 0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7, + 0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b, + 0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94, + 0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3, + 0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63, + 0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69, + 0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf, + 0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16, + 0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a, + 0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0, + 0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f, + 0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96, + 0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a, + 0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87, + 0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9, + 0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01, + 0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70, + 0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b, + 0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb, + 0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec, + 0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9, + 0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d, + 0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8, + 0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57, + 0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e, + 0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb, + 0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c, + 0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde, + 0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b, + 0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53, + 0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81, + 0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76, + 0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9, + 0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9, + 0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c, + 0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a, + 0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d, + 0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde, + 0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a, + 0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb, + 0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70, + 0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25, + 0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac, + 0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3, + 0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6, + 0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f, + 0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c, + 0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07, + 0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63, + 0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a, + 0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c, + 0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d, + 0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7, + 0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74, + 0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36, + 0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81, + 0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68, + 0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40, + 0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14, + 0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90, + 0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2, + 0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d, + 0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc, + 0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8, + 0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3, + 0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c, + 0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e, + 0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45, + 0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e, + 0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1, + 0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c, + 0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4, + 0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66, + 0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58, + 0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d, + 0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a, + 0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57, + 0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9, + 0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62, + 0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6, + 0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb, + 0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9, + 0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55, + 0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8, + 0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08, + 0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18, + 0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f, + 0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6, + 0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0, + 0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1, + 0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6, + 0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57, + 0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17, + 0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48, + 0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85, + 0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d, + 0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f, + 0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88, + 0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66, + 0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51, + 0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57, + 0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98, + 0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b, + 0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe, + 0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00, + 0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32, + 0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04, + 0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff, + 0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54, + 0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65, + 0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17, + 0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5, + 0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d, + 0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72, + 0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51, + 0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3, + 0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02, + 0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c, + 0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06, + 0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b, + 0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6, + 0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44, + 0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7, + 0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89, + 0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52, + 0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1, + 0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98, + 0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0, + 0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab, + 0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab, + 0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0, + 0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83, + 0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84, + 0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b, + 0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a, + 0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec, + 0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46, + 0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5, + 0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00, + 0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd, + 0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92, + 0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6, + 0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5, + 0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c, + 0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c, + 0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57, + 0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7, + 0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78, + 0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57, + 0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04, + 0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed, + 0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc, + 0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d, + 0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71, + 0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d, + 0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e, + 0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6, + 0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7, + 0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3, + 0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f, + 0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a, + 0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6, + 0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56, + 0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7, + 0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b, + 0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d, + 0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef, + 0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9, + 0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21, + 0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0, + 0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c, + 0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1, + 0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9, + 0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90, + 0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76, + 0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35, + 0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4, + 0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb, + 0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a, + 0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07, + 0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b, + 0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc, + 0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e, + 0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92, + 0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64, + 0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12, + 0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f, + 0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88, + 0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a, + 0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20, + 0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8, + 0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25, + 0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4, + 0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d, + 0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0, + 0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8, + 0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f, + 0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0, + 0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1, + 0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb, + 0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f, + 0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e, + 0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b, + 0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b, + 0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d, + 0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d, + 0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd, + 0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6, + 0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68, + 0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38, + 0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49, + 0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5, + 0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7, + 0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81, + 0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0, + 0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1, + 0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c, + 0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad, + 0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81, + 0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e, + 0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1, + 0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56, + 0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f, + 0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2, + 0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88, + 0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6, + 0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67, + 0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92, + 0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a, + 0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75, + 0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2, + 0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63, + 0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b, + 0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86, + 0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83, + 0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa, + 0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10, + 0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5, + 0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07, + 0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b, + 0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27, + 0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21, + 0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e, + 0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00, + 0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d, + 0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55, + 0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc, + 0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81, + 0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2, + 0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb, + 0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01, + 0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe, + 0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc, + 0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f, + 0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24, + 0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52, + 0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45, + 0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c, + 0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c, + 0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2, + 0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb, + 0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b, + 0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c, + 0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b, + 0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c, + 0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe, + 0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8, + 0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf, + 0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b, + 0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40, + 0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b, + 0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1, + 0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0, + 0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe, + 0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f, + 0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95, + 0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f, + 0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b, + 0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2, + 0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e, + 0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6, + 0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d, + 0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44, + 0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6, + 0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e, + 0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11, + 0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55, + 0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19, + 0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d, + 0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e, + 0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c, + 0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4, + 0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9, + 0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78, + 0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2, + 0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31, + 0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e, + 0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12, + 0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca, + 0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06, + 0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53, + 0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a, + 0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59, + 0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87, + 0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1, + 0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a, + 0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05, + 0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d, + 0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93, + 0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83, + 0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c, + 0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80, + 0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0, + 0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e, + 0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37, + 0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01, + 0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72, + 0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae, + 0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6, + 0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31, + 0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b, + 0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a, + 0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74, + 0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70, + 0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0, + 0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00, + 0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69, + 0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e, + 0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30, + 0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80, + 0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25, + 0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9, + 0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf, + 0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47, + 0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2, + 0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31, + 0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5, + 0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86, + 0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b, + 0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1, + 0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e, + 0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e, + 0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65, + 0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19, + 0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3, + 0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24, + 0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa, + 0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62, + 0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd, + 0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70, + 0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a, + 0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1, + 0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d, + 0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b, + 0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c, + 0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17, + 0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72, + 0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7, + 0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03, + 0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39, + 0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd, + 0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd, + 0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63, + 0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b, + 0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d, + 0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2, + 0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9, + 0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c, + 0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e, + 0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde, + 0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6, + 0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0, + 0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f, + 0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e, + 0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18, + 0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b, + 0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44, + 0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf, + 0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1, + 0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2, + 0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c, + 0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38, + 0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8, + 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f, + }; + + return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, + (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig, + (word32)sizeof(ml_dsa_87_sig)); +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng) +{ + wc_test_ret_t ret; + dilithium_key* key; + byte* sig = NULL; +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + word32 sigLen; + byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + int res = 0; +#endif +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + ret = wc_dilithium_init(key); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + return ret; + } + + ret = wc_dilithium_set_level(key, param); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_make_key(key, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + sigLen = wc_dilithium_sig_size(key); + if (sigLen <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key, + rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, + key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); +#endif +#endif + +out: + wc_dilithium_free(key); + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + return ret; + } + +#ifndef WOLFSSL_NO_ML_DSA_44 +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_44_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_44, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_65_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_65, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_87_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_87, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +out: +#endif + wc_FreeRng(&rng); + return ret; +} +#endif /* HAVE_DILITHIUM */ + #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz, void *context) @@ -37286,7 +42421,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void) #endif byte * sig = NULL; int ret2 = -1; - int ret = -1; + int ret = WC_TEST_RET_ENC_NC; WOLFSSL_ENTER("xmss_test"); #ifndef HAVE_FIPS @@ -37397,20 +42532,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void) } /* Cleanup everything. */ - if (sig != NULL) { - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - sig = NULL; - } + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; - if (sk != NULL) { - XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - sk = NULL; - } + XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sk = NULL; - if (old_sk != NULL) { - XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - old_sk = NULL; - } + XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + old_sk = NULL; wc_XmssKey_Free(&signingKey); wc_FreeRng(&rng); @@ -37775,15 +42904,20 @@ static /* not const */ byte xmss_sig[2500] = WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void) { - XmssKey verifyKey; - word32 pkSz = 0; - word32 sigSz = 0; - const char * param = "XMSS-SHA2_10_256"; - int j = 0; - int ret2 = -1; - int ret = -1; + XmssKey verifyKey; + unsigned char pub_raw[XMSS_SHA256_PUBLEN]; + word32 pub_len = sizeof(pub_raw); + word32 pkSz = 0; + word32 sigSz = 0; + const char * param = "XMSS-SHA2_10_256"; + int j = 0; + int ret2 = WC_TEST_RET_ENC_NC; + int ret = WC_TEST_RET_ENC_NC; + int n_diff = 0; WOLFSSL_ENTER("xmss_test_verify_only"); + XMEMSET(pub_raw, 0, sizeof(pub_raw)); + ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } @@ -37820,13 +42954,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void) return WC_TEST_RET_ENC_EC(ret); } + /* Now test the ExportPubRaw API, verify we recover the original pub. */ + ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len); + if (ret != 0) { + printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (pub_len != XMSS_SHA256_PUBLEN) { + printf("error: xmss pub len %u, expected %d\n", pub_len, + XMSS_SHA256_PUBLEN); + return WC_TEST_RET_ENC_EC(pub_len); + } + + n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub)); + + if (n_diff != 0) { + printf("error: exported and imported pub raw do not match: %d\n", + n_diff); + return WC_TEST_RET_ENC_EC(n_diff); + } + /* Flip bits in message. This should fail. */ xmss_msg[sizeof(xmss_msg) / 2] ^= 1; ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig), (byte *) xmss_msg, sizeof(xmss_msg)); if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) { printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2); - return WC_TEST_RET_ENC_EC(ret); + return WC_TEST_RET_ENC_EC(ret2); } /* Flip it back. This should pass again. */ @@ -37889,8 +43044,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) { int i = 0; int j = 0; - int ret = -1; - int ret2 = -1; + int ret = WC_TEST_RET_ENC_NC; + int ret2 = WC_TEST_RET_ENC_NC; int sigsLeft = 0; LmsKey signingKey; LmsKey verifyKey; @@ -38026,7 +43181,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) -#if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) +#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ + defined(HAVE_LIBLMS) /* A simple LMS verify only test. * @@ -38250,18 +43406,23 @@ static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] = WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) { - int ret = -1; - int ret2 = -1; - int j = 0; - LmsKey verifyKey; - word32 sigSz = 0; - word32 msgSz = sizeof(lms_msg); - word32 pubLen = 0; - int levels = 0; - int height = 0; - int winternitz = 0; + LmsKey verifyKey; + unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN]; + word32 pub_len = sizeof(pub_raw); + word32 sigSz = 0; + word32 msgSz = sizeof(lms_msg); + word32 pubSz = 0; + int levels = 0; + int height = 0; + int winternitz = 0; + int ret = WC_TEST_RET_ENC_NC; + int ret2 = WC_TEST_RET_ENC_NC; + int j = 0; + int n_diff = 0; WOLFSSL_ENTER("lms_test_verify_only"); + XMEMSET(pub_raw, 0, sizeof(pub_raw)); + ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } @@ -38279,15 +43440,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) if (levels != 1 || height != 10 || winternitz != 8) { printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height, winternitz); - return -1; + return WC_TEST_RET_ENC_NC; } - ret = wc_LmsKey_GetPubLen(&verifyKey, &pubLen); + ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz); if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } - if (pubLen != HSS_MAX_PUBLIC_KEY_LEN) { - printf("error: got %u, expected %d\n", pubLen, HSS_MAX_PUBLIC_KEY_LEN); - return WC_TEST_RET_ENC_EC(pubLen); + if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) { + printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN); + return WC_TEST_RET_ENC_EC(pubSz); } ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz); @@ -38305,6 +43466,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) return WC_TEST_RET_ENC_EC(ret); } + /* Now test the ExportPubRaw API, verify we recover the original pub. */ + ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len); + if (ret != 0) { + printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) { + printf("error: LMS pub len %u, expected %d\n", pub_len, + HSS_MAX_PUBLIC_KEY_LEN); + return WC_TEST_RET_ENC_EC(pub_len); + } + + n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub)); + + if (n_diff != 0) { + printf("error: exported and imported pub raw do not match: %d\n", + n_diff); + return WC_TEST_RET_ENC_EC(n_diff); + } + /* Flip bits in message. This should fail. */ lms_msg[msgSz / 2] ^= 1; ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN, @@ -40002,10 +45184,8 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); /* Dispose of tables */ - if (iTable != NULL) - XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (table != NULL) - XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* Make sure the key public key is exportable - convert to Montgomery form * in Validation. @@ -40500,8 +45680,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void) } if (rng_inited) wc_FreeRng(&rng); - if (key != NULL) - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pub != NULL) { wc_FreeSakkeKey(pub); XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -40772,8 +45951,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (cmac) - XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC); + XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC); #endif return ret; @@ -41013,7 +46191,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void) ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8); if (ret != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_SipHashUpdate(&siphash, siphash_msg, i); + ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_I(i); ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8); @@ -41021,7 +46199,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_8); + ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8); if (ret != 0) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0) @@ -41031,7 +46209,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void) ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16); if (ret != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_SipHashUpdate(&siphash, siphash_msg, i); + ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_I(i); ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16); @@ -41039,7 +46217,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0) return WC_TEST_RET_ENC_I(i); - ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_16); + ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16); if (ret != 0) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0) @@ -41428,8 +46606,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void) ret = 0; /* success */ exit: - if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -41985,9 +47163,9 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID); if (ret == 0) { - ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); + ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION); if (ret == 0) - ret = wc_AesCbcDecrypt(aes, out, in, inSz); + ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz); wc_AesFree(aes); } @@ -42402,7 +47580,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, /* decode envelopedData */ pkcs7->contentOID = 0; - decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz, decoded, PKCS7_BUF_SIZE); if (pkcs7->contentOID != testVectors[i].contentOID || decodedSz <= 0) { @@ -42472,12 +47650,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, (void)rsaPrivKeySz; out: - if (testVectors) - XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (enveloped) - XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -43126,7 +48301,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif /* decode envelopedData */ decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped, - envelopedSz, decoded, + (word32)envelopedSz, decoded, PKCS7_BUF_SIZE); if (decodedSz <= 0) { wc_PKCS7_Free(pkcs7); @@ -43180,12 +48355,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer #endif out: - if (testVectors) - XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (enveloped) - XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -43482,7 +48654,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp if (ret <= 0) { return ret; } - attribs[1].valueSz = (int)ret; + attribs[1].valueSz = (word32)ret; attribNum++; } @@ -43509,13 +48681,13 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h, (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); + attribs, (word32)attribNum, out, *outSz); } else { ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h, (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); + attribs, (word32)attribNum, out, *outSz); } if (ret <= 0) { printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, " @@ -43524,7 +48696,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp return WC_TEST_RET_ENC_EC(ret); } else { - *outSz = (int)ret; + *outSz = (word32)ret; } wc_PKCS7_Free(pkcs7); @@ -43624,7 +48796,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint) if (ret < 0) goto out; pkcs7->encryptionKey = key; - pkcs7->encryptionKeySz = (int)ret; + pkcs7->encryptionKeySz = (word32)ret; } else { decodedSz = PKCS7_BUF_SIZE; @@ -43638,7 +48810,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint) } decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, decoded, decodedSz); + pkcs7->contentSz, decoded, (word32)decodedSz); if (decodedSz < 0) { ret = decodedSz; goto out; @@ -43648,12 +48820,10 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint) out: - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pkcs7) wc_PKCS7_Free(pkcs7); - if (sid) - XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -43710,8 +48880,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert ret = 0; out: - if (derBuf) - XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -43915,7 +49084,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void) } } #endif - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, decoded, PKCS7_BUF_SIZE); if (decodedSz <= 0){ wc_PKCS7_Free(pkcs7); @@ -43980,10 +49149,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void) } out: - if (encrypted) - XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -44106,10 +49273,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (compressed) - XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -44419,6 +49584,11 @@ static wc_test_ret_t pkcs7signed_run_vectors( XMEMSET(out, 0, outSz); + /* test inner pad size error with block size being 0 */ + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0); + if (ret > 0) + ERROR_OUT(-1, out); + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -44521,11 +49691,7 @@ static wc_test_ret_t pkcs7signed_run_vectors( #endif for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { - #if defined(WOLF_C89) - XSPRINTF((char*)&transId[k], "%02x", digest[j]); - #else - (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); - #endif + (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); } } @@ -44593,7 +49759,7 @@ static wc_test_ret_t pkcs7signed_run_vectors( int bufSz = 0; if (testVectors[i].signedAttribs != NULL) { - ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, + ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz, NULL, (word32*)&bufSz); if (ret != LENGTH_ONLY_E) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -44603,7 +49769,7 @@ static wc_test_ret_t pkcs7signed_run_vectors( if (bufSz > (int)sizeof(buf)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, + bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz, buf, (word32*)&bufSz); if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || (testVectors[i].signedAttribs == NULL && bufSz > 0)) @@ -44631,10 +49797,8 @@ static wc_test_ret_t pkcs7signed_run_vectors( if (pkcs7 != NULL) wc_PKCS7_Free(pkcs7); - if (out != NULL) - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (testVectors != NULL) - XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); if (ret > 0) @@ -45165,15 +50329,12 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors( if (pkcs7 != NULL) wc_PKCS7_Free(pkcs7); - if (out != NULL) - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \ !defined(NO_PKCS7_ENCRYPTED_DATA) - if (encryptedTmp != NULL) - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (testVectors != NULL) - XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); if (ret > 0) @@ -45359,10 +50520,10 @@ static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap) (void)heap; do { - ret = wc_RNG_GenerateBlock(rng, d, len); + ret = wc_RNG_GenerateBlock(rng, d, (word32)len); if (ret != 0) return ret; - ret = mp_read_unsigned_bin(n, d, len); + ret = mp_read_unsigned_bin(n, d, (word32)len); if (ret != 0) return ret; } while (mp_iszero(n)); @@ -45721,7 +50882,7 @@ static wc_test_ret_t mp_test_read_to_bin(mp_int* a) for (i = 0; i < (int)sizeof(in); i++) { p = in + sizeof(in) - i; - ret = mp_read_unsigned_bin(a, p, i); + ret = mp_read_unsigned_bin(a, p, (word32)i); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); for (j = i; j < (int)sizeof(out); j++) { @@ -45862,6 +51023,9 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); + /* clear buffer to avoid provoking uninitvar errors. */ + XMEMSET(buffer, 0, sizeof(buffer)); + ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer)); if (ret != MP_VAL) return WC_TEST_RET_ENC_EC(ret); @@ -48423,7 +53587,7 @@ static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k) if (ret != 0) ret = WC_TEST_RET_ENC_EC(ret); if (ret == 0) { - ret = mp_set(ki, k); + ret = mp_set(ki, (mp_digit)k); if (ret != 0) ret = WC_TEST_RET_ENC_EC(ret); } @@ -48478,7 +53642,7 @@ static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, goto out; } for (i = 0; ret == 0 && i < ecPairsSz; i++) { - ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz); + ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz); if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); break; @@ -48673,9 +53837,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void) #endif /* WOLFSSL_PUBLIC_MP */ -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) +#ifdef ASN_BER_TO_DER /* wc_BerToDer is only public facing in the case of test cert or opensslextra */ typedef struct berDerTestData { const byte *in; @@ -48791,7 +53953,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void) return 0; } -#endif +#endif /* ASN_BER_TO_DER */ #ifdef DEBUG_WOLFSSL static THREAD_LS_T int log_cnt = 0; @@ -49011,8 +54173,8 @@ static void *my_Realloc_cb(void *ptr, size_t size) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void) { wc_test_ret_t ret = 0; -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \ - !defined(WOLFSSL_STATIC_MEMORY) +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY) byte* b = NULL; #endif wolfSSL_Malloc_cb mc; @@ -49025,8 +54187,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \ - !defined(WOLFSSL_STATIC_MEMORY) +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY) /* test realloc */ b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -49061,8 +54223,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void) ret = WC_TEST_RET_ENC_NC; #endif /* !WOLFSSL_NO_MALLOC */ -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \ - !defined(WOLFSSL_STATIC_MEMORY) +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY) exit_memcb: /* reset malloc/free/realloc counts */ @@ -49616,12 +54778,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) wc_ecc_free(key); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (pub != NULL) { - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } - if (out != NULL) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifdef OPENSSL_EXTRA if (check) { FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -49652,7 +54810,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) return BAD_FUNC_ARG; #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Algo Type %d\n", info->algo_type); + WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type); #endif if (info->algo_type == WC_ALGO_TYPE_RNG) { @@ -49694,7 +54852,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } else if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type); #endif #ifndef NO_RSA @@ -50212,6 +55370,97 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif } else + #endif + #if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)) + if (info->hash.type == WC_HASH_TYPE_SHA3_224) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_224_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_224_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_256) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_256_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_256_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_384) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_384_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_384_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_512) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_512_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_512_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else #endif { } @@ -50363,8 +55612,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) PRIVATE_KEY_LOCK(); #endif #ifdef HAVE_ED25519 + PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = ed25519_test(); + PRIVATE_KEY_LOCK(); #endif #ifdef HAVE_CURVE25519 if (ret == 0) @@ -50407,6 +55658,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) #ifdef WOLFSSL_SHA512 if (ret == 0) ret = sha512_test(); +#ifdef WOLFSSL_SHA3 + if (ret == 0) + ret = sha3_test(); +#endif #endif #ifndef NO_HMAC #ifndef NO_SHA @@ -50417,11 +55672,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) if (ret == 0) ret = hmac_sha256_test(); #endif + #ifdef WOLFSSL_SHA3 + if (ret == 0) + ret = hmac_sha3_test(); + #endif #endif #ifndef NO_PWDBASED #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) + PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = pbkdf2_test(); + PRIVATE_KEY_LOCK(); #endif #endif #if defined(WOLFSSL_CMAC) && !defined(NO_AES) diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index b58beca0d4..2584b12277 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -1,6 +1,6 @@ /* wolfcrypt/test/test.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/test/test_paths.h.in b/wolfcrypt/test/test_paths.h.in index adac40c1a9..38e9124070 100644 --- a/wolfcrypt/test/test_paths.h.in +++ b/wolfcrypt/test/test_paths.h.in @@ -1,6 +1,6 @@ /* wolfcrypt/test/test_paths.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl.rc b/wolfssl.rc index 471de1e8f3..fde2703ded 100644 Binary files a/wolfssl.rc and b/wolfssl.rc differ diff --git a/wolfssl.vcproj b/wolfssl.vcproj index f9b5e87d0c..8f07d8bf11 100644 --- a/wolfssl.vcproj +++ b/wolfssl.vcproj @@ -199,6 +199,10 @@ RelativePath=".\wolfcrypt\src\aes_asm.asm" > + + @@ -227,6 +231,10 @@ RelativePath=".\wolfcrypt\src\chacha.c" > + + @@ -235,6 +243,10 @@ RelativePath=".\wolfcrypt\src\des3.c" > + + @@ -251,6 +263,14 @@ RelativePath=".\wolfcrypt\src\error.c" > + + + + @@ -279,6 +299,14 @@ RelativePath=".\wolfcrypt\src\integer.c" > + + + + @@ -311,6 +339,10 @@ RelativePath=".\wolfcrypt\src\poly1305.c" > + + @@ -343,6 +375,10 @@ RelativePath=".\wolfcrypt\src\sha512.c" > + + @@ -391,6 +427,10 @@ RelativePath=".\wolfcrypt\src\wolfevent.c" > + + + + + @@ -317,6 +320,8 @@ + + @@ -335,6 +340,7 @@ + @@ -346,6 +352,7 @@ + @@ -377,6 +384,48 @@ $(OutDir)%(Filename).obj $(IntDir)%(Filename).obj + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false false diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h index bf996fad60..1010eca9e2 100644 --- a/wolfssl/callbacks.h +++ b/wolfssl/callbacks.h @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 09ed4b1230..013b37494e 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -3451,7 +3451,7 @@ static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096); #endif /* USE_CERT_BUFFERS_4096 */ -#if defined(HAVE_PQC) && defined(HAVE_FALCON) +#if defined(HAVE_FALCON) /* certs/falcon/bench_falcon_level1_key.der */ static const unsigned char bench_falcon_level1_key[] = @@ -4099,1767 +4099,1802 @@ static const unsigned char bench_falcon_level5_key[] = }; static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key); -#endif /* HAVE_PQC && HAVE_FALCON */ +#endif /* HAVE_FALCON */ -#if defined (HAVE_PQC) && defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) -/* certs/dilithium/bench_dilithium_level2_key.der */ -static const unsigned char bench_dilithium_level2_key[] = -{ - 0x30, 0x82, 0x0F, 0x1A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, - 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, - 0x04, 0x04, 0x04, 0x82, 0x0F, 0x04, 0x04, 0x82, 0x0F, 0x00, - 0xA2, 0xBD, 0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40, - 0x22, 0x33, 0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20, - 0xD9, 0x3F, 0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0, - 0x0D, 0xFF, 0x77, 0x85, 0xCD, 0x88, 0x58, 0x17, 0x6B, 0x85, - 0xD2, 0x5D, 0xF0, 0x41, 0xCE, 0x6D, 0x94, 0x7F, 0xF4, 0xDB, - 0xD3, 0x60, 0x52, 0x1A, 0x83, 0x42, 0xD8, 0x7C, 0x2D, 0xD9, - 0x55, 0x7B, 0xFB, 0xB8, 0x87, 0xAA, 0xDA, 0x75, 0x42, 0x86, - 0x3E, 0x5A, 0xE4, 0xD4, 0x7D, 0xC3, 0x38, 0xA2, 0xEE, 0x0D, - 0xF5, 0xAD, 0xDA, 0x12, 0x5B, 0xD6, 0x3A, 0x89, 0x87, 0xED, - 0x57, 0xD1, 0xA9, 0xC2, 0xB3, 0xC0, 0xDC, 0x90, 0x88, 0x0C, - 0x86, 0x48, 0xD2, 0xA6, 0x60, 0x1B, 0x22, 0x8C, 0x03, 0x34, - 0x69, 0x19, 0x96, 0x24, 0x04, 0xB3, 0x65, 0x10, 0x34, 0x31, - 0x09, 0x38, 0x31, 0x5C, 0x10, 0x8C, 0x02, 0x15, 0x66, 0xD0, - 0x48, 0x50, 0x53, 0x22, 0x41, 0xC4, 0x98, 0x41, 0xE2, 0x42, - 0x62, 0x42, 0x38, 0x45, 0xC2, 0xB8, 0x08, 0x20, 0x31, 0x21, - 0x13, 0x10, 0x88, 0x00, 0xB9, 0x24, 0x93, 0x06, 0x6D, 0x44, - 0x20, 0x64, 0x98, 0x84, 0x29, 0x91, 0x12, 0x6A, 0xC9, 0x14, - 0x10, 0x11, 0x40, 0x2A, 0x24, 0xC9, 0x85, 0xCC, 0x42, 0x2A, - 0x1C, 0x44, 0x28, 0xE0, 0xB4, 0x00, 0x20, 0x99, 0x11, 0x0B, - 0x09, 0x61, 0x24, 0x14, 0x10, 0x41, 0x94, 0x20, 0xC9, 0x46, - 0x64, 0x43, 0x02, 0x6E, 0x08, 0x39, 0x71, 0x81, 0x06, 0x2D, - 0x63, 0x14, 0x71, 0x62, 0xC0, 0x11, 0x20, 0xB2, 0x61, 0xD1, - 0x30, 0x24, 0x44, 0x06, 0x89, 0x04, 0x16, 0x88, 0x10, 0x33, - 0x48, 0x51, 0xB8, 0x00, 0x4A, 0x12, 0x68, 0x14, 0x04, 0x10, - 0xD8, 0x92, 0x8D, 0x22, 0x32, 0x61, 0x0C, 0x23, 0x91, 0x10, - 0x39, 0x24, 0x51, 0x80, 0x08, 0x0B, 0x30, 0x61, 0x00, 0x89, - 0x01, 0x98, 0x34, 0x05, 0x9A, 0xA2, 0x70, 0xC4, 0x46, 0x40, - 0x52, 0x38, 0x42, 0xC0, 0x92, 0x6D, 0xCC, 0x08, 0x22, 0xD4, - 0x42, 0x4A, 0x02, 0x23, 0x40, 0x40, 0x92, 0x25, 0x12, 0x36, - 0x65, 0x42, 0x06, 0x10, 0x02, 0x10, 0x10, 0x20, 0xA3, 0x41, - 0x0A, 0x15, 0x10, 0x20, 0x23, 0x80, 0x99, 0xB6, 0x0C, 0x11, - 0x26, 0x11, 0x9B, 0xC8, 0x44, 0x1C, 0xC9, 0x05, 0xA4, 0x38, - 0x11, 0x1B, 0xB0, 0x05, 0xDC, 0x22, 0x00, 0xC8, 0x22, 0x72, - 0xA3, 0x30, 0x2E, 0xC1, 0xA8, 0x41, 0x1C, 0xA6, 0x20, 0xE2, - 0xB0, 0x21, 0x9B, 0x10, 0x01, 0x61, 0x32, 0x46, 0xC1, 0x92, - 0x61, 0x1C, 0xA4, 0x85, 0x0A, 0xB7, 0x70, 0xE4, 0x26, 0x6C, - 0x58, 0xA4, 0x00, 0x19, 0x86, 0x4C, 0xDC, 0xA6, 0x40, 0xA1, - 0x32, 0x12, 0x04, 0x81, 0x90, 0x8C, 0x04, 0x05, 0x10, 0x30, - 0x26, 0x09, 0x31, 0x2C, 0x50, 0x88, 0x89, 0x82, 0x44, 0x62, - 0x10, 0x23, 0x8A, 0x04, 0x44, 0x22, 0x0A, 0x30, 0x4E, 0xA4, - 0x34, 0x32, 0x4C, 0x18, 0x8C, 0x21, 0x21, 0x41, 0x23, 0x13, - 0x72, 0x08, 0x84, 0x24, 0x1A, 0x04, 0x24, 0x14, 0x06, 0x02, - 0xC4, 0x40, 0x70, 0xCA, 0x00, 0x6E, 0xC1, 0xC6, 0x09, 0x83, - 0x42, 0x62, 0xA0, 0x30, 0x12, 0x1B, 0x14, 0x0C, 0x08, 0x03, - 0x22, 0xCA, 0x46, 0x65, 0x64, 0x46, 0x26, 0x10, 0x39, 0x20, - 0xCA, 0x80, 0x28, 0x62, 0x14, 0x6D, 0x10, 0x26, 0x11, 0x49, - 0xA2, 0x45, 0x53, 0x98, 0x0D, 0x64, 0x40, 0x05, 0x0C, 0x31, - 0x09, 0x13, 0x11, 0x60, 0xD8, 0x02, 0x50, 0x11, 0x41, 0x41, - 0x23, 0xC1, 0x4C, 0x22, 0xC6, 0x30, 0x99, 0x06, 0x08, 0xCA, - 0x40, 0x81, 0xCC, 0x32, 0x0E, 0x11, 0xC4, 0x20, 0xD9, 0x92, - 0x41, 0xC4, 0x20, 0x08, 0xE4, 0xA0, 0x00, 0xCB, 0x88, 0x21, - 0x03, 0x03, 0x90, 0x54, 0x00, 0x49, 0x14, 0x98, 0x04, 0xC8, - 0xC0, 0x31, 0x11, 0x31, 0x69, 0x04, 0x93, 0x90, 0x00, 0xB9, - 0x21, 0x22, 0x38, 0x48, 0x00, 0x34, 0x0C, 0x61, 0x98, 0x00, - 0x01, 0xB4, 0x69, 0x60, 0x26, 0x81, 0x1C, 0xA4, 0x10, 0x22, - 0xB6, 0x10, 0x21, 0xC6, 0x20, 0x4A, 0x22, 0x26, 0xD0, 0x92, - 0x41, 0xDA, 0x84, 0x69, 0x03, 0x42, 0x2A, 0x04, 0x09, 0x02, - 0xE1, 0x24, 0x42, 0xA2, 0x46, 0x28, 0x10, 0xB1, 0x08, 0x82, - 0x86, 0x84, 0xE0, 0x24, 0x51, 0x0A, 0xC9, 0x28, 0x59, 0x86, - 0x20, 0xDB, 0xB6, 0x40, 0x13, 0xC3, 0x40, 0x1C, 0xA9, 0x09, - 0x80, 0x34, 0x50, 0xDC, 0x84, 0x2C, 0x53, 0x24, 0x08, 0xC0, - 0xB4, 0x6D, 0x88, 0x26, 0x30, 0x82, 0xC8, 0x0D, 0x62, 0x22, - 0x28, 0x64, 0xA2, 0x09, 0x10, 0x25, 0x26, 0xDB, 0x34, 0x02, - 0x4A, 0x04, 0x11, 0x53, 0xB8, 0x28, 0x82, 0x34, 0x11, 0xC2, - 0x12, 0x25, 0x20, 0xB5, 0x40, 0x19, 0xA8, 0x31, 0x80, 0x22, - 0x66, 0x21, 0xB2, 0x10, 0x0B, 0x42, 0x2A, 0x61, 0x20, 0x50, - 0x40, 0x24, 0x4C, 0x99, 0x12, 0x48, 0x21, 0xB4, 0x11, 0xD1, - 0x44, 0x48, 0x00, 0x40, 0x0C, 0x58, 0x46, 0x68, 0x04, 0x12, - 0x12, 0x93, 0x22, 0x20, 0xC2, 0x32, 0x4C, 0x01, 0xB0, 0x88, - 0xE3, 0x20, 0x8E, 0x03, 0x00, 0x6C, 0x52, 0x14, 0x30, 0xD2, - 0x44, 0x88, 0x10, 0x44, 0x4A, 0x61, 0x86, 0x29, 0x14, 0x42, - 0x24, 0x24, 0x35, 0x2E, 0x11, 0xC4, 0x0D, 0x23, 0x24, 0x66, - 0x0A, 0x90, 0x71, 0xE0, 0xC2, 0x69, 0x48, 0x38, 0x91, 0x82, - 0xC8, 0x08, 0x1C, 0x93, 0x31, 0xD9, 0x06, 0x51, 0x8A, 0xA4, - 0x6C, 0x50, 0x34, 0x68, 0x5A, 0x18, 0x89, 0x4A, 0x96, 0x85, - 0x8A, 0x18, 0x44, 0x4A, 0x34, 0x40, 0x5B, 0x36, 0x80, 0xCC, - 0x20, 0x6E, 0x09, 0x19, 0x89, 0x02, 0x38, 0x6A, 0x24, 0xA3, - 0x69, 0x58, 0x32, 0x6D, 0x21, 0x01, 0x84, 0x88, 0x86, 0x28, - 0xA3, 0x22, 0x89, 0x93, 0xA6, 0x80, 0x00, 0x88, 0x81, 0xE1, - 0x48, 0x70, 0xA2, 0x34, 0x60, 0x18, 0x02, 0x04, 0x18, 0x29, - 0x01, 0x1B, 0x31, 0x51, 0xD4, 0xA4, 0x49, 0xCC, 0x08, 0x8C, - 0xDA, 0x36, 0x11, 0x01, 0x39, 0x26, 0x42, 0x92, 0x88, 0xC8, - 0x46, 0x52, 0x8C, 0xA4, 0x08, 0x14, 0x11, 0x52, 0xCA, 0x40, - 0x66, 0x8B, 0x32, 0x8E, 0x89, 0x44, 0x02, 0x9B, 0x42, 0x02, - 0x93, 0xA4, 0x01, 0x1A, 0x00, 0x50, 0x94, 0x44, 0x42, 0x08, - 0x09, 0x8C, 0xE2, 0xA8, 0x81, 0x98, 0x00, 0x48, 0x63, 0x02, - 0x85, 0x1B, 0x05, 0x2D, 0xC1, 0xBE, 0x5F, 0xA4, 0xAC, 0xB4, - 0xF0, 0xC7, 0x94, 0xBD, 0xEC, 0xFB, 0x09, 0xAF, 0x16, 0xF1, - 0x23, 0x58, 0xAB, 0x82, 0xFA, 0x74, 0xD1, 0x84, 0x51, 0xD0, - 0x58, 0x9B, 0xFA, 0xF4, 0x11, 0xC1, 0x17, 0x2F, 0xCE, 0xD1, - 0xCA, 0xC6, 0xCE, 0x1C, 0x8F, 0x8F, 0x1B, 0x43, 0xBF, 0xB9, - 0x43, 0x41, 0x02, 0x3E, 0x5D, 0xFA, 0x24, 0x88, 0x0E, 0xA5, - 0x36, 0xA9, 0x9B, 0x25, 0x43, 0xD6, 0xEE, 0xDE, 0xAE, 0x93, - 0x54, 0xC8, 0x6C, 0x55, 0xE9, 0x5C, 0xC8, 0xC1, 0xA5, 0xD7, - 0xFC, 0xDA, 0xAF, 0xF8, 0x40, 0x1F, 0x02, 0x5C, 0x8E, 0x48, - 0x51, 0x4B, 0x3F, 0xFD, 0x76, 0x9A, 0xD0, 0x87, 0xF4, 0xD0, - 0x68, 0x9C, 0x44, 0x3B, 0xB4, 0x4A, 0xAB, 0x34, 0x2A, 0xD4, - 0x0C, 0xA4, 0x7A, 0xBB, 0x98, 0x7F, 0x8D, 0xF6, 0xA7, 0x6A, - 0x42, 0x8C, 0x7A, 0xB4, 0x32, 0xC6, 0x8A, 0xD6, 0x5E, 0x06, - 0x50, 0xC0, 0xDD, 0x3E, 0xE2, 0x44, 0x5C, 0xB9, 0x83, 0xCF, - 0x92, 0x0C, 0x3C, 0xFB, 0x53, 0x0D, 0xF0, 0xD1, 0xED, 0x77, - 0xF3, 0x02, 0x9F, 0xA6, 0xC6, 0xFA, 0x30, 0xA5, 0xC7, 0x42, - 0x06, 0x1F, 0x38, 0xE5, 0xE1, 0x56, 0x01, 0x7A, 0xD1, 0xE1, - 0xC1, 0x20, 0x44, 0x37, 0xE6, 0x18, 0x8A, 0x7E, 0x70, 0xBA, - 0x6B, 0x1C, 0x99, 0x4E, 0xFB, 0xCA, 0xCF, 0x3D, 0x29, 0x26, - 0xF4, 0x12, 0x95, 0x74, 0x11, 0x23, 0x0E, 0x2E, 0x31, 0xCF, - 0x73, 0xE6, 0x99, 0xD0, 0x72, 0x23, 0x4A, 0x46, 0x07, 0xA1, - 0x03, 0x4C, 0x3A, 0x79, 0x72, 0x3B, 0xD1, 0x79, 0x5A, 0x66, - 0x29, 0xCD, 0x34, 0xB6, 0x6A, 0xA5, 0x6A, 0x4C, 0x71, 0xE5, - 0xB3, 0xA6, 0xAC, 0x4D, 0x13, 0xDC, 0x70, 0xE4, 0x0C, 0x6A, - 0x98, 0x48, 0x1C, 0xA0, 0x6C, 0xFC, 0xDD, 0x6A, 0x3F, 0x10, - 0x3B, 0xBD, 0xC9, 0xC8, 0xEA, 0x01, 0x86, 0x5B, 0x3B, 0x19, - 0x3E, 0x6F, 0xA9, 0x4A, 0xD4, 0x38, 0x1D, 0x9C, 0x2B, 0x19, - 0xAE, 0x47, 0x54, 0xE2, 0x4E, 0xB5, 0xDF, 0xA7, 0xBD, 0x6F, - 0x01, 0x8A, 0x10, 0x5B, 0x83, 0x17, 0xB3, 0x77, 0xE1, 0x9D, - 0xBF, 0x6B, 0x25, 0xBF, 0x90, 0xC4, 0x92, 0xE1, 0x5E, 0xE1, - 0xC3, 0x0C, 0xC5, 0x05, 0x24, 0x40, 0x61, 0xA1, 0x01, 0x4A, - 0x7B, 0xE4, 0x65, 0x73, 0x1F, 0x3C, 0xA2, 0xD8, 0x54, 0xA4, - 0x64, 0xA3, 0x06, 0xDA, 0x18, 0x9A, 0xD7, 0xE4, 0x90, 0x59, - 0xAF, 0xBC, 0x1A, 0x79, 0xC4, 0x08, 0xE9, 0x87, 0x95, 0x04, - 0x48, 0x18, 0xD2, 0x33, 0x15, 0x38, 0x9C, 0x00, 0x7B, 0x72, - 0x35, 0xC1, 0x03, 0x77, 0xF1, 0x0B, 0xEC, 0x38, 0x33, 0xB7, - 0xB4, 0xBC, 0xC4, 0xBD, 0xB3, 0xBB, 0x9C, 0x34, 0x0B, 0x28, - 0x03, 0x1D, 0x99, 0x7A, 0x12, 0x0C, 0x95, 0xFE, 0x0D, 0x53, - 0x79, 0xE7, 0xE6, 0x99, 0x3F, 0xA1, 0x31, 0x9E, 0xA9, 0xB8, - 0x9B, 0xB7, 0xC0, 0x3F, 0x9C, 0x18, 0x1B, 0xA2, 0x73, 0xBC, - 0x10, 0xDB, 0x1B, 0x09, 0xE7, 0x5E, 0x67, 0x8E, 0x69, 0x92, - 0xCF, 0x99, 0xC3, 0x97, 0x58, 0xE8, 0x9A, 0x40, 0x83, 0xF2, - 0x14, 0xA3, 0x25, 0xB5, 0x51, 0x30, 0xDA, 0x91, 0x87, 0x91, - 0x1E, 0xF2, 0x5E, 0x55, 0x49, 0x68, 0x5E, 0xC9, 0x21, 0x67, - 0x03, 0xBC, 0x21, 0xE4, 0xD1, 0xFC, 0x79, 0xC7, 0xDB, 0x44, - 0xB9, 0xAB, 0x1E, 0xB4, 0x65, 0x3D, 0x63, 0xCB, 0x64, 0x76, - 0xE4, 0x1B, 0x93, 0x91, 0xB0, 0xF3, 0x4F, 0xBA, 0xD3, 0x20, - 0x47, 0x37, 0x5A, 0xCA, 0x1B, 0xDB, 0xCA, 0xA1, 0xE7, 0xED, - 0x7D, 0x8D, 0x4E, 0x7C, 0x19, 0xB2, 0x73, 0x67, 0x55, 0x11, - 0xE4, 0xA1, 0x98, 0x44, 0x5F, 0x58, 0xF7, 0xAA, 0x09, 0xFD, - 0x09, 0x4A, 0x54, 0x68, 0x32, 0xD4, 0xCA, 0xE1, 0x96, 0xFD, - 0x27, 0x05, 0x88, 0x78, 0x7B, 0x83, 0x74, 0x78, 0x6F, 0x09, - 0xC7, 0x3C, 0x66, 0xA8, 0x17, 0x3A, 0xCF, 0xB3, 0x6E, 0x5A, - 0xD7, 0x16, 0xE5, 0x2E, 0x40, 0xD7, 0x30, 0x18, 0x47, 0x5F, - 0x95, 0x19, 0x4E, 0x0F, 0x69, 0xD3, 0x11, 0xDE, 0xBB, 0x55, - 0x1B, 0xD1, 0x13, 0x71, 0x3D, 0x45, 0x3E, 0xDC, 0x72, 0x4F, - 0x89, 0x34, 0x72, 0x96, 0x77, 0xBB, 0x42, 0x29, 0x4A, 0x88, - 0x44, 0xFB, 0x05, 0x57, 0x38, 0xA6, 0xAC, 0x3E, 0x03, 0xF6, - 0xE1, 0x9D, 0xE3, 0xE9, 0x5A, 0x1B, 0x64, 0xCE, 0xC8, 0x6E, - 0x1B, 0xE8, 0xE3, 0x78, 0xF8, 0xE9, 0xF1, 0x47, 0x09, 0x0E, - 0x66, 0x50, 0x7A, 0x10, 0x51, 0xE1, 0x60, 0x73, 0x78, 0x95, - 0x00, 0x2E, 0xB8, 0x05, 0x8C, 0x22, 0x72, 0xD9, 0x88, 0xC8, - 0x8D, 0x16, 0xEF, 0x18, 0x8F, 0xC6, 0x51, 0x1E, 0xC3, 0xBA, - 0x27, 0x57, 0xB4, 0xFE, 0x74, 0x0F, 0x54, 0x45, 0x5A, 0x0B, - 0xAC, 0x6C, 0xA7, 0x46, 0x95, 0xC7, 0x35, 0x3D, 0x38, 0xBE, - 0xC5, 0x4E, 0xE0, 0x83, 0xED, 0x68, 0x8D, 0x01, 0x31, 0x7D, - 0x90, 0xA7, 0x38, 0xEE, 0x57, 0x8E, 0xD2, 0xFB, 0x87, 0x08, - 0x7A, 0x44, 0x34, 0x0B, 0x99, 0x5E, 0x2F, 0xA8, 0x4E, 0xC0, - 0x80, 0xEF, 0x62, 0xFE, 0xFB, 0x3C, 0x73, 0xF1, 0x8C, 0x56, - 0x12, 0x08, 0x8C, 0xD3, 0x9F, 0xBA, 0x44, 0x90, 0xB7, 0xDB, - 0x9C, 0xD9, 0xB4, 0x91, 0xBA, 0xFF, 0x4A, 0xB0, 0x1C, 0x91, - 0x44, 0x34, 0x52, 0xBE, 0x0D, 0xBA, 0x72, 0x33, 0x5C, 0x36, - 0xB5, 0x5E, 0x91, 0xB7, 0xE9, 0xCE, 0xD0, 0x01, 0x61, 0x19, - 0xEE, 0x2D, 0x1F, 0xBE, 0x97, 0x7C, 0x8C, 0x30, 0x91, 0x8C, - 0xB1, 0x8A, 0x04, 0xCA, 0xB8, 0x33, 0xCB, 0xA9, 0x9A, 0x2C, - 0x1B, 0x25, 0xD2, 0xDB, 0x73, 0x95, 0x3F, 0x02, 0x67, 0xEB, - 0x2C, 0xEC, 0xCC, 0x92, 0xCD, 0x1E, 0x1F, 0xC2, 0xF2, 0xA7, - 0x23, 0xAD, 0x7C, 0xA5, 0x50, 0x44, 0x76, 0x7D, 0x74, 0x13, - 0x20, 0x21, 0xF2, 0x09, 0xD9, 0x70, 0x82, 0xB0, 0x30, 0xA3, - 0x8A, 0xC0, 0x9D, 0xD2, 0x16, 0x4F, 0x65, 0xDF, 0x42, 0x37, - 0xC2, 0x63, 0xD6, 0x6C, 0xA9, 0xD1, 0x95, 0x5D, 0x84, 0xD2, - 0xB5, 0xC7, 0x7A, 0x87, 0x9B, 0x9B, 0xAF, 0x21, 0x65, 0x64, - 0xF7, 0x0B, 0x21, 0xC7, 0xF6, 0xA5, 0x27, 0xEB, 0xAA, 0x8D, - 0xF2, 0x10, 0x60, 0xFB, 0xC9, 0xB3, 0xB0, 0x32, 0x7C, 0x9F, - 0xC1, 0xDE, 0xA8, 0x77, 0x6F, 0xCC, 0x35, 0x1F, 0xBD, 0x74, - 0x0E, 0xA9, 0x84, 0x3C, 0x05, 0x9D, 0xFF, 0xBC, 0x46, 0x9A, - 0x8E, 0x43, 0xB5, 0x8B, 0x1C, 0x24, 0xB5, 0xC3, 0xB0, 0xFE, - 0x14, 0xCC, 0x3C, 0xCF, 0xF2, 0x26, 0xCE, 0x0B, 0x3A, 0x5B, - 0x5C, 0x8E, 0x59, 0xBF, 0x0D, 0xDC, 0xA6, 0xCA, 0x78, 0xE5, - 0xD9, 0xC5, 0x46, 0x56, 0x38, 0x98, 0xC4, 0xAC, 0x43, 0x64, - 0xB1, 0x78, 0x0A, 0x81, 0x34, 0x7D, 0x3D, 0xC0, 0xF5, 0x25, - 0x14, 0x66, 0xA2, 0x2A, 0x81, 0x64, 0x82, 0x62, 0x86, 0xD0, - 0x65, 0xCB, 0x2A, 0x09, 0x01, 0xF5, 0x03, 0xEC, 0xB5, 0xD1, - 0xED, 0xC7, 0x60, 0x62, 0x3D, 0x38, 0x28, 0x9C, 0x32, 0xEE, - 0x9F, 0x45, 0x72, 0x71, 0xA9, 0x6D, 0x9A, 0x54, 0x83, 0xF9, - 0xE7, 0x37, 0xC7, 0xCC, 0x28, 0xC0, 0xC2, 0x24, 0x09, 0xC3, - 0x96, 0xF6, 0xED, 0x9B, 0x60, 0xF3, 0x24, 0x4C, 0xFC, 0xAB, - 0xD0, 0x38, 0x7A, 0x1C, 0x68, 0xED, 0x63, 0x83, 0x5A, 0x28, - 0x37, 0x70, 0x31, 0xBB, 0x9D, 0xC7, 0xAA, 0x3A, 0x5B, 0xAF, - 0x88, 0x82, 0xE2, 0x30, 0xCB, 0xF5, 0xC1, 0x63, 0x9C, 0x59, - 0x41, 0xD3, 0x24, 0x92, 0xB1, 0x71, 0xA4, 0x16, 0x26, 0x0B, - 0x9C, 0x96, 0x0B, 0xE9, 0x0B, 0x69, 0xFC, 0x1F, 0xD2, 0x99, - 0xC2, 0xB6, 0x7A, 0x24, 0x28, 0x5A, 0x3D, 0x88, 0x2C, 0xF0, - 0x76, 0xFC, 0x25, 0x04, 0xBE, 0xB6, 0x19, 0x94, 0xD1, 0xBA, - 0x1A, 0x58, 0x0E, 0x9A, 0xFB, 0x4C, 0x9D, 0x21, 0x34, 0x8D, - 0x45, 0xEC, 0x50, 0xC6, 0x94, 0x1B, 0x0B, 0x87, 0x36, 0x4E, - 0xE4, 0x96, 0xF6, 0x9A, 0x34, 0xEC, 0xD8, 0x65, 0x6A, 0x46, - 0xFA, 0xC5, 0x40, 0x35, 0xD0, 0x07, 0x74, 0x02, 0xA3, 0xCF, - 0x23, 0x60, 0x15, 0xAC, 0x54, 0x98, 0x59, 0xEF, 0x94, 0x17, - 0x0A, 0xEF, 0xBB, 0xC2, 0x7B, 0x3B, 0xEF, 0xF5, 0xD1, 0x9C, - 0xB7, 0xB1, 0xDF, 0x45, 0xF5, 0x57, 0xD1, 0x18, 0x05, 0x97, - 0x8F, 0x8C, 0x30, 0x8C, 0x11, 0xF4, 0x81, 0x4D, 0x75, 0x18, - 0x97, 0x9F, 0x30, 0x64, 0xE2, 0x5B, 0x18, 0x95, 0xAC, 0x4E, - 0xDC, 0x47, 0xB5, 0x45, 0xAA, 0xD4, 0x7E, 0xF4, 0x70, 0x46, - 0x34, 0xF3, 0xB3, 0x85, 0xC2, 0x46, 0x98, 0xB5, 0xB5, 0x33, - 0x52, 0xF4, 0x36, 0x39, 0xCA, 0x23, 0xF9, 0x66, 0xB9, 0xA4, - 0x63, 0xC6, 0x3D, 0x02, 0xE7, 0x8F, 0x95, 0xF3, 0x25, 0xFD, - 0x21, 0xD0, 0x62, 0xC2, 0xEE, 0xE2, 0x2F, 0x69, 0x55, 0x31, - 0x42, 0x78, 0x2D, 0x53, 0xDC, 0x7F, 0x0E, 0x93, 0xD5, 0x4D, - 0x21, 0x64, 0x8B, 0x9E, 0x2C, 0xBE, 0xBA, 0xD3, 0x39, 0x41, - 0xE3, 0x10, 0xE5, 0x07, 0xE4, 0x0E, 0x20, 0x38, 0x63, 0xF7, - 0x02, 0xF2, 0x17, 0x99, 0xEB, 0xC6, 0xE7, 0x5F, 0xBE, 0xAE, - 0x53, 0xD1, 0x12, 0xB2, 0x9A, 0x90, 0x25, 0x6A, 0xAA, 0xFD, - 0x5D, 0x69, 0x2F, 0x32, 0x33, 0x53, 0x57, 0x1B, 0xC4, 0x24, - 0xC0, 0xC5, 0x90, 0x04, 0x04, 0x67, 0xCA, 0x85, 0x1E, 0x94, - 0x31, 0x95, 0x78, 0x76, 0x5D, 0xCF, 0x15, 0xE6, 0x06, 0x6B, - 0x1A, 0x1D, 0x0E, 0xF6, 0x64, 0x91, 0x84, 0xAE, 0xE4, 0xF0, - 0x1F, 0x0A, 0x76, 0x1C, 0x74, 0xF3, 0xC1, 0x97, 0x80, 0x5B, - 0xD9, 0xC6, 0xB6, 0x2B, 0xA8, 0xD7, 0xD8, 0xD2, 0xB5, 0x8E, - 0x05, 0xB5, 0x16, 0x6A, 0xF7, 0xCB, 0xD2, 0xFE, 0xE0, 0xA7, - 0x3E, 0x1C, 0x3E, 0x84, 0xDC, 0x89, 0x33, 0xD7, 0x2F, 0x2A, - 0x40, 0x41, 0x18, 0xB8, 0x58, 0xB6, 0x54, 0xC6, 0xC9, 0xDF, - 0x24, 0x91, 0xCD, 0x62, 0xA0, 0x9D, 0x17, 0xCC, 0xA6, 0xCF, - 0xD9, 0x25, 0xA1, 0xBC, 0x63, 0x09, 0xFB, 0xD1, 0x65, 0x5C, - 0xFC, 0xB8, 0x3A, 0x3D, 0x50, 0xEC, 0x1A, 0x26, 0x37, 0xCB, - 0x9C, 0x29, 0x9E, 0x15, 0x06, 0xC9, 0x14, 0x45, 0x41, 0x5F, - 0x6C, 0x41, 0x46, 0xEA, 0xC6, 0xF8, 0x18, 0x01, 0x7D, 0xCD, - 0x30, 0xEE, 0x5D, 0xB5, 0xA0, 0x96, 0x19, 0x80, 0x96, 0xB1, - 0x03, 0x55, 0x86, 0x57, 0xBE, 0x19, 0x13, 0x46, 0x88, 0x00, - 0xCE, 0x5E, 0xD0, 0xBE, 0xEC, 0x13, 0x2B, 0x93, 0x3C, 0xE1, - 0xEC, 0xBD, 0x15, 0x6F, 0xA5, 0xF5, 0x20, 0x59, 0x3C, 0xDD, - 0xBD, 0xFD, 0xDF, 0x9D, 0x9F, 0x07, 0x73, 0x25, 0x93, 0x42, - 0x41, 0xCF, 0x4A, 0xE5, 0x8F, 0x04, 0xAC, 0x5F, 0x6A, 0x56, - 0x87, 0x49, 0xD5, 0x64, 0x00, 0x9D, 0xF4, 0xA5, 0x6B, 0xBE, - 0x8F, 0xC8, 0xE8, 0xBC, 0xC7, 0x1C, 0x99, 0xC0, 0x2F, 0xA1, - 0xDA, 0xDF, 0x6B, 0xE5, 0x62, 0x9D, 0xC9, 0x73, 0x5B, 0x2A, - 0x3E, 0xD7, 0x8A, 0xBE, 0x0A, 0x5F, 0x2B, 0x0B, 0x61, 0xEF, - 0x4A, 0x09, 0x15, 0x70, 0xE6, 0x5C, 0xA1, 0xB6, 0xDE, 0x54, - 0x71, 0x74, 0x55, 0x63, 0x77, 0x8F, 0xC9, 0xAF, 0x22, 0x9A, - 0xFE, 0x2C, 0x09, 0x62, 0x3E, 0xA1, 0xAA, 0x89, 0xB8, 0x6B, - 0x50, 0x84, 0x20, 0x66, 0x5D, 0x8F, 0x39, 0x7F, 0xC1, 0x2D, - 0xFA, 0x78, 0x8F, 0x8E, 0xD0, 0x39, 0x33, 0xD4, 0x9A, 0x40, - 0x56, 0xBC, 0x86, 0x22, 0x07, 0xEB, 0x22, 0xB8, 0x52, 0xC0, - 0x1A, 0xD2, 0x35, 0x1F, 0x56, 0x7E, 0xDA, 0x2B, 0xC1, 0x08, - 0xD2, 0x39, 0x28, 0x46, 0x63, 0x9A, 0xAD, 0x44, 0xB3, 0xEF, - 0x1C, 0x2A, 0xD6, 0x68, 0x67, 0xE4, 0x63, 0x73, 0x78, 0x29, - 0xA7, 0xA0, 0x70, 0x2E, 0xD9, 0xB4, 0x14, 0x4D, 0x04, 0xD3, - 0x2D, 0x8A, 0x70, 0x07, 0xAD, 0x8A, 0xC0, 0xA5, 0x1D, 0xE7, - 0x17, 0xD8, 0xBB, 0xAA, 0xB5, 0xF7, 0xC8, 0x8D, 0x29, 0x8E, - 0x49, 0x32, 0xA0, 0x40, 0x34, 0xBB, 0x2E, 0x10, 0x30, 0xDD, - 0xEA, 0x3E, 0xCC, 0xC1, 0xB9, 0xF2, 0x42, 0xCC, 0x4A, 0xF2, - 0xF4, 0x93, 0x2E, 0x3F, 0x0C, 0xE8, 0xE4, 0x96, 0x1F, 0x33, - 0x2D, 0x67, 0x4F, 0x8E, 0x1B, 0x01, 0xD6, 0xE2, 0xF2, 0xFD, - 0x5D, 0xCC, 0xFD, 0x18, 0x9C, 0xD6, 0x50, 0x1F, 0xE1, 0xC5, - 0x7C, 0xBE, 0x59, 0x95, 0x7D, 0x21, 0x25, 0x3E, 0xF3, 0xBC, - 0xCE, 0x31, 0x80, 0x79, 0x34, 0x0F, 0x86, 0x78, 0x18, 0xA6, - 0x36, 0x17, 0xD9, 0x70, 0xA7, 0x22, 0xA7, 0xE8, 0xA2, 0xBD, - 0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40, 0x22, 0x33, - 0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20, 0xD9, 0x3F, - 0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0, 0x0D, 0xFF, - 0x93, 0x32, 0x5D, 0x57, 0x45, 0xCC, 0xA4, 0xF9, 0x32, 0xD4, - 0x5A, 0x49, 0x17, 0x1B, 0xFB, 0x2F, 0x91, 0xAA, 0x5B, 0xC5, - 0xC8, 0xC8, 0x2B, 0x20, 0x30, 0x1B, 0xB2, 0x01, 0xC3, 0xA7, - 0x8E, 0x6C, 0xB8, 0xF7, 0xB3, 0x95, 0x4A, 0x28, 0x82, 0xAA, - 0x0C, 0x4B, 0xDA, 0x26, 0x4A, 0x34, 0x7F, 0x17, 0x55, 0x4C, - 0x5D, 0x3C, 0x0B, 0x16, 0xA2, 0xEB, 0x33, 0xFB, 0x38, 0x63, - 0xF2, 0x15, 0x7D, 0xFA, 0x52, 0xA9, 0x58, 0xDD, 0x41, 0x58, - 0xA0, 0x13, 0xD2, 0x55, 0x22, 0xF9, 0xC2, 0xF8, 0x4E, 0x3F, - 0xAC, 0xDC, 0x11, 0x0A, 0xBB, 0x7C, 0xB1, 0x2B, 0xFB, 0x60, - 0xC5, 0x08, 0xB9, 0xB0, 0xED, 0xE8, 0xB9, 0x88, 0xBD, 0x07, - 0xDE, 0x53, 0xD0, 0x6B, 0xE5, 0x6E, 0xA0, 0x17, 0x8C, 0xCF, - 0x02, 0xF0, 0x64, 0xDE, 0xCE, 0x8C, 0x91, 0xED, 0xB4, 0x4F, - 0xB0, 0xEE, 0x12, 0x26, 0xC6, 0x55, 0xA0, 0x4D, 0xCC, 0xF3, - 0x1A, 0x86, 0x5A, 0x01, 0x53, 0x01, 0xAA, 0xED, 0x6D, 0x11, - 0xCD, 0x8A, 0x4A, 0xCA, 0x85, 0x35, 0x35, 0xFA, 0x22, 0x55, - 0xF3, 0xB8, 0xFA, 0x43, 0xD6, 0x9E, 0xB5, 0x0D, 0xD3, 0x85, - 0x59, 0xC9, 0xAF, 0xCD, 0xAB, 0xFA, 0xB6, 0x65, 0x20, 0xCC, - 0x11, 0xF1, 0xDE, 0x87, 0x6F, 0x58, 0xA1, 0x41, 0xF2, 0x80, - 0x75, 0xEA, 0x26, 0x72, 0x8C, 0xE9, 0x17, 0x1C, 0x2B, 0x4D, - 0xA4, 0x9C, 0xAA, 0x32, 0xAA, 0x2C, 0x84, 0xBA, 0x87, 0xAA, - 0x81, 0x66, 0x56, 0x76, 0x0F, 0x1C, 0x58, 0xFE, 0xD1, 0x7F, - 0x33, 0x59, 0xF1, 0xF0, 0x56, 0x50, 0x00, 0x4F, 0x96, 0xF7, - 0x1C, 0x11, 0x7C, 0x36, 0xD8, 0xAD, 0x3E, 0x82, 0x15, 0x68, - 0x40, 0x83, 0xFE, 0x62, 0x94, 0xD5, 0x2A, 0x43, 0x88, 0xD8, - 0x12, 0xE2, 0x37, 0x8A, 0x3E, 0x9E, 0x24, 0x8B, 0x70, 0x3C, - 0xBD, 0x97, 0x0B, 0x59, 0xAC, 0x4B, 0x88, 0x36, 0x2D, 0x2F, - 0xE9, 0x49, 0x14, 0xC0, 0x28, 0x7F, 0x0D, 0xE8, 0x93, 0x76, - 0x22, 0xF3, 0x08, 0x17, 0x34, 0x91, 0x39, 0xA6, 0x84, 0xCA, - 0xF1, 0xD2, 0x8A, 0x9D, 0xF1, 0xD4, 0xA4, 0x85, 0xA6, 0x1E, - 0xFB, 0x6B, 0x75, 0x07, 0x80, 0x84, 0x32, 0xF5, 0x51, 0xD6, - 0x42, 0xA8, 0x69, 0x96, 0xC3, 0xBD, 0xEF, 0x2F, 0xA4, 0x23, - 0x58, 0x07, 0xBC, 0xDE, 0x45, 0xD4, 0x1E, 0x67, 0xF1, 0x00, - 0x65, 0xB5, 0x03, 0xF3, 0x83, 0x9D, 0xE8, 0xDE, 0x63, 0x42, - 0x2B, 0xB6, 0xED, 0x7F, 0x63, 0xF6, 0xCF, 0x53, 0x1B, 0xBD, - 0x9D, 0x6C, 0x26, 0xBC, 0xC2, 0xC3, 0xAF, 0x86, 0x06, 0x5F, - 0x49, 0xBF, 0x7E, 0x76, 0xF5, 0x6C, 0x5B, 0x41, 0xF7, 0xAF, - 0x02, 0x1F, 0x35, 0x43, 0x0D, 0x64, 0x65, 0xFE, 0xD7, 0x9A, - 0x3F, 0x21, 0xD5, 0x74, 0x6E, 0x8A, 0xA8, 0xAF, 0x3B, 0xCE, - 0x85, 0xBB, 0xF7, 0x7B, 0xCA, 0xF7, 0x9D, 0x02, 0x52, 0x55, - 0xE9, 0x3E, 0x4A, 0x4B, 0x62, 0x85, 0x35, 0xFA, 0xBD, 0xEB, - 0x92, 0x25, 0x24, 0x01, 0xFF, 0xEE, 0xFB, 0x94, 0xF6, 0xE6, - 0x9F, 0xE3, 0x3D, 0x93, 0xCF, 0x69, 0xEB, 0x3D, 0x8F, 0x1F, - 0xBE, 0xAE, 0x85, 0x6F, 0x8F, 0x0B, 0x22, 0x57, 0x00, 0x3D, - 0x8E, 0xF4, 0x6B, 0x4D, 0x82, 0x76, 0x91, 0x25, 0x4B, 0x2C, - 0xF1, 0xBC, 0x64, 0x96, 0x54, 0x35, 0xFD, 0xBD, 0xFC, 0x71, - 0xF7, 0x48, 0x40, 0xEB, 0x4C, 0x1C, 0xC4, 0xAB, 0x4F, 0xC9, - 0xC7, 0xB0, 0x8C, 0xBF, 0x27, 0xE2, 0x18, 0xCA, 0x78, 0xAA, - 0xA0, 0x04, 0xAB, 0x6B, 0x6D, 0xBC, 0x89, 0xCB, 0x71, 0xA7, - 0xF8, 0x81, 0x0D, 0x4F, 0x2A, 0x9A, 0x37, 0x60, 0xA0, 0x6A, - 0x14, 0xE7, 0x30, 0x2E, 0x72, 0xF9, 0xE2, 0x39, 0x27, 0xD9, - 0xC6, 0xB2, 0x9E, 0xBC, 0x3D, 0xD6, 0x2D, 0xE4, 0xCD, 0xC2, - 0x40, 0x15, 0xC5, 0x7B, 0x8A, 0x06, 0x42, 0x46, 0xF2, 0x45, - 0x14, 0x83, 0x82, 0xAB, 0x30, 0x6C, 0x73, 0x92, 0x55, 0x51, - 0xE7, 0x8B, 0x3C, 0xD1, 0x2C, 0x8A, 0xC0, 0x16, 0x79, 0xC9, - 0xFD, 0x7C, 0x78, 0x1E, 0xE9, 0xDF, 0xF4, 0x08, 0xEF, 0x38, - 0xEC, 0xCB, 0x81, 0xF1, 0x87, 0x53, 0x8A, 0x0B, 0xF3, 0x56, - 0x0C, 0xBC, 0xEE, 0x03, 0xAE, 0xBC, 0xF8, 0x43, 0x3E, 0xA2, - 0xEA, 0x84, 0x37, 0x72, 0x8A, 0x80, 0x8D, 0x61, 0x1C, 0x79, - 0x3E, 0x4A, 0x5A, 0xC2, 0x73, 0xA0, 0x95, 0xDC, 0x46, 0x2B, - 0x5E, 0x4B, 0x89, 0xE3, 0x9F, 0xD7, 0x14, 0x61, 0x8B, 0x59, - 0xD1, 0x71, 0xB0, 0x04, 0xAA, 0x4B, 0x2A, 0xCA, 0xEF, 0x8D, - 0x3B, 0x4B, 0x52, 0x8F, 0x0B, 0x76, 0xB8, 0x38, 0xF8, 0xDD, - 0xD2, 0xE6, 0x46, 0x53, 0x1C, 0xD5, 0xC8, 0x1E, 0x85, 0x54, - 0x67, 0xC0, 0x77, 0x7E, 0x28, 0x2F, 0x91, 0xC5, 0xE5, 0x28, - 0x54, 0x37, 0xF6, 0x77, 0xEC, 0x6C, 0x36, 0x1D, 0x91, 0xA9, - 0x45, 0xCC, 0x85, 0x61, 0xAB, 0x14, 0xBE, 0x81, 0x6C, 0xFF, - 0x35, 0x8C, 0x13, 0x61, 0xE7, 0x66, 0x83, 0xFF, 0x67, 0x6C, - 0x80, 0x59, 0xD5, 0x6D, 0xAB, 0x5B, 0x81, 0x76, 0x39, 0x1B, - 0xBB, 0xD2, 0xFF, 0x1B, 0x7B, 0x66, 0xD6, 0x42, 0xD0, 0x86, - 0x62, 0x4A, 0xA1, 0x4F, 0x00, 0x41, 0x7E, 0x9C, 0xE5, 0xD6, - 0x82, 0x31, 0xA7, 0x34, 0x16, 0x20, 0x62, 0xFA, 0x1F, 0x6B, - 0x21, 0xBE, 0x62, 0x19, 0xE9, 0x56, 0x7A, 0x4C, 0xF0, 0x7B, - 0xB4, 0x2E, 0x4A, 0xA7, 0x20, 0xC3, 0x5F, 0x7F, 0x5A, 0xA2, - 0xAF, 0xF5, 0xC5, 0xFD, 0x1A, 0x7C, 0xB6, 0x06, 0xCA, 0xE3, - 0x74, 0x72, 0x4E, 0x77, 0xC9, 0xDD, 0x3B, 0x44, 0x16, 0x8C, - 0x45, 0x46, 0xC5, 0xE3, 0x81, 0x1E, 0x3C, 0x4D, 0xAC, 0x1A, - 0x7F, 0xAA, 0x6D, 0xFD, 0xE1, 0x45, 0x59, 0x11, 0x44, 0x48, - 0xB5, 0x09, 0xEF, 0x7E, 0xF2, 0x75, 0x0C, 0xBF, 0xC7, 0x17, - 0xB4, 0x9E, 0x10, 0xC0, 0x11, 0xDD, 0xB2, 0x59, 0xCF, 0x25, - 0x3B, 0xA8, 0x97, 0x56, 0x08, 0xE0, 0x65, 0x27, 0xC5, 0x29, - 0x34, 0xBD, 0x38, 0xB1, 0x39, 0xAA, 0x27, 0xFC, 0x96, 0xCB, - 0x9A, 0x2B, 0x92, 0x74, 0xDF, 0x0A, 0x52, 0xE4, 0x93, 0xA8, - 0x18, 0x15, 0x2C, 0x8C, 0x61, 0xD3, 0xBC, 0xD0, 0x9E, 0x9D, - 0x40, 0x1C, 0x69, 0x95, 0x0D, 0x52, 0x76, 0x3F, 0xD7, 0xD7, - 0xC1, 0x1C, 0x34, 0xE7, 0xD4, 0xD4, 0x17, 0x2D, 0xF0, 0x6A, - 0x1C, 0xE2, 0x53, 0x18, 0x60, 0xC6, 0xA1, 0xCD, 0x4F, 0xAA, - 0x16, 0xA0, 0xC3, 0x3B, 0xCE, 0x4D, 0x73, 0x0B, 0x63, 0x02, - 0x1C, 0xEE, 0x18, 0xBF, 0xF9, 0x33, 0x24, 0xD3, 0x02, 0x34, - 0xCC, 0xB9, 0xD7, 0xC2, 0x00, 0x7F, 0xB4, 0x08, 0x4B, 0xFC, - 0x1D, 0xDF, 0x42, 0x8C, 0x75, 0xEE, 0x13, 0x90, 0x37, 0x14, - 0x0D, 0xD2, 0xE0, 0x50, 0x90, 0x6A, 0xB9, 0xEF, 0x7F, 0x70, - 0x38, 0x2E, 0xCD, 0x39, 0x2E, 0x09, 0x51, 0xDF, 0x58, 0xBE, - 0x8E, 0x82, 0x91, 0xEB, 0xBC, 0xB4, 0x6B, 0x12, 0x40, 0x4E, - 0x44, 0xB8, 0x08, 0x97, 0x57, 0xF0, 0xFE, 0x61, 0xBD, 0x77, - 0xED, 0x46, 0xDA, 0xB7, 0xA4, 0xF5, 0x4F, 0xB2, 0xA6, 0xF1, - 0x47, 0x2D, 0x11, 0x26, 0x74, 0x55, 0x81, 0xFF, 0xFB, 0xEA, - 0x00, 0x03, 0x96, 0xD8, 0xE6, 0x6B, 0xEA, 0x3F, 0x0B, 0x0C, - 0xC0, 0xE4, 0x0A, 0x3D, 0x21, 0x3C, 0x99, 0x51, 0x91, 0x11, - 0xF0, 0x91, 0x68, 0xEE, 0xEE, 0xCD, 0x71, 0x42, 0xAD, 0xBA, - 0x34, 0x68, 0x9F, 0x67, 0xB1, 0xEE, 0x1C, 0x70, 0x7A, 0xFC, - 0x1E, 0x86, 0xF8, 0x96, 0x6C, 0x13, 0xD6, 0x36, 0x57, 0x5F, - 0x11, 0x2E, 0x1B, 0x97, 0xAB, 0x8B, 0x65, 0x3E, 0x8E, 0x91, - 0x69, 0x1C, 0x76, 0xAD, 0xB5, 0x8C, 0xE6, 0x02, 0x93, 0x16, - 0xA4, 0xF5, 0x14, 0x86, 0xB5, 0x16, 0x07, 0xF5, 0x0C, 0x01, - 0xE9, 0xDC, 0xEA, 0x86, 0x58, 0x98, 0xBA, 0x2C, 0x04, 0x0A, - 0x16, 0x8A, 0xF3, 0x10, 0x25, 0x48, 0x51, 0x21, 0x77, 0x69, - 0xF1, 0x22, 0xC3, 0xF4, 0x1D, 0xD5, 0x6D, 0x59, 0x1B, 0x44, - 0x88, 0xFC, 0xE5, 0x4B, 0xE1, 0xD6, 0xF4, 0x46, 0x4C, 0x9D, - 0x45, 0x93, 0xE1, 0xB5, 0x26, 0xDF, 0x48, 0x90, 0x13, 0xA6, - 0x65, 0x7E, 0x18, 0x6A, 0x79, 0x19, 0x81, 0x10, 0x08, 0x80, - 0xA4, 0x99, 0xD3, 0x98, 0x3C, 0x9E, 0x91, 0x31, 0xE9, 0x71, - 0xA0, 0x6A, 0xF9, 0x2F, 0x61, 0xA5, 0x72, 0x13, 0x6C, 0x4C, - 0xD2, 0xAF, 0x40, 0x8B, 0x0D, 0x3D, 0xE4, 0x24, 0x7B, 0x30, - 0x9C, 0xD0, 0x62, 0x42, 0x67, 0x54, 0xC6, 0x34, 0xF2, 0x55, - 0x70, 0x95, 0xAE, 0x16, 0x9F, 0xCC, 0x6F, 0xEA, 0x0B, 0x40, - 0x38, 0xAE, 0x74, 0x89, 0xCB, 0x64, 0x79, 0xF7, 0x08, 0x68, - 0x2C, 0x1E, 0xEE, 0x28, 0xEA, 0x77, 0xA2, 0xA3, 0x8E, 0xF4, - 0xEE, 0xFE, 0x62, 0x25, 0x98, 0xB1, 0xDE, 0x4B, 0x3A, 0x62, - 0xD9, 0x12, 0xD6, 0x09, 0x32, 0x6C, 0x80, 0x27, 0x21, 0x0A, - 0xFE, 0x4D, 0xBF, 0x29, 0x90, 0xCD, 0x6C, 0xE0, 0xAF, 0x06, - 0xB3, 0xC2, 0xDF, 0xB8, 0x50, 0x59, 0xD8, 0x0A, 0xB5, 0x98, - 0xC1, 0xA8, 0x80, 0xD7, 0x61, 0xFC, 0x59, 0xDB, 0xB1, 0x2A, - 0xA5, 0xD7, 0xFA, 0x9E, 0x93, 0x60, 0xD4, 0xB0, 0x6B, 0x44, - 0xB3, 0xC3, 0x3F, 0x9B, 0xEA, 0xD4, 0x8C, 0x08, 0x4B, 0x09, - 0x97, 0xC6, 0x2B, 0xC0, 0x8A, 0x92, 0x35, 0xCA, 0x6F, 0x93, - 0xD6, 0x71, 0x1E, 0xAB, 0x0F, 0x65, 0x42, 0xC2, 0x97, 0x77, - 0x10, 0x6E, 0xD4, 0xEE, 0x2A, 0xDF, 0x54, 0x2A, 0x5F, 0xB4, - 0xD4, 0x72, 0x18, 0x90, 0x42, 0x09, 0xAA, 0xC3, 0x31, 0x89 +#ifndef WOLFSSL_DILITHIUM_NO_SIGN +static const unsigned char bench_dilithium_level2_key[] = { + 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, + 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, + 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, + 0x64, 0x79, 0xd8, 0x79, 0x4c, 0xee, 0x92, 0x2b, 0x37, 0xab, + 0xb1, 0x16, 0x65, 0x72, 0xc3, 0x49, 0xc2, 0xec, 0xfd, 0x9a, + 0xe6, 0x2d, 0x1e, 0x5b, 0xe3, 0x04, 0x96, 0x16, 0xad, 0x97, + 0x5d, 0xac, 0xf2, 0xcc, 0x62, 0x2e, 0x34, 0x5d, 0x67, 0x19, + 0x47, 0xee, 0x0f, 0x8b, 0x97, 0x60, 0xb4, 0x0b, 0xeb, 0x6a, + 0x7a, 0x75, 0x14, 0x27, 0x00, 0x39, 0xd6, 0x60, 0xce, 0x39, + 0x6e, 0x69, 0x46, 0xe1, 0x0d, 0xf9, 0xa6, 0xfa, 0x8c, 0xcf, + 0x65, 0x50, 0x59, 0x1d, 0xb0, 0x26, 0xc2, 0xe2, 0xf1, 0xb9, + 0xcd, 0x09, 0x60, 0xcc, 0xbb, 0x57, 0xd6, 0xac, 0xcc, 0xf9, + 0x58, 0x73, 0xa8, 0x81, 0x61, 0x2f, 0xd2, 0xa4, 0x5b, 0x98, + 0x0d, 0x12, 0x88, 0x51, 0x63, 0x38, 0x6e, 0xa2, 0x46, 0x64, + 0x52, 0xc0, 0x71, 0xc1, 0x42, 0x68, 0xd8, 0x42, 0x32, 0x5c, + 0xb4, 0x44, 0x08, 0x95, 0x48, 0xa2, 0x46, 0x6c, 0x0b, 0x10, + 0x09, 0xc8, 0x24, 0x4d, 0x18, 0x37, 0x4c, 0x4c, 0x82, 0x05, + 0x02, 0x22, 0x10, 0x4a, 0x86, 0x30, 0x03, 0x03, 0x11, 0x44, + 0x22, 0x62, 0x01, 0xa9, 0x51, 0x13, 0x02, 0x2c, 0x19, 0x85, + 0x65, 0x51, 0x14, 0x01, 0x9c, 0xb2, 0x81, 0x0a, 0x49, 0x52, + 0xa2, 0xb2, 0x4c, 0x98, 0x34, 0x01, 0x0a, 0x07, 0x06, 0x58, + 0xb2, 0x69, 0x51, 0x24, 0x2d, 0x59, 0x12, 0x52, 0xe0, 0xb4, + 0x04, 0x14, 0x40, 0x29, 0xa2, 0xb0, 0x31, 0x54, 0xc0, 0x40, + 0x63, 0x00, 0x69, 0x18, 0x47, 0x85, 0xc8, 0x30, 0x81, 0x0b, + 0x15, 0x0a, 0xd8, 0xa0, 0x0c, 0x5c, 0x20, 0x4a, 0x11, 0x38, + 0x64, 0x04, 0x94, 0x84, 0xd3, 0x24, 0x72, 0x58, 0x38, 0x28, + 0x18, 0x37, 0x6d, 0x94, 0xc0, 0x4d, 0xa0, 0xa6, 0x0c, 0x9a, + 0x82, 0x31, 0xc2, 0x40, 0x48, 0xda, 0x46, 0x85, 0x03, 0x00, + 0x05, 0xd8, 0x02, 0x4d, 0x0b, 0x85, 0x40, 0xe2, 0x32, 0x86, + 0x4c, 0xa0, 0x65, 0x8a, 0x36, 0x65, 0x42, 0x18, 0x6e, 0x60, + 0x36, 0x0d, 0x40, 0xc0, 0x01, 0x5a, 0x44, 0x42, 0xc4, 0xa4, + 0x0d, 0xd4, 0x88, 0x8d, 0x88, 0x22, 0x52, 0x00, 0xc0, 0x0c, + 0x5b, 0x36, 0x90, 0x09, 0x20, 0x22, 0x08, 0x03, 0x12, 0x90, + 0x12, 0x42, 0x04, 0x20, 0x29, 0x8c, 0x48, 0x6d, 0x20, 0x32, + 0x08, 0x94, 0x88, 0x6c, 0x10, 0x87, 0x21, 0xc1, 0x44, 0x02, + 0x52, 0x40, 0x12, 0xdb, 0xc8, 0x24, 0x14, 0x09, 0x2c, 0x93, + 0x40, 0x09, 0x64, 0xc8, 0x4c, 0x08, 0x48, 0x70, 0xa1, 0x10, + 0x81, 0x4a, 0x80, 0x8c, 0x20, 0x03, 0x31, 0x18, 0xb3, 0x80, + 0xd3, 0x82, 0x25, 0x4c, 0x94, 0x8c, 0x1c, 0x93, 0x89, 0x1a, + 0x91, 0x51, 0xd1, 0xb6, 0x68, 0x43, 0x14, 0x25, 0x84, 0x48, + 0x61, 0x82, 0x40, 0x24, 0xdb, 0x22, 0x4d, 0x63, 0x16, 0x66, + 0x62, 0x90, 0x50, 0xa1, 0x18, 0x86, 0x49, 0x28, 0x25, 0xa0, + 0x10, 0x68, 0x8c, 0x04, 0x00, 0x08, 0x32, 0x4e, 0x22, 0x43, + 0x31, 0x42, 0x96, 0x28, 0x11, 0x23, 0x89, 0xd2, 0xc4, 0x6d, + 0x11, 0x82, 0x8d, 0x8a, 0xa8, 0x90, 0xd2, 0x06, 0x29, 0x80, + 0x82, 0x89, 0x00, 0xa8, 0x41, 0x00, 0x13, 0x6a, 0x12, 0xa8, + 0x04, 0x83, 0xc2, 0x51, 0x13, 0x09, 0x08, 0x62, 0xb4, 0x8d, + 0x94, 0xc2, 0x44, 0x5a, 0xb4, 0x08, 0x0a, 0x10, 0x48, 0xa1, + 0x28, 0x20, 0x1b, 0xb7, 0x64, 0x60, 0x24, 0x25, 0x48, 0xc0, + 0x00, 0x0a, 0x10, 0x09, 0x64, 0xb8, 0x88, 0xcb, 0x44, 0x64, + 0x54, 0x90, 0x05, 0xd2, 0xb8, 0x21, 0x49, 0x28, 0x28, 0x49, + 0x42, 0x0d, 0x63, 0xa0, 0x65, 0xcb, 0x90, 0x30, 0x51, 0x82, + 0x8d, 0x5c, 0xc6, 0x0c, 0x51, 0x06, 0x6a, 0x1a, 0x27, 0x22, + 0x01, 0xa8, 0x24, 0x61, 0xb2, 0x84, 0x23, 0x40, 0x86, 0xa3, + 0xb4, 0x48, 0x19, 0x28, 0x0c, 0x14, 0x06, 0x2e, 0xe2, 0x02, + 0x0d, 0xc4, 0x90, 0x09, 0x08, 0x06, 0x66, 0x9b, 0xc8, 0x10, + 0x5c, 0x46, 0x21, 0xca, 0xa8, 0x30, 0x83, 0x20, 0x89, 0x03, + 0x83, 0x6c, 0xa1, 0x46, 0x8c, 0x90, 0x14, 0x4c, 0x99, 0x02, + 0x81, 0x53, 0x02, 0x10, 0x8b, 0x48, 0x91, 0xe4, 0x40, 0x4a, + 0x22, 0xb1, 0x88, 0xc1, 0x06, 0x0e, 0xc3, 0xa8, 0x08, 0xc8, + 0x46, 0x92, 0x03, 0xb5, 0x4c, 0x23, 0x03, 0x0c, 0xa4, 0x06, + 0x2e, 0xdc, 0x92, 0x81, 0x0c, 0x45, 0x22, 0x40, 0x34, 0x91, + 0x90, 0x96, 0x48, 0x81, 0x82, 0x31, 0xcb, 0x16, 0x72, 0x49, + 0xc8, 0x29, 0x44, 0x86, 0x90, 0x60, 0x22, 0x4e, 0x42, 0x42, + 0x09, 0x4b, 0x82, 0x20, 0x0a, 0xb2, 0x64, 0x20, 0x86, 0x70, + 0x1a, 0xc0, 0x00, 0x1c, 0x41, 0x49, 0x89, 0x84, 0x05, 0x0c, + 0x36, 0x49, 0x19, 0x99, 0x6d, 0x00, 0x08, 0x50, 0x23, 0x96, + 0x6c, 0xe0, 0x44, 0x08, 0x98, 0x24, 0x2c, 0x0a, 0x23, 0x20, + 0x12, 0x04, 0x31, 0xc9, 0x06, 0x32, 0x14, 0x01, 0x41, 0x08, + 0x37, 0x08, 0x58, 0x00, 0x0c, 0x19, 0x04, 0x29, 0x90, 0x18, + 0x05, 0xe1, 0x88, 0x44, 0xc2, 0x20, 0x6c, 0xd1, 0x46, 0x64, + 0xd9, 0x26, 0x62, 0x09, 0x88, 0x68, 0x02, 0x29, 0x29, 0xe1, + 0x18, 0x65, 0x98, 0x04, 0x24, 0xe4, 0x34, 0x0c, 0x12, 0x85, + 0x2d, 0x20, 0x14, 0x06, 0x24, 0x15, 0x82, 0x89, 0x08, 0x91, + 0x60, 0x84, 0x28, 0x24, 0x34, 0x41, 0x1b, 0x49, 0x22, 0xd3, + 0x96, 0x64, 0x1b, 0x86, 0x4c, 0x0c, 0xb9, 0x20, 0x20, 0x39, + 0x04, 0x04, 0x34, 0x6d, 0xc1, 0x28, 0x32, 0x08, 0x14, 0x44, + 0x81, 0x18, 0x2e, 0xda, 0x38, 0x41, 0x63, 0x18, 0x26, 0xd8, + 0x48, 0x26, 0x12, 0x20, 0x21, 0x09, 0xc5, 0x25, 0x92, 0x42, + 0x0c, 0x88, 0x04, 0x64, 0x11, 0x43, 0x8a, 0x19, 0x92, 0x60, + 0x5c, 0xc6, 0x31, 0xa1, 0x24, 0x6a, 0xd8, 0xb6, 0x49, 0x1b, + 0x81, 0x90, 0xe2, 0x32, 0x4e, 0x62, 0x44, 0x21, 0x80, 0xb8, + 0x10, 0x4b, 0x90, 0x49, 0x5c, 0x06, 0x09, 0x48, 0x20, 0x49, + 0xa2, 0x92, 0x71, 0x5c, 0x48, 0x02, 0xc8, 0x08, 0x81, 0xa4, + 0x32, 0x66, 0xc9, 0x30, 0x11, 0xca, 0x92, 0x91, 0xc0, 0x00, + 0x41, 0x44, 0x98, 0x4d, 0x98, 0x12, 0x4e, 0x92, 0x46, 0x8e, + 0x49, 0xb8, 0x64, 0xdc, 0x18, 0x50, 0x51, 0xb4, 0x48, 0x08, + 0x47, 0x24, 0x08, 0x46, 0x32, 0x1b, 0x23, 0x00, 0x09, 0xb8, + 0x04, 0x0a, 0x44, 0x0c, 0x0b, 0xc7, 0x8d, 0x19, 0xa4, 0x09, + 0x11, 0x30, 0x41, 0xe3, 0x24, 0x45, 0x89, 0x1f, 0x65, 0x54, + 0xf6, 0x38, 0x04, 0x37, 0xcc, 0x89, 0xc3, 0xc5, 0xdc, 0x43, + 0xd9, 0x13, 0x56, 0x06, 0x05, 0x50, 0x29, 0x4e, 0x0f, 0xa5, + 0x5c, 0x5d, 0xd7, 0x82, 0xa1, 0x63, 0x59, 0x0d, 0x3e, 0x5b, + 0x00, 0xe6, 0x0e, 0xd8, 0x1c, 0xc7, 0xaf, 0xc0, 0x48, 0xb6, + 0x07, 0x5c, 0x65, 0x00, 0x89, 0xb3, 0x09, 0xbc, 0x4a, 0xaa, + 0xa6, 0x72, 0xbe, 0x6b, 0x9a, 0xb3, 0x5b, 0x27, 0x82, 0x65, + 0x9b, 0xc9, 0x6f, 0x19, 0x88, 0x94, 0x0b, 0x37, 0x44, 0x2f, + 0xe3, 0x9a, 0x02, 0xda, 0xff, 0x11, 0xb0, 0x48, 0x89, 0x70, + 0x8c, 0x84, 0xc2, 0xc0, 0x31, 0x4a, 0xad, 0x70, 0xe1, 0xa7, + 0x15, 0xfd, 0xb2, 0x6d, 0x93, 0xda, 0x17, 0x68, 0xc4, 0xe3, + 0xfd, 0x2c, 0x08, 0x15, 0xb9, 0xa4, 0xc5, 0x1b, 0x97, 0xc9, + 0xa3, 0xaf, 0x0d, 0x21, 0x06, 0x3d, 0xf1, 0x05, 0xd4, 0x35, + 0x80, 0x2e, 0x23, 0x99, 0xbd, 0x3a, 0x1a, 0x6c, 0xad, 0xbf, + 0x56, 0xb5, 0xd3, 0x95, 0x1b, 0x30, 0x4d, 0x56, 0xc1, 0x77, + 0xe6, 0xd6, 0xab, 0x94, 0x46, 0x68, 0xd7, 0xb8, 0xe4, 0x9d, + 0xb2, 0x8d, 0xc4, 0xd1, 0xc8, 0x92, 0xbe, 0x5d, 0x1f, 0x58, + 0x55, 0x7f, 0x11, 0x55, 0xc5, 0x2e, 0xc3, 0x9e, 0x2a, 0x29, + 0x51, 0xe8, 0x75, 0x49, 0xa7, 0xa3, 0xda, 0x0b, 0xcf, 0xf8, + 0x3f, 0x78, 0xac, 0x4c, 0x4e, 0x78, 0x6f, 0x0e, 0x67, 0xad, + 0x94, 0x59, 0x20, 0x5e, 0x37, 0x18, 0xb9, 0x09, 0x87, 0xdb, + 0xdd, 0xf0, 0xc2, 0x4d, 0x03, 0xcc, 0x98, 0x22, 0x4b, 0xe5, + 0x7d, 0x8e, 0x74, 0x7e, 0xa9, 0x1b, 0xeb, 0x7a, 0xae, 0xaf, + 0x2e, 0x7c, 0x3c, 0xc0, 0x1a, 0x30, 0x40, 0x0d, 0x79, 0x86, + 0x53, 0xcc, 0x0b, 0x2b, 0xbe, 0xa5, 0x72, 0x3b, 0xbb, 0x53, + 0x9e, 0xd5, 0xc2, 0x23, 0x1d, 0x35, 0xcd, 0x22, 0x12, 0xed, + 0x9a, 0xee, 0xc8, 0xf9, 0x05, 0x27, 0xdb, 0x46, 0x56, 0xcc, + 0x24, 0x4d, 0xee, 0xaf, 0xab, 0xa9, 0x78, 0x75, 0x75, 0xb9, + 0xd1, 0xfd, 0x39, 0x3a, 0xb2, 0xa2, 0xeb, 0x87, 0x76, 0xb2, + 0x19, 0x47, 0x88, 0xab, 0x42, 0x85, 0x4b, 0xd9, 0x76, 0x22, + 0x68, 0x4b, 0xc9, 0x88, 0x38, 0x28, 0x0a, 0x34, 0x5d, 0x12, + 0x4f, 0xf5, 0x43, 0x64, 0x44, 0x8c, 0x3c, 0xc2, 0x99, 0x91, + 0x4e, 0xfd, 0xfd, 0x9c, 0x73, 0xbf, 0x85, 0xf9, 0x9f, 0xe1, + 0x53, 0x19, 0xc8, 0x19, 0xcb, 0x7c, 0xdb, 0x9a, 0x3a, 0x2c, + 0x34, 0x55, 0x8c, 0x64, 0x6f, 0xc5, 0xb7, 0x93, 0x53, 0xb4, + 0x97, 0x7e, 0xc2, 0xf8, 0x7e, 0x8d, 0x44, 0x10, 0xca, 0x49, + 0xf5, 0x5c, 0xe8, 0xce, 0xc4, 0xcc, 0x42, 0xf0, 0x85, 0xf1, + 0xf2, 0x10, 0xa7, 0x0b, 0x37, 0x6a, 0x8e, 0x50, 0x96, 0x96, + 0x9d, 0xd9, 0x8f, 0x54, 0x45, 0x56, 0xf8, 0x64, 0x88, 0xab, + 0x51, 0x4f, 0x9f, 0x61, 0xd9, 0x12, 0x87, 0xac, 0x1d, 0xc1, + 0x23, 0xea, 0xb3, 0x5d, 0xa4, 0x6d, 0xfa, 0x58, 0x92, 0x8f, + 0x77, 0x78, 0x61, 0xe5, 0xe4, 0x33, 0xdb, 0x10, 0x2d, 0xdd, + 0xb6, 0xd7, 0xb4, 0xd0, 0x8d, 0xd1, 0xa8, 0x0b, 0x94, 0xdf, + 0xcf, 0xd7, 0xac, 0xdf, 0x47, 0x0b, 0x38, 0xe0, 0xa5, 0xf8, + 0xc3, 0xd2, 0xc3, 0xfb, 0x0f, 0x98, 0x00, 0x2b, 0x17, 0x3c, + 0x44, 0x70, 0x36, 0x47, 0x27, 0x89, 0x41, 0xcb, 0x87, 0x5a, + 0xa4, 0x2c, 0x57, 0x6d, 0x8c, 0xcb, 0xc0, 0x7d, 0x6b, 0xf5, + 0xa1, 0x17, 0x39, 0x4a, 0xb5, 0xac, 0xc6, 0x41, 0x90, 0x66, + 0x85, 0xc4, 0x4b, 0x18, 0xc6, 0xe6, 0x09, 0x6d, 0x6e, 0xbb, + 0x7f, 0x72, 0x96, 0xd3, 0x21, 0x5a, 0x96, 0xaf, 0x9e, 0xb6, + 0x0b, 0x3f, 0xe8, 0x83, 0xe5, 0x53, 0x11, 0x81, 0xc6, 0xab, + 0x40, 0xa9, 0x09, 0xb6, 0x74, 0x5e, 0xe1, 0xc3, 0x82, 0x1e, + 0xda, 0x2f, 0x24, 0xe0, 0x94, 0x8f, 0x07, 0xb7, 0x9b, 0xc6, + 0x50, 0xef, 0x3a, 0x79, 0x89, 0x4d, 0x6f, 0x16, 0x33, 0x04, + 0x24, 0x7e, 0x4a, 0xab, 0x5d, 0x03, 0x29, 0xad, 0xba, 0xa3, + 0x6c, 0xe2, 0x05, 0xab, 0x4d, 0x69, 0xb6, 0x61, 0x39, 0x9d, + 0xc3, 0x53, 0x11, 0xc0, 0xe3, 0xaa, 0x2e, 0xdc, 0x74, 0x09, + 0xbd, 0x19, 0xb5, 0xbb, 0x51, 0x1e, 0x77, 0x3e, 0xce, 0x64, + 0x13, 0xeb, 0x74, 0x03, 0xb7, 0x49, 0x99, 0xb0, 0x71, 0x99, + 0xe6, 0x17, 0x3c, 0x80, 0xe6, 0xb5, 0x51, 0xe9, 0xb3, 0xe4, + 0x2b, 0xaa, 0x52, 0x15, 0x99, 0x4e, 0x46, 0x6d, 0x67, 0x8e, + 0x79, 0xc4, 0x3c, 0xa6, 0xdc, 0x8f, 0xed, 0x87, 0xb9, 0x68, + 0x6d, 0xdc, 0x19, 0xa1, 0x52, 0x37, 0x06, 0x76, 0xad, 0xe9, + 0x61, 0x5c, 0x82, 0x16, 0x81, 0xaf, 0x3a, 0x89, 0xbf, 0x72, + 0xb0, 0xc7, 0x88, 0x3c, 0x58, 0xfe, 0xe4, 0xa5, 0x41, 0x50, + 0xfc, 0x8a, 0x15, 0xb0, 0x78, 0xd4, 0x77, 0x06, 0x4b, 0xc4, + 0x21, 0x7f, 0xaa, 0x2b, 0x88, 0x7f, 0x8c, 0x3b, 0x9b, 0xbb, + 0x2e, 0x41, 0xcf, 0x9b, 0x06, 0xd3, 0x4d, 0xcf, 0xb2, 0x9c, + 0x91, 0x46, 0x35, 0x3a, 0x5a, 0x0b, 0xe4, 0xac, 0x96, 0x7c, + 0xe0, 0xd4, 0x34, 0xe5, 0xab, 0xae, 0xa7, 0x67, 0xbf, 0x4d, + 0xab, 0x48, 0xfd, 0xcb, 0x3f, 0x5c, 0xde, 0x3f, 0x83, 0xcc, + 0x52, 0x0f, 0xdd, 0x7f, 0x20, 0x25, 0xed, 0xee, 0xd0, 0x14, + 0x38, 0xf7, 0x33, 0x4c, 0x3c, 0x5e, 0x23, 0x80, 0xa3, 0x0a, + 0xe8, 0xb0, 0xef, 0x5b, 0xca, 0xc9, 0x97, 0x13, 0x98, 0xfe, + 0x91, 0x62, 0x14, 0xa8, 0x64, 0xf6, 0x20, 0xc9, 0xc9, 0x6f, + 0x8b, 0xc0, 0xec, 0x39, 0x15, 0xa7, 0x59, 0x62, 0x68, 0x21, + 0xe1, 0x5f, 0xf6, 0xa1, 0x76, 0xb0, 0xca, 0x1b, 0x2a, 0x71, + 0xe3, 0x1a, 0x24, 0x91, 0x1f, 0x3a, 0xbb, 0xf1, 0xc9, 0x09, + 0x42, 0x48, 0x7e, 0x19, 0x1b, 0xf1, 0xf0, 0x13, 0x33, 0xf1, + 0x62, 0x31, 0x00, 0x97, 0x73, 0x9b, 0x3c, 0x26, 0xf8, 0x42, + 0xd0, 0xd4, 0x41, 0x1b, 0x9f, 0x7e, 0x43, 0x4b, 0x0b, 0x08, + 0xd7, 0xa0, 0xa8, 0x32, 0x34, 0x0a, 0xc9, 0xef, 0xb8, 0xeb, + 0xe7, 0x64, 0x3b, 0x40, 0x88, 0xe0, 0x60, 0x59, 0x07, 0xef, + 0xb9, 0x5f, 0x71, 0x92, 0x90, 0xa4, 0x5f, 0x34, 0x38, 0x93, + 0x92, 0x43, 0x87, 0xaf, 0xdd, 0x87, 0x63, 0x8c, 0x1d, 0xe5, + 0x86, 0x9e, 0xe6, 0xde, 0x94, 0xdd, 0x33, 0x5d, 0x95, 0x64, + 0xd8, 0xc4, 0x8a, 0x3c, 0xe7, 0x4b, 0xd6, 0x3f, 0xc5, 0x69, + 0x6a, 0xa8, 0x7f, 0x0f, 0x93, 0x77, 0x02, 0x46, 0x66, 0xa5, + 0xa0, 0x60, 0x8b, 0xec, 0xb1, 0xa2, 0xfc, 0x2a, 0x09, 0xb8, + 0x08, 0x1c, 0x05, 0x6b, 0x78, 0xb7, 0x7a, 0xe5, 0x60, 0xa4, + 0xaf, 0x3a, 0x9d, 0xaa, 0xf5, 0x22, 0x9b, 0x5e, 0xef, 0xc3, + 0x46, 0xed, 0x67, 0xd0, 0x8b, 0xda, 0xb4, 0xa3, 0x34, 0x32, + 0x20, 0x9d, 0x88, 0x7e, 0x43, 0x42, 0x6f, 0x02, 0xf8, 0x48, + 0x9b, 0xc5, 0x02, 0xad, 0xaa, 0xa9, 0xee, 0x19, 0x1b, 0xde, + 0x02, 0x83, 0x81, 0x10, 0xa6, 0x79, 0x4e, 0xad, 0x15, 0xf7, + 0x3e, 0x4e, 0x1e, 0x72, 0xfe, 0x52, 0x49, 0x24, 0xce, 0x82, + 0x31, 0x59, 0x72, 0xae, 0xd5, 0x34, 0x50, 0x87, 0x8b, 0xe3, + 0x8e, 0xec, 0x61, 0x35, 0x13, 0x57, 0xb1, 0xe6, 0xac, 0xfb, + 0x16, 0xc3, 0x1a, 0x98, 0x92, 0xcb, 0xcd, 0xc9, 0xf7, 0x10, + 0x6a, 0x43, 0x96, 0x33, 0x2d, 0x6f, 0x6c, 0x76, 0xb0, 0xf6, + 0x48, 0x4c, 0xae, 0x13, 0x67, 0x5d, 0x42, 0x01, 0x8e, 0x54, + 0x51, 0xcc, 0x65, 0xf1, 0x95, 0x11, 0x3c, 0x96, 0x2a, 0x5a, + 0x42, 0x3d, 0x9b, 0xbb, 0xb7, 0x7b, 0x28, 0x96, 0x09, 0xbb, + 0xed, 0x2d, 0xbc, 0xb7, 0x90, 0x62, 0xd3, 0xbe, 0xbd, 0xae, + 0x50, 0x15, 0x96, 0xc1, 0x03, 0x91, 0x14, 0x34, 0x4f, 0x21, + 0xa5, 0x6e, 0x78, 0x4a, 0x5d, 0x8b, 0xcf, 0x5b, 0x1a, 0x8a, + 0x57, 0x43, 0xb8, 0x25, 0xd3, 0xa2, 0xcd, 0x78, 0xb4, 0x93, + 0x07, 0x7a, 0x14, 0xc1, 0x0c, 0x6f, 0x5f, 0x5e, 0xcb, 0x11, + 0x17, 0x81, 0x0d, 0x7d, 0x0f, 0xda, 0xd1, 0x92, 0x43, 0x56, + 0xaf, 0x75, 0x53, 0x44, 0x1f, 0xc7, 0x9c, 0xd3, 0xc5, 0x47, + 0xe0, 0xac, 0x4a, 0x11, 0xe4, 0xfe, 0x6c, 0x80, 0x79, 0xcc, + 0x60, 0x7a, 0xd9, 0x56, 0x65, 0x83, 0x5e, 0xcf, 0x37, 0x27, + 0x55, 0xe2, 0x4d, 0xf9, 0xd6, 0x09, 0x2d, 0xee, 0xda, 0x10, + 0x6b, 0xdc, 0xd2, 0x70, 0x46, 0x94, 0xaa, 0xf5, 0x21, 0xc5, + 0xf0, 0x79, 0xdb, 0x9b, 0x8e, 0x9a, 0xdb, 0x5a, 0x56, 0x41, + 0x43, 0xe7, 0x1f, 0x8d, 0xfd, 0xda, 0x12, 0x5f, 0xf7, 0x9e, + 0x47, 0x1a, 0xf7, 0x73, 0x40, 0x67, 0xc2, 0x61, 0x07, 0x33, + 0x16, 0x78, 0x60, 0x05, 0x85, 0x5c, 0x2f, 0x2b, 0xbf, 0x2c, + 0x7a, 0x39, 0xc6, 0xed, 0xcb, 0x43, 0x66, 0x27, 0x93, 0xcd, + 0x92, 0x8d, 0x62, 0x8c, 0xaa, 0x61, 0x1c, 0x9c, 0x4c, 0x90, + 0xba, 0xba, 0x4b, 0xc1, 0xf1, 0x22, 0xde, 0xe0, 0xf9, 0x3e, + 0x04, 0xb9, 0x56, 0xa3, 0x1c, 0xe8, 0xda, 0xd6, 0x09, 0x4a, + 0x7d, 0x89, 0xbc, 0xf4, 0xe8, 0x4d, 0xa1, 0xe8, 0x34, 0x90, + 0xa5, 0x31, 0x3a, 0xec, 0x56, 0xc5, 0xd2, 0x92, 0x0b, 0xe9, + 0x58, 0xbb, 0xb2, 0x84, 0x9b, 0xa9, 0x1d, 0x19, 0xdb, 0x7a, + 0x02, 0x75, 0x79, 0x16, 0x35, 0xee, 0x3a, 0x3f, 0x4e, 0x5e, + 0x11, 0x90, 0x04, 0x03, 0xce, 0x8b, 0xa0, 0xd8, 0xc1, 0xee, + 0x52, 0x33, 0x6e, 0xd2, 0x6e, 0x06, 0x5c, 0x99, 0x24, 0x6f, + 0x16, 0xd9, 0x90, 0x28, 0xe5, 0x2d, 0x91, 0x6f, 0x1a, 0x57, + 0xf0, 0x4c, 0x7c, 0x3f, 0x7b, 0xd7, 0x30, 0xed, 0x6d, 0x21, + 0xb7, 0xf8, 0xed, 0xf3, 0x34, 0x89, 0xfa, 0xf0, 0x51, 0x6f, + 0x99, 0xa0, 0x5e, 0xf8, 0x74, 0xc7, 0x4f, 0xb5, 0x59, 0x52, + 0xbe, 0x45, 0xac, 0x3f, 0x34, 0x51, 0x87, 0x6e, 0x84, 0xea, + 0xb0, 0x40, 0xe1, 0x84, 0x16, 0x66, 0x30, 0xf1, 0x5c, 0xb2, + 0x74, 0x25, 0x03, 0xe3, 0x2e, 0x82, 0xc5, 0x60, 0x9d, 0xe4, + 0xca, 0xec, 0x49, 0x6b, 0x4e, 0x5a, 0x09, 0xa8, 0xfe, 0xff, + 0x1d, 0xa1, 0xe8, 0xec, 0x9a, 0x22, 0x3b, 0xd6, 0x72, 0x93, + 0x6f, 0x6b, 0x5a, 0xfb, 0x2d, 0x5a, 0xde, 0x01, 0x3e, 0xf6, + 0xdc, 0x77, 0x55, 0x1e, 0x32, 0x19, 0xc8, 0xa1, 0xbb, 0xcf, + 0xcb, 0x41, 0x54, 0xa2, 0xcb, 0xe6, 0x61, 0xca, 0x43, 0x63, + 0xd2, 0x2c, 0xae, 0xf4, 0xd9, 0x49, 0xb1, 0x75, 0x1a, 0x06, + 0x92, 0x13, 0x90, 0x57, 0x89, 0x8e, 0x9f, 0x26, 0xc5, 0x14, + 0xd8, 0xc7, 0x93, 0xb2, 0xaa, 0x3a, 0x9c, 0x10, 0xd5, 0x68, + 0x52, 0x28, 0x39, 0xee, 0x30, 0xdc, 0x00, 0x4b, 0x65, 0x72, + 0x59, 0x98, 0xad, 0x2e, 0x8c, 0xaf, 0x4e, 0x79, 0x0a, 0x8c, + 0x0c, 0x9d, 0xb6, 0x43, 0x26, 0x83, 0x71, 0x7b, 0x1e, 0x86, + 0x4d, 0x33, 0xd7, 0x20, 0x29, 0x6a, 0xbf, 0x2f, 0x8e, 0x4b, + 0x13, 0x35, 0x65, 0xc8, 0xec, 0xe3, 0x2c, 0xde, 0xfb, 0x30, + 0x57, 0xa9, 0x92, 0x22, 0x5d, 0x79, 0x16, 0x07, 0x73, 0x9b, + 0xe2, 0x6e, 0xd4, 0x99, 0xb4, 0x35, 0xfd, 0xa2, 0xb5, 0xd9, + 0xe5, 0x74, 0xd1, 0xb2, 0xcf, 0x32, 0xf1, 0x19, 0x69, 0xcf, + 0x1e, 0x10, 0xcc, 0x3c, 0xaf, 0xbe, 0xa4, 0x33, 0x11, 0x83, + 0x64, 0xc0, 0x39, 0xe5, 0xb0, 0x8f, 0x32, 0xf4, 0x01, 0x6a, + 0x2a, 0x11, 0x8e, 0xdd, 0x03, 0x81, 0x39, 0xe7, 0x70, 0x16, + 0x2f, 0x0e, 0x24, 0xa9, 0x12, 0x0b, 0xdb, 0xa8, 0x6c, 0xb3, + 0xf3, 0x74, 0x95, 0xca, 0x64, 0x1d, 0xee, 0x25, 0xc5, 0x27, + 0xed, 0x0f, 0x82, 0xb5, 0x7a, 0x62, 0x27, 0xb2, 0x87, 0x53, + 0x11, 0x39, 0x5e, 0xb8, 0x11, 0xca, 0x25, 0xe8, 0x17, 0x46, + 0xd3, 0x0f, 0x5d, 0x70, 0x68, 0xe1, 0x5f, 0xd1, 0xab, 0x65, + 0xe5, 0x42, 0x87, 0x1e, 0x96, 0xaf, 0x13, 0x0c, 0x9b, 0x15, + 0x75, 0x14, 0x31, 0x75, 0xcc, 0x15, 0xbf, 0x2c, 0x74, 0xab, + 0xc9, 0x9c, 0xda, 0x62, 0x1d, 0xeb, 0x19, 0x81, 0x67, 0x5e, + 0xcd, 0x54, 0x87, 0x07, 0x67, 0xba, 0xe3, 0xf6, 0x03, 0xbe, + 0x6d, 0x64, 0x2d, 0xbc, 0xec, 0x54, 0x13, 0x12, 0x5b, 0x44, + 0x90, 0x95, 0x86, 0x77, 0x8c, 0x59, 0xbd, 0x8e, 0xba, 0xb1, + 0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4, + 0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f, }; static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key); -/* certs/dilithium/bench_dilithium_level3_key.der */ -static const unsigned char bench_dilithium_level3_key[] = -{ - 0x30, 0x82, 0x17, 0x5A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, - 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, - 0x06, 0x05, 0x04, 0x82, 0x17, 0x44, 0x04, 0x82, 0x17, 0x40, - 0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF, - 0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76, - 0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74, - 0xB1, 0xC2, 0x8D, 0x95, 0x6D, 0x38, 0x49, 0x01, 0xA8, 0x3D, - 0x63, 0x0B, 0xDF, 0x4B, 0x5D, 0xF4, 0xC4, 0x98, 0x27, 0x77, - 0x88, 0xA0, 0xA9, 0xF2, 0x38, 0x32, 0x62, 0x17, 0x11, 0xD6, - 0xBE, 0xA0, 0xFD, 0xEB, 0xBF, 0x4A, 0xF2, 0x6C, 0x44, 0x62, - 0x2D, 0x87, 0x3D, 0xAD, 0x0C, 0x47, 0x06, 0x00, 0x7E, 0xAF, - 0x52, 0xE7, 0xA1, 0x8E, 0x7A, 0xA7, 0x7D, 0x3C, 0xE5, 0xB2, - 0x59, 0xDA, 0x89, 0x76, 0xF7, 0xD4, 0x73, 0x16, 0x33, 0x67, - 0x88, 0x46, 0x51, 0x13, 0x12, 0x38, 0x64, 0x76, 0x73, 0x40, - 0x16, 0x55, 0x70, 0x06, 0x32, 0x84, 0x47, 0x25, 0x33, 0x44, - 0x70, 0x68, 0x36, 0x25, 0x62, 0x47, 0x76, 0x65, 0x73, 0x11, - 0x28, 0x00, 0x75, 0x33, 0x81, 0x13, 0x62, 0x51, 0x31, 0x33, - 0x11, 0x41, 0x51, 0x62, 0x55, 0x33, 0x07, 0x60, 0x14, 0x18, - 0x30, 0x58, 0x22, 0x67, 0x26, 0x86, 0x12, 0x78, 0x17, 0x47, - 0x30, 0x06, 0x05, 0x36, 0x37, 0x23, 0x08, 0x67, 0x05, 0x05, - 0x06, 0x85, 0x33, 0x83, 0x14, 0x63, 0x44, 0x35, 0x00, 0x04, - 0x56, 0x03, 0x23, 0x03, 0x33, 0x13, 0x02, 0x23, 0x25, 0x80, - 0x22, 0x00, 0x53, 0x73, 0x13, 0x70, 0x03, 0x84, 0x15, 0x50, - 0x14, 0x20, 0x06, 0x74, 0x03, 0x41, 0x26, 0x74, 0x63, 0x65, - 0x42, 0x03, 0x00, 0x72, 0x66, 0x44, 0x36, 0x88, 0x60, 0x85, - 0x76, 0x86, 0x17, 0x72, 0x16, 0x37, 0x23, 0x82, 0x15, 0x84, - 0x57, 0x14, 0x20, 0x72, 0x15, 0x55, 0x26, 0x42, 0x82, 0x66, - 0x40, 0x54, 0x03, 0x54, 0x62, 0x61, 0x83, 0x35, 0x20, 0x76, - 0x62, 0x14, 0x37, 0x35, 0x42, 0x04, 0x32, 0x72, 0x08, 0x35, - 0x42, 0x74, 0x51, 0x24, 0x54, 0x86, 0x36, 0x56, 0x11, 0x83, - 0x64, 0x44, 0x54, 0x78, 0x80, 0x50, 0x55, 0x72, 0x84, 0x16, - 0x48, 0x13, 0x04, 0x17, 0x06, 0x36, 0x25, 0x48, 0x21, 0x33, - 0x45, 0x71, 0x21, 0x54, 0x10, 0x26, 0x13, 0x72, 0x12, 0x30, - 0x03, 0x73, 0x48, 0x84, 0x16, 0x22, 0x11, 0x38, 0x26, 0x43, - 0x53, 0x36, 0x56, 0x12, 0x15, 0x70, 0x07, 0x57, 0x00, 0x65, - 0x72, 0x11, 0x73, 0x48, 0x01, 0x13, 0x31, 0x58, 0x82, 0x60, - 0x61, 0x17, 0x78, 0x44, 0x48, 0x15, 0x48, 0x26, 0x62, 0x43, - 0x72, 0x44, 0x62, 0x76, 0x40, 0x15, 0x63, 0x26, 0x10, 0x51, - 0x82, 0x21, 0x05, 0x82, 0x30, 0x56, 0x58, 0x62, 0x76, 0x48, - 0x67, 0x82, 0x86, 0x51, 0x32, 0x37, 0x78, 0x38, 0x13, 0x82, - 0x55, 0x22, 0x45, 0x22, 0x68, 0x66, 0x15, 0x30, 0x35, 0x77, - 0x04, 0x28, 0x45, 0x85, 0x72, 0x48, 0x30, 0x26, 0x06, 0x24, - 0x12, 0x75, 0x42, 0x53, 0x88, 0x14, 0x15, 0x07, 0x08, 0x86, - 0x05, 0x08, 0x01, 0x56, 0x77, 0x44, 0x38, 0x53, 0x22, 0x21, - 0x20, 0x56, 0x25, 0x15, 0x72, 0x68, 0x27, 0x03, 0x71, 0x25, - 0x64, 0x11, 0x44, 0x34, 0x77, 0x60, 0x68, 0x58, 0x44, 0x74, - 0x76, 0x63, 0x86, 0x16, 0x01, 0x40, 0x68, 0x51, 0x20, 0x12, - 0x36, 0x55, 0x01, 0x84, 0x61, 0x80, 0x46, 0x36, 0x28, 0x82, - 0x44, 0x66, 0x14, 0x80, 0x50, 0x32, 0x34, 0x46, 0x21, 0x34, - 0x63, 0x04, 0x22, 0x20, 0x17, 0x84, 0x88, 0x88, 0x47, 0x02, - 0x52, 0x60, 0x45, 0x35, 0x86, 0x72, 0x71, 0x43, 0x30, 0x58, - 0x24, 0x11, 0x11, 0x64, 0x45, 0x36, 0x25, 0x18, 0x82, 0x18, - 0x16, 0x80, 0x27, 0x76, 0x53, 0x08, 0x70, 0x87, 0x64, 0x43, - 0x68, 0x86, 0x07, 0x04, 0x34, 0x10, 0x68, 0x30, 0x21, 0x01, - 0x86, 0x66, 0x06, 0x50, 0x41, 0x72, 0x18, 0x00, 0x05, 0x40, - 0x36, 0x35, 0x60, 0x50, 0x82, 0x82, 0x24, 0x73, 0x31, 0x35, - 0x81, 0x35, 0x02, 0x50, 0x22, 0x76, 0x44, 0x52, 0x27, 0x43, - 0x82, 0x66, 0x51, 0x38, 0x86, 0x72, 0x18, 0x54, 0x20, 0x65, - 0x45, 0x26, 0x03, 0x42, 0x24, 0x25, 0x27, 0x36, 0x02, 0x04, - 0x38, 0x77, 0x18, 0x44, 0x17, 0x78, 0x46, 0x34, 0x68, 0x00, - 0x72, 0x57, 0x72, 0x67, 0x53, 0x82, 0x51, 0x06, 0x34, 0x56, - 0x71, 0x26, 0x73, 0x55, 0x58, 0x11, 0x44, 0x15, 0x26, 0x81, - 0x14, 0x88, 0x25, 0x45, 0x52, 0x84, 0x13, 0x60, 0x12, 0x26, - 0x12, 0x36, 0x11, 0x61, 0x30, 0x25, 0x32, 0x83, 0x00, 0x71, - 0x73, 0x04, 0x48, 0x40, 0x70, 0x21, 0x36, 0x54, 0x45, 0x33, - 0x43, 0x00, 0x76, 0x62, 0x63, 0x71, 0x15, 0x35, 0x27, 0x50, - 0x06, 0x16, 0x30, 0x45, 0x08, 0x12, 0x51, 0x68, 0x38, 0x21, - 0x71, 0x61, 0x61, 0x18, 0x35, 0x15, 0x25, 0x47, 0x14, 0x62, - 0x51, 0x14, 0x76, 0x12, 0x62, 0x60, 0x63, 0x16, 0x20, 0x68, - 0x62, 0x31, 0x56, 0x64, 0x05, 0x84, 0x56, 0x26, 0x40, 0x42, - 0x88, 0x05, 0x60, 0x84, 0x82, 0x10, 0x23, 0x87, 0x63, 0x33, - 0x60, 0x40, 0x58, 0x12, 0x83, 0x26, 0x03, 0x13, 0x85, 0x23, - 0x02, 0x73, 0x05, 0x27, 0x40, 0x02, 0x75, 0x85, 0x46, 0x51, - 0x83, 0x71, 0x37, 0x16, 0x05, 0x86, 0x35, 0x01, 0x45, 0x00, - 0x53, 0x68, 0x27, 0x11, 0x06, 0x08, 0x82, 0x60, 0x58, 0x28, - 0x50, 0x07, 0x32, 0x56, 0x26, 0x46, 0x78, 0x63, 0x71, 0x16, - 0x48, 0x46, 0x86, 0x41, 0x37, 0x75, 0x06, 0x01, 0x11, 0x46, - 0x45, 0x21, 0x03, 0x82, 0x42, 0x75, 0x83, 0x30, 0x66, 0x00, - 0x74, 0x74, 0x46, 0x05, 0x33, 0x82, 0x33, 0x07, 0x34, 0x53, - 0x07, 0x78, 0x53, 0x07, 0x41, 0x37, 0x78, 0x54, 0x06, 0x11, - 0x42, 0x47, 0x05, 0x02, 0x62, 0x34, 0x27, 0x17, 0x78, 0x70, - 0x70, 0x46, 0x00, 0x38, 0x75, 0x48, 0x74, 0x46, 0x83, 0x35, - 0x08, 0x46, 0x14, 0x12, 0x20, 0x68, 0x00, 0x73, 0x57, 0x81, - 0x84, 0x62, 0x43, 0x11, 0x28, 0x87, 0x13, 0x30, 0x06, 0x70, - 0x15, 0x46, 0x51, 0x14, 0x74, 0x13, 0x53, 0x26, 0x84, 0x78, - 0x86, 0x15, 0x84, 0x18, 0x70, 0x56, 0x41, 0x33, 0x61, 0x56, - 0x28, 0x11, 0x30, 0x73, 0x82, 0x00, 0x57, 0x68, 0x61, 0x44, - 0x04, 0x64, 0x78, 0x68, 0x14, 0x02, 0x83, 0x88, 0x86, 0x88, - 0x40, 0x16, 0x81, 0x20, 0x68, 0x72, 0x67, 0x05, 0x76, 0x06, - 0x54, 0x74, 0x35, 0x71, 0x02, 0x67, 0x45, 0x24, 0x73, 0x64, - 0x87, 0x31, 0x60, 0x37, 0x04, 0x11, 0x85, 0x63, 0x40, 0x71, - 0x38, 0x46, 0x65, 0x16, 0x10, 0x85, 0x06, 0x37, 0x25, 0x53, - 0x05, 0x58, 0x45, 0x87, 0x17, 0x47, 0x78, 0x10, 0x22, 0x26, - 0x24, 0x86, 0x44, 0x63, 0x45, 0x00, 0x14, 0x77, 0x60, 0x04, - 0x54, 0x45, 0x40, 0x32, 0x45, 0x03, 0x60, 0x87, 0x05, 0x02, - 0x18, 0x22, 0x20, 0x61, 0x07, 0x36, 0x72, 0x52, 0x53, 0x65, - 0x27, 0x26, 0x37, 0x54, 0x31, 0x34, 0x22, 0x54, 0x37, 0x25, - 0x83, 0x14, 0x74, 0x75, 0x17, 0x61, 0x48, 0x74, 0x24, 0x43, - 0x80, 0x81, 0x15, 0x06, 0x88, 0x23, 0x84, 0x55, 0x20, 0x11, - 0x87, 0x83, 0x64, 0x36, 0x48, 0x88, 0x32, 0x20, 0x28, 0x54, - 0x88, 0x85, 0x35, 0x61, 0x00, 0x21, 0x01, 0x31, 0x44, 0x13, - 0x71, 0x48, 0x23, 0x47, 0x31, 0x62, 0x40, 0x18, 0x21, 0x78, - 0x34, 0x12, 0x88, 0x10, 0x76, 0x46, 0x72, 0x37, 0x70, 0x84, - 0x15, 0x41, 0x84, 0x22, 0x20, 0x22, 0x27, 0x44, 0x81, 0x03, - 0x46, 0x48, 0x26, 0x16, 0x21, 0x15, 0x31, 0x85, 0x73, 0x74, - 0x73, 0x06, 0x55, 0x21, 0x12, 0x53, 0x13, 0x34, 0x01, 0x64, - 0x40, 0x83, 0x08, 0x57, 0x24, 0x04, 0x18, 0x33, 0x70, 0x18, - 0x17, 0x06, 0x14, 0x28, 0x12, 0x58, 0x00, 0x25, 0x57, 0x20, - 0x00, 0x76, 0x73, 0x45, 0x68, 0x16, 0x60, 0x22, 0x17, 0x22, - 0x37, 0x75, 0x53, 0x48, 0x40, 0x21, 0x64, 0x27, 0x52, 0x48, - 0x53, 0x61, 0x64, 0x87, 0x57, 0x61, 0x13, 0x75, 0x80, 0x08, - 0x63, 0x33, 0x60, 0x26, 0x10, 0x25, 0x61, 0x78, 0x47, 0x78, - 0x07, 0x16, 0x00, 0x52, 0x31, 0x30, 0x63, 0x66, 0x46, 0x80, - 0x07, 0x10, 0x45, 0x11, 0x13, 0x80, 0x25, 0x61, 0x25, 0x53, - 0x80, 0x71, 0x38, 0x31, 0x47, 0x55, 0x02, 0x25, 0x50, 0x87, - 0x57, 0x35, 0x74, 0x11, 0x46, 0x44, 0x53, 0x24, 0x60, 0x33, - 0x15, 0x12, 0x77, 0x20, 0x36, 0x24, 0x70, 0x04, 0x87, 0x05, - 0x71, 0x07, 0x77, 0x36, 0x47, 0x01, 0x73, 0x61, 0x32, 0x62, - 0x28, 0x81, 0x67, 0x17, 0x38, 0x45, 0x21, 0x03, 0x24, 0x72, - 0x82, 0x64, 0x84, 0x43, 0x07, 0x11, 0x20, 0x72, 0x71, 0x04, - 0x58, 0x36, 0x22, 0x21, 0x33, 0x67, 0x55, 0x48, 0x03, 0x68, - 0x32, 0x70, 0x04, 0x63, 0x11, 0x34, 0x27, 0x82, 0x42, 0x56, - 0x28, 0x74, 0x77, 0x72, 0x18, 0x27, 0x35, 0x87, 0x03, 0x18, - 0x40, 0x32, 0x78, 0x07, 0x14, 0x43, 0x73, 0x73, 0x84, 0x63, - 0x78, 0x68, 0x03, 0x22, 0x55, 0x30, 0x18, 0x88, 0x15, 0x86, - 0x18, 0x51, 0x12, 0x42, 0x13, 0x60, 0x22, 0x44, 0x61, 0x44, - 0x35, 0x73, 0x08, 0x85, 0x53, 0x02, 0x73, 0x83, 0x25, 0x85, - 0x64, 0x78, 0x16, 0x12, 0x13, 0x63, 0x48, 0x35, 0x02, 0x71, - 0x72, 0x58, 0x12, 0x10, 0x65, 0x42, 0x22, 0x54, 0x80, 0x60, - 0x57, 0x84, 0x72, 0x76, 0x67, 0x35, 0x25, 0x14, 0x73, 0x70, - 0x48, 0x03, 0x78, 0x07, 0x74, 0x48, 0x67, 0x48, 0x01, 0x62, - 0x78, 0x05, 0x37, 0x66, 0x42, 0x45, 0x33, 0x65, 0x08, 0x70, - 0x42, 0x15, 0x72, 0x53, 0x13, 0x20, 0x14, 0x38, 0x05, 0x53, - 0x00, 0x45, 0x25, 0x20, 0x80, 0x75, 0x01, 0x65, 0x80, 0x70, - 0x61, 0x50, 0x15, 0x10, 0x77, 0x23, 0x38, 0x31, 0x21, 0x51, - 0x78, 0x11, 0x88, 0x71, 0x18, 0x06, 0x45, 0x62, 0x47, 0x35, - 0x43, 0x00, 0x52, 0x34, 0x41, 0x75, 0x18, 0x13, 0x51, 0x35, - 0x72, 0x11, 0x78, 0x17, 0x30, 0x44, 0x83, 0x25, 0x64, 0x42, - 0x65, 0x23, 0x50, 0x32, 0x85, 0x30, 0x67, 0x10, 0x70, 0x01, - 0x16, 0x62, 0x36, 0x46, 0x18, 0x53, 0x53, 0x80, 0x13, 0x65, - 0x66, 0x53, 0x61, 0x55, 0x07, 0x71, 0x34, 0x56, 0x31, 0x67, - 0x64, 0x42, 0x64, 0x41, 0x22, 0x56, 0x44, 0x67, 0x25, 0x52, - 0x08, 0x17, 0x38, 0x45, 0x76, 0x83, 0x37, 0x15, 0x76, 0x31, - 0x83, 0x47, 0x30, 0x21, 0x55, 0x73, 0x37, 0x82, 0x11, 0x56, - 0x67, 0x27, 0x23, 0x44, 0x72, 0x82, 0x10, 0x80, 0x43, 0x11, - 0x16, 0x02, 0x21, 0x40, 0x42, 0x10, 0x12, 0x74, 0x58, 0x40, - 0x74, 0x00, 0x66, 0x02, 0x85, 0x76, 0x21, 0x17, 0x83, 0x78, - 0x80, 0x40, 0x46, 0x87, 0x66, 0x24, 0x35, 0x80, 0x31, 0x77, - 0x87, 0x10, 0x47, 0x02, 0x20, 0x65, 0x43, 0x73, 0x41, 0x61, - 0x72, 0x18, 0x21, 0x52, 0x32, 0x82, 0x08, 0x82, 0x00, 0x57, - 0x52, 0x41, 0x45, 0x10, 0x51, 0x41, 0x28, 0x37, 0x72, 0x45, - 0x77, 0x10, 0x56, 0x06, 0x54, 0x30, 0x03, 0x74, 0x13, 0x56, - 0x77, 0x54, 0x04, 0x86, 0x13, 0x77, 0x81, 0x77, 0x57, 0x15, - 0x76, 0x13, 0x51, 0x75, 0x4C, 0xD3, 0x8C, 0xF8, 0x0F, 0x87, - 0x37, 0xBC, 0x26, 0x1B, 0x7A, 0x1C, 0xDC, 0x05, 0xFD, 0x9B, - 0x97, 0x8C, 0x4D, 0xE5, 0x06, 0xFF, 0x57, 0x65, 0xDC, 0xFC, - 0xBF, 0x55, 0x20, 0x8F, 0xC9, 0xAB, 0x63, 0x4C, 0x37, 0x02, - 0xB5, 0x51, 0x79, 0x6B, 0xC2, 0x02, 0x74, 0xE5, 0x74, 0x72, - 0xC4, 0x3C, 0x8F, 0xD2, 0x79, 0xCB, 0x65, 0x3C, 0xBD, 0xA6, - 0xC5, 0x19, 0xDF, 0xFC, 0x24, 0xB9, 0x91, 0x81, 0x41, 0x4D, - 0xDF, 0x2E, 0x6A, 0xBD, 0x5A, 0xC4, 0x04, 0x03, 0x7F, 0x71, - 0x7D, 0x51, 0xDD, 0x2F, 0xAE, 0x4C, 0x9A, 0xF8, 0x98, 0x11, - 0xA0, 0xCE, 0xF7, 0xDE, 0xF5, 0xC6, 0x91, 0xD3, 0xDC, 0xE7, - 0xAA, 0xD0, 0x7D, 0xDF, 0x5F, 0xF2, 0x5B, 0x55, 0x9C, 0xD6, - 0x8D, 0xC9, 0x1E, 0xC7, 0x80, 0xD9, 0xC5, 0xFA, 0x15, 0xEB, - 0xCE, 0x6B, 0x99, 0x71, 0xBD, 0xED, 0x0C, 0x24, 0x1B, 0x97, - 0x52, 0xFA, 0x54, 0xF5, 0x72, 0x48, 0x97, 0x05, 0x8B, 0x04, - 0xE5, 0xAA, 0xE0, 0xDC, 0x98, 0x13, 0xD2, 0x27, 0xB0, 0x0B, - 0x49, 0x8B, 0xA0, 0xD1, 0x2C, 0x18, 0xA5, 0xFA, 0x2A, 0x80, - 0x4B, 0xF7, 0x4B, 0x8C, 0xE0, 0xA4, 0xCD, 0xD0, 0x75, 0xE9, - 0x4A, 0x75, 0x15, 0x1B, 0xB8, 0x51, 0xD8, 0x8D, 0x1E, 0xA4, - 0xD1, 0xCD, 0x0E, 0xEE, 0xD4, 0xAA, 0x55, 0x0C, 0x6A, 0xB3, - 0xC9, 0x51, 0x66, 0x72, 0x76, 0xF4, 0xF9, 0xA4, 0xC2, 0x56, - 0x9D, 0xF9, 0x7C, 0x4C, 0x91, 0x27, 0xAC, 0xB3, 0x3E, 0x6B, - 0x2D, 0x5B, 0x84, 0xF3, 0x68, 0xD7, 0x28, 0xAE, 0xB6, 0x75, - 0x41, 0x46, 0xF2, 0x50, 0xF4, 0x20, 0x04, 0x4E, 0xB3, 0x0D, - 0xC3, 0xAE, 0xA9, 0x87, 0x9E, 0xB2, 0x05, 0xAE, 0x33, 0x76, - 0x76, 0x1A, 0x7A, 0xAB, 0xFD, 0x55, 0x77, 0x64, 0xF0, 0x0A, - 0x7C, 0x4F, 0x75, 0xE7, 0xBC, 0x09, 0x2D, 0x99, 0x4B, 0x90, - 0x13, 0x42, 0x62, 0xBD, 0x70, 0x14, 0x39, 0x23, 0x3A, 0x8A, - 0x32, 0x30, 0xEA, 0x66, 0x24, 0x85, 0xAF, 0x0B, 0xD7, 0x72, - 0xC4, 0xFC, 0x89, 0xD9, 0xB6, 0x9A, 0x1D, 0xA4, 0x10, 0x50, - 0x69, 0x98, 0x8E, 0x00, 0xA1, 0xCF, 0x94, 0x6C, 0x1B, 0x79, - 0x3A, 0xB7, 0xD8, 0x86, 0x1C, 0xD1, 0x95, 0x72, 0x0A, 0x3A, - 0xDA, 0xEF, 0x26, 0x15, 0xA5, 0xE4, 0x67, 0xD6, 0x04, 0xC5, - 0x0A, 0xBA, 0x50, 0x21, 0x9C, 0xB7, 0x1A, 0xF1, 0x1F, 0x1D, - 0x90, 0x5A, 0x6E, 0x40, 0xF8, 0xC1, 0xAB, 0xBD, 0x88, 0xA7, - 0xB8, 0x25, 0xBD, 0xCB, 0x93, 0xFA, 0x79, 0xAE, 0xAF, 0x1A, - 0xBD, 0x7B, 0xC4, 0x9F, 0x89, 0x7C, 0xFF, 0xFB, 0x0E, 0x27, - 0x32, 0x20, 0x6D, 0x47, 0x6B, 0x0E, 0x0D, 0xA1, 0x6A, 0x55, - 0x7F, 0xFD, 0x73, 0x9B, 0xC5, 0x3F, 0xF8, 0x08, 0xAA, 0xFE, - 0x0F, 0x7E, 0xAD, 0xB8, 0x13, 0x50, 0x79, 0x8D, 0x58, 0xAF, - 0xB2, 0xC6, 0x66, 0x24, 0xA8, 0x19, 0xD6, 0x90, 0x81, 0x54, - 0x92, 0x7B, 0xAF, 0xA8, 0xB8, 0x3D, 0x27, 0xD0, 0xC0, 0x08, - 0xB6, 0x45, 0x3D, 0x24, 0x46, 0xA0, 0x04, 0x8A, 0x26, 0x95, - 0xCF, 0x3F, 0x3C, 0x31, 0x43, 0x5D, 0xCA, 0x7A, 0xED, 0xF7, - 0xD3, 0xB5, 0xA0, 0xEE, 0xDC, 0x97, 0x76, 0xB3, 0x2F, 0x89, - 0x18, 0x62, 0xAC, 0x4B, 0x8B, 0xFC, 0x06, 0x1E, 0x15, 0xE5, - 0x25, 0x72, 0x46, 0xB9, 0x02, 0xD9, 0x0C, 0x38, 0xCF, 0x82, - 0x13, 0x19, 0x6E, 0x18, 0x85, 0xC6, 0x76, 0xF9, 0x10, 0xF9, - 0xCD, 0x72, 0x05, 0xED, 0x5E, 0xAE, 0xBB, 0xD2, 0xAB, 0x64, - 0x13, 0x3E, 0x9F, 0x20, 0xCF, 0x8C, 0xC0, 0x37, 0x71, 0x38, - 0x22, 0x49, 0x38, 0x9C, 0x23, 0xCB, 0x0B, 0xC3, 0xE8, 0xE5, - 0xEB, 0x31, 0x61, 0x07, 0xFE, 0x2A, 0xAC, 0xDE, 0x90, 0x35, - 0x24, 0xEB, 0x6B, 0xB6, 0x34, 0x51, 0x9C, 0xE2, 0x7D, 0xD0, - 0x8B, 0x38, 0xDB, 0x81, 0x7B, 0x24, 0x7B, 0x69, 0x84, 0x1D, - 0x17, 0x9F, 0x64, 0x63, 0x6F, 0x3F, 0x43, 0xFC, 0xFE, 0x07, - 0x72, 0x66, 0x84, 0xE3, 0xCD, 0x4F, 0x25, 0x70, 0x81, 0x64, - 0x66, 0x2C, 0xA8, 0x35, 0x11, 0x1B, 0xF3, 0x03, 0x1B, 0x5B, - 0xDC, 0xFB, 0x7D, 0xAD, 0x14, 0x11, 0xC8, 0xB1, 0x0C, 0x7E, - 0x36, 0x79, 0x34, 0x79, 0x1A, 0x88, 0x8A, 0x8F, 0xF6, 0x66, - 0xB4, 0x95, 0xD4, 0xA1, 0x02, 0xF9, 0x1D, 0x26, 0x53, 0x7A, - 0x34, 0x00, 0x36, 0x0E, 0xE7, 0xFB, 0x7A, 0x60, 0xF9, 0xC3, - 0xCF, 0x30, 0xCB, 0xF0, 0x27, 0xB5, 0xD6, 0xCF, 0x15, 0x33, - 0x53, 0x88, 0x7C, 0x50, 0x07, 0xF4, 0x27, 0xE0, 0x40, 0x47, - 0xFE, 0x86, 0x0E, 0xFF, 0x07, 0x5F, 0x55, 0xB8, 0x3B, 0xAA, - 0xFB, 0xB0, 0x6B, 0x98, 0x47, 0x59, 0xB8, 0x33, 0xAA, 0x67, - 0x6B, 0x36, 0xEB, 0x76, 0x43, 0xAF, 0x31, 0x52, 0x62, 0x3D, - 0x7F, 0x64, 0x6A, 0xFC, 0x36, 0x92, 0x96, 0xF8, 0xD9, 0xE7, - 0x13, 0x77, 0x1D, 0xD0, 0xFB, 0x0D, 0x70, 0x29, 0x61, 0x52, - 0x82, 0xF4, 0xE4, 0xA7, 0x08, 0x47, 0x4C, 0x67, 0xEE, 0x36, - 0xD1, 0x1C, 0x18, 0x8B, 0xF1, 0x2D, 0xE2, 0x47, 0x16, 0x4D, - 0x1F, 0x05, 0xC6, 0x4E, 0xFB, 0x35, 0x51, 0x3A, 0x9E, 0xF9, - 0xE0, 0x1E, 0xC1, 0x64, 0x21, 0x0B, 0x8A, 0xF0, 0x1D, 0x32, - 0x78, 0x18, 0xF2, 0xB3, 0xB5, 0xBD, 0x66, 0x6B, 0xAD, 0x92, - 0x4F, 0x22, 0xDC, 0xB9, 0xCC, 0xF4, 0x98, 0x22, 0x99, 0xF6, - 0x3D, 0xC6, 0x8F, 0x28, 0x77, 0x60, 0x34, 0xD0, 0x73, 0xF5, - 0x4D, 0x9F, 0x6C, 0x5D, 0x94, 0xC2, 0x3D, 0x19, 0xCD, 0xC2, - 0x18, 0x41, 0x9B, 0x5F, 0x32, 0x2D, 0x5E, 0x3D, 0x92, 0xBE, - 0x26, 0x39, 0x85, 0x50, 0xE6, 0xE2, 0x49, 0x17, 0x19, 0xD3, - 0x57, 0xAF, 0x45, 0x85, 0x74, 0xF7, 0x16, 0x35, 0x0A, 0x94, - 0x54, 0x64, 0x45, 0xD5, 0x31, 0x51, 0x49, 0x8F, 0xA4, 0x4C, - 0x33, 0xBB, 0x62, 0x59, 0x6B, 0x08, 0xBD, 0x1C, 0xDD, 0x38, - 0x93, 0x22, 0x0B, 0xCF, 0x9B, 0x23, 0x87, 0x30, 0xA2, 0xA0, - 0x6D, 0x97, 0x2D, 0xD7, 0x2B, 0x16, 0x88, 0x72, 0x01, 0x9A, - 0x51, 0xBA, 0x56, 0xCE, 0xDC, 0xDD, 0xF9, 0x87, 0x41, 0xC8, - 0x44, 0xF1, 0xA2, 0x20, 0x9A, 0x11, 0x44, 0x13, 0xDF, 0x49, - 0x04, 0x85, 0x4C, 0x01, 0x46, 0x3E, 0xD6, 0xB8, 0xE2, 0xC2, - 0x2E, 0xED, 0xA4, 0x07, 0x29, 0x89, 0xA2, 0x46, 0x23, 0x98, - 0xA5, 0xEF, 0x59, 0x1A, 0xE7, 0x67, 0x64, 0x59, 0xF7, 0x2C, - 0x5B, 0x30, 0x29, 0x57, 0xE3, 0xDE, 0x5C, 0x84, 0x1B, 0x8F, - 0x3E, 0xB3, 0x5B, 0xF5, 0x0C, 0x6E, 0xB1, 0x4E, 0x2F, 0xB6, - 0xB6, 0x5B, 0x29, 0xCD, 0xBB, 0xB8, 0xC9, 0xF0, 0x39, 0xF9, - 0xB9, 0x11, 0x47, 0xEF, 0xF8, 0x90, 0xE0, 0x0F, 0x91, 0x70, - 0x97, 0xB4, 0xFC, 0xFD, 0xB5, 0x69, 0x8C, 0x61, 0x9A, 0x26, - 0xD2, 0xC9, 0x47, 0x67, 0xB7, 0xDB, 0x73, 0x11, 0xA3, 0xC1, - 0x3B, 0x4E, 0x5F, 0x60, 0xDA, 0x73, 0x39, 0x9B, 0xD4, 0x3D, - 0x24, 0xA6, 0x8A, 0xB5, 0x56, 0x5D, 0xBD, 0x27, 0xDE, 0x6C, - 0x67, 0xA1, 0x4A, 0x77, 0xB7, 0x44, 0x1D, 0x28, 0x44, 0xA0, - 0xA3, 0xF2, 0xEB, 0x3A, 0x9F, 0xE5, 0x5C, 0xF5, 0xE3, 0xFE, - 0xD0, 0xC3, 0xCA, 0x2A, 0x1A, 0x72, 0x86, 0xB3, 0x4E, 0x9D, - 0x25, 0x0B, 0x4C, 0xFF, 0x45, 0xB7, 0xDE, 0xE8, 0x8C, 0x0A, - 0x06, 0xED, 0x30, 0x26, 0x8F, 0xA1, 0xBF, 0x74, 0x22, 0x3D, - 0x50, 0x39, 0x17, 0xA9, 0x6B, 0x7C, 0xAC, 0xA0, 0x6A, 0xEA, - 0x14, 0x95, 0x5F, 0xAD, 0x3C, 0xB1, 0x4E, 0xE1, 0x30, 0x2F, - 0x4A, 0x77, 0x72, 0xC1, 0x1F, 0x4C, 0x91, 0x6B, 0xCF, 0x81, - 0x46, 0xAF, 0x2D, 0xEC, 0x59, 0x9E, 0x99, 0xD9, 0x60, 0x23, - 0x95, 0x08, 0x0D, 0xBB, 0xFD, 0xEC, 0x2A, 0xF7, 0x7B, 0x73, - 0x53, 0xF3, 0x88, 0xB7, 0xAF, 0x51, 0x69, 0xD5, 0x08, 0xFC, - 0xCC, 0x03, 0xD3, 0x61, 0x5C, 0xDD, 0x39, 0x56, 0x6B, 0xE4, - 0xEE, 0x1F, 0x0A, 0xD6, 0x1A, 0x84, 0x65, 0x45, 0x0C, 0x0A, - 0x34, 0xDE, 0x96, 0x24, 0xBB, 0x74, 0xF4, 0xB7, 0xE5, 0x2F, - 0xB5, 0x1F, 0x85, 0x9D, 0xD7, 0xEA, 0xB3, 0x33, 0xBE, 0xCF, - 0x19, 0x45, 0xCE, 0xF9, 0x13, 0xF5, 0xFD, 0x65, 0x5D, 0xBB, - 0xDB, 0x64, 0x94, 0xAC, 0xB8, 0x39, 0xAF, 0x9B, 0x56, 0xE4, - 0x5C, 0x95, 0x85, 0xFD, 0xB3, 0xF8, 0x3C, 0x98, 0xD3, 0x58, - 0xCE, 0xAB, 0x09, 0x0E, 0xA7, 0x42, 0x9B, 0x16, 0xA7, 0x63, - 0xEB, 0xB8, 0x7C, 0x01, 0xA2, 0xD4, 0x3C, 0x2B, 0xA7, 0xA3, - 0x52, 0x8C, 0x08, 0xA5, 0xA9, 0xAF, 0x63, 0x07, 0xDA, 0x45, - 0x86, 0x91, 0x64, 0xE6, 0x41, 0x75, 0x78, 0x46, 0x6F, 0xB9, - 0xB4, 0xEA, 0x6A, 0xDD, 0xC7, 0x1A, 0x1F, 0xC0, 0x8A, 0x00, - 0x81, 0x70, 0x74, 0x37, 0xC8, 0x84, 0x3F, 0xA8, 0xC9, 0xC1, - 0xC1, 0x60, 0x2B, 0x25, 0x9B, 0x66, 0x5F, 0x73, 0x15, 0x51, - 0xE2, 0xE4, 0x49, 0x5B, 0xEE, 0x20, 0xC8, 0x18, 0xE7, 0x65, - 0xED, 0x29, 0xEA, 0x96, 0x85, 0xB5, 0x63, 0xFB, 0xA6, 0x23, - 0x22, 0xB7, 0x4F, 0x6E, 0xE3, 0xF2, 0x9C, 0x01, 0x23, 0x7A, - 0xB9, 0x16, 0x2A, 0x93, 0xAF, 0x4F, 0xEA, 0x05, 0x15, 0x84, - 0x46, 0x32, 0x2F, 0x99, 0xB8, 0x78, 0x20, 0x78, 0x93, 0xC9, - 0x42, 0x6D, 0xBC, 0x70, 0xCE, 0x88, 0x6F, 0x12, 0x92, 0x3F, - 0xDE, 0xFB, 0xDE, 0x8E, 0xD3, 0x69, 0x09, 0x54, 0x7D, 0x0A, - 0xE1, 0x93, 0x3D, 0x10, 0x04, 0xDE, 0x66, 0x9D, 0x2D, 0xAD, - 0xA4, 0x53, 0x4C, 0xF6, 0xFC, 0x08, 0xE4, 0x58, 0x05, 0x09, - 0x78, 0x09, 0xE6, 0xF3, 0xEE, 0x83, 0xC2, 0xD0, 0xA9, 0x04, - 0xE6, 0xAC, 0x30, 0xD7, 0x34, 0x52, 0xEB, 0xCD, 0x1A, 0x7E, - 0xB9, 0xCF, 0x18, 0x68, 0x16, 0xB9, 0x9A, 0x18, 0xDA, 0xC8, - 0xE3, 0x1C, 0xF0, 0x9A, 0x2E, 0x64, 0x28, 0xBE, 0xA4, 0x9F, - 0xCB, 0xC0, 0x53, 0xE6, 0x2A, 0x88, 0xB5, 0xE7, 0xF3, 0x6F, - 0x46, 0x1C, 0xBA, 0xAD, 0x76, 0x17, 0x85, 0xAE, 0x95, 0x13, - 0x7B, 0xF9, 0xB8, 0xD3, 0x08, 0x6A, 0x38, 0x63, 0x67, 0xD8, - 0x8B, 0x51, 0x8F, 0x49, 0x44, 0xB4, 0x10, 0xB8, 0x74, 0x38, - 0xDD, 0x17, 0xEA, 0x52, 0x67, 0xB2, 0xCC, 0xC9, 0x77, 0xDD, - 0x44, 0x2E, 0xDF, 0x03, 0xC7, 0xF4, 0x87, 0xF4, 0xBC, 0x6F, - 0x94, 0x9F, 0x58, 0xDB, 0xE2, 0x09, 0xA1, 0x4C, 0xCA, 0x89, - 0x9D, 0x04, 0x5A, 0xAB, 0xDF, 0x8B, 0x82, 0x3F, 0x0E, 0xF2, - 0xE7, 0xBD, 0x9A, 0x16, 0x3A, 0xAF, 0x72, 0x18, 0xB9, 0x47, - 0xB3, 0xBC, 0xFE, 0x84, 0x43, 0x92, 0x98, 0xF4, 0x3A, 0x49, - 0x3A, 0x26, 0xB7, 0xF3, 0x37, 0x54, 0x06, 0xD8, 0x92, 0x09, - 0xE6, 0xFE, 0x9A, 0xDB, 0x68, 0x16, 0x6F, 0x5D, 0x5D, 0x8E, - 0xBB, 0xFC, 0xAC, 0x5A, 0x72, 0xFE, 0x0B, 0xEB, 0xDB, 0x90, - 0xA4, 0x6C, 0x37, 0x1A, 0x8B, 0x5A, 0xD8, 0xE9, 0xF6, 0x15, - 0xFC, 0x54, 0x1B, 0x95, 0xE3, 0xAE, 0x08, 0x46, 0xB5, 0xFB, - 0xC5, 0x66, 0xC5, 0x79, 0x17, 0x9D, 0x5C, 0x45, 0xE5, 0x4E, - 0xFF, 0xA2, 0x86, 0xD7, 0x4F, 0xD4, 0x1D, 0x17, 0xA3, 0x77, - 0x00, 0x54, 0x70, 0xDF, 0x12, 0xCA, 0xD6, 0x71, 0x05, 0x54, - 0xFA, 0x47, 0x96, 0x38, 0x2D, 0x4D, 0x70, 0x3E, 0x2E, 0x40, - 0xE7, 0x52, 0x32, 0x66, 0x4D, 0x92, 0x1B, 0x76, 0x66, 0xF1, - 0xD4, 0x38, 0x8B, 0x76, 0x47, 0xE1, 0x66, 0xDE, 0xA2, 0x06, - 0xD7, 0xA7, 0x96, 0x52, 0xED, 0xC9, 0xF3, 0xD6, 0x99, 0xDF, - 0x2F, 0x98, 0xC5, 0xBF, 0x16, 0x95, 0x80, 0x41, 0xE4, 0xEB, - 0x8B, 0x16, 0xEF, 0x6A, 0x76, 0x84, 0xE7, 0x5F, 0x6C, 0xBD, - 0x1D, 0x2A, 0x74, 0x08, 0x5B, 0x4E, 0xCA, 0xE1, 0xF5, 0xD0, - 0x42, 0x2C, 0x03, 0x9B, 0x80, 0xBD, 0x05, 0x5F, 0x87, 0xF0, - 0x84, 0x08, 0x96, 0xBE, 0xAC, 0xBF, 0xF1, 0x8F, 0x51, 0x69, - 0x9E, 0xC2, 0xE9, 0x96, 0x9D, 0x97, 0xCD, 0x56, 0x32, 0x29, - 0xC8, 0x53, 0xC2, 0x1A, 0x5A, 0xD3, 0xDA, 0x31, 0x94, 0x09, - 0x35, 0x08, 0x75, 0x27, 0x66, 0xC5, 0x10, 0x5F, 0xD1, 0x94, - 0x12, 0x03, 0x8A, 0x1B, 0x69, 0x81, 0xEB, 0xBE, 0xBC, 0x6B, - 0xE4, 0xB9, 0x84, 0x65, 0x7D, 0xE3, 0xFE, 0xFB, 0x45, 0x58, - 0x31, 0xF3, 0x66, 0x13, 0x64, 0xB2, 0xBD, 0xBC, 0xF6, 0xA5, - 0x07, 0x07, 0x8A, 0xC8, 0x43, 0xCA, 0x38, 0x94, 0x70, 0xC0, - 0x25, 0xDA, 0xC6, 0xD9, 0x74, 0x5A, 0x60, 0xE3, 0x9D, 0x74, - 0x6C, 0x72, 0xF5, 0xAF, 0xD3, 0xD7, 0xF5, 0xBD, 0x17, 0x02, - 0xE5, 0x17, 0xEC, 0xBD, 0xCB, 0x5D, 0x1A, 0x8F, 0x39, 0x31, - 0x7E, 0x4B, 0x1F, 0x1A, 0x87, 0xE2, 0x69, 0x65, 0x07, 0x42, - 0x6D, 0xD2, 0x2D, 0x04, 0x52, 0x51, 0xA7, 0xF2, 0x23, 0xC6, - 0x01, 0xD1, 0x47, 0x5F, 0x42, 0x44, 0x2A, 0x88, 0x5E, 0xBB, - 0x98, 0x5A, 0x34, 0xBB, 0x0E, 0x05, 0xA7, 0x1D, 0x7E, 0xFB, - 0x3E, 0x85, 0xD8, 0x74, 0x70, 0xE8, 0x71, 0xC2, 0x31, 0x80, - 0x37, 0xF9, 0x15, 0xA4, 0xC1, 0xFC, 0x9B, 0x68, 0x2B, 0x54, - 0x9B, 0x37, 0x9C, 0xE7, 0x62, 0x80, 0x20, 0x1E, 0x27, 0x78, - 0xBF, 0x11, 0xC4, 0x86, 0xAC, 0x7B, 0x34, 0x57, 0x76, 0x86, - 0x77, 0x15, 0x51, 0x7C, 0xDC, 0x32, 0xDF, 0x48, 0xB9, 0xC6, - 0x63, 0xC6, 0x9A, 0xDE, 0x5E, 0x9D, 0xAB, 0x4A, 0x92, 0xEE, - 0x0C, 0x10, 0x7E, 0xB5, 0x33, 0x17, 0xF6, 0x0C, 0x8D, 0x26, - 0x89, 0xCD, 0x2B, 0xB8, 0x49, 0x4A, 0x4D, 0x5D, 0x66, 0x38, - 0x86, 0x42, 0x37, 0xC5, 0x1B, 0xE7, 0x78, 0x90, 0x21, 0xAE, - 0x8F, 0xE7, 0x0C, 0x01, 0xB9, 0x31, 0x6A, 0x50, 0x1A, 0x2B, - 0xDA, 0xC2, 0x99, 0xCB, 0xEB, 0xF9, 0xAE, 0x91, 0x8B, 0xB7, - 0x08, 0x01, 0x1E, 0xCC, 0x9E, 0x20, 0x05, 0xEC, 0x45, 0x21, - 0xBE, 0xDE, 0xFE, 0x06, 0x7D, 0x92, 0x9C, 0xE7, 0x47, 0xD9, - 0x85, 0x63, 0xC3, 0xBB, 0x38, 0x15, 0x2D, 0x94, 0xCA, 0xAF, - 0xCF, 0xCA, 0x1D, 0x53, 0x1A, 0xBD, 0x23, 0xF1, 0x87, 0x99, - 0x24, 0xF3, 0x16, 0xE9, 0x7F, 0xBE, 0x00, 0x8A, 0x61, 0xA7, - 0x65, 0xF7, 0xA9, 0x53, 0x2A, 0x29, 0x20, 0x3E, 0x0B, 0xCF, - 0x12, 0x69, 0x22, 0x84, 0x27, 0x5D, 0x1C, 0xC8, 0x45, 0xA1, - 0xA5, 0x5A, 0xB0, 0xDB, 0x95, 0x5D, 0xF7, 0xCE, 0xAC, 0x98, - 0x44, 0x3B, 0xE1, 0x27, 0x9A, 0x93, 0x5D, 0x2B, 0x8A, 0x20, - 0xB1, 0x82, 0x2C, 0xDD, 0xB8, 0xCC, 0xFA, 0x77, 0x0F, 0xA7, - 0x80, 0x00, 0x87, 0x54, 0x1C, 0xCC, 0x0B, 0x1E, 0xF6, 0x52, - 0x89, 0x03, 0x65, 0x83, 0xF1, 0x97, 0x4E, 0x81, 0x99, 0xE1, - 0xDD, 0x73, 0x30, 0x31, 0xEC, 0xA7, 0xD5, 0x76, 0x28, 0xC3, - 0xCE, 0x29, 0x30, 0x7B, 0xB1, 0x27, 0x3F, 0xC4, 0x6D, 0x54, - 0xAF, 0xE2, 0x84, 0xEA, 0xF5, 0x91, 0xBD, 0xB9, 0x6C, 0x4E, - 0x98, 0x0F, 0xFB, 0xDE, 0x7C, 0x32, 0xF8, 0xED, 0xEF, 0xD0, - 0xE9, 0xA3, 0x57, 0xC0, 0x91, 0x06, 0x4C, 0x43, 0x3F, 0x32, - 0x21, 0xB5, 0xF2, 0x11, 0x5A, 0xDF, 0xFC, 0x7E, 0x91, 0x10, - 0xC0, 0x4D, 0xD4, 0x4E, 0xA8, 0x38, 0xD6, 0xE0, 0xB6, 0x27, - 0x38, 0x63, 0xF2, 0xD3, 0xFD, 0x68, 0x4C, 0xDD, 0x76, 0xA9, - 0x89, 0xCE, 0xBE, 0x7C, 0xAD, 0x45, 0x4C, 0x8C, 0x24, 0xCC, - 0x32, 0x66, 0x3A, 0x1A, 0x45, 0xDA, 0x47, 0x5C, 0x4C, 0xC6, - 0x8A, 0x9A, 0xC3, 0x99, 0xFB, 0x4C, 0x94, 0xE2, 0x20, 0xD7, - 0xE4, 0x37, 0x22, 0x99, 0x32, 0x6F, 0xFB, 0x1C, 0xE5, 0x9B, - 0xB5, 0xFC, 0xBD, 0xD2, 0xA1, 0xDD, 0x66, 0xD5, 0x47, 0x2F, - 0x6A, 0xAA, 0x50, 0xF5, 0xE8, 0x1A, 0xDC, 0x74, 0x50, 0x6A, - 0x92, 0x23, 0x93, 0xED, 0xB0, 0x58, 0x61, 0x7D, 0xB6, 0x5C, - 0x22, 0x7B, 0x54, 0x75, 0xF0, 0x69, 0xD4, 0x27, 0x0B, 0x70, - 0x3F, 0xBB, 0x76, 0x63, 0xB3, 0x1D, 0x7E, 0x33, 0x96, 0xD6, - 0x84, 0x2D, 0x28, 0x4F, 0x97, 0x65, 0xC9, 0x95, 0xCF, 0x30, - 0xBA, 0xEA, 0x08, 0xF5, 0xC6, 0x24, 0x45, 0x20, 0x85, 0x67, - 0x9F, 0x34, 0x37, 0x72, 0x44, 0x17, 0x98, 0x5F, 0xD0, 0xCE, - 0xA8, 0x6E, 0x0E, 0x50, 0x22, 0x14, 0xE1, 0x6B, 0xCB, 0xA5, - 0x12, 0x2A, 0x36, 0xF1, 0x6E, 0x81, 0x5C, 0x5A, 0x77, 0x4F, - 0xD7, 0xF9, 0xCE, 0x7A, 0xC9, 0x30, 0x2C, 0x1E, 0x7E, 0xFC, - 0x24, 0xCB, 0xE4, 0x53, 0xC3, 0x4A, 0x03, 0xED, 0xD5, 0x77, - 0xC6, 0x55, 0xEB, 0xA2, 0xB4, 0x92, 0x35, 0xE3, 0x20, 0xDA, - 0xD2, 0x58, 0xE2, 0xCC, 0xC4, 0x4E, 0xBB, 0xE3, 0x8F, 0x75, - 0xB1, 0xDB, 0x97, 0x15, 0x86, 0x43, 0xE5, 0xD4, 0x4F, 0x44, - 0x3F, 0x20, 0xE3, 0xB9, 0xA5, 0xFB, 0x3F, 0x36, 0xC9, 0x9C, - 0xEF, 0x8C, 0xD1, 0x46, 0x67, 0x16, 0xB6, 0xA6, 0x24, 0x8A, - 0xE9, 0xD7, 0x29, 0x4B, 0x5F, 0x7C, 0x06, 0xEF, 0xD7, 0xBB, - 0x88, 0xCB, 0x2C, 0xFB, 0x85, 0x19, 0x9F, 0x97, 0x74, 0xFE, - 0x76, 0x46, 0x44, 0x1E, 0xAD, 0xF3, 0x62, 0xD2, 0xAA, 0x24, - 0x37, 0xD0, 0x1E, 0xF3, 0xCB, 0x68, 0xE3, 0x17, 0xFF, 0x81, - 0x90, 0xA3, 0xD6, 0x28, 0xE6, 0xCE, 0x6D, 0x99, 0xF4, 0x2D, - 0xC6, 0xAE, 0x40, 0x52, 0x32, 0xE9, 0xC1, 0xC6, 0x79, 0x5C, - 0xF7, 0x69, 0x29, 0x0C, 0x75, 0x9F, 0x48, 0x57, 0x75, 0x1F, - 0x2F, 0x71, 0x9F, 0x24, 0x90, 0x14, 0xAE, 0xDC, 0x75, 0x2E, - 0x5E, 0xDD, 0x85, 0xE5, 0x6C, 0xC4, 0x72, 0x58, 0xF0, 0x35, - 0xDC, 0xFE, 0x03, 0xB7, 0x2F, 0xBD, 0xC3, 0x8A, 0xA3, 0x2C, - 0x62, 0xE0, 0xCD, 0x37, 0xFA, 0x9E, 0x11, 0xC0, 0x1D, 0xEF, - 0xB0, 0x58, 0x58, 0x12, 0xAF, 0x25, 0x6D, 0x75, 0x0D, 0x2F, - 0xBC, 0x89, 0xE9, 0x2E, 0x1E, 0x58, 0x64, 0x35, 0xA8, 0x90, - 0xC2, 0x61, 0x4D, 0xCE, 0x96, 0xC5, 0xF2, 0x37, 0xBD, 0xB8, - 0xDE, 0xB4, 0x0E, 0xEB, 0xDD, 0xED, 0xE6, 0x47, 0x24, 0xE6, - 0x36, 0xC9, 0x22, 0xD3, 0xE7, 0x1A, 0xEF, 0x9E, 0x16, 0x89, - 0xB9, 0x5C, 0xF4, 0x3B, 0x09, 0x7E, 0x9B, 0x87, 0x7F, 0xD6, - 0x84, 0x06, 0xCA, 0x0E, 0xA8, 0x54, 0x79, 0xCF, 0x02, 0xF6, - 0x1B, 0x57, 0x34, 0x9D, 0x97, 0x00, 0x05, 0x8B, 0x75, 0xA3, - 0x5C, 0x7C, 0xBA, 0xA7, 0x51, 0x85, 0xBC, 0xE6, 0xAC, 0xD9, - 0xD4, 0x31, 0xB3, 0x3A, 0xBD, 0x82, 0xC8, 0x60, 0x74, 0x46, - 0xA9, 0x2F, 0xC2, 0x29, 0x08, 0x59, 0x6B, 0x14, 0x19, 0x19, - 0x39, 0x7F, 0x8B, 0xA2, 0x2A, 0xFD, 0xE3, 0x09, 0x72, 0x50, - 0x74, 0x88, 0xEE, 0xC6, 0xED, 0x28, 0x37, 0xCD, 0xA9, 0xBA, - 0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF, - 0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76, - 0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74, - 0xB1, 0xC2, 0x85, 0xCD, 0xD1, 0x25, 0xD5, 0xFC, 0xFB, 0x2C, - 0xC7, 0xD6, 0x2F, 0x30, 0x3F, 0x10, 0xEA, 0xA2, 0x99, 0xC4, - 0x22, 0x58, 0xB3, 0xC4, 0x46, 0x3C, 0x41, 0xE9, 0xE9, 0xA0, - 0x39, 0x6C, 0x09, 0x89, 0xE3, 0xAE, 0x4E, 0x35, 0xAB, 0x27, - 0x71, 0x43, 0xEB, 0xA7, 0xFA, 0x68, 0xA8, 0x42, 0x49, 0x3C, - 0x53, 0x70, 0x35, 0xCA, 0x14, 0xB7, 0x1D, 0xF8, 0x7E, 0x65, - 0x05, 0x33, 0xE3, 0x5A, 0x86, 0xCD, 0xA5, 0x18, 0x02, 0x24, - 0x23, 0xAD, 0x52, 0x6A, 0x47, 0x13, 0x14, 0x95, 0xD2, 0xF1, - 0xE1, 0x6F, 0x61, 0x70, 0x4F, 0xDC, 0x1A, 0x03, 0x0E, 0xD7, - 0x07, 0xBD, 0x84, 0x43, 0x65, 0x76, 0x9F, 0xFB, 0x1E, 0x89, - 0xEB, 0x92, 0x5E, 0xDE, 0x5B, 0xAA, 0x54, 0xEE, 0x0A, 0xF5, - 0x4A, 0x79, 0x46, 0xDA, 0xC1, 0xEC, 0x2F, 0xBC, 0xDD, 0xE5, - 0x61, 0xFA, 0xED, 0xB6, 0x97, 0x9C, 0x90, 0xD8, 0xF3, 0x2E, - 0x04, 0xCF, 0xB5, 0x89, 0x74, 0xC2, 0xD1, 0x70, 0xE0, 0x0F, - 0x53, 0x14, 0x09, 0x6A, 0x19, 0x5A, 0x65, 0xAC, 0xAA, 0x3C, - 0x25, 0x79, 0x43, 0x27, 0x47, 0x18, 0x19, 0x7A, 0x74, 0xD7, - 0x73, 0x43, 0xBD, 0x50, 0x1F, 0x68, 0xAF, 0xDF, 0x3E, 0x2A, - 0xC4, 0xDC, 0x6F, 0x85, 0x2A, 0xBC, 0x0F, 0x39, 0x4B, 0x97, - 0x6D, 0x2D, 0x87, 0x5F, 0x9A, 0x07, 0x82, 0xC7, 0x69, 0xB9, - 0xF2, 0xEF, 0xE3, 0x3C, 0x3C, 0x74, 0xB2, 0xFD, 0x81, 0x6F, - 0xC3, 0xAC, 0x93, 0x22, 0x49, 0xB5, 0x73, 0x5C, 0x58, 0x6E, - 0x5F, 0x7A, 0x6B, 0x91, 0x02, 0x25, 0x3B, 0xC8, 0x24, 0xD7, - 0xEF, 0xC8, 0x10, 0xD7, 0x54, 0xD4, 0xA7, 0xC1, 0x88, 0x77, - 0xDD, 0xCD, 0x3A, 0x92, 0xE5, 0x1D, 0xA1, 0x33, 0x10, 0xA4, - 0xF6, 0xB4, 0x43, 0xA4, 0xDB, 0x77, 0x4C, 0x91, 0x7C, 0xED, - 0xDD, 0xC7, 0xB9, 0x5A, 0xB4, 0x2A, 0x6C, 0x78, 0x54, 0xCA, - 0xBD, 0x16, 0x0C, 0x8C, 0x68, 0xE8, 0xBC, 0xDE, 0x65, 0x2F, - 0xAF, 0xEF, 0x09, 0xDC, 0x7C, 0x17, 0x7D, 0x05, 0xF7, 0xB1, - 0x8D, 0x09, 0x94, 0xDC, 0xF2, 0xAE, 0xF4, 0x21, 0x54, 0xF9, - 0x3E, 0xB0, 0x2A, 0x73, 0xFE, 0x9C, 0x51, 0xEB, 0x1E, 0x7B, - 0xFE, 0x65, 0xCB, 0x53, 0x80, 0x5B, 0xD2, 0x05, 0xA1, 0xE9, - 0xCB, 0x75, 0x60, 0x46, 0x08, 0x07, 0x83, 0x27, 0x4E, 0xD4, - 0xBF, 0x70, 0x83, 0xDE, 0xA9, 0xB4, 0x22, 0x55, 0xF1, 0x5F, - 0x91, 0x88, 0x4A, 0x43, 0xC1, 0xBF, 0x0A, 0xEF, 0xA7, 0xFF, - 0xE5, 0xA6, 0x50, 0xDD, 0xFD, 0x6E, 0x22, 0xFF, 0xC1, 0x55, - 0x82, 0x0B, 0x42, 0x86, 0x42, 0xA7, 0x91, 0xD3, 0x62, 0x69, - 0xB2, 0x8D, 0x11, 0xC5, 0xB8, 0x4F, 0xBF, 0x4D, 0xFE, 0x37, - 0x12, 0x1F, 0xBF, 0xDE, 0xA5, 0x86, 0xAD, 0xC7, 0x2C, 0x7F, - 0x27, 0x01, 0xB0, 0xA1, 0xED, 0x7D, 0xCE, 0x33, 0x68, 0x97, - 0x2E, 0xA4, 0xF4, 0xEE, 0xA4, 0x36, 0x67, 0xE3, 0xAB, 0x89, - 0xF8, 0xCE, 0xF7, 0x01, 0xB1, 0x83, 0xFB, 0x54, 0xAA, 0x69, - 0x05, 0x76, 0x24, 0xD9, 0x76, 0x9F, 0xA3, 0x9C, 0x52, 0x8C, - 0x2E, 0x27, 0xB9, 0xA3, 0x6E, 0xE2, 0xC0, 0x02, 0x09, 0xC6, - 0x18, 0xAD, 0x42, 0x88, 0x6B, 0x2F, 0x5D, 0xB4, 0xF7, 0xC6, - 0xB4, 0x18, 0xB7, 0x88, 0x0B, 0x81, 0x2C, 0x25, 0xCE, 0xC3, - 0x7E, 0x9E, 0xAE, 0xBB, 0x35, 0x3C, 0xEC, 0x78, 0x46, 0x8F, - 0x03, 0x16, 0x5E, 0x5B, 0x08, 0x63, 0xFB, 0xBC, 0x78, 0x75, - 0xAB, 0x07, 0x1A, 0xA7, 0x96, 0x41, 0xCD, 0xDC, 0x3B, 0x59, - 0xDB, 0x02, 0xBE, 0x42, 0x09, 0xF5, 0x87, 0x96, 0x5D, 0x63, - 0xC9, 0x8E, 0x06, 0xA2, 0xFF, 0xCE, 0xCD, 0xF3, 0xDE, 0x93, - 0x79, 0x63, 0x92, 0xD2, 0xB9, 0x1D, 0x76, 0x7E, 0x4F, 0x36, - 0x2A, 0x89, 0x7B, 0x93, 0xC1, 0x35, 0x0A, 0x83, 0x8B, 0xD6, - 0xF4, 0xEA, 0x2A, 0x72, 0xA9, 0xE7, 0x6A, 0x77, 0x43, 0x14, - 0x49, 0x5B, 0x01, 0xD9, 0xE7, 0x72, 0x15, 0xD9, 0x9C, 0xBE, - 0x87, 0x90, 0x2A, 0x7F, 0x68, 0x02, 0x1C, 0xB5, 0xA1, 0xC6, - 0x7B, 0x24, 0x49, 0xBF, 0x8E, 0x3D, 0xE0, 0xBA, 0x1C, 0x78, - 0x0A, 0x7C, 0x69, 0x82, 0xA1, 0x2F, 0xB6, 0x52, 0xC5, 0x25, - 0xD8, 0x9D, 0x4B, 0x38, 0xAA, 0xBA, 0xF7, 0x4C, 0xC4, 0xC2, - 0xAE, 0xED, 0x6C, 0x28, 0x1C, 0x76, 0xA9, 0x96, 0x08, 0xAB, - 0xC4, 0x15, 0xBC, 0x3E, 0xD7, 0xCC, 0xC4, 0xA2, 0xD4, 0x93, - 0xD1, 0x3A, 0xF4, 0x2F, 0x17, 0xDB, 0x1C, 0xBD, 0xCA, 0x0D, - 0x5C, 0xF9, 0x69, 0x32, 0xAF, 0xC5, 0x27, 0x37, 0xFC, 0x1B, - 0xBB, 0x8A, 0x5D, 0x41, 0xA9, 0xC7, 0xE7, 0xC5, 0x2E, 0x78, - 0xE3, 0x7A, 0x5A, 0x25, 0x49, 0x2A, 0x06, 0x3D, 0x15, 0x58, - 0x56, 0xFB, 0x66, 0xEC, 0x30, 0x7D, 0xF4, 0x02, 0xF3, 0x53, - 0x3D, 0x0D, 0xDD, 0xFE, 0xB5, 0x66, 0xB0, 0xD0, 0xAA, 0x0E, - 0x6A, 0x76, 0xA6, 0xAB, 0x87, 0x14, 0xFB, 0x47, 0xAC, 0x26, - 0x53, 0xA9, 0x2C, 0xF3, 0xD5, 0xA6, 0x4F, 0xF0, 0x3A, 0x7E, - 0x78, 0xC5, 0x69, 0x1F, 0xB7, 0xDC, 0xC4, 0xE8, 0xD7, 0x44, - 0x7B, 0xB2, 0xC4, 0x50, 0x68, 0xF4, 0x33, 0xFC, 0x65, 0x0D, - 0xDC, 0xCD, 0x71, 0xCB, 0x9C, 0x65, 0x3B, 0x72, 0xB7, 0x19, - 0x70, 0x45, 0xA7, 0x36, 0xA4, 0xCF, 0xE7, 0x6F, 0xC8, 0xF9, - 0x67, 0x52, 0x22, 0x8F, 0x8F, 0x64, 0x89, 0xD3, 0x3E, 0x50, - 0xCC, 0xBE, 0x2B, 0xF3, 0x0A, 0x22, 0x96, 0x33, 0x56, 0x30, - 0x27, 0x3F, 0x42, 0xDE, 0x69, 0xA3, 0x63, 0xDE, 0x41, 0x94, - 0x02, 0x97, 0x9D, 0x58, 0xF3, 0x27, 0xE3, 0xFE, 0x94, 0x10, - 0x20, 0x55, 0x52, 0xD2, 0x46, 0xFB, 0x5E, 0x8C, 0xDF, 0x71, - 0x9B, 0xBF, 0x33, 0x79, 0x7C, 0xF3, 0x78, 0xA3, 0x75, 0x84, - 0x6C, 0x13, 0xEF, 0xC0, 0x43, 0x82, 0xAC, 0xF0, 0x97, 0x7D, - 0x2A, 0xBC, 0xA3, 0xB7, 0xCD, 0x4C, 0x99, 0xB9, 0xB1, 0xE9, - 0x38, 0x5C, 0x97, 0xB3, 0xC0, 0x2C, 0xBD, 0x6F, 0xF7, 0x14, - 0x26, 0x3A, 0x27, 0x31, 0x52, 0x81, 0x04, 0x88, 0xE6, 0xD8, - 0x43, 0x21, 0x78, 0x87, 0x7C, 0x7E, 0x28, 0x26, 0x4F, 0x93, - 0x9D, 0x7B, 0x2D, 0x02, 0x6E, 0x91, 0x74, 0xD9, 0x2C, 0xF7, - 0x43, 0xD8, 0x66, 0x81, 0x91, 0x21, 0xA1, 0xEE, 0xBC, 0x78, - 0x71, 0x80, 0x78, 0x54, 0x16, 0x59, 0x37, 0xB8, 0x69, 0xD3, - 0x49, 0x40, 0xAB, 0x03, 0x47, 0x36, 0xFD, 0x5D, 0x60, 0x57, - 0x8F, 0xBE, 0xA8, 0xA0, 0x21, 0x38, 0x43, 0xA9, 0x5C, 0x9F, - 0xAD, 0xD8, 0xAE, 0x97, 0xA3, 0x0F, 0xFC, 0xE4, 0x4A, 0xCF, - 0x9F, 0xE9, 0x75, 0x3D, 0x60, 0x91, 0x55, 0x5C, 0x0A, 0xB9, - 0x18, 0xEF, 0xD4, 0x08, 0x58, 0x06, 0x64, 0xA1, 0x45, 0xA7, - 0x5D, 0x3F, 0x13, 0x87, 0x49, 0x76, 0x8B, 0x1B, 0x54, 0x9C, - 0x61, 0x05, 0xC6, 0x2C, 0xED, 0x24, 0x1B, 0x7F, 0x9E, 0x9B, - 0x17, 0xBB, 0x84, 0xD8, 0xE2, 0x55, 0x69, 0x0E, 0xCF, 0xB2, - 0xC3, 0x61, 0x35, 0x0D, 0x86, 0xD7, 0x81, 0x75, 0x43, 0x98, - 0x29, 0xDF, 0x19, 0x9C, 0xFB, 0xC0, 0xC0, 0x5A, 0x7E, 0xF7, - 0xC6, 0x86, 0xEF, 0x6E, 0xBA, 0x26, 0x1D, 0x07, 0xF9, 0xC0, - 0x1F, 0xC0, 0x8E, 0x41, 0x8F, 0x1A, 0xE3, 0x51, 0xE2, 0xD7, - 0xCA, 0x28, 0x7D, 0x7A, 0xA7, 0x57, 0xA3, 0x2D, 0x98, 0x56, - 0x32, 0x9D, 0xC0, 0xF8, 0x23, 0x1D, 0x2C, 0xF6, 0x64, 0x1E, - 0x70, 0x33, 0xD4, 0x8F, 0xF9, 0xB0, 0xF4, 0x57, 0x7F, 0xD1, - 0x9A, 0xD4, 0x1A, 0x7E, 0xB6, 0x07, 0xAA, 0x54, 0x19, 0x0D, - 0x5D, 0xB8, 0x26, 0x45, 0x1B, 0x38, 0x14, 0x20, 0xFB, 0xAA, - 0x09, 0x71, 0xAF, 0x96, 0xB1, 0x17, 0xF3, 0x45, 0xA3, 0xA6, - 0x90, 0x52, 0x3C, 0x3B, 0x43, 0x9A, 0x8D, 0xE3, 0xB1, 0xC5, - 0xE4, 0x32, 0x6C, 0xE0, 0x17, 0x98, 0x43, 0x34, 0x54, 0x10, - 0x17, 0x82, 0x27, 0xE8, 0x8F, 0x99, 0x88, 0x98, 0x26, 0x70, - 0x19, 0xD1, 0x2D, 0x23, 0x02, 0x5F, 0x44, 0x71, 0x2A, 0xF6, - 0x48, 0x83, 0x34, 0x3A, 0x37, 0x11, 0x9C, 0xA1, 0xCE, 0xF0, - 0xD7, 0x6E, 0xF7, 0x2B, 0xA3, 0xFC, 0x07, 0x40, 0x64, 0x1A, - 0xF1, 0xF6, 0xF8, 0x90, 0x21, 0x1C, 0x0E, 0x85, 0xAA, 0xC1, - 0xF7, 0x16, 0xF5, 0x4D, 0x27, 0x8E, 0x91, 0x4E, 0x84, 0x19, - 0xDB, 0x8C, 0xEA, 0x00, 0xEA, 0xA6, 0x86, 0x18, 0x2C, 0x8B, - 0x46, 0x5F, 0xED, 0x61, 0x38, 0x28, 0x31, 0x4A, 0x1A, 0x12, - 0x19, 0x6C, 0x2D, 0x43, 0x0E, 0xD0, 0xDD, 0x4B, 0xFA, 0xA0, - 0x39, 0xC2, 0x4B, 0x31, 0xD9, 0x56, 0xB4, 0x9E, 0xB5, 0xD1, - 0x79, 0xA3, 0x35, 0xC7, 0xAF, 0xFD, 0x0E, 0x11, 0xC7, 0x0F, - 0x55, 0x1D, 0xCA, 0x71, 0xD1, 0x37, 0x3B, 0xC2, 0x72, 0xA0, - 0xDB, 0xEE, 0xA0, 0xF2, 0x28, 0xF4, 0x77, 0x34, 0x7D, 0x9F, - 0xE8, 0x38, 0xD0, 0xF1, 0xEB, 0x51, 0x95, 0x93, 0x5D, 0x7B, - 0x4F, 0xE7, 0x1A, 0xD5, 0xA1, 0xF1, 0xF1, 0x85, 0xF7, 0x58, - 0x5C, 0x2C, 0x49, 0xAF, 0xDC, 0x93, 0xFE, 0x73, 0x0F, 0xC8, - 0xC8, 0x26, 0x1B, 0xDE, 0xD8, 0xA6, 0x8A, 0x44, 0xB4, 0x2B, - 0x67, 0xBD, 0x8E, 0xFF, 0xA5, 0x8C, 0x18, 0x95, 0xD3, 0x02, - 0x7F, 0x28, 0x93, 0xAE, 0x84, 0x1E, 0xB0, 0x5C, 0x70, 0x57, - 0x1C, 0xFF, 0x75, 0x95, 0xBF, 0xAD, 0x95, 0xF3, 0x3C, 0x19, - 0xA0, 0x7A, 0x0F, 0x62, 0x65, 0xF0, 0x0F, 0x18, 0x1E, 0x48, - 0xB3, 0x85, 0x5D, 0x11, 0x47, 0xC9, 0x95, 0x75, 0xBE, 0xFA, - 0x2D, 0x56, 0x35, 0xD0, 0x7A, 0x75, 0x68, 0xEA, 0x7D, 0x01, - 0x9E, 0xD5, 0x28, 0x9E, 0x80, 0x09, 0xE5, 0xE9, 0xF8, 0xD3, - 0x11, 0xA6, 0xC7, 0x5E, 0xD6, 0x38, 0x8B, 0x96, 0x7A, 0xFB, - 0xD8, 0x27, 0xD4, 0x47, 0x6B, 0x50, 0xAB, 0x21, 0x4E, 0xFB, - 0xC2, 0xA1, 0x8C, 0xB7, 0x50, 0xE2, 0xF7, 0xC3, 0x4C, 0x66, - 0x04, 0x28, 0x17, 0x5D, 0x6F, 0x48, 0x39, 0x9A, 0x0B, 0x4A, - 0xB0, 0x75, 0xDF, 0xA9, 0x6E, 0xE0, 0x72, 0x20, 0x68, 0xC5, - 0x9C, 0xDB, 0x41, 0xA4, 0xF9, 0xA4, 0xF5, 0x1D, 0xDD, 0x89, - 0x83, 0x11, 0xDD, 0x3A, 0xA4, 0x76, 0x38, 0x62, 0x75, 0x4C, - 0x5D, 0xC7, 0xF5, 0x99, 0x75, 0xFB, 0xB7, 0x87, 0xB8, 0x77, - 0x2B, 0x45, 0xEF, 0xC5, 0xE5, 0x10, 0xD9, 0x6B, 0x4C, 0x72, - 0x4B, 0x42, 0x13, 0x71, 0x3C, 0x9C, 0x2C, 0x2E, 0xFB, 0xA2, - 0x3A, 0xCD, 0x2B, 0x83, 0x12, 0xA7, 0xF3, 0xA5, 0xCE, 0x4B, - 0x77, 0x2B, 0xF5, 0x71, 0xA0, 0x1A, 0x40, 0x7F, 0xED, 0x97, - 0x4B, 0x0C, 0xA0, 0x55, 0x6B, 0x69, 0x73, 0x52, 0x47, 0x6A, - 0x20, 0xCB, 0xEE, 0xE0, 0xBE, 0x97, 0x8F, 0x05, 0xE0, 0x84, - 0x4A, 0x6E, 0x40, 0xCC, 0x02, 0x2C, 0xA8, 0x45, 0xD4, 0x6B, - 0xD4, 0xCD, 0x41, 0x29, 0xBE, 0x99, 0x3B, 0x51, 0x0F, 0x9C, - 0x70, 0x75, 0x83, 0x3D, 0x42, 0xCF, 0xA9, 0x02, 0xF3, 0x68, - 0x3C, 0x96, 0xE1, 0x36, 0x46, 0xB7, 0x86, 0x16, 0x03, 0x2C, - 0xBB, 0x71, 0x21, 0xBF, 0x13, 0x52, 0x03, 0x42, 0x31, 0xE3, - 0xA3, 0x26, 0xEE, 0xD7, 0x86, 0x78, 0xDA, 0x9E, 0x9A, 0x50, - 0xD1, 0x9C, 0x5B, 0xB7, 0xEB, 0xCF, 0x0A, 0x6D, 0x10, 0xA0, - 0xAB, 0x8C, 0x65, 0x4B, 0xFA, 0x9E, 0xAC, 0x0B, 0x66, 0x56, - 0xC7, 0x5D, 0x85, 0x88, 0x53, 0x1B, 0xC2, 0x37, 0xCC, 0x94, - 0x2E, 0xE1, 0xB1, 0xF7, 0xCC, 0x1F, 0x59, 0x24, 0xEC, 0x1A, - 0x27, 0xFA, 0x8D, 0xE5, 0x86, 0x9E, 0x3F, 0x21, 0xDA, 0x15, - 0xAE, 0xC7, 0x6C, 0xFB, 0x17, 0x0D, 0xF5, 0xCB, 0xE3, 0xB8, - 0x36, 0x95, 0x0F, 0xBD, 0x84, 0x19, 0x1D, 0xF5, 0x4F, 0x17, - 0xB8, 0x71, 0x9C, 0x0E, 0x3D, 0xD8, 0xFD, 0x9B, 0xD4, 0x0D, - 0x2D, 0x16, 0x5D, 0x75, 0xE7, 0x25, 0x94, 0x3D, 0xD3, 0x0C, - 0x07, 0x3D, 0x04, 0x46, 0xC8, 0x8F, 0x65, 0x06, 0xC7, 0x11, - 0xB2, 0xAB, 0x41, 0x5E, 0x96, 0x0C, 0x68, 0x76, 0x7D, 0x6D, - 0xB8, 0xB5, 0x27, 0x01, 0x2C, 0x00, 0xC2, 0xA0, 0x40, 0xB8, - 0xF7, 0xC6, 0x39, 0x56, 0xCF, 0x25, 0x56, 0xB3, 0x10, 0x04, - 0xE9, 0xC3, 0x85, 0x47, 0xE8, 0x6E, 0xC7, 0x89, 0xFE, 0x80, - 0x9A, 0x50, 0x9E, 0xBD, 0xF3, 0x2E, 0x5E, 0x96, 0x0A, 0xA8, - 0xB7, 0x6C, 0x5B, 0x9E, 0x32, 0x1E, 0x75, 0x68, 0x5E, 0x74, - 0x88, 0xFC, 0xC5, 0x3D, 0xB9, 0x21, 0x0A, 0xAD, 0x6D, 0xF6, - 0xBE, 0x2D, 0x9A, 0x8A, 0xA5, 0x2A, 0x40, 0x3C, 0xF6, 0x4C, - 0xFE, 0x18, 0xE3, 0x44, 0x7A, 0x5F, 0x31, 0x1A, 0xEE, 0x95, - 0x07, 0x96, 0xC1, 0x27, 0x7F, 0x64, 0x4E, 0xF0, 0x19, 0x2D, - 0x36, 0x33, 0x5D, 0x23, 0xC9, 0xC2, 0x36, 0x91, 0x22, 0xC9, - 0x58, 0x8C, 0xE4, 0xF1, 0x19, 0xD0, 0xBF, 0x51, 0xAA, 0x14, - 0x4C, 0x15, 0x4A, 0x93, 0xF3, 0x16, 0x6A, 0x21, 0xBE, 0xDE, - 0xA5, 0x4C, 0x84, 0xC5, 0x65, 0x06, 0xA7, 0x11, 0xDC, 0x00, - 0x5F, 0x0F, 0xF1, 0xDA, 0xA2, 0x11, 0xAB, 0x64, 0xE0, 0x1F, - 0x1A, 0x65, 0x32, 0xA7, 0x69, 0x65, 0xAF, 0x64, 0x95, 0x90, - 0xF1, 0xA5, 0xFA, 0x32, 0x4C, 0x59, 0x61, 0x87, 0x3D, 0x94, - 0x82, 0x7E, 0xE4, 0x04, 0x7B, 0x8A, 0xCD, 0x54, 0x00, 0x2A, - 0xC5, 0xC3, 0xB7, 0x2F, 0x8A, 0xA8, 0x19, 0x39, 0x93, 0x53, - 0x3E, 0xEB, 0xE7, 0x8F, 0xF7, 0xCF, 0xDA, 0x8A, 0x4E, 0xAB, - 0x91, 0x3D, 0xA3, 0x40, 0x55, 0x64, 0xE7, 0x48, 0x90, 0x03, - 0xE5, 0xE6, 0x03, 0xE8, 0x2A, 0x23, 0x78, 0x6F, 0xCA, 0xDE, - 0x7C, 0x6E, 0x56, 0x5B, 0xC8, 0x6D, 0x8C, 0x2F, 0xC8, 0x6C, - 0x7D, 0xD8, 0x60, 0x43, 0x8C, 0xF3, 0xE9, 0x9E, 0x70, 0x73, - 0xAC, 0x85, 0xB4, 0xA3, 0x29, 0x86, 0x88, 0x60, 0x6D, 0xDD, - 0x21, 0x07, 0x09, 0x8B, 0xFB, 0xA1, 0x67, 0xA5, 0xDA, 0x9D, - 0xCC, 0x2E, 0xE3, 0xBE, 0xAE, 0x06, 0x0E, 0x41, 0x4E, 0xBE, - 0x5F, 0xE4, 0x93, 0x81, 0xE8, 0x06, 0xAA, 0x2C, 0xC9, 0x1B, - 0x1C, 0x5A, 0x9E, 0x01, 0xEF, 0xFF, 0x82, 0x84, 0xD9, 0x2B, - 0x05, 0x20, 0x0D, 0xE1, 0x14, 0x6C, 0x0A, 0x85, 0x16, 0x2E, - 0x79, 0xA3, 0x64, 0xBF, 0xFC, 0x89, 0xB8, 0xFD, 0xB0, 0xC8, - 0x39, 0x9A, 0x83, 0x1B, 0x74, 0x41, 0x7C, 0xEA, 0xFD, 0x5F, - 0x83, 0x19 +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + +static const unsigned char bench_dilithium_level2_pubkey[] = { + 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, + 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, + 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, + 0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b, + 0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81, + 0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31, + 0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a, + 0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79, + 0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7, + 0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8, + 0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c, + 0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02, + 0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26, + 0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a, + 0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38, + 0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d, + 0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4, + 0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb, + 0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8, + 0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c, + 0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72, + 0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe, + 0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa, + 0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92, + 0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5, + 0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2, + 0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b, + 0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e, + 0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77, + 0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58, + 0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad, + 0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55, + 0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f, + 0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc, + 0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27, + 0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d, + 0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51, + 0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18, + 0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21, + 0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79, + 0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b, + 0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f, + 0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50, + 0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d, + 0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83, + 0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46, + 0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5, + 0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19, + 0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b, + 0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc, + 0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20, + 0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45, + 0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff, + 0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07, + 0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a, + 0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e, + 0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5, + 0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00, + 0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d, + 0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34, + 0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3, + 0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12, + 0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1, + 0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37, + 0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde, + 0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9, + 0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee, + 0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f, + 0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b, + 0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4, + 0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf, + 0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3, + 0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75, + 0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87, + 0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45, + 0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f, + 0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39, + 0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf, + 0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d, + 0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55, + 0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0, + 0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49, + 0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3, + 0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6, + 0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71, + 0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d, + 0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a, + 0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac, + 0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9, + 0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe, + 0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e, + 0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2, + 0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7, + 0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9, + 0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f, + 0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d, + 0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa, + 0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60, + 0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef, + 0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82, + 0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83, + 0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61, + 0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e, + 0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2, + 0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37, + 0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f, + 0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3, + 0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34, + 0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9, + 0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12, + 0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e, + 0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a, + 0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5, + 0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7, + 0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9, + 0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76, + 0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7, + 0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66, + 0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99, + 0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a, + 0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1, + 0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68, + 0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39, + 0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a, + 0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81, + 0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42, + 0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d, + 0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6, + 0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42, + 0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77, + 0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1, + 0xfe, 0x4b, +}; +static const int sizeof_bench_dilithium_level2_pubkey = + sizeof(bench_dilithium_level2_pubkey); + +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +static const unsigned char bench_dilithium_level3_key[] = { + 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, + 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, + 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, + 0x61, 0x6d, 0x72, 0xdd, 0x85, 0x06, 0xf6, 0x94, 0x0a, 0x57, + 0x52, 0xcd, 0xac, 0x83, 0x4a, 0xe5, 0xbe, 0xa4, 0x30, 0x79, + 0x9e, 0xc6, 0xd6, 0x04, 0xc8, 0x73, 0xdc, 0x5e, 0x41, 0x75, + 0x2f, 0xac, 0x76, 0x57, 0x03, 0x08, 0x46, 0xcb, 0xaf, 0x4c, + 0x6a, 0x4f, 0x20, 0x18, 0xb3, 0x2e, 0x11, 0x54, 0xb5, 0x94, + 0xe6, 0x6f, 0x76, 0xf6, 0xb9, 0x73, 0x9a, 0x07, 0x73, 0xe8, + 0x90, 0xd1, 0x04, 0xda, 0xc5, 0x97, 0xb9, 0x52, 0x51, 0xc8, + 0xc9, 0xcc, 0x87, 0x29, 0xa1, 0xde, 0x79, 0x9b, 0xf8, 0x7f, + 0x80, 0x3f, 0xfd, 0xb3, 0x24, 0xa5, 0xba, 0xf5, 0xd6, 0xd4, + 0x07, 0xbd, 0xa7, 0x1b, 0xd0, 0xe1, 0xd0, 0x43, 0x14, 0x52, + 0x27, 0x03, 0x33, 0x76, 0x00, 0x67, 0x30, 0x23, 0x76, 0x34, + 0x72, 0x02, 0x41, 0x62, 0x12, 0x43, 0x86, 0x30, 0x18, 0x28, + 0x46, 0x27, 0x45, 0x20, 0x88, 0x33, 0x54, 0x10, 0x03, 0x81, + 0x44, 0x50, 0x06, 0x44, 0x56, 0x30, 0x37, 0x38, 0x38, 0x46, + 0x03, 0x85, 0x01, 0x86, 0x43, 0x80, 0x78, 0x28, 0x83, 0x55, + 0x37, 0x44, 0x80, 0x12, 0x17, 0x51, 0x78, 0x46, 0x22, 0x01, + 0x53, 0x54, 0x63, 0x87, 0x77, 0x38, 0x11, 0x81, 0x43, 0x30, + 0x15, 0x47, 0x66, 0x11, 0x40, 0x65, 0x70, 0x56, 0x62, 0x28, + 0x21, 0x65, 0x30, 0x45, 0x63, 0x53, 0x31, 0x80, 0x81, 0x71, + 0x23, 0x62, 0x85, 0x03, 0x07, 0x56, 0x16, 0x28, 0x18, 0x35, + 0x07, 0x38, 0x60, 0x68, 0x17, 0x30, 0x15, 0x20, 0x04, 0x13, + 0x13, 0x61, 0x51, 0x58, 0x00, 0x37, 0x51, 0x58, 0x14, 0x06, + 0x12, 0x55, 0x13, 0x46, 0x76, 0x05, 0x51, 0x87, 0x32, 0x62, + 0x50, 0x41, 0x88, 0x24, 0x50, 0x31, 0x65, 0x36, 0x31, 0x02, + 0x75, 0x35, 0x78, 0x27, 0x36, 0x08, 0x01, 0x77, 0x22, 0x77, + 0x30, 0x80, 0x11, 0x21, 0x28, 0x26, 0x68, 0x27, 0x13, 0x70, + 0x50, 0x44, 0x88, 0x20, 0x50, 0x67, 0x65, 0x74, 0x17, 0x46, + 0x50, 0x16, 0x42, 0x75, 0x35, 0x12, 0x60, 0x12, 0x17, 0x13, + 0x36, 0x72, 0x04, 0x77, 0x07, 0x55, 0x20, 0x27, 0x15, 0x02, + 0x25, 0x12, 0x57, 0x71, 0x37, 0x45, 0x43, 0x34, 0x40, 0x31, + 0x78, 0x50, 0x31, 0x28, 0x17, 0x84, 0x87, 0x43, 0x25, 0x75, + 0x58, 0x05, 0x61, 0x56, 0x41, 0x44, 0x57, 0x67, 0x85, 0x54, + 0x00, 0x88, 0x88, 0x50, 0x68, 0x11, 0x14, 0x42, 0x08, 0x74, + 0x73, 0x00, 0x38, 0x08, 0x45, 0x28, 0x62, 0x43, 0x36, 0x20, + 0x30, 0x10, 0x87, 0x83, 0x67, 0x62, 0x02, 0x48, 0x46, 0x50, + 0x08, 0x08, 0x41, 0x43, 0x78, 0x22, 0x65, 0x87, 0x43, 0x84, + 0x25, 0x36, 0x58, 0x64, 0x30, 0x10, 0x20, 0x68, 0x82, 0x47, + 0x60, 0x31, 0x76, 0x68, 0x74, 0x68, 0x75, 0x61, 0x16, 0x26, + 0x82, 0x50, 0x32, 0x61, 0x41, 0x22, 0x38, 0x20, 0x86, 0x75, + 0x74, 0x00, 0x77, 0x12, 0x81, 0x35, 0x51, 0x78, 0x88, 0x64, + 0x82, 0x00, 0x41, 0x55, 0x62, 0x87, 0x51, 0x41, 0x74, 0x51, + 0x53, 0x27, 0x33, 0x84, 0x68, 0x86, 0x57, 0x60, 0x44, 0x30, + 0x22, 0x32, 0x10, 0x52, 0x22, 0x83, 0x48, 0x53, 0x66, 0x74, + 0x14, 0x52, 0x32, 0x71, 0x41, 0x08, 0x83, 0x67, 0x41, 0x38, + 0x46, 0x80, 0x88, 0x14, 0x84, 0x30, 0x85, 0x35, 0x46, 0x20, + 0x54, 0x84, 0x56, 0x84, 0x54, 0x82, 0x14, 0x11, 0x52, 0x07, + 0x86, 0x46, 0x05, 0x82, 0x26, 0x85, 0x75, 0x07, 0x88, 0x75, + 0x51, 0x17, 0x54, 0x32, 0x68, 0x66, 0x08, 0x23, 0x66, 0x06, + 0x42, 0x28, 0x00, 0x84, 0x27, 0x27, 0x43, 0x47, 0x12, 0x27, + 0x13, 0x15, 0x17, 0x74, 0x85, 0x14, 0x12, 0x62, 0x06, 0x47, + 0x17, 0x60, 0x00, 0x10, 0x85, 0x16, 0x55, 0x64, 0x46, 0x62, + 0x77, 0x05, 0x51, 0x23, 0x52, 0x37, 0x51, 0x78, 0x35, 0x66, + 0x14, 0x15, 0x78, 0x40, 0x16, 0x54, 0x67, 0x30, 0x61, 0x24, + 0x26, 0x86, 0x56, 0x83, 0x62, 0x78, 0x88, 0x83, 0x50, 0x06, + 0x13, 0x21, 0x33, 0x73, 0x16, 0x44, 0x86, 0x77, 0x65, 0x28, + 0x12, 0x40, 0x62, 0x54, 0x55, 0x84, 0x00, 0x11, 0x77, 0x38, + 0x71, 0x51, 0x38, 0x32, 0x33, 0x67, 0x15, 0x77, 0x24, 0x33, + 0x44, 0x11, 0x05, 0x65, 0x13, 0x03, 0x72, 0x63, 0x81, 0x58, + 0x08, 0x03, 0x34, 0x23, 0x61, 0x00, 0x02, 0x63, 0x86, 0x40, + 0x03, 0x71, 0x34, 0x27, 0x45, 0x10, 0x34, 0x26, 0x83, 0x28, + 0x31, 0x35, 0x26, 0x05, 0x58, 0x41, 0x11, 0x10, 0x65, 0x35, + 0x22, 0x42, 0x28, 0x88, 0x46, 0x06, 0x57, 0x33, 0x88, 0x46, + 0x04, 0x86, 0x88, 0x88, 0x51, 0x74, 0x82, 0x27, 0x58, 0x14, + 0x11, 0x08, 0x13, 0x16, 0x61, 0x16, 0x14, 0x44, 0x83, 0x85, + 0x71, 0x44, 0x55, 0x82, 0x16, 0x62, 0x85, 0x05, 0x43, 0x41, + 0x73, 0x53, 0x60, 0x01, 0x80, 0x68, 0x33, 0x13, 0x43, 0x44, + 0x73, 0x36, 0x65, 0x35, 0x22, 0x26, 0x13, 0x31, 0x36, 0x83, + 0x30, 0x27, 0x15, 0x11, 0x54, 0x53, 0x24, 0x84, 0x75, 0x24, + 0x72, 0x78, 0x34, 0x24, 0x35, 0x80, 0x06, 0x38, 0x88, 0x11, + 0x41, 0x01, 0x34, 0x87, 0x77, 0x20, 0x14, 0x50, 0x55, 0x12, + 0x17, 0x48, 0x87, 0x74, 0x58, 0x42, 0x31, 0x46, 0x36, 0x37, + 0x26, 0x50, 0x04, 0x75, 0x77, 0x15, 0x41, 0x53, 0x04, 0x04, + 0x26, 0x61, 0x65, 0x87, 0x55, 0x56, 0x07, 0x81, 0x28, 0x21, + 0x41, 0x61, 0x41, 0x50, 0x17, 0x47, 0x25, 0x50, 0x20, 0x83, + 0x46, 0x87, 0x18, 0x45, 0x40, 0x21, 0x06, 0x08, 0x12, 0x25, + 0x71, 0x13, 0x35, 0x55, 0x54, 0x61, 0x00, 0x52, 0x74, 0x78, + 0x13, 0x84, 0x55, 0x40, 0x14, 0x40, 0x78, 0x12, 0x88, 0x43, + 0x33, 0x24, 0x66, 0x88, 0x22, 0x44, 0x15, 0x37, 0x81, 0x27, + 0x84, 0x18, 0x28, 0x11, 0x58, 0x51, 0x71, 0x21, 0x02, 0x83, + 0x70, 0x48, 0x32, 0x46, 0x00, 0x70, 0x17, 0x30, 0x63, 0x21, + 0x46, 0x60, 0x50, 0x72, 0x77, 0x45, 0x83, 0x75, 0x26, 0x31, + 0x47, 0x34, 0x47, 0x84, 0x87, 0x63, 0x22, 0x83, 0x21, 0x10, + 0x21, 0x51, 0x47, 0x46, 0x31, 0x06, 0x57, 0x82, 0x65, 0x24, + 0x61, 0x66, 0x24, 0x68, 0x14, 0x03, 0x43, 0x41, 0x04, 0x14, + 0x47, 0x61, 0x57, 0x87, 0x43, 0x83, 0x43, 0x25, 0x87, 0x36, + 0x72, 0x51, 0x38, 0x51, 0x54, 0x54, 0x84, 0x40, 0x15, 0x30, + 0x35, 0x34, 0x43, 0x61, 0x63, 0x42, 0x77, 0x31, 0x42, 0x06, + 0x61, 0x03, 0x01, 0x41, 0x08, 0x84, 0x02, 0x65, 0x04, 0x72, + 0x32, 0x00, 0x21, 0x10, 0x54, 0x73, 0x04, 0x42, 0x48, 0x11, + 0x74, 0x18, 0x63, 0x73, 0x28, 0x61, 0x36, 0x80, 0x20, 0x86, + 0x24, 0x42, 0x16, 0x11, 0x71, 0x83, 0x78, 0x38, 0x82, 0x47, + 0x67, 0x18, 0x56, 0x86, 0x85, 0x66, 0x18, 0x24, 0x50, 0x74, + 0x72, 0x02, 0x66, 0x83, 0x63, 0x08, 0x25, 0x32, 0x15, 0x78, + 0x33, 0x08, 0x34, 0x44, 0x08, 0x28, 0x10, 0x25, 0x40, 0x11, + 0x04, 0x76, 0x60, 0x16, 0x65, 0x16, 0x13, 0x30, 0x53, 0x14, + 0x77, 0x06, 0x06, 0x88, 0x64, 0x47, 0x08, 0x23, 0x11, 0x56, + 0x46, 0x61, 0x48, 0x64, 0x73, 0x66, 0x07, 0x65, 0x41, 0x24, + 0x67, 0x45, 0x42, 0x18, 0x62, 0x01, 0x70, 0x88, 0x03, 0x77, + 0x22, 0x85, 0x77, 0x02, 0x85, 0x03, 0x65, 0x15, 0x57, 0x51, + 0x28, 0x72, 0x53, 0x32, 0x05, 0x58, 0x84, 0x54, 0x03, 0x81, + 0x63, 0x23, 0x38, 0x27, 0x01, 0x85, 0x61, 0x12, 0x28, 0x62, + 0x22, 0x67, 0x56, 0x66, 0x63, 0x08, 0x74, 0x63, 0x21, 0x01, + 0x46, 0x10, 0x08, 0x18, 0x07, 0x86, 0x47, 0x70, 0x50, 0x25, + 0x45, 0x06, 0x55, 0x88, 0x46, 0x11, 0x23, 0x84, 0x70, 0x02, + 0x24, 0x88, 0x52, 0x60, 0x12, 0x72, 0x63, 0x05, 0x81, 0x21, + 0x26, 0x07, 0x64, 0x03, 0x56, 0x48, 0x27, 0x04, 0x38, 0x86, + 0x25, 0x65, 0x21, 0x25, 0x77, 0x21, 0x62, 0x28, 0x82, 0x71, + 0x85, 0x73, 0x78, 0x24, 0x78, 0x51, 0x61, 0x02, 0x81, 0x14, + 0x67, 0x61, 0x08, 0x88, 0x31, 0x77, 0x06, 0x24, 0x45, 0x13, + 0x67, 0x67, 0x54, 0x67, 0x00, 0x12, 0x62, 0x54, 0x11, 0x27, + 0x51, 0x48, 0x07, 0x33, 0x01, 0x24, 0x04, 0x64, 0x11, 0x83, + 0x18, 0x52, 0x55, 0x23, 0x24, 0x58, 0x53, 0x78, 0x30, 0x43, + 0x31, 0x76, 0x62, 0x01, 0x08, 0x73, 0x21, 0x32, 0x12, 0x78, + 0x22, 0x68, 0x33, 0x45, 0x33, 0x73, 0x02, 0x74, 0x21, 0x81, + 0x02, 0x16, 0x54, 0x31, 0x55, 0x76, 0x25, 0x76, 0x41, 0x36, + 0x75, 0x22, 0x78, 0x16, 0x60, 0x48, 0x58, 0x28, 0x83, 0x50, + 0x88, 0x66, 0x72, 0x70, 0x21, 0x21, 0x24, 0x16, 0x62, 0x57, + 0x20, 0x13, 0x80, 0x61, 0x15, 0x45, 0x42, 0x86, 0x00, 0x25, + 0x77, 0x58, 0x84, 0x01, 0x66, 0x16, 0x46, 0x56, 0x68, 0x57, + 0x12, 0x20, 0x75, 0x60, 0x41, 0x85, 0x02, 0x88, 0x12, 0x68, + 0x20, 0x02, 0x41, 0x18, 0x87, 0x13, 0x17, 0x33, 0x74, 0x11, + 0x08, 0x37, 0x47, 0x08, 0x31, 0x67, 0x08, 0x50, 0x61, 0x54, + 0x56, 0x71, 0x63, 0x26, 0x85, 0x22, 0x07, 0x87, 0x71, 0x28, + 0x20, 0x47, 0x48, 0x66, 0x54, 0x38, 0x03, 0x41, 0x38, 0x21, + 0x70, 0x50, 0x66, 0x53, 0x56, 0x70, 0x74, 0x55, 0x70, 0x28, + 0x52, 0x01, 0x42, 0x65, 0x53, 0x73, 0x32, 0x33, 0x67, 0x42, + 0x67, 0x85, 0x18, 0x45, 0x12, 0x37, 0x58, 0x82, 0x13, 0x73, + 0x78, 0x77, 0x03, 0x42, 0x04, 0x65, 0x55, 0x66, 0x07, 0x25, + 0x07, 0x37, 0x40, 0x78, 0x66, 0x71, 0x11, 0x21, 0x43, 0x25, + 0x87, 0x40, 0x58, 0x63, 0x33, 0x43, 0x52, 0x10, 0x31, 0x53, + 0x56, 0x48, 0x05, 0x55, 0x77, 0x77, 0x26, 0x87, 0x28, 0x43, + 0x61, 0x46, 0x11, 0x76, 0x82, 0x50, 0x42, 0x04, 0x32, 0x88, + 0x18, 0x66, 0x16, 0x36, 0x64, 0x41, 0x38, 0x17, 0x55, 0x43, + 0x06, 0x25, 0x80, 0x27, 0x21, 0x16, 0x81, 0x22, 0x64, 0x60, + 0x38, 0x16, 0x82, 0x40, 0x72, 0x34, 0x73, 0x52, 0x61, 0x85, + 0x11, 0x16, 0x00, 0x25, 0x03, 0x30, 0x06, 0x80, 0x21, 0x56, + 0x64, 0x52, 0x23, 0x26, 0x37, 0x75, 0x73, 0x65, 0x53, 0x27, + 0x37, 0x47, 0x56, 0x76, 0x80, 0x38, 0x53, 0x62, 0x14, 0x24, + 0x64, 0x03, 0x66, 0x21, 0x72, 0x16, 0x36, 0x34, 0x11, 0x65, + 0x61, 0x62, 0x86, 0x02, 0x83, 0x27, 0x80, 0x82, 0x70, 0x72, + 0x52, 0x60, 0x20, 0x87, 0x58, 0x58, 0x14, 0x38, 0x47, 0x03, + 0x10, 0x72, 0x60, 0x48, 0x02, 0x01, 0x17, 0x21, 0x61, 0x62, + 0x38, 0x64, 0x27, 0x53, 0x57, 0x13, 0x68, 0x18, 0x26, 0x62, + 0x43, 0x42, 0x21, 0x85, 0x70, 0x23, 0x58, 0x13, 0x72, 0x04, + 0x04, 0x08, 0x05, 0x82, 0x26, 0x18, 0x82, 0x47, 0x87, 0x71, + 0x32, 0x28, 0x68, 0x25, 0x87, 0x24, 0x06, 0x74, 0x41, 0x44, + 0x08, 0x64, 0x68, 0x30, 0x24, 0x44, 0x21, 0x73, 0x03, 0x45, + 0x70, 0x41, 0x06, 0x78, 0x38, 0x33, 0x88, 0x13, 0x31, 0x14, + 0x18, 0x17, 0x45, 0x06, 0x26, 0x67, 0x66, 0x73, 0x82, 0x56, + 0x66, 0x88, 0x70, 0x22, 0x55, 0x47, 0x27, 0x50, 0x86, 0x55, + 0x53, 0x00, 0x28, 0x55, 0x40, 0x62, 0xe9, 0x37, 0x65, 0xe1, + 0x30, 0x48, 0x6b, 0x35, 0x76, 0x96, 0x05, 0x21, 0xce, 0xed, + 0x46, 0xae, 0x7e, 0x6d, 0xc9, 0xf1, 0xc9, 0xb3, 0x7a, 0xa7, + 0xde, 0xa7, 0x62, 0x18, 0x11, 0xc0, 0xd8, 0xd0, 0x17, 0x0f, + 0x38, 0xaf, 0x0e, 0x3d, 0xaf, 0xe6, 0x63, 0xb0, 0xc4, 0x68, + 0x4e, 0x29, 0xa4, 0xf4, 0x20, 0x22, 0xbc, 0x82, 0x15, 0x1d, + 0x08, 0x39, 0x18, 0xfe, 0x69, 0x55, 0x06, 0x3d, 0xf4, 0xa3, + 0xe7, 0x29, 0x23, 0xa4, 0xd9, 0xa4, 0x22, 0x06, 0x2d, 0x5f, + 0x22, 0xb3, 0x9b, 0x1c, 0xb6, 0x3e, 0xf3, 0xf4, 0x8a, 0xb3, + 0x35, 0x18, 0x4c, 0x1f, 0xaf, 0xd4, 0xcf, 0x5b, 0x9b, 0xa7, + 0xf8, 0xd2, 0x86, 0x71, 0x8e, 0x64, 0x96, 0xd1, 0x6e, 0xad, + 0xd2, 0x7e, 0x16, 0x5b, 0x38, 0x91, 0x0e, 0x40, 0xaa, 0x07, + 0x6a, 0x63, 0x2a, 0xc0, 0x5b, 0x14, 0x79, 0x52, 0xcb, 0x23, + 0x6e, 0x76, 0x95, 0xd0, 0x90, 0x6c, 0x18, 0xe7, 0x89, 0xee, + 0xb9, 0x7f, 0x33, 0x08, 0x35, 0x8f, 0xa3, 0xaa, 0xaa, 0x10, + 0x2f, 0x8b, 0xc9, 0x6c, 0x1d, 0x95, 0xb5, 0xb8, 0x54, 0x0d, + 0x67, 0x86, 0xd4, 0x5d, 0xae, 0x8f, 0x33, 0x20, 0xe2, 0x35, + 0xda, 0x71, 0x53, 0x24, 0xad, 0x16, 0x84, 0x2e, 0x98, 0xcd, + 0x00, 0xa2, 0x69, 0x6a, 0x12, 0x9a, 0x86, 0xf3, 0x9f, 0x18, + 0x6c, 0x9f, 0x24, 0xbe, 0xb3, 0xf4, 0x90, 0xb3, 0xc4, 0xa4, + 0x8b, 0xce, 0x88, 0x60, 0xa0, 0x91, 0xb8, 0x9a, 0x52, 0xe5, + 0xfe, 0x16, 0x6d, 0xff, 0xb3, 0xdc, 0x50, 0x79, 0xfe, 0x31, + 0x24, 0xd4, 0x59, 0x5f, 0xf9, 0xb4, 0x70, 0x0b, 0x15, 0x93, + 0xd9, 0xe9, 0x92, 0xb6, 0xf5, 0x80, 0x34, 0x63, 0x66, 0x78, + 0xcf, 0xa9, 0xce, 0x48, 0xbf, 0xbe, 0x9e, 0xfa, 0xdd, 0x7d, + 0xf4, 0x16, 0xe2, 0xd2, 0x98, 0x13, 0xe2, 0x76, 0xdd, 0x0a, + 0xc7, 0x2d, 0xe8, 0x88, 0x8e, 0x1a, 0xc0, 0xfc, 0xe8, 0x35, + 0xaf, 0x5d, 0xe2, 0x4c, 0x96, 0x82, 0x4c, 0xe5, 0x89, 0x14, + 0xb8, 0x27, 0x39, 0xb5, 0x55, 0xc5, 0xa5, 0x8a, 0x01, 0xcc, + 0xfd, 0xbd, 0xa9, 0xec, 0xae, 0xc0, 0xe7, 0xd7, 0xf8, 0x11, + 0x84, 0x35, 0x99, 0x26, 0xb6, 0xc6, 0xf7, 0x35, 0xe0, 0x93, + 0xd8, 0xd7, 0xbf, 0xc0, 0xc8, 0x44, 0xfd, 0x46, 0xf5, 0xb7, + 0xc5, 0x5a, 0x75, 0xd3, 0xc7, 0xfa, 0xf4, 0xe1, 0xc0, 0x84, + 0x5e, 0x31, 0xfe, 0x69, 0x80, 0x5a, 0xe5, 0x4b, 0x9b, 0x5b, + 0xa4, 0x5c, 0x23, 0xaa, 0x85, 0xc9, 0x9a, 0xbd, 0x71, 0x49, + 0x11, 0x30, 0x8b, 0x81, 0xa1, 0xdd, 0xf8, 0xb8, 0x74, 0x91, + 0xe7, 0xf7, 0x82, 0x42, 0x70, 0x22, 0x95, 0xf0, 0xcc, 0x9f, + 0x02, 0x33, 0x0f, 0x08, 0x3b, 0x04, 0x31, 0xd7, 0x4f, 0x86, + 0x78, 0x49, 0xb9, 0x90, 0xf5, 0x8f, 0xec, 0x12, 0x84, 0x52, + 0x03, 0x1f, 0x64, 0x5e, 0xf0, 0x2a, 0xeb, 0x87, 0xa5, 0xec, + 0x95, 0x25, 0x64, 0x25, 0x49, 0x3b, 0x3c, 0x30, 0xed, 0x3b, + 0xe9, 0x36, 0xfd, 0xae, 0xa6, 0x26, 0xd3, 0x45, 0xbc, 0x1b, + 0x78, 0x5f, 0xce, 0x27, 0x45, 0x1c, 0xd5, 0xf9, 0xa7, 0xda, + 0x62, 0xe6, 0x7e, 0xd3, 0xbb, 0xd8, 0x0a, 0xfd, 0xf5, 0xa5, + 0x31, 0x09, 0x6e, 0x40, 0xe8, 0xcf, 0xc1, 0x42, 0x8e, 0x2e, + 0x75, 0x65, 0xaa, 0x91, 0x6f, 0xc7, 0x75, 0x3a, 0x1e, 0x40, + 0x99, 0x71, 0x5e, 0x00, 0xae, 0x07, 0xad, 0x43, 0x49, 0xdd, + 0x6d, 0x36, 0xe3, 0xa8, 0xdf, 0x2c, 0x39, 0xa2, 0x57, 0xd7, + 0x93, 0xa1, 0x16, 0x80, 0x89, 0xa6, 0x56, 0x69, 0x75, 0xea, + 0xb8, 0xb2, 0x43, 0x0c, 0xdf, 0x46, 0x05, 0x9a, 0x39, 0x08, + 0x3b, 0xb6, 0x76, 0xe3, 0x5b, 0x98, 0x5b, 0x48, 0xc0, 0x11, + 0x14, 0x6f, 0xcd, 0xb7, 0xaa, 0x08, 0x1e, 0x53, 0x9b, 0x94, + 0x9d, 0xa2, 0xe6, 0x99, 0xcb, 0x1c, 0xb4, 0xbf, 0x55, 0x84, + 0x12, 0xc9, 0xf1, 0xf0, 0x94, 0xd9, 0x7d, 0x61, 0xa9, 0xe7, + 0xe6, 0xc1, 0xe2, 0xca, 0x6b, 0x36, 0x80, 0x72, 0x31, 0x79, + 0xbf, 0xe7, 0x3e, 0x99, 0x9e, 0xd5, 0x59, 0xd4, 0x97, 0x14, + 0xd5, 0xfa, 0x93, 0x37, 0x8a, 0x65, 0xa5, 0xb6, 0x4e, 0xba, + 0xb3, 0x84, 0xf2, 0xc1, 0x55, 0xb6, 0x94, 0x31, 0x30, 0xe7, + 0xb2, 0x71, 0x4e, 0xc6, 0x21, 0x50, 0xf3, 0xcf, 0x7c, 0xbc, + 0x26, 0xb7, 0x20, 0xcb, 0x2d, 0x9e, 0x55, 0x23, 0x7c, 0xf0, + 0x97, 0x16, 0x57, 0x5b, 0xcc, 0xc5, 0x48, 0xc9, 0xc8, 0xee, + 0x1e, 0x11, 0x6b, 0x72, 0x3b, 0x29, 0x71, 0xa4, 0xed, 0x08, + 0x6c, 0x38, 0xc6, 0x2e, 0x64, 0x3b, 0x16, 0xd8, 0x4d, 0x19, + 0xe8, 0x94, 0xd3, 0xd5, 0xb4, 0x18, 0xb4, 0x03, 0x24, 0x62, + 0xe7, 0x44, 0x5e, 0x09, 0x60, 0xc6, 0xa9, 0xa6, 0xca, 0xbe, + 0x83, 0xe5, 0xf1, 0xbd, 0x04, 0x22, 0x4b, 0x1b, 0x08, 0x0b, + 0xa6, 0x20, 0x95, 0xf2, 0x78, 0x8c, 0x3e, 0x73, 0x03, 0x7b, + 0x75, 0x2c, 0xe5, 0x72, 0xec, 0xc9, 0x25, 0x06, 0x6b, 0x3a, + 0x5e, 0x0e, 0x96, 0xd0, 0xe3, 0x85, 0xb0, 0xb5, 0x6a, 0x83, + 0x40, 0x41, 0x94, 0xce, 0xa1, 0x07, 0x79, 0x07, 0xe2, 0x50, + 0xa4, 0xde, 0x7d, 0x64, 0x2f, 0x7e, 0x43, 0xd5, 0x72, 0xd1, + 0xa7, 0xb9, 0x76, 0xa3, 0xfc, 0x25, 0x33, 0xd7, 0x95, 0xb5, + 0xd9, 0x94, 0x93, 0x55, 0xaf, 0x04, 0x86, 0x4a, 0xfc, 0x2f, + 0x5f, 0x3d, 0x34, 0x86, 0xf2, 0x9a, 0x31, 0x4c, 0xc9, 0xad, + 0x08, 0xa5, 0x03, 0x91, 0x8a, 0x7e, 0x46, 0xc9, 0x44, 0x61, + 0x11, 0x59, 0x4f, 0xbb, 0x70, 0xf9, 0x9d, 0x3e, 0x6d, 0x53, + 0xb4, 0x16, 0x28, 0xd3, 0x67, 0x52, 0x14, 0xad, 0xba, 0xb1, + 0x21, 0xaf, 0x84, 0x18, 0xc9, 0x37, 0x78, 0xb3, 0x78, 0x92, + 0x95, 0xad, 0x1b, 0xc0, 0x70, 0xe7, 0xe9, 0x06, 0x02, 0xed, + 0x6c, 0x99, 0x4e, 0x43, 0xc0, 0xa4, 0x6f, 0x23, 0xa8, 0x02, + 0xc4, 0xbd, 0xc0, 0x16, 0xc4, 0xed, 0xe0, 0xe1, 0x56, 0x06, + 0x3f, 0xf4, 0x77, 0x12, 0x72, 0x52, 0x04, 0xe8, 0xe4, 0x26, + 0xe5, 0x01, 0x47, 0x5b, 0x8a, 0xca, 0x07, 0x3b, 0xc9, 0xb1, + 0x42, 0x8f, 0x7d, 0x64, 0x7d, 0x5d, 0x6a, 0x95, 0xde, 0x4d, + 0x4b, 0xd3, 0xfa, 0xcf, 0xf0, 0x25, 0x27, 0x96, 0x48, 0xb6, + 0xcc, 0x68, 0x29, 0x37, 0x95, 0xcd, 0x36, 0xb7, 0xb0, 0xd6, + 0xf1, 0xfc, 0x4f, 0xe9, 0xa8, 0x6b, 0x9d, 0x75, 0xc7, 0x9b, + 0x19, 0xaf, 0xbb, 0x8a, 0xaf, 0x4b, 0xb8, 0xe2, 0xeb, 0x8d, + 0xd9, 0xf5, 0x75, 0xc5, 0xc8, 0x0b, 0xf2, 0x1c, 0xf9, 0x9e, + 0xc7, 0x4d, 0x7c, 0x71, 0x47, 0xbd, 0x57, 0x7e, 0xe6, 0x59, + 0xca, 0x8c, 0xf2, 0x0c, 0x47, 0x4a, 0x90, 0xa7, 0xf5, 0xb8, + 0xb2, 0x43, 0x97, 0xdb, 0xbe, 0x76, 0x37, 0x29, 0x36, 0x40, + 0xaa, 0x7a, 0x81, 0xf0, 0xa0, 0xd0, 0x81, 0x39, 0x88, 0xf0, + 0x23, 0xb0, 0xa4, 0xbe, 0x5e, 0xd8, 0x33, 0x98, 0x5d, 0x9d, + 0xb5, 0xd4, 0x1c, 0x00, 0xe2, 0x30, 0xb8, 0x68, 0x58, 0x65, + 0x30, 0x94, 0x3d, 0xf2, 0x75, 0x0c, 0x8e, 0x3b, 0xee, 0x9b, + 0xce, 0x6c, 0x67, 0x68, 0x54, 0x86, 0x7d, 0x27, 0x2a, 0x2f, + 0xf7, 0x25, 0xff, 0x22, 0x1e, 0x74, 0xbd, 0x72, 0x11, 0xf4, + 0x47, 0x8e, 0x2f, 0x0d, 0xb9, 0x31, 0xac, 0x5c, 0x1d, 0xa0, + 0x11, 0xea, 0x16, 0x24, 0x86, 0x76, 0xbd, 0xa3, 0x41, 0x7f, + 0x00, 0xe6, 0xe2, 0x86, 0x93, 0xff, 0x02, 0x07, 0xce, 0x49, + 0xe4, 0xaf, 0x00, 0x9b, 0x15, 0xa6, 0x05, 0xf7, 0x54, 0xd1, + 0xbb, 0xa7, 0x09, 0x67, 0xe6, 0x99, 0xf9, 0x23, 0xe6, 0xaa, + 0x6f, 0xcb, 0xe1, 0xc1, 0xac, 0x7b, 0x98, 0xa9, 0x14, 0x43, + 0x55, 0x22, 0x2c, 0x7a, 0x4a, 0x4a, 0x63, 0xc1, 0xfe, 0x5c, + 0xca, 0xf4, 0x91, 0x3b, 0x6f, 0xf8, 0x7e, 0x2a, 0xa1, 0x4a, + 0xc3, 0x16, 0x1c, 0x1d, 0x53, 0x7d, 0x0e, 0x77, 0x0d, 0x72, + 0x07, 0x78, 0xea, 0xce, 0xe4, 0x0c, 0xf7, 0xce, 0xa0, 0xef, + 0xa1, 0xdb, 0x6b, 0x5f, 0xfd, 0xeb, 0x68, 0xc7, 0x76, 0xfd, + 0x35, 0xd2, 0xcb, 0xa4, 0xf6, 0xe6, 0x6b, 0xdb, 0xe9, 0xd5, + 0x1e, 0x05, 0x8a, 0xba, 0xed, 0x77, 0x94, 0x36, 0x6c, 0x3c, + 0xe2, 0x23, 0xf8, 0x84, 0xa1, 0xe3, 0xcd, 0xfa, 0x1d, 0x31, + 0x52, 0x4d, 0xbc, 0x16, 0x31, 0x92, 0xd7, 0xbe, 0x2e, 0xd6, + 0x6d, 0x1d, 0x58, 0x4e, 0xd8, 0x06, 0x8f, 0xb3, 0xe6, 0x79, + 0x60, 0x92, 0x71, 0x1f, 0x72, 0x84, 0x55, 0x7b, 0xfa, 0xc8, + 0xcf, 0x20, 0x16, 0x2f, 0xc7, 0x13, 0x17, 0xd1, 0x2d, 0xd1, + 0x0d, 0x84, 0x48, 0x08, 0x69, 0xd1, 0x55, 0xb1, 0x08, 0xb6, + 0x17, 0x8c, 0x38, 0x31, 0xa4, 0x77, 0x73, 0xc0, 0xe9, 0xfc, + 0x5f, 0x8e, 0xb3, 0x74, 0x1f, 0xab, 0xcf, 0xf5, 0x26, 0x26, + 0x20, 0x80, 0xd8, 0x13, 0x42, 0xcf, 0xc7, 0x9d, 0xd6, 0x5b, + 0x1a, 0xfd, 0x46, 0x83, 0xba, 0xc1, 0xe5, 0x92, 0xe9, 0x27, + 0xa8, 0xa0, 0x36, 0xd5, 0x31, 0x75, 0x7b, 0x8f, 0x53, 0xf6, + 0xbd, 0x08, 0x1a, 0x86, 0x81, 0x83, 0x85, 0x07, 0x44, 0x3e, + 0xf9, 0x72, 0x47, 0xe0, 0xf1, 0xbe, 0x43, 0x6a, 0xc3, 0x00, + 0x94, 0xd3, 0x19, 0x81, 0xde, 0xf3, 0xfd, 0x57, 0x98, 0xdc, + 0x57, 0xfe, 0x9f, 0x4b, 0x38, 0x23, 0xad, 0xa8, 0xd4, 0x07, + 0x07, 0x5c, 0xca, 0x25, 0xb8, 0x77, 0x7e, 0x45, 0x01, 0x9b, + 0xd4, 0x45, 0x5b, 0x94, 0x47, 0x18, 0x35, 0x66, 0xad, 0x0a, + 0x97, 0x06, 0xc6, 0xa7, 0xaa, 0x50, 0xbf, 0x07, 0x90, 0xfe, + 0x50, 0x8d, 0xd9, 0x1f, 0xdd, 0x33, 0xa4, 0xa7, 0x23, 0x48, + 0xa3, 0xd6, 0x5d, 0xb8, 0x9e, 0x97, 0x22, 0x32, 0xd3, 0x8a, + 0xb0, 0x5e, 0xb3, 0xc9, 0x0b, 0x24, 0x09, 0x66, 0x2e, 0xea, + 0x94, 0x9c, 0x90, 0x4f, 0x3e, 0x93, 0xcf, 0x30, 0x3f, 0xb4, + 0xbe, 0x5e, 0x6c, 0xaf, 0x1a, 0xff, 0x00, 0xc7, 0x74, 0x2e, + 0x8b, 0x08, 0xe9, 0x22, 0x61, 0xc5, 0xd1, 0x21, 0x15, 0xa1, + 0xba, 0x37, 0xd2, 0x24, 0xfd, 0xa5, 0x63, 0x9a, 0x97, 0xfa, + 0xfe, 0xb2, 0xa5, 0x1b, 0x3b, 0xbd, 0xb7, 0xb3, 0x2f, 0x3d, + 0xf1, 0x5a, 0xf2, 0xf6, 0xe4, 0x12, 0xe4, 0x3a, 0x26, 0x3c, + 0x21, 0x5c, 0xd6, 0x83, 0x65, 0x26, 0x86, 0xcc, 0x47, 0x84, + 0xd7, 0x26, 0x31, 0x31, 0xcf, 0x1d, 0xd6, 0xc4, 0xa4, 0xf2, + 0xd4, 0x25, 0x54, 0x2b, 0x81, 0x00, 0x1d, 0xd8, 0xdf, 0x04, + 0xb8, 0x4b, 0xcf, 0xe5, 0x16, 0xf4, 0x4a, 0x17, 0xc5, 0xd8, + 0xd3, 0xdf, 0xe4, 0xb7, 0xd3, 0x98, 0xb6, 0x73, 0xa0, 0x37, + 0x67, 0xbb, 0x8b, 0xc3, 0xfc, 0xac, 0x6e, 0x6c, 0x0e, 0x5d, + 0x44, 0xb0, 0x9d, 0xf8, 0xae, 0x17, 0x9b, 0xf9, 0xcb, 0xe8, + 0xfe, 0xc1, 0x7b, 0x78, 0x16, 0xf6, 0x74, 0x04, 0x7d, 0x38, + 0x17, 0x36, 0x09, 0xe3, 0x73, 0xa1, 0x76, 0x78, 0x7c, 0x14, + 0xb3, 0x83, 0x91, 0x59, 0x27, 0xea, 0x8c, 0x69, 0xe6, 0xa5, + 0x21, 0xcd, 0x78, 0xc7, 0x26, 0xa2, 0xfb, 0xd4, 0xf3, 0xaf, + 0x3f, 0xcf, 0x51, 0x10, 0xcc, 0x4b, 0xdd, 0x14, 0xf4, 0xf3, + 0xb8, 0xea, 0x07, 0xa7, 0x76, 0xe7, 0xbe, 0xec, 0x01, 0xb5, + 0x1e, 0xdc, 0xc3, 0x55, 0x19, 0xb1, 0x16, 0x3f, 0xfe, 0xd4, + 0x15, 0x49, 0xaf, 0x04, 0x9d, 0x38, 0xdd, 0x86, 0x53, 0x2a, + 0x80, 0x62, 0x42, 0xb7, 0x98, 0x42, 0x38, 0xaf, 0x9d, 0x87, + 0xe2, 0x3f, 0xea, 0x7e, 0x0a, 0x35, 0xb8, 0xee, 0xa5, 0x48, + 0x09, 0x08, 0xc5, 0x0d, 0xae, 0x01, 0xd5, 0xec, 0x43, 0x29, + 0x3b, 0xfb, 0x78, 0xc4, 0x96, 0x01, 0x1c, 0x21, 0xf2, 0xc9, + 0x44, 0x68, 0x24, 0x66, 0x86, 0x96, 0xb8, 0xc8, 0xe9, 0xd0, + 0x38, 0x0e, 0x96, 0x4d, 0xcc, 0x45, 0xab, 0xe1, 0xca, 0x50, + 0x10, 0x20, 0x01, 0xbe, 0x89, 0xc0, 0x43, 0x84, 0xd8, 0x38, + 0x52, 0xc0, 0xaf, 0x4d, 0x6b, 0x99, 0x0b, 0xc0, 0xc2, 0x99, + 0x07, 0xc6, 0x78, 0xa8, 0xf7, 0x32, 0x84, 0x86, 0xc5, 0x1a, + 0x95, 0x81, 0xa6, 0x6a, 0x05, 0xa7, 0x9d, 0x81, 0x0e, 0x32, + 0x18, 0x11, 0x4a, 0x0f, 0xfc, 0x17, 0x9e, 0xf7, 0xbf, 0x54, + 0x82, 0xed, 0xba, 0x6f, 0xbd, 0x41, 0xc1, 0xca, 0x55, 0x6c, + 0xff, 0x32, 0x6b, 0xa2, 0x59, 0xae, 0xae, 0x92, 0xc1, 0xb5, + 0xa6, 0xfc, 0xaf, 0x09, 0x48, 0x57, 0xd6, 0xee, 0x38, 0x99, + 0xb4, 0xe3, 0x8f, 0xb7, 0xfc, 0x6a, 0x0a, 0x3b, 0x08, 0xe1, + 0x81, 0x46, 0x11, 0xeb, 0x4a, 0x98, 0x43, 0x16, 0x16, 0x1f, + 0x68, 0xdb, 0xb9, 0x71, 0x19, 0xfe, 0x8b, 0xe6, 0xb7, 0x8b, + 0xc1, 0x3b, 0x90, 0xc5, 0x89, 0x1d, 0xca, 0xd9, 0x19, 0x6c, + 0xe8, 0x01, 0xf4, 0x19, 0x50, 0x3e, 0x93, 0x84, 0xbf, 0xaa, + 0x9a, 0x3d, 0x20, 0x4c, 0x4e, 0x79, 0x83, 0xec, 0x46, 0x83, + 0x09, 0x00, 0xc3, 0x8a, 0xad, 0xd5, 0x2b, 0x08, 0xd1, 0x47, + 0xac, 0x96, 0x0e, 0x34, 0xf0, 0x89, 0x1a, 0x0f, 0xf2, 0x51, + 0x8d, 0x2c, 0xb5, 0xf2, 0xfe, 0x8c, 0xdc, 0xed, 0x41, 0x51, + 0x8c, 0x71, 0x12, 0x05, 0xec, 0x68, 0x21, 0x86, 0x94, 0xf4, + 0xfb, 0xfc, 0xaa, 0xc7, 0xc7, 0xbb, 0x74, 0xa2, 0x8b, 0x76, + 0x62, 0x1c, 0x64, 0x11, 0xa0, 0xd0, 0x5f, 0x46, 0x64, 0xd4, + 0x47, 0xbc, 0x8a, 0x5b, 0x2b, 0xc2, 0xc1, 0x88, 0xb2, 0x30, + 0xbd, 0x02, 0x17, 0x18, 0x0a, 0xd7, 0x9b, 0x3d, 0x91, 0xb9, + 0x2c, 0x83, 0x24, 0xb4, 0x8b, 0x9d, 0x02, 0xaf, 0xb2, 0x4e, + 0x57, 0xe1, 0xb0, 0xa2, 0xf3, 0x7c, 0xde, 0x15, 0xba, 0x60, + 0xbd, 0x80, 0xbe, 0x6d, 0x6f, 0x16, 0xb3, 0xb9, 0xb8, 0x6a, + 0x55, 0xb4, 0xad, 0xf1, 0x01, 0x63, 0x40, 0x01, 0xba, 0x5b, + 0x5d, 0x9a, 0xbc, 0xf0, 0x58, 0xa8, 0xf7, 0xbb, 0x8e, 0x91, + 0xa0, 0xfd, 0x8c, 0x49, 0x8f, 0x1a, 0xbb, 0x2a, 0x28, 0x0d, + 0x7a, 0xa6, 0xc2, 0xd7, 0x41, 0x16, 0xed, 0x61, 0x5d, 0xc4, + 0xe7, 0xcf, 0x2b, 0xb4, 0xb9, 0x10, 0x6f, 0x38, 0x42, 0x88, + 0x94, 0x6e, 0x75, 0x2c, 0x89, 0xac, 0xa0, 0xe9, 0x81, 0xec, + 0x2d, 0x62, 0xa3, 0xba, 0x3c, 0x40, 0xdb, 0x65, 0x56, 0x8e, + 0xc7, 0xd8, 0xb0, 0xd4, 0xf9, 0x04, 0x2b, 0x4c, 0x83, 0x20, + 0xbe, 0xad, 0xb8, 0x66, 0x1c, 0x20, 0x32, 0xb3, 0xf6, 0xf1, + 0xac, 0xa5, 0x8a, 0x72, 0x9a, 0x41, 0x1d, 0x6e, 0xa0, 0x16, + 0xe0, 0x0c, 0x39, 0xb6, 0x06, 0x96, 0x55, 0xb7, 0xda, 0x1c, + 0x54, 0x08, 0xf6, 0x30, 0x1b, 0xb6, 0x57, 0xca, 0x7d, 0xb0, + 0xdc, 0x9e, 0xfa, 0x5c, 0x38, 0x7f, 0xac, 0x37, 0x80, 0x26, + 0xba, 0xdc, 0x7a, 0x95, 0xe5, 0x7b, 0x90, 0xf3, 0x1a, 0xc7, + 0x31, 0x8e, 0x97, 0x07, 0x9a, 0xb8, 0xbe, 0xae, 0x16, 0x11, + 0x44, 0xb0, 0x01, 0xf5, 0xe8, 0x37, 0x1a, 0x67, 0xfe, 0x00, + 0x8f, 0xa1, 0xf5, 0x03, 0x7c, 0xed, 0xbf, 0x42, 0xf4, 0x78, + 0x2b, 0xfb, 0x9f, 0x8c, 0xb3, 0x63, 0x0b, 0x42, 0xbf, 0xae, + 0x8e, 0xf7, 0x6f, 0xb4, 0xb1, 0xe8, 0x75, 0x8c, 0xdf, 0x69, + 0xc6, 0xe1, 0x3a, 0x26, 0x05, 0x47, 0x03, 0x61, 0xfc, 0xc5, + 0xa9, 0xc1, 0x4f, 0x70, 0xce, 0x18, 0xbb, 0x01, 0xe6, 0x11, + 0xc9, 0xa7, 0x7e, 0x65, 0xb8, 0xdc, 0x61, 0x3d, 0x9b, 0x47, + 0x2e, 0x34, 0x16, 0xa1, 0x73, 0x61, 0x91, 0xed, 0x45, 0xe3, + 0x01, 0x26, 0xee, 0x16, 0x76, 0x0e, 0xb7, 0xa1, 0xc0, 0xb3, + 0xac, 0xf0, 0xa5, 0x3b, 0xf6, 0x64, 0x1b, 0x93, 0x94, 0x5c, + 0x8f, 0x4c, 0x25, 0x89, 0xa1, 0x92, 0x32, 0x50, 0x28, 0x03, + 0x8b, 0xff, 0xc4, 0xf6, 0x2a, 0xe8, 0xda, 0x8d, 0xfe, 0x49, + 0xb5, 0x33, 0x01, 0xca, 0x2d, 0x2d, 0x60, 0x33, 0xd6, 0x30, + 0x38, 0x8a, 0x1e, 0x38, 0x3d, 0x78, 0x11, 0xff, 0xef, 0x1c, + 0x82, 0x33, 0xbb, 0xfc, 0x95, 0xef, 0x79, 0xb0, 0x59, 0xbd, + 0x2c, 0xfd, 0x1c, 0x3f, 0x42, 0xda, 0xdf, 0xbd, 0x56, 0xf2, + 0xd6, 0xae, 0x2d, 0x23, 0x36, 0xed, 0xb1, 0x8d, 0x62, 0x58, + 0x71, 0x66, 0x21, 0xe0, 0x4d, 0xee, 0xf4, 0x16, 0x48, 0xa6, + 0xcf, 0x1a, 0x8a, 0xf0, 0x8a, 0xd1, 0x53, 0xf6, 0xe5, 0x4e, + 0x98, 0x9d, 0x7d, 0x6c, 0xd2, 0xdf, 0xb8, 0x2d, 0xa6, 0xe5, + 0x8a, 0xd6, 0xb5, 0xae, 0x61, 0x96, 0xfa, 0x6b, 0xca, 0x7f, + 0x08, 0xc2, 0x2b, 0x67, 0x30, 0x5e, 0x21, 0x3b, 0xa4, 0x84, + 0x95, 0xc6, 0x2f, 0x2c, 0x1f, 0xe2, 0x0e, 0x1a, 0xc3, 0x89, + 0x6a, 0x6a, 0xe7, 0x08, 0xf9, 0x74, 0xee, 0x4f, 0xcd, 0x5e, + 0xe8, 0xce, 0x55, 0x4d, 0x38, 0xed, 0x62, 0x35, 0xee, 0xfc, + 0x14, 0x56, 0xb9, 0xf0, 0xce, 0x29, 0x1c, 0x21, 0x40, 0x51, + 0xe4, 0x76, 0xe3, 0xa6, 0xd8, 0x3d, 0x54, 0x58, 0x51, 0xe5, + 0xf0, 0xdc, 0x50, 0x39, 0x43, 0x67, 0x44, 0x14, 0xcc, 0x6e, + 0x5a, 0xb1, 0x15, 0xec, 0xb4, 0x3e, 0x0e, 0xef, 0x8e, 0x72, + 0x6a, 0xdf, 0xba, 0x37, 0x27, 0x15, 0x62, 0xc3, 0xbd, 0xee, + 0x1d, 0xb1, 0x24, 0x2f, 0x57, 0x51, 0xf1, 0x8f, 0xfb, 0xd1, + 0x10, 0x6f, 0x11, 0xb9, 0x94, 0x5c, 0x9c, 0x12, 0x26, 0x46, + 0x46, 0x7b, 0x31, 0x0e, 0xad, 0x93, 0xe4, 0x4f, 0x09, 0xe3, + 0xbf, 0xc5, 0xe3, 0x11, 0xa4, 0x25, 0x8d, 0x9b, 0x8e, 0x26, + 0x02, 0xaa, 0x72, 0x18, 0xce, 0x89, 0x67, 0xfc, 0x1c, 0x28, + 0xab, 0x11, 0x5a, 0x84, 0x23, 0x7c, 0x91, 0xac, 0x6b, 0x48, + 0x9c, 0x39, 0x14, 0xa3, 0xac, 0xc6, 0x30, 0xbc, 0x1e, 0x0c, + 0xd3, 0x34, 0x19, 0xa9, 0x2b, 0xe7, 0xa4, 0xf8, 0xc1, 0xf0, + 0x3c, 0x60, 0xa2, 0xf7, 0x51, 0x86, 0xcf, 0x42, 0xad, 0x34, + 0x81, 0xa6, 0x93, 0x0b, 0x88, 0x4c, 0xbf, 0xd2, 0x4f, 0xe0, + 0xdb, 0xb2, 0x1d, 0x6d, 0xb2, 0x5c, 0xac, 0xd8, 0x64, 0x85, + 0xc3, 0x35, 0x6e, 0x5d, 0xaf, 0x63, 0x3e, 0x47, 0xb7, 0x5d, + 0x39, 0x21, 0x36, 0xa6, 0xd4, 0xef, 0x9e, 0x1c, 0x1f, 0xd6, + 0xa4, 0xe0, 0xe4, 0x22, 0x75, 0x1e, 0xeb, 0x15, 0xb4, 0xee, + 0x43, 0x37, 0x06, 0xf9, 0x77, 0xbf, 0x68, 0x9b, 0x9a, 0x7f, + 0x38, 0x30, 0x87, 0xde, 0x0c, 0x6a, 0x39, 0x41, 0xe1, 0xed, + 0xf4, 0x18, 0x6e, 0x29, 0x44, 0xf0, 0xfc, 0xb6, 0x09, 0x5b, + 0xb3, 0x30, 0xc9, 0x0a, 0x8c, 0x41, 0x6f, 0x1e, 0x95, 0xbe, + 0x93, 0x3c, 0x11, 0x9b, 0x24, 0xf7, 0x57, 0xb8, 0xc5, 0x9b, + 0x08, 0xaa, 0xcd, 0x24, 0x86, 0x98, 0x59, 0x0f, 0xc6, 0x0e, + 0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80, + 0xc2, 0x27, }; static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key); -/* certs/dilithium/bench_dilithium_level5_key.der */ -static const unsigned char bench_dilithium_level5_key[] = -{ - 0x30, 0x82, 0x1D, 0x3A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, - 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, - 0x08, 0x07, 0x04, 0x82, 0x1D, 0x24, 0x04, 0x82, 0x1D, 0x20, - 0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C, 0x30, 0x56, 0x65, 0x04, - 0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88, 0x4C, 0x38, 0x64, 0x86, - 0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63, 0xC1, 0x87, 0x24, 0x39, - 0xFB, 0xC0, 0x28, 0x0C, 0xBE, 0x81, 0xF7, 0xCD, 0x25, 0x8B, - 0x86, 0x42, 0xAD, 0x74, 0x54, 0xCB, 0xA4, 0xDA, 0xC7, 0x94, - 0x70, 0xA3, 0x41, 0xDA, 0x1F, 0xD8, 0x4F, 0x94, 0x5C, 0x0B, - 0xA5, 0x35, 0x60, 0xB2, 0x8C, 0x50, 0xED, 0x0B, 0xCB, 0x75, - 0x6F, 0x14, 0x64, 0x48, 0x86, 0x21, 0xBC, 0x4A, 0x4C, 0xC5, - 0x22, 0xBC, 0x2D, 0x28, 0x32, 0x39, 0x13, 0x57, 0xC9, 0xE5, - 0x74, 0xF4, 0xE6, 0x3A, 0xC2, 0xE2, 0x49, 0x24, 0x31, 0x88, - 0x82, 0x08, 0x03, 0x89, 0x6C, 0x8B, 0x84, 0x08, 0x81, 0xC2, - 0x08, 0xDB, 0x44, 0x60, 0xA0, 0xB2, 0x91, 0x88, 0x36, 0x28, - 0x12, 0x89, 0x89, 0x4B, 0xA4, 0x01, 0x62, 0x12, 0x4C, 0x08, - 0x02, 0x44, 0x19, 0x15, 0x64, 0x8B, 0x04, 0x65, 0xE4, 0x14, - 0x06, 0x08, 0xC7, 0x04, 0x5B, 0x28, 0x81, 0x89, 0xC2, 0x70, - 0xD0, 0xB4, 0x71, 0x4C, 0x24, 0x80, 0xA1, 0x28, 0x86, 0xD1, - 0x06, 0x25, 0x13, 0x03, 0x84, 0x8C, 0x18, 0x41, 0x49, 0x34, - 0x09, 0xCB, 0x22, 0x71, 0x0C, 0xA3, 0x90, 0x22, 0x94, 0x51, - 0x58, 0x02, 0x2D, 0x53, 0x30, 0x00, 0xC2, 0x06, 0x42, 0x48, - 0xC4, 0x70, 0x8A, 0x32, 0x89, 0x80, 0x16, 0x06, 0x90, 0x44, - 0x91, 0xCB, 0xC8, 0x71, 0xA2, 0xB6, 0x64, 0xD0, 0x26, 0x0A, - 0x21, 0x05, 0x88, 0x0C, 0xB0, 0x6C, 0x03, 0x49, 0x24, 0x80, - 0x02, 0x11, 0xD1, 0x36, 0x06, 0x84, 0x32, 0x11, 0x81, 0x44, - 0x91, 0x9B, 0xB0, 0x01, 0x91, 0x02, 0x25, 0x44, 0x92, 0x69, - 0x5A, 0x08, 0x6C, 0x90, 0x00, 0x0D, 0x09, 0x17, 0x64, 0x89, - 0xB2, 0x2D, 0x02, 0x06, 0x2C, 0xDC, 0x92, 0x45, 0xE1, 0x34, - 0x31, 0x11, 0x03, 0x2D, 0x00, 0x94, 0x29, 0xCA, 0x34, 0x89, - 0xA3, 0x40, 0x22, 0xC4, 0x30, 0x08, 0x02, 0x33, 0x6E, 0x1C, - 0x85, 0x10, 0xE4, 0x92, 0x30, 0xC4, 0x46, 0x84, 0xE0, 0x26, - 0x28, 0xC3, 0x10, 0x65, 0x51, 0x06, 0x4A, 0x03, 0xC1, 0x11, - 0x48, 0x32, 0x4E, 0x9A, 0xC4, 0x6C, 0x91, 0x38, 0x40, 0xC0, - 0x92, 0x64, 0xE3, 0xA4, 0x85, 0x22, 0x32, 0x52, 0x92, 0x08, - 0x20, 0x82, 0x22, 0x12, 0x49, 0x20, 0x6C, 0x91, 0x06, 0x01, - 0x1B, 0x30, 0x06, 0x12, 0xC3, 0x41, 0x4B, 0x40, 0x42, 0x0B, - 0xA7, 0x01, 0x60, 0x12, 0x89, 0x24, 0x98, 0x30, 0x99, 0xA6, - 0x64, 0x61, 0x26, 0x6A, 0x91, 0xB0, 0x11, 0x03, 0xC2, 0x2D, - 0x41, 0xC8, 0x6D, 0xD8, 0x38, 0x28, 0x4B, 0x98, 0x04, 0x98, - 0x18, 0x09, 0x18, 0xA6, 0x65, 0x81, 0x38, 0x69, 0x5B, 0xC4, - 0x6D, 0x98, 0x26, 0x0D, 0x62, 0xC6, 0x71, 0xC3, 0xC6, 0x4C, - 0xC2, 0x02, 0x46, 0x5B, 0x94, 0x65, 0x09, 0x29, 0x0E, 0xA2, - 0xA2, 0x41, 0xE4, 0x02, 0x69, 0xA3, 0x90, 0x4D, 0x8B, 0xA6, - 0x70, 0xA3, 0x40, 0x85, 0x5C, 0x36, 0x48, 0x22, 0xC5, 0x84, - 0x19, 0x91, 0x25, 0x00, 0xC2, 0x65, 0xC4, 0x46, 0x2E, 0xDC, - 0xB0, 0x51, 0x94, 0x28, 0x01, 0x9B, 0x22, 0x66, 0x01, 0xA8, - 0x90, 0x9A, 0xC4, 0x08, 0xD1, 0x22, 0x41, 0x42, 0x34, 0x62, - 0x60, 0x40, 0x92, 0x93, 0xC8, 0x45, 0xD8, 0x04, 0x20, 0x8A, - 0x30, 0x25, 0xE1, 0x14, 0x40, 0x11, 0x13, 0x00, 0x54, 0x22, - 0x62, 0x50, 0x10, 0x22, 0x03, 0xA9, 0x85, 0x9B, 0x42, 0x4D, - 0x50, 0xB2, 0x41, 0x10, 0x13, 0x48, 0x63, 0x38, 0x68, 0xA1, - 0xB0, 0x0D, 0x1B, 0x88, 0x84, 0x8A, 0x28, 0x51, 0xD4, 0x38, - 0x2A, 0x12, 0x43, 0x61, 0x80, 0x38, 0x32, 0x18, 0xC6, 0x29, - 0x22, 0xB5, 0x21, 0x02, 0x99, 0x28, 0xCC, 0x18, 0x85, 0x83, - 0xB4, 0x8C, 0x81, 0x24, 0x51, 0x10, 0x83, 0x68, 0x1C, 0x47, - 0x71, 0x8C, 0x40, 0x6C, 0x00, 0xB6, 0x0D, 0x88, 0x22, 0x90, - 0x0C, 0xC7, 0x49, 0xC0, 0x82, 0x89, 0xDA, 0x22, 0x4A, 0xC8, - 0x18, 0x08, 0xD1, 0x00, 0x2C, 0xDA, 0x30, 0x49, 0x49, 0xC8, - 0x91, 0x5A, 0x96, 0x64, 0x11, 0x96, 0x20, 0xD2, 0xC4, 0x60, - 0xE0, 0x46, 0x6A, 0x02, 0xB5, 0x21, 0x19, 0xB9, 0x81, 0x23, - 0x00, 0x22, 0x11, 0x37, 0x32, 0x19, 0xA4, 0x0D, 0x51, 0x96, - 0x89, 0x1B, 0x11, 0x11, 0xC3, 0x14, 0x88, 0x4C, 0x96, 0x0C, - 0x01, 0x13, 0x72, 0x83, 0x16, 0x12, 0x24, 0x38, 0x51, 0x40, - 0x34, 0x89, 0xD9, 0x26, 0x01, 0x54, 0x42, 0x8D, 0x00, 0xC1, - 0x85, 0x13, 0x14, 0x84, 0x82, 0x16, 0x25, 0x88, 0xB0, 0x51, - 0x11, 0x80, 0x30, 0x23, 0x25, 0x46, 0x04, 0x27, 0x66, 0x11, - 0x28, 0x30, 0xD4, 0x94, 0x84, 0x10, 0xA0, 0x8C, 0xC1, 0x36, - 0x0C, 0x14, 0x98, 0x28, 0x5B, 0x02, 0x90, 0xD9, 0x90, 0x31, - 0xD3, 0x28, 0x68, 0x23, 0x90, 0x80, 0x24, 0xC7, 0x84, 0xA1, - 0x00, 0x09, 0xC1, 0x36, 0x84, 0x58, 0xB6, 0x28, 0x4A, 0xB0, - 0x69, 0x08, 0x10, 0x51, 0x1C, 0xB6, 0x84, 0x83, 0x84, 0x81, - 0x03, 0x39, 0x90, 0x81, 0x42, 0x12, 0x13, 0xB4, 0x49, 0x0A, - 0x20, 0x09, 0x93, 0x22, 0x42, 0xD4, 0x26, 0x21, 0xA3, 0x32, - 0x89, 0x89, 0x84, 0x81, 0x0B, 0x02, 0x21, 0x64, 0x28, 0x90, - 0x89, 0xB2, 0x29, 0xE1, 0x36, 0x2C, 0x11, 0x30, 0x51, 0x21, - 0x83, 0x2C, 0x04, 0x36, 0x26, 0x61, 0x12, 0x8C, 0x19, 0x43, - 0x52, 0x89, 0x90, 0x88, 0x43, 0xB8, 0x71, 0x0C, 0x43, 0x09, - 0x84, 0x26, 0x6A, 0x50, 0x36, 0x20, 0x00, 0xC3, 0x68, 0x91, - 0x38, 0x0E, 0x12, 0x12, 0x52, 0x82, 0xC4, 0x4D, 0x64, 0x90, - 0x4D, 0x8C, 0x30, 0x22, 0x14, 0x26, 0x6E, 0x10, 0x46, 0x8E, - 0x58, 0x34, 0x46, 0x22, 0x97, 0x68, 0x02, 0x43, 0x61, 0x41, - 0x06, 0x01, 0x88, 0x42, 0x40, 0x08, 0x06, 0x6D, 0x80, 0x42, - 0x22, 0x84, 0x48, 0x89, 0xDB, 0x84, 0x90, 0xC0, 0x22, 0x71, - 0x43, 0x96, 0x45, 0x0A, 0xA3, 0x30, 0x12, 0x28, 0x44, 0x51, - 0x00, 0x52, 0x99, 0xA0, 0x8D, 0xC2, 0x28, 0x00, 0xC8, 0x18, - 0x6E, 0xA2, 0x40, 0x8E, 0x03, 0x47, 0x31, 0x61, 0x22, 0x41, - 0xD3, 0xB4, 0x01, 0x48, 0x14, 0x40, 0x4C, 0x06, 0x0C, 0x41, - 0x06, 0x2A, 0x5B, 0x90, 0x25, 0xCC, 0xC6, 0x41, 0xC3, 0x86, - 0x28, 0x99, 0x26, 0x50, 0x11, 0xC4, 0x8D, 0x8C, 0x30, 0x68, - 0x8C, 0x08, 0x0C, 0x50, 0x38, 0x86, 0xDC, 0x10, 0x92, 0xD4, - 0x18, 0x72, 0x02, 0xA8, 0x2C, 0x42, 0x82, 0x44, 0x53, 0x36, - 0x0E, 0x90, 0x32, 0x49, 0x84, 0x24, 0x09, 0x12, 0xA2, 0x41, - 0x82, 0x10, 0x4D, 0x01, 0xA0, 0x8C, 0x11, 0xB2, 0x80, 0x21, - 0x89, 0x69, 0x24, 0x21, 0x28, 0x02, 0x03, 0x6E, 0x49, 0x32, - 0x0C, 0x08, 0x88, 0x84, 0x91, 0x80, 0x10, 0x0C, 0x33, 0x12, - 0x43, 0x24, 0x8A, 0x82, 0x26, 0x10, 0x60, 0xC6, 0x60, 0x48, - 0xA2, 0x10, 0x12, 0x83, 0x24, 0x0B, 0x03, 0x40, 0xCA, 0x08, - 0x20, 0x99, 0x36, 0x86, 0x5B, 0x24, 0x41, 0x10, 0x87, 0x04, - 0x0C, 0x15, 0x04, 0x14, 0xB2, 0x68, 0x0B, 0x89, 0x29, 0x99, - 0x16, 0x8D, 0x00, 0x42, 0x00, 0x9B, 0x48, 0x44, 0x12, 0x45, - 0x6C, 0x0A, 0x25, 0x92, 0xC0, 0xC4, 0x00, 0x1A, 0xC8, 0x31, - 0x21, 0x26, 0x8A, 0x81, 0xA0, 0x2C, 0x11, 0x85, 0x65, 0x9A, - 0x08, 0x61, 0xD9, 0x22, 0x12, 0xCB, 0x36, 0x71, 0xA2, 0x08, - 0x0A, 0xE4, 0x06, 0x32, 0x19, 0x19, 0x4A, 0x1B, 0x34, 0x45, - 0x51, 0x06, 0x6E, 0x48, 0x02, 0x68, 0x13, 0xB7, 0x10, 0x44, - 0xC8, 0x85, 0x13, 0x81, 0x2C, 0xC4, 0x40, 0x45, 0x42, 0x98, - 0x21, 0x62, 0x18, 0x92, 0x9B, 0x44, 0x25, 0xA1, 0x06, 0x28, - 0x52, 0x82, 0x11, 0x44, 0x24, 0x32, 0x02, 0xC6, 0x80, 0x10, - 0x45, 0x4E, 0x22, 0x93, 0x0D, 0x44, 0x02, 0x68, 0x4A, 0x30, - 0x81, 0xC9, 0x94, 0x85, 0x08, 0x07, 0x08, 0x24, 0x39, 0x64, - 0xD2, 0x08, 0x22, 0xD0, 0xA0, 0x41, 0x81, 0x92, 0x91, 0x8C, - 0x24, 0x6A, 0xCA, 0x36, 0x32, 0x1C, 0x12, 0x45, 0x92, 0x94, - 0x80, 0x82, 0x86, 0x4C, 0xDA, 0xA2, 0x84, 0x98, 0x24, 0x49, - 0x0A, 0x13, 0x90, 0x1B, 0xC3, 0x01, 0x49, 0x28, 0x60, 0x08, - 0x21, 0x92, 0x0B, 0xB0, 0x20, 0x52, 0x90, 0x84, 0x8A, 0x32, - 0x11, 0x50, 0x28, 0x8C, 0x5B, 0x38, 0x2E, 0xDC, 0xB4, 0x08, - 0x12, 0x20, 0x84, 0xD1, 0x12, 0x22, 0x99, 0x08, 0x11, 0x19, - 0x95, 0x10, 0x80, 0x44, 0x6A, 0xE1, 0x12, 0x85, 0xCC, 0xB0, - 0x24, 0x23, 0x15, 0x4C, 0x63, 0x34, 0x68, 0x5C, 0xB6, 0x65, - 0x42, 0xC2, 0x4D, 0x20, 0x95, 0x84, 0x8A, 0x42, 0x00, 0x4C, - 0x24, 0x50, 0x98, 0x02, 0x6C, 0x21, 0x44, 0x84, 0x20, 0x85, - 0x21, 0x80, 0x48, 0x6C, 0x9C, 0x14, 0x86, 0x81, 0x86, 0x91, - 0x1C, 0x09, 0x04, 0xDC, 0xC6, 0x28, 0x09, 0x27, 0x30, 0x4B, - 0x02, 0x64, 0x44, 0x46, 0x30, 0x9C, 0xA2, 0x8C, 0x20, 0x11, - 0x68, 0x11, 0x24, 0x51, 0x0B, 0x02, 0x00, 0xD2, 0x82, 0x4D, - 0xC3, 0x80, 0x71, 0xE0, 0x48, 0x2C, 0x4A, 0x88, 0x50, 0xA0, - 0x20, 0x49, 0x4B, 0xB4, 0x31, 0x08, 0x12, 0x71, 0x90, 0xA2, - 0x89, 0xCA, 0x46, 0x85, 0x91, 0x96, 0x91, 0x8A, 0x30, 0x31, - 0x0B, 0xC2, 0x21, 0x61, 0x10, 0x49, 0x10, 0x99, 0x81, 0x53, - 0x36, 0x0C, 0x23, 0x81, 0x88, 0x62, 0x28, 0x0A, 0x12, 0x43, - 0x70, 0x02, 0xC7, 0x51, 0x14, 0x34, 0x88, 0x23, 0x84, 0x49, - 0x23, 0x86, 0x08, 0x0C, 0x28, 0x28, 0x94, 0xA0, 0x8D, 0x11, - 0x33, 0x60, 0xA3, 0x38, 0x6E, 0xC0, 0x42, 0x2E, 0x52, 0xB4, - 0x40, 0x0A, 0x25, 0x4D, 0x1C, 0x10, 0x2A, 0x9A, 0x96, 0x64, - 0x10, 0xC1, 0x60, 0x8C, 0x46, 0x60, 0x5A, 0x24, 0x89, 0x42, - 0x40, 0x86, 0xD0, 0x34, 0x89, 0x5C, 0x02, 0x02, 0x00, 0x34, - 0x21, 0x00, 0x24, 0x00, 0xA0, 0x20, 0x60, 0x03, 0xA6, 0x40, - 0xDC, 0x30, 0x80, 0x4B, 0xA8, 0x20, 0x0B, 0xA2, 0x24, 0xE2, - 0xB0, 0x89, 0xA2, 0xB2, 0x65, 0xD4, 0xA6, 0x68, 0x20, 0xA3, - 0x04, 0x4C, 0xC2, 0x11, 0x4A, 0x38, 0x24, 0x08, 0x17, 0x4D, - 0xE2, 0xA2, 0x00, 0x02, 0xC8, 0x00, 0x08, 0x00, 0x30, 0xA4, - 0xB6, 0x25, 0x5A, 0x30, 0x01, 0x40, 0x92, 0x4C, 0xC8, 0x44, - 0x92, 0x43, 0xC8, 0x60, 0xA3, 0x86, 0x84, 0x18, 0x04, 0x70, - 0x53, 0xB2, 0x40, 0x4C, 0x04, 0x84, 0x09, 0xC8, 0x48, 0x21, - 0x13, 0x31, 0x04, 0xA5, 0x0D, 0x90, 0x92, 0x88, 0xC1, 0x10, - 0x8D, 0xE0, 0x88, 0x28, 0x0B, 0x06, 0x84, 0x23, 0x22, 0x6C, - 0xDB, 0xB2, 0x05, 0xC8, 0x08, 0x6E, 0x93, 0x86, 0x4C, 0x0C, - 0x37, 0x86, 0xDA, 0x16, 0x51, 0x9B, 0x08, 0x32, 0x00, 0x91, - 0x45, 0xA4, 0x00, 0x2D, 0x14, 0x02, 0x0E, 0x60, 0x90, 0x4C, - 0x23, 0xB4, 0x09, 0x00, 0xA5, 0x81, 0x19, 0x21, 0x32, 0xC2, - 0x00, 0x02, 0x18, 0x10, 0x50, 0x08, 0xA2, 0x6D, 0x20, 0x31, - 0x6A, 0x90, 0x46, 0x90, 0x8B, 0x94, 0x30, 0x21, 0x44, 0x52, - 0x10, 0x19, 0x51, 0x94, 0xC0, 0x29, 0xC8, 0x20, 0x4E, 0x48, - 0xA6, 0x4C, 0x11, 0xC4, 0x64, 0xDC, 0x34, 0x10, 0x48, 0xC4, - 0x84, 0xCA, 0x46, 0x0C, 0x58, 0x12, 0x49, 0x0B, 0x16, 0x00, - 0x20, 0x42, 0x50, 0x04, 0x00, 0x46, 0xF8, 0x68, 0xB1, 0xA7, - 0x5E, 0xA7, 0xE6, 0xCE, 0xF5, 0x88, 0x8A, 0x5F, 0x79, 0xC9, - 0x3A, 0x5F, 0xF2, 0x7F, 0x5A, 0xED, 0xB4, 0xB4, 0x25, 0x44, - 0xD2, 0x7E, 0xED, 0xCE, 0x46, 0x40, 0xAC, 0xC2, 0x53, 0xD0, - 0xD3, 0xE7, 0xF6, 0x1C, 0xFA, 0x23, 0x4A, 0xB0, 0xEA, 0x32, - 0x91, 0xB7, 0xDA, 0x8B, 0x72, 0x35, 0xB7, 0x74, 0xD5, 0x9A, - 0x9B, 0x22, 0x3D, 0x49, 0x08, 0xBA, 0xD1, 0x7D, 0x9F, 0x64, - 0xD5, 0xAD, 0x7A, 0x37, 0xBD, 0x11, 0xD0, 0xA0, 0x7C, 0x53, - 0x05, 0x1A, 0x66, 0x6C, 0x5D, 0x42, 0x45, 0x55, 0x34, 0xC0, - 0x1F, 0xCA, 0xDB, 0x0D, 0x4F, 0x75, 0x95, 0x9F, 0x10, 0x9A, - 0x8D, 0x54, 0xCE, 0xC2, 0x5C, 0xF0, 0xCE, 0xBD, 0x39, 0x70, - 0xB0, 0x52, 0x2E, 0x4B, 0x11, 0x0D, 0x25, 0xD7, 0xE5, 0x4B, - 0xF1, 0xE3, 0x4F, 0xBE, 0xF2, 0x73, 0xA6, 0xDE, 0xB6, 0xC4, - 0x61, 0x71, 0xCC, 0x5C, 0xFE, 0x55, 0xF0, 0x50, 0xBA, 0x9C, - 0x18, 0x44, 0x13, 0xDD, 0xCB, 0x7A, 0xD2, 0xA2, 0xDC, 0xBF, - 0xF2, 0xC8, 0x84, 0xFF, 0x5B, 0xA7, 0xFA, 0x8D, 0x18, 0xF2, - 0x55, 0xD0, 0x3C, 0x4E, 0xB3, 0x77, 0x7C, 0x95, 0x91, 0x98, - 0x52, 0xF2, 0xB6, 0xCF, 0xFC, 0x45, 0xF4, 0x71, 0x62, 0x24, - 0xE2, 0x7B, 0xF7, 0x85, 0x08, 0x17, 0x6A, 0x62, 0xB4, 0xE9, - 0x08, 0x3E, 0xA1, 0xC6, 0x27, 0x8E, 0xB3, 0x26, 0xA5, 0x95, - 0x91, 0x84, 0xD0, 0xA0, 0xCD, 0xBF, 0x45, 0xD0, 0xE2, 0x26, - 0x65, 0x74, 0xD6, 0x49, 0x50, 0xF2, 0x6B, 0xAE, 0xF1, 0x8A, - 0x2A, 0x18, 0xDA, 0xF0, 0xAD, 0xE7, 0xF3, 0x0A, 0x0E, 0x33, - 0xA5, 0xCA, 0x11, 0x16, 0xCC, 0xD6, 0x81, 0x89, 0x83, 0x27, - 0x32, 0x97, 0x61, 0x48, 0x0D, 0x89, 0x3E, 0xB7, 0x7E, 0x02, - 0xC8, 0x96, 0x93, 0xFA, 0xD0, 0x1D, 0x76, 0xB4, 0xA4, 0x38, - 0x4C, 0xE3, 0xB4, 0x6F, 0xCE, 0x66, 0x90, 0x53, 0xDC, 0xCE, - 0xD6, 0x10, 0x16, 0x3E, 0xB8, 0xBD, 0xD9, 0x8C, 0xA9, 0x90, - 0x54, 0xAF, 0x86, 0x07, 0xB3, 0xC1, 0x82, 0xFB, 0x41, 0x61, - 0xB8, 0x6D, 0x8E, 0xA5, 0xA8, 0xEB, 0xE3, 0xC0, 0xCF, 0x51, - 0xAA, 0x94, 0x7A, 0x7F, 0x9C, 0x48, 0xA3, 0x40, 0x83, 0x33, - 0x22, 0x41, 0x61, 0x4C, 0xD4, 0x62, 0xD7, 0xC6, 0xC6, 0x5B, - 0xF3, 0x48, 0x42, 0xA7, 0x18, 0xD5, 0xAF, 0x05, 0xF6, 0x7A, - 0xF6, 0x6D, 0x82, 0xFF, 0x89, 0x68, 0x21, 0x13, 0x62, 0xA5, - 0x7E, 0xC9, 0x43, 0x03, 0x73, 0xF7, 0xD1, 0x01, 0x7D, 0xD9, - 0x13, 0x03, 0x9C, 0x99, 0x74, 0xD4, 0x92, 0x2E, 0xD1, 0xD3, - 0xCB, 0x53, 0x6C, 0xF9, 0xFE, 0xB4, 0x3D, 0x51, 0xF1, 0x63, - 0x42, 0x5B, 0xB2, 0x5D, 0x70, 0x03, 0xE5, 0x46, 0x5B, 0xC1, - 0xEB, 0x27, 0x11, 0x22, 0x15, 0x73, 0x6C, 0xF8, 0x51, 0x0A, - 0xFF, 0xD8, 0xFE, 0xB6, 0xE1, 0xBD, 0x42, 0xC0, 0x4C, 0xEB, - 0xCD, 0x1E, 0x3C, 0xD5, 0x7C, 0xEA, 0xC6, 0xD4, 0x34, 0xD2, - 0x8D, 0x99, 0xC4, 0x99, 0xA8, 0x8E, 0x9F, 0x60, 0xA8, 0xE8, - 0x7B, 0x1E, 0x7E, 0x50, 0x14, 0xAD, 0xFC, 0xDB, 0xA6, 0x00, - 0xE9, 0x00, 0x7A, 0x5A, 0xCD, 0x01, 0x26, 0xBB, 0x4E, 0x00, - 0x9E, 0xCC, 0xD3, 0x2D, 0x49, 0x1B, 0xB8, 0x60, 0x2C, 0x59, - 0x2A, 0x95, 0x8C, 0x92, 0x4D, 0x1A, 0x57, 0x3B, 0xEF, 0x6E, - 0xC4, 0x91, 0xE4, 0x99, 0x5E, 0xAE, 0x1B, 0xAF, 0x1E, 0x14, - 0x51, 0x38, 0x19, 0xBC, 0x33, 0x5C, 0x21, 0x4D, 0xAD, 0xA1, - 0x12, 0x17, 0xE6, 0xF5, 0x37, 0x98, 0xF6, 0xE6, 0x38, 0x4D, - 0x07, 0x80, 0x1D, 0xD8, 0x5E, 0xCC, 0x58, 0xDB, 0x7E, 0x3A, - 0x8F, 0x90, 0xDF, 0x9E, 0x80, 0xFB, 0xFC, 0x10, 0xEC, 0x7E, - 0x81, 0x53, 0x37, 0xC1, 0x66, 0xEE, 0xD7, 0x80, 0x0F, 0x0C, - 0xEB, 0xE8, 0x85, 0x2E, 0x37, 0x61, 0x8B, 0x9C, 0x63, 0xF6, - 0x27, 0x77, 0x16, 0x44, 0x61, 0x66, 0xC9, 0x79, 0x31, 0xDD, - 0xB4, 0x94, 0x9D, 0x8C, 0x8B, 0x1D, 0x28, 0xC2, 0x84, 0xC9, - 0x30, 0x71, 0xF4, 0x9E, 0xEF, 0x00, 0x2B, 0xA2, 0x9F, 0x38, - 0x65, 0xE6, 0xD1, 0x80, 0x26, 0x9B, 0xC4, 0xE8, 0x83, 0xCE, - 0x64, 0xD0, 0x8A, 0x9A, 0x1E, 0xEF, 0xA3, 0xB6, 0xD2, 0x0B, - 0x9C, 0x14, 0xF3, 0x08, 0xF1, 0x73, 0xD1, 0x34, 0xAE, 0x83, - 0xE7, 0x97, 0x5B, 0x97, 0x35, 0x0E, 0x35, 0xDC, 0x22, 0xD5, - 0xAA, 0xD1, 0xBC, 0xC7, 0x40, 0x20, 0xAD, 0x43, 0x36, 0x24, - 0x66, 0x7A, 0xB7, 0x1F, 0xF9, 0x1A, 0x1F, 0x37, 0xCE, 0xC2, - 0xFC, 0x98, 0xB1, 0x6A, 0x9A, 0x81, 0xD9, 0x4B, 0x53, 0x68, - 0xC5, 0xF3, 0xE6, 0x69, 0x76, 0xA6, 0x8B, 0x98, 0xFB, 0x84, - 0x2E, 0xD3, 0x4F, 0x77, 0xF9, 0x24, 0xF9, 0x13, 0x89, 0x8D, - 0xF6, 0x80, 0x2E, 0x0E, 0xA1, 0xCD, 0x90, 0x58, 0xCE, 0x63, - 0x36, 0x95, 0x8C, 0xF6, 0x68, 0xC3, 0x84, 0xF8, 0xB4, 0x5E, - 0x9E, 0x6C, 0x19, 0x32, 0x90, 0xA7, 0xD0, 0x2D, 0x47, 0x6B, - 0xCB, 0xAF, 0x85, 0x65, 0x92, 0x83, 0x11, 0x8E, 0xCC, 0x88, - 0xB1, 0x0B, 0xB8, 0x1E, 0x55, 0x4F, 0x18, 0x2A, 0xC4, 0x02, - 0xA8, 0x45, 0x6A, 0xCD, 0x75, 0x58, 0x6A, 0xAF, 0x83, 0x94, - 0x38, 0x1D, 0xA9, 0x09, 0x29, 0x1E, 0x0E, 0x43, 0xA9, 0x04, - 0x26, 0xF6, 0x1C, 0xC7, 0xCB, 0xC1, 0x10, 0xB9, 0x86, 0xC1, - 0xA2, 0xEC, 0x03, 0xDE, 0xF7, 0x53, 0x67, 0x2B, 0xDF, 0xEE, - 0xAF, 0xD2, 0xF2, 0xA8, 0xBD, 0xD9, 0x21, 0xCC, 0x8C, 0x72, - 0x02, 0x44, 0xF5, 0xA5, 0xED, 0x88, 0x5B, 0xAC, 0x5F, 0x5A, - 0x15, 0x81, 0xCC, 0x95, 0x15, 0x2E, 0x34, 0x72, 0x59, 0x6C, - 0x03, 0x36, 0x5E, 0x22, 0x7E, 0x3F, 0x65, 0xA6, 0x8C, 0x4F, - 0x89, 0xC1, 0xE7, 0x63, 0xB6, 0x1B, 0xE5, 0x41, 0xC7, 0xF8, - 0x96, 0xA4, 0x8F, 0x4F, 0x47, 0x59, 0x3E, 0x9D, 0x45, 0xCE, - 0xE4, 0x1B, 0xF1, 0x69, 0x0C, 0x39, 0x34, 0x16, 0x77, 0x6A, - 0xF5, 0xB5, 0x9E, 0x8B, 0x63, 0x86, 0x35, 0xFD, 0x4F, 0x2A, - 0x4B, 0x49, 0x21, 0x7C, 0xE3, 0xEA, 0x5C, 0xDE, 0x98, 0xE4, - 0x58, 0x32, 0x67, 0x98, 0xFC, 0x8F, 0xAB, 0x01, 0x0E, 0xA4, - 0x8B, 0x39, 0xA3, 0x55, 0x4C, 0x8E, 0x98, 0xBA, 0xCD, 0x3B, - 0xDB, 0x91, 0x8D, 0x94, 0x98, 0xBE, 0x37, 0x7B, 0xDB, 0x58, - 0xFC, 0xC1, 0x88, 0x7D, 0xD3, 0xBC, 0x8F, 0xB4, 0x7C, 0xB2, - 0xFE, 0x3E, 0x26, 0x36, 0x95, 0x7E, 0xDB, 0xD1, 0x38, 0x29, - 0xD9, 0xCF, 0x5D, 0x0E, 0xD1, 0xDF, 0x7F, 0xD1, 0x68, 0x04, - 0x70, 0x6F, 0x61, 0x39, 0x49, 0x44, 0xD2, 0x5C, 0x0C, 0xC3, - 0xD6, 0xF8, 0x1E, 0x96, 0x36, 0x43, 0x79, 0xB2, 0xE5, 0x1A, - 0xF1, 0x32, 0x03, 0xE1, 0x22, 0x45, 0x20, 0x1B, 0x36, 0x6A, - 0xB8, 0x62, 0xA5, 0xC5, 0x85, 0x8B, 0xED, 0x42, 0x69, 0xC6, - 0x30, 0x36, 0xA1, 0xF6, 0x22, 0x8D, 0x37, 0xD8, 0xE4, 0xBD, - 0x26, 0x8B, 0x89, 0xC2, 0xA9, 0x10, 0x82, 0xDD, 0x0C, 0x2D, - 0x04, 0x39, 0xB7, 0x59, 0x0B, 0x30, 0x2A, 0x6D, 0x84, 0x4A, - 0x74, 0xB9, 0x3F, 0xEA, 0xA5, 0x34, 0x76, 0xFA, 0xAD, 0x99, - 0xB0, 0xEF, 0xA0, 0xF1, 0x85, 0x3D, 0x00, 0x76, 0x00, 0xF8, - 0xFA, 0x1B, 0xAA, 0xB7, 0x5A, 0x62, 0x0E, 0xFD, 0xDC, 0x7A, - 0xCA, 0x18, 0x43, 0x32, 0x02, 0xB7, 0x20, 0x38, 0x0B, 0x50, - 0x4E, 0x57, 0xBF, 0x88, 0xBA, 0x09, 0xD3, 0x9D, 0x8B, 0x3A, - 0x88, 0x82, 0xD9, 0xC3, 0x60, 0x89, 0x10, 0xF5, 0x09, 0x61, - 0x72, 0x41, 0x83, 0xCB, 0x29, 0x38, 0xB3, 0x75, 0xD8, 0xBB, - 0x7E, 0x3F, 0x4A, 0x3C, 0x6B, 0xE5, 0xAE, 0xB7, 0x18, 0xC1, - 0x52, 0x3C, 0x8D, 0x8B, 0xF3, 0x8B, 0x84, 0x98, 0x3E, 0xE3, - 0x5F, 0x5B, 0x89, 0xB7, 0x07, 0x58, 0xD3, 0x7B, 0x84, 0x38, - 0x57, 0x3B, 0xF7, 0x59, 0x22, 0x6B, 0xA7, 0x31, 0x1D, 0xAF, - 0xBF, 0xFA, 0x15, 0x8B, 0xE0, 0x72, 0xFA, 0xCA, 0xB6, 0xC2, - 0xD6, 0x42, 0x43, 0x27, 0xF6, 0xAA, 0x3E, 0x5B, 0x07, 0x12, - 0x5C, 0xEF, 0xED, 0xCB, 0xDF, 0xAA, 0x5F, 0xF8, 0x77, 0xD0, - 0x8E, 0xC7, 0x03, 0x1E, 0x23, 0x5A, 0xF1, 0x3A, 0xA9, 0x10, - 0x6F, 0x05, 0x46, 0x04, 0x72, 0x63, 0xAC, 0xAE, 0x4B, 0x3D, - 0x1E, 0x2D, 0xC2, 0xE9, 0x38, 0x6A, 0xA9, 0x11, 0x1E, 0xE0, - 0xCA, 0x06, 0x7A, 0x5A, 0x45, 0xB2, 0x82, 0x0C, 0x10, 0xEB, - 0x0D, 0x10, 0x26, 0x74, 0xA5, 0x07, 0x1B, 0xBA, 0x61, 0xFD, - 0x8C, 0x73, 0xCB, 0x96, 0xFC, 0xF8, 0x98, 0x2D, 0x83, 0x12, - 0x0B, 0x6A, 0x9C, 0xA4, 0x70, 0x95, 0x4B, 0xD8, 0x11, 0x71, - 0x8F, 0x22, 0x89, 0xA2, 0x6A, 0x0A, 0xB0, 0x17, 0x93, 0x46, - 0x89, 0x60, 0x58, 0x2E, 0x1F, 0x3B, 0xE1, 0x6F, 0x49, 0x47, - 0xBC, 0x93, 0xD2, 0x14, 0x3D, 0xF2, 0x21, 0xA4, 0xFA, 0x1F, - 0x9D, 0x3F, 0x08, 0x40, 0x17, 0x77, 0x58, 0x7F, 0x65, 0xB4, - 0xFD, 0x01, 0x67, 0xF1, 0x62, 0x77, 0xD8, 0x6D, 0x46, 0x42, - 0x30, 0x52, 0x64, 0x4C, 0x76, 0x64, 0x7E, 0x09, 0xDD, 0x57, - 0x04, 0xB8, 0x4A, 0x7F, 0x8A, 0x68, 0xC3, 0x0D, 0xD9, 0xBE, - 0xF6, 0x61, 0x1C, 0x4D, 0x30, 0x80, 0x18, 0x83, 0xD6, 0x3F, - 0xB9, 0x58, 0x52, 0x20, 0xB9, 0x60, 0xEA, 0x22, 0xD0, 0xD0, - 0x61, 0x1A, 0x3B, 0x32, 0x69, 0x35, 0x8B, 0x22, 0x6E, 0x27, - 0x2E, 0xE2, 0x6D, 0xBA, 0xC7, 0x17, 0x02, 0xDA, 0x83, 0x22, - 0x5C, 0x31, 0x60, 0xD6, 0x78, 0x78, 0xBF, 0x0B, 0xEE, 0xD4, - 0x68, 0x32, 0xAE, 0x17, 0x80, 0x04, 0x7F, 0xD9, 0xA9, 0xA0, - 0xC9, 0xB7, 0x98, 0xEE, 0x9C, 0x8C, 0x61, 0x70, 0xBB, 0x2F, - 0x10, 0x39, 0x3E, 0xCC, 0x6E, 0xC8, 0x0A, 0x0F, 0xA2, 0x1E, - 0x31, 0x01, 0x75, 0x1E, 0x41, 0x9E, 0x63, 0x14, 0xC2, 0x3A, - 0xD9, 0x1A, 0x8B, 0x52, 0x0D, 0xFD, 0xDC, 0xE6, 0x23, 0x35, - 0xF1, 0x17, 0xE4, 0xA6, 0xDB, 0xAC, 0x3F, 0x67, 0x59, 0x02, - 0x8E, 0x20, 0x6F, 0x55, 0x69, 0xF8, 0x16, 0xFC, 0x33, 0x53, - 0xCA, 0xE8, 0x4E, 0x3F, 0xA4, 0x5C, 0xA6, 0xA4, 0x95, 0xCD, - 0xB7, 0x9D, 0x14, 0x79, 0xAE, 0x82, 0xF8, 0x2F, 0xE2, 0x13, - 0x0D, 0xDE, 0x75, 0x19, 0xA4, 0x0C, 0x32, 0x83, 0xD0, 0x14, - 0x35, 0xE7, 0x77, 0xD0, 0x18, 0x9C, 0xEF, 0xCC, 0xD5, 0xDA, - 0x39, 0x3B, 0xFF, 0x11, 0x39, 0x20, 0x3D, 0x5A, 0xB1, 0x16, - 0x2A, 0x57, 0x6B, 0x27, 0xC1, 0xB6, 0x69, 0xB5, 0x9B, 0x78, - 0x6F, 0x6B, 0x8A, 0xEF, 0x3F, 0x8F, 0xB8, 0x37, 0xBF, 0xCA, - 0x2D, 0x27, 0x25, 0x12, 0xC9, 0x81, 0x3A, 0x4C, 0x1A, 0x94, - 0xDF, 0x6D, 0x27, 0xF8, 0x85, 0x26, 0xA0, 0x88, 0x56, 0x7B, - 0x62, 0x5E, 0x84, 0xCF, 0x84, 0xAB, 0x81, 0xA3, 0xD4, 0xEB, - 0xE9, 0x85, 0x96, 0xED, 0x27, 0x42, 0xF6, 0x86, 0x28, 0xF1, - 0x8C, 0x69, 0x81, 0xD9, 0xAC, 0x1E, 0x9F, 0x12, 0xA4, 0x9E, - 0x78, 0xC5, 0x2E, 0x07, 0x66, 0xFF, 0x2F, 0xED, 0x93, 0xD2, - 0x62, 0x30, 0x30, 0x81, 0xE5, 0x76, 0x7A, 0x2A, 0x8E, 0xF3, - 0xC0, 0x21, 0x9C, 0xE8, 0xE3, 0x51, 0x4F, 0xDA, 0x96, 0xCF, - 0x6A, 0x0A, 0xC9, 0x90, 0x64, 0x93, 0x70, 0xE2, 0xAD, 0x6E, - 0x17, 0x06, 0x5E, 0xBD, 0x5C, 0x40, 0x4B, 0x43, 0x78, 0x1F, - 0x40, 0x55, 0x36, 0xBD, 0x2B, 0xD6, 0x92, 0x88, 0x02, 0xAA, - 0x3E, 0xDF, 0x3B, 0xC9, 0x90, 0x69, 0x28, 0xE6, 0xE1, 0x7D, - 0xBD, 0x2A, 0xC1, 0x6F, 0x70, 0x6D, 0xB8, 0x1A, 0xAD, 0x66, - 0x4F, 0x78, 0xF7, 0x00, 0x57, 0xED, 0xA8, 0xC3, 0x87, 0x8A, - 0x27, 0x2E, 0xFC, 0xC4, 0x37, 0xB9, 0xED, 0xAE, 0x06, 0x05, - 0x19, 0x60, 0x53, 0x85, 0x54, 0x83, 0x52, 0xEC, 0xBF, 0xA5, - 0x79, 0xFC, 0x18, 0xC3, 0xD8, 0x98, 0xC5, 0xD8, 0x81, 0x78, - 0x4F, 0xDA, 0x24, 0xAD, 0x6F, 0xF4, 0x78, 0x56, 0x79, 0x9F, - 0x5D, 0xE3, 0x6D, 0x35, 0x93, 0xEA, 0xA8, 0xB5, 0x44, 0x1A, - 0xDA, 0x87, 0xBD, 0x06, 0x4D, 0xFF, 0x35, 0x2A, 0x76, 0x51, - 0xD3, 0xC2, 0x73, 0x20, 0x93, 0x33, 0xC0, 0xEA, 0x88, 0xA0, - 0xCD, 0xE1, 0xEA, 0x79, 0x86, 0x32, 0xA7, 0xCE, 0xBA, 0x73, - 0xE9, 0x82, 0x32, 0x64, 0x88, 0x44, 0x66, 0x8A, 0x8C, 0xCB, - 0xF1, 0xDB, 0x42, 0x91, 0x3E, 0x78, 0x3A, 0x77, 0xEB, 0x4C, - 0xFD, 0xFE, 0x43, 0xD8, 0xEA, 0x9E, 0xED, 0x19, 0xAD, 0xA8, - 0x64, 0x1A, 0x12, 0xC3, 0x81, 0x75, 0xA0, 0x61, 0xAF, 0x4F, - 0x71, 0x25, 0x94, 0x76, 0x31, 0x9A, 0xF6, 0x14, 0x3F, 0x6D, - 0x36, 0xC0, 0x2F, 0x52, 0x3B, 0x4B, 0xCB, 0x2B, 0xCF, 0xB8, - 0x70, 0x19, 0x0D, 0x15, 0x1A, 0xF9, 0x48, 0xA8, 0x3A, 0x55, - 0xAF, 0x18, 0x66, 0x50, 0xC8, 0x32, 0x97, 0x43, 0x1E, 0x9F, - 0x8B, 0x66, 0xC1, 0x2E, 0x37, 0x69, 0xB8, 0x97, 0xF9, 0x6A, - 0x1E, 0x69, 0xBA, 0x5C, 0xEC, 0x6F, 0xFD, 0x99, 0x71, 0xB8, - 0xC4, 0x05, 0xB9, 0xB9, 0xE6, 0x4D, 0xA7, 0x01, 0x2D, 0xEB, - 0x26, 0x23, 0x40, 0x4D, 0x79, 0x1B, 0xE4, 0xD9, 0xAB, 0x9F, - 0xE9, 0x9B, 0x35, 0x78, 0xC0, 0x32, 0x8E, 0xF7, 0x5F, 0x7E, - 0xB5, 0x56, 0xD2, 0xA1, 0x35, 0x81, 0x72, 0xD2, 0x6A, 0x0A, - 0xC9, 0x6D, 0x0D, 0xDB, 0x2B, 0xA4, 0x02, 0x92, 0x76, 0x26, - 0xAF, 0x36, 0x27, 0x01, 0xDF, 0xA5, 0x5B, 0x09, 0x97, 0x06, - 0x5E, 0x80, 0xB0, 0x32, 0xFC, 0x1F, 0x72, 0x4E, 0x93, 0x2F, - 0x12, 0xF3, 0xA2, 0x60, 0x19, 0x74, 0x69, 0x03, 0x8B, 0x7D, - 0x6B, 0x2C, 0xE9, 0x54, 0x91, 0xF1, 0x3F, 0x2B, 0xF1, 0x65, - 0x71, 0x0B, 0x24, 0xEF, 0xCC, 0xB8, 0x79, 0x8E, 0x9B, 0x03, - 0xC1, 0xFF, 0xAC, 0xF0, 0x04, 0xEA, 0x92, 0xA3, 0x86, 0x64, - 0x6B, 0x63, 0x43, 0xA6, 0xC3, 0xCB, 0x43, 0xBE, 0xB0, 0xA9, - 0x11, 0x1B, 0x74, 0xC0, 0x87, 0x61, 0x5C, 0xDB, 0xF4, 0xA3, - 0x0E, 0xA6, 0x36, 0xEE, 0x41, 0x7F, 0xA8, 0xA6, 0xDF, 0x1B, - 0x05, 0xAE, 0x77, 0x90, 0x6A, 0xD4, 0x5B, 0x8E, 0x27, 0xE2, - 0xC0, 0x3E, 0x99, 0xAB, 0xFD, 0xFE, 0x6B, 0x71, 0xB4, 0x22, - 0x77, 0x7A, 0xB0, 0x43, 0x8B, 0x81, 0x33, 0x4D, 0x51, 0xD4, - 0xAB, 0xD9, 0xA0, 0x7C, 0xA7, 0x8A, 0x39, 0x92, 0x45, 0x39, - 0xAC, 0x54, 0x13, 0x6E, 0xA5, 0x22, 0x28, 0xC8, 0xAD, 0x3D, - 0xB1, 0xB2, 0xF3, 0x6B, 0xF6, 0x51, 0x17, 0xA3, 0x37, 0xE9, - 0xC9, 0x94, 0x54, 0xD7, 0x64, 0xC6, 0x04, 0xE7, 0xFA, 0x93, - 0xC1, 0xFA, 0xBA, 0xCA, 0x21, 0x1B, 0xF0, 0x6C, 0x99, 0x22, - 0x52, 0x53, 0xEF, 0xC2, 0xA2, 0x19, 0xB3, 0xCA, 0xF5, 0x30, - 0xC1, 0xD1, 0x24, 0x7F, 0x3A, 0x28, 0x8F, 0xAA, 0x70, 0xD2, - 0xBB, 0x7A, 0xF5, 0x8A, 0x23, 0x57, 0xE9, 0x79, 0x00, 0xF4, - 0x1C, 0x1D, 0xB1, 0x42, 0x0C, 0x53, 0x99, 0x7B, 0x99, 0x68, - 0x6E, 0x71, 0xD9, 0xD4, 0xE9, 0xC1, 0xA7, 0x5B, 0x05, 0xA7, - 0x6F, 0xF2, 0xE7, 0x11, 0x3B, 0x70, 0x5F, 0x11, 0x98, 0xBE, - 0xB5, 0xF8, 0x78, 0x5F, 0x5C, 0x19, 0xAC, 0x92, 0x4D, 0x18, - 0x0D, 0x7B, 0x6F, 0x8C, 0x90, 0xAB, 0x6B, 0x32, 0x3D, 0x51, - 0x11, 0xBC, 0x80, 0xC4, 0xCF, 0x4A, 0xF4, 0x7F, 0xCC, 0x68, - 0x92, 0x76, 0xF7, 0x9D, 0xF7, 0x07, 0x44, 0x8C, 0xB5, 0x4D, - 0x53, 0x7E, 0xE2, 0x58, 0x42, 0xB5, 0x8E, 0xB3, 0xC7, 0x0C, - 0x2F, 0xCA, 0x77, 0x2D, 0x56, 0x84, 0xCA, 0x98, 0x05, 0x09, - 0x43, 0xA9, 0x0E, 0x92, 0x4B, 0x57, 0x27, 0x46, 0x31, 0xF0, - 0xE3, 0xA4, 0x48, 0xD9, 0x42, 0x51, 0x32, 0xF0, 0x70, 0xA1, - 0x72, 0xA9, 0x2B, 0x1D, 0xB1, 0x2A, 0x09, 0x96, 0xAE, 0x3E, - 0x83, 0x41, 0x7B, 0x9B, 0x28, 0x6E, 0x85, 0xB7, 0xAD, 0x7F, - 0x10, 0xA3, 0x54, 0xBF, 0x24, 0xB6, 0xFB, 0x6D, 0xA5, 0x9F, - 0xE6, 0xBB, 0x33, 0x8A, 0x04, 0x83, 0x53, 0xFB, 0xB9, 0x79, - 0xF7, 0x76, 0xC9, 0x43, 0xC7, 0xE4, 0xB5, 0xE7, 0x19, 0x56, - 0x72, 0x55, 0xAC, 0x1D, 0xA8, 0xE4, 0xD8, 0x0C, 0x66, 0x15, - 0x7F, 0x17, 0x08, 0xB9, 0x33, 0x4B, 0x9C, 0x84, 0xDA, 0x49, - 0x9F, 0x1B, 0x42, 0x85, 0x0F, 0x4B, 0xC0, 0x70, 0x35, 0x23, - 0x34, 0xD9, 0x3C, 0x76, 0xF9, 0x22, 0x5C, 0x1A, 0xE9, 0x81, - 0xE5, 0x31, 0xA3, 0xF1, 0xB7, 0x7F, 0xE2, 0x75, 0x42, 0x27, - 0x82, 0xC7, 0xBA, 0x68, 0x20, 0x0E, 0xAC, 0xD0, 0x32, 0x28, - 0xB5, 0x99, 0x71, 0xBA, 0x48, 0x2C, 0x95, 0xA5, 0xC8, 0x65, - 0x2E, 0x19, 0x70, 0xAD, 0x12, 0x3A, 0xAD, 0x83, 0x87, 0x15, - 0xA7, 0xEA, 0x9D, 0x6E, 0x11, 0x94, 0x95, 0x23, 0x51, 0xDA, - 0x5F, 0x67, 0xBD, 0xDD, 0xA7, 0xF9, 0xF8, 0x76, 0xE4, 0x3C, - 0x83, 0x0A, 0xAB, 0xBE, 0x6A, 0xB0, 0xC5, 0xA8, 0xBE, 0xD9, - 0xDD, 0xBC, 0x4E, 0xA6, 0xCF, 0x91, 0xB3, 0x42, 0x30, 0x96, - 0x8E, 0x45, 0xC6, 0x1F, 0x55, 0x6B, 0x2C, 0x0A, 0xBC, 0x9F, - 0x69, 0x65, 0x98, 0x34, 0x95, 0x6A, 0x1E, 0x86, 0x78, 0x8B, - 0x26, 0x4F, 0x05, 0x76, 0x03, 0x22, 0xCB, 0x72, 0xF1, 0xD0, - 0x1A, 0x64, 0x19, 0xC7, 0x21, 0x5C, 0x51, 0xD0, 0x6C, 0x0B, - 0xDA, 0xB9, 0x67, 0x7A, 0x83, 0xC3, 0x1E, 0x16, 0x27, 0x4A, - 0x00, 0x5F, 0xBA, 0x0E, 0x45, 0x81, 0x6E, 0xE7, 0x5B, 0x5A, - 0x8F, 0x0D, 0x6D, 0x47, 0xB1, 0x30, 0xA7, 0x42, 0x1E, 0xA9, - 0x8A, 0x27, 0x4A, 0xB0, 0x60, 0x2F, 0xA9, 0x12, 0x42, 0xD6, - 0x7F, 0x10, 0x01, 0xF3, 0x59, 0xD2, 0x40, 0x11, 0x19, 0x92, - 0xFE, 0x80, 0x25, 0x1B, 0x60, 0xDC, 0x02, 0x7B, 0x10, 0x45, - 0x17, 0x66, 0x70, 0xB9, 0x64, 0x4A, 0xBA, 0xAD, 0xBF, 0x55, - 0x7C, 0xB3, 0xD8, 0x18, 0x6D, 0x16, 0x53, 0xED, 0x89, 0xE5, - 0xD2, 0x50, 0xFA, 0xA8, 0xFE, 0x74, 0x67, 0xC4, 0x35, 0x4C, - 0xC4, 0xBE, 0x52, 0x9A, 0x8E, 0xBB, 0xB6, 0xE0, 0xAF, 0x52, - 0x57, 0x3D, 0x99, 0x79, 0x10, 0xB8, 0xE6, 0xAB, 0x24, 0x9E, - 0x75, 0xC2, 0x2A, 0xFB, 0xDB, 0xF8, 0xE0, 0x02, 0xCB, 0x49, - 0x56, 0x52, 0x6B, 0x8C, 0xFA, 0x8E, 0xCF, 0xFA, 0x18, 0x50, - 0xDD, 0x98, 0x49, 0xEC, 0xA8, 0x08, 0x6C, 0x60, 0xC0, 0x68, - 0xBF, 0x7B, 0x49, 0xB4, 0xE6, 0x49, 0x59, 0x6E, 0x65, 0x0E, - 0x41, 0xEA, 0x64, 0xC8, 0xD3, 0x1A, 0x9F, 0x39, 0xAE, 0xEB, - 0x3C, 0x88, 0xFB, 0x40, 0xDC, 0xB8, 0x07, 0x82, 0x56, 0x01, - 0xAC, 0x04, 0x0B, 0x6B, 0x0B, 0x15, 0xAA, 0x4F, 0xD2, 0x04, - 0xF3, 0x65, 0xCD, 0xF7, 0x32, 0xB1, 0x95, 0xC4, 0x91, 0xB8, - 0x63, 0x02, 0x26, 0x47, 0x1D, 0x6E, 0x6D, 0xCF, 0x3D, 0x39, - 0x3D, 0xDC, 0x18, 0x33, 0xD8, 0xF5, 0x8C, 0xB0, 0x69, 0x53, - 0x48, 0x86, 0x14, 0x50, 0xA3, 0x65, 0xEE, 0x2C, 0x2F, 0x72, - 0xF7, 0x43, 0xE7, 0xEA, 0xA0, 0x3E, 0x3C, 0x30, 0x33, 0xD9, - 0x1D, 0x6E, 0x5D, 0xCB, 0xE1, 0xE0, 0x8D, 0x95, 0xD2, 0x58, - 0x8D, 0xD5, 0xB3, 0x1C, 0x22, 0x28, 0x6A, 0xBB, 0xB3, 0x09, - 0xB1, 0x91, 0x60, 0xE2, 0xC6, 0x48, 0x11, 0xF0, 0x49, 0xB6, - 0xE9, 0xEF, 0x4B, 0xC6, 0xDB, 0xB1, 0xBF, 0x6C, 0xB2, 0x92, - 0x5C, 0x65, 0x91, 0x67, 0x81, 0x9C, 0x71, 0x5A, 0x2C, 0xFE, - 0xC8, 0xF9, 0xF5, 0x96, 0x7D, 0x3E, 0xBB, 0x7F, 0xEF, 0xF7, - 0xBF, 0xF8, 0xAC, 0xCF, 0xA6, 0x6F, 0x28, 0x9C, 0x09, 0x65, - 0x8F, 0xF7, 0xDC, 0xEF, 0x3E, 0x4B, 0xCD, 0x6D, 0x97, 0xD3, - 0xCC, 0x9C, 0xF7, 0xF2, 0x4C, 0xE6, 0x64, 0x31, 0xE8, 0x1E, - 0xDE, 0x56, 0xAE, 0xA6, 0x04, 0xFB, 0xED, 0x2E, 0x3F, 0x23, - 0x7D, 0xBC, 0x6D, 0xCC, 0x4B, 0xD4, 0x9E, 0x06, 0x83, 0xE1, - 0x95, 0xAE, 0xC4, 0xAA, 0x6E, 0xFF, 0x9E, 0x1C, 0xB9, 0x07, - 0x60, 0x6D, 0xD5, 0x09, 0x06, 0x30, 0x0C, 0x3F, 0xB5, 0xE8, - 0x8B, 0x01, 0x94, 0x1B, 0x84, 0xE9, 0xB7, 0x37, 0x03, 0xA7, - 0xAF, 0x4B, 0x63, 0x3F, 0xD2, 0x57, 0xBB, 0xB8, 0xBF, 0xE2, - 0x53, 0x4F, 0xA1, 0x9E, 0xC7, 0x4C, 0xDA, 0x89, 0x25, 0x0E, - 0x7E, 0xC9, 0x44, 0x7F, 0x4C, 0x02, 0x7F, 0xA4, 0x08, 0xEC, - 0x7F, 0x44, 0xEA, 0xF7, 0xCF, 0x1B, 0x19, 0xFA, 0x6A, 0x0A, - 0x3E, 0xE1, 0xF4, 0x78, 0xDF, 0x93, 0xAB, 0x86, 0x9E, 0xE1, - 0x31, 0xBF, 0x70, 0x20, 0x8B, 0x87, 0xCE, 0xFC, 0x84, 0x03, - 0x8D, 0xF1, 0x25, 0xE6, 0x88, 0x30, 0x79, 0x63, 0xAF, 0x5C, - 0x3B, 0x84, 0xA9, 0xB8, 0x89, 0xB4, 0x23, 0x58, 0x78, 0xF9, - 0xAB, 0x76, 0x1B, 0x20, 0x56, 0xDB, 0x9E, 0xFE, 0x59, 0x29, - 0xB9, 0x8C, 0xD7, 0x4E, 0xA4, 0x5C, 0x7F, 0x40, 0xA8, 0xEB, - 0x0D, 0x90, 0xBA, 0x30, 0x68, 0x5E, 0x9C, 0x90, 0xBE, 0xD4, - 0x43, 0x4B, 0x67, 0x27, 0xE7, 0x7D, 0x06, 0xB8, 0xF0, 0x96, - 0xEF, 0xF4, 0x47, 0x5F, 0x8E, 0xCA, 0x46, 0x85, 0x3C, 0x94, - 0x9E, 0xDE, 0x09, 0x40, 0x45, 0xB3, 0x69, 0xF1, 0x8F, 0x90, - 0xF5, 0x5C, 0x22, 0x69, 0xBF, 0x5F, 0x11, 0x66, 0xD9, 0xDC, - 0x37, 0x6A, 0x2C, 0xAF, 0x72, 0x66, 0xC8, 0x28, 0xEA, 0x59, - 0x71, 0xB1, 0x7F, 0x10, 0xA5, 0xBC, 0x42, 0x99, 0xF6, 0xD6, - 0xB4, 0xC4, 0x18, 0x49, 0x72, 0x37, 0xF3, 0xCD, 0x01, 0xD6, - 0xAB, 0x2A, 0xFE, 0x1A, 0xBC, 0x52, 0x15, 0x38, 0x30, 0xF2, - 0x4F, 0xC0, 0xD3, 0x5B, 0x91, 0x5A, 0x55, 0xD1, 0x82, 0x5A, - 0x50, 0xE8, 0x16, 0x8C, 0x3D, 0xC8, 0x97, 0x3D, 0x2A, 0xA9, - 0xF3, 0xEA, 0x48, 0x57, 0x51, 0x29, 0xB0, 0x81, 0x4D, 0x6B, - 0x69, 0xFE, 0xF8, 0xA8, 0xE0, 0x5F, 0xF4, 0x98, 0xBE, 0x3D, - 0x39, 0xB6, 0x10, 0x3E, 0x70, 0x16, 0x60, 0x46, 0xA1, 0x74, - 0x5C, 0xF5, 0x53, 0x24, 0xF4, 0x56, 0x33, 0x97, 0x18, 0xB6, - 0x4A, 0x91, 0xE1, 0xF4, 0x36, 0x11, 0x80, 0xCF, 0xDE, 0xE3, - 0x7C, 0x8C, 0x27, 0xC9, 0x29, 0xA6, 0xCC, 0xA2, 0xE3, 0x61, - 0xED, 0x46, 0x10, 0x0D, 0x43, 0x1D, 0x63, 0xB2, 0x4B, 0xC0, - 0xFF, 0x79, 0x2D, 0x6D, 0xD1, 0x0E, 0xD4, 0x73, 0x24, 0xE2, - 0xFE, 0x07, 0x15, 0xC4, 0xB3, 0xFC, 0xDA, 0x14, 0x44, 0x81, - 0x89, 0xA9, 0x16, 0xEF, 0x8C, 0x60, 0xEE, 0x2D, 0xBC, 0x81, - 0xF1, 0xD8, 0xE1, 0x37, 0x5D, 0xC0, 0xD2, 0xA5, 0x8C, 0xF9, - 0xAF, 0xAA, 0xBE, 0xF6, 0x46, 0x65, 0xEB, 0x53, 0x97, 0x2F, - 0xDA, 0x28, 0x66, 0x29, 0x67, 0x1F, 0x1F, 0x0A, 0x61, 0x61, - 0x66, 0x61, 0xF2, 0xA7, 0x1F, 0x1C, 0x30, 0x1F, 0xDD, 0xDE, - 0xAB, 0xC7, 0x6C, 0x1C, 0xED, 0xC8, 0xDC, 0x09, 0xBA, 0xF9, - 0x93, 0x76, 0x4C, 0xCC, 0xAE, 0xF5, 0x2D, 0xA4, 0xAB, 0x3F, - 0xA0, 0x42, 0x4E, 0x8F, 0x28, 0x87, 0xE1, 0x64, 0xCA, 0xF4, - 0xB6, 0xAC, 0x39, 0x1E, 0x1C, 0xF2, 0x69, 0xFF, 0x30, 0x3B, - 0x2F, 0x5C, 0xB2, 0x82, 0xD8, 0x28, 0x2D, 0xA8, 0x2C, 0xDA, - 0x6D, 0x76, 0x38, 0xFC, 0x50, 0x6F, 0xA4, 0xB9, 0x52, 0x9F, - 0xD5, 0xFA, 0x94, 0xDC, 0x54, 0xED, 0xD9, 0x10, 0x6F, 0xDA, - 0x7E, 0x5E, 0x8A, 0xFB, 0xB3, 0x68, 0xD0, 0xD1, 0x25, 0x77, - 0x7E, 0x8B, 0x91, 0x68, 0x4E, 0xF4, 0x74, 0x99, 0x77, 0xB8, - 0x5C, 0xCE, 0xCC, 0x3D, 0x54, 0xA8, 0xD8, 0x4F, 0x01, 0x30, - 0x37, 0xB0, 0x82, 0x42, 0xB9, 0xB1, 0xBF, 0x83, 0xC8, 0xB6, - 0x40, 0x7F, 0xF2, 0xD8, 0x3C, 0xBD, 0x63, 0xCB, 0x23, 0x34, - 0xA4, 0xFB, 0x4C, 0xE0, 0x8B, 0x85, 0xA4, 0xA9, 0x7B, 0xA4, - 0x78, 0x86, 0xD4, 0xE9, 0x68, 0xA4, 0x40, 0x8D, 0xBC, 0x56, - 0x44, 0x8B, 0x24, 0x80, 0x6B, 0xC1, 0x84, 0xEC, 0xB3, 0x70, - 0x01, 0x0A, 0xFE, 0xED, 0x7D, 0xD9, 0x7E, 0xAB, 0x89, 0xDB, - 0xE3, 0x90, 0x5C, 0x6A, 0x75, 0x8E, 0x16, 0xF2, 0x0A, 0xFE, - 0x9E, 0x08, 0xC8, 0xB2, 0x35, 0x3C, 0xC3, 0x20, 0x29, 0xD4, - 0x8A, 0xA6, 0x58, 0x25, 0x43, 0x9B, 0x27, 0xAE, 0xBF, 0xC7, - 0x50, 0x82, 0x9F, 0x04, 0x88, 0x4C, 0xB0, 0x4E, 0x38, 0xA5, - 0x84, 0xC1, 0xBA, 0x6A, 0xA7, 0x16, 0x85, 0x76, 0xF5, 0x21, - 0x15, 0x3F, 0x00, 0x2C, 0x0A, 0xBD, 0x18, 0x66, 0x0C, 0xD1, - 0x46, 0x33, 0x1A, 0xF3, 0x85, 0x34, 0x68, 0x49, 0x05, 0x10, - 0x85, 0xF9, 0x61, 0xD6, 0xB6, 0x97, 0xFC, 0xAA, 0x2C, 0xBC, - 0xF1, 0x75, 0xF3, 0xFC, 0x57, 0x20, 0x54, 0xF2, 0x02, 0x5E, - 0xAB, 0xDD, 0x19, 0x31, 0xAB, 0x97, 0x5F, 0x11, 0x4F, 0xCE, - 0x4F, 0xB9, 0xBB, 0xA2, 0x01, 0x51, 0x48, 0x5A, 0x2C, 0x52, - 0xAD, 0x58, 0x00, 0x22, 0x41, 0x4D, 0x24, 0x68, 0x9F, 0xD9, - 0x13, 0x5C, 0x55, 0x0A, 0x62, 0xAD, 0x3E, 0x29, 0x86, 0x34, - 0x3B, 0x2D, 0x34, 0xBE, 0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C, - 0x30, 0x56, 0x65, 0x04, 0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88, - 0x4C, 0x38, 0x64, 0x86, 0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63, - 0xC1, 0x87, 0x24, 0x39, 0xFB, 0xC0, 0xC2, 0x6B, 0x57, 0xB3, - 0xA9, 0x7C, 0x21, 0xD7, 0x17, 0xB5, 0x23, 0x89, 0x8B, 0x9A, - 0x53, 0xC6, 0x26, 0xD6, 0xC1, 0xD8, 0x3B, 0xD2, 0x30, 0x0B, - 0x30, 0x76, 0xB3, 0x21, 0x2B, 0xCF, 0x64, 0xB8, 0xCD, 0x8C, - 0xB9, 0x33, 0x73, 0xA5, 0x19, 0x5C, 0xBB, 0x4A, 0x6F, 0x9E, - 0xA7, 0x62, 0x61, 0x1C, 0x32, 0xBB, 0x3E, 0x1B, 0x8A, 0xAC, - 0xE5, 0xE1, 0xA9, 0xDD, 0x50, 0xFB, 0x3B, 0xCF, 0xB6, 0x49, - 0x7B, 0xED, 0x1A, 0x7E, 0x8E, 0x73, 0xAE, 0x8B, 0x31, 0x06, - 0x11, 0xC4, 0x84, 0x4C, 0xCA, 0x6D, 0x5A, 0x79, 0x50, 0x2E, - 0x66, 0x90, 0x0A, 0x13, 0x86, 0x15, 0x78, 0x06, 0xAD, 0x5D, - 0x8C, 0x5E, 0xC8, 0x73, 0xB0, 0x82, 0xFB, 0x03, 0xE6, 0x30, - 0xE7, 0x0B, 0x99, 0xF0, 0xD9, 0x8C, 0x2C, 0xFA, 0x34, 0xAB, - 0x8B, 0xDD, 0x06, 0x2F, 0x39, 0xE0, 0x53, 0x37, 0x61, 0x3D, - 0xC3, 0x77, 0x4C, 0x9F, 0x66, 0x95, 0x81, 0x94, 0x0A, 0xE5, - 0xCE, 0x59, 0xA1, 0x83, 0x5C, 0x77, 0xBD, 0xF5, 0xAD, 0xE2, - 0x9C, 0x10, 0x64, 0x22, 0xAD, 0x99, 0x02, 0x3F, 0x6A, 0xB2, - 0x96, 0x2C, 0xF3, 0x21, 0xEB, 0x5A, 0x7D, 0xFC, 0x02, 0x9B, - 0x53, 0x94, 0xB1, 0x88, 0x3E, 0x07, 0x78, 0x31, 0x8F, 0xDF, - 0xDA, 0xAF, 0xB7, 0x55, 0xC9, 0x30, 0x74, 0x61, 0xD1, 0x75, - 0x15, 0xF1, 0x29, 0xB0, 0x8B, 0xD9, 0x19, 0xB3, 0x2E, 0x8C, - 0x3C, 0x4C, 0xED, 0x22, 0x0B, 0x07, 0xEC, 0xA8, 0x2B, 0x26, - 0xBA, 0x2A, 0xE3, 0xEB, 0x91, 0x2C, 0xDF, 0x28, 0xFD, 0xE3, - 0x12, 0x6D, 0xA8, 0x8C, 0xA9, 0xA0, 0x18, 0xAE, 0x18, 0xC4, - 0x05, 0x53, 0xF6, 0xF7, 0x69, 0xEF, 0xBB, 0xF8, 0xFF, 0x55, - 0xD9, 0x4E, 0xA0, 0xC9, 0x58, 0x38, 0x67, 0x31, 0xE7, 0x5C, - 0x46, 0x41, 0x58, 0x26, 0x48, 0x8C, 0x82, 0x91, 0xE4, 0x46, - 0x91, 0xE0, 0xA4, 0x4F, 0xA5, 0xFD, 0x28, 0x14, 0xC8, 0x07, - 0x73, 0xB9, 0x20, 0x7D, 0x94, 0xAF, 0xDC, 0xBF, 0x4A, 0x55, - 0xA8, 0x82, 0xBF, 0x6D, 0x22, 0xD2, 0xFF, 0x18, 0x5E, 0xFB, - 0xC4, 0xDE, 0x8B, 0x12, 0x58, 0x1E, 0x05, 0x51, 0x4A, 0x31, - 0x54, 0x26, 0xA5, 0xFD, 0x36, 0xED, 0x14, 0x80, 0x4E, 0x3F, - 0xB2, 0x4F, 0x43, 0x70, 0xAF, 0x63, 0x77, 0x86, 0x68, 0xF4, - 0x35, 0xC2, 0x4E, 0x57, 0x43, 0x63, 0x06, 0x07, 0x21, 0xCE, - 0x61, 0xDD, 0x5D, 0x1D, 0xA3, 0xF7, 0x24, 0x72, 0xED, 0x73, - 0x6A, 0xA0, 0xE6, 0x9C, 0x1A, 0xA3, 0xCF, 0x98, 0x47, 0xC2, - 0xE1, 0x29, 0x22, 0x1B, 0x7C, 0x14, 0x0E, 0xE2, 0x6B, 0x58, - 0x54, 0xA7, 0x3E, 0x0F, 0x07, 0x1D, 0xAB, 0xFD, 0x1C, 0x1E, - 0xE0, 0x24, 0xCB, 0x2B, 0xC8, 0x7D, 0x90, 0x83, 0x8D, 0x46, - 0x43, 0xB4, 0x30, 0x39, 0x26, 0x29, 0xEE, 0xAF, 0x67, 0x61, - 0x4C, 0x16, 0xF1, 0xF4, 0x01, 0x55, 0x71, 0x30, 0x1B, 0x18, - 0xC2, 0xF3, 0x8A, 0x26, 0x52, 0x63, 0xD0, 0xEA, 0x66, 0x04, - 0xD7, 0xCC, 0x09, 0xF1, 0x66, 0x62, 0xD1, 0x29, 0xFD, 0xCE, - 0x0A, 0x85, 0xD5, 0x2C, 0x5B, 0x0D, 0xC3, 0x53, 0x8F, 0x45, - 0xA1, 0x95, 0xEE, 0xAF, 0xC3, 0xC5, 0xEE, 0xE6, 0xCE, 0x4A, - 0x33, 0xDB, 0x8B, 0x29, 0x79, 0xBC, 0xF7, 0xC5, 0x33, 0xCD, - 0xC1, 0x74, 0x25, 0x69, 0xEC, 0x75, 0xA4, 0x05, 0x1D, 0x6D, - 0x6E, 0xEC, 0x77, 0xDC, 0xF9, 0x08, 0xB1, 0xFA, 0x38, 0x7F, - 0x8E, 0xDF, 0x74, 0x10, 0x27, 0x19, 0x52, 0xAB, 0x6B, 0x08, - 0xEB, 0x51, 0x22, 0xE7, 0x79, 0xDA, 0x9F, 0xC0, 0xD2, 0x5E, - 0x5C, 0x2A, 0xC7, 0xF8, 0x6B, 0xB6, 0x63, 0x06, 0x49, 0xB4, - 0xDD, 0xEB, 0x20, 0x6F, 0x5A, 0x5E, 0x78, 0x79, 0xA5, 0xAF, - 0x35, 0x6D, 0x36, 0xBA, 0xA4, 0x38, 0x98, 0x38, 0xD9, 0x59, - 0x81, 0x16, 0x8C, 0xCE, 0x78, 0xCA, 0xD1, 0x86, 0x8B, 0x3A, - 0xD9, 0xA5, 0x5B, 0x7C, 0x53, 0x24, 0xB8, 0xD2, 0x2B, 0x09, - 0x73, 0x04, 0x87, 0x3E, 0x39, 0x64, 0x42, 0x5A, 0xE1, 0xC8, - 0x72, 0xD5, 0x00, 0x06, 0x06, 0x81, 0x91, 0x7A, 0x12, 0xA1, - 0x91, 0xEC, 0xBF, 0xD6, 0xBC, 0xFD, 0x82, 0xDA, 0xEE, 0x3A, - 0xB7, 0xF1, 0x54, 0xE3, 0xBD, 0xE5, 0xC0, 0x18, 0xE9, 0x5C, - 0x49, 0x0C, 0xFA, 0x64, 0x80, 0x98, 0x5C, 0x44, 0x9B, 0x4A, - 0x48, 0x3E, 0x0C, 0xBE, 0x5E, 0xBB, 0x68, 0xDA, 0x09, 0xD7, - 0x00, 0x51, 0x5B, 0x13, 0x96, 0xC2, 0x8A, 0xCE, 0xB0, 0x8F, - 0xDF, 0x84, 0x77, 0x70, 0x4B, 0x0F, 0x6E, 0xC7, 0x62, 0x47, - 0xFA, 0xA8, 0x35, 0x18, 0x43, 0x93, 0x4C, 0x83, 0x13, 0x45, - 0x74, 0x76, 0x19, 0xA7, 0x71, 0x98, 0x8C, 0x2E, 0xFC, 0xA9, - 0x83, 0x64, 0xD1, 0xA3, 0x95, 0x33, 0x31, 0xDB, 0xA8, 0xC3, - 0xB9, 0x72, 0x80, 0x58, 0xEC, 0xEB, 0xFC, 0xF3, 0x03, 0x44, - 0xDC, 0x11, 0x06, 0x3A, 0x95, 0x81, 0x28, 0xDB, 0xAB, 0x36, - 0xC4, 0x37, 0x0C, 0xD4, 0x6B, 0xAF, 0x04, 0xD0, 0x23, 0x3F, - 0xDD, 0x08, 0x88, 0x06, 0x23, 0x39, 0xCF, 0xB2, 0xCF, 0x13, - 0x27, 0xE1, 0x4E, 0x21, 0xDA, 0x81, 0x58, 0x29, 0x70, 0x2B, - 0x26, 0xB7, 0xA7, 0x69, 0xA1, 0x86, 0xBC, 0xD9, 0x88, 0xED, - 0x70, 0x61, 0x94, 0x2D, 0xCD, 0x47, 0x57, 0xD0, 0xBD, 0x07, - 0x05, 0x7E, 0xA5, 0x35, 0x29, 0x15, 0xFA, 0x62, 0x7E, 0xB7, - 0x2A, 0xEB, 0x4F, 0xC4, 0x0D, 0x6D, 0x2E, 0x6D, 0x8F, 0x53, - 0x7C, 0x0B, 0x62, 0x72, 0xA5, 0x01, 0x5D, 0xD9, 0x52, 0xAF, - 0x60, 0x22, 0x90, 0xD0, 0xE6, 0x37, 0x25, 0x57, 0x73, 0x66, - 0xD5, 0x96, 0x6A, 0x23, 0x75, 0x43, 0xF7, 0x6A, 0xC8, 0x3E, - 0xAC, 0x20, 0xC8, 0x8A, 0xE3, 0xD1, 0xB4, 0x07, 0x87, 0x8E, - 0x3A, 0xEB, 0x43, 0x10, 0x91, 0x7F, 0x17, 0x96, 0x4B, 0x7A, - 0x31, 0x2A, 0x84, 0xFC, 0xFE, 0xB1, 0x26, 0x67, 0xD6, 0xAD, - 0xB8, 0xB7, 0x3D, 0x3A, 0x2F, 0xEE, 0x94, 0x2F, 0x05, 0xF1, - 0xD8, 0x8E, 0xD4, 0x97, 0xAF, 0x36, 0xCE, 0x01, 0x18, 0x0B, - 0x68, 0x41, 0x26, 0xEB, 0x38, 0x2B, 0xF6, 0xD2, 0x8A, 0x5A, - 0x79, 0x02, 0xA1, 0xE4, 0x49, 0x48, 0xCF, 0x55, 0x2B, 0x74, - 0x16, 0x63, 0x27, 0x9D, 0x25, 0xAA, 0x7F, 0x8A, 0x5D, 0x96, - 0x68, 0xF3, 0x58, 0x7C, 0x10, 0xCF, 0x6A, 0xE3, 0xE2, 0x80, - 0x90, 0xD3, 0x39, 0xF5, 0x62, 0x01, 0x33, 0x5F, 0xC2, 0xFD, - 0xAD, 0xE6, 0x2A, 0xB2, 0x3D, 0x89, 0x99, 0x7B, 0x17, 0x35, - 0xE4, 0x5C, 0x62, 0x10, 0x69, 0x10, 0x93, 0x57, 0x92, 0x15, - 0x53, 0xEC, 0x82, 0x17, 0x00, 0xFC, 0x13, 0x49, 0x58, 0x79, - 0x90, 0x36, 0x0D, 0x50, 0xA5, 0xFE, 0xAE, 0xE1, 0xB3, 0xAF, - 0x40, 0x98, 0x3C, 0xB7, 0xAB, 0xC9, 0x0B, 0x2B, 0xE8, 0x31, - 0x71, 0x0D, 0x47, 0xE1, 0xE0, 0x3D, 0xCB, 0xB0, 0x3E, 0x44, - 0x00, 0x18, 0x66, 0xD5, 0x44, 0xEF, 0x58, 0x6A, 0xC3, 0x98, - 0x86, 0x19, 0xBA, 0xCE, 0x24, 0xF0, 0x9A, 0xED, 0x55, 0xA9, - 0x1F, 0x52, 0xB2, 0xBA, 0x1A, 0x2C, 0x71, 0x9F, 0xD7, 0xE6, - 0xA1, 0x01, 0x64, 0x8B, 0x22, 0x22, 0x23, 0xC8, 0x2A, 0xBA, - 0x13, 0x5A, 0xDD, 0xC4, 0x0C, 0x1A, 0x3C, 0x4F, 0x1E, 0x0B, - 0x5B, 0xB5, 0x45, 0xA3, 0xDD, 0x4D, 0xE9, 0x00, 0x06, 0x60, - 0x59, 0xFC, 0x48, 0xB2, 0x3E, 0x32, 0xBF, 0xF8, 0x74, 0x4E, - 0x65, 0x9F, 0x89, 0x8D, 0xE4, 0x0C, 0xC1, 0x89, 0xCF, 0x19, - 0xF0, 0xBC, 0x75, 0xDC, 0xE4, 0xEA, 0x23, 0x18, 0x23, 0xC2, - 0xD2, 0xA4, 0x96, 0xA6, 0xC2, 0x73, 0x41, 0x1E, 0xD8, 0x9D, - 0x02, 0x02, 0x35, 0x16, 0x61, 0x9B, 0x6F, 0xCC, 0x16, 0x80, - 0x2B, 0xA5, 0xE2, 0x9B, 0x63, 0x9B, 0x4E, 0x75, 0xBD, 0xBD, - 0xF3, 0x36, 0x16, 0x53, 0x6B, 0x34, 0x33, 0xF4, 0xBC, 0x05, - 0x79, 0x8A, 0x1F, 0x23, 0xD8, 0x36, 0xCC, 0xDB, 0x37, 0x5A, - 0x1E, 0xCE, 0x6D, 0x27, 0x7B, 0x6C, 0x66, 0x11, 0xE3, 0x96, - 0xAD, 0xC3, 0xF9, 0x57, 0xF9, 0xA7, 0x4C, 0x4F, 0x8E, 0x97, - 0x70, 0xB1, 0x70, 0xE9, 0x77, 0xF0, 0xC2, 0xD0, 0x79, 0x12, - 0x79, 0x3F, 0xDB, 0x71, 0x66, 0x48, 0xDB, 0x5A, 0xFC, 0xA7, - 0x8E, 0xE4, 0x1A, 0x93, 0xFE, 0x49, 0xF5, 0x7D, 0xEF, 0xC4, - 0x4B, 0xC1, 0x10, 0x2A, 0xD6, 0xF0, 0x5D, 0xC4, 0x80, 0x8B, - 0x9C, 0x2E, 0x44, 0xFB, 0x71, 0xD3, 0xA3, 0x80, 0xFB, 0x77, - 0x60, 0x16, 0xAD, 0x0B, 0xEC, 0x75, 0x9A, 0x58, 0x4B, 0x6E, - 0xD8, 0xFD, 0xE9, 0x41, 0x46, 0x85, 0x43, 0xFD, 0x82, 0x53, - 0x51, 0x65, 0xF8, 0xD0, 0x26, 0x2B, 0xF2, 0xF9, 0xE9, 0x26, - 0xD7, 0x15, 0x84, 0x31, 0x80, 0xAE, 0xFD, 0xA5, 0x30, 0x65, - 0xEE, 0x52, 0xCA, 0x3C, 0x76, 0x16, 0x91, 0x5A, 0x26, 0x49, - 0x1A, 0x28, 0xC7, 0x81, 0x10, 0x95, 0xB8, 0x96, 0x09, 0x50, - 0x6D, 0xB1, 0x64, 0xA2, 0x87, 0xCF, 0x38, 0x3C, 0x3C, 0x6E, - 0x0B, 0x96, 0x97, 0xFC, 0x81, 0xBD, 0x7D, 0xE7, 0xCC, 0xB6, - 0xF7, 0xE8, 0x15, 0x05, 0xAF, 0xDE, 0x1C, 0x68, 0xC0, 0xCF, - 0xF8, 0x68, 0x94, 0x90, 0x7B, 0x7D, 0x98, 0x57, 0xDC, 0x86, - 0x6D, 0x69, 0xD6, 0x98, 0x62, 0x0F, 0x38, 0x99, 0x93, 0x99, - 0x55, 0xD6, 0xA5, 0x8C, 0x94, 0x62, 0xCB, 0xD9, 0xE8, 0xA4, - 0x7C, 0xDF, 0x21, 0xF4, 0x36, 0x65, 0xCF, 0x3F, 0xE4, 0x10, - 0xA5, 0xB4, 0x71, 0x08, 0x65, 0x98, 0x59, 0x70, 0x19, 0x7E, - 0x27, 0x13, 0x71, 0x3F, 0xD2, 0x91, 0x20, 0xFF, 0x53, 0xDB, - 0xD2, 0xD4, 0x07, 0x3A, 0x49, 0x72, 0x05, 0x66, 0xED, 0x7D, - 0xBC, 0x61, 0x70, 0x7F, 0x64, 0x41, 0xDD, 0xB3, 0x1B, 0x03, - 0xB8, 0x20, 0xE1, 0x5D, 0x07, 0x39, 0xFC, 0xD2, 0x30, 0x72, - 0xE8, 0x0F, 0xA7, 0xA2, 0x71, 0xE8, 0x3D, 0xD9, 0x2B, 0x5B, - 0xB4, 0x97, 0x2B, 0xC3, 0x58, 0xE1, 0x2B, 0x0F, 0xAA, 0x8C, - 0x5A, 0x72, 0xC7, 0xBB, 0xB6, 0x59, 0x2B, 0x73, 0x39, 0x9A, - 0x20, 0xE5, 0x9A, 0x70, 0x30, 0x7B, 0x28, 0xBE, 0xD6, 0x6A, - 0x04, 0x18, 0x41, 0xEF, 0x18, 0xCD, 0xB5, 0x69, 0xB6, 0x00, - 0x50, 0xEE, 0xF9, 0x45, 0x2F, 0x86, 0xEE, 0x04, 0xBE, 0xF8, - 0x88, 0x9E, 0x0D, 0xAC, 0x1B, 0xA9, 0xD1, 0xC1, 0xA5, 0x3E, - 0xF6, 0xD9, 0x78, 0x99, 0x9D, 0x2E, 0x26, 0x6C, 0xCA, 0x7C, - 0x4C, 0xC7, 0xAF, 0xAB, 0xF0, 0xBB, 0x93, 0x32, 0x03, 0x22, - 0xAF, 0x27, 0x6A, 0x9F, 0x53, 0x77, 0xA9, 0x6C, 0x83, 0xA2, - 0x46, 0x15, 0x61, 0x6C, 0xB3, 0x08, 0x6F, 0x5B, 0x85, 0x73, - 0x8A, 0xCD, 0x8A, 0xB0, 0x70, 0xAC, 0xA5, 0x22, 0x18, 0x87, - 0x54, 0x91, 0x6B, 0x34, 0x7F, 0x0B, 0x4E, 0xCA, 0x44, 0xB3, - 0xBE, 0xB0, 0x77, 0x28, 0x85, 0x73, 0xDD, 0x29, 0x70, 0x53, - 0xD9, 0xA2, 0x4F, 0x12, 0xCB, 0x41, 0xFD, 0x99, 0x27, 0xC7, - 0xA9, 0xCF, 0xB7, 0x5B, 0xFB, 0xCC, 0x77, 0xBA, 0x12, 0xE1, - 0xD6, 0xF6, 0x7C, 0x22, 0xB4, 0xED, 0xB0, 0xA0, 0x71, 0x59, - 0xD2, 0xF3, 0x14, 0xB2, 0x7C, 0x4A, 0x0A, 0xD6, 0x43, 0x10, - 0xA0, 0xF6, 0xC0, 0x6F, 0xB4, 0x31, 0x8F, 0x7B, 0xF8, 0x5A, - 0xC9, 0x91, 0x0F, 0x7A, 0xE5, 0xDF, 0x29, 0x11, 0x66, 0xFF, - 0x4C, 0x73, 0xA6, 0xC7, 0xA0, 0xCC, 0x7B, 0x73, 0x79, 0x36, - 0x1D, 0x5E, 0x7C, 0xE2, 0xC9, 0xF7, 0x56, 0xC4, 0x88, 0x71, - 0xC1, 0x03, 0xEE, 0xE7, 0xE0, 0xEE, 0x12, 0xD7, 0x3D, 0x3A, - 0xB2, 0x91, 0x51, 0xE1, 0x18, 0xFE, 0x66, 0x22, 0x84, 0xA6, - 0xC3, 0xD2, 0x54, 0xE9, 0xE5, 0xF8, 0xDB, 0xF1, 0xF9, 0x6A, - 0x01, 0x61, 0xCF, 0x3D, 0xDA, 0x89, 0x5B, 0xED, 0x89, 0x10, - 0xBA, 0x18, 0xB8, 0xBA, 0x66, 0x38, 0x0D, 0x37, 0xEC, 0x1E, - 0xF7, 0x06, 0xD6, 0xC0, 0x84, 0x06, 0x2F, 0x43, 0xBD, 0x50, - 0xA0, 0x05, 0x9B, 0x50, 0xCD, 0xBB, 0xB7, 0x93, 0xF0, 0x70, - 0x50, 0xB7, 0x03, 0x0F, 0x27, 0x70, 0x47, 0x8E, 0xEB, 0x14, - 0xE0, 0x81, 0xBC, 0x7F, 0xA5, 0x60, 0xB0, 0x09, 0xCA, 0x38, - 0xCB, 0x59, 0x85, 0x49, 0xB3, 0xD4, 0x29, 0x50, 0xE1, 0x04, - 0xBD, 0x9F, 0x6C, 0xA5, 0x76, 0xCB, 0xE6, 0x79, 0xED, 0xDD, - 0xB8, 0x98, 0xA9, 0x94, 0xDD, 0xD3, 0x2E, 0xE0, 0xEA, 0xCD, - 0xD3, 0x34, 0xDA, 0x78, 0xBE, 0x7A, 0xC9, 0x8C, 0xD6, 0x12, - 0x5B, 0xD0, 0x36, 0x11, 0x79, 0x52, 0xCA, 0xA1, 0xCC, 0x3D, - 0x5B, 0x1F, 0x35, 0x80, 0xCC, 0x56, 0xDA, 0xC9, 0x88, 0xB7, - 0xD3, 0x28, 0x86, 0x6F, 0x4E, 0x20, 0x56, 0x56, 0x62, 0x12, - 0x79, 0xDA, 0x3F, 0x75, 0xEC, 0x89, 0xDC, 0x90, 0x44, 0xAE, - 0xB8, 0x0E, 0x34, 0x76, 0xF9, 0xAE, 0xDF, 0x2C, 0x28, 0x0F, - 0xCF, 0x28, 0x0B, 0x7B, 0x8A, 0xC4, 0x9B, 0x0B, 0x3C, 0x3E, - 0xC2, 0x70, 0x88, 0x71, 0xED, 0x3B, 0x3D, 0x61, 0x73, 0xDC, - 0x1B, 0x1A, 0x89, 0x16, 0xE2, 0x36, 0x50, 0x96, 0x38, 0x44, - 0xB1, 0xB6, 0x23, 0xB1, 0x83, 0x51, 0x43, 0x7C, 0x37, 0x9C, - 0x83, 0xDB, 0x63, 0x3E, 0x02, 0x42, 0xFA, 0xE9, 0x0B, 0x22, - 0xCB, 0xA5, 0x1F, 0x09, 0x03, 0x1C, 0xD0, 0xAD, 0xCB, 0xEE, - 0xB5, 0x3F, 0xFC, 0xCD, 0x80, 0x04, 0x63, 0x44, 0x4F, 0x3F, - 0x2B, 0x17, 0x66, 0xE0, 0xA7, 0x1E, 0xA2, 0xB5, 0xE3, 0xD3, - 0x23, 0x76, 0xF9, 0x75, 0x7C, 0x39, 0x5C, 0x6A, 0x64, 0xF8, - 0x61, 0xDE, 0x66, 0x3F, 0xCD, 0x4F, 0x06, 0xEF, 0x9C, 0xCA, - 0x43, 0xA9, 0x32, 0x30, 0xDC, 0xB8, 0xA2, 0xE0, 0xAA, 0xEB, - 0x4D, 0x30, 0x8D, 0x0C, 0xD1, 0x5E, 0x04, 0xEE, 0xED, 0x46, - 0x07, 0x9C, 0xF4, 0xD8, 0xD5, 0x78, 0x9A, 0x51, 0x93, 0xC6, - 0x95, 0x5C, 0x12, 0x48, 0x2B, 0x92, 0x7A, 0xE4, 0x57, 0x3D, - 0x37, 0xEC, 0xA0, 0x19, 0xEC, 0x0A, 0x45, 0x0B, 0xFE, 0x9F, - 0x5F, 0xA0, 0xB3, 0x05, 0xEE, 0xF9, 0x87, 0x76, 0x5C, 0xC1, - 0xAD, 0x92, 0x79, 0x50, 0xAC, 0x70, 0xB6, 0xE8, 0xBB, 0x7C, - 0xCA, 0xC2, 0x49, 0xAD, 0xB0, 0xDA, 0xD0, 0x28, 0x90, 0xC2, - 0xEE, 0x3D, 0x4C, 0xCD, 0xC8, 0x41, 0x89, 0x5C, 0x65, 0xB9, - 0x1C, 0xCA, 0x67, 0x7B, 0xEF, 0x0D, 0x7B, 0x69, 0x4B, 0x8E, - 0x51, 0x0D, 0xF7, 0x70, 0xB7, 0xB3, 0x4E, 0xC8, 0x87, 0x8D, - 0xD1, 0xDD, 0x20, 0x11, 0x3C, 0x34, 0xA3, 0x3B, 0x6F, 0xDD, - 0xF5, 0xB2, 0xB1, 0x21, 0x9A, 0xE0, 0x4A, 0xF0, 0xB9, 0xEB, - 0x64, 0xDB, 0xC6, 0xD6, 0x64, 0x8F, 0x1A, 0x2C, 0x40, 0x0A, - 0x24, 0xF4, 0x0C, 0x0F, 0x60, 0x04, 0xBA, 0x9D, 0x3A, 0xE7, - 0x05, 0x58, 0xB5, 0x29, 0xD4, 0xD3, 0x64, 0xED, 0xCE, 0x47, - 0x7B, 0xB0, 0x6E, 0xCC, 0x2F, 0x46, 0x3A, 0xFE, 0x11, 0xC6, - 0x6B, 0x91, 0x51, 0x6A, 0x17, 0xCD, 0x03, 0x35, 0x0E, 0x1C, - 0x0E, 0x8B, 0xDD, 0x46, 0x4F, 0x5D, 0x9A, 0x5C, 0xE1, 0x14, - 0x99, 0xE8, 0xF2, 0xA4, 0xED, 0xCF, 0x6F, 0xC6, 0xC1, 0x67, - 0x36, 0x49, 0x1F, 0x1E, 0x42, 0x92, 0x4D, 0x32, 0x05, 0x4E, - 0xA6, 0xD7, 0xC0, 0xEC, 0xB0, 0x3E, 0xFD, 0xA1, 0xA7, 0x08, - 0x6B, 0xE8, 0x7F, 0xCD, 0xF8, 0x3C, 0x53, 0x58, 0x4C, 0x97, - 0xE6, 0x8D, 0xFE, 0xA9, 0x49, 0x61, 0xD1, 0xF0, 0xA0, 0xC7, - 0xB4, 0x4F, 0xBE, 0xDD, 0x90, 0x92, 0x0B, 0xA0, 0x5E, 0x69, - 0xAC, 0xDA, 0x26, 0x99, 0xF8, 0xE3, 0x07, 0xB5, 0xB9, 0xB7, - 0x48, 0xC7, 0xA3, 0x64, 0x3E, 0xA0, 0xB6, 0xC1, 0xF8, 0x6E, - 0x23, 0xA3, 0x11, 0x52, 0xA8, 0x26, 0xBD, 0x1C, 0xAD, 0xEB, - 0xF7, 0xDF, 0xC6, 0x35, 0xB4, 0x92, 0xE5, 0xB0, 0x5B, 0x53, - 0x55, 0xAA, 0x6E, 0xAD, 0x36, 0x4B, 0xF0, 0xE5, 0x9E, 0x32, - 0xB6, 0xFF, 0x1C, 0x01, 0x35, 0x20, 0x5E, 0xAD, 0x3E, 0xA3, - 0x01, 0x5D, 0xA0, 0xC5, 0x1B, 0xC8, 0x69, 0xB8, 0xF2, 0x2B, - 0x2B, 0x69, 0xC4, 0x4E, 0xA3, 0xC6, 0x1C, 0xFE, 0xCC, 0x0C, - 0x79, 0x6E, 0xDD, 0xD4, 0x59, 0x93, 0x51, 0xA2, 0x41, 0x3A, - 0x7A, 0x7D, 0x19, 0x5C, 0x1A, 0x91, 0x3C, 0x68, 0x00, 0x42, - 0x58, 0x51, 0x26, 0x11, 0x1A, 0x1E, 0xDE, 0x3B, 0x64, 0x16, - 0xBC, 0xDC, 0x5A, 0xF7, 0x7E, 0x80, 0x04, 0x63, 0xED, 0xDB, - 0x68, 0x74, 0xC2, 0x6B, 0x36, 0x67, 0xFC, 0x81, 0xB3, 0x64, - 0xBC, 0xAC, 0xA4, 0x56, 0x55, 0x77, 0x86, 0x74, 0xE2, 0x68, - 0x02, 0xD5, 0x5A, 0x84, 0x8F, 0x0E, 0x7F, 0xA1, 0xE9, 0xA5, - 0x30, 0xEB, 0xB4, 0x3E, 0x31, 0x09, 0x7F, 0xE2, 0x21, 0x35, - 0x4F, 0xFA, 0x61, 0xD2, 0x42, 0xB5, 0xCC, 0x31, 0xDE, 0x9C, - 0xDD, 0x39, 0x71, 0x90, 0x69, 0x9C, 0xF3, 0x7B, 0x91, 0xB1, - 0x65, 0x44, 0x10, 0xEC, 0x5C, 0x31, 0xF5, 0xA5, 0x37, 0xFF, - 0x52, 0xDF, 0x21, 0x85, 0x8A, 0x08, 0x77, 0xD7, 0xEE, 0xCC, - 0xD8, 0x58, 0xEF, 0x5B, 0xDD, 0x12, 0xC0, 0x4E, 0xC2, 0x20, - 0xAD, 0x5E, 0x74, 0x37, 0xE0, 0x70, 0x1B, 0xBA, 0xA3, 0x84, - 0x39, 0x2C, 0x4F, 0x63, 0x77, 0x69, 0x6C, 0x60, 0x69, 0x00, - 0xF0, 0xCE, 0x19, 0x29, 0x62, 0xDA, 0x10, 0xD9, 0x15, 0x79, - 0xC5, 0x2B, 0xB0, 0xB3, 0x97, 0x8C, 0x98, 0x83, 0x9F, 0x25, - 0x3F, 0x56, 0x1F, 0x2C, 0x63, 0x77, 0xFA, 0xDB, 0x27, 0xDF, - 0x94, 0xAE, 0x08, 0x44, 0x75, 0x8A, 0xE8, 0x91, 0x72, 0xB0, - 0xD0, 0x93, 0xC5, 0x7B, 0xB1, 0xD0, 0xEB, 0xD8, 0xDD, 0x88, - 0x29, 0xF8, 0x36, 0xE7, 0x7C, 0xFD, 0x88, 0xFE, 0xA1, 0xEE, - 0x12, 0x9A, 0x0E, 0x84, 0x75, 0x15, 0xA8, 0xA0, 0xD7, 0xBC, - 0x72, 0x75, 0x7D, 0x4E, 0xDF, 0xEE, 0x30, 0x30, 0x23, 0x6D, - 0xCC, 0xE5, 0xD7, 0xFD, 0x11, 0xE0, 0x87, 0x65, 0xDE, 0xAA, - 0xF4, 0x2C, 0x64, 0x74, 0x1A, 0x0C, 0x7A, 0x0A, 0x5B, 0x85, - 0xF3, 0x35, 0xB8, 0x41, 0x27, 0x14, 0xFC, 0x2A, 0x8D, 0x28, - 0xD0, 0xA7, 0xDB, 0xB0, 0xD9, 0x5A, 0xA9, 0x0F, 0x0B, 0x2F, - 0xE0, 0x8E, 0x37, 0x82, 0x5E, 0x8E, 0x1E, 0x2F, 0xC2, 0xA6, - 0xF5, 0x89, 0x54, 0x77, 0x49, 0x49, 0xDC, 0xF4, 0x03, 0xF2, - 0x04, 0xD6, 0xC0, 0x43, 0xB1, 0x13, 0x2B, 0x0C, 0xC2, 0x14, - 0x93, 0x5A, 0x90, 0x20, 0x87, 0xA0, 0x4A, 0xB2, 0xD7, 0x25, - 0x81, 0x79, 0x3C, 0x9C, 0xF6, 0x92, 0xBB, 0x26, 0xB0, 0x25, - 0x93, 0x05, 0x60, 0xEC, 0x56, 0x3C, 0x92, 0x41, 0x63, 0x52, - 0x0F, 0x95, 0x06, 0x7D, 0xE8, 0x46, 0x90, 0x39, 0x69, 0xEA, - 0x6B, 0xA6, 0x64, 0x09, 0x7B, 0x2F, 0x34, 0xE0, 0x21, 0x29, - 0xDA, 0xE3, 0xCF, 0xFE, 0xA7, 0x8E, 0x14, 0x3A, 0xD7, 0x53, - 0x26, 0xD7, 0x82, 0x0E, 0x2A, 0x00, 0x43, 0xEB, 0x6A, 0x23, - 0x75, 0x28, 0xD0, 0x9B, 0x85, 0xE0, 0xFB, 0x14, 0x19, 0xF3, - 0x6A, 0x73, 0x6C, 0x97, 0x0E, 0x21, 0xFC, 0x0F, 0x26, 0xC5, - 0xCE, 0xB7, 0xC6, 0x59, 0xA2, 0xE6, 0x4C, 0xF4, 0xC7, 0xBB, - 0x9B, 0xA8, 0xFA, 0x12, 0xC7, 0xDA, 0x33, 0x26, 0x69, 0x83, - 0x49, 0xA8, 0x0A, 0x3E, 0xF0, 0xD4 +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + +static const unsigned char bench_dilithium_level3_pubkey[] = { + 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, + 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, + 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, + 0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d, + 0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92, + 0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24, + 0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e, + 0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4, + 0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc, + 0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4, + 0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6, + 0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc, + 0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49, + 0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71, + 0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09, + 0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1, + 0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00, + 0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46, + 0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85, + 0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9, + 0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7, + 0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0, + 0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc, + 0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb, + 0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f, + 0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a, + 0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d, + 0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40, + 0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e, + 0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea, + 0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd, + 0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea, + 0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b, + 0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9, + 0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc, + 0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3, + 0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce, + 0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1, + 0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac, + 0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e, + 0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b, + 0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9, + 0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d, + 0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda, + 0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9, + 0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86, + 0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4, + 0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b, + 0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32, + 0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf, + 0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca, + 0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15, + 0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2, + 0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14, + 0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3, + 0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0, + 0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a, + 0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e, + 0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75, + 0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40, + 0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40, + 0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75, + 0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64, + 0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a, + 0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91, + 0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8, + 0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19, + 0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35, + 0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d, + 0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9, + 0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c, + 0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69, + 0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34, + 0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f, + 0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee, + 0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30, + 0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4, + 0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5, + 0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63, + 0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63, + 0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14, + 0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10, + 0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97, + 0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12, + 0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac, + 0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7, + 0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4, + 0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30, + 0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a, + 0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62, + 0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4, + 0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c, + 0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5, + 0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c, + 0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d, + 0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3, + 0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca, + 0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed, + 0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca, + 0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c, + 0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97, + 0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3, + 0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6, + 0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4, + 0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c, + 0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7, + 0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04, + 0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06, + 0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3, + 0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9, + 0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4, + 0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c, + 0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71, + 0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc, + 0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd, + 0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c, + 0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7, + 0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d, + 0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4, + 0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f, + 0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69, + 0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7, + 0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0, + 0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24, + 0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84, + 0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22, + 0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e, + 0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f, + 0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a, + 0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f, + 0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e, + 0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57, + 0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70, + 0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62, + 0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48, + 0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75, + 0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f, + 0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc, + 0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c, + 0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5, + 0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2, + 0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52, + 0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b, + 0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72, + 0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63, + 0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a, + 0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7, + 0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b, + 0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2, + 0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58, + 0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78, + 0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06, + 0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f, + 0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98, + 0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f, + 0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8, + 0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75, + 0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee, + 0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5, + 0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d, + 0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24, + 0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b, + 0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7, + 0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58, + 0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b, + 0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91, + 0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a, + 0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c, + 0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1, + 0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b, + 0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc, + 0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23, + 0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58, + 0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82, + 0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63, + 0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac, + 0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81, + 0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52, + 0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2, + 0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e, + 0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34, + 0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff, + 0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5, + 0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea, + 0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6, + 0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77, + 0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab, + 0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d, + 0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09, + 0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe, + 0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e, + 0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08, + 0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69, + 0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27, + 0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14, + 0x1b, 0x10, +}; +static const int sizeof_bench_dilithium_level3_pubkey = + sizeof(bench_dilithium_level3_pubkey); + +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + +static const unsigned char bench_dilithium_level5_key[] = { + 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, + 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, + 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, + 0xcc, 0x99, 0xfd, 0x0f, 0x8f, 0x6e, 0xad, 0x75, 0x9b, 0xc9, + 0xb1, 0xb9, 0x90, 0x93, 0xbf, 0xce, 0x02, 0x2d, 0x12, 0x0c, + 0x54, 0x2e, 0xe2, 0x3e, 0x52, 0xff, 0xe0, 0x7a, 0xca, 0x2d, + 0x81, 0x84, 0xea, 0x16, 0x1f, 0x10, 0xc4, 0xc9, 0xde, 0xcd, + 0xf6, 0xbd, 0x60, 0xc9, 0xb3, 0xd0, 0x0f, 0x57, 0xeb, 0x71, + 0x78, 0x9b, 0xb5, 0x72, 0x2a, 0x65, 0x11, 0x14, 0xff, 0x63, + 0x8d, 0x38, 0xcf, 0xa4, 0xf4, 0xad, 0xd0, 0x68, 0x84, 0x97, + 0xfe, 0xd3, 0x91, 0xa0, 0xe4, 0xc3, 0x74, 0xcf, 0x20, 0x87, + 0x89, 0x84, 0x1f, 0x75, 0x91, 0xe3, 0xb3, 0x47, 0x8b, 0xfe, + 0x76, 0xb7, 0x2d, 0x30, 0x89, 0x02, 0x04, 0xc9, 0x93, 0xa8, + 0x31, 0xd3, 0x84, 0x2d, 0xe4, 0x26, 0x12, 0xdb, 0x94, 0x08, + 0x12, 0x45, 0x45, 0xca, 0x44, 0x89, 0x52, 0xc4, 0x28, 0x41, + 0x46, 0x01, 0x1c, 0x93, 0x20, 0x8b, 0x40, 0x6d, 0x09, 0x36, + 0x65, 0x4c, 0xa2, 0x40, 0x62, 0xb8, 0x2c, 0x1b, 0x00, 0x20, + 0x61, 0x42, 0x8c, 0x24, 0xa7, 0x10, 0x19, 0x27, 0x25, 0x22, + 0x14, 0x31, 0x13, 0x33, 0x46, 0x0c, 0x22, 0x22, 0x18, 0xa7, + 0x91, 0x0c, 0x24, 0x61, 0xd9, 0x32, 0x46, 0xc8, 0x96, 0x49, + 0x5c, 0x90, 0x89, 0x9b, 0x84, 0x01, 0x5c, 0x08, 0x42, 0x64, + 0x84, 0x85, 0x0c, 0x42, 0x21, 0x20, 0x48, 0x21, 0x92, 0x00, + 0x28, 0x83, 0x20, 0x4c, 0x08, 0xc7, 0x51, 0x99, 0x06, 0x66, + 0x01, 0x18, 0x51, 0x13, 0x48, 0x0a, 0x0b, 0x42, 0x90, 0x4c, + 0x14, 0x08, 0x83, 0x14, 0x6d, 0x10, 0x10, 0x91, 0xe2, 0xc4, + 0x8d, 0xe1, 0x12, 0x11, 0x10, 0x40, 0x29, 0x99, 0x92, 0x30, + 0x12, 0x39, 0x6c, 0x91, 0x86, 0x68, 0x08, 0x83, 0x0c, 0x54, + 0x80, 0x80, 0xa2, 0x08, 0x52, 0x09, 0x30, 0x71, 0x0c, 0x10, + 0x04, 0x53, 0x00, 0x65, 0x91, 0x12, 0x2d, 0x0c, 0xa2, 0x8c, + 0x18, 0x14, 0x45, 0xd8, 0x14, 0x06, 0xe4, 0x36, 0x72, 0x93, + 0x10, 0x68, 0x09, 0xc2, 0x08, 0x51, 0x14, 0x8c, 0x13, 0x39, + 0x11, 0xd8, 0x44, 0x02, 0x18, 0x39, 0x29, 0x98, 0x16, 0x71, + 0x82, 0x40, 0x70, 0x01, 0x10, 0x8c, 0x1a, 0x30, 0x08, 0x02, + 0x03, 0x41, 0x5a, 0x00, 0x40, 0xa4, 0x16, 0x90, 0x20, 0x26, + 0x32, 0x00, 0x49, 0x61, 0x20, 0x20, 0x0c, 0x1a, 0xb0, 0x10, + 0x63, 0x10, 0x11, 0x58, 0x30, 0x0d, 0x59, 0x80, 0x68, 0x90, + 0x46, 0x2a, 0x91, 0xa8, 0x71, 0x98, 0x20, 0x40, 0x21, 0x83, + 0x6c, 0xc0, 0x48, 0x0d, 0x8b, 0x90, 0x11, 0x08, 0x09, 0x31, + 0x8c, 0x00, 0x12, 0x10, 0x14, 0x6e, 0xc2, 0x06, 0x32, 0x1a, + 0x26, 0x10, 0x0a, 0x91, 0x44, 0x08, 0x99, 0x8d, 0x60, 0x86, + 0x28, 0x11, 0x20, 0x6d, 0xa3, 0x12, 0x81, 0x8b, 0xc6, 0x51, + 0xcb, 0xa0, 0x61, 0x09, 0x97, 0x61, 0x48, 0xb6, 0x0d, 0x21, + 0x49, 0x51, 0x08, 0x13, 0x0c, 0x0a, 0x34, 0x86, 0x49, 0x80, + 0x65, 0x14, 0x39, 0x04, 0x21, 0x01, 0x81, 0x9a, 0xb8, 0x4d, + 0x04, 0x41, 0x48, 0x03, 0x92, 0x81, 0x62, 0x14, 0x6c, 0x10, + 0x16, 0x11, 0xe2, 0xa2, 0x49, 0xe3, 0x30, 0x65, 0x04, 0x93, + 0x8d, 0x1c, 0x33, 0x70, 0x1b, 0x15, 0x50, 0xe4, 0x38, 0x80, + 0x21, 0x37, 0x06, 0x20, 0xc6, 0x24, 0xc8, 0x22, 0x88, 0x4a, + 0x44, 0x80, 0x14, 0x43, 0x88, 0x54, 0x44, 0x42, 0x11, 0x49, + 0x41, 0x19, 0xb9, 0x2d, 0xcc, 0x04, 0x0d, 0x19, 0xc1, 0x65, + 0x5b, 0xa0, 0x11, 0x94, 0x00, 0x84, 0xe4, 0xb6, 0x41, 0xc2, + 0x18, 0x72, 0x5c, 0x02, 0x69, 0x11, 0x85, 0x24, 0x13, 0x35, + 0x00, 0x62, 0x34, 0x04, 0x58, 0x40, 0x21, 0x00, 0xc4, 0x28, + 0x0c, 0x17, 0x30, 0x10, 0x47, 0x60, 0x4b, 0xc2, 0x61, 0x9c, + 0x80, 0x2c, 0x20, 0x94, 0x31, 0x58, 0x92, 0x09, 0xcc, 0x00, + 0x02, 0x42, 0x94, 0x69, 0x99, 0x28, 0x06, 0x98, 0x02, 0x52, + 0x90, 0x32, 0x6e, 0x8a, 0x18, 0x2e, 0x54, 0x94, 0x81, 0x03, + 0xc6, 0x89, 0x03, 0xa1, 0x84, 0x48, 0x82, 0x48, 0x52, 0xc4, + 0x00, 0x91, 0x30, 0x24, 0x20, 0x12, 0x0d, 0x83, 0x80, 0x05, + 0x92, 0x48, 0x61, 0x98, 0x46, 0x92, 0xe1, 0xa6, 0x25, 0x20, + 0x93, 0x4d, 0x1c, 0x37, 0x2c, 0x9b, 0x94, 0x8d, 0xc8, 0x88, + 0x80, 0xa2, 0x18, 0x72, 0x0c, 0x09, 0x70, 0x81, 0x36, 0x90, + 0x24, 0x45, 0x69, 0x53, 0x36, 0x6c, 0xd2, 0x20, 0x51, 0x23, + 0xc1, 0x8c, 0x62, 0xb0, 0x70, 0x11, 0xb2, 0x70, 0xcb, 0x84, + 0x69, 0x4b, 0x32, 0x89, 0x01, 0x21, 0x81, 0x02, 0x38, 0x66, + 0xa3, 0x26, 0x12, 0x24, 0xa3, 0x30, 0x22, 0x24, 0x84, 0x18, + 0xb9, 0x84, 0x40, 0x16, 0x50, 0x22, 0x44, 0x31, 0x1b, 0x13, + 0x8d, 0x53, 0x02, 0x89, 0x4a, 0x22, 0x10, 0x53, 0x18, 0x01, + 0x58, 0x30, 0x2d, 0x00, 0x05, 0x08, 0x13, 0x80, 0x84, 0xc2, + 0x22, 0x0e, 0x88, 0x26, 0x2a, 0x04, 0xc4, 0x4c, 0x19, 0x43, + 0x01, 0xc8, 0x38, 0x4c, 0xd1, 0xb2, 0x90, 0x13, 0x29, 0x10, + 0x12, 0x48, 0x22, 0x01, 0xa8, 0x51, 0xd1, 0x92, 0x40, 0x11, + 0x27, 0x62, 0x10, 0x01, 0x0c, 0x0c, 0xc6, 0x28, 0xe3, 0x46, + 0x60, 0x24, 0x01, 0x8d, 0x14, 0xb6, 0x10, 0x50, 0xb6, 0x25, + 0x44, 0x38, 0x40, 0x44, 0xc2, 0x0c, 0x19, 0xc0, 0x64, 0x9c, + 0x44, 0x02, 0x21, 0x25, 0x65, 0x02, 0x23, 0x86, 0x1a, 0x12, + 0x70, 0x51, 0x24, 0x91, 0x09, 0x08, 0x44, 0x09, 0x35, 0x66, + 0x91, 0x04, 0x12, 0x43, 0x42, 0x8d, 0x22, 0xa0, 0x70, 0x14, + 0x91, 0x25, 0xa0, 0x00, 0x80, 0xe4, 0x00, 0x90, 0x44, 0xb2, + 0x61, 0x14, 0x20, 0x6e, 0xca, 0x14, 0x0d, 0x23, 0x85, 0x68, + 0xda, 0x40, 0x92, 0x0b, 0xb1, 0x20, 0x92, 0x04, 0x46, 0xc0, + 0x08, 0x8a, 0x40, 0xc4, 0x4d, 0x0c, 0x17, 0x45, 0xd3, 0x18, + 0x52, 0x1b, 0x46, 0x24, 0xc2, 0x24, 0x71, 0x83, 0x10, 0x80, + 0xc8, 0x82, 0x68, 0xc2, 0x96, 0x81, 0x0a, 0x01, 0x92, 0x60, + 0xb4, 0x84, 0x09, 0xc6, 0x00, 0x04, 0x37, 0x90, 0x0b, 0xa0, + 0x28, 0x12, 0x27, 0x09, 0x94, 0x80, 0x50, 0xd8, 0x04, 0x86, + 0x08, 0x13, 0x8a, 0x4a, 0x06, 0x89, 0x9b, 0xc4, 0x60, 0xe3, + 0xa2, 0x20, 0xe0, 0x38, 0x21, 0x22, 0xb4, 0x68, 0x0a, 0xa1, + 0x0c, 0x01, 0x24, 0x32, 0x4c, 0x48, 0x30, 0xa2, 0x80, 0x8d, + 0x58, 0x44, 0x10, 0xc8, 0x94, 0x6d, 0x21, 0xc3, 0x61, 0xcb, + 0x98, 0x24, 0xdc, 0x38, 0x11, 0xc9, 0x18, 0x11, 0x20, 0x01, + 0x50, 0x1c, 0x34, 0x8d, 0x02, 0x03, 0x09, 0x0a, 0x40, 0x61, + 0xd4, 0xb8, 0x84, 0x9c, 0xc2, 0x09, 0x04, 0xb1, 0x89, 0x83, + 0x86, 0x84, 0x19, 0x83, 0x0c, 0x5a, 0x86, 0x89, 0x10, 0x21, + 0x0d, 0xd1, 0xc2, 0x80, 0x18, 0x29, 0x2a, 0x0c, 0x01, 0x50, + 0x89, 0x88, 0x48, 0x03, 0xa7, 0x85, 0x21, 0x92, 0x64, 0xc4, + 0x16, 0x81, 0x94, 0x06, 0x6c, 0x53, 0x26, 0x12, 0x90, 0xb6, + 0x21, 0x0b, 0xa8, 0x64, 0x43, 0x96, 0x84, 0x41, 0x88, 0x70, + 0xe3, 0xa6, 0x44, 0x12, 0xc0, 0x09, 0x01, 0xc7, 0x60, 0xc3, + 0x20, 0x42, 0xc3, 0x40, 0x68, 0x10, 0xa6, 0x51, 0xa4, 0xa0, + 0x71, 0x54, 0x98, 0x04, 0x88, 0xb2, 0x00, 0x54, 0x18, 0x6a, + 0x48, 0x98, 0x20, 0x21, 0xb2, 0x8d, 0x82, 0x20, 0x81, 0x99, + 0x16, 0x81, 0x0a, 0xc5, 0x88, 0x0a, 0x23, 0x11, 0x8a, 0x16, + 0x44, 0x24, 0xc9, 0x29, 0x59, 0x08, 0x91, 0x1c, 0x29, 0x05, + 0x14, 0xc9, 0x44, 0xe3, 0x20, 0x10, 0x1b, 0xa1, 0x64, 0x82, + 0xa2, 0x90, 0x00, 0x00, 0x82, 0x98, 0xb2, 0x85, 0xc8, 0x04, + 0x28, 0xc8, 0xb2, 0x65, 0xc9, 0xc6, 0x88, 0xcc, 0x08, 0x91, + 0x84, 0x08, 0x30, 0x94, 0x94, 0x8d, 0xc0, 0x18, 0x46, 0x82, + 0x36, 0x4c, 0x83, 0x10, 0x72, 0x23, 0xb1, 0x88, 0x81, 0x20, + 0x8e, 0x19, 0x03, 0x8a, 0x94, 0x46, 0x22, 0x21, 0x35, 0x8e, + 0x04, 0xc0, 0x88, 0x5b, 0xb6, 0x09, 0x0a, 0x18, 0x44, 0x21, + 0x90, 0x65, 0x03, 0xb2, 0x21, 0xc4, 0x10, 0x50, 0xc1, 0x80, + 0x0c, 0x09, 0x40, 0x49, 0xe4, 0xa8, 0x8c, 0xa4, 0x36, 0x61, + 0x59, 0x12, 0x86, 0x20, 0x08, 0x2d, 0x10, 0x19, 0x85, 0xe4, + 0x34, 0x60, 0xc4, 0xb6, 0x60, 0x00, 0x18, 0x06, 0x8c, 0xb8, + 0x45, 0x19, 0x13, 0x4a, 0x53, 0xc4, 0x40, 0xc9, 0x38, 0x71, + 0xd9, 0x48, 0x10, 0x59, 0x08, 0x02, 0x02, 0x10, 0x69, 0x53, + 0x28, 0x80, 0x22, 0x81, 0x4c, 0xc9, 0x16, 0x26, 0xa1, 0x48, + 0x64, 0x19, 0x21, 0x11, 0x1c, 0x37, 0x88, 0x4b, 0x94, 0x2c, + 0x48, 0xc8, 0x6c, 0x63, 0x88, 0x65, 0x81, 0x40, 0x61, 0xa1, + 0x44, 0x31, 0x82, 0x18, 0x08, 0x80, 0x00, 0x26, 0x50, 0x14, + 0x49, 0xa1, 0x32, 0x50, 0x02, 0xc8, 0x45, 0x0c, 0x07, 0x24, + 0x13, 0x01, 0x6d, 0x0a, 0xb3, 0x90, 0x64, 0x30, 0x85, 0x21, + 0x09, 0x61, 0x44, 0x44, 0x72, 0x08, 0x32, 0x06, 0xe1, 0xa2, + 0x21, 0xdb, 0xa4, 0x09, 0x5a, 0xb4, 0x71, 0x43, 0xb2, 0x09, + 0x82, 0xc4, 0x64, 0x88, 0xa0, 0x91, 0xca, 0x14, 0x90, 0xa4, + 0xa8, 0x41, 0xc1, 0x38, 0x85, 0x12, 0x32, 0x60, 0x1a, 0x11, + 0x72, 0x53, 0x32, 0x2c, 0xe3, 0x08, 0x4d, 0x24, 0xc6, 0x28, + 0x0a, 0x03, 0x8c, 0x88, 0x06, 0x05, 0xa0, 0xa8, 0x05, 0x84, + 0xa2, 0x4c, 0x80, 0x40, 0x62, 0xda, 0x24, 0x81, 0x9a, 0x16, + 0x91, 0x24, 0x81, 0x04, 0xa4, 0x46, 0x51, 0xc2, 0xa8, 0x25, + 0x20, 0x28, 0x42, 0x13, 0x46, 0x2c, 0x63, 0x42, 0x72, 0x03, + 0x88, 0x28, 0xa3, 0x22, 0x24, 0x1a, 0x02, 0x26, 0x42, 0xa2, + 0x11, 0x11, 0xb0, 0x51, 0x92, 0xb4, 0x6c, 0xe2, 0x32, 0x85, + 0x10, 0xc2, 0x41, 0xc1, 0x40, 0x46, 0x4c, 0x26, 0x01, 0x1c, + 0x35, 0x02, 0x0c, 0x14, 0x0c, 0x18, 0x81, 0x00, 0x10, 0x26, + 0x02, 0xc8, 0x32, 0x8c, 0xe4, 0x02, 0x68, 0xcc, 0x14, 0x2e, + 0x89, 0x38, 0x60, 0x10, 0x12, 0x24, 0x93, 0x42, 0x65, 0xe3, + 0x24, 0x29, 0x08, 0x80, 0x41, 0x09, 0x29, 0x46, 0x5b, 0x26, + 0x49, 0x5b, 0x30, 0x80, 0x03, 0xc1, 0x2c, 0x04, 0x09, 0x82, + 0x4c, 0x48, 0x2d, 0x1c, 0x36, 0x4d, 0xdb, 0x02, 0x86, 0x21, + 0xb5, 0x51, 0x81, 0x80, 0x2d, 0xcb, 0x20, 0x81, 0x5b, 0x34, + 0x41, 0x89, 0x36, 0x48, 0x44, 0xa0, 0x05, 0x59, 0xb6, 0x64, + 0x12, 0x45, 0x21, 0x20, 0x31, 0x51, 0x0a, 0xc3, 0x8c, 0x14, + 0x48, 0x71, 0x18, 0x35, 0x24, 0x20, 0x45, 0x05, 0x88, 0x20, + 0x09, 0x08, 0xb1, 0x29, 0x18, 0xa0, 0x09, 0x4a, 0x00, 0x8a, + 0xe2, 0xb8, 0x45, 0x02, 0x27, 0x89, 0xd8, 0x10, 0x25, 0x51, + 0x82, 0x8c, 0x13, 0x92, 0x30, 0x1c, 0x24, 0x8e, 0x1c, 0x93, + 0x4d, 0xa3, 0x48, 0x51, 0x93, 0xa8, 0x69, 0xe2, 0x04, 0x89, + 0x13, 0x13, 0x61, 0xcb, 0x98, 0x8c, 0x09, 0x21, 0x62, 0x4b, + 0x14, 0x4e, 0x11, 0xa3, 0x09, 0x98, 0x40, 0x42, 0x91, 0x12, + 0x08, 0x80, 0x84, 0x2d, 0xc0, 0x12, 0x60, 0x03, 0xa4, 0x29, + 0x18, 0x80, 0x01, 0x94, 0x44, 0x8a, 0x12, 0x11, 0x72, 0xc4, + 0x22, 0x32, 0x9a, 0x46, 0x88, 0x1b, 0x16, 0x4d, 0x4b, 0x08, + 0x11, 0x02, 0x48, 0x45, 0x81, 0xa4, 0x64, 0xe1, 0x88, 0x0c, + 0x63, 0x10, 0x70, 0x48, 0x98, 0x05, 0x9b, 0xb8, 0x84, 0x03, + 0x14, 0x05, 0x44, 0x86, 0x0c, 0x20, 0x11, 0x68, 0xbe, 0x71, + 0x83, 0xc2, 0x69, 0xde, 0x49, 0xad, 0xb4, 0xdb, 0x93, 0xcb, + 0x20, 0x2b, 0xbd, 0x95, 0x97, 0x57, 0x7e, 0xcb, 0xbc, 0x73, + 0xb6, 0x3d, 0x16, 0x4a, 0x0e, 0xe4, 0x9c, 0x81, 0xb1, 0x5d, + 0x27, 0x64, 0xa2, 0x14, 0x12, 0x1b, 0x8e, 0xd0, 0xd8, 0x38, + 0xf6, 0xc7, 0xbb, 0x9f, 0x77, 0x3c, 0x62, 0x04, 0x92, 0xe1, + 0x97, 0xaf, 0x24, 0xa7, 0xf9, 0xf0, 0x8d, 0x3a, 0xbf, 0x5d, + 0xab, 0x5c, 0x97, 0x0f, 0xfc, 0x35, 0xbc, 0x62, 0xd8, 0x42, + 0xfd, 0xc7, 0x8b, 0xf7, 0x80, 0xd1, 0x38, 0x68, 0x14, 0x5e, + 0x4f, 0x99, 0x31, 0xc7, 0xaf, 0xbd, 0x27, 0xce, 0x1c, 0x5b, + 0x09, 0x1b, 0xcf, 0xbb, 0xfb, 0xf9, 0xf4, 0x90, 0x4c, 0xc1, + 0xa2, 0x12, 0xf9, 0xd0, 0xa5, 0x2c, 0xfd, 0x7b, 0x55, 0xb0, + 0xb1, 0xc6, 0x42, 0xe6, 0xeb, 0x10, 0x5e, 0xe9, 0x00, 0xe8, + 0x46, 0xe4, 0xe0, 0x8b, 0x21, 0xbc, 0xb1, 0xa9, 0x9e, 0x75, + 0x66, 0xf0, 0xb8, 0x87, 0xb9, 0x11, 0x7e, 0x28, 0x6c, 0x4d, + 0x58, 0xcd, 0x54, 0x71, 0x0c, 0x6a, 0xcc, 0xfb, 0x52, 0xc2, + 0x5b, 0xcc, 0x19, 0x67, 0x4f, 0xc2, 0x2f, 0x09, 0x62, 0x51, + 0x82, 0xeb, 0x9b, 0x94, 0x11, 0xb4, 0x5a, 0x67, 0x7f, 0x58, + 0x18, 0xb2, 0x3f, 0x37, 0x1f, 0x94, 0x44, 0x73, 0x6a, 0x02, + 0xf5, 0xfb, 0x5b, 0x03, 0xac, 0x5d, 0xc6, 0xa9, 0x79, 0x8f, + 0x0f, 0x50, 0xa0, 0x57, 0x46, 0x05, 0x6d, 0x58, 0xde, 0x6e, + 0x8d, 0x9c, 0x0e, 0x6a, 0xb5, 0x9b, 0x1b, 0x22, 0x74, 0xad, + 0x00, 0x55, 0x27, 0x46, 0xce, 0xbb, 0x82, 0x77, 0x4e, 0x6e, + 0x59, 0x38, 0x26, 0xb3, 0xc7, 0xbc, 0x97, 0x54, 0x83, 0x69, + 0x1f, 0x3e, 0xbd, 0x0f, 0xff, 0x2f, 0xca, 0xb9, 0xea, 0x91, + 0x26, 0x8e, 0x0a, 0x78, 0x25, 0xf6, 0x6b, 0x11, 0x30, 0xd7, + 0xe2, 0xf4, 0x2b, 0xda, 0xcf, 0xe1, 0x4a, 0x47, 0xab, 0x5f, + 0x54, 0x34, 0x38, 0xac, 0xd1, 0xbf, 0x45, 0xad, 0x4b, 0x52, + 0x0f, 0x4c, 0xa2, 0xac, 0x22, 0x7c, 0xb6, 0xed, 0x7f, 0xd5, + 0x63, 0x3b, 0x1a, 0x3b, 0xf2, 0x3d, 0x9b, 0x96, 0x92, 0x08, + 0xb9, 0x95, 0x13, 0xaf, 0x20, 0x26, 0x8b, 0x15, 0x97, 0x89, + 0xa5, 0x88, 0x8f, 0x78, 0xb4, 0x57, 0x9d, 0x51, 0x96, 0x9c, + 0x98, 0x93, 0xd5, 0x83, 0xf9, 0xff, 0x94, 0x29, 0x1e, 0xa5, + 0x28, 0xa4, 0x0c, 0x22, 0xab, 0xbc, 0x70, 0x48, 0xa2, 0x16, + 0x1c, 0xa4, 0xba, 0x8b, 0xfe, 0xb2, 0xa9, 0x03, 0x96, 0x5f, + 0xb4, 0x84, 0x8e, 0xb4, 0xbb, 0x7b, 0x11, 0xc5, 0xc2, 0xdb, + 0xe3, 0x88, 0xb5, 0xd3, 0xac, 0x07, 0x33, 0x53, 0xe8, 0x10, + 0x9e, 0xc5, 0x81, 0xb0, 0x77, 0x2f, 0x4f, 0x6d, 0x0d, 0x89, + 0xb4, 0x04, 0x98, 0x05, 0xe6, 0xd3, 0x36, 0x97, 0xcd, 0x3e, + 0x4d, 0xc6, 0x21, 0xe4, 0x0b, 0xcf, 0xed, 0xa7, 0x4d, 0xd9, + 0xd3, 0x25, 0xec, 0xec, 0x47, 0xfd, 0x06, 0x92, 0x77, 0x25, + 0x3c, 0x44, 0xe6, 0x5d, 0xb4, 0x35, 0x2b, 0x5d, 0x05, 0x65, + 0x63, 0x0b, 0xd9, 0xb8, 0x28, 0xdf, 0xdd, 0xfd, 0x64, 0x18, + 0x42, 0x19, 0x7f, 0x12, 0x78, 0xdd, 0xf0, 0x64, 0xd6, 0x99, + 0xb8, 0x74, 0x81, 0xe2, 0xb9, 0xc8, 0x67, 0x6d, 0x31, 0x22, + 0xa5, 0x68, 0xa1, 0x8d, 0x3e, 0x49, 0xbe, 0x10, 0x68, 0xa8, + 0x74, 0x1d, 0x18, 0xcf, 0x00, 0xe1, 0x4f, 0x77, 0xd8, 0xc6, + 0xe3, 0x08, 0xbb, 0x4c, 0xed, 0xff, 0xd9, 0x9b, 0xb0, 0xd1, + 0x50, 0xbb, 0x8b, 0x91, 0xcd, 0x5f, 0x2a, 0xfb, 0x8f, 0x4d, + 0x3c, 0x98, 0xba, 0xd7, 0x98, 0x99, 0xa7, 0x22, 0x14, 0xd7, + 0x94, 0xb5, 0xb8, 0xa4, 0x52, 0x31, 0xa7, 0xa1, 0xa4, 0x28, + 0xee, 0x31, 0xb5, 0xd0, 0xc1, 0x07, 0x05, 0x16, 0x1d, 0x53, + 0x45, 0x62, 0x23, 0x05, 0x44, 0xb6, 0x4f, 0x92, 0x03, 0x53, + 0x9a, 0x71, 0x56, 0xae, 0x16, 0x81, 0xb4, 0xc9, 0x98, 0xf4, + 0x7f, 0x11, 0x37, 0xc2, 0xc8, 0xf2, 0xe4, 0x48, 0xe3, 0xcc, + 0xf1, 0xe3, 0x3d, 0x8e, 0x13, 0x5b, 0x25, 0xad, 0xce, 0x6f, + 0xed, 0x60, 0x4f, 0x7d, 0x51, 0xe1, 0xd0, 0x74, 0xf4, 0xed, + 0xf3, 0x84, 0xa6, 0x0e, 0xba, 0xb4, 0x8e, 0x5a, 0xb9, 0x12, + 0x70, 0x43, 0x4c, 0xb5, 0xa5, 0x1e, 0x86, 0xa5, 0xe3, 0x4d, + 0x76, 0x95, 0xce, 0x2c, 0x53, 0x3a, 0x4e, 0x3f, 0x47, 0x73, + 0x85, 0x88, 0xd9, 0x39, 0x21, 0x83, 0x24, 0x68, 0x6a, 0x1e, + 0x77, 0xdf, 0x59, 0xc5, 0x1b, 0xe2, 0xb1, 0x47, 0x9d, 0xee, + 0x45, 0x1e, 0xc6, 0xd4, 0x43, 0xe2, 0xc7, 0x1c, 0x98, 0x84, + 0xe0, 0x39, 0xe9, 0x9f, 0xa0, 0xa2, 0x24, 0x4a, 0x88, 0x46, + 0xf3, 0x50, 0x52, 0xb5, 0xae, 0x37, 0x5c, 0xa1, 0x7d, 0xad, + 0x7c, 0x30, 0x3e, 0xcd, 0x80, 0x1c, 0xac, 0xf4, 0xe6, 0xb5, + 0x9f, 0x22, 0xb6, 0xfb, 0x0e, 0x6d, 0x80, 0x10, 0xf7, 0x3f, + 0xdd, 0x5b, 0xd9, 0xd4, 0x03, 0x14, 0x41, 0x90, 0x88, 0xa8, + 0xcf, 0x50, 0xa2, 0xf2, 0x7e, 0xf0, 0x0a, 0x7f, 0xed, 0x77, + 0x09, 0x48, 0x32, 0x55, 0xe9, 0x93, 0xe7, 0x27, 0x18, 0x46, + 0x17, 0x03, 0x25, 0x8e, 0x17, 0x5d, 0xe8, 0x9e, 0xb1, 0xb4, + 0x9d, 0x1a, 0x5e, 0xbe, 0xa8, 0xb8, 0x45, 0x30, 0xc6, 0xa5, + 0xb4, 0xaf, 0xf3, 0x0d, 0x91, 0x9c, 0xa9, 0x5b, 0x4c, 0xbb, + 0x19, 0x19, 0x39, 0x51, 0x36, 0x80, 0xf7, 0x10, 0xf7, 0x73, + 0x49, 0x17, 0xec, 0xbc, 0x92, 0x08, 0x21, 0xb1, 0x0c, 0x23, + 0xc4, 0xd6, 0xd2, 0xb3, 0xfd, 0xae, 0xe7, 0x71, 0xf3, 0x50, + 0x11, 0x27, 0x1a, 0x85, 0xf0, 0xab, 0xd8, 0x16, 0x64, 0xcb, + 0xad, 0xbb, 0xae, 0x54, 0x37, 0xa3, 0xa8, 0xf4, 0x09, 0x67, + 0x54, 0x61, 0x86, 0x0f, 0x0e, 0x25, 0x0d, 0xda, 0x4a, 0xc7, + 0xe7, 0x02, 0x80, 0x6b, 0x59, 0xd2, 0xc8, 0x88, 0x4d, 0x7d, + 0xfd, 0x3d, 0x48, 0x04, 0x6d, 0x95, 0xdf, 0xc2, 0x8b, 0x23, + 0x70, 0x4a, 0xf5, 0xdc, 0xc9, 0x24, 0x8d, 0x7e, 0x52, 0x22, + 0x7e, 0x9c, 0x5c, 0x32, 0xa5, 0xd5, 0xf2, 0x11, 0x08, 0xa0, + 0xd4, 0xa2, 0xd8, 0xdb, 0x1d, 0x9f, 0x1b, 0x54, 0x8f, 0xb5, + 0xf6, 0x71, 0x71, 0x49, 0xbc, 0x38, 0x09, 0xb6, 0x24, 0x94, + 0x80, 0x1f, 0x2d, 0x0c, 0xc7, 0xe4, 0xd6, 0xcd, 0xab, 0x53, + 0x79, 0x28, 0xed, 0x48, 0x23, 0x14, 0x2f, 0x0b, 0x3a, 0xd0, + 0xa7, 0x08, 0xe1, 0xfd, 0x1e, 0xb6, 0xdd, 0x12, 0x93, 0x2d, + 0x95, 0x06, 0xba, 0x95, 0xcb, 0x1a, 0xed, 0xfb, 0x60, 0xe7, + 0xf1, 0x1c, 0xad, 0xc3, 0xea, 0x8d, 0x3c, 0x53, 0x32, 0xb5, + 0x38, 0x26, 0xdd, 0x39, 0xf0, 0x39, 0x4e, 0x6f, 0x3e, 0xa9, + 0xea, 0x25, 0x29, 0xb8, 0x6c, 0x7d, 0x0a, 0x91, 0xd4, 0xb9, + 0x7b, 0x67, 0xe4, 0xe5, 0x63, 0xd7, 0x6b, 0x03, 0xa5, 0xd7, + 0xe8, 0xd2, 0xc0, 0x34, 0x53, 0xa6, 0x16, 0x21, 0x2a, 0x2a, + 0x09, 0xd3, 0xad, 0xa1, 0x2c, 0x6a, 0x88, 0x2d, 0x90, 0x06, + 0xba, 0x0b, 0xaa, 0xd1, 0xdb, 0xa4, 0xd0, 0x49, 0x0f, 0x42, + 0xe1, 0xca, 0xf0, 0x69, 0x15, 0x63, 0xcb, 0x0b, 0x4c, 0x2e, + 0x99, 0x20, 0x44, 0xe3, 0x6e, 0x32, 0x8a, 0xa1, 0x5c, 0x5b, + 0x03, 0xeb, 0xb5, 0x05, 0xff, 0x1a, 0x76, 0x38, 0x1c, 0xb0, + 0x74, 0xf1, 0x5a, 0x0d, 0x8a, 0xd2, 0x4e, 0x38, 0x11, 0x86, + 0xb0, 0x2d, 0xd3, 0x88, 0xe2, 0x0f, 0x51, 0x68, 0xb9, 0x79, + 0x96, 0x50, 0x95, 0xdc, 0x69, 0xcb, 0xa6, 0x25, 0x4a, 0xdf, + 0xa1, 0x39, 0x13, 0x47, 0x0a, 0xf0, 0xeb, 0xcb, 0x14, 0x01, + 0x28, 0x9c, 0x0f, 0xe2, 0x62, 0xca, 0xb5, 0x40, 0x51, 0x45, + 0x8e, 0x18, 0x88, 0xc9, 0x58, 0xaf, 0xb3, 0x48, 0xd5, 0x20, + 0xe8, 0xd8, 0x5b, 0xa2, 0x98, 0x74, 0x25, 0xfa, 0x25, 0x19, + 0x82, 0x22, 0xfa, 0x82, 0x7c, 0x38, 0x8d, 0x62, 0x86, 0x01, + 0x63, 0x20, 0x36, 0x8e, 0xaf, 0x15, 0x8a, 0x74, 0x1e, 0xfd, + 0x7f, 0xbe, 0x60, 0xc3, 0x65, 0x31, 0xce, 0xdb, 0x92, 0xb9, + 0x13, 0x2a, 0x78, 0xa9, 0xfc, 0x6a, 0x7b, 0x18, 0xec, 0x0c, + 0x7b, 0x4c, 0x86, 0xaf, 0xea, 0x6d, 0x52, 0x09, 0x76, 0x52, + 0x87, 0x8a, 0x0b, 0x2a, 0xf3, 0x93, 0x35, 0x92, 0x8b, 0x60, + 0x42, 0x2e, 0x12, 0xa9, 0xf7, 0x7c, 0x61, 0x5c, 0x8f, 0xc0, + 0xaa, 0x6e, 0x6a, 0xf6, 0x48, 0x48, 0xc6, 0x3e, 0xe0, 0x1d, + 0xb4, 0xfb, 0xc4, 0xd8, 0x01, 0xb8, 0xf2, 0xf4, 0xdf, 0xc1, + 0xba, 0xb5, 0xf2, 0x27, 0x3f, 0xdb, 0x78, 0x62, 0x1c, 0x0a, + 0xbe, 0xdb, 0xdd, 0x3c, 0x0c, 0x29, 0x85, 0xf1, 0x44, 0x5f, + 0x2b, 0x43, 0x80, 0x57, 0xa7, 0x5a, 0x4d, 0x1b, 0xbe, 0x03, + 0xe7, 0x55, 0x7b, 0x91, 0x9d, 0x4c, 0x8b, 0xd7, 0xfd, 0xde, + 0x65, 0x7e, 0xa8, 0x48, 0xbb, 0xa9, 0x96, 0x06, 0x7f, 0xc0, + 0x6c, 0xed, 0x87, 0x53, 0x77, 0xb4, 0x5a, 0x7c, 0xbb, 0xce, + 0xcf, 0x01, 0x08, 0x45, 0x61, 0xc1, 0x28, 0xb6, 0xf2, 0xb4, + 0x5b, 0x6b, 0x84, 0xfe, 0x18, 0x09, 0x39, 0xc1, 0xc8, 0x96, + 0x36, 0x6e, 0xba, 0x7e, 0x48, 0x12, 0xe6, 0xdc, 0x22, 0x48, + 0x17, 0x0b, 0xbd, 0x92, 0x64, 0xfa, 0xc9, 0x9b, 0x07, 0xda, + 0xed, 0x04, 0x68, 0x42, 0x15, 0x8c, 0xf9, 0xd8, 0xc3, 0x0d, + 0x21, 0x9d, 0x96, 0xbc, 0xc3, 0x07, 0x1a, 0x2c, 0x59, 0x3f, + 0x1a, 0x83, 0x43, 0xf0, 0xe0, 0xde, 0xe3, 0x40, 0x8e, 0x04, + 0x66, 0x3c, 0x87, 0x1e, 0xfa, 0x7b, 0x8a, 0x7b, 0xd2, 0x9e, + 0x15, 0xf5, 0xec, 0x3c, 0x72, 0x7e, 0x2d, 0x19, 0xf8, 0xfd, + 0xf0, 0x28, 0x71, 0x8a, 0xf5, 0xcb, 0x4c, 0x61, 0x5f, 0x85, + 0xe0, 0x6f, 0xb8, 0xf3, 0x17, 0x10, 0xcb, 0x44, 0x45, 0x8c, + 0x96, 0x08, 0xa1, 0xf1, 0x48, 0xa4, 0x1d, 0xea, 0x35, 0x2f, + 0x82, 0x2b, 0xc2, 0x0b, 0xef, 0x73, 0xe1, 0xc2, 0x35, 0xdb, + 0xe7, 0x68, 0xfd, 0xb0, 0xe8, 0x7b, 0x2d, 0x0f, 0xfd, 0x53, + 0x1b, 0xb8, 0x36, 0x54, 0xd6, 0x43, 0x30, 0xcf, 0x83, 0xb0, + 0x18, 0xda, 0x9b, 0x86, 0x82, 0xfa, 0xe6, 0x37, 0x5b, 0x9e, + 0xa4, 0xdb, 0x7c, 0x59, 0x25, 0x59, 0xc6, 0x46, 0x36, 0x72, + 0xc5, 0x72, 0xd8, 0x2f, 0x26, 0xe2, 0xee, 0xe3, 0xcb, 0xe5, + 0x33, 0x1f, 0x18, 0x2e, 0x16, 0xce, 0xd2, 0x9c, 0x89, 0x6e, + 0xd5, 0x21, 0xfa, 0x58, 0x83, 0xa9, 0x4c, 0x69, 0x97, 0x7d, + 0xae, 0x1f, 0x65, 0xd5, 0xdb, 0xf0, 0xfe, 0xd5, 0x32, 0xb1, + 0x50, 0x72, 0xdf, 0x2b, 0xe2, 0xc1, 0xe6, 0x2e, 0x8b, 0x87, + 0xa8, 0x4e, 0x84, 0xbe, 0xc9, 0x27, 0xb5, 0x74, 0x7e, 0x13, + 0x17, 0x57, 0x9c, 0xc6, 0xd3, 0x9f, 0xcd, 0x86, 0x50, 0x4b, + 0x6c, 0x50, 0xa2, 0xba, 0xfe, 0xf6, 0xd5, 0x85, 0x68, 0x31, + 0x89, 0xfb, 0xeb, 0xfe, 0x92, 0xb0, 0xd0, 0x4c, 0xbc, 0x65, + 0x4b, 0x62, 0xe2, 0xdf, 0x88, 0x7e, 0x90, 0xe0, 0xb3, 0xec, + 0x13, 0x69, 0x33, 0xea, 0x53, 0x69, 0x9a, 0x0b, 0x27, 0xfb, + 0xca, 0x9f, 0x9e, 0x1f, 0xcf, 0xb1, 0xeb, 0xf4, 0x8f, 0xe2, + 0x53, 0xc8, 0xe6, 0x51, 0x75, 0xee, 0xb1, 0x34, 0x3e, 0x37, + 0xdd, 0x2d, 0x3a, 0x72, 0x76, 0x33, 0xc1, 0x27, 0xe7, 0xbd, + 0xc1, 0x7f, 0xcb, 0x53, 0x5d, 0xdf, 0xc4, 0x1f, 0x36, 0xdb, + 0x6a, 0x91, 0x1f, 0x6a, 0xa5, 0xc6, 0xe2, 0x37, 0x68, 0x1a, + 0x7d, 0xf7, 0xed, 0x2a, 0xc7, 0x99, 0x5e, 0xbd, 0x59, 0x57, + 0x09, 0x22, 0x7e, 0x9c, 0xbd, 0x8e, 0xad, 0xbe, 0xee, 0xa5, + 0x2a, 0xe3, 0x9f, 0xff, 0x14, 0xda, 0xba, 0x90, 0x37, 0xba, + 0x3a, 0x42, 0xcd, 0x4a, 0x28, 0x47, 0x27, 0x58, 0x7a, 0x33, + 0x93, 0x77, 0x83, 0x29, 0xab, 0x47, 0x19, 0x43, 0x00, 0x6f, + 0xe7, 0x77, 0xc1, 0xaa, 0xd6, 0xbc, 0xc0, 0x1b, 0xd0, 0xdf, + 0xf9, 0x40, 0x4d, 0xb2, 0x60, 0xce, 0x59, 0x17, 0x0a, 0xa9, + 0x14, 0x4e, 0x6a, 0x30, 0x1b, 0x26, 0x68, 0x55, 0x12, 0x19, + 0x62, 0x85, 0x5d, 0xa6, 0xb4, 0x48, 0x4a, 0xe9, 0xe1, 0x57, + 0xb1, 0x48, 0xf3, 0x86, 0xd1, 0x50, 0x2e, 0x1d, 0x57, 0xbe, + 0x09, 0xf8, 0x53, 0x40, 0xd9, 0x55, 0xd9, 0x71, 0x4c, 0xa7, + 0xdb, 0x61, 0x82, 0x4e, 0x00, 0x58, 0xe4, 0x89, 0xae, 0xa6, + 0x1a, 0x4b, 0xe3, 0x9d, 0xec, 0x65, 0xee, 0xe1, 0x7b, 0xdb, + 0x4f, 0x8d, 0xf3, 0xd9, 0x89, 0xaa, 0xd1, 0x31, 0x30, 0xde, + 0xc3, 0x5c, 0xbc, 0xb9, 0x60, 0x0a, 0xe0, 0x13, 0x14, 0x85, + 0x08, 0x60, 0xc5, 0x1c, 0xc2, 0x9d, 0x8b, 0x6e, 0xb8, 0x94, + 0x11, 0x6f, 0xd3, 0xee, 0xfb, 0xf8, 0x15, 0xd8, 0xa4, 0x0b, + 0x92, 0xdf, 0x7c, 0x9a, 0xa2, 0xec, 0xa3, 0x3d, 0xbc, 0xcd, + 0xe8, 0xb5, 0xb3, 0xf5, 0xe8, 0xee, 0x2a, 0x57, 0xf7, 0x58, + 0xc4, 0xaa, 0xeb, 0x33, 0x44, 0x5f, 0x62, 0xbe, 0x90, 0x48, + 0xe5, 0xcb, 0x6a, 0xcb, 0x55, 0x94, 0x6d, 0xe6, 0x22, 0x03, + 0xeb, 0xcb, 0x05, 0xb8, 0xb4, 0xa5, 0xbe, 0xec, 0x79, 0x21, + 0x0d, 0xb3, 0x5c, 0x74, 0x11, 0xcb, 0xb3, 0xa6, 0x06, 0x2f, + 0x73, 0xd1, 0x14, 0xd9, 0x70, 0x4e, 0xc5, 0xf5, 0xff, 0xfd, + 0x49, 0x3b, 0xa9, 0x22, 0x80, 0x2a, 0x5e, 0xf9, 0xae, 0xa5, + 0xd4, 0x3c, 0x74, 0xd7, 0x5a, 0x5d, 0x88, 0x6f, 0x99, 0xe2, + 0x4c, 0xa3, 0x9b, 0x15, 0xb8, 0xfd, 0x0b, 0x0d, 0x57, 0x03, + 0xe8, 0xda, 0x78, 0xc4, 0x63, 0x49, 0x48, 0x7a, 0x39, 0xcd, + 0xfa, 0xad, 0x92, 0x55, 0x4a, 0x0e, 0x68, 0x08, 0xb9, 0x34, + 0xe0, 0x14, 0x6e, 0x19, 0xed, 0x69, 0x14, 0x7f, 0xc1, 0x7d, + 0x12, 0xac, 0x5d, 0xf7, 0x62, 0x6f, 0x77, 0x65, 0xa3, 0xc2, + 0xf9, 0xda, 0x43, 0x9e, 0x6b, 0x82, 0xd9, 0x14, 0x57, 0x02, + 0x09, 0x9f, 0xa7, 0x15, 0x27, 0xe8, 0xad, 0xa1, 0x73, 0xc7, + 0xb6, 0x11, 0x4c, 0x5e, 0xf4, 0x1a, 0x0a, 0x97, 0x98, 0x5e, + 0x29, 0x8a, 0x8b, 0xa5, 0xbd, 0x86, 0x7f, 0x6d, 0x31, 0x72, + 0x6d, 0xe5, 0xcf, 0x13, 0xff, 0xb9, 0x4e, 0x69, 0x66, 0x37, + 0x1b, 0xfb, 0xe8, 0xb7, 0x60, 0xfe, 0xbf, 0xaa, 0x06, 0x88, + 0xa4, 0xa2, 0x0b, 0x33, 0x55, 0xac, 0x61, 0x77, 0x0a, 0x6f, + 0x1f, 0xaf, 0xd8, 0x9b, 0xc7, 0x26, 0x13, 0xf6, 0xc4, 0xef, + 0xce, 0x0f, 0x16, 0x86, 0x64, 0x1b, 0xc0, 0x71, 0x35, 0xf9, + 0x1f, 0xaf, 0xc4, 0x7a, 0xa3, 0x3b, 0x89, 0x40, 0xcb, 0x09, + 0x11, 0x7b, 0x01, 0x54, 0xd5, 0xd2, 0x2a, 0xc8, 0xfe, 0x0e, + 0xef, 0x8c, 0xfb, 0x2b, 0x08, 0x12, 0x6d, 0xbb, 0xa8, 0x2e, + 0x7a, 0x2b, 0xc2, 0x91, 0x2a, 0x76, 0x0b, 0x31, 0x30, 0x4a, + 0x5b, 0xca, 0x96, 0xc9, 0x89, 0xa0, 0x12, 0x40, 0x76, 0xbe, + 0xcd, 0x59, 0x5f, 0xc2, 0x7b, 0xaf, 0xf6, 0x29, 0xde, 0xe9, + 0x24, 0x61, 0x3f, 0x46, 0x78, 0xa7, 0xda, 0x65, 0xb0, 0xb3, + 0xae, 0xf3, 0x72, 0x6e, 0x37, 0x6e, 0xae, 0xb1, 0x3b, 0xf6, + 0x60, 0xa1, 0x92, 0x86, 0x9e, 0x97, 0x4f, 0x5e, 0x86, 0x88, + 0x32, 0x06, 0x7c, 0xe3, 0x37, 0x7e, 0xb1, 0x83, 0xf5, 0x83, + 0x05, 0x43, 0xb3, 0xe3, 0xa1, 0x68, 0xe5, 0x4c, 0x92, 0x9c, + 0x61, 0xa3, 0x5d, 0xcf, 0x23, 0xe7, 0xce, 0xf5, 0x7f, 0xbb, + 0xf7, 0x89, 0x5e, 0xa8, 0xf0, 0xa1, 0xff, 0x1a, 0xaf, 0x15, + 0xc8, 0x3d, 0x8b, 0xce, 0x06, 0xa4, 0x60, 0xd6, 0x40, 0x19, + 0x48, 0x33, 0x53, 0x34, 0x9e, 0xd8, 0x75, 0xfc, 0x45, 0x73, + 0x35, 0x8f, 0x70, 0x04, 0x80, 0xa1, 0xe5, 0xfc, 0x98, 0xb0, + 0x52, 0x63, 0x41, 0x84, 0x57, 0xa2, 0x85, 0x4e, 0x68, 0x13, + 0x2d, 0x3e, 0x4b, 0x68, 0x7f, 0x43, 0x04, 0x05, 0x02, 0x5a, + 0x16, 0x67, 0x5a, 0xc5, 0xea, 0xac, 0x25, 0x61, 0xd4, 0xa4, + 0xe7, 0xbe, 0x13, 0x95, 0xbd, 0x03, 0xb4, 0x26, 0xe3, 0xbf, + 0x7e, 0xe5, 0x0b, 0x34, 0xeb, 0x59, 0x5d, 0xd7, 0xdb, 0x1e, + 0x07, 0xfc, 0x63, 0xab, 0xbb, 0xc6, 0x7a, 0x51, 0x50, 0x59, + 0x13, 0x4b, 0x27, 0x88, 0x98, 0xdc, 0x01, 0x37, 0xeb, 0x58, + 0x75, 0xde, 0x5a, 0xa4, 0x6b, 0xdd, 0xba, 0x01, 0x40, 0xf7, + 0x1c, 0x0a, 0xf3, 0x02, 0x3d, 0x54, 0x64, 0xf2, 0x85, 0x43, + 0x90, 0xc0, 0x69, 0x18, 0x94, 0x95, 0x6e, 0x57, 0x14, 0xda, + 0x27, 0x0a, 0x42, 0xb2, 0x5a, 0x78, 0xe4, 0xf1, 0x45, 0x85, + 0x54, 0xec, 0x44, 0xa0, 0xcb, 0xf4, 0xd1, 0x3a, 0x85, 0x74, + 0x0f, 0x04, 0x67, 0xf4, 0x42, 0x01, 0xc4, 0x04, 0x66, 0x48, + 0x6c, 0xbe, 0x84, 0x38, 0x6e, 0xda, 0x23, 0xd0, 0xd1, 0x26, + 0x94, 0x11, 0x65, 0x2e, 0xc6, 0xd8, 0x6e, 0x25, 0x17, 0x43, + 0x9f, 0x55, 0x2d, 0x1d, 0x55, 0xa9, 0xdd, 0x3b, 0xc7, 0x09, + 0xde, 0x26, 0x64, 0xd4, 0x85, 0x21, 0x15, 0x0d, 0x4a, 0x45, + 0x4d, 0xba, 0x13, 0x9e, 0x3b, 0x5e, 0xc2, 0xf7, 0xc1, 0x34, + 0xc5, 0x74, 0xd4, 0x95, 0x19, 0x3d, 0x69, 0x9c, 0xae, 0xef, + 0x13, 0x95, 0x2c, 0x77, 0xdd, 0x64, 0x2c, 0x12, 0x31, 0x7d, + 0xb5, 0x55, 0xde, 0x69, 0x35, 0x3f, 0x77, 0x72, 0xc6, 0x21, + 0x22, 0x23, 0x7a, 0x05, 0xbf, 0x92, 0xae, 0x49, 0x7f, 0x74, + 0x17, 0x97, 0x5f, 0x5b, 0x4d, 0x7d, 0x86, 0x23, 0x04, 0xe0, + 0xff, 0x10, 0x06, 0xc3, 0xd3, 0x05, 0xde, 0xc4, 0xae, 0xaf, + 0x3d, 0x2d, 0xaf, 0x3c, 0xaf, 0xd3, 0xd5, 0xfd, 0x84, 0xd8, + 0x3b, 0x6c, 0x8e, 0x8b, 0x23, 0x8b, 0x16, 0xaa, 0x67, 0xf1, + 0xde, 0xa4, 0x4b, 0x5a, 0x39, 0x60, 0x73, 0xd2, 0x9f, 0x1f, + 0x8c, 0xcf, 0xbc, 0xaa, 0x74, 0x9e, 0x8d, 0xfd, 0xc3, 0xb7, + 0x86, 0xe5, 0xbb, 0x5a, 0x4d, 0x3d, 0xe2, 0xc3, 0x28, 0x78, + 0x26, 0xd4, 0xb3, 0x45, 0x94, 0xd3, 0x2d, 0xbf, 0x8c, 0x92, + 0x56, 0x3c, 0x6e, 0xea, 0x53, 0x38, 0x7f, 0x22, 0x67, 0xc9, + 0xa7, 0x14, 0x20, 0xb9, 0x13, 0xc4, 0xa0, 0x44, 0x83, 0xc4, + 0x19, 0xca, 0x98, 0x71, 0xc7, 0x13, 0x70, 0x3a, 0xa7, 0xfb, + 0x9e, 0xc4, 0x94, 0x8c, 0xfd, 0x21, 0x36, 0x88, 0xea, 0x23, + 0xc7, 0x43, 0x52, 0x9f, 0xf4, 0x9e, 0xb1, 0xb4, 0xd3, 0x20, + 0x65, 0xd8, 0x18, 0x25, 0x80, 0xb7, 0xe4, 0x5c, 0x96, 0x3a, + 0xa3, 0xb5, 0x40, 0x63, 0xac, 0x02, 0x34, 0x51, 0xf7, 0x12, + 0xea, 0x97, 0x9d, 0x3e, 0xe7, 0xcb, 0x88, 0x15, 0xaa, 0xe3, + 0xfe, 0xe5, 0x42, 0xe5, 0x48, 0xcf, 0xc6, 0x8e, 0x0e, 0xc6, + 0x48, 0xdb, 0xe5, 0x1e, 0x79, 0x99, 0xed, 0x78, 0xa6, 0x37, + 0xdd, 0xe3, 0x7b, 0x01, 0xdd, 0x20, 0x63, 0x45, 0x57, 0xd1, + 0x0f, 0x05, 0x5d, 0x29, 0xad, 0x99, 0x6c, 0x27, 0xa3, 0x0c, + 0x72, 0x81, 0xb1, 0x26, 0x16, 0xaf, 0x11, 0x65, 0xba, 0x79, + 0xbc, 0xb8, 0xfe, 0xe7, 0xc5, 0xe6, 0x4c, 0xfa, 0x37, 0xc5, + 0xe0, 0x2e, 0x4e, 0xef, 0x75, 0xe4, 0x04, 0xaf, 0xfa, 0x41, + 0x7f, 0x58, 0x2e, 0x8f, 0x95, 0x5f, 0x15, 0x5c, 0x15, 0x23, + 0x81, 0xb7, 0x2c, 0x81, 0x70, 0xf5, 0xcc, 0x60, 0x09, 0x7e, + 0xf1, 0x0d, 0x9c, 0x9d, 0xcc, 0xa0, 0x30, 0xa8, 0x82, 0x23, + 0x5f, 0x94, 0xcb, 0x18, 0xc4, 0x32, 0xe6, 0xab, 0xcd, 0x96, + 0x9e, 0xab, 0xcd, 0x68, 0x6f, 0x88, 0xb7, 0x72, 0x65, 0xbc, + 0x1e, 0x05, 0x60, 0xfe, 0x6b, 0x77, 0x2a, 0x11, 0x63, 0x59, + 0x29, 0xdb, 0xba, 0xe0, 0x50, 0xd5, 0x51, 0x77, 0x16, 0xb8, + 0xb7, 0xf4, 0xa9, 0xbe, 0xf0, 0xa5, 0xaa, 0x20, 0x50, 0x2e, + 0x73, 0x21, 0xee, 0x77, 0xa3, 0xc8, 0xbc, 0x0c, 0x16, 0x0f, + 0x83, 0x7b, 0xaf, 0xbb, 0x91, 0x95, 0xd3, 0x6e, 0xe7, 0x28, + 0x77, 0x00, 0xbc, 0x83, 0x46, 0xa5, 0x0a, 0x19, 0xe8, 0x10, + 0xfb, 0x24, 0xeb, 0x27, 0xc2, 0xa3, 0xdd, 0xb8, 0x5b, 0x27, + 0xb9, 0xbb, 0x49, 0xd9, 0xd0, 0x32, 0x94, 0x48, 0x1b, 0xb8, + 0xf8, 0xb2, 0x30, 0xf4, 0x1f, 0x3d, 0xbf, 0xe6, 0xf3, 0x34, + 0xd3, 0x32, 0x85, 0x67, 0x85, 0x13, 0x3e, 0x20, 0xb7, 0xfa, + 0x74, 0x27, 0x74, 0x8f, 0x55, 0x47, 0x15, 0x91, 0x0b, 0x3f, + 0xb1, 0x18, 0xe7, 0x11, 0x1e, 0x52, 0xd8, 0xd1, 0x3f, 0xb9, + 0x5d, 0x4f, 0x88, 0xb9, 0x1e, 0x5a, 0xb6, 0x90, 0x64, 0xad, + 0x6f, 0x8d, 0x33, 0xb3, 0x57, 0xde, 0x3e, 0x13, 0xb3, 0x9f, + 0x2d, 0x00, 0xb1, 0x79, 0x84, 0x60, 0x6d, 0x3c, 0x5f, 0xc0, + 0x34, 0x08, 0x4b, 0x58, 0x33, 0x59, 0xfe, 0xe5, 0xed, 0xd3, + 0x10, 0xd8, 0xd8, 0x85, 0xc3, 0xc9, 0x71, 0xcf, 0x40, 0x96, + 0xc0, 0xd5, 0x5e, 0x62, 0xe7, 0xcb, 0x33, 0xee, 0x72, 0xb5, + 0xb8, 0x6e, 0xea, 0x13, 0xde, 0xeb, 0x82, 0x03, 0x8e, 0x6c, + 0xb3, 0x67, 0xb1, 0x5f, 0xd4, 0xe1, 0xd9, 0xc2, 0x7a, 0x97, + 0xbb, 0xd4, 0x5e, 0x0b, 0xfe, 0xc1, 0xb3, 0x1f, 0x2b, 0x1a, + 0x37, 0x98, 0x26, 0x27, 0xb1, 0xaf, 0x4c, 0x55, 0xe1, 0xae, + 0x4c, 0x86, 0x80, 0x4b, 0xc5, 0xf2, 0x35, 0x48, 0x81, 0xf7, + 0x83, 0x75, 0x63, 0x08, 0x0d, 0x77, 0x41, 0x14, 0xbc, 0xf3, + 0x6e, 0x46, 0xbd, 0x9c, 0x5a, 0x4f, 0x5c, 0x89, 0x26, 0xb6, + 0x6c, 0xde, 0x0d, 0x15, 0x31, 0xec, 0x7e, 0x13, 0xf2, 0x99, + 0x74, 0x40, 0x3c, 0xe1, 0xea, 0xa0, 0xc9, 0x99, 0x0a, 0x4b, + 0x17, 0x74, 0xff, 0x47, 0x15, 0x76, 0x5e, 0x44, 0xa2, 0x1c, + 0x93, 0xd3, 0xe6, 0xa2, 0x82, 0x0f, 0x7f, 0x55, 0xa8, 0xf3, + 0x79, 0xc3, 0xa8, 0x9f, 0x37, 0x2b, 0x97, 0x7e, 0x90, 0x71, + 0xfc, 0xa7, 0xff, 0xc6, 0xc7, 0x93, 0x5c, 0xc9, 0xed, 0x20, + 0x60, 0xbd, 0x5c, 0x36, 0x05, 0x55, 0x51, 0x55, 0x51, 0x15, + 0x36, 0x01, 0x17, 0xa9, 0x56, 0x27, 0x44, 0x66, 0xc9, 0x3a, + 0xb9, 0xbb, 0xee, 0x04, 0xb6, 0x2a, 0xfd, 0x10, 0x9a, 0x46, + 0xdd, 0x5d, 0x6d, 0xad, 0x21, 0x86, 0x6d, 0x62, 0x8a, 0x4a, + 0xbc, 0x73, 0xf0, 0x9d, 0x93, 0x0d, 0xf1, 0x62, 0xfa, 0x58, + 0x64, 0x37, 0x4f, 0x0b, 0xa3, 0xa1, 0x52, 0xce, 0x03, 0xce, + 0x0f, 0x77, 0x29, 0xad, 0x47, 0x38, 0xca, 0xbc, 0x61, 0xe6, + 0xad, 0xe4, 0x8b, 0xf1, 0x82, 0xa8, 0xd5, 0xe3, 0x8c, 0xd3, + 0xa0, 0xc4, 0xc0, 0x5e, 0x3b, 0xa1, 0x66, 0x2a, 0x6e, 0x88, + 0x24, 0x56, 0xe4, 0x84, 0x0a, 0x36, 0x72, 0xf3, 0x5c, 0x11, + 0xd9, 0x66, 0xd8, 0x45, 0x5c, 0x83, 0x9e, 0x1c, 0x8c, 0xc6, + 0xf6, 0x6e, 0x6a, 0xb1, 0x52, 0xed, 0x6c, 0x6a, 0x6d, 0x23, + 0xb9, 0x0b, 0x66, 0x26, 0x5a, 0x16, 0x16, 0x90, 0x43, 0xb9, + 0xc3, 0x02, 0xc1, 0x43, 0x93, 0x13, 0x94, 0xfe, 0xc3, 0x59, + 0x49, 0xbe, 0x1e, 0x26, 0x1b, 0x9d, 0x8e, 0xba, 0xc4, 0x29, + 0x51, 0x05, 0x28, 0x1f, 0x55, 0x59, 0x1c, 0x3e, 0x25, 0x86, + 0xcc, 0xc7, 0xd9, 0xd3, 0xa8, 0xe7, 0x10, 0xa0, 0xb6, 0x23, + 0xb9, 0xaf, 0x00, 0x8b, 0x7d, 0xf1, 0x5b, 0xd6, 0xb7, 0x56, + 0x44, 0x9b, 0x0a, 0xec, 0xa6, 0x2b, 0xb4, 0x4e, 0x1d, 0x4f, + 0xc5, 0x0b, 0x45, 0xd2, 0x3a, 0xc5, 0xc0, 0xbf, 0xb9, 0xdd, + 0x59, 0x21, 0xf2, 0x67, 0x25, 0x88, 0x9b, 0xb6, 0x66, 0x83, + 0xbf, 0x62, 0xfe, 0x7c, 0xfa, 0x9e, 0x50, 0xed, 0x15, 0x93, + 0xb6, 0x7a, 0xb0, 0xc4, 0xbe, 0xcf, 0x2a, 0x70, 0x4e, 0x52, + 0x20, 0xc1, 0x24, 0x08, 0x49, 0xd9, 0x05, 0x04, 0x53, 0x73, + 0xf3, 0xcf, 0x14, 0x70, 0xac, 0x3c, 0x45, 0x0f, 0x08, 0xa3, + 0xae, 0x43, 0xe7, 0x7f, 0x1f, 0xe2, 0x14, 0xf1, 0xbb, 0x25, + 0x20, 0xfd, 0xe4, 0xaf, 0x44, 0x9e, 0x77, 0x88, 0x4d, 0x26, + 0x09, 0xb1, 0xb0, 0x12, 0xf5, 0xdf, 0x3c, 0x53, 0x48, 0x78, + 0xb9, 0x60, 0x41, 0xd3, 0x8f, 0x8d, 0x11, 0x63, 0x60, 0x28, + 0x30, 0x07, 0xa2, 0x14, 0x3b, 0x8c, 0x50, 0xe2, 0xee, 0x73, + 0x39, 0x66, 0xd1, 0x51, 0x87, 0xac, 0x90, 0x9b, 0x2c, 0x6d, + 0x8d, 0xd5, 0x75, 0x3f, 0xc6, 0xf1, 0x8f, 0xdf, 0xdb, 0x45, + 0x38, 0xf8, 0xd6, 0x7e, 0xc7, 0x7c, 0x44, 0x08, 0x4a, 0x14, + 0xa0, 0x84, 0x7c, 0x8b, 0x88, 0x40, 0x93, 0x89, 0xae, 0x2c, + 0x20, 0x07, 0x80, 0xec, 0xce, 0x4c, 0x2c, 0x4e, 0x49, 0x79, + 0x53, 0xe7, 0xde, 0xa2, 0x9e, 0x67, 0x21, 0x53, 0x7c, 0x85, + 0xe7, 0x6f, 0xbd, 0x93, 0xab, 0x63, 0xba, 0xf0, 0xbd, 0xea, + 0x39, 0x16, 0x47, 0xbf, 0xe6, 0x0c, 0xcb, 0x63, 0xc7, 0xc5, + 0xf1, 0xdc, 0x5a, 0x52, 0xcd, 0x4c, 0x53, 0x8b, 0x7e, 0xb1, + 0xc3, 0x4e, 0xe7, 0x61, 0x25, 0x01, 0xec, 0xae, 0x06, 0x74, + 0x9f, 0xbc, 0xbb, 0x2a, 0x47, 0x46, 0xe8, 0xae, 0xf2, 0xab, + 0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd, + 0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74, }; static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key); -#endif /* HAVE_PQC && HAVE_DILITHIUM */ +#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + +static const unsigned char bench_dilithium_level5_pubkey[] = { + 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, + 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, + 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, + 0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0, + 0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c, + 0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75, + 0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6, + 0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0, + 0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d, + 0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f, + 0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1, + 0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31, + 0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23, + 0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13, + 0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23, + 0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b, + 0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4, + 0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d, + 0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6, + 0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a, + 0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a, + 0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6, + 0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41, + 0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21, + 0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55, + 0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d, + 0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35, + 0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27, + 0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9, + 0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9, + 0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18, + 0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4, + 0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf, + 0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79, + 0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57, + 0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68, + 0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67, + 0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac, + 0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68, + 0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7, + 0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08, + 0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5, + 0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0, + 0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9, + 0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88, + 0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6, + 0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff, + 0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68, + 0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde, + 0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5, + 0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02, + 0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f, + 0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90, + 0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51, + 0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d, + 0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e, + 0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0, + 0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb, + 0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a, + 0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41, + 0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6, + 0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c, + 0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f, + 0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec, + 0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7, + 0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02, + 0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8, + 0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13, + 0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54, + 0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23, + 0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb, + 0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13, + 0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c, + 0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa, + 0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb, + 0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae, + 0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64, + 0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7, + 0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75, + 0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2, + 0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00, + 0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd, + 0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86, + 0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67, + 0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43, + 0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f, + 0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20, + 0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b, + 0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7, + 0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68, + 0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9, + 0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84, + 0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98, + 0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35, + 0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81, + 0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e, + 0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc, + 0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c, + 0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45, + 0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd, + 0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20, + 0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab, + 0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69, + 0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99, + 0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4, + 0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a, + 0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba, + 0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50, + 0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae, + 0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2, + 0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62, + 0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e, + 0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c, + 0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a, + 0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70, + 0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d, + 0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72, + 0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb, + 0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a, + 0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99, + 0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c, + 0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39, + 0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2, + 0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf, + 0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69, + 0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17, + 0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6, + 0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b, + 0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5, + 0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1, + 0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31, + 0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76, + 0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81, + 0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35, + 0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73, + 0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d, + 0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3, + 0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74, + 0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8, + 0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68, + 0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa, + 0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08, + 0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b, + 0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93, + 0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb, + 0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88, + 0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc, + 0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3, + 0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b, + 0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34, + 0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92, + 0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c, + 0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3, + 0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a, + 0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1, + 0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15, + 0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe, + 0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a, + 0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61, + 0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf, + 0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d, + 0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a, + 0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38, + 0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4, + 0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6, + 0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72, + 0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78, + 0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52, + 0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3, + 0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b, + 0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55, + 0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1, + 0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa, + 0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66, + 0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45, + 0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45, + 0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a, + 0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40, + 0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3, + 0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77, + 0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53, + 0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90, + 0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37, + 0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5, + 0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10, + 0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc, + 0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f, + 0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f, + 0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f, + 0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce, + 0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25, + 0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac, + 0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7, + 0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad, + 0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97, + 0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88, + 0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba, + 0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b, + 0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d, + 0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b, + 0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5, + 0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2, + 0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a, + 0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49, + 0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c, + 0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99, + 0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47, + 0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde, + 0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc, + 0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6, + 0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58, + 0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c, + 0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e, + 0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5, + 0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71, + 0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf, + 0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00, + 0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9, + 0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5, + 0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd, + 0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3, + 0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e, + 0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51, + 0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3, + 0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d, + 0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a, + 0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71, + 0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37, + 0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58, + 0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6, + 0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25, + 0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64, + 0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6, + 0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f, + 0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4, + 0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc, + 0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25, + 0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18, + 0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1, + 0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d, + 0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce, + 0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34, + 0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9, + 0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18, + 0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88, + 0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e, + 0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30, + 0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f, + 0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64, + 0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32, + 0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa, + 0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d, + 0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d, + 0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5, + 0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8, + 0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25, + 0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61, + 0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40, + 0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95, + 0x0a, 0x93, +}; +static const int sizeof_bench_dilithium_level5_pubkey = + sizeof(bench_dilithium_level5_pubkey); + +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + +#endif /* HAVE_DILITHIUM */ -#if defined(HAVE_PQC) && defined(HAVE_SPHINCS) +#if defined(HAVE_SPHINCS) /* certs/sphincs/bench_sphincs_fast_level1_key.der */ static const unsigned char bench_sphincs_fast_level1_key[] = @@ -5999,7 +6034,7 @@ static const unsigned char bench_sphincs_small_level5_key[] = }; static const int sizeof_bench_sphincs_small_level5_key = sizeof(bench_sphincs_small_level5_key); -#endif /* HAVE_PQC && HAVE_SPHINCS */ +#endif /* HAVE_SPHINCS */ #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) diff --git a/wolfssl/crl.h b/wolfssl/crl.h index 4b4dcc2768..5e5205ea2b 100644 --- a/wolfssl/crl.h +++ b/wolfssl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index e579bfb665..6354f635a8 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,10 @@ extern "C" { #endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H + #include +#endif + enum wolfSSL_ErrorCodes { INPUT_CASE_ERROR = -301, /* process input state error */ PREFIX_ERROR = -302, /* bad index to key rounds */ @@ -211,6 +215,9 @@ enum wolfSSL_ErrorCodes { WOLFSSL_LOCAL void SetErrorString(int err, char* buff); +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + #include +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/include.am b/wolfssl/include.am index d00c593820..4a77614785 100644 --- a/wolfssl/include.am +++ b/wolfssl/include.am @@ -31,3 +31,9 @@ noinst_HEADERS+= wolfssl/options.h else nobase_include_HEADERS+= wolfssl/options.h endif + +wolfssl/debug-trace-error-codes.h wolfssl/debug-untrace-error-codes.h: wolfssl/wolfcrypt/error-crypt.h wolfssl/error-ssl.h + @support/gen-debug-trace-error-codes.sh + +DISTCLEANFILES += wolfssl/debug-trace-error-codes.h \ + wolfssl/debug-untrace-error-codes.h diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 89a300e927..88188bd1d1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -122,8 +122,10 @@ #ifdef HAVE_CURVE448 #include #endif -#ifdef HAVE_PQC +#ifdef HAVE_FALCON #include +#endif +#ifdef HAVE_DILITHIUM #include #endif #ifdef HAVE_HKDF @@ -206,7 +208,12 @@ #endif #elif defined(WOLFSSL_ZEPHYR) #ifndef SINGLE_THREADED - #include + #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #endif #elif defined(WOLFSSL_TELIT_M2MB) /* do nothing */ @@ -1322,6 +1329,10 @@ enum { #endif #endif +#ifndef MAX_PSK_KEY_LEN + #define MAX_PSK_KEY_LEN 64 +#endif + #ifndef MAX_EARLY_DATA_SZ /* maximum early data size */ #define MAX_EARLY_DATA_SZ 4096 @@ -1414,7 +1425,7 @@ enum { #define ENCRYPT_BASE_BITS (256 * 2) #else /* No secret from public key operation but PSK key plus length used. */ - #define ENCRYPT_BASE_BITS ((MAX_PSK_ID_LEN + 2) * 8) + #define ENCRYPT_BASE_BITS ((MAX_PSK_KEY_LEN + 2) * 8) #endif #ifdef WOLFSSL_DTLS_CID @@ -1549,12 +1560,12 @@ enum Misc { MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */ #endif #endif -#ifdef HAVE_PQC +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) ENCRYPT_LEN = 5120, /* Allow 5k byte buffer for dilithium and * hybridization with other algs. */ #else #ifndef NO_PSK - ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2, + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2, #else ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), #endif @@ -1726,10 +1737,12 @@ enum Misc { AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ AEAD_NONCE_SZ = 12, - AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ + AESGCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ + AESCCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, - GCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ + GCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ + CCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ GCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ GCM_NONCE_SZ = GCM_EXP_IV_SZ + GCM_IMP_IV_SZ, @@ -1768,7 +1781,7 @@ enum Misc { ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ #endif MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */ - MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ + MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ @@ -1787,16 +1800,16 @@ enum Misc { FALCON_LEVEL5_SA_MINOR = 0xB1, DILITHIUM_LEVEL2_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL2_SA_MINOR = 0xA0, + DILITHIUM_LEVEL2_SA_MINOR = 0xD0, DILITHIUM_LEVEL3_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL3_SA_MINOR = 0xA3, + DILITHIUM_LEVEL3_SA_MINOR = 0xD1, DILITHIUM_LEVEL5_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL5_SA_MINOR = 0xA5, + DILITHIUM_LEVEL5_SA_MINOR = 0xD2, MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ -#if defined(HAVE_PQC) +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */ #elif defined(WOLFSSL_CERT_EXT) MAX_CERT_VERIFY_SZ = 2048, /* For larger extensions */ @@ -1819,7 +1832,6 @@ enum Misc { DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ NULL_TERM_LEN = 1, /* length of null '\0' termination character */ - MAX_PSK_KEY_LEN = 64, /* max psk key supported */ MIN_PSK_ID_LEN = 6, /* min length of identities */ MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ @@ -1848,13 +1860,13 @@ enum Misc { #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER #define WOLFSSL_NAMED_GROUP_IS_PQC(group) \ ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \ (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX)) #else #define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) -#endif /* HAVE_PQC */ +#endif /* WOLFSSL_HAVE_KYBER */ /* minimum Downgrade Minor version */ #ifndef WOLFSSL_MIN_DOWNGRADE @@ -1884,7 +1896,7 @@ enum Misc { /* number of items in the signature algo list */ #ifndef WOLFSSL_MAX_SIGALGO -#ifdef HAVE_PQC +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) /* If we are building with post-quantum algorithms, we likely want to * inter-op with OQS's OpenSSL and they send a lot more sigalgs. */ @@ -1913,10 +1925,12 @@ enum Misc { #endif #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) -#ifdef HAVE_PQC +#ifdef HAVE_FALCON #ifndef MIN_FALCONKEY_SZ #define MIN_FALCONKEY_SZ 1281 #endif +#endif +#ifdef HAVE_DILITHIUM #ifndef MIN_DILITHIUMKEY_SZ #define MIN_DILITHIUMKEY_SZ 2528 #endif @@ -1961,7 +1975,7 @@ enum Misc { #endif #ifndef MAX_X509_SIZE - #if defined(HAVE_PQC) + #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) #define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */ #elif defined(WOLFSSL_HAPROXY) #define MAX_X509_SIZE 3072 /* max static x509 buffer size */ @@ -2169,17 +2183,22 @@ WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutI WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, - word32 hashSigAlgoSz); + word32 hashSigAlgoSz, int matchSuites); #if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY) WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, int label, int id, void* heap, int devId); #endif +#ifdef WOLFSSL_BLIND_PRIVATE_KEY +WOLFSSL_LOCAL int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key, + DerBuffer** mask); +WOLFSSL_LOCAL void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask); +#endif WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length); #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length); #endif -#ifdef WOLF_PRIVATE_KEY_ID +#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); #ifndef NO_ASN WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); @@ -2195,9 +2214,9 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); -WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); +WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str, word32 strLen); #ifndef NO_CERTS -WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); +WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN); WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType); #endif @@ -2355,16 +2374,8 @@ typedef struct CipherSuite { #endif } CipherSuite; -WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, - int haveRSAsig, int haveFalconSig, - int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz); -WOLFSSL_LOCAL void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, - int haveRSAsig, int haveFalconSig, - int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz, word16* len); /* use wolfSSL_API visibility to be able to test in tests/api.c */ -WOLFSSL_API void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int have, +WOLFSSL_API void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, int tls1_2, int keySz, word16* len); WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); @@ -2633,12 +2644,13 @@ struct WOLFSSL_CERT_MANAGER { /* with CTX free. */ #endif wolfSSL_Ref ref; -#ifdef HAVE_PQC +#ifdef HAVE_FALCON short minFalconKeySz; /* minimum allowed Falcon key size */ +#endif +#ifdef HAVE_DILITHIUM short minDilithiumKeySz; /* minimum allowed Dilithium key size */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; #endif }; @@ -2685,6 +2697,14 @@ typedef struct ProcPeerCertArgs { } ProcPeerCertArgs; WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, ProcPeerCertArgs* args); +WOLFSSL_LOCAL void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, + ProcPeerCertArgs* args, int* outRet); + +WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, + WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args, + int cert_err, void* heap, int* x509Free); +WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, + WOLFSSL* ssl, void* heap, int x509Free); #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ #endif /* !defined NO_CERTS */ @@ -2725,6 +2745,70 @@ typedef struct WOLFSSL_DTLS_PEERSEQ { #endif } WOLFSSL_DTLS_PEERSEQ; +struct WOLFSSL_BIO { + WOLFSSL_BUF_MEM* mem_buf; + WOLFSSL_BIO_METHOD* method; + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + union { + byte* mem_buf_data; +#ifndef WOLFCRYPT_ONLY + WOLFSSL* ssl; + WOLFSSL_EVP_MD_CTX* md_ctx; +#endif +#ifndef NO_FILESYSTEM + XFILE fh; +#endif + } ptr; + void* usrCtx; /* user set pointer */ + char* ip; /* IP address for wolfIO_TcpConnect */ + word16 port; /* Port for wolfIO_TcpConnect */ + char* infoArg; /* BIO callback argument */ + wolf_bio_info_cb infoCb; /* BIO callback */ + int wrSz; /* write buffer size (mem) */ + int wrSzReset; /* First buffer size (mem) - read ONLY data */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + union { + SOCKET_T fd; + size_t length; + } num; + int eof; /* eof flag */ + int flags; + byte type; /* method type */ + byte init:1; /* bio has been initialized */ + byte shutdown:1; /* close flag */ + byte connected:1; /* connected state, for datagram BIOs -- as for + * struct WOLFSSL_DTLS_CTX, when set, sendto and + * recvfrom leave the peer_addr unchanged. */ +#ifdef WOLFSSL_HAVE_BIO_ADDR + union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored + * with BIO_CTRL_DGRAM_CONNECT, + * BIO_CTRL_DGRAM_SET_CONNECTED, or + * BIO_CTRL_DGRAM_SET_PEER, or stored when a + * packet was received on an unconnected BIO. */ +#endif + +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) + #define WOLFSSL_BIO_HAVE_FLOW_STATS + word64 bytes_read; + word64 bytes_written; +#endif + +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + wolfSSL_Ref ref; +#endif +}; + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) +WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); +#endif #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ @@ -2808,74 +2892,108 @@ typedef struct Options Options; /** TLS Extensions - RFC 6066 */ #ifdef HAVE_TLS_EXTENSIONS +#define TLSXT_SERVER_NAME 0x0000 /* a.k.a. SNI */ +#define TLSXT_MAX_FRAGMENT_LENGTH 0x0001 +#define TLSXT_TRUSTED_CA_KEYS 0x0003 +#define TLSXT_TRUNCATED_HMAC 0x0004 +#define TLSXT_STATUS_REQUEST 0x0005 /* a.k.a. OCSP stapling */ +#define TLSXT_SUPPORTED_GROUPS 0x000a /* a.k.a. Supported Curves */ +#define TLSXT_EC_POINT_FORMATS 0x000b +#define TLSXT_SIGNATURE_ALGORITHMS 0x000d /* HELLO_EXT_SIG_ALGO */ +#define TLSXT_USE_SRTP 0x000e /* 14 */ +#define TLSXT_APPLICATION_LAYER_PROTOCOL 0x0010 /* a.k.a. ALPN */ +#define TLSXT_STATUS_REQUEST_V2 0x0011 /* a.k.a. OCSP stapling v2 */ +#define TLSXT_CLIENT_CERTIFICATE 0x0013 /* RFC8446 */ +#define TLSXT_SERVER_CERTIFICATE 0x0014 /* RFC8446 */ +#define TLSXT_ENCRYPT_THEN_MAC 0x0016 /* RFC 7366 */ +#define TLSXT_EXTENDED_MASTER_SECRET 0x0017 /* HELLO_EXT_EXTMS */ +#define TLSXT_SESSION_TICKET 0x0023 +#define TLSXT_PRE_SHARED_KEY 0x0029 +#define TLSXT_EARLY_DATA 0x002a +#define TLSXT_SUPPORTED_VERSIONS 0x002b +#define TLSXT_COOKIE 0x002c +#define TLSXT_PSK_KEY_EXCHANGE_MODES 0x002d +#define TLSXT_CERTIFICATE_AUTHORITIES 0x002f +#define TLSXT_POST_HANDSHAKE_AUTH 0x0031 +#define TLSXT_SIGNATURE_ALGORITHMS_CERT 0x0032 +#define TLSXT_KEY_SHARE 0x0033 +#define TLSXT_CONNECTION_ID 0x0036 +#define TLSXT_KEY_QUIC_TP_PARAMS 0x0039 /* RFC 9001, ch. 8.2 */ +#define TLSXT_ECH 0xfe0d /* from */ + /* draft-ietf-tls-esni-13 */ +/* The 0xFF section is experimental/custom/personal use */ +#define TLSXT_CKS 0xff92 /* X9.146 */ +#define TLSXT_RENEGOTIATION_INFO 0xff01 +#define TLSXT_KEY_QUIC_TP_PARAMS_DRAFT 0xffa5 /* from */ + /* draft-ietf-quic-tls-27 */ + typedef enum { #ifdef HAVE_SNI - TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ -#endif - TLSX_MAX_FRAGMENT_LENGTH = 0x0001, - TLSX_TRUSTED_CA_KEYS = 0x0003, - TLSX_TRUNCATED_HMAC = 0x0004, - TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ - TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ - TLSX_EC_POINT_FORMATS = 0x000b, + TLSX_SERVER_NAME = TLSXT_SERVER_NAME, +#endif + TLSX_MAX_FRAGMENT_LENGTH = TLSXT_MAX_FRAGMENT_LENGTH, + TLSX_TRUSTED_CA_KEYS = TLSXT_TRUSTED_CA_KEYS, + TLSX_TRUNCATED_HMAC = TLSXT_TRUNCATED_HMAC, + TLSX_STATUS_REQUEST = TLSXT_STATUS_REQUEST, + TLSX_SUPPORTED_GROUPS = TLSXT_SUPPORTED_GROUPS, + TLSX_EC_POINT_FORMATS = TLSXT_EC_POINT_FORMATS, #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) - TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ + TLSX_SIGNATURE_ALGORITHMS = TLSXT_SIGNATURE_ALGORITHMS, #endif #ifdef WOLFSSL_SRTP - TLSX_USE_SRTP = 0x000e, /* 14 */ + TLSX_USE_SRTP = TLSXT_USE_SRTP, #endif - TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ - TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ + TLSX_APPLICATION_LAYER_PROTOCOL = TLSXT_APPLICATION_LAYER_PROTOCOL, + TLSX_STATUS_REQUEST_V2 = TLSXT_STATUS_REQUEST_V2, #ifdef HAVE_RPK - TLSX_CLIENT_CERTIFICATE_TYPE = 0x0013, /* RFC8446 */ - TLSX_SERVER_CERTIFICATE_TYPE = 0x0014, /* RFC8446 */ + TLSX_CLIENT_CERTIFICATE_TYPE = TLSXT_CLIENT_CERTIFICATE, + TLSX_SERVER_CERTIFICATE_TYPE = TLSXT_SERVER_CERTIFICATE, #endif #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ + TLSX_ENCRYPT_THEN_MAC = TLSXT_ENCRYPT_THEN_MAC, #endif - TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */ - TLSX_SESSION_TICKET = 0x0023, + TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET, + TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET, #ifdef WOLFSSL_TLS13 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - TLSX_PRE_SHARED_KEY = 0x0029, + TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, #endif #ifdef WOLFSSL_EARLY_DATA - TLSX_EARLY_DATA = 0x002a, + TLSX_EARLY_DATA = TLSXT_EARLY_DATA, #endif - TLSX_SUPPORTED_VERSIONS = 0x002b, + TLSX_SUPPORTED_VERSIONS = TLSXT_SUPPORTED_VERSIONS, #ifdef WOLFSSL_SEND_HRR_COOKIE - TLSX_COOKIE = 0x002c, + TLSX_COOKIE = TLSXT_COOKIE, #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, + TLSX_PSK_KEY_EXCHANGE_MODES = TLSXT_PSK_KEY_EXCHANGE_MODES, #endif #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) - TLSX_CERTIFICATE_AUTHORITIES = 0x002f, + TLSX_CERTIFICATE_AUTHORITIES = TLSXT_CERTIFICATE_AUTHORITIES, #endif #ifdef WOLFSSL_POST_HANDSHAKE_AUTH - TLSX_POST_HANDSHAKE_AUTH = 0x0031, + TLSX_POST_HANDSHAKE_AUTH = TLSXT_POST_HANDSHAKE_AUTH, #endif #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) - TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, + TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, #endif - TLSX_KEY_SHARE = 0x0033, + TLSX_KEY_SHARE = TLSXT_KEY_SHARE, #if defined(WOLFSSL_DTLS_CID) - TLSX_CONNECTION_ID = 0x0036, + TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_QUIC - TLSX_KEY_QUIC_TP_PARAMS = 0x0039, /* RFC 9001, ch. 8.2 */ + TLSX_KEY_QUIC_TP_PARAMS = TLSXT_KEY_QUIC_TP_PARAMS, #endif - #ifdef WOLFSSL_DUAL_ALG_CERTS - TLSX_CKS = 0xff92, /* X9.146; ff indicates personal - * use and 92 is hex for 146. */ + #ifdef HAVE_ECH + TLSX_ECH = TLSXT_ECH, #endif #endif - TLSX_RENEGOTIATION_INFO = 0xff01, -#ifdef WOLFSSL_QUIC - TLSX_KEY_QUIC_TP_PARAMS_DRAFT = 0xffa5, /* from draft-ietf-quic-tls-27 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) + TLSX_CKS = TLSXT_CKS, #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - TLSX_ECH = 0xfe0d, /* from draft-ietf-tls-esni-13 */ + TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO, +#ifdef WOLFSSL_QUIC + TLSX_KEY_QUIC_TP_PARAMS_DRAFT = TLSXT_KEY_QUIC_TP_PARAMS_DRAFT, #endif } TLSX_Type; @@ -3046,7 +3164,7 @@ WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, void* heap); WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, - void** data); + void** data, byte ignoreStatus); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, @@ -3142,11 +3260,17 @@ typedef struct CSRIv2 { OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; } request; struct CSRIv2* next; + Signer *pendingSigners; } CertificateStatusRequestItemV2; WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options, void* heap, int devId); #ifndef NO_CERTS +WOLFSSL_LOCAL int TLSX_CSR2_IsMulti(TLSX *extensions); +WOLFSSL_LOCAL int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s); +WOLFSSL_LOCAL Signer* TLSX_CSR2_GetPendingSigners(TLSX *extensions); +WOLFSSL_LOCAL int TLSX_CSR2_ClearPendingCA(WOLFSSL *ssl); +WOLFSSL_LOCAL int TLSX_CSR2_MergePendingCA(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, void* heap); #endif @@ -3276,6 +3400,13 @@ typedef struct InternalTicket { #endif /* OPENSSL_EXTRA */ } InternalTicket; +#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC + #define WOLFSSL_INTERNAL_TICKET_LEN sizeof(InternalTicket) +#else + #define WOLFSSL_INTERNAL_TICKET_LEN \ + (((sizeof(InternalTicket) + 15) / 16) * 16) +#endif + #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32 #endif @@ -3371,7 +3502,7 @@ typedef struct KeyShareEntry { word32 keyLen; /* Key size (bytes) */ byte* pubKey; /* Public key */ word32 pubKeyLen; /* Public key length */ -#if !defined(NO_DH) || defined(HAVE_PQC) +#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) byte* privKey; /* Private key - DH and PQ KEMs only */ word32 privKeyLen;/* Only for PQ KEMs. */ #endif @@ -3577,7 +3708,10 @@ struct WOLFSSL_CTX { int certChainCnt; #endif DerBuffer* privateKey; - byte privateKeyType:6; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer* privateKeyMask; /* Mask of private key DER. */ +#endif + byte privateKeyType; byte privateKeyId:1; byte privateKeyLabel:1; int privateKeySz; @@ -3585,7 +3719,10 @@ struct WOLFSSL_CTX { #ifdef WOLFSSL_DUAL_ALG_CERTS DerBuffer* altPrivateKey; - byte altPrivateKeyType:6; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer* altPrivateKeyMask; /* Mask of alt private key DER. */ +#endif + byte altPrivateKeyType; byte altPrivateKeyId:1; byte altPrivateKeyLabel:1; int altPrivateKeySz; @@ -3698,8 +3835,10 @@ struct WOLFSSL_CTX { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif -#ifdef HAVE_PQC +#ifdef HAVE_FALCON short minFalconKeySz; /* minimum Falcon key size */ +#endif +#ifdef HAVE_DILITHIUM short minDilithiumKeySz;/* minimum Dilithium key size */ #endif unsigned long mask; /* store SSL_OP_ flags */ @@ -3994,6 +4133,7 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 inSz, word16 sz); #ifndef NO_CERTS + WOLFSSL_LOCAL int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s); WOLFSSL_LOCAL int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); WOLFSSL_LOCAL @@ -4040,13 +4180,16 @@ enum KeyExchangeAlgorithm { ecc_static_diffie_hellman_kea /* for verify suite only */ }; -/* Used with InitSuitesHashSigAlgo_ex2 */ +/* Used with InitSuitesHashSigAlgo */ #define SIG_ECDSA 0x01 #define SIG_RSA 0x02 #define SIG_SM2 0x04 #define SIG_FALCON 0x08 #define SIG_DILITHIUM 0x10 #define SIG_ANON 0x20 +/* SIG_ANON is omitted by default */ +#define SIG_ALL (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \ + SIG_DILITHIUM) /* Supported Authentication Schemes */ enum SignatureAlgorithm { @@ -4411,6 +4554,10 @@ struct WOLFSSL_SESSION { #endif #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif +#ifdef HAVE_MAX_FRAGMENT + byte mfl; /* max fragment length negotiated i.e. + * WOLFSSL_MFL_2_8 (6) */ #endif byte isSetup:1; }; @@ -4553,14 +4700,20 @@ typedef struct Buffers { #ifndef NO_CERTS DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ - byte keyType:6; /* Type of key */ +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer* keyMask; /* Mask of private key DER. */ +#endif + byte keyType; /* Type of key */ byte keyId:1; /* Key data is an id not data */ byte keyLabel:1; /* Key data is a label not data */ int keySz; /* Size of RSA key */ int keyDevId; /* Device Id for key */ #ifdef WOLFSSL_DUAL_ALG_CERTS DerBuffer* altKey; /* WOLFSSL_CTX owns, unless we own */ - byte altKeyType:6; /* Type of alt key */ +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer* altKeyMask; /* Mask of alt private key DER. */ +#endif + byte altKeyType; /* Type of alt key */ byte altKeyId:1; /* Key data is an id not data */ byte altKeyLabel:1; /* Key data is a label not data */ int altKeySz; /* Size of alt key */ @@ -4849,8 +5002,10 @@ struct Options { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif -#if defined(HAVE_PQC) +#if defined(HAVE_FALCON) short minFalconKeySz; /* minimum Falcon key size */ +#endif +#if defined(HAVE_DILITHIUM) short minDilithiumKeySz;/* minimum Dilithium key size */ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -5020,13 +5175,9 @@ struct WOLFSSL_X509 { byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; -#endif /* WOLFSSL_SEP */ -#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined (OPENSSL_EXTRA)) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) byte certPolicySet; byte certPolicyCrit; -#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ +#endif /* WOLFSSL_SEP */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ @@ -5044,9 +5195,9 @@ struct WOLFSSL_X509 { int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - defined(HAVE_PQC) + defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) word32 pkCurveOID; -#endif /* HAVE_ECC || HAVE_PQC */ +#endif #ifndef NO_CERTS DerBuffer* derCert; /* may need */ #endif @@ -5639,9 +5790,11 @@ struct WOLFSSL { curve448_key* peerX448Key; byte peerX448KeyPresent; #endif -#ifdef HAVE_PQC +#ifdef HAVE_FALCON falcon_key* peerFalconKey; byte peerFalconKeyPresent; +#endif +#ifdef HAVE_DILITHIUM dilithium_key* peerDilithiumKey; byte peerDilithiumKeyPresent; #endif @@ -5869,6 +6022,10 @@ struct WOLFSSL { #ifdef HAVE_SECRET_CALLBACK SessionSecretCb sessionSecretCb; void* sessionSecretCtx; + TicketParseCb ticketParseCb; + void* ticketParseCtx; + TlsSecretCb tlsSecretCb; + void* tlsSecretCtx; #ifdef WOLFSSL_TLS13 Tls13SecretCb tls13SecretCb; void* tls13SecretCtx; @@ -6118,16 +6275,11 @@ typedef struct { int name_len; const char *name; int nid; + word16 curve; } WOLF_EC_NIST_NAME; extern const WOLF_EC_NIST_NAME kNistCurves[]; -/* This is the longest and shortest curve name in the kNistCurves list. Note we - * also have quantum-safe group names as well. */ -#define kNistCurves_MIN_NAME_LEN 5 -#ifdef HAVE_PQC -#define kNistCurves_MAX_NAME_LEN 32 -#else -#define kNistCurves_MAX_NAME_LEN 7 -#endif +WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, + const char* names, byte curves_only); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /* internal functions */ @@ -6187,6 +6339,7 @@ WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); +WOLFSSL_LOCAL int IsTLS_ex(const ProtocolVersion pv); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv); WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend); @@ -6415,6 +6568,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite); +WOLFSSL_LOCAL int FindSuite(const Suites* suites, byte first, byte second); WOLFSSL_LOCAL void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType); @@ -6749,6 +6903,11 @@ WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* se int secretSz, void* ctx); #endif +#if defined(SHOW_SECRETS) +WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret, + int secretSz, void* ctx); +#endif + /* Optional Pre-Master-Secret logging for Wireshark */ #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 4dff068b9b..b05510cfcf 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,13 +67,11 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) - - WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, - WOLFSSL_OCSP_CERTID *id, int *status, int *reason, - WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, - WOLFSSL_ASN1_TIME **nextupd); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, + WOLFSSL_OCSP_CERTID *id, int *status, int *reason, + WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, + WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); @@ -132,8 +130,6 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0( WOLFSSL_OCSP_BASICRESP *bs, int idx); -#endif -#ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx); WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, @@ -148,7 +144,7 @@ WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, int sz); WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs); -#endif +#endif /* OPENSSL_EXTRA */ #ifdef __cplusplus diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h index 38e71ae5b0..2991ff07ae 100644 --- a/wolfssl/openssl/aes.h +++ b/wolfssl/openssl/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 12ad369807..2c83b9b8c4 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/asn1t.h b/wolfssl/openssl/asn1t.h index e7d5affd9a..e74ee26357 100644 --- a/wolfssl/openssl/asn1t.h +++ b/wolfssl/openssl/asn1t.h @@ -1,6 +1,6 @@ /* asn1t.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index 9206b092a9..198ca4ebda 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -61,6 +61,7 @@ #define BIO_s_file wolfSSL_BIO_s_file #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_s_datagram wolfSSL_BIO_s_datagram #define BIO_s_accept wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd #define BIO_set_close wolfSSL_BIO_set_close @@ -168,7 +169,10 @@ #define BIO_C_SET_WRITE_BUF_SIZE 136 #define BIO_C_MAKE_BIO_PAIR 138 -#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_CONNECT 31 +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 +#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_SET_PEER 44 #define BIO_FP_TEXT 0x00 #define BIO_NOCLOSE 0x00 diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 973b85565c..6c0373630a 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,9 @@ typedef struct WOLFSSL_BIGNUM { int neg; /* openssh deference */ void *internal; /* our big num */ +#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) mp_int mpi; +#endif } WOLFSSL_BIGNUM; #define WOLFSSL_BN_ULONG unsigned long diff --git a/wolfssl/openssl/buffer.h b/wolfssl/openssl/buffer.h index 52a7813ed3..c9f2790203 100644 --- a/wolfssl/openssl/buffer.h +++ b/wolfssl/openssl/buffer.h @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/camellia.h b/wolfssl/openssl/camellia.h index aa830f5348..0cad9c9ee3 100644 --- a/wolfssl/openssl/camellia.h +++ b/wolfssl/openssl/camellia.h @@ -1,6 +1,6 @@ /* camellia.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/cmac.h b/wolfssl/openssl/cmac.h index 5ae013c124..dd08497faa 100644 --- a/wolfssl/openssl/cmac.h +++ b/wolfssl/openssl/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h index 5355c61587..7febb6715e 100644 --- a/wolfssl/openssl/cms.h +++ b/wolfssl/openssl/cms.h @@ -1,6 +1,6 @@ /* cms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h index c1afd62e1d..93a3b12dac 100644 --- a/wolfssl/openssl/compat_types.h +++ b/wolfssl/openssl/compat_types.h @@ -1,6 +1,6 @@ /* compat_types.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h index 7c3d721067..4e9115f95f 100644 --- a/wolfssl/openssl/conf.h +++ b/wolfssl/openssl/conf.h @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index a787da28d1..e436e938c8 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h index ca0be35908..0f385a6d99 100644 --- a/wolfssl/openssl/des.h +++ b/wolfssl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index eacd033c90..49f209ce8b 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 5a8c31c708..76a1252e1f 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 23ef5e9a29..319cf3c3bd 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,9 +74,15 @@ enum { #ifdef HAVE_ED448 NID_ED448 = ED448k, #endif +#ifdef HAVE_CURVE448 + NID_X448 = X448k, +#endif #ifdef HAVE_ED25519 NID_ED25519 = ED25519k, #endif +#ifdef HAVE_CURVE25519 + NID_X25519 = X25519k, +#endif OPENSSL_EC_EXPLICIT_CURVE = 0x000, OPENSSL_EC_NAMED_CURVE = 0x001, @@ -138,6 +144,12 @@ struct WOLFSSL_EC_BUILTIN_CURVE { typedef int point_conversion_form_t; +typedef struct WOLFSSL_EC_KEY_METHOD { + /* Not implemented */ + /* Just here so that some C compilers don't complain. To be removed. */ + void* dummy_member; +} WOLFSSL_EC_KEY_METHOD; + WOLFSSL_API size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems); @@ -306,12 +318,29 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a); -#ifndef HAVE_SELFTEST WOLFSSL_API char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BN_CTX* ctx); -#endif +WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_POINT_hex2point + (const WOLFSSL_EC_GROUP *group, const char *hex, + WOLFSSL_EC_POINT *p, WOLFSSL_BN_CTX *ctx); + +WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void); +WOLFSSL_API WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new( + const WOLFSSL_EC_KEY_METHOD *meth); +WOLFSSL_API void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth); +/* TODO when implementing change the types to the real callback signatures + * and use real parameter names */ +WOLFSSL_API void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3, void* a4, void* a5, void* a6); +WOLFSSL_API void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3); +WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method( + const WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_KEY_METHOD *meth); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -320,6 +349,7 @@ typedef WOLFSSL_EC_GROUP EC_GROUP; typedef WOLFSSL_EC_GROUP EC_METHOD; typedef WOLFSSL_EC_POINT EC_POINT; typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; +typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #ifndef HAVE_ECC #define OPENSSL_NO_EC @@ -395,9 +425,8 @@ typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form -#ifndef HAVE_SELFTEST - #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex -#endif +#define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex +#define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point #define EC_POINT_dump wolfSSL_EC_POINT_dump #define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves @@ -405,6 +434,14 @@ typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; #define EC_curve_nid2nist wolfSSL_EC_curve_nid2nist #define EC_curve_nist2nid wolfSSL_EC_curve_nist2nid +#define EC_KEY_OpenSSL wolfSSL_EC_KEY_OpenSSL +#define EC_KEY_METHOD_new wolfSSL_EC_KEY_METHOD_new +#define EC_KEY_METHOD_free wolfSSL_EC_KEY_METHOD_free +#define EC_KEY_METHOD_set_init wolfSSL_EC_KEY_METHOD_set_init +#define EC_KEY_METHOD_set_sign wolfSSL_EC_KEY_METHOD_set_sign +#define EC_KEY_get_method wolfSSL_EC_KEY_get_method +#define EC_KEY_set_method wolfSSL_EC_KEY_set_method + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h index 6090311068..0421ce83ba 100644 --- a/wolfssl/openssl/ec25519.h +++ b/wolfssl/openssl/ec25519.h @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ec448.h b/wolfssl/openssl/ec448.h index 06ce1ddfc4..89a9e1cc94 100644 --- a/wolfssl/openssl/ec448.h +++ b/wolfssl/openssl/ec448.h @@ -1,6 +1,6 @@ /* ec448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h index 9f816b25fe..74b8c910e7 100644 --- a/wolfssl/openssl/ecdh.h +++ b/wolfssl/openssl/ecdh.h @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h index 385e5c06b2..704f56d00f 100644 --- a/wolfssl/openssl/ecdsa.h +++ b/wolfssl/openssl/ecdsa.h @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h index a4f2a3ac4e..d4c1b1b913 100644 --- a/wolfssl/openssl/ed25519.h +++ b/wolfssl/openssl/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ed448.h b/wolfssl/openssl/ed448.h index 2d2b4b74eb..3c9786264f 100644 --- a/wolfssl/openssl/ed448.h +++ b/wolfssl/openssl/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h index 178afa5f47..2af6407848 100644 --- a/wolfssl/openssl/err.h +++ b/wolfssl/openssl/err.h @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index bdeabf2556..f2387478d3 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -401,6 +401,7 @@ typedef union { #define NID_X9_62_id_ecPublicKey EVP_PKEY_EC #define NID_rsaEncryption EVP_PKEY_RSA +#define NID_rsa EVP_PKEY_RSA #define NID_dsa EVP_PKEY_DSA #define EVP_PKEY_OP_SIGN (1 << 3) diff --git a/wolfssl/openssl/fips_rand.h b/wolfssl/openssl/fips_rand.h index 586a9574cd..58f21b3419 100644 --- a/wolfssl/openssl/fips_rand.h +++ b/wolfssl/openssl/fips_rand.h @@ -1,6 +1,6 @@ /* fips_rand.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h index 427a3d6528..71a473b4fc 100644 --- a/wolfssl/openssl/hmac.h +++ b/wolfssl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,7 +45,7 @@ WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, int key_len, - const unsigned char* d, int n, unsigned char* md, + const unsigned char* d, size_t n, unsigned char* md, unsigned int* md_len); WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void); @@ -69,7 +69,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; -#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g)) +#define HMAC wolfSSL_HMAC #define HMAC_CTX_new wolfSSL_HMAC_CTX_new #define HMAC_CTX_init wolfSSL_HMAC_CTX_Init diff --git a/wolfssl/openssl/kdf.h b/wolfssl/openssl/kdf.h index 29537df199..08d8327a77 100644 --- a/wolfssl/openssl/kdf.h +++ b/wolfssl/openssl/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/lhash.h b/wolfssl/openssl/lhash.h index 06c62a295e..4c1637a6e2 100644 --- a/wolfssl/openssl/lhash.h +++ b/wolfssl/openssl/lhash.h @@ -1,6 +1,6 @@ /* lhash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/md4.h b/wolfssl/openssl/md4.h index e1f8b9ee83..d478e9622b 100644 --- a/wolfssl/openssl/md4.h +++ b/wolfssl/openssl/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h index 81b60002e9..62533a9ffc 100644 --- a/wolfssl/openssl/md5.h +++ b/wolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/modes.h b/wolfssl/openssl/modes.h index 3288f50fa5..e6a584c70f 100644 --- a/wolfssl/openssl/modes.h +++ b/wolfssl/openssl/modes.h @@ -1,6 +1,6 @@ /* modes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h index f3fcd859c4..b083f049dc 100644 --- a/wolfssl/openssl/obj_mac.h +++ b/wolfssl/openssl/obj_mac.h @@ -1,6 +1,6 @@ /* obj_mac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h index 5f8d8f7c00..08640fbf67 100644 --- a/wolfssl/openssl/objects.h +++ b/wolfssl/openssl/objects.h @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ocsp.h b/wolfssl/openssl/ocsp.h index 8cd3372325..ac0e44f911 100644 --- a/wolfssl/openssl/ocsp.h +++ b/wolfssl/openssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 57404c928d..8d36ea24c7 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,6 +25,7 @@ #define WOLFSSL_OPENSSLV_H_ #include +#include #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -34,24 +35,26 @@ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) /* valid version */ +#elif defined(HAVE_MOSQUITTO) + #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_OPENSSH) /* For Apache httpd, Use 1.1.0 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10100003L -#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB) + #define OPENSSL_VERSION_NUMBER 0x10100003L +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) /* For Qt and Python 3.8.5 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10101000L + #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG) - #define OPENSSL_VERSION_NUMBER 0x1010000fL + #define OPENSSL_VERSION_NUMBER 0x1010000fL #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN) - /* version number can be increased for Lighty after compatibility for ECDH - is added */ - #define OPENSSL_VERSION_NUMBER 0x10001040L + defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN) + /* version number can be increased for Lighty after compatibility for ECDH + is added */ + #define OPENSSL_VERSION_NUMBER 0x10001040L #else - #define OPENSSL_VERSION_NUMBER 0x0090810fL + #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING diff --git a/wolfssl/openssl/ossl_typ.h b/wolfssl/openssl/ossl_typ.h index 85b83c3f43..8214fa3c8c 100644 --- a/wolfssl/openssl/ossl_typ.h +++ b/wolfssl/openssl/ossl_typ.h @@ -1,6 +1,6 @@ /* ossl_typ.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 221e8d6f97..6d9d4418b6 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h index 28a0a37805..d82954da99 100644 --- a/wolfssl/openssl/pkcs12.h +++ b/wolfssl/openssl/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h index 41f890163b..9a53b89a5e 100644 --- a/wolfssl/openssl/pkcs7.h +++ b/wolfssl/openssl/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h index cc0d72ac96..c88cd128f7 100644 --- a/wolfssl/openssl/rand.h +++ b/wolfssl/openssl/rand.h @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/rc4.h b/wolfssl/openssl/rc4.h index ca56ac8253..cef9330e38 100644 --- a/wolfssl/openssl/rc4.h +++ b/wolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ripemd.h b/wolfssl/openssl/ripemd.h index 7ba600d9a1..a7c4247931 100644 --- a/wolfssl/openssl/ripemd.h +++ b/wolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 7284948ad4..4d276cc230 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index ab38c5c096..f9bc1a5869 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/sha3.h b/wolfssl/openssl/sha3.h index 1b0d63bc51..c2f5535c0d 100644 --- a/wolfssl/openssl/sha3.h +++ b/wolfssl/openssl/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,7 @@ #include #include +#include #ifdef WOLFSSL_PREFIX #include "prefix_sha.h" @@ -41,7 +42,11 @@ * to Sha3 is expected to also be 16 byte aligned addresses. */ struct WOLFSSL_SHA3_CTX { /* big enough to hold wolfcrypt Sha3, but check on init */ +#ifdef WOLFSSL_SHA3 + ALIGN16 void* holder[sizeof(wc_Sha3)]; +#else ALIGN16 void* holder[(424 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#endif }; #ifndef WOLFSSL_NOSHA3_224 diff --git a/wolfssl/openssl/srp.h b/wolfssl/openssl/srp.h index b60981d769..097cf51289 100644 --- a/wolfssl/openssl/srp.h +++ b/wolfssl/openssl/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5cd96e26f5..29dbb9a2da 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -210,9 +210,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define SSL_set_ecdh_auto wolfSSL_set_ecdh_auto #define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto #define i2d_PUBKEY wolfSSL_i2d_PUBKEY +#define i2d_X509_PUBKEY wolfSSL_i2d_X509_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PublicKey wolfSSL_d2i_PublicKey @@ -253,6 +255,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_F_X509_CHECK_PRIVATE_KEY 128 #ifdef WOLFSSL_DTLS + #define DTLS_client_method wolfDTLS_client_method + #define DTLS_server_method wolfDTLS_server_method #define DTLSv1_client_method wolfDTLSv1_client_method #define DTLSv1_server_method wolfDTLSv1_server_method #define DTLSv1_2_client_method wolfDTLSv1_2_client_method @@ -264,13 +268,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #ifndef NO_FILESYSTEM #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file -#ifdef WOLFSSL_APACHE_HTTPD - #define SSL_CTX_load_verify_locations(ctx,file,path) \ - wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\ - WOLFSSL_LOAD_FLAG_IGNORE_ERR) -#else - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations -#endif + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations_compat #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -366,6 +364,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_SESSION_dup wolfSSL_SESSION_dup #define SSL_SESSION_free wolfSSL_SESSION_free #define SSL_SESSION_set_cipher wolfSSL_SESSION_set_cipher +#define SSL_SESSION_get_max_fragment_length \ + wolfSSL_SESSION_get_max_fragment_length #define SSL_is_init_finished wolfSSL_is_init_finished #define SSL_SESSION_set1_id wolfSSL_SESSION_set1_id @@ -500,6 +500,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_set_pubkey wolfSSL_X509_set_pubkey #define X509_set_notAfter wolfSSL_X509_set_notAfter #define X509_set_notBefore wolfSSL_X509_set_notBefore +#define X509_set1_notAfter wolfSSL_X509_set1_notAfter +#define X509_set1_notBefore wolfSSL_X509_set1_notBefore #define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_version wolfSSL_X509_set_version #define X509_REQ_set_version wolfSSL_X509_set_version @@ -634,11 +636,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL +#define X509_V_FLAG_PARTIAL_CHAIN 0 +#define X509_V_FLAG_TRUSTED_FIRST 0 + #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT #define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS WOLFSSL_MULTI_LABEL_WILDCARDS #define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT #define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE @@ -674,10 +680,13 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) #define X509_STORE_set_verify_cb_func(s, c) \ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) +#define X509_STORE_set_get_crl wolfSSL_X509_STORE_set_get_crl +#define X509_STORE_set_check_crl wolfSSL_X509_STORE_set_check_crl #define X509_STORE_new wolfSSL_X509_STORE_new #define X509_STORE_free wolfSSL_X509_STORE_free +#define X509_STORE_up_ref wolfSSL_X509_STORE_up_ref #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert #define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl @@ -686,8 +695,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_set_ex_data wolfSSL_X509_STORE_set_ex_data #define X509_STORE_get_ex_data wolfSSL_X509_STORE_get_ex_data +#define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param #define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer #define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time +#define X509_STORE_CTX_get0_param wolfSSL_X509_STORE_CTX_get0_param #define X509_VERIFY_PARAM_new wolfSSL_X509_VERIFY_PARAM_new #define X509_VERIFY_PARAM_free wolfSSL_X509_VERIFY_PARAM_free #define X509_VERIFY_PARAM_set_flags wolfSSL_X509_VERIFY_PARAM_set_flags @@ -699,7 +710,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc #define X509_VERIFY_PARAM_set1_ip wolfSSL_X509_VERIFY_PARAM_set1_ip #define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1 +#define X509_VERIFY_PARAM_lookup wolfSSL_X509_VERIFY_PARAM_lookup +#define X509_VERIFY_PARAM_inherit wolfSSL_X509_VERIFY_PARAM_inherit #define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations +#define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param #define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir #define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file @@ -711,6 +725,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp #define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL +#define X509_CRL_dup wolfSSL_X509_CRL_dup #define X509_CRL_free wolfSSL_X509_CRL_free #define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate #define X509_CRL_get0_lastUpdate wolfSSL_X509_CRL_get_lastUpdate @@ -770,7 +785,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_pop wolfSSL_BIO_pop #define BIO_flush wolfSSL_BIO_flush #define BIO_pending wolfSSL_BIO_pending - +#define BIO_number_read wolfSSL_BIO_number_read +#define BIO_number_written wolfSSL_BIO_number_written +#define BIO_reset wolfSSL_BIO_reset #define BIO_get_mem_data wolfSSL_BIO_get_mem_data #define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf @@ -778,6 +795,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket +#define BIO_new_dgram wolfSSL_BIO_new_dgram #define BIO_new_connect wolfSSL_BIO_new_connect #define BIO_new_accept wolfSSL_BIO_new_accept #define BIO_set_conn_port wolfSSL_BIO_set_conn_port @@ -786,6 +804,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_do_handshake wolfSSL_BIO_do_handshake #define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown #define SSL_set_bio wolfSSL_set_bio +#define SSL_set0_rbio wolfSSL_set_rbio +#define SSL_set0_wbio wolfSSL_set_wbio #define BIO_method_type wolfSSL_BIO_method_type #define BIO_set_ssl wolfSSL_BIO_set_ssl #define BIO_get_ssl wolfSSL_BIO_get_ssl @@ -821,6 +841,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method +#define SSL_COMP_get_name wolfSSL_COMP_get_name +#define SSL_get_current_compression wolfSSL_get_current_compression +#define SSL_get_current_expansion wolfSSL_get_current_expansion #define SSL_get_ex_new_index wolfSSL_get_ex_new_index #define RSA_get_ex_new_index wolfSSL_get_ex_new_index @@ -835,18 +858,21 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #ifndef NO_ASN_TIME #define ASN1_TIME_new wolfSSL_ASN1_TIME_new #define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new +#define ASN1_GENERALIZEDTIME_new wolfSSL_ASN1_TIME_new #define ASN1_TIME_free wolfSSL_ASN1_TIME_free #define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string #define ASN1_TIME_to_tm wolfSSL_ASN1_TIME_to_tm #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_UTCTIME_set wolfSSL_ASN1_UTCTIME_set #endif #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string +#define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print -#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free #define ASN1_tag2str wolfSSL_ASN1_tag2str @@ -916,7 +942,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #endif #define SSL_set0_verify_cert_store wolfSSL_set0_verify_cert_store #define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store -#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) +#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x)) #define SSL_get_client_CA_list wolfSSL_get_client_CA_list #define SSL_set_client_CA_list wolfSSL_set_client_CA_list #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx @@ -937,7 +963,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_alert_type_string wolfSSL_alert_type_string #define SSL_alert_desc_string wolfSSL_alert_desc_string -#define SSL_state_string wolfSSL_state_string +#define SSL_state_string wolfSSL_state_string_long #define RSA_free wolfSSL_RSA_free #define RSA_generate_key wolfSSL_RSA_generate_key @@ -1128,6 +1154,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft)) #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration +#define SSL_set_mtu wolfSSL_set_mtu_compat /* DTLS SRTP */ #ifdef WOLFSSL_SRTP @@ -1180,6 +1207,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +#define SSL_get0_peername wolfSSL_get0_peername +#endif + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) #include @@ -1188,7 +1219,6 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 #define SSL_CTRL_MODE 33 - #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 #define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) @@ -1208,10 +1238,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; (char *)(arg)) #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ +#define SSL_CTX_set_dh_auto wolfSSL_CTX_set_dh_auto #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define TLSEXT_STATUSTYPE_ocsp 1 +#define TLSEXT_max_fragment_length_DISABLED WOLFSSL_MFL_DISABLED #define TLSEXT_max_fragment_length_512 WOLFSSL_MFL_2_9 #define TLSEXT_max_fragment_length_1024 WOLFSSL_MFL_2_10 #define TLSEXT_max_fragment_length_2048 WOLFSSL_MFL_2_11 @@ -1337,6 +1369,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE #define SSL_CONF_TYPE_DIR WOLFSSL_CONF_TYPE_DIR +#define OPENSSL_INIT_new wolfSSL_OPENSSL_INIT_new +#define OPENSSL_INIT_free wolfSSL_OPENSSL_INIT_free +#define OPENSSL_INIT_set_config_appname wolfSSL_OPENSSL_INIT_set_config_appname + #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) @@ -1511,7 +1547,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define OPENSSL_STRING WOLFSSL_STRING #define OPENSSL_CSTRING WOLFSSL_STRING -#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 +#define TLSEXT_TYPE_application_layer_protocol_negotiation \ + TLSXT_APPLICATION_LAYER_PROTOCOL #define OPENSSL_NPN_UNSUPPORTED 0 #define OPENSSL_NPN_NEGOTIATED 1 diff --git a/wolfssl/openssl/stack.h b/wolfssl/openssl/stack.h index cee7cfc929..fe697c4c63 100644 --- a/wolfssl/openssl/stack.h +++ b/wolfssl/openssl/stack.h @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/tls1.h b/wolfssl/openssl/tls1.h index dc4a27c2f3..933ed5d093 100644 --- a/wolfssl/openssl/tls1.h +++ b/wolfssl/openssl/tls1.h @@ -1,6 +1,6 @@ /* tls1.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,8 +45,10 @@ #ifdef WOLFSSL_QUIC /* from rfc9001 */ -#define TLSEXT_TYPE_quic_transport_parameters_draft 0xffa5 -#define TLSEXT_TYPE_quic_transport_parameters 0x0039 +#define TLSEXT_TYPE_quic_transport_parameters_draft \ + TLSXT_KEY_QUIC_TP_PARAMS_DRAFT +#define TLSEXT_TYPE_quic_transport_parameters \ + TLSXT_KEY_QUIC_TP_PARAMS #endif #endif /* WOLFSSL_OPENSSL_TLS1_H_ */ diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h index 511235b2cf..b8aa56f24f 100644 --- a/wolfssl/openssl/txt_db.h +++ b/wolfssl/openssl/txt_db.h @@ -1,6 +1,6 @@ /* txt_db.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index a603ce681f..eb03578e0c 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -1,6 +1,6 @@ /* x509.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,7 +50,6 @@ #define X509_FLAG_NO_IDS (1UL << 12) #define XN_FLAG_FN_SN 0 -#define XN_FLAG_ONELINE 0 #define XN_FLAG_COMPAT 0 #define XN_FLAG_RFC2253 1 #define XN_FLAG_SEP_COMMA_PLUS (1 << 16) @@ -68,6 +67,7 @@ #define XN_FLAG_FN_ALIGN (1 << 25) #define XN_FLAG_MULTILINE 0xFFFF +#define XN_FLAG_ONELINE (XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) /* * All of these aren't actually used in wolfSSL. Some are included to diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h index 025f52678e..8666a53fee 100644 --- a/wolfssl/openssl/x509_vfy.h +++ b/wolfssl/openssl/x509_vfy.h @@ -1,6 +1,6 @@ /* x509_vfy.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index c9c9ad8507..f488857b50 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -145,7 +145,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free -#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) +#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x)) #define ASN1_INTEGER WOLFSSL_ASN1_INTEGER #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define X509V3_EXT_get wolfSSL_X509V3_EXT_get diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in index 5296ed158a..aa94f3ec0e 100644 --- a/wolfssl/options.h.in +++ b/wolfssl/options.h.in @@ -1,6 +1,6 @@ /* options.h.in * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,4 +37,3 @@ extern "C" { #endif /* WOLFSSL_OPTIONS_H */ - diff --git a/wolfssl/quic.h b/wolfssl/quic.h index d4152423db..70ae61c4a5 100644 --- a/wolfssl/quic.h +++ b/wolfssl/quic.h @@ -1,6 +1,6 @@ /* quic.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h index 3b5f2373ed..3eabd42902 100644 --- a/wolfssl/sniffer.h +++ b/wolfssl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index 841241d974..1794ba8979 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index cb36864cd2..dde5841377 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,6 +37,7 @@ #include #include #include +#include /* For the types */ #include @@ -66,6 +67,15 @@ #undef OCSP_RESPONSE #endif +#ifdef OPENSSL_ALL + #ifndef WOLFSSL_HAVE_BIO_ADDR + #define WOLFSSL_HAVE_BIO_ADDR + #endif + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU) + #define WOLFSSL_DTLS_MTU + #endif +#endif + #ifdef OPENSSL_COEXIST /* mode to allow wolfSSL and OpenSSL to exist together */ #ifdef TEST_OPENSSL_COEXIST @@ -152,8 +162,6 @@ typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; typedef struct WOLFSSL_CRL WOLFSSL_CRL; typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX; -typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); - typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH; typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry; typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR; @@ -228,6 +236,12 @@ typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT; typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX; +typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); +typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *, + WOLFSSL_X509_CRL **, WOLFSSL_X509 *); +typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *, + WOLFSSL_X509_CRL *); + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL) struct WOLFSSL_OBJ_NAME { @@ -469,7 +483,8 @@ enum BIO_TYPE { WOLFSSL_BIO_BIO = 5, WOLFSSL_BIO_FILE = 6, WOLFSSL_BIO_BASE64 = 7, - WOLFSSL_BIO_MD = 8 + WOLFSSL_BIO_MD = 8, + WOLFSSL_BIO_DGRAM = 9 }; enum BIO_FLAGS { @@ -532,38 +547,6 @@ struct WOLFSSL_BIO_METHOD { typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, int iarg, long larg, long return_value); -struct WOLFSSL_BIO { - WOLFSSL_BUF_MEM* mem_buf; - WOLFSSL_BIO_METHOD* method; - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ - WOLFSSL_BIO* pair; /* BIO paired with */ - void* heap; /* user heap hint */ - void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ - void* usrCtx; /* user set pointer */ - char* ip; /* IP address for wolfIO_TcpConnect */ - word16 port; /* Port for wolfIO_TcpConnect */ - char* infoArg; /* BIO callback argument */ - wolf_bio_info_cb infoCb; /* BIO callback */ - int wrSz; /* write buffer size (mem) */ - int wrSzReset; /* First buffer size (mem) - read ONLY data */ - int wrIdx; /* current index for write buffer */ - int rdIdx; /* current read index */ - int readRq; /* read request */ - int num; /* socket num or length */ - int eof; /* eof flag */ - int flags; - byte type; /* method type */ - byte init:1; /* bio has been initialized */ - byte shutdown:1; /* close flag */ -#ifdef HAVE_EX_DATA - WOLFSSL_CRYPTO_EX_DATA ex_data; -#endif -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - wolfSSL_Ref ref; -#endif -}; - typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ } WOLFSSL_COMP_METHOD; @@ -603,6 +586,7 @@ struct WOLFSSL_X509_STORE { #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; + WOLFSSL_X509_STORE_CTX_get_crl_cb get_crl_cb; #endif #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; @@ -617,6 +601,7 @@ struct WOLFSSL_X509_STORE { #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 #define WOLFSSL_NO_WILDCARDS 0x2 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 +#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 @@ -634,12 +619,13 @@ struct WOLFSSL_X509_STORE { #endif struct WOLFSSL_X509_VERIFY_PARAM { + const char *name; time_t check_time; unsigned int inherit_flags; unsigned long flags; char hostName[WOLFSSL_HOST_NAME_MAX]; - unsigned int hostFlags; - char ipasc[WOLFSSL_MAX_IPSTR]; + unsigned int hostFlags; + char ipasc[WOLFSSL_MAX_IPSTR]; }; #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -704,6 +690,7 @@ struct WOLFSSL_X509_STORE_CTX { int totalCerts; /* number of peer cert buffers */ WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ + void* heap; }; typedef char* WOLFSSL_STRING; @@ -793,9 +780,9 @@ enum SNICbReturn { * functions should use this macro to fill this gap. Users who want them * to return the same return value as OpenSSL can define * WOLFSSL_ERR_CODE_OPENSSL. - * Give item1 a variable that contains the potentially negative + * Give rc a variable that contains the potentially negative * wolfSSL-defined return value or the return value itself, and - * give item2 the openSSL-defined return value. + * give fail_rc the openSSL-defined return value. * Note that this macro replaces only negative return values with the * specified value. * Since wolfSSL 4.7.0, the following functions use this macro: @@ -804,11 +791,15 @@ enum SNICbReturn { * - wolfSSL_EVP_PKEY_cmp */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) - #define WS_RETURN_CODE(item1,item2) \ - (((item1) < 0) ? (int)(item2) : (int)(item1)) + #define WS_RETURN_CODE(rc, fail_rc) \ + (((rc) < 0) ? (int)(fail_rc) : (int)(rc)) #else - #define WS_RETURN_CODE(item1,item2) (item1) + #define WS_RETURN_CODE(rc, fail_rc) (rc) #endif +#define WS_RC(rc) \ + (((rc) == 1) ? 1 : 0) +#define WC_TO_WS_RC(ret) \ + (((ret) == 0) ? 1 : (ret)) /* Maximum master key length (SECRET_LEN) */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 @@ -1092,6 +1083,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_CTX* ctx, const char* file, const char* path); +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( + WOLFSSL_CTX* ctx, const char* file, const char* path); #ifndef _WIN32 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); #endif /* !_WIN32 */ @@ -1130,7 +1123,9 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method); WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx); #ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff); WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff); +WOLFSSL_API int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff); WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid); @@ -1141,7 +1136,7 @@ WOLFSSL_API int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list); #endif WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm); @@ -1177,6 +1172,21 @@ WOLFSSL_API int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); + +WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, + int count); +WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); +#if defined(OPENSSL_EXTRA) && defined(HAVE_SUPPORTED_CURVES) +WOLFSSL_API int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups, + int count); +WOLFSSL_API int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count); + +#ifdef HAVE_ECC +WOLFSSL_API int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list); +WOLFSSL_API int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list); +#endif +#endif + #ifdef WOLFSSL_TLS13 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); @@ -1194,20 +1204,6 @@ WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, - int count); -WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); - -#if defined(OPENSSL_EXTRA) && defined(HAVE_SUPPORTED_CURVES) -WOLFSSL_API int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups, - int count); -WOLFSSL_API int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count); - -#ifdef HAVE_ECC -WOLFSSL_API int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list); -WOLFSSL_API int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list); -#endif -#endif WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL* ssl); @@ -1236,6 +1232,7 @@ WOLFSSL_API unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSIO WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX* ctx); WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SendUserCanceled(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags); WOLFSSL_API int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags); @@ -1361,8 +1358,17 @@ WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx #ifdef HAVE_SECRET_CALLBACK typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz, void* ctx); -WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb, - void*); +/* This callback is used to set the master secret during resumption */ +WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, + void* ctx); +typedef int (*TicketParseCb)(WOLFSSL *ssl, const unsigned char *data, + int len, void *ctx); +WOLFSSL_API int wolfSSL_set_session_ticket_ext_cb(WOLFSSL* ssl, + TicketParseCb cb, void *ctx); +typedef int (*TlsSecretCb)(WOLFSSL* ssl, void* secret, int secretSz, + void* ctx); +/* This callback is used to log the secret for TLS <= 1.2 */ +WOLFSSL_API int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx); #ifdef WOLFSSL_TLS13 typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret, int secretSz, void* ctx); @@ -1459,10 +1465,18 @@ WOLFSSL_API int wolfSSL_dtls_free_peer(void* addr); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); +#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); -WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu); +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu); +#endif +#endif #ifdef WOLFSSL_SRTP @@ -1659,6 +1673,11 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned cha WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl); +#ifdef OPENSSL_EXTRA +/* using unsigned char instead of uint8_t here to avoid stdint include */ +WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length( + WOLFSSL_SESSION* session); +#endif WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); @@ -1687,6 +1706,7 @@ WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap); @@ -1735,6 +1755,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF); WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO* b); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); @@ -1783,6 +1804,8 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd); +WOLFSSL_API void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b); #ifndef NO_FILESYSTEM @@ -1792,6 +1815,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); @@ -1815,6 +1839,10 @@ WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) +WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); +WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); +#endif WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); @@ -1827,7 +1855,14 @@ WOLFSSL_API int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMe int closeFlag); #endif WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); -#endif + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void); +WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr); +WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr); +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + +#endif /* !NO_BIO */ WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len); @@ -1839,9 +1874,14 @@ WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void* add, int len, double entropy); WOLFSSL_API int wolfSSL_RAND_poll(void); +#ifndef NO_WOLFSSL_STUB WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data); +WOLFSSL_API const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl); +#endif /* !NO_WOLFSSL_STUB */ WOLFSSL_API unsigned long wolfSSL_thread_id(void); WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); @@ -1866,6 +1906,10 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *c WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); +WOLFSSL_API void wolfSSL_X509_STORE_set_get_crl(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_get_crl_cb get_cb); +WOLFSSL_API void wolfSSL_X509_STORE_set_check_crl(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_check_crl_cb check_crl); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, @@ -1927,8 +1971,12 @@ WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509* cert, WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509* cert, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t); +WOLFSSL_API int wolfSSL_X509_set1_notAfter(WOLFSSL_X509* x509, + const WOLFSSL_ASN1_TIME *t); WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t); +WOLFSSL_API int wolfSSL_X509_set1_notBefore(WOLFSSL_X509* x509, + const WOLFSSL_ASN1_TIME *t); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, @@ -1985,6 +2033,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store); WOLFSSL_API int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store); WOLFSSL_API int wolfSSL_X509_STORE_add_cert( WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509); +WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( + const WOLFSSL_X509_STORE *ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( @@ -1996,7 +2046,10 @@ WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store); WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj); +WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param( + WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); +WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap); WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*); WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx); @@ -2019,6 +2072,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, + unsigned char** der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, const unsigned char ** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, @@ -2071,6 +2126,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip( WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); +WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup( + const char *name); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, + const WOLFSSL_X509_VERIFY_PARAM *from); WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, @@ -2540,7 +2599,8 @@ enum { /* ssl Constants */ WOLFSSL_FAILURE = 0, /* for some functions */ WOLFSSL_SUCCESS = 1, -/* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown when the other end +/* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and + * wolfSSL_SendUserCanceled when the other end * of the connection has yet to send its close notify alert as part of the * bidirectional shutdown. To complete the shutdown, either keep calling * wolfSSL_shutdown until it returns WOLFSSL_SUCCESS or call wolfSSL_read until @@ -2828,6 +2888,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, date check and signature check */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl); +#endif + /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ @@ -2924,6 +2988,7 @@ WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, byte* in, int* inOutSz); #endif #if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) +WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif @@ -2964,7 +3029,6 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); /* PKCS12 compatibility */ -typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); @@ -3046,6 +3110,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, #include #elif defined(ARDUINO) /* TODO board specific */ + #elif defined(NUCLEUS_PLUS_2_3) + #include "services/sys/uio.h" #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ @@ -3624,8 +3690,7 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback( WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb); @@ -3775,7 +3840,6 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /* SNI types */ enum { WOLFSSL_SNI_HOST_NAME = 0, - WOLFSSL_SNI_HOST_NAME_OUTER = 0, }; WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, @@ -3880,6 +3944,7 @@ WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list); /* Fragment lengths */ enum { + WOLFSSL_MFL_DISABLED = 0, WOLFSSL_MFL_2_9 = 1, /* 512 bytes */ WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */ WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */ @@ -4097,7 +4162,25 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); #ifdef HAVE_SESSION_TICKET #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + #ifdef WOLFSSL_TICKET_ENC_CBC_HMAC + #if defined(WOLFSSL_TICKET_ENC_HMAC_SHA512) + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA512 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 64 + #elif defined(WOLFSSL_TICKET_ENC_HMAC_SHA384) + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA384 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 48 + #else + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA256 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 32 + #endif + #ifdef WOLFSSL_TICKET_ENC_AES256_CBC + #define WOLFSSL_TICKET_KEY_SZ \ + (AES_256_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ) + #else + #define WOLFSSL_TICKET_KEY_SZ \ + (AES_128_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ) + #endif + #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ !defined(WOLFSSL_TICKET_ENC_AES256_GCM) #define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE @@ -4128,7 +4211,11 @@ WOLFSSL_API int wolfSSL_send_SessionTicket(WOLFSSL* ssl); #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 -#define WOLFSSL_TICKET_MAC_SZ 32 +#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC + #define WOLFSSL_TICKET_MAC_SZ 32 +#else + #define WOLFSSL_TICKET_MAC_SZ WOLFSSL_TICKET_HMAC_KEY_SZ +#endif enum TicketEncRet { WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */ @@ -4457,7 +4544,7 @@ WOLFSSL_API int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str); -WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(HAVE_SECRET_CALLBACK) @@ -4553,7 +4640,7 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); -WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x); +WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509); @@ -4837,14 +4924,17 @@ typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb); -WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, - CallbackSniRecv cb); WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg); #endif -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + +#ifdef HAVE_SNI +WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, + CallbackSniRecv cb); +#endif WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void* pid); @@ -4880,10 +4970,11 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJ WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC) +#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && (defined(HAVE_ECC) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names); WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); -#endif /* (OPENSSL_EXTRA || HAVE_CURL) && HAVE_ECC */ +#endif #if defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ @@ -5007,6 +5098,10 @@ WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings); +WOLFSSL_API OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void); +WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init); +WOLFSSL_API int wolfSSL_OPENSSL_INIT_set_config_appname( + OPENSSL_INIT_SETTINGS* init, char* appname); #endif #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl); @@ -5073,7 +5168,7 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_API long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx, unsigned char *keys, int keylen); WOLFSSL_API long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx, - unsigned char *keys, int keylen); + const void *keys_vp, int keylen); #endif WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, @@ -5175,6 +5270,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t); WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, char *buf, int size); @@ -5325,6 +5421,247 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, #define DTLS1_2_VERSION 0xFEFD #define DTLS1_3_VERSION 0xFEFC +/* These minimums where determined whilst referencing their RFC specs. The + * values represent the minimum sizes of the data types in the required struct + * for the `extension_data` field. A length of 0 was assumed when necassary. + * + * Documents Used for the respective extension: + * - https://datatracker.ietf.org/doc/html/rfc6066 + * - Server Name Indication (SNI) + * - Maximum Fragment Length Negotiation (MFL) + * - Trusted CA Indication (TCA) + * - Certificate Status Request (CSR) + * - Truncate HMAC (THM) + * - https://datatracker.ietf.org/doc/html/rfc8446 + * - Early Data Indication (EDI) + * - Pre-Shared Key (PSK) + * - Pre-Shared Key Exchange Modes (PKM) + * - Key Share (KS) + * - Post-Handshake Authentication (PHA) + * - Signature Algorithms (SA) + * - Signature Algorithms Certificate (SAC) + * - Support Groups (EC) + * - Cookie (CKE) + * - Supported Versions (SV) + * - Certificate Authorities (CAN) + * - https://datatracker.ietf.org/doc/html/rfc6961 + * - Certificate Status Request v2 (CSR2) + * - https://datatracker.ietf.org/doc/rfc9146/ + * - Connection Identifier (CID) + * - https://datatracker.ietf.org/doc/rfc7301/ + * - Application-Layer Protocol Negotiation (ALPN) + * - https://datatracker.ietf.org/doc/html/rfc3711 + * - Secure Real-time Transport Protocol (SRTP) + * - https://datatracker.ietf.org/doc/html/rfc7366 + * - Encrypt Then Mac (ETM) + * - https://datatracker.ietf.org/doc/html/rfc7250 + * - Client Certificate Type (CCT) + * - Server Certificate Type (SCT) + * - https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ + * - Encrypted Client Hello (ECH) + * - https://datatracker.ietf.org/doc/html/rfc5746 + * - Secure Renegotiation (SCR) + * - https://datatracker.ietf.org/doc/rfc4492/ + * - Point Frame (PF) + * - https://datatracker.ietf.org/doc/rfc9000/ + * - QUIC (QTP) + * - https://datatracker.ietf.org/doc/html/rfc5077 + * - Session Ticket (STK) + * Example: + * For `WOLFSSL_CSR_MIN_SIZE_CLIENT = 5`, 5 was determined by looking at the + * struct below defined in its respective RFC. + * The below struct for `CertificateStatusRequest` is made up of the types: + * `CertificateStatusType` is an enum with a max value of 255, thus its + * length is 1 byte. + * `OCSPStatusRequest` is a struct of the following: + * - `responder_id_list`: which is 2 bytes + * - `request_extensions`: which is 2 bytes + * This then gives the minimum size/length of 5 bytes for this extension + * for the client + * struct { + * CertificateStatusType status_type; + * select (status_type) { + * case ocsp: OCSPStatusRequest; + * } request; + * } CertificateStatusRequest; + * enum { ocsp(1), (255) } CertificateStatusType; + * struct { + * ResponderID responder_id_list<0..2^16-1>; + * Extensions request_extensions; + * } OCSPStatusRequest; + * opaque ResponderID<1..2^16-1>; + * opaque Extensions<0..2^16-1>; + */ + +#ifndef WOLFSSL_SNI_MIN_SIZE_CLIENT + #define WOLFSSL_SNI_MIN_SIZE_CLIENT 4 +#endif +#ifndef WOLFSSL_SNI_MIN_SIZE_SERVER + #define WOLFSSL_SNI_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_EDI_MIN_SIZE_CLIENT + #define WOLFSSL_EDI_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_EDI_MIN_SIZE_SERVER + #define WOLFSSL_EDI_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_TCA_MIN_SIZE_CLIENT + #define WOLFSSL_TCA_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_TCA_MIN_SIZE_SERVER + #define WOLFSSL_TCA_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_CSR_MIN_SIZE_CLIENT + #define WOLFSSL_CSR_MIN_SIZE_CLIENT 5 +#endif +#ifndef WOLFSSL_CSR_MIN_SIZE_SERVER + #define WOLFSSL_CSR_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_PKM_MIN_SIZE_CLIENT + #define WOLFSSL_PKM_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_PKM_MIN_SIZE_SERVER + #define WOLFSSL_PKM_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_CSR2_MIN_SIZE_CLIENT + #define WOLFSSL_CSR2_MIN_SIZE_CLIENT 7 +#endif +#ifndef WOLFSSL_CSR2_MIN_SIZE_SERVER + #define WOLFSSL_CSR2_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_CID_MIN_SIZE_CLIENT + #define WOLFSSL_CID_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_CID_MIN_SIZE_SERVER + #define WOLFSSL_CID_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_ALPN_MIN_SIZE_CLIENT + #define WOLFSSL_ALPN_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_ALPN_MIN_SIZE_SERVER + #define WOLFSSL_ALPN_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_SRTP_MIN_SIZE_CLIENT + #define WOLFSSL_SRTP_MIN_SIZE_CLIENT 3 +#endif +#ifndef WOLFSSL_SRTP_MIN_SIZE_SERVER + #define WOLFSSL_SRTP_MIN_SIZE_SERVER 3 +#endif +#ifndef WOLFSSL_KS_MIN_SIZE_CLIENT + #define WOLFSSL_KS_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_KS_MIN_SIZE_SERVER + #define WOLFSSL_KS_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_ETM_MIN_SIZE_CLIENT + #define WOLFSSL_ETM_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_ETM_MIN_SIZE_SERVER + #define WOLFSSL_ETM_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_PSK_MIN_SIZE_CLIENT + #define WOLFSSL_PSK_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_PSK_MIN_SIZE_SERVER + #define WOLFSSL_PSK_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_CCT_MIN_SIZE_CLIENT + #define WOLFSSL_CCT_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_CCT_MIN_SIZE_SERVER + #define WOLFSSL_CCT_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_SCT_MIN_SIZE_CLIENT + #define WOLFSSL_SCT_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_SCT_MIN_SIZE_SERVER + #define WOLFSSL_SCT_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_PHA_MIN_SIZE_CLIENT + #define WOLFSSL_PHA_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_PHA_MIN_SIZE_SERVER + #define WOLFSSL_PHA_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_THM_MIN_SIZE_CLIENT + #define WOLFSSL_THM_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_THM_MIN_SIZE_SERVER + #define WOLFSSL_THM_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_SA_MIN_SIZE_CLIENT + #define WOLFSSL_SA_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_SA_MIN_SIZE_SERVER + #define WOLFSSL_SA_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_SAC_MIN_SIZE_CLIENT + #define WOLFSSL_SAC_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_SAC_MIN_SIZE_SERVER + #define WOLFSSL_SAC_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_EC_MIN_SIZE_CLIENT + #define WOLFSSL_EC_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_EC_MIN_SIZE_SERVER + #define WOLFSSL_EC_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_ECH_MIN_SIZE_CLIENT + #define WOLFSSL_ECH_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_ECH_MIN_SIZE_SERVER + #define WOLFSSL_ECH_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_MFL_MIN_SIZE_CLIENT + #define WOLFSSL_MFL_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_MFL_MIN_SIZE_SERVER + #define WOLFSSL_MFL_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_CKE_MIN_SIZE_CLIENT + #define WOLFSSL_CKE_MIN_SIZE_CLIENT 3 +#endif +#ifndef WOLFSSL_CKE_MIN_SIZE_SERVER + #define WOLFSSL_CKE_MIN_SIZE_SERVER 3 +#endif +#ifndef WOLFSSL_SV_MIN_SIZE_CLIENT + #define WOLFSSL_SV_MIN_SIZE_CLIENT 2 +#endif +#ifndef WOLFSSL_SV_MIN_SIZE_SERVER + #define WOLFSSL_SV_MIN_SIZE_SERVER 2 +#endif +#ifndef WOLFSSL_SCR_MIN_SIZE_CLIENT + #define WOLFSSL_SCR_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_SCR_MIN_SIZE_SERVER + #define WOLFSSL_SCR_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_PF_MIN_SIZE_CLIENT + #define WOLFSSL_PF_MIN_SIZE_CLIENT 1 +#endif +#ifndef WOLFSSL_PF_MIN_SIZE_SERVER + #define WOLFSSL_PF_MIN_SIZE_SERVER 1 +#endif +#ifndef WOLFSSL_CAN_MIN_SIZE_CLIENT + #define WOLFSSL_CAN_MIN_SIZE_CLIENT 3 +#endif +#ifndef WOLFSSL_CAN_MIN_SIZE_SERVER + #define WOLFSSL_CAN_MIN_SIZE_SERVER 3 +#endif +#ifndef WOLFSSL_QTP_MIN_SIZE_CLIENT + #define WOLFSSL_QTP_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_QTP_MIN_SIZE_SERVER + #define WOLFSSL_QTP_MIN_SIZE_SERVER 0 +#endif +#ifndef WOLFSSL_STK_MIN_SIZE_CLIENT + #define WOLFSSL_STK_MIN_SIZE_CLIENT 0 +#endif +#ifndef WOLFSSL_STK_MIN_SIZE_SERVER + #define WOLFSSL_STK_MIN_SIZE_SERVER 0 +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index 47abb74af3..888d7f1ae4 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1,6 +1,6 @@ /* test.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -143,9 +143,26 @@ #include #define SOCKET_T int #elif defined(WOLFSSL_ZEPHYR) + #include #include #include - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #ifdef CONFIG_POSIX_API + #include + #include + #include + #include + #endif + #else + #include + #ifdef CONFIG_POSIX_API + #include + #include + #include + #include + #endif + #endif #define SOCKET_T int #define SOL_SOCKET 1 #define WOLFSSL_USE_GETADDRINFO @@ -985,11 +1002,11 @@ static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userda (void)rw; (void)userdata; if (userdata != NULL) { - strncpy(passwd, (char*)userdata, sz); + strncpy(passwd, (char*)userdata, (size_t) sz); return (int)XSTRLEN((char*)userdata); } else { - strncpy(passwd, "yassl123", sz); + strncpy(passwd, "yassl123", (size_t) sz); return 8; } } @@ -1082,10 +1099,11 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, char serialMsg[80]; /* testsuite has multiple threads writing to stdout, get output - message ready to write once */ - strLen = sprintf(serialMsg, " %s", words[3]); + * message ready to write once */ + strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]); for (i = 0; i < sz; i++) - sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); + strLen = XSNPRINTF(serialMsg + strLen, sizeof(serialMsg) - strLen, + ":%02x ", serial[i]); printf("%s\n", serialMsg); } @@ -1312,7 +1330,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, if (entry) { XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0], - entry->h_length); + (size_t) entry->h_length); useLookup = 1; } #else @@ -1850,7 +1868,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - key[i] = b; + key[i] = (unsigned char) b; } ret = 32; /* length of key in octets or 0 for error */ @@ -1894,7 +1912,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - key[i] = b; + key[i] = (unsigned char) b; } ret = 32; /* length of key in octets or 0 for error */ @@ -1927,7 +1945,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - key[i] = b; + key[i] = (unsigned char) b; } *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; @@ -1950,7 +1968,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, unsigned int ret; int i; int b = 0x01; - int kIdLen = (int)XSTRLEN(kIdentityStr); + size_t kIdLen = XSTRLEN(kIdentityStr); const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); (void)ssl; @@ -1966,7 +1984,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - key[i] = b; + key[i] = (unsigned char) b; } *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; @@ -2029,7 +2047,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - local_psk[i] = b; + local_psk[i] = (unsigned char) b; } *id = local_psk; @@ -2082,7 +2100,7 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl, for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; - key[i] = b; + key[i] = (unsigned char) b; } return 32; /* length of key in octets or 0 for error */ @@ -2416,7 +2434,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) */ fprintf(stderr, "In verification callback, error = %d, %s\n", store->error, - wolfSSL_ERR_error_string(store->error, buffer)); + wolfSSL_ERR_error_string((unsigned long) store->error, buffer)); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) peer = store->current_cert; if (peer) { @@ -2707,7 +2725,7 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); + wolfSSL_GetMacSecret(ssl, macVerify), (word32) wolfSSL_GetHmacSize(ssl)); if (ret != 0) return ret; ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); @@ -2741,7 +2759,7 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, fprintf(stderr, "AesInit failed in myMacEncryptCb\n"); return ret; } - ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(&encCtx->aes, key, (word32) keyLen, iv, AES_ENCRYPTION); if (ret != 0) { fprintf(stderr, "AesSetKey failed in myMacEncryptCb\n"); return ret; @@ -2760,7 +2778,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, { AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; int ret = 0; - int macInSz = 0; + unsigned int macInSz = 0; int ivExtra = 0; int digestSz = wolfSSL_GetHmacSize(ssl); unsigned int pad = 0; @@ -2802,7 +2820,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, fprintf(stderr, "AesInit failed in myDecryptVerifyCb\n"); return ret; } - ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); + ret = wc_AesSetKey(&decCtx->aes, key, (word32) keyLen, iv, AES_DECRYPTION); if (ret != 0) { fprintf(stderr, "AesSetKey failed in myDecryptVerifyCb\n"); return ret; @@ -2816,7 +2834,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, return ret; if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { - *padSz = wolfSSL_GetAeadMacSize(ssl); + *padSz = (unsigned int)wolfSSL_GetAeadMacSize(ssl); return 0; /* hmac, not needed if aead mode */ } @@ -2827,8 +2845,8 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, ivExtra = wolfSSL_GetCipherBlockSize(ssl); } - *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte; - macInSz = decSz - ivExtra - digestSz - pad - padByte; + *padSz = (unsigned int)wolfSSL_GetHmacSize(ssl) + pad + padByte; + macInSz = decSz - (unsigned int)ivExtra - (unsigned int)digestSz - pad - padByte; wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); @@ -2836,7 +2854,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), digestSz); + wolfSSL_GetMacSecret(ssl, macVerify), (unsigned int) digestSz); if (ret != 0) return ret; ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); @@ -2850,7 +2868,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, return ret; if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte, - digestSz) != 0) { + (size_t) digestSz) != 0) { printf("myDecryptVerify verify failed\n"); return -1; } @@ -2901,7 +2919,7 @@ static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, fprintf(stderr, "AesInit failed in myMacEncryptCb\n"); return ret; } - ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); + ret = wc_AesSetKey(&encCtx->aes, key, (word32) keyLen, iv, AES_ENCRYPTION); if (ret != 0) { fprintf(stderr, "AesSetKey failed in myMacEncryptCb\n"); return ret; @@ -2921,7 +2939,7 @@ static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); + wolfSSL_GetMacSecret(ssl, macVerify), (word32) wolfSSL_GetHmacSize(ssl)); if (ret != 0) return ret; ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); @@ -2965,7 +2983,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), digestSz); + wolfSSL_GetMacSecret(ssl, macVerify), (word32) digestSz); if (ret != 0) return ret; ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); @@ -2978,7 +2996,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, if (ret != 0) return ret; - if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) { + if (XMEMCMP(verify, decOut + decSz, (size_t) digestSz) != 0) { printf("myDecryptVerify verify failed\n"); return -1; } @@ -3004,7 +3022,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, fprintf(stderr, "AesInit failed in myDecryptVerifyCb\n"); return ret; } - ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); + ret = wc_AesSetKey(&decCtx->aes, key, (word32) keyLen, iv, AES_DECRYPTION); if (ret != 0) { fprintf(stderr, "AesSetKey failed in myDecryptVerifyCb\n"); return ret; @@ -3085,7 +3103,7 @@ static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl) #endif /* ATOMIC_USER */ -#ifdef WOLFSSL_STATIC_MEMORY +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) { word16 i; @@ -3167,7 +3185,7 @@ static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, WC_RNG *rng = wolfSSL_GetRNG(ssl); /* create new key */ - ret = wc_ecc_make_key_ex(rng, keySz, new_key, ecc_curve); + ret = wc_ecc_make_key_ex(rng, (int) keySz, new_key, ecc_curve); #ifdef TEST_PK_PRIVKEY if (ret == 0 && new_key != key) { @@ -3363,7 +3381,7 @@ static WC_INLINE int myHkdfExtract(byte* prk, const byte* salt, word32 saltLen, byte* ikm, word32 ikmLen, int digest, void* ctx) { int ret; - int len = 0; + word32 len = 0; switch (digest) { #ifndef NO_SHA256 @@ -3494,7 +3512,7 @@ static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, if (ret != 0) return ret; - ret = wc_curve25519_make_key(&rng, keySz, key); + ret = wc_curve25519_make_key(&rng, (int) keySz, key); wc_FreeRng(&rng); @@ -3665,7 +3683,7 @@ static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key, if (ret != 0) return ret; - ret = wc_curve448_make_key(&rng, keySz, key); + ret = wc_curve448_make_key(&rng, (int) keySz, key); wc_FreeRng(&rng); @@ -3798,7 +3816,7 @@ static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret == 0) ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); if (ret > 0) { /* save and convert to 0 success */ - *outSz = ret; + *outSz = (word32) ret; ret = 0; } wc_FreeRsaKey(&myKey); @@ -3932,7 +3950,7 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, &rng); } if (ret > 0) { /* save and convert to 0 success */ - *outSz = ret; + *outSz = (word32) ret; ret = 0; } wc_FreeRsaKey(&myKey); @@ -4083,7 +4101,7 @@ static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret == 0) { ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); if (ret > 0) { - *outSz = ret; + *outSz = (word32) ret; ret = 0; /* reset to success */ } } diff --git a/wolfssl/version.h b/wolfssl/version.h index d6193c4d95..01fd1b683e 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.0" -#define LIBWOLFSSL_VERSION_HEX 0x05007000 +#define LIBWOLFSSL_VERSION_STRING "5.7.2" +#define LIBWOLFSSL_VERSION_HEX 0x05007002 #ifdef __cplusplus } diff --git a/wolfssl/version.h.in b/wolfssl/version.h.in index 158e00b44a..ed48dcef55 100644 --- a/wolfssl/version.h.in +++ b/wolfssl/version.h.in @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 1c369cef50..3038882a7d 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,6 +55,11 @@ typedef struct Gcm { #endif /* GCM_TABLE */ } Gcm; +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_AES_sanity(void); +#endif + WOLFSSL_LOCAL void GenerateM0(Gcm* gcm); #ifdef WOLFSSL_ARMASM WOLFSSL_LOCAL void GMULT(byte* X, byte* Y); @@ -256,7 +261,7 @@ struct Aes { ALIGN16 bs_word bs_key[15 * AES_BLOCK_SIZE * BS_WORD_SIZE]; #endif word32 rounds; -#ifdef WC_AES_C_DYNAMIC_FALLBACK +#ifdef WC_C_DYNAMIC_FALLBACK word32 key_C_fallback[60]; #endif int keylen; @@ -400,15 +405,37 @@ struct Aes { #endif #ifdef WOLFSSL_AES_XTS -typedef struct XtsAes { - Aes aes; -#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS - Aes aes_decrypt; -#endif - Aes tweak; -} XtsAes; + #if FIPS_VERSION3_GE(6,0,0) + /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is + * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + */ + #define FIPS_AES_XTS_MAX_BYTES_PER_TWEAK 16777216 + #endif + struct XtsAes { + Aes aes; + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + Aes aes_decrypt; + #endif + Aes tweak; + }; + + #ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData { + byte tweak_block[AES_BLOCK_SIZE]; + word32 bytes_crypted_with_this_tweak; + }; + #endif + + #ifndef WC_AESXTS_TYPE_DEFINED + typedef struct XtsAes XtsAes; + typedef struct XtsAesStreamData XtsAesStreamData; + #define WC_AESXTS_TYPE_DEFINED + #endif + #endif + #if (!defined(WC_AESFREE_IS_MANDATORY)) && \ (defined(WC_DEBUG_CIPHER_LIFECYCLE) || \ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ @@ -430,9 +457,15 @@ typedef struct XtsAes { #endif #ifdef HAVE_AESGCM -typedef struct Gmac { +struct Gmac { Aes aes; -} Gmac; +}; + +#ifndef WC_AESGCM_TYPE_DEFINED + typedef struct Gmac Gmac; + #define WC_AESGCM_TYPE_DEFINED +#endif + #endif /* HAVE_AESGCM */ #endif /* HAVE_FIPS */ @@ -658,6 +691,28 @@ WOLFSSL_API int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector, word32 sectorSz); +#ifdef WOLFSSL_AESXTS_STREAM + +WOLFSSL_API int wc_AesXtsEncryptInit(XtsAes* aes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream); + +WOLFSSL_API int wc_AesXtsDecryptInit(XtsAes* aes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream); + +WOLFSSL_API int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out, + const byte* in, word32 sz, struct XtsAesStreamData *stream); + +WOLFSSL_API int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out, + const byte* in, word32 sz, struct XtsAesStreamData *stream); + +WOLFSSL_API int wc_AesXtsEncryptFinal(XtsAes* aes, byte* out, + const byte* in, word32 sz, struct XtsAesStreamData *stream); + +WOLFSSL_API int wc_AesXtsDecryptFinal(XtsAes* aes, byte* out, + const byte* in, word32 sz, struct XtsAesStreamData *stream); + +#endif /* WOLFSSL_AESXTS_STREAM */ + WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); #endif diff --git a/wolfssl/wolfcrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h index fe58b10ece..0dc29d3757 100644 --- a/wolfssl/wolfcrypt/arc4.h +++ b/wolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e8a6f99dd8..4d8c63721a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,13 +76,28 @@ that can be serialized and deserialized in a cross-platform way. #endif enum { - ISSUER = 0, - SUBJECT = 1, + ASN_ISSUER = 0, + ASN_SUBJECT = 1, - BEFORE = 0, - AFTER = 1 + ASN_BEFORE = 0, + ASN_AFTER = 1 }; +#ifndef NO_ASN_OLD_TYPE_NAMES + #ifndef ISSUER + #define ISSUER ASN_ISSUER + #endif + #ifndef SUBJECT + #define SUBJECT ASN_SUBJECT + #endif + #ifndef BEFORE + #define BEFORE ASN_BEFORE + #endif + #ifndef AFTER + #define AFTER ASN_AFTER + #endif +#endif + /* ASN Tags */ enum ASN_Tags { ASN_EOC = 0x00, @@ -780,6 +795,20 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_TLS_FEATURE_SUM 92 #endif +/* Maximum number of allowed subject alternative names in a certificate. + * Any certificate containing more than this number of subject + * alternative names will cause an error when attempting to parse. */ +#ifndef WOLFSSL_MAX_ALT_NAMES +#define WOLFSSL_MAX_ALT_NAMES 1024 +#endif + +/* Maximum number of allowed name constraints in a certificate. + * Any certificate containing more than this number of name constraints + * will cause an error when attempting to parse. */ +#ifndef WOLFSSL_MAX_NAME_CONSTRAINTS +#define WOLFSSL_MAX_NAME_CONSTRAINTS 128 +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* NIDs */ #define NID_undef 0 @@ -850,6 +879,10 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ #endif /* OPENSSL_EXTRA */ +#define NID_id_GostR3410_2001 811 +#define NID_id_GostR3410_2012_256 979 +#define NID_id_GostR3410_2012_512 980 + enum ECC_TYPES { ECC_PREFIX_0 = 160, @@ -934,7 +967,7 @@ enum Misc_ASN { ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ #ifdef HAVE_SPHINCS MAX_ENCODED_SIG_SZ = 51200, -#elif defined(HAVE_PQC) +#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) MAX_ENCODED_SIG_SZ = 5120, #elif !defined(NO_RSA) #ifdef WOLFSSL_HAPROXY @@ -969,7 +1002,7 @@ enum Misc_ASN { MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ + MAX_VERSION_SZ, /* Maximum size of a DSA Private key taken from DsaKeyIntsToDer. */ -#if defined(HAVE_PQC) +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */ #endif MAX_RSA_E_SZ = 16, /* Max RSA public e size */ @@ -1018,7 +1051,7 @@ enum Misc_ASN { OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ -#if defined(HAVE_PQC) +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, #else MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, @@ -1150,9 +1183,9 @@ enum Key_Sum { DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ FALCON_LEVEL1k = 273, /* 1.3.9999.3.6 */ FALCON_LEVEL5k = 276, /* 1.3.9999.3.9 */ - DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */ - DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */ - DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */ + DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ + DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ + DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ @@ -1385,10 +1418,10 @@ struct DNS_entry { int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ char* name; /* actual DNS name */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME char* ipString; /* human readable form of IP address */ #endif -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME char* ridString; /* human readable form of registeredID */ #endif @@ -1483,9 +1516,13 @@ struct SignatureCtx { #ifdef HAVE_ED448 struct ed448_key* ed448; #endif - #ifdef HAVE_PQC + #if defined(HAVE_FALCON) struct falcon_key* falcon; + #endif + #if defined(HAVE_DILITHIUM) struct dilithium_key* dilithium; + #endif + #if defined(HAVE_SPHINCS) struct sphincs_key* sphincs; #endif void* ptr; @@ -1623,10 +1660,12 @@ typedef struct TrustedPeerCert TrustedPeerCert; typedef struct SignatureCtx SignatureCtx; typedef struct CertSignCtx CertSignCtx; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); +typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz, + int crit, const unsigned char* der, + word32 derSz, void *ctx); #endif struct DecodedCert { @@ -1674,7 +1713,7 @@ struct DecodedCert { word32 extensionsIdx; /* if want to go back and parse later */ const byte* extAuthInfo; /* Authority Information Access URI */ int extAuthInfoSz; /* length of the URI */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_ASN_CA_ISSUER const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ #endif @@ -1764,7 +1803,7 @@ struct DecodedCert { char* subjectSN; int subjectSNLen; char subjectSNEnc; - #ifdef WOLFSSL_CERT_NAME_ALL +#ifdef WOLFSSL_CERT_NAME_ALL char* subjectN; int subjectNLen; char subjectNEnc; @@ -1777,7 +1816,7 @@ struct DecodedCert { char* subjectDNQ; int subjectDNQLen; char subjectDNQEnc; - #endif /*WOLFSSL_CERT_NAME_ALL */ +#endif /* WOLFSSL_CERT_NAME_ALL */ char* subjectC; int subjectCLen; char subjectCEnc; @@ -1842,12 +1881,12 @@ struct DecodedCert { char* issuerEmail; int issuerEmailLen; #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ -#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ void* issuerName; void* subjectName; -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_SEP int deviceTypeSz; byte* deviceType; @@ -1922,7 +1961,7 @@ struct DecodedCert { byte extSubjAltNameSet : 1; byte inhibitAnyOidSet : 1; byte selfSigned : 1; /* Indicates subject and issuer are same */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_SEP byte extCertPolicySet : 1; #endif byte extCRLdistCrit : 1; @@ -1948,7 +1987,7 @@ struct DecodedCert { byte extAltSigAlgSet : 1; byte extAltSigValSet : 1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_SEP byte extCertPolicyCrit : 1; #endif #ifdef WOLFSSL_CERT_REQ @@ -1957,9 +1996,10 @@ struct DecodedCert { #ifdef HAVE_RPK byte isRPK : 1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; + wc_UnknownExtCallbackEx unknownExtCallbackEx; + void *unknownExtCallbackExCtx; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS /* Subject Alternative Public Key Info */ @@ -1998,7 +2038,7 @@ struct Signer { #ifndef IGNORE_NAME_CONSTRAINTS Base_entry* permittedNames; Base_entry* excludedNames; -#endif /* IGNORE_NAME_CONSTRAINTS */ +#endif /* !IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ #if defined(HAVE_OCSP) || defined(HAVE_CRL) @@ -2099,20 +2139,22 @@ typedef enum MimeStatus } MimeStatus; #endif /* HAVE_SMIME */ - WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg); WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); -WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, +#ifdef ASN_BER_TO_DER +WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); +#endif WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, word32* idx); WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap); WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap); +WOLFSSL_ASN_API DNS_entry* AltNameDup(DNS_entry* from, void* heap); #ifndef IGNORE_NAME_CONSTRAINTS WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry* names, void* heap); #endif /* IGNORE_NAME_CONSTRAINTS */ @@ -2124,24 +2166,32 @@ WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert); WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, void* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) -WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, +#ifdef WC_ASN_UNKNOWN_EXT_CB +WOLFSSL_API int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb); +WOLFSSL_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert, + wc_UnknownExtCallbackEx cb, + void *ctx); #endif WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz); WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap); -WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); -#ifdef OPENSSL_EXTRA -WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, - void* heap, const byte* pubKey, - word32 pubKeySz, int pubKeyOID); -#endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY) + WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz, + void* heap, void* cm); + /* Deprecated public API name kept for backwards build compatibility */ + #define CheckCertSignature(cert, certSz, heap, cm) \ + wc_CheckCertSignature(cert, certSz, heap, cm) + + WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, + void* heap, const byte* pubKey, + word32 pubKeySz, int pubKeyOID); +#endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */ + #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_LOCAL int wc_ConfirmAltSignature( const byte* buf, word32 bufSz, @@ -2162,7 +2212,7 @@ WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, int sigAlgoType); WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify, - void* cm); + void* cm, Signer *extraCa); WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify); #ifdef WOLFSSL_ASN_TEMPLATE WOLFSSL_LOCAL int DecodeCert(DecodedCert* cert, int verify, int* criticalExt); @@ -2171,6 +2221,8 @@ WOLFSSL_LOCAL int TryDecodeRPKToKey(DecodedCert* cert); WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); +WOLFSSL_LOCAL Signer* findSignerByName(Signer *list, byte *hash); +WOLFSSL_LOCAL int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der); WOLFSSL_LOCAL Signer* MakeSigner(void* heap); WOLFSSL_LOCAL void FreeSigner(Signer* signer, void* heap); WOLFSSL_LOCAL void FreeSignerTable(Signer** table, int rows, void* heap); @@ -2189,6 +2241,9 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 length); WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 length, word32* algId); +WOLFSSL_LOCAL int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, + word32 length, word32* algId, + word32* eccOid); WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password, int passwordSz, word32* algId); WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, @@ -2206,8 +2261,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap); typedef struct tm wolfssl_tm; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ @@ -2274,6 +2328,8 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); +WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams); WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, word32 inputSz); @@ -2300,6 +2356,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); +WOLFSSL_LOCAL word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, + byte absentParams); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, word32 outputSz, int maxSnSz); @@ -2354,8 +2412,11 @@ WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen, int keyType, int withHeader); -WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, - byte* pubKey, word32* pubKeyLen, int keyType); +WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input, + word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen, + int keyType); +WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, + word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType); #ifndef NO_CERTS @@ -2365,16 +2426,18 @@ WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); -WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); +WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, + void* heap); +WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff, + word32 length, int type, void* heap); WOLFSSL_LOCAL void FreeDer(DerBuffer** der); -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap); WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap); -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif #endif /* !NO_CERTS */ @@ -2466,8 +2529,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; @@ -2534,7 +2596,7 @@ struct OcspResponse { byte* source; /* pointer to source buffer, not owned */ word32 maxIdx; /* max offset based on init size */ - + Signer* pendingCAs; #ifdef OPENSSL_EXTRA int verifyError; #endif @@ -2552,10 +2614,6 @@ struct OcspRequest { int serialSz; #ifdef OPENSSL_EXTRA WOLFSSL_ASN1_INTEGER* serialInt; -#endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) void* cid; /* WOLFSSL_OCSP_CERTID kept to free */ #endif byte* url; /* copy of the extAuthInfo in source cert */ @@ -2659,9 +2717,10 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \ || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ - || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \ - || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \ - || (defined(HAVE_PQC) && defined(HAVE_SPHINCS))) + || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) +WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, + word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey, + word32* pubKeyLen, int keyType); WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey, word32* pubKeyLen, int keyType); @@ -2705,7 +2764,9 @@ enum PBESTypes { PBES2 = 13, /* algo ID */ PBES1_MD5_DES = 3, - PBES1_SHA1_DES = 10 + PBES1_SHA1_DES = 10, + + PBE_NONE = 999 }; enum PKCSTypes { diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index d3df2a0765..ae77875774 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -177,7 +177,8 @@ enum CertType { SPHINCS_SMALL_LEVEL3_TYPE, SPHINCS_SMALL_LEVEL5_TYPE, ECC_PARAM_TYPE, - CHAIN_CERT_TYPE + CHAIN_CERT_TYPE, + PKCS7_TYPE }; @@ -218,9 +219,9 @@ enum Ctc_SigType { CTC_FALCON_LEVEL1 = 273, CTC_FALCON_LEVEL5 = 276, - CTC_DILITHIUM_LEVEL2 = 213, - CTC_DILITHIUM_LEVEL3 = 216, - CTC_DILITHIUM_LEVEL5 = 220, + CTC_DILITHIUM_LEVEL2 = 218, + CTC_DILITHIUM_LEVEL3 = 221, + CTC_DILITHIUM_LEVEL5 = 225, CTC_SPHINCS_FAST_LEVEL1 = 281, CTC_SPHINCS_FAST_LEVEL3 = 283, @@ -360,7 +361,6 @@ typedef struct WOLFSSL_ASN1_INTEGER { #endif #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ -#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef WOLFSSL_MULTI_ATTRIB #ifndef CTC_MAX_ATTRIB #define CTC_MAX_ATTRIB 4 @@ -374,7 +374,6 @@ typedef struct NameAttrib { char value[CTC_NAME_SIZE]; /* name */ } NameAttrib; #endif /* WOLFSSL_MULTI_ATTRIB */ -#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_CUSTOM_OID typedef struct CertOidField { @@ -799,8 +798,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \ (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \ (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \ - (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \ - defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))) + (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))) #define WC_ENABLE_ASYM_KEY_EXPORT #endif @@ -809,8 +807,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \ (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \ (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \ - (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \ - defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))) + (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))) #define WC_ENABLE_ASYM_KEY_IMPORT #endif diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h index 2cdbf40101..1a0db320e7 100644 --- a/wolfssl/wolfcrypt/blake2-impl.h +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h index 0ad625ee67..b048ca5e89 100644 --- a/wolfssl/wolfcrypt/blake2-int.h +++ b/wolfssl/wolfcrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h index 1c62e643af..1f4ac77f10 100644 --- a/wolfssl/wolfcrypt/blake2.h +++ b/wolfssl/wolfcrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/camellia.h b/wolfssl/wolfcrypt/camellia.h index 928312354d..bdba23bc90 100644 --- a/wolfssl/wolfcrypt/camellia.h +++ b/wolfssl/wolfcrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index 848edf6816..c3af0507af 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -77,12 +77,13 @@ enum { typedef struct ChaCha { word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ -#ifdef HAVE_INTEL_AVX1 +#if defined(USE_INTEL_CHACHA_SPEEDUP) /* vpshufd reads 16 bytes but we only use bottom 4. */ byte extra[12]; #endif word32 left; /* number of bytes leftover */ -#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) +#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_RISCV_ASM) word32 over[CHACHA_CHUNK_WORDS]; #endif } ChaCha; diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index 6c04912a03..929a1a640e 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index e59df2845f..015a9a0a63 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,8 +38,7 @@ #endif /* avoid redefinition of structs */ -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) #ifndef WC_CMAC_TYPE_DEFINED typedef struct Cmac Cmac; @@ -82,6 +81,11 @@ typedef enum CmacType { #define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE #define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_CMAC_sanity(void); +#endif + #endif /* HAVE_FIPS */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h index e0aecc6282..5aef5b1151 100644 --- a/wolfssl/wolfcrypt/coding.h +++ b/wolfssl/wolfcrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h index a4efc7809e..2886b2be89 100644 --- a/wolfssl/wolfcrypt/compress.h +++ b/wolfssl/wolfcrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/cpuid.h b/wolfssl/wolfcrypt/cpuid.h index 9d25dcf327..c91b628b5b 100644 --- a/wolfssl/wolfcrypt/cpuid.h +++ b/wolfssl/wolfcrypt/cpuid.h @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 8f66777504..4b53db9d36 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,7 +71,7 @@ #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #include #endif -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER #include #ifdef WOLFSSL_WC_KYBER #include @@ -79,10 +79,10 @@ #include #endif #endif -#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) #include #endif -#if defined(HAVE_PQC) && defined(HAVE_FALCON) +#if defined(HAVE_FALCON) #include #endif @@ -216,7 +216,7 @@ typedef struct wc_CryptoInfo { byte contextLen; } ed25519verify; #endif - #if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_HAVE_KYBER) struct { WC_RNG* rng; int size; @@ -241,8 +241,7 @@ typedef struct wc_CryptoInfo { int type; /* enum wc_PqcKemType */ } pqc_decaps; #endif - #if defined(HAVE_PQC) && \ - (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)) + #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) struct { WC_RNG* rng; int size; @@ -399,6 +398,9 @@ typedef struct wc_CryptoInfo { #endif #ifdef WOLFSSL_SHA512 wc_Sha512* sha512; + #endif + #ifdef WOLFSSL_SHA3 + wc_Sha3* sha3; #endif void* ctx; #if HAVE_ANONYMOUS_INLINE_AGGREGATES @@ -525,7 +527,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, const byte* context, byte contextLen); #endif /* HAVE_ED25519 */ -#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_HAVE_KYBER) WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type, @@ -538,9 +540,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen, int type, void* key); -#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_KYBER */ -#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)) +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, @@ -554,7 +556,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, const byte* pubKey, word32 pubKeySz); -#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */ +#endif /* HAVE_FALCON || HAVE_DILITHIUM */ #ifndef NO_AES #ifdef HAVE_AESGCM @@ -623,6 +625,11 @@ WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in, word32 inSz, byte* digest); #endif +#ifdef WOLFSSL_SHA3 +WOLFSSL_LOCAL int wc_CryptoCb_Sha3Hash(wc_Sha3* sha3, int type, const byte* in, + word32 inSz, byte* digest); +#endif + #ifndef NO_HMAC WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest); diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 3b25a9dfa5..4d6d90da45 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index aa00e1021e..75df9e2fb3 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -1,6 +1,6 @@ /* curve448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index d5b1232126..7c46b8e35c 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index e94cb59316..948c44a63a 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,8 +30,7 @@ #ifndef NO_DH -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -120,6 +119,11 @@ enum { #endif #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_dh_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_DH_sanity(void); +#endif + #ifdef HAVE_PUBLIC_FFDHE #ifdef HAVE_FFDHE_2048 WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void); diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index 5472d092ef..742c8ecb91 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -1,6 +1,6 @@ /* dilithium.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,34 +35,467 @@ #include #endif -#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) +#if defined(HAVE_DILITHIUM) #ifdef HAVE_LIBOQS #include #include #endif +#if defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_ONLY) + #define WOLFSSL_DILITHIUM_VERIFY_ONLY +#endif +#ifdef WOLFSSL_DILITHIUM_VERIFY_ONLY + #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + #define WOLFSSL_DILITHIUM_NO_MAKE_KEY + #endif + #ifndef WOLFSSL_DILITHIUM_NO_SIGN + #define WOLFSSL_DILITHIUM_NO_SIGN + #endif +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + #define WOLFSSL_DILITHIUM_PUBLIC_KEY +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + #define WOLFSSL_DILITHIUM_PRIVATE_KEY +#endif + +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_CHECK_KEY) && \ + !defined(WOLFSSL_DILITHIUM_CHECK_KEY) + #define WOLFSSL_DILITHIUM_CHECK_KEY +#endif + +#ifdef WOLFSSL_WC_DILITHIUM + #include +#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY + #include +#endif +#endif + +#if defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) && \ + !defined(WC_DILITHIUM_CACHE_MATRIX_A) + #define WC_DILITHIUM_CACHE_MATRIX_A +#endif +#if defined(WC_DILITHIUM_CACHE_PUB_VECTORS) && \ + !defined(WC_DILITHIUM_CACHE_MATRIX_A) + #define WC_DILITHIUM_CACHE_MATRIX_A +#endif + #ifdef __cplusplus extern "C" { #endif /* Macros Definitions */ -#ifdef HAVE_LIBOQS -#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_dilithium_2_length_secret_key -#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_dilithium_2_length_signature -#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key -#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE) +#ifdef WOLFSSL_WC_DILITHIUM + +#ifndef WOLFSSL_DILITHIUM_ALIGNMENT + #if defined(__arch64__) + #define WOLFSSL_DILITHIUM_ALIGNMENT 8 + #elif defined(__arm__) + #define WOLFSSL_DILITHIUM_ALIGNMENT 4 + #elif !defined(WOLFSSL_AESNI) && defined(WOLFSSL_GENERAL_ALIGNMENT) + #define WOLFSSL_DILITHIUM_ALIGNMENT WOLFSSL_GENERAL_ALIGNMENT + #else + #define WOLFSSL_DILITHIUM_ALIGNMENT 8 + #endif +#endif /* WOLFSSL_DILITHIUM_ALIGNMENT */ + +#define DILITHIUM_LEVEL2_KEY_SIZE 2560 +#define DILITHIUM_LEVEL2_SIG_SIZE 2420 +#define DILITHIUM_LEVEL2_PUB_KEY_SIZE 1312 +#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE) + +#define DILITHIUM_LEVEL3_KEY_SIZE 4032 +#define DILITHIUM_LEVEL3_SIG_SIZE 3309 +#define DILITHIUM_LEVEL3_PUB_KEY_SIZE 1952 +#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE) + +#define DILITHIUM_LEVEL5_KEY_SIZE 4896 +#define DILITHIUM_LEVEL5_SIG_SIZE 4627 +#define DILITHIUM_LEVEL5_PUB_KEY_SIZE 2592 +#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE) + + +/* Modulus. */ +#define DILITHIUM_Q 0x7fe001 +/* Number of bits in modulus. */ +#define DILITHIUM_Q_BITS 23 +/* Number of elements in polynomial. */ +#define DILITHIUM_N 256 + +/* Number of dropped bits. */ +#define DILITHIUM_D 13 +/* Maximum value of dropped bits. */ +#define DILITHIUM_D_MAX (1 << DILITHIUM_D) +/* Half maximum value. */ +#define DILITHIUM_D_MAX_HALF (1 << (DILITHIUM_D - 1)) +/* Number of undropped bits. */ +#define DILITHIUM_U (DILITHIUM_Q_BITS - DILITHIUM_D) + +/* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */ +#define DILITHIUM_GAMMA1_BITS_17 17 +/* Coefficient range of y, GAMMA1, of 2^17. */ +#define DILITHIUM_GAMMA1_17 (1 << 17) +/* # encoding bits of y is GAMMA1 + 1. */ +#define DILITHIUM_GAMMA1_17_ENC_BITS 18 +/* Coefficient range of y, GAMMA1, of 2^17. */ +/* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */ +#define DILITHIUM_GAMMA1_BITS_19 19 +/* Coefficient range of y, GAMMA1, of 2^19. */ +#define DILITHIUM_GAMMA1_19 (1 << 19) +/* # encoding bits of y is GAMMA1 + 1. */ +#define DILITHIUM_GAMMA1_19_ENC_BITS 20 + +/* Low-order rounding range, GAMMA2, is Q divided by 88. */ +#define DILITHIUM_Q_LOW_88 ((DILITHIUM_Q - 1) / 88) +/* Absolute low-order rounding range, GAMMA2, is Q divided by 88. */ +#define DILITHIUM_Q_LOW_88_2 (((DILITHIUM_Q - 1) / 88) * 2) +/* # encoding bits of w1 when range is 88. */ +#define DILITHIUM_Q_HI_88_ENC_BITS 6 +/* Low-order rounding range, GAMMA2, is Q divided by 32. */ +#define DILITHIUM_Q_LOW_32 ((DILITHIUM_Q - 1) / 32) +/* Absolute low-order rounding range, GAMMA2, is Q divided by 32. */ +#define DILITHIUM_Q_LOW_32_2 (((DILITHIUM_Q - 1) / 32) * 2) +/* # encoding bits of w1 when range is 32. */ +#define DILITHIUM_Q_HI_32_ENC_BITS 4 + +/* Private key range, eta, of 2. */ +#define DILITHIUM_ETA_2 2 +/* Bits needed to encode values in range -2..2 as a positive number. */ +#define DILITHIUM_ETA_2_BITS 3 +/* Extract count of valid values. */ +#define DILITHIUM_ETA_2_MOD 15 +/* Private key range, eta, of 4. */ +#define DILITHIUM_ETA_4 4 +/* Bits needed to encode values in range -4..4 as a positive number. */ +#define DILITHIUM_ETA_4_BITS 4 +/* Extract count of valid values. */ +#define DILITHIUM_ETA_4_MOD 9 + +/* Number of bytes in a polynomial in memory. */ +#define DILITHIUM_POLY_SIZE (DILITHIUM_N * sizeof(sword32)) + +#ifndef WOLFSSL_NO_ML_DSA_44 + +/* Fist dimension of A, k, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_K 4 +/* Second dimension of A, l, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_L 4 +/* Private key range, ETA, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2 +/* Number of bits in private key for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS +/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_LAMBDA 16 +/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_TAU 39 +/* BETA = TAU * ETA for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_BETA \ + (PARAMS_ML_DSA_44_TAU * PARAMS_ML_DSA_44_ETA) +/* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_OMEGA 80 +/* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_17 +/* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_GAMMA1 (1 << PARAMS_ML_DSA_44_GAMMA1_BITS) +/* Low-order rounding range, GAMMA2, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_GAMMA2 DILITHIUM_Q_LOW_88 +/* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_GAMMA2_HI_BITS 6 +/* Encoding size of w1 in bytes for ML-DSA-44. + * K * N / 8 * 6 - 6 bits as max value is 43 in high bits. */ +#define PARAMS_ML_DSA_44_W1_ENC_SZ \ + (PARAMS_ML_DSA_44_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS) +/* Size of memory used for matrix a in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_A_SIZE \ + (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE) +/* Size of memory used for vector s1 in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_S1_SIZE \ + (PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE) +/* Encoding size of s1 in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_S1_ENC_SIZE \ + (PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8) +/* Size of memory used for vector s2 in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_S2_SIZE \ + (PARAMS_ML_DSA_44_K * DILITHIUM_POLY_SIZE) +/* Encoding size of s2 in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_S2_ENC_SIZE \ + (PARAMS_ML_DSA_44_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8) +/* Encoding size of z in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_Z_ENC_SIZE \ + (PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) / 8 * \ + (PARAMS_ML_DSA_44_GAMMA1_BITS + 1)) +/* Encoding size of public key in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_PK_SIZE \ + (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8) +/* Encoding size of signature in bytes for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_SIG_SIZE \ + ((PARAMS_ML_DSA_44_LAMBDA * 2) + \ + PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \ + PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K) + +#endif /* WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 + +/* Fist dimension of A, k, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_K 6 +/* Second dimension of A, l, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_L 5 +/* Private key range, ETA, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4 +/* Number of bits in private key for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS +/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_LAMBDA 24 +/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_TAU 49 +/* BETA = TAU * ETA for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_BETA \ + (PARAMS_ML_DSA_65_TAU * PARAMS_ML_DSA_65_ETA) +/* Max # 1's in the hint h, OMEGA, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_OMEGA 55 +/* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19 +/* Ccoefficient range of y, GAMMA1, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_GAMMA1 (1 << PARAMS_ML_DSA_65_GAMMA1_BITS) +/* Low-order rounding range, GAMMA2, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_GAMMA2 DILITHIUM_Q_LOW_32 +/* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_GAMMA2_HI_BITS 4 +/* Encoding size of w1 in bytes for ML-DSA-65. + * K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */ +#define PARAMS_ML_DSA_65_W1_ENC_SZ \ + (PARAMS_ML_DSA_65_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS) +/* Size of memory used for matrix a in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_A_SIZE \ + (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE) +/* Size of memory used for vector s1 in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_S1_SIZE \ + (PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE) +/* Encoding size of s1 in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_S1_ENC_SIZE \ + (PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8) +/* Size of memory used for vector s2 in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_S2_SIZE \ + (PARAMS_ML_DSA_65_K * DILITHIUM_POLY_SIZE) +/* Encoding size of s2 in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_S2_ENC_SIZE \ + (PARAMS_ML_DSA_65_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8) +/* Encoding size of z in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_Z_ENC_SIZE \ + (PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) / 8 * \ + (PARAMS_ML_DSA_65_GAMMA1_BITS + 1)) +/* Encoding size of public key in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_PK_SIZE \ + (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8) +/* Encoding size of signature in bytes for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_SIG_SIZE \ + ((PARAMS_ML_DSA_65_LAMBDA * 2) + \ + PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \ + PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K) + +#endif /* WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 + +/* Fist dimension of A, k, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_K 8 +/* Second dimension of A, l, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_L 7 +/* Private key range, ETA, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2 +/* Number of bits in private key for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS +/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_LAMBDA 32 +/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_TAU 60 +/* BETA = TAU * ETA for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_BETA \ + (PARAMS_ML_DSA_87_TAU * PARAMS_ML_DSA_87_ETA) +/* Max # 1's in the hint h, OMEGA, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_OMEGA 75 +/* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19 +/* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_GAMMA1 (1 << PARAMS_ML_DSA_87_GAMMA1_BITS) +/* Low-order rounding range, GAMMA2, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_GAMMA2 DILITHIUM_Q_LOW_32 +/* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_GAMMA2_HI_BITS 4 +/* Encoding size of w1 in bytes for ML-DSA-87. + * K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */ +#define PARAMS_ML_DSA_87_W1_ENC_SZ \ + (PARAMS_ML_DSA_87_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS) +/* Size of memory used for matrix A in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_A_SIZE \ + (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE) +#define PARAMS_ML_DSA_87_S_SIZE 4 +/* Size of memory used for vector s1 in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_S1_SIZE \ + (PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE) +/* Encoding size of s1 in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_S1_ENC_SIZE \ + (PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8) +/* Size of memory used for vector s2 in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_S2_SIZE \ + (PARAMS_ML_DSA_87_K * DILITHIUM_POLY_SIZE) +/* Encoding size of s2 in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_S2_ENC_SIZE \ + (PARAMS_ML_DSA_87_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8) +/* Encoding size of z in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_Z_ENC_SIZE \ + (PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) / 8 * \ + (PARAMS_ML_DSA_87_GAMMA1_BITS + 1)) +/* Encoding size of public key in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_PK_SIZE \ + (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8) +/* Encoding size of signature in bytes for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_SIG_SIZE \ + ((PARAMS_ML_DSA_87_LAMBDA * 2) + \ + PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \ + PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K) + +#endif /* WOLFSSL_NO_ML_DSA_87 */ + + +#ifndef WOLFSSL_NO_ML_DSA_87 + +#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ +/* Maximum collision strength of c-tilde in bytes. */ +#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA + +/* Maximum count of elements of a vector with dimension K. */ +#define DILITHIUM_MAX_K_VECTOR_COUNT \ + (PARAMS_ML_DSA_87_K * DILITHIUM_N) +/* Maximum count of elements of a vector with dimension L. */ +#define DILITHIUM_MAX_L_VECTOR_COUNT \ + (PARAMS_ML_DSA_87_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N) + +#elif !defined(WOLFSSL_NO_ML_DSA_65) + +/* Maximum w1 encoding size in bytes. */ +#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ +/* Maximum collision strength of c-tilde in bytes. */ +#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA + +/* Maximum count of elements of a vector with dimension K. */ +#define DILITHIUM_MAX_K_VECTOR_COUNT \ + (PARAMS_ML_DSA_65_K * DILITHIUM_N) +/* Maximum count of elements of a vector with dimension L. */ +#define DILITHIUM_MAX_L_VECTOR_COUNT \ + (PARAMS_ML_DSA_65_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N) + +#else + +/* Maximum w1 encoding size in bytes. */ +#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ +/* Maximum collision strength of c-tilde in bytes. */ +#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA + +/* Maximum count of elements of a vector with dimension K. */ +#define DILITHIUM_MAX_K_VECTOR_COUNT \ + (PARAMS_ML_DSA_44_K * DILITHIUM_N) +/* Maximum count of elements of a vector with dimension L. */ +#define DILITHIUM_MAX_L_VECTOR_COUNT \ + (PARAMS_ML_DSA_44_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N) + +#endif + +/* Length of K in bytes. */ +#define DILITHIUM_K_SZ 32 +/* Length of TR in bytes. */ +#define DILITHIUM_TR_SZ 64 +/* Length of public key seed in bytes when expanding a. */ +#define DILITHIUM_PUB_SEED_SZ 32 +/* Length of private key seed in bytes when generating a key. */ +#define DILITHIUM_PRIV_SEED_SZ 64 + +/* Length of seed when creating vector c. */ +#define DILITHIUM_SEED_SZ 32 +/* Length of seeds created when making a key. */ +#define DILITHIUM_SEEDS_SZ 128 + +/* Length of MU in bytes. */ +#define DILITHIUM_MU_SZ 64 +/* Length of random in bytes when generating a signature. */ +#define DILITHIUM_RND_SZ 32 +/* Length of private random in bytes when generating a signature. */ +#define DILITHIUM_PRIV_RAND_SEED_SZ 64 + +/* 5 blocks, each block 21 * 8 bytes = 840 bytes. + * Minimum required is 256 * 3 = 768. */ +#define DILITHIUM_GEN_A_NBLOCKS 5 +/* Number of bytes to generate with Shake128 when generating A. */ +#define DILITHIUM_GEN_A_BYTES \ + (DILITHIUM_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8) +/* Number of bytes to a block of SHAKE-128 when generating A. */ +#define DILITHIUM_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8) + +/* Number of bytes to a block of SHAKE-256 when generating c. */ +#define DILITHIUM_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8) + + +#ifndef WOLFSSL_DILITHIUM_SMALL +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* A block SHAKE-128 output plus one for reading 4 bytes at a time. */ + #define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BYTES + 1) +#else + /* A block SHAKE-128 output. */ + #define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BYTES +#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */ +#else +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* A block SHAKE-128 output plus one for reading 4 bytes at a time. */ + #define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BLOCK_BYTES + 1) +#else + /* A block SHAKE-128 output. */ + #define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BLOCK_BYTES +#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */ +#endif + +#elif defined(HAVE_LIBOQS) -#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_dilithium_3_length_secret_key -#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_dilithium_3_length_signature -#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key -#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE) +#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key +#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature +#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key +#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE) + +#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key +#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature +#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key +#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE) + +#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key +#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature +#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key +#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ + (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) -#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_dilithium_5_length_secret_key -#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_dilithium_5_length_signature -#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key -#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) #endif #define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE @@ -77,11 +510,38 @@ /* Structs */ +#ifdef WOLFSSL_WC_DILITHIUM +typedef struct wc_dilithium_params { + byte level; + byte k; + byte l; + byte eta; + byte eta_bits; + byte tau; + byte beta; + byte omega; + byte lambda; + byte gamma1_bits; + word32 gamma2; + word32 w1EncSz; + word16 aSz; + word16 s1Sz; + word16 s1EncSz; + word16 s2Sz; + word16 s2EncSz; + word16 zEncSz; + word16 pkSz; + word16 sigSz; +} wc_dilithium_params; +#endif + struct dilithium_key { - bool pubKeySet; - bool prvKeySet; + byte pubKeySet; + byte prvKeySet; byte level; /* 2,3 or 5 */ + void* heap; /* heap hint */ + #ifdef WOLF_CRYPTO_CB void* devCtx; int devId; @@ -93,8 +553,63 @@ struct dilithium_key { int labelLen; #endif +#ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY byte p[DILITHIUM_MAX_PUB_KEY_SIZE]; - byte k[DILITHIUM_MAX_PRV_KEY_SIZE]; + byte k[DILITHIUM_MAX_KEY_SIZE]; +#else + const byte* p; + const byte* k; +#endif + +#ifdef WOLFSSL_WC_DILITHIUM + const wc_dilithium_params* params; + wc_Shake shake; +#ifndef WC_DILITHIUM_FIXED_ARRAY +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + sword32* a; + byte aSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + sword32* s1; + sword32* s2; + sword32* t0; + byte privVecsSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + sword32* t1; + byte pubVecSet; +#endif +#else +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + sword32 a[DILITHIUM_MAX_MATRIX_COUNT]; + byte aSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT]; + sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT]; + sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT]; + byte privVecsSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT]; + byte pubVecSet; +#endif +#endif +#if defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && \ + defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) + sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT]; + sword32 c[DILITHIUM_N]; + sword32 w[DILITHIUM_N]; + sword32 t1[DILITHIUM_N]; + byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64 t64[DILITHIUM_N]; +#endif + byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; + byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; +#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC && + * WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ +#endif /* WOLFSSL_WC_DILITHIUM */ }; #ifndef WC_DILITHIUMKEY_TYPE_DEFINED @@ -104,12 +619,22 @@ struct dilithium_key { /* Functions */ +#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY WOLFSSL_API -int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, - dilithium_key* key, WC_RNG* rng); +int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng); +WOLFSSL_API +int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed); + +WOLFSSL_API +int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, dilithium_key* key, WC_RNG* rng); +WOLFSSL_API +int wc_dilithium_sign_msg_with_seed(const byte* in, word32 inLen, byte* out, + word32 *outLen, dilithium_key* key, byte* seed); +#endif WOLFSSL_API int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* res, dilithium_key* key); + word32 msgLen, int* res, dilithium_key* key); WOLFSSL_API int wc_dilithium_init(dilithium_key* key); @@ -120,10 +645,10 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId); #ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len, - void* heap, int devId); + void* heap, int devId); WOLFSSL_API int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap, - int devId); + int devId); #endif WOLFSSL_API @@ -133,54 +658,142 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level); WOLFSSL_API void wc_dilithium_free(dilithium_key* key); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API -int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key); -WOLFSSL_API -int wc_dilithium_import_private_only(const byte* priv, word32 privSz, - dilithium_key* key); -WOLFSSL_API -int wc_dilithium_import_private_key(const byte* priv, word32 privSz, - const byte* pub, word32 pubSz, - dilithium_key* key); - -WOLFSSL_API -int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen); +int wc_dilithium_size(dilithium_key* key); +#endif +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) WOLFSSL_API -int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen); +int wc_dilithium_priv_size(dilithium_key* key); +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API -int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +int wc_dilithium_pub_size(dilithium_key* key); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) WOLFSSL_API -int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, - byte* pub, word32 *pubSz); +int wc_dilithium_sig_size(dilithium_key* key); +#endif +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY WOLFSSL_API int wc_dilithium_check_key(dilithium_key* key); +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API -int wc_dilithium_size(dilithium_key* key); +int wc_dilithium_import_public(const byte* in, word32 inLen, + dilithium_key* key); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API -int wc_dilithium_priv_size(dilithium_key* key); +int wc_dilithium_import_private(const byte* priv, word32 privSz, + dilithium_key* key); +#define wc_dilithium_import_private_only wc_dilithium_import_private WOLFSSL_API -int wc_dilithium_pub_size(dilithium_key* key); +int wc_dilithium_import_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, dilithium_key* key); +#endif + +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API -int wc_dilithium_sig_size(dilithium_key* key); +int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY +WOLFSSL_API +int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY +WOLFSSL_API +int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, - word32* inOutIdx, - dilithium_key* key, word32 inSz); + word32* inOutIdx, dilithium_key* key, word32 inSz); +#endif +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input, - word32* inOutIdx, - dilithium_key* key, word32 inSz); + word32* inOutIdx, dilithium_key* key, word32 inSz); +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#ifdef WC_ENABLE_ASYM_KEY_EXPORT +WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, + word32 inLen, int withAlg); +#endif +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, - word32 inLen); + word32 inLen); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, - word32 inLen); -WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, - word32 inLen, int withAlg); + word32 inLen); +#endif +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + + + +#define WC_ML_DSA_44 2 +#define WC_ML_DSA_65 3 +#define WC_ML_DSA_87 5 + +#define DILITHIUM_ML_DSA_44_KEY_SIZE 2560 +#define DILITHIUM_ML_DSA_44_SIG_SIZE 2420 +#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE 1312 +#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE \ + (DILITHIUM_ML_DSA_44_PUB_KEY_SIZE + DILITHIUM_ML_DSA_44_KEY_SIZE) + +#define DILITHIUM_ML_DSA_65_KEY_SIZE 4032 +#define DILITHIUM_ML_DSA_65_SIG_SIZE 3309 +#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE 1952 +#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE \ + (DILITHIUM_ML_DSA_65_PUB_KEY_SIZE + DILITHIUM_ML_DSA_65_KEY_SIZE) + +#define DILITHIUM_ML_DSA_87_KEY_SIZE 4896 +#define DILITHIUM_ML_DSA_87_SIG_SIZE 4627 +#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE 2592 +#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE \ + (DILITHIUM_ML_DSA_87_PUB_KEY_SIZE + DILITHIUM_ML_DSA_87_KEY_SIZE) + + +#define MlDsaKey dilithium_key + + +#define wc_MlDsaKey_Init(key, heap, devId) \ + wc_dilithium_init_ex(key, heap, devId) +#define wc_MlDsaKey_SetParams(key, id) \ + wc_dilithium_set_level(key, id) +#define wc_MlDsaKey_GetParams(key, id) \ + wc_dilithium_get_level(key, id) +#define wc_MlDsaKey_MakeKey(key, rng) \ + wc_dilithium_make_key(key, rng) +#define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ + wc_dilithium_export_private_only(key, out, outLen) +#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ + wc_dilithium_import_private_only(out, outLen, key) +#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ + wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng) +#define wc_MlDsaKey_Free(key) \ + wc_dilithium_free(key) +#define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ + wc_dilithium_export_public(key, out, outLen) +#define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ + wc_dilithium_import_public(out, outLen, key) +#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ + wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) + +int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); +int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); +int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); #ifdef __cplusplus } /* extern "C" */ #endif -#endif /* HAVE_PQC && HAVE_DILITHIUM */ +#endif /* HAVE_DILITHIUM */ #endif /* WOLF_CRYPT_DILITHIUM_H */ diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index d5ae3a4f82..1e92fd5ed2 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 2d7ee320e1..e73c10b9bd 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,8 +31,7 @@ #ifdef HAVE_ECC -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -83,6 +82,10 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_ecc_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_ECC_sanity(void); +#endif /* Enable curve B parameter if needed */ #if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE) @@ -131,6 +134,14 @@ #endif #endif +#if FIPS_VERSION3_GE(6,0,0) + #define WC_ECC_FIPS_SIG_MIN 224 + #define WC_ECC_FIPS_GEN_MIN (WC_ECC_FIPS_SIG_MIN/8) +#endif + +#ifdef WOLFSSL_SM2 + #define WOLFSSL_SM2_KEY_BITS 256 +#endif /* calculate max ECC bytes */ #if ((MAX_ECC_BITS * 2) % 8) == 0 @@ -209,13 +220,13 @@ typedef enum ecc_curve_id { ECC_CURVE_DEF = 0, /* NIST or SECP */ /* NIST Prime Curves */ - ECC_SECP192R1, + ECC_SECP192R1, /* 1 */ ECC_PRIME192V2, ECC_PRIME192V3, ECC_PRIME239V1, ECC_PRIME239V2, ECC_PRIME239V3, - ECC_SECP256R1, + ECC_SECP256R1, /* 7 */ /* SECP Curves */ ECC_SECP112R1, @@ -224,9 +235,9 @@ typedef enum ecc_curve_id { ECC_SECP128R2, ECC_SECP160R1, ECC_SECP160R2, - ECC_SECP224R1, - ECC_SECP384R1, - ECC_SECP521R1, + ECC_SECP224R1, /* 14 */ + ECC_SECP384R1, /* 15 */ + ECC_SECP521R1, /* 16 */ /* Koblitz */ ECC_SECP160K1, @@ -286,7 +297,7 @@ typedef byte ecc_oid_t; /* ECC set type defined a GF(p) curve */ #ifndef WOLFSSL_ECC_CURVE_STATIC -typedef struct ecc_set_type { +struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ const char* name; /* name of this curve */ @@ -300,13 +311,13 @@ typedef struct ecc_set_type { word32 oidSz; word32 oidSum; /* sum of encoded OID bytes */ int cofactor; -} ecc_set_type; +}; #else #define MAX_ECC_NAME 16 #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 2) /* The values are stored as text strings. */ -typedef struct ecc_set_type { +struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ char name[MAX_ECC_NAME]; /* name of this curve */ @@ -320,7 +331,7 @@ typedef struct ecc_set_type { word32 oidSz; word32 oidSum; /* sum of encoded OID bytes */ int cofactor; -} ecc_set_type; +}; #endif @@ -430,10 +441,19 @@ typedef struct alt_fp_int { #define WC_ECCKEY_TYPE_DEFINED #endif +#ifndef WC_ECCPOINT_TYPE_DEFINED + typedef struct ecc_point ecc_point; + #define WC_ECCPOINT_TYPE_DEFINED +#endif + +#ifndef WC_ECCSET_TYPE_DEFINED + typedef struct ecc_set_type ecc_set_type; + #define WC_ECCSET_TYPE_DEFINED +#endif /* A point on an ECC curve, stored in Jacobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpreted as affine */ -typedef struct { +struct ecc_point { #ifndef ALT_ECC_SIZE mp_int x[1]; /* The x coordinate */ mp_int y[1]; /* The y coordinate */ @@ -447,7 +467,7 @@ typedef struct { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif -} ecc_point; +}; /* ECC Flags */ enum { @@ -490,6 +510,17 @@ struct ecc_key { mp_int* k; alt_fp_int ka[1]; #endif +#ifdef WOLFSSL_ECC_BLIND_K +#ifndef ALT_ECC_SIZE + mp_int kb[1]; + mp_int ku[1]; +#else + mp_int* kb; + mp_int* ku; + alt_fp_int kba[1]; + alt_fp_int kua[1]; +#endif +#endif #ifdef WOLFSSL_CAAM word32 blackKey; /* address of key encrypted and in secure memory */ @@ -508,9 +539,6 @@ struct ecc_key { void* devCtx; int devId; #endif -#if defined(HAVE_PKCS11) - byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */ -#endif #ifdef WOLFSSL_SILABS_SE_ACCEL sl_se_command_context_t cmd_ctx; sl_se_key_descriptor_t key; @@ -567,6 +595,7 @@ struct ecc_key { #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) byte deterministic:1; + enum wc_HashType hashType; #endif #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) @@ -590,7 +619,20 @@ struct ecc_key { #endif }; -#define wc_ecc_key_get_priv(key) ((key)->k) +#ifndef WOLFSSL_ECC_BLIND_K +#define ecc_get_k(key) (key)->k +#define ecc_blind_k(key, b) (void)b +#define ecc_blind_k_rng(key, rng) 0 + +#define wc_ecc_key_get_priv(key) (key)->k +#else +mp_int* ecc_get_k(ecc_key* key); +void ecc_blind_k(ecc_key* key, mp_int* b); +int ecc_blind_k_rng(ecc_key* key, WC_RNG* rng); + +WOLFSSL_API mp_int* wc_ecc_key_get_priv(ecc_key* key); +#endif + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV @@ -678,6 +720,9 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, WOLFSSL_API int wc_ecc_set_deterministic(ecc_key* key, byte flag); WOLFSSL_API +int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, + enum wc_HashType hashType); +WOLFSSL_API int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order, void* heap); @@ -946,6 +991,8 @@ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx); WOLFSSL_API int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); WOLFSSL_API +int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz); +WOLFSSL_API int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); WOLFSSL_API int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz); diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h index 8e0124ccad..72f9c70637 100644 --- a/wolfssl/wolfcrypt/eccsi.h +++ b/wolfssl/wolfcrypt/eccsi.h @@ -1,6 +1,6 @@ /* eccsi.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 9748d6dfa9..ff3b26cb0c 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,6 +45,10 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_ed25519_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_ED25519_sanity(void); +#endif /* info about EdDSA curve specifically ed25519, defined as an elliptic curve over GF(p) */ @@ -70,11 +74,6 @@ enum { Ed25519ph = 1 }; -#ifndef WC_ED25519KEY_TYPE_DEFINED - typedef struct ed25519_key ed25519_key; - #define WC_ED25519KEY_TYPE_DEFINED -#endif - /* ED25519 Flags */ enum { WC_ED25519_FLAG_NONE = 0x00, @@ -111,6 +110,11 @@ struct ed25519_key { #endif }; +#ifndef WC_ED25519KEY_TYPE_DEFINED + typedef struct ed25519_key ed25519_key; + #define WC_ED25519KEY_TYPE_DEFINED +#endif + WOLFSSL_API int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index 48011fce61..1d12da87ae 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,6 +47,10 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_ed448_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_ED448_sanity(void); +#endif /* info about EdDSA curve specifically ed448, defined as an elliptic curve * over GF(p) @@ -72,11 +76,6 @@ enum { Ed448ph = 1 }; -#ifndef WC_ED448KEY_TYPE_DEFINED - typedef struct ed448_key ed448_key; - #define WC_ED448KEY_TYPE_DEFINED -#endif - /* An ED448 Key */ struct ed448_key { byte p[ED448_PUB_KEY_SIZE]; /* compressed public key */ @@ -102,6 +101,10 @@ struct ed448_key { #endif }; +#ifndef WC_ED448KEY_TYPE_DEFINED + typedef struct ed448_key ed448_key; + #define WC_ED448KEY_TYPE_DEFINED +#endif WOLFSSL_API int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 99afb9660b..413868ebbc 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -73,8 +73,8 @@ enum { VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */ FIPS_DEGRADED_E = -127, /* FIPS Module in degraded mode */ - /* -128 unused. */ - /* -129 unused. */ + FIPS_CODE_SZ_E = -128, /* Module CODE too big */ + FIPS_DATA_SZ_E = -129, /* Module DATA too big */ RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ RSA_BUFFER_E = -131, /* RSA buffer error, output too small or @@ -107,12 +107,14 @@ enum { ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */ ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */ ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */ - /* -159 unused. */ + KDF_SRTP_KAT_FIPS_E = -159, /* SRTP-KDF Known Answer Test Failure */ ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */ ASN_ALT_NAME_E = -161, /* ASN alternate name error */ ASN_NO_PEM_HEADER = -162, /* ASN no PEM header found */ - - /* -163..-169 unused. */ + ED25519_KAT_FIPS_E = -163, /* Ed25519 Known answer test failure */ + ED448_KAT_FIPS_E = -164, /* Ed448 Known answer test failure */ + PBKDF2_KAT_FIPS_E = -165, /* PBKDF2 Known answer test failure */ + /* -166..-169 unused. */ ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */ ASN_ECC_KEY_E = -171, /* ASN ECC bad input */ @@ -188,10 +190,11 @@ enum { WC_INIT_E = -228, /* wolfcrypt failed to initialize */ SIG_VERIFY_E = -229, /* wolfcrypt signature verify error */ BAD_COND_E = -230, /* Bad condition variable operation */ - SIG_TYPE_E = -231, /* Signature Type not enabled/available */ + SIG_TYPE_E = -231, /* Signature Type not enabled/available + * NOTE: 1024-bit sign disabled in FIPS mode */ HASH_TYPE_E = -232, /* Hash Type not enabled/available */ - /* -233 unused. */ + FIPS_INVALID_VER_E = -233, /* Invalid FIPS Version defined */ WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */ ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */ @@ -291,6 +294,42 @@ WOLFSSL_API void wc_ErrorString(int err, char* buff); WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif +#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && !defined(BUILDING_WOLFSSL) + #undef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + extern void wc_backtrace_render(void); + #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label) + #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE + #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render() + #else + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0 + #endif + #endif + #ifndef WC_ERR_TRACE + #ifdef NO_STDIO_FILESYSTEM + #define WC_ERR_TRACE(label) \ + ( printf("ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ + ) + #else + #define WC_ERR_TRACE(label) \ + ( fprintf(stderr, \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ + ) + #endif + #endif + #include +#else + #define WC_NO_ERR_TRACE(label) (label) +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/ext_kyber.h b/wolfssl/wolfcrypt/ext_kyber.h index 0ea7108b1b..95b22a1a84 100644 --- a/wolfssl/wolfcrypt/ext_kyber.h +++ b/wolfssl/wolfcrypt/ext_kyber.h @@ -1,6 +1,6 @@ /* ext_kyber.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h index ccdfdcb30e..8be32bf5f7 100644 --- a/wolfssl/wolfcrypt/ext_lms.h +++ b/wolfssl/wolfcrypt/ext_lms.h @@ -1,6 +1,6 @@ /* ext_lms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -53,8 +53,8 @@ struct LmsKey { unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN]; #ifndef WOLFSSL_LMS_VERIFY_ONLY hss_working_key * working_key; - write_private_key_cb write_private_key; /* Callback to write/update key. */ - read_private_key_cb read_private_key; /* Callback to read key. */ + wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */ + wc_lms_read_private_key_cb read_private_key; /* Callback to read key. */ void * context; /* Context arg passed to callbacks. */ hss_extra_info info; #endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h index 9abf15835e..927ab6ed46 100644 --- a/wolfssl/wolfcrypt/ext_xmss.h +++ b/wolfssl/wolfcrypt/ext_xmss.h @@ -1,6 +1,6 @@ /* ext_xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,8 +45,8 @@ struct XmssKey { /* The secret key length is a function of xmss_params. */ unsigned char * sk; word32 sk_len; - write_private_key_cb write_private_key; /* Callback to write/update key. */ - read_private_key_cb read_private_key; /* Callback to read key. */ + wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */ + wc_xmss_read_private_key_cb read_private_key; /* Callback to read key. */ void * context; /* Context arg passed to callbacks. */ #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ enum wc_XmssState state; diff --git a/wolfssl/wolfcrypt/falcon.h b/wolfssl/wolfcrypt/falcon.h index 9d4bff8bef..a103034bc2 100644 --- a/wolfssl/wolfcrypt/falcon.h +++ b/wolfssl/wolfcrypt/falcon.h @@ -1,6 +1,6 @@ /* falcon.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/fe_448.h b/wolfssl/wolfcrypt/fe_448.h index c925d7da42..09ff15025e 100644 --- a/wolfssl/wolfcrypt/fe_448.h +++ b/wolfssl/wolfcrypt/fe_448.h @@ -1,6 +1,6 @@ /* fe448_448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index cdd27db5dd..23928f26b0 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -116,8 +116,8 @@ WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b); WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z); /* 64 type needed for SHA512 */ -WOLFSSL_LOCAL word64 load_3(const unsigned char *in); -WOLFSSL_LOCAL word64 load_4(const unsigned char *in); +WOLFSSL_LOCAL sword64 load_3(const unsigned char *in); +WOLFSSL_LOCAL sword64 load_4(const unsigned char *in); #ifdef CURVED25519_ASM WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b); diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index dc37477d41..6523753497 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -51,39 +51,44 @@ enum FipsCastId { - FIPS_CAST_AES_CBC, - FIPS_CAST_AES_GCM, - FIPS_CAST_HMAC_SHA1, - FIPS_CAST_HMAC_SHA2_256, - FIPS_CAST_HMAC_SHA2_512, - FIPS_CAST_HMAC_SHA3_256, - FIPS_CAST_DRBG, - FIPS_CAST_RSA_SIGN_PKCS1v15, - FIPS_CAST_ECC_CDH, - FIPS_CAST_ECC_PRIMITIVE_Z, - FIPS_CAST_DH_PRIMITIVE_Z, - FIPS_CAST_ECDSA, - FIPS_CAST_KDF_TLS12, - FIPS_CAST_KDF_TLS13, - FIPS_CAST_KDF_SSH, - FIPS_CAST_COUNT + /* v5.2.0 & v5.2.1 + */ + FIPS_CAST_AES_CBC = 0, + FIPS_CAST_AES_GCM = 1, + FIPS_CAST_HMAC_SHA1 = 2, + FIPS_CAST_HMAC_SHA2_256 = 3, + FIPS_CAST_HMAC_SHA2_512 = 4, + FIPS_CAST_HMAC_SHA3_256 = 5, + FIPS_CAST_DRBG = 6, + FIPS_CAST_RSA_SIGN_PKCS1v15 = 7, + FIPS_CAST_ECC_CDH = 8, + FIPS_CAST_ECC_PRIMITIVE_Z = 9, + FIPS_CAST_DH_PRIMITIVE_Z = 10, + FIPS_CAST_ECDSA = 11, + FIPS_CAST_KDF_TLS12 = 12, + FIPS_CAST_KDF_TLS13 = 13, + FIPS_CAST_KDF_SSH = 14, + /* v6.0.0 + */ + FIPS_CAST_KDF_SRTP = 15, + FIPS_CAST_ED25519 = 16, + FIPS_CAST_ED448 = 17, + FIPS_CAST_PBKDF2 = 18, + FIPS_CAST_COUNT = 19 }; enum FipsCastStateId { - FIPS_CAST_STATE_INIT, - FIPS_CAST_STATE_PROCESSING, - FIPS_CAST_STATE_SUCCESS, - FIPS_CAST_STATE_FAILURE + FIPS_CAST_STATE_INIT = 0, + FIPS_CAST_STATE_PROCESSING = 1, + FIPS_CAST_STATE_SUCCESS = 2, + FIPS_CAST_STATE_FAILURE = 3 }; enum FipsModeId { - FIPS_MODE_INIT = 0, - FIPS_MODE_NORMAL = 1, - FIPS_MODE_DEGRADED = 2, - FIPS_MODE_FAILED = 3 + FIPS_MODE_INIT = 0, + FIPS_MODE_NORMAL = 1, + FIPS_MODE_DEGRADED = 2, + FIPS_MODE_FAILED = 3 }; - /* FIPS failure callback */ typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash); @@ -94,6 +99,7 @@ WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf); WOLFSSL_API int wolfCrypt_GetStatus_fips(void); WOLFSSL_API int wolfCrypt_GetMode_fips(void); WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void); +WOLFSSL_API const char* wolfCrypt_GetRawComputedHash_fips(void); #ifdef HAVE_FORCE_FIPS_FAILURE /* Public function to force failure mode for operational testing */ @@ -108,6 +114,13 @@ WOLFSSL_API int wc_RunCast_fips(int type); WOLFSSL_API int wc_GetCastStatus_fips(int type); WOLFSSL_API int wc_RunAllCast_fips(void); +#ifdef NO_ATTRIBUTE_CONSTRUCTOR + /* NOTE: Must be called in OS initialization section outside user control + * and must prove during operational testing/code review with the lab that + * this is outside user-control if called by the OS */ + void fipsEntry(void); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/ge_448.h b/wolfssl/wolfcrypt/ge_448.h index 38ac71a2fe..bbdb0674d4 100644 --- a/wolfssl/wolfcrypt/ge_448.h +++ b/wolfssl/wolfcrypt/ge_448.h @@ -1,6 +1,6 @@ /* ge_448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h index 0c6ce8dd63..dd70d3bb59 100644 --- a/wolfssl/wolfcrypt/ge_operations.h +++ b/wolfssl/wolfcrypt/ge_operations.h @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 27b1423780..2f7de32d0d 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 929d8b2b0d..98270ee7ba 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,8 +30,7 @@ #ifndef NO_HMAC -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif @@ -39,9 +38,17 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_hmac_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void); +#endif + +#if FIPS_VERSION3_GE(6,0,0) + #define FIPS_ALLOW_SHORT 1 +#endif + /* avoid redefinition of structs */ -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) #ifdef WOLFSSL_ASYNC_CRYPT #include @@ -184,7 +191,10 @@ struct Hmac { #endif /* HAVE_FIPS */ /* does init */ -WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz); +WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, + word32 keySz); +WOLFSSL_API int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, + word32 length, int allowFlag); WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz); WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out); #ifdef WOLFSSL_KCAPI_HMAC diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h index 432f574da8..6e406ba05d 100644 --- a/wolfssl/wolfcrypt/hpke.h +++ b/wolfssl/wolfcrypt/hpke.h @@ -1,6 +1,6 @@ /* hpke.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index dbe67c59f2..3979c67441 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -108,6 +108,7 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/st/stm32.h \ wolfssl/wolfcrypt/port/st/stsafe.h \ wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \ + wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \ wolfssl/wolfcrypt/port/arm/cryptoCell.h \ wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \ wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \ @@ -230,3 +231,7 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Crypto.h nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/StandardTypes.h endif +if BUILD_RISCV_ASM +nobase_include_HEADERS+= wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h +endif + diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 243d3f0d13..6efb4d8e23 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index 7fa3c7e786..1e731ebc63 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,6 +39,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_kdf_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_KDF_sanity(void); +#endif + enum max_prf { #ifdef HAVE_FFDHE_8192 MAX_PRF_HALF = 516, /* Maximum half secret len */ @@ -132,6 +137,12 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, /* Length of index for SRTCP KDF. */ #define WC_SRTCP_INDEX_LEN 4 +/* Indicators */ +enum { + WC_SRTCP_32BIT_IDX = 0, + WC_SRTCP_48BIT_IDX = 1, +}; + /* Maximum length of salt that can be used with SRTP/SRTCP. */ #define WC_SRTP_MAX_SALT 14 @@ -141,6 +152,9 @@ WOLFSSL_API int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, WOLFSSL_API int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz); +WOLFSSL_API int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, + word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, + byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator); WOLFSSL_API int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte label, byte* outKey, word32 outKeySz); @@ -152,6 +166,11 @@ WOLFSSL_API int wc_SRTP_KDF_kdr_to_idx(word32 kdr); #endif /* WC_SRTP_KDF */ +#ifdef WC_KDF_NIST_SP_800_56C +WOLFSSL_API int wc_KDA_KDF_onestep(const byte* z, word32 zSz, + const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz, + enum wc_HashType hashType, byte* output, word32 outputSz); +#endif #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h index 5132e12765..87b1442a88 100644 --- a/wolfssl/wolfcrypt/kyber.h +++ b/wolfssl/wolfcrypt/kyber.h @@ -1,6 +1,6 @@ /* kyber.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -201,10 +201,10 @@ WOLFSSL_API int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, WOLFSSL_API int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, const unsigned char* ct, word32 len); -WOLFSSL_API int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, - word32 len); -WOLFSSL_API int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, - word32 len); +WOLFSSL_API int wc_KyberKey_DecodePrivateKey(KyberKey* key, + const unsigned char* in, word32 len); +WOLFSSL_API int wc_KyberKey_DecodePublicKey(KyberKey* key, + const unsigned char* in, word32 len); WOLFSSL_API int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len); WOLFSSL_API int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len); diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h index 483f349c1e..45c64e002b 100644 --- a/wolfssl/wolfcrypt/lms.h +++ b/wolfssl/wolfcrypt/lms.h @@ -1,6 +1,6 @@ /* lms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,8 +34,8 @@ typedef struct LmsKey LmsKey; /* Private key write and read callbacks. */ -typedef int (*write_private_key_cb)(const byte * priv, word32 privSz, void *context); -typedef int (*read_private_key_cb)(byte * priv, word32 privSz, void *context); +typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context); +typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context); /* Return codes returned by private key callbacks. */ enum wc_LmsRc { @@ -75,20 +75,45 @@ enum wc_LmsRc { /* Predefined LMS/HSS parameter sets for convenience. * - * Not predefining a set with Winternitz=1, because the signatures + * Not predefining many sets with Winternitz=1, because the signatures * will be large. */ enum wc_LmsParm { - WC_LMS_PARM_NONE = 0, - WC_LMS_PARM_L1_H15_W2 = 1, /* 1 level Merkle tree of 15 height. */ - WC_LMS_PARM_L1_H15_W4 = 2, - WC_LMS_PARM_L2_H10_W2 = 3, /* 2 level Merkle tree of 10 height. */ - WC_LMS_PARM_L2_H10_W4 = 4, - WC_LMS_PARM_L2_H10_W8 = 5, - WC_LMS_PARM_L3_H5_W2 = 6, /* 3 level Merkle tree of 5 height. */ - WC_LMS_PARM_L3_H5_W4 = 7, - WC_LMS_PARM_L3_H5_W8 = 8, - WC_LMS_PARM_L3_H10_W4 = 9, /* 3 level Merkle tree of 10 height. */ - WC_LMS_PARM_L4_H5_W8 = 10, /* 4 level Merkle tree of 5 height. */ + WC_LMS_PARM_NONE = 0, + WC_LMS_PARM_L1_H5_W1 = 1, + WC_LMS_PARM_L1_H5_W2 = 2, + WC_LMS_PARM_L1_H5_W4 = 3, + WC_LMS_PARM_L1_H5_W8 = 4, + WC_LMS_PARM_L1_H10_W2 = 5, + WC_LMS_PARM_L1_H10_W4 = 6, + WC_LMS_PARM_L1_H10_W8 = 7, + WC_LMS_PARM_L1_H15_W2 = 8, + WC_LMS_PARM_L1_H15_W4 = 9, + WC_LMS_PARM_L1_H15_W8 = 10, + WC_LMS_PARM_L1_H20_W2 = 11, + WC_LMS_PARM_L1_H20_W4 = 12, + WC_LMS_PARM_L1_H20_W8 = 13, + WC_LMS_PARM_L2_H5_W2 = 14, + WC_LMS_PARM_L2_H5_W4 = 15, + WC_LMS_PARM_L2_H5_W8 = 16, + WC_LMS_PARM_L2_H10_W2 = 17, + WC_LMS_PARM_L2_H10_W4 = 18, + WC_LMS_PARM_L2_H10_W8 = 19, + WC_LMS_PARM_L2_H15_W2 = 20, + WC_LMS_PARM_L2_H15_W4 = 21, + WC_LMS_PARM_L2_H15_W8 = 22, + WC_LMS_PARM_L2_H20_W2 = 23, + WC_LMS_PARM_L2_H20_W4 = 24, + WC_LMS_PARM_L2_H20_W8 = 25, + WC_LMS_PARM_L3_H5_W2 = 26, + WC_LMS_PARM_L3_H5_W4 = 27, + WC_LMS_PARM_L3_H5_W8 = 28, + WC_LMS_PARM_L3_H10_W4 = 29, + WC_LMS_PARM_L3_H10_W8 = 30, + WC_LMS_PARM_L4_H5_W2 = 31, + WC_LMS_PARM_L4_H5_W4 = 32, + WC_LMS_PARM_L4_H5_W8 = 33, + WC_LMS_PARM_L4_H10_W4 = 34, + WC_LMS_PARM_L4_H10_W8 = 35, }; /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ @@ -113,9 +138,9 @@ WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, int * height, int * winternitz); #ifndef WOLFSSL_LMS_VERIFY_ONLY WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key, - write_private_key_cb write_cb); + wc_lms_write_private_key_cb write_cb); WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key, - read_private_key_cb read_cb); + wc_lms_read_private_key_cb read_cb); WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context); WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng); WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key); diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 4eee1fa684..7d349fecea 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -181,6 +181,25 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING #endif WOLFSSL_API void WOLFSSL_MSG(const char* msg); +#ifdef WOLFSSL_DEBUG_CODEPOINTS + WOLFSSL_API void WOLFSSL_MSG2( + const char *file, int line, const char* msg); + WOLFSSL_API void WOLFSSL_ENTER2( + const char *file, int line, const char* msg); + WOLFSSL_API void WOLFSSL_LEAVE2( + const char *file, int line, const char* msg, int ret); + #define WOLFSSL_MSG(msg) WOLFSSL_MSG2(__FILE__, __LINE__, msg) + #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg) + #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret) + #ifdef XVSNPRINTF + WOLFSSL_API void WOLFSSL_MSG_EX2( + const char *file, int line, const char* fmt, ...); + #define WOLFSSL_MSG_EX(fmt, args...) \ + WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args) + #else + #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING + #endif +#endif WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); #else diff --git a/wolfssl/wolfcrypt/md2.h b/wolfssl/wolfcrypt/md2.h index e326a4d791..fe927561c5 100644 --- a/wolfssl/wolfcrypt/md2.h +++ b/wolfssl/wolfcrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/md4.h b/wolfssl/wolfcrypt/md4.h index f367cde627..c4bd266a26 100644 --- a/wolfssl/wolfcrypt/md4.h +++ b/wolfssl/wolfcrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h index 6506be9894..c19f6c15f7 100644 --- a/wolfssl/wolfcrypt/md5.h +++ b/wolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h index 585756426c..b45bf2388a 100644 --- a/wolfssl/wolfcrypt/mem_track.h +++ b/wolfssl/wolfcrypt/mem_track.h @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -177,30 +177,34 @@ static WC_INLINE void* TrackMalloc(size_t sz) (void)line; #endif #endif +#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) + if (pthread_mutex_lock(&memLock) == 0) + { +#endif #ifdef DO_MEM_STATS - ourMemStats.totalAllocs++; - ourMemStats.totalBytes += sz; - ourMemStats.currentBytes += sz; -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - - ourMemStats.totalDeallocs) { - ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - - ourMemStats.totalDeallocs; - } - if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) -#endif - { + ourMemStats.totalAllocs++; + ourMemStats.totalBytes += sz; + ourMemStats.currentBytes += sz; #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; + if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - + ourMemStats.totalDeallocs) { + ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - + ourMemStats.totalDeallocs; + } + if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) #endif - if (ourMemStats.currentBytes > ourMemStats.peakBytes) - ourMemStats.peakBytes = ourMemStats.currentBytes; - } + { + #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; + #endif + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; + } + #endif /* DO_MEM_STATS */ #ifdef DO_MEM_LIST - if (pthread_mutex_lock(&memLock) == 0) { #ifdef WOLFSSL_DEBUG_MEMORY header->func = func; header->line = line; @@ -218,7 +222,8 @@ static WC_INLINE void* TrackMalloc(size_t sz) } ourMemList.tail = header; /* add to the end either way */ ourMemList.count++; - +#endif +#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) pthread_mutex_unlock(&memLock); } #endif /* DO_MEM_LIST */ @@ -245,7 +250,7 @@ static WC_INLINE void TrackFree(void* ptr) header = &mt->u.hint; sz = header->thisSize; -#ifdef DO_MEM_LIST +#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) if (pthread_mutex_lock(&memLock) == 0) { #endif @@ -277,7 +282,9 @@ static WC_INLINE void TrackFree(void* ptr) prev->next = next; } ourMemList.count--; +#endif +#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) pthread_mutex_unlock(&memLock); } #endif diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 9a1d7b06d2..481f8aa796 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -101,48 +101,72 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #ifndef WOLFSSL_STATIC_ALIGN #define WOLFSSL_STATIC_ALIGN 16 #endif +/* WOLFMEM_BUCKETS - list of the sizes of buckets in the pool + * WOLFMEM_DIST - list of quantities of buffers in the buckets + * WOLFMEM_DEF_BUCKETS - number of values in WOLFMEM_BUCKETS and WOLFMEM_DIST + * WOLFMEM_MAX_BUCKETS - size of the arrays used to store the buckets and + * dists in the memory pool; defaults to WOLFMEM_DEF_BUCKETS + * + * The following defines provide a reasonable set of buckets in the memory + * pool for running wolfSSL on a Linux box. The bucket and dist lists below + * have nine items each, so WOLFMEM_DEF_BUCKETS is set to 9. + * + * If WOLFMEM_DEF_BUCKETS is less then WOLFMEM_MAX_BUCKETS, the unused values + * are set to zero and ignored. If WOLFMEM_MAX_BUCKETS is less than + * WOLFMEM_DEF_BUCKETS, not all the buckets will be created in the pool. + */ + #ifndef WOLFMEM_DEF_BUCKETS + #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ + #endif + #ifndef WOLFMEM_MAX_BUCKETS - #define WOLFMEM_MAX_BUCKETS 9 + #define WOLFMEM_MAX_BUCKETS WOLFMEM_DEF_BUCKETS #endif - #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ + + #if WOLFMEM_MAX_BUCKETS < WOLFMEM_DEF_BUCKETS + #warning "ignoring excess buckets, MAX_BUCKETS less than DEF_BUCKETS" + #endif + #ifndef WOLFMEM_IO_SZ #define WOLFMEM_IO_SZ 16992 /* 16 byte aligned */ #endif + + #ifndef LARGEST_MEM_BUCKET + #ifndef SESSION_CERTS + #define LARGEST_MEM_BUCKET 16128 + #elif defined(OPENSSL_EXTRA) + #ifdef WOLFSSL_TLS13 + #define LARGEST_MEM_BUCKET 30400 + #else + #define LARGEST_MEM_BUCKET 25600 + #endif + #elif defined(WOLFSSL_CERT_EXT) + /* certificate extensions requires 24k for the SSL struct */ + #define LARGEST_MEM_BUCKET 24576 + #else + /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */ + #define LARGEST_MEM_BUCKET 23440 + #endif + #endif + #ifndef WOLFMEM_BUCKETS #ifndef SESSION_CERTS /* default size of chunks of memory to separate into */ - #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 16128 - #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET - #elif defined (OPENSSL_EXTRA) + #elif defined(OPENSSL_EXTRA) /* extra storage in structs for multiple attributes and order */ - #ifndef LARGEST_MEM_BUCKET - #ifdef WOLFSSL_TLS13 - #define LARGEST_MEM_BUCKET 30400 - #else - #define LARGEST_MEM_BUCKET 25600 - #endif - #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ LARGEST_MEM_BUCKET - #elif defined (WOLFSSL_CERT_EXT) - /* certificate extensions requires 24k for the SSL struct */ - #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 24576 - #endif + #elif defined(WOLFSSL_CERT_EXT) #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET #else - /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */ - #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 23440 - #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET #endif #endif + #ifndef WOLFMEM_DIST #ifndef WOLFSSL_STATIC_MEMORY_SMALL #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 @@ -190,7 +214,14 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */ typedef struct WOLFSSL_HEAP { wc_Memory* ava[WOLFMEM_MAX_BUCKETS]; + #ifndef WOLFSSL_STATIC_MEMORY_LEAN wc_Memory* io; /* list of buffers to use for IO */ + #endif + + #ifdef WOLFSSL_STATIC_MEMORY_LEAN + word16 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */ + byte distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ + #else word32 maxHa; /* max concurrent handshakes */ word32 curHa; word32 maxIO; /* max concurrent IO connections */ @@ -199,10 +230,16 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ word32 inUse; /* amount of memory currently in use */ word32 ioUse; + #endif + + #ifndef WOLFSSL_STATIC_MEMORY_LEAN word32 alloc; /* total number of allocs */ word32 frAlc; /* total number of frees */ int flag; + #endif + #ifndef SINGLE_THREADED wolfSSL_Mutex memory_mutex; + #endif } WOLFSSL_HEAP; /* structure passed into XMALLOC as heap hint @@ -211,22 +248,41 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, typedef struct WOLFSSL_HEAP_HINT { WOLFSSL_HEAP* memory; WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */ + #ifndef WOLFSSL_STATIC_MEMORY_LEAN wc_Memory* outBuf; /* set if using fixed io buffers */ wc_Memory* inBuf; byte haFlag; /* flag used for checking handshake count */ + #endif } WOLFSSL_HEAP_HINT; + WOLFSSL_API void* wolfSSL_SetGlobalHeapHint(void* heap); + WOLFSSL_API void* wolfSSL_GetGlobalHeapHint(void); + WOLFSSL_API int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, + unsigned int listSz, const unsigned int *sizeList, + const unsigned int *distList, unsigned char* buf, unsigned int sz, + int flag, int max); +#ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK + #define WOLFSSL_DEBUG_MEMORY_ALLOC 0 + #define WOLFSSL_DEBUG_MEMORY_FAIL 1 + #define WOLFSSL_DEBUG_MEMORY_FREE 2 + #define WOLFSSL_DEBUG_MEMORY_INIT 3 + + + typedef void (*DebugMemoryCb)(size_t sz, int bucketSz, byte st, int type); + WOLFSSL_API void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb); +#endif WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, unsigned int sz, int flag, int max); + WOLFSSL_API void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap); - WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap); - WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz, - int flag, WOLFSSL_HEAP* heap); - WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, + WOLFSSL_API int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats); WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + WOLFSSL_API int wolfSSL_StaticBufferSz_ex(unsigned int listSz, + const unsigned int *sizeList, const unsigned int *distList, + byte* buffer, word32 sz, int flag); WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); WOLFSSL_API int wolfSSL_MemoryPaddingSz(void); #endif /* WOLFSSL_STATIC_MEMORY */ @@ -272,6 +328,9 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag, #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0 #endif + #ifndef CAN_SAVE_VECTOR_REGISTERS + #define CAN_SAVE_VECTOR_REGISTERS() (SAVE_VECTOR_REGISTERS2_fuzzer() == 0) + #endif #endif #ifdef DEBUG_VECTOR_REGISTER_ACCESS diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 2685c6cddd..cc068db441 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -135,6 +135,8 @@ WOLFSSL_LOCAL byte ctSetLTE(int a, int b); WOLFSSL_LOCAL void ctMaskCopy(byte mask, byte* dst, byte* src, word16 size); WOLFSSL_LOCAL word32 MakeWordFromHash(const byte* hashID); WOLFSSL_LOCAL word32 HashObject(const byte* o, word32 len, int* error); +WOLFSSL_LOCAL char* CopyString(const char* src, int srcLen, void* heap, + int type); WOLFSSL_LOCAL void w64Increment(w64wrapper *n); WOLFSSL_LOCAL void w64Decrement(w64wrapper *n); @@ -143,6 +145,7 @@ WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n); WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n); WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low); WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap); +WOLFSSL_LOCAL w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap); WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap); WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL byte w64IsZero(w64wrapper a); @@ -155,6 +158,7 @@ WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL void w64Zero(w64wrapper *a); WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift); WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift); +WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b); #else /* !NO_INLINE */ diff --git a/wolfssl/wolfcrypt/mpi_class.h b/wolfssl/wolfcrypt/mpi_class.h index 0736d6f8f3..831fae35ca 100644 --- a/wolfssl/wolfcrypt/mpi_class.h +++ b/wolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/mpi_superclass.h b/wolfssl/wolfcrypt/mpi_superclass.h index abfac6af5e..f27f61a2a3 100644 --- a/wolfssl/wolfcrypt/mpi_superclass.h +++ b/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/pkcs11.h b/wolfssl/wolfcrypt/pkcs11.h index c754784022..7a53710b6f 100644 --- a/wolfssl/wolfcrypt/pkcs11.h +++ b/wolfssl/wolfcrypt/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -138,14 +138,22 @@ extern "C" { #define CKA_HAS_RESET 0x00000302UL #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL #define CKM_RSA_X_509 0x00000003UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL +#define CKM_RSA_PKCS_PSS 0x0000000DUL #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL #define CKM_DH_PKCS_DERIVE 0x00000021UL #define CKM_MD5_HMAC 0x00000211UL +#define CKM_SHA_1 0x00000220UL #define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA256 0x00000250UL #define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA224 0x00000255UL #define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA384 0x00000260UL #define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA512 0x00000270UL #define CKM_SHA512_HMAC 0x00000271UL #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL #define CKM_EC_KEY_PAIR_GEN 0x00001040UL @@ -156,12 +164,26 @@ extern "C" { #define CKM_AES_CBC 0x00001082UL #define CKM_AES_GCM 0x00001087UL +/* full data RSA PK callbacks */ +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL + +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL + + #define CKR_OK 0x00000000UL #define CKR_MECHANISM_INVALID 0x00000070UL #define CKR_SIGNATURE_INVALID 0x000000C0UL #define CKD_NULL 0x00000001UL - +#define CKZ_DATA_SPECIFIED 0x00000001UL typedef unsigned char CK_BYTE; typedef CK_BYTE CK_CHAR; @@ -339,6 +361,26 @@ typedef struct CK_GCM_PARAMS { } CK_GCM_PARAMS; typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR; +typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; + +typedef struct CK_RSA_PKCS_PSS_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_ULONG sLen; +} CK_RSA_PKCS_PSS_PARAMS; +typedef CK_RSA_PKCS_PSS_PARAMS *CK_RSA_PKCS_PSS_PARAMS_PTR; + +typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; + +typedef struct CK_RSA_PKCS_OAEP_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_OAEP_SOURCE_TYPE source; + CK_VOID_PTR pSourceData; + CK_ULONG ulSourceDataLen; +} CK_RSA_PKCS_OAEP_PARAMS; +typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR; + /* Function list types. */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR; @@ -538,4 +580,3 @@ struct CK_FUNCTION_LIST { #endif #endif /* _PKCS11_H_ */ - diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h index f3023540e4..d7bf967d8a 100644 --- a/wolfssl/wolfcrypt/pkcs12.h +++ b/wolfssl/wolfcrypt/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,9 +29,7 @@ extern "C" { #endif -#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */ - typedef struct WC_PKCS12 WC_PKCS12; -#endif +typedef struct WC_PKCS12 WC_PKCS12; typedef struct WC_DerCertList { /* dereferenced in ssl.c */ byte* buffer; @@ -47,6 +45,7 @@ enum { }; WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); +WOLFSSL_API WC_PKCS12* wc_PKCS12_new_ex(void* heap); WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); #ifndef NO_FILESYSTEM @@ -67,7 +66,7 @@ WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap); WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12); -WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap); +WOLFSSL_API void wc_FreeCertList(WC_DerCertList* list, void* heap); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 2af117dcb9..85b1a1faee 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -345,6 +345,10 @@ struct PKCS7 { word32 plainDigestSz; word32 pkcs7DigestSz; +#ifdef WC_ASN_UNKNOWN_EXT_CB + wc_UnknownExtCallback unknownExtCallback; +#endif + #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) CallbackRsaSignRawDigest rsaSignRawDigestCb; #endif @@ -354,10 +358,15 @@ struct PKCS7 { word32 cachedEncryptedContentSz; word16 contentCRLF:1; /* have content line endings been converted to CRLF */ word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ + word16 hashParamsAbsent:1; /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); +#ifdef WC_ASN_UNKNOWN_EXT_CB + WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, + wc_UnknownExtCallback cb); +#endif WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index c0a5b8dfc1..68fc74ae50 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,9 +48,16 @@ #define WC_HAS_GCC_4_4_64BIT #endif -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef WOLFSSL_X86_64_BUILD +#if defined(USE_INTEL_SPEEDUP) && !defined(NO_POLY1305_ASM) + #define USE_INTEL_POLY1305_SPEEDUP + #define HAVE_INTEL_AVX1 +#endif +#endif + +#if defined(USE_INTEL_POLY1305_SPEEDUP) #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \ - defined(WC_HAS_GCC_4_4_64BIT)) + defined(WC_HAS_GCC_4_4_64BIT)) && !defined(WOLFSSL_W64_WRAPPER_TEST) #define POLY130564 #else #define POLY130532 @@ -67,7 +74,7 @@ enum { /* Poly1305 state */ typedef struct Poly1305 { -#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) +#ifdef USE_INTEL_POLY1305_SPEEDUP word64 r[3]; word64 h[3]; word64 pad[2]; @@ -125,9 +132,12 @@ WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz); #if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM) -void poly1305_blocks(Poly1305* ctx, const unsigned char *m, +#define poly1305_blocks poly1305_blocks_aarch64 +#define poly1305_block poly1305_block_aarch64 + +void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, size_t bytes); -void poly1305_block(Poly1305* ctx, const unsigned char *m); +void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m); #endif #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h new file mode 100644 index 0000000000..a7873f203d --- /dev/null +++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -0,0 +1,229 @@ +/* esp-sdk-lib.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __ESP_SDK_LIB_H__ + +#define __ESP_SDK_LIB_H__ + +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +/* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */ +/* set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") */ +#ifndef WOLFSSL_USER_SETTINGS + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" +#endif + +/* FreeRTOS */ +#include +#include +#include + +/* Espressif */ +#include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */ +#include +#include + +#define ESP_SDK_MEM_LIB_VERSION 1 + +/** + ****************************************************************************** + ****************************************************************************** + ** USER APPLICATION SETTINGS BEGIN + ****************************************************************************** + ****************************************************************************** + **/ + +/* when using a private config with plain text passwords, + * file my_private_config.h should be excluded from git updates */ +/* #define USE_MY_PRIVATE_CONFIG */ + +/* Note that IntelliSense may not work properly in the next section for the + * Espressif SDK 3.4 on the ESP8266. Macros should still be defined. + * See the project-level Makefile. Example found in: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that + * triggers the make (not cmake) to add compiler defines. + */ +#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG) + #include "/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_WSL_CONFIG) + #include "/mnt/c/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_LINUX_CONFIG) + #include "~/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_MAC_CONFIG) + #include "~/Documents/my_private_config.h" +#elif defined(USE_MY_PRIVATE_CONFIG) + /* This section works best with cmake & non-environment variable setting */ + #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_CMAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_MAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_CMAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_MAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_CMAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_MAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) + #include "~/Documents/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE) + #define WOLFSSL_MAKE + #include "~/Documents/my_private_config.h" + #elif defined(OS_WINDOWS) + #include "/workspace/my_private_config.h" + #else + /* Edit as needed for your private config: */ + #warning "default private config using /workspace/my_private_config.h" + #include "/workspace/my_private_config.h" + #endif +#else + + /* + ** The examples use WiFi configuration that you can set via project + ** configuration menu + ** + ** If you'd rather not, just change the below entries to strings with + ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" + */ + #if defined(CONFIG_ESP_WIFI_SSID) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ + #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #undef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID + #else + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif + + #if defined(CONFIG_ESP_WIFI_PASSWORD) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ + #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #undef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD + #else + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void); + +WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v); + +WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void); + +/****************************************************************************** +* Time helpers +******************************************************************************/ +WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void); + +/* a function to show the current data and time */ +WOLFSSL_LOCAL esp_err_t esp_show_current_datetime(void); + +/* worst case, if GitHub time not available, used fixed time */ +WOLFSSL_LOCAL esp_err_t set_fixed_default_time(void); + +/* set time from string (e.g. GitHub commit time) */ +WOLFSSL_LOCAL esp_err_t set_time_from_string(const char* time_buffer); + +/* set time from NTP servers, + * also initially calls set_fixed_default_time or set_time_from_string */ +WOLFSSL_LOCAL esp_err_t set_time(void); + +/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ +WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void); + +#ifndef NO_ESP_SDK_WIFI + +/****************************************************************************** +* WiFi helpers +******************************************************************************/ +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +#define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID +#define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD + +/* Optionally enable WiFi. Typically not used for wolfcrypt tests */ +/* #define USE_WIFI_EXAMPLE */ +#ifdef USE_WIFI_EXAMPLE + #include "esp_netif.h" + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO find and implement ESP8266 example include */ + #else + #include "protocol_examples_common.h" /* see project CMakeLists.txt */ + #endif +#endif + + +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_lib_init(void); + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void); + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void); + +#endif /* !NO_ESP_SDK_WIFI */ + + +/****************************************************************************** +* Debug helpers +******************************************************************************/ +WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void); +WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size, + const char* file, int line, const char* fname); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +/* Check for traps */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + #if !defined(NO_SESSION_CACHE) && \ + !defined(MICRO_SESSION_CACHE) && \ + !defined(SMALL_SESSION_CACHE) + #warning "Limited DRAM/IRAM on ESP8266. Check session cache settings" + #endif +#endif + +#endif /* WOLFSSL_ESPIDF */ + +#endif /* __ESP_SDK_LIB_H__ */ diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 72905c936c..9a33bf5d39 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,6 +44,18 @@ #include #include +#ifndef _INTPTR_T_DECLARED + #define intptr_t (void*) +#endif + +#ifndef _UINTPTR_T_DECLARED + #define uintptr_t (void*) +#endif + +#ifndef NULLPTR + #define NULLPTR ((uintptr_t)NULL) +#endif + #if ESP_IDF_VERSION_MAJOR >= 4 #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "" #else @@ -51,13 +63,34 @@ #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "." #endif +#if defined(WOLFSSL_STACK_CHECK) + #define CTX_STACK_CHECK(ctx) esp_sha_stack_check(ctx) +#else + #define CTX_STACK_CHECK(ctx) {} +#endif + +#if defined(CONFIG_IDF_TARGET) + #define FOUND_CONFIG_IDF_TARGET CONFIG_IDF_TARGET +#else + #define FOUND_CONFIG_IDF_TARGET "(unknown device)" +#endif + /* Optional exit message. * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */ #define WOLFSSL_ESPIDF_EXIT_MESSAGE \ + "\n\nDevice: " FOUND_CONFIG_IDF_TARGET \ "\n\nDone!" \ "\n\nWOLFSSL_COMPLETE" \ "\n\nIf running from idf.py monitor, press twice: Ctrl+]" +#define WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE(s, err) \ + "\n\nDevice: " FOUND_CONFIG_IDF_TARGET \ + "\n\nExit code: %d " \ + "\n\n"s \ + "\n\nWOLFSSL_COMPLETE" \ + "\n\nIf running from idf.py monitor, press twice: Ctrl+]", \ + (err) + /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc. * * see wolfssl/wolfcrypt/error-crypt.h @@ -200,7 +233,7 @@ enum { ** Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED. ** ** NO_ESP_MP_MUL_EVEN_ALT_CALC -** Used during Z = X × Y mod M +** Used during Z = X * Y mod M ** By default, even moduli use a two step HW esp_mp_mul with SW mp_mod. ** Enable this to instead fall back to pure software mp_mulmod. ** @@ -306,11 +339,16 @@ enum { /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - #define NO_WOLFSSL_ESP32_CRYPT_AES /* No AES HW */ - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /* No RSA HW*/ - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL /* No RSA, so no mp_mul */ - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD /* No RSA, so no mp_mulmod */ - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD /* No RSA, no mp_exptmod */ + /* No AES HW */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + /* No RSA HW: */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* No RSA, so no mp_mul: */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + /* No RSA, so no mp_mulmod: */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + /* No RSA, no mp_exptmod: */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD #include #include @@ -419,6 +457,11 @@ enum { #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented. Note: no WiFi. */ + #define NO_ESP32_CRYPT + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S2) #include "soc/dport_reg.h" #include @@ -439,9 +482,26 @@ enum { #include #endif #define ESP_PROHIBIT_SMALL_X 0 - + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ #else - /* not yet supported. no HW */ + /* Unknown: Not yet supported. Assume no HW. */ + #define NO_ESP32_CRYPT + /***** END CONFIG_IDF_TARGET_[x] config unknown *****/ + +#endif /* CONFIG_IDF_TARGET target check */ + +#ifdef NO_ESP32_CRYPT + /* There's no hardware acceleration, so ensure everything is disabled: */ + #undef NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #undef NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_AES + #undef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif + +#ifdef NO_WOLFSSL_ESP32_CRYPT_HASH + /* There's no SHA hardware acceleration, so ensure all are disabled: */ #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 @@ -456,7 +516,15 @@ enum { #endif /* CONFIG_IDF_TARGET target check */ -#ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#ifdef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* With RSA disabled (or not available), explicitly disable each: */ + #undef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #undef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #undef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#else #if defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL) && \ defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD) && \ defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD) @@ -482,6 +550,19 @@ enum { #endif #endif +/* Resulting settings review for syntax highlighter review only: */ +#if defined(NO_ESP32_CRYPT) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) || \ + defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) || \ + defined(WOLFSSL_ESP32_CRYPT_DEBUG) +#endif + #ifdef __cplusplus extern "C" { @@ -495,6 +576,10 @@ extern "C" WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void); + WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void); + + WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void); + /* Compare MATH_INT_T A to MATH_INT_T B * During debug, the strings name_A and name_B can help * identify variable name. */ @@ -620,6 +705,8 @@ extern "C" #include "rom/sha.h" #define WC_ESP_SHA_TYPE SHA_TYPE #endif + #elif defined(CONFIG_IDF_TARGET_ESP8266) + /* there's no HW to include */ #else #include "rom/sha.h" #endif @@ -638,11 +725,14 @@ extern "C" typedef struct { - /* pointer to object the initialized HW; to track copies */ - void* initializer; -#if !defined(SINGLE_THREADED) || defined(ESP_MONITOR_HW_TASK_LOCK) - void* task_owner; -#endif + #if defined(WOLFSSL_STACK_CHECK) + word32 first_word; + #endif + /* Pointer to object that initialized HW, to track copies: */ + uintptr_t initializer; + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) + TaskHandle_t task_owner; + #endif /* an ESP32_MODE value; typically: ** 0 init, @@ -666,6 +756,9 @@ extern "C" /* 0 (false) this is NOT first block. ** 1 (true ) this is first block. */ byte isfirstblock : 1; /* 1 bit only for true / false */ + #if defined(WOLFSSL_STACK_CHECK) + word32 last_word; + #endif } WC_ESP32SHA; WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx); @@ -676,20 +769,25 @@ extern "C" WOLFSSL_LOCAL int esp_sha_hw_unlock(WC_ESP32SHA* ctx); /* esp_sha_hw_islocked: returns 0 if not locked, otherwise owner address */ - WOLFSSL_LOCAL int esp_sha_hw_islocked(WC_ESP32SHA* ctx); - WOLFSSL_LOCAL int esp_sha_call_count(); - WOLFSSL_LOCAL int esp_sha_lock_count(); - WOLFSSL_LOCAL int esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx); - WOLFSSL_LOCAL int esp_sha_set_stray(WC_ESP32SHA* ctx); + WOLFSSL_LOCAL uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx); + + /* esp_sha_hw_in_use returns 1 (true) if SHA HW in use, otherwise 0 */ + WOLFSSL_LOCAL int esp_sha_hw_in_use(void); + WOLFSSL_LOCAL int esp_sha_call_count(void); + WOLFSSL_LOCAL int esp_sha_lock_count(void); + WOLFSSL_LOCAL uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx); + WOLFSSL_LOCAL uintptr_t esp_sha_set_stray(WC_ESP32SHA* ctx); +#ifndef NO_SHA struct wc_Sha; WOLFSSL_LOCAL int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst); WOLFSSL_LOCAL int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess); WOLFSSL_LOCAL int esp_sha_process(struct wc_Sha* sha, const byte* data); +#endif /* NO_SHA */ #ifdef WOLFSSL_DEBUG_MUTEX - /* testing HW release in task that did not lock */ + /* Testing HW release in task that did not lock: */ extern WC_ESP32SHA* stray_ctx; #endif @@ -788,7 +886,7 @@ extern "C" #define WOLFSSL_HAS_METRICS /* Allow sha256 code to keep track of SW fallback during active HW */ - WOLFSSL_LOCAL int esp_sw_sha256_count_add(); + WOLFSSL_LOCAL int esp_sw_sha256_count_add(void); /* show MP HW Metrics*/ WOLFSSL_LOCAL int esp_hw_show_mp_metrics(void); @@ -800,6 +898,13 @@ extern "C" WOLFSSL_LOCAL int esp_hw_show_metrics(void); #endif + +#if defined(WOLFSSL_STACK_CHECK) + +WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); + +#endif /* WOLFSSL_STACK_CHECK */ + /* * Errata Mitigation. See * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf @@ -820,8 +925,8 @@ extern "C" /* Non-FIFO read may not be needed in chip revision v3.0. */ #define ESP_EM__READ_NON_FIFO_REG {DPORT_SEQUENCE_REG_READ(0x3FF40078);} - /* When the CPU frequency is 160 MHz, add six �nop� between two consecutive - ** FIFO reads. When the CPU frequency is 240 MHz, add seven �nop� between + /* When the CPU frequency is 160 MHz, add six nops between two consecutive + ** FIFO reads. When the CPU frequency is 240 MHz, add seven nops between ** two consecutive FIFO reads. See 3.16 */ #if defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80) #define ESP_EM__3_16 { \ @@ -881,16 +986,6 @@ extern "C" } #endif -/* Compatibility checks */ -#if defined(DEBUG_WOLFSSH) || defined(ESP_ENABLE_WOLFSSH) || \ - defined(WOLFSSH_TERM) || defined(WOLFSSH_TEST_SERVER) - #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 - /* need to add this line to wolfssl component user_settings.h - * #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 */ - #error "ESP32_CRYPT_HASH_SHA256 not supported on wolfSSL at this time" - #endif -#endif /* SSH SHA256 HW check */ - #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */ #endif /* __ESP32_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h index 9671fafa91..b4faa7368d 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h @@ -1,6 +1,6 @@ /* renesas-fspsm-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -123,7 +123,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open(); WOLFSSL_LOCAL void wc_fspsm_Close(); WOLFSSL_LOCAL int wc_fspsm_hw_lock(); WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void ); -WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl, +WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated); typedef struct { @@ -319,7 +319,7 @@ WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx); WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign); -#endif /* WOLFSSL_RENESAS_FSPSM_TLS && +#endif /* WOLFSSL_RENESAS_FSPSM_TLS && * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */ typedef struct FSPSM_RSA_CTX { diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h index b110343f1b..33dcbbc8df 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h @@ -1,6 +1,6 @@ /* renesas-fsp-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #define FSPSM_W_KEYVAR renesas_sce_wrappedkey #define FSPSM_tls_flg_ST sce_keyflgs_tls - #define FSPSM_key_flg_ST sce_keyflgs_cryt + #define FSPSM_key_flg_ST sce_keyflgs_crypt #define FSPSM_tag_ST tagUser_SCEPKCbInfo #define FSPSM_ST User_SCEPKCbInfo #define FSPSM_ST_PKC SCE_PKCbInfo @@ -171,7 +171,7 @@ /* structure, type so on */ #define FSPSM_W_KEYVAR renesas_rsip_wrappedkey #define FSPSM_tls_flg_ST rsip_keyflgs_tls - #define FSPSM_key_flg_ST rsip_keyflgs_cryt + #define FSPSM_key_flg_ST rsip_keyflgs_crypt #define FSPSM_tag_ST tagUser_RSIPPKCbInfo #define FSPSM_ST User_RSIPPKCbInfo #define FSPSM_ST_PKC RSIP_PKCbInfo diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h index 07d59ac9ac..8d6cfe1720 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Use of this Software is subject to the GPLv2 License + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -13,7 +13,7 @@ * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 6b1bbfdae9..2a0cd1ff54 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -1,6 +1,6 @@ /* renesas-tsip-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,12 +32,20 @@ #if defined(WOLFSSL_RENESAS_TSIP) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - #include "r_tsip_rx_if.h" + #include "r_tsip_rx_if.h" #endif +#include +#include #include +#include +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include +#endif +#ifdef WOLF_CRYPTO_CB +#include +#endif #ifdef __cplusplus extern "C" { @@ -51,7 +59,7 @@ extern "C" { typedef enum { WOLFSSL_TSIP_NOERROR = 0, WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, -}wolfssl_tsip_error_number; +} wolfssl_tsip_error_number; typedef enum { tsip_Key_SESSION = 1, @@ -84,28 +92,33 @@ enum { TSIP_TLS_VERIFY_DATA_WD_SZ = 8, TSIP_TLS_MAX_SIGDATA_SZ = 130, TSIP_TEMP_WORK_SIZE = 128, + + TSIP_MAX_ECC_BYTES = 48, }; typedef enum { - TSIP_KEY_TYPE_RSA2048 = 0, - TSIP_KEY_TYPE_RSA4096 = 1, - TSIP_KEY_TYPE_ECDSAP256 = 2, #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - TSIP_KEY_TYPE_RSA1024 = 3, + TSIP_KEY_TYPE_RSA1024 = 1, /* TSIP_RSA1024 */ #endif - + TSIP_KEY_TYPE_RSA2048 = 2, /* TSIP_RSA2048 */ + TSIP_KEY_TYPE_RSA3072 = 3, /* TSIP_RSA3072 */ + TSIP_KEY_TYPE_RSA4096 = 4, /* TSIP_RSA4096 */ + TSIP_KEY_TYPE_ECDSAP256 = 5, /* TSIP_ECCP256 */ + TSIP_KEY_TYPE_ECDSAP384 = 6, /* TSIP_ECCP384 */ } wolfssl_TSIP_KEY_TYPE; + struct WOLFSSL; +struct ecc_key; struct KeyShareEntry; /* MsgBag stands for message bag and acts as a buffer for holding plain text * handshake messages exchanged between client and server. - * MsgBag was introduced as a workaround for the TSIP's limitation that TSIP + * MsgBag was introduced as a workaround for the TSIP's limitation that TSIP * can not process multiple hash algorithms at the same time. If the - * limitation is resolved in a future TSIP, MsgBag should be removed. + * limitation is resolved in a future TSIP, MsgBag should be removed. * The contents in this MsgBag is used for transcript hashing. The hash value - * is used for the key derivation and Finished-message. + * is used for the key derivation and Finished-message. * The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual * size is 8KB. The size should be large enough to hold all the handshake * messages including the server and client certificate messages. @@ -121,33 +134,40 @@ typedef struct MsgBag } MsgBag; #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - - typedef void* renesas_tsip_key; - - /* flags Crypt Only */ - struct tsip_keyflgs_cryt { - uint8_t aes256_key_set:1; - uint8_t aes128_key_set:1; - uint8_t rsapri2048_key_set:1; - uint8_t rsapub2048_key_set:1; - uint8_t rsapri1024_key_set:1; - uint8_t rsapub1024_key_set:1; - uint8_t message_type:1;/*message 0, hashed 1*/ - }; +/* flags Crypt Only */ +struct tsip_keyflgs_crypt { + uint32_t aes256_key_set:1; + uint32_t aes128_key_set:1; + uint32_t rsapri2048_key_set:1; + uint32_t rsapub2048_key_set:1; + uint32_t rsapri1024_key_set:1; + uint32_t rsapub1024_key_set:1; + uint32_t eccpri_key_set:1; + uint32_t eccpub_key_set:1; + uint32_t message_type:1; /*message 0, hashed 1*/ +}; #endif + /* * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. */ typedef struct TsipUserCtx { /* unique number for each session */ int devId; + + /* client key pair wrapped by provisioning key */ + byte* wrappedPrivateKey; + byte* wrappedPublicKey; + + int wrappedKeyType; + #ifdef WOLFSSL_RENESAS_TSIP_TLS /* 0:working as a TLS client, 1: as a server */ byte side; /* public key index for verification of RootCA cert */ uint32_t user_key_id; - + /* WOLFSSL object associated with */ struct WOLFSSL* ssl; struct WOLFSSL_CTX* ctx; @@ -159,34 +179,27 @@ typedef struct TsipUserCtx { /* handle is used as work area for Tls13 handshake */ tsip_tls13_handle_t handle13; -#endif /* WOLFSSL_RENESAS_TSIP_TLS */ - /* client key pair wrapped by provisioning key */ - byte* wrappedPrivateKey; - byte* wrappedPublicKey; - int wrappedKeyType; -#ifdef WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RSA) +#if !defined(NO_RSA) /* RSA-2048bit private and public key-index for client authentication */ tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx; - #endif /* !NO_RSA */ - - #if defined(HAVE_ECC) - /* ECC P256 private and public key-index for client authentication */ - tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx; - tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx; - #endif /* HAVE_ECC */ +#endif /* !NO_RSA */ +#if defined(HAVE_ECC) + /* ECC private and public key-index for client authentication */ + tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx; + tsip_ecc_public_key_index_t EcdsaPublicKeyIdx; +#endif /* HAVE_ECC */ /* ECDHE private key index for Tls13 handshake */ tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; /* ECDHE pre-master secret */ tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx; - + /* Handshake secret for Tls13 handshake */ tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx; - + /* the key to decrypt server-finished message */ tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx; @@ -226,12 +239,11 @@ typedef struct TsipUserCtx { /* signature data area for TLS1.3 CertificateVerify message */ byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; - #if (WOLFSSL_RENESAS_TSIP_VER >=109) /* out from R_SCE_TLS_ServerKeyExchangeVerify */ uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; - - /* ephemeral ECDH pubkey index + + /* ephemeral ECDH pubkey index * got from R_TSIP_GenerateTlsP256EccKeyIndex. * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key. */ @@ -248,47 +260,19 @@ typedef struct TsipUserCtx { uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; -#endif /* WOLFSSL_RENESAS_TSIP_TLS */ -/* for tsip crypt only mode */ -#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - - renesas_tsip_key rsa1024pri_keyIdx; - renesas_tsip_key rsa1024pub_keyIdx; - renesas_tsip_key rsa2048pri_keyIdx; - renesas_tsip_key rsa2048pub_keyIdx; - - /* sign/verify hash type : - * md5, sha1 or sha256 - */ - int sing_hash_type; - - /* flags shows status if tsip keys are installed */ - union { - uint8_t chr; - struct tsip_keyflgs_cryt bits; - } keyflgs_crypt; - -#endif - /* installed key handling */ - tsip_aes_key_index_t user_aes256_key_index; - uint8_t user_aes256_key_set:1; - tsip_aes_key_index_t user_aes128_key_index; - uint8_t user_aes128_key_set:1; - + /* TSIP defined cipher suite number */ uint32_t tsip_cipher; - + /* flags */ -#ifdef WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RSA) +#if !defined(NO_RSA) uint8_t ClientRsa2048PrivKey_set:1; uint8_t ClientRsa2048PubKey_set:1; - #endif - - #if defined(HAVE_ECC) - uint8_t ClientEccP256PrivKey_set:1; - uint8_t ClientEccP256PubKey_set:1; - #endif +#endif +#if defined(HAVE_ECC) + uint8_t ClientEccPrivKey_set:1; + uint8_t ClientEccPubKey_set:1; +#endif uint8_t HmacInitialized:1; uint8_t RootCAverified:1; @@ -308,6 +292,39 @@ typedef struct TsipUserCtx { uint8_t session_key_set:1; #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + /* installed key handling */ + tsip_aes_key_index_t user_aes256_key_index; + uint8_t user_aes256_key_set:1; + tsip_aes_key_index_t user_aes128_key_index; + uint8_t user_aes128_key_set:1; + +/* for tsip crypt only mode */ +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY +#ifndef NO_RSA + tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx; + tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx; + tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx; + tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx; +#endif +#ifdef HAVE_ECC + #ifdef HAVE_ECC_SIGN + tsip_ecc_private_key_index_t eccpri_keyIdx; + #endif + tsip_ecc_public_key_index_t eccpub_keyIdx; +#endif + + /* sign/verify hash type : + * md5, sha1 or sha256 + */ + int sign_hash_type; + + /* flags shows status if tsip keys are installed */ + union { + uint32_t chr; + struct tsip_keyflgs_crypt bits; + } keyflgs_crypt; +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + } TsipUserCtx; typedef TsipUserCtx RenesasUserCtx; @@ -315,7 +332,7 @@ typedef TsipUserCtx user_PKCbInfo; typedef struct { - TsipUserCtx* userCtx; + TsipUserCtx* userCtx; } TsipPKCbInfo; @@ -372,7 +389,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, #endif #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) -WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc, +WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); @@ -387,12 +404,12 @@ WOLFSSL_API void tsip_inform_user_keys_ex( byte* provisioning_key, /* key got from DLM server */ byte* iv, /* iv used for public key */ byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/ - word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ + word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ #else WOLFSSL_API void tsip_inform_user_keys( - byte* encrypted_session_key, + byte* encrypted_session_key, byte* iv, byte* encrypted_user_tls_key); @@ -401,22 +418,29 @@ WOLFSSL_API void tsip_inform_user_keys( /*----------------------------------------------------*/ /* internal use functions */ /*----------------------------------------------------*/ -WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc); - +#ifdef HAVE_PK_CALLBACKS WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( - WOLFSSL* ssl, + struct WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc); - +#endif #ifdef WOLF_CRYPTO_CB - struct wc_CryptoInfo; +WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info, + TsipUserCtx* tuc); + +WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info, + TsipUserCtx* tuc); + +WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); + +WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); + WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl); WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, @@ -427,7 +451,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac); -WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl, +WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl, struct KeyShareEntry* kse); WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, @@ -466,13 +490,13 @@ WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl, const byte* input, byte* hash, word32* pHashSz); -WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl, +WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl, byte* output, const byte* input, word16 sz); WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl, byte* output, const byte* input, word16 sz); -WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, +WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 totalSz); @@ -483,7 +507,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl); #if (WOLFSSL_RENESAS_TSIP_VER >=109) -WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, +WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, void* ctx); WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx( byte cipherSuiteFirst, @@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret( WOLFSSL_LOCAL int wc_tsip_storeKeyCtx( - WOLFSSL *ssl, + struct WOLFSSL *ssl, TsipUserCtx *userCtx); WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret( - WOLFSSL* ssl, + struct WOLFSSL* ssl, byte* out, word32* outSz); WOLFSSL_LOCAL int wc_tsip_EccSharedSecret( - WOLFSSL* ssl, + struct WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx); WOLFSSL_LOCAL int wc_tsip_RsaVerify( - WOLFSSL* ssl, + struct WOLFSSL* ssl, byte* sig, word32 sigSz, byte** out, @@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify( void* ctx); WOLFSSL_LOCAL int wc_tsip_EccVerify( - WOLFSSL* ssl, + struct WOLFSSL* ssl, const byte* sig, word32 sigSz, const byte* hash, word32 hashSz, const byte* key, word32 keySz, @@ -553,7 +577,7 @@ WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt( byte* out, const byte* in, word32 sz); - + WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt( Aes* aes, byte* out, const byte* in, word32 sz, @@ -561,7 +585,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt( byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, void* ctx); - + WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( Aes* aes, byte* out, const byte* in, word32 sz, @@ -571,22 +595,22 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( void* ctx); #endif /* NO_AES */ WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( - const WOLFSSL *ssl, - const byte* message, + const struct WOLFSSL *ssl, + const byte* message, word32 messageSz, word32 macSz, word32 content); WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( - const WOLFSSL *ssl, - const byte* myInner, + const struct WOLFSSL *ssl, + const byte* myInner, word32 innerSz, const byte* in, - word32 sz, + word32 sz, byte* digest); WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate( - const WOLFSSL *ssl, + const struct WOLFSSL *ssl, const byte* myInner, word32 innerSz, const byte* in, @@ -601,11 +625,11 @@ WOLFSSL_LOCAL int tsip_hw_lock(); WOLFSSL_LOCAL void tsip_hw_unlock( void ); -WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl, +WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated); WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert( - const byte* ps_flash, + const byte* ps_flash, const byte* psigned_ca_cert, word32 len); @@ -631,13 +655,11 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret( word32 preSz); WOLFSSL_LOCAL int wc_tsip_generateSessionKey( - WOLFSSL* ssl, + struct WOLFSSL* ssl, TsipUserCtx* ctx, int devId); WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx); -WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, - TsipUserCtx* tuc); WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size); diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index 1213eeee85..42f1695e93 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -1,6 +1,6 @@ /* renesas_cmn.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,9 +21,14 @@ #ifndef __RENESAS_CMN_H__ #define __RENESAS_CMN_H__ + + #include + +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include + /* Common Callbacks */ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, @@ -36,12 +41,12 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx); -WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, +WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, word32 preSz, void* ctx); -WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, +WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, +WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig, unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, @@ -55,7 +60,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx); - + WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder); WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated); @@ -69,10 +74,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne /* Common Methods */ WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId); -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); -void wc_CryptoCb_CleanupRenesasCmn(int* id); -int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, - word32 key_n_start, word32 key_n_len, word32 key_e_start, +int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row); WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl); WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx); @@ -80,4 +83,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, const byte *handshake_hash, word32 hashSz, byte *hashes, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx); +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + +int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx); +void wc_CryptoCb_CleanupRenesasCmn(int* id); + #endif /* __RENESAS_CMN_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h index 365abf5a38..3b67449144 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h @@ -1,6 +1,6 @@ /* renesas_sync.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index 93738780af..2063056b82 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -1,7 +1,7 @@ /* renesas_tsip_types.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - + #ifndef __RENESAS_TSIP_TYPES_H__ #define __RENESAS_TSIP_TYPES_H__ #include +#include #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) @@ -33,12 +34,6 @@ typedef enum { TSIP_SHA256 = 1, } TSIP_SHA_TYPE; -typedef enum { - TSIP_RSA2048, - TSIP_RSA4096, - TSIP_ECCP256, -} TSIP_KEY_TYPE; - typedef struct { byte* msg; void* heap; @@ -48,22 +43,33 @@ typedef struct { #if defined(WOLF_CRYPTO_CB) word32 flags; int devId; -#endif +#endif } wolfssl_TSIP_Hash; /* RAW hash function APIs are not implemented with TSIP */ #define WOLFSSL_NO_HASH_RAW +#ifndef NO_SHA typedef wolfssl_TSIP_Hash wc_Sha; - -#if !defined(NO_SHA256) +#endif +#ifndef NO_SHA256 typedef wolfssl_TSIP_Hash wc_Sha256; #endif -#endif /* NO_SHA */ +#endif /* !NO_SHA || !NO_SHA256 */ + + +typedef enum { + TSIP_RSA1024 = 1, + TSIP_RSA2048 = 2, + TSIP_RSA3072 = 3, + TSIP_RSA4096 = 4, + TSIP_ECCP256 = 5, + TSIP_ECCP384 = 6, +} TSIP_KEY_TYPE; -#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\ +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include "r_tsip_rx_if.h" diff --git a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h index bac08c0454..8defcb82f4 100644 --- a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h +++ b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h @@ -1,6 +1,6 @@ /* afalg_hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h index 60571f3739..af9e76827d 100644 --- a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h +++ b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h @@ -1,6 +1,6 @@ /* wc_afalg.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/aria/aria-crypt.h b/wolfssl/wolfcrypt/port/aria/aria-crypt.h index 9d49b875a1..a660bdb3a1 100644 --- a/wolfssl/wolfcrypt/port/aria/aria-crypt.h +++ b/wolfssl/wolfcrypt/port/aria/aria-crypt.h @@ -1,6 +1,6 @@ /* aria-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h index 01e18b07d8..68099b1c22 100644 --- a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h +++ b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h @@ -1,6 +1,6 @@ /* aria-cryptocb.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/arm/cryptoCell.h b/wolfssl/wolfcrypt/port/arm/cryptoCell.h index 58ba145162..eb9169f300 100644 --- a/wolfssl/wolfcrypt/port/arm/cryptoCell.h +++ b/wolfssl/wolfcrypt/port/arm/cryptoCell.h @@ -1,6 +1,6 @@ /* cryptoCell.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h index 4f92236647..c2f994083d 100644 --- a/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h index a3675f2527..99c3698ab6 100644 --- a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h +++ b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h @@ -1,6 +1,6 @@ /* StandardTypes.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h index 3f5174ebb1..5b6d791304 100644 --- a/wolfssl/wolfcrypt/port/caam/caam_driver.h +++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h @@ -1,6 +1,6 @@ /* caam_driver.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/caam_error.h b/wolfssl/wolfcrypt/port/caam/caam_error.h index abde9b56b8..cb2e2f2348 100644 --- a/wolfssl/wolfcrypt/port/caam/caam_error.h +++ b/wolfssl/wolfcrypt/port/caam/caam_error.h @@ -1,6 +1,6 @@ /* caam_error.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/caam_qnx.h b/wolfssl/wolfcrypt/port/caam/caam_qnx.h index 55d1fccd37..eb961c491f 100644 --- a/wolfssl/wolfcrypt/port/caam/caam_qnx.h +++ b/wolfssl/wolfcrypt/port/caam/caam_qnx.h @@ -1,6 +1,6 @@ /* caam_qnx.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h index 6c96edc416..472e0592d7 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h @@ -1,6 +1,6 @@ /* wolfcaam.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,7 +36,7 @@ #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SECO_CAAM) || \ - defined(WOLFSSL_IMXRT1170_CAAM) + defined(WOLFSSL_IMXRT1170_CAAM) /* unique devId for CAAM use on crypto callbacks */ @@ -75,9 +75,9 @@ WOLFSSL_LOCAL int caamWriteToPartition(CAAM_ADDRESS addr, const unsigned char* i WOLFSSL_LOCAL int caamReadPartition(CAAM_ADDRESS addr, unsigned char* out, int outSz); WOLFSSL_API int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, - word32* outSz); + word32* outSz); WOLFSSL_API int wc_caamCreateBlob(byte* data, word32 dataSz, byte* out, - word32* outSz); + word32* outSz); WOLFSSL_API int wc_caamOpenBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz, int type, byte* mod, word32 modSz); @@ -97,7 +97,7 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, #define WC_CAAM_MAX_ENTROPY 44 #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SECO_CAAM) && \ - !defined(WOLFSSL_IMXRT1170_CAAM) + !defined(WOLFSSL_IMXRT1170_CAAM) WOLFSSL_API int wc_caamSetResource(IODevice ioDev); #ifndef WC_CAAM_READ #define WC_CAAM_READ(reg) wc_caamReadRegister((reg)) diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h index 5ee9e7aa43..7764f38301 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h @@ -1,6 +1,6 @@ /* wolfcaam_aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h index b07fe19b10..5a2798cb0d 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h @@ -1,6 +1,6 @@ /* wolfcaam_cmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h index 2943d71765..50aa0087c8 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h @@ -1,6 +1,6 @@ /* wolfcaam_ecdsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h index c1f1367259..d85ab7e77c 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h @@ -1,6 +1,6 @@ /* wolfcaam_fsl_nxp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h index 07f176eb51..caa5c27c31 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h @@ -1,6 +1,6 @@ /* wolfcaam_hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h index 6eee6b2c73..6c3440511d 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h @@ -1,6 +1,6 @@ /* wolfcaam_qnx.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h index 032c1e8c40..0653637955 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h @@ -1,6 +1,6 @@ /* wolfcaam_rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h index d07c05492c..ea1d2914e3 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h @@ -1,6 +1,6 @@ /* wolfcaam_seco.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index 67aa5aeab8..17dc06e32e 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -1,6 +1,6 @@ /* wolfcaam_sha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h index b10b6c9d55..3354b45e5b 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h @@ -1,6 +1,6 @@ /* wolfcaam_x25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h index 28fdd297a3..d1f861f921 100644 --- a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h +++ b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h @@ -1,6 +1,6 @@ /* cavium_octeon_sync.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h index c7df1f34f1..59fe2fdc7f 100644 --- a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h +++ b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h @@ -1,6 +1,6 @@ /* psoc6_crypto.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h index d2c73d1422..20d69c98d5 100644 --- a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h +++ b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h @@ -1,6 +1,6 @@ /* wc_devcrypto.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h index 3e3411a1e6..2db3f3ec46 100644 --- a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h +++ b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h @@ -1,6 +1,6 @@ /* quickassist_sync.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h index ba4d3bd7e0..27b3b19da6 100644 --- a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h +++ b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h @@ -1,6 +1,6 @@ /* iotsafe.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h index 7183c149d0..bf646f2ada 100644 --- a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h +++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h @@ -1,6 +1,6 @@ /* kcapi_dh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h index 31949a0707..a5ccb7c323 100644 --- a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h +++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h @@ -1,6 +1,6 @@ /* kcapi_ecc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h index 1a4bbf8773..b723ca51d8 100644 --- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h +++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h @@ -1,6 +1,6 @@ /* kcapi_hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h index cfd841fe21..784b47ee0a 100644 --- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h +++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h @@ -1,6 +1,6 @@ /* kcapi_hmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h index 18a44576aa..64fcdb66b8 100644 --- a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h +++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h @@ -1,6 +1,6 @@ /* kcapi_rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h index 3e5483c21d..cfbc3e0883 100644 --- a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h +++ b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h @@ -1,6 +1,6 @@ /* wc_kcapi.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/liboqs/liboqs.h b/wolfssl/wolfcrypt/port/liboqs/liboqs.h index 58da9ba2be..f780164ac1 100644 --- a/wolfssl/wolfcrypt/port/liboqs/liboqs.h +++ b/wolfssl/wolfcrypt/port/liboqs/liboqs.h @@ -1,6 +1,6 @@ /* liboqs.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,7 +43,7 @@ implementations for Post-Quantum cryptography algorithms. #if defined(HAVE_LIBOQS) #include "oqs/oqs.h" - + int wolfSSL_liboqsInit(void); diff --git a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h index 0d8849f4fc..ecfc56c9c7 100644 --- a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h +++ b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h @@ -1,6 +1,6 @@ /* maxq10xx.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -96,6 +96,7 @@ WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Copy(wc_Sha256* sha256); WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Free(wc_Sha256* sha256); WOLFSSL_LOCAL int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize); WOLFSSL_LOCAL void wc_MAXQ10XX_EccFree(ecc_key* key); +WOLFSSL_LOCAL int maxq10xx_random(byte* output, unsigned short sz); #endif /* WOLFSSL_MAXQ10XX_CRYPTO */ #ifdef HAVE_PK_CALLBACKS diff --git a/wolfssl/wolfcrypt/port/nrf51.h b/wolfssl/wolfcrypt/port/nrf51.h index d93fd0d86c..cb379fdf36 100644 --- a/wolfssl/wolfcrypt/port/nrf51.h +++ b/wolfssl/wolfcrypt/port/nrf51.h @@ -1,6 +1,6 @@ /* nrf51.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/nxp/dcp_port.h b/wolfssl/wolfcrypt/port/nxp/dcp_port.h index 3d4c1fe93e..a09537369c 100644 --- a/wolfssl/wolfcrypt/port/nxp/dcp_port.h +++ b/wolfssl/wolfcrypt/port/nxp/dcp_port.h @@ -1,6 +1,6 @@ /* dcp_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h index c272a96971..f5bfe0df10 100644 --- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -1,6 +1,6 @@ /* ksdk_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,13 +34,13 @@ int ksdk_port_init(void); /* software algorithm, by wolfcrypt */ #if defined(FREESCALE_LTC_TFM) - int wolfcrypt_mp_mul(mp_int *A, mp_int *B, mp_int *C); - int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); - int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); - int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); - int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c); - int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y); - int wolfcrypt_mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); + int wolfcrypt_mp_mul(mp_int *A, mp_int *B, mp_int *C); + int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); + int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y); + int wolfcrypt_mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); /* Exported mp_mulmod function */ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); @@ -48,40 +48,40 @@ int ksdk_port_init(void); #endif /* FREESCALE_LTC_TFM */ #if defined(FREESCALE_LTC_ECC) - #include "fsl_ltc.h" + #include "fsl_ltc.h" - typedef enum _fsl_ltc_ecc_coordinate_system - { - kLTC_Weierstrass = 0U, /*< Point coordinates on an elliptic curve in Weierstrass form */ - kLTC_Curve25519 = 1U, /*< Point coordinates on an Curve25519 elliptic curve in Montgomery form */ - kLTC_Ed25519 = 2U, /*< Point coordinates on an Ed25519 elliptic curve in twisted Edwards form */ - } fsl_ltc_ecc_coordinate_system_t; + typedef enum _fsl_ltc_ecc_coordinate_system + { + kLTC_Weierstrass = 0U, /*< Point coordinates on an elliptic curve in Weierstrass form */ + kLTC_Curve25519 = 1U, /*< Point coordinates on an Curve25519 elliptic curve in Montgomery form */ + kLTC_Ed25519 = 2U, /*< Point coordinates on an Ed25519 elliptic curve in twisted Edwards form */ + } fsl_ltc_ecc_coordinate_system_t; - int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); + int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); - #ifdef HAVE_CURVE25519 - int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); - const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); - status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); - status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); - status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); - #endif + #ifdef HAVE_CURVE25519 + int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); + status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); + #endif - #ifdef HAVE_ED25519 - status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); - status_t LTC_PKHA_WeierstrassToEd25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); - status_t LTC_PKHA_Ed25519_PointMul(const ltc_pkha_ecc_point_t *ltcPointIn, - const uint8_t *N, - size_t sizeN, - ltc_pkha_ecc_point_t *ltcPointOut, - fsl_ltc_ecc_coordinate_system_t typeOut); - const ltc_pkha_ecc_point_t *LTC_PKHA_Ed25519_BasePoint(void); - status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, size_t pubKeySize, ltc_pkha_ecc_point_t *ltcPointOut); - status_t LTC_PKHA_sc_reduce(uint8_t *a); - status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c); - status_t LTC_PKHA_SignatureForVerify(uint8_t *rcheck, const unsigned char *a, const unsigned char *b, ed25519_key *key); - status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn, uint8_t *p); - #endif + #ifdef HAVE_ED25519 + status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_WeierstrassToEd25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_Ed25519_PointMul(const ltc_pkha_ecc_point_t *ltcPointIn, + const uint8_t *N, + size_t sizeN, + ltc_pkha_ecc_point_t *ltcPointOut, + fsl_ltc_ecc_coordinate_system_t typeOut); + const ltc_pkha_ecc_point_t *LTC_PKHA_Ed25519_BasePoint(void); + status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, size_t pubKeySize, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_sc_reduce(uint8_t *a); + status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c); + status_t LTC_PKHA_SignatureForVerify(uint8_t *rcheck, const unsigned char *a, const unsigned char *b, ed25519_key *key); + status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn, uint8_t *p); + #endif #endif /* FREESCALE_LTC_ECC */ diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index ffda88fc97..cdeda673cd 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -1,6 +1,6 @@ /* se050_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 46f3c04ac2..dbedb067fe 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -1,6 +1,6 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/psa/psa.h b/wolfssl/wolfcrypt/port/psa/psa.h index 6bde526c04..87b5fb41a7 100644 --- a/wolfssl/wolfcrypt/port/psa/psa.h +++ b/wolfssl/wolfcrypt/port/psa/psa.h @@ -1,6 +1,6 @@ /* psa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h new file mode 100644 index 0000000000..7ca7291d46 --- /dev/null +++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h @@ -0,0 +1,343 @@ +/* riscv-64-asm.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLF_CRYPT_RISCV_64_ASM_H +#define WOLF_CRYPT_RISCV_64_ASM_H + +#ifdef WOLFSSL_RISCV_ASM + +#define ASM_WORD(i) \ + ".word " #i "\n\t" + + +#define REG_X0 0 +#define REG_X1 1 +#define REG_X2 2 +#define REG_X3 3 +#define REG_X4 4 +#define REG_X5 5 +#define REG_X6 6 +#define REG_X7 7 +#define REG_X8 8 +#define REG_X9 9 +#define REG_X10 10 +#define REG_X11 11 +#define REG_X12 12 +#define REG_X13 13 +#define REG_X14 14 +#define REG_X15 15 +#define REG_X16 16 +#define REG_X17 17 +#define REG_X18 18 +#define REG_X19 19 +#define REG_X20 20 +#define REG_X21 21 +#define REG_X22 22 +#define REG_X23 23 +#define REG_X24 24 +#define REG_X25 25 +#define REG_X26 26 +#define REG_X27 27 +#define REG_X28 28 +#define REG_X29 29 +#define REG_X30 30 +#define REG_X31 31 + +#define REG_ZERO REG_X0 +#define REG_RA REG_X1 +#define REG_SP REG_X2 +#define REG_GP REG_X3 +#define REG_TP REG_X4 +#define REG_T0 REG_X5 +#define REG_T1 REG_X6 +#define REG_T2 REG_X7 +#define REG_S0 REG_X8 +#define REG_FP REG_X8 +#define REG_S1 REG_X9 +#define REG_A0 REG_X10 +#define REG_A1 REG_X11 +#define REG_A2 REG_X12 +#define REG_A3 REG_X13 +#define REG_A4 REG_X14 +#define REG_A5 REG_X15 +#define REG_A6 REG_X16 +#define REG_A7 REG_X17 +#define REG_S2 REG_X18 +#define REG_S3 REG_X19 +#define REG_S4 REG_X20 +#define REG_S5 REG_X21 +#define REG_S6 REG_X22 +#define REG_S7 REG_X23 +#define REG_S8 REG_X24 +#define REG_S9 REG_X25 +#define REG_S10 REG_X26 +#define REG_S11 REG_X27 +#define REG_T3 REG_X28 +#define REG_T4 REG_X29 +#define REG_T5 REG_X30 +#define REG_T6 REG_X31 + +#define REG_V0 0 +#define REG_V1 1 +#define REG_V2 2 +#define REG_V3 3 +#define REG_V4 4 +#define REG_V5 5 +#define REG_V6 6 +#define REG_V7 7 +#define REG_V8 8 +#define REG_V9 9 +#define REG_V10 10 +#define REG_V11 11 +#define REG_V12 12 +#define REG_V13 13 +#define REG_V14 14 +#define REG_V15 15 +#define REG_V16 16 +#define REG_V17 17 +#define REG_V18 18 +#define REG_V19 19 +#define REG_V20 20 +#define REG_V21 21 +#define REG_V22 22 +#define REG_V23 23 +#define REG_V24 24 +#define REG_V25 25 +#define REG_V26 26 +#define REG_V27 27 +#define REG_V28 28 +#define REG_V29 29 +#define REG_V30 30 +#define REG_V31 31 + + +#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Reverse bytes in 64-bit register. */ +#define REV8(rd, rs) \ + ASM_WORD((0b011010111000 << 20) | (0b101 << 12) | \ + (0b0010011 << 0) | \ + (rs << 15) | (rd << 7)) + +#define RORIW(rd, rs, imm) \ + ASM_WORD((0b0110000 << 25) | (0b101 << 12) | \ + (0b0011011 << 0) | \ + (imm << 20) | (rs << 15) | (rd << 7)) + + +/* rd = rs1[0..31] | rs2[0..31]. */ +#define PACK(rd, rs1, rs2) \ + ASM_WORD((0b0000100 << 25) | (0b100 << 12) | 0b0110011 | \ + (rs2 << 20) | (rs1 << 15) | (rd << 7)) + +#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + +/* + * Load and store + */ + +/* 64-bit width when loading. */ +#define WIDTH_64 0b111 +/* 32-bit width when loading. */ +#define WIDTH_32 0b110 + +/* Load n Vector registers with width-bit components. */ +#define VLRE_V(vd, rs1, cnt, width) \ + ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) | \ + (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15)) +/* Load 1 Vector register with 64-bit components. */ +#define VL1RE64_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_64) +/* Load 2 Vector register with 64-bit components. */ +#define VL2RE64_V(vd, rs1) VLRE_V(vd, rs1, 2, WIDTH_64) +/* Load 4 Vector register with 64-bit components. */ +#define VL4RE64_V(vd, rs1) VLRE_V(vd, rs1, 4, WIDTH_64) +/* Load 8 Vector register with 64-bit components. */ +#define VL8RE64_V(vd, rs1) VLRE_V(vd, rs1, 8, WIDTH_64) +/* Load 1 Vector register with 32-bit components. */ +#define VL1RE32_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_32) +/* Load 2 Vector register with 32-bit components. */ +#define VL2RE32_V(vd, rs1) VLRE_V(vd, rs1, 2, WIDTH_32) +/* Load 4 Vector register with 32-bit components. */ +#define VL4RE32_V(vd, rs1) VLRE_V(vd, rs1, 4, WIDTH_32) +/* Load 8 Vector register with 32-bit components. */ +#define VL8RE32_V(vd, rs1) VLRE_V(vd, rs1, 8, WIDTH_32) + +/* Store n Vector register. */ +#define VSR_V(vs3, rs1, cnt) \ + ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) | \ + ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15)) +/* Store 1 Vector register. */ +#define VS1R_V(vs3, rs1) VSR_V(vs3, rs1, 1) +/* Store 2 Vector register. */ +#define VS2R_V(vs3, rs1) VSR_V(vs3, rs1, 2) +/* Store 4 Vector register. */ +#define VS4R_V(vs3, rs1) VSR_V(vs3, rs1, 4) +/* Store 8 Vector register. */ +#define VS8R_V(vs3, rs1) VSR_V(vs3, rs1, 8) + +/* Move from vector register to vector registor. */ +#define VMV_V_V(vd, vs1) \ + ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15)) +/* Splat register to each component of the vector registor. */ +#define VMV_V_X(vd, rs1) \ + ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15)) +/* Splat immediate to each component of the vector registor. */ +#define VMV_V_I(vd, imm) \ + ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | ((vd) << 7) | ((imm) << 15)) +/* Move n vector registers to vector registers. */ +#define VMVR_V(vd, vs2, n) \ + ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ + (0b100111 << 26) | ((vd) << 7) | ((n-1) << 15) | \ + ((vs2) << 20)) + + +/* + * Logic + */ + +/* vd = vs2 << uimm */ +#define VSLL_VI(vd, vs2, uimm) \ + ASM_WORD((0b100101 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (uimm << 15) | (vs2 << 20)) +/* vd = vs2 >> uimm */ +#define VSRL_VI(vd, vs2, uimm) \ + ASM_WORD((0b101000 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (uimm << 15) | (vs2 << 20)) + + +/* + * Arithmetic + */ + +/* vd = vs2 + [i,] */ +#define VADD_VI(vd, vs2, i) \ + ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (i << 15) | (vs2 << 20)) +/* vd = vs1 + vs2 */ +#define VADD_VV(vd, vs1, vs2) \ + ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vs1 << 15) | (vd << 7)) +/* vd = vs1 ^ vs2 */ +#define VXOR_VV(vd, vs1, vs2) \ + ASM_WORD((0b001011 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) +/* vd = vs1 & vs2 */ +#define VAND_VV(vd, vs1, vs2) \ + ASM_WORD((0b001001 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) +/* vd = vs1 | vs2 */ +#define VOR_VV(vd, vs1, vs2) \ + ASM_WORD((0b001010 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + + +/* + * Permute + */ + +/* x[rd] = vs2[0] */ +#define VMV_X_S(rd, vs2) \ + ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + ((rd) << 7) | ((vs2) << 20)) + +/* vd[0] = x[rs1] */ +#define VMV_S_X(vd, rs1) \ + ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ + (0b110 << 12) | (0b1010111 << 0) | \ + ((vd) << 7) | ((rs1) << 15)) + +/* vd[shift..max] = vs2[0..max-shift] + * Sliding up doesn't change bottom part of destination. + */ +#define VSLIDEUP_VI(vd, vs2, shift) \ + ASM_WORD((0b001110 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + ((vd) << 7) | ((shift) << 15) | ((vs2) << 20)) + +/* vd[0..max-shift] = vs2[shift..max] + * Sliding down change top part of destination. + */ +#define VSLIDEDOWN_VI(vd, vs2, shift) \ + ASM_WORD((0b001111 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + ((vd) << 7) | ((shift) << 15) | ((vs2) << 20)) + +/* vd[i] = vs1[vs2[i]] */ +#define VRGATHER_VV(vd, vs1, vs2) \ + ASM_WORD((0b001100 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + ((vd) << 7) | ((vs1) << 15) | ((vs2) << 20)) + +#define VID_V(vd) \ + ASM_WORD((0b010100 << 26) | (0b1 << 25) | (0b00000 << 20) | \ + (0b10001 << 15) | (0b010 << 12) | \ + (0b1010111 << 0) | ((vd) << 7)) + + +/* + * Setting options. + */ + +/* Set the options of vector instructions. */ +#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \ + ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) | \ + (rd << 7) | (n << 15) | (vma << 27) | \ + (vta << 26) | (vsew << 23) | (vlmul << 20)) + + +#if defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) || \ + defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + +/* + * Vector Bit Manipulation + */ + +/* Reverse order of bytes in words of vector regsiter. */ +#define VREV8(vd, vs2) \ + ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vd << 7)) + +/* Reverse order of bytes in words of vector regsiter. */ +#define VROR_VI(vd, imm, vs2) \ + ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) | \ + (0b1010111 << 0) | ((imm >> 5) << 26) | \ + (vs2 << 20) | ((imm & 0x1f) << 15) | (vd << 7)) + + +#endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION || + * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +#endif /* WOLFSSL_RISCV_ASM */ + +#endif /* WOLF_CRYPT_RISCV_64_ASM_H */ + diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h index a6d39dbbd8..b82b54d24a 100644 --- a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h +++ b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h @@ -1,6 +1,6 @@ /* silabs_aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h index 43cd0f0979..e8d94ae084 100644 --- a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h +++ b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h @@ -1,6 +1,6 @@ /* silabs_ecc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h index de502a9ba4..e4e7b7d9aa 100644 --- a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h +++ b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h @@ -1,6 +1,6 @@ /* silabs_hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_random.h b/wolfssl/wolfcrypt/port/silabs/silabs_random.h index 280ef44d5d..c804417e56 100644 --- a/wolfssl/wolfcrypt/port/silabs/silabs_random.h +++ b/wolfssl/wolfcrypt/port/silabs/silabs_random.h @@ -1,6 +1,6 @@ /* silabs_random.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 4466630413..7e9faff672 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -1,6 +1,6 @@ /* stm32.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,26 +71,6 @@ #define STM32_HASH_REG_SIZE 4 #define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */ -#if (defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \ - defined(WOLFSSL_STM32H7)) && !defined(NO_STM32_HASH_FIFO_WORKAROUND) - /* workaround for hash FIFO to write one extra to finalize */ - /* RM: Message Data Feeding: Data are entered into the HASH - * one 32-bit word at a time, by writing them into the HASH_DIN register. - * The current contents of the HASH_DIN register are transferred to the - * 16 words input FIFO each time the register is written with new data. - * Hence HASH_DIN and the FIFO form a seventeen 32-bit words length FIFO. */ - #undef STM32_HASH_BUFFER_SIZE - #define STM32_HASH_BUFFER_SIZE 17 - - #undef STM32_HASH_FIFO_WORKAROUND - #define STM32_HASH_FIFO_WORKAROUND -#endif - -#ifndef STM32_HASH_BUFFER_SIZE -#define STM32_HASH_BUFFER_SIZE STM32_HASH_FIFO_SIZE -#endif - - /* STM32 Hash Context */ typedef struct { /* Context switching registers */ @@ -100,13 +80,11 @@ typedef struct { uint32_t HASH_CSR[HASH_CR_SIZE]; /* Hash state / buffers */ - word32 buffer[STM32_HASH_BUFFER_SIZE]; /* partial word buffer */ + word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */ word32 buffLen; /* partial word remain */ word32 loLen; /* total update bytes (only lsb 6-bits is used for nbr valid bytes in last word) */ -#ifdef STM32_HASH_FIFO_WORKAROUND - int fifoBytes; /* number of currently filled FIFO bytes */ -#endif + word32 fifoBytes; /* number of currently filled FIFO bytes */ } STM32_HASH_Context; @@ -126,7 +104,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \ - defined(WOLFSSL_STM32U5)) + defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif @@ -141,10 +119,14 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define STM32_HAL_V2 #endif #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ - defined(WOLFSSL_STM32U5) + defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ #endif + #if defined(WOLFSSL_STM32H5) + #define __HAL_RCC_CRYP_CLK_DISABLE __HAL_RCC_AES_CLK_DISABLE + #define __HAL_RCC_CRYP_CLK_ENABLE __HAL_RCC_AES_CLK_ENABLE + #endif #define CRYP AES #ifndef CRYP_AES_GCM #define CRYP_AES_GCM CRYP_AES_GCM_GMAC diff --git a/wolfssl/wolfcrypt/port/st/stsafe.h b/wolfssl/wolfcrypt/port/st/stsafe.h index d8e11d3516..c5ba072b97 100644 --- a/wolfssl/wolfcrypt/port/st/stsafe.h +++ b/wolfssl/wolfcrypt/port/st/stsafe.h @@ -1,6 +1,6 @@ /* stsafe.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h index c23790602c..05d1e4e8d4 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h +++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 1395e769d9..65a1ff684e 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -1,6 +1,6 @@ /* port/ti/ti-hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h index 433b73abe1..f6c06cd0cc 100644 --- a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h +++ b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h @@ -1,6 +1,6 @@ /* xil-sha3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,7 +35,7 @@ #endif /* Sha3 digest */ -typedef struct Sha3 { +typedef struct wc_Sha3 { #ifdef WOLFSSL_XILINX_CRYPT_VERSAL wc_Xsecure xSec; #else diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h index 41203c2b42..718d665f75 100644 --- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h +++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h @@ -1,6 +1,6 @@ /* xil-versal-glue.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h index 2015315708..26a9e17d2e 100644 --- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h +++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h @@ -1,6 +1,6 @@ /* xil-versal-trng.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index fb75f4493b..9535b0ac7e 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,6 +35,10 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_PBKDF_sanity(void); +#endif /* * hashType renamed to typeH to avoid shadowing global declaration here: * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 53c4ce0b73..cc4c797974 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,8 +30,7 @@ #include -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -39,6 +38,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_DRBG_sanity(void); +#endif + /* Maximum generate block length */ #ifndef RNG_MAX_BLOCK_LEN #ifdef HAVE_INTEL_QA diff --git a/wolfssl/wolfcrypt/rc2.h b/wolfssl/wolfcrypt/rc2.h index 2d1950e75b..22b2ad147f 100644 --- a/wolfssl/wolfcrypt/rc2.h +++ b/wolfssl/wolfcrypt/rc2.h @@ -1,6 +1,6 @@ /* rc2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/ripemd.h b/wolfssl/wolfcrypt/ripemd.h index 3e1d5b41a1..d1a0e6fcde 100644 --- a/wolfssl/wolfcrypt/ripemd.h +++ b/wolfssl/wolfcrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 3daa02c57f..c944a4cbfa 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -97,6 +97,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_rsa_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_RSA_sanity(void); +#endif + #ifndef RSA_MIN_SIZE #define RSA_MIN_SIZE 512 #endif @@ -136,6 +141,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #endif +#if FIPS_VERSION3_GE(6,0,0) + #define WC_RSA_FIPS_GEN_MIN 2048 + #define WC_RSA_FIPS_SIG_MIN (WC_RSA_FIPS_GEN_MIN/8) +#endif + enum { RSA_PUBLIC = 0, RSA_PRIVATE = 1, @@ -207,9 +217,6 @@ struct RsaKey { void* devCtx; int devId; #endif -#if defined(HAVE_PKCS11) - byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */ -#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN @@ -235,8 +242,8 @@ struct RsaKey { char label[RSA_MAX_LABEL_LEN]; int labelLen; #endif -#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_NO_MALLOC) +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) byte dataIsAlloc; #endif #ifdef WC_RSA_NONBLOCK @@ -434,19 +441,24 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, int nlen, int* isPrime); #endif -WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, - enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, - int saltLen, int bits, void* heap); -WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, - byte padValue, int padType, enum wc_HashType hType, - int mgf, byte* optLabel, word32 labelLen, int saltLen, - int bits, void* heap); +WOLFSSL_API int wc_RsaPad_ex(const byte* input, word32 inputLen, + byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, + WC_RNG* rng, int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); +WOLFSSL_API int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, + byte** out, byte padValue, int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); WOLFSSL_LOCAL int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, int checkSmallCt); +WOLFSSL_API int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz, + const byte* e, word32 eSz, const byte* d, word32 dSz, + const byte* u, word32 uSz, const byte* p, word32 pSz, + const byte* q, word32 qSz, const byte* dP, word32 dPSz, + const byte* dQ, word32 dQSz, RsaKey* key); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h index 173c33bb98..68b24c3c63 100644 --- a/wolfssl/wolfcrypt/sakke.h +++ b/wolfssl/wolfcrypt/sakke.h @@ -1,6 +1,6 @@ /* sakke.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/selftest.h b/wolfssl/wolfcrypt/selftest.h index a0c7c0eaea..198013be57 100644 --- a/wolfssl/wolfcrypt/selftest.h +++ b/wolfssl/wolfcrypt/selftest.h @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index d4e30aad97..25b961479b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -212,6 +212,9 @@ /* Uncomment next line if building for Nucleus 1.2 */ /* #define WOLFSSL_NUCLEUS_1_2 */ +/* Uncomment next line if building for Nucleus Plus 2.3 */ +/* #define NUCLEUS_PLUS_2_3 */ + /* Uncomment next line if building for using Apache mynewt */ /* #define WOLFSSL_APACHE_MYNEWT */ @@ -265,6 +268,23 @@ /* Uncomment next line if using MAXQ108x */ /* #define WOLFSSL_MAXQ108X */ +/* Check PLATFORMIO first, as it may define other known environments. */ +#ifdef PLATFORMIO + #ifdef ESP_PLATFORM + /* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */ + #define WOLFSSL_ESPIDF + #endif /* ESP_PLATFORM */ + + /* Ensure all PlatformIO boards have the wolfSSL user_setting.h enabled. */ + #ifndef WOLFSSL_USER_SETTINGS + #define WOLFSSL_USER_SETTINGS + #endif /* WOLFSSL_USER_SETTINGS */ + + /* Similar to Arduino we have limited build control, so suppress warning */ + #undef WOLFSSL_IGNORE_FILE_WARN + #define WOLFSSL_IGNORE_FILE_WARN +#endif + #if defined(ARDUINO) /* Due to limited build control, we'll ignore file warnings. */ /* See https://github.com/arduino/arduino-cli/issues/631 */ @@ -302,6 +322,10 @@ #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) /* STM Configuration File (generated by CubeMX) */ #include "wolfSSL.I-CUBE-wolfSSL_conf.h" +#elif defined(NUCLEUS_PLUS_2_3) + /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */ + #include "nucleus.h" + #include "os/networking/ssl/lite/cyassl_nucleus_defs.h" #endif #include @@ -371,7 +395,7 @@ * system or other set of headers included by wolfSSL already defines * RNG. Examples are: * wolfEngine, wolfProvider and potentially other use-cases */ - #ifndef RNG + #if !defined(RNG) && !defined(NO_OLD_RNGNAME) #define RNG WC_RNG #endif #endif @@ -391,36 +415,31 @@ * --------------------------------------------------------------------------- */ #ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef NO_RSA + #error "Need RSA or else dual alg cert example will not work." + #endif -#ifndef WOLFSSL_ASN_TEMPLATE - #error "Dual alg cert support requires the ASN.1 template feature." -#endif - -#ifdef NO_RSA - #error "Need RSA or else dual alg cert example will not work." -#endif - -#ifndef HAVE_ECC - #error "Need ECDSA or else dual alg cert example will not work." -#endif + #ifndef HAVE_ECC + #error "Need ECDSA or else dual alg cert example will not work." + #endif -#undef WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_GEN + #undef WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_GEN -#undef WOLFSSL_CUSTOM_OID -#define WOLFSSL_CUSTOM_OID + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID -#undef HAVE_OID_ENCODING -#define HAVE_OID_ENCODING + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING -#undef WOLFSSL_CERT_EXT -#define WOLFSSL_CERT_EXT + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA + #undef OPENSSL_EXTRA + #define OPENSSL_EXTRA -#undef HAVE_OID_DECODING -#define HAVE_OID_DECODING + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -491,6 +510,9 @@ /* WC_RSA_BLINDING takes up extra space! */ #define WC_RSA_BLINDING + + /* Cache Resistant features are on by default, but has performance + * penalty on embedded systems. May not be needed here. Disabled: */ #define WC_NO_CACHE_RESISTANT #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */ @@ -1016,7 +1038,7 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \ - !defined(NO_WOLFSSL_MEMORY) + !defined(NO_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) #include #define XMALLOC(s, h, type) ((void)(h), (void)(type), malloc((s))) #define XFREE(p, h, type) ((void)(h), (void)(type), free((p))) @@ -1034,22 +1056,46 @@ extern void uITRON4_free(void *p) ; #ifdef FREERTOS - #include "FreeRTOS.h" - #include + + #ifdef PLATFORMIO + #include + #include + #else + #include "FreeRTOS.h" + #include + #endif #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY) - #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) + + /* XMALLOC */ + #if defined(WOLFSSL_ESPIDF) && \ + (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #include + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), wc_debug_pvPortMalloc( \ + (s), (__FILE__), (__LINE__), (__FUNCTION__) )) + #else + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), pvPortMalloc((s))) + #endif + + /* XFREE */ #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) + + /* XREALLOC */ #if defined(WOLFSSL_ESPIDF) - /* In IDF, realloc(p, n) is equivalent to - * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) - * there's no pvPortRealloc available */ - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) - /* FreeRTOS pvPortRealloc() implementation can be found here: - * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ - #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n))) + /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to + * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) + * There's no pvPortRealloc available: */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) + #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL) + /* FreeRTOS pvPortRealloc() implementation can be found here: + * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n))) + #else + /* no XREALLOC available */ #endif #endif @@ -1073,7 +1119,11 @@ extern void uITRON4_free(void *p) ; #endif #ifndef SINGLE_THREADED - #include "semphr.h" + #ifdef PLATFORMIO + #include + #else + #include "semphr.h" + #endif #endif #endif @@ -1280,8 +1330,10 @@ extern void uITRON4_free(void *p) ; /* Copy data out of flash memory and into SRAM */ #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size)) #else +#ifndef FLASH_QUALIFIER #define FLASH_QUALIFIER #endif +#endif #ifdef FREESCALE_MQX_5_0 /* use normal Freescale MQX port, but with minor changes for 5.0 */ @@ -1591,6 +1643,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_STATIC_PSK /* Server side support to be added at a later date. */ #define NO_WOLFSSL_SERVER + /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */ #define WOLFSSL_PUBLIC_ASN @@ -1983,6 +2036,8 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NOSHA3_224 #define WOLFSSL_NOSHA3_256 #define WOLFSSL_NOSHA3_512 + #define WOLFSSL_NO_SHAKE128 + #define WOLFSSL_NO_SHAKE256 #endif #ifdef WOLFSSL_AFALG_XILINX_AES #undef WOLFSSL_AES_DIRECT @@ -2039,9 +2094,16 @@ extern void uITRON4_free(void *p) ; #endif /*(WOLFSSL_APACHE_MYNEWT)*/ #ifdef WOLFSSL_ZEPHYR + #include +#if KERNEL_VERSION_NUMBER >= 0x30100 #include #include #include +#else + #include + #include + #include +#endif #include #define WOLFSSL_DH_CONST @@ -2056,6 +2118,7 @@ extern void uITRON4_free(void *p) ; void *z_realloc(void *ptr, size_t size); #define realloc z_realloc + #define max MAX #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API) #define CONFIG_NET_SOCKETS_POSIX_NAMES @@ -2732,7 +2795,9 @@ extern void uITRON4_free(void *p) ; #endif /* Enable ECC_CACHE_CURVE for ASYNC */ - #if !defined(ECC_CACHE_CURVE) + #if !defined(ECC_CACHE_CURVE) && !defined(NO_ECC_CACHE_CURVE) + /* Enabled by default for increased async performance, + * but not required */ #define ECC_CACHE_CURVE #endif #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -2759,9 +2824,6 @@ extern void uITRON4_free(void *p) ; !defined(WOLFSSL_SP_MATH) && !defined(NO_BIG_INT) #error The static memory option is only supported for fast math or SP Math #endif - #ifdef WOLFSSL_SMALL_STACK - #error static memory does not support small stack please undefine - #endif #endif /* WOLFSSL_STATIC_MEMORY */ #ifdef HAVE_AES_KEYWRAP @@ -2823,6 +2885,158 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ASN_TEMPLATE #endif +#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE) + #error "Dual alg cert support requires the ASN.1 template feature." +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #undef WOLFSSL_ASN_ALL + #define WOLFSSL_ASN_ALL +#endif + +/* Enable all parsing features for ASN */ +#ifdef WOLFSSL_ASN_ALL + /* Alternate Names */ + #undef WOLFSSL_ALT_NAMES + #define WOLFSSL_ALT_NAMES + + /* Alternate Name: human readable form of IP address*/ + #undef WOLFSSL_IP_ALT_NAME + #define WOLFSSL_IP_ALT_NAME + + /* Alternate name: human readable form of registered ID */ + #undef WOLFSSL_RID_ALT_NAME + #define WOLFSSL_RID_ALT_NAME + + /* CA Issuer URI */ + #undef WOLFSSL_ASN_CA_ISSUER + #define WOLFSSL_ASN_CA_ISSUER + + /* FPKI (Federal PKI) extensions */ + #undef WOLFSSL_FPKI + #define WOLFSSL_FPKI + + /* Certificate policies */ + #undef WOLFSSL_SEP + #define WOLFSSL_SEP + + /* Support for full AuthorityKeyIdentifier extension. + * Only supports copying full AKID from an existing certificate */ + #undef WOLFSSL_AKID_NAME + #define WOLFSSL_AKID_NAME + + /* Extended ASN.1 parsing support (typically used with cert gen) */ + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT + + /* Support for SubjectDirectoryAttributes extension */ + #undef WOLFSSL_SUBJ_DIR_ATTR + #define WOLFSSL_SUBJ_DIR_ATTR + + /* Support for SubjectInfoAccess extension */ + #undef WOLFSSL_SUBJ_INFO_ACC + #define WOLFSSL_SUBJ_INFO_ACC + + #undef WOLFSSL_CERT_NAME_ALL + #define WOLFSSL_CERT_NAME_ALL + + /* Store pointers to issuer name components (lengths and encodings) */ + #undef WOLFSSL_HAVE_ISSUER_NAMES + #define WOLFSSL_HAVE_ISSUER_NAMES + + /* Additional ASN.1 encoded name fields. See CTC_MAX_ATTRIB for max limit */ + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB + + /* Parsing of indefinite length encoded ASN.1 + * Optionally used by PKCS7/PKCS12 */ + #undef ASN_BER_TO_DER + #define ASN_BER_TO_DER + + /* Enable custom OID support for subject and request extensions */ + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID + + /* Support for full OID (not just sum) encoding */ + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING + + /* Support for full OID (not just sum) decoding */ + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING + + /* S/MIME - Secure Multipurpose Internet Mail Extension (used with PKCS7) */ + #undef HAVE_SMIME + #define HAVE_SMIME + + /* Enable compatibility layer function for getting time string */ + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING + + /* Support for parsing key usage */ + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE + + /* Support for parsing OCSP status */ + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS + + /* Extended Key Usage */ + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING +#endif + +#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE +#endif + +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_APACHE_HTTPD)) + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_GEN) + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID +#endif + +/* Disable time checking if no timer */ +#if defined(NO_ASN_TIME) + #define NO_ASN_TIME_CHECK +#endif + +/* ASN Unknown Extension Callback support */ +#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) && \ + defined(WOLFSSL_ASN_TEMPLATE) + #undef WC_ASN_UNKNOWN_EXT_CB + #define WC_ASN_UNKNOWN_EXT_CB +#else + /* if user supplied build option and not using ASN template, raise error */ + #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) + #error ASN unknown extension callback is only supported \ + with ASN template + #endif +#endif + + +/* Linux Kernel Module */ #ifdef WOLFSSL_LINUXKM #ifdef HAVE_CONFIG_H #include @@ -2873,6 +3087,9 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_SP_DIV_WORD_HALF #define WOLFSSL_SP_DIV_WORD_HALF #endif + #ifdef __PIE__ + #define WC_NO_INTERNAL_FUNCTION_POINTERS + #endif #endif @@ -2905,6 +3122,9 @@ extern void uITRON4_free(void *p) ; #ifndef HAVE_SNI #define HAVE_SNI #endif + #ifndef WOLFSSL_RSA_KEY_CHECK + #define WOLFSSL_RSA_KEY_CHECK + #endif #endif /* Make sure setting OPENSSL_ALL also sets OPENSSL_EXTRA. */ @@ -2942,30 +3162,15 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_SESSION_ID_CTX #endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */ -/* --------------------------------------------------------------------------- - * Special small OpenSSL compat layer for certs - * --------------------------------------------------------------------------- - */ #ifdef OPENSSL_EXTRA_X509_SMALL - #undef WOLFSSL_EKU_OID - #define WOLFSSL_EKU_OID - - #undef WOLFSSL_MULTI_ATTRIB - #define WOLFSSL_MULTI_ATTRIB - #undef WOLFSSL_NO_OPENSSL_RAND_CB #define WOLFSSL_NO_OPENSSL_RAND_CB -#endif /* OPENSSL_EXTRA_X509_SMALL */ +#endif #ifdef HAVE_SNI #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif -/* Disable time checking if no timer */ -#if defined(NO_ASN_TIME) - #define NO_ASN_TIME_CHECK -#endif - /* both CURVE and ED small math should be enabled */ #ifdef CURVED25519_SMALL #define CURVE25519_SMALL @@ -3199,8 +3404,10 @@ extern void uITRON4_free(void *p) ; /* Do not allow using small stack with no malloc */ #if defined(WOLFSSL_NO_MALLOC) && \ - (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE)) - #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC) + (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE)) && \ + !defined(WOLFSSL_STATIC_MEMORY) + #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC) and \ + without staticmemory (WOLFSSL_STATIC_MEMORY) #endif /* If malloc is disabled make sure it is also disabled in SP math */ @@ -3234,6 +3441,13 @@ extern void uITRON4_free(void *p) ; #define HAVE_ONE_TIME_AUTH #endif +/* This is checked for in configure.ac, so might want to do it in here as well. + */ +#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION) + #error HAVE_RENEGOTIATION_INDICATION cannot be defined together with \ + HAVE_SECURE_RENEGOTIATION +#endif + /* Check for insecure build combination: * secure renegotiation [enabled] * extended master secret [disabled] @@ -3282,7 +3496,9 @@ extern void uITRON4_free(void *p) ; #ifdef HAVE_LIBOQS #define HAVE_PQC #define HAVE_FALCON -#define HAVE_DILITHIUM +#ifndef HAVE_DILITHIUM + #define HAVE_DILITHIUM +#endif #ifndef WOLFSSL_NO_SPHINCS #define HAVE_SPHINCS #endif @@ -3304,6 +3520,7 @@ extern void uITRON4_free(void *p) ; #if (defined(HAVE_LIBOQS) || \ defined(WOLFSSL_WC_KYBER) || \ + defined(WOLFSSL_WC_DILITHIUM) || \ defined(HAVE_LIBXMSS) || \ defined(HAVE_LIBLMS) || \ defined(WOLFSSL_DUAL_ALG_CERTS)) && \ @@ -3334,6 +3551,11 @@ extern void uITRON4_free(void *p) ; #error The SRTP extension requires DTLS #endif +/* FIPS v5 and older doesn't support WOLF_PRIVATE_KEY_ID with PK callbacks */ +#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) && defined(HAVE_PK_CALLBACKS) + #define NO_WOLF_PRIVATE_KEY_ID +#endif + /* Are we using an external private key store like: * PKCS11 / HSM / crypto callback / PK callback */ #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \ @@ -3352,11 +3574,19 @@ extern void uITRON4_free(void *p) ; /* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */ #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \ - defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS) + (defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \ + WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \ + !defined(WOLFSSL_LMS_VERIFY_ONLY)) #undef WOLFSSL_W64_WRAPPER #define WOLFSSL_W64_WRAPPER #endif +/* wc_xmss and wc_lms require these misc.c functions. */ +#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS) + #undef WOLFSSL_NO_INT_ENCODE + #undef WOLFSSL_NO_INT_DECODE +#endif + /* DTLS v1.3 requires AES ECB if using AES */ #if defined(WOLFSSL_DTLS13) && !defined(NO_AES) && \ !defined(WOLFSSL_AES_DIRECT) @@ -3389,22 +3619,28 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_RSA_KEY_CHECK #endif -/* SHAKE - Not allowed in FIPS */ -#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - #ifndef WOLFSSL_NO_SHAKE128 - #undef WOLFSSL_SHAKE128 - #define WOLFSSL_SHAKE128 - #endif - #ifndef WOLFSSL_NO_SHAKE256 - #undef WOLFSSL_SHAKE256 - #define WOLFSSL_SHAKE256 - #endif -#else +/* ED448 Requires Shake256 */ +#if defined(HAVE_ED448) && defined(WOLFSSL_SHA3) + #undef WOLFSSL_SHAKE256 + #define WOLFSSL_SHAKE256 +#endif + +/* SHAKE - Not allowed in FIPS v5.2 or older */ +#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2))) #undef WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE128 #undef WOLFSSL_NO_SHAKE256 #define WOLFSSL_NO_SHAKE256 #endif +/* SHAKE Disable */ +#ifdef WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_SHAKE128 +#endif +#ifdef WOLFSSL_NO_SHAKE256 + #undef WOLFSSL_SHAKE256 +#endif + /* Encrypted Client Hello - requires HPKE */ #if defined(HAVE_ECH) && !defined(HAVE_HPKE) @@ -3474,10 +3710,32 @@ extern void uITRON4_free(void *p) ; #endif /* Some final sanity checks */ +#ifdef WOLFSSL_APPLE_HOMEKIT + #ifndef WOLFCRYPT_HAVE_SRP + #error "WOLFCRYPT_HAVE_SRP is required for Apple Homekit" + #endif + #ifndef HAVE_CHACHA + #error "HAVE_CHACHA is required for Apple Homekit" + #endif + #ifdef USE_FAST_MATH + #ifdef FP_MAX_BITS + #if FP_MAX_BITS < (8192 * 2) + #error "HomeKit FP_MAX_BITS must at least (8192 * 2)" + #endif + #else + #error "HomeKit FP_MAX_BITS must be assigned a value (8192 * 2)" + #endif + #endif +#endif + #if defined(WOLFSSL_ESPIDF) && defined(ARDUINO) #error "Found both ESPIDF and ARDUINO. Pick one." #endif +#if defined(HAVE_FIPS) && defined(HAVE_PKCS11) + #error "PKCS11 not allowed with FIPS enabled (Crypto outside boundary)" +#endif + #if defined(WOLFSSL_CAAM_BLOB) #ifndef WOLFSSL_CAAM #error "WOLFSSL_CAAM_BLOB requires WOLFSSL_CAAM" @@ -3490,6 +3748,29 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(OPENSSL_COEXIST) + #error "OPENSSL_EXTRA can not be defined with OPENSSL_COEXIST" +#endif + +#if !defined(NO_DSA) && defined(NO_SHA) + #error "Please disable DSA if disabling SHA-1" +#endif + +/* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set, + * also define HAVE_WOLFENTROPY */ +#ifdef HAVE_ENTROPY_MEMUSE + #ifndef HAVE_WOLFENTROPY + #define HAVE_WOLFENTROPY + #endif +#elif defined(HAVE_WOLFENTROPY) + /* else if user_settings.h only defined HAVE_WOLFENTROPY + * also define HAVE_ENTROPY_MEMUSE */ + #ifndef HAVE_ENTROPY_MEMUSE + #define HAVE_ENTROPY_MEMUSE + #endif +#endif /* HAVE_ENTROPY_MEMUSE */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index e8bcc9b0de..6ed5950265 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,8 +31,7 @@ #ifndef NO_SHA -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -53,6 +52,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_sha_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA_sanity(void); +#endif + /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 323c53adfa..aa4632cf3e 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,8 +32,7 @@ #ifndef NO_SHA256 -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -61,6 +60,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA256_sanity(void); +#endif + /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) @@ -175,13 +179,23 @@ struct wc_Sha256 { #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) psa_hash_operation_t psa_ctx; #else +#ifdef WC_64BIT_CPU /* alignment on digest and buffer speeds up ARMv8 crypto operations */ ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; ALIGN16 word32 buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32)]; +#else + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + word32 buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32)]; +#endif word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ void* heap; + +#ifdef WC_C_DYNAMIC_FALLBACK + int sha_method; +#endif + #endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 2b9283a03e..0931a95584 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_sha3_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA3_sanity(void); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #include #endif @@ -119,6 +124,16 @@ struct wc_Sha3 { void* heap; +#ifdef WOLF_CRYPTO_CB + int devId; +#endif + +#ifdef WC_C_DYNAMIC_FALLBACK + void (*sha3_block)(word64 *s); + void (*sha3_block_n)(word64 *s, const byte* data, word32 n, + word64 c); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -135,7 +150,10 @@ struct wc_Sha3 { #endif #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) -typedef wc_Sha3 wc_Shake; + #ifndef WC_SHAKE_TYPE_DEFINED + typedef wc_Sha3 wc_Shake; + #define WC_SHAKE_TYPE_DEFINED + #endif #endif WOLFSSL_API int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId); @@ -202,7 +220,8 @@ WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); WOLFSSL_LOCAL void sha3_block_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif -#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_CRYPTO_SHA3) +#if defined(WOLFSSL_ARMASM) && (defined(__arm__) || \ + defined(WOLFSSL_ARMASM_CRYPTO_SHA3)) WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 7592c46880..4b2dd2a194 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,8 +32,7 @@ #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if FIPS_VERSION3_GE(2,0,0) #include #endif /* HAVE_FIPS_VERSION >= 2 */ @@ -41,6 +40,11 @@ extern "C" { #endif +#if FIPS_VERSION3_GE(6,0,0) + extern const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2]; + WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA512_sanity(void); +#endif + /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) @@ -147,15 +151,20 @@ struct wc_Sha512 { #ifdef USE_INTEL_SPEEDUP const byte* data; #endif +#ifdef WC_C_DYNAMIC_FALLBACK + int sha_method; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_SMALL_STACK_CACHE word64* W; #endif + #if defined(WOLFSSL_ESP32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \ - !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) + (!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) || \ + !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)) WC_ESP32SHA ctx; #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h index f712c0478a..51c07af529 100644 --- a/wolfssl/wolfcrypt/signature.h +++ b/wolfssl/wolfcrypt/signature.h @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/siphash.h b/wolfssl/wolfcrypt/siphash.h index ebb13024ca..6b75a4612f 100644 --- a/wolfssl/wolfcrypt/siphash.h +++ b/wolfssl/wolfcrypt/siphash.h @@ -1,6 +1,6 @@ /* siphash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/sm2.h b/wolfssl/wolfcrypt/sm2.h index 87167f42e0..ae9885eef2 100644 --- a/wolfssl/wolfcrypt/sm2.h +++ b/wolfssl/wolfcrypt/sm2.h @@ -1,6 +1,6 @@ /* sm2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/sm3.h b/wolfssl/wolfcrypt/sm3.h index 2b3fc50343..b24fcf4f3f 100644 --- a/wolfssl/wolfcrypt/sm3.h +++ b/wolfssl/wolfcrypt/sm3.h @@ -1,6 +1,6 @@ /* sm3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/sm4.h b/wolfssl/wolfcrypt/sm4.h index f3e66cb894..84a8166b5f 100644 --- a/wolfssl/wolfcrypt/sm4.h +++ b/wolfssl/wolfcrypt/sm4.h @@ -1,6 +1,6 @@ /* sm4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index 88e9a069bf..3ede752c37 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index cf7b8f2894..26978acfe0 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -692,12 +692,14 @@ typedef struct sp_ecc_ctx { * * @param [in] a SP integer to update. */ -#define sp_clamp(a) \ - do { \ - int ii; \ - for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ - } \ - (a)->used = (unsigned int)ii + 1; \ +#define sp_clamp(a) \ + do { \ + int ii; \ + if ((a)->used > 0) { \ + for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ + } \ + (a)->used = (unsigned int)(ii + 1); \ + } \ } while (0) /* Check the compiled and linked math implementation are the same. @@ -996,6 +998,9 @@ MP_API int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, MP_API int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r); #endif +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) +MP_API void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r); +#endif MP_API int sp_lshd(sp_int* a, int s); #ifdef WOLFSSL_SP_MATH_ALL @@ -1144,6 +1149,7 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); #define mp_submod sp_submod #define mp_addmod_ct sp_addmod_ct #define mp_submod_ct sp_submod_ct +#define mp_xor_ct sp_xor_ct #define mp_lshd sp_lshd #define mp_rshd sp_rshd #define mp_div sp_div diff --git a/wolfssl/wolfcrypt/sphincs.h b/wolfssl/wolfcrypt/sphincs.h index 84871f538d..6dd3a8e858 100644 --- a/wolfssl/wolfcrypt/sphincs.h +++ b/wolfssl/wolfcrypt/sphincs.h @@ -1,6 +1,6 @@ /* sphincs.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 7832113a7b..d1307c7924 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 915a335951..7d29b1f67e 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -779,6 +779,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_VAL FP_VAL /* invalid */ #define MP_MEM FP_MEM /* memory error */ #define MP_NOT_INF FP_NOT_INF /* point not at infinity */ +#define MP_RANGE FP_NOT_INF #define MP_OKAY FP_OKAY /* ok result */ #define MP_NO FP_NO /* yes/no result */ #define MP_YES FP_YES /* yes/no result */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index f5a279febb..a540699e64 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -303,7 +303,8 @@ typedef struct w64wrapper { #ifndef WARN_UNUSED_RESULT #if defined(WOLFSSL_LINUXKM) && defined(__must_check) #define WARN_UNUSED_RESULT __must_check - #elif defined(__GNUC__) && (__GNUC__ >= 4) + #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ + (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001)) #define WARN_UNUSED_RESULT __attribute__((warn_unused_result)) #else #define WARN_UNUSED_RESULT @@ -311,7 +312,7 @@ typedef struct w64wrapper { #endif /* WARN_UNUSED_RESULT */ #ifndef WC_MAYBE_UNUSED - #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) + #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || defined(__IAR_SYSTEMS_ICC__) #define WC_MAYBE_UNUSED __attribute__((unused)) #else #define WC_MAYBE_UNUSED @@ -436,7 +437,13 @@ typedef struct w64wrapper { /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embedded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test for NULL + * explicitly. + * + * For example: + * #define XFREE(p, h, t) \ + * {void* xp = (p); if (xp != NULL) free(xp, h, t);} + */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -592,7 +599,7 @@ typedef struct w64wrapper { #endif #define WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - VAR_TYPE* VAR_NAME[VAR_ITEMS]; \ + VAR_TYPE* VAR_NAME[VAR_ITEMS] = { NULL, }; \ int idx##VAR_NAME = 0, inner_idx_##VAR_NAME #define WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ VAR_TYPE* VAR_NAME[VAR_ITEMS] @@ -769,7 +776,7 @@ typedef struct w64wrapper { defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24) /* XC32 version < 1.0 does not support strncasecmp. */ #define USE_WOLF_STRNCASECMP - #define XSTRNCASECMP(s1,s2) wc_strncasecmp(s1,s2) + #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n)) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else @@ -823,9 +830,15 @@ typedef struct w64wrapper { return ret; } #define XSNPRINTF _xsnprintf_ + #elif defined(FREESCALE_MQX) + /* see wc_port.h for fio.h and nio.h includes. MQX does not + have stdio.h available, so it needs its own section. */ + #define XSNPRINTF snprintf #elif defined(WOLF_C89) #include #define XSPRINTF sprintf + /* snprintf not available for C89, so remap using macro */ + #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) #else #include #define XSNPRINTF snprintf @@ -868,7 +881,8 @@ typedef struct w64wrapper { #endif /* !XSNPRINTF */ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \ + defined(WOLFSSL_ASN_PARSE_KEYUSAGE) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) @@ -912,6 +926,15 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #define USE_WOLF_STRDUP + #endif + #ifdef USE_WOLF_STRDUP + WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); + #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) + #define XSTRDUP(src) wc_strdup(src) + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #ifdef NO_GETENV @@ -1056,6 +1079,7 @@ typedef struct w64wrapper { DYNAMIC_TYPE_SM4_BUFFER = 99, DYNAMIC_TYPE_DEBUG_TAG = 100, DYNAMIC_TYPE_LMS = 101, + DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, @@ -1211,14 +1235,14 @@ typedef struct w64wrapper { WC_PK_TYPE_CURVE25519_KEYGEN = 16, WC_PK_TYPE_RSA_GET_SIZE = 17, #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE - #if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_HAVE_KYBER) WC_PK_TYPE_PQC_KEM_KEYGEN = 18, WC_PK_TYPE_PQC_KEM_ENCAPS = 19, WC_PK_TYPE_PQC_KEM_DECAPS = 20, #undef _WC_PK_TYPE_MAX #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS #endif - #if defined(HAVE_PQC) && (defined(HAVE_DILITHIUM) || defined(HAVE_FALCON)) + #if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) WC_PK_TYPE_PQC_SIG_KEYGEN = 21, WC_PK_TYPE_PQC_SIG_SIGN = 22, WC_PK_TYPE_PQC_SIG_VERIFY = 23, @@ -1229,7 +1253,7 @@ typedef struct w64wrapper { WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX }; - #if defined(HAVE_PQC) +#if defined(WOLFSSL_HAVE_KYBER) /* Post quantum KEM algorithms */ enum wc_PqcKemType { WC_PQC_KEM_TYPE_NONE = 0, @@ -1241,7 +1265,9 @@ typedef struct w64wrapper { #endif WC_PQC_KEM_TYPE_MAX = _WC_PQC_KEM_TYPE_MAX }; +#endif +#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) /* Post quantum signature algorithms */ enum wc_PqcSignatureType { WC_PQC_SIG_TYPE_NONE = 0, @@ -1258,7 +1284,7 @@ typedef struct w64wrapper { #endif WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX }; - #endif +#endif /* settings detection for compile vs runtime math incompatibilities */ enum { @@ -1400,6 +1426,20 @@ typedef struct w64wrapper { #endif typedef void* THREAD_TYPE; #define WOLFSSL_THREAD + #elif defined(WOLFSSL_USER_THREADING) + /* User can define user specific threading types + * THREAD_RETURN + * TREAD_TYPE + * WOLFSSL_THREAD + * e.g. + * typedef unsigned int THREAD_RETURN; + * typedef size_t THREAD_TYPE; + * #define WOLFSSL_THREAD void + * + * User can also implement their own wolfSSL_NewThread(), + * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want. + * Otherwise, those functions are omitted. + */ #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \ defined(FREESCALE_MQX) typedef unsigned int THREAD_RETURN; @@ -1422,6 +1462,7 @@ typedef struct w64wrapper { k_thread_stack_t* threadStack; } THREAD_TYPE; #define WOLFSSL_THREAD + extern void* wolfsslThreadHeapHint; #elif defined(NETOS) typedef UINT THREAD_RETURN; typedef struct { @@ -1636,6 +1677,9 @@ typedef struct w64wrapper { #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 #endif + #ifndef CAN_SAVE_VECTOR_REGISTERS + #define CAN_SAVE_VECTOR_REGISTERS() 1 + #endif #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING #endif diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 6ee10dfc7a..30a19e2d67 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index b6591ffaff..e3cf9ad073 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 61fe8b2bc6..5491285739 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -34,7 +34,9 @@ #ifdef WOLFSSL_HAVE_KYBER -#if defined(_MSC_VER) +#ifdef noinline + #define KYBER_NOINLINE noinline +#elif defined(_MSC_VER) #define KYBER_NOINLINE __declspec(noinline) #elif defined(__GNUC__) #define KYBER_NOINLINE __attribute__((noinline)) diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index f51dad7bfc..6f90eaa3bd 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -19,5 +19,452 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#error "Contact wolfSSL to get the implementation of this file" +/* Implementation based on: + * RFC 8554: Leighton-Micali Hash-Based Signatures + * https://datatracker.ietf.org/doc/html/rfc8554 + * Implementation by Sean Parkinson. + */ + +/* Possible LMS options: + * + * WOLFSSL_LMS_LARGE_CACHES Default: OFF + * Authentication path caches are large and signing faster. + * WOLFSSL_LMS_ROOT_LEVELS Default: 5 (Large: 7) + * Number of levels of interior nodes from the to to cached. + * Valid value are: 1..height of subtree. + * The bigger the number, the larger the LmsKey but faster signing. + * Only applies when !WOLFSSL_WC_LMS_SMALL. + * WOLFSSL_LMS_CACHE_BITS Default: 5 (Large: 7) + * 2 to the power of the value is the number of leaf nodes to cache. + * Maximum valid value is height of subtree. + * Valid value are: 0..height of subtree. + * The bigger the number, the larger the LmsKey but faster signing. + * Only applies when !WOLFSSL_WC_LMS_SMALL. + * + * Memory/Level | R/C | Approx. Time (% of 5/5) + * (Bytes) | | H=10 | H=15 | H=20 + * -------------+--------------+--------+-------- + * 2016 | 5/5 | 100.0% | 100.0% | 100.0% + * 3040 | 5/6 | 75.5% | 89.2% | + * 4064 | 6/6 | 75.3% | 78.8% | + * 4576 | 4/7 | 72.4% | 87.6% | + * 6112 | 6/7 | 72.1% | 67.5% | + * 8160 | 7/7 | 72.2% | 56.8% | + * 8416 | 3/8 | 66.4% | 84.9% | + * 12256 | 7/8 | 66.5% | 45.9% | + * 16352 | 8/8 | 66.0% | 35.0% | + * 16416 | 1/9 | 54.1% | 79.5% | + * R = Root levels + * C = Cache bits + * To mimic the dynamic memory usage of XMSS, use 3/3. + * + * WOLFSSL_LMS_NO_SIGN SMOOTHING Default: OFF + * Disable precalculation of next subtree. + * Use less dynamic memory. + * At certain indexes, signing will take a long time compared to the mean. + * When OFF, the private key holds a second copy of caches. + * + * WOLFSSL_LMS_NO_SIG_CACHE Default: OFF + * Signature cache is disabled. + * This will use less dynamic memory and make signing slower when multiple + * levels. + * + * Sig cache holds the C and y hashes for a tree that is not the lowest. + * Sig cache size = (levels - 1) * (1 + p) * 32 bytes + * p is the number of y terms based on Winternitz width. + * + * w | p | l | Bytes + * ---+----+---+------ + * 4 | 67 | 2 | 2176 + * 4 | 67 | 3 | 4353 + * 4 | 67 | 4 | 6528 + * 8 | 34 | 2 | 1120 + * 8 | 34 | 3 | 2240 + * 8 | 34 | 4 | 3360 + * w = Winternitz width + * l = #levels + */ + +#ifndef WC_LMS_H +#define WC_LMS_H + +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) + +#include +#include + +#ifdef WOLFSSL_LMS_MAX_LEVELS + /* Maximum number of levels of trees supported by implementation. */ + #define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS +#else + /* Maximum number of levels of trees supported by implementation. */ + #define LMS_MAX_LEVELS 4 +#endif +#if (LMS_MAX_LEVELS < 1) || (LMS_MAX_LEVELS > 4) + #error "LMS parameters only support heights 1-4." +#endif + +/* Smoothing is only used when there are 2 or more levels. */ +#if LMS_MAX_LEVELS == 1 && !defined(WOLFSSL_LMS_NO_SIGN_SMOOTHING) + #define WOLFSSL_LMS_NO_SIGN_SMOOTHING +#endif + +#ifdef WOLFSSL_LMS_MAX_HEIGHT + /* Maximum height of a tree supported by implementation. */ + #define LMS_MAX_HEIGHT WOLFSSL_LMS_MAX_HEIGHT +#else + /* Maximum height of a tree supported by implementation. */ + #define LMS_MAX_HEIGHT 20 +#endif +#if (LMS_MAX_HEIGHT < 5) || (LMS_MAX_HEIGHT > 20) + #error "LMS parameters only support heights 5-20." +#endif + +/* Length of I in bytes. */ +#define LMS_I_LEN 16 +/* Length of L in bytes. */ +#define LMS_L_LEN 4 +/* Length of Q for a level. */ +#define LMS_Q_LEN 4 +/* Length of P in bytes. */ +#define LMS_P_LEN 2 +/* Length of W in bytes. */ +#define LMS_W_LEN 1 + +/* Length of numeric types when encoding. */ +#define LMS_TYPE_LEN 4 + +/* Maximum size of a node hash. */ +#define LMS_MAX_NODE_LEN WC_SHA256_DIGEST_SIZE +/* Maximum size of SEED (produced by hash). */ +#define LMS_SEED_LEN WC_SHA256_DIGEST_SIZE +/* Maximum number of P, number of n-byte string elements in LM-OTS signature. + * Value of P when N=32 and W=1. + */ +#define LMS_MAX_P 265 +/* Length of SEED and I in bytes. */ +#define LMS_SEED_I_LEN (LMS_SEED_LEN + LMS_I_LEN) + + +#ifndef WOLFSSL_LMS_ROOT_LEVELS + #ifdef WOLFSSL_LMS_LARGE_CACHES + /* Number of root levels of interior nodes to store. */ + #define LMS_ROOT_LEVELS 7 + #else + /* Number of root levels of interior nodes to store. */ + #define LMS_ROOT_LEVELS 5 + #endif +#else + #define LMS_ROOT_LEVELS WOLFSSL_LMS_ROOT_LEVELS +#endif +#if LMS_ROOT_LEVELS <= 0 + #error "LMS_ROOT_LEVELS must be greater than 0." +#endif +/* Count of root nodes to store per level. */ +#define LMS_ROOT_COUNT ((1 << (LMS_ROOT_LEVELS)) - 1) + +#ifndef WOLFSSL_LMS_CACHE_BITS + #ifdef WOLFSSL_LMS_LARGE_CACHES + /* 2 to the power of the value is the number of leaf nodes to cache. */ + #define LMS_CACHE_BITS 7 + #else + /* 2 to the power of the value is the number of leaf nodes to cache. */ + #define LMS_CACHE_BITS 5 + #endif +#else + #define LMS_CACHE_BITS WOLFSSL_LMS_CACHE_BITS +#endif +#if LMS_CACHE_BITS < 0 + #error "LMS_CACHE_BITS must be greater than or equal to 0." +#endif +/* Number of leaf nodes to cache. */ +#define LMS_LEAF_CACHE (1 << LMS_CACHE_BITS) + +/* Maximum number of levels of trees described in private key. */ +#define HSS_MAX_LEVELS 8 +/* Length of full Q in bytes. Q from all levels combined. */ +#define HSS_Q_LEN 8 + +/* Compressed parameter set length in bytes. */ +#define HSS_COMPRESS_PARAM_SET_LEN 1 +/* Total compressed parameter set length for private key in bytes. */ +#define HSS_PRIV_KEY_PARAM_SET_LEN \ + (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS) + +/* Private key length for one level. */ +#define LMS_PRIV_LEN \ + (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN) +/* Public key length in signature. */ +#define LMS_PUBKEY_LEN \ + (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN) + +/* LMS signature data length. */ +#define LMS_SIG_LEN(h, p) \ + (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \ + LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN) + +/* Length of public key. */ +#define HSS_PUBLIC_KEY_LEN (LMS_L_LEN + LMS_PUBKEY_LEN) +/* Length of private key. */ +#define HSS_PRIVATE_KEY_LEN \ + (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN) +/* Maximum public key length - length is constant for all parameters. */ +#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN +/* Maximum private key length - length is constant for all parameters. */ +#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN +/* Maximum signature length. */ +#define HSS_MAX_SIG_LEN \ + (LMS_TYPE_LEN + \ + LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + \ + LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) + \ + (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN \ + ) + +/* Maximum buffer length required for use when hashing. */ +#define LMS_MAX_BUFFER_LEN \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + 2 * LMS_MAX_NODE_LEN) + + +/* Private key data length. + * + * HSSPrivKey.priv + */ +#define LMS_PRIV_KEY_LEN(l) \ + ((l) * LMS_PRIV_LEN) + +/* Stack of nodes. */ +#define LMS_STACK_CACHE_LEN(h) \ + (((h) + 1) * LMS_MAX_NODE_LEN) + +/* Root cache length. */ +#define LMS_ROOT_CACHE_LEN(rl) \ + (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN) + +/* Leaf cache length. */ +#define LMS_LEAF_CACHE_LEN(cb) \ + ((1 << (cb)) * LMS_MAX_NODE_LEN) + +/* Length of LMS private key state. + * + * LmsPrivState + * auth_path + + * root + + * stack.stack + stack.offset + + * cache.leaf + cache.index + cache.offset + */ +#define LMS_PRIV_STATE_LEN(h, rl, cb) \ + (((h) * LMS_MAX_NODE_LEN) + \ + LMS_STACK_CACHE_LEN(h) + 4 + \ + LMS_ROOT_CACHE_LEN(rl) + \ + LMS_LEAF_CACHE_LEN(cb) + 4 + 4) + +#ifndef WOLFSSL_WC_LMS_SMALL + /* Private key data state for all levels. */ + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) \ + ((l) * LMS_PRIV_STATE_LEN(h, rl, cb)) +#else + /* Private key data state for all levels. */ + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) 0 +#endif + +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + /* Extra private key data for smoothing. */ + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) \ + (LMS_PRIV_KEY_LEN(l) + \ + ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb)) +#else + /* Extra private key data for smoothing. */ + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) 0 +#endif + +#ifndef WOLFSSL_LMS_NO_SIG_CACHE + #define LMS_PRIV_Y_TREE_LEN(p) \ + (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN) + /* Length of the y data cached in private key data. */ + #define LMS_PRIV_Y_LEN(l, p) \ + (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)) +#else + /* Length of the y data cached in private key data. */ + #define LMS_PRIV_Y_LEN(l, p) 0 +#endif + +#ifndef WOLFSSL_WC_LMS_SMALL +/* Length of private key data. */ +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ + (LMS_PRIV_KEY_LEN(l) + \ + LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) + \ + LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) + \ + LMS_PRIV_Y_LEN(l, p)) +#else +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ + LMS_PRIV_KEY_LEN(l) +#endif + + +/* LMS Parameters. */ +/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ +#define LMS_SHA256_M32_H5 5 +/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ +#define LMS_SHA256_M32_H10 6 +/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ +#define LMS_SHA256_M32_H15 7 +/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ +#define LMS_SHA256_M32_H20 8 +/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ +#define LMS_SHA256_M32_H25 9 + +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ +#define LMOTS_SHA256_N32_W1 1 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ +#define LMOTS_SHA256_N32_W2 2 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ +#define LMOTS_SHA256_N32_W4 3 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ +#define LMOTS_SHA256_N32_W8 4 + +typedef struct LmsParams { + /* Number of tree levels. */ + word8 levels; + /* Height of each tree. */ + word8 height; + /* Width or Winternitz coefficient. */ + word8 width; + /* Number of left-shift bits used in checksum calculation. */ + word8 ls; + /* Number of n-byte string elements in LM-OTS signature. */ + word16 p; + /* LMS type. */ + word16 lmsType; + /* LMOTS type. */ + word16 lmOtsType; + /* Length of LM-OTS signature. */ + word16 sig_len; +#ifndef WOLFSSL_WC_LMS_SMALL + /* Number of root levels of interior nodes to store. */ + word8 rootLevels; + /* 2 to the power of the value is the number of leaf nodes to cache. */ + word8 cacheBits; +#endif +} LmsParams; + +/* Mapping of id and string to parameters. */ +typedef struct wc_LmsParamsMap { + /* Identifier of parameters. */ + enum wc_LmsParm id; + /* String representation of identifier of parameters. */ + const char* str; + /* LMS parameter set. */ + LmsParams params; +} wc_LmsParamsMap; + +typedef struct LmsState { + /* Buffer to hold data to hash. */ + ALIGN16 byte buffer[LMS_MAX_BUFFER_LEN]; +#ifdef WOLFSSL_SMALL_STACK + /* Buffer to hold expanded Q coefficients. */ + ALIGN16 byte a[LMS_MAX_P]; +#endif + /* LMS parameters. */ + const LmsParams* params; + /* Hash algorithm. */ + wc_Sha256 hash; + /* Hash algorithm for calculating K. */ + wc_Sha256 hash_k; +} LmsState; + +#ifndef WOLFSSL_WC_LMS_SMALL +/* Stack of interior node hashes. */ +typedef struct LmsStack { + /* Stack nodes. */ + byte* stack; + /* Top of stack offset. */ + word32 offset; +} LmsStack; + +/* Cache of leaf hashes. */ +typedef struct HssLeafCache { + /* Cache of leaf nodes. Circular queue. */ + byte* cache; + /* Start index of cached leaf nodes. */ + word32 idx; + /* Index into cache of first leaf node. */ + word32 offset; +} HssLeafCache; + +typedef struct LmsPrivState { + /* Authentication path for current index. */ + byte* auth_path; + /* Stack nodes. */ + LmsStack stack; + /* Root nodes. */ + byte* root; + /* Cache of leaf nodes. */ + HssLeafCache leaf; +} LmsPrivState; +#endif /* WOLFSSL_WC_LMS_SMALL */ + +typedef struct HssPrivKey { + /* Private key. */ + byte* priv; +#ifndef WOLFSSL_WC_LMS_SMALL + /* Per level state of the private key. */ + LmsPrivState state[LMS_MAX_LEVELS]; +#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + /* Next private key. */ + byte* next_priv; + /* Next private state. */ + LmsPrivState next_state[LMS_MAX_LEVELS - 1]; +#endif +#ifndef WOLFSSL_LMS_NO_SIG_CACHE + /* Per level state of the private key. */ + byte* y; +#endif + /* Indicates the key has all levels initialized. */ + word8 inited:1; +#endif +} HssPrivKey; + +struct LmsKey { + /* Public key. */ + ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN]; +#ifndef WOLFSSL_LMS_VERIFY_ONLY + /* Encoded private key. */ + ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN]; + + /* Packed private key data. */ + byte* priv_data; + /* HSS Private key. */ + HssPrivKey priv; + + /* Callback to write/update key. */ + wc_lms_write_private_key_cb write_private_key; + /* Callback to read key. */ + wc_lms_read_private_key_cb read_private_key; + /* Context arg passed to callbacks. */ + void* context; + /* Dynamic memory hint. */ + void* heap; +#endif /* !WOLFSSL_LMS_VERIFY_ONLY */ + /* Parameters of key. */ + const LmsParams* params; + /* Current state of key. */ + enum wc_LmsState state; +#ifdef WOLF_CRYPTO_CB + /* Device Identifier. */ + int devId; +#endif +}; + +int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, + HssPrivKey* priv_key, byte* priv_data, byte* pub); +int wc_hss_reload_key(LmsState* state, const byte* priv_raw, + HssPrivKey* priv_key, byte* priv_data, byte* pub_root); +int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, + byte* priv_data, const byte* msg, word32 msgSz, byte* sig); +int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw); +int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, + word32 msgSz, const byte* sig); + +#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WC_LMS_H */ diff --git a/wolfssl/wolfcrypt/wc_pkcs11.h b/wolfssl/wolfcrypt/wc_pkcs11.h index 85717c2404..8cdd87e613 100644 --- a/wolfssl/wolfcrypt/wc_pkcs11.h +++ b/wolfssl/wolfcrypt/wc_pkcs11.h @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index bf5ef6b30b..9824d19f3c 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,7 +59,9 @@ #endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ -#ifdef USE_WINDOWS_API +#if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) + /* No system headers required for build. */ +#elif defined(USE_WINDOWS_API) #if defined(WOLFSSL_PTHREADS) #include #endif @@ -80,7 +82,7 @@ #endif #endif /* WOLFSSL_SGX */ #endif - #ifndef SINGLE_THREADED + #if !defined(SINGLE_THREADED) && !defined(_WIN32_WCE) #include #endif #elif defined(THREADX) @@ -145,13 +147,20 @@ #elif defined(WOLFSSL_APACHE_MYNEWT) /* do nothing */ #elif defined(WOLFSSL_ZEPHYR) + #include #ifndef SINGLE_THREADED - #ifndef CONFIG_PTHREAD_IPC - #error "Need CONFIG_PTHREAD_IPC for threading" + #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS) + #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS" #endif + #if KERNEL_VERSION_NUMBER >= 0x30100 #include #include #include + #else + #include + #include + #include + #endif #endif #elif defined(WOLFSSL_TELIT_M2MB) @@ -335,7 +344,11 @@ #endif #elif defined(_MSC_VER) /* Use MSVC compiler intrinsics for atomic ops */ - #include + #ifdef _WIN32_WCE + #include + #else + #include + #endif typedef volatile long wolfSSL_Atomic_Int; #define WOLFSSL_ATOMIC_OPS #endif @@ -702,16 +715,23 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XFGETS fgets #define XFPRINTF fprintf #define XFFLUSH fflush + #define XFEOF(fp) feof(fp) + #define XFERROR(fp) ferror(fp) + #define XCLEARERR(fp) clearerr(fp) #if !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) #if defined(USE_WINDOWS_API) + #include #include #ifndef XSTAT #define XSTAT _stat #endif #define XS_ISREG(s) (s & _S_IFREG) #define SEPARATOR_CHAR ';' + #define XWRITE _write + #define XREAD _read + #define XALTHOMEVARNAME "USERPROFILE" #elif defined(ARDUINO) #ifndef XSTAT @@ -766,6 +786,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifndef MAX_PATH #define MAX_PATH (260 + 1) #endif + #ifndef XFEOF + #define XFEOF(fp) 0 + #endif + #ifndef XFERROR + #define XFERROR(fp) 0 + #endif + #ifndef XCLEARERR + #define XCLEARERR(fp) WC_DO_NOTHING + #endif WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, void* heap); @@ -832,6 +861,25 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSPRINTF sprintf #endif +#ifdef USE_WINDOWS_API + #ifndef SOCKET_T + #ifdef __MINGW64__ + typedef size_t SOCKET_T; + #else + typedef unsigned int SOCKET_T; + #endif + #endif + #ifndef SOCKET_INVALID + #define SOCKET_INVALID INVALID_SOCKET + #endif +#else + #ifndef SOCKET_T + typedef int SOCKET_T; + #endif + #ifndef SOCKET_INVALID + #define SOCKET_INVALID (-1) + #endif +#endif /* MIN/MAX MACRO SECTION */ /* Windows API defines its own min() macro. */ @@ -999,8 +1047,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define USE_WOLF_TIME_T #elif defined(WOLFSSL_ZEPHYR) + #include #ifndef _POSIX_C_SOURCE - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #else #include #endif diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h index 96274d7941..21d5fe8ef2 100644 --- a/wolfssl/wolfcrypt/wc_xmss.h +++ b/wolfssl/wolfcrypt/wc_xmss.h @@ -1,6 +1,6 @@ /* wc_xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,5 +19,267 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#error "Contact wolfSSL to get the implementation of this file" +/* Based on: + * o RFC 8391 - XMSS: eXtended Merkle Signature Scheme + * o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo + * from "Post Quantum Cryptography", Springer 2009. + */ + +#ifndef WC_XMSS_H +#define WC_XMSS_H + +#ifdef WOLFSSL_HAVE_XMSS +#include +#include +#include +#include + +#if !defined(WOLFSSL_WC_XMSS) + #error "This code is incompatible with external implementation of XMSS." +#endif + +#if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \ + (WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512) + #define WC_XMSS_MAX_N 64 + #define WC_XMSS_MAX_PADDING_LEN 64 +#else + #define WC_XMSS_MAX_N 32 + #define WC_XMSS_MAX_PADDING_LEN 32 +#endif +#define WC_XMSS_MAX_MSG_PRE_LEN \ + (WC_XMSS_MAX_PADDING_LEN + 3 * WC_XMSS_MAX_N) +#define WC_XMSS_MAX_TREE_HEIGHT 20 +#define WC_XMSS_MAX_CSUM_BYTES 4 +#define WC_XMSS_MAX_WOTS_LEN (8 * WC_XMSS_MAX_N / 4 + 3) +#define WC_XMSS_MAX_WOTS_SIG_LEN (WC_XMSS_MAX_WOTS_LEN * WC_XMSS_MAX_N) +#define WC_XMSS_MAX_STACK_LEN \ + ((WC_XMSS_MAX_TREE_HEIGHT + 1) * WC_XMSS_MAX_N) +#define WC_XMSS_MAX_D 12 +#define WC_XMSS_MAX_BDS_STATES (2 * WC_XMSS_MAX_D - 1) +#define WC_XMSS_MAX_TREE_HASH \ + ((2 * WC_XMSS_MAX_D - 1) * WC_XMSS_MAX_TREE_HEIGHT) +#define WC_XMSS_MAX_BDS_K 0 + +#define WC_XMSS_ADDR_LEN 32 + +#define WC_XMSS_HASH_PRF_MAX_DATA_LEN \ + (WC_XMSS_MAX_PADDING_LEN + 2 * WC_XMSS_MAX_N + WC_XMSS_ADDR_LEN) +#define WC_XMSS_HASH_MAX_DATA_LEN \ + (WC_XMSS_MAX_PADDING_LEN + 3 * WC_XMSS_MAX_N) + + +#define WC_XMSS_SHA256_N 32 +#define WC_XMSS_SHA256_PADDING_LEN 32 +#define WC_XMSS_SHA256_WOTS_LEN 67 + +#define XMSS_OID_LEN 4 + +#define XMSS_MAX_HASH_LEN WC_SHA256_DIGEST_SIZE + +#define XMSS_RETAIN_LEN(k, n) ((!!(k)) * ((1 << (k)) - (k) - 1) * (n)) + +/* XMMS Algorithm OIDs + * Note: values are used in mathematical calculations in OID to parames. */ +#define WC_XMSS_OID_SHA2_10_256 0x01 +#define WC_XMSS_OID_SHA2_16_256 0x02 +#define WC_XMSS_OID_SHA2_20_256 0x03 +#define WC_XMSS_OID_SHA2_10_512 0x04 +#define WC_XMSS_OID_SHA2_16_512 0x05 +#define WC_XMSS_OID_SHA2_20_512 0x06 +#define WC_XMSS_OID_SHAKE_10_256 0x07 +#define WC_XMSS_OID_SHAKE_16_256 0x08 +#define WC_XMSS_OID_SHAKE_20_256 0x09 +#define WC_XMSS_OID_SHAKE_10_512 0x0a +#define WC_XMSS_OID_SHAKE_16_512 0x0b +#define WC_XMSS_OID_SHAKE_20_512 0x0c +#define WC_XMSS_OID_SHA2_10_192 0x0d +#define WC_XMSS_OID_SHA2_16_192 0x0e +#define WC_XMSS_OID_SHA2_20_192 0x0f +#define WC_XMSS_OID_SHAKE256_10_256 0x10 +#define WC_XMSS_OID_SHAKE256_16_256 0x11 +#define WC_XMSS_OID_SHAKE256_20_256 0x12 +#define WC_XMSS_OID_SHAKE256_10_192 0x13 +#define WC_XMSS_OID_SHAKE256_16_192 0x14 +#define WC_XMSS_OID_SHAKE256_20_192 0x15 +#define WC_XMSS_OID_FIRST WC_XMSS_OID_SHA2_10_256 +#define WC_XMSS_OID_LAST WC_XMSS_OID_SHAKE256_20_192 + +/* XMMS^MT Algorithm OIDs + * Note: values are used in mathematical calculations in OID to parames. */ +#define WC_XMSSMT_OID_SHA2_20_2_256 0x01 +#define WC_XMSSMT_OID_SHA2_20_4_256 0x02 +#define WC_XMSSMT_OID_SHA2_40_2_256 0x03 +#define WC_XMSSMT_OID_SHA2_40_4_256 0x04 +#define WC_XMSSMT_OID_SHA2_40_8_256 0x05 +#define WC_XMSSMT_OID_SHA2_60_3_256 0x06 +#define WC_XMSSMT_OID_SHA2_60_6_256 0x07 +#define WC_XMSSMT_OID_SHA2_60_12_256 0x08 +#define WC_XMSSMT_OID_SHA2_20_2_512 0x09 +#define WC_XMSSMT_OID_SHA2_20_4_512 0x0a +#define WC_XMSSMT_OID_SHA2_40_2_512 0x0b +#define WC_XMSSMT_OID_SHA2_40_4_512 0x0c +#define WC_XMSSMT_OID_SHA2_40_8_512 0x0d +#define WC_XMSSMT_OID_SHA2_60_3_512 0x0e +#define WC_XMSSMT_OID_SHA2_60_6_512 0x0f +#define WC_XMSSMT_OID_SHA2_60_12_512 0x10 +#define WC_XMSSMT_OID_SHAKE_20_2_256 0x11 +#define WC_XMSSMT_OID_SHAKE_20_4_256 0x12 +#define WC_XMSSMT_OID_SHAKE_40_2_256 0x13 +#define WC_XMSSMT_OID_SHAKE_40_4_256 0x14 +#define WC_XMSSMT_OID_SHAKE_40_8_256 0x15 +#define WC_XMSSMT_OID_SHAKE_60_3_256 0x16 +#define WC_XMSSMT_OID_SHAKE_60_6_256 0x17 +#define WC_XMSSMT_OID_SHAKE_60_12_256 0x18 +#define WC_XMSSMT_OID_SHAKE_20_2_512 0x19 +#define WC_XMSSMT_OID_SHAKE_20_4_512 0x1a +#define WC_XMSSMT_OID_SHAKE_40_2_512 0x1b +#define WC_XMSSMT_OID_SHAKE_40_4_512 0x1c +#define WC_XMSSMT_OID_SHAKE_40_8_512 0x1d +#define WC_XMSSMT_OID_SHAKE_60_3_512 0x1e +#define WC_XMSSMT_OID_SHAKE_60_6_512 0x1f +#define WC_XMSSMT_OID_SHAKE_60_12_512 0x20 +#define WC_XMSSMT_OID_SHA2_20_2_192 0x21 +#define WC_XMSSMT_OID_SHA2_20_4_192 0x22 +#define WC_XMSSMT_OID_SHA2_40_2_192 0x23 +#define WC_XMSSMT_OID_SHA2_40_4_192 0x24 +#define WC_XMSSMT_OID_SHA2_40_8_192 0x25 +#define WC_XMSSMT_OID_SHA2_60_3_192 0x26 +#define WC_XMSSMT_OID_SHA2_60_6_192 0x27 +#define WC_XMSSMT_OID_SHA2_60_12_192 0x28 +#define WC_XMSSMT_OID_SHAKE256_20_2_256 0x29 +#define WC_XMSSMT_OID_SHAKE256_20_4_256 0x2a +#define WC_XMSSMT_OID_SHAKE256_40_2_256 0x2b +#define WC_XMSSMT_OID_SHAKE256_40_4_256 0x2c +#define WC_XMSSMT_OID_SHAKE256_40_8_256 0x2d +#define WC_XMSSMT_OID_SHAKE256_60_3_256 0x2e +#define WC_XMSSMT_OID_SHAKE256_60_6_256 0x2f +#define WC_XMSSMT_OID_SHAKE256_60_12_256 0x30 +#define WC_XMSSMT_OID_SHAKE256_20_2_192 0x31 +#define WC_XMSSMT_OID_SHAKE256_20_4_192 0x32 +#define WC_XMSSMT_OID_SHAKE256_40_2_192 0x33 +#define WC_XMSSMT_OID_SHAKE256_40_4_192 0x34 +#define WC_XMSSMT_OID_SHAKE256_40_8_192 0x35 +#define WC_XMSSMT_OID_SHAKE256_60_3_192 0x36 +#define WC_XMSSMT_OID_SHAKE256_60_6_192 0x37 +#define WC_XMSSMT_OID_SHAKE256_60_12_192 0x38 +#define WC_XMSSMT_OID_FIRST WC_XMSSMT_OID_SHA2_20_2_256 +#define WC_XMSSMT_OID_LAST WC_XMSSMT_OID_SHAKE256_60_12_192 + + +/* Type for hash address. */ +typedef word32 HashAddress[8]; + +/* XMSS/XMSS^MT fixed parameters. */ +typedef struct XmssParams { + /* Hash algorithm to use. */ + word8 hash; + /* Size of hash output. */ + word8 n; + /* Number of bytes of padding before rest of hash data. */ + word8 pad_len; + /* Number of values to chain = 2 * n + 3. */ + word8 wots_len; + /* Number of bytes in each WOTS+ signature. */ + word16 wots_sig_len; + /* Full height of tree. */ + word8 h; + /* Height of tree each subtree. */ + word8 sub_h; + /* Number of subtrees = h / sub_h. */ + word8 d; + /* Number of bytes to encode index into in private/secret key. */ + word8 idx_len; + /* Number of bytes in a signature. */ + word32 sig_len; + /* Number of bytes in a secret/private key. */ + word32 sk_len; + /* Number of bytes in a public key. */ + word8 pk_len; + /* BDS parameter for fast C implementation. */ + word8 bds_k; +} XmssParams; + +struct XmssKey { + /* Public key. */ + unsigned char pk[2 * WC_XMSS_MAX_N]; + /* OID that identifies parameters. */ + word32 oid; + /* Indicates whether the parameters are for XMSS^MT. */ + int is_xmssmt; + /* XMSS/XMSS^MT parameters. */ + const XmssParams* params; +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + /* Secret/private key. */ + unsigned char* sk; + /* Length of secret key. */ + word32 sk_len; + /* Callback to write/update key. */ + wc_xmss_write_private_key_cb write_private_key; + /* Callback to read key. */ + wc_xmss_read_private_key_cb read_private_key; + /* Context arg passed to callbacks. */ + void* context; +#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ + /* State of key. */ + enum wc_XmssState state; +}; + +typedef struct XmssState { + const XmssParams* params; + + /* Digest is assumed to be at the end. */ + union { + #ifdef WC_XMSS_SHA256 + wc_Sha256 sha256; + #endif + #ifdef WC_XMSS_SHA512 + wc_Sha512 sha512; + #endif + #if defined(WC_XMSS_SHAKE128) || defined(WC_XMSS_SHAKE256) + wc_Shake shake; + #endif + } digest; +#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \ + !defined(WC_XMSS_FULL_HASH) + ALIGN16 word32 dgst_state[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; +#endif + ALIGN16 byte prf_buf[WC_XMSS_HASH_PRF_MAX_DATA_LEN]; + ALIGN16 byte buf[WC_XMSS_HASH_MAX_DATA_LEN]; + ALIGN16 byte pk[WC_XMSS_MAX_WOTS_SIG_LEN]; +#ifndef WOLFSSL_XMSS_VERIFY_ONLY + ALIGN16 byte stack[WC_XMSS_MAX_STACK_LEN]; +#else + ALIGN16 byte stack[WC_XMSS_ADDR_LEN]; +#endif + byte encMsg[WC_XMSS_MAX_WOTS_LEN]; + HashAddress addr; + + int ret; +} XmssState; + +#ifdef __cplusplus + extern "C" { +#endif + +WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed, + unsigned char *sk, unsigned char *pk); +WOLFSSL_LOCAL int wc_xmss_keygen(XmssState *state, const unsigned char* seed, + unsigned char *sk, unsigned char *pk); + +WOLFSSL_LOCAL int wc_xmssmt_sign(XmssState *state, const unsigned char *m, + word32 mlen, unsigned char *sk, unsigned char *sm); +WOLFSSL_LOCAL int wc_xmss_sign(XmssState *state, const unsigned char *m, + word32 mlen, unsigned char *sk, unsigned char *sm); + +WOLFSSL_LOCAL int wc_xmss_sigsleft(const XmssParams* params, unsigned char* sk); + +WOLFSSL_LOCAL int wc_xmssmt_verify(XmssState *state, const unsigned char *m, + word32 mlen, const unsigned char *sm, const unsigned char *pk); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_HAVE_XMSS */ +#endif /* WC_XMSS_H */ diff --git a/wolfssl/wolfcrypt/wolfevent.h b/wolfssl/wolfcrypt/wolfevent.h index 31cc7c5c4c..cb3cb58de2 100644 --- a/wolfssl/wolfcrypt/wolfevent.h +++ b/wolfssl/wolfcrypt/wolfevent.h @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index 4ed88b81f8..fe01ed5cd8 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h index 7f19aee2bf..548700caaf 100644 --- a/wolfssl/wolfcrypt/xmss.h +++ b/wolfssl/wolfcrypt/xmss.h @@ -1,6 +1,6 @@ /* xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -160,9 +160,9 @@ enum wc_XmssState { }; /* Private key write and read callbacks. */ -typedef enum wc_XmssRc (*write_private_key_cb)(const byte* priv, word32 privSz, +typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz, void* context); -typedef enum wc_XmssRc (*read_private_key_cb)(byte* priv, word32 privSz, +typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz, void* context); #ifdef __cplusplus @@ -173,9 +173,9 @@ WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId); WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str); #ifndef WOLFSSL_XMSS_VERIFY_ONLY WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key, - write_private_key_cb write_cb); + wc_xmss_write_private_key_cb write_cb); WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key, - read_private_key_cb read_cb); + wc_xmss_read_private_key_cb read_cb); WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context); WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng); WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key); diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 48646a50ba..5fdeac4bb5 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -129,7 +129,18 @@ #include #include #elif defined(WOLFSSL_ZEPHYR) - #include + #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #ifdef CONFIG_POSIX_API + #include + #endif + #else + #include + #ifdef CONFIG_POSIX_API + #include + #endif + #endif #elif defined(MICROCHIP_PIC32) #include #elif defined(HAVE_NETX) @@ -139,6 +150,8 @@ #include #include #include + #elif defined(WOLFSSL_EMNET) + #include #elif !defined(WOLFSSL_NO_SOCK) #include #include @@ -155,6 +168,9 @@ #include "socket.h" #elif defined(NETOS) #include + #elif defined(NUCLEUS_PLUS_2_3) + #define SO_TYPE 17 /* Socket type */ + #define SO_RCVTIMEO 13 /* Recv Timeout */ #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) @@ -185,6 +201,9 @@ #include #endif +#define SOCKET_RECEIVING 1 +#define SOCKET_SENDING 2 + #ifdef USE_WINDOWS_API /* no epipe yet */ #ifndef WSAEPIPE @@ -192,6 +211,7 @@ #endif #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK #define SOCKET_EAGAIN WSAETIMEDOUT + #define SOCKET_ETIMEDOUT WSAETIMEDOUT #define SOCKET_ECONNRESET WSAECONNRESET #define SOCKET_EINTR WSAEINTR #define SOCKET_EPIPE WSAEPIPE @@ -206,10 +226,12 @@ #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - #if MQX_USE_IO_OLD + #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \ + defined(FREESCALE_MQX_5_0) /* RTCS old I/O doesn't have an EWOULDBLOCK */ #define SOCKET_EWOULDBLOCK EAGAIN #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT RTCSERR_TCP_TIMED_OUT #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -218,6 +240,7 @@ #else #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ETIMEDOUT NIO_ETIMEDOUT #define SOCKET_ECONNRESET NIO_ECONNRESET #define SOCKET_EINTR NIO_EINTR #define SOCKET_EPIPE NIO_EPIPE @@ -235,6 +258,7 @@ #elif defined(WOLFSSL_PICOTCP) #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN #define SOCKET_EAGAIN PICO_ERR_EAGAIN + #define SOCKET_ETIMEDOUT PICO_ERR_ETIMEDOUT #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET #define SOCKET_EINTR PICO_ERR_EINTR #define SOCKET_EPIPE PICO_ERR_EIO @@ -243,6 +267,7 @@ #elif defined(FREERTOS_TCP) #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK + #define SOCKET_ETIMEDOUT (-pdFREERTOS_ERRNO_ETIMEDOUT) #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR #define SOCKET_EINTR FREERTOS_SOCKET_ERROR #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR @@ -256,6 +281,14 @@ #define SOCKET_EPIPE NU_NOT_CONNECTED #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED #define SOCKET_ECONNABORTED NU_NOT_CONNECTED +#elif defined(NUCLEUS_PLUS_2_3) + #define SOCKET_EWOULDBLOCK NU_WOULD_BLOCK + #define SOCKET_EAGAIN NU_NO_DATA + #define SOCKET_ECONNRESET NU_RESET + #define SOCKET_EINTR 0 + #define SOCKET_EPIPE 0 + #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED + #define SOCKET_ECONNABORTED NU_CONNECTION_REFUSED #elif defined(WOLFSSL_DEOS) /* `sockaddr_storage` is not defined in DEOS. This workaround will * work for IPV4, but not IPV6 @@ -287,13 +320,14 @@ #elif defined(WOLFSSL_LWIP_NATIVE) #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK #define SOCKET_EAGAIN ERR_WOULDBLOCK + #define SOCKET_TIMEDOUT ERR_TIMEOUT #define SOCKET_ECONNRESET ERR_RST #define SOCKET_EINTR ERR_CLSD #define SOCKET_EPIPE ERR_CLSD #define SOCKET_ECONNREFUSED ERR_CONN #define SOCKET_ECONNABORTED ERR_ABRT #elif defined(WOLFSSL_EMNET) - #include + #define XSOCKLENT int #define SOCKET_EWOULDBLOCK IP_ERR_WOULD_BLOCK #define SOCKET_EAGAIN IP_ERR_WOULD_BLOCK #define SOCKET_ECONNRESET IP_ERR_CONN_RESET @@ -304,6 +338,7 @@ #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT ETIMEDOUT #define SOCKET_ECONNRESET ECONNRESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -340,6 +375,11 @@ #elif defined(WOLFSSL_NUCLEUS_1_2) #define SEND_FUNCTION NU_Send #define RECV_FUNCTION NU_Recv +#elif defined(NUCLEUS_PLUS_2_3) + #define SEND_FUNCTION nucyassl_send + #define RECV_FUNCTION nucyassl_recv + #define DTLS_RECVFROM_FUNCTION nucyassl_recvfrom + #define DTLS_SENDTO_FUNCTION nucyassl_sendto #elif defined(FUSION_RTOS) #define SEND_FUNCTION FNS_SEND #define RECV_FUNCTION FNS_RECV @@ -364,26 +404,13 @@ #endif #endif -#ifdef USE_WINDOWS_API - #if defined(__MINGW64__) - typedef size_t SOCKET_T; - #else - typedef unsigned int SOCKET_T; - #endif - #ifndef SOCKET_INVALID - #define SOCKET_INVALID INVALID_SOCKET - #endif -#else - typedef int SOCKET_T; - #ifndef SOCKET_INVALID - #define SOCKET_INVALID (-1) - #endif -#endif - #ifndef WOLFSSL_NO_SOCK #ifndef XSOCKLENT #ifdef USE_WINDOWS_API #define XSOCKLENT int + #elif defined(NUCLEUS_PLUS_2_3) + typedef int socklen_t; + #define XSOCKLENT socklen_t #else #define XSOCKLENT socklen_t #endif @@ -406,6 +433,10 @@ #ifdef WOLFSSL_IPV6 typedef struct sockaddr_in6 SOCKADDR_IN6; #endif + #if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + #include + typedef struct sockaddr_un SOCKADDR_UN; + #endif typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ @@ -430,6 +461,32 @@ WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port); WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); +#ifdef WOLFSSL_HAVE_BIO_ADDR + +#ifdef WOLFSSL_NO_SOCK +#error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible. +#endif + +union WOLFSSL_BIO_ADDR { + SOCKADDR sa; + SOCKADDR_IN sa_in; +#ifdef WOLFSSL_IPV6 + SOCKADDR_IN6 sa_in6; +#endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + SOCKADDR_UN sa_un; +#endif +}; + +typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR; + +#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags); +WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags); +#endif + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ #ifndef WOLFSSL_NO_SOCK @@ -451,6 +508,7 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); FNS_CLOSE(s, &err); \ } while(0) #endif + #define StartTCP() WC_DO_NOTHING #else #ifndef CloseSocket #define CloseSocket(s) close(s) @@ -471,6 +529,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); #ifdef WOLFSSL_DTLS + #ifdef NUCLEUS_PLUS_2_3 + #define SELECT_FUNCTION nucyassl_select + WOLFSSL_LOCAL int nucyassl_select(INT sd, UINT32 timeout); + #endif WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx); WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx); diff --git a/wrapper/Ada/.gitignore b/wrapper/Ada/.gitignore new file mode 100644 index 0000000000..b672fdeaf3 --- /dev/null +++ b/wrapper/Ada/.gitignore @@ -0,0 +1 @@ +obj diff --git a/wrapper/Ada/README.md b/wrapper/Ada/README.md index 0af9eafc02..76f4b8e8bd 100644 --- a/wrapper/Ada/README.md +++ b/wrapper/Ada/README.md @@ -2,7 +2,7 @@ The source code for the Ada/SPARK binding of the WolfSSL library is the WolfSSL Ada package in the wolfssl.ads and wolfssl.adb files. -The source code here also demonstrates a TLS v1.3 server and client +The source code here also demonstrates a (D)TLS v1.3 server and client using the WolfSSL Ada binding. The implementation is cross-platform and compiles on Linux, Mac OS X and Windows. @@ -15,7 +15,8 @@ for the secondary stack. The GNAT User's Guide recommends avoiding the secondary stack using the restriction No_Secondary_Stack (see the GNAT configuration file gnat.adc which instructs compilation of the WolfSSL Ada binding under -this restriction). +this restriction). Note, however, that the examples do make use of the +secondary stack. Portability: The WolfSSL Ada binding makes no usage of controlled types and has no dependency upon the Ada.Finalization package. @@ -91,13 +92,13 @@ Make sure the executables for the compiler and GPRBuild are on the PATH and use gprbuild to build the source code. ## Files -The TLS v1.3 client example in the Ada/SPARK programming language +The (D)TLS v1.3 client example in the Ada/SPARK programming language using the WolfSSL library can be found in the files: tls_client_main.adb tls_client.ads tls_client.adb -The TLS v1.3 server example in the Ada/SPARK programming language +The (D)TLS v1.3 server example in the Ada/SPARK programming language using the WolfSSL library can be found in the files: tls_server_main.adb tls_server.ads diff --git a/wrapper/Ada/ada_binding.c b/wrapper/Ada/ada_binding.c index 0becb0e7e0..a1b762846b 100644 --- a/wrapper/Ada/ada_binding.c +++ b/wrapper/Ada/ada_binding.c @@ -1,6 +1,6 @@ /* ada_binding.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wrapper/Ada/default.gpr b/wrapper/Ada/default.gpr index bbd3b34f1e..42dcd745c0 100644 --- a/wrapper/Ada/default.gpr +++ b/wrapper/Ada/default.gpr @@ -26,10 +26,6 @@ project Default is for Spec_Suffix ("C") use ".h"; end Naming; - package Builder is - for Global_Configuration_Pragmas use "gnat.adc"; - end Builder; - package Compiler is for Switches ("C") use ("-DWOLFSSL_USER_SETTINGS", -- Use the user_settings.h file. diff --git a/wrapper/Ada/spark_sockets.adb b/wrapper/Ada/spark_sockets.adb index e315f230e3..a662a010d9 100644 --- a/wrapper/Ada/spark_sockets.adb +++ b/wrapper/Ada/spark_sockets.adb @@ -19,6 +19,7 @@ -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- +with Ada.Streams; with Interfaces.C; package body SPARK_Sockets is @@ -33,16 +34,35 @@ package body SPARK_Sockets is return (Exists => False); end Inet_Addr; - procedure Create_Socket (Socket : in out Optional_Socket) is + procedure Create_Socket + (Socket : in out Optional_Socket; + Family : GNAT.Sockets.Family_Type; + Mode : GNAT.Sockets.Mode_Type) is S : Socket_Type; begin - GNAT.Sockets.Create_Socket (S); + GNAT.Sockets.Create_Socket (S, Family, Mode); Socket := (Exists => True, Socket => S); exception when others => Socket := (Exists => False); end Create_Socket; + procedure Create_Stream_Socket (Socket : in out Optional_Socket) is + begin + Create_Socket + (Socket => Socket, + Family => GNAT.Sockets.Family_Inet, + Mode => GNAT.Sockets.Socket_Stream); + end Create_Stream_Socket; + + procedure Create_Datagram_Socket (Socket : in out Optional_Socket) is + begin + Create_Socket + (Socket => Socket, + Family => GNAT.Sockets.Family_Inet, + Mode => GNAT.Sockets.Socket_Datagram); + end Create_Datagram_Socket; + function Connect_Socket (Socket : Socket_Type; Server : Sock_Addr_Type) return Subprogram_Result is @@ -99,6 +119,22 @@ package body SPARK_Sockets is return Failure; end Listen_Socket; + function Receive_Socket + (Socket : Socket_Type) + return Subprogram_Result is + + Item : Ada.Streams.Stream_Element_Array (1 .. 4096); + Last : Ada.Streams.Stream_Element_Offset; + From : GNAT.Sockets.Sock_Addr_Type; + + begin + GNAT.Sockets.Receive_Socket (Socket, Item, Last, From); + return Success; + exception + when others => + return Failure; + end Receive_Socket; + procedure Accept_Socket (Server : Socket_Type; Socket : out Optional_Socket; Address : out Sock_Addr_Type; diff --git a/wrapper/Ada/spark_sockets.ads b/wrapper/Ada/spark_sockets.ads index ee9864c6ff..5ac2998630 100644 --- a/wrapper/Ada/spark_sockets.ads +++ b/wrapper/Ada/spark_sockets.ads @@ -83,7 +83,10 @@ package SPARK_Sockets with SPARK_Mode is end case; end record; - procedure Create_Socket (Socket : in out Optional_Socket) with + procedure Create_Stream_Socket (Socket : in out Optional_Socket) with + Pre => not Socket.Exists; + + procedure Create_Datagram_Socket (Socket : in out Optional_Socket) with Pre => not Socket.Exists; function Connect_Socket (Socket : Socket_Type; @@ -116,6 +119,8 @@ package SPARK_Sockets with SPARK_Mode is -- appropriate in usual cases. It can be adjusted according to each -- application's particular requirements. + function Receive_Socket (Socket : Socket_Type) return Subprogram_Result; + procedure Accept_Socket (Server : Socket_Type; Socket : out Optional_Socket; Address : out Sock_Addr_Type; diff --git a/wrapper/Ada/tls_client.adb b/wrapper/Ada/tls_client.adb index 88f5a60df2..3ec39320a5 100644 --- a/wrapper/Ada/tls_client.adb +++ b/wrapper/Ada/tls_client.adb @@ -47,12 +47,18 @@ package body Tls_Client with SPARK_Mode is Ada.Text_IO.Put (Text); end Put; - procedure Put (Number : Natural) is + procedure Put (Number : Natural) + with + Annotate => (GNATprove, Might_Not_Return) + is begin Natural_IO.Put (Item => Number, Width => 0, Base => 10); end Put; - procedure Put (Number : Byte_Index) is + procedure Put (Number : Byte_Index) + with + Annotate => (GNATprove, Might_Not_Return) + is begin Natural_IO.Put (Item => Natural (Number), Width => 0, Base => 10); end Put; @@ -137,6 +143,7 @@ package body Tls_Client with SPARK_Mode is Output : WolfSSL.Write_Result; Result : WolfSSL.Subprogram_Result; + DTLS : Boolean; begin Result := WolfSSL.Initialize; if Result /= Success then @@ -144,14 +151,29 @@ package body Tls_Client with SPARK_Mode is return; end if; - if Argument_Count < 1 then - Put_Line ("usage: tcl_client "); + if Argument_Count < 1 + or Argument_Count > 2 + or (Argument_Count = 2 and then Argument (2) /= "--dtls") + then + Put_Line ("usage: tls_client_main [--dtls]"); return; end if; - SPARK_Sockets.Create_Socket (C); + + DTLS := (SPARK_Terminal.Argument_Count = 2); + + if DTLS then + SPARK_Sockets.Create_Datagram_Socket (C); + else + SPARK_Sockets.Create_Stream_Socket (C); + end if; + if not C.Exists then - Put_Line ("ERROR: Failed to create socket."); - return; + declare + Mode : constant String := (if DTLS then "datagram" else "stream"); + begin + Put_Line ("ERROR: Failed to create " & Mode & " socket."); + return; + end; end if; Addr := SPARK_Sockets.Inet_Addr (Argument (1)); @@ -167,18 +189,26 @@ package body Tls_Client with SPARK_Mode is Addr => Addr.Addr, Port => P); - Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket, - Server => A); - if Result /= Success then - Put_Line ("ERROR: Failed to connect to server."); - SPARK_Sockets.Close_Socket (C); - Set (Exit_Status_Failure); - return; + if not DTLS then + Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket, + Server => A); + if Result /= Success then + Put_Line ("ERROR: Failed to connect to server."); + SPARK_Sockets.Close_Socket (C); + Set (Exit_Status_Failure); + return; + end if; end if; -- Create and initialize WOLFSSL_CTX. - WolfSSL.Create_Context (Method => WolfSSL.TLSv1_3_Client_Method, - Context => Ctx); + WolfSSL.Create_Context + (Method => + (if DTLS then + WolfSSL.DTLSv1_3_Client_Method + else + WolfSSL.TLSv1_3_Client_Method), + Context => Ctx); + if not WolfSSL.Is_Valid (Ctx) then Put_Line ("ERROR: failed to create WOLFSSL_CTX."); SPARK_Sockets.Close_Socket (C); @@ -186,6 +216,11 @@ package body Tls_Client with SPARK_Mode is return; end if; + -- Require mutual authentication. + WolfSSL.Set_Verify + (Context => Ctx, + Mode => WolfSSL.Verify_Peer & WolfSSL.Verify_Fail_If_No_Peer_Cert); + -- Load client certificate into WOLFSSL_CTX. Result := WolfSSL.Use_Certificate_File (Context => Ctx, File => CERT_FILE, @@ -241,6 +276,19 @@ package body Tls_Client with SPARK_Mode is return; end if; + if DTLS then + Result := WolfSSL.DTLS_Set_Peer(Ssl => Ssl, + Address => A); + if Result /= Success then + Put_Line ("ERROR: Failed to set the DTLS peer."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + end if; + -- Attach wolfSSL to the socket. Result := WolfSSL.Attach (Ssl => Ssl, Socket => SPARK_Sockets.To_C (C.Socket)); diff --git a/wrapper/Ada/tls_client.ads b/wrapper/Ada/tls_client.ads index 50a52b3ccd..aa1ad36e01 100644 --- a/wrapper/Ada/tls_client.ads +++ b/wrapper/Ada/tls_client.ads @@ -32,6 +32,7 @@ package Tls_Client with SPARK_Mode is Pre => (not Client.Exists and not WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)), Post => (not Client.Exists and not WolfSSL.Is_Valid (Ssl) and - not WolfSSL.Is_Valid (Ctx)); + not WolfSSL.Is_Valid (Ctx)), + Annotate => (GNATprove, Might_Not_Return); end Tls_Client; diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb index 2858f26fdc..28a032fdcf 100644 --- a/wrapper/Ada/tls_server.adb +++ b/wrapper/Ada/tls_server.adb @@ -105,6 +105,7 @@ package body Tls_Server with SPARK_Mode is Ch : Character; Result : WolfSSL.Subprogram_Result; + DTLS : Boolean; Shall_Continue : Boolean := True; Input : WolfSSL.Read_Result; @@ -117,12 +118,31 @@ package body Tls_Server with SPARK_Mode is return; end if; - SPARK_Sockets.Create_Socket (Socket => L); - if not L.Exists then - Put_Line ("ERROR: Failed to create socket."); + if SPARK_Terminal.Argument_Count > 1 + or (SPARK_Terminal.Argument_Count = 1 + and then SPARK_Terminal.Argument (1) /= "--dtls") + then + Put_Line ("usage: tls_server_main [--dtls]"); return; end if; + DTLS := (SPARK_Terminal.Argument_Count = 1); + + if DTLS then + SPARK_Sockets.Create_Datagram_Socket (Socket => L); + else + SPARK_Sockets.Create_Stream_Socket (Socket => L); + end if; + + if not L.Exists then + declare + Mode : constant String := (if DTLS then "datagram" else "stream"); + begin + Put_Line ("ERROR: Failed to create " & Mode & " socket."); + return; + end; + end if; + Option := (Name => Reuse_Address, Enabled => True); Result := SPARK_Sockets.Set_Socket_Option (Socket => L.Socket, Level => Socket_Level, @@ -144,17 +164,32 @@ package body Tls_Server with SPARK_Mode is return; end if; - Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket, - Length => 5); + if DTLS then + Result := SPARK_Sockets.Receive_Socket (Socket => L.Socket); + else + Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket, + Length => 5); + end if; + if Result /= Success then - Put_Line ("ERROR: Failed to configure listener socket."); - SPARK_Sockets.Close_Socket (L); - return; + declare + Operation : constant String := (if DTLS then "receiver" else "listener"); + begin + Put_Line ("ERROR: Failed to configure " & Operation & " socket."); + SPARK_Sockets.Close_Socket (L); + return; + end; end if; -- Create and initialize WOLFSSL_CTX. - WolfSSL.Create_Context (Method => WolfSSL.TLSv1_3_Server_Method, - Context => Ctx); + WolfSSL.Create_Context + (Method => + (if DTLS then + WolfSSL.DTLSv1_3_Server_Method + else + WolfSSL.TLSv1_3_Server_Method), + Context => Ctx); + if not WolfSSL.Is_Valid (Ctx) then Put_Line ("ERROR: failed to create WOLFSSL_CTX."); SPARK_Sockets.Close_Socket (L); @@ -217,16 +252,18 @@ package body Tls_Server with SPARK_Mode is pragma Loop_Invariant (not WolfSSL.Is_Valid (Ssl)); pragma Loop_Invariant (WolfSSL.Is_Valid (Ctx)); - Put_Line ("Waiting for a connection..."); - SPARK_Sockets.Accept_Socket (Server => L.Socket, - Socket => C, - Address => A, - Result => Result); - if Result /= Success then - Put_Line ("ERROR: failed to accept the connection."); - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - return; + if not DTLS then + Put_Line ("Waiting for a connection..."); + SPARK_Sockets.Accept_Socket (Server => L.Socket, + Socket => C, + Address => A, + Result => Result); + if Result /= Success then + Put_Line ("ERROR: failed to accept the connection."); + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + return; + end if; end if; -- Create a WOLFSSL object. @@ -234,32 +271,45 @@ package body Tls_Server with SPARK_Mode is if not WolfSSL.Is_Valid (Ssl) then Put_Line ("ERROR: failed to create WOLFSSL object."); SPARK_Sockets.Close_Socket (L); - SPARK_Sockets.Close_Socket (C); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + WolfSSL.Free (Context => Ctx); Set (Exit_Status_Failure); return; end if; -- Attach wolfSSL to the socket. - Result := WolfSSL.Attach (Ssl => Ssl, - Socket => SPARK_Sockets.To_C (C.Socket)); + Result := WolfSSL.Attach + (Ssl => Ssl, + Socket => SPARK_Sockets.To_C (if DTLS then L.Socket else C.Socket)); if Result /= Success then Put_Line ("ERROR: Failed to set the file descriptor."); WolfSSL.Free (Ssl); SPARK_Sockets.Close_Socket (L); - SPARK_Sockets.Close_Socket (C); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + WolfSSL.Free (Context => Ctx); Set (Exit_Status_Failure); return; end if; - -- Establish TLS connection. + -- Establish (D)TLS connection. Result := WolfSSL.Accept_Connection (Ssl); if Result /= Success then Put_Line ("Accept error."); WolfSSL.Free (Ssl); SPARK_Sockets.Close_Socket (L); - SPARK_Sockets.Close_Socket (C); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + WolfSSL.Free (Context => Ctx); Set (Exit_Status_Failure); return; @@ -268,11 +318,15 @@ package body Tls_Server with SPARK_Mode is Put_Line ("Client connected successfully."); Input := WolfSSL.Read (Ssl); - if not Input.Success then + if not Input.Success then Put_Line ("Read error."); WolfSSL.Free (Ssl); SPARK_Sockets.Close_Socket (L); - SPARK_Sockets.Close_Socket (C); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + WolfSSL.Free (Context => Ctx); Set (Exit_Status_Failure); return; @@ -306,15 +360,24 @@ package body Tls_Server with SPARK_Mode is end if; for I in 1 .. 3 loop + Result := WolfSSL.Shutdown (Ssl); - exit when Result = Success; + + exit when DTLS or Result = Success; delay 0.001; -- Delay is expressed in seconds. + end loop; - if Result /= Success then + if not DTLS and then Result /= Success then Put_Line ("ERROR: Failed to shutdown WolfSSL context."); end if; + WolfSSL.Free (Ssl); - SPARK_Sockets.Close_Socket (C); + + if DTLS then + Shall_Continue := False; + else + SPARK_Sockets.Close_Socket (C); + end if; Put_Line ("Shutdown complete."); end loop; diff --git a/wrapper/Ada/user_settings.h b/wrapper/Ada/user_settings.h index 3c444df5f0..b6559a8c94 100644 --- a/wrapper/Ada/user_settings.h +++ b/wrapper/Ada/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,13 +78,9 @@ extern "C" { #define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE /* DTLS */ -#if 0 - #define WOLFSSL_DTLS - #define WOLFSSL_MULTICAST - - /* DTLS v1.3 is not yet included with enable-all */ - //#define WOLFSSL_DTLS13 -#endif +#define WOLFSSL_DTLS +// #define WOLFSSL_MULTICAST +#define WOLFSSL_DTLS13 /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */ //#define WOLFSSL_ALLOW_SSLV3 diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb index f1eac8f8ae..068466ae3f 100644 --- a/wrapper/Ada/wolfssl.adb +++ b/wrapper/Ada/wolfssl.adb @@ -19,7 +19,12 @@ -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- +pragma Warnings (Off, "* is an internal GNAT unit"); +with GNAT.Sockets.Thin_Common; +pragma Warnings (On, "* is an internal GNAT unit"); +with Interfaces.C.Extensions; with Interfaces.C.Strings; +with System; package body WolfSSL is @@ -97,6 +102,46 @@ package body WolfSSL is return WolfTLSv1_3_Client_Method; end TLSv1_3_Client_Method; + function WolfDTLSv1_2_Server_Method return Method_Type with + Convention => C, + External_Name => "wolfDTLSv1_2_server_method", + Import => True; + + function DTLSv1_2_Server_Method return Method_Type is + begin + return WolfDTLSv1_2_Server_Method; + end DTLSv1_2_Server_Method; + + function WolfDTLSv1_2_Client_Method return Method_Type with + Convention => C, + External_Name => "wolfDTLSv1_2_client_method", + Import => True; + + function DTLSv1_2_Client_Method return Method_Type is + begin + return WolfDTLSv1_2_Client_Method; + end DTLSv1_2_Client_Method; + + function WolfDTLSv1_3_Server_Method return Method_Type with + Convention => C, + External_Name => "wolfDTLSv1_3_server_method", + Import => True; + + function DTLSv1_3_Server_Method return Method_Type is + begin + return WolfDTLSv1_3_Server_Method; + end DTLSv1_3_Server_Method; + + function WolfDTLSv1_3_Client_Method return Method_Type with + Convention => C, + External_Name => "wolfDTLSv1_3_client_method", + Import => True; + + function DTLSv1_3_Client_Method return Method_Type is + begin + return WolfDTLSv1_3_Client_Method; + end DTLSv1_3_Client_Method; + function WolfSSL_CTX_new (Method : Method_Type) return Context_Type with Convention => C, External_Name => "wolfSSL_CTX_new", Import => True; @@ -487,6 +532,41 @@ package body WolfSSL is return Subprogram_Result (Result); end Use_Private_Key_Buffer; + function WolfSSL_DTLS_Set_Peer + (ssl : WolfSSL_Type; + peer : GNAT.Sockets.Thin_Common.Sockaddr_Access; + peerSz : Interfaces.C.unsigned) + return int with + Convention => C, + External_Name => "wolfSSL_dtls_set_peer", + Import => True; + + function DTLS_Set_Peer + (Ssl : WolfSSL_Type; + Address : GNAT.Sockets.Sock_Addr_Type) + return Subprogram_Result is + + Sin : aliased GNAT.Sockets.Thin_Common.Sockaddr; + Length : Interfaces.C.int; + + begin + + GNAT.Sockets.Thin_Common.Set_Address + (Sin => Sin'Unchecked_Access, + Address => Address, + Length => Length); + + pragma Assert (Length >= 0); + + return + Subprogram_Result + (WolfSSL_DTLS_Set_Peer + (ssl => Ssl, + peer => Sin'Unchecked_Access, + peerSz => Interfaces.C.unsigned (Length))); + + end DTLS_Set_Peer; + function WolfSSL_Set_Fd (Ssl : WolfSSL_Type; Fd : int) return int with Convention => C, External_Name => "wolfSSL_set_fd", diff --git a/wrapper/Ada/wolfssl.ads b/wrapper/Ada/wolfssl.ads index a3f536e5d4..3615446308 100644 --- a/wrapper/Ada/wolfssl.ads +++ b/wrapper/Ada/wolfssl.ads @@ -19,6 +19,7 @@ -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- +with GNAT.Sockets; with Interfaces.C; -- This package is annotated "with SPARK_Mode" that SPARK can verify @@ -70,6 +71,22 @@ package WolfSSL with SPARK_Mode is -- This function is used to indicate that the application is a client -- and will only support the TLS 1.3 protocol. + function DTLSv1_2_Server_Method return Method_Type; + -- This function is used to indicate that the application is a server + -- and will only support the DTLS 1.2 protocol. + + function DTLSv1_2_Client_Method return Method_Type; + -- This function is used to indicate that the application is a client + -- and will only support the DTLS 1.2 protocol. + + function DTLSv1_3_Server_Method return Method_Type; + -- This function is used to indicate that the application is a server + -- and will only support the DTLS 1.3 protocol. + + function DTLSv1_3_Client_Method return Method_Type; + -- This function is used to indicate that the application is a client + -- and will only support the DTLS 1.3 protocol. + procedure Create_Context (Method : Method_Type; Context : out Context_Type); -- This function creates a new SSL context, taking a desired SSL/TLS @@ -270,6 +287,14 @@ package WolfSSL with SPARK_Mode is -- Format specifies the format type of the buffer; ASN1 or PEM. -- Please see the examples for proper usage. + function DTLS_Set_Peer + (Ssl : WolfSSL_Type; + Address : GNAT.Sockets.Sock_Addr_Type) + return Subprogram_Result with + Pre => Is_Valid (Ssl); + -- This function wraps the corresponding WolfSSL C function to allow + -- clients to use Ada socket types when implementing a DTLS client. + function Attach (Ssl : WolfSSL_Type; Socket : Integer) return Subprogram_Result with diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index faba0da7f0..4a2c1455ec 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -20,15 +20,17 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you to build the wrapper library and examples. It includes the wolfSSL Visual Studio project directly. -## Linux (using Mono) +## Linux (Ubuntu) using mono Prerequisites for linux: ``` -apt install mono-tools-devel +apt-get update +apt-get upgrade +apt-get install mono-complete ``` -Build wolfSSL and install: +### Build wolfSSL and install ``` ./autogen.sh @@ -38,24 +40,52 @@ make check sudo make install ``` -Build and run the wrapper: +### Build and run the wrapper + +From the wolfssl root directory: ``` cd wrapper/CSharp +``` + +Compile server: -csc wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ - wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +``` +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ +wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe +``` -Run the example: +Compile client: ``` -cp wolfSSL-TLS-Server.exe ../../certs -cd ../../certs +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ +wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe +``` + +### Run the example + +In one terminal instance run the server: + +``` +mono server.exe +``` -mono wolfSSL-TLS-Server.exe +And in another terminal instance run the client: -Calling ctx Init from wolfSSL -Finished init of ctx .... now load in cert and key -Ciphers : TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD -Started TCP and waiting for a connection +``` +mono client.exe +``` + +### Enabling SNI + +To enable SNI, just pass the `-S` argument with the specified hostname to the client: + +``` +mono client.exe -S hostname +``` + +And run the server with the `-S` flag: + +``` +mono server.exe -S ``` diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs index 6aa9aa542b..f21932c222 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs @@ -1,6 +1,6 @@ /* wolfSSL-DTLS-PSK-Server.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,9 +78,14 @@ public static void Main(string[] args) IntPtr ssl; /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); @@ -106,6 +111,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs index fcbfe69229..fe9c392ae5 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs @@ -1,6 +1,6 @@ /* wolfSSL-DTLS-Server.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,9 +58,14 @@ public static void Main(string[] args) IntPtr ssl; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath(@"server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -87,6 +92,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs index ac91a97954..4490371fc3 100644 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs @@ -1,6 +1,6 @@ /* wolfSSL-Example-IOCallbacks.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -214,12 +214,17 @@ static void Main(string[] args) IntPtr ssl; Socket fd; - wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); wolfssl.CallbackVerify_delegate verify_cb = new wolfssl.CallbackVerify_delegate(my_verify_cb); /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -242,6 +247,12 @@ static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index a12c5f599c..9e9dbe46ed 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -1,6 +1,6 @@ /* wolfSSL-TLS-Client.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - using System; using System.Runtime.InteropServices; using System.Text; @@ -60,15 +59,39 @@ private static int myVerify(int preverify, IntPtr x509_ctx) return preverify; } + /// + /// Checks if the SNI option was enabled via command line. + /// Must be enabled with ./configure --enable-sni when configuring + /// wolfSSL. + /// Parameters passed via command line + /// + private static int haveSNI(string[] args) + { + for (int i = 0; i < args.Length; i++) { + if (args[i] == "-S") { + Console.WriteLine("SNI IS ON"); + return i+1; + } + } + Console.WriteLine("SNI IS OFF"); + return -1; + } + public static void Main(string[] args) { IntPtr ctx; IntPtr ssl; Socket tcp; + IntPtr sniHostName; /* These paths should be changed for use */ - string caCert = @"ca-cert.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string caCert = wolfssl.setPath("ca-cert.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (caCert == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported."); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -78,7 +101,6 @@ public static void Main(string[] args) wolfssl.Init(); - Console.WriteLine("Calling ctx Init from wolfSSL"); ctx = wolfssl.CTX_new(wolfssl.usev23_client()); if (ctx == IntPtr.Zero) @@ -96,11 +118,34 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } if (wolfssl.CTX_load_verify_locations(ctx, caCert, null) != wolfssl.SUCCESS) { Console.WriteLine("Error loading CA cert"); + wolfssl.CTX_free(ctx); + return; + } + + int sniArg = haveSNI(args); + if (sniArg >= 0) + { + string sniHostNameString = args[sniArg].Trim(); + sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); + + ushort size = (ushort)sniHostNameString.Length; + + if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS) + { + Console.WriteLine("UseSNI failed"); + wolfssl.CTX_free(ctx); + return; + } } StringBuilder ciphers = new StringBuilder(new String(' ', 4096)); diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs index cdc3ef7ca9..a6525112fb 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs @@ -1,6 +1,6 @@ /* wolfSSL-TLS-PSK-Client.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,7 +82,11 @@ public static void Main(string[] args) wolfssl.psk_client_delegate psk_cb = new wolfssl.psk_client_delegate(my_psk_client_cb); - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + if (dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# client psk wrapper"); @@ -157,6 +161,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM); if (wolfssl.connect(ssl) != wolfssl.SUCCESS) diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs index a46dbd5949..650d848115 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs @@ -1,6 +1,6 @@ /* wolfSSL-TLS-PSK-Server.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -80,9 +80,14 @@ public static void Main(string[] args) wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -105,6 +110,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 12217dc071..ff184b1e9a 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -1,6 +1,6 @@ /* wolfSSL-TLS-Server.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,9 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - - using System; using System.Runtime.InteropServices; using System.Text; @@ -50,17 +47,55 @@ private static void clean(IntPtr ssl, IntPtr ctx) wolfssl.Cleanup(); } + /// + /// Checks if the SNI option was enabled via command line. + /// Must be enabled with ./configure --enable-sni when configuring + /// wolfSSL. + /// Parameters passed via command line + /// + private static bool haveSNI(string[] args) + { + bool sniON = false; + for (int i = 0; i < args.Length; i++) { + if (args[i] == "-S") { + sniON = true; + break; + } + } + Console.WriteLine("SNI IS: " + sniON); + return sniON; + } + + /// + /// Example of a SNI function call back + /// + /// pointer to ssl structure + /// alert code + /// context arg, can be set with the function wolfssl.CTX_set_servername_arg + /// + public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) { + /* Trivial callback just for testing */ + Console.WriteLine("my sni server callback"); + + return 0; + } public static void Main(string[] args) { IntPtr ctx; IntPtr ssl; Socket fd; + IntPtr arg_sni; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported."); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -70,7 +105,6 @@ public static void Main(string[] args) wolfssl.Init(); - Console.WriteLine("Calling ctx Init from wolfSSL"); ctx = wolfssl.CTX_new(wolfssl.usev23_server()); if (ctx == IntPtr.Zero) @@ -87,6 +121,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); @@ -101,7 +141,6 @@ public static void Main(string[] args) return; } - StringBuilder ciphers = new StringBuilder(new String(' ', 4096)); wolfssl.get_ciphers(ciphers, 4096); Console.WriteLine("Ciphers : " + ciphers.ToString()); @@ -116,6 +155,7 @@ public static void Main(string[] args) Console.WriteLine("Started TCP and waiting for a connection"); fd = tcp.AcceptSocket(); + ssl = wolfssl.new_ssl(ctx); if (ssl == IntPtr.Zero) { @@ -124,6 +164,23 @@ public static void Main(string[] args) return; } + if (haveSNI(args)) + { + // Allocating memory and setting SNI arg + int test_value = 32; + arg_sni = Marshal.AllocHGlobal(sizeof(int)); + Marshal.WriteInt32(arg_sni, test_value); + if (wolfssl.CTX_set_servername_arg(ctx, arg_sni) == wolfssl.FAILURE) { + Console.WriteLine("wolfssl.CTX_set_servername_arg failed"); + wolfssl.CTX_free(ctx); + return; + } + + // Setting SNI delegate + wolfssl.sni_delegate sni_cb = new wolfssl.sni_delegate(my_sni_server_cb); + wolfssl.CTX_set_servername_callback(ctx, sni_cb); + } + Console.WriteLine("Connection made wolfSSL_accept "); if (wolfssl.set_fd(ssl, fd) != wolfssl.SUCCESS) { @@ -134,7 +191,14 @@ public static void Main(string[] args) return; } - wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM); + if (wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) + { + Console.WriteLine("Error in setting dh2048Pem"); + Console.WriteLine(wolfssl.get_error(ssl)); + tcp.Stop(); + clean(ssl, ctx); + return; + } if (wolfssl.accept(ssl) != wolfssl.SUCCESS) { @@ -145,6 +209,16 @@ public static void Main(string[] args) return; } + /* get and print sni used by the client */ + if (haveSNI(args)) { + IntPtr data = IntPtr.Zero; + + ushort size = wolfssl.SNI_GetRequest(ssl, 0, ref data); + string dataStr = Marshal.PtrToStringAnsi(data); + Console.WriteLine("(SNI_GetRequest) Size of SNI used by client: " + size); + Console.WriteLine("(SNI_GetRequest) SNI used by client: " + dataStr); + } + /* print out results of TLS/SSL accept */ Console.WriteLine("SSL version is " + wolfssl.get_version(ssl)); Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl)); @@ -159,6 +233,45 @@ public static void Main(string[] args) } Console.WriteLine(buff); + /* get and print sni from a sample buffer, can be used by using the raw client hello */ + if (haveSNI(args)) { + IntPtr result = Marshal.AllocHGlobal(32); + IntPtr inOutSz = Marshal.AllocHGlobal(sizeof(int)); + Marshal.WriteInt32(inOutSz, 32); + byte []buffer = { /* from TextMate website client hello example */ + 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, + 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, + 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, + 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff, + 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08, + 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12, + 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04, + 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d, + 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35, + 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16, + 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b, + 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b, + 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69, + 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72, + 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, + 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00, + 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 + }; + + int ret = wolfssl.SNI_GetFromBuffer(buffer, 1024, 0, result, inOutSz); + + if (ret != wolfssl.SUCCESS) { + Console.WriteLine("Error on reading SNI from buffer, ret value = " + ret); + tcp.Stop(); + clean(ssl, ctx); + return; + } + + string resultStr = Marshal.PtrToStringAnsi(result); + Console.WriteLine("(SNI_GetFromBuffer) SNI used by client: " + resultStr); + + } + if (wolfssl.write(ssl, reply, reply.Length) != reply.Length) { Console.WriteLine("Error in write"); @@ -170,6 +283,7 @@ public static void Main(string[] args) wolfssl.shutdown(ssl); fd.Close(); tcp.Stop(); + clean(ssl, ctx); } } diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs index e83784e1f7..a7c3d88ee0 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs @@ -1,6 +1,6 @@ /* wolfSSL-TLS-ServerThreaded.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -116,9 +116,14 @@ public static void Main(string[] args) IntPtr ctx; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } /* example of function used for setting logging */ wolfssl.SetLogging(standard_log); @@ -140,6 +145,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index c59c3e00b5..91d52d01d2 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -1,6 +1,6 @@ /* wolfSSL.cs * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,6 +59,8 @@ private class ctx_handle private GCHandle rec_cb; private GCHandle snd_cb; private GCHandle psk_cb; + private GCHandle sni_cb; + private GCHandle sni_arg; private GCHandle vrf_cb; private IntPtr ctx; @@ -89,6 +91,22 @@ public GCHandle get_psk() return this.psk_cb; } + public void set_sni(GCHandle input) { + this.sni_cb = input; + } + + public GCHandle get_sni(GCHandle input) { + return this.sni_cb; + } + + public void set_arg(GCHandle input) { + this.sni_arg= input; + } + + public GCHandle get_arg(GCHandle input) { + return this.sni_arg; + } + public void set_vrf(GCHandle input) { if (!Object.Equals(this.vrf_cb, default(GCHandle))) @@ -129,6 +147,10 @@ public void free() { this.psk_cb.Free(); } + if (!Object.Equals(this.sni_cb, default(GCHandle))) + { + this.sni_cb.Free(); + } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); @@ -144,6 +166,7 @@ private class ssl_handle { private GCHandle fd_pin; private GCHandle psk_cb; + private GCHandle sni_cb; private GCHandle vrf_cb; private IntPtr ssl; @@ -198,6 +221,10 @@ public void free() { this.psk_cb.Free(); } + if (!Object.Equals(this.sni_cb, default(GCHandle))) + { + this.sni_cb.Free(); + } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); @@ -290,6 +317,23 @@ public void free() [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_use_psk_identity_hint(IntPtr ctx, StringBuilder identity); + /******************************** + * SNI + */ + [UnmanagedFunctionPointer(CallingConvention.Cdecl)] + public delegate int sni_delegate(IntPtr ssl, IntPtr ret, IntPtr exArg); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static ushort wolfSSL_SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_SNI_GetFromBuffer(byte[] clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz); /******************************** * SSL Structure @@ -417,6 +461,7 @@ public void free() public static readonly int SUCCESS = 1; public static readonly int FAILURE = 0; + public static readonly int WOLFSSL_SNI_HOST_NAME = 0; private static IntPtr unwrap_ctx(IntPtr ctx) @@ -444,6 +489,26 @@ private static IntPtr unwrap_ssl(IntPtr ssl) } } + /// + /// Utility function used to access the certificates + /// based on the platform. + /// return the platform specific path to the certificate + /// + public static string setPath(string file) { + if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + { + Console.WriteLine("Linux - " + file); + return @"../../certs/" + file; + } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + Console.WriteLine("Windows - " + file); + return @"../../../../certs/" + file; + } else + { + return ""; + } + } + /// /// Call back to allow receiving TLS information @@ -1084,6 +1149,83 @@ public static void CTX_free(IntPtr ctx) } } + public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + handles.set_sni(GCHandle.Alloc(sni_cb)); + + wolfSSL_CTX_set_servername_callback(handles.get_ctx(), sni_cb); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl servername callback error: " + e.ToString()); + } + } + + public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + handles.set_arg(GCHandle.Alloc(arg)); + + return wolfSSL_CTX_set_servername_arg(handles.get_ctx(), arg); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl arg servername callback error: " + e.ToString()); + return FAILURE; + } + } + + public static int CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + return wolfSSL_CTX_UseSNI(handles.get_ctx(), type, data, size); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl ctx use sni error: " + e.ToString()); + return FAILURE; + } + } + + public static int UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ssl); + ssl_handle handles = (ssl_handle)gch.Target; + + return wolfSSL_UseSNI(handles.get_ssl(), type, data, size); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl use sni error: " + e.ToString()); + return FAILURE; + } + } + + public static ushort SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ssl); + ssl_handle handles = (ssl_handle)gch.Target; + + return wolfSSL_SNI_GetRequest(handles.get_ssl(), type, ref data); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl sni get request error: " + e.ToString()); + return ushort.MaxValue; + } + } + + public static int SNI_GetFromBuffer(byte []clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) + { + try { + return wolfSSL_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz); + } catch(Exception e) { + log(ERROR_LOG, "wolfssl sni get from buffer error: " + e.ToString()); + return FAILURE; + } + } /// /// Set identity hint to use diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt index 0b26805576..905f6cf113 100644 --- a/zephyr/CMakeLists.txt +++ b/zephyr/CMakeLists.txt @@ -22,6 +22,7 @@ if(CONFIG_WOLFSSL) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/crl.c) + zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls13.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/internal.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/keys.c) @@ -116,6 +117,8 @@ if(CONFIG_WOLFSSL) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c) + zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c) + zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c) @@ -165,6 +168,7 @@ if(CONFIG_WOLFSSL) target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS) if(CONFIG_WOLFSSL_DEBUG) target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL) + zephyr_library_compile_options(-g3 -O0) endif() else() assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.") diff --git a/zephyr/Kconfig b/zephyr/Kconfig index 5c6fa73ef1..1bf1f25bd9 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -70,6 +70,29 @@ config WOLFCRYPT_FIPS Enables FIPS support in wolfCrypt. Requires the wolfSSL FIPS ready download that includes fips.c/fips_test.c. +config WOLFSSL_DTLS + bool "wolfSSL DTLS support" + help + Enable DTLS support + +config WOLFSSL_ALPN + bool "wolfSSL ALPN support" + help + Enable ALPN support + +config WOLFSSL_PSK + bool "wolfSSL PSK support" + help + Enable PSK support + +config WOLFSSL_MAX_FRAGMENT_LEN + int + default 3 + range 1 6 + help + Sets the maximum fragment length wolfSSL will use, values 1-6 correspond to enum values + WOLFSSL_MFL_* in ssl.h + config WOLFCRYPT_ARMASM bool "wolfCrypt ARM Assembly support" depends on WOLFSSL_BUILTIN diff --git a/zephyr/Kconfig.tls-generic b/zephyr/Kconfig.tls-generic index 9ffcf90e84..bc46a8fd47 100644 --- a/zephyr/Kconfig.tls-generic +++ b/zephyr/Kconfig.tls-generic @@ -264,9 +264,4 @@ config WOLFSSL_HAVE_ASM of asymmetric cryptography, however this might have an impact on the code size. -config WOLFSSL_USER_SETTTINGS - string "User settings file for wolfSSL" - help - User settings file that contains wolfSSL defines. - endmenu diff --git a/zephyr/README.md b/zephyr/README.md index 098d51c96c..ef0334d117 100644 --- a/zephyr/README.md +++ b/zephyr/README.md @@ -102,3 +102,12 @@ west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_tls west build -t run ``` +## How to setup wolfSSL support for Zephyr TLS Sockets and RNG + +wolfSSL can also be used as the underlying implementation for the default Zephyr TLS socket interface. +With this enabled, all existing applications using the Zephyr TLS sockets will now use wolfSSL inside +for all TLS operations. This will also enable wolfSSL as the default RNG implementation. To enable this +feature, use the patch file and instructions found here: + +https://github.com/wolfSSL/osp/tree/master/zephyr + diff --git a/zephyr/samples/wolfssl_benchmark/prj.conf b/zephyr/samples/wolfssl_benchmark/prj.conf index 41ccf7f948..0179880249 100644 --- a/zephyr/samples/wolfssl_benchmark/prj.conf +++ b/zephyr/samples/wolfssl_benchmark/prj.conf @@ -23,6 +23,7 @@ CONFIG_CONSOLE=y CONFIG_LOG=y CONFIG_LOG_BACKEND_UART=y CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y #CONFIG_WOLFSSL_DEBUG=y # Entropy diff --git a/zephyr/samples/wolfssl_test/prj-no-malloc.conf b/zephyr/samples/wolfssl_test/prj-no-malloc.conf new file mode 100644 index 0000000000..42f98d431d --- /dev/null +++ b/zephyr/samples/wolfssl_test/prj-no-malloc.conf @@ -0,0 +1,30 @@ +# Configure stack and heap sizes +CONFIG_MAIN_STACK_SIZE=655360 +#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536 + +# Pthreads +CONFIG_PTHREAD_IPC=y + +# Clock for time() +CONFIG_POSIX_CLOCK=y + +# TLS configuration +CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h" +CONFIG_WOLFSSL=y +CONFIG_WOLFSSL_BUILTIN=y + +# Logging +CONFIG_PRINTK=y +CONFIG_CBPRINTF_LIBC_SUBSTS=y +CONFIG_CBPRINTF_FP_SUPPORT=y +CONFIG_CONSOLE=y +CONFIG_LOG=y +CONFIG_LOG_BACKEND_UART=y +CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y +#CONFIG_WOLFSSL_DEBUG=y + +# Entropy +CONFIG_TEST_RANDOM_GENERATOR=y +CONFIG_ENTROPY_GENERATOR=y +CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf index 6c8a5ca437..38b1ce49b4 100644 --- a/zephyr/samples/wolfssl_test/prj.conf +++ b/zephyr/samples/wolfssl_test/prj.conf @@ -1,4 +1,3 @@ - # Configure stack and heap sizes CONFIG_MAIN_STACK_SIZE=32768 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384 @@ -21,6 +20,7 @@ CONFIG_CONSOLE=y CONFIG_LOG=y CONFIG_LOG_BACKEND_UART=y CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y #CONFIG_WOLFSSL_DEBUG=y # Entropy diff --git a/zephyr/samples/wolfssl_test/sample.yaml b/zephyr/samples/wolfssl_test/sample.yaml index a1c4f81921..50010f76ae 100644 --- a/zephyr/samples/wolfssl_test/sample.yaml +++ b/zephyr/samples/wolfssl_test/sample.yaml @@ -13,3 +13,9 @@ tests: platform_allow: qemu_x86 integration_platforms: - qemu_x86 + sample.crypto.wolfssl_test_no_malloc: + timeout: 120 + platform_allow: qemu_x86 + extra_args: CONF_FILE="prj-no-malloc.conf" + integration_platforms: + - qemu_x86 diff --git a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf new file mode 100644 index 0000000000..830b1944db --- /dev/null +++ b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf @@ -0,0 +1,57 @@ +# Kernel options +CONFIG_MAIN_STACK_SIZE=655360 +CONFIG_ENTROPY_GENERATOR=y +CONFIG_INIT_STACKS=y + +# General config +CONFIG_NEWLIB_LIBC=y + +# Pthreads +CONFIG_PTHREAD_IPC=y + +# Clock for time() +CONFIG_POSIX_CLOCK=y + +# Networking config +CONFIG_NETWORKING=y +CONFIG_NET_IPV4=y +CONFIG_NET_IPV6=n +CONFIG_NET_TCP=y +CONFIG_NET_SOCKETS=y +CONFIG_NET_SOCKETS_POSIX_NAMES=y + +CONFIG_NET_TEST=y +CONFIG_NET_LOOPBACK=y + +# Network driver config +CONFIG_TEST_RANDOM_GENERATOR=y + +# Network address config +CONFIG_NET_CONFIG_SETTINGS=y +CONFIG_NET_CONFIG_NEED_IPV4=y +CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1" +CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2" +CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2" + +CONFIG_NET_PKT_TX_COUNT=10 + +# Network debug config +#CONFIG_NET_LOG=y +#CONFIG_NET_PKT_LOG_LEVEL_DBG=y + +# Logging +CONFIG_PRINTK=y +#CONFIG_WOLFSSL_DEBUG=y +CONFIG_LOG=y +CONFIG_LOG_MODE_IMMEDIATE=y + +# TLS configuration +CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h" +CONFIG_WOLFSSL=y +CONFIG_WOLFSSL_BUILTIN=y + +CONFIG_WOLFSSL_TLS_VERSION_1_2=y +CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y +CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y +CONFIG_WOLFSSL_MAC_ALL_ENABLED=y +CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf index f8b0f292ee..549bc07ab0 100644 --- a/zephyr/samples/wolfssl_tls_sock/prj.conf +++ b/zephyr/samples/wolfssl_tls_sock/prj.conf @@ -43,14 +43,14 @@ CONFIG_NET_PKT_TX_COUNT=10 # Logging CONFIG_PRINTK=y #CONFIG_WOLFSSL_DEBUG=y -#CONFIG_LOG=y -#CONFIG_LOG_MODE_IMMEDIATE=y +CONFIG_LOG=y +CONFIG_LOG_MODE_IMMEDIATE=y # TLS configuration CONFIG_WOLFSSL=y CONFIG_WOLFSSL_BUILTIN=y -CONFIG_WOLFSSL_TLS_VERSION_1_2=y +CONFIG_WOLFSSL_TLS_VERSION_1_3=y CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y CONFIG_WOLFSSL_MAC_ALL_ENABLED=y diff --git a/zephyr/samples/wolfssl_tls_sock/sample.yaml b/zephyr/samples/wolfssl_tls_sock/sample.yaml index ea002827e6..a1b26e8794 100644 --- a/zephyr/samples/wolfssl_tls_sock/sample.yaml +++ b/zephyr/samples/wolfssl_tls_sock/sample.yaml @@ -8,9 +8,16 @@ common: regex: - "Server Return: 0" - "Client Return: 0" + - "Done" tests: sample.crypto.wolfssl_tls_sock: timeout: 60 platform_allow: qemu_x86 integration_platforms: - qemu_x86 + sample.crypto.wolfssl_tls_sock_no_malloc: + timeout: 60 + platform_allow: qemu_x86 + extra_args: CONF_FILE="prj-no-malloc.conf" + integration_platforms: + - qemu_x86 diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c index b930554435..90347ceb3d 100644 --- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c +++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c @@ -1,6 +1,6 @@ /* tls_sock.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,7 +32,7 @@ #endif #define BUFFER_SIZE 2048 -#define STATIC_MEM_SIZE (192*1024) +#define STATIC_MEM_SIZE (256*1024) #define MAX_SEND_SIZE 256 #ifdef WOLFSSL_STATIC_MEMORY @@ -94,7 +94,7 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) WOLFSSL* client_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ - if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(), + if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_client_method_ex(HEAP_HINT_CLIENT), HEAP_HINT_CLIENT)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; @@ -165,7 +165,7 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) WOLFSSL* server_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ - if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(), + if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_server_method_ex(HEAP_HINT_SERVER), HEAP_HINT_SERVER)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; @@ -445,20 +445,8 @@ void client_thread() WOLFSSL* client_ssl = NULL; SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; -#ifdef WOLFSSL_STATIC_MEMORY - if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient, - sizeof(gMemoryClient), - WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) { - printf("unable to load static memory"); - ret = -1; - } - - if (ret == 0) -#endif - { - /* Client connection */ - ret = wolfssl_client_new(&client_ctx, &client_ssl); - } + /* Client connection */ + ret = wolfssl_client_new(&client_ctx, &client_ssl); if (ret == 0) ret = wolfssl_client_connect_tcp(client_ssl, &sockfd); @@ -507,6 +495,17 @@ int main() wolfSSL_Debugging_ON(); #endif +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient, + sizeof(gMemoryClient), + WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) { + printf("unable to load static memory"); + return -1; + } + + wolfsslThreadHeapHint = HEAP_HINT_CLIENT; +#endif + /* Start server */ if (wolfSSL_NewThread(&serverThread, server_thread, NULL) != 0) { printf("Failed to start server thread\n"); @@ -515,6 +514,9 @@ int main() k_sleep(Z_TIMEOUT_TICKS(100)); client_thread(); + /* Join is not working in qemu when the thread is still active. Wait for it + * to shut down to join it. */ + k_sleep(Z_TIMEOUT_TICKS(100)); if (wolfSSL_JoinThread(serverThread) != 0) { printf("Failed to join server thread\n"); diff --git a/zephyr/samples/wolfssl_tls_thread/prj.conf b/zephyr/samples/wolfssl_tls_thread/prj.conf index 95ebedcbb6..185a7b24c0 100644 --- a/zephyr/samples/wolfssl_tls_thread/prj.conf +++ b/zephyr/samples/wolfssl_tls_thread/prj.conf @@ -3,7 +3,7 @@ CONFIG_MAIN_STACK_SIZE=16384 CONFIG_ENTROPY_GENERATOR=y CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_INIT_STACKS=y -CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536 +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 # Pthreads CONFIG_PTHREAD_IPC=y @@ -23,7 +23,7 @@ CONFIG_DNS_RESOLVER=y CONFIG_PRINTK=y CONFIG_LOG=y CONFIG_LOG_MODE_IMMEDIATE=y -#CONFIG_WOLFSSL_DEBUG=y +CONFIG_WOLFSSL_DEBUG=y # Enable logging using RTT and UART #CONFIG_CBPRINTF_LIBC_SUBSTS=y diff --git a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c index cd7aad9016..99036f2d19 100644 --- a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c +++ b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c @@ -1,6 +1,6 @@ /* tls_threaded.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/zephyr/user_settings-no-malloc.h b/zephyr/user_settings-no-malloc.h new file mode 100644 index 0000000000..cd7e2fad18 --- /dev/null +++ b/zephyr/user_settings-no-malloc.h @@ -0,0 +1,170 @@ +/* user_settings-tls-generic.h + * generated from configure options + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_OPTIONS_H +#define WOLFSSL_OPTIONS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +#if 0 +#undef SINGLE_THREADED +#define SINGLE_THREADED +#endif + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + +#undef HAVE_AESGCM +#define HAVE_AESGCM + +#undef WOLFSSL_SHA512 +#define WOLFSSL_SHA512 + +#undef WOLFSSL_SHA384 +#define WOLFSSL_SHA384 + +#undef NO_DSA +#define NO_DSA + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_ECC256 +#define TFM_ECC256 + +#undef WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE64_ENCODE + +#undef NO_RC4 +#define NO_RC4 + +#undef WOLFSSL_SHA224 +#define WOLFSSL_SHA224 + +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef HAVE_POLY1305 +#define HAVE_POLY1305 + +#undef HAVE_ONE_TIME_AUTH +#define HAVE_ONE_TIME_AUTH + +#undef HAVE_CHACHA +#define HAVE_CHACHA + +#undef HAVE_HASHDRBG +#define HAVE_HASHDRBG + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SUPPORTED_CURVES +#define HAVE_SUPPORTED_CURVES + +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef USE_FAST_MATH +#define USE_FAST_MATH + +#undef WOLFSSL_NO_ASM +#define WOLFSSL_NO_ASM + +#undef WOLFSSL_X86_BUILD +#define WOLFSSL_X86_BUILD + +#undef WC_NO_ASYNC_THREADING +#define WC_NO_ASYNC_THREADING + +#undef WOLFSSL_STATIC_MEMORY +#define WOLFSSL_STATIC_MEMORY + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#undef HAVE_HKDF +#define HAVE_HKDF + +#undef WC_RSA_PSS +#define WC_RSA_PSS + +#undef HAVE_FFDHE_2048 +#define HAVE_FFDHE_2048 + +#undef WOLFSSL_NO_MALLOC +#define WOLFSSL_NO_MALLOC +//#define WOLFSSL_DEBUG_STATIC_MEMORY +//#define WOLFSSL_DEBUG_MEMORY_PRINT +//#define WOLFSSL_DEBUG_MEMORY +//#define WOLFSSL_TRACK_MEMORY +#define LARGEST_MEM_BUCKET 65536 + +#undef WOLFSSL_DYN_CERT +#define WOLFSSL_DYN_CERT + +#undef WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_GEN + +#undef WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_REQ + +#undef HAVE_PKCS12 +#define HAVE_PKCS12 + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#if 0 +#undef WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_HAVE_SP_RSA +#undef WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_DH +#undef WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_ECC +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_OPTIONS_H */ + diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h index 8c8f2e3032..68266da5f0 100644 --- a/zephyr/user_settings.h +++ b/zephyr/user_settings.h @@ -24,7 +24,10 @@ #ifdef CONFIG_WOLFSSL -/* If a custom user_settings file is provided use it instead */ +/* If a custom user_settings file is provided use it instead. + * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set + * in prj.conf then it is auto-defined to "". This obviously causes issues here. + * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */ #ifdef WOLFSSL_SETTINGS_FILE #include WOLFSSL_SETTINGS_FILE #else @@ -130,9 +133,32 @@ extern "C" { #define NO_SESSION_CACHE /* disable session resumption */ #endif +/* DTLS */ +#if defined(CONFIG_WOLFSSL_DTLS) + #define WOLFSSL_DTLS + #define HAVE_SOCKADDR +#endif + /* PSK */ -#define NO_PSK /* disable pre-shared-key support */ +#if defined(CONFIG_WOLFSSL_PSK) + #undef NO_PSK + #define WOLFSSL_STATIC_PSK +#else + #define NO_PSK /* disable pre-shared-key support */ +#endif + +/* ALPN */ +#if defined(CONFIG_WOLFSSL_ALPN) + #define HAVE_ALPN +#endif +#if defined(CONFIG_WOLFSSL_MAX_FRAGMENT_LEN) + #define HAVE_MAX_FRAGMENT +#endif + +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + #define WOLFSSL_SET_CIPHER_BYTES +#endif /* ------------------------------------------------------------------------- */ /* Algorithms */ @@ -140,6 +166,9 @@ extern "C" { /* RNG */ #ifndef WC_NO_HASHDRBG #define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */ + #ifdef CONFIG_CSPRNG_ENABLED + #define WC_RNG_SEED_CB + #endif #endif /* ECC */ @@ -219,7 +248,7 @@ extern "C" { #undef NO_SHA /* on by default */ //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */ #else - #define NO_SHA + // #define NO_SHA /* Necessary for pkcs12 tests */ #endif /* SHA2-256 */ @@ -297,7 +326,7 @@ extern "C" { #define NO_RC4 #define NO_MD4 #define NO_MD5 -#define NO_DES3 +//#define NO_DES3 /* Necessary for pkcs12 tests */ #define WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE256 diff --git a/zephyr/zephyr_init.c b/zephyr/zephyr_init.c index cd8ae98e6d..927249e528 100644 --- a/zephyr/zephyr_init.c +++ b/zephyr/zephyr_init.c @@ -1,6 +1,6 @@ /* zephyr_init.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. *